diff --git a/admin-compliance/lib/sdk/types.ts b/admin-compliance/lib/sdk/types.ts index bfe7df4..7cc1776 100644 --- a/admin-compliance/lib/sdk/types.ts +++ b/admin-compliance/lib/sdk/types.ts @@ -1,2624 +1,8 @@ /** * AI Compliance SDK - TypeScript Interfaces * - * Comprehensive type definitions for the SDK's state management, - * checkpoint system, and all compliance-related data structures. + * Barrel re-export — all domain types live in ./types/*.ts. + * Existing imports of `@/lib/sdk/types` continue to work unchanged. */ -import type { CustomCatalogs, CatalogId, CustomCatalogEntry } from './catalog-manager/types' - -// ============================================================================= -// ENUMS -// ============================================================================= - -export type SubscriptionTier = 'FREE' | 'STARTER' | 'PROFESSIONAL' | 'ENTERPRISE' - -export type SDKPhase = 1 | 2 - -// ============================================================================= -// SDK PACKAGES (NEU) -// ============================================================================= - -export type SDKPackageId = 'vorbereitung' | 'analyse' | 'dokumentation' | 'rechtliche-texte' | 'betrieb' - -export type CustomerType = 'new' | 'existing' - -// ============================================================================= -// PROJECT INFO (Multi-Projekt-Architektur) -// ============================================================================= - -export interface ProjectInfo { - id: string - name: string - description: string - customerType: CustomerType - status: 'active' | 'archived' - projectVersion: number - completionPercentage: number - createdAt: string - updatedAt: string -} - -// ============================================================================= -// COMPANY PROFILE (Business Context - collected before use cases) -// ============================================================================= - -export type BusinessModel = 'B2B' | 'B2C' | 'B2B_B2C' | 'B2B2C' - -export type OfferingType = - | 'app_mobile' // Mobile App - | 'app_web' // Web Application - | 'website' // Website/Landing Pages - | 'webshop' // E-Commerce - | 'hardware' // Hardware sales - | 'software_saas' // SaaS/Software products - | 'software_onpremise' // On-Premise Software - | 'services_consulting' // Consulting/Professional Services - | 'services_agency' // Agency Services - | 'internal_only' // Internal applications only - -export type TargetMarket = - | 'germany_only' // Only Germany - | 'dach' // Germany, Austria, Switzerland - | 'eu' // European Union - | 'ewr' // European Economic Area (EU + Iceland, Liechtenstein, Norway) - | 'eu_uk' // EU + United Kingdom - | 'worldwide' // Global operations - -export type CompanySize = 'micro' | 'small' | 'medium' | 'large' | 'enterprise' - -export type LegalForm = - | 'einzelunternehmen' // Sole proprietorship - | 'gbr' // GbR - | 'ohg' // OHG - | 'kg' // KG - | 'gmbh' // GmbH - | 'ug' // UG (haftungsbeschränkt) - | 'ag' // AG - | 'gmbh_co_kg' // GmbH & Co. KG - | 'ev' // e.V. (Verein) - | 'stiftung' // Foundation - | 'other' // Other - -// ============================================================================= -// MACHINE BUILDER PROFILE (IACE - Industrial AI Compliance Engine) -// ============================================================================= - -export type MachineProductType = 'test_stand' | 'robot_cell' | 'special_machine' | 'production_line' | 'other' - -export type AIIntegrationType = 'vision' | 'predictive_maintenance' | 'quality_control' | 'robot_control' | 'process_optimization' | 'other' - -export type HumanOversightLevel = 'full' | 'partial' | 'minimal' | 'none' - -export type CriticalSector = 'energy' | 'water' | 'transport' | 'health' | 'pharma' | 'automotive' | 'defense' - -export interface MachineBuilderProfile { - // Produkt - productTypes: MachineProductType[] - productDescription: string - productPride: string - containsSoftware: boolean - containsFirmware: boolean - containsAI: boolean - aiIntegrationType: AIIntegrationType[] - - // Sicherheit - hasSafetyFunction: boolean - safetyFunctionDescription: string - autonomousBehavior: boolean - humanOversightLevel: HumanOversightLevel - - // Konnektivitaet - isNetworked: boolean - hasRemoteAccess: boolean - hasOTAUpdates: boolean - updateMechanism: string - - // Markt & Kunden - exportMarkets: string[] - criticalSectorClients: boolean - criticalSectors: CriticalSector[] - oemClients: boolean - - // CE - ceMarkingRequired: boolean - existingCEProcess: boolean - hasRiskAssessment: boolean -} - -export const MACHINE_PRODUCT_TYPE_LABELS: Record = { - test_stand: 'Pruefstand', - robot_cell: 'Roboterzelle', - special_machine: 'Sondermaschine', - production_line: 'Produktionslinie', - other: 'Sonstige', -} - -export const AI_INTEGRATION_TYPE_LABELS: Record = { - vision: 'Bildverarbeitung / Machine Vision', - predictive_maintenance: 'Predictive Maintenance', - quality_control: 'Qualitaetskontrolle', - robot_control: 'Robotersteuerung', - process_optimization: 'Prozessoptimierung', - other: 'Sonstige', -} - -export const HUMAN_OVERSIGHT_LABELS: Record = { - full: 'Vollstaendig (Mensch entscheidet immer)', - partial: 'Teilweise (Mensch ueberwacht)', - minimal: 'Minimal (Mensch greift nur bei Stoerung ein)', - none: 'Keine (vollautonomer Betrieb)', -} - -export const CRITICAL_SECTOR_LABELS: Record = { - energy: 'Energie', - water: 'Wasser', - transport: 'Transport / Verkehr', - health: 'Gesundheit', - pharma: 'Pharma', - automotive: 'Automotive', - defense: 'Verteidigung', -} - -export interface CompanyProfile { - // Basic Info - companyName: string - legalForm: LegalForm - industry: string[] // Multi-select industries - industryOther: string // Custom text when "Sonstige" selected - foundedYear: number | null - - // Business Model - businessModel: BusinessModel - offerings: OfferingType[] - offeringUrls: Partial> // e.g. { website: 'https://...', webshop: 'https://...' } - - // Size & Scope - companySize: CompanySize - employeeCount: string // Range: "1-9", "10-49", "50-249", "250-999", "1000+" - annualRevenue: string // Range: "< 2 Mio", "2-10 Mio", "10-50 Mio", "> 50 Mio" - - // Locations - headquartersCountry: string // ISO country code, e.g., "DE" - headquartersCountryOther: string // Free text if country not in list - headquartersStreet: string - headquartersZip: string - headquartersCity: string - headquartersState: string // Bundesland / Kanton / Region - hasInternationalLocations: boolean - internationalCountries: string[] // ISO country codes - - // Target Markets & Legal Scope - targetMarkets: TargetMarket[] - primaryJurisdiction: string // Which law primarily applies: "DE", "AT", "CH", etc. - - // Data Processing Role - isDataController: boolean // Verantwortlicher (Art. 4 Nr. 7 DSGVO) - isDataProcessor: boolean // Auftragsverarbeiter (Art. 4 Nr. 8 DSGVO) - - // Contact Persons - dpoName: string | null // Data Protection Officer - dpoEmail: string | null - legalContactName: string | null - legalContactEmail: string | null - - // Machine Builder (IACE) - machineBuilder?: MachineBuilderProfile - - // Completion Status - isComplete: boolean - completedAt: Date | null -} - -export const COMPANY_SIZE_LABELS: Record = { - micro: 'Kleinstunternehmen (< 10 MA)', - small: 'Kleinunternehmen (10-49 MA)', - medium: 'Mittelstand (50-249 MA)', - large: 'Großunternehmen (250-999 MA)', - enterprise: 'Konzern (1000+ MA)', -} - -export const BUSINESS_MODEL_LABELS: Record = { - B2B: { short: 'B2B', description: 'Verkauf an Geschäftskunden' }, - B2C: { short: 'B2C', description: 'Verkauf an Privatkunden' }, - B2B_B2C: { short: 'B2B + B2C', description: 'Verkauf an Geschäfts- und Privatkunden' }, - B2B2C: { short: 'B2B2C', description: 'Über Partner an Endkunden (z.B. Plattform, White-Label)' }, -} - -export const OFFERING_TYPE_LABELS: Record = { - app_mobile: { label: 'Mobile App', description: 'iOS/Android Anwendungen' }, - app_web: { label: 'Web-Anwendung', description: 'Browser-basierte Software' }, - website: { label: 'Website', description: 'Informationsseiten, Landing Pages' }, - webshop: { label: 'Online-Shop', description: 'Physische Produkte oder Hardware-Abos verkaufen' }, - hardware: { label: 'Hardware-Verkauf', description: 'Physische Produkte' }, - software_saas: { label: 'SaaS/Cloud', description: 'Software online bereitstellen (auch wenn ueber einen Shop verkauft)' }, - software_onpremise: { label: 'On-Premise Software', description: 'Lokale Installation' }, - services_consulting: { label: 'Beratung', description: 'Consulting, Professional Services' }, - services_agency: { label: 'Agentur', description: 'Marketing, Design, Entwicklung' }, - internal_only: { label: 'Nur intern', description: 'Interne Unternehmensanwendungen' }, -} - -export const TARGET_MARKET_LABELS: Record = { - germany_only: { - label: 'Nur Deutschland', - description: 'Verkauf nur in Deutschland', - regulations: ['DSGVO', 'BDSG', 'TTDSG', 'AI Act'], - }, - dach: { - label: 'DACH-Region', - description: 'Deutschland, Österreich, Schweiz', - regulations: ['DSGVO', 'BDSG', 'DSG (AT)', 'DSG (CH)', 'AI Act'], - }, - eu: { - label: 'Europäische Union', - description: 'Alle EU-Mitgliedsstaaten', - regulations: ['DSGVO', 'AI Act', 'NIS2', 'DMA/DSA'], - }, - ewr: { - label: 'EWR', - description: 'EU + Island, Liechtenstein, Norwegen', - regulations: ['DSGVO', 'AI Act', 'NIS2', 'EWR-Sonderregelungen'], - }, - eu_uk: { - label: 'EU + Großbritannien', - description: 'EU plus Vereinigtes Königreich', - regulations: ['DSGVO', 'UK GDPR', 'AI Act', 'UK AI Framework'], - }, - worldwide: { - label: 'Weltweit', - description: 'Globaler Verkauf/Betrieb', - regulations: ['DSGVO', 'CCPA', 'LGPD', 'POPIA', 'und weitere...'], - }, -} - -// SDK Coverage Limitations - be honest about what we can/cannot help with -export interface SDKCoverageAssessment { - isFullyCovered: boolean - coveredRegulations: string[] - partiallyCoveredRegulations: string[] - notCoveredRegulations: string[] - requiresLegalCounsel: boolean - reasons: string[] - recommendations: string[] -} - -export interface SDKPackage { - id: SDKPackageId - order: number - name: string - nameShort: string - description: string - icon: string - result: string -} - -export const SDK_PACKAGES: SDKPackage[] = [ - { - id: 'vorbereitung', - order: 1, - name: 'Vorbereitung', - nameShort: 'Vorbereitung', - description: 'Grundlagen erfassen, Ausgangssituation verstehen', - icon: '🎯', - result: 'Klares Verständnis, welche Regulierungen greifen', - }, - { - id: 'analyse', - order: 2, - name: 'Analyse', - nameShort: 'Analyse', - description: 'Risiken erkennen, Anforderungen ableiten', - icon: '🔍', - result: 'Vollständige Risikobewertung, Audit-Ready', - }, - { - id: 'dokumentation', - order: 3, - name: 'Dokumentation', - nameShort: 'Doku', - description: 'Rechtliche Pflichtnachweise erstellen', - icon: '📋', - result: 'DSFA, TOMs, VVT, Löschkonzept', - }, - { - id: 'rechtliche-texte', - order: 4, - name: 'Rechtliche Texte', - nameShort: 'Legal', - description: 'Kundenfähige Dokumente generieren', - icon: '📝', - result: 'AGB, DSI, Nutzungsbedingungen, Cookie-Banner (Code)', - }, - { - id: 'betrieb', - order: 5, - name: 'Betrieb', - nameShort: 'Betrieb', - description: 'Laufender Compliance-Betrieb', - icon: '⚙️', - result: 'DSR-Portal, Eskalationsprozesse, Vendor-Management', - }, -] - -export type CheckpointType = 'REQUIRED' | 'RECOMMENDED' | 'OPTIONAL' - -export type ReviewerType = 'NONE' | 'TEAM_LEAD' | 'DSB' | 'LEGAL' - -export type ValidationSeverity = 'ERROR' | 'WARNING' | 'INFO' - -export type RiskSeverity = 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL' - -export type RiskLikelihood = 1 | 2 | 3 | 4 | 5 - -export type RiskImpact = 1 | 2 | 3 | 4 | 5 - -export type ImplementationStatus = 'NOT_IMPLEMENTED' | 'PARTIAL' | 'IMPLEMENTED' - -export type RequirementStatus = 'NOT_STARTED' | 'IN_PROGRESS' | 'IMPLEMENTED' | 'VERIFIED' - -export type ControlType = 'TECHNICAL' | 'ORGANIZATIONAL' | 'PHYSICAL' - -export type EvidenceType = 'DOCUMENT' | 'SCREENSHOT' | 'LOG' | 'CERTIFICATE' | 'AUDIT_REPORT' - -export type RiskStatus = 'IDENTIFIED' | 'ASSESSED' | 'MITIGATED' | 'ACCEPTED' | 'CLOSED' - -export type MitigationType = 'AVOID' | 'TRANSFER' | 'MITIGATE' | 'ACCEPT' - -export type AIActRiskCategory = 'MINIMAL' | 'LIMITED' | 'HIGH' | 'UNACCEPTABLE' - -export type DSFAStatus = 'DRAFT' | 'IN_REVIEW' | 'APPROVED' | 'REJECTED' - -export type ScreeningStatus = 'PENDING' | 'RUNNING' | 'COMPLETED' | 'FAILED' - -export type SecurityIssueSeverity = 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW' - -export type SecurityIssueStatus = 'OPEN' | 'IN_PROGRESS' | 'RESOLVED' | 'ACCEPTED' - -export type CookieBannerStyle = 'BANNER' | 'MODAL' | 'FLOATING' - -export type CookieBannerPosition = 'TOP' | 'BOTTOM' | 'CENTER' - -export type CookieBannerTheme = 'LIGHT' | 'DARK' | 'CUSTOM' - -export type CommandType = 'ACTION' | 'NAVIGATION' | 'SEARCH' | 'GENERATE' | 'HELP' - -// ============================================================================= -// SDK FLOW & NAVIGATION -// ============================================================================= - -export interface SDKStep { - id: string - seq: number // Globale Sequenznummer (100, 200, 300, ...) - phase: SDKPhase - package: SDKPackageId - order: number - name: string - nameShort: string - description: string - url: string - checkpointId: string - prerequisiteSteps: string[] - isOptional: boolean - visibleWhen?: (state: SDKState) => boolean // Konditionale Sichtbarkeit -} - -export const SDK_STEPS: SDKStep[] = [ - // ============================================================================= - // PAKET 1: VORBEREITUNG (Foundation) - // ============================================================================= - { - id: 'company-profile', - seq: 100, - phase: 1, - package: 'vorbereitung', - order: 1, - name: 'Unternehmensprofil', - nameShort: 'Profil', - description: 'Geschäftsmodell, Größe und Zielmärkte erfassen', - url: '/sdk/company-profile', - checkpointId: 'CP-PROF', - prerequisiteSteps: [], - isOptional: false, - }, - { - id: 'compliance-scope', - seq: 200, - phase: 1, - package: 'vorbereitung', - order: 2, - name: 'Compliance Scope', - nameShort: 'Scope', - description: 'Umfang und Tiefe Ihrer Compliance-Dokumentation bestimmen', - url: '/sdk/compliance-scope', - checkpointId: 'CP-SCOPE', - prerequisiteSteps: ['company-profile'], - isOptional: false, - }, - { - id: 'use-case-assessment', - seq: 300, - phase: 1, - package: 'vorbereitung', - order: 3, - name: 'Anwendungsfall-Erfassung', - nameShort: 'Anwendung', - description: 'AI-Anwendungsfälle strukturiert dokumentieren', - url: '/sdk/advisory-board', - checkpointId: 'CP-UC', - prerequisiteSteps: ['company-profile'], - isOptional: false, - }, - { - id: 'import', - seq: 400, - phase: 1, - package: 'vorbereitung', - order: 4, - name: 'Dokument-Import', - nameShort: 'Import', - description: 'Bestehende Dokumente hochladen (Bestandskunden)', - url: '/sdk/import', - checkpointId: 'CP-IMP', - prerequisiteSteps: ['use-case-assessment'], - isOptional: true, - visibleWhen: (state) => state.customerType === 'existing', - }, - { - id: 'screening', - seq: 500, - phase: 1, - package: 'vorbereitung', - order: 5, - name: 'System Screening', - nameShort: 'Screening', - description: 'SBOM + Security Check', - url: '/sdk/screening', - checkpointId: 'CP-SCAN', - prerequisiteSteps: ['use-case-assessment'], - isOptional: false, - }, - { - id: 'modules', - seq: 600, - phase: 1, - package: 'vorbereitung', - order: 6, - name: 'Compliance Modules', - nameShort: 'Module', - description: 'Abgleich welche Regulierungen gelten', - url: '/sdk/modules', - checkpointId: 'CP-MOD', - prerequisiteSteps: ['screening'], - isOptional: false, - }, - { - id: 'source-policy', - seq: 700, - phase: 1, - package: 'vorbereitung', - order: 7, - name: 'Source Policy', - nameShort: 'Quellen', - description: 'Datenquellen-Governance & Whitelist', - url: '/sdk/source-policy', - checkpointId: 'CP-SPOL', - prerequisiteSteps: ['modules'], - isOptional: false, - }, - - // ============================================================================= - // PAKET 2: ANALYSE (Assessment) - // ============================================================================= - { - id: 'requirements', - seq: 1000, - phase: 1, - package: 'analyse', - order: 1, - name: 'Requirements', - nameShort: 'Anforderungen', - description: 'Prüfaspekte aus Regulierungen ableiten', - url: '/sdk/requirements', - checkpointId: 'CP-REQ', - prerequisiteSteps: ['source-policy'], - isOptional: false, - }, - { - id: 'controls', - seq: 1100, - phase: 1, - package: 'analyse', - order: 2, - name: 'Controls', - nameShort: 'Controls', - description: 'Erforderliche Maßnahmen ermitteln', - url: '/sdk/controls', - checkpointId: 'CP-CTRL', - prerequisiteSteps: ['requirements'], - isOptional: false, - }, - { - id: 'evidence', - seq: 1200, - phase: 1, - package: 'analyse', - order: 3, - name: 'Evidence', - nameShort: 'Nachweise', - description: 'Nachweise dokumentieren', - url: '/sdk/evidence', - checkpointId: 'CP-EVI', - prerequisiteSteps: ['controls'], - isOptional: false, - }, - { - id: 'risks', - seq: 1300, - phase: 1, - package: 'analyse', - order: 4, - name: 'Risk Matrix', - nameShort: 'Risiken', - description: 'Risikobewertung & Residual Risk', - url: '/sdk/risks', - checkpointId: 'CP-RISK', - prerequisiteSteps: ['evidence'], - isOptional: false, - }, - { - id: 'ai-act', - seq: 1400, - phase: 1, - package: 'analyse', - order: 5, - name: 'AI Act Klassifizierung', - nameShort: 'AI Act', - description: 'Risikostufe nach EU AI Act', - url: '/sdk/ai-act', - checkpointId: 'CP-AI', - prerequisiteSteps: ['risks'], - isOptional: false, - }, - { - id: 'audit-checklist', - seq: 1500, - phase: 1, - package: 'analyse', - order: 6, - name: 'Audit Checklist', - nameShort: 'Checklist', - description: 'Prüfliste generieren', - url: '/sdk/audit-checklist', - checkpointId: 'CP-CHK', - prerequisiteSteps: ['ai-act'], - isOptional: false, - }, - { - id: 'audit-report', - seq: 1600, - phase: 1, - package: 'analyse', - order: 7, - name: 'Audit Report', - nameShort: 'Report', - description: 'Audit-Sitzungen & PDF-Report', - url: '/sdk/audit-report', - checkpointId: 'CP-AREP', - prerequisiteSteps: ['audit-checklist'], - isOptional: false, - }, - - // ============================================================================= - // PAKET 3: DOKUMENTATION (Compliance Docs) - // ============================================================================= - { - id: 'obligations', - seq: 2000, - phase: 2, - package: 'dokumentation', - order: 1, - name: 'Pflichtenübersicht', - nameShort: 'Pflichten', - description: 'NIS2, DSGVO, AI Act Pflichten', - url: '/sdk/obligations', - checkpointId: 'CP-OBL', - prerequisiteSteps: ['audit-report'], - isOptional: false, - }, - { - id: 'dsfa', - seq: 2100, - phase: 2, - package: 'dokumentation', - order: 2, - name: 'DSFA', - nameShort: 'DSFA', - description: 'Datenschutz-Folgenabschätzung', - url: '/sdk/dsfa', - checkpointId: 'CP-DSFA', - prerequisiteSteps: ['obligations'], - isOptional: true, - visibleWhen: (state) => { - const level = state.complianceScope?.decision?.determinedLevel - if (level && ['L2', 'L3', 'L4'].includes(level)) return true - const triggers = state.complianceScope?.decision?.triggeredHardTriggers || [] - return triggers.some(t => t.rule.dsfaRequired) - }, - }, - { - id: 'tom', - seq: 2200, - phase: 2, - package: 'dokumentation', - order: 3, - name: 'TOMs', - nameShort: 'TOMs', - description: 'Technische & Org. Maßnahmen', - url: '/sdk/tom', - checkpointId: 'CP-TOM', - prerequisiteSteps: ['obligations'], - isOptional: false, - }, - { - id: 'loeschfristen', - seq: 2300, - phase: 2, - package: 'dokumentation', - order: 4, - name: 'Löschfristen', - nameShort: 'Löschfristen', - description: 'Aufbewahrungsrichtlinien', - url: '/sdk/loeschfristen', - checkpointId: 'CP-RET', - prerequisiteSteps: ['tom'], - isOptional: false, - }, - { - id: 'vvt', - seq: 2400, - phase: 2, - package: 'dokumentation', - order: 5, - name: 'Verarbeitungsverzeichnis', - nameShort: 'VVT', - description: 'Art. 30 DSGVO Dokumentation', - url: '/sdk/vvt', - checkpointId: 'CP-VVT', - prerequisiteSteps: ['loeschfristen'], - isOptional: false, - }, - - // ============================================================================= - // PAKET 4: RECHTLICHE TEXTE (Legal Outputs) - // ============================================================================= - { - id: 'einwilligungen', - seq: 3000, - phase: 2, - package: 'rechtliche-texte', - order: 1, - name: 'Einwilligungen', - nameShort: 'Einwilligungen', - description: 'Datenpunktkatalog & DSI-Generator', - url: '/sdk/einwilligungen', - checkpointId: 'CP-CONS', - prerequisiteSteps: ['vvt'], - isOptional: false, - }, - { - id: 'consent', - seq: 3100, - phase: 2, - package: 'rechtliche-texte', - order: 2, - name: 'Rechtliche Vorlagen', - nameShort: 'Vorlagen', - description: 'AGB, Datenschutz, Nutzungsbedingungen', - url: '/sdk/consent', - checkpointId: 'CP-DOC', - prerequisiteSteps: ['einwilligungen'], - isOptional: false, - }, - { - id: 'cookie-banner', - seq: 3200, - phase: 2, - package: 'rechtliche-texte', - order: 3, - name: 'Cookie Banner', - nameShort: 'Cookies', - description: 'Cookie-Consent Generator', - url: '/sdk/cookie-banner', - checkpointId: 'CP-COOK', - prerequisiteSteps: ['consent'], - isOptional: false, - }, - { - id: 'document-generator', - seq: 3300, - phase: 2, - package: 'rechtliche-texte', - order: 4, - name: 'Dokumentengenerator', - nameShort: 'Generator', - description: 'Rechtliche Dokumente aus Vorlagen erstellen', - url: '/sdk/document-generator', - checkpointId: 'CP-DOCGEN', - prerequisiteSteps: ['cookie-banner'], - isOptional: true, - visibleWhen: () => true, - }, - { - id: 'workflow', - seq: 3400, - phase: 2, - package: 'rechtliche-texte', - order: 5, - name: 'Document Workflow', - nameShort: 'Workflow', - description: 'Versionierung & Freigabe-Workflow', - url: '/sdk/workflow', - checkpointId: 'CP-WRKF', - prerequisiteSteps: ['cookie-banner'], - isOptional: false, - }, - - // ============================================================================= - // PAKET 5: BETRIEB (Operations) - // ============================================================================= - { - id: 'dsr', - seq: 4000, - phase: 2, - package: 'betrieb', - order: 1, - name: 'DSR Portal', - nameShort: 'DSR', - description: 'Betroffenenrechte-Portal', - url: '/sdk/dsr', - checkpointId: 'CP-DSR', - prerequisiteSteps: ['workflow'], - isOptional: false, - }, - { - id: 'escalations', - seq: 4100, - phase: 2, - package: 'betrieb', - order: 2, - name: 'Escalations', - nameShort: 'Eskalationen', - description: 'Management-Workflows', - url: '/sdk/escalations', - checkpointId: 'CP-ESC', - prerequisiteSteps: ['dsr'], - isOptional: false, - }, - { - id: 'vendor-compliance', - seq: 2500, - phase: 2, - package: 'dokumentation', - order: 6, - name: 'Vendor Compliance', - nameShort: 'Vendor', - description: 'Dienstleister-Management', - url: '/sdk/vendor-compliance', - checkpointId: 'CP-VEND', - prerequisiteSteps: ['vvt'], - isOptional: false, - }, - { - id: 'consent-management', - seq: 4300, - phase: 2, - package: 'betrieb', - order: 4, - name: 'Consent Verwaltung', - nameShort: 'Consent Mgmt', - description: 'Dokument-Lifecycle & DSGVO-Prozesse', - url: '/sdk/consent-management', - checkpointId: 'CP-CMGMT', - prerequisiteSteps: ['vendor-compliance'], - isOptional: false, - }, - { - id: 'email-templates', - seq: 4350, - phase: 2, - package: 'betrieb', - order: 5, - name: 'E-Mail-Templates', - nameShort: 'E-Mails', - description: 'Benachrichtigungs-Vorlagen verwalten', - url: '/sdk/email-templates', - checkpointId: 'CP-EMAIL', - prerequisiteSteps: ['consent-management'], - isOptional: false, - }, - { - id: 'notfallplan', - seq: 4400, - phase: 2, - package: 'betrieb', - order: 6, - name: 'Notfallplan & Breach Response', - nameShort: 'Notfallplan', - description: 'Datenpannen-Management nach Art. 33/34 DSGVO', - url: '/sdk/notfallplan', - checkpointId: 'CP-NOTF', - prerequisiteSteps: ['email-templates'], - isOptional: false, - }, - { - id: 'incidents', - seq: 4500, - phase: 2, - package: 'betrieb', - order: 7, - name: 'Incident Management', - nameShort: 'Incidents', - description: 'Datenpannen erfassen, bewerten und melden (Art. 33/34 DSGVO)', - url: '/sdk/incidents', - checkpointId: 'CP-INC', - prerequisiteSteps: ['notfallplan'], - isOptional: false, - }, - { - id: 'whistleblower', - seq: 4600, - phase: 2, - package: 'betrieb', - order: 8, - name: 'Hinweisgebersystem', - nameShort: 'Whistleblower', - description: 'Anonymes Meldesystem gemaess HinSchG', - url: '/sdk/whistleblower', - checkpointId: 'CP-WB', - prerequisiteSteps: ['incidents'], - isOptional: false, - }, - { - id: 'academy', - seq: 4700, - phase: 2, - package: 'betrieb', - order: 9, - name: 'Compliance Academy', - nameShort: 'Academy', - description: 'Mitarbeiter-Schulungen & Zertifikate', - url: '/sdk/academy', - checkpointId: 'CP-ACAD', - prerequisiteSteps: ['whistleblower'], - isOptional: false, - }, - { - id: 'training', - seq: 4800, - phase: 2, - package: 'betrieb', - order: 10, - name: 'Training Engine', - nameShort: 'Training', - description: 'KI-generierte Schulungsinhalte, Quiz & Medien', - url: '/sdk/training', - checkpointId: 'CP-TRAIN', - prerequisiteSteps: ['academy'], - isOptional: false, - }, - { - id: 'control-library', - seq: 4900, - phase: 2, - package: 'betrieb', - order: 11, - name: 'Control Library', - nameShort: 'Controls', - description: 'Canonical Security Controls mit Open-Source-Referenzen', - url: '/sdk/control-library', - checkpointId: 'CP-CLIB', - prerequisiteSteps: [], - isOptional: true, - }, - { - id: 'atomic-controls', - seq: 4925, - phase: 2, - package: 'betrieb', - order: 11.5, - name: 'Atomare Controls', - nameShort: 'Atomar', - description: 'Deduplizierte atomare Controls mit Herkunftsnachweis', - url: '/sdk/atomic-controls', - checkpointId: 'CP-ATOM', - prerequisiteSteps: [], - isOptional: true, - }, - { - id: 'control-provenance', - seq: 4950, - phase: 2, - package: 'betrieb', - order: 12, - name: 'Control Provenance', - nameShort: 'Provenance', - description: 'Herkunftsnachweis: Offene Quellen, Lizenzen, Too-Close-Pruefung', - url: '/sdk/control-provenance', - checkpointId: 'CP-CPROV', - prerequisiteSteps: [], - isOptional: true, - }, -] - -// ============================================================================= -// CHECKPOINT SYSTEM -// ============================================================================= - -export interface ValidationRule { - id: string - field: string - condition: 'NOT_EMPTY' | 'MIN_COUNT' | 'MIN_VALUE' | 'CUSTOM' | 'REGEX' - value?: number | string - message: string - severity: ValidationSeverity -} - -export interface ValidationError { - ruleId: string - field: string - message: string - severity: ValidationSeverity -} - -export interface Checkpoint { - id: string - step: string - name: string - type: CheckpointType - validation: ValidationRule[] - blocksProgress: boolean - requiresReview: ReviewerType - autoValidate: boolean -} - -export interface CheckpointStatus { - checkpointId: string - passed: boolean - validatedAt: Date | null - validatedBy: string | null - errors: ValidationError[] - warnings: ValidationError[] - overrideReason?: string - overriddenBy?: string - overriddenAt?: Date -} - -// ============================================================================= -// USE CASE ASSESSMENT -// ============================================================================= - -export interface UseCaseStep { - id: string - name: string - completed: boolean - data: Record -} - -export interface AssessmentResult { - riskLevel: RiskSeverity - applicableRegulations: string[] - recommendedControls: string[] - dsfaRequired: boolean - aiActClassification: string -} - -export interface UseCaseIntake { - domain: string - dataCategories: string[] - processesPersonalData: boolean - specialCategories: boolean - healthData: boolean - biometricData: boolean - minorsData: boolean - financialData: boolean - customDataTypes: string[] - legalBasis: string - purposes: { - profiling: boolean - automatedDecision: boolean - marketing: boolean - analytics: boolean - serviceDelivery: boolean - } - automation: 'assistive' | 'semi_automated' | 'fully_automated' - hosting: { - provider: string - region: string - } - modelUsage: { - inference: boolean - rag: boolean - finetune: boolean - training: boolean - } - aiTechnologies: string[] - internationalTransfer: { - enabled: boolean - countries: string[] - mechanism: string - } - retention: { - days: number - purpose: string - } - contracts: { - hasDpa: boolean - hasAiaDocumentation: boolean - hasRiskAssessment: boolean - subprocessors: string - } -} - -export interface UseCaseAssessment { - id: string - name: string - description: string - category: string - stepsCompleted: number - steps: UseCaseStep[] - assessmentResult: AssessmentResult | null - intake?: UseCaseIntake - uccaAssessmentId?: string - createdAt: Date - updatedAt: Date -} - -// ============================================================================= -// SCREENING & SECURITY -// ============================================================================= - -export interface Vulnerability { - id: string - cve: string - severity: SecurityIssueSeverity - title: string - description: string - cvss: number | null - fixedIn: string | null -} - -export interface SBOMComponent { - name: string - version: string - type: 'library' | 'framework' | 'application' | 'container' - purl: string - licenses: string[] - vulnerabilities: Vulnerability[] -} - -export interface SBOMDependency { - from: string - to: string -} - -// RAG Corpus Versioning -export interface RAGCorpusCollectionStatus { - id: string - current_version: string - documents_count: number - chunks_count: number - regulations: string[] - last_updated: string - digest: string -} - -export interface RAGCorpusStatus { - collections: Record - fetchedAt: string -} - -export interface SBOM { - format: 'CycloneDX' | 'SPDX' - version: string - components: SBOMComponent[] - dependencies: SBOMDependency[] - generatedAt: Date -} - -export interface SecurityScanResult { - totalIssues: number - critical: number - high: number - medium: number - low: number - issues: SecurityIssue[] -} - -export interface SecurityIssue { - id: string - severity: SecurityIssueSeverity - title: string - description: string - cve: string | null - cvss: number | null - affectedComponent: string - remediation: string - status: SecurityIssueStatus -} - -export interface ScreeningResult { - id: string - status: ScreeningStatus - startedAt: Date - completedAt: Date | null - sbom: SBOM | null - securityScan: SecurityScanResult | null - error: string | null -} - -export interface BacklogItem { - id: string - title: string - description: string - severity: SecurityIssueSeverity - securityIssueId: string - status: 'OPEN' | 'IN_PROGRESS' | 'DONE' - assignee: string | null - dueDate: Date | null - createdAt: Date -} - -// ============================================================================= -// COMPLIANCE -// ============================================================================= - -export interface ServiceModule { - id: string - name: string - description: string - regulations: string[] - criticality: RiskSeverity - processesPersonalData: boolean - hasAIComponents: boolean -} - -export interface Requirement { - id: string - regulation: string - article: string - title: string - description: string - criticality: RiskSeverity - applicableModules: string[] - status: RequirementStatus - controls: string[] -} - -export interface Control { - id: string - name: string - description: string - type: ControlType - category: string - implementationStatus: ImplementationStatus - effectiveness: RiskSeverity - evidence: string[] - owner: string | null - dueDate: Date | null -} - -export interface Evidence { - id: string - controlId: string - type: EvidenceType - name: string - description: string - fileUrl: string | null - validFrom: Date - validUntil: Date | null - uploadedBy: string - uploadedAt: Date -} - -export interface ChecklistItem { - id: string - requirementId: string - title: string - description: string - status: 'PENDING' | 'PASSED' | 'FAILED' | 'NOT_APPLICABLE' - notes: string - verifiedBy: string | null - verifiedAt: Date | null -} - -// ============================================================================= -// RISK MANAGEMENT -// ============================================================================= - -export interface RiskMitigation { - id: string - description: string - type: MitigationType - status: 'PLANNED' | 'IN_PROGRESS' | 'COMPLETED' - effectiveness: number // 0-100 - controlId: string | null -} - -export interface Risk { - id: string - title: string - description: string - category: string - likelihood: RiskLikelihood - impact: RiskImpact - severity: RiskSeverity - inherentRiskScore: number - residualRiskScore: number - status: RiskStatus - mitigation: RiskMitigation[] - owner: string | null - relatedControls: string[] - relatedRequirements: string[] -} - -// ============================================================================= -// AI ACT & OBLIGATIONS -// ============================================================================= - -export interface AIActObligation { - id: string - article: string - title: string - description: string - deadline: Date | null - status: 'PENDING' | 'IN_PROGRESS' | 'COMPLETED' -} - -export interface AIActResult { - riskCategory: AIActRiskCategory - systemType: string - obligations: AIActObligation[] - assessmentDate: Date - assessedBy: string - justification: string -} - -export interface Obligation { - id: string - regulation: string - article: string - title: string - description: string - deadline: Date | null - penalty: string | null - status: 'PENDING' | 'IN_PROGRESS' | 'COMPLETED' - responsible: string | null -} - -// ============================================================================= -// DSFA -// ============================================================================= - -export interface DSFASection { - id: string - title: string - content: string - status: 'DRAFT' | 'COMPLETED' - order: number -} - -export interface DSFAApproval { - id: string - approver: string - role: string - status: 'PENDING' | 'APPROVED' | 'REJECTED' - comment: string | null - approvedAt: Date | null -} - -export interface DSFA { - id: string - status: DSFAStatus - version: number - sections: DSFASection[] - approvals: DSFAApproval[] - createdAt: Date - updatedAt: Date -} - -// ============================================================================= -// TOMs & RETENTION -// ============================================================================= - -export interface TOM { - id: string - category: string - name: string - description: string - type: 'TECHNICAL' | 'ORGANIZATIONAL' - implementationStatus: ImplementationStatus - priority: RiskSeverity - responsiblePerson: string | null - implementationDate: Date | null - reviewDate: Date | null - evidence: string[] -} - -export interface RetentionPolicy { - id: string - dataCategory: string - description: string - legalBasis: string - retentionPeriod: string - deletionMethod: string - exceptions: string[] -} - -// ============================================================================= -// VVT (Processing Register) -// ============================================================================= - -export interface ProcessingActivity { - id: string - name: string - purpose: string - legalBasis: string - dataCategories: string[] - dataSubjects: string[] - recipients: string[] - thirdCountryTransfers: boolean - retentionPeriod: string - technicalMeasures: string[] - organizationalMeasures: string[] -} - -// ============================================================================= -// LEGAL DOCUMENTS -// ============================================================================= - -export interface LegalDocument { - id: string - type: 'AGB' | 'PRIVACY_POLICY' | 'TERMS_OF_USE' | 'IMPRINT' | 'COOKIE_POLICY' - title: string - content: string - version: string - status: 'DRAFT' | 'PUBLISHED' | 'ARCHIVED' - publishedAt: Date | null - createdAt: Date - updatedAt: Date -} - -// ============================================================================= -// COOKIE BANNER -// ============================================================================= - -export interface Cookie { - id: string - name: string - provider: string - purpose: string - expiry: string - type: 'NECESSARY' | 'FUNCTIONAL' | 'ANALYTICS' | 'MARKETING' -} - -export interface CookieCategory { - id: string - name: string - description: string - required: boolean - cookies: Cookie[] -} - -export interface CookieBannerTexts { - title: string - description: string - acceptAll: string - rejectAll: string - settings: string - save: string -} - -export interface CookieBannerGeneratedCode { - html: string - css: string - js: string -} - -export interface CookieBannerConfig { - id: string - style: CookieBannerStyle - position: CookieBannerPosition - theme: CookieBannerTheme - texts: CookieBannerTexts - categories: CookieCategory[] - generatedCode: CookieBannerGeneratedCode | null -} - -// ============================================================================= -// CONSENT & DSR -// ============================================================================= - -export interface ConsentRecord { - id: string - userId: string - documentId: string - documentVersion: string - consentType: string - granted: boolean - grantedAt: Date - revokedAt: Date | null - ipAddress: string | null - userAgent: string | null -} - -export interface DSRRequest { - id: string - type: 'ACCESS' | 'RECTIFICATION' | 'ERASURE' | 'PORTABILITY' | 'RESTRICTION' | 'OBJECTION' - status: 'RECEIVED' | 'VERIFIED' | 'PROCESSING' | 'COMPLETED' | 'REJECTED' - requesterEmail: string - requesterName: string - requestedAt: Date - dueDate: Date - completedAt: Date | null - notes: string -} - -export interface DSRConfig { - id: string - enabled: boolean - portalUrl: string - emailTemplates: Record - automatedResponses: boolean - verificationRequired: boolean -} - -// ============================================================================= -// IMPORTED DOCUMENTS (für Bestandskunden) -// ============================================================================= - -export type ImportedDocumentType = - | 'DSFA' - | 'TOM' - | 'VVT' - | 'AGB' - | 'PRIVACY_POLICY' - | 'COOKIE_POLICY' - | 'RISK_ASSESSMENT' - | 'AUDIT_REPORT' - | 'OTHER' - -export interface ImportedDocument { - id: string - name: string - type: ImportedDocumentType - fileUrl: string - uploadedAt: Date - analyzedAt: Date | null - analysisResult: DocumentAnalysisResult | null -} - -export interface DocumentAnalysisResult { - detectedType: ImportedDocumentType - confidence: number - extractedEntities: string[] - gaps: GapItem[] - recommendations: string[] -} - -export interface GapItem { - id: string - category: string - description: string - severity: RiskSeverity - regulation: string - requiredAction: string - relatedStepId: string | null -} - -export interface GapAnalysis { - id: string - createdAt: Date - totalGaps: number - criticalGaps: number - highGaps: number - mediumGaps: number - lowGaps: number - gaps: GapItem[] - recommendedPackages: SDKPackageId[] -} - -// ============================================================================= -// ESCALATIONS -// ============================================================================= - -export interface EscalationWorkflow { - id: string - name: string - description: string - triggerConditions: string[] - steps: EscalationStep[] - enabled: boolean -} - -export interface EscalationStep { - id: string - order: number - action: string - assignee: string - timeLimit: string // ISO 8601 Duration - escalateOnTimeout: boolean -} - -// ============================================================================= -// COMMAND BAR -// ============================================================================= - -export interface CommandSuggestion { - id: string - type: CommandType - label: string - description: string - shortcut?: string - icon?: string - action: () => void | Promise - relevanceScore: number -} - -export interface CommandHistory { - id: string - query: string - type: CommandType - timestamp: Date - success: boolean -} - -// ============================================================================= -// USER PREFERENCES -// ============================================================================= - -export interface UserPreferences { - language: 'de' | 'en' - theme: 'light' | 'dark' | 'system' - compactMode: boolean - showHints: boolean - autoSave: boolean - autoValidate: boolean - allowParallelWork: boolean // Erlaubt Navigation zu allen Schritten ohne Voraussetzungen -} - -// ============================================================================= -// SDK STATE -// ============================================================================= - -export interface SDKState { - // Metadata - version: string - projectVersion: number - lastModified: Date - - // Tenant & User - tenantId: string - userId: string - subscription: SubscriptionTier - - // Project Context (Multi-Projekt) - projectId: string - projectInfo: ProjectInfo | null - - // Customer Type (new vs existing) - customerType: CustomerType | null - - // Company Profile (collected before use cases) - companyProfile: CompanyProfile | null - - // Compliance Scope (determines depth level L1-L4) - complianceScope: import('./compliance-scope-types').ComplianceScopeState | null - - // Source Policy (checkpoint tracking — actual data in backend) - sourcePolicy: { - configured: boolean - sourcesCount: number - piiRulesCount: number - lastAuditAt: string | null - } | null - - // Progress - currentPhase: SDKPhase - currentStep: string - completedSteps: string[] - checkpoints: Record - - // Imported Documents (for existing customers) - importedDocuments: ImportedDocument[] - gapAnalysis: GapAnalysis | null - - // Phase 1 Data - useCases: UseCaseAssessment[] - activeUseCase: string | null - screening: ScreeningResult | null - modules: ServiceModule[] - requirements: Requirement[] - controls: Control[] - evidence: Evidence[] - checklist: ChecklistItem[] - risks: Risk[] - - // Phase 2 Data - aiActClassification: AIActResult | null - obligations: Obligation[] - dsfa: DSFA | null - toms: TOM[] - retentionPolicies: RetentionPolicy[] - vvt: ProcessingActivity[] - documents: LegalDocument[] - cookieBanner: CookieBannerConfig | null - consents: ConsentRecord[] - dsrConfig: DSRConfig | null - escalationWorkflows: EscalationWorkflow[] - - // IACE (Industrial AI Compliance Engine) - iaceProjects: IACEProjectSummary[] - - // RAG Corpus Versioning - ragCorpusStatus: RAGCorpusStatus | null - - // Security - sbom: SBOM | null - securityIssues: SecurityIssue[] - securityBacklog: BacklogItem[] - - // Catalog Manager - customCatalogs: CustomCatalogs - - // UI State - commandBarHistory: CommandHistory[] - recentSearches: string[] - preferences: UserPreferences -} - -// ============================================================================= -// IACE PROJECT TYPES -// ============================================================================= - -export type IACEProjectStatus = 'draft' | 'onboarding' | 'classification' | 'hazard_analysis' | 'mitigation' | 'verification' | 'tech_file' | 'completed' | 'archived' - -export interface IACEProjectSummary { - id: string - machineName: string - machineType: MachineProductType - status: IACEProjectStatus - completenessScore: number - riskSummary: { - critical: number - high: number - medium: number - low: number - } - createdAt: string - updatedAt: string -} - -// ============================================================================= -// SDK ACTIONS -// ============================================================================= - -export type SDKAction = - | { type: 'SET_STATE'; payload: Partial } - | { type: 'SET_CURRENT_STEP'; payload: string } - | { type: 'COMPLETE_STEP'; payload: string } - | { type: 'SET_CHECKPOINT_STATUS'; payload: { id: string; status: CheckpointStatus } } - | { type: 'SET_CUSTOMER_TYPE'; payload: CustomerType } - | { type: 'SET_COMPANY_PROFILE'; payload: CompanyProfile } - | { type: 'UPDATE_COMPANY_PROFILE'; payload: Partial } - | { type: 'SET_COMPLIANCE_SCOPE'; payload: import('./compliance-scope-types').ComplianceScopeState } - | { type: 'UPDATE_COMPLIANCE_SCOPE'; payload: Partial } - | { type: 'ADD_IMPORTED_DOCUMENT'; payload: ImportedDocument } - | { type: 'UPDATE_IMPORTED_DOCUMENT'; payload: { id: string; data: Partial } } - | { type: 'DELETE_IMPORTED_DOCUMENT'; payload: string } - | { type: 'SET_GAP_ANALYSIS'; payload: GapAnalysis } - | { type: 'ADD_USE_CASE'; payload: UseCaseAssessment } - | { type: 'UPDATE_USE_CASE'; payload: { id: string; data: Partial } } - | { type: 'DELETE_USE_CASE'; payload: string } - | { type: 'SET_ACTIVE_USE_CASE'; payload: string | null } - | { type: 'SET_SCREENING'; payload: ScreeningResult } - | { type: 'ADD_MODULE'; payload: ServiceModule } - | { type: 'UPDATE_MODULE'; payload: { id: string; data: Partial } } - | { type: 'ADD_REQUIREMENT'; payload: Requirement } - | { type: 'UPDATE_REQUIREMENT'; payload: { id: string; data: Partial } } - | { type: 'ADD_CONTROL'; payload: Control } - | { type: 'UPDATE_CONTROL'; payload: { id: string; data: Partial } } - | { type: 'ADD_EVIDENCE'; payload: Evidence } - | { type: 'UPDATE_EVIDENCE'; payload: { id: string; data: Partial } } - | { type: 'DELETE_EVIDENCE'; payload: string } - | { type: 'ADD_RISK'; payload: Risk } - | { type: 'UPDATE_RISK'; payload: { id: string; data: Partial } } - | { type: 'DELETE_RISK'; payload: string } - | { type: 'SET_AI_ACT_RESULT'; payload: AIActResult } - | { type: 'ADD_OBLIGATION'; payload: Obligation } - | { type: 'UPDATE_OBLIGATION'; payload: { id: string; data: Partial } } - | { type: 'SET_DSFA'; payload: DSFA } - | { type: 'ADD_TOM'; payload: TOM } - | { type: 'UPDATE_TOM'; payload: { id: string; data: Partial } } - | { type: 'ADD_RETENTION_POLICY'; payload: RetentionPolicy } - | { type: 'UPDATE_RETENTION_POLICY'; payload: { id: string; data: Partial } } - | { type: 'ADD_PROCESSING_ACTIVITY'; payload: ProcessingActivity } - | { type: 'UPDATE_PROCESSING_ACTIVITY'; payload: { id: string; data: Partial } } - | { type: 'ADD_DOCUMENT'; payload: LegalDocument } - | { type: 'UPDATE_DOCUMENT'; payload: { id: string; data: Partial } } - | { type: 'SET_COOKIE_BANNER'; payload: CookieBannerConfig } - | { type: 'SET_DSR_CONFIG'; payload: DSRConfig } - | { type: 'ADD_ESCALATION_WORKFLOW'; payload: EscalationWorkflow } - | { type: 'UPDATE_ESCALATION_WORKFLOW'; payload: { id: string; data: Partial } } - | { type: 'ADD_SECURITY_ISSUE'; payload: SecurityIssue } - | { type: 'UPDATE_SECURITY_ISSUE'; payload: { id: string; data: Partial } } - | { type: 'ADD_BACKLOG_ITEM'; payload: BacklogItem } - | { type: 'UPDATE_BACKLOG_ITEM'; payload: { id: string; data: Partial } } - | { type: 'ADD_COMMAND_HISTORY'; payload: CommandHistory } - | { type: 'SET_PREFERENCES'; payload: Partial } - | { type: 'ADD_CUSTOM_CATALOG_ENTRY'; payload: CustomCatalogEntry } - | { type: 'UPDATE_CUSTOM_CATALOG_ENTRY'; payload: { catalogId: CatalogId; entryId: string; data: Record } } - | { type: 'DELETE_CUSTOM_CATALOG_ENTRY'; payload: { catalogId: CatalogId; entryId: string } } - | { type: 'RESET_STATE' } - -// ============================================================================= -// HELPER FUNCTIONS -// ============================================================================= - -export function getStepById(stepId: string): SDKStep | undefined { - return SDK_STEPS.find(s => s.id === stepId) -} - -export function getStepByUrl(url: string): SDKStep | undefined { - return SDK_STEPS.find(s => s.url === url) -} - -export function getStepsForPhase(phase: SDKPhase): SDKStep[] { - return SDK_STEPS.filter(s => s.phase === phase).sort((a, b) => a.seq - b.seq) -} - -// Alle Steps global nach seq sortiert -function getAllStepsSorted(): SDKStep[] { - return [...SDK_STEPS].sort((a, b) => a.seq - b.seq) -} - -// Sichtbare Steps (state-abhaengig) -export function getVisibleSteps(state: SDKState): SDKStep[] { - return getAllStepsSorted().filter(step => { - if (step.visibleWhen) return step.visibleWhen(state) - return true - }) -} - -// Naechster sichtbarer Step -export function getNextVisibleStep(currentStepId: string, state: SDKState): SDKStep | undefined { - const visible = getVisibleSteps(state) - const idx = visible.findIndex(s => s.id === currentStepId) - if (idx >= 0 && idx < visible.length - 1) return visible[idx + 1] - return undefined -} - -// Vorheriger sichtbarer Step -export function getPreviousVisibleStep(currentStepId: string, state: SDKState): SDKStep | undefined { - const visible = getVisibleSteps(state) - const idx = visible.findIndex(s => s.id === currentStepId) - if (idx > 0) return visible[idx - 1] - return undefined -} - -export function getNextStep(currentStepId: string, state?: SDKState): SDKStep | undefined { - if (!state) { - // Fallback: seq-sortiert ohne Sichtbarkeitspruefung - const sorted = getAllStepsSorted() - const idx = sorted.findIndex(s => s.id === currentStepId) - if (idx >= 0 && idx < sorted.length - 1) return sorted[idx + 1] - return undefined - } - return getNextVisibleStep(currentStepId, state) -} - -export function getPreviousStep(currentStepId: string, state?: SDKState): SDKStep | undefined { - if (!state) { - const sorted = getAllStepsSorted() - const idx = sorted.findIndex(s => s.id === currentStepId) - if (idx > 0) return sorted[idx - 1] - return undefined - } - return getPreviousVisibleStep(currentStepId, state) -} - -export function calculateRiskScore(likelihood: RiskLikelihood, impact: RiskImpact): number { - return likelihood * impact -} - -export function getRiskSeverityFromScore(score: number): RiskSeverity { - if (score >= 20) return 'CRITICAL' - if (score >= 12) return 'HIGH' - if (score >= 6) return 'MEDIUM' - return 'LOW' -} - -export function calculateResidualRisk(risk: Risk): number { - const inherentScore = calculateRiskScore(risk.likelihood, risk.impact) - const totalEffectiveness = risk.mitigation - .filter(m => m.status === 'COMPLETED') - .reduce((sum, m) => sum + m.effectiveness, 0) - - const effectivenessMultiplier = Math.min(totalEffectiveness, 100) / 100 - return Math.max(1, Math.round(inherentScore * (1 - effectivenessMultiplier))) -} - -export function getCompletionPercentage(state: SDKState): number { - const totalSteps = SDK_STEPS.length - const completedSteps = state.completedSteps.length - return Math.round((completedSteps / totalSteps) * 100) -} - -export function getPhaseCompletionPercentage(state: SDKState, phase: SDKPhase): number { - const phaseSteps = getStepsForPhase(phase) - const completedPhaseSteps = phaseSteps.filter(s => state.completedSteps.includes(s.id)) - return Math.round((completedPhaseSteps.length / phaseSteps.length) * 100) -} - -// ============================================================================= -// PACKAGE HELPER FUNCTIONS -// ============================================================================= - -export function getPackageById(packageId: SDKPackageId): SDKPackage | undefined { - return SDK_PACKAGES.find(p => p.id === packageId) -} - -export function getStepsForPackage(packageId: SDKPackageId): SDKStep[] { - return SDK_STEPS.filter(s => s.package === packageId).sort((a, b) => a.seq - b.seq) -} - -export function getPackageCompletionPercentage(state: SDKState, packageId: SDKPackageId): number { - const packageSteps = getStepsForPackage(packageId) - if (packageSteps.length === 0) return 0 - const completedPackageSteps = packageSteps.filter(s => state.completedSteps.includes(s.id)) - return Math.round((completedPackageSteps.length / packageSteps.length) * 100) -} - -export function getCurrentPackage(currentStepId: string): SDKPackage | undefined { - const step = getStepById(currentStepId) - if (!step) return undefined - return getPackageById(step.package) -} - -export function getNextPackageStep(currentStepId: string): SDKStep | undefined { - const currentStep = getStepById(currentStepId) - if (!currentStep) return undefined - - const packageSteps = getStepsForPackage(currentStep.package) - const currentIndex = packageSteps.findIndex(s => s.id === currentStepId) - - // Next step in same package - if (currentIndex < packageSteps.length - 1) { - return packageSteps[currentIndex + 1] - } - - // Move to next package - const currentPackage = getPackageById(currentStep.package) - if (!currentPackage) return undefined - - const nextPackage = SDK_PACKAGES.find(p => p.order === currentPackage.order + 1) - if (!nextPackage) return undefined - - const nextPackageSteps = getStepsForPackage(nextPackage.id) - return nextPackageSteps[0] -} - -export function isPackageUnlocked(state: SDKState, packageId: SDKPackageId): boolean { - if (state.preferences?.allowParallelWork) return true - - const currentPackage = getPackageById(packageId) - if (!currentPackage) return false - - // First package is always unlocked - if (currentPackage.order === 1) return true - - // Previous package must be completed - const prevPackage = SDK_PACKAGES.find(p => p.order === currentPackage.order - 1) - if (!prevPackage) return true - - return getPackageCompletionPercentage(state, prevPackage.id) === 100 -} - -/** @deprecated Use getVisibleSteps(state) instead */ -export function getVisibleStepsForCustomerType(customerType: CustomerType): SDKStep[] { - return getAllStepsSorted().filter(step => { - if (step.id === 'import') { - return customerType === 'existing' - } - return true - }) -} - - -// ============================================================================= -// DOCUMENT GENERATOR TYPES (Legal Templates RAG) -// ============================================================================= - -/** - * License types for legal templates with compliance metadata - */ -export type LicenseType = - | 'public_domain' // §5 UrhG German official works - | 'cc0' // CC0 1.0 Universal - | 'unlicense' // Unlicense (public domain) - | 'mit' // MIT License - | 'cc_by_4' // CC BY 4.0 International - | 'reuse_notice' // EU reuse notice (source required) - -/** - * Template types available for document generation - */ -export type TemplateType = - // Legal / Vertragsvorlagen - | 'privacy_policy' - | 'terms_of_service' - | 'agb' - | 'cookie_banner' - | 'cookie_policy' - | 'impressum' - | 'widerruf' - | 'dpa' - | 'sla' - | 'nda' - | 'cloud_service_agreement' - | 'data_usage_clause' - | 'acceptable_use' - | 'community_guidelines' - | 'copyright_policy' - | 'clause' - | 'dsfa' - // Sicherheitskonzepte (Migration 051) - | 'it_security_concept' - | 'data_protection_concept' - | 'backup_recovery_concept' - | 'logging_concept' - | 'incident_response_plan' - | 'access_control_concept' - | 'risk_management_concept' - // CRA Cybersecurity (Migration 056) - | 'cybersecurity_policy' - // IT-Sicherheit Policies (Migration 071) - | 'information_security_policy' - | 'access_control_policy' - | 'password_policy' - | 'encryption_policy' - | 'logging_policy' - | 'backup_policy' - | 'incident_response_policy' - | 'change_management_policy' - | 'patch_management_policy' - | 'asset_management_policy' - | 'cloud_security_policy' - | 'devsecops_policy' - | 'secrets_management_policy' - | 'vulnerability_management_policy' - // Daten-Policies (Migration 072) - | 'data_protection_policy' - | 'data_classification_policy' - | 'data_retention_policy' - | 'data_transfer_policy' - | 'privacy_incident_policy' - // Personal-Policies (Migration 072) - | 'employee_security_policy' - | 'security_awareness_policy' - | 'remote_work_policy' - | 'offboarding_policy' - // Lieferanten-Policies (Migration 072) - | 'vendor_risk_management_policy' - | 'third_party_security_policy' - | 'supplier_security_policy' - // BCM/Notfall (Migration 072) - | 'business_continuity_policy' - | 'disaster_recovery_policy' - | 'crisis_management_policy' - // Modul-Dokumente (Migration 073) - | 'vvt_register' - | 'tom_documentation' - | 'loeschkonzept' - | 'pflichtenregister' - -/** - * Jurisdiction codes for legal documents - */ -export type Jurisdiction = 'DE' | 'AT' | 'CH' | 'EU' | 'US' | 'INTL' - -/** - * A single legal template search result from RAG - */ -export interface LegalTemplateResult { - id: string - score: number - text: string - documentTitle: string | null - templateType: TemplateType | null - clauseCategory: string | null - language: 'de' | 'en' - jurisdiction: Jurisdiction | null - - // License information - licenseId: LicenseType | null - licenseName: string | null - licenseUrl: string | null - attributionRequired: boolean - attributionText: string | null - - // Source information - sourceName: string | null - sourceUrl: string | null - sourceRepo: string | null - placeholders: string[] - - // Document characteristics - isCompleteDocument: boolean - isModular: boolean - requiresCustomization: boolean - - // Usage rights - outputAllowed: boolean - modificationAllowed: boolean - distortionProhibited: boolean -} - -/** - * Reference to a template used in document generation (for attribution) - */ -export interface TemplateReference { - templateId: string - sourceName: string - sourceUrl: string - licenseId: LicenseType - licenseName: string - attributionRequired: boolean - attributionText: string | null - usedAt: string // ISO timestamp -} - -/** - * A generated document with attribution tracking - */ -export interface GeneratedDocument { - id: string - documentType: TemplateType - title: string - content: string - language: 'de' | 'en' - jurisdiction: Jurisdiction - - // Templates and sources used - usedTemplates: TemplateReference[] - - // Generated attribution footer - attributionFooter: string - - // Customization - placeholderValues: Record - customizations: DocumentCustomization[] - - // Metadata - generatedAt: string - generatedBy: string - version: number -} - -/** - * A customization applied to a generated document - */ -export interface DocumentCustomization { - type: 'add_section' | 'modify_section' | 'remove_section' | 'replace_placeholder' - section: string | null - originalText: string | null - newText: string | null - reason: string | null - appliedAt: string -} - -/** - * State for the document generator feature - */ -export interface DocumentGeneratorState { - // Search state - searchQuery: string - searchResults: LegalTemplateResult[] - selectedTemplates: string[] // Template IDs - - // Current document being generated - currentDocumentType: TemplateType | null - currentLanguage: 'de' | 'en' - currentJurisdiction: Jurisdiction - - // Editor state - editorContent: string - editorMode: 'preview' | 'edit' - unsavedChanges: boolean - - // Placeholder values - placeholderValues: Record - - // Generated documents history - generatedDocuments: GeneratedDocument[] - - // UI state - isGenerating: boolean - isSearching: boolean - lastError: string | null -} - -/** - * Search request for legal templates - */ -export interface TemplateSearchRequest { - query: string - templateType?: TemplateType - licenseTypes?: LicenseType[] - language?: 'de' | 'en' - jurisdiction?: Jurisdiction - attributionRequired?: boolean - limit?: number -} - -/** - * Document generation request - */ -export interface DocumentGenerationRequest { - documentType: TemplateType - language: 'de' | 'en' - jurisdiction: Jurisdiction - templateIds: string[] // Selected template IDs to use - placeholderValues: Record - companyProfile?: Partial // For auto-filling placeholders - additionalContext?: string -} - -/** - * Source configuration for legal templates - */ -export interface TemplateSource { - name: string - description: string - licenseType: LicenseType - licenseName: string - templateTypes: TemplateType[] - languages: ('de' | 'en')[] - jurisdiction: Jurisdiction - repoUrl: string | null - webUrl: string | null - priority: number - enabled: boolean - attributionRequired: boolean -} - -/** - * Status of template ingestion - */ -export interface TemplateIngestionStatus { - running: boolean - lastRun: string | null - currentSource: string | null - results: Record -} - -/** - * Result of ingesting a single source - */ -export interface SourceIngestionResult { - status: 'pending' | 'running' | 'completed' | 'failed' - documentsFound: number - chunksIndexed: number - errors: string[] -} - -/** - * Statistics for the legal templates collection - */ -export interface TemplateCollectionStats { - collection: string - vectorsCount: number - pointsCount: number - status: string - templateTypes: Record - languages: Record - licenses: Record -} - -/** - * Default placeholder values commonly used in legal documents - */ -export const DEFAULT_PLACEHOLDERS: Record = { - '[COMPANY_NAME]': '', - '[FIRMENNAME]': '', - '[ADDRESS]': '', - '[ADRESSE]': '', - '[EMAIL]': '', - '[PHONE]': '', - '[TELEFON]': '', - '[WEBSITE]': '', - '[LEGAL_REPRESENTATIVE]': '', - '[GESCHAEFTSFUEHRER]': '', - '[REGISTER_COURT]': '', - '[REGISTERGERICHT]': '', - '[REGISTER_NUMBER]': '', - '[REGISTERNUMMER]': '', - '[VAT_ID]': '', - '[UST_ID]': '', - '[DPO_NAME]': '', - '[DSB_NAME]': '', - '[DPO_EMAIL]': '', - '[DSB_EMAIL]': '', -} - -/** - * Template type labels for display - */ -export const TEMPLATE_TYPE_LABELS: Record = { - // Legal / Vertragsvorlagen - privacy_policy: 'Datenschutzerklärung', - terms_of_service: 'Nutzungsbedingungen', - agb: 'Allgemeine Geschäftsbedingungen', - cookie_banner: 'Cookie-Banner', - cookie_policy: 'Cookie-Richtlinie', - impressum: 'Impressum', - widerruf: 'Widerrufsbelehrung', - dpa: 'Auftragsverarbeitungsvertrag', - sla: 'Service Level Agreement', - nda: 'Geheimhaltungsvereinbarung', - cloud_service_agreement: 'Cloud-Dienstleistungsvertrag', - data_usage_clause: 'Datennutzungsklausel', - acceptable_use: 'Acceptable Use Policy', - community_guidelines: 'Community-Richtlinien', - copyright_policy: 'Urheberrechtsrichtlinie', - clause: 'Vertragsklausel', - dsfa: 'Datenschutz-Folgenabschätzung', - // Sicherheitskonzepte - it_security_concept: 'IT-Sicherheitskonzept', - data_protection_concept: 'Datenschutzkonzept', - backup_recovery_concept: 'Backup- und Recovery-Konzept', - logging_concept: 'Logging-Konzept', - incident_response_plan: 'Incident-Response-Plan', - access_control_concept: 'Zugriffskonzept', - risk_management_concept: 'Risikomanagement-Konzept', - cybersecurity_policy: 'Cybersecurity-Richtlinie (CRA)', - // IT-Sicherheit Policies - information_security_policy: 'Informationssicherheitsrichtlinie', - access_control_policy: 'Zugriffskontrollrichtlinie', - password_policy: 'Passwortrichtlinie', - encryption_policy: 'Verschlüsselungsrichtlinie', - logging_policy: 'Protokollierungsrichtlinie', - backup_policy: 'Datensicherungsrichtlinie', - incident_response_policy: 'Incident-Response-Richtlinie', - change_management_policy: 'Change-Management-Richtlinie', - patch_management_policy: 'Patch-Management-Richtlinie', - asset_management_policy: 'Asset-Management-Richtlinie', - cloud_security_policy: 'Cloud-Security-Richtlinie', - devsecops_policy: 'DevSecOps-Richtlinie', - secrets_management_policy: 'Secrets-Management-Richtlinie', - vulnerability_management_policy: 'Schwachstellenmanagement-Richtlinie', - // Daten-Policies - data_protection_policy: 'Datenschutzrichtlinie', - data_classification_policy: 'Datenklassifizierungsrichtlinie', - data_retention_policy: 'Aufbewahrungsrichtlinie', - data_transfer_policy: 'Datenübermittlungsrichtlinie', - privacy_incident_policy: 'Datenschutzvorfall-Richtlinie', - // Personal-Policies - employee_security_policy: 'Mitarbeiter-Sicherheitsrichtlinie', - security_awareness_policy: 'Security-Awareness-Richtlinie', - remote_work_policy: 'Remote-Work-Richtlinie', - offboarding_policy: 'Offboarding-Richtlinie', - // Lieferanten-Policies - vendor_risk_management_policy: 'Lieferanten-Risikomanagement', - third_party_security_policy: 'Drittanbieter-Sicherheitsrichtlinie', - supplier_security_policy: 'Lieferanten-Sicherheitsanforderungen', - // BCM/Notfall - business_continuity_policy: 'Business-Continuity-Richtlinie', - disaster_recovery_policy: 'Disaster-Recovery-Richtlinie', - crisis_management_policy: 'Krisenmanagement-Richtlinie', - // Modul-Dokumente - vvt_register: 'Verarbeitungsverzeichnis (Art. 30)', - tom_documentation: 'TOM-Dokumentation (Art. 32)', - loeschkonzept: 'Löschkonzept (Art. 5/17)', - pflichtenregister: 'Pflichtenregister', -} - -/** - * License type labels for display - */ -export const LICENSE_TYPE_LABELS: Record = { - public_domain: 'Public Domain (§5 UrhG)', - cc0: 'CC0 1.0 Universal', - unlicense: 'Unlicense', - mit: 'MIT License', - cc_by_4: 'CC BY 4.0 International', - reuse_notice: 'EU Reuse Notice', -} - -/** - * Jurisdiction labels for display - */ -export const JURISDICTION_LABELS: Record = { - DE: 'Deutschland', - AT: 'Österreich', - CH: 'Schweiz', - EU: 'Europäische Union', - US: 'United States', - INTL: 'International', -} - -// ============================================================================= -// DSFA RAG TYPES (Source Attribution & Corpus Management) -// ============================================================================= - -/** - * License codes for DSFA source documents - */ -export type DSFALicenseCode = - | 'DL-DE-BY-2.0' // Datenlizenz Deutschland – Namensnennung - | 'DL-DE-ZERO-2.0' // Datenlizenz Deutschland – Zero - | 'CC-BY-4.0' // Creative Commons Attribution 4.0 - | 'EDPB-LICENSE' // EDPB Document License - | 'PUBLIC_DOMAIN' // Public Domain - | 'PROPRIETARY' // Internal/Proprietary - -/** - * Document types in the DSFA corpus - */ -export type DSFADocumentType = 'guideline' | 'checklist' | 'regulation' | 'template' - -/** - * Category for DSFA chunks (for filtering) - */ -export type DSFACategory = - | 'threshold_analysis' - | 'risk_assessment' - | 'mitigation' - | 'consultation' - | 'documentation' - | 'process' - | 'criteria' - -/** - * DSFA source registry entry - */ -export interface DSFASource { - id: string - sourceCode: string - name: string - fullName?: string - organization?: string - sourceUrl?: string - eurLexCelex?: string - licenseCode: DSFALicenseCode - licenseName: string - licenseUrl?: string - attributionRequired: boolean - attributionText: string - documentType?: DSFADocumentType - language: string -} - -/** - * DSFA document entry - */ -export interface DSFADocument { - id: string - sourceId: string - title: string - description?: string - fileName?: string - fileType?: string - fileSizeBytes?: number - minioBucket: string - minioPath?: string - originalUrl?: string - ocrProcessed: boolean - textExtracted: boolean - chunksGenerated: number - lastIndexedAt?: string - metadata: Record - createdAt: string - updatedAt: string -} - -/** - * DSFA chunk with full attribution - */ -export interface DSFAChunk { - chunkId: string - content: string - sectionTitle?: string - pageNumber?: number - category?: DSFACategory - documentId: string - documentTitle?: string - sourceId: string - sourceCode: string - sourceName: string - attributionText: string - licenseCode: DSFALicenseCode - licenseName: string - licenseUrl?: string - attributionRequired: boolean - sourceUrl?: string - documentType?: DSFADocumentType -} - -/** - * DSFA search result with score and attribution - */ -export interface DSFASearchResult { - chunkId: string - content: string - score: number - sourceCode: string - sourceName: string - attributionText: string - licenseCode: DSFALicenseCode - licenseName: string - licenseUrl?: string - attributionRequired: boolean - sourceUrl?: string - documentType?: DSFADocumentType - category?: DSFACategory - sectionTitle?: string - pageNumber?: number -} - -/** - * DSFA search response with aggregated attribution - */ -export interface DSFASearchResponse { - query: string - results: DSFASearchResult[] - totalResults: number - licensesUsed: string[] - attributionNotice: string -} - -/** - * Source statistics for dashboard - */ -export interface DSFASourceStats { - sourceId: string - sourceCode: string - name: string - organization?: string - licenseCode: DSFALicenseCode - documentType?: DSFADocumentType - documentCount: number - chunkCount: number - lastIndexedAt?: string -} - -/** - * Corpus statistics for dashboard - */ -export interface DSFACorpusStats { - sources: DSFASourceStats[] - totalSources: number - totalDocuments: number - totalChunks: number - qdrantCollection: string - qdrantPointsCount: number - qdrantStatus: string -} - -/** - * License information - */ -export interface DSFALicenseInfo { - code: DSFALicenseCode - name: string - url?: string - attributionRequired: boolean - modificationAllowed: boolean - commercialUse: boolean -} - -/** - * Ingestion request for DSFA documents - */ -export interface DSFAIngestRequest { - documentUrl?: string - documentText?: string - title?: string -} - -/** - * Ingestion response - */ -export interface DSFAIngestResponse { - sourceCode: string - documentId?: string - chunksCreated: number - message: string -} - -/** - * Props for SourceAttribution component - */ -export interface SourceAttributionProps { - sources: Array<{ - sourceCode: string - sourceName: string - attributionText: string - licenseCode: DSFALicenseCode - sourceUrl?: string - score?: number - }> - compact?: boolean - showScores?: boolean -} - -/** - * License code display labels - */ -export const DSFA_LICENSE_LABELS: Record = { - 'DL-DE-BY-2.0': 'Datenlizenz DE – Namensnennung 2.0', - 'DL-DE-ZERO-2.0': 'Datenlizenz DE – Zero 2.0', - 'CC-BY-4.0': 'CC BY 4.0 International', - 'EDPB-LICENSE': 'EDPB Document License', - 'PUBLIC_DOMAIN': 'Public Domain', - 'PROPRIETARY': 'Proprietary', -} - -/** - * Document type display labels - */ -export const DSFA_DOCUMENT_TYPE_LABELS: Record = { - guideline: 'Leitlinie', - checklist: 'Prüfliste', - regulation: 'Verordnung', - template: 'Vorlage', -} - -/** - * Category display labels - */ -export const DSFA_CATEGORY_LABELS: Record = { - threshold_analysis: 'Schwellwertanalyse', - risk_assessment: 'Risikobewertung', - mitigation: 'Risikominderung', - consultation: 'Behördenkonsultation', - documentation: 'Dokumentation', - process: 'Prozessschritte', - criteria: 'Kriterien', -} - -// ============================================================================= -// COMPLIANCE WIKI -// ============================================================================= - -export interface WikiCategory { - id: string - name: string - description: string - icon: string - sortOrder: number - articleCount: number -} - -export interface WikiArticle { - id: string - categoryId: string - categoryName: string - title: string - summary: string - content: string - legalRefs: string[] - tags: string[] - relevance: 'critical' | 'important' | 'info' - sourceUrls: string[] - version: number - updatedAt: string -} - -export interface WikiSearchResult { - id: string - title: string - summary: string - categoryName: string - relevance: string - highlight: string -} +export * from './types/index' diff --git a/admin-compliance/lib/sdk/types/document-generator.ts b/admin-compliance/lib/sdk/types/document-generator.ts index c4ede5b..ac86239 100644 --- a/admin-compliance/lib/sdk/types/document-generator.ts +++ b/admin-compliance/lib/sdk/types/document-generator.ts @@ -18,6 +18,7 @@ export type LicenseType = | 'reuse_notice' export type TemplateType = + // Legal / Vertragsvorlagen | 'privacy_policy' | 'terms_of_service' | 'agb' @@ -35,6 +36,55 @@ export type TemplateType = | 'copyright_policy' | 'clause' | 'dsfa' + // Sicherheitskonzepte (Migration 051) + | 'it_security_concept' + | 'data_protection_concept' + | 'backup_recovery_concept' + | 'logging_concept' + | 'incident_response_plan' + | 'access_control_concept' + | 'risk_management_concept' + // CRA Cybersecurity (Migration 056) + | 'cybersecurity_policy' + // IT-Sicherheit Policies (Migration 071) + | 'information_security_policy' + | 'access_control_policy' + | 'password_policy' + | 'encryption_policy' + | 'logging_policy' + | 'backup_policy' + | 'incident_response_policy' + | 'change_management_policy' + | 'patch_management_policy' + | 'asset_management_policy' + | 'cloud_security_policy' + | 'devsecops_policy' + | 'secrets_management_policy' + | 'vulnerability_management_policy' + // Daten-Policies (Migration 072) + | 'data_protection_policy' + | 'data_classification_policy' + | 'data_retention_policy' + | 'data_transfer_policy' + | 'privacy_incident_policy' + // Personal-Policies (Migration 072) + | 'employee_security_policy' + | 'security_awareness_policy' + | 'remote_work_policy' + | 'offboarding_policy' + // Lieferanten-Policies (Migration 072) + | 'vendor_risk_management_policy' + | 'third_party_security_policy' + | 'supplier_security_policy' + // BCM/Notfall (Migration 072) + | 'business_continuity_policy' + | 'disaster_recovery_policy' + | 'crisis_management_policy' + // Modul-Dokumente (Migration 073) + | 'vvt_register' + | 'tom_documentation' + | 'loeschkonzept' + | 'pflichtenregister' export type Jurisdiction = 'DE' | 'AT' | 'CH' | 'EU' | 'US' | 'INTL' @@ -204,6 +254,7 @@ export const DEFAULT_PLACEHOLDERS: Record = { } export const TEMPLATE_TYPE_LABELS: Record = { + // Legal / Vertragsvorlagen privacy_policy: 'Datenschutzerkl\u00e4rung', terms_of_service: 'Nutzungsbedingungen', agb: 'Allgemeine Gesch\u00e4ftsbedingungen', @@ -221,6 +272,54 @@ export const TEMPLATE_TYPE_LABELS: Record = { copyright_policy: 'Urheberrechtsrichtlinie', clause: 'Vertragsklausel', dsfa: 'Datenschutz-Folgenabsch\u00e4tzung', + // Sicherheitskonzepte + it_security_concept: 'IT-Sicherheitskonzept', + data_protection_concept: 'Datenschutzkonzept', + backup_recovery_concept: 'Backup- und Recovery-Konzept', + logging_concept: 'Logging-Konzept', + incident_response_plan: 'Incident-Response-Plan', + access_control_concept: 'Zugriffskonzept', + risk_management_concept: 'Risikomanagement-Konzept', + cybersecurity_policy: 'Cybersecurity-Richtlinie (CRA)', + // IT-Sicherheit Policies + information_security_policy: 'Informationssicherheitsrichtlinie', + access_control_policy: 'Zugriffskontrollrichtlinie', + password_policy: 'Passwortrichtlinie', + encryption_policy: 'Verschl\u00fcsselungsrichtlinie', + logging_policy: 'Protokollierungsrichtlinie', + backup_policy: 'Datensicherungsrichtlinie', + incident_response_policy: 'Incident-Response-Richtlinie', + change_management_policy: 'Change-Management-Richtlinie', + patch_management_policy: 'Patch-Management-Richtlinie', + asset_management_policy: 'Asset-Management-Richtlinie', + cloud_security_policy: 'Cloud-Security-Richtlinie', + devsecops_policy: 'DevSecOps-Richtlinie', + secrets_management_policy: 'Secrets-Management-Richtlinie', + vulnerability_management_policy: 'Schwachstellenmanagement-Richtlinie', + // Daten-Policies + data_protection_policy: 'Datenschutzrichtlinie', + data_classification_policy: 'Datenklassifizierungsrichtlinie', + data_retention_policy: 'Aufbewahrungsrichtlinie', + data_transfer_policy: 'Daten\u00fcbermittlungsrichtlinie', + privacy_incident_policy: 'Datenschutzvorfall-Richtlinie', + // Personal-Policies + employee_security_policy: 'Mitarbeiter-Sicherheitsrichtlinie', + security_awareness_policy: 'Security-Awareness-Richtlinie', + remote_work_policy: 'Remote-Work-Richtlinie', + offboarding_policy: 'Offboarding-Richtlinie', + // Lieferanten-Policies + vendor_risk_management_policy: 'Lieferanten-Risikomanagement', + third_party_security_policy: 'Drittanbieter-Sicherheitsrichtlinie', + supplier_security_policy: 'Lieferanten-Sicherheitsanforderungen', + // BCM/Notfall + business_continuity_policy: 'Business-Continuity-Richtlinie', + disaster_recovery_policy: 'Disaster-Recovery-Richtlinie', + crisis_management_policy: 'Krisenmanagement-Richtlinie', + // Modul-Dokumente + vvt_register: 'Verarbeitungsverzeichnis (Art. 30)', + tom_documentation: 'TOM-Dokumentation (Art. 32)', + loeschkonzept: 'L\u00f6schkonzept (Art. 5/17)', + pflichtenregister: 'Pflichtenregister', } export const LICENSE_TYPE_LABELS: Record = { @@ -241,228 +340,3 @@ export const JURISDICTION_LABELS: Record = { INTL: 'International', } -// ============================================================================= -// DSFA RAG TYPES (Source Attribution & Corpus Management) -// ============================================================================= - -export type DSFALicenseCode = - | 'DL-DE-BY-2.0' - | 'DL-DE-ZERO-2.0' - | 'CC-BY-4.0' - | 'EDPB-LICENSE' - | 'PUBLIC_DOMAIN' - | 'PROPRIETARY' - -export type DSFADocumentType = 'guideline' | 'checklist' | 'regulation' | 'template' - -export type DSFACategory = - | 'threshold_analysis' - | 'risk_assessment' - | 'mitigation' - | 'consultation' - | 'documentation' - | 'process' - | 'criteria' - -export interface DSFASource { - id: string - sourceCode: string - name: string - fullName?: string - organization?: string - sourceUrl?: string - eurLexCelex?: string - licenseCode: DSFALicenseCode - licenseName: string - licenseUrl?: string - attributionRequired: boolean - attributionText: string - documentType?: DSFADocumentType - language: string -} - -export interface DSFADocument { - id: string - sourceId: string - title: string - description?: string - fileName?: string - fileType?: string - fileSizeBytes?: number - minioBucket: string - minioPath?: string - originalUrl?: string - ocrProcessed: boolean - textExtracted: boolean - chunksGenerated: number - lastIndexedAt?: string - metadata: Record - createdAt: string - updatedAt: string -} - -export interface DSFAChunk { - chunkId: string - content: string - sectionTitle?: string - pageNumber?: number - category?: DSFACategory - documentId: string - documentTitle?: string - sourceId: string - sourceCode: string - sourceName: string - attributionText: string - licenseCode: DSFALicenseCode - licenseName: string - licenseUrl?: string - attributionRequired: boolean - sourceUrl?: string - documentType?: DSFADocumentType -} - -export interface DSFASearchResult { - chunkId: string - content: string - score: number - sourceCode: string - sourceName: string - attributionText: string - licenseCode: DSFALicenseCode - licenseName: string - licenseUrl?: string - attributionRequired: boolean - sourceUrl?: string - documentType?: DSFADocumentType - category?: DSFACategory - sectionTitle?: string - pageNumber?: number -} - -export interface DSFASearchResponse { - query: string - results: DSFASearchResult[] - totalResults: number - licensesUsed: string[] - attributionNotice: string -} - -export interface DSFASourceStats { - sourceId: string - sourceCode: string - name: string - organization?: string - licenseCode: DSFALicenseCode - documentType?: DSFADocumentType - documentCount: number - chunkCount: number - lastIndexedAt?: string -} - -export interface DSFACorpusStats { - sources: DSFASourceStats[] - totalSources: number - totalDocuments: number - totalChunks: number - qdrantCollection: string - qdrantPointsCount: number - qdrantStatus: string -} - -export interface DSFALicenseInfo { - code: DSFALicenseCode - name: string - url?: string - attributionRequired: boolean - modificationAllowed: boolean - commercialUse: boolean -} - -export interface DSFAIngestRequest { - documentUrl?: string - documentText?: string - title?: string -} - -export interface DSFAIngestResponse { - sourceCode: string - documentId?: string - chunksCreated: number - message: string -} - -export interface SourceAttributionProps { - sources: Array<{ - sourceCode: string - sourceName: string - attributionText: string - licenseCode: DSFALicenseCode - sourceUrl?: string - score?: number - }> - compact?: boolean - showScores?: boolean -} - -export const DSFA_LICENSE_LABELS: Record = { - 'DL-DE-BY-2.0': 'Datenlizenz DE \u2013 Namensnennung 2.0', - 'DL-DE-ZERO-2.0': 'Datenlizenz DE \u2013 Zero 2.0', - 'CC-BY-4.0': 'CC BY 4.0 International', - 'EDPB-LICENSE': 'EDPB Document License', - 'PUBLIC_DOMAIN': 'Public Domain', - 'PROPRIETARY': 'Proprietary', -} - -export const DSFA_DOCUMENT_TYPE_LABELS: Record = { - guideline: 'Leitlinie', - checklist: 'Pr\u00fcfliste', - regulation: 'Verordnung', - template: 'Vorlage', -} - -export const DSFA_CATEGORY_LABELS: Record = { - threshold_analysis: 'Schwellwertanalyse', - risk_assessment: 'Risikobewertung', - mitigation: 'Risikominderung', - consultation: 'Beh\u00f6rdenkonsultation', - documentation: 'Dokumentation', - process: 'Prozessschritte', - criteria: 'Kriterien', -} - -// ============================================================================= -// COMPLIANCE WIKI -// ============================================================================= - -export interface WikiCategory { - id: string - name: string - description: string - icon: string - sortOrder: number - articleCount: number -} - -export interface WikiArticle { - id: string - categoryId: string - categoryName: string - title: string - summary: string - content: string - legalRefs: string[] - tags: string[] - relevance: 'critical' | 'important' | 'info' - sourceUrls: string[] - version: number - updatedAt: string -} - -export interface WikiSearchResult { - id: string - title: string - summary: string - categoryName: string - relevance: string - highlight: string -} diff --git a/admin-compliance/lib/sdk/types/dsfa-rag.ts b/admin-compliance/lib/sdk/types/dsfa-rag.ts new file mode 100644 index 0000000..8888ff6 --- /dev/null +++ b/admin-compliance/lib/sdk/types/dsfa-rag.ts @@ -0,0 +1,189 @@ +/** + * DSFA RAG types — source attribution and corpus management for the + * Datenschutz-Folgenabschätzung RAG pipeline. + */ + +export type DSFALicenseCode = + | 'DL-DE-BY-2.0' + | 'DL-DE-ZERO-2.0' + | 'CC-BY-4.0' + | 'EDPB-LICENSE' + | 'PUBLIC_DOMAIN' + | 'PROPRIETARY' + +export type DSFADocumentType = 'guideline' | 'checklist' | 'regulation' | 'template' + +export type DSFACategory = + | 'threshold_analysis' + | 'risk_assessment' + | 'mitigation' + | 'consultation' + | 'documentation' + | 'process' + | 'criteria' + +export interface DSFASource { + id: string + sourceCode: string + name: string + fullName?: string + organization?: string + sourceUrl?: string + eurLexCelex?: string + licenseCode: DSFALicenseCode + licenseName: string + licenseUrl?: string + attributionRequired: boolean + attributionText: string + documentType?: DSFADocumentType + language: string +} + +export interface DSFADocument { + id: string + sourceId: string + title: string + description?: string + fileName?: string + fileType?: string + fileSizeBytes?: number + minioBucket: string + minioPath?: string + originalUrl?: string + ocrProcessed: boolean + textExtracted: boolean + chunksGenerated: number + lastIndexedAt?: string + metadata: Record + createdAt: string + updatedAt: string +} + +export interface DSFAChunk { + chunkId: string + content: string + sectionTitle?: string + pageNumber?: number + category?: DSFACategory + documentId: string + documentTitle?: string + sourceId: string + sourceCode: string + sourceName: string + attributionText: string + licenseCode: DSFALicenseCode + licenseName: string + licenseUrl?: string + attributionRequired: boolean + sourceUrl?: string + documentType?: DSFADocumentType +} + +export interface DSFASearchResult { + chunkId: string + content: string + score: number + sourceCode: string + sourceName: string + attributionText: string + licenseCode: DSFALicenseCode + licenseName: string + licenseUrl?: string + attributionRequired: boolean + sourceUrl?: string + documentType?: DSFADocumentType + category?: DSFACategory + sectionTitle?: string + pageNumber?: number +} + +export interface DSFASearchResponse { + query: string + results: DSFASearchResult[] + totalResults: number + licensesUsed: string[] + attributionNotice: string +} + +export interface DSFASourceStats { + sourceId: string + sourceCode: string + name: string + organization?: string + licenseCode: DSFALicenseCode + documentType?: DSFADocumentType + documentCount: number + chunkCount: number + lastIndexedAt?: string +} + +export interface DSFACorpusStats { + sources: DSFASourceStats[] + totalSources: number + totalDocuments: number + totalChunks: number + qdrantCollection: string + qdrantPointsCount: number + qdrantStatus: string +} + +export interface DSFALicenseInfo { + code: DSFALicenseCode + name: string + url?: string + attributionRequired: boolean + modificationAllowed: boolean + commercialUse: boolean +} + +export interface DSFAIngestRequest { + documentUrl?: string + documentText?: string + title?: string +} + +export interface DSFAIngestResponse { + sourceCode: string + documentId?: string + chunksCreated: number + message: string +} + +export interface SourceAttributionProps { + sources: Array<{ + sourceCode: string + sourceName: string + attributionText: string + licenseCode: DSFALicenseCode + sourceUrl?: string + score?: number + }> + compact?: boolean + showScores?: boolean +} + +export const DSFA_LICENSE_LABELS: Record = { + 'DL-DE-BY-2.0': 'Datenlizenz DE \u2013 Namensnennung 2.0', + 'DL-DE-ZERO-2.0': 'Datenlizenz DE \u2013 Zero 2.0', + 'CC-BY-4.0': 'CC BY 4.0 International', + 'EDPB-LICENSE': 'EDPB Document License', + 'PUBLIC_DOMAIN': 'Public Domain', + 'PROPRIETARY': 'Proprietary', +} + +export const DSFA_DOCUMENT_TYPE_LABELS: Record = { + guideline: 'Leitlinie', + checklist: 'Pr\u00fcfliste', + regulation: 'Verordnung', + template: 'Vorlage', +} + +export const DSFA_CATEGORY_LABELS: Record = { + threshold_analysis: 'Schwellwertanalyse', + risk_assessment: 'Risikobewertung', + mitigation: 'Risikominderung', + consultation: 'Beh\u00f6rdenkonsultation', + documentation: 'Dokumentation', + process: 'Prozessschritte', + criteria: 'Kriterien', +} diff --git a/admin-compliance/lib/sdk/types/helpers.ts b/admin-compliance/lib/sdk/types/helpers.ts index dba61c6..f5180d1 100644 --- a/admin-compliance/lib/sdk/types/helpers.ts +++ b/admin-compliance/lib/sdk/types/helpers.ts @@ -3,12 +3,10 @@ */ import type { SDKPhase, SDKPackageId, CustomerType, RiskLikelihood, RiskImpact, RiskSeverity } from './enums' -import type { SDKStep, SDKPackage, SDK_PACKAGES } from './sdk-flow' -import type { SDK_STEPS } from './sdk-steps' +import type { SDKStep, SDKPackage } from './sdk-flow' import type { SDKState } from './sdk-state' import type { Risk } from './compliance' -// Re-import values (not just types) for runtime use import { SDK_PACKAGES as _SDK_PACKAGES } from './sdk-flow' import { SDK_STEPS as _SDK_STEPS } from './sdk-steps' diff --git a/admin-compliance/lib/sdk/types/index.ts b/admin-compliance/lib/sdk/types/index.ts index 2e7ba5d..827be7f 100644 --- a/admin-compliance/lib/sdk/types/index.ts +++ b/admin-compliance/lib/sdk/types/index.ts @@ -16,3 +16,5 @@ export * from './sdk-state' export * from './iace' export * from './helpers' export * from './document-generator' +export * from './dsfa-rag' +export * from './wiki' diff --git a/admin-compliance/lib/sdk/types/sdk-steps.ts b/admin-compliance/lib/sdk/types/sdk-steps.ts index 5a1d456..3217c2e 100644 --- a/admin-compliance/lib/sdk/types/sdk-steps.ts +++ b/admin-compliance/lib/sdk/types/sdk-steps.ts @@ -221,7 +221,7 @@ export const SDK_STEPS: SDKStep[] = [ const level = state.complianceScope?.decision?.determinedLevel if (level && ['L2', 'L3', 'L4'].includes(level)) return true const triggers = state.complianceScope?.decision?.triggeredHardTriggers || [] - return triggers.some(t => t.rule.dsfaRequired) + return triggers.some(t => t.requiresDSFA) }, }, { diff --git a/admin-compliance/lib/sdk/types/wiki.ts b/admin-compliance/lib/sdk/types/wiki.ts new file mode 100644 index 0000000..6ef350e --- /dev/null +++ b/admin-compliance/lib/sdk/types/wiki.ts @@ -0,0 +1,36 @@ +/** + * Compliance Wiki types. + */ + +export interface WikiCategory { + id: string + name: string + description: string + icon: string + sortOrder: number + articleCount: number +} + +export interface WikiArticle { + id: string + categoryId: string + categoryName: string + title: string + summary: string + content: string + legalRefs: string[] + tags: string[] + relevance: 'critical' | 'important' | 'info' + sourceUrls: string[] + version: number + updatedAt: string +} + +export interface WikiSearchResult { + id: string + title: string + summary: string + categoryName: string + relevance: string + highlight: string +} diff --git a/admin-compliance/lib/sdk/vendor-compliance/types.ts b/admin-compliance/lib/sdk/vendor-compliance/types.ts index 9e4b9b8..9530040 100644 --- a/admin-compliance/lib/sdk/vendor-compliance/types.ts +++ b/admin-compliance/lib/sdk/vendor-compliance/types.ts @@ -1,1190 +1,8 @@ /** * Vendor & Contract Compliance Module (VVT/RoPA) * - * Types and interfaces for: - * - VVT (Verarbeitungsverzeichnis) - Art. 30 DSGVO Controller-Perspektive - * - RoPA (Records of Processing Activities) - Processor-Perspektive - * - Vendor Register - Lieferanten-/Auftragsverarbeiter-Verwaltung - * - Contract Reviewer - LLM-gestuetzte Vertragspruefung mit Citations - * - Risk & Controls - Risikobewertung und Massnahmenmanagement - * - Audit Reports - Automatisierte Berichtsgenerierung + * Barrel re-export — all domain types live in ./types/*.ts. + * Existing imports of `@/lib/sdk/vendor-compliance/types` continue to work unchanged. */ -// ========================================== -// LOCALIZED TEXT -// ========================================== - -export interface LocalizedText { - de: string - en: string -} - -// ========================================== -// COMMON TYPES -// ========================================== - -export interface Address { - street: string - city: string - postalCode: string - country: string // ISO 3166-1 alpha-2 - state?: string -} - -export interface Contact { - name: string - email: string - phone?: string - department?: string - role?: string -} - -export interface ResponsibleParty { - organizationName: string - legalForm?: string - address: Address - contact: Contact -} - -// ========================================== -// ORGANISATION / TENANT -// ========================================== - -export interface Organization { - id: string - name: string - legalForm: string // GmbH, AG, e.V., etc. - address: Address - country: string // ISO 3166-1 alpha-2 - vatId?: string - dpoContact: Contact // Datenschutzbeauftragter - createdAt: Date - updatedAt: Date -} - -// ========================================== -// ENUMS - VVT / PROCESSING ACTIVITIES -// ========================================== - -export type ProcessingActivityStatus = 'DRAFT' | 'REVIEW' | 'APPROVED' | 'ARCHIVED' - -export type ProtectionLevel = 'LOW' | 'MEDIUM' | 'HIGH' - -export type DataSubjectCategory = - | 'EMPLOYEES' // Beschaeftigte - | 'APPLICANTS' // Bewerber - | 'CUSTOMERS' // Kunden - | 'PROSPECTIVE_CUSTOMERS' // Interessenten - | 'SUPPLIERS' // Lieferanten - | 'BUSINESS_PARTNERS' // Geschaeftspartner - | 'VISITORS' // Besucher - | 'WEBSITE_USERS' // Website-Nutzer - | 'APP_USERS' // App-Nutzer - | 'NEWSLETTER_SUBSCRIBERS' // Newsletter-Abonnenten - | 'MEMBERS' // Mitglieder - | 'PATIENTS' // Patienten - | 'STUDENTS' // Schueler/Studenten - | 'MINORS' // Minderjaehrige - | 'OTHER' - -export type PersonalDataCategory = - | 'NAME' // Name - | 'CONTACT' // Kontaktdaten - | 'ADDRESS' // Adressdaten - | 'DOB' // Geburtsdatum - | 'ID_NUMBER' // Ausweisnummern - | 'SOCIAL_SECURITY' // Sozialversicherungsnummer - | 'TAX_ID' // Steuer-ID - | 'BANK_ACCOUNT' // Bankverbindung - | 'PAYMENT_DATA' // Zahlungsdaten - | 'EMPLOYMENT_DATA' // Beschaeftigungsdaten - | 'SALARY_DATA' // Gehaltsdaten - | 'EDUCATION_DATA' // Bildungsdaten - | 'PHOTO_VIDEO' // Fotos/Videos - | 'IP_ADDRESS' // IP-Adressen - | 'DEVICE_ID' // Geraete-Kennungen - | 'LOCATION_DATA' // Standortdaten - | 'USAGE_DATA' // Nutzungsdaten - | 'COMMUNICATION_DATA' // Kommunikationsdaten - | 'CONTRACT_DATA' // Vertragsdaten - | 'LOGIN_DATA' // Login-Daten - // Besondere Kategorien Art. 9 DSGVO - | 'HEALTH_DATA' // Gesundheitsdaten - | 'GENETIC_DATA' // Genetische Daten - | 'BIOMETRIC_DATA' // Biometrische Daten - | 'RACIAL_ETHNIC' // Rassische/Ethnische Herkunft - | 'POLITICAL_OPINIONS' // Politische Meinungen - | 'RELIGIOUS_BELIEFS' // Religiose Ueberzeugungen - | 'TRADE_UNION' // Gewerkschaftszugehoerigkeit - | 'SEX_LIFE' // Sexualleben/Orientierung - // Art. 10 DSGVO - | 'CRIMINAL_DATA' // Strafrechtliche Daten - | 'OTHER' - -export type RecipientCategoryType = - | 'INTERNAL' // Interne Stellen - | 'GROUP_COMPANY' // Konzernunternehmen - | 'PROCESSOR' // Auftragsverarbeiter - | 'CONTROLLER' // Verantwortlicher - | 'AUTHORITY' // Behoerden - | 'OTHER' - -export type LegalBasisType = - // Art. 6 Abs. 1 DSGVO - | 'CONSENT' // lit. a - Einwilligung - | 'CONTRACT' // lit. b - Vertragsdurchfuehrung - | 'LEGAL_OBLIGATION' // lit. c - Rechtliche Verpflichtung - | 'VITAL_INTEREST' // lit. d - Lebenswichtige Interessen - | 'PUBLIC_TASK' // lit. e - Oeffentliche Aufgabe - | 'LEGITIMATE_INTEREST' // lit. f - Berechtigtes Interesse - // Art. 9 Abs. 2 DSGVO (besondere Kategorien) - | 'ART9_CONSENT' // lit. a - Ausdrueckliche Einwilligung - | 'ART9_EMPLOYMENT' // lit. b - Arbeitsrecht - | 'ART9_VITAL_INTEREST' // lit. c - Lebenswichtige Interessen - | 'ART9_FOUNDATION' // lit. d - Stiftung/Verein - | 'ART9_PUBLIC' // lit. e - Offenkundig oeffentlich - | 'ART9_LEGAL_CLAIMS' // lit. f - Rechtsansprueche - | 'ART9_PUBLIC_INTEREST'// lit. g - Oeffentliches Interesse - | 'ART9_HEALTH' // lit. h - Gesundheitsversorgung - | 'ART9_PUBLIC_HEALTH' // lit. i - Oeffentliche Gesundheit - | 'ART9_ARCHIVING' // lit. j - Archivzwecke - -export type TransferMechanismType = - | 'ADEQUACY_DECISION' // Angemessenheitsbeschluss - | 'SCC_CONTROLLER' // SCC Controller-to-Controller - | 'SCC_PROCESSOR' // SCC Controller-to-Processor - | 'BCR' // Binding Corporate Rules - | 'DEROGATION_CONSENT' // Ausdrueckliche Einwilligung - | 'DEROGATION_CONTRACT' // Vertragserfuellung - | 'DEROGATION_LEGAL' // Rechtsansprueche - | 'DEROGATION_PUBLIC' // Oeffentliches Interesse - | 'CERTIFICATION' // Zertifizierung - | 'CODE_OF_CONDUCT' // Verhaltensregeln - -export type DataSourceType = - | 'DATA_SUBJECT' // Betroffene Person selbst - | 'THIRD_PARTY' // Dritte - | 'PUBLIC_SOURCE' // Oeffentliche Quellen - | 'AUTOMATED' // Automatisiert generiert - | 'EMPLOYEE' // Mitarbeiter - | 'OTHER' - -// ========================================== -// ENUMS - VENDOR -// ========================================== - -export type VendorRole = - | 'PROCESSOR' // Auftragsverarbeiter - | 'JOINT_CONTROLLER' // Gemeinsam Verantwortlicher - | 'CONTROLLER' // Eigenstaendiger Verantwortlicher - | 'SUB_PROCESSOR' // Unterauftragnehmer - | 'THIRD_PARTY' // Dritter (kein Datenzugriff) - -export type ServiceCategory = - | 'HOSTING' - | 'CLOUD_INFRASTRUCTURE' - | 'ANALYTICS' - | 'CRM' - | 'ERP' - | 'HR_SOFTWARE' - | 'PAYMENT' - | 'EMAIL' - | 'MARKETING' - | 'SUPPORT' - | 'SECURITY' - | 'INTEGRATION' - | 'CONSULTING' - | 'LEGAL' - | 'ACCOUNTING' - | 'COMMUNICATION' - | 'STORAGE' - | 'BACKUP' - | 'CDN' - | 'OTHER' - -export type DataAccessLevel = - | 'NONE' // Kein Datenzugriff - | 'POTENTIAL' // Potenzieller Zugriff (z.B. Admin) - | 'ADMINISTRATIVE' // Administrativer Zugriff - | 'CONTENT' // Inhaltlicher Zugriff - -export type VendorStatus = - | 'ACTIVE' - | 'INACTIVE' - | 'PENDING_REVIEW' - | 'TERMINATED' - -export type ReviewFrequency = - | 'QUARTERLY' - | 'SEMI_ANNUAL' - | 'ANNUAL' - | 'BIENNIAL' - -// ========================================== -// ENUMS - CONTRACT -// ========================================== - -export type DocumentType = - | 'AVV' // Auftragsverarbeitungsvertrag - | 'MSA' // Master Service Agreement - | 'SLA' // Service Level Agreement - | 'SCC' // Standard Contractual Clauses - | 'NDA' // Non-Disclosure Agreement - | 'TOM_ANNEX' // TOM-Anlage - | 'CERTIFICATION' // Zertifikat - | 'SUB_PROCESSOR_LIST' // Unterauftragsverarbeiter-Liste - | 'OTHER' - -export type ContractReviewStatus = - | 'PENDING' - | 'IN_PROGRESS' - | 'COMPLETED' - | 'FAILED' - -export type ContractStatus = - | 'DRAFT' - | 'SIGNED' - | 'ACTIVE' - | 'EXPIRED' - | 'TERMINATED' - -// ========================================== -// ENUMS - FINDINGS -// ========================================== - -export type FindingType = - | 'OK' // Anforderung erfuellt - | 'GAP' // Luecke/fehlend - | 'RISK' // Risiko identifiziert - | 'UNKNOWN' // Nicht eindeutig - -export type FindingCategory = - | 'AVV_CONTENT' // Art. 28 Abs. 3 Mindestinhalte - | 'SUBPROCESSOR' // Unterauftragnehmer-Regelung - | 'INCIDENT' // Incident-Meldepflichten - | 'AUDIT_RIGHTS' // Audit-/Inspektionsrechte - | 'DELETION' // Loeschung/Rueckgabe - | 'TOM' // Technische/Org. Massnahmen - | 'TRANSFER' // Drittlandtransfer - | 'LIABILITY' // Haftung/Indemnity - | 'SLA' // Verfuegbarkeit - | 'DATA_SUBJECT_RIGHTS' // Betroffenenrechte - | 'CONFIDENTIALITY' // Vertraulichkeit - | 'INSTRUCTION' // Weisungsgebundenheit - | 'TERMINATION' // Vertragsbeendigung - | 'GENERAL' // Allgemein - -export type FindingSeverity = 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL' - -export type FindingStatus = - | 'OPEN' - | 'IN_PROGRESS' - | 'RESOLVED' - | 'ACCEPTED' - | 'FALSE_POSITIVE' - -// ========================================== -// ENUMS - RISK & CONTROLS -// ========================================== - -export type ControlDomain = - | 'TRANSFER' // Drittlandtransfer - | 'AUDIT' // Auditrechte - | 'DELETION' // Loeschung - | 'INCIDENT' // Incident Response - | 'SUBPROCESSOR' // Unterauftragnehmer - | 'TOM' // Tech/Org Massnahmen - | 'CONTRACT' // Vertragliche Grundlagen - | 'DATA_SUBJECT' // Betroffenenrechte - | 'SECURITY' // Sicherheit - | 'GOVERNANCE' // Governance - -export type ControlStatus = - | 'PASS' - | 'PARTIAL' - | 'FAIL' - | 'NOT_APPLICABLE' - | 'PLANNED' - -export type RiskLevel = 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL' - -export type EntityType = 'VENDOR' | 'PROCESSING_ACTIVITY' | 'CONTRACT' - -export type EvidenceType = 'DOCUMENT' | 'SCREENSHOT' | 'LINK' | 'ATTESTATION' - -// ========================================== -// ENUMS - EXPORT -// ========================================== - -export type ReportType = - | 'VVT_EXPORT' - | 'VENDOR_AUDIT' - | 'ROPA' - | 'MANAGEMENT_SUMMARY' - | 'DPIA_INPUT' - -export type ExportFormat = 'PDF' | 'DOCX' | 'XLSX' | 'JSON' - -// ========================================== -// INTERFACES - VVT / PROCESSING ACTIVITIES -// ========================================== - -export interface LegalBasis { - type: LegalBasisType - description?: string - reference?: string // z.B. "§ 26 BDSG" -} - -export interface RecipientCategory { - type: RecipientCategoryType - name: string - description?: string - isThirdCountry?: boolean - country?: string -} - -export interface ThirdCountryTransfer { - country: string // ISO 3166-1 alpha-2 - recipient: string - transferMechanism: TransferMechanismType - sccVersion?: string - tiaCompleted?: boolean - tiaDate?: Date - additionalMeasures?: string[] -} - -export interface RetentionPeriod { - duration?: number // in Monaten - durationUnit?: 'DAYS' | 'MONTHS' | 'YEARS' - description: LocalizedText - legalBasis?: string // z.B. "HGB § 257", "AO § 147" - deletionProcedure?: string -} - -export interface DataSource { - type: DataSourceType - description?: string -} - -export interface SystemReference { - systemId: string - name: string - description?: string - type?: string // CRM, ERP, etc. -} - -export interface DataFlow { - sourceSystem?: string - targetSystem?: string - description: string - dataCategories: PersonalDataCategory[] -} - -export interface ProcessingActivity { - id: string - tenantId: string - - // Pflichtfelder Art. 30(1) DSGVO - vvtId: string // Eindeutige VVT-Nummer (z.B. VVT-2024-001) - name: LocalizedText - responsible: ResponsibleParty - dpoContact?: Contact - purposes: LocalizedText[] - dataSubjectCategories: DataSubjectCategory[] - personalDataCategories: PersonalDataCategory[] - recipientCategories: RecipientCategory[] - thirdCountryTransfers: ThirdCountryTransfer[] - retentionPeriod: RetentionPeriod - technicalMeasures: string[] // TOM-Referenzen - - // Empfohlene Zusatzfelder - legalBasis: LegalBasis[] - dataSources: DataSource[] - systems: SystemReference[] - dataFlows: DataFlow[] - protectionLevel: ProtectionLevel - dpiaRequired: boolean - dpiaJustification?: string - subProcessors: string[] // Vendor-IDs - legalRetentionBasis?: string - - // Workflow - status: ProcessingActivityStatus - owner: string - lastReviewDate?: Date - nextReviewDate?: Date - - createdAt: Date - updatedAt: Date -} - -// ========================================== -// INTERFACES - VENDOR -// ========================================== - -export interface ProcessingLocation { - country: string // ISO 3166-1 alpha-2 - region?: string - city?: string - dataCenter?: string - isEU: boolean - isAdequate: boolean // Angemessenheitsbeschluss - type?: string // e.g., 'primary', 'backup', 'disaster-recovery' - description?: string - isPrimary?: boolean -} - -export interface Certification { - type: string // ISO 27001, SOC2, TISAX, C5, etc. - issuer?: string - issuedDate?: Date - expirationDate?: Date - scope?: string - certificateNumber?: string - documentId?: string // Referenz zum hochgeladenen Zertifikat -} - -export interface Vendor { - id: string - tenantId: string - - // Stammdaten - name: string - legalForm?: string - country: string - address: Address - website?: string - - // Rolle - role: VendorRole - serviceDescription: string - serviceCategory: ServiceCategory - - // Datenzugriff - dataAccessLevel: DataAccessLevel - processingLocations: ProcessingLocation[] - transferMechanisms: TransferMechanismType[] - - // Zertifizierungen - certifications: Certification[] - - // Kontakte - primaryContact: Contact - dpoContact?: Contact - securityContact?: Contact - - // Vertraege - contractTypes: DocumentType[] - contracts: string[] // Contract-IDs - - // Risiko - inherentRiskScore: number // 0-100 (auto-berechnet) - residualRiskScore: number // 0-100 (nach Controls) - manualRiskAdjustment?: number - riskJustification?: string - - // Review - reviewFrequency: ReviewFrequency - lastReviewDate?: Date - nextReviewDate?: Date - - // Workflow - status: VendorStatus - - // Linked Processing Activities - processingActivityIds: string[] - - // Notes - notes?: string - - createdAt: Date - updatedAt: Date -} - -// ========================================== -// INTERFACES - CONTRACT -// ========================================== - -export interface ContractParty { - role: 'CONTROLLER' | 'PROCESSOR' | 'PARTY' - name: string - address?: Address - signatoryName?: string - signatoryRole?: string -} - -export interface ContractDocument { - id: string - tenantId: string - vendorId: string - - // Dokument - fileName: string - originalName: string - mimeType: string - fileSize: number - storagePath: string // MinIO path - - // Klassifikation - documentType: DocumentType - - // Versioning - version: string - previousVersionId?: string - - // Metadaten (extrahiert) - parties?: ContractParty[] - effectiveDate?: Date - expirationDate?: Date - autoRenewal?: boolean - renewalNoticePeriod?: number // Tage - terminationNoticePeriod?: number // Tage - - // Review Status - reviewStatus: ContractReviewStatus - reviewCompletedAt?: Date - complianceScore?: number // 0-100 - - // Workflow - status: ContractStatus - signedAt?: Date - - // Extracted text for search - extractedText?: string - pageCount?: number - - createdAt: Date - updatedAt: Date -} - -export interface DocumentVersion { - id: string - documentId: string - version: string - storagePath: string - extractedText?: string - pageCount: number - createdAt: Date -} - -// ========================================== -// INTERFACES - FINDINGS -// ========================================== - -export interface Citation { - documentId: string - versionId?: string - page: number - startChar: number - endChar: number - quotedText: string - quoteHash: string // SHA-256 zur Verifizierung -} - -export interface Finding { - id: string - tenantId: string - contractId: string - vendorId: string - - // Klassifikation - type: FindingType - category: FindingCategory - severity: FindingSeverity - - // Inhalt - title: LocalizedText - description: LocalizedText - recommendation?: LocalizedText - - // Citations (Textstellen-Belege) - citations: Citation[] - - // Verknuepfung - affectedRequirement?: string // z.B. "Art. 28 Abs. 3 lit. a DSGVO" - triggeredControls: string[] // Control-IDs - - // Workflow - status: FindingStatus - assignee?: string - dueDate?: Date - resolution?: string - resolvedAt?: Date - - createdAt: Date - updatedAt: Date -} - -// ========================================== -// INTERFACES - RISK & CONTROLS -// ========================================== - -export interface RiskFactor { - id: string - name: LocalizedText - category: string - weight: number - value: number // 1-5 - rationale?: string -} - -export interface RiskScore { - likelihood: 1 | 2 | 3 | 4 | 5 - impact: 1 | 2 | 3 | 4 | 5 - score: number // likelihood * impact (1-25) - level: RiskLevel - rationale: string -} - -export interface RiskAssessment { - id: string - tenantId: string - entityType: EntityType - entityId: string - - // Bewertung - inherentRisk: RiskScore - residualRisk: RiskScore - - // Faktoren - riskFactors: RiskFactor[] - mitigatingControls: string[] // Control-IDs - - // Workflow - assessedBy: string - assessedAt: Date - approvedBy?: string - approvedAt?: Date - - nextAssessmentDate: Date -} - -export interface Control { - id: string // z.B. VND-TRF-01 - domain: ControlDomain - - title: LocalizedText - description: LocalizedText - passCriteria: LocalizedText - - // Mapping - requirements: string[] // Art. 28 Abs. 3 lit. a, ISO 27001 A.15.1.2 - - // Standard - isRequired: boolean - defaultFrequency: ReviewFrequency -} - -export interface ControlInstance { - id: string - tenantId: string - controlId: string - entityType: EntityType - entityId: string - - // Status - status: ControlStatus - - // Evidenz - evidenceIds: string[] - - // Workflow - lastAssessedAt: Date - lastAssessedBy: string - nextAssessmentDate: Date - - notes?: string -} - -export interface Evidence { - id: string - tenantId: string - controlInstanceId: string - - type: EvidenceType - title: string - description?: string - - // Fuer Dokumente - storagePath?: string - fileName?: string - - // Fuer Links - url?: string - - // Fuer Attestation - attestedBy?: string - attestedAt?: Date - - validFrom: Date - validUntil?: Date - - createdAt: Date -} - -// ========================================== -// INTERFACES - AUDIT REPORTS -// ========================================== - -export interface ReportScope { - vendorIds?: string[] - processingActivityIds?: string[] - dateRange?: { from: Date; to: Date } -} - -export interface AuditReport { - id: string - tenantId: string - - type: ReportType - - // Scope - scope: ReportScope - - // Generierung - format: ExportFormat - storagePath: string - generatedAt: Date - generatedBy: string - - // Snapshot-Daten (fuer Revisionssicherheit) - snapshotHash: string // SHA-256 des Inhalts -} - -// ========================================== -// STATE MANAGEMENT - ACTIONS -// ========================================== - -export type VendorComplianceAction = - // Processing Activities - | { type: 'SET_PROCESSING_ACTIVITIES'; payload: ProcessingActivity[] } - | { type: 'ADD_PROCESSING_ACTIVITY'; payload: ProcessingActivity } - | { type: 'UPDATE_PROCESSING_ACTIVITY'; payload: { id: string; data: Partial } } - | { type: 'DELETE_PROCESSING_ACTIVITY'; payload: string } - // Vendors - | { type: 'SET_VENDORS'; payload: Vendor[] } - | { type: 'ADD_VENDOR'; payload: Vendor } - | { type: 'UPDATE_VENDOR'; payload: { id: string; data: Partial } } - | { type: 'DELETE_VENDOR'; payload: string } - // Contracts - | { type: 'SET_CONTRACTS'; payload: ContractDocument[] } - | { type: 'ADD_CONTRACT'; payload: ContractDocument } - | { type: 'UPDATE_CONTRACT'; payload: { id: string; data: Partial } } - | { type: 'DELETE_CONTRACT'; payload: string } - // Findings - | { type: 'SET_FINDINGS'; payload: Finding[] } - | { type: 'ADD_FINDINGS'; payload: Finding[] } - | { type: 'UPDATE_FINDING'; payload: { id: string; data: Partial } } - // Controls - | { type: 'SET_CONTROLS'; payload: Control[] } - | { type: 'SET_CONTROL_INSTANCES'; payload: ControlInstance[] } - | { type: 'UPDATE_CONTROL_INSTANCE'; payload: { id: string; data: Partial } } - // Risk Assessments - | { type: 'SET_RISK_ASSESSMENTS'; payload: RiskAssessment[] } - | { type: 'UPDATE_RISK_ASSESSMENT'; payload: { id: string; data: Partial } } - // UI State - | { type: 'SET_LOADING'; payload: boolean } - | { type: 'SET_ERROR'; payload: string | null } - | { type: 'SET_SELECTED_VENDOR'; payload: string | null } - | { type: 'SET_SELECTED_ACTIVITY'; payload: string | null } - | { type: 'SET_ACTIVE_TAB'; payload: string } - -// ========================================== -// STATE MANAGEMENT - STATE -// ========================================== - -export interface VendorComplianceState { - // Data - processingActivities: ProcessingActivity[] - vendors: Vendor[] - contracts: ContractDocument[] - findings: Finding[] - controls: Control[] - controlInstances: ControlInstance[] - riskAssessments: RiskAssessment[] - - // UI State - isLoading: boolean - error: string | null - selectedVendorId: string | null - selectedActivityId: string | null - activeTab: string - - // Metadata - lastModified: Date | null -} - -// ========================================== -// CONTEXT VALUE -// ========================================== - -export interface VendorComplianceContextValue extends VendorComplianceState { - // Dispatch - dispatch: React.Dispatch - - // Computed - vendorStats: VendorStatistics - complianceStats: ComplianceStatistics - riskOverview: RiskOverview - - // Actions - Processing Activities - deleteProcessingActivity: (id: string) => Promise - duplicateProcessingActivity: (id: string) => Promise - - // Actions - Vendors - deleteVendor: (id: string) => Promise - - // Actions - Contracts - deleteContract: (id: string) => Promise - startContractReview: (contractId: string) => Promise - - // Data Loading - loadData: () => Promise - refresh: () => Promise -} - -// ========================================== -// STATISTICS INTERFACES -// ========================================== - -export interface VendorStatistics { - total: number - byStatus: Record - byRole: Record - byRiskLevel: Record - pendingReviews: number - withExpiredContracts: number -} - -export interface ComplianceStatistics { - averageComplianceScore: number - findingsByType: Record - findingsBySeverity: Record - openFindings: number - resolvedFindings: number - controlPassRate: number -} - -export interface RiskOverview { - averageInherentRisk: number - averageResidualRisk: number - highRiskVendors: number - criticalFindings: number - transfersToThirdCountries: number -} - -// ========================================== -// API RESPONSE TYPES -// ========================================== - -export interface ApiResponse { - success: boolean - data?: T - error?: string - timestamp: string -} - -export interface PaginatedResponse extends ApiResponse { - pagination: { - page: number - pageSize: number - total: number - totalPages: number - } -} - -// ========================================== -// FORM TYPES -// ========================================== - -export interface ProcessingActivityFormData { - vvtId: string - name: LocalizedText - responsible: ResponsibleParty - dpoContact?: Contact - purposes: LocalizedText[] - dataSubjectCategories: DataSubjectCategory[] - personalDataCategories: PersonalDataCategory[] - recipientCategories: RecipientCategory[] - thirdCountryTransfers: ThirdCountryTransfer[] - retentionPeriod: RetentionPeriod - technicalMeasures: string[] - legalBasis: LegalBasis[] - dataSources: DataSource[] - systems: SystemReference[] - dataFlows: DataFlow[] - protectionLevel: ProtectionLevel - dpiaRequired: boolean - dpiaJustification?: string - subProcessors: string[] - owner: string -} - -export interface VendorFormData { - name: string - legalForm?: string - country: string - address: Address - website?: string - role: VendorRole - serviceDescription: string - serviceCategory: ServiceCategory - dataAccessLevel: DataAccessLevel - processingLocations: ProcessingLocation[] - transferMechanisms: TransferMechanismType[] - certifications: Certification[] - primaryContact: Contact - dpoContact?: Contact - securityContact?: Contact - contractTypes: DocumentType[] - reviewFrequency: ReviewFrequency - notes?: string -} - -// ========================================== -// HELPER FUNCTIONS -// ========================================== - -/** - * Calculate risk level from score - */ -export function getRiskLevelFromScore(score: number): RiskLevel { - if (score <= 4) return 'LOW' - if (score <= 9) return 'MEDIUM' - if (score <= 16) return 'HIGH' - return 'CRITICAL' -} - -/** - * Calculate risk score from likelihood and impact - */ -export function calculateRiskScore(likelihood: number, impact: number): number { - return likelihood * impact -} - -/** - * Check if data category is special (Art. 9 DSGVO) - */ -export function isSpecialCategory(category: PersonalDataCategory): boolean { - const specialCategories: PersonalDataCategory[] = [ - 'HEALTH_DATA', - 'GENETIC_DATA', - 'BIOMETRIC_DATA', - 'RACIAL_ETHNIC', - 'POLITICAL_OPINIONS', - 'RELIGIOUS_BELIEFS', - 'TRADE_UNION', - 'SEX_LIFE', - 'CRIMINAL_DATA', - ] - return specialCategories.includes(category) -} - -/** - * Check if country has adequacy decision - */ -export function hasAdequacyDecision(countryCode: string): boolean { - const adequateCountries = [ - 'AD', 'AR', 'CA', 'FO', 'GG', 'IL', 'IM', 'JP', 'JE', 'NZ', 'KR', 'CH', 'GB', 'UY', - // EU/EEA countries - 'AT', 'BE', 'BG', 'HR', 'CY', 'CZ', 'DK', 'EE', 'FI', 'FR', 'DE', 'GR', 'HU', - 'IE', 'IT', 'LV', 'LT', 'LU', 'MT', 'NL', 'PL', 'PT', 'RO', 'SK', 'SI', 'ES', 'SE', - 'IS', 'LI', 'NO', - ] - return adequateCountries.includes(countryCode.toUpperCase()) -} - -/** - * Generate VVT ID - */ -export function generateVVTId(existingIds: string[]): string { - const year = new Date().getFullYear() - const prefix = `VVT-${year}-` - - const existingNumbers = existingIds - .filter(id => id.startsWith(prefix)) - .map(id => parseInt(id.replace(prefix, ''), 10)) - .filter(n => !isNaN(n)) - - const nextNumber = existingNumbers.length > 0 ? Math.max(...existingNumbers) + 1 : 1 - return `${prefix}${nextNumber.toString().padStart(3, '0')}` -} - -/** - * Format date for display - */ -export function formatDate(date: Date | string | undefined): string { - if (!date) return '-' - const d = typeof date === 'string' ? new Date(date) : date - return d.toLocaleDateString('de-DE', { - day: '2-digit', - month: '2-digit', - year: 'numeric', - }) -} - -/** - * Get severity color class - */ -export function getSeverityColor(severity: FindingSeverity): string { - switch (severity) { - case 'LOW': return 'text-blue-600 bg-blue-100' - case 'MEDIUM': return 'text-yellow-600 bg-yellow-100' - case 'HIGH': return 'text-orange-600 bg-orange-100' - case 'CRITICAL': return 'text-red-600 bg-red-100' - } -} - -/** - * Get status color class - */ -export function getStatusColor(status: VendorStatus | ProcessingActivityStatus | ContractStatus): string { - switch (status) { - case 'ACTIVE': - case 'APPROVED': - case 'SIGNED': - return 'text-green-600 bg-green-100' - case 'DRAFT': - case 'PENDING_REVIEW': - return 'text-yellow-600 bg-yellow-100' - case 'REVIEW': - case 'INACTIVE': - return 'text-blue-600 bg-blue-100' - case 'ARCHIVED': - case 'EXPIRED': - case 'TERMINATED': - return 'text-gray-600 bg-gray-100' - default: - return 'text-gray-600 bg-gray-100' - } -} - -// ========================================== -// CONSTANTS - METADATA -// ========================================== - -export const DATA_SUBJECT_CATEGORY_META: Record = { - EMPLOYEES: { de: 'Beschäftigte', en: 'Employees' }, - APPLICANTS: { de: 'Bewerber', en: 'Applicants' }, - CUSTOMERS: { de: 'Kunden', en: 'Customers' }, - PROSPECTIVE_CUSTOMERS: { de: 'Interessenten', en: 'Prospective Customers' }, - SUPPLIERS: { de: 'Lieferanten', en: 'Suppliers' }, - BUSINESS_PARTNERS: { de: 'Geschäftspartner', en: 'Business Partners' }, - VISITORS: { de: 'Besucher', en: 'Visitors' }, - WEBSITE_USERS: { de: 'Website-Nutzer', en: 'Website Users' }, - APP_USERS: { de: 'App-Nutzer', en: 'App Users' }, - NEWSLETTER_SUBSCRIBERS: { de: 'Newsletter-Abonnenten', en: 'Newsletter Subscribers' }, - MEMBERS: { de: 'Mitglieder', en: 'Members' }, - PATIENTS: { de: 'Patienten', en: 'Patients' }, - STUDENTS: { de: 'Schüler/Studenten', en: 'Students' }, - MINORS: { de: 'Minderjährige', en: 'Minors' }, - OTHER: { de: 'Sonstige', en: 'Other' }, -} - -export const PERSONAL_DATA_CATEGORY_META: Record = { - NAME: { label: { de: 'Name', en: 'Name' }, isSpecial: false }, - CONTACT: { label: { de: 'Kontaktdaten', en: 'Contact Data' }, isSpecial: false }, - ADDRESS: { label: { de: 'Adressdaten', en: 'Address Data' }, isSpecial: false }, - DOB: { label: { de: 'Geburtsdatum', en: 'Date of Birth' }, isSpecial: false }, - ID_NUMBER: { label: { de: 'Ausweisnummern', en: 'ID Numbers' }, isSpecial: false }, - SOCIAL_SECURITY: { label: { de: 'Sozialversicherungsnummer', en: 'Social Security Number' }, isSpecial: false }, - TAX_ID: { label: { de: 'Steuer-ID', en: 'Tax ID' }, isSpecial: false }, - BANK_ACCOUNT: { label: { de: 'Bankverbindung', en: 'Bank Account' }, isSpecial: false }, - PAYMENT_DATA: { label: { de: 'Zahlungsdaten', en: 'Payment Data' }, isSpecial: false }, - EMPLOYMENT_DATA: { label: { de: 'Beschäftigungsdaten', en: 'Employment Data' }, isSpecial: false }, - SALARY_DATA: { label: { de: 'Gehaltsdaten', en: 'Salary Data' }, isSpecial: false }, - EDUCATION_DATA: { label: { de: 'Bildungsdaten', en: 'Education Data' }, isSpecial: false }, - PHOTO_VIDEO: { label: { de: 'Fotos/Videos', en: 'Photos/Videos' }, isSpecial: false }, - IP_ADDRESS: { label: { de: 'IP-Adressen', en: 'IP Addresses' }, isSpecial: false }, - DEVICE_ID: { label: { de: 'Gerätekennungen', en: 'Device IDs' }, isSpecial: false }, - LOCATION_DATA: { label: { de: 'Standortdaten', en: 'Location Data' }, isSpecial: false }, - USAGE_DATA: { label: { de: 'Nutzungsdaten', en: 'Usage Data' }, isSpecial: false }, - COMMUNICATION_DATA: { label: { de: 'Kommunikationsdaten', en: 'Communication Data' }, isSpecial: false }, - CONTRACT_DATA: { label: { de: 'Vertragsdaten', en: 'Contract Data' }, isSpecial: false }, - LOGIN_DATA: { label: { de: 'Login-Daten', en: 'Login Data' }, isSpecial: false }, - HEALTH_DATA: { label: { de: 'Gesundheitsdaten', en: 'Health Data' }, isSpecial: true }, - GENETIC_DATA: { label: { de: 'Genetische Daten', en: 'Genetic Data' }, isSpecial: true }, - BIOMETRIC_DATA: { label: { de: 'Biometrische Daten', en: 'Biometric Data' }, isSpecial: true }, - RACIAL_ETHNIC: { label: { de: 'Rassische/Ethnische Herkunft', en: 'Racial/Ethnic Origin' }, isSpecial: true }, - POLITICAL_OPINIONS: { label: { de: 'Politische Meinungen', en: 'Political Opinions' }, isSpecial: true }, - RELIGIOUS_BELIEFS: { label: { de: 'Religiöse Überzeugungen', en: 'Religious Beliefs' }, isSpecial: true }, - TRADE_UNION: { label: { de: 'Gewerkschaftszugehörigkeit', en: 'Trade Union Membership' }, isSpecial: true }, - SEX_LIFE: { label: { de: 'Sexualleben/Orientierung', en: 'Sex Life/Orientation' }, isSpecial: true }, - CRIMINAL_DATA: { label: { de: 'Strafrechtliche Daten', en: 'Criminal Data' }, isSpecial: true }, - OTHER: { label: { de: 'Sonstige', en: 'Other' }, isSpecial: false }, -} - -export const LEGAL_BASIS_META: Record = { - CONSENT: { label: { de: 'Einwilligung', en: 'Consent' }, article: 'Art. 6 Abs. 1 lit. a DSGVO' }, - CONTRACT: { label: { de: 'Vertragserfüllung', en: 'Contract Performance' }, article: 'Art. 6 Abs. 1 lit. b DSGVO' }, - LEGAL_OBLIGATION: { label: { de: 'Rechtliche Verpflichtung', en: 'Legal Obligation' }, article: 'Art. 6 Abs. 1 lit. c DSGVO' }, - VITAL_INTEREST: { label: { de: 'Lebenswichtige Interessen', en: 'Vital Interests' }, article: 'Art. 6 Abs. 1 lit. d DSGVO' }, - PUBLIC_TASK: { label: { de: 'Öffentliche Aufgabe', en: 'Public Task' }, article: 'Art. 6 Abs. 1 lit. e DSGVO' }, - LEGITIMATE_INTEREST: { label: { de: 'Berechtigtes Interesse', en: 'Legitimate Interest' }, article: 'Art. 6 Abs. 1 lit. f DSGVO' }, - ART9_CONSENT: { label: { de: 'Ausdrückliche Einwilligung', en: 'Explicit Consent' }, article: 'Art. 9 Abs. 2 lit. a DSGVO' }, - ART9_EMPLOYMENT: { label: { de: 'Arbeitsrecht', en: 'Employment Law' }, article: 'Art. 9 Abs. 2 lit. b DSGVO' }, - ART9_VITAL_INTEREST: { label: { de: 'Lebenswichtige Interessen', en: 'Vital Interests' }, article: 'Art. 9 Abs. 2 lit. c DSGVO' }, - ART9_FOUNDATION: { label: { de: 'Stiftung/Verein', en: 'Foundation/Association' }, article: 'Art. 9 Abs. 2 lit. d DSGVO' }, - ART9_PUBLIC: { label: { de: 'Offenkundig öffentlich', en: 'Manifestly Public' }, article: 'Art. 9 Abs. 2 lit. e DSGVO' }, - ART9_LEGAL_CLAIMS: { label: { de: 'Rechtsansprüche', en: 'Legal Claims' }, article: 'Art. 9 Abs. 2 lit. f DSGVO' }, - ART9_PUBLIC_INTEREST: { label: { de: 'Öffentliches Interesse', en: 'Public Interest' }, article: 'Art. 9 Abs. 2 lit. g DSGVO' }, - ART9_HEALTH: { label: { de: 'Gesundheitsversorgung', en: 'Health Care' }, article: 'Art. 9 Abs. 2 lit. h DSGVO' }, - ART9_PUBLIC_HEALTH: { label: { de: 'Öffentliche Gesundheit', en: 'Public Health' }, article: 'Art. 9 Abs. 2 lit. i DSGVO' }, - ART9_ARCHIVING: { label: { de: 'Archivzwecke', en: 'Archiving Purposes' }, article: 'Art. 9 Abs. 2 lit. j DSGVO' }, -} - -export const VENDOR_ROLE_META: Record = { - PROCESSOR: { de: 'Auftragsverarbeiter', en: 'Processor' }, - JOINT_CONTROLLER: { de: 'Gemeinsam Verantwortlicher', en: 'Joint Controller' }, - CONTROLLER: { de: 'Eigenständiger Verantwortlicher', en: 'Independent Controller' }, - SUB_PROCESSOR: { de: 'Unterauftragnehmer', en: 'Sub-Processor' }, - THIRD_PARTY: { de: 'Dritter', en: 'Third Party' }, -} - -export const SERVICE_CATEGORY_META: Record = { - HOSTING: { de: 'Hosting', en: 'Hosting' }, - CLOUD_INFRASTRUCTURE: { de: 'Cloud-Infrastruktur', en: 'Cloud Infrastructure' }, - ANALYTICS: { de: 'Analytics', en: 'Analytics' }, - CRM: { de: 'CRM', en: 'CRM' }, - ERP: { de: 'ERP', en: 'ERP' }, - HR_SOFTWARE: { de: 'HR-Software', en: 'HR Software' }, - PAYMENT: { de: 'Zahlungsabwicklung', en: 'Payment Processing' }, - EMAIL: { de: 'E-Mail', en: 'Email' }, - MARKETING: { de: 'Marketing', en: 'Marketing' }, - SUPPORT: { de: 'Support', en: 'Support' }, - SECURITY: { de: 'Sicherheit', en: 'Security' }, - INTEGRATION: { de: 'Integration', en: 'Integration' }, - CONSULTING: { de: 'Beratung', en: 'Consulting' }, - LEGAL: { de: 'Rechtliches', en: 'Legal' }, - ACCOUNTING: { de: 'Buchhaltung', en: 'Accounting' }, - COMMUNICATION: { de: 'Kommunikation', en: 'Communication' }, - STORAGE: { de: 'Speicher', en: 'Storage' }, - BACKUP: { de: 'Backup', en: 'Backup' }, - CDN: { de: 'CDN', en: 'CDN' }, - OTHER: { de: 'Sonstige', en: 'Other' }, -} - -export const DOCUMENT_TYPE_META: Record = { - AVV: { de: 'Auftragsverarbeitungsvertrag', en: 'Data Processing Agreement' }, - MSA: { de: 'Rahmenvertrag', en: 'Master Service Agreement' }, - SLA: { de: 'Service Level Agreement', en: 'Service Level Agreement' }, - SCC: { de: 'Standardvertragsklauseln', en: 'Standard Contractual Clauses' }, - NDA: { de: 'Geheimhaltungsvereinbarung', en: 'Non-Disclosure Agreement' }, - TOM_ANNEX: { de: 'TOM-Anlage', en: 'TOM Annex' }, - CERTIFICATION: { de: 'Zertifikat', en: 'Certification' }, - SUB_PROCESSOR_LIST: { de: 'Unterauftragnehmer-Liste', en: 'Sub-Processor List' }, - OTHER: { de: 'Sonstige', en: 'Other' }, -} - -export const TRANSFER_MECHANISM_META: Record = { - ADEQUACY_DECISION: { de: 'Angemessenheitsbeschluss', en: 'Adequacy Decision' }, - SCC_CONTROLLER: { de: 'SCC (Controller-to-Controller)', en: 'SCC (Controller-to-Controller)' }, - SCC_PROCESSOR: { de: 'SCC (Controller-to-Processor)', en: 'SCC (Controller-to-Processor)' }, - BCR: { de: 'Binding Corporate Rules', en: 'Binding Corporate Rules' }, - DEROGATION_CONSENT: { de: 'Ausdrückliche Einwilligung', en: 'Explicit Consent' }, - DEROGATION_CONTRACT: { de: 'Vertragserfüllung', en: 'Contract Performance' }, - DEROGATION_LEGAL: { de: 'Rechtsansprüche', en: 'Legal Claims' }, - DEROGATION_PUBLIC: { de: 'Öffentliches Interesse', en: 'Public Interest' }, - CERTIFICATION: { de: 'Zertifizierung', en: 'Certification' }, - CODE_OF_CONDUCT: { de: 'Verhaltensregeln', en: 'Code of Conduct' }, -} +export * from './types/index'