feat(scope): Split HT-H01 B2B/B2C + register Verbraucherschutz document types + RAG ingestion

- Split HT-H01 into HT-H01a (B2C/Hybrid mit Verbraucherschutzpflichten) und HT-H01b (reiner B2B mit Basis-Pflichten). B2B-Webshops bekommen keine Widerrufsbelehrung/Preisangaben/Fernabsatz mehr. - Add excludeWhen/requireWhen to HardTriggerRule for conditional trigger logic - Register 6 neue ScopeDocumentType: widerrufsbelehrung, preisangaben, fernabsatz_info, streitbeilegung, produktsicherheit, ai_act_doku - Full DOCUMENT_SCOPE_MATRIX L1-L4 for all new types - Align HardTriggerRule interface with actual engine field names - Add Phase H (Verbraucherschutz) to RAG ingestion script: 10 deutsche Gesetze + 4 EU-Verordnungen + HLEG Ethics Guidelines - Add scripts/rag-sources.md with license documentation - 9 new tests for B2B/B2C trigger split, all 326 tests pass Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 16:03:49 +01:00
parent cb48b8289e
commit 7f38df9d9c
5 changed files with 666 additions and 20 deletions
--- a/admin-compliance/lib/sdk/compliance-scope-engine.ts
+++ b/admin-compliance/lib/sdk/compliance-scope-engine.ts
@@ -642,16 +642,31 @@ export const HARD_TRIGGER_RULES: HardTriggerRule[] = [

  // ========== H: Produkt/Business (7 rules) ==========
  {
-    id: 'HT-H01',
+    id: 'HT-H01a',
    category: 'product',
    questionId: 'prod_webshop',
    condition: 'EQUALS',
    conditionValue: true,
+    excludeWhen: { questionId: 'org_business_model', value: 'B2B' },
    minimumLevel: 'L2',
    requiresDSFA: false,
-    mandatoryDocuments: ['DSE', 'AGB', 'COOKIE_BANNER', 'EINWILLIGUNGEN', 'VERBRAUCHERSCHUTZ'],
+    mandatoryDocuments: ['DSE', 'AGB', 'COOKIE_BANNER', 'EINWILLIGUNGEN',
+      'WIDERRUFSBELEHRUNG', 'PREISANGABEN', 'FERNABSATZ_INFO', 'STREITBEILEGUNG'],
+    legalReference: 'Art. 6 DSGVO + Fernabsatzrecht + PAngV + VSBG',
+    description: 'E-Commerce / Webshop (B2C) — Verbraucherschutzpflichten',
+  },
+  {
+    id: 'HT-H01b',
+    category: 'product',
+    questionId: 'prod_webshop',
+    condition: 'EQUALS',
+    conditionValue: true,
+    requireWhen: { questionId: 'org_business_model', value: 'B2B' },
+    minimumLevel: 'L2',
+    requiresDSFA: false,
+    mandatoryDocuments: ['DSE', 'AGB', 'COOKIE_BANNER'],
    legalReference: 'Art. 6 DSGVO + eCommerce',
-    description: 'E-Commerce / Webshop-Betrieb',
+    description: 'E-Commerce / Webshop (B2B) — Basis-Pflichten',
  },
  {
    id: 'HT-H02',
@@ -1224,6 +1239,26 @@ export class ComplianceScopeEngine {

    if (!baseCondition) return false

+    // Exclude-Bedingung: Regel feuert NICHT wenn excludeWhen zutrifft
+    if (rule.excludeWhen) {
+      const exVal = answerMap.get(rule.excludeWhen.questionId)
+      if (Array.isArray(rule.excludeWhen.value)
+        ? rule.excludeWhen.value.includes(exVal)
+        : exVal === rule.excludeWhen.value) {
+        return false
+      }
+    }
+
+    // Require-Bedingung: Regel feuert NUR wenn requireWhen zutrifft
+    if (rule.requireWhen) {
+      const reqVal = answerMap.get(rule.requireWhen.questionId)
+      if (Array.isArray(rule.requireWhen.value)
+        ? !rule.requireWhen.value.includes(reqVal)
+        : reqVal !== rule.requireWhen.value) {
+        return false
+      }
+    }
+
    // Combined checks
    if (rule.combineWithArt9) {
      const art9 = answerMap.get('data_art9')
@@ -1388,10 +1423,14 @@ export class ComplianceScopeEngine {
      NOTFALLPLAN: 12,
      COOKIE_BANNER: 4,
      AGB: 6,
-      VERBRAUCHERSCHUTZ: 4,
+      WIDERRUFSBELEHRUNG: 3,
+      PREISANGABEN: 2,
+      FERNABSATZ_INFO: 4,
+      STREITBEILEGUNG: 1,
+      PRODUKTSICHERHEIT: 8,
+      AI_ACT_DOKU: 12,
      AUDIT_CHECKLIST: 8,
      VENDOR_MANAGEMENT: 10,
-      AI_ACT_DOKU: 12,
    }
    return effortMap[docType] || 6
  }