refactor(admin): split compliance-scope-engine.ts (1811 LOC) into focused modules

Extract data constants and document-scope logic from the monolithic engine: - compliance-scope-data.ts (133 LOC): score weights + answer multipliers - compliance-scope-triggers.ts (823 LOC): 50 hard trigger rules (data table) - compliance-scope-documents.ts (497 LOC): document scope, risk flags, gaps, actions, reasoning - compliance-scope-engine.ts (406 LOC): core class with scoring + trigger evaluation All logic files stay under the 500 LOC cap. The triggers file exceeds it as a pure declarative data table with no logic. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 13:33:51 +02:00
parent fc6a3306d4
commit 911d872178
4 changed files with 1483 additions and 1435 deletions
--- a/admin-compliance/lib/sdk/compliance-scope-data.ts
+++ b/admin-compliance/lib/sdk/compliance-scope-data.ts
@@ -0,0 +1,133 @@
+// ============================================================================
+// SCORE WEIGHTS PRO FRAGE
+// ============================================================================
+
+export const QUESTION_SCORE_WEIGHTS: Record<
+  string,
+  { risk: number; complexity: number; assurance: number }
+> = {
+  // Organisationsprofil (6 Fragen)
+  org_employee_count: { risk: 3, complexity: 5, assurance: 4 },
+  org_industry: { risk: 6, complexity: 4, assurance: 5 },
+  org_business_model: { risk: 5, complexity: 3, assurance: 4 },
+  org_customer_count: { risk: 4, complexity: 6, assurance: 5 },
+  org_cert_target: { risk: 2, complexity: 8, assurance: 9 },
+  org_has_dpo: { risk: 7, complexity: 2, assurance: 8 },
+
+  // Datenarten (5 Fragen)
+  data_art9: { risk: 10, complexity: 7, assurance: 9 },
+  data_minors: { risk: 10, complexity: 6, assurance: 9 },
+  data_volume: { risk: 6, complexity: 7, assurance: 6 },
+  data_retention_years: { risk: 5, complexity: 4, assurance: 5 },
+  data_sources: { risk: 4, complexity: 5, assurance: 4 },
+
+  // Verarbeitungszwecke (9 Fragen)
+  proc_adm_scoring: { risk: 9, complexity: 7, assurance: 8 },
+  proc_ai_usage: { risk: 8, complexity: 8, assurance: 8 },
+  proc_video_surveillance: { risk: 7, complexity: 5, assurance: 7 },
+  proc_employee_monitoring: { risk: 7, complexity: 5, assurance: 7 },
+  proc_tracking: { risk: 6, complexity: 4, assurance: 6 },
+  proc_dsar_process: { risk: 8, complexity: 6, assurance: 8 },
+  proc_deletion_concept: { risk: 7, complexity: 5, assurance: 7 },
+  proc_incident_response: { risk: 9, complexity: 6, assurance: 9 },
+  proc_regular_audits: { risk: 5, complexity: 7, assurance: 8 },
+
+  // Technik (7 Fragen)
+  tech_hosting_location: { risk: 7, complexity: 5, assurance: 7 },
+  tech_third_country: { risk: 8, complexity: 6, assurance: 8 },
+  tech_encryption_transit: { risk: 8, complexity: 4, assurance: 8 },
+  tech_encryption_rest: { risk: 8, complexity: 4, assurance: 8 },
+  tech_access_control: { risk: 7, complexity: 5, assurance: 7 },
+  tech_logging: { risk: 6, complexity: 5, assurance: 7 },
+  tech_backup_recovery: { risk: 6, complexity: 5, assurance: 7 },
+
+  // Produkt/Features (5 Fragen)
+  prod_webshop: { risk: 5, complexity: 4, assurance: 5 },
+  prod_data_broker: { risk: 9, complexity: 7, assurance: 8 },
+  prod_api_external: { risk: 6, complexity: 5, assurance: 6 },
+  prod_consent_management: { risk: 7, complexity: 5, assurance: 8 },
+  prod_data_portability: { risk: 4, complexity: 5, assurance: 5 },
+
+  // Compliance Reife (3 Fragen)
+  comp_training: { risk: 5, complexity: 4, assurance: 7 },
+  comp_vendor_management: { risk: 6, complexity: 6, assurance: 7 },
+  comp_documentation_level: { risk: 6, complexity: 7, assurance: 8 },
+}
+
+// ============================================================================
+// ANSWER MULTIPLIERS FÜR SINGLE-CHOICE FRAGEN
+// ============================================================================
+
+export const ANSWER_MULTIPLIERS: Record<string, Record<string, number>> = {
+  org_employee_count: {
+    '1-9': 0.1,
+    '10-49': 0.3,
+    '50-249': 0.5,
+    '250-999': 0.7,
+    '1000+': 1.0,
+  },
+  org_industry: {
+    tech: 0.4,
+    finance: 0.8,
+    healthcare: 0.9,
+    public: 0.7,
+    retail: 0.5,
+    education: 0.6,
+    other: 0.3,
+  },
+  org_business_model: {
+    b2b: 0.4,
+    b2c: 0.7,
+    b2b2c: 0.6,
+    internal: 0.3,
+  },
+  org_customer_count: {
+    '0-100': 0.1,
+    '100-1000': 0.2,
+    '1000-10000': 0.4,
+    '10000-100000': 0.7,
+    '100000+': 1.0,
+  },
+  data_volume: {
+    '<1000': 0.1,
+    '1000-10000': 0.2,
+    '10000-100000': 0.4,
+    '100000-1000000': 0.7,
+    '>1000000': 1.0,
+  },
+  data_retention_years: {
+    '<1': 0.2,
+    '1-3': 0.4,
+    '3-5': 0.6,
+    '5-10': 0.8,
+    '>10': 1.0,
+  },
+  tech_hosting_location: {
+    eu: 0.2,
+    eu_us_adequacy: 0.4,
+    us_adequacy: 0.6,
+    drittland: 1.0,
+  },
+  tech_access_control: {
+    none: 1.0,
+    basic: 0.6,
+    rbac: 0.3,
+    advanced: 0.1,
+  },
+  tech_logging: {
+    none: 1.0,
+    basic: 0.6,
+    comprehensive: 0.2,
+  },
+  tech_backup_recovery: {
+    none: 1.0,
+    basic: 0.5,
+    tested: 0.2,
+  },
+  comp_documentation_level: {
+    none: 1.0,
+    basic: 0.6,
+    structured: 0.3,
+    comprehensive: 0.1,
+  },
+}