fix(iace): set-based measure-category filter + 235 pattern-author fixes

Two-part nachhaltiger fix replacing the previous "fill to 5 mitigations
no matter what" behavior that the GT-Bremse benchmark proved
unfaithful (e.g. HP1625 "scharfe Kanten" returning M005 "Rotations-
bewegung vermeiden" via category fallback; HP1651 "Wiederanlauf
Roboter" returning M054 "Sichere thermische Auslegung" via
mismatched pattern reference).

PART A — Set-based category filter (handlers package):
- acceptableMeasureCategories: replaces 1:1 patternCatToMeasureCat
  with a curated set per pattern category, so e.g.
  safety_function_failure now accepts software_control measures
  (watchdogs, plausibility checks) and emc_hazard accepts both
  electrical and software_control measures
- isCategoryCompatible: gate every measure id against the accepted
  set before creating a mitigation; mismatches log MEASURE-SKIP
- The old category fallback is REMOVED. A hazard whose pattern has
  no category-compatible measure is now created with zero mitigations
  and logged as COVERAGE-GAP — the operator must consult an expert.
  No more silent invention of generic defaults.

PART B — 235 pattern author-error fixes across 26 files:
- HP040-HP044 (AI): M101/M102/M103 (Auffangwanne/Absauganlage) ->
  M133 Anomalieerkennung + M214 Plausibilitaet + M213 Sensor-Redundanz
  + M044 Zweikanalige Steuerung + others
- HP011-HP015, HP104-HP109, HP1085-HP1095, HP1281-HP1334 (electrical):
  M001-M005/M054/M061 placeholders -> M481/M482 Isolation +
  M511-M522 PE/Schutzleiter/RCD/Hauptschalter
- HP110-HP1331 (material_environmental): M101-M103 -> M384-M395
  Brandschutz/Laserschutz + M533/M408 SDB/PSA
- HP800-HP858, HP1178-HP1264 (software/sensor/hmi):
  M101/M104 -> M105/M106/M107/M214 SPS/Watchdog/Plausibilitaet
- HP026, HP611-HP1690 (ergonomic): M001/M082 -> M353-M360 +
  M530-M532 Hebehilfe/ergonomische Hoehe
- HP201-HP1697 (mechanical): M054/M051 -> M002/M008/M061/M141 +
  M487/M488 Tueroeffnung-Stillsetzung/Wiederanlauf
- Plus EMF/Strahlung/Brand/Lärm/Vibration/Kommunikation/Cyber

Coverage shift (Pattern-Author-Fehler bei aktiviertem Set-Filter):
   start:         237 patterns with zero category-compatible measures
   after Stufe 1A:   5 (AI)
   after Stufe 1B:  20 (mechanical Bestand)
   after Stufe 1C:  35 (electrical Bestand)
   after Stufe 1D:  29 (material_environmental)
   after Stufe 1E:  29 (software/sensor/hmi)
   after Stufe 1F:  20 (ergonomic)
   after Stufe 1G:  80 (thermal/comm/radiation/fire/safety)
   final:           0  (28 extended.go/extended2.go duplicates fixed)

New regression tests:
- TestEveryPattern_HasCategoryCompatibleMeasure: every pattern in
  collectAllPatterns() must reference at least one category-compatible
  measure; gaps must be explicitly listed in AllowlistKnownGaps
  (currently empty). Fails CI for any new pattern that drifts.
- TestAcceptableMeasureCategories: pins the set-mapping for the
  7 most-bug-prone pattern categories.
- TestIsCategoryCompatible_EmptyMeasureCat: protects legacy entries.

A separate task #11 tracks 58 HP-ID duplicates between
extended.go/extended2.go and cobot.go/press.go/operational.go —
patterns are semantically different and TestGetBuiltinHazardPatterns_-
UniqueIDs misses them because it only checks HP001-HP044.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

ai-compliance-sdk/internal/iace/pattern_coverage_test.go

@@ -0,0 +1,125 @@
+package iace
+
+import (
+	"sort"
+	"testing"
+)
+
+// patternCategoryCompatibility mirrors the Go runtime helper
+// `acceptableMeasureCategories` in internal/api/handlers/iace_handler_init_helpers.go.
+// Kept here so the test does not depend on the handlers package (which would
+// introduce an import cycle). If the runtime map changes, this table must be
+// updated in lockstep — there is no fallback any more, so a drift would mean
+// hazards going to the operator with zero mitigations.
+var patternCategoryCompatibility = map[string]map[string]bool{
+	"mechanical_hazard":             {"mechanical": true},
+	"electrical_hazard":             {"electrical": true},
+	"thermal_hazard":                {"thermal": true, "material_environmental": true},
+	"noise_vibration":               {"noise_vibration": true, "ergonomic": true},
+	"pneumatic_hydraulic":           {"pneumatic_hydraulic": true, "mechanical": true},
+	"material_environmental":        {"material_environmental": true},
+	"chemical_risk":                 {"material_environmental": true, "thermal": true},
+	"ergonomic":                     {"ergonomic": true},
+	"ergonomic_hazard":              {"ergonomic": true},
+	"fire_explosion":                {"thermal": true, "material_environmental": true},
+	"radiation_hazard":              {"material_environmental": true},
+	"emc_hazard":                    {"electrical": true, "software_control": true},
+	"maintenance_hazard":            {"mechanical": true},
+	"safety_function_failure":       {"safety_function": true, "software_control": true},
+	"software_fault":                {"software_control": true},
+	"sensor_fault":                  {"software_control": true},
+	"configuration_error":           {"software_control": true},
+	"update_failure":                {"software_control": true},
+	"hmi_error":                     {"software_control": true},
+	"mode_confusion":                {"software_control": true},
+	"unauthorized_access":           {"cyber_network": true, "software_control": true},
+	"communication_failure":         {"cyber_network": true, "software_control": true},
+	"firmware_corruption":           {"cyber_network": true, "software_control": true},
+	"logging_audit_failure":         {"cyber_network": true, "software_control": true},
+	"ai_misclassification":          {"ai_specific": true, "software_control": true},
+	"false_classification":          {"ai_specific": true, "software_control": true},
+	"model_drift":                   {"ai_specific": true, "software_control": true},
+	"data_poisoning":                {"ai_specific": true, "software_control": true},
+	"sensor_spoofing":               {"ai_specific": true, "software_control": true},
+	"unintended_bias":               {"ai_specific": true, "software_control": true},
+	"noise_source":                  {"noise_vibration": true, "ergonomic": true},
+	"vibration_source":              {"noise_vibration": true, "ergonomic": true},
+	"high_temperature":              {"thermal": true, "material_environmental": true},
+	"material_environmental_hazard": {"material_environmental": true},
+}
+
+// TestEveryPattern_HasCategoryCompatibleMeasure is the contract that replaces
+// the old category fallback: every hazard pattern must reference at least one
+// measure whose HazardCategory is compatible with the pattern's hazard cats,
+// or with "general". Without this, the operator-facing UI shows a hazard with
+// zero mitigations and a "consult expert" placeholder — which is fine for
+// rare edge cases but must not become the default state.
+//
+// New patterns added to the library must satisfy this test. The 2026-05
+// Bremse benchmark drove down zero-surv from 237 → 0 — that floor is now
+// enforced.
+//
+// Patterns explicitly known to have no library coverage today should be added
+// to AllowlistKnownGaps with a TODO and an issue link; the test still fails
+// if anything not on that list has zero coverage.
+var AllowlistKnownGaps = map[string]string{
+	// hp-id -> rationale (must be filled when adding)
+}
+
+func TestEveryPattern_HasCategoryCompatibleMeasure(t *testing.T) {
+	measureCat := map[string]string{}
+	for _, m := range GetProtectiveMeasureLibrary() {
+		measureCat[m.ID] = m.HazardCategory
+	}
+
+	patterns := collectAllPatterns()
+	gaps := []string{}
+	for _, p := range patterns {
+		if _, allowed := AllowlistKnownGaps[p.ID]; allowed {
+			continue
+		}
+		accepted := map[string]bool{"general": true}
+		for _, hc := range p.GeneratedHazardCats {
+			for c := range patternCategoryCompatibility[hc] {
+				accepted[c] = true
+			}
+		}
+		hasCompatible := false
+		for _, mid := range p.SuggestedMeasureIDs {
+			mc, ok := measureCat[mid]
+			if !ok {
+				continue
+			}
+			if mc == "" || accepted[mc] {
+				hasCompatible = true
+				break
+			}
+		}
+		if !hasCompatible {
+			gaps = append(gaps, p.ID+" (cats="+joinCats(p.GeneratedHazardCats)+")")
+		}
+	}
+	sort.Strings(gaps)
+	if len(gaps) > 0 {
+		t.Errorf("%d patterns have no category-compatible measure (add to AllowlistKnownGaps or fix SuggestedMeasureIDs):", len(gaps))
+		const maxList = 20
+		for i, g := range gaps {
+			if i >= maxList {
+				t.Errorf("  ... and %d more", len(gaps)-maxList)
+				break
+			}
+			t.Errorf("  - %s", g)
+		}
+	}
+}
+
+func joinCats(cats []string) string {
+	out := ""
+	for i, c := range cats {
+		if i > 0 {
+			out += ","
+		}
+		out += c
+	}
+	return out
+}