refactor(compliance-sdk): split client/provider/embed/state under 500 LOC

Phase 4 continuation. All touched files now under the file-size cap, and
drive-by fixes unblock the types/core/react/vanilla builds which were broken
at baseline.

Splits
- packages/types/src/state 505 -> 31 LOC barrel + state-flow/-assessment/-core
- packages/core/src/client 521 -> 395 LOC + client-http 187 LOC (HTTP transport)
- packages/react/src/provider 539 -> 460 LOC + provider-context 101 LOC
- packages/vanilla/src/embed 611 -> 290 LOC + embed-banner 321 + embed-translations 78

Drive-by fixes (pre-existing typecheck/build failures)
- types/rag.ts: rename colliding LegalDocument export to RagLegalDocument
  (the `export *` chain in index.ts was ambiguous; two consumers updated
  - core/modules/rag.ts drops unused import, vue/composables/useRAG.ts
  switches to the renamed symbol).
- core/modules/rag.ts: wrap client searchRAG response to add the missing
  `query` field so the declared SearchResponse return type is satisfied.
- react/provider.tsx: re-export useCompliance so ComplianceDashboard /
  ConsentBanner / DSRPortal legacy `from '../provider'` imports resolve.
- vanilla/embed.ts + web-components/base.ts: default tenantId to ''
  so ComplianceClient construction typechecks.
- vanilla/web-components/consent-banner.ts: tighten categories literal to
  `as const` so t.categories indexing narrows correctly.

Verification: packages/types + core + react + vanilla all `pnpm build`
clean with DTS emission. consent-sdk unaffected (still green).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

breakpilot-compliance-sdk/packages/react/src/provider-context.ts

@@ -0,0 +1,101 @@
+/**
+ * ComplianceContext — React context + value shape for ComplianceProvider.
+ *
+ * Phase 4: extracted from provider.tsx so the provider module stays under
+ * the file-size cap.
+ */
+
+import { createContext } from 'react'
+import type {
+  ComplianceClient,
+  DSGVOModule,
+  ComplianceModule,
+  RAGModule,
+  SecurityModule,
+} from '@breakpilot/compliance-sdk-core'
+import type {
+  SDKState,
+  SDKAction,
+  SDKStep,
+  CheckpointStatus,
+  SyncState,
+  UseCaseAssessment,
+  Risk,
+  Control,
+} from '@breakpilot/compliance-sdk-types'
+
+// Shared localStorage key prefix for provider persistence.
+export const SDK_STORAGE_KEY = 'breakpilot-compliance-sdk-state'
+
+export interface ComplianceContextValue {
+  // State
+  state: SDKState
+  dispatch: React.Dispatch<SDKAction>
+
+  // Client
+  client: ComplianceClient
+
+  // Modules
+  dsgvo: DSGVOModule
+  compliance: ComplianceModule
+  rag: RAGModule
+  security: SecurityModule
+
+  // Navigation
+  currentStep: SDKStep | undefined
+  goToStep: (stepId: string) => void
+  goToNextStep: () => void
+  goToPreviousStep: () => void
+  canGoNext: boolean
+  canGoPrevious: boolean
+
+  // Progress
+  completionPercentage: number
+  phase1Completion: number
+  phase2Completion: number
+
+  // Checkpoints
+  validateCheckpoint: (checkpointId: string) => Promise<CheckpointStatus>
+  overrideCheckpoint: (checkpointId: string, reason: string) => Promise<void>
+  getCheckpointStatus: (checkpointId: string) => CheckpointStatus | undefined
+
+  // State Updates
+  updateUseCase: (id: string, data: Partial<UseCaseAssessment>) => void
+  addRisk: (risk: Risk) => void
+  updateControl: (id: string, data: Partial<Control>) => void
+
+  // Persistence
+  saveState: () => Promise<void>
+  loadState: () => Promise<void>
+  resetState: () => void
+
+  // Sync
+  syncState: SyncState
+  forceSyncToServer: () => Promise<void>
+  isOnline: boolean
+
+  // Export
+  exportState: (format: 'json' | 'pdf' | 'zip') => Promise<Blob>
+
+  // Command Bar
+  isCommandBarOpen: boolean
+  setCommandBarOpen: (open: boolean) => void
+
+  // Status
+  isInitialized: boolean
+  isLoading: boolean
+  error: Error | null
+}
+
+export const ComplianceContext = createContext<ComplianceContextValue | null>(null)
+
+export interface ComplianceProviderProps {
+  children: React.ReactNode
+  apiEndpoint: string
+  apiKey?: string
+  tenantId: string
+  userId?: string
+  enableBackendSync?: boolean
+  onNavigate?: (url: string) => void
+  onError?: (error: Error) => void
+}

breakpilot-compliance-sdk/packages/react/src/provider.tsx

@@ -1,8 +1,6 @@
 'use client'
 
 import React, {
-  createContext,
-  useContext,
   useReducer,
   useEffect,
   useCallback,
@@ -20,21 +18,13 @@ import {
   createComplianceModule,
   createRAGModule,
   createSecurityModule,
-  type DSGVOModule,
-  type ComplianceModule,
-  type RAGModule,
-  type SecurityModule,
 } from '@breakpilot/compliance-sdk-core'
 import type {
-  SDKState,
-  SDKAction,
-  SDKStep,
   CheckpointStatus,
   SyncState,
   UseCaseAssessment,
   Risk,
   Control,
-  UserPreferences,
 } from '@breakpilot/compliance-sdk-types'
 import {
   getStepById,
@@ -43,94 +33,27 @@ import {
   getCompletionPercentage,
   getPhaseCompletionPercentage,
 } from '@breakpilot/compliance-sdk-types'
+import {
+  ComplianceContext,
+  SDK_STORAGE_KEY,
+  type ComplianceContextValue,
+  type ComplianceProviderProps,
+} from './provider-context'
 
-// =============================================================================
-// CONTEXT TYPES
-// =============================================================================
+export {
+  ComplianceContext,
+  type ComplianceContextValue,
+  type ComplianceProviderProps,
+} from './provider-context'
 
-export interface ComplianceContextValue {
-  // State
-  state: SDKState
-  dispatch: React.Dispatch<SDKAction>
-
-  // Client
-  client: ComplianceClient
-
-  // Modules
-  dsgvo: DSGVOModule
-  compliance: ComplianceModule
-  rag: RAGModule
-  security: SecurityModule
-
-  // Navigation
-  currentStep: SDKStep | undefined
-  goToStep: (stepId: string) => void
-  goToNextStep: () => void
-  goToPreviousStep: () => void
-  canGoNext: boolean
-  canGoPrevious: boolean
-
-  // Progress
-  completionPercentage: number
-  phase1Completion: number
-  phase2Completion: number
-
-  // Checkpoints
-  validateCheckpoint: (checkpointId: string) => Promise<CheckpointStatus>
-  overrideCheckpoint: (checkpointId: string, reason: string) => Promise<void>
-  getCheckpointStatus: (checkpointId: string) => CheckpointStatus | undefined
-
-  // State Updates
-  updateUseCase: (id: string, data: Partial<UseCaseAssessment>) => void
-  addRisk: (risk: Risk) => void
-  updateControl: (id: string, data: Partial<Control>) => void
-
-  // Persistence
-  saveState: () => Promise<void>
-  loadState: () => Promise<void>
-  resetState: () => void
-
-  // Sync
-  syncState: SyncState
-  forceSyncToServer: () => Promise<void>
-  isOnline: boolean
-
-  // Export
-  exportState: (format: 'json' | 'pdf' | 'zip') => Promise<Blob>
-
-  // Command Bar
-  isCommandBarOpen: boolean
-  setCommandBarOpen: (open: boolean) => void
-
-  // Status
-  isInitialized: boolean
-  isLoading: boolean
-  error: Error | null
-}
-
-export const ComplianceContext = createContext<ComplianceContextValue | null>(null)
-
-// =============================================================================
-// PROVIDER PROPS
-// =============================================================================
-
-export interface ComplianceProviderProps {
-  children: React.ReactNode
-  apiEndpoint: string
-  apiKey?: string
-  tenantId: string
-  userId?: string
-  enableBackendSync?: boolean
-  onNavigate?: (url: string) => void
-  onError?: (error: Error) => void
-}
+// Re-export useCompliance so legacy component imports (`from '../provider'`)
+// keep resolving. Pre-existing cross-file import that was broken in baseline.
+export { useCompliance } from './hooks'
 
 // =============================================================================
 // PROVIDER
 // =============================================================================
 
-const SDK_STORAGE_KEY = 'breakpilot-compliance-sdk-state'
-
 export function ComplianceProvider({
   children,
   apiEndpoint,