feat(dsms): Stufe 1 — Gap-Analyse Report wird in DSMS archiviert

- Go DSMS Client (internal/dsms/client.go): Archive() + Verify()
- Python DSMS Client (compliance/services/dsms_client.py): archive_to_dsms() + verify_dsms()
- Gap-Analyse AnalyzeProject() archiviert Report-JSON nach DSMS
- Response enthält dsms_cid wenn Archivierung erfolgreich
- Frontend: Grünes "Revisionssicher archiviert" Badge mit CID im GapDashboard
- DSMS Proxy Route (/api/sdk/v1/dsms/[...path]) für Verify-Abfragen

Stufe 2 (Evidence Upload → DSMS) und Stufe 3 (Version Chains) folgen.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

ai-compliance-sdk/internal/api/handlers/gap_handler.go

@@ -1,12 +1,16 @@
 package handlers
 
 import (
+	"encoding/json"
+	"fmt"
 	"net/http"
+	"time"
 
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
 	"github.com/jackc/pgx/v5/pgxpool"
 
+	"github.com/breakpilot/ai-compliance-sdk/internal/dsms"
 	"github.com/breakpilot/ai-compliance-sdk/internal/gap"
 )
 
@@ -104,7 +108,27 @@ func (h *GapHandler) AnalyzeProject(c *gin.Context) {
 		return
 	}
 
-	c.JSON(http.StatusOK, report)
+	// Archive gap report to DSMS (non-blocking, best-effort)
+	var dsmsCID string
+	reportJSON, _ := json.Marshal(report)
+	filename := fmt.Sprintf("gap-report-%s-%s.json", id.String()[:8], time.Now().Format("2006-01-02"))
+	if result := dsms.Archive(reportJSON, filename, "gap_report", id.String(), "1"); result != nil {
+		dsmsCID = result.CID
+	}
+
+	// Return report with DSMS CID appended
+	response := gin.H{
+		"profile_id":   report.ProfileID,
+		"profile_name": report.ProfileName,
+		"regulations":  report.Regulations,
+		"summary":      report.Summary,
+		"gaps":         report.Gaps,
+		"created_at":   report.CreatedAt,
+	}
+	if dsmsCID != "" {
+		response["dsms_cid"] = dsmsCID
+	}
+	c.JSON(http.StatusOK, response)
 }
 
 // QuickAnalyze runs gap analysis without saving a project.