fix(admin): resolve all 266 TypeScript errors, enable strict build

Eliminate the pre-existing TS errors that were masked by next.config.js `typescript.ignoreBuildErrors: true`, then turn the flag OFF so the compiler is a real safety net for future changes. `next build` and `tsc --noEmit` now pass with 0 errors. The errors were not cosmetic — several exposed real latent bugs hidden by the flag, e.g. the drafting-engine ConstraintEnforcer read non-existent fields (`t.rule.dsfaRequired`, `d.required`, `r.title`), so its DSFA hard gate and risk-flag checks were silently no-ops; scopeDefaults read snake_case CompanyProfile fields that never matched the camelCase type (generator defaults never populated). Both fixed by aligning code to the current types. Highlights: - Vitest globals: add vitest-globals.d.ts (config already had globals:true) so the test files type-check; exclude Playwright specs from vitest. - Add a minimal ambient `pg` module declaration (no @types/pg installed). - Fix Next 15 route handlers to await Promise params. - Reconcile drifted types across loeschfristen, compliance-scope, document- generator, drafting-engine, vendor-compliance, agent and more. Pre-existing (NOT caused here, proven by stashing the diff): 3 vitest logic tests still fail — getNextStep (2) and buildDocumentScope priority (1). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-11 00:42:44 +02:00
parent bb9aacc3d3
commit a28db8f8f0
76 changed files with 280 additions and 190 deletions
@@ -211,7 +211,7 @@ export async function handleV2Draft(body: Record<string, unknown>): Promise<Next
    }, { status: 403 })
  }
-  const scores = extractScoresFromDraftContext(draftContext)
+  const scores = extractScoresFromDraftContext(draftContext as unknown as Parameters<typeof extractScoresFromDraftContext>[0])
  const narrativeTags: NarrativeTags = deriveNarrativeTags(scores)
  const allowedFacts = buildAllowedFactsFromDraftContext(draftContext, narrativeTags)
@@ -8,10 +8,10 @@ const BACKEND_URL = process.env.BACKEND_API_URL || 'http://backend-compliance:80
 export async function GET(
  request: NextRequest,
-  { params }: { params: { checkId: string } },
+  { params }: { params: Promise<{ checkId: string }> },
 ) {
  const qs = request.nextUrl.searchParams.toString()
-  const url = `${BACKEND_URL}/api/compliance/agent/migration/${params.checkId}/banner-preview${qs ? `?${qs}` : ''}`
+  const url = `${BACKEND_URL}/api/compliance/agent/migration/${(await params).checkId}/banner-preview${qs ? `?${qs}` : ''}`
  try {
    const resp = await fetch(url, { signal: AbortSignal.timeout(15000) })
    const data = await resp.json()
@@ -8,9 +8,9 @@ const BACKEND_URL = process.env.BACKEND_API_URL || 'http://backend-compliance:80
 export async function GET(
  _request: NextRequest,
-  { params }: { params: { checkId: string } },
+  { params }: { params: Promise<{ checkId: string }> },
 ) {
-  const url = `${BACKEND_URL}/api/compliance/agent/migration/${params.checkId}/document-preview`
+  const url = `${BACKEND_URL}/api/compliance/agent/migration/${(await params).checkId}/document-preview`
  try {
    const resp = await fetch(url, { signal: AbortSignal.timeout(15000) })
    const data = await resp.json()
@@ -8,9 +8,9 @@ const BACKEND_URL = process.env.BACKEND_API_URL || 'http://backend-compliance:80
 export async function GET(
  _request: NextRequest,
-  { params }: { params: { checkId: string } },
+  { params }: { params: Promise<{ checkId: string }> },
 ) {
-  const url = `${BACKEND_URL}/api/compliance/agent/migration/${params.checkId}/summary`
+  const url = `${BACKEND_URL}/api/compliance/agent/migration/${(await params).checkId}/summary`
  try {
    const resp = await fetch(url, { signal: AbortSignal.timeout(15000) })
    const data = await resp.json()
@@ -5,9 +5,9 @@ import { NextRequest, NextResponse } from 'next/server'
 const DSMS_URL = process.env.DSMS_GATEWAY_URL || 'http://dsms-gateway:8082'
-export async function GET(request: NextRequest, { params }: { params: Promise<{ path: string[] }> }) {
+export async function GET(request: NextRequest, { params }: { params: Promise<{ path?: string[] }> }) {
  const { path } = await params
-  const target = `${DSMS_URL}/api/v1/${path.join('/')}`
+  const target = `${DSMS_URL}/api/v1/${(path || []).join('/')}`
  try {
    const resp = await fetch(target, {
@@ -299,8 +299,8 @@ async function handleMeta(_params: URLSearchParams) {
    no_source_count: 0,
    release_state_counts: { active: total },
    verification_method_counts: Object.fromEntries(
-      vRes.rows.map((x: { verification_method: string; c: string }) =>
+      (vRes.rows as { verification_method: string; c: string }[]).map((x) =>
-        [x.verification_method, parseInt(x.c)])),
+        [x.verification_method, parseInt(x.c)] as [string, number])),
    category_counts: facet(catRes.rows),
    evidence_type_counts: {},
    use_case_counts: Object.fromEntries(
@@ -7,7 +7,6 @@ import { useSDK } from '@/lib/sdk'
 import {
  CourseCategory,
  COURSE_CATEGORY_INFO,
  CreateCourseRequest,
  GenerateCourseRequest
 } from '@/lib/sdk/academy/types'
 import { createCourse, generateCourse } from '@/lib/sdk/academy/api'
@@ -167,7 +167,7 @@ function AdvisoryBoardPageInner() {
          retention_purpose: intake.retention?.purpose || intake.retention_purpose || '',
          contracts: intake.contracts_list || [],
          subprocessors: intake.contracts?.subprocessors || intake.subprocessors || '',
-        })
+        } as AdvisoryForm)
      })
      .catch(() => {})
      .finally(() => setEditLoading(false))
@@ -32,12 +32,20 @@ interface TextRef {
 interface ScanFinding {
  code: string
  doc_title?: string
  severity: string
  text: string
  correction: string
  text_reference: TextRef | null
 }
 interface DiscoveredDocument {
  title: string
  completeness_pct: number
  word_count?: number
  url?: string
 }
 interface ScanData {
  pages_scanned: number
  pages_list: string[]
@@ -7,7 +7,7 @@ import { BannerCheckTab } from './_components/BannerCheckTab'
 import { ComplianceFAQ } from './_components/ComplianceFAQ'
 import { AgentTestTab } from './_components/AgentTestTab'
-type AnalysisTab = 'scan' | 'compliance-check' | 'banner-check' | 'agent-test'
+type AnalysisTab = 'scan' | 'compliance-check' | 'banner-check' | 'agent-test' | 'impressum-check' | 'doc-check'
 const TABS: { id: AnalysisTab; label: string; desc: string }[] = [
  { id: 'scan', label: 'Website-Scan', desc: 'Rechtliche Dokumente finden + Dienstleister erkennen' },
@@ -200,7 +200,7 @@ export function useCompanyProfileForm() {
      try {
        await fetch(profileApiUrl(), {
          method: 'POST', headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify(buildProfilePayload(formData, projectId, false)),
+          body: JSON.stringify(buildProfilePayload(formData, projectId ?? null, false)),
        })
        setDraftSaveStatus('saved')
        if (draftSaveTimerRef.current) clearTimeout(draftSaveTimerRef.current)
@@ -217,7 +217,7 @@ export function useCompanyProfileForm() {
    try {
      await fetch(profileApiUrl(), {
        method: 'POST', headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(buildProfilePayload(formData, projectId, false)),
+        body: JSON.stringify(buildProfilePayload(formData, projectId ?? null, false)),
      })
      setCompanyProfile({ ...formData, isComplete: false, completedAt: null } as CompanyProfile)
      setDraftSaveStatus('saved')
@@ -239,7 +239,7 @@ export function useCompanyProfileForm() {
    try {
      await fetch(profileApiUrl(), {
        method: 'POST', headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(buildProfilePayload(formData, projectId, true)),
+        body: JSON.stringify(buildProfilePayload(formData, projectId ?? null, true)),
      })
    } catch (err) { console.error('Failed to save company profile to backend:', err) }
@@ -148,7 +148,7 @@ export function OverviewTab({
                  { key: 'evidence_freshness', label: 'Aktualitaet', color: 'bg-yellow-500' },
                  { key: 'control_effectiveness', label: 'Control-Wirksamkeit', color: 'bg-indigo-500' },
                ] as const).map(dim => {
-                  const value = (dashboard.multi_score as Record<string, number>)[dim.key] || 0
+                  const value = (dashboard.multi_score as unknown as Record<string, number>)[dim.key] || 0
                  return (
                    <div key={dim.key} className="flex items-center gap-3">
                      <span className="text-xs text-slate-600 w-44 truncate">{dim.label}</span>
@@ -7,6 +7,12 @@ import type {
  TraceabilityMatrixData, TabKey,
 } from '../_components/types'
 export type {
  DashboardData, Regulation, MappingsData, FindingsData,
  RoadmapData, ModuleStatusData, NextAction, ScoreSnapshot,
  TraceabilityMatrixData, TabKey,
 } from '../_components/types'
 export function useComplianceHub() {
  const [activeTab, setActiveTab] = useState<TabKey>('overview')
  const [dashboard, setDashboard] = useState<DashboardData | null>(null)
@@ -48,7 +48,7 @@ export default function ComplianceScopePage() {
  // Migrate old decision format: drop decision if it has old-format fields
  const migrateState = (state: ComplianceScopeState): ComplianceScopeState => {
    if (state.decision) {
-      const d = state.decision as Record<string, unknown>
+      const d = state.decision as unknown as Record<string, unknown>
      // Old format had 'level' instead of 'determinedLevel', or docs with 'isMandatory'
      if (d.level || !d.determinedLevel) {
        return { ...state, decision: null }
@@ -13,6 +13,7 @@ export interface Document {
 }
 export interface Version {
  published_at?: string
  id: string
  document_id: string
  version: string
@@ -258,7 +258,7 @@ export function ControlDetailView({
            </div>
            <div className="text-xs text-gray-600 space-y-1">
              <p>Pfad: {String(ctrl.generation_metadata.processing_path || '-')}</p>
-              {ctrl.generation_metadata.similarity_status && (
+              {!!ctrl.generation_metadata.similarity_status && (
                <p className="text-red-600">Similarity: {String(ctrl.generation_metadata.similarity_status)}</p>
              )}
              {Array.isArray(ctrl.generation_metadata.similar_controls) && (
@@ -288,11 +288,11 @@ export function ControlDetail({
              <h3 className="text-sm font-semibold text-gray-700">Generierungsdetails (intern)</h3>
            </div>
            <div className="text-xs text-gray-600 space-y-1">
-              {ctrl.generation_metadata.processing_path && <p>Pfad: {String(ctrl.generation_metadata.processing_path)}</p>}
+              {!!ctrl.generation_metadata.processing_path && <p>Pfad: {String(ctrl.generation_metadata.processing_path)}</p>}
-              {ctrl.generation_metadata.decomposition_method && <p>Methode: {String(ctrl.generation_metadata.decomposition_method)}</p>}
+              {!!ctrl.generation_metadata.decomposition_method && <p>Methode: {String(ctrl.generation_metadata.decomposition_method)}</p>}
-              {ctrl.generation_metadata.pass0b_model && <p>LLM: {String(ctrl.generation_metadata.pass0b_model)}</p>}
+              {!!ctrl.generation_metadata.pass0b_model && <p>LLM: {String(ctrl.generation_metadata.pass0b_model)}</p>}
-              {ctrl.generation_metadata.obligation_type && <p>Obligation-Typ: {String(ctrl.generation_metadata.obligation_type)}</p>}
+              {!!ctrl.generation_metadata.obligation_type && <p>Obligation-Typ: {String(ctrl.generation_metadata.obligation_type)}</p>}
-              {ctrl.generation_metadata.similarity_status && <p className="text-red-600">Similarity: {String(ctrl.generation_metadata.similarity_status)}</p>}
+              {!!ctrl.generation_metadata.similarity_status && <p className="text-red-600">Similarity: {String(ctrl.generation_metadata.similarity_status)}</p>}
              {Array.isArray(ctrl.generation_metadata.similar_controls) && (
                <div>
                  <p className="font-medium">Aehnliche Controls:</p>
@@ -67,7 +67,7 @@ export function AnalyticsDashboard({ siteId }: { siteId?: string }) {
      setOverview(o)
      setTimeSeries(ts || [])
      setCategories(cats || {})
-      setDevices(devs || { desktop: 0, mobile: 0, tablet: 0, unknown: 0 })
+      setDevices((devs || { desktop: 0, mobile: 0, tablet: 0, unknown: 0 }) as DeviceStats)
    }).catch(() => {}).finally(() => setLoading(false))
  }, [sid, days])
@@ -190,7 +190,7 @@ export default function GeneratorSection({
          {ruleResult && (
            <div className="flex gap-1.5 flex-wrap">
              {flagPills.map(({ key, label, color }) =>
-                ruleResult.computedFlags[key] ? (
+                (ruleResult.computedFlags as unknown as Record<string, boolean>)[key] ? (
                  <span key={key} className={`px-2 py-0.5 text-[10px] font-medium rounded-full ${color}`}>
                    {label}
                  </span>
@@ -16,7 +16,7 @@ export default function RecommendedDocuments({ allTemplates, onUseTemplate }: Pr
  const { state } = useSDK()
  const [showOptional, setShowOptional] = useState(false)
-  const level = state?.complianceScope?.determinedLevel as ComplianceDepthLevel | undefined
+  const level = state?.complianceScope?.decision?.determinedLevel as ComplianceDepthLevel | undefined
  const scopeAnswers = state?.complianceScope?.answers || []
  const recommendations = useMemo(() => {
@@ -24,7 +24,7 @@ export default function RecommendedDocuments({ allTemplates, onUseTemplate }: Pr
    return evaluateTemplateRecommendations(
      scopeAnswers,
      level,
-      (state?.companyProfile as Record<string, unknown>) || {},
+      (state?.companyProfile as unknown as Record<string, unknown>) || {},
    )
  }, [level, scopeAnswers, state?.companyProfile])
@@ -165,6 +165,44 @@ export interface FeaturesCtx {
  HAS_WITHDRAWAL: boolean
  CONSUMER_WITHDRAWAL_TEXT: string
  SUPPORT_CHANNELS_TEXT: string
  // ── Optionale Feature-Template-Variablen (per str() ausgegeben, daher string) ─
  // Whistleblower (HinSchG)
  WHISTLEBLOWER_CONTACT_NAME?: string
  WHISTLEBLOWER_CONTACT_ROLE?: string
  WHISTLEBLOWER_EMAIL?: string
  WHISTLEBLOWER_PHONE?: string
  WHISTLEBLOWER_URL?: string
  // Videokonferenz
  VIDEO_PROVIDER_NAME?: string
  VIDEO_PROVIDER_COUNTRY?: string
  VIDEO_PROVIDER_ROLE?: string
  VIDEO_PROVIDER_PRIVACY_URL?: string
  RECORDING_RETENTION_DAYS?: string
  // KI / BYOD / Consent / Social Media
  APPROVED_AI_SYSTEMS?: string
  BYOD_COST_DETAILS?: string
  NEWSLETTER_SIGNUP_URL?: string
  SOCIAL_MEDIA_PLATFORMS_LIST?: string
  EDITORIAL_EMAIL?: string
  // Transfer / SCC (Empfänger im Drittland)
  RECIPIENT_NAME?: string
  RECIPIENT_COUNTRY?: string
  RECIPIENT_ADDRESS?: string
  RECIPIENT_CONTACT?: string
  RECIPIENT_EMAIL?: string
  RECIPIENT_ROLE?: string
  TRANSFER_PURPOSE?: string
  TRANSFER_MECHANISM?: string
  TRANSFER_FREQUENCY?: string
  DATA_CATEGORIES_TRANSFERRED?: string
  DATA_SUBJECTS?: string
  // DSI
  DSI_TITLE?: string
  SERVICE_SCOPE_DESCRIPTION?: string
  FULFILLMENT_LOCATION?: string
  GUIDELINES_URL?: string
  PROCESSOR_LIST_URL?: string
 }
 export interface TOMCtx {
@@ -95,7 +95,7 @@ function DocumentGeneratorPageInner() {
  // Pre-fill TOM/DPA context from Compliance Scope Engine
  useEffect(() => {
-    const scopeLevel = state?.complianceScope?.determinedLevel
+    const scopeLevel = state?.complianceScope?.decision?.determinedLevel
    if (scopeLevel) {
      const defaults = getGeneratorDefaults(scopeLevel, state?.companyProfile as never)
      setContext((prev) => ({
@@ -104,7 +104,7 @@ function DocumentGeneratorPageInner() {
        DPA: { ...prev.DPA, ...defaults.dpa },
      }))
    }
-  }, [state?.complianceScope?.determinedLevel, state?.companyProfile])
+  }, [state?.complianceScope?.decision?.determinedLevel, state?.companyProfile])
  // ── MODULE WIRING: Backend Banner-Config → CONSENT + FEATURES ────────────
  useEffect(() => {
@@ -12,8 +12,8 @@
 *   L4 = Zertifizierungsbereit (≥250 MA oder regulierte Branche)
 */
-import type { ComplianceDepthLevel } from '../../lib/sdk/compliance-scope-types/core-levels'
+import type { ComplianceDepthLevel } from '@/lib/sdk/compliance-scope-types/core-levels'
-import type { CompanyProfile } from '../../lib/sdk/types'
+import type { CompanyProfile } from '@/lib/sdk/types'
 import type { TOMCtx, DPACtx } from './contextBridge'
 // ============================================================================
@@ -216,33 +216,29 @@ export function getGeneratorDefaults(
  // CompanyProfile-Felder in TOM/DPA uebernehmen
  if (profile) {
-    if (profile.company_name) {
+    if (profile.companyName) {
-      dpaBase.AN_NAME = profile.company_name
+      dpaBase.AN_NAME = profile.companyName
      scopeSet.add('DPA.AN_NAME')
    }
-    if (profile.address) {
+    if (profile.headquartersStreet) {
-      dpaBase.AN_STRASSE = profile.address
+      dpaBase.AN_STRASSE = profile.headquartersStreet
      scopeSet.add('DPA.AN_STRASSE')
    }
-    if (profile.city && profile.postal_code) {
+    if (profile.headquartersCity && profile.headquartersZip) {
-      dpaBase.AN_PLZ_ORT = `${profile.postal_code} ${profile.city}`
+      dpaBase.AN_PLZ_ORT = `${profile.headquartersZip} ${profile.headquartersCity}`
      scopeSet.add('DPA.AN_PLZ_ORT')
    }
-    if (profile.dpo_name) {
+    if (profile.dpoName) {
      tomBase.ISB_NAME = tomBase.ISB_NAME || ''
-      dpaBase.AN_DSB_NAME = profile.dpo_name
+      dpaBase.AN_DSB_NAME = profile.dpoName
      scopeSet.add('DPA.AN_DSB_NAME')
    }
-    if (profile.dpo_email) {
+    if (profile.dpoEmail) {
-      dpaBase.AN_DSB_EMAIL = profile.dpo_email
+      dpaBase.AN_DSB_EMAIL = profile.dpoEmail
      scopeSet.add('DPA.AN_DSB_EMAIL')
    }
-    if (profile.ceo_name) {
+    // Unterzeichner/GF werden NICHT aus dem CompanyProfile befuellt — es enthaelt
-      dpaBase.AN_UNTERZEICHNER_NAME = profile.ceo_name
+    // keine Person; diese Felder kommen aus dem TOM/DPA-Generator selbst.
      tomBase.GF_NAME = profile.ceo_name
      scopeSet.add('DPA.AN_UNTERZEICHNER_NAME')
      scopeSet.add('TOM.GF_NAME')
    }
  }
  // Alle gesetzten TOM/DPA Felder als scope-set markieren
@@ -9,8 +9,8 @@
 * the CompanyProfile and scope answers.
 */
-import type { ComplianceDepthLevel } from '../../lib/sdk/compliance-scope-types/core-levels'
+import type { ComplianceDepthLevel } from '@/lib/sdk/compliance-scope-types/core-levels'
-import type { ScopeProfilingAnswer } from '../../lib/sdk/compliance-scope-types/state'
+import type { ScopeProfilingAnswer } from '@/lib/sdk/compliance-scope-types/state'
 // ============================================================================
 // Template recommendation rules
@@ -59,7 +59,7 @@ export function Section3Editor({ dsfa, onUpdate, isSubmitting }: SectionProps) {
      <div className="bg-gray-50 rounded-xl p-6">
        <RiskMatrix
          risks={dsfa.risks || []}
-          onRiskSelect={(risk) => setSelectedRisk(risk)}
+          onRiskSelect={(risk) => setSelectedRisk(risk as DSFARisk)}
          onAddRisk={handleAddRisk}
          selectedRiskId={selectedRisk?.id}
          readOnly={dsfa.status !== 'draft' && dsfa.status !== 'needs_update'}
@@ -18,9 +18,7 @@ export { PublicFormConfig as SettingsTabContent } from './PublicFormConfig'
 export function SettingsTab() {
  return (
    <div className="space-y-6">
-      <div className="bg-white rounded-xl border border-gray-200 p-6">
+      <div className="bg-white rounded-xl border border-gray-200 p-6">      </div>
        <SettingsTabContent />
      </div>
      <div className="bg-white rounded-xl border border-gray-200 p-6">
        <h3 className="text-base font-semibold text-slate-900 mb-2">Workflow-Konfiguration</h3>
        <p className="text-sm text-slate-500">
@@ -2,6 +2,7 @@
 import React, { useState } from 'react'
 import { createSDKDSR } from '@/lib/sdk/dsr/api'
 import type { DSRType, DSRSource } from '@/lib/sdk/dsr/types-core'
 export function DSRCreateModal({
  onClose,
@@ -10,11 +11,11 @@ export function DSRCreateModal({
  onClose: () => void
  onSuccess: () => void
 }) {
-  const [type, setType] = useState<string>('access')
+  const [type, setType] = useState<DSRType>('access')
  const [subjectName, setSubjectName] = useState('')
  const [subjectEmail, setSubjectEmail] = useState('')
  const [description, setDescription] = useState('')
-  const [source, setSource] = useState<string>('web_form')
+  const [source, setSource] = useState<DSRSource>('web_form')
  const [isSaving, setIsSaving] = useState(false)
  const [error, setError] = useState<string | null>(null)
@@ -80,7 +81,7 @@ export function DSRCreateModal({
              </label>
              <select
                value={type}
-                onChange={(e) => setType(e.target.value)}
+                onChange={(e) => setType(e.target.value as DSRType)}
                className="w-full px-3 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-purple-500 text-sm"
              >
                <option value="access">Art. 15 - Auskunft</option>
@@ -143,7 +144,7 @@ export function DSRCreateModal({
              </label>
              <select
                value={source}
-                onChange={(e) => setSource(e.target.value)}
+                onChange={(e) => setSource(e.target.value as DSRSource)}
                className="w-full px-3 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-purple-500 text-sm"
              >
                <option value="web_form">Webformular</option>
@@ -129,7 +129,7 @@ export function IstAssessment({ data, onChange }: Props) {
            <label key={item.field} className="flex items-center gap-3 cursor-pointer p-2 rounded-lg hover:bg-gray-50">
              <input
                type="checkbox"
-                checked={(data as Record<string, unknown>)[item.field] as boolean}
+                checked={(data as unknown as Record<string, unknown>)[item.field] as boolean}
                onChange={e => update(item.field, e.target.checked)}
                className="w-4 h-4 rounded border-gray-300 text-green-600"
              />
@@ -152,7 +152,7 @@ export function IstAssessment({ data, onChange }: Props) {
            <label key={item.field} className="flex items-center gap-3 cursor-pointer p-2 rounded-lg hover:bg-gray-50">
              <input
                type="checkbox"
-                checked={(data as Record<string, unknown>)[item.field] as boolean}
+                checked={(data as unknown as Record<string, unknown>)[item.field] as boolean}
                onChange={e => update(item.field, e.target.checked)}
                className="w-4 h-4 rounded border-gray-300 text-green-600"
              />
@@ -31,7 +31,7 @@ export function useMitigations(projectId: string) {
        const raw = json.mitigations || json || []
        // Map API fields (name, hazard_id) to frontend fields (title, linked_hazard_ids/names)
        const hazardMap = Object.fromEntries(hazardList.map((h) => [h.id, h.name]))
-        const hazardStatesMap = Object.fromEntries(hazardList.map((h) => [h.id, (h as Record<string, unknown>).operational_states || []]))
+        const hazardStatesMap = Object.fromEntries(hazardList.map((h) => [h.id, (h as unknown as Record<string, unknown>).operational_states || []]))
        const mits: Mitigation[] = raw.map((m: Record<string, unknown>) => ({
          id: m.id as string,
          title: (m.title || m.name || '') as string,
@@ -55,7 +55,7 @@ export function DeletionLogicSection({
      {policy.deletionTrigger === 'RETENTION_DRIVER' && (
        <div>
          <label className="block text-sm font-medium text-gray-700 mb-1">Aufbewahrungstreiber</label>
-          <select value={policy.retentionDriver}
+          <select value={policy.retentionDriver ?? ""}
            onChange={(e) => {
              const driver = e.target.value as RetentionDriverType
              const meta = RETENTION_DRIVER_META[driver]
@@ -78,13 +78,13 @@ export function DeletionLogicSection({
      <div className="grid grid-cols-2 gap-4">
        <div>
          <label className="block text-sm font-medium text-gray-700 mb-1">Aufbewahrungsdauer</label>
-          <input type="number" min={0} value={policy.retentionDuration}
+          <input type="number" min={0} value={policy.retentionDuration ?? ""}
            onChange={(e) => set('retentionDuration', parseInt(e.target.value) || 0)}
            className="w-full px-3 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-purple-500" />
        </div>
        <div>
          <label className="block text-sm font-medium text-gray-700 mb-1">Einheit</label>
-          <select value={policy.retentionUnit} onChange={(e) => set('retentionUnit', e.target.value as RetentionUnit)}
+          <select value={policy.retentionUnit ?? ""} onChange={(e) => set('retentionUnit', e.target.value as RetentionUnit)}
            className="w-full px-3 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-purple-500">
            <option value="DAYS">Tage</option>
            <option value="MONTHS">Monate</option>
@@ -232,7 +232,7 @@ export function StorageSection({
                      className="text-purple-600 focus:ring-purple-500 rounded" />
                  </td>
                  <td className="px-3 py-2">
-                    <input type="text" value={loc.provider}
+                    <input type="text" value={loc.provider ?? ""}
                      onChange={(e) => updateStorageLocationItem(idx, (s) => ({ ...s, provider: e.target.value }))}
                      placeholder="Anbieter"
                      className="w-full px-2 py-1 border border-gray-200 rounded text-sm focus:ring-1 focus:ring-purple-500" />
@@ -235,12 +235,12 @@ function ComplianceResultView({
                  {issue.recommendation && (
                    <p className="text-xs text-gray-500 mt-1 italic">Empfehlung: {issue.recommendation}</p>
                  )}
-                  {issue.affectedPolicyId && (
+                  {issue.policyId && (
                    <button
-                      onClick={() => { setEditingId(issue.affectedPolicyId!); setTab('editor') }}
+                      onClick={() => { setEditingId(issue.policyId!); setTab('editor') }}
                      className="text-xs text-purple-600 hover:text-purple-800 font-medium mt-1"
                    >
-                      Zur Loeschfrist: {issue.affectedPolicyId}
+                      Zur Loeschfrist: {issue.policyId}
                    </button>
                  )}
                </div>
@@ -98,7 +98,7 @@ function GeneratedPreview({
                  <div className="flex flex-wrap gap-1">
                    {renderTriggerBadge(getEffectiveDeletionTrigger(gp))}
                    <span className="inline-block text-xs font-medium px-2 py-0.5 rounded-full bg-blue-100 text-blue-800">
-                      {formatRetentionDuration(gp)}
+                      {formatRetentionDuration(gp.retentionDuration, gp.retentionUnit)}
                    </span>
                    {gp.retentionDriver && (
                      <span className="inline-block text-xs font-medium px-2 py-0.5 rounded-full bg-gray-100 text-gray-600">
@@ -157,7 +157,7 @@ function ProfilingWizard({
  const totalSteps = PROFILING_STEPS.length
  const progress = getProfilingProgress(profilingAnswers)
  const allComplete = PROFILING_STEPS.every((step, idx) =>
-    isStepComplete(step, profilingAnswers.filter((a) => a.stepIndex === idx)),
+    isStepComplete(profilingAnswers.filter((a) => a.stepIndex === idx), step.id),
  )
  const currentStep: ProfilingStep | undefined = PROFILING_STEPS[profilingStep]
@@ -200,7 +200,7 @@ function ProfilingWizard({
            return (
              <div key={question.id} className="border-t border-gray-100 pt-4">
                <label className="block text-sm font-medium text-gray-700 mb-2">
-                  {question.label}
+                  {question.question}
                  {question.helpText && (
                    <span className="block text-xs text-gray-400 font-normal mt-0.5">{question.helpText}</span>
                  )}
@@ -245,7 +245,7 @@ function ProfilingWizard({
                {question.type === 'multi' && question.options && (
                  <div className="space-y-2">
                    {question.options.map((opt) => {
-                      const selectedValues: string[] = currentAnswer?.value || []
+                      const selectedValues: string[] = Array.isArray(currentAnswer?.value) ? currentAnswer.value : []
                      const isSelected = selectedValues.includes(opt.value)
                      return (
                        <label key={opt.value}
@@ -271,7 +271,7 @@ function ProfilingWizard({
                )}
                {question.type === 'number' && (
-                  <input type="number" value={currentAnswer?.value ?? ''}
+                  <input type="number" value={(currentAnswer?.value ?? '') as string | number}
                    onChange={(e) => handleProfilingAnswer(profilingStep, question.id, e.target.value ? parseInt(e.target.value) : '')}
                    min={0} placeholder="Bitte Zahl eingeben"
                    className="w-full px-3 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-purple-500" />
@@ -187,7 +187,7 @@ export function UebersichtTab({
                <div className="flex flex-wrap gap-1.5 mb-3">
                  {renderTriggerBadge(trigger)}
                  <span className="inline-block text-xs font-medium px-2 py-0.5 rounded-full bg-blue-100 text-blue-800">
-                    {formatRetentionDuration(p)}
+                    {formatRetentionDuration(p.retentionDuration, p.retentionUnit)}
                  </span>
                  {renderStatusBadge(p.status)}
                  {overdue && (
@@ -4,7 +4,7 @@ import React, { useState, useEffect, useCallback, useMemo } from 'react'
 import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
 import {
  LoeschfristPolicy,
-  createEmptyLegalHold, createEmptyStorageLocation,
+  createEmptyPolicy, createEmptyLegalHold, createEmptyStorageLocation,
  isPolicyOverdue, getActiveLegalHolds,
 } from '@/lib/sdk/loeschfristen-types'
 import {
@@ -271,7 +271,7 @@ export default function LoeschfristenPage() {
  }, [])
  const handleGenerate = useCallback(() => {
-    const generated = generatePoliciesFromProfile(profilingAnswers)
+    const generated = generatePoliciesFromProfile(profilingAnswers).generatedPolicies
    setGeneratedPolicies(generated)
    setSelectedGenerated(new Set(generated.map((p) => p.policyId)))
  }, [profilingAnswers])
@@ -2,6 +2,7 @@
 import { useState, useEffect } from 'react'
 import { useSDK, ServiceModule } from '@/lib/sdk'
 import type { RiskSeverity } from '@/lib/sdk/types/enums'
 // =============================================================================
 // TYPES
@@ -97,7 +98,7 @@ function mapBackendToDisplay(m: BackendModule): Omit<DisplayModule, 'status' | '
    description: m.description || '',
    category: categorizeModule(m.display_name || m.name),
    regulations: [],
-    criticality: (m.criticality || 'MEDIUM').toUpperCase(),
+    criticality: (m.criticality || 'MEDIUM').toUpperCase() as RiskSeverity,
    processesPersonalData: m.processes_pii,
    hasAIComponents: m.ai_components,
    requirementsCount: m.regulation_count || 0,
@@ -153,7 +153,7 @@ export default function SDKDashboard() {
              </div>
              <div>
                <h3 className="font-semibold text-gray-900">Erkannte Regulierungen</h3>
-                <p className="text-xs text-gray-500">Basierend auf Ihrem Scope-Profiling (Level {state.complianceScope.decision.level})</p>
+                <p className="text-xs text-gray-500">Basierend auf Ihrem Scope-Profiling (Level {state.complianceScope.decision.determinedLevel})</p>
              </div>
            </div>
            <Link href={projectId ? `/sdk/compliance-scope?project=${projectId}` : '/sdk/compliance-scope'}
@@ -165,11 +165,11 @@ export default function SDKDashboard() {
            {(state.complianceScope.decision.requiredDocuments || []).length > 0 ? (
              ['DSGVO', 'AI Act', 'NIS2', 'HinSchG', 'TTDSG'].filter(reg => {
                const docs = state.complianceScope?.decision?.requiredDocuments || []
-                const triggers = state.complianceScope?.decision?.hardTriggers || []
+                const triggers = state.complianceScope?.decision?.triggeredHardTriggers || []
                if (reg === 'DSGVO') return true
-                if (reg === 'AI Act') return triggers.some((t: string) => t.toLowerCase().includes('ai') || t.toLowerCase().includes('ki'))
+                if (reg === 'AI Act') return triggers.some((t) => t.ruleId.toLowerCase().includes('ai') || t.ruleId.toLowerCase().includes('ki'))
-                if (reg === 'NIS2') return triggers.some((t: string) => t.toLowerCase().includes('nis') || t.toLowerCase().includes('kritisch'))
+                if (reg === 'NIS2') return triggers.some((t) => t.ruleId.toLowerCase().includes('nis') || t.ruleId.toLowerCase().includes('kritisch'))
-                if (reg === 'HinSchG') return triggers.some((t: string) => t.toLowerCase().includes('whistleblower') || t.toLowerCase().includes('hinweis'))
+                if (reg === 'HinSchG') return triggers.some((t) => t.ruleId.toLowerCase().includes('whistleblower') || t.ruleId.toLowerCase().includes('hinweis'))
                return false
              }).map(reg => (
                <span key={reg} className="px-3 py-1.5 bg-green-50 text-green-700 border border-green-200 rounded-lg text-sm font-medium">
@@ -134,11 +134,11 @@ export function RiskCard({
              <div className="flex items-center justify-between">
                <span className="font-medium text-gray-700">{m.controlId || `Mitigation ${idx + 1}`}</span>
                <span className={`px-2 py-0.5 text-xs rounded-full ${
-                  m.status === 'IMPLEMENTED' ? 'bg-green-100 text-green-700' :
+                  m.status === 'COMPLETED' ? 'bg-green-100 text-green-700' :
                  m.status === 'IN_PROGRESS' ? 'bg-yellow-100 text-yellow-700' :
                  'bg-gray-100 text-gray-500'
                }`}>
-                  {m.status === 'IMPLEMENTED' ? 'Implementiert' :
+                  {m.status === 'COMPLETED' ? 'Implementiert' :
                   m.status === 'IN_PROGRESS' ? 'In Bearbeitung' : m.status || 'Geplant'}
                </span>
              </div>
@@ -74,7 +74,7 @@ export default function RollenkonzeptPage() {
          ) : (
            <div className="grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 xl:grid-cols-4 gap-4">
              {mergedRoles.map(role => (
-                <RoleCard key={role.role_key} role={role} onSave={updateRole} onSendTest={sendTestEmail} />
+                <RoleCard key={role.role_key} role={role} onSave={(id, data) => updateRole(id, data).then(() => {})} onSendTest={sendTestEmail} />
              ))}
            </div>
          )}
@@ -130,9 +130,9 @@ export default function RollenkonzeptPage() {
          loading={reviewHook.loading}
          statusFilter={reviewHook.statusFilter}
          onFilterChange={reviewHook.setStatusFilter}
-          onApprove={reviewHook.approveReview}
+          onApprove={(id) => reviewHook.approveReview(id).then(() => {})}
-          onReject={reviewHook.rejectReview}
+          onReject={(id, comment) => reviewHook.rejectReview(id, comment).then(() => {})}
-          onSendNotification={reviewHook.sendNotification}
+          onSendNotification={(id) => reviewHook.sendNotification(id).then(() => {})}
        />
      )}
    </div>
@@ -9,7 +9,7 @@ export interface SDKFlowStep {
  package: 'vorbereitung' | 'analyse' | 'dokumentation' | 'rechtliche-texte' | 'betrieb'
  seq: number
  checkpointId?: string
-  checkpointType?: 'REQUIRED' | 'RECOMMENDED'
+  checkpointType?: 'REQUIRED' | 'RECOMMENDED' | 'OPTIONAL' | 'CONDITIONAL'
  checkpointReviewer?: 'NONE' | 'DSB' | 'LEGAL'
  // Beschreibung
@@ -110,7 +110,7 @@ export default function TOMPage() {
  const lastModifiedFormatted = useMemo(() => {
    if (!state?.metadata?.lastModified) return null
    try {
-      const date = new Date(state.metadata.lastModified)
+      const date = new Date(state.metadata?.lastModified as string)
      return date.toLocaleDateString('de-DE', {
        day: '2-digit',
        month: '2-digit',
@@ -42,6 +42,7 @@ interface ForbiddenPattern {
 }
 interface FullAssessment {
  enrichment_hints?: unknown[]
  id: string
  title: string
  tenant_id: string
@@ -296,7 +297,7 @@ export default function AssessmentDetailPage() {
      {/* Enrichment Hints */}
      {assessment.enrichment_hints && (
-        <EnrichmentHints hints={assessment.enrichment_hints} />
+        <EnrichmentHints hints={assessment.enrichment_hints as Parameters<typeof EnrichmentHints>[0]["hints"]} />
      )}
      {/* Compliance Optimizer Upsell */}
@@ -66,17 +66,17 @@ export default function TransfersPage() {
    const entries: TransferEntry[] = []
    for (const vendor of vendors) {
-      const locations = (vendor as Record<string, unknown>).processingLocations as Array<{
+      const locations = (vendor as unknown as Record<string, unknown>).processingLocations as Array<{
        country: string; isEU: boolean; isAdequate: boolean
      }> || []
-      const mechanisms = (vendor as Record<string, unknown>).transferMechanisms as string[] || []
+      const mechanisms = (vendor as unknown as Record<string, unknown>).transferMechanisms as string[] || []
      // Check if vendor has any SCC contract
      const vendorContracts = (contracts || []).filter(
-        (c: Record<string, unknown>) => c.vendorId === vendor.id
+        (c) => (c as unknown as Record<string, unknown>).vendorId === vendor.id
      )
      const hasSCC = vendorContracts.some(
-        (c: Record<string, unknown>) => c.documentType === 'SCC'
+        (c) => (c as unknown as Record<string, unknown>).documentType === 'SCC'
      )
      for (const loc of locations) {
@@ -269,7 +269,7 @@ export function CaseDetailPanel({
                    <div className="flex items-center justify-between mb-1">
                      <span className="font-medium text-gray-700">{msg.senderRole}</span>
                      <span className="text-xs text-gray-400">
-                        {new Date(msg.sentAt).toLocaleDateString('de-DE')}
+                        {new Date(msg.sentAt as string).toLocaleDateString('de-DE')}
                      </span>
                    </div>
                    <p className="text-gray-600">{msg.message}</p>
@@ -78,7 +78,7 @@ export default function RichTextToolbar({
        <div className="flex items-center gap-1">
          <input
            type="file"
-            ref={fileInputRef}
+            ref={fileInputRef as RefObject<HTMLInputElement>}
            onChange={onWordUpload}
            accept=".docx,.doc"
            className="hidden"
@@ -55,7 +55,7 @@ export default function SplitViewEditor({
                className="w-full px-3 py-2 mb-4 bg-slate-50 border border-slate-200 rounded-lg text-slate-700"
              />
              <div
-                ref={leftPanelRef}
+                ref={leftPanelRef as RefObject<HTMLDivElement>}
                className="prose prose-sm max-w-none p-4 bg-slate-50 border border-slate-200 rounded-lg min-h-[500px] max-h-[500px] overflow-y-auto"
                dangerouslySetInnerHTML={{ __html: currentVersion.content }}
              />
@@ -114,11 +114,11 @@ export default function SplitViewEditor({
          {isEditable ? (
            <div
-              ref={rightPanelRef}
+              ref={rightPanelRef as RefObject<HTMLDivElement>}
              className="min-h-[500px] max-h-[500px] overflow-y-auto"
            >
              <div
-                ref={editorRef}
+                ref={editorRef as RefObject<HTMLDivElement>}
                contentEditable
                onInput={onUpdateEditorContent}
                onPaste={onPaste}
@@ -129,7 +129,7 @@ export default function SplitViewEditor({
            </div>
          ) : (
            <div
-              ref={rightPanelRef}
+              ref={rightPanelRef as RefObject<HTMLDivElement>}
              className="prose prose-sm max-w-none p-4 bg-slate-50 border border-slate-200 rounded-lg min-h-[500px] max-h-[500px] overflow-y-auto"
              dangerouslySetInnerHTML={{ __html: editedContent || draftVersion?.content || '' }}
            />
@@ -125,7 +125,7 @@ export function AdvisorMessageList({ messages, isTyping, messagesEndRef }: Messa
        </div>
      )}
-      <div ref={messagesEndRef} />
+      <div ref={messagesEndRef as React.RefObject<HTMLDivElement>} />
    </>
  )
 }
@@ -305,7 +305,7 @@ export function SidebarModuleNav({ pathname, collapsed, projectId, pendingCRCoun
            </svg>
          }
          label="Compliance Wiki"
-          isActive={pathname?.startsWith('/sdk/wiki')}
+          isActive={!!pathname?.startsWith('/sdk/wiki')}
          collapsed={collapsed}
          projectId={projectId}
        />
@@ -3,6 +3,7 @@ import React, { useState, useCallback, useEffect } from 'react'
 import type { ScopeProfilingAnswer, ScopeProfilingQuestion } from '@/lib/sdk/compliance-scope-types'
 import { SCOPE_QUESTION_BLOCKS, getBlockProgress, getTotalProgress, getAnswerValue, prefillFromCompanyProfile, getProfileInfoForBlock, getAutoFilledScoringAnswers, getUnansweredRequiredQuestions } from '@/lib/sdk/compliance-scope-profiling'
 import type { ScopeQuestionBlockId } from '@/lib/sdk/compliance-scope-types'
 import { ScopeQuestionRenderer } from './ScopeQuestionRenderer'
 import { useSDK } from '@/lib/sdk'
 import { DatenkategorienBlock9 } from './DatenkategorienBlock'
@@ -3,7 +3,7 @@
 import React, { useCallback, useEffect, useRef } from 'react'
 import { useEditor, EditorContent, type Editor } from '@tiptap/react'
 import StarterKit from '@tiptap/starter-kit'
-import Table from '@tiptap/extension-table'
+import { Table } from '@tiptap/extension-table'
 import TableRow from '@tiptap/extension-table-row'
 import TableHeader from '@tiptap/extension-table-header'
 import TableCell from '@tiptap/extension-table-cell'
@@ -2,6 +2,7 @@
 import { useMemo, useState, useEffect, useCallback } from 'react'
 import { DerivedTOM, TOMGeneratorState } from '@/lib/sdk/tom-generator/types'
 import type { ControlCategory } from '@/lib/sdk/tom-generator/types/enums'
 import { getControlById, getControlsByCategory, getAllCategories } from '@/lib/sdk/tom-generator/controls/loader'
 import { SDM_GOAL_LABELS, getSDMCoverageStats, SDMGewaehrleistungsziel } from '@/lib/sdk/tom-generator/sdm-mapping'
@@ -103,7 +104,7 @@ export function TOMOverviewTab({ state, onSelectTOM, onStartGenerator }: TOMOver
    let toms = state.derivedTOMs
    if (categoryFilter !== 'ALL') {
-      const categoryControlIds = getControlsByCategory(categoryFilter).map(c => c.id)
+      const categoryControlIds = getControlsByCategory(categoryFilter as ControlCategory).map(c => c.id)
      toms = toms.filter(t => categoryControlIds.includes(t.controlId))
    }
@@ -152,7 +152,7 @@ const createMockState = (overrides: Partial<SDKState> = {}): SDKState => ({
    allowParallelWork: true,
  },
  ...overrides,
-})
+} as unknown as SDKState)
 describe('exportToPDF', () => {
  it('should return a Blob', async () => {
@@ -76,9 +76,9 @@ describe('parseRevenueRange', () => {
 // =============================================================================
 describe('buildAssessmentPayload', () => {
-  const baseProfile: CompanyProfile = {
+  const baseProfile = {
    companyName: 'Test GmbH',
-    legalForm: 'GmbH',
+    legalForm: 'gmbh',
    industry: ['IT', 'Software'],
    employeeCount: '50-249',
    annualRevenue: '10-50 Mio',
@@ -87,7 +87,7 @@ describe('buildAssessmentPayload', () => {
    isDataController: true,
    isDataProcessor: false,
    offerings: ['software_saas'],
-  }
+  } as unknown as CompanyProfile
  const baseAnswers: ScopeProfilingAnswer[] = [
    { questionId: 'data_art9', value: false, blockId: 'data' },
@@ -115,7 +115,7 @@ describe('buildAssessmentPayload', () => {
    expect(payload.annual_revenue).toBe(30000000)
    expect(payload.country).toBe('DE')
    expect(payload.industry).toBe('IT, Software')
-    expect(payload.legal_form).toBe('GmbH')
+    expect(payload.legal_form).toBe('gmbh')
    expect(payload.is_controller).toBe(true)
    expect(payload.is_processor).toBe(false)
    expect(payload.cross_border_transfer).toBe(true)
@@ -128,9 +128,9 @@ describe('buildAssessmentPayload', () => {
  })
  it('uses defaults for null/undefined profile fields', () => {
-    const emptyProfile: CompanyProfile = {
+    const emptyProfile = {
      companyName: 'Minimal',
-    }
+    } as unknown as CompanyProfile
    const payload = buildAssessmentPayload(emptyProfile, [], null)
    expect(payload.employee_count).toBe(10) // parseEmployeeRange(undefined)
@@ -178,7 +178,7 @@ describe('buildAssessmentPayload', () => {
    const decision: ScopeDecision = {
      determinedLevel: 'L3',
      triggeredHardTriggers: [
-        { rule: { id: 'rule-1', name: 'Test Rule', description: '', targetLevel: 'L3', trigger: { field: '', op: 'eq', value: true } }, factValue: true },
+        { ruleId: 'rule-1', rule: { id: 'rule-1', name: 'Test Rule', description: '', targetLevel: 'L3', trigger: { field: '', op: 'eq', value: true } }, factValue: true },
      ],
      requiredDocuments: [
        { documentType: 'dsfa', reason: 'test', regulation: 'dsgvo' },
@@ -208,7 +208,7 @@ export class ComplianceScopeEngine {
   * Liest einen Wert aus dem MachineBuilderProfile anhand eines Feldnamens
   */
  private getMachineBuilderValue(mb: MachineBuilderProfile, field: string): unknown {
-    return (mb as Record<string, unknown>)[field]
+    return (mb as unknown as Record<string, unknown>)[field]
  }
  /**
@@ -269,9 +269,9 @@ export class ComplianceScopeEngine {
        break
      case 'CONTAINS':
        if (Array.isArray(value)) {
-          baseCondition = value.includes(rule.conditionValue)
+          baseCondition = value.includes(rule.conditionValue as string)
        } else if (typeof value === 'string') {
-          baseCondition = value.includes(rule.conditionValue)
+          baseCondition = value.includes(rule.conditionValue as string)
        }
        break
      case 'IN':
@@ -163,7 +163,7 @@ export function prefillFromVVTAnswers(
  for (const [vvtQuestionId, vvtValue] of Object.entries(vvtAnswers)) {
    const scopeQuestionId = reverseMap[vvtQuestionId]
    if (scopeQuestionId) {
-      answers.push({ questionId: scopeQuestionId, value: vvtValue })
+      answers.push({ questionId: scopeQuestionId, value: vvtValue as string | number | boolean | string[] })
    }
  }
  return answers
@@ -187,7 +187,7 @@ export function prefillFromLoeschfristenAnswers(
  for (const lfAnswer of lfAnswers) {
    const scopeQuestionId = reverseMap[lfAnswer.questionId]
    if (scopeQuestionId) {
-      answers.push({ questionId: scopeQuestionId, value: lfAnswer.value })
+      answers.push({ questionId: scopeQuestionId, value: lfAnswer.value as string | number | boolean | string[] })
    }
  }
  return answers
@@ -34,6 +34,8 @@ export interface ScopeDecision {
  createdAt: string;
  /** Zeitstempel letzte Änderung */
  updatedAt: string;
  /** Zeitstempel der Auswertung */
  evaluatedAt?: string;
 }
 /**
@@ -58,6 +58,8 @@ export interface ScopeProfilingAnswer {
  questionId: string;
  /** Antwortwert (Typ abhängig von Fragentyp) */
  value: string | string[] | boolean | number;
  /** Optionaler Block-Kontext der Antwort */
  blockId?: string;
 }
 /**
@@ -5,6 +5,7 @@
 */
 import type { ScopeProfilingAnswer } from './questions'
 export type { ScopeProfilingAnswer } from './questions';
 import type { ScopeDecision } from './decisions'
 /**
@@ -15,6 +16,8 @@ export interface ComplianceScopeState {
  answers: ScopeProfilingAnswer[];
  /** Aktuelle Entscheidung (null wenn noch nicht berechnet) */
  decision: ScopeDecision | null;
  /** Zeitstempel letzte Aenderung */
  lastModified?: string;
  /** Zeitpunkt der letzten Evaluierung */
  lastEvaluatedAt: string | null;
  /** Sind alle Pflichtfragen beantwortet? */
@@ -48,6 +48,11 @@ export function generateDemoState(tenantId: string, userId: string): Partial<SDK
      annualRevenue: '2-10 Mio',
      headquartersCountry: 'DE',
      headquartersCity: 'Berlin',
      headquartersCountryOther: '',
      headquartersStreet: 'Beispielstrasse 1',
      headquartersZip: '10115',
      headquartersState: 'Berlin',
      offeringUrls: {},
      hasInternationalLocations: false,
      internationalCountries: [],
      targetMarkets: ['germany_only', 'dach'],
@@ -12,9 +12,9 @@ describe('ConstraintEnforcer', () => {
      scores: { risk_score: 50, complexity_score: 50, assurance_need: 50, composite_score: 50 },
      triggeredHardTriggers: [],
      requiredDocuments: [
-        { documentType: 'vvt', label: 'VVT', required: true, depth: 'Standard', detailItems: [], estimatedEffort: '2h', triggeredBy: [] },
+        { documentType: 'vvt', label: 'VVT', requirement: 'mandatory' as const, priority: 'medium' as const, estimatedEffort: 2, triggeredBy: [] },
-        { documentType: 'tom', label: 'TOM', required: true, depth: 'Standard', detailItems: [], estimatedEffort: '3h', triggeredBy: [] },
+        { documentType: 'tom', label: 'TOM', requirement: 'mandatory' as const, priority: 'medium' as const, estimatedEffort: 3, triggeredBy: [] },
-        { documentType: 'lf', label: 'LF', required: true, depth: 'Basis', detailItems: [], estimatedEffort: '1h', triggeredBy: [] },
+        { documentType: 'lf', label: 'LF', requirement: 'mandatory' as const, priority: 'medium' as const, estimatedEffort: 1, triggeredBy: [] },
      ],
      riskFlags: [],
      gaps: [],
@@ -66,7 +66,7 @@ describe('ConstraintEnforcer', () => {
    it('should warn but allow optional documents', () => {
      const decision = makeDecision({
        requiredDocuments: [
-          { documentType: 'vvt', label: 'VVT', required: true, depth: 'Standard', detailItems: [], estimatedEffort: '2h', triggeredBy: [] },
+          { documentType: 'vvt', label: 'VVT', requirement: 'mandatory' as const, priority: 'medium' as const, estimatedEffort: 2, triggeredBy: [] },
        ],
      })
      const result = enforcer.check('dsfa', decision)
@@ -115,18 +115,13 @@ describe('ConstraintEnforcer', () => {
      const decision = makeDecision({
        determinedLevel: 'L3',
        triggeredHardTriggers: [{
-          rule: {
+          ruleId: 'HT-ART9',
-            id: 'HT-ART9',
+          category: '',
-            label: 'Art. 9 Daten',
+          description: 'Art. 9 Daten',
            description: '',
            conditionField: '',
            conditionOperator: 'EQUALS' as const,
            conditionValue: null,
          minimumLevel: 'L3',
          requiresDSFA: true,
          mandatoryDocuments: ['dsfa'],
            dsfaRequired: true,
          legalReference: 'Art. 35 DSGVO',
          },
          matchedValue: null,
          explanation: 'Art. 9 Daten verarbeitet',
        }],
@@ -139,24 +134,19 @@ describe('ConstraintEnforcer', () => {
      const decision = makeDecision({
        determinedLevel: 'L3',
        triggeredHardTriggers: [{
-          rule: {
+          ruleId: 'HT-ART9',
-            id: 'HT-ART9',
+          category: '',
-            label: 'Art. 9 Daten',
+          description: 'Art. 9 Daten',
            description: '',
            conditionField: '',
            conditionOperator: 'EQUALS' as const,
            conditionValue: null,
          minimumLevel: 'L3',
          requiresDSFA: true,
          mandatoryDocuments: ['dsfa'],
            dsfaRequired: true,
          legalReference: 'Art. 35 DSGVO',
          },
          matchedValue: null,
          explanation: '',
        }],
        requiredDocuments: [
-          { documentType: 'dsfa', label: 'DSFA', required: true, depth: 'Vollstaendig', detailItems: [], estimatedEffort: '8h', triggeredBy: [] },
+          { documentType: 'dsfa', label: 'DSFA', requirement: 'mandatory' as const, priority: 'medium' as const, estimatedEffort: 8, triggeredBy: [] },
-          { documentType: 'vvt', label: 'VVT', required: true, depth: 'Standard', detailItems: [], estimatedEffort: '2h', triggeredBy: [] },
+          { documentType: 'vvt', label: 'VVT', requirement: 'mandatory' as const, priority: 'medium' as const, estimatedEffort: 2, triggeredBy: [] },
        ],
      })
      const result = enforcer.check('vvt', decision)
@@ -169,9 +159,9 @@ describe('ConstraintEnforcer', () => {
    it('should note critical risk flags', () => {
      const decision = makeDecision({
        riskFlags: [
-          { id: 'rf-1', severity: 'CRITICAL', title: 'Offene Art. 9 Verarbeitung', description: '', recommendation: 'DSFA durchfuehren' },
+          { severity: 'CRITICAL', category: '', message: 'Offene Art. 9 Verarbeitung', recommendation: 'DSFA durchfuehren' },
-          { id: 'rf-2', severity: 'HIGH', title: 'Fehlende Verschluesselung', description: '', recommendation: 'TOM erstellen' },
+          { severity: 'HIGH', category: '', message: 'Fehlende Verschluesselung', recommendation: 'TOM erstellen' },
-          { id: 'rf-3', severity: 'LOW', title: 'Dokumentation unvollstaendig', description: '', recommendation: '' },
+          { severity: 'LOW', category: '', message: 'Dokumentation unvollstaendig', recommendation: '' },
        ],
      })
      const result = enforcer.check('vvt', decision)
@@ -266,9 +266,9 @@ function deriveTriggeredRegulations(
  const regs = new Set<string>(['DSGVO'])
  const triggers = scope.decision.triggeredHardTriggers || []
  for (const t of triggers) {
-    if (t.rule.id.includes('ai_act') || t.rule.id.includes('ai-act')) regs.add('AI Act')
+    if (t.ruleId.includes('ai_act') || t.ruleId.includes('ai-act')) regs.add('AI Act')
-    if (t.rule.id.includes('nis2') || t.rule.id.includes('NIS2')) regs.add('NIS2')
+    if (t.ruleId.includes('nis2') || t.ruleId.includes('NIS2')) regs.add('NIS2')
-    if (t.rule.id.includes('ttdsg') || t.rule.id.includes('TTDSG')) regs.add('TTDSG')
+    if (t.ruleId.includes('ttdsg') || t.ruleId.includes('TTDSG')) regs.add('TTDSG')
  }
  return Array.from(regs)
 }
@@ -11,7 +11,7 @@
 */
 import type { ScopeDecision, ScopeDocumentType, ComplianceDepthLevel } from '../compliance-scope-types'
-import { DOCUMENT_SCOPE_MATRIX, getDepthLevelNumeric } from '../compliance-scope-types'
+import { DOCUMENT_SCOPE_MATRIX_CORE, getDepthLevelNumeric } from '../compliance-scope-types'
 import type { ConstraintCheckResult, DraftContext } from './types'
 export class ConstraintEnforcer {
@@ -57,9 +57,9 @@ export class ConstraintEnforcer {
    // -----------------------------------------------------------------------
    checkedRules.push('RULE-DOC-REQUIRED')
    const isRequired = decision.requiredDocuments.some(
-      d => d.documentType === documentType && d.required
+      d => d.documentType === documentType && d.requirement === 'mandatory'
    )
-    const scopeReq = DOCUMENT_SCOPE_MATRIX[documentType]?.[level]
+    const scopeReq = DOCUMENT_SCOPE_MATRIX_CORE[documentType]?.[level]
    if (!isRequired && scopeReq && !scopeReq.required) {
      // Nicht blockieren, aber warnen
@@ -96,7 +96,7 @@ export class ConstraintEnforcer {
    checkedRules.push('RULE-DSFA-ENFORCEMENT')
    if (documentType === 'dsfa') {
      const dsfaRequired = decision.triggeredHardTriggers.some(
-        t => t.rule.dsfaRequired
+        t => t.requiresDSFA
      )
      if (!dsfaRequired && level !== 'L4') {
@@ -110,10 +110,10 @@ export class ConstraintEnforcer {
    // Umgekehrt: Wenn DSFA verpflichtend und Typ != dsfa, ggf. hinweisen
    if (documentType !== 'dsfa') {
      const dsfaRequired = decision.triggeredHardTriggers.some(
-        t => t.rule.dsfaRequired
+        t => t.requiresDSFA
      )
      const dsfaInRequired = decision.requiredDocuments.some(
-        d => d.documentType === 'dsfa' && d.required
+        d => d.documentType === 'dsfa' && d.requirement === 'mandatory'
      )
      if (dsfaRequired && dsfaInRequired) {
@@ -136,7 +136,7 @@ export class ConstraintEnforcer {
    if (criticalRisks.length > 0) {
      adjustments.push(
        `${criticalRisks.length} kritische/hohe Risiko-Flags erkannt. ` +
-        `Draft muss diese adressieren: ${criticalRisks.map(r => r.title).join(', ')}`
+        `Draft muss diese adressieren: ${criticalRisks.map(r => r.message).join(', ')}`
      )
    }
@@ -145,7 +145,7 @@ export class ConstraintEnforcer {
    // -----------------------------------------------------------------------
    checkedRules.push('RULE-HARD-TRIGGER-CONSISTENCY')
    for (const trigger of decision.triggeredHardTriggers) {
-      const mandatoryDocs = trigger.rule.mandatoryDocuments
+      const mandatoryDocs = trigger.mandatoryDocuments
      if (mandatoryDocs.includes(documentType)) {
        // Gut - wir erstellen ein mandatory document
      } else {
@@ -175,35 +175,28 @@ export class ConstraintEnforcer {
      determinedLevel: context.decisions.level,
      scores: context.decisions.scores,
      triggeredHardTriggers: context.decisions.hardTriggers.map(t => ({
-        rule: {
+        ruleId: t.id,
-          id: t.id,
+        category: '',
-          label: t.label,
+        description: t.label,
          description: '',
          conditionField: '',
          conditionOperator: 'EQUALS' as const,
          conditionValue: null,
          minimumLevel: context.decisions.level,
          mandatoryDocuments: [],
          dsfaRequired: false,
        legalReference: t.legalReference,
-        },
+        minimumLevel: context.decisions.level,
        requiresDSFA: false,
        mandatoryDocuments: [],
        matchedValue: null,
        explanation: '',
      })),
      requiredDocuments: context.decisions.requiredDocuments.map(d => ({
        documentType: d.documentType,
        label: d.documentType,
-        required: true,
+        requirement: 'mandatory' as const,
-        depth: d.depth,
+        priority: 'medium' as const,
-        detailItems: d.detailItems,
+        estimatedEffort: 0,
        estimatedEffort: '',
        triggeredBy: [],
      })),
      riskFlags: context.constraints.riskFlags.map(f => ({
-        id: `rf-${f.title}`,
+        severity: f.severity,
-        severity: f.severity as 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL',
+        category: '',
-        title: f.title,
+        message: f.title,
        description: '',
        recommendation: f.recommendation,
      })),
      gaps: [],
@@ -14,7 +14,7 @@ export interface DocumentRAGConfig {
  query: string
 }
-export const DOCUMENT_RAG_CONFIG: Record<ScopeDocumentType, DocumentRAGConfig> = {
+export const DOCUMENT_RAG_CONFIG: Partial<Record<ScopeDocumentType, DocumentRAGConfig>> = {
  dsfa: {
    collection: 'bp_dsfa_corpus',
    query: 'Art. 35 DSGVO Datenschutz-Folgenabschaetzung DSFA Risikobewertung WP248 EDPB',
@@ -221,6 +221,7 @@ describe('DSFA type', () => {
  it('should accept a complete DSFA object', () => {
    const dsfa: DSFA = {
      id: 'dsfa-001',
      version: 1,
      tenant_id: 'tenant-001',
      name: 'AI Chatbot DSFA',
      description: 'Data Protection Impact Assessment for AI Chatbot',
@@ -70,6 +70,7 @@ export interface CookieBannerEmbedCode {
 * Vollstaendige Cookie Banner Konfiguration
 */
 export interface CookieBannerConfig {
  impressumUrl?: string
  id: string
  tenantId: string
  categories: CookieBannerCategory[]
@@ -18,13 +18,15 @@ export interface ProfilingQuestion {
  question: string // German
  helpText?: string
  type: 'single' | 'multi' | 'boolean' | 'number'
-  options?: { value: string; label: string }[]
+  options?: { value: string; label: string; description?: string }[]
  required: boolean
 }
 export interface ProfilingAnswer {
  questionId: string
  value: string | string[] | boolean | number
  /** Index des Profiling-Schritts, zu dem die Antwort gehört */
  stepIndex?: number
 }
 export interface ProfilingStep {
@@ -45,6 +45,8 @@ export type LegalHoldStatus = 'ACTIVE' | 'RELEASED' | 'EXPIRED'
 export interface LegalHold {
  id: string
  name?: string
  createdAt?: string
  reason: string
  legalBasis: string
  responsiblePerson: string
@@ -109,7 +109,7 @@ export function buildAssessmentPayload(
    is_kritis: false, // Kann spaeter aus Branche abgeleitet werden
    is_financial_institution: isFinancial,
    determined_level: decision?.determinedLevel || 'L2',
-    triggered_rules: decision?.triggeredHardTriggers?.map(t => t.rule.id) || [],
+    triggered_rules: decision?.triggeredHardTriggers?.map(t => t.ruleId) || [],
    required_documents: decision?.requiredDocuments?.map(d => d.documentType) || [],
    cert_target: getAnswerString(scopeAnswers, 'org_cert_target'),
  }
@@ -39,6 +39,7 @@ export interface ExportRecord {
 // =============================================================================
 export interface TOMGeneratorState {
  metadata?: Record<string, unknown>
  id: string
  tenantId: string
  companyProfile: CompanyProfile | null
@@ -280,6 +280,7 @@ export interface CookieBannerGeneratedCode {
 }
 export interface CookieBannerConfig {
  impressumUrl?: string
  id: string
  style: CookieBannerStyle
  position: CookieBannerPosition
@@ -91,6 +91,7 @@ export type TemplateType =
 export type Jurisdiction = 'DE' | 'AT' | 'CH' | 'EU' | 'US' | 'INTL'
 export interface LegalTemplateResult {
  source?: string
  id: string
  score: number
  text: string
@@ -257,6 +258,7 @@ export const DEFAULT_PLACEHOLDERS: Record<string, string> = {
 export const TEMPLATE_TYPE_LABELS: Record<TemplateType, string> = {
  // Legal / Vertragsvorlagen
  standard_operating_procedure: 'Standard Operating Procedure (SOP)',
  privacy_policy: 'Datenschutzerkl\u00e4rung',
  terms_of_service: 'Nutzungsbedingungen',
  agb: 'Allgemeine Gesch\u00e4ftsbedingungen',
@@ -245,7 +245,7 @@ export function VendorComplianceProvider({
      startContractReview,
      loadData,
      refresh,
-    }),
+    } as VendorComplianceContextValue),
    [
      state,
      vendorStats,
@@ -190,6 +190,7 @@ export interface AuditEntry {
 }
 export interface AnonymousMessage {
  sentAt?: string
  id: string
  reportId: string
  senderRole: 'reporter' | 'ombudsperson'
@@ -2,9 +2,12 @@
 const nextConfig = {
  output: 'standalone',
  reactStrictMode: true,
-  // TODO: Remove after fixing type incompatibilities from restore
+  // Type errors fail the build — the compiler is the safety net. The 266
  // pre-existing errors masked by this flag were resolved on 2026-06-11;
  // do not re-enable ignoreBuildErrors (it hides real bugs, e.g. constraint
  // logic reading non-existent fields).
  typescript: {
-    ignoreBuildErrors: true,
+    ignoreBuildErrors: false,
  },
  // Allow images from backend
  images: {
@@ -0,0 +1,25 @@
 // Minimal ambient types for node-postgres (pg) — @types/pg is not installed.
 // Mirrors @types/pg's permissive defaults (rows: any) so the existing raw-SQL
 // route handlers type-check exactly as they would with the real @types/pg.
 declare module 'pg' {
  export interface QueryResult<R = any> {
    rows: R[]
    rowCount: number
  }
  export interface PoolConfig {
    connectionString?: string
    ssl?: boolean | { rejectUnauthorized?: boolean }
    max?: number
    [key: string]: unknown
  }
  export class Pool {
    constructor(config?: PoolConfig)
    query<R = any>(text: string, values?: unknown[]): Promise<QueryResult<R>>
    connect(): Promise<PoolClient>
    end(): Promise<void>
  }
  export interface PoolClient {
    query<R = any>(text: string, values?: unknown[]): Promise<QueryResult<R>>
    release(): void
  }
 }
@@ -0,0 +1,5 @@
 // Makes vitest's global test APIs (describe/it/expect/vi/beforeEach…) known to
 // TypeScript. vitest.config.ts already sets `globals: true` for the runtime; this
 // ambient reference is the type-side counterpart, added without a restrictive
 // tsconfig `types` array so the project's other @types stay auto-included.
 /// <reference types="vitest/globals" />
@@ -9,7 +9,7 @@ export default defineConfig({
    globals: true,
    setupFiles: ['./vitest.setup.ts'],
    include: ['**/*.{test,spec}.{js,mjs,cjs,ts,mts,cts,jsx,tsx}'],
-    exclude: ['node_modules', '.next', 'dist', 'e2e'],
+    exclude: ['node_modules', '.next', 'dist', 'e2e', 'tests/playwright/**', '**/playwright/**'],
    coverage: {
      provider: 'v8',
      reporter: ['text', 'json', 'html'],