feat: Full template cleanup + categories by use case

Cleanup (109):
- Removed DPA duplicates (v1 DE + v1 EN, kept v2 DE)
- Removed cookie_banner duplicate (kept larger with IF-blocks)
- Removed impressum duplicate (kept larger with IF-blocks)
- Removed TOM duplicate (kept newest)
- Removed DSFA v1 (kept v2)
- Kept all 8 VVT templates (1 main + 7 industry templates)
- DB: 98 → 88 templates, 0 duplicates remaining

Categories restructured by use case:
- Website/App: DSI, Impressum, Cookie, Social Media
- Online-Shop: AGB, Widerruf, DSI, Cookie
- SaaS/Cloud: AGB, AVV, SLA, Cloud Agreement
- App/Plattform: Nutzungsbedingungen, Community Guidelines, AUP
- Vertraege (B2B): AVV, NDA, SLA, Cloud
- DSGVO-Pflichten: TOM, VVT, Loeschkonzept, DSFA
- Sicherheitskonzepte + Richtlinien (separate categories)
- HR & Mitarbeiter, Daten-Governance, Vendor, BCM

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

admin-compliance/app/sdk/document-generator/_constants.ts

@@ -6,39 +6,64 @@ import { TemplateContext } from './contextBridge'
 
 export const CATEGORIES: { key: string; label: string; types: string[] | null }[] = [
   { key: 'all', label: 'Alle', types: null },
-  { key: 'privacy_policy', label: 'Datenschutz', types: ['privacy_policy'] },
-  { key: 'terms', label: 'AGB', types: ['terms_of_service', 'agb', 'clause'] },
-  { key: 'impressum', label: 'Impressum', types: ['impressum'] },
-  { key: 'dpa', label: 'AVV/DPA', types: ['dpa'] },
-  { key: 'nda', label: 'NDA', types: ['nda'] },
-  { key: 'sla', label: 'SLA', types: ['sla'] },
-  { key: 'acceptable_use', label: 'AUP', types: ['acceptable_use'] },
-  { key: 'widerruf', label: 'Widerruf', types: ['widerruf'] },
-  { key: 'cookie', label: 'Cookie', types: ['cookie_policy', 'cookie_banner'] },
-  { key: 'cloud', label: 'Cloud', types: ['cloud_service_agreement'] },
-  { key: 'misc', label: 'Weitere', types: ['community_guidelines', 'copyright_policy', 'data_usage_clause'] },
-  { key: 'dsfa', label: 'DSFA', types: ['dsfa'] },
-  { key: 'dsr', label: 'DSR-Prozesse', types: [
+
+  // ── Nach Nutzungskontext sortiert ──────────────────────────────────────
+
+  // Jede Website / App braucht:
+  { key: 'website', label: 'Website / App', types: ['privacy_policy', 'impressum', 'cookie_policy', 'cookie_banner', 'social_media_dsi'] },
+
+  // Online-Shop / E-Commerce:
+  { key: 'shop', label: 'Online-Shop', types: ['agb', 'widerruf', 'privacy_policy', 'impressum', 'cookie_policy', 'cookie_banner'] },
+
+  // SaaS / Cloud-Dienst:
+  { key: 'saas', label: 'SaaS / Cloud', types: ['agb', 'dpa', 'sla', 'cloud_service_agreement', 'privacy_policy', 'terms_of_use'] },
+
+  // App / Plattform mit Nutzern:
+  { key: 'platform', label: 'App / Plattform', types: ['terms_of_use', 'community_guidelines', 'privacy_policy', 'agb', 'acceptable_use', 'media_content_policy', 'copyright_policy'] },
+
+  // Vertraege mit Geschaeftspartnern:
+  { key: 'contracts', label: 'Vertraege (B2B)', types: ['dpa', 'nda', 'sla', 'cloud_service_agreement', 'data_usage_clause'] },
+
+  // Drittlandtransfer:
+  { key: 'third_country', label: 'Drittlandtransfer', types: ['transfer_impact_assessment', 'scc_companion'] },
+
+  // ── Interne Compliance-Dokumente ──────────────────────────────────────
+
+  // DSGVO-Kernpflichten:
+  { key: 'dsgvo_core', label: 'DSGVO-Pflichten', types: ['tom_documentation', 'vvt_register', 'loeschkonzept', 'dsfa', 'pflichtenregister'] },
+
+  // Betroffenenrechte:
+  { key: 'dsr', label: 'Betroffenenrechte', types: [
     'dsr_process_art15', 'dsr_process_art16', 'dsr_process_art17',
     'dsr_process_art18', 'dsr_process_art19', 'dsr_process_art20', 'dsr_process_art21',
   ]},
-  { key: 'terms_of_use', label: 'Nutzungsbedingungen', types: ['terms_of_use'] },
-  { key: 'tom', label: 'TOM', types: ['tom_documentation'] },
-  { key: 'media', label: 'Medien/Content', types: ['media_content_policy'] },
-  { key: 'social_media', label: 'Social Media DSI', types: ['social_media_dsi'] },
-  { key: 'whistleblower', label: 'Whistleblower', types: ['whistleblower_policy'] },
-  { key: 'hr_dsi', label: 'HR-Datenschutz', types: ['applicant_dsi', 'employee_dsi'] },
-  { key: 'isms', label: 'ISMS', types: ['isms_manual'] },
-  { key: 'consent_texts', label: 'Einwilligungen', types: ['consent_texts'] },
-  { key: 'special_dsi', label: 'Spezial-DSI', types: ['video_conference_dsi'] },
-  { key: 'internal_policies', label: 'Interne Richtlinien', types: ['byod_policy', 'ai_usage_policy'] },
-  { key: 'module_docs', label: 'Konzepte', types: ['vvt_register', 'loeschkonzept', 'pflichtenregister', 'it_security_concept', 'data_protection_concept', 'backup_recovery_concept', 'logging_concept', 'incident_response_plan', 'access_control_concept', 'risk_management_concept'] },
-  { key: 'security_policies', label: 'Sicherheitsrichtlinien', types: ['information_security_policy', 'access_control_policy', 'password_policy', 'encryption_policy', 'cybersecurity_policy'] },
-  { key: 'hr_policies', label: 'HR-Richtlinien', types: ['employee_security_policy', 'security_awareness_policy', 'remote_work_policy', 'offboarding_policy'] },
-  { key: 'data_policies', label: 'Datenrichtlinien', types: ['data_protection_policy', 'data_classification_policy', 'data_retention_policy', 'data_transfer_policy', 'privacy_incident_policy'] },
-  { key: 'vendor_policies', label: 'Lieferanten', types: ['vendor_risk_management_policy', 'third_party_security_policy', 'supplier_security_policy'] },
-  { key: 'third_country', label: 'Drittlandtransfer', types: ['transfer_impact_assessment', 'scc_companion'] },
-  { key: 'bcm_policies', label: 'BCM/Notfall', types: ['business_continuity_policy', 'disaster_recovery_policy', 'crisis_management_policy'] },
+
+  // Datenschutz-Informationen (alle DSI-Typen):
+  { key: 'dsi', label: 'Datenschutzinfos', types: ['privacy_policy', 'applicant_dsi', 'employee_dsi', 'social_media_dsi', 'video_conference_dsi', 'informationspflichten'] },
+
+  // Einwilligungen:
+  { key: 'consent', label: 'Einwilligungen', types: ['consent_texts', 'cookie_banner', 'verpflichtungserklaerung'] },
+
+  // ── Sicherheit & IT ───────────────────────────────────────────────────
+
+  { key: 'security_concepts', label: 'Sicherheitskonzepte', types: ['it_security_concept', 'data_protection_concept', 'backup_recovery_concept', 'logging_concept', 'incident_response_plan', 'access_control_concept', 'risk_management_concept', 'isms_manual'] },
+
+  { key: 'security_policies', label: 'Sicherheitsrichtlinien', types: [
+    'information_security_policy', 'access_control_policy', 'password_policy', 'encryption_policy',
+    'cybersecurity_policy', 'incident_response_policy', 'logging_policy', 'patch_management_policy',
+    'vulnerability_management_policy', 'secrets_management_policy', 'devsecops_policy',
+    'cloud_security_policy', 'change_management_policy', 'asset_management_policy', 'backup_policy',
+  ]},
+
+  // ── Organisation & HR ─────────────────────────────────────────────────
+
+  { key: 'hr', label: 'HR & Mitarbeiter', types: ['applicant_dsi', 'employee_dsi', 'employee_security_policy', 'security_awareness_policy', 'remote_work_policy', 'offboarding_policy', 'byod_policy', 'ai_usage_policy', 'whistleblower_policy'] },
+
+  { key: 'data_governance', label: 'Daten-Governance', types: ['data_protection_policy', 'data_classification_policy', 'data_retention_policy', 'data_transfer_policy', 'privacy_incident_policy'] },
+
+  { key: 'vendor', label: 'Lieferanten / Vendor', types: ['vendor_risk_management_policy', 'third_party_security_policy', 'supplier_security_policy', 'dpa'] },
+
+  { key: 'bcm', label: 'BCM / Notfall', types: ['business_continuity_policy', 'disaster_recovery_policy', 'crisis_management_policy', 'incident_response_plan'] },
 ]
 
 // =============================================================================