refactor(admin): split modules, security-backlog, consent pages

Extract components and hooks to _components/ and _hooks/ subdirectories to bring all three page.tsx files under the 500-LOC hard cap. modules/page.tsx: 595 → 239 LOC security-backlog/page.tsx: 586 → 174 LOC consent/page.tsx: 569 → 305 LOC Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-16 13:13:38 +02:00
parent 7907b3f25b
commit 8044ddb776
10 changed files with 1249 additions and 1114 deletions
--- a/admin-compliance/app/sdk/security-backlog/_components/ItemModal.tsx
+++ b/admin-compliance/app/sdk/security-backlog/_components/ItemModal.tsx
@@ -0,0 +1,106 @@
+'use client'
+
+import React, { useState } from 'react'
+import type { NewItem } from '../_hooks/useSecurityBacklog'
+
+export function ItemModal({
+  item,
+  onClose,
+  onSave,
+}: {
+  item: NewItem
+  onClose: () => void
+  onSave: (data: NewItem) => void
+}) {
+  const [form, setForm] = useState<NewItem>(item)
+
+  return (
+    <div className="fixed inset-0 bg-black/50 flex items-center justify-center z-50 p-4">
+      <div className="bg-white rounded-xl shadow-xl max-w-2xl w-full max-h-[90vh] overflow-y-auto">
+        <div className="px-6 py-4 border-b border-gray-200 flex items-center justify-between">
+          <h3 className="font-semibold text-gray-900">Sicherheitsbefund erfassen</h3>
+          <button onClick={onClose} className="text-gray-400 hover:text-gray-600">
+            <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
+            </svg>
+          </button>
+        </div>
+        <div className="p-6 space-y-4">
+          <div>
+            <label className="block text-sm font-medium text-gray-700 mb-1">Titel *</label>
+            <input
+              type="text"
+              value={form.title}
+              onChange={e => setForm(p => ({ ...p, title: e.target.value }))}
+              placeholder="Kurzbeschreibung des Befunds"
+              className="w-full border rounded px-3 py-2 text-sm"
+            />
+          </div>
+          <div>
+            <label className="block text-sm font-medium text-gray-700 mb-1">Beschreibung</label>
+            <textarea
+              value={form.description}
+              onChange={e => setForm(p => ({ ...p, description: e.target.value }))}
+              rows={3}
+              className="w-full border rounded px-3 py-2 text-sm"
+            />
+          </div>
+          <div className="grid grid-cols-2 gap-4">
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Typ</label>
+              <select value={form.type} onChange={e => setForm(p => ({ ...p, type: e.target.value }))} className="w-full border rounded px-3 py-2 text-sm">
+                <option value="vulnerability">Schwachstelle</option>
+                <option value="misconfiguration">Fehlkonfiguration</option>
+                <option value="compliance">Compliance</option>
+                <option value="hardening">Haertung</option>
+              </select>
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Schweregrad</label>
+              <select value={form.severity} onChange={e => setForm(p => ({ ...p, severity: e.target.value }))} className="w-full border rounded px-3 py-2 text-sm">
+                <option value="critical">Kritisch</option>
+                <option value="high">Hoch</option>
+                <option value="medium">Mittel</option>
+                <option value="low">Niedrig</option>
+              </select>
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Quelle</label>
+              <input type="text" value={form.source} onChange={e => setForm(p => ({ ...p, source: e.target.value }))} placeholder="z.B. Penetrationstest" className="w-full border rounded px-3 py-2 text-sm" />
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Betroffenes Asset</label>
+              <input type="text" value={form.affected_asset} onChange={e => setForm(p => ({ ...p, affected_asset: e.target.value }))} placeholder="z.B. auth-service" className="w-full border rounded px-3 py-2 text-sm" />
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">CVE</label>
+              <input type="text" value={form.cve} onChange={e => setForm(p => ({ ...p, cve: e.target.value }))} placeholder="CVE-2024-XXXXX" className="w-full border rounded px-3 py-2 text-sm" />
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">CVSS Score</label>
+              <input type="number" step="0.1" min="0" max="10" value={form.cvss} onChange={e => setForm(p => ({ ...p, cvss: e.target.value }))} placeholder="0.0 - 10.0" className="w-full border rounded px-3 py-2 text-sm" />
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Zugewiesen an</label>
+              <input type="text" value={form.assigned_to} onChange={e => setForm(p => ({ ...p, assigned_to: e.target.value }))} placeholder="Team oder Person" className="w-full border rounded px-3 py-2 text-sm" />
+            </div>
+          </div>
+          <div>
+            <label className="block text-sm font-medium text-gray-700 mb-1">Massnahme</label>
+            <textarea value={form.remediation} onChange={e => setForm(p => ({ ...p, remediation: e.target.value }))} rows={2} placeholder="Empfohlene Abhilfemassnahme..." className="w-full border rounded px-3 py-2 text-sm" />
+          </div>
+        </div>
+        <div className="px-6 py-4 border-t border-gray-200 flex justify-end gap-3">
+          <button onClick={onClose} className="px-4 py-2 text-sm text-gray-600 hover:bg-gray-100 rounded-lg">Abbrechen</button>
+          <button
+            onClick={() => onSave(form)}
+            disabled={!form.title}
+            className="px-4 py-2 text-sm text-white bg-purple-600 hover:bg-purple-700 rounded-lg font-medium disabled:opacity-50"
+          >
+            Speichern
+          </button>
+        </div>
+      </div>
+    </div>
+  )
+}
--- a/admin-compliance/app/sdk/security-backlog/_components/SecurityItemCard.tsx
+++ b/admin-compliance/app/sdk/security-backlog/_components/SecurityItemCard.tsx
@@ -0,0 +1,166 @@
+'use client'
+
+import React from 'react'
+import type { SecurityItem } from '../_hooks/useSecurityBacklog'
+
+export function SecurityItemCard({
+  item,
+  onEdit,
+  onDelete,
+  onStatusChange,
+}: {
+  item: SecurityItem
+  onEdit: (item: SecurityItem) => void
+  onDelete: (id: string) => void
+  onStatusChange: (id: string, status: string) => void
+}) {
+  const typeLabels = {
+    vulnerability: 'Schwachstelle',
+    misconfiguration: 'Fehlkonfiguration',
+    compliance: 'Compliance',
+    hardening: 'Haertung',
+  }
+
+  const typeColors = {
+    vulnerability: 'bg-red-100 text-red-700',
+    misconfiguration: 'bg-orange-100 text-orange-700',
+    compliance: 'bg-purple-100 text-purple-700',
+    hardening: 'bg-blue-100 text-blue-700',
+  }
+
+  const severityColors = {
+    critical: 'bg-red-500 text-white',
+    high: 'bg-orange-500 text-white',
+    medium: 'bg-yellow-500 text-white',
+    low: 'bg-green-500 text-white',
+  }
+
+  const statusColors = {
+    open: 'bg-blue-100 text-blue-700',
+    'in-progress': 'bg-yellow-100 text-yellow-700',
+    resolved: 'bg-green-100 text-green-700',
+    'accepted-risk': 'bg-gray-100 text-gray-600',
+  }
+
+  const statusLabels = {
+    open: 'Offen',
+    'in-progress': 'In Bearbeitung',
+    resolved: 'Behoben',
+    'accepted-risk': 'Akzeptiert',
+  }
+
+  const isOverdue = item.due_date && new Date(item.due_date) < new Date() && item.status !== 'resolved'
+
+  return (
+    <div className={`bg-white rounded-xl border-2 p-6 ${
+      item.severity === 'critical' && item.status !== 'resolved' ? 'border-red-300' :
+      isOverdue ? 'border-orange-300' :
+      item.status === 'resolved' ? 'border-green-200' : 'border-gray-200'
+    }`}>
+      <div className="flex items-start justify-between">
+        <div className="flex-1">
+          <div className="flex items-center gap-2 mb-2">
+            <span className={`px-2 py-1 text-xs rounded-full ${severityColors[item.severity]}`}>
+              {item.severity.toUpperCase()}
+            </span>
+            <span className={`px-2 py-1 text-xs rounded-full ${typeColors[item.type]}`}>
+              {typeLabels[item.type]}
+            </span>
+            <span className={`px-2 py-1 text-xs rounded-full ${statusColors[item.status]}`}>
+              {statusLabels[item.status]}
+            </span>
+          </div>
+          <h3 className="text-lg font-semibold text-gray-900">{item.title}</h3>
+          {item.description && <p className="text-sm text-gray-500 mt-1">{item.description}</p>}
+        </div>
+      </div>
+
+      <div className="mt-4 grid grid-cols-2 gap-4 text-sm">
+        {item.affected_asset && (
+          <div>
+            <span className="text-gray-500">Betroffenes Asset: </span>
+            <span className="font-medium text-gray-700">{item.affected_asset}</span>
+          </div>
+        )}
+        {item.source && (
+          <div>
+            <span className="text-gray-500">Quelle: </span>
+            <span className="font-medium text-gray-700">{item.source}</span>
+          </div>
+        )}
+        {item.cve && (
+          <div>
+            <span className="text-gray-500">CVE: </span>
+            <span className="font-mono text-gray-700">{item.cve}</span>
+          </div>
+        )}
+        {item.cvss !== null && (
+          <div>
+            <span className="text-gray-500">CVSS: </span>
+            <span className={`font-bold ${
+              item.cvss >= 9 ? 'text-red-600' :
+              item.cvss >= 7 ? 'text-orange-600' :
+              item.cvss >= 4 ? 'text-yellow-600' : 'text-green-600'
+            }`}>{item.cvss}</span>
+          </div>
+        )}
+        {item.assigned_to && (
+          <div>
+            <span className="text-gray-500">Zugewiesen: </span>
+            <span className="font-medium text-gray-700">{item.assigned_to}</span>
+          </div>
+        )}
+        {item.due_date && (
+          <div className={isOverdue ? 'text-red-600' : ''}>
+            <span className="text-gray-500">Frist: </span>
+            <span className="font-medium">
+              {new Date(item.due_date).toLocaleDateString('de-DE')}
+              {isOverdue && ' (ueberfaellig)'}
+            </span>
+          </div>
+        )}
+      </div>
+
+      {item.remediation && (
+        <div className="mt-4 p-3 bg-gray-50 rounded-lg">
+          <span className="text-sm text-gray-500">Empfohlene Massnahme: </span>
+          <span className="text-sm text-gray-700">{item.remediation}</span>
+        </div>
+      )}
+
+      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between">
+        <span className="text-xs text-gray-500">
+          Erstellt: {new Date(item.created_at).toLocaleDateString('de-DE')}
+        </span>
+        <div className="flex items-center gap-2">
+          {item.status !== 'resolved' && (
+            <>
+              <button
+                onClick={() => onEdit(item)}
+                className="px-3 py-1 text-sm text-purple-600 hover:bg-purple-50 rounded-lg transition-colors"
+              >
+                Bearbeiten
+              </button>
+              <button
+                onClick={() => onStatusChange(item.id, 'resolved')}
+                className="px-3 py-1 text-sm bg-green-50 text-green-700 hover:bg-green-100 rounded-lg transition-colors"
+              >
+                Als behoben markieren
+              </button>
+            </>
+          )}
+          <button
+            onClick={() => {
+              if (window.confirm(`"${item.title}" loeschen?`)) onDelete(item.id)
+            }}
+            className="px-2 py-1 text-sm text-red-400 hover:text-red-600 hover:bg-red-50 rounded-lg transition-colors"
+          >
+            <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
+            </svg>
+          </button>
+        </div>
+      </div>
+    </div>
+  )
+}
--- a/admin-compliance/app/sdk/security-backlog/_hooks/useSecurityBacklog.ts
+++ b/admin-compliance/app/sdk/security-backlog/_hooks/useSecurityBacklog.ts
@@ -0,0 +1,179 @@
+'use client'
+
+import { useState, useEffect } from 'react'
+
+// =============================================================================
+// TYPES
+// =============================================================================
+
+export interface SecurityItem {
+  id: string
+  title: string
+  description: string | null
+  type: 'vulnerability' | 'misconfiguration' | 'compliance' | 'hardening'
+  severity: 'critical' | 'high' | 'medium' | 'low'
+  status: 'open' | 'in-progress' | 'resolved' | 'accepted-risk'
+  source: string | null
+  cve: string | null
+  cvss: number | null
+  affected_asset: string | null
+  assigned_to: string | null
+  created_at: string
+  due_date: string | null
+  remediation: string | null
+}
+
+export interface Stats {
+  open: number
+  in_progress: number
+  critical: number
+  high: number
+  overdue: number
+  total: number
+}
+
+export interface NewItem {
+  title: string
+  description: string
+  type: string
+  severity: string
+  source: string
+  cve: string
+  cvss: string
+  affected_asset: string
+  assigned_to: string
+  remediation: string
+}
+
+export const EMPTY_NEW_ITEM: NewItem = {
+  title: '',
+  description: '',
+  type: 'vulnerability',
+  severity: 'medium',
+  source: '',
+  cve: '',
+  cvss: '',
+  affected_asset: '',
+  assigned_to: '',
+  remediation: '',
+}
+
+// =============================================================================
+// HOOK
+// =============================================================================
+
+const API = '/api/sdk/v1/compliance/security-backlog'
+
+export function useSecurityBacklog() {
+  const [items, setItems] = useState<SecurityItem[]>([])
+  const [stats, setStats] = useState<Stats>({ open: 0, in_progress: 0, critical: 0, high: 0, overdue: 0, total: 0 })
+  const [loading, setLoading] = useState(true)
+
+  useEffect(() => {
+    loadData()
+  }, [])
+
+  async function loadData() {
+    setLoading(true)
+    try {
+      const [itemsRes, statsRes] = await Promise.all([
+        fetch(`${API}?limit=200`),
+        fetch(`${API}/stats`),
+      ])
+      if (itemsRes.ok) {
+        const data = await itemsRes.json()
+        setItems(Array.isArray(data.items) ? data.items : [])
+      }
+      if (statsRes.ok) {
+        const data = await statsRes.json()
+        setStats(data)
+      }
+    } catch (err) {
+      console.error('Failed to load security backlog:', err)
+    } finally {
+      setLoading(false)
+    }
+  }
+
+  async function handleCreate(form: NewItem) {
+    try {
+      const res = await fetch(API, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          ...form,
+          cvss: form.cvss ? parseFloat(form.cvss) : null,
+        }),
+      })
+      if (res.ok) {
+        const created = await res.json()
+        setItems(prev => [created, ...prev])
+        setStats(prev => ({ ...prev, open: prev.open + 1, total: prev.total + 1 }))
+        return true
+      }
+    } catch (err) {
+      console.error('Failed to create item:', err)
+    }
+    return false
+  }
+
+  async function handleUpdate(editItemId: string, form: NewItem) {
+    try {
+      const res = await fetch(`${API}/${editItemId}`, {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          ...form,
+          cvss: form.cvss ? parseFloat(form.cvss) : null,
+        }),
+      })
+      if (res.ok) {
+        const updated = await res.json()
+        setItems(prev => prev.map(i => i.id === updated.id ? updated : i))
+        return true
+      }
+    } catch (err) {
+      console.error('Failed to update item:', err)
+    }
+    return false
+  }
+
+  async function handleDelete(id: string) {
+    try {
+      const res = await fetch(`${API}/${id}`, { method: 'DELETE' })
+      if (res.ok || res.status === 204) {
+        setItems(prev => prev.filter(i => i.id !== id))
+        loadData()
+      }
+    } catch (err) {
+      console.error('Failed to delete item:', err)
+    }
+  }
+
+  async function handleStatusChange(id: string, status: string) {
+    try {
+      const res = await fetch(`${API}/${id}`, {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ status }),
+      })
+      if (res.ok) {
+        const updated = await res.json()
+        setItems(prev => prev.map(i => i.id === updated.id ? updated : i))
+        loadData()
+      }
+    } catch (err) {
+      console.error('Failed to update status:', err)
+    }
+  }
+
+  return {
+    items,
+    stats,
+    loading,
+    handleCreate,
+    handleUpdate,
+    handleDelete,
+    handleStatusChange,
+  }
+}
--- a/admin-compliance/app/sdk/security-backlog/page.tsx
+++ b/admin-compliance/app/sdk/security-backlog/page.tsx
@@ -1,452 +1,40 @@
 'use client'

-import React, { useState, useEffect } from 'react'
-import { useSDK } from '@/lib/sdk'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-interface SecurityItem {
-  id: string
-  title: string
-  description: string | null
-  type: 'vulnerability' | 'misconfiguration' | 'compliance' | 'hardening'
-  severity: 'critical' | 'high' | 'medium' | 'low'
-  status: 'open' | 'in-progress' | 'resolved' | 'accepted-risk'
-  source: string | null
-  cve: string | null
-  cvss: number | null
-  affected_asset: string | null
-  assigned_to: string | null
-  created_at: string
-  due_date: string | null
-  remediation: string | null
-}
-
-interface Stats {
-  open: number
-  in_progress: number
-  critical: number
-  high: number
-  overdue: number
-  total: number
-}
-
-interface NewItem {
-  title: string
-  description: string
-  type: string
-  severity: string
-  source: string
-  cve: string
-  cvss: string
-  affected_asset: string
-  assigned_to: string
-  remediation: string
-}
-
-const EMPTY_NEW_ITEM: NewItem = {
-  title: '',
-  description: '',
-  type: 'vulnerability',
-  severity: 'medium',
-  source: '',
-  cve: '',
-  cvss: '',
-  affected_asset: '',
-  assigned_to: '',
-  remediation: '',
-}
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function SecurityItemCard({
-  item,
-  onEdit,
-  onDelete,
-  onStatusChange,
-}: {
-  item: SecurityItem
-  onEdit: (item: SecurityItem) => void
-  onDelete: (id: string) => void
-  onStatusChange: (id: string, status: string) => void
-}) {
-  const typeLabels = {
-    vulnerability: 'Schwachstelle',
-    misconfiguration: 'Fehlkonfiguration',
-    compliance: 'Compliance',
-    hardening: 'Haertung',
-  }
-
-  const typeColors = {
-    vulnerability: 'bg-red-100 text-red-700',
-    misconfiguration: 'bg-orange-100 text-orange-700',
-    compliance: 'bg-purple-100 text-purple-700',
-    hardening: 'bg-blue-100 text-blue-700',
-  }
-
-  const severityColors = {
-    critical: 'bg-red-500 text-white',
-    high: 'bg-orange-500 text-white',
-    medium: 'bg-yellow-500 text-white',
-    low: 'bg-green-500 text-white',
-  }
-
-  const statusColors = {
-    open: 'bg-blue-100 text-blue-700',
-    'in-progress': 'bg-yellow-100 text-yellow-700',
-    resolved: 'bg-green-100 text-green-700',
-    'accepted-risk': 'bg-gray-100 text-gray-600',
-  }
-
-  const statusLabels = {
-    open: 'Offen',
-    'in-progress': 'In Bearbeitung',
-    resolved: 'Behoben',
-    'accepted-risk': 'Akzeptiert',
-  }
-
-  const isOverdue = item.due_date && new Date(item.due_date) < new Date() && item.status !== 'resolved'
-
-  return (
-    <div className={`bg-white rounded-xl border-2 p-6 ${
-      item.severity === 'critical' && item.status !== 'resolved' ? 'border-red-300' :
-      isOverdue ? 'border-orange-300' :
-      item.status === 'resolved' ? 'border-green-200' : 'border-gray-200'
-    }`}>
-      <div className="flex items-start justify-between">
-        <div className="flex-1">
-          <div className="flex items-center gap-2 mb-2">
-            <span className={`px-2 py-1 text-xs rounded-full ${severityColors[item.severity]}`}>
-              {item.severity.toUpperCase()}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${typeColors[item.type]}`}>
-              {typeLabels[item.type]}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${statusColors[item.status]}`}>
-              {statusLabels[item.status]}
-            </span>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">{item.title}</h3>
-          {item.description && <p className="text-sm text-gray-500 mt-1">{item.description}</p>}
-        </div>
-      </div>
-
-      <div className="mt-4 grid grid-cols-2 gap-4 text-sm">
-        {item.affected_asset && (
-          <div>
-            <span className="text-gray-500">Betroffenes Asset: </span>
-            <span className="font-medium text-gray-700">{item.affected_asset}</span>
-          </div>
-        )}
-        {item.source && (
-          <div>
-            <span className="text-gray-500">Quelle: </span>
-            <span className="font-medium text-gray-700">{item.source}</span>
-          </div>
-        )}
-        {item.cve && (
-          <div>
-            <span className="text-gray-500">CVE: </span>
-            <span className="font-mono text-gray-700">{item.cve}</span>
-          </div>
-        )}
-        {item.cvss !== null && (
-          <div>
-            <span className="text-gray-500">CVSS: </span>
-            <span className={`font-bold ${
-              item.cvss >= 9 ? 'text-red-600' :
-              item.cvss >= 7 ? 'text-orange-600' :
-              item.cvss >= 4 ? 'text-yellow-600' : 'text-green-600'
-            }`}>{item.cvss}</span>
-          </div>
-        )}
-        {item.assigned_to && (
-          <div>
-            <span className="text-gray-500">Zugewiesen: </span>
-            <span className="font-medium text-gray-700">{item.assigned_to}</span>
-          </div>
-        )}
-        {item.due_date && (
-          <div className={isOverdue ? 'text-red-600' : ''}>
-            <span className="text-gray-500">Frist: </span>
-            <span className="font-medium">
-              {new Date(item.due_date).toLocaleDateString('de-DE')}
-              {isOverdue && ' (ueberfaellig)'}
-            </span>
-          </div>
-        )}
-      </div>
-
-      {item.remediation && (
-        <div className="mt-4 p-3 bg-gray-50 rounded-lg">
-          <span className="text-sm text-gray-500">Empfohlene Massnahme: </span>
-          <span className="text-sm text-gray-700">{item.remediation}</span>
-        </div>
-      )}
-
-      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between">
-        <span className="text-xs text-gray-500">
-          Erstellt: {new Date(item.created_at).toLocaleDateString('de-DE')}
-        </span>
-        <div className="flex items-center gap-2">
-          {item.status !== 'resolved' && (
-            <>
-              <button
-                onClick={() => onEdit(item)}
-                className="px-3 py-1 text-sm text-purple-600 hover:bg-purple-50 rounded-lg transition-colors"
-              >
-                Bearbeiten
-              </button>
-              <button
-                onClick={() => onStatusChange(item.id, 'resolved')}
-                className="px-3 py-1 text-sm bg-green-50 text-green-700 hover:bg-green-100 rounded-lg transition-colors"
-              >
-                Als behoben markieren
-              </button>
-            </>
-          )}
-          <button
-            onClick={() => {
-              if (window.confirm(`"${item.title}" loeschen?`)) onDelete(item.id)
-            }}
-            className="px-2 py-1 text-sm text-red-400 hover:text-red-600 hover:bg-red-50 rounded-lg transition-colors"
-          >
-            <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
-            </svg>
-          </button>
-        </div>
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MODAL
-// =============================================================================
-
-function ItemModal({
-  item,
-  onClose,
-  onSave,
-}: {
-  item: NewItem
-  onClose: () => void
-  onSave: (data: NewItem) => void
-}) {
-  const [form, setForm] = useState<NewItem>(item)
-
-  return (
-    <div className="fixed inset-0 bg-black/50 flex items-center justify-center z-50 p-4">
-      <div className="bg-white rounded-xl shadow-xl max-w-2xl w-full max-h-[90vh] overflow-y-auto">
-        <div className="px-6 py-4 border-b border-gray-200 flex items-center justify-between">
-          <h3 className="font-semibold text-gray-900">Sicherheitsbefund erfassen</h3>
-          <button onClick={onClose} className="text-gray-400 hover:text-gray-600">
-            <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
-            </svg>
-          </button>
-        </div>
-        <div className="p-6 space-y-4">
-          <div>
-            <label className="block text-sm font-medium text-gray-700 mb-1">Titel *</label>
-            <input
-              type="text"
-              value={form.title}
-              onChange={e => setForm(p => ({ ...p, title: e.target.value }))}
-              placeholder="Kurzbeschreibung des Befunds"
-              className="w-full border rounded px-3 py-2 text-sm"
-            />
-          </div>
-          <div>
-            <label className="block text-sm font-medium text-gray-700 mb-1">Beschreibung</label>
-            <textarea
-              value={form.description}
-              onChange={e => setForm(p => ({ ...p, description: e.target.value }))}
-              rows={3}
-              className="w-full border rounded px-3 py-2 text-sm"
-            />
-          </div>
-          <div className="grid grid-cols-2 gap-4">
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Typ</label>
-              <select value={form.type} onChange={e => setForm(p => ({ ...p, type: e.target.value }))} className="w-full border rounded px-3 py-2 text-sm">
-                <option value="vulnerability">Schwachstelle</option>
-                <option value="misconfiguration">Fehlkonfiguration</option>
-                <option value="compliance">Compliance</option>
-                <option value="hardening">Haertung</option>
-              </select>
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Schweregrad</label>
-              <select value={form.severity} onChange={e => setForm(p => ({ ...p, severity: e.target.value }))} className="w-full border rounded px-3 py-2 text-sm">
-                <option value="critical">Kritisch</option>
-                <option value="high">Hoch</option>
-                <option value="medium">Mittel</option>
-                <option value="low">Niedrig</option>
-              </select>
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Quelle</label>
-              <input type="text" value={form.source} onChange={e => setForm(p => ({ ...p, source: e.target.value }))} placeholder="z.B. Penetrationstest" className="w-full border rounded px-3 py-2 text-sm" />
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Betroffenes Asset</label>
-              <input type="text" value={form.affected_asset} onChange={e => setForm(p => ({ ...p, affected_asset: e.target.value }))} placeholder="z.B. auth-service" className="w-full border rounded px-3 py-2 text-sm" />
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">CVE</label>
-              <input type="text" value={form.cve} onChange={e => setForm(p => ({ ...p, cve: e.target.value }))} placeholder="CVE-2024-XXXXX" className="w-full border rounded px-3 py-2 text-sm" />
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">CVSS Score</label>
-              <input type="number" step="0.1" min="0" max="10" value={form.cvss} onChange={e => setForm(p => ({ ...p, cvss: e.target.value }))} placeholder="0.0 - 10.0" className="w-full border rounded px-3 py-2 text-sm" />
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Zugewiesen an</label>
-              <input type="text" value={form.assigned_to} onChange={e => setForm(p => ({ ...p, assigned_to: e.target.value }))} placeholder="Team oder Person" className="w-full border rounded px-3 py-2 text-sm" />
-            </div>
-          </div>
-          <div>
-            <label className="block text-sm font-medium text-gray-700 mb-1">Massnahme</label>
-            <textarea value={form.remediation} onChange={e => setForm(p => ({ ...p, remediation: e.target.value }))} rows={2} placeholder="Empfohlene Abhilfemassnahme..." className="w-full border rounded px-3 py-2 text-sm" />
-          </div>
-        </div>
-        <div className="px-6 py-4 border-t border-gray-200 flex justify-end gap-3">
-          <button onClick={onClose} className="px-4 py-2 text-sm text-gray-600 hover:bg-gray-100 rounded-lg">Abbrechen</button>
-          <button
-            onClick={() => onSave(form)}
-            disabled={!form.title}
-            className="px-4 py-2 text-sm text-white bg-purple-600 hover:bg-purple-700 rounded-lg font-medium disabled:opacity-50"
-          >
-            Speichern
-          </button>
-        </div>
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-const API = '/api/sdk/v1/compliance/security-backlog'
+import React, { useState } from 'react'
+import { SecurityItemCard } from './_components/SecurityItemCard'
+import { ItemModal } from './_components/ItemModal'
+import { useSecurityBacklog, EMPTY_NEW_ITEM } from './_hooks/useSecurityBacklog'
+import type { SecurityItem } from './_hooks/useSecurityBacklog'

 export default function SecurityBacklogPage() {
-  const { state } = useSDK()
-  const [items, setItems] = useState<SecurityItem[]>([])
-  const [stats, setStats] = useState<Stats>({ open: 0, in_progress: 0, critical: 0, high: 0, overdue: 0, total: 0 })
  const [filter, setFilter] = useState<string>('all')
-  const [loading, setLoading] = useState(true)
  const [showModal, setShowModal] = useState(false)
  const [editItem, setEditItem] = useState<SecurityItem | null>(null)

-  useEffect(() => {
-    loadData()
-  }, [])
-
-  async function loadData() {
-    setLoading(true)
-    try {
-      const [itemsRes, statsRes] = await Promise.all([
-        fetch(`${API}?limit=200`),
-        fetch(`${API}/stats`),
-      ])
-      if (itemsRes.ok) {
-        const data = await itemsRes.json()
-        setItems(Array.isArray(data.items) ? data.items : [])
-      }
-      if (statsRes.ok) {
-        const data = await statsRes.json()
-        setStats(data)
-      }
-    } catch (err) {
-      console.error('Failed to load security backlog:', err)
-    } finally {
-      setLoading(false)
-    }
-  }
-
-  async function handleCreate(form: NewItem) {
-    try {
-      const res = await fetch(API, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-          ...form,
-          cvss: form.cvss ? parseFloat(form.cvss) : null,
-        }),
-      })
-      if (res.ok) {
-        const created = await res.json()
-        setItems(prev => [created, ...prev])
-        setStats(prev => ({ ...prev, open: prev.open + 1, total: prev.total + 1 }))
-        setShowModal(false)
-      }
-    } catch (err) {
-      console.error('Failed to create item:', err)
-    }
-  }
-
-  async function handleUpdate(form: NewItem) {
-    if (!editItem) return
-    try {
-      const res = await fetch(`${API}/${editItem.id}`, {
-        method: 'PUT',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-          ...form,
-          cvss: form.cvss ? parseFloat(form.cvss) : null,
-        }),
-      })
-      if (res.ok) {
-        const updated = await res.json()
-        setItems(prev => prev.map(i => i.id === updated.id ? updated : i))
-        setEditItem(null)
-      }
-    } catch (err) {
-      console.error('Failed to update item:', err)
-    }
-  }
-
-  async function handleDelete(id: string) {
-    try {
-      const res = await fetch(`${API}/${id}`, { method: 'DELETE' })
-      if (res.ok || res.status === 204) {
-        setItems(prev => prev.filter(i => i.id !== id))
-        loadData() // refresh stats
-      }
-    } catch (err) {
-      console.error('Failed to delete item:', err)
-    }
-  }
-
-  async function handleStatusChange(id: string, status: string) {
-    try {
-      const res = await fetch(`${API}/${id}`, {
-        method: 'PUT',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ status }),
-      })
-      if (res.ok) {
-        const updated = await res.json()
-        setItems(prev => prev.map(i => i.id === updated.id ? updated : i))
-        loadData() // refresh stats
-      }
-    } catch (err) {
-      console.error('Failed to update status:', err)
-    }
-  }
+  const {
+    items,
+    stats,
+    loading,
+    handleCreate,
+    handleUpdate,
+    handleDelete,
+    handleStatusChange,
+  } = useSecurityBacklog()

  const filteredItems = filter === 'all'
    ? items
    : items.filter(i => i.severity === filter || i.status === filter || i.type === filter)

+  async function onSave(form: Parameters<typeof handleCreate>[0]) {
+    if (editItem) {
+      const ok = await handleUpdate(editItem.id, form)
+      if (ok) setEditItem(null)
+    } else {
+      const ok = await handleCreate(form)
+      if (ok) setShowModal(false)
+    }
+  }
+
  return (
    <div className="space-y-6">
      {/* Header */}
@@ -578,7 +166,7 @@ export default function SecurityBacklogPage() {
            remediation: editItem.remediation || '',
          } : EMPTY_NEW_ITEM}
          onClose={() => { setShowModal(false); setEditItem(null) }}
-          onSave={editItem ? handleUpdate : handleCreate}
+          onSave={onSave}
        />
      )}
    </div>