From 8044ddb776cbb63755ab2f71fc244b75e39f136b Mon Sep 17 00:00:00 2001
From: Sharang Parnerkar <30073382+mighty840@users.noreply.github.com>
Date: Thu, 16 Apr 2026 13:13:38 +0200
Subject: [PATCH] refactor(admin): split modules, security-backlog, consent
 pages
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Extract components and hooks to _components/ and _hooks/ subdirectories
to bring all three page.tsx files under the 500-LOC hard cap.

modules/page.tsx:       595 → 239 LOC
security-backlog/page.tsx: 586 → 174 LOC
consent/page.tsx:       569 → 305 LOC

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../sdk/consent/_components/DocumentCard.tsx  | 117 +++++
 .../sdk/consent/_hooks/useConsentDocuments.ts | 197 ++++++++
 admin-compliance/app/sdk/consent/page.tsx     | 334 ++-----------
 .../sdk/modules/_components/ModuleCard.tsx    | 119 +++++
 .../app/sdk/modules/_hooks/useModules.ts      | 283 +++++++++++
 admin-compliance/app/sdk/modules/page.tsx     | 400 +--------------
 .../_components/ItemModal.tsx                 | 106 ++++
 .../_components/SecurityItemCard.tsx          | 166 +++++++
 .../_hooks/useSecurityBacklog.ts              | 179 +++++++
 .../app/sdk/security-backlog/page.tsx         | 462 +-----------------
 10 files changed, 1249 insertions(+), 1114 deletions(-)
 create mode 100644 admin-compliance/app/sdk/consent/_components/DocumentCard.tsx
 create mode 100644 admin-compliance/app/sdk/consent/_hooks/useConsentDocuments.ts
 create mode 100644 admin-compliance/app/sdk/modules/_components/ModuleCard.tsx
 create mode 100644 admin-compliance/app/sdk/modules/_hooks/useModules.ts
 create mode 100644 admin-compliance/app/sdk/security-backlog/_components/ItemModal.tsx
 create mode 100644 admin-compliance/app/sdk/security-backlog/_components/SecurityItemCard.tsx
 create mode 100644 admin-compliance/app/sdk/security-backlog/_hooks/useSecurityBacklog.ts

diff --git a/admin-compliance/app/sdk/consent/_components/DocumentCard.tsx b/admin-compliance/app/sdk/consent/_components/DocumentCard.tsx
new file mode 100644
index 0000000..2461241
--- /dev/null
+++ b/admin-compliance/app/sdk/consent/_components/DocumentCard.tsx
@@ -0,0 +1,117 @@
+'use client'
+
+import React from 'react'
+import type { LegalDocument } from '../_hooks/useConsentDocuments'
+
+export function DocumentCard({
+  document,
+  onDelete,
+  onEdit,
+  onPreview,
+}: {
+  document: LegalDocument
+  onDelete: (id: string) => void
+  onEdit: (id: string) => void
+  onPreview: (doc: LegalDocument) => void
+}) {
+  const typeColors = {
+    'privacy-policy': 'bg-blue-100 text-blue-700',
+    terms: 'bg-green-100 text-green-700',
+    'cookie-policy': 'bg-yellow-100 text-yellow-700',
+    imprint: 'bg-gray-100 text-gray-700',
+    dpa: 'bg-purple-100 text-purple-700',
+  }
+
+  const typeLabels = {
+    'privacy-policy': 'Datenschutz',
+    terms: 'AGB',
+    'cookie-policy': 'Cookie-Richtlinie',
+    imprint: 'Impressum',
+    dpa: 'AVV',
+  }
+
+  const statusColors = {
+    draft: 'bg-yellow-100 text-yellow-700',
+    active: 'bg-green-100 text-green-700',
+    archived: 'bg-gray-100 text-gray-500',
+  }
+
+  const statusLabels = {
+    draft: 'Entwurf',
+    active: 'Aktiv',
+    archived: 'Archiviert',
+  }
+
+  return (
+    <div className={`bg-white rounded-xl border-2 p-6 ${
+      document.status === 'draft' ? 'border-yellow-200' : 'border-gray-200'
+    }`}>
+      <div className="flex items-start justify-between">
+        <div className="flex-1">
+          <div className="flex items-center gap-2 mb-2">
+            <span className={`px-2 py-1 text-xs rounded-full ${typeColors[document.type]}`}>
+              {typeLabels[document.type]}
+            </span>
+            <span className={`px-2 py-1 text-xs rounded-full ${statusColors[document.status]}`}>
+              {statusLabels[document.status]}
+            </span>
+            <span className="px-2 py-1 text-xs bg-gray-100 text-gray-600 rounded uppercase">
+              {document.language}
+            </span>
+            <span className="px-2 py-1 text-xs bg-gray-100 text-gray-600 rounded">
+              v{document.version}
+            </span>
+          </div>
+          <h3 className="text-lg font-semibold text-gray-900">{document.name}</h3>
+        </div>
+      </div>
+
+      {document.changes.length > 0 && (
+        <div className="mt-3">
+          <span className="text-sm text-gray-500">Letzte Aenderungen:</span>
+          <ul className="mt-1 text-sm text-gray-600 list-disc list-inside">
+            {document.changes.slice(0, 2).map((change, i) => (
+              <li key={i}>{change}</li>
+            ))}
+          </ul>
+        </div>
+      )}
+
+      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between text-sm">
+        <div className="text-gray-500">
+          <span>Autor: {document.author}</span>
+          <span className="mx-2">|</span>
+          <span>Aktualisiert: {document.lastUpdated.toLocaleDateString('de-DE')}</span>
+        </div>
+        <div className="flex items-center gap-2">
+          <button
+            onClick={() => onEdit(document.id)}
+            className="px-3 py-1 text-purple-600 hover:bg-purple-50 rounded-lg transition-colors"
+          >
+            Bearbeiten
+          </button>
+          <button
+            onClick={() => onPreview(document)}
+            className="px-3 py-1 text-gray-600 hover:bg-gray-100 rounded-lg transition-colors"
+          >
+            Vorschau
+          </button>
+          {document.status === 'draft' && (
+            <button
+              onClick={() => onEdit(document.id)}
+              className="px-3 py-1 bg-green-50 text-green-700 hover:bg-green-100 rounded-lg transition-colors"
+            >
+              Veroeffentlichen
+            </button>
+          )}
+          <button
+            onClick={() => onDelete(document.id)}
+            className="px-3 py-1 text-red-600 hover:bg-red-50 rounded-lg transition-colors"
+          >
+            Loeschen
+          </button>
+        </div>
+      </div>
+    </div>
+  )
+}
diff --git a/admin-compliance/app/sdk/consent/_hooks/useConsentDocuments.ts b/admin-compliance/app/sdk/consent/_hooks/useConsentDocuments.ts
new file mode 100644
index 0000000..ba8d9cf
--- /dev/null
+++ b/admin-compliance/app/sdk/consent/_hooks/useConsentDocuments.ts
@@ -0,0 +1,197 @@
+'use client'
+
+import { useState, useEffect } from 'react'
+
+// =============================================================================
+// TYPES
+// =============================================================================
+
+export interface LegalDocument {
+  id: string
+  type: 'privacy-policy' | 'terms' | 'cookie-policy' | 'imprint' | 'dpa'
+  name: string
+  version: string
+  language: string
+  status: 'draft' | 'active' | 'archived'
+  lastUpdated: Date
+  publishedAt: Date | null
+  author: string
+  changes: string[]
+}
+
+interface ApiDocument {
+  id: string
+  type: string
+  name: string
+  description: string
+  mandatory: boolean
+  created_at: string
+  updated_at: string
+}
+
+// =============================================================================
+// HELPERS
+// =============================================================================
+
+function mapDocumentType(apiType: string): LegalDocument['type'] {
+  const mapping: Record<string, LegalDocument['type']> = {
+    'privacy_policy': 'privacy-policy',
+    'privacy-policy': 'privacy-policy',
+    'terms': 'terms',
+    'terms_of_service': 'terms',
+    'cookie_policy': 'cookie-policy',
+    'cookie-policy': 'cookie-policy',
+    'imprint': 'imprint',
+    'dpa': 'dpa',
+    'avv': 'dpa',
+  }
+  return mapping[apiType] || 'terms'
+}
+
+function transformApiDocument(doc: ApiDocument): LegalDocument {
+  return {
+    id: doc.id,
+    type: mapDocumentType(doc.type),
+    name: doc.name,
+    version: '1.0',
+    language: 'de',
+    status: 'active',
+    lastUpdated: new Date(doc.updated_at),
+    publishedAt: new Date(doc.created_at),
+    author: 'System',
+    changes: doc.description ? [doc.description] : [],
+  }
+}
+
+// =============================================================================
+// HOOK
+// =============================================================================
+
+export function useConsentDocuments() {
+  const [documents, setDocuments] = useState<LegalDocument[]>([])
+  const [loading, setLoading] = useState(true)
+  const [error, setError] = useState<string | null>(null)
+  const [previewDoc, setPreviewDoc] = useState<{ name: string; content: string } | null>(null)
+
+  useEffect(() => {
+    loadDocuments()
+  }, [])
+
+  async function loadDocuments() {
+    setLoading(true)
+    setError(null)
+    try {
+      const token = localStorage.getItem('bp_admin_token')
+      const res = await fetch('/api/admin/consent/documents', {
+        headers: token ? { 'Authorization': `Bearer ${token}` } : {}
+      })
+      if (res.ok) {
+        const data = await res.json()
+        const apiDocs: ApiDocument[] = data.documents || []
+        setDocuments(apiDocs.map(transformApiDocument))
+      } else {
+        setError('Fehler beim Laden der Dokumente')
+      }
+    } catch {
+      setError('Verbindungsfehler zum Server')
+    } finally {
+      setLoading(false)
+    }
+  }
+
+  async function handleRagSuggest(docType: string, docName: string): Promise<string | null> {
+    const query = docType || docName || 'Datenschutzerklärung'
+    try {
+      const res = await fetch('/api/sdk/v1/rag/search', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ query: `${query} DSGVO Vorlage`, limit: 1 }),
+      })
+      if (res.ok) {
+        const data = await res.json()
+        const first = data.results?.[0]
+        if (first?.text) return first.text
+      }
+    } catch { /* silently ignore */ }
+    return null
+  }
+
+  async function handleCreateDocument(form: {
+    type: string
+    name: string
+    description: string
+    content: string
+  }): Promise<boolean> {
+    if (!form.name.trim()) return false
+    try {
+      const token = localStorage.getItem('bp_admin_token')
+      const res = await fetch('/api/admin/consent/documents', {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          ...(token ? { 'Authorization': `Bearer ${token}` } : {}),
+        },
+        body: JSON.stringify(form),
+      })
+      if (res.ok) {
+        await loadDocuments()
+        return true
+      } else {
+        setError('Fehler beim Erstellen des Dokuments')
+      }
+    } catch {
+      setError('Verbindungsfehler beim Erstellen')
+    }
+    return false
+  }
+
+  async function handleDeleteDocument(id: string) {
+    if (!confirm('Dokument wirklich löschen?')) return
+    try {
+      const token = localStorage.getItem('bp_admin_token')
+      const res = await fetch(`/api/admin/consent/documents/${id}`, {
+        method: 'DELETE',
+        headers: token ? { 'Authorization': `Bearer ${token}` } : {},
+      })
+      if (res.ok || res.status === 204) {
+        setDocuments(prev => prev.filter(d => d.id !== id))
+      } else {
+        setError('Fehler beim Löschen des Dokuments')
+      }
+    } catch {
+      setError('Verbindungsfehler beim Löschen')
+    }
+  }
+
+  async function handlePreview(doc: LegalDocument) {
+    try {
+      const token = localStorage.getItem('bp_admin_token')
+      const res = await fetch(`/api/admin/consent/documents/${doc.id}/versions`, {
+        headers: token ? { 'Authorization': `Bearer ${token}` } : {}
+      })
+      if (res.ok) {
+        const data = await res.json()
+        const versions = Array.isArray(data) ? data : (data.versions || [])
+        const published = versions.find((v: { status: string; content?: string }) => v.status === 'published')
+        const latest = published || versions[0]
+        setPreviewDoc({ name: doc.name, content: latest?.content || '<p>Kein Inhalt verfügbar.</p>' })
+      } else {
+        setPreviewDoc({ name: doc.name, content: '<p>Vorschau nicht verfügbar.</p>' })
+      }
+    } catch {
+      setPreviewDoc({ name: doc.name, content: '<p>Fehler beim Laden der Vorschau.</p>' })
+    }
+  }
+
+  return {
+    documents,
+    loading,
+    error,
+    previewDoc,
+    setPreviewDoc,
+    handleRagSuggest,
+    handleCreateDocument,
+    handleDeleteDocument,
+    handlePreview,
+  }
+}
diff --git a/admin-compliance/app/sdk/consent/page.tsx b/admin-compliance/app/sdk/consent/page.tsx
index 0baecfe..2e44d4a 100644
--- a/admin-compliance/app/sdk/consent/page.tsx
+++ b/admin-compliance/app/sdk/consent/page.tsx
@@ -1,312 +1,29 @@
 'use client'
 
-import React, { useState, useEffect } from 'react'
+import React, { useState } from 'react'
 import { useRouter } from 'next/navigation'
-import { useSDK } from '@/lib/sdk'
 import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-interface LegalDocument {
-  id: string
-  type: 'privacy-policy' | 'terms' | 'cookie-policy' | 'imprint' | 'dpa'
-  name: string
-  version: string
-  language: string
-  status: 'draft' | 'active' | 'archived'
-  lastUpdated: Date
-  publishedAt: Date | null
-  author: string
-  changes: string[]
-}
-
-interface ApiDocument {
-  id: string
-  type: string
-  name: string
-  description: string
-  mandatory: boolean
-  created_at: string
-  updated_at: string
-}
-
-// Map API document type to UI type
-function mapDocumentType(apiType: string): LegalDocument['type'] {
-  const mapping: Record<string, LegalDocument['type']> = {
-    'privacy_policy': 'privacy-policy',
-    'privacy-policy': 'privacy-policy',
-    'terms': 'terms',
-    'terms_of_service': 'terms',
-    'cookie_policy': 'cookie-policy',
-    'cookie-policy': 'cookie-policy',
-    'imprint': 'imprint',
-    'dpa': 'dpa',
-    'avv': 'dpa',
-  }
-  return mapping[apiType] || 'terms'
-}
-
-// Transform API response to UI format
-function transformApiDocument(doc: ApiDocument): LegalDocument {
-  return {
-    id: doc.id,
-    type: mapDocumentType(doc.type),
-    name: doc.name,
-    version: '1.0',
-    language: 'de',
-    status: 'active',
-    lastUpdated: new Date(doc.updated_at),
-    publishedAt: new Date(doc.created_at),
-    author: 'System',
-    changes: doc.description ? [doc.description] : [],
-  }
-}
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function DocumentCard({
-  document,
-  onDelete,
-  onEdit,
-  onPreview,
-}: {
-  document: LegalDocument
-  onDelete: (id: string) => void
-  onEdit: (id: string) => void
-  onPreview: (doc: LegalDocument) => void
-}) {
-  const typeColors = {
-    'privacy-policy': 'bg-blue-100 text-blue-700',
-    terms: 'bg-green-100 text-green-700',
-    'cookie-policy': 'bg-yellow-100 text-yellow-700',
-    imprint: 'bg-gray-100 text-gray-700',
-    dpa: 'bg-purple-100 text-purple-700',
-  }
-
-  const typeLabels = {
-    'privacy-policy': 'Datenschutz',
-    terms: 'AGB',
-    'cookie-policy': 'Cookie-Richtlinie',
-    imprint: 'Impressum',
-    dpa: 'AVV',
-  }
-
-  const statusColors = {
-    draft: 'bg-yellow-100 text-yellow-700',
-    active: 'bg-green-100 text-green-700',
-    archived: 'bg-gray-100 text-gray-500',
-  }
-
-  const statusLabels = {
-    draft: 'Entwurf',
-    active: 'Aktiv',
-    archived: 'Archiviert',
-  }
-
-  return (
-    <div className={`bg-white rounded-xl border-2 p-6 ${
-      document.status === 'draft' ? 'border-yellow-200' : 'border-gray-200'
-    }`}>
-      <div className="flex items-start justify-between">
-        <div className="flex-1">
-          <div className="flex items-center gap-2 mb-2">
-            <span className={`px-2 py-1 text-xs rounded-full ${typeColors[document.type]}`}>
-              {typeLabels[document.type]}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${statusColors[document.status]}`}>
-              {statusLabels[document.status]}
-            </span>
-            <span className="px-2 py-1 text-xs bg-gray-100 text-gray-600 rounded uppercase">
-              {document.language}
-            </span>
-            <span className="px-2 py-1 text-xs bg-gray-100 text-gray-600 rounded">
-              v{document.version}
-            </span>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">{document.name}</h3>
-        </div>
-      </div>
-
-      {document.changes.length > 0 && (
-        <div className="mt-3">
-          <span className="text-sm text-gray-500">Letzte Aenderungen:</span>
-          <ul className="mt-1 text-sm text-gray-600 list-disc list-inside">
-            {document.changes.slice(0, 2).map((change, i) => (
-              <li key={i}>{change}</li>
-            ))}
-          </ul>
-        </div>
-      )}
-
-      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between text-sm">
-        <div className="text-gray-500">
-          <span>Autor: {document.author}</span>
-          <span className="mx-2">|</span>
-          <span>Aktualisiert: {document.lastUpdated.toLocaleDateString('de-DE')}</span>
-        </div>
-        <div className="flex items-center gap-2">
-          <button
-            onClick={() => onEdit(document.id)}
-            className="px-3 py-1 text-purple-600 hover:bg-purple-50 rounded-lg transition-colors"
-          >
-            Bearbeiten
-          </button>
-          <button
-            onClick={() => onPreview(document)}
-            className="px-3 py-1 text-gray-600 hover:bg-gray-100 rounded-lg transition-colors"
-          >
-            Vorschau
-          </button>
-          {document.status === 'draft' && (
-            <button
-              onClick={() => onEdit(document.id)}
-              className="px-3 py-1 bg-green-50 text-green-700 hover:bg-green-100 rounded-lg transition-colors"
-            >
-              Veroeffentlichen
-            </button>
-          )}
-          <button
-            onClick={() => onDelete(document.id)}
-            className="px-3 py-1 text-red-600 hover:bg-red-50 rounded-lg transition-colors"
-          >
-            Loeschen
-          </button>
-        </div>
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
+import { DocumentCard } from './_components/DocumentCard'
+import { useConsentDocuments } from './_hooks/useConsentDocuments'
 
 export default function ConsentPage() {
-  const { state } = useSDK()
   const router = useRouter()
-  const [documents, setDocuments] = useState<LegalDocument[]>([])
-  const [loading, setLoading] = useState(true)
-  const [error, setError] = useState<string | null>(null)
   const [filter, setFilter] = useState<string>('all')
   const [showCreateModal, setShowCreateModal] = useState(false)
   const [newDocForm, setNewDocForm] = useState({ type: 'privacy_policy', name: '', description: '', content: '' })
   const [creating, setCreating] = useState(false)
-  const [previewDoc, setPreviewDoc] = useState<{ name: string; content: string } | null>(null)
 
-  useEffect(() => {
-    loadDocuments()
-  }, [])
-
-  async function loadDocuments() {
-    setLoading(true)
-    setError(null)
-    try {
-      const token = localStorage.getItem('bp_admin_token')
-      const res = await fetch('/api/admin/consent/documents', {
-        headers: token ? { 'Authorization': `Bearer ${token}` } : {}
-      })
-      if (res.ok) {
-        const data = await res.json()
-        const apiDocs: ApiDocument[] = data.documents || []
-        setDocuments(apiDocs.map(transformApiDocument))
-      } else {
-        setError('Fehler beim Laden der Dokumente')
-      }
-    } catch {
-      setError('Verbindungsfehler zum Server')
-    } finally {
-      setLoading(false)
-    }
-  }
-
-  async function handleRagSuggest() {
-    const docType = newDocForm.type || newDocForm.name || 'Datenschutzerklärung'
-    try {
-      const res = await fetch('/api/sdk/v1/rag/search', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ query: `${docType} DSGVO Vorlage`, limit: 1 }),
-      })
-      if (res.ok) {
-        const data = await res.json()
-        const first = data.results?.[0]
-        if (first?.text) setNewDocForm(d => ({ ...d, content: first.text }))
-      }
-    } catch { /* silently ignore */ }
-  }
-
-  async function handleCreateDocument() {
-    if (!newDocForm.name.trim()) return
-    setCreating(true)
-    try {
-      const token = localStorage.getItem('bp_admin_token')
-      const res = await fetch('/api/admin/consent/documents', {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          ...(token ? { 'Authorization': `Bearer ${token}` } : {}),
-        },
-        body: JSON.stringify(newDocForm),
-      })
-      if (res.ok) {
-        setShowCreateModal(false)
-        setNewDocForm({ type: 'privacy_policy', name: '', description: '', content: '' })
-        await loadDocuments()
-      } else {
-        setError('Fehler beim Erstellen des Dokuments')
-      }
-    } catch {
-      setError('Verbindungsfehler beim Erstellen')
-    } finally {
-      setCreating(false)
-    }
-  }
-
-  async function handleDeleteDocument(id: string) {
-    if (!confirm('Dokument wirklich löschen?')) return
-    try {
-      const token = localStorage.getItem('bp_admin_token')
-      const res = await fetch(`/api/admin/consent/documents/${id}`, {
-        method: 'DELETE',
-        headers: token ? { 'Authorization': `Bearer ${token}` } : {},
-      })
-      if (res.ok || res.status === 204) {
-        setDocuments(prev => prev.filter(d => d.id !== id))
-      } else {
-        setError('Fehler beim Löschen des Dokuments')
-      }
-    } catch {
-      setError('Verbindungsfehler beim Löschen')
-    }
-  }
-
-  function handleEdit(id: string) {
-    router.push('/sdk/workflow')
-  }
-
-  async function handlePreview(doc: LegalDocument) {
-    try {
-      const token = localStorage.getItem('bp_admin_token')
-      const res = await fetch(`/api/admin/consent/documents/${doc.id}/versions`, {
-        headers: token ? { 'Authorization': `Bearer ${token}` } : {}
-      })
-      if (res.ok) {
-        const data = await res.json()
-        const versions = Array.isArray(data) ? data : (data.versions || [])
-        const published = versions.find((v: { status: string; content?: string }) => v.status === 'published')
-        const latest = published || versions[0]
-        setPreviewDoc({ name: doc.name, content: latest?.content || '<p>Kein Inhalt verfügbar.</p>' })
-      } else {
-        setPreviewDoc({ name: doc.name, content: '<p>Vorschau nicht verfügbar.</p>' })
-      }
-    } catch {
-      setPreviewDoc({ name: doc.name, content: '<p>Fehler beim Laden der Vorschau.</p>' })
-    }
-  }
+  const {
+    documents,
+    loading,
+    error,
+    previewDoc,
+    setPreviewDoc,
+    handleRagSuggest,
+    handleCreateDocument,
+    handleDeleteDocument,
+    handlePreview,
+  } = useConsentDocuments()
 
   const filteredDocuments = filter === 'all'
     ? documents
@@ -315,6 +32,25 @@ export default function ConsentPage() {
   const activeCount = documents.filter(d => d.status === 'active').length
   const draftCount = documents.filter(d => d.status === 'draft').length
 
+  async function onRagSuggest() {
+    const text = await handleRagSuggest(newDocForm.type, newDocForm.name)
+    if (text) setNewDocForm(d => ({ ...d, content: text }))
+  }
+
+  async function onCreateDocument() {
+    setCreating(true)
+    const ok = await handleCreateDocument(newDocForm)
+    if (ok) {
+      setShowCreateModal(false)
+      setNewDocForm({ type: 'privacy_policy', name: '', description: '', content: '' })
+    }
+    setCreating(false)
+  }
+
+  function handleEdit(id: string) {
+    router.push('/sdk/workflow')
+  }
+
   const stepInfo = STEP_EXPLANATIONS['consent']
 
   return (
@@ -531,7 +267,7 @@ export default function ConsentPage() {
                   <label className="text-sm font-medium text-gray-700">Inhalt (optional)</label>
                   <button
                     type="button"
-                    onClick={handleRagSuggest}
+                    onClick={onRagSuggest}
                     className="text-xs text-blue-600 hover:underline"
                   >
                     Aus RAG-Vorlagen laden →
@@ -554,7 +290,7 @@ export default function ConsentPage() {
                 Abbrechen
               </button>
               <button
-                onClick={handleCreateDocument}
+                onClick={onCreateDocument}
                 disabled={creating || !newDocForm.name.trim()}
                 className="px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 disabled:opacity-50"
               >
diff --git a/admin-compliance/app/sdk/modules/_components/ModuleCard.tsx b/admin-compliance/app/sdk/modules/_components/ModuleCard.tsx
new file mode 100644
index 0000000..7e4b1b3
--- /dev/null
+++ b/admin-compliance/app/sdk/modules/_components/ModuleCard.tsx
@@ -0,0 +1,119 @@
+'use client'
+
+import React from 'react'
+import type { DisplayModule } from '../_hooks/useModules'
+
+export function ModuleCard({
+  module,
+  isActive,
+  onActivate,
+  onDeactivate,
+  onConfigure,
+}: {
+  module: DisplayModule
+  isActive: boolean
+  onActivate: () => void
+  onDeactivate: () => void
+  onConfigure: () => void
+}) {
+  const categoryColors = {
+    gdpr: 'bg-blue-100 text-blue-700',
+    'ai-act': 'bg-purple-100 text-purple-700',
+    iso27001: 'bg-green-100 text-green-700',
+    nis2: 'bg-orange-100 text-orange-700',
+    custom: 'bg-gray-100 text-gray-700',
+  }
+
+  const statusColors = {
+    active: 'bg-green-100 text-green-700',
+    inactive: 'bg-gray-100 text-gray-500',
+    pending: 'bg-yellow-100 text-yellow-700',
+  }
+
+  return (
+    <div className={`bg-white rounded-xl border-2 p-6 transition-all ${
+      isActive ? 'border-purple-400 shadow-lg' : 'border-gray-200 hover:border-purple-300'
+    }`}>
+      <div className="flex items-start justify-between">
+        <div className="flex-1">
+          <div className="flex items-center gap-2 mb-2">
+            <span className={`px-2 py-1 text-xs rounded-full ${categoryColors[module.category]}`}>
+              {module.category.toUpperCase()}
+            </span>
+            <span className={`px-2 py-1 text-xs rounded-full ${statusColors[module.status]}`}>
+              {module.status === 'active' ? 'Aktiv' : module.status === 'pending' ? 'Ausstehend' : 'Inaktiv'}
+            </span>
+            {module.hasAIComponents && (
+              <span className="px-2 py-1 text-xs rounded-full bg-indigo-100 text-indigo-700">
+                KI
+              </span>
+            )}
+          </div>
+          <h3 className="text-lg font-semibold text-gray-900">{module.name}</h3>
+          <p className="text-sm text-gray-500 mt-1">{module.description}</p>
+          {module.regulations.length > 0 && (
+            <div className="mt-2 flex flex-wrap gap-1">
+              {module.regulations.map(reg => (
+                <span key={reg} className="px-2 py-0.5 text-xs bg-gray-100 text-gray-600 rounded">
+                  {reg}
+                </span>
+              ))}
+            </div>
+          )}
+        </div>
+      </div>
+
+      <div className="mt-4 grid grid-cols-2 gap-4 text-sm">
+        <div>
+          <span className="text-gray-500">Anforderungen:</span>
+          <span className="ml-2 font-medium">{module.requirementsCount}</span>
+        </div>
+        <div>
+          <span className="text-gray-500">Kontrollen:</span>
+          <span className="ml-2 font-medium">{module.controlsCount}</span>
+        </div>
+      </div>
+
+      <div className="mt-4">
+        <div className="flex items-center justify-between text-sm mb-1">
+          <span className="text-gray-500">Fortschritt</span>
+          <span className="font-medium text-purple-600">{module.completionPercent}%</span>
+        </div>
+        <div className="h-2 bg-gray-100 rounded-full overflow-hidden">
+          <div
+            className={`h-full rounded-full transition-all ${
+              module.completionPercent === 100 ? 'bg-green-500' : 'bg-purple-600'
+            }`}
+            style={{ width: `${module.completionPercent}%` }}
+          />
+        </div>
+      </div>
+
+      <div className="mt-4 flex items-center gap-2">
+        {isActive ? (
+          <>
+            <button
+              onClick={onConfigure}
+              className="flex-1 px-4 py-2 text-sm bg-purple-50 text-purple-700 rounded-lg hover:bg-purple-100 transition-colors"
+            >
+              Konfigurieren
+            </button>
+            <button
+              onClick={onDeactivate}
+              className="px-4 py-2 text-sm text-red-600 hover:bg-red-50 rounded-lg transition-colors"
+            >
+              Deaktivieren
+            </button>
+          </>
+        ) : (
+          <button
+            onClick={onActivate}
+            className="flex-1 px-4 py-2 text-sm bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
+          >
+            Modul aktivieren
+          </button>
+        )}
+      </div>
+    </div>
+  )
+}
diff --git a/admin-compliance/app/sdk/modules/_hooks/useModules.ts b/admin-compliance/app/sdk/modules/_hooks/useModules.ts
new file mode 100644
index 0000000..e10ced1
--- /dev/null
+++ b/admin-compliance/app/sdk/modules/_hooks/useModules.ts
@@ -0,0 +1,283 @@
+'use client'
+
+import { useState, useEffect } from 'react'
+import { useSDK, ServiceModule } from '@/lib/sdk'
+
+// =============================================================================
+// TYPES
+// =============================================================================
+
+export type ModuleCategory = 'gdpr' | 'ai-act' | 'iso27001' | 'nis2' | 'custom'
+export type ModuleStatus = 'active' | 'inactive' | 'pending'
+
+export interface DisplayModule extends ServiceModule {
+  category: ModuleCategory
+  status: ModuleStatus
+  requirementsCount: number
+  controlsCount: number
+  completionPercent: number
+}
+
+interface BackendModule {
+  id: string
+  name: string
+  display_name: string
+  description: string
+  service_type: string | null
+  processes_pii: boolean
+  ai_components: boolean
+  criticality: string
+  is_active: boolean
+  compliance_score: number | null
+  regulation_count: number
+  risk_count: number
+}
+
+// =============================================================================
+// FALLBACK MODULES
+// =============================================================================
+
+const fallbackModules: Omit<DisplayModule, 'status' | 'completionPercent'>[] = [
+  {
+    id: 'mod-gdpr',
+    name: 'DSGVO Compliance',
+    description: 'Datenschutz-Grundverordnung - Vollstaendige Umsetzung aller Anforderungen',
+    category: 'gdpr',
+    regulations: ['DSGVO', 'BDSG'],
+    criticality: 'HIGH',
+    processesPersonalData: true,
+    hasAIComponents: false,
+    requirementsCount: 45,
+    controlsCount: 32,
+  },
+  {
+    id: 'mod-ai-act',
+    name: 'AI Act Compliance',
+    description: 'EU AI Act - Klassifizierung und Anforderungen fuer KI-Systeme',
+    category: 'ai-act',
+    regulations: ['EU AI Act'],
+    criticality: 'HIGH',
+    processesPersonalData: false,
+    hasAIComponents: true,
+    requirementsCount: 28,
+    controlsCount: 18,
+  },
+  {
+    id: 'mod-iso27001',
+    name: 'ISO 27001',
+    description: 'Informationssicherheits-Managementsystem nach ISO/IEC 27001',
+    category: 'iso27001',
+    regulations: ['ISO 27001', 'ISO 27002'],
+    criticality: 'MEDIUM',
+    processesPersonalData: false,
+    hasAIComponents: false,
+    requirementsCount: 114,
+    controlsCount: 93,
+  },
+  {
+    id: 'mod-nis2',
+    name: 'NIS2 Richtlinie',
+    description: 'Netz- und Informationssicherheit fuer kritische Infrastrukturen',
+    category: 'nis2',
+    regulations: ['NIS2'],
+    criticality: 'HIGH',
+    processesPersonalData: false,
+    hasAIComponents: false,
+    requirementsCount: 36,
+    controlsCount: 24,
+  },
+]
+
+// =============================================================================
+// HELPERS
+// =============================================================================
+
+function categorizeModule(name: string): ModuleCategory {
+  const lower = name.toLowerCase()
+  if (lower.includes('dsgvo') || lower.includes('gdpr') || lower.includes('datenschutz')) return 'gdpr'
+  if (lower.includes('ai act') || lower.includes('ki-verordnung')) return 'ai-act'
+  if (lower.includes('iso 27001') || lower.includes('iso27001') || lower.includes('isms')) return 'iso27001'
+  if (lower.includes('nis2') || lower.includes('netz- und informations')) return 'nis2'
+  return 'custom'
+}
+
+function mapBackendToDisplay(m: BackendModule): Omit<DisplayModule, 'status' | 'completionPercent'> {
+  return {
+    id: m.id,
+    name: m.display_name || m.name,
+    description: m.description || '',
+    category: categorizeModule(m.display_name || m.name),
+    regulations: [],
+    criticality: (m.criticality || 'MEDIUM').toUpperCase(),
+    processesPersonalData: m.processes_pii,
+    hasAIComponents: m.ai_components,
+    requirementsCount: m.regulation_count || 0,
+    controlsCount: m.risk_count || 0,
+  }
+}
+
+// =============================================================================
+// HOOK
+// =============================================================================
+
+export function useModules() {
+  const { state, dispatch } = useSDK()
+  const [availableModules, setAvailableModules] = useState<Omit<DisplayModule, 'status' | 'completionPercent'>[]>(fallbackModules)
+  const [isLoadingModules, setIsLoadingModules] = useState(true)
+  const [backendError, setBackendError] = useState<string | null>(null)
+  const [actionError, setActionError] = useState<string | null>(null)
+
+  useEffect(() => {
+    async function loadModules() {
+      try {
+        const response = await fetch('/api/sdk/v1/modules')
+        if (response.ok) {
+          const data = await response.json()
+          if (data.modules && data.modules.length > 0) {
+            const mapped = data.modules.map(mapBackendToDisplay)
+            setAvailableModules(mapped)
+            setBackendError(null)
+          }
+        } else {
+          setBackendError('Backend nicht erreichbar — zeige Standard-Module')
+        }
+      } catch {
+        setBackendError('Backend nicht erreichbar — zeige Standard-Module')
+      } finally {
+        setIsLoadingModules(false)
+      }
+    }
+    loadModules()
+  }, [])
+
+  const displayModules: DisplayModule[] = availableModules.map(template => {
+    const activeModule = state.modules.find(m => m.id === template.id)
+    const isActive = !!activeModule
+
+    const linkedRequirements = state.requirements.filter(r =>
+      r.applicableModules.includes(template.id)
+    )
+    const completedRequirements = linkedRequirements.filter(
+      r => r.status === 'IMPLEMENTED' || r.status === 'VERIFIED'
+    )
+    const completionPercent = linkedRequirements.length > 0
+      ? Math.round((completedRequirements.length / linkedRequirements.length) * 100)
+      : 0
+
+    return {
+      ...template,
+      status: isActive ? 'active' as ModuleStatus : 'inactive' as ModuleStatus,
+      completionPercent,
+    }
+  })
+
+  const activeModulesCount = state.modules.length
+  const totalRequirements = displayModules
+    .filter(m => state.modules.some(sm => sm.id === m.id))
+    .reduce((sum, m) => sum + m.requirementsCount, 0)
+  const totalControls = displayModules
+    .filter(m => state.modules.some(sm => sm.id === m.id))
+    .reduce((sum, m) => sum + m.controlsCount, 0)
+
+  async function handleActivateModule(module: DisplayModule) {
+    const serviceModule: ServiceModule = {
+      id: module.id,
+      name: module.name,
+      description: module.description,
+      regulations: module.regulations,
+      criticality: module.criticality,
+      processesPersonalData: module.processesPersonalData,
+      hasAIComponents: module.hasAIComponents,
+    }
+    dispatch({ type: 'ADD_MODULE', payload: serviceModule })
+    setActionError(null)
+
+    try {
+      const res = await fetch(`/api/sdk/v1/modules/${encodeURIComponent(module.id)}/activate`, {
+        method: 'POST',
+      })
+      if (!res.ok) throw new Error('Aktivierung fehlgeschlagen')
+    } catch {
+      const rollbackModules = state.modules.filter(m => m.id !== module.id)
+      dispatch({ type: 'SET_STATE', payload: { modules: rollbackModules } })
+      setActionError(`Modul "${module.name}" konnte nicht aktiviert werden.`)
+      setTimeout(() => setActionError(null), 5000)
+    }
+  }
+
+  async function handleDeactivateModule(moduleId: string) {
+    const previousModules = [...state.modules]
+    const updatedModules = state.modules.filter(m => m.id !== moduleId)
+    dispatch({ type: 'SET_STATE', payload: { modules: updatedModules } })
+    setActionError(null)
+
+    try {
+      const res = await fetch(`/api/sdk/v1/modules/${encodeURIComponent(moduleId)}/deactivate`, {
+        method: 'POST',
+      })
+      if (!res.ok) throw new Error('Deaktivierung fehlgeschlagen')
+    } catch {
+      dispatch({ type: 'SET_STATE', payload: { modules: previousModules } })
+      setActionError('Modul konnte nicht deaktiviert werden.')
+      setTimeout(() => setActionError(null), 5000)
+    }
+  }
+
+  async function handleCreateModule(
+    newModuleName: string,
+    newModuleCategory: ModuleCategory,
+    newModuleDescription: string,
+  ): Promise<boolean> {
+    if (!newModuleName.trim()) return false
+
+    try {
+      const res = await fetch('/api/sdk/v1/modules', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          name: newModuleName,
+          category: newModuleCategory,
+          description: newModuleDescription,
+        }),
+      })
+
+      if (res.ok) {
+        const data = await res.json()
+        const newMod: Omit<DisplayModule, 'status' | 'completionPercent'> = {
+          id: data.id || `custom-${Date.now()}`,
+          name: newModuleName,
+          description: newModuleDescription,
+          category: newModuleCategory,
+          regulations: [],
+          criticality: 'MEDIUM',
+          processesPersonalData: false,
+          hasAIComponents: false,
+          requirementsCount: 0,
+          controlsCount: 0,
+        }
+        setAvailableModules(prev => [...prev, newMod])
+        return true
+      }
+      return false
+    } catch {
+      setActionError('Modul konnte nicht erstellt werden.')
+      setTimeout(() => setActionError(null), 5000)
+      return false
+    }
+  }
+
+  return {
+    state,
+    availableModules,
+    displayModules,
+    isLoadingModules,
+    backendError,
+    actionError,
+    activeModulesCount,
+    totalRequirements,
+    totalControls,
+    handleActivateModule,
+    handleDeactivateModule,
+    handleCreateModule,
+  }
+}
diff --git a/admin-compliance/app/sdk/modules/page.tsx b/admin-compliance/app/sdk/modules/page.tsx
index 337d7b2..aff9c22 100644
--- a/admin-compliance/app/sdk/modules/page.tsx
+++ b/admin-compliance/app/sdk/modules/page.tsx
@@ -1,402 +1,46 @@
 'use client'
 
-import React, { useState, useEffect } from 'react'
+import React, { useState } from 'react'
 import { useRouter } from 'next/navigation'
-import { useSDK, ServiceModule } from '@/lib/sdk'
 import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-type ModuleCategory = 'gdpr' | 'ai-act' | 'iso27001' | 'nis2' | 'custom'
-type ModuleStatus = 'active' | 'inactive' | 'pending'
-
-interface DisplayModule extends ServiceModule {
-  category: ModuleCategory
-  status: ModuleStatus
-  requirementsCount: number
-  controlsCount: number
-  completionPercent: number
-}
-
-interface BackendModule {
-  id: string
-  name: string
-  display_name: string
-  description: string
-  service_type: string | null
-  processes_pii: boolean
-  ai_components: boolean
-  criticality: string
-  is_active: boolean
-  compliance_score: number | null
-  regulation_count: number
-  risk_count: number
-}
-
-// =============================================================================
-// FALLBACK MODULES (used when backend is unavailable)
-// =============================================================================
-
-const fallbackModules: Omit<DisplayModule, 'status' | 'completionPercent'>[] = [
-  {
-    id: 'mod-gdpr',
-    name: 'DSGVO Compliance',
-    description: 'Datenschutz-Grundverordnung - Vollstaendige Umsetzung aller Anforderungen',
-    category: 'gdpr',
-    regulations: ['DSGVO', 'BDSG'],
-    criticality: 'HIGH',
-    processesPersonalData: true,
-    hasAIComponents: false,
-    requirementsCount: 45,
-    controlsCount: 32,
-  },
-  {
-    id: 'mod-ai-act',
-    name: 'AI Act Compliance',
-    description: 'EU AI Act - Klassifizierung und Anforderungen fuer KI-Systeme',
-    category: 'ai-act',
-    regulations: ['EU AI Act'],
-    criticality: 'HIGH',
-    processesPersonalData: false,
-    hasAIComponents: true,
-    requirementsCount: 28,
-    controlsCount: 18,
-  },
-  {
-    id: 'mod-iso27001',
-    name: 'ISO 27001',
-    description: 'Informationssicherheits-Managementsystem nach ISO/IEC 27001',
-    category: 'iso27001',
-    regulations: ['ISO 27001', 'ISO 27002'],
-    criticality: 'MEDIUM',
-    processesPersonalData: false,
-    hasAIComponents: false,
-    requirementsCount: 114,
-    controlsCount: 93,
-  },
-  {
-    id: 'mod-nis2',
-    name: 'NIS2 Richtlinie',
-    description: 'Netz- und Informationssicherheit fuer kritische Infrastrukturen',
-    category: 'nis2',
-    regulations: ['NIS2'],
-    criticality: 'HIGH',
-    processesPersonalData: false,
-    hasAIComponents: false,
-    requirementsCount: 36,
-    controlsCount: 24,
-  },
-]
-
-// =============================================================================
-// HELPERS
-// =============================================================================
-
-function categorizeModule(name: string): ModuleCategory {
-  const lower = name.toLowerCase()
-  if (lower.includes('dsgvo') || lower.includes('gdpr') || lower.includes('datenschutz')) return 'gdpr'
-  if (lower.includes('ai act') || lower.includes('ki-verordnung')) return 'ai-act'
-  if (lower.includes('iso 27001') || lower.includes('iso27001') || lower.includes('isms')) return 'iso27001'
-  if (lower.includes('nis2') || lower.includes('netz- und informations')) return 'nis2'
-  return 'custom'
-}
-
-function mapBackendToDisplay(m: BackendModule): Omit<DisplayModule, 'status' | 'completionPercent'> {
-  return {
-    id: m.id,
-    name: m.display_name || m.name,
-    description: m.description || '',
-    category: categorizeModule(m.display_name || m.name),
-    regulations: [],
-    criticality: (m.criticality || 'MEDIUM').toUpperCase(),
-    processesPersonalData: m.processes_pii,
-    hasAIComponents: m.ai_components,
-    requirementsCount: m.regulation_count || 0,
-    controlsCount: m.risk_count || 0,
-  }
-}
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function ModuleCard({
-  module,
-  isActive,
-  onActivate,
-  onDeactivate,
-  onConfigure,
-}: {
-  module: DisplayModule
-  isActive: boolean
-  onActivate: () => void
-  onDeactivate: () => void
-  onConfigure: () => void
-}) {
-  const categoryColors = {
-    gdpr: 'bg-blue-100 text-blue-700',
-    'ai-act': 'bg-purple-100 text-purple-700',
-    iso27001: 'bg-green-100 text-green-700',
-    nis2: 'bg-orange-100 text-orange-700',
-    custom: 'bg-gray-100 text-gray-700',
-  }
-
-  const statusColors = {
-    active: 'bg-green-100 text-green-700',
-    inactive: 'bg-gray-100 text-gray-500',
-    pending: 'bg-yellow-100 text-yellow-700',
-  }
-
-  return (
-    <div className={`bg-white rounded-xl border-2 p-6 transition-all ${
-      isActive ? 'border-purple-400 shadow-lg' : 'border-gray-200 hover:border-purple-300'
-    }`}>
-      <div className="flex items-start justify-between">
-        <div className="flex-1">
-          <div className="flex items-center gap-2 mb-2">
-            <span className={`px-2 py-1 text-xs rounded-full ${categoryColors[module.category]}`}>
-              {module.category.toUpperCase()}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${statusColors[module.status]}`}>
-              {module.status === 'active' ? 'Aktiv' : module.status === 'pending' ? 'Ausstehend' : 'Inaktiv'}
-            </span>
-            {module.hasAIComponents && (
-              <span className="px-2 py-1 text-xs rounded-full bg-indigo-100 text-indigo-700">
-                KI
-              </span>
-            )}
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">{module.name}</h3>
-          <p className="text-sm text-gray-500 mt-1">{module.description}</p>
-          {module.regulations.length > 0 && (
-            <div className="mt-2 flex flex-wrap gap-1">
-              {module.regulations.map(reg => (
-                <span key={reg} className="px-2 py-0.5 text-xs bg-gray-100 text-gray-600 rounded">
-                  {reg}
-                </span>
-              ))}
-            </div>
-          )}
-        </div>
-      </div>
-
-      <div className="mt-4 grid grid-cols-2 gap-4 text-sm">
-        <div>
-          <span className="text-gray-500">Anforderungen:</span>
-          <span className="ml-2 font-medium">{module.requirementsCount}</span>
-        </div>
-        <div>
-          <span className="text-gray-500">Kontrollen:</span>
-          <span className="ml-2 font-medium">{module.controlsCount}</span>
-        </div>
-      </div>
-
-      <div className="mt-4">
-        <div className="flex items-center justify-between text-sm mb-1">
-          <span className="text-gray-500">Fortschritt</span>
-          <span className="font-medium text-purple-600">{module.completionPercent}%</span>
-        </div>
-        <div className="h-2 bg-gray-100 rounded-full overflow-hidden">
-          <div
-            className={`h-full rounded-full transition-all ${
-              module.completionPercent === 100 ? 'bg-green-500' : 'bg-purple-600'
-            }`}
-            style={{ width: `${module.completionPercent}%` }}
-          />
-        </div>
-      </div>
-
-      <div className="mt-4 flex items-center gap-2">
-        {isActive ? (
-          <>
-            <button
-              onClick={onConfigure}
-              className="flex-1 px-4 py-2 text-sm bg-purple-50 text-purple-700 rounded-lg hover:bg-purple-100 transition-colors"
-            >
-              Konfigurieren
-            </button>
-            <button
-              onClick={onDeactivate}
-              className="px-4 py-2 text-sm text-red-600 hover:bg-red-50 rounded-lg transition-colors"
-            >
-              Deaktivieren
-            </button>
-          </>
-        ) : (
-          <button
-            onClick={onActivate}
-            className="flex-1 px-4 py-2 text-sm bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-          >
-            Modul aktivieren
-          </button>
-        )}
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
+import { ModuleCard } from './_components/ModuleCard'
+import { useModules } from './_hooks/useModules'
+import type { ModuleCategory } from './_hooks/useModules'
 
 export default function ModulesPage() {
-  const { state, dispatch } = useSDK()
   const router = useRouter()
   const [filter, setFilter] = useState<string>('all')
-  const [availableModules, setAvailableModules] = useState<Omit<DisplayModule, 'status' | 'completionPercent'>[]>(fallbackModules)
-  const [isLoadingModules, setIsLoadingModules] = useState(true)
-  const [backendError, setBackendError] = useState<string | null>(null)
   const [showCreateModal, setShowCreateModal] = useState(false)
   const [newModuleName, setNewModuleName] = useState('')
   const [newModuleCategory, setNewModuleCategory] = useState<ModuleCategory>('custom')
   const [newModuleDescription, setNewModuleDescription] = useState('')
-  const [actionError, setActionError] = useState<string | null>(null)
 
-  // Load modules from backend
-  useEffect(() => {
-    async function loadModules() {
-      try {
-        const response = await fetch('/api/sdk/v1/modules')
-        if (response.ok) {
-          const data = await response.json()
-          if (data.modules && data.modules.length > 0) {
-            const mapped = data.modules.map(mapBackendToDisplay)
-            setAvailableModules(mapped)
-            setBackendError(null)
-          }
-        } else {
-          setBackendError('Backend nicht erreichbar — zeige Standard-Module')
-        }
-      } catch {
-        setBackendError('Backend nicht erreichbar — zeige Standard-Module')
-      } finally {
-        setIsLoadingModules(false)
-      }
-    }
-    loadModules()
-  }, [])
-
-  // Convert SDK modules to display modules with additional UI properties
-  const displayModules: DisplayModule[] = availableModules.map(template => {
-    const activeModule = state.modules.find(m => m.id === template.id)
-    const isActive = !!activeModule
-
-    // Calculate completion based on linked requirements and controls
-    const linkedRequirements = state.requirements.filter(r =>
-      r.applicableModules.includes(template.id)
-    )
-    const completedRequirements = linkedRequirements.filter(
-      r => r.status === 'IMPLEMENTED' || r.status === 'VERIFIED'
-    )
-    const completionPercent = linkedRequirements.length > 0
-      ? Math.round((completedRequirements.length / linkedRequirements.length) * 100)
-      : 0
-
-    return {
-      ...template,
-      status: isActive ? 'active' as ModuleStatus : 'inactive' as ModuleStatus,
-      completionPercent,
-    }
-  })
+  const {
+    state,
+    availableModules,
+    displayModules,
+    isLoadingModules,
+    backendError,
+    actionError,
+    activeModulesCount,
+    totalRequirements,
+    totalControls,
+    handleActivateModule,
+    handleDeactivateModule,
+    handleCreateModule,
+  } = useModules()
 
   const filteredModules = filter === 'all'
     ? displayModules
     : displayModules.filter(m => m.category === filter || m.status === filter)
 
-  const activeModulesCount = state.modules.length
-  const totalRequirements = displayModules
-    .filter(m => state.modules.some(sm => sm.id === m.id))
-    .reduce((sum, m) => sum + m.requirementsCount, 0)
-  const totalControls = displayModules
-    .filter(m => state.modules.some(sm => sm.id === m.id))
-    .reduce((sum, m) => sum + m.controlsCount, 0)
-
-  const handleActivateModule = async (module: DisplayModule) => {
-    const serviceModule: ServiceModule = {
-      id: module.id,
-      name: module.name,
-      description: module.description,
-      regulations: module.regulations,
-      criticality: module.criticality,
-      processesPersonalData: module.processesPersonalData,
-      hasAIComponents: module.hasAIComponents,
-    }
-    dispatch({ type: 'ADD_MODULE', payload: serviceModule })
-    setActionError(null)
-
-    try {
-      const res = await fetch(`/api/sdk/v1/modules/${encodeURIComponent(module.id)}/activate`, {
-        method: 'POST',
-      })
-      if (!res.ok) throw new Error('Aktivierung fehlgeschlagen')
-    } catch {
-      // Rollback optimistic update
-      const rollbackModules = state.modules.filter(m => m.id !== module.id)
-      dispatch({ type: 'SET_STATE', payload: { modules: rollbackModules } })
-      setActionError(`Modul "${module.name}" konnte nicht aktiviert werden.`)
-      setTimeout(() => setActionError(null), 5000)
-    }
-  }
-
-  const handleDeactivateModule = async (moduleId: string) => {
-    const previousModules = [...state.modules]
-    const updatedModules = state.modules.filter(m => m.id !== moduleId)
-    dispatch({ type: 'SET_STATE', payload: { modules: updatedModules } })
-    setActionError(null)
-
-    try {
-      const res = await fetch(`/api/sdk/v1/modules/${encodeURIComponent(moduleId)}/deactivate`, {
-        method: 'POST',
-      })
-      if (!res.ok) throw new Error('Deaktivierung fehlgeschlagen')
-    } catch {
-      // Rollback optimistic update
-      dispatch({ type: 'SET_STATE', payload: { modules: previousModules } })
-      setActionError('Modul konnte nicht deaktiviert werden.')
-      setTimeout(() => setActionError(null), 5000)
-    }
-  }
-
-  const handleCreateModule = async () => {
-    if (!newModuleName.trim()) return
-
-    try {
-      const res = await fetch('/api/sdk/v1/modules', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-          name: newModuleName,
-          category: newModuleCategory,
-          description: newModuleDescription,
-        }),
-      })
-
-      if (res.ok) {
-        const data = await res.json()
-        const newMod: Omit<DisplayModule, 'status' | 'completionPercent'> = {
-          id: data.id || `custom-${Date.now()}`,
-          name: newModuleName,
-          description: newModuleDescription,
-          category: newModuleCategory,
-          regulations: [],
-          criticality: 'MEDIUM',
-          processesPersonalData: false,
-          hasAIComponents: false,
-          requirementsCount: 0,
-          controlsCount: 0,
-        }
-        setAvailableModules(prev => [...prev, newMod])
-      }
-
+  async function onCreateModule() {
+    const ok = await handleCreateModule(newModuleName, newModuleCategory, newModuleDescription)
+    if (ok) {
       setShowCreateModal(false)
       setNewModuleName('')
       setNewModuleCategory('custom')
       setNewModuleDescription('')
-    } catch {
-      setActionError('Modul konnte nicht erstellt werden.')
-      setTimeout(() => setActionError(null), 5000)
     }
   }
 
@@ -484,7 +128,7 @@ export default function ModulesPage() {
                 Abbrechen
               </button>
               <button
-                onClick={handleCreateModule}
+                onClick={onCreateModule}
                 disabled={!newModuleName.trim()}
                 className="px-4 py-2 text-sm bg-purple-600 text-white rounded-lg hover:bg-purple-700 disabled:opacity-50"
               >
diff --git a/admin-compliance/app/sdk/security-backlog/_components/ItemModal.tsx b/admin-compliance/app/sdk/security-backlog/_components/ItemModal.tsx
new file mode 100644
index 0000000..30ad9e6
--- /dev/null
+++ b/admin-compliance/app/sdk/security-backlog/_components/ItemModal.tsx
@@ -0,0 +1,106 @@
+'use client'
+
+import React, { useState } from 'react'
+import type { NewItem } from '../_hooks/useSecurityBacklog'
+
+export function ItemModal({
+  item,
+  onClose,
+  onSave,
+}: {
+  item: NewItem
+  onClose: () => void
+  onSave: (data: NewItem) => void
+}) {
+  const [form, setForm] = useState<NewItem>(item)
+
+  return (
+    <div className="fixed inset-0 bg-black/50 flex items-center justify-center z-50 p-4">
+      <div className="bg-white rounded-xl shadow-xl max-w-2xl w-full max-h-[90vh] overflow-y-auto">
+        <div className="px-6 py-4 border-b border-gray-200 flex items-center justify-between">
+          <h3 className="font-semibold text-gray-900">Sicherheitsbefund erfassen</h3>
+          <button onClick={onClose} className="text-gray-400 hover:text-gray-600">
+            <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
+            </svg>
+          </button>
+        </div>
+        <div className="p-6 space-y-4">
+          <div>
+            <label className="block text-sm font-medium text-gray-700 mb-1">Titel *</label>
+            <input
+              type="text"
+              value={form.title}
+              onChange={e => setForm(p => ({ ...p, title: e.target.value }))}
+              placeholder="Kurzbeschreibung des Befunds"
+              className="w-full border rounded px-3 py-2 text-sm"
+            />
+          </div>
+          <div>
+            <label className="block text-sm font-medium text-gray-700 mb-1">Beschreibung</label>
+            <textarea
+              value={form.description}
+              onChange={e => setForm(p => ({ ...p, description: e.target.value }))}
+              rows={3}
+              className="w-full border rounded px-3 py-2 text-sm"
+            />
+          </div>
+          <div className="grid grid-cols-2 gap-4">
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Typ</label>
+              <select value={form.type} onChange={e => setForm(p => ({ ...p, type: e.target.value }))} className="w-full border rounded px-3 py-2 text-sm">
+                <option value="vulnerability">Schwachstelle</option>
+                <option value="misconfiguration">Fehlkonfiguration</option>
+                <option value="compliance">Compliance</option>
+                <option value="hardening">Haertung</option>
+              </select>
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Schweregrad</label>
+              <select value={form.severity} onChange={e => setForm(p => ({ ...p, severity: e.target.value }))} className="w-full border rounded px-3 py-2 text-sm">
+                <option value="critical">Kritisch</option>
+                <option value="high">Hoch</option>
+                <option value="medium">Mittel</option>
+                <option value="low">Niedrig</option>
+              </select>
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Quelle</label>
+              <input type="text" value={form.source} onChange={e => setForm(p => ({ ...p, source: e.target.value }))} placeholder="z.B. Penetrationstest" className="w-full border rounded px-3 py-2 text-sm" />
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Betroffenes Asset</label>
+              <input type="text" value={form.affected_asset} onChange={e => setForm(p => ({ ...p, affected_asset: e.target.value }))} placeholder="z.B. auth-service" className="w-full border rounded px-3 py-2 text-sm" />
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">CVE</label>
+              <input type="text" value={form.cve} onChange={e => setForm(p => ({ ...p, cve: e.target.value }))} placeholder="CVE-2024-XXXXX" className="w-full border rounded px-3 py-2 text-sm" />
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">CVSS Score</label>
+              <input type="number" step="0.1" min="0" max="10" value={form.cvss} onChange={e => setForm(p => ({ ...p, cvss: e.target.value }))} placeholder="0.0 - 10.0" className="w-full border rounded px-3 py-2 text-sm" />
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Zugewiesen an</label>
+              <input type="text" value={form.assigned_to} onChange={e => setForm(p => ({ ...p, assigned_to: e.target.value }))} placeholder="Team oder Person" className="w-full border rounded px-3 py-2 text-sm" />
+            </div>
+          </div>
+          <div>
+            <label className="block text-sm font-medium text-gray-700 mb-1">Massnahme</label>
+            <textarea value={form.remediation} onChange={e => setForm(p => ({ ...p, remediation: e.target.value }))} rows={2} placeholder="Empfohlene Abhilfemassnahme..." className="w-full border rounded px-3 py-2 text-sm" />
+          </div>
+        </div>
+        <div className="px-6 py-4 border-t border-gray-200 flex justify-end gap-3">
+          <button onClick={onClose} className="px-4 py-2 text-sm text-gray-600 hover:bg-gray-100 rounded-lg">Abbrechen</button>
+          <button
+            onClick={() => onSave(form)}
+            disabled={!form.title}
+            className="px-4 py-2 text-sm text-white bg-purple-600 hover:bg-purple-700 rounded-lg font-medium disabled:opacity-50"
+          >
+            Speichern
+          </button>
+        </div>
+      </div>
+    </div>
+  )
+}
diff --git a/admin-compliance/app/sdk/security-backlog/_components/SecurityItemCard.tsx b/admin-compliance/app/sdk/security-backlog/_components/SecurityItemCard.tsx
new file mode 100644
index 0000000..db48b78
--- /dev/null
+++ b/admin-compliance/app/sdk/security-backlog/_components/SecurityItemCard.tsx
@@ -0,0 +1,166 @@
+'use client'
+
+import React from 'react'
+import type { SecurityItem } from '../_hooks/useSecurityBacklog'
+
+export function SecurityItemCard({
+  item,
+  onEdit,
+  onDelete,
+  onStatusChange,
+}: {
+  item: SecurityItem
+  onEdit: (item: SecurityItem) => void
+  onDelete: (id: string) => void
+  onStatusChange: (id: string, status: string) => void
+}) {
+  const typeLabels = {
+    vulnerability: 'Schwachstelle',
+    misconfiguration: 'Fehlkonfiguration',
+    compliance: 'Compliance',
+    hardening: 'Haertung',
+  }
+
+  const typeColors = {
+    vulnerability: 'bg-red-100 text-red-700',
+    misconfiguration: 'bg-orange-100 text-orange-700',
+    compliance: 'bg-purple-100 text-purple-700',
+    hardening: 'bg-blue-100 text-blue-700',
+  }
+
+  const severityColors = {
+    critical: 'bg-red-500 text-white',
+    high: 'bg-orange-500 text-white',
+    medium: 'bg-yellow-500 text-white',
+    low: 'bg-green-500 text-white',
+  }
+
+  const statusColors = {
+    open: 'bg-blue-100 text-blue-700',
+    'in-progress': 'bg-yellow-100 text-yellow-700',
+    resolved: 'bg-green-100 text-green-700',
+    'accepted-risk': 'bg-gray-100 text-gray-600',
+  }
+
+  const statusLabels = {
+    open: 'Offen',
+    'in-progress': 'In Bearbeitung',
+    resolved: 'Behoben',
+    'accepted-risk': 'Akzeptiert',
+  }
+
+  const isOverdue = item.due_date && new Date(item.due_date) < new Date() && item.status !== 'resolved'
+
+  return (
+    <div className={`bg-white rounded-xl border-2 p-6 ${
+      item.severity === 'critical' && item.status !== 'resolved' ? 'border-red-300' :
+      isOverdue ? 'border-orange-300' :
+      item.status === 'resolved' ? 'border-green-200' : 'border-gray-200'
+    }`}>
+      <div className="flex items-start justify-between">
+        <div className="flex-1">
+          <div className="flex items-center gap-2 mb-2">
+            <span className={`px-2 py-1 text-xs rounded-full ${severityColors[item.severity]}`}>
+              {item.severity.toUpperCase()}
+            </span>
+            <span className={`px-2 py-1 text-xs rounded-full ${typeColors[item.type]}`}>
+              {typeLabels[item.type]}
+            </span>
+            <span className={`px-2 py-1 text-xs rounded-full ${statusColors[item.status]}`}>
+              {statusLabels[item.status]}
+            </span>
+          </div>
+          <h3 className="text-lg font-semibold text-gray-900">{item.title}</h3>
+          {item.description && <p className="text-sm text-gray-500 mt-1">{item.description}</p>}
+        </div>
+      </div>
+
+      <div className="mt-4 grid grid-cols-2 gap-4 text-sm">
+        {item.affected_asset && (
+          <div>
+            <span className="text-gray-500">Betroffenes Asset: </span>
+            <span className="font-medium text-gray-700">{item.affected_asset}</span>
+          </div>
+        )}
+        {item.source && (
+          <div>
+            <span className="text-gray-500">Quelle: </span>
+            <span className="font-medium text-gray-700">{item.source}</span>
+          </div>
+        )}
+        {item.cve && (
+          <div>
+            <span className="text-gray-500">CVE: </span>
+            <span className="font-mono text-gray-700">{item.cve}</span>
+          </div>
+        )}
+        {item.cvss !== null && (
+          <div>
+            <span className="text-gray-500">CVSS: </span>
+            <span className={`font-bold ${
+              item.cvss >= 9 ? 'text-red-600' :
+              item.cvss >= 7 ? 'text-orange-600' :
+              item.cvss >= 4 ? 'text-yellow-600' : 'text-green-600'
+            }`}>{item.cvss}</span>
+          </div>
+        )}
+        {item.assigned_to && (
+          <div>
+            <span className="text-gray-500">Zugewiesen: </span>
+            <span className="font-medium text-gray-700">{item.assigned_to}</span>
+          </div>
+        )}
+        {item.due_date && (
+          <div className={isOverdue ? 'text-red-600' : ''}>
+            <span className="text-gray-500">Frist: </span>
+            <span className="font-medium">
+              {new Date(item.due_date).toLocaleDateString('de-DE')}
+              {isOverdue && ' (ueberfaellig)'}
+            </span>
+          </div>
+        )}
+      </div>
+
+      {item.remediation && (
+        <div className="mt-4 p-3 bg-gray-50 rounded-lg">
+          <span className="text-sm text-gray-500">Empfohlene Massnahme: </span>
+          <span className="text-sm text-gray-700">{item.remediation}</span>
+        </div>
+      )}
+
+      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between">
+        <span className="text-xs text-gray-500">
+          Erstellt: {new Date(item.created_at).toLocaleDateString('de-DE')}
+        </span>
+        <div className="flex items-center gap-2">
+          {item.status !== 'resolved' && (
+            <>
+              <button
+                onClick={() => onEdit(item)}
+                className="px-3 py-1 text-sm text-purple-600 hover:bg-purple-50 rounded-lg transition-colors"
+              >
+                Bearbeiten
+              </button>
+              <button
+                onClick={() => onStatusChange(item.id, 'resolved')}
+                className="px-3 py-1 text-sm bg-green-50 text-green-700 hover:bg-green-100 rounded-lg transition-colors"
+              >
+                Als behoben markieren
+              </button>
+            </>
+          )}
+          <button
+            onClick={() => {
+              if (window.confirm(`"${item.title}" loeschen?`)) onDelete(item.id)
+            }}
+            className="px-2 py-1 text-sm text-red-400 hover:text-red-600 hover:bg-red-50 rounded-lg transition-colors"
+          >
+            <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
+            </svg>
+          </button>
+        </div>
+      </div>
+    </div>
+  )
+}
diff --git a/admin-compliance/app/sdk/security-backlog/_hooks/useSecurityBacklog.ts b/admin-compliance/app/sdk/security-backlog/_hooks/useSecurityBacklog.ts
new file mode 100644
index 0000000..a566284
--- /dev/null
+++ b/admin-compliance/app/sdk/security-backlog/_hooks/useSecurityBacklog.ts
@@ -0,0 +1,179 @@
+'use client'
+
+import { useState, useEffect } from 'react'
+
+// =============================================================================
+// TYPES
+// =============================================================================
+
+export interface SecurityItem {
+  id: string
+  title: string
+  description: string | null
+  type: 'vulnerability' | 'misconfiguration' | 'compliance' | 'hardening'
+  severity: 'critical' | 'high' | 'medium' | 'low'
+  status: 'open' | 'in-progress' | 'resolved' | 'accepted-risk'
+  source: string | null
+  cve: string | null
+  cvss: number | null
+  affected_asset: string | null
+  assigned_to: string | null
+  created_at: string
+  due_date: string | null
+  remediation: string | null
+}
+
+export interface Stats {
+  open: number
+  in_progress: number
+  critical: number
+  high: number
+  overdue: number
+  total: number
+}
+
+export interface NewItem {
+  title: string
+  description: string
+  type: string
+  severity: string
+  source: string
+  cve: string
+  cvss: string
+  affected_asset: string
+  assigned_to: string
+  remediation: string
+}
+
+export const EMPTY_NEW_ITEM: NewItem = {
+  title: '',
+  description: '',
+  type: 'vulnerability',
+  severity: 'medium',
+  source: '',
+  cve: '',
+  cvss: '',
+  affected_asset: '',
+  assigned_to: '',
+  remediation: '',
+}
+
+// =============================================================================
+// HOOK
+// =============================================================================
+
+const API = '/api/sdk/v1/compliance/security-backlog'
+
+export function useSecurityBacklog() {
+  const [items, setItems] = useState<SecurityItem[]>([])
+  const [stats, setStats] = useState<Stats>({ open: 0, in_progress: 0, critical: 0, high: 0, overdue: 0, total: 0 })
+  const [loading, setLoading] = useState(true)
+
+  useEffect(() => {
+    loadData()
+  }, [])
+
+  async function loadData() {
+    setLoading(true)
+    try {
+      const [itemsRes, statsRes] = await Promise.all([
+        fetch(`${API}?limit=200`),
+        fetch(`${API}/stats`),
+      ])
+      if (itemsRes.ok) {
+        const data = await itemsRes.json()
+        setItems(Array.isArray(data.items) ? data.items : [])
+      }
+      if (statsRes.ok) {
+        const data = await statsRes.json()
+        setStats(data)
+      }
+    } catch (err) {
+      console.error('Failed to load security backlog:', err)
+    } finally {
+      setLoading(false)
+    }
+  }
+
+  async function handleCreate(form: NewItem) {
+    try {
+      const res = await fetch(API, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          ...form,
+          cvss: form.cvss ? parseFloat(form.cvss) : null,
+        }),
+      })
+      if (res.ok) {
+        const created = await res.json()
+        setItems(prev => [created, ...prev])
+        setStats(prev => ({ ...prev, open: prev.open + 1, total: prev.total + 1 }))
+        return true
+      }
+    } catch (err) {
+      console.error('Failed to create item:', err)
+    }
+    return false
+  }
+
+  async function handleUpdate(editItemId: string, form: NewItem) {
+    try {
+      const res = await fetch(`${API}/${editItemId}`, {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          ...form,
+          cvss: form.cvss ? parseFloat(form.cvss) : null,
+        }),
+      })
+      if (res.ok) {
+        const updated = await res.json()
+        setItems(prev => prev.map(i => i.id === updated.id ? updated : i))
+        return true
+      }
+    } catch (err) {
+      console.error('Failed to update item:', err)
+    }
+    return false
+  }
+
+  async function handleDelete(id: string) {
+    try {
+      const res = await fetch(`${API}/${id}`, { method: 'DELETE' })
+      if (res.ok || res.status === 204) {
+        setItems(prev => prev.filter(i => i.id !== id))
+        loadData()
+      }
+    } catch (err) {
+      console.error('Failed to delete item:', err)
+    }
+  }
+
+  async function handleStatusChange(id: string, status: string) {
+    try {
+      const res = await fetch(`${API}/${id}`, {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ status }),
+      })
+      if (res.ok) {
+        const updated = await res.json()
+        setItems(prev => prev.map(i => i.id === updated.id ? updated : i))
+        loadData()
+      }
+    } catch (err) {
+      console.error('Failed to update status:', err)
+    }
+  }
+
+  return {
+    items,
+    stats,
+    loading,
+    handleCreate,
+    handleUpdate,
+    handleDelete,
+    handleStatusChange,
+  }
+}
diff --git a/admin-compliance/app/sdk/security-backlog/page.tsx b/admin-compliance/app/sdk/security-backlog/page.tsx
index 09be890..a3029a7 100644
--- a/admin-compliance/app/sdk/security-backlog/page.tsx
+++ b/admin-compliance/app/sdk/security-backlog/page.tsx
@@ -1,452 +1,40 @@
 'use client'
 
-import React, { useState, useEffect } from 'react'
-import { useSDK } from '@/lib/sdk'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-interface SecurityItem {
-  id: string
-  title: string
-  description: string | null
-  type: 'vulnerability' | 'misconfiguration' | 'compliance' | 'hardening'
-  severity: 'critical' | 'high' | 'medium' | 'low'
-  status: 'open' | 'in-progress' | 'resolved' | 'accepted-risk'
-  source: string | null
-  cve: string | null
-  cvss: number | null
-  affected_asset: string | null
-  assigned_to: string | null
-  created_at: string
-  due_date: string | null
-  remediation: string | null
-}
-
-interface Stats {
-  open: number
-  in_progress: number
-  critical: number
-  high: number
-  overdue: number
-  total: number
-}
-
-interface NewItem {
-  title: string
-  description: string
-  type: string
-  severity: string
-  source: string
-  cve: string
-  cvss: string
-  affected_asset: string
-  assigned_to: string
-  remediation: string
-}
-
-const EMPTY_NEW_ITEM: NewItem = {
-  title: '',
-  description: '',
-  type: 'vulnerability',
-  severity: 'medium',
-  source: '',
-  cve: '',
-  cvss: '',
-  affected_asset: '',
-  assigned_to: '',
-  remediation: '',
-}
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function SecurityItemCard({
-  item,
-  onEdit,
-  onDelete,
-  onStatusChange,
-}: {
-  item: SecurityItem
-  onEdit: (item: SecurityItem) => void
-  onDelete: (id: string) => void
-  onStatusChange: (id: string, status: string) => void
-}) {
-  const typeLabels = {
-    vulnerability: 'Schwachstelle',
-    misconfiguration: 'Fehlkonfiguration',
-    compliance: 'Compliance',
-    hardening: 'Haertung',
-  }
-
-  const typeColors = {
-    vulnerability: 'bg-red-100 text-red-700',
-    misconfiguration: 'bg-orange-100 text-orange-700',
-    compliance: 'bg-purple-100 text-purple-700',
-    hardening: 'bg-blue-100 text-blue-700',
-  }
-
-  const severityColors = {
-    critical: 'bg-red-500 text-white',
-    high: 'bg-orange-500 text-white',
-    medium: 'bg-yellow-500 text-white',
-    low: 'bg-green-500 text-white',
-  }
-
-  const statusColors = {
-    open: 'bg-blue-100 text-blue-700',
-    'in-progress': 'bg-yellow-100 text-yellow-700',
-    resolved: 'bg-green-100 text-green-700',
-    'accepted-risk': 'bg-gray-100 text-gray-600',
-  }
-
-  const statusLabels = {
-    open: 'Offen',
-    'in-progress': 'In Bearbeitung',
-    resolved: 'Behoben',
-    'accepted-risk': 'Akzeptiert',
-  }
-
-  const isOverdue = item.due_date && new Date(item.due_date) < new Date() && item.status !== 'resolved'
-
-  return (
-    <div className={`bg-white rounded-xl border-2 p-6 ${
-      item.severity === 'critical' && item.status !== 'resolved' ? 'border-red-300' :
-      isOverdue ? 'border-orange-300' :
-      item.status === 'resolved' ? 'border-green-200' : 'border-gray-200'
-    }`}>
-      <div className="flex items-start justify-between">
-        <div className="flex-1">
-          <div className="flex items-center gap-2 mb-2">
-            <span className={`px-2 py-1 text-xs rounded-full ${severityColors[item.severity]}`}>
-              {item.severity.toUpperCase()}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${typeColors[item.type]}`}>
-              {typeLabels[item.type]}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${statusColors[item.status]}`}>
-              {statusLabels[item.status]}
-            </span>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">{item.title}</h3>
-          {item.description && <p className="text-sm text-gray-500 mt-1">{item.description}</p>}
-        </div>
-      </div>
-
-      <div className="mt-4 grid grid-cols-2 gap-4 text-sm">
-        {item.affected_asset && (
-          <div>
-            <span className="text-gray-500">Betroffenes Asset: </span>
-            <span className="font-medium text-gray-700">{item.affected_asset}</span>
-          </div>
-        )}
-        {item.source && (
-          <div>
-            <span className="text-gray-500">Quelle: </span>
-            <span className="font-medium text-gray-700">{item.source}</span>
-          </div>
-        )}
-        {item.cve && (
-          <div>
-            <span className="text-gray-500">CVE: </span>
-            <span className="font-mono text-gray-700">{item.cve}</span>
-          </div>
-        )}
-        {item.cvss !== null && (
-          <div>
-            <span className="text-gray-500">CVSS: </span>
-            <span className={`font-bold ${
-              item.cvss >= 9 ? 'text-red-600' :
-              item.cvss >= 7 ? 'text-orange-600' :
-              item.cvss >= 4 ? 'text-yellow-600' : 'text-green-600'
-            }`}>{item.cvss}</span>
-          </div>
-        )}
-        {item.assigned_to && (
-          <div>
-            <span className="text-gray-500">Zugewiesen: </span>
-            <span className="font-medium text-gray-700">{item.assigned_to}</span>
-          </div>
-        )}
-        {item.due_date && (
-          <div className={isOverdue ? 'text-red-600' : ''}>
-            <span className="text-gray-500">Frist: </span>
-            <span className="font-medium">
-              {new Date(item.due_date).toLocaleDateString('de-DE')}
-              {isOverdue && ' (ueberfaellig)'}
-            </span>
-          </div>
-        )}
-      </div>
-
-      {item.remediation && (
-        <div className="mt-4 p-3 bg-gray-50 rounded-lg">
-          <span className="text-sm text-gray-500">Empfohlene Massnahme: </span>
-          <span className="text-sm text-gray-700">{item.remediation}</span>
-        </div>
-      )}
-
-      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between">
-        <span className="text-xs text-gray-500">
-          Erstellt: {new Date(item.created_at).toLocaleDateString('de-DE')}
-        </span>
-        <div className="flex items-center gap-2">
-          {item.status !== 'resolved' && (
-            <>
-              <button
-                onClick={() => onEdit(item)}
-                className="px-3 py-1 text-sm text-purple-600 hover:bg-purple-50 rounded-lg transition-colors"
-              >
-                Bearbeiten
-              </button>
-              <button
-                onClick={() => onStatusChange(item.id, 'resolved')}
-                className="px-3 py-1 text-sm bg-green-50 text-green-700 hover:bg-green-100 rounded-lg transition-colors"
-              >
-                Als behoben markieren
-              </button>
-            </>
-          )}
-          <button
-            onClick={() => {
-              if (window.confirm(`"${item.title}" loeschen?`)) onDelete(item.id)
-            }}
-            className="px-2 py-1 text-sm text-red-400 hover:text-red-600 hover:bg-red-50 rounded-lg transition-colors"
-          >
-            <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
-            </svg>
-          </button>
-        </div>
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MODAL
-// =============================================================================
-
-function ItemModal({
-  item,
-  onClose,
-  onSave,
-}: {
-  item: NewItem
-  onClose: () => void
-  onSave: (data: NewItem) => void
-}) {
-  const [form, setForm] = useState<NewItem>(item)
-
-  return (
-    <div className="fixed inset-0 bg-black/50 flex items-center justify-center z-50 p-4">
-      <div className="bg-white rounded-xl shadow-xl max-w-2xl w-full max-h-[90vh] overflow-y-auto">
-        <div className="px-6 py-4 border-b border-gray-200 flex items-center justify-between">
-          <h3 className="font-semibold text-gray-900">Sicherheitsbefund erfassen</h3>
-          <button onClick={onClose} className="text-gray-400 hover:text-gray-600">
-            <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
-            </svg>
-          </button>
-        </div>
-        <div className="p-6 space-y-4">
-          <div>
-            <label className="block text-sm font-medium text-gray-700 mb-1">Titel *</label>
-            <input
-              type="text"
-              value={form.title}
-              onChange={e => setForm(p => ({ ...p, title: e.target.value }))}
-              placeholder="Kurzbeschreibung des Befunds"
-              className="w-full border rounded px-3 py-2 text-sm"
-            />
-          </div>
-          <div>
-            <label className="block text-sm font-medium text-gray-700 mb-1">Beschreibung</label>
-            <textarea
-              value={form.description}
-              onChange={e => setForm(p => ({ ...p, description: e.target.value }))}
-              rows={3}
-              className="w-full border rounded px-3 py-2 text-sm"
-            />
-          </div>
-          <div className="grid grid-cols-2 gap-4">
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Typ</label>
-              <select value={form.type} onChange={e => setForm(p => ({ ...p, type: e.target.value }))} className="w-full border rounded px-3 py-2 text-sm">
-                <option value="vulnerability">Schwachstelle</option>
-                <option value="misconfiguration">Fehlkonfiguration</option>
-                <option value="compliance">Compliance</option>
-                <option value="hardening">Haertung</option>
-              </select>
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Schweregrad</label>
-              <select value={form.severity} onChange={e => setForm(p => ({ ...p, severity: e.target.value }))} className="w-full border rounded px-3 py-2 text-sm">
-                <option value="critical">Kritisch</option>
-                <option value="high">Hoch</option>
-                <option value="medium">Mittel</option>
-                <option value="low">Niedrig</option>
-              </select>
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Quelle</label>
-              <input type="text" value={form.source} onChange={e => setForm(p => ({ ...p, source: e.target.value }))} placeholder="z.B. Penetrationstest" className="w-full border rounded px-3 py-2 text-sm" />
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Betroffenes Asset</label>
-              <input type="text" value={form.affected_asset} onChange={e => setForm(p => ({ ...p, affected_asset: e.target.value }))} placeholder="z.B. auth-service" className="w-full border rounded px-3 py-2 text-sm" />
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">CVE</label>
-              <input type="text" value={form.cve} onChange={e => setForm(p => ({ ...p, cve: e.target.value }))} placeholder="CVE-2024-XXXXX" className="w-full border rounded px-3 py-2 text-sm" />
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">CVSS Score</label>
-              <input type="number" step="0.1" min="0" max="10" value={form.cvss} onChange={e => setForm(p => ({ ...p, cvss: e.target.value }))} placeholder="0.0 - 10.0" className="w-full border rounded px-3 py-2 text-sm" />
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Zugewiesen an</label>
-              <input type="text" value={form.assigned_to} onChange={e => setForm(p => ({ ...p, assigned_to: e.target.value }))} placeholder="Team oder Person" className="w-full border rounded px-3 py-2 text-sm" />
-            </div>
-          </div>
-          <div>
-            <label className="block text-sm font-medium text-gray-700 mb-1">Massnahme</label>
-            <textarea value={form.remediation} onChange={e => setForm(p => ({ ...p, remediation: e.target.value }))} rows={2} placeholder="Empfohlene Abhilfemassnahme..." className="w-full border rounded px-3 py-2 text-sm" />
-          </div>
-        </div>
-        <div className="px-6 py-4 border-t border-gray-200 flex justify-end gap-3">
-          <button onClick={onClose} className="px-4 py-2 text-sm text-gray-600 hover:bg-gray-100 rounded-lg">Abbrechen</button>
-          <button
-            onClick={() => onSave(form)}
-            disabled={!form.title}
-            className="px-4 py-2 text-sm text-white bg-purple-600 hover:bg-purple-700 rounded-lg font-medium disabled:opacity-50"
-          >
-            Speichern
-          </button>
-        </div>
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-const API = '/api/sdk/v1/compliance/security-backlog'
+import React, { useState } from 'react'
+import { SecurityItemCard } from './_components/SecurityItemCard'
+import { ItemModal } from './_components/ItemModal'
+import { useSecurityBacklog, EMPTY_NEW_ITEM } from './_hooks/useSecurityBacklog'
+import type { SecurityItem } from './_hooks/useSecurityBacklog'
 
 export default function SecurityBacklogPage() {
-  const { state } = useSDK()
-  const [items, setItems] = useState<SecurityItem[]>([])
-  const [stats, setStats] = useState<Stats>({ open: 0, in_progress: 0, critical: 0, high: 0, overdue: 0, total: 0 })
   const [filter, setFilter] = useState<string>('all')
-  const [loading, setLoading] = useState(true)
   const [showModal, setShowModal] = useState(false)
   const [editItem, setEditItem] = useState<SecurityItem | null>(null)
 
-  useEffect(() => {
-    loadData()
-  }, [])
-
-  async function loadData() {
-    setLoading(true)
-    try {
-      const [itemsRes, statsRes] = await Promise.all([
-        fetch(`${API}?limit=200`),
-        fetch(`${API}/stats`),
-      ])
-      if (itemsRes.ok) {
-        const data = await itemsRes.json()
-        setItems(Array.isArray(data.items) ? data.items : [])
-      }
-      if (statsRes.ok) {
-        const data = await statsRes.json()
-        setStats(data)
-      }
-    } catch (err) {
-      console.error('Failed to load security backlog:', err)
-    } finally {
-      setLoading(false)
-    }
-  }
-
-  async function handleCreate(form: NewItem) {
-    try {
-      const res = await fetch(API, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-          ...form,
-          cvss: form.cvss ? parseFloat(form.cvss) : null,
-        }),
-      })
-      if (res.ok) {
-        const created = await res.json()
-        setItems(prev => [created, ...prev])
-        setStats(prev => ({ ...prev, open: prev.open + 1, total: prev.total + 1 }))
-        setShowModal(false)
-      }
-    } catch (err) {
-      console.error('Failed to create item:', err)
-    }
-  }
-
-  async function handleUpdate(form: NewItem) {
-    if (!editItem) return
-    try {
-      const res = await fetch(`${API}/${editItem.id}`, {
-        method: 'PUT',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-          ...form,
-          cvss: form.cvss ? parseFloat(form.cvss) : null,
-        }),
-      })
-      if (res.ok) {
-        const updated = await res.json()
-        setItems(prev => prev.map(i => i.id === updated.id ? updated : i))
-        setEditItem(null)
-      }
-    } catch (err) {
-      console.error('Failed to update item:', err)
-    }
-  }
-
-  async function handleDelete(id: string) {
-    try {
-      const res = await fetch(`${API}/${id}`, { method: 'DELETE' })
-      if (res.ok || res.status === 204) {
-        setItems(prev => prev.filter(i => i.id !== id))
-        loadData() // refresh stats
-      }
-    } catch (err) {
-      console.error('Failed to delete item:', err)
-    }
-  }
-
-  async function handleStatusChange(id: string, status: string) {
-    try {
-      const res = await fetch(`${API}/${id}`, {
-        method: 'PUT',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ status }),
-      })
-      if (res.ok) {
-        const updated = await res.json()
-        setItems(prev => prev.map(i => i.id === updated.id ? updated : i))
-        loadData() // refresh stats
-      }
-    } catch (err) {
-      console.error('Failed to update status:', err)
-    }
-  }
+  const {
+    items,
+    stats,
+    loading,
+    handleCreate,
+    handleUpdate,
+    handleDelete,
+    handleStatusChange,
+  } = useSecurityBacklog()
 
   const filteredItems = filter === 'all'
     ? items
     : items.filter(i => i.severity === filter || i.status === filter || i.type === filter)
 
+  async function onSave(form: Parameters<typeof handleCreate>[0]) {
+    if (editItem) {
+      const ok = await handleUpdate(editItem.id, form)
+      if (ok) setEditItem(null)
+    } else {
+      const ok = await handleCreate(form)
+      if (ok) setShowModal(false)
+    }
+  }
+
   return (
     <div className="space-y-6">
       {/* Header */}
@@ -578,7 +166,7 @@ export default function SecurityBacklogPage() {
             remediation: editItem.remediation || '',
           } : EMPTY_NEW_ITEM}
           onClose={() => { setShowModal(false); setEditItem(null) }}
-          onSave={editItem ? handleUpdate : handleCreate}
+          onSave={onSave}
         />
       )}
     </div>