From ab6ba631088fc48636bdf87a3035d2395dc2f060 Mon Sep 17 00:00:00 2001 From: Sharang Parnerkar <30073382+mighty840@users.noreply.github.com> Date: Fri, 10 Apr 2026 11:39:32 +0200 Subject: [PATCH] refactor(admin): split lib/sdk/types.ts (2511 LOC) into per-domain modules under types/ Replace the monolithic types.ts with 11 focused modules: - enums.ts, company-profile.ts, sdk-flow.ts, sdk-steps.ts, assessment.ts, compliance.ts, sdk-state.ts, iace.ts, helpers.ts, document-generator.ts - Barrel index.ts re-exports everything so existing imports work unchanged All files under 500 LOC hard cap. tsc error count unchanged (185), next build passes. Co-Authored-By: Claude Opus 4.6 (1M context) --- admin-compliance/lib/sdk/types.ts | 2511 ----------------- admin-compliance/lib/sdk/types/assessment.ts | 286 ++ .../lib/sdk/types/company-profile.ts | 222 ++ admin-compliance/lib/sdk/types/compliance.ts | 383 +++ .../lib/sdk/types/document-generator.ts | 468 +++ admin-compliance/lib/sdk/types/enums.ts | 98 + admin-compliance/lib/sdk/types/helpers.ts | 194 ++ admin-compliance/lib/sdk/types/iace.ts | 23 + admin-compliance/lib/sdk/types/index.ts | 18 + admin-compliance/lib/sdk/types/sdk-flow.ts | 104 + admin-compliance/lib/sdk/types/sdk-state.ts | 192 ++ admin-compliance/lib/sdk/types/sdk-steps.ts | 495 ++++ 12 files changed, 2483 insertions(+), 2511 deletions(-) delete mode 100644 admin-compliance/lib/sdk/types.ts create mode 100644 admin-compliance/lib/sdk/types/assessment.ts create mode 100644 admin-compliance/lib/sdk/types/company-profile.ts create mode 100644 admin-compliance/lib/sdk/types/compliance.ts create mode 100644 admin-compliance/lib/sdk/types/document-generator.ts create mode 100644 admin-compliance/lib/sdk/types/enums.ts create mode 100644 admin-compliance/lib/sdk/types/helpers.ts create mode 100644 admin-compliance/lib/sdk/types/iace.ts create mode 100644 admin-compliance/lib/sdk/types/index.ts create mode 100644 admin-compliance/lib/sdk/types/sdk-flow.ts create mode 100644 admin-compliance/lib/sdk/types/sdk-state.ts create mode 100644 admin-compliance/lib/sdk/types/sdk-steps.ts diff --git a/admin-compliance/lib/sdk/types.ts b/admin-compliance/lib/sdk/types.ts deleted file mode 100644 index a7f789a..0000000 --- a/admin-compliance/lib/sdk/types.ts +++ /dev/null @@ -1,2511 +0,0 @@ -/** - * AI Compliance SDK - TypeScript Interfaces - * - * Comprehensive type definitions for the SDK's state management, - * checkpoint system, and all compliance-related data structures. - */ - -import type { CustomCatalogs, CatalogId, CustomCatalogEntry } from './catalog-manager/types' - -// ============================================================================= -// ENUMS -// ============================================================================= - -export type SubscriptionTier = 'FREE' | 'STARTER' | 'PROFESSIONAL' | 'ENTERPRISE' - -export type SDKPhase = 1 | 2 - -// ============================================================================= -// SDK PACKAGES (NEU) -// ============================================================================= - -export type SDKPackageId = 'vorbereitung' | 'analyse' | 'dokumentation' | 'rechtliche-texte' | 'betrieb' - -export type CustomerType = 'new' | 'existing' - -// ============================================================================= -// PROJECT INFO (Multi-Projekt-Architektur) -// ============================================================================= - -export interface ProjectInfo { - id: string - name: string - description: string - customerType: CustomerType - status: 'active' | 'archived' - projectVersion: number - completionPercentage: number - createdAt: string - updatedAt: string -} - -// ============================================================================= -// COMPANY PROFILE (Business Context - collected before use cases) -// ============================================================================= - -export type BusinessModel = 'B2B' | 'B2C' | 'B2B_B2C' | 'B2B2C' - -export type OfferingType = - | 'app_mobile' // Mobile App - | 'app_web' // Web Application - | 'website' // Website/Landing Pages - | 'webshop' // E-Commerce - | 'hardware' // Hardware sales - | 'software_saas' // SaaS/Software products - | 'software_onpremise' // On-Premise Software - | 'services_consulting' // Consulting/Professional Services - | 'services_agency' // Agency Services - | 'internal_only' // Internal applications only - -export type TargetMarket = - | 'germany_only' // Only Germany - | 'dach' // Germany, Austria, Switzerland - | 'eu' // European Union - | 'ewr' // European Economic Area (EU + Iceland, Liechtenstein, Norway) - | 'eu_uk' // EU + United Kingdom - | 'worldwide' // Global operations - -export type CompanySize = 'micro' | 'small' | 'medium' | 'large' | 'enterprise' - -export type LegalForm = - | 'einzelunternehmen' // Sole proprietorship - | 'gbr' // GbR - | 'ohg' // OHG - | 'kg' // KG - | 'gmbh' // GmbH - | 'ug' // UG (haftungsbeschränkt) - | 'ag' // AG - | 'gmbh_co_kg' // GmbH & Co. KG - | 'ev' // e.V. (Verein) - | 'stiftung' // Foundation - | 'other' // Other - -// ============================================================================= -// MACHINE BUILDER PROFILE (IACE - Industrial AI Compliance Engine) -// ============================================================================= - -export type MachineProductType = 'test_stand' | 'robot_cell' | 'special_machine' | 'production_line' | 'other' - -export type AIIntegrationType = 'vision' | 'predictive_maintenance' | 'quality_control' | 'robot_control' | 'process_optimization' | 'other' - -export type HumanOversightLevel = 'full' | 'partial' | 'minimal' | 'none' - -export type CriticalSector = 'energy' | 'water' | 'transport' | 'health' | 'pharma' | 'automotive' | 'defense' - -export interface MachineBuilderProfile { - // Produkt - productTypes: MachineProductType[] - productDescription: string - productPride: string - containsSoftware: boolean - containsFirmware: boolean - containsAI: boolean - aiIntegrationType: AIIntegrationType[] - - // Sicherheit - hasSafetyFunction: boolean - safetyFunctionDescription: string - autonomousBehavior: boolean - humanOversightLevel: HumanOversightLevel - - // Konnektivitaet - isNetworked: boolean - hasRemoteAccess: boolean - hasOTAUpdates: boolean - updateMechanism: string - - // Markt & Kunden - exportMarkets: string[] - criticalSectorClients: boolean - criticalSectors: CriticalSector[] - oemClients: boolean - - // CE - ceMarkingRequired: boolean - existingCEProcess: boolean - hasRiskAssessment: boolean -} - -export const MACHINE_PRODUCT_TYPE_LABELS: Record = { - test_stand: 'Pruefstand', - robot_cell: 'Roboterzelle', - special_machine: 'Sondermaschine', - production_line: 'Produktionslinie', - other: 'Sonstige', -} - -export const AI_INTEGRATION_TYPE_LABELS: Record = { - vision: 'Bildverarbeitung / Machine Vision', - predictive_maintenance: 'Predictive Maintenance', - quality_control: 'Qualitaetskontrolle', - robot_control: 'Robotersteuerung', - process_optimization: 'Prozessoptimierung', - other: 'Sonstige', -} - -export const HUMAN_OVERSIGHT_LABELS: Record = { - full: 'Vollstaendig (Mensch entscheidet immer)', - partial: 'Teilweise (Mensch ueberwacht)', - minimal: 'Minimal (Mensch greift nur bei Stoerung ein)', - none: 'Keine (vollautonomer Betrieb)', -} - -export const CRITICAL_SECTOR_LABELS: Record = { - energy: 'Energie', - water: 'Wasser', - transport: 'Transport / Verkehr', - health: 'Gesundheit', - pharma: 'Pharma', - automotive: 'Automotive', - defense: 'Verteidigung', -} - -export interface CompanyProfile { - // Basic Info - companyName: string - legalForm: LegalForm - industry: string[] // Multi-select industries - industryOther: string // Custom text when "Sonstige" selected - foundedYear: number | null - - // Business Model - businessModel: BusinessModel - offerings: OfferingType[] - offeringUrls: Partial> // e.g. { website: 'https://...', webshop: 'https://...' } - - // Size & Scope - companySize: CompanySize - employeeCount: string // Range: "1-9", "10-49", "50-249", "250-999", "1000+" - annualRevenue: string // Range: "< 2 Mio", "2-10 Mio", "10-50 Mio", "> 50 Mio" - - // Locations - headquartersCountry: string // ISO country code, e.g., "DE" - headquartersCountryOther: string // Free text if country not in list - headquartersStreet: string - headquartersZip: string - headquartersCity: string - headquartersState: string // Bundesland / Kanton / Region - hasInternationalLocations: boolean - internationalCountries: string[] // ISO country codes - - // Target Markets & Legal Scope - targetMarkets: TargetMarket[] - primaryJurisdiction: string // Which law primarily applies: "DE", "AT", "CH", etc. - - // Data Processing Role - isDataController: boolean // Verantwortlicher (Art. 4 Nr. 7 DSGVO) - isDataProcessor: boolean // Auftragsverarbeiter (Art. 4 Nr. 8 DSGVO) - - // Contact Persons - dpoName: string | null // Data Protection Officer - dpoEmail: string | null - legalContactName: string | null - legalContactEmail: string | null - - // Machine Builder (IACE) - machineBuilder?: MachineBuilderProfile - - // Completion Status - isComplete: boolean - completedAt: Date | null -} - -export const COMPANY_SIZE_LABELS: Record = { - micro: 'Kleinstunternehmen (< 10 MA)', - small: 'Kleinunternehmen (10-49 MA)', - medium: 'Mittelstand (50-249 MA)', - large: 'Großunternehmen (250-999 MA)', - enterprise: 'Konzern (1000+ MA)', -} - -export const BUSINESS_MODEL_LABELS: Record = { - B2B: { short: 'B2B', description: 'Verkauf an Geschäftskunden' }, - B2C: { short: 'B2C', description: 'Verkauf an Privatkunden' }, - B2B_B2C: { short: 'B2B + B2C', description: 'Verkauf an Geschäfts- und Privatkunden' }, - B2B2C: { short: 'B2B2C', description: 'Über Partner an Endkunden (z.B. Plattform, White-Label)' }, -} - -export const OFFERING_TYPE_LABELS: Record = { - app_mobile: { label: 'Mobile App', description: 'iOS/Android Anwendungen' }, - app_web: { label: 'Web-Anwendung', description: 'Browser-basierte Software' }, - website: { label: 'Website', description: 'Informationsseiten, Landing Pages' }, - webshop: { label: 'Online-Shop', description: 'Physische Produkte oder Hardware-Abos verkaufen' }, - hardware: { label: 'Hardware-Verkauf', description: 'Physische Produkte' }, - software_saas: { label: 'SaaS/Cloud', description: 'Software online bereitstellen (auch wenn ueber einen Shop verkauft)' }, - software_onpremise: { label: 'On-Premise Software', description: 'Lokale Installation' }, - services_consulting: { label: 'Beratung', description: 'Consulting, Professional Services' }, - services_agency: { label: 'Agentur', description: 'Marketing, Design, Entwicklung' }, - internal_only: { label: 'Nur intern', description: 'Interne Unternehmensanwendungen' }, -} - -export const TARGET_MARKET_LABELS: Record = { - germany_only: { - label: 'Nur Deutschland', - description: 'Verkauf nur in Deutschland', - regulations: ['DSGVO', 'BDSG', 'TTDSG', 'AI Act'], - }, - dach: { - label: 'DACH-Region', - description: 'Deutschland, Österreich, Schweiz', - regulations: ['DSGVO', 'BDSG', 'DSG (AT)', 'DSG (CH)', 'AI Act'], - }, - eu: { - label: 'Europäische Union', - description: 'Alle EU-Mitgliedsstaaten', - regulations: ['DSGVO', 'AI Act', 'NIS2', 'DMA/DSA'], - }, - ewr: { - label: 'EWR', - description: 'EU + Island, Liechtenstein, Norwegen', - regulations: ['DSGVO', 'AI Act', 'NIS2', 'EWR-Sonderregelungen'], - }, - eu_uk: { - label: 'EU + Großbritannien', - description: 'EU plus Vereinigtes Königreich', - regulations: ['DSGVO', 'UK GDPR', 'AI Act', 'UK AI Framework'], - }, - worldwide: { - label: 'Weltweit', - description: 'Globaler Verkauf/Betrieb', - regulations: ['DSGVO', 'CCPA', 'LGPD', 'POPIA', 'und weitere...'], - }, -} - -// SDK Coverage Limitations - be honest about what we can/cannot help with -export interface SDKCoverageAssessment { - isFullyCovered: boolean - coveredRegulations: string[] - partiallyCoveredRegulations: string[] - notCoveredRegulations: string[] - requiresLegalCounsel: boolean - reasons: string[] - recommendations: string[] -} - -export interface SDKPackage { - id: SDKPackageId - order: number - name: string - nameShort: string - description: string - icon: string - result: string -} - -export const SDK_PACKAGES: SDKPackage[] = [ - { - id: 'vorbereitung', - order: 1, - name: 'Vorbereitung', - nameShort: 'Vorbereitung', - description: 'Grundlagen erfassen, Ausgangssituation verstehen', - icon: '🎯', - result: 'Klares Verständnis, welche Regulierungen greifen', - }, - { - id: 'analyse', - order: 2, - name: 'Analyse', - nameShort: 'Analyse', - description: 'Risiken erkennen, Anforderungen ableiten', - icon: '🔍', - result: 'Vollständige Risikobewertung, Audit-Ready', - }, - { - id: 'dokumentation', - order: 3, - name: 'Dokumentation', - nameShort: 'Doku', - description: 'Rechtliche Pflichtnachweise erstellen', - icon: '📋', - result: 'DSFA, TOMs, VVT, Löschkonzept', - }, - { - id: 'rechtliche-texte', - order: 4, - name: 'Rechtliche Texte', - nameShort: 'Legal', - description: 'Kundenfähige Dokumente generieren', - icon: '📝', - result: 'AGB, DSI, Nutzungsbedingungen, Cookie-Banner (Code)', - }, - { - id: 'betrieb', - order: 5, - name: 'Betrieb', - nameShort: 'Betrieb', - description: 'Laufender Compliance-Betrieb', - icon: '⚙️', - result: 'DSR-Portal, Eskalationsprozesse, Vendor-Management', - }, -] - -export type CheckpointType = 'REQUIRED' | 'RECOMMENDED' | 'OPTIONAL' - -export type ReviewerType = 'NONE' | 'TEAM_LEAD' | 'DSB' | 'LEGAL' - -export type ValidationSeverity = 'ERROR' | 'WARNING' | 'INFO' - -export type RiskSeverity = 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL' - -export type RiskLikelihood = 1 | 2 | 3 | 4 | 5 - -export type RiskImpact = 1 | 2 | 3 | 4 | 5 - -export type ImplementationStatus = 'NOT_IMPLEMENTED' | 'PARTIAL' | 'IMPLEMENTED' - -export type RequirementStatus = 'NOT_STARTED' | 'IN_PROGRESS' | 'IMPLEMENTED' | 'VERIFIED' - -export type ControlType = 'TECHNICAL' | 'ORGANIZATIONAL' | 'PHYSICAL' - -export type EvidenceType = 'DOCUMENT' | 'SCREENSHOT' | 'LOG' | 'CERTIFICATE' | 'AUDIT_REPORT' - -export type RiskStatus = 'IDENTIFIED' | 'ASSESSED' | 'MITIGATED' | 'ACCEPTED' | 'CLOSED' - -export type MitigationType = 'AVOID' | 'TRANSFER' | 'MITIGATE' | 'ACCEPT' - -export type AIActRiskCategory = 'MINIMAL' | 'LIMITED' | 'HIGH' | 'UNACCEPTABLE' - -export type DSFAStatus = 'DRAFT' | 'IN_REVIEW' | 'APPROVED' | 'REJECTED' - -export type ScreeningStatus = 'PENDING' | 'RUNNING' | 'COMPLETED' | 'FAILED' - -export type SecurityIssueSeverity = 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW' - -export type SecurityIssueStatus = 'OPEN' | 'IN_PROGRESS' | 'RESOLVED' | 'ACCEPTED' - -export type CookieBannerStyle = 'BANNER' | 'MODAL' | 'FLOATING' - -export type CookieBannerPosition = 'TOP' | 'BOTTOM' | 'CENTER' - -export type CookieBannerTheme = 'LIGHT' | 'DARK' | 'CUSTOM' - -export type CommandType = 'ACTION' | 'NAVIGATION' | 'SEARCH' | 'GENERATE' | 'HELP' - -// ============================================================================= -// SDK FLOW & NAVIGATION -// ============================================================================= - -export interface SDKStep { - id: string - seq: number // Globale Sequenznummer (100, 200, 300, ...) - phase: SDKPhase - package: SDKPackageId - order: number - name: string - nameShort: string - description: string - url: string - checkpointId: string - prerequisiteSteps: string[] - isOptional: boolean - visibleWhen?: (state: SDKState) => boolean // Konditionale Sichtbarkeit -} - -export const SDK_STEPS: SDKStep[] = [ - // ============================================================================= - // PAKET 1: VORBEREITUNG (Foundation) - // ============================================================================= - { - id: 'company-profile', - seq: 100, - phase: 1, - package: 'vorbereitung', - order: 1, - name: 'Unternehmensprofil', - nameShort: 'Profil', - description: 'Geschäftsmodell, Größe und Zielmärkte erfassen', - url: '/sdk/company-profile', - checkpointId: 'CP-PROF', - prerequisiteSteps: [], - isOptional: false, - }, - { - id: 'compliance-scope', - seq: 200, - phase: 1, - package: 'vorbereitung', - order: 2, - name: 'Compliance Scope', - nameShort: 'Scope', - description: 'Umfang und Tiefe Ihrer Compliance-Dokumentation bestimmen', - url: '/sdk/compliance-scope', - checkpointId: 'CP-SCOPE', - prerequisiteSteps: ['company-profile'], - isOptional: false, - }, - { - id: 'use-case-assessment', - seq: 300, - phase: 1, - package: 'vorbereitung', - order: 3, - name: 'Anwendungsfall-Erfassung', - nameShort: 'Anwendung', - description: 'AI-Anwendungsfälle strukturiert dokumentieren', - url: '/sdk/advisory-board', - checkpointId: 'CP-UC', - prerequisiteSteps: ['company-profile'], - isOptional: false, - }, - { - id: 'import', - seq: 400, - phase: 1, - package: 'vorbereitung', - order: 4, - name: 'Dokument-Import', - nameShort: 'Import', - description: 'Bestehende Dokumente hochladen (Bestandskunden)', - url: '/sdk/import', - checkpointId: 'CP-IMP', - prerequisiteSteps: ['use-case-assessment'], - isOptional: true, - visibleWhen: (state) => state.customerType === 'existing', - }, - { - id: 'screening', - seq: 500, - phase: 1, - package: 'vorbereitung', - order: 5, - name: 'System Screening', - nameShort: 'Screening', - description: 'SBOM + Security Check', - url: '/sdk/screening', - checkpointId: 'CP-SCAN', - prerequisiteSteps: ['use-case-assessment'], - isOptional: false, - }, - { - id: 'modules', - seq: 600, - phase: 1, - package: 'vorbereitung', - order: 6, - name: 'Compliance Modules', - nameShort: 'Module', - description: 'Abgleich welche Regulierungen gelten', - url: '/sdk/modules', - checkpointId: 'CP-MOD', - prerequisiteSteps: ['screening'], - isOptional: false, - }, - { - id: 'source-policy', - seq: 700, - phase: 1, - package: 'vorbereitung', - order: 7, - name: 'Source Policy', - nameShort: 'Quellen', - description: 'Datenquellen-Governance & Whitelist', - url: '/sdk/source-policy', - checkpointId: 'CP-SPOL', - prerequisiteSteps: ['modules'], - isOptional: false, - }, - - // ============================================================================= - // PAKET 2: ANALYSE (Assessment) - // ============================================================================= - { - id: 'requirements', - seq: 1000, - phase: 1, - package: 'analyse', - order: 1, - name: 'Requirements', - nameShort: 'Anforderungen', - description: 'Prüfaspekte aus Regulierungen ableiten', - url: '/sdk/requirements', - checkpointId: 'CP-REQ', - prerequisiteSteps: ['source-policy'], - isOptional: false, - }, - { - id: 'controls', - seq: 1100, - phase: 1, - package: 'analyse', - order: 2, - name: 'Controls', - nameShort: 'Controls', - description: 'Erforderliche Maßnahmen ermitteln', - url: '/sdk/controls', - checkpointId: 'CP-CTRL', - prerequisiteSteps: ['requirements'], - isOptional: false, - }, - { - id: 'evidence', - seq: 1200, - phase: 1, - package: 'analyse', - order: 3, - name: 'Evidence', - nameShort: 'Nachweise', - description: 'Nachweise dokumentieren', - url: '/sdk/evidence', - checkpointId: 'CP-EVI', - prerequisiteSteps: ['controls'], - isOptional: false, - }, - { - id: 'risks', - seq: 1300, - phase: 1, - package: 'analyse', - order: 4, - name: 'Risk Matrix', - nameShort: 'Risiken', - description: 'Risikobewertung & Residual Risk', - url: '/sdk/risks', - checkpointId: 'CP-RISK', - prerequisiteSteps: ['evidence'], - isOptional: false, - }, - { - id: 'ai-act', - seq: 1400, - phase: 1, - package: 'analyse', - order: 5, - name: 'AI Act Klassifizierung', - nameShort: 'AI Act', - description: 'Risikostufe nach EU AI Act', - url: '/sdk/ai-act', - checkpointId: 'CP-AI', - prerequisiteSteps: ['risks'], - isOptional: false, - }, - { - id: 'audit-checklist', - seq: 1500, - phase: 1, - package: 'analyse', - order: 6, - name: 'Audit Checklist', - nameShort: 'Checklist', - description: 'Prüfliste generieren', - url: '/sdk/audit-checklist', - checkpointId: 'CP-CHK', - prerequisiteSteps: ['ai-act'], - isOptional: false, - }, - { - id: 'audit-report', - seq: 1600, - phase: 1, - package: 'analyse', - order: 7, - name: 'Audit Report', - nameShort: 'Report', - description: 'Audit-Sitzungen & PDF-Report', - url: '/sdk/audit-report', - checkpointId: 'CP-AREP', - prerequisiteSteps: ['audit-checklist'], - isOptional: false, - }, - - // ============================================================================= - // PAKET 3: DOKUMENTATION (Compliance Docs) - // ============================================================================= - { - id: 'obligations', - seq: 2000, - phase: 2, - package: 'dokumentation', - order: 1, - name: 'Pflichtenübersicht', - nameShort: 'Pflichten', - description: 'NIS2, DSGVO, AI Act Pflichten', - url: '/sdk/obligations', - checkpointId: 'CP-OBL', - prerequisiteSteps: ['audit-report'], - isOptional: false, - }, - { - id: 'dsfa', - seq: 2100, - phase: 2, - package: 'dokumentation', - order: 2, - name: 'DSFA', - nameShort: 'DSFA', - description: 'Datenschutz-Folgenabschätzung', - url: '/sdk/dsfa', - checkpointId: 'CP-DSFA', - prerequisiteSteps: ['obligations'], - isOptional: true, - visibleWhen: (state) => { - const level = state.complianceScope?.decision?.determinedLevel - if (level && ['L2', 'L3', 'L4'].includes(level)) return true - const triggers = state.complianceScope?.decision?.triggeredHardTriggers || [] - return triggers.some(t => t.rule.dsfaRequired) - }, - }, - { - id: 'tom', - seq: 2200, - phase: 2, - package: 'dokumentation', - order: 3, - name: 'TOMs', - nameShort: 'TOMs', - description: 'Technische & Org. Maßnahmen', - url: '/sdk/tom', - checkpointId: 'CP-TOM', - prerequisiteSteps: ['obligations'], - isOptional: false, - }, - { - id: 'loeschfristen', - seq: 2300, - phase: 2, - package: 'dokumentation', - order: 4, - name: 'Löschfristen', - nameShort: 'Löschfristen', - description: 'Aufbewahrungsrichtlinien', - url: '/sdk/loeschfristen', - checkpointId: 'CP-RET', - prerequisiteSteps: ['tom'], - isOptional: false, - }, - { - id: 'vvt', - seq: 2400, - phase: 2, - package: 'dokumentation', - order: 5, - name: 'Verarbeitungsverzeichnis', - nameShort: 'VVT', - description: 'Art. 30 DSGVO Dokumentation', - url: '/sdk/vvt', - checkpointId: 'CP-VVT', - prerequisiteSteps: ['loeschfristen'], - isOptional: false, - }, - - // ============================================================================= - // PAKET 4: RECHTLICHE TEXTE (Legal Outputs) - // ============================================================================= - { - id: 'einwilligungen', - seq: 3000, - phase: 2, - package: 'rechtliche-texte', - order: 1, - name: 'Einwilligungen', - nameShort: 'Einwilligungen', - description: 'Datenpunktkatalog & DSI-Generator', - url: '/sdk/einwilligungen', - checkpointId: 'CP-CONS', - prerequisiteSteps: ['vvt'], - isOptional: false, - }, - { - id: 'consent', - seq: 3100, - phase: 2, - package: 'rechtliche-texte', - order: 2, - name: 'Rechtliche Vorlagen', - nameShort: 'Vorlagen', - description: 'AGB, Datenschutz, Nutzungsbedingungen', - url: '/sdk/consent', - checkpointId: 'CP-DOC', - prerequisiteSteps: ['einwilligungen'], - isOptional: false, - }, - { - id: 'cookie-banner', - seq: 3200, - phase: 2, - package: 'rechtliche-texte', - order: 3, - name: 'Cookie Banner', - nameShort: 'Cookies', - description: 'Cookie-Consent Generator', - url: '/sdk/cookie-banner', - checkpointId: 'CP-COOK', - prerequisiteSteps: ['consent'], - isOptional: false, - }, - { - id: 'document-generator', - seq: 3300, - phase: 2, - package: 'rechtliche-texte', - order: 4, - name: 'Dokumentengenerator', - nameShort: 'Generator', - description: 'Rechtliche Dokumente aus Vorlagen erstellen', - url: '/sdk/document-generator', - checkpointId: 'CP-DOCGEN', - prerequisiteSteps: ['cookie-banner'], - isOptional: true, - visibleWhen: () => true, - }, - { - id: 'workflow', - seq: 3400, - phase: 2, - package: 'rechtliche-texte', - order: 5, - name: 'Document Workflow', - nameShort: 'Workflow', - description: 'Versionierung & Freigabe-Workflow', - url: '/sdk/workflow', - checkpointId: 'CP-WRKF', - prerequisiteSteps: ['cookie-banner'], - isOptional: false, - }, - - // ============================================================================= - // PAKET 5: BETRIEB (Operations) - // ============================================================================= - { - id: 'dsr', - seq: 4000, - phase: 2, - package: 'betrieb', - order: 1, - name: 'DSR Portal', - nameShort: 'DSR', - description: 'Betroffenenrechte-Portal', - url: '/sdk/dsr', - checkpointId: 'CP-DSR', - prerequisiteSteps: ['workflow'], - isOptional: false, - }, - { - id: 'escalations', - seq: 4100, - phase: 2, - package: 'betrieb', - order: 2, - name: 'Escalations', - nameShort: 'Eskalationen', - description: 'Management-Workflows', - url: '/sdk/escalations', - checkpointId: 'CP-ESC', - prerequisiteSteps: ['dsr'], - isOptional: false, - }, - { - id: 'vendor-compliance', - seq: 4200, - phase: 2, - package: 'betrieb', - order: 3, - name: 'Vendor Compliance', - nameShort: 'Vendor', - description: 'Dienstleister-Management', - url: '/sdk/vendor-compliance', - checkpointId: 'CP-VEND', - prerequisiteSteps: ['escalations'], - isOptional: false, - }, - { - id: 'consent-management', - seq: 4300, - phase: 2, - package: 'betrieb', - order: 4, - name: 'Consent Verwaltung', - nameShort: 'Consent Mgmt', - description: 'Dokument-Lifecycle & DSGVO-Prozesse', - url: '/sdk/consent-management', - checkpointId: 'CP-CMGMT', - prerequisiteSteps: ['vendor-compliance'], - isOptional: false, - }, - { - id: 'email-templates', - seq: 4350, - phase: 2, - package: 'betrieb', - order: 5, - name: 'E-Mail-Templates', - nameShort: 'E-Mails', - description: 'Benachrichtigungs-Vorlagen verwalten', - url: '/sdk/email-templates', - checkpointId: 'CP-EMAIL', - prerequisiteSteps: ['consent-management'], - isOptional: false, - }, - { - id: 'notfallplan', - seq: 4400, - phase: 2, - package: 'betrieb', - order: 6, - name: 'Notfallplan & Breach Response', - nameShort: 'Notfallplan', - description: 'Datenpannen-Management nach Art. 33/34 DSGVO', - url: '/sdk/notfallplan', - checkpointId: 'CP-NOTF', - prerequisiteSteps: ['email-templates'], - isOptional: false, - }, - { - id: 'incidents', - seq: 4500, - phase: 2, - package: 'betrieb', - order: 7, - name: 'Incident Management', - nameShort: 'Incidents', - description: 'Datenpannen erfassen, bewerten und melden (Art. 33/34 DSGVO)', - url: '/sdk/incidents', - checkpointId: 'CP-INC', - prerequisiteSteps: ['notfallplan'], - isOptional: false, - }, - { - id: 'whistleblower', - seq: 4600, - phase: 2, - package: 'betrieb', - order: 8, - name: 'Hinweisgebersystem', - nameShort: 'Whistleblower', - description: 'Anonymes Meldesystem gemaess HinSchG', - url: '/sdk/whistleblower', - checkpointId: 'CP-WB', - prerequisiteSteps: ['incidents'], - isOptional: false, - }, - { - id: 'academy', - seq: 4700, - phase: 2, - package: 'betrieb', - order: 9, - name: 'Compliance Academy', - nameShort: 'Academy', - description: 'Mitarbeiter-Schulungen & Zertifikate', - url: '/sdk/academy', - checkpointId: 'CP-ACAD', - prerequisiteSteps: ['whistleblower'], - isOptional: false, - }, - { - id: 'training', - seq: 4800, - phase: 2, - package: 'betrieb', - order: 10, - name: 'Training Engine', - nameShort: 'Training', - description: 'KI-generierte Schulungsinhalte, Quiz & Medien', - url: '/sdk/training', - checkpointId: 'CP-TRAIN', - prerequisiteSteps: ['academy'], - isOptional: false, - }, - { - id: 'control-library', - seq: 4900, - phase: 2, - package: 'betrieb', - order: 11, - name: 'Control Library', - nameShort: 'Controls', - description: 'Canonical Security Controls mit Open-Source-Referenzen', - url: '/sdk/control-library', - checkpointId: 'CP-CLIB', - prerequisiteSteps: [], - isOptional: true, - }, - { - id: 'control-provenance', - seq: 4950, - phase: 2, - package: 'betrieb', - order: 12, - name: 'Control Provenance', - nameShort: 'Provenance', - description: 'Herkunftsnachweis: Offene Quellen, Lizenzen, Too-Close-Pruefung', - url: '/sdk/control-provenance', - checkpointId: 'CP-CPROV', - prerequisiteSteps: [], - isOptional: true, - }, -] - -// ============================================================================= -// CHECKPOINT SYSTEM -// ============================================================================= - -export interface ValidationRule { - id: string - field: string - condition: 'NOT_EMPTY' | 'MIN_COUNT' | 'MIN_VALUE' | 'CUSTOM' | 'REGEX' - value?: number | string - message: string - severity: ValidationSeverity -} - -export interface ValidationError { - ruleId: string - field: string - message: string - severity: ValidationSeverity -} - -export interface Checkpoint { - id: string - step: string - name: string - type: CheckpointType - validation: ValidationRule[] - blocksProgress: boolean - requiresReview: ReviewerType - autoValidate: boolean -} - -export interface CheckpointStatus { - checkpointId: string - passed: boolean - validatedAt: Date | null - validatedBy: string | null - errors: ValidationError[] - warnings: ValidationError[] - overrideReason?: string - overriddenBy?: string - overriddenAt?: Date -} - -// ============================================================================= -// USE CASE ASSESSMENT -// ============================================================================= - -export interface UseCaseStep { - id: string - name: string - completed: boolean - data: Record -} - -export interface AssessmentResult { - riskLevel: RiskSeverity - applicableRegulations: string[] - recommendedControls: string[] - dsfaRequired: boolean - aiActClassification: string -} - -export interface UseCaseIntake { - domain: string - dataCategories: string[] - processesPersonalData: boolean - specialCategories: boolean - healthData: boolean - biometricData: boolean - minorsData: boolean - financialData: boolean - customDataTypes: string[] - legalBasis: string - purposes: { - profiling: boolean - automatedDecision: boolean - marketing: boolean - analytics: boolean - serviceDelivery: boolean - } - automation: 'assistive' | 'semi_automated' | 'fully_automated' - hosting: { - provider: string - region: string - } - modelUsage: { - inference: boolean - rag: boolean - finetune: boolean - training: boolean - } - aiTechnologies: string[] - internationalTransfer: { - enabled: boolean - countries: string[] - mechanism: string - } - retention: { - days: number - purpose: string - } - contracts: { - hasDpa: boolean - hasAiaDocumentation: boolean - hasRiskAssessment: boolean - subprocessors: string - } -} - -export interface UseCaseAssessment { - id: string - name: string - description: string - category: string - stepsCompleted: number - steps: UseCaseStep[] - assessmentResult: AssessmentResult | null - intake?: UseCaseIntake - uccaAssessmentId?: string - createdAt: Date - updatedAt: Date -} - -// ============================================================================= -// SCREENING & SECURITY -// ============================================================================= - -export interface Vulnerability { - id: string - cve: string - severity: SecurityIssueSeverity - title: string - description: string - cvss: number | null - fixedIn: string | null -} - -export interface SBOMComponent { - name: string - version: string - type: 'library' | 'framework' | 'application' | 'container' - purl: string - licenses: string[] - vulnerabilities: Vulnerability[] -} - -export interface SBOMDependency { - from: string - to: string -} - -// RAG Corpus Versioning -export interface RAGCorpusCollectionStatus { - id: string - current_version: string - documents_count: number - chunks_count: number - regulations: string[] - last_updated: string - digest: string -} - -export interface RAGCorpusStatus { - collections: Record - fetchedAt: string -} - -export interface SBOM { - format: 'CycloneDX' | 'SPDX' - version: string - components: SBOMComponent[] - dependencies: SBOMDependency[] - generatedAt: Date -} - -export interface SecurityScanResult { - totalIssues: number - critical: number - high: number - medium: number - low: number - issues: SecurityIssue[] -} - -export interface SecurityIssue { - id: string - severity: SecurityIssueSeverity - title: string - description: string - cve: string | null - cvss: number | null - affectedComponent: string - remediation: string - status: SecurityIssueStatus -} - -export interface ScreeningResult { - id: string - status: ScreeningStatus - startedAt: Date - completedAt: Date | null - sbom: SBOM | null - securityScan: SecurityScanResult | null - error: string | null -} - -export interface BacklogItem { - id: string - title: string - description: string - severity: SecurityIssueSeverity - securityIssueId: string - status: 'OPEN' | 'IN_PROGRESS' | 'DONE' - assignee: string | null - dueDate: Date | null - createdAt: Date -} - -// ============================================================================= -// COMPLIANCE -// ============================================================================= - -export interface ServiceModule { - id: string - name: string - description: string - regulations: string[] - criticality: RiskSeverity - processesPersonalData: boolean - hasAIComponents: boolean -} - -export interface Requirement { - id: string - regulation: string - article: string - title: string - description: string - criticality: RiskSeverity - applicableModules: string[] - status: RequirementStatus - controls: string[] -} - -export interface Control { - id: string - name: string - description: string - type: ControlType - category: string - implementationStatus: ImplementationStatus - effectiveness: RiskSeverity - evidence: string[] - owner: string | null - dueDate: Date | null -} - -export interface Evidence { - id: string - controlId: string - type: EvidenceType - name: string - description: string - fileUrl: string | null - validFrom: Date - validUntil: Date | null - uploadedBy: string - uploadedAt: Date -} - -export interface ChecklistItem { - id: string - requirementId: string - title: string - description: string - status: 'PENDING' | 'PASSED' | 'FAILED' | 'NOT_APPLICABLE' - notes: string - verifiedBy: string | null - verifiedAt: Date | null -} - -// ============================================================================= -// RISK MANAGEMENT -// ============================================================================= - -export interface RiskMitigation { - id: string - description: string - type: MitigationType - status: 'PLANNED' | 'IN_PROGRESS' | 'COMPLETED' - effectiveness: number // 0-100 - controlId: string | null -} - -export interface Risk { - id: string - title: string - description: string - category: string - likelihood: RiskLikelihood - impact: RiskImpact - severity: RiskSeverity - inherentRiskScore: number - residualRiskScore: number - status: RiskStatus - mitigation: RiskMitigation[] - owner: string | null - relatedControls: string[] - relatedRequirements: string[] -} - -// ============================================================================= -// AI ACT & OBLIGATIONS -// ============================================================================= - -export interface AIActObligation { - id: string - article: string - title: string - description: string - deadline: Date | null - status: 'PENDING' | 'IN_PROGRESS' | 'COMPLETED' -} - -export interface AIActResult { - riskCategory: AIActRiskCategory - systemType: string - obligations: AIActObligation[] - assessmentDate: Date - assessedBy: string - justification: string -} - -export interface Obligation { - id: string - regulation: string - article: string - title: string - description: string - deadline: Date | null - penalty: string | null - status: 'PENDING' | 'IN_PROGRESS' | 'COMPLETED' - responsible: string | null -} - -// ============================================================================= -// DSFA -// ============================================================================= - -export interface DSFASection { - id: string - title: string - content: string - status: 'DRAFT' | 'COMPLETED' - order: number -} - -export interface DSFAApproval { - id: string - approver: string - role: string - status: 'PENDING' | 'APPROVED' | 'REJECTED' - comment: string | null - approvedAt: Date | null -} - -export interface DSFA { - id: string - status: DSFAStatus - version: number - sections: DSFASection[] - approvals: DSFAApproval[] - createdAt: Date - updatedAt: Date -} - -// ============================================================================= -// TOMs & RETENTION -// ============================================================================= - -export interface TOM { - id: string - category: string - name: string - description: string - type: 'TECHNICAL' | 'ORGANIZATIONAL' - implementationStatus: ImplementationStatus - priority: RiskSeverity - responsiblePerson: string | null - implementationDate: Date | null - reviewDate: Date | null - evidence: string[] -} - -export interface RetentionPolicy { - id: string - dataCategory: string - description: string - legalBasis: string - retentionPeriod: string - deletionMethod: string - exceptions: string[] -} - -// ============================================================================= -// VVT (Processing Register) -// ============================================================================= - -export interface ProcessingActivity { - id: string - name: string - purpose: string - legalBasis: string - dataCategories: string[] - dataSubjects: string[] - recipients: string[] - thirdCountryTransfers: boolean - retentionPeriod: string - technicalMeasures: string[] - organizationalMeasures: string[] -} - -// ============================================================================= -// LEGAL DOCUMENTS -// ============================================================================= - -export interface LegalDocument { - id: string - type: 'AGB' | 'PRIVACY_POLICY' | 'TERMS_OF_USE' | 'IMPRINT' | 'COOKIE_POLICY' - title: string - content: string - version: string - status: 'DRAFT' | 'PUBLISHED' | 'ARCHIVED' - publishedAt: Date | null - createdAt: Date - updatedAt: Date -} - -// ============================================================================= -// COOKIE BANNER -// ============================================================================= - -export interface Cookie { - id: string - name: string - provider: string - purpose: string - expiry: string - type: 'NECESSARY' | 'FUNCTIONAL' | 'ANALYTICS' | 'MARKETING' -} - -export interface CookieCategory { - id: string - name: string - description: string - required: boolean - cookies: Cookie[] -} - -export interface CookieBannerTexts { - title: string - description: string - acceptAll: string - rejectAll: string - settings: string - save: string -} - -export interface CookieBannerGeneratedCode { - html: string - css: string - js: string -} - -export interface CookieBannerConfig { - id: string - style: CookieBannerStyle - position: CookieBannerPosition - theme: CookieBannerTheme - texts: CookieBannerTexts - categories: CookieCategory[] - generatedCode: CookieBannerGeneratedCode | null -} - -// ============================================================================= -// CONSENT & DSR -// ============================================================================= - -export interface ConsentRecord { - id: string - userId: string - documentId: string - documentVersion: string - consentType: string - granted: boolean - grantedAt: Date - revokedAt: Date | null - ipAddress: string | null - userAgent: string | null -} - -export interface DSRRequest { - id: string - type: 'ACCESS' | 'RECTIFICATION' | 'ERASURE' | 'PORTABILITY' | 'RESTRICTION' | 'OBJECTION' - status: 'RECEIVED' | 'VERIFIED' | 'PROCESSING' | 'COMPLETED' | 'REJECTED' - requesterEmail: string - requesterName: string - requestedAt: Date - dueDate: Date - completedAt: Date | null - notes: string -} - -export interface DSRConfig { - id: string - enabled: boolean - portalUrl: string - emailTemplates: Record - automatedResponses: boolean - verificationRequired: boolean -} - -// ============================================================================= -// IMPORTED DOCUMENTS (für Bestandskunden) -// ============================================================================= - -export type ImportedDocumentType = - | 'DSFA' - | 'TOM' - | 'VVT' - | 'AGB' - | 'PRIVACY_POLICY' - | 'COOKIE_POLICY' - | 'RISK_ASSESSMENT' - | 'AUDIT_REPORT' - | 'OTHER' - -export interface ImportedDocument { - id: string - name: string - type: ImportedDocumentType - fileUrl: string - uploadedAt: Date - analyzedAt: Date | null - analysisResult: DocumentAnalysisResult | null -} - -export interface DocumentAnalysisResult { - detectedType: ImportedDocumentType - confidence: number - extractedEntities: string[] - gaps: GapItem[] - recommendations: string[] -} - -export interface GapItem { - id: string - category: string - description: string - severity: RiskSeverity - regulation: string - requiredAction: string - relatedStepId: string | null -} - -export interface GapAnalysis { - id: string - createdAt: Date - totalGaps: number - criticalGaps: number - highGaps: number - mediumGaps: number - lowGaps: number - gaps: GapItem[] - recommendedPackages: SDKPackageId[] -} - -// ============================================================================= -// ESCALATIONS -// ============================================================================= - -export interface EscalationWorkflow { - id: string - name: string - description: string - triggerConditions: string[] - steps: EscalationStep[] - enabled: boolean -} - -export interface EscalationStep { - id: string - order: number - action: string - assignee: string - timeLimit: string // ISO 8601 Duration - escalateOnTimeout: boolean -} - -// ============================================================================= -// COMMAND BAR -// ============================================================================= - -export interface CommandSuggestion { - id: string - type: CommandType - label: string - description: string - shortcut?: string - icon?: string - action: () => void | Promise - relevanceScore: number -} - -export interface CommandHistory { - id: string - query: string - type: CommandType - timestamp: Date - success: boolean -} - -// ============================================================================= -// USER PREFERENCES -// ============================================================================= - -export interface UserPreferences { - language: 'de' | 'en' - theme: 'light' | 'dark' | 'system' - compactMode: boolean - showHints: boolean - autoSave: boolean - autoValidate: boolean - allowParallelWork: boolean // Erlaubt Navigation zu allen Schritten ohne Voraussetzungen -} - -// ============================================================================= -// SDK STATE -// ============================================================================= - -export interface SDKState { - // Metadata - version: string - projectVersion: number - lastModified: Date - - // Tenant & User - tenantId: string - userId: string - subscription: SubscriptionTier - - // Project Context (Multi-Projekt) - projectId: string - projectInfo: ProjectInfo | null - - // Customer Type (new vs existing) - customerType: CustomerType | null - - // Company Profile (collected before use cases) - companyProfile: CompanyProfile | null - - // Compliance Scope (determines depth level L1-L4) - complianceScope: import('./compliance-scope-types').ComplianceScopeState | null - - // Source Policy (checkpoint tracking — actual data in backend) - sourcePolicy: { - configured: boolean - sourcesCount: number - piiRulesCount: number - lastAuditAt: string | null - } | null - - // Progress - currentPhase: SDKPhase - currentStep: string - completedSteps: string[] - checkpoints: Record - - // Imported Documents (for existing customers) - importedDocuments: ImportedDocument[] - gapAnalysis: GapAnalysis | null - - // Phase 1 Data - useCases: UseCaseAssessment[] - activeUseCase: string | null - screening: ScreeningResult | null - modules: ServiceModule[] - requirements: Requirement[] - controls: Control[] - evidence: Evidence[] - checklist: ChecklistItem[] - risks: Risk[] - - // Phase 2 Data - aiActClassification: AIActResult | null - obligations: Obligation[] - dsfa: DSFA | null - toms: TOM[] - retentionPolicies: RetentionPolicy[] - vvt: ProcessingActivity[] - documents: LegalDocument[] - cookieBanner: CookieBannerConfig | null - consents: ConsentRecord[] - dsrConfig: DSRConfig | null - escalationWorkflows: EscalationWorkflow[] - - // IACE (Industrial AI Compliance Engine) - iaceProjects: IACEProjectSummary[] - - // RAG Corpus Versioning - ragCorpusStatus: RAGCorpusStatus | null - - // Security - sbom: SBOM | null - securityIssues: SecurityIssue[] - securityBacklog: BacklogItem[] - - // Catalog Manager - customCatalogs: CustomCatalogs - - // UI State - commandBarHistory: CommandHistory[] - recentSearches: string[] - preferences: UserPreferences -} - -// ============================================================================= -// IACE PROJECT TYPES -// ============================================================================= - -export type IACEProjectStatus = 'draft' | 'onboarding' | 'classification' | 'hazard_analysis' | 'mitigation' | 'verification' | 'tech_file' | 'completed' | 'archived' - -export interface IACEProjectSummary { - id: string - machineName: string - machineType: MachineProductType - status: IACEProjectStatus - completenessScore: number - riskSummary: { - critical: number - high: number - medium: number - low: number - } - createdAt: string - updatedAt: string -} - -// ============================================================================= -// SDK ACTIONS -// ============================================================================= - -export type SDKAction = - | { type: 'SET_STATE'; payload: Partial } - | { type: 'SET_CURRENT_STEP'; payload: string } - | { type: 'COMPLETE_STEP'; payload: string } - | { type: 'SET_CHECKPOINT_STATUS'; payload: { id: string; status: CheckpointStatus } } - | { type: 'SET_CUSTOMER_TYPE'; payload: CustomerType } - | { type: 'SET_COMPANY_PROFILE'; payload: CompanyProfile } - | { type: 'UPDATE_COMPANY_PROFILE'; payload: Partial } - | { type: 'SET_COMPLIANCE_SCOPE'; payload: import('./compliance-scope-types').ComplianceScopeState } - | { type: 'UPDATE_COMPLIANCE_SCOPE'; payload: Partial } - | { type: 'ADD_IMPORTED_DOCUMENT'; payload: ImportedDocument } - | { type: 'UPDATE_IMPORTED_DOCUMENT'; payload: { id: string; data: Partial } } - | { type: 'DELETE_IMPORTED_DOCUMENT'; payload: string } - | { type: 'SET_GAP_ANALYSIS'; payload: GapAnalysis } - | { type: 'ADD_USE_CASE'; payload: UseCaseAssessment } - | { type: 'UPDATE_USE_CASE'; payload: { id: string; data: Partial } } - | { type: 'DELETE_USE_CASE'; payload: string } - | { type: 'SET_ACTIVE_USE_CASE'; payload: string | null } - | { type: 'SET_SCREENING'; payload: ScreeningResult } - | { type: 'ADD_MODULE'; payload: ServiceModule } - | { type: 'UPDATE_MODULE'; payload: { id: string; data: Partial } } - | { type: 'ADD_REQUIREMENT'; payload: Requirement } - | { type: 'UPDATE_REQUIREMENT'; payload: { id: string; data: Partial } } - | { type: 'ADD_CONTROL'; payload: Control } - | { type: 'UPDATE_CONTROL'; payload: { id: string; data: Partial } } - | { type: 'ADD_EVIDENCE'; payload: Evidence } - | { type: 'UPDATE_EVIDENCE'; payload: { id: string; data: Partial } } - | { type: 'DELETE_EVIDENCE'; payload: string } - | { type: 'ADD_RISK'; payload: Risk } - | { type: 'UPDATE_RISK'; payload: { id: string; data: Partial } } - | { type: 'DELETE_RISK'; payload: string } - | { type: 'SET_AI_ACT_RESULT'; payload: AIActResult } - | { type: 'ADD_OBLIGATION'; payload: Obligation } - | { type: 'UPDATE_OBLIGATION'; payload: { id: string; data: Partial } } - | { type: 'SET_DSFA'; payload: DSFA } - | { type: 'ADD_TOM'; payload: TOM } - | { type: 'UPDATE_TOM'; payload: { id: string; data: Partial } } - | { type: 'ADD_RETENTION_POLICY'; payload: RetentionPolicy } - | { type: 'UPDATE_RETENTION_POLICY'; payload: { id: string; data: Partial } } - | { type: 'ADD_PROCESSING_ACTIVITY'; payload: ProcessingActivity } - | { type: 'UPDATE_PROCESSING_ACTIVITY'; payload: { id: string; data: Partial } } - | { type: 'ADD_DOCUMENT'; payload: LegalDocument } - | { type: 'UPDATE_DOCUMENT'; payload: { id: string; data: Partial } } - | { type: 'SET_COOKIE_BANNER'; payload: CookieBannerConfig } - | { type: 'SET_DSR_CONFIG'; payload: DSRConfig } - | { type: 'ADD_ESCALATION_WORKFLOW'; payload: EscalationWorkflow } - | { type: 'UPDATE_ESCALATION_WORKFLOW'; payload: { id: string; data: Partial } } - | { type: 'ADD_SECURITY_ISSUE'; payload: SecurityIssue } - | { type: 'UPDATE_SECURITY_ISSUE'; payload: { id: string; data: Partial } } - | { type: 'ADD_BACKLOG_ITEM'; payload: BacklogItem } - | { type: 'UPDATE_BACKLOG_ITEM'; payload: { id: string; data: Partial } } - | { type: 'ADD_COMMAND_HISTORY'; payload: CommandHistory } - | { type: 'SET_PREFERENCES'; payload: Partial } - | { type: 'ADD_CUSTOM_CATALOG_ENTRY'; payload: CustomCatalogEntry } - | { type: 'UPDATE_CUSTOM_CATALOG_ENTRY'; payload: { catalogId: CatalogId; entryId: string; data: Record } } - | { type: 'DELETE_CUSTOM_CATALOG_ENTRY'; payload: { catalogId: CatalogId; entryId: string } } - | { type: 'RESET_STATE' } - -// ============================================================================= -// HELPER FUNCTIONS -// ============================================================================= - -export function getStepById(stepId: string): SDKStep | undefined { - return SDK_STEPS.find(s => s.id === stepId) -} - -export function getStepByUrl(url: string): SDKStep | undefined { - return SDK_STEPS.find(s => s.url === url) -} - -export function getStepsForPhase(phase: SDKPhase): SDKStep[] { - return SDK_STEPS.filter(s => s.phase === phase).sort((a, b) => a.seq - b.seq) -} - -// Alle Steps global nach seq sortiert -function getAllStepsSorted(): SDKStep[] { - return [...SDK_STEPS].sort((a, b) => a.seq - b.seq) -} - -// Sichtbare Steps (state-abhaengig) -export function getVisibleSteps(state: SDKState): SDKStep[] { - return getAllStepsSorted().filter(step => { - if (step.visibleWhen) return step.visibleWhen(state) - return true - }) -} - -// Naechster sichtbarer Step -export function getNextVisibleStep(currentStepId: string, state: SDKState): SDKStep | undefined { - const visible = getVisibleSteps(state) - const idx = visible.findIndex(s => s.id === currentStepId) - if (idx >= 0 && idx < visible.length - 1) return visible[idx + 1] - return undefined -} - -// Vorheriger sichtbarer Step -export function getPreviousVisibleStep(currentStepId: string, state: SDKState): SDKStep | undefined { - const visible = getVisibleSteps(state) - const idx = visible.findIndex(s => s.id === currentStepId) - if (idx > 0) return visible[idx - 1] - return undefined -} - -export function getNextStep(currentStepId: string, state?: SDKState): SDKStep | undefined { - if (!state) { - // Fallback: seq-sortiert ohne Sichtbarkeitspruefung - const sorted = getAllStepsSorted() - const idx = sorted.findIndex(s => s.id === currentStepId) - if (idx >= 0 && idx < sorted.length - 1) return sorted[idx + 1] - return undefined - } - return getNextVisibleStep(currentStepId, state) -} - -export function getPreviousStep(currentStepId: string, state?: SDKState): SDKStep | undefined { - if (!state) { - const sorted = getAllStepsSorted() - const idx = sorted.findIndex(s => s.id === currentStepId) - if (idx > 0) return sorted[idx - 1] - return undefined - } - return getPreviousVisibleStep(currentStepId, state) -} - -export function calculateRiskScore(likelihood: RiskLikelihood, impact: RiskImpact): number { - return likelihood * impact -} - -export function getRiskSeverityFromScore(score: number): RiskSeverity { - if (score >= 20) return 'CRITICAL' - if (score >= 12) return 'HIGH' - if (score >= 6) return 'MEDIUM' - return 'LOW' -} - -export function calculateResidualRisk(risk: Risk): number { - const inherentScore = calculateRiskScore(risk.likelihood, risk.impact) - const totalEffectiveness = risk.mitigation - .filter(m => m.status === 'COMPLETED') - .reduce((sum, m) => sum + m.effectiveness, 0) - - const effectivenessMultiplier = Math.min(totalEffectiveness, 100) / 100 - return Math.max(1, Math.round(inherentScore * (1 - effectivenessMultiplier))) -} - -export function getCompletionPercentage(state: SDKState): number { - const totalSteps = SDK_STEPS.length - const completedSteps = state.completedSteps.length - return Math.round((completedSteps / totalSteps) * 100) -} - -export function getPhaseCompletionPercentage(state: SDKState, phase: SDKPhase): number { - const phaseSteps = getStepsForPhase(phase) - const completedPhaseSteps = phaseSteps.filter(s => state.completedSteps.includes(s.id)) - return Math.round((completedPhaseSteps.length / phaseSteps.length) * 100) -} - -// ============================================================================= -// PACKAGE HELPER FUNCTIONS -// ============================================================================= - -export function getPackageById(packageId: SDKPackageId): SDKPackage | undefined { - return SDK_PACKAGES.find(p => p.id === packageId) -} - -export function getStepsForPackage(packageId: SDKPackageId): SDKStep[] { - return SDK_STEPS.filter(s => s.package === packageId).sort((a, b) => a.seq - b.seq) -} - -export function getPackageCompletionPercentage(state: SDKState, packageId: SDKPackageId): number { - const packageSteps = getStepsForPackage(packageId) - if (packageSteps.length === 0) return 0 - const completedPackageSteps = packageSteps.filter(s => state.completedSteps.includes(s.id)) - return Math.round((completedPackageSteps.length / packageSteps.length) * 100) -} - -export function getCurrentPackage(currentStepId: string): SDKPackage | undefined { - const step = getStepById(currentStepId) - if (!step) return undefined - return getPackageById(step.package) -} - -export function getNextPackageStep(currentStepId: string): SDKStep | undefined { - const currentStep = getStepById(currentStepId) - if (!currentStep) return undefined - - const packageSteps = getStepsForPackage(currentStep.package) - const currentIndex = packageSteps.findIndex(s => s.id === currentStepId) - - // Next step in same package - if (currentIndex < packageSteps.length - 1) { - return packageSteps[currentIndex + 1] - } - - // Move to next package - const currentPackage = getPackageById(currentStep.package) - if (!currentPackage) return undefined - - const nextPackage = SDK_PACKAGES.find(p => p.order === currentPackage.order + 1) - if (!nextPackage) return undefined - - const nextPackageSteps = getStepsForPackage(nextPackage.id) - return nextPackageSteps[0] -} - -export function isPackageUnlocked(state: SDKState, packageId: SDKPackageId): boolean { - if (state.preferences?.allowParallelWork) return true - - const currentPackage = getPackageById(packageId) - if (!currentPackage) return false - - // First package is always unlocked - if (currentPackage.order === 1) return true - - // Previous package must be completed - const prevPackage = SDK_PACKAGES.find(p => p.order === currentPackage.order - 1) - if (!prevPackage) return true - - return getPackageCompletionPercentage(state, prevPackage.id) === 100 -} - -/** @deprecated Use getVisibleSteps(state) instead */ -export function getVisibleStepsForCustomerType(customerType: CustomerType): SDKStep[] { - return getAllStepsSorted().filter(step => { - if (step.id === 'import') { - return customerType === 'existing' - } - return true - }) -} - - -// ============================================================================= -// DOCUMENT GENERATOR TYPES (Legal Templates RAG) -// ============================================================================= - -/** - * License types for legal templates with compliance metadata - */ -export type LicenseType = - | 'public_domain' // §5 UrhG German official works - | 'cc0' // CC0 1.0 Universal - | 'unlicense' // Unlicense (public domain) - | 'mit' // MIT License - | 'cc_by_4' // CC BY 4.0 International - | 'reuse_notice' // EU reuse notice (source required) - -/** - * Template types available for document generation - */ -export type TemplateType = - | 'privacy_policy' - | 'terms_of_service' - | 'agb' - | 'cookie_banner' - | 'cookie_policy' - | 'impressum' - | 'widerruf' - | 'dpa' - | 'sla' - | 'nda' - | 'cloud_service_agreement' - | 'data_usage_clause' - | 'acceptable_use' - | 'community_guidelines' - | 'copyright_policy' - | 'clause' - | 'dsfa' - -/** - * Jurisdiction codes for legal documents - */ -export type Jurisdiction = 'DE' | 'AT' | 'CH' | 'EU' | 'US' | 'INTL' - -/** - * A single legal template search result from RAG - */ -export interface LegalTemplateResult { - id: string - score: number - text: string - documentTitle: string | null - templateType: TemplateType | null - clauseCategory: string | null - language: 'de' | 'en' - jurisdiction: Jurisdiction | null - - // License information - licenseId: LicenseType | null - licenseName: string | null - licenseUrl: string | null - attributionRequired: boolean - attributionText: string | null - - // Source information - sourceName: string | null - sourceUrl: string | null - sourceRepo: string | null - placeholders: string[] - - // Document characteristics - isCompleteDocument: boolean - isModular: boolean - requiresCustomization: boolean - - // Usage rights - outputAllowed: boolean - modificationAllowed: boolean - distortionProhibited: boolean -} - -/** - * Reference to a template used in document generation (for attribution) - */ -export interface TemplateReference { - templateId: string - sourceName: string - sourceUrl: string - licenseId: LicenseType - licenseName: string - attributionRequired: boolean - attributionText: string | null - usedAt: string // ISO timestamp -} - -/** - * A generated document with attribution tracking - */ -export interface GeneratedDocument { - id: string - documentType: TemplateType - title: string - content: string - language: 'de' | 'en' - jurisdiction: Jurisdiction - - // Templates and sources used - usedTemplates: TemplateReference[] - - // Generated attribution footer - attributionFooter: string - - // Customization - placeholderValues: Record - customizations: DocumentCustomization[] - - // Metadata - generatedAt: string - generatedBy: string - version: number -} - -/** - * A customization applied to a generated document - */ -export interface DocumentCustomization { - type: 'add_section' | 'modify_section' | 'remove_section' | 'replace_placeholder' - section: string | null - originalText: string | null - newText: string | null - reason: string | null - appliedAt: string -} - -/** - * State for the document generator feature - */ -export interface DocumentGeneratorState { - // Search state - searchQuery: string - searchResults: LegalTemplateResult[] - selectedTemplates: string[] // Template IDs - - // Current document being generated - currentDocumentType: TemplateType | null - currentLanguage: 'de' | 'en' - currentJurisdiction: Jurisdiction - - // Editor state - editorContent: string - editorMode: 'preview' | 'edit' - unsavedChanges: boolean - - // Placeholder values - placeholderValues: Record - - // Generated documents history - generatedDocuments: GeneratedDocument[] - - // UI state - isGenerating: boolean - isSearching: boolean - lastError: string | null -} - -/** - * Search request for legal templates - */ -export interface TemplateSearchRequest { - query: string - templateType?: TemplateType - licenseTypes?: LicenseType[] - language?: 'de' | 'en' - jurisdiction?: Jurisdiction - attributionRequired?: boolean - limit?: number -} - -/** - * Document generation request - */ -export interface DocumentGenerationRequest { - documentType: TemplateType - language: 'de' | 'en' - jurisdiction: Jurisdiction - templateIds: string[] // Selected template IDs to use - placeholderValues: Record - companyProfile?: Partial // For auto-filling placeholders - additionalContext?: string -} - -/** - * Source configuration for legal templates - */ -export interface TemplateSource { - name: string - description: string - licenseType: LicenseType - licenseName: string - templateTypes: TemplateType[] - languages: ('de' | 'en')[] - jurisdiction: Jurisdiction - repoUrl: string | null - webUrl: string | null - priority: number - enabled: boolean - attributionRequired: boolean -} - -/** - * Status of template ingestion - */ -export interface TemplateIngestionStatus { - running: boolean - lastRun: string | null - currentSource: string | null - results: Record -} - -/** - * Result of ingesting a single source - */ -export interface SourceIngestionResult { - status: 'pending' | 'running' | 'completed' | 'failed' - documentsFound: number - chunksIndexed: number - errors: string[] -} - -/** - * Statistics for the legal templates collection - */ -export interface TemplateCollectionStats { - collection: string - vectorsCount: number - pointsCount: number - status: string - templateTypes: Record - languages: Record - licenses: Record -} - -/** - * Default placeholder values commonly used in legal documents - */ -export const DEFAULT_PLACEHOLDERS: Record = { - '[COMPANY_NAME]': '', - '[FIRMENNAME]': '', - '[ADDRESS]': '', - '[ADRESSE]': '', - '[EMAIL]': '', - '[PHONE]': '', - '[TELEFON]': '', - '[WEBSITE]': '', - '[LEGAL_REPRESENTATIVE]': '', - '[GESCHAEFTSFUEHRER]': '', - '[REGISTER_COURT]': '', - '[REGISTERGERICHT]': '', - '[REGISTER_NUMBER]': '', - '[REGISTERNUMMER]': '', - '[VAT_ID]': '', - '[UST_ID]': '', - '[DPO_NAME]': '', - '[DSB_NAME]': '', - '[DPO_EMAIL]': '', - '[DSB_EMAIL]': '', -} - -/** - * Template type labels for display - */ -export const TEMPLATE_TYPE_LABELS: Record = { - privacy_policy: 'Datenschutzerklärung', - terms_of_service: 'Nutzungsbedingungen', - agb: 'Allgemeine Geschäftsbedingungen', - cookie_banner: 'Cookie-Banner', - cookie_policy: 'Cookie-Richtlinie', - impressum: 'Impressum', - widerruf: 'Widerrufsbelehrung', - dpa: 'Auftragsverarbeitungsvertrag', - sla: 'Service Level Agreement', - nda: 'Geheimhaltungsvereinbarung', - cloud_service_agreement: 'Cloud-Dienstleistungsvertrag', - data_usage_clause: 'Datennutzungsklausel', - acceptable_use: 'Acceptable Use Policy', - community_guidelines: 'Community-Richtlinien', - copyright_policy: 'Urheberrechtsrichtlinie', - clause: 'Vertragsklausel', - dsfa: 'Datenschutz-Folgenabschätzung', -} - -/** - * License type labels for display - */ -export const LICENSE_TYPE_LABELS: Record = { - public_domain: 'Public Domain (§5 UrhG)', - cc0: 'CC0 1.0 Universal', - unlicense: 'Unlicense', - mit: 'MIT License', - cc_by_4: 'CC BY 4.0 International', - reuse_notice: 'EU Reuse Notice', -} - -/** - * Jurisdiction labels for display - */ -export const JURISDICTION_LABELS: Record = { - DE: 'Deutschland', - AT: 'Österreich', - CH: 'Schweiz', - EU: 'Europäische Union', - US: 'United States', - INTL: 'International', -} - -// ============================================================================= -// DSFA RAG TYPES (Source Attribution & Corpus Management) -// ============================================================================= - -/** - * License codes for DSFA source documents - */ -export type DSFALicenseCode = - | 'DL-DE-BY-2.0' // Datenlizenz Deutschland – Namensnennung - | 'DL-DE-ZERO-2.0' // Datenlizenz Deutschland – Zero - | 'CC-BY-4.0' // Creative Commons Attribution 4.0 - | 'EDPB-LICENSE' // EDPB Document License - | 'PUBLIC_DOMAIN' // Public Domain - | 'PROPRIETARY' // Internal/Proprietary - -/** - * Document types in the DSFA corpus - */ -export type DSFADocumentType = 'guideline' | 'checklist' | 'regulation' | 'template' - -/** - * Category for DSFA chunks (for filtering) - */ -export type DSFACategory = - | 'threshold_analysis' - | 'risk_assessment' - | 'mitigation' - | 'consultation' - | 'documentation' - | 'process' - | 'criteria' - -/** - * DSFA source registry entry - */ -export interface DSFASource { - id: string - sourceCode: string - name: string - fullName?: string - organization?: string - sourceUrl?: string - eurLexCelex?: string - licenseCode: DSFALicenseCode - licenseName: string - licenseUrl?: string - attributionRequired: boolean - attributionText: string - documentType?: DSFADocumentType - language: string -} - -/** - * DSFA document entry - */ -export interface DSFADocument { - id: string - sourceId: string - title: string - description?: string - fileName?: string - fileType?: string - fileSizeBytes?: number - minioBucket: string - minioPath?: string - originalUrl?: string - ocrProcessed: boolean - textExtracted: boolean - chunksGenerated: number - lastIndexedAt?: string - metadata: Record - createdAt: string - updatedAt: string -} - -/** - * DSFA chunk with full attribution - */ -export interface DSFAChunk { - chunkId: string - content: string - sectionTitle?: string - pageNumber?: number - category?: DSFACategory - documentId: string - documentTitle?: string - sourceId: string - sourceCode: string - sourceName: string - attributionText: string - licenseCode: DSFALicenseCode - licenseName: string - licenseUrl?: string - attributionRequired: boolean - sourceUrl?: string - documentType?: DSFADocumentType -} - -/** - * DSFA search result with score and attribution - */ -export interface DSFASearchResult { - chunkId: string - content: string - score: number - sourceCode: string - sourceName: string - attributionText: string - licenseCode: DSFALicenseCode - licenseName: string - licenseUrl?: string - attributionRequired: boolean - sourceUrl?: string - documentType?: DSFADocumentType - category?: DSFACategory - sectionTitle?: string - pageNumber?: number -} - -/** - * DSFA search response with aggregated attribution - */ -export interface DSFASearchResponse { - query: string - results: DSFASearchResult[] - totalResults: number - licensesUsed: string[] - attributionNotice: string -} - -/** - * Source statistics for dashboard - */ -export interface DSFASourceStats { - sourceId: string - sourceCode: string - name: string - organization?: string - licenseCode: DSFALicenseCode - documentType?: DSFADocumentType - documentCount: number - chunkCount: number - lastIndexedAt?: string -} - -/** - * Corpus statistics for dashboard - */ -export interface DSFACorpusStats { - sources: DSFASourceStats[] - totalSources: number - totalDocuments: number - totalChunks: number - qdrantCollection: string - qdrantPointsCount: number - qdrantStatus: string -} - -/** - * License information - */ -export interface DSFALicenseInfo { - code: DSFALicenseCode - name: string - url?: string - attributionRequired: boolean - modificationAllowed: boolean - commercialUse: boolean -} - -/** - * Ingestion request for DSFA documents - */ -export interface DSFAIngestRequest { - documentUrl?: string - documentText?: string - title?: string -} - -/** - * Ingestion response - */ -export interface DSFAIngestResponse { - sourceCode: string - documentId?: string - chunksCreated: number - message: string -} - -/** - * Props for SourceAttribution component - */ -export interface SourceAttributionProps { - sources: Array<{ - sourceCode: string - sourceName: string - attributionText: string - licenseCode: DSFALicenseCode - sourceUrl?: string - score?: number - }> - compact?: boolean - showScores?: boolean -} - -/** - * License code display labels - */ -export const DSFA_LICENSE_LABELS: Record = { - 'DL-DE-BY-2.0': 'Datenlizenz DE – Namensnennung 2.0', - 'DL-DE-ZERO-2.0': 'Datenlizenz DE – Zero 2.0', - 'CC-BY-4.0': 'CC BY 4.0 International', - 'EDPB-LICENSE': 'EDPB Document License', - 'PUBLIC_DOMAIN': 'Public Domain', - 'PROPRIETARY': 'Proprietary', -} - -/** - * Document type display labels - */ -export const DSFA_DOCUMENT_TYPE_LABELS: Record = { - guideline: 'Leitlinie', - checklist: 'Prüfliste', - regulation: 'Verordnung', - template: 'Vorlage', -} - -/** - * Category display labels - */ -export const DSFA_CATEGORY_LABELS: Record = { - threshold_analysis: 'Schwellwertanalyse', - risk_assessment: 'Risikobewertung', - mitigation: 'Risikominderung', - consultation: 'Behördenkonsultation', - documentation: 'Dokumentation', - process: 'Prozessschritte', - criteria: 'Kriterien', -} - -// ============================================================================= -// COMPLIANCE WIKI -// ============================================================================= - -export interface WikiCategory { - id: string - name: string - description: string - icon: string - sortOrder: number - articleCount: number -} - -export interface WikiArticle { - id: string - categoryId: string - categoryName: string - title: string - summary: string - content: string - legalRefs: string[] - tags: string[] - relevance: 'critical' | 'important' | 'info' - sourceUrls: string[] - version: number - updatedAt: string -} - -export interface WikiSearchResult { - id: string - title: string - summary: string - categoryName: string - relevance: string - highlight: string -} diff --git a/admin-compliance/lib/sdk/types/assessment.ts b/admin-compliance/lib/sdk/types/assessment.ts new file mode 100644 index 0000000..0a41a09 --- /dev/null +++ b/admin-compliance/lib/sdk/types/assessment.ts @@ -0,0 +1,286 @@ +/** + * Checkpoint system, use case assessment, and screening types. + */ + +import type { + ValidationSeverity, + CheckpointType, + ReviewerType, + RiskSeverity, + SecurityIssueSeverity, + SecurityIssueStatus, + ScreeningStatus, + SDKPackageId, +} from './enums' + +// ============================================================================= +// CHECKPOINT SYSTEM +// ============================================================================= + +export interface ValidationRule { + id: string + field: string + condition: 'NOT_EMPTY' | 'MIN_COUNT' | 'MIN_VALUE' | 'CUSTOM' | 'REGEX' + value?: number | string + message: string + severity: ValidationSeverity +} + +export interface ValidationError { + ruleId: string + field: string + message: string + severity: ValidationSeverity +} + +export interface Checkpoint { + id: string + step: string + name: string + type: CheckpointType + validation: ValidationRule[] + blocksProgress: boolean + requiresReview: ReviewerType + autoValidate: boolean +} + +export interface CheckpointStatus { + checkpointId: string + passed: boolean + validatedAt: Date | null + validatedBy: string | null + errors: ValidationError[] + warnings: ValidationError[] + overrideReason?: string + overriddenBy?: string + overriddenAt?: Date +} + +// ============================================================================= +// USE CASE ASSESSMENT +// ============================================================================= + +export interface UseCaseStep { + id: string + name: string + completed: boolean + data: Record +} + +export interface AssessmentResult { + riskLevel: RiskSeverity + applicableRegulations: string[] + recommendedControls: string[] + dsfaRequired: boolean + aiActClassification: string +} + +export interface UseCaseIntake { + domain: string + dataCategories: string[] + processesPersonalData: boolean + specialCategories: boolean + healthData: boolean + biometricData: boolean + minorsData: boolean + financialData: boolean + customDataTypes: string[] + legalBasis: string + purposes: { + profiling: boolean + automatedDecision: boolean + marketing: boolean + analytics: boolean + serviceDelivery: boolean + } + automation: 'assistive' | 'semi_automated' | 'fully_automated' + hosting: { + provider: string + region: string + } + modelUsage: { + inference: boolean + rag: boolean + finetune: boolean + training: boolean + } + aiTechnologies: string[] + internationalTransfer: { + enabled: boolean + countries: string[] + mechanism: string + } + retention: { + days: number + purpose: string + } + contracts: { + hasDpa: boolean + hasAiaDocumentation: boolean + hasRiskAssessment: boolean + subprocessors: string + } +} + +export interface UseCaseAssessment { + id: string + name: string + description: string + category: string + stepsCompleted: number + steps: UseCaseStep[] + assessmentResult: AssessmentResult | null + intake?: UseCaseIntake + uccaAssessmentId?: string + createdAt: Date + updatedAt: Date +} + +// ============================================================================= +// SCREENING & SECURITY +// ============================================================================= + +export interface Vulnerability { + id: string + cve: string + severity: SecurityIssueSeverity + title: string + description: string + cvss: number | null + fixedIn: string | null +} + +export interface SBOMComponent { + name: string + version: string + type: 'library' | 'framework' | 'application' | 'container' + purl: string + licenses: string[] + vulnerabilities: Vulnerability[] +} + +export interface SBOMDependency { + from: string + to: string +} + +export interface RAGCorpusCollectionStatus { + id: string + current_version: string + documents_count: number + chunks_count: number + regulations: string[] + last_updated: string + digest: string +} + +export interface RAGCorpusStatus { + collections: Record + fetchedAt: string +} + +export interface SBOM { + format: 'CycloneDX' | 'SPDX' + version: string + components: SBOMComponent[] + dependencies: SBOMDependency[] + generatedAt: Date +} + +export interface SecurityScanResult { + totalIssues: number + critical: number + high: number + medium: number + low: number + issues: SecurityIssue[] +} + +export interface SecurityIssue { + id: string + severity: SecurityIssueSeverity + title: string + description: string + cve: string | null + cvss: number | null + affectedComponent: string + remediation: string + status: SecurityIssueStatus +} + +export interface ScreeningResult { + id: string + status: ScreeningStatus + startedAt: Date + completedAt: Date | null + sbom: SBOM | null + securityScan: SecurityScanResult | null + error: string | null +} + +export interface BacklogItem { + id: string + title: string + description: string + severity: SecurityIssueSeverity + securityIssueId: string + status: 'OPEN' | 'IN_PROGRESS' | 'DONE' + assignee: string | null + dueDate: Date | null + createdAt: Date +} + +// ============================================================================= +// IMPORTED DOCUMENTS (fuer Bestandskunden) +// ============================================================================= + +export type ImportedDocumentType = + | 'DSFA' + | 'TOM' + | 'VVT' + | 'AGB' + | 'PRIVACY_POLICY' + | 'COOKIE_POLICY' + | 'RISK_ASSESSMENT' + | 'AUDIT_REPORT' + | 'OTHER' + +export interface ImportedDocument { + id: string + name: string + type: ImportedDocumentType + fileUrl: string + uploadedAt: Date + analyzedAt: Date | null + analysisResult: DocumentAnalysisResult | null +} + +export interface DocumentAnalysisResult { + detectedType: ImportedDocumentType + confidence: number + extractedEntities: string[] + gaps: GapItem[] + recommendations: string[] +} + +export interface GapItem { + id: string + category: string + description: string + severity: RiskSeverity + regulation: string + requiredAction: string + relatedStepId: string | null +} + +export interface GapAnalysis { + id: string + createdAt: Date + totalGaps: number + criticalGaps: number + highGaps: number + mediumGaps: number + lowGaps: number + gaps: GapItem[] + recommendedPackages: SDKPackageId[] +} diff --git a/admin-compliance/lib/sdk/types/company-profile.ts b/admin-compliance/lib/sdk/types/company-profile.ts new file mode 100644 index 0000000..0954812 --- /dev/null +++ b/admin-compliance/lib/sdk/types/company-profile.ts @@ -0,0 +1,222 @@ +/** + * Company profile, machine builder profile, and related label constants. + */ + +import type { + BusinessModel, + OfferingType, + TargetMarket, + CompanySize, + LegalForm, + MachineProductType, + AIIntegrationType, + HumanOversightLevel, + CriticalSector, +} from './enums' + +// ============================================================================= +// PROJECT INFO (Multi-Projekt-Architektur) +// ============================================================================= + +export interface ProjectInfo { + id: string + name: string + description: string + customerType: 'new' | 'existing' + status: 'active' | 'archived' + projectVersion: number + completionPercentage: number + createdAt: string + updatedAt: string +} + +// ============================================================================= +// MACHINE BUILDER PROFILE (IACE) +// ============================================================================= + +export interface MachineBuilderProfile { + // Produkt + productTypes: MachineProductType[] + productDescription: string + productPride: string + containsSoftware: boolean + containsFirmware: boolean + containsAI: boolean + aiIntegrationType: AIIntegrationType[] + + // Sicherheit + hasSafetyFunction: boolean + safetyFunctionDescription: string + autonomousBehavior: boolean + humanOversightLevel: HumanOversightLevel + + // Konnektivitaet + isNetworked: boolean + hasRemoteAccess: boolean + hasOTAUpdates: boolean + updateMechanism: string + + // Markt & Kunden + exportMarkets: string[] + criticalSectorClients: boolean + criticalSectors: CriticalSector[] + oemClients: boolean + + // CE + ceMarkingRequired: boolean + existingCEProcess: boolean + hasRiskAssessment: boolean +} + +// ============================================================================= +// COMPANY PROFILE +// ============================================================================= + +export interface CompanyProfile { + // Basic Info + companyName: string + legalForm: LegalForm + industry: string[] + industryOther: string + foundedYear: number | null + + // Business Model + businessModel: BusinessModel + offerings: OfferingType[] + offeringUrls: Partial> + + // Size & Scope + companySize: CompanySize + employeeCount: string + annualRevenue: string + + // Locations + headquartersCountry: string + headquartersCountryOther: string + headquartersStreet: string + headquartersZip: string + headquartersCity: string + headquartersState: string + hasInternationalLocations: boolean + internationalCountries: string[] + + // Target Markets & Legal Scope + targetMarkets: TargetMarket[] + primaryJurisdiction: string + + // Data Processing Role + isDataController: boolean + isDataProcessor: boolean + + // Contact Persons + dpoName: string | null + dpoEmail: string | null + legalContactName: string | null + legalContactEmail: string | null + + // Machine Builder (IACE) + machineBuilder?: MachineBuilderProfile + + // Completion Status + isComplete: boolean + completedAt: Date | null +} + +// ============================================================================= +// LABEL CONSTANTS +// ============================================================================= + +export const MACHINE_PRODUCT_TYPE_LABELS: Record = { + test_stand: 'Pruefstand', + robot_cell: 'Roboterzelle', + special_machine: 'Sondermaschine', + production_line: 'Produktionslinie', + other: 'Sonstige', +} + +export const AI_INTEGRATION_TYPE_LABELS: Record = { + vision: 'Bildverarbeitung / Machine Vision', + predictive_maintenance: 'Predictive Maintenance', + quality_control: 'Qualitaetskontrolle', + robot_control: 'Robotersteuerung', + process_optimization: 'Prozessoptimierung', + other: 'Sonstige', +} + +export const HUMAN_OVERSIGHT_LABELS: Record = { + full: 'Vollstaendig (Mensch entscheidet immer)', + partial: 'Teilweise (Mensch ueberwacht)', + minimal: 'Minimal (Mensch greift nur bei Stoerung ein)', + none: 'Keine (vollautonomer Betrieb)', +} + +export const CRITICAL_SECTOR_LABELS: Record = { + energy: 'Energie', + water: 'Wasser', + transport: 'Transport / Verkehr', + health: 'Gesundheit', + pharma: 'Pharma', + automotive: 'Automotive', + defense: 'Verteidigung', +} + +export const COMPANY_SIZE_LABELS: Record = { + micro: 'Kleinstunternehmen (< 10 MA)', + small: 'Kleinunternehmen (10-49 MA)', + medium: 'Mittelstand (50-249 MA)', + large: 'Gro\u00dfunternehmen (250-999 MA)', + enterprise: 'Konzern (1000+ MA)', +} + +export const BUSINESS_MODEL_LABELS: Record = { + B2B: { short: 'B2B', description: 'Verkauf an Gesch\u00e4ftskunden' }, + B2C: { short: 'B2C', description: 'Verkauf an Privatkunden' }, + B2B_B2C: { short: 'B2B + B2C', description: 'Verkauf an Gesch\u00e4fts- und Privatkunden' }, + B2B2C: { short: 'B2B2C', description: '\u00dcber Partner an Endkunden (z.B. Plattform, White-Label)' }, +} + +export const OFFERING_TYPE_LABELS: Record = { + app_mobile: { label: 'Mobile App', description: 'iOS/Android Anwendungen' }, + app_web: { label: 'Web-Anwendung', description: 'Browser-basierte Software' }, + website: { label: 'Website', description: 'Informationsseiten, Landing Pages' }, + webshop: { label: 'Online-Shop', description: 'Physische Produkte oder Hardware-Abos verkaufen' }, + hardware: { label: 'Hardware-Verkauf', description: 'Physische Produkte' }, + software_saas: { label: 'SaaS/Cloud', description: 'Software online bereitstellen (auch wenn ueber einen Shop verkauft)' }, + software_onpremise: { label: 'On-Premise Software', description: 'Lokale Installation' }, + services_consulting: { label: 'Beratung', description: 'Consulting, Professional Services' }, + services_agency: { label: 'Agentur', description: 'Marketing, Design, Entwicklung' }, + internal_only: { label: 'Nur intern', description: 'Interne Unternehmensanwendungen' }, +} + +export const TARGET_MARKET_LABELS: Record = { + germany_only: { + label: 'Nur Deutschland', + description: 'Verkauf nur in Deutschland', + regulations: ['DSGVO', 'BDSG', 'TTDSG', 'AI Act'], + }, + dach: { + label: 'DACH-Region', + description: 'Deutschland, \u00d6sterreich, Schweiz', + regulations: ['DSGVO', 'BDSG', 'DSG (AT)', 'DSG (CH)', 'AI Act'], + }, + eu: { + label: 'Europ\u00e4ische Union', + description: 'Alle EU-Mitgliedsstaaten', + regulations: ['DSGVO', 'AI Act', 'NIS2', 'DMA/DSA'], + }, + ewr: { + label: 'EWR', + description: 'EU + Island, Liechtenstein, Norwegen', + regulations: ['DSGVO', 'AI Act', 'NIS2', 'EWR-Sonderregelungen'], + }, + eu_uk: { + label: 'EU + Gro\u00dfbritannien', + description: 'EU plus Vereinigtes K\u00f6nigreich', + regulations: ['DSGVO', 'UK GDPR', 'AI Act', 'UK AI Framework'], + }, + worldwide: { + label: 'Weltweit', + description: 'Globaler Verkauf/Betrieb', + regulations: ['DSGVO', 'CCPA', 'LGPD', 'POPIA', 'und weitere...'], + }, +} diff --git a/admin-compliance/lib/sdk/types/compliance.ts b/admin-compliance/lib/sdk/types/compliance.ts new file mode 100644 index 0000000..9bdc568 --- /dev/null +++ b/admin-compliance/lib/sdk/types/compliance.ts @@ -0,0 +1,383 @@ +/** + * Compliance, risk management, AI Act, obligations, DSFA, TOM, retention, + * VVT, legal documents, cookie banner, consent, DSR, and escalation types. + * + * These are the core domain data structures referenced by SDKState. + */ + +import type { + RiskSeverity, + RequirementStatus, + ControlType, + ImplementationStatus, + EvidenceType, + RiskLikelihood, + RiskImpact, + RiskStatus, + MitigationType, + AIActRiskCategory, + DSFAStatus, + CookieBannerStyle, + CookieBannerPosition, + CookieBannerTheme, + CommandType, +} from './enums' + +// ============================================================================= +// COMPLIANCE +// ============================================================================= + +export interface ServiceModule { + id: string + name: string + description: string + regulations: string[] + criticality: RiskSeverity + processesPersonalData: boolean + hasAIComponents: boolean +} + +export interface Requirement { + id: string + regulation: string + article: string + title: string + description: string + criticality: RiskSeverity + applicableModules: string[] + status: RequirementStatus + controls: string[] +} + +export interface Control { + id: string + name: string + description: string + type: ControlType + category: string + implementationStatus: ImplementationStatus + effectiveness: RiskSeverity + evidence: string[] + owner: string | null + dueDate: Date | null +} + +export interface Evidence { + id: string + controlId: string + type: EvidenceType + name: string + description: string + fileUrl: string | null + validFrom: Date + validUntil: Date | null + uploadedBy: string + uploadedAt: Date +} + +export interface ChecklistItem { + id: string + requirementId: string + title: string + description: string + status: 'PENDING' | 'PASSED' | 'FAILED' | 'NOT_APPLICABLE' + notes: string + verifiedBy: string | null + verifiedAt: Date | null +} + +// ============================================================================= +// RISK MANAGEMENT +// ============================================================================= + +export interface RiskMitigation { + id: string + description: string + type: MitigationType + status: 'PLANNED' | 'IN_PROGRESS' | 'COMPLETED' + effectiveness: number // 0-100 + controlId: string | null +} + +export interface Risk { + id: string + title: string + description: string + category: string + likelihood: RiskLikelihood + impact: RiskImpact + severity: RiskSeverity + inherentRiskScore: number + residualRiskScore: number + status: RiskStatus + mitigation: RiskMitigation[] + owner: string | null + relatedControls: string[] + relatedRequirements: string[] +} + +// ============================================================================= +// AI ACT & OBLIGATIONS +// ============================================================================= + +export interface AIActObligation { + id: string + article: string + title: string + description: string + deadline: Date | null + status: 'PENDING' | 'IN_PROGRESS' | 'COMPLETED' +} + +export interface AIActResult { + riskCategory: AIActRiskCategory + systemType: string + obligations: AIActObligation[] + assessmentDate: Date + assessedBy: string + justification: string +} + +export interface Obligation { + id: string + regulation: string + article: string + title: string + description: string + deadline: Date | null + penalty: string | null + status: 'PENDING' | 'IN_PROGRESS' | 'COMPLETED' + responsible: string | null +} + +// ============================================================================= +// DSFA +// ============================================================================= + +export interface DSFASection { + id: string + title: string + content: string + status: 'DRAFT' | 'COMPLETED' + order: number +} + +export interface DSFAApproval { + id: string + approver: string + role: string + status: 'PENDING' | 'APPROVED' | 'REJECTED' + comment: string | null + approvedAt: Date | null +} + +export interface DSFA { + id: string + status: DSFAStatus + version: number + sections: DSFASection[] + approvals: DSFAApproval[] + createdAt: Date + updatedAt: Date +} + +// ============================================================================= +// TOMs & RETENTION +// ============================================================================= + +export interface TOM { + id: string + category: string + name: string + description: string + type: 'TECHNICAL' | 'ORGANIZATIONAL' + implementationStatus: ImplementationStatus + priority: RiskSeverity + responsiblePerson: string | null + implementationDate: Date | null + reviewDate: Date | null + evidence: string[] +} + +export interface RetentionPolicy { + id: string + dataCategory: string + description: string + legalBasis: string + retentionPeriod: string + deletionMethod: string + exceptions: string[] +} + +// ============================================================================= +// VVT (Processing Register) +// ============================================================================= + +export interface ProcessingActivity { + id: string + name: string + purpose: string + legalBasis: string + dataCategories: string[] + dataSubjects: string[] + recipients: string[] + thirdCountryTransfers: boolean + retentionPeriod: string + technicalMeasures: string[] + organizationalMeasures: string[] +} + +// ============================================================================= +// LEGAL DOCUMENTS +// ============================================================================= + +export interface LegalDocument { + id: string + type: 'AGB' | 'PRIVACY_POLICY' | 'TERMS_OF_USE' | 'IMPRINT' | 'COOKIE_POLICY' + title: string + content: string + version: string + status: 'DRAFT' | 'PUBLISHED' | 'ARCHIVED' + publishedAt: Date | null + createdAt: Date + updatedAt: Date +} + +// ============================================================================= +// COOKIE BANNER +// ============================================================================= + +export interface Cookie { + id: string + name: string + provider: string + purpose: string + expiry: string + type: 'NECESSARY' | 'FUNCTIONAL' | 'ANALYTICS' | 'MARKETING' +} + +export interface CookieCategory { + id: string + name: string + description: string + required: boolean + cookies: Cookie[] +} + +export interface CookieBannerTexts { + title: string + description: string + acceptAll: string + rejectAll: string + settings: string + save: string +} + +export interface CookieBannerGeneratedCode { + html: string + css: string + js: string +} + +export interface CookieBannerConfig { + id: string + style: CookieBannerStyle + position: CookieBannerPosition + theme: CookieBannerTheme + texts: CookieBannerTexts + categories: CookieCategory[] + generatedCode: CookieBannerGeneratedCode | null +} + +// ============================================================================= +// CONSENT & DSR +// ============================================================================= + +export interface ConsentRecord { + id: string + userId: string + documentId: string + documentVersion: string + consentType: string + granted: boolean + grantedAt: Date + revokedAt: Date | null + ipAddress: string | null + userAgent: string | null +} + +export interface DSRRequest { + id: string + type: 'ACCESS' | 'RECTIFICATION' | 'ERASURE' | 'PORTABILITY' | 'RESTRICTION' | 'OBJECTION' + status: 'RECEIVED' | 'VERIFIED' | 'PROCESSING' | 'COMPLETED' | 'REJECTED' + requesterEmail: string + requesterName: string + requestedAt: Date + dueDate: Date + completedAt: Date | null + notes: string +} + +export interface DSRConfig { + id: string + enabled: boolean + portalUrl: string + emailTemplates: Record + automatedResponses: boolean + verificationRequired: boolean +} + +// ============================================================================= +// ESCALATIONS +// ============================================================================= + +export interface EscalationWorkflow { + id: string + name: string + description: string + triggerConditions: string[] + steps: EscalationStep[] + enabled: boolean +} + +export interface EscalationStep { + id: string + order: number + action: string + assignee: string + timeLimit: string // ISO 8601 Duration + escalateOnTimeout: boolean +} + +// ============================================================================= +// COMMAND BAR & USER PREFERENCES +// ============================================================================= + +export interface CommandSuggestion { + id: string + type: CommandType + label: string + description: string + shortcut?: string + icon?: string + action: () => void | Promise + relevanceScore: number +} + +export interface CommandHistory { + id: string + query: string + type: CommandType + timestamp: Date + success: boolean +} + +export interface UserPreferences { + language: 'de' | 'en' + theme: 'light' | 'dark' | 'system' + compactMode: boolean + showHints: boolean + autoSave: boolean + autoValidate: boolean + allowParallelWork: boolean +} diff --git a/admin-compliance/lib/sdk/types/document-generator.ts b/admin-compliance/lib/sdk/types/document-generator.ts new file mode 100644 index 0000000..c4ede5b --- /dev/null +++ b/admin-compliance/lib/sdk/types/document-generator.ts @@ -0,0 +1,468 @@ +/** + * Document generator types (Legal Templates RAG), DSFA RAG types, + * and Compliance Wiki types. + */ + +import type { CompanyProfile } from './company-profile' + +// ============================================================================= +// DOCUMENT GENERATOR (Legal Templates RAG) +// ============================================================================= + +export type LicenseType = + | 'public_domain' + | 'cc0' + | 'unlicense' + | 'mit' + | 'cc_by_4' + | 'reuse_notice' + +export type TemplateType = + | 'privacy_policy' + | 'terms_of_service' + | 'agb' + | 'cookie_banner' + | 'cookie_policy' + | 'impressum' + | 'widerruf' + | 'dpa' + | 'sla' + | 'nda' + | 'cloud_service_agreement' + | 'data_usage_clause' + | 'acceptable_use' + | 'community_guidelines' + | 'copyright_policy' + | 'clause' + | 'dsfa' + +export type Jurisdiction = 'DE' | 'AT' | 'CH' | 'EU' | 'US' | 'INTL' + +export interface LegalTemplateResult { + id: string + score: number + text: string + documentTitle: string | null + templateType: TemplateType | null + clauseCategory: string | null + language: 'de' | 'en' + jurisdiction: Jurisdiction | null + licenseId: LicenseType | null + licenseName: string | null + licenseUrl: string | null + attributionRequired: boolean + attributionText: string | null + sourceName: string | null + sourceUrl: string | null + sourceRepo: string | null + placeholders: string[] + isCompleteDocument: boolean + isModular: boolean + requiresCustomization: boolean + outputAllowed: boolean + modificationAllowed: boolean + distortionProhibited: boolean +} + +export interface TemplateReference { + templateId: string + sourceName: string + sourceUrl: string + licenseId: LicenseType + licenseName: string + attributionRequired: boolean + attributionText: string | null + usedAt: string +} + +export interface GeneratedDocument { + id: string + documentType: TemplateType + title: string + content: string + language: 'de' | 'en' + jurisdiction: Jurisdiction + usedTemplates: TemplateReference[] + attributionFooter: string + placeholderValues: Record + customizations: DocumentCustomization[] + generatedAt: string + generatedBy: string + version: number +} + +export interface DocumentCustomization { + type: 'add_section' | 'modify_section' | 'remove_section' | 'replace_placeholder' + section: string | null + originalText: string | null + newText: string | null + reason: string | null + appliedAt: string +} + +export interface DocumentGeneratorState { + searchQuery: string + searchResults: LegalTemplateResult[] + selectedTemplates: string[] + currentDocumentType: TemplateType | null + currentLanguage: 'de' | 'en' + currentJurisdiction: Jurisdiction + editorContent: string + editorMode: 'preview' | 'edit' + unsavedChanges: boolean + placeholderValues: Record + generatedDocuments: GeneratedDocument[] + isGenerating: boolean + isSearching: boolean + lastError: string | null +} + +export interface TemplateSearchRequest { + query: string + templateType?: TemplateType + licenseTypes?: LicenseType[] + language?: 'de' | 'en' + jurisdiction?: Jurisdiction + attributionRequired?: boolean + limit?: number +} + +export interface DocumentGenerationRequest { + documentType: TemplateType + language: 'de' | 'en' + jurisdiction: Jurisdiction + templateIds: string[] + placeholderValues: Record + companyProfile?: Partial + additionalContext?: string +} + +export interface TemplateSource { + name: string + description: string + licenseType: LicenseType + licenseName: string + templateTypes: TemplateType[] + languages: ('de' | 'en')[] + jurisdiction: Jurisdiction + repoUrl: string | null + webUrl: string | null + priority: number + enabled: boolean + attributionRequired: boolean +} + +export interface TemplateIngestionStatus { + running: boolean + lastRun: string | null + currentSource: string | null + results: Record +} + +export interface SourceIngestionResult { + status: 'pending' | 'running' | 'completed' | 'failed' + documentsFound: number + chunksIndexed: number + errors: string[] +} + +export interface TemplateCollectionStats { + collection: string + vectorsCount: number + pointsCount: number + status: string + templateTypes: Record + languages: Record + licenses: Record +} + +// ============================================================================= +// LABEL CONSTANTS +// ============================================================================= + +export const DEFAULT_PLACEHOLDERS: Record = { + '[COMPANY_NAME]': '', + '[FIRMENNAME]': '', + '[ADDRESS]': '', + '[ADRESSE]': '', + '[EMAIL]': '', + '[PHONE]': '', + '[TELEFON]': '', + '[WEBSITE]': '', + '[LEGAL_REPRESENTATIVE]': '', + '[GESCHAEFTSFUEHRER]': '', + '[REGISTER_COURT]': '', + '[REGISTERGERICHT]': '', + '[REGISTER_NUMBER]': '', + '[REGISTERNUMMER]': '', + '[VAT_ID]': '', + '[UST_ID]': '', + '[DPO_NAME]': '', + '[DSB_NAME]': '', + '[DPO_EMAIL]': '', + '[DSB_EMAIL]': '', +} + +export const TEMPLATE_TYPE_LABELS: Record = { + privacy_policy: 'Datenschutzerkl\u00e4rung', + terms_of_service: 'Nutzungsbedingungen', + agb: 'Allgemeine Gesch\u00e4ftsbedingungen', + cookie_banner: 'Cookie-Banner', + cookie_policy: 'Cookie-Richtlinie', + impressum: 'Impressum', + widerruf: 'Widerrufsbelehrung', + dpa: 'Auftragsverarbeitungsvertrag', + sla: 'Service Level Agreement', + nda: 'Geheimhaltungsvereinbarung', + cloud_service_agreement: 'Cloud-Dienstleistungsvertrag', + data_usage_clause: 'Datennutzungsklausel', + acceptable_use: 'Acceptable Use Policy', + community_guidelines: 'Community-Richtlinien', + copyright_policy: 'Urheberrechtsrichtlinie', + clause: 'Vertragsklausel', + dsfa: 'Datenschutz-Folgenabsch\u00e4tzung', +} + +export const LICENSE_TYPE_LABELS: Record = { + public_domain: 'Public Domain (\u00a75 UrhG)', + cc0: 'CC0 1.0 Universal', + unlicense: 'Unlicense', + mit: 'MIT License', + cc_by_4: 'CC BY 4.0 International', + reuse_notice: 'EU Reuse Notice', +} + +export const JURISDICTION_LABELS: Record = { + DE: 'Deutschland', + AT: '\u00d6sterreich', + CH: 'Schweiz', + EU: 'Europ\u00e4ische Union', + US: 'United States', + INTL: 'International', +} + +// ============================================================================= +// DSFA RAG TYPES (Source Attribution & Corpus Management) +// ============================================================================= + +export type DSFALicenseCode = + | 'DL-DE-BY-2.0' + | 'DL-DE-ZERO-2.0' + | 'CC-BY-4.0' + | 'EDPB-LICENSE' + | 'PUBLIC_DOMAIN' + | 'PROPRIETARY' + +export type DSFADocumentType = 'guideline' | 'checklist' | 'regulation' | 'template' + +export type DSFACategory = + | 'threshold_analysis' + | 'risk_assessment' + | 'mitigation' + | 'consultation' + | 'documentation' + | 'process' + | 'criteria' + +export interface DSFASource { + id: string + sourceCode: string + name: string + fullName?: string + organization?: string + sourceUrl?: string + eurLexCelex?: string + licenseCode: DSFALicenseCode + licenseName: string + licenseUrl?: string + attributionRequired: boolean + attributionText: string + documentType?: DSFADocumentType + language: string +} + +export interface DSFADocument { + id: string + sourceId: string + title: string + description?: string + fileName?: string + fileType?: string + fileSizeBytes?: number + minioBucket: string + minioPath?: string + originalUrl?: string + ocrProcessed: boolean + textExtracted: boolean + chunksGenerated: number + lastIndexedAt?: string + metadata: Record + createdAt: string + updatedAt: string +} + +export interface DSFAChunk { + chunkId: string + content: string + sectionTitle?: string + pageNumber?: number + category?: DSFACategory + documentId: string + documentTitle?: string + sourceId: string + sourceCode: string + sourceName: string + attributionText: string + licenseCode: DSFALicenseCode + licenseName: string + licenseUrl?: string + attributionRequired: boolean + sourceUrl?: string + documentType?: DSFADocumentType +} + +export interface DSFASearchResult { + chunkId: string + content: string + score: number + sourceCode: string + sourceName: string + attributionText: string + licenseCode: DSFALicenseCode + licenseName: string + licenseUrl?: string + attributionRequired: boolean + sourceUrl?: string + documentType?: DSFADocumentType + category?: DSFACategory + sectionTitle?: string + pageNumber?: number +} + +export interface DSFASearchResponse { + query: string + results: DSFASearchResult[] + totalResults: number + licensesUsed: string[] + attributionNotice: string +} + +export interface DSFASourceStats { + sourceId: string + sourceCode: string + name: string + organization?: string + licenseCode: DSFALicenseCode + documentType?: DSFADocumentType + documentCount: number + chunkCount: number + lastIndexedAt?: string +} + +export interface DSFACorpusStats { + sources: DSFASourceStats[] + totalSources: number + totalDocuments: number + totalChunks: number + qdrantCollection: string + qdrantPointsCount: number + qdrantStatus: string +} + +export interface DSFALicenseInfo { + code: DSFALicenseCode + name: string + url?: string + attributionRequired: boolean + modificationAllowed: boolean + commercialUse: boolean +} + +export interface DSFAIngestRequest { + documentUrl?: string + documentText?: string + title?: string +} + +export interface DSFAIngestResponse { + sourceCode: string + documentId?: string + chunksCreated: number + message: string +} + +export interface SourceAttributionProps { + sources: Array<{ + sourceCode: string + sourceName: string + attributionText: string + licenseCode: DSFALicenseCode + sourceUrl?: string + score?: number + }> + compact?: boolean + showScores?: boolean +} + +export const DSFA_LICENSE_LABELS: Record = { + 'DL-DE-BY-2.0': 'Datenlizenz DE \u2013 Namensnennung 2.0', + 'DL-DE-ZERO-2.0': 'Datenlizenz DE \u2013 Zero 2.0', + 'CC-BY-4.0': 'CC BY 4.0 International', + 'EDPB-LICENSE': 'EDPB Document License', + 'PUBLIC_DOMAIN': 'Public Domain', + 'PROPRIETARY': 'Proprietary', +} + +export const DSFA_DOCUMENT_TYPE_LABELS: Record = { + guideline: 'Leitlinie', + checklist: 'Pr\u00fcfliste', + regulation: 'Verordnung', + template: 'Vorlage', +} + +export const DSFA_CATEGORY_LABELS: Record = { + threshold_analysis: 'Schwellwertanalyse', + risk_assessment: 'Risikobewertung', + mitigation: 'Risikominderung', + consultation: 'Beh\u00f6rdenkonsultation', + documentation: 'Dokumentation', + process: 'Prozessschritte', + criteria: 'Kriterien', +} + +// ============================================================================= +// COMPLIANCE WIKI +// ============================================================================= + +export interface WikiCategory { + id: string + name: string + description: string + icon: string + sortOrder: number + articleCount: number +} + +export interface WikiArticle { + id: string + categoryId: string + categoryName: string + title: string + summary: string + content: string + legalRefs: string[] + tags: string[] + relevance: 'critical' | 'important' | 'info' + sourceUrls: string[] + version: number + updatedAt: string +} + +export interface WikiSearchResult { + id: string + title: string + summary: string + categoryName: string + relevance: string + highlight: string +} diff --git a/admin-compliance/lib/sdk/types/enums.ts b/admin-compliance/lib/sdk/types/enums.ts new file mode 100644 index 0000000..c88530b --- /dev/null +++ b/admin-compliance/lib/sdk/types/enums.ts @@ -0,0 +1,98 @@ +/** + * Base type aliases and enums for the AI Compliance SDK. + */ + +export type SubscriptionTier = 'FREE' | 'STARTER' | 'PROFESSIONAL' | 'ENTERPRISE' + +export type SDKPhase = 1 | 2 + +export type SDKPackageId = 'vorbereitung' | 'analyse' | 'dokumentation' | 'rechtliche-texte' | 'betrieb' + +export type CustomerType = 'new' | 'existing' + +export type CheckpointType = 'REQUIRED' | 'RECOMMENDED' | 'OPTIONAL' + +export type ReviewerType = 'NONE' | 'TEAM_LEAD' | 'DSB' | 'LEGAL' + +export type ValidationSeverity = 'ERROR' | 'WARNING' | 'INFO' + +export type RiskSeverity = 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL' + +export type RiskLikelihood = 1 | 2 | 3 | 4 | 5 + +export type RiskImpact = 1 | 2 | 3 | 4 | 5 + +export type ImplementationStatus = 'NOT_IMPLEMENTED' | 'PARTIAL' | 'IMPLEMENTED' + +export type RequirementStatus = 'NOT_STARTED' | 'IN_PROGRESS' | 'IMPLEMENTED' | 'VERIFIED' + +export type ControlType = 'TECHNICAL' | 'ORGANIZATIONAL' | 'PHYSICAL' + +export type EvidenceType = 'DOCUMENT' | 'SCREENSHOT' | 'LOG' | 'CERTIFICATE' | 'AUDIT_REPORT' + +export type RiskStatus = 'IDENTIFIED' | 'ASSESSED' | 'MITIGATED' | 'ACCEPTED' | 'CLOSED' + +export type MitigationType = 'AVOID' | 'TRANSFER' | 'MITIGATE' | 'ACCEPT' + +export type AIActRiskCategory = 'MINIMAL' | 'LIMITED' | 'HIGH' | 'UNACCEPTABLE' + +export type DSFAStatus = 'DRAFT' | 'IN_REVIEW' | 'APPROVED' | 'REJECTED' + +export type ScreeningStatus = 'PENDING' | 'RUNNING' | 'COMPLETED' | 'FAILED' + +export type SecurityIssueSeverity = 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW' + +export type SecurityIssueStatus = 'OPEN' | 'IN_PROGRESS' | 'RESOLVED' | 'ACCEPTED' + +export type CookieBannerStyle = 'BANNER' | 'MODAL' | 'FLOATING' + +export type CookieBannerPosition = 'TOP' | 'BOTTOM' | 'CENTER' + +export type CookieBannerTheme = 'LIGHT' | 'DARK' | 'CUSTOM' + +export type CommandType = 'ACTION' | 'NAVIGATION' | 'SEARCH' | 'GENERATE' | 'HELP' + +export type BusinessModel = 'B2B' | 'B2C' | 'B2B_B2C' | 'B2B2C' + +export type OfferingType = + | 'app_mobile' + | 'app_web' + | 'website' + | 'webshop' + | 'hardware' + | 'software_saas' + | 'software_onpremise' + | 'services_consulting' + | 'services_agency' + | 'internal_only' + +export type TargetMarket = + | 'germany_only' + | 'dach' + | 'eu' + | 'ewr' + | 'eu_uk' + | 'worldwide' + +export type CompanySize = 'micro' | 'small' | 'medium' | 'large' | 'enterprise' + +export type LegalForm = + | 'einzelunternehmen' + | 'gbr' + | 'ohg' + | 'kg' + | 'gmbh' + | 'ug' + | 'ag' + | 'gmbh_co_kg' + | 'ev' + | 'stiftung' + | 'other' + +export type MachineProductType = 'test_stand' | 'robot_cell' | 'special_machine' | 'production_line' | 'other' + +export type AIIntegrationType = 'vision' | 'predictive_maintenance' | 'quality_control' | 'robot_control' | 'process_optimization' | 'other' + +export type HumanOversightLevel = 'full' | 'partial' | 'minimal' | 'none' + +export type CriticalSector = 'energy' | 'water' | 'transport' | 'health' | 'pharma' | 'automotive' | 'defense' diff --git a/admin-compliance/lib/sdk/types/helpers.ts b/admin-compliance/lib/sdk/types/helpers.ts new file mode 100644 index 0000000..dba61c6 --- /dev/null +++ b/admin-compliance/lib/sdk/types/helpers.ts @@ -0,0 +1,194 @@ +/** + * Helper functions for SDK navigation, risk calculation, and package management. + */ + +import type { SDKPhase, SDKPackageId, CustomerType, RiskLikelihood, RiskImpact, RiskSeverity } from './enums' +import type { SDKStep, SDKPackage, SDK_PACKAGES } from './sdk-flow' +import type { SDK_STEPS } from './sdk-steps' +import type { SDKState } from './sdk-state' +import type { Risk } from './compliance' + +// Re-import values (not just types) for runtime use +import { SDK_PACKAGES as _SDK_PACKAGES } from './sdk-flow' +import { SDK_STEPS as _SDK_STEPS } from './sdk-steps' + +// ============================================================================= +// STEP HELPERS +// ============================================================================= + +export function getStepById(stepId: string): SDKStep | undefined { + return _SDK_STEPS.find(s => s.id === stepId) +} + +export function getStepByUrl(url: string): SDKStep | undefined { + return _SDK_STEPS.find(s => s.url === url) +} + +export function getStepsForPhase(phase: SDKPhase): SDKStep[] { + return _SDK_STEPS.filter(s => s.phase === phase).sort((a, b) => a.seq - b.seq) +} + +// Alle Steps global nach seq sortiert +function getAllStepsSorted(): SDKStep[] { + return [..._SDK_STEPS].sort((a, b) => a.seq - b.seq) +} + +// Sichtbare Steps (state-abhaengig) +export function getVisibleSteps(state: SDKState): SDKStep[] { + return getAllStepsSorted().filter(step => { + if (step.visibleWhen) return step.visibleWhen(state) + return true + }) +} + +// Naechster sichtbarer Step +export function getNextVisibleStep(currentStepId: string, state: SDKState): SDKStep | undefined { + const visible = getVisibleSteps(state) + const idx = visible.findIndex(s => s.id === currentStepId) + if (idx >= 0 && idx < visible.length - 1) return visible[idx + 1] + return undefined +} + +// Vorheriger sichtbarer Step +export function getPreviousVisibleStep(currentStepId: string, state: SDKState): SDKStep | undefined { + const visible = getVisibleSteps(state) + const idx = visible.findIndex(s => s.id === currentStepId) + if (idx > 0) return visible[idx - 1] + return undefined +} + +export function getNextStep(currentStepId: string, state?: SDKState): SDKStep | undefined { + if (!state) { + // Fallback: seq-sortiert ohne Sichtbarkeitspruefung + const sorted = getAllStepsSorted() + const idx = sorted.findIndex(s => s.id === currentStepId) + if (idx >= 0 && idx < sorted.length - 1) return sorted[idx + 1] + return undefined + } + return getNextVisibleStep(currentStepId, state) +} + +export function getPreviousStep(currentStepId: string, state?: SDKState): SDKStep | undefined { + if (!state) { + const sorted = getAllStepsSorted() + const idx = sorted.findIndex(s => s.id === currentStepId) + if (idx > 0) return sorted[idx - 1] + return undefined + } + return getPreviousVisibleStep(currentStepId, state) +} + +// ============================================================================= +// RISK HELPERS +// ============================================================================= + +export function calculateRiskScore(likelihood: RiskLikelihood, impact: RiskImpact): number { + return likelihood * impact +} + +export function getRiskSeverityFromScore(score: number): RiskSeverity { + if (score >= 20) return 'CRITICAL' + if (score >= 12) return 'HIGH' + if (score >= 6) return 'MEDIUM' + return 'LOW' +} + +export function calculateResidualRisk(risk: Risk): number { + const inherentScore = calculateRiskScore(risk.likelihood, risk.impact) + const totalEffectiveness = risk.mitigation + .filter(m => m.status === 'COMPLETED') + .reduce((sum, m) => sum + m.effectiveness, 0) + + const effectivenessMultiplier = Math.min(totalEffectiveness, 100) / 100 + return Math.max(1, Math.round(inherentScore * (1 - effectivenessMultiplier))) +} + +// ============================================================================= +// COMPLETION HELPERS +// ============================================================================= + +export function getCompletionPercentage(state: SDKState): number { + const totalSteps = _SDK_STEPS.length + const completedSteps = state.completedSteps.length + return Math.round((completedSteps / totalSteps) * 100) +} + +export function getPhaseCompletionPercentage(state: SDKState, phase: SDKPhase): number { + const phaseSteps = getStepsForPhase(phase) + const completedPhaseSteps = phaseSteps.filter(s => state.completedSteps.includes(s.id)) + return Math.round((completedPhaseSteps.length / phaseSteps.length) * 100) +} + +// ============================================================================= +// PACKAGE HELPERS +// ============================================================================= + +export function getPackageById(packageId: SDKPackageId): SDKPackage | undefined { + return _SDK_PACKAGES.find(p => p.id === packageId) +} + +export function getStepsForPackage(packageId: SDKPackageId): SDKStep[] { + return _SDK_STEPS.filter(s => s.package === packageId).sort((a, b) => a.seq - b.seq) +} + +export function getPackageCompletionPercentage(state: SDKState, packageId: SDKPackageId): number { + const packageSteps = getStepsForPackage(packageId) + if (packageSteps.length === 0) return 0 + const completedPackageSteps = packageSteps.filter(s => state.completedSteps.includes(s.id)) + return Math.round((completedPackageSteps.length / packageSteps.length) * 100) +} + +export function getCurrentPackage(currentStepId: string): SDKPackage | undefined { + const step = getStepById(currentStepId) + if (!step) return undefined + return getPackageById(step.package) +} + +export function getNextPackageStep(currentStepId: string): SDKStep | undefined { + const currentStep = getStepById(currentStepId) + if (!currentStep) return undefined + + const packageSteps = getStepsForPackage(currentStep.package) + const currentIndex = packageSteps.findIndex(s => s.id === currentStepId) + + // Next step in same package + if (currentIndex < packageSteps.length - 1) { + return packageSteps[currentIndex + 1] + } + + // Move to next package + const currentPackage = getPackageById(currentStep.package) + if (!currentPackage) return undefined + + const nextPackage = _SDK_PACKAGES.find(p => p.order === currentPackage.order + 1) + if (!nextPackage) return undefined + + const nextPackageSteps = getStepsForPackage(nextPackage.id) + return nextPackageSteps[0] +} + +export function isPackageUnlocked(state: SDKState, packageId: SDKPackageId): boolean { + if (state.preferences?.allowParallelWork) return true + + const currentPackage = getPackageById(packageId) + if (!currentPackage) return false + + // First package is always unlocked + if (currentPackage.order === 1) return true + + // Previous package must be completed + const prevPackage = _SDK_PACKAGES.find(p => p.order === currentPackage.order - 1) + if (!prevPackage) return true + + return getPackageCompletionPercentage(state, prevPackage.id) === 100 +} + +/** @deprecated Use getVisibleSteps(state) instead */ +export function getVisibleStepsForCustomerType(customerType: CustomerType): SDKStep[] { + return getAllStepsSorted().filter(step => { + if (step.id === 'import') { + return customerType === 'existing' + } + return true + }) +} diff --git a/admin-compliance/lib/sdk/types/iace.ts b/admin-compliance/lib/sdk/types/iace.ts new file mode 100644 index 0000000..84ba55e --- /dev/null +++ b/admin-compliance/lib/sdk/types/iace.ts @@ -0,0 +1,23 @@ +/** + * IACE (Industrial AI Compliance Engine) project types. + */ + +import type { MachineProductType } from './enums' + +export type IACEProjectStatus = 'draft' | 'onboarding' | 'classification' | 'hazard_analysis' | 'mitigation' | 'verification' | 'tech_file' | 'completed' | 'archived' + +export interface IACEProjectSummary { + id: string + machineName: string + machineType: MachineProductType + status: IACEProjectStatus + completenessScore: number + riskSummary: { + critical: number + high: number + medium: number + low: number + } + createdAt: string + updatedAt: string +} diff --git a/admin-compliance/lib/sdk/types/index.ts b/admin-compliance/lib/sdk/types/index.ts new file mode 100644 index 0000000..2e7ba5d --- /dev/null +++ b/admin-compliance/lib/sdk/types/index.ts @@ -0,0 +1,18 @@ +/** + * AI Compliance SDK - TypeScript Interfaces + * + * Barrel re-export of all domain modules. + * Existing imports like `import { CompanyProfile, SDKState } from '@/lib/sdk/types'` + * continue to work unchanged. + */ + +export * from './enums' +export * from './company-profile' +export * from './sdk-flow' +export * from './sdk-steps' +export * from './assessment' +export * from './compliance' +export * from './sdk-state' +export * from './iace' +export * from './helpers' +export * from './document-generator' diff --git a/admin-compliance/lib/sdk/types/sdk-flow.ts b/admin-compliance/lib/sdk/types/sdk-flow.ts new file mode 100644 index 0000000..25b0fc2 --- /dev/null +++ b/admin-compliance/lib/sdk/types/sdk-flow.ts @@ -0,0 +1,104 @@ +/** + * SDK flow, navigation, coverage assessment, and package definitions. + * + * The SDK_STEPS array lives in ./sdk-steps.ts to keep both files under 500 LOC. + */ + +import type { SDKPackageId } from './enums' +import type { SDKState } from './sdk-state' + +// ============================================================================= +// SDK COVERAGE +// ============================================================================= + +export interface SDKCoverageAssessment { + isFullyCovered: boolean + coveredRegulations: string[] + partiallyCoveredRegulations: string[] + notCoveredRegulations: string[] + requiresLegalCounsel: boolean + reasons: string[] + recommendations: string[] +} + +// ============================================================================= +// SDK PACKAGES +// ============================================================================= + +export interface SDKPackage { + id: SDKPackageId + order: number + name: string + nameShort: string + description: string + icon: string + result: string +} + +export const SDK_PACKAGES: SDKPackage[] = [ + { + id: 'vorbereitung', + order: 1, + name: 'Vorbereitung', + nameShort: 'Vorbereitung', + description: 'Grundlagen erfassen, Ausgangssituation verstehen', + icon: '\uD83C\uDFAF', + result: 'Klares Verst\u00e4ndnis, welche Regulierungen greifen', + }, + { + id: 'analyse', + order: 2, + name: 'Analyse', + nameShort: 'Analyse', + description: 'Risiken erkennen, Anforderungen ableiten', + icon: '\uD83D\uDD0D', + result: 'Vollst\u00e4ndige Risikobewertung, Audit-Ready', + }, + { + id: 'dokumentation', + order: 3, + name: 'Dokumentation', + nameShort: 'Doku', + description: 'Rechtliche Pflichtnachweise erstellen', + icon: '\uD83D\uDCCB', + result: 'DSFA, TOMs, VVT, L\u00f6schkonzept', + }, + { + id: 'rechtliche-texte', + order: 4, + name: 'Rechtliche Texte', + nameShort: 'Legal', + description: 'Kundenf\u00e4hige Dokumente generieren', + icon: '\uD83D\uDCDD', + result: 'AGB, DSI, Nutzungsbedingungen, Cookie-Banner (Code)', + }, + { + id: 'betrieb', + order: 5, + name: 'Betrieb', + nameShort: 'Betrieb', + description: 'Laufender Compliance-Betrieb', + icon: '\u2699\uFE0F', + result: 'DSR-Portal, Eskalationsprozesse, Vendor-Management', + }, +] + +// ============================================================================= +// SDK STEP (interface only — data in sdk-steps.ts) +// ============================================================================= + +export interface SDKStep { + id: string + seq: number + phase: 1 | 2 + package: SDKPackageId + order: number + name: string + nameShort: string + description: string + url: string + checkpointId: string + prerequisiteSteps: string[] + isOptional: boolean + visibleWhen?: (state: SDKState) => boolean +} diff --git a/admin-compliance/lib/sdk/types/sdk-state.ts b/admin-compliance/lib/sdk/types/sdk-state.ts new file mode 100644 index 0000000..3e9c128 --- /dev/null +++ b/admin-compliance/lib/sdk/types/sdk-state.ts @@ -0,0 +1,192 @@ +/** + * Central SDKState interface and SDKAction discriminated union. + */ + +import type { CustomCatalogs, CatalogId, CustomCatalogEntry } from '../catalog-manager/types' +import type { SubscriptionTier, SDKPhase, CustomerType } from './enums' +import type { ProjectInfo, CompanyProfile } from './company-profile' +import type { + CheckpointStatus, + UseCaseAssessment, + ScreeningResult, + SecurityIssue, + BacklogItem, + SBOM, + ImportedDocument, + GapAnalysis, + RAGCorpusStatus, +} from './assessment' +import type { + ServiceModule, + Requirement, + Control, + Evidence, + ChecklistItem, + Risk, + AIActResult, + Obligation, + DSFA, + TOM, + RetentionPolicy, + ProcessingActivity, + LegalDocument, + CookieBannerConfig, + ConsentRecord, + DSRConfig, + EscalationWorkflow, + CommandHistory, + UserPreferences, +} from './compliance' +import type { IACEProjectSummary } from './iace' + +// ============================================================================= +// SDK STATE +// ============================================================================= + +export interface SDKState { + // Metadata + version: string + projectVersion: number + lastModified: Date + + // Tenant & User + tenantId: string + userId: string + subscription: SubscriptionTier + + // Project Context (Multi-Projekt) + projectId: string + projectInfo: ProjectInfo | null + + // Customer Type (new vs existing) + customerType: CustomerType | null + + // Company Profile (collected before use cases) + companyProfile: CompanyProfile | null + + // Compliance Scope (determines depth level L1-L4) + complianceScope: import('../compliance-scope-types').ComplianceScopeState | null + + // Source Policy (checkpoint tracking — actual data in backend) + sourcePolicy: { + configured: boolean + sourcesCount: number + piiRulesCount: number + lastAuditAt: string | null + } | null + + // Progress + currentPhase: SDKPhase + currentStep: string + completedSteps: string[] + checkpoints: Record + + // Imported Documents (for existing customers) + importedDocuments: ImportedDocument[] + gapAnalysis: GapAnalysis | null + + // Phase 1 Data + useCases: UseCaseAssessment[] + activeUseCase: string | null + screening: ScreeningResult | null + modules: ServiceModule[] + requirements: Requirement[] + controls: Control[] + evidence: Evidence[] + checklist: ChecklistItem[] + risks: Risk[] + + // Phase 2 Data + aiActClassification: AIActResult | null + obligations: Obligation[] + dsfa: DSFA | null + toms: TOM[] + retentionPolicies: RetentionPolicy[] + vvt: ProcessingActivity[] + documents: LegalDocument[] + cookieBanner: CookieBannerConfig | null + consents: ConsentRecord[] + dsrConfig: DSRConfig | null + escalationWorkflows: EscalationWorkflow[] + + // IACE (Industrial AI Compliance Engine) + iaceProjects: IACEProjectSummary[] + + // RAG Corpus Versioning + ragCorpusStatus: RAGCorpusStatus | null + + // Security + sbom: SBOM | null + securityIssues: SecurityIssue[] + securityBacklog: BacklogItem[] + + // Catalog Manager + customCatalogs: CustomCatalogs + + // UI State + commandBarHistory: CommandHistory[] + recentSearches: string[] + preferences: UserPreferences +} + +// ============================================================================= +// SDK ACTIONS +// ============================================================================= + +export type SDKAction = + | { type: 'SET_STATE'; payload: Partial } + | { type: 'SET_CURRENT_STEP'; payload: string } + | { type: 'COMPLETE_STEP'; payload: string } + | { type: 'SET_CHECKPOINT_STATUS'; payload: { id: string; status: CheckpointStatus } } + | { type: 'SET_CUSTOMER_TYPE'; payload: CustomerType } + | { type: 'SET_COMPANY_PROFILE'; payload: CompanyProfile } + | { type: 'UPDATE_COMPANY_PROFILE'; payload: Partial } + | { type: 'SET_COMPLIANCE_SCOPE'; payload: import('../compliance-scope-types').ComplianceScopeState } + | { type: 'UPDATE_COMPLIANCE_SCOPE'; payload: Partial } + | { type: 'ADD_IMPORTED_DOCUMENT'; payload: ImportedDocument } + | { type: 'UPDATE_IMPORTED_DOCUMENT'; payload: { id: string; data: Partial } } + | { type: 'DELETE_IMPORTED_DOCUMENT'; payload: string } + | { type: 'SET_GAP_ANALYSIS'; payload: GapAnalysis } + | { type: 'ADD_USE_CASE'; payload: UseCaseAssessment } + | { type: 'UPDATE_USE_CASE'; payload: { id: string; data: Partial } } + | { type: 'DELETE_USE_CASE'; payload: string } + | { type: 'SET_ACTIVE_USE_CASE'; payload: string | null } + | { type: 'SET_SCREENING'; payload: ScreeningResult } + | { type: 'ADD_MODULE'; payload: ServiceModule } + | { type: 'UPDATE_MODULE'; payload: { id: string; data: Partial } } + | { type: 'ADD_REQUIREMENT'; payload: Requirement } + | { type: 'UPDATE_REQUIREMENT'; payload: { id: string; data: Partial } } + | { type: 'ADD_CONTROL'; payload: Control } + | { type: 'UPDATE_CONTROL'; payload: { id: string; data: Partial } } + | { type: 'ADD_EVIDENCE'; payload: Evidence } + | { type: 'UPDATE_EVIDENCE'; payload: { id: string; data: Partial } } + | { type: 'DELETE_EVIDENCE'; payload: string } + | { type: 'ADD_RISK'; payload: Risk } + | { type: 'UPDATE_RISK'; payload: { id: string; data: Partial } } + | { type: 'DELETE_RISK'; payload: string } + | { type: 'SET_AI_ACT_RESULT'; payload: AIActResult } + | { type: 'ADD_OBLIGATION'; payload: Obligation } + | { type: 'UPDATE_OBLIGATION'; payload: { id: string; data: Partial } } + | { type: 'SET_DSFA'; payload: DSFA } + | { type: 'ADD_TOM'; payload: TOM } + | { type: 'UPDATE_TOM'; payload: { id: string; data: Partial } } + | { type: 'ADD_RETENTION_POLICY'; payload: RetentionPolicy } + | { type: 'UPDATE_RETENTION_POLICY'; payload: { id: string; data: Partial } } + | { type: 'ADD_PROCESSING_ACTIVITY'; payload: ProcessingActivity } + | { type: 'UPDATE_PROCESSING_ACTIVITY'; payload: { id: string; data: Partial } } + | { type: 'ADD_DOCUMENT'; payload: LegalDocument } + | { type: 'UPDATE_DOCUMENT'; payload: { id: string; data: Partial } } + | { type: 'SET_COOKIE_BANNER'; payload: CookieBannerConfig } + | { type: 'SET_DSR_CONFIG'; payload: DSRConfig } + | { type: 'ADD_ESCALATION_WORKFLOW'; payload: EscalationWorkflow } + | { type: 'UPDATE_ESCALATION_WORKFLOW'; payload: { id: string; data: Partial } } + | { type: 'ADD_SECURITY_ISSUE'; payload: SecurityIssue } + | { type: 'UPDATE_SECURITY_ISSUE'; payload: { id: string; data: Partial } } + | { type: 'ADD_BACKLOG_ITEM'; payload: BacklogItem } + | { type: 'UPDATE_BACKLOG_ITEM'; payload: { id: string; data: Partial } } + | { type: 'ADD_COMMAND_HISTORY'; payload: CommandHistory } + | { type: 'SET_PREFERENCES'; payload: Partial } + | { type: 'ADD_CUSTOM_CATALOG_ENTRY'; payload: CustomCatalogEntry } + | { type: 'UPDATE_CUSTOM_CATALOG_ENTRY'; payload: { catalogId: CatalogId; entryId: string; data: Record } } + | { type: 'DELETE_CUSTOM_CATALOG_ENTRY'; payload: { catalogId: CatalogId; entryId: string } } + | { type: 'RESET_STATE' } diff --git a/admin-compliance/lib/sdk/types/sdk-steps.ts b/admin-compliance/lib/sdk/types/sdk-steps.ts new file mode 100644 index 0000000..5a1d456 --- /dev/null +++ b/admin-compliance/lib/sdk/types/sdk-steps.ts @@ -0,0 +1,495 @@ +/** SDK_STEPS data array — all compliance SDK steps, ordered by seq. */ +import type { SDKStep } from './sdk-flow' + +export const SDK_STEPS: SDKStep[] = [ + // PAKET 1: VORBEREITUNG + { + id: 'company-profile', + seq: 100, + phase: 1, + package: 'vorbereitung', + order: 1, + name: 'Unternehmensprofil', + nameShort: 'Profil', + description: 'Gesch\u00e4ftsmodell, Gr\u00f6\u00dfe und Zielm\u00e4rkte erfassen', + url: '/sdk/company-profile', + checkpointId: 'CP-PROF', + prerequisiteSteps: [], isOptional: false, + }, + { + id: 'compliance-scope', + seq: 200, + phase: 1, + package: 'vorbereitung', + order: 2, + name: 'Compliance Scope', + nameShort: 'Scope', + description: 'Umfang und Tiefe Ihrer Compliance-Dokumentation bestimmen', + url: '/sdk/compliance-scope', + checkpointId: 'CP-SCOPE', + prerequisiteSteps: ['company-profile'], + isOptional: false }, + { + id: 'use-case-assessment', + seq: 300, + phase: 1, + package: 'vorbereitung', + order: 3, + name: 'Anwendungsfall-Erfassung', + nameShort: 'Anwendung', + description: 'AI-Anwendungsf\u00e4lle strukturiert dokumentieren', + url: '/sdk/advisory-board', + checkpointId: 'CP-UC', + prerequisiteSteps: ['company-profile'], + isOptional: false }, + { + id: 'import', + seq: 400, + phase: 1, + package: 'vorbereitung', + order: 4, + name: 'Dokument-Import', + nameShort: 'Import', + description: 'Bestehende Dokumente hochladen (Bestandskunden)', + url: '/sdk/import', + checkpointId: 'CP-IMP', + prerequisiteSteps: ['use-case-assessment'], + isOptional: true, + visibleWhen: (state) => state.customerType === 'existing', + }, + { + id: 'screening', + seq: 500, + phase: 1, + package: 'vorbereitung', + order: 5, + name: 'System Screening', + nameShort: 'Screening', + description: 'SBOM + Security Check', + url: '/sdk/screening', + checkpointId: 'CP-SCAN', + prerequisiteSteps: ['use-case-assessment'], + isOptional: false }, + { + id: 'modules', + seq: 600, + phase: 1, + package: 'vorbereitung', + order: 6, + name: 'Compliance Modules', + nameShort: 'Module', + description: 'Abgleich welche Regulierungen gelten', + url: '/sdk/modules', + checkpointId: 'CP-MOD', + prerequisiteSteps: ['screening'], + isOptional: false }, + { + id: 'source-policy', + seq: 700, + phase: 1, + package: 'vorbereitung', + order: 7, + name: 'Source Policy', + nameShort: 'Quellen', + description: 'Datenquellen-Governance & Whitelist', + url: '/sdk/source-policy', + checkpointId: 'CP-SPOL', + prerequisiteSteps: ['modules'], + isOptional: false }, + + // PAKET 2: ANALYSE (Assessment) + { + id: 'requirements', + seq: 1000, + phase: 1, + package: 'analyse', + order: 1, + name: 'Requirements', + nameShort: 'Anforderungen', + description: 'Pr\u00fcfaspekte aus Regulierungen ableiten', + url: '/sdk/requirements', + checkpointId: 'CP-REQ', + prerequisiteSteps: ['source-policy'], + isOptional: false }, + { + id: 'controls', + seq: 1100, + phase: 1, + package: 'analyse', + order: 2, + name: 'Controls', + nameShort: 'Controls', + description: 'Erforderliche Ma\u00dfnahmen ermitteln', + url: '/sdk/controls', + checkpointId: 'CP-CTRL', + prerequisiteSteps: ['requirements'], + isOptional: false }, + { + id: 'evidence', + seq: 1200, + phase: 1, + package: 'analyse', + order: 3, + name: 'Evidence', + nameShort: 'Nachweise', + description: 'Nachweise dokumentieren', + url: '/sdk/evidence', + checkpointId: 'CP-EVI', + prerequisiteSteps: ['controls'], + isOptional: false }, + { + id: 'risks', + seq: 1300, + phase: 1, + package: 'analyse', + order: 4, + name: 'Risk Matrix', + nameShort: 'Risiken', + description: 'Risikobewertung & Residual Risk', + url: '/sdk/risks', + checkpointId: 'CP-RISK', + prerequisiteSteps: ['evidence'], + isOptional: false }, + { + id: 'ai-act', + seq: 1400, + phase: 1, + package: 'analyse', + order: 5, + name: 'AI Act Klassifizierung', + nameShort: 'AI Act', + description: 'Risikostufe nach EU AI Act', + url: '/sdk/ai-act', + checkpointId: 'CP-AI', + prerequisiteSteps: ['risks'], + isOptional: false }, + { + id: 'audit-checklist', + seq: 1500, + phase: 1, + package: 'analyse', + order: 6, + name: 'Audit Checklist', + nameShort: 'Checklist', + description: 'Pr\u00fcfliste generieren', + url: '/sdk/audit-checklist', + checkpointId: 'CP-CHK', + prerequisiteSteps: ['ai-act'], + isOptional: false }, + { + id: 'audit-report', + seq: 1600, + phase: 1, + package: 'analyse', + order: 7, + name: 'Audit Report', + nameShort: 'Report', + description: 'Audit-Sitzungen & PDF-Report', + url: '/sdk/audit-report', + checkpointId: 'CP-AREP', + prerequisiteSteps: ['audit-checklist'], + isOptional: false }, + + // PAKET 3: DOKUMENTATION (Compliance Docs) + { + id: 'obligations', + seq: 2000, + phase: 2, + package: 'dokumentation', + order: 1, + name: 'Pflichten\u00fcbersicht', + nameShort: 'Pflichten', + description: 'NIS2, DSGVO, AI Act Pflichten', + url: '/sdk/obligations', + checkpointId: 'CP-OBL', + prerequisiteSteps: ['audit-report'], + isOptional: false }, + { + id: 'dsfa', + seq: 2100, + phase: 2, + package: 'dokumentation', + order: 2, + name: 'DSFA', + nameShort: 'DSFA', + description: 'Datenschutz-Folgenabsch\u00e4tzung', + url: '/sdk/dsfa', + checkpointId: 'CP-DSFA', + prerequisiteSteps: ['obligations'], + isOptional: true, + visibleWhen: (state) => { + const level = state.complianceScope?.decision?.determinedLevel + if (level && ['L2', 'L3', 'L4'].includes(level)) return true + const triggers = state.complianceScope?.decision?.triggeredHardTriggers || [] + return triggers.some(t => t.rule.dsfaRequired) + }, + }, + { + id: 'tom', + seq: 2200, + phase: 2, + package: 'dokumentation', + order: 3, + name: 'TOMs', + nameShort: 'TOMs', + description: 'Technische & Org. Ma\u00dfnahmen', + url: '/sdk/tom', + checkpointId: 'CP-TOM', + prerequisiteSteps: ['obligations'], + isOptional: false }, + { + id: 'loeschfristen', + seq: 2300, + phase: 2, + package: 'dokumentation', + order: 4, + name: 'L\u00f6schfristen', + nameShort: 'L\u00f6schfristen', + description: 'Aufbewahrungsrichtlinien', + url: '/sdk/loeschfristen', + checkpointId: 'CP-RET', + prerequisiteSteps: ['tom'], + isOptional: false }, + { + id: 'vvt', + seq: 2400, + phase: 2, + package: 'dokumentation', + order: 5, + name: 'Verarbeitungsverzeichnis', + nameShort: 'VVT', + description: 'Art. 30 DSGVO Dokumentation', + url: '/sdk/vvt', + checkpointId: 'CP-VVT', + prerequisiteSteps: ['loeschfristen'], + isOptional: false }, + + // PAKET 4: RECHTLICHE TEXTE (Legal Outputs) + { + id: 'einwilligungen', + seq: 3000, + phase: 2, + package: 'rechtliche-texte', + order: 1, + name: 'Einwilligungen', + nameShort: 'Einwilligungen', + description: 'Datenpunktkatalog & DSI-Generator', + url: '/sdk/einwilligungen', + checkpointId: 'CP-CONS', + prerequisiteSteps: ['vvt'], + isOptional: false }, + { + id: 'consent', + seq: 3100, + phase: 2, + package: 'rechtliche-texte', + order: 2, + name: 'Rechtliche Vorlagen', + nameShort: 'Vorlagen', + description: 'AGB, Datenschutz, Nutzungsbedingungen', + url: '/sdk/consent', + checkpointId: 'CP-DOC', + prerequisiteSteps: ['einwilligungen'], + isOptional: false }, + { + id: 'cookie-banner', + seq: 3200, + phase: 2, + package: 'rechtliche-texte', + order: 3, + name: 'Cookie Banner', + nameShort: 'Cookies', + description: 'Cookie-Consent Generator', + url: '/sdk/cookie-banner', + checkpointId: 'CP-COOK', + prerequisiteSteps: ['consent'], + isOptional: false }, + { + id: 'document-generator', + seq: 3300, + phase: 2, + package: 'rechtliche-texte', + order: 4, + name: 'Dokumentengenerator', + nameShort: 'Generator', + description: 'Rechtliche Dokumente aus Vorlagen erstellen', + url: '/sdk/document-generator', + checkpointId: 'CP-DOCGEN', + prerequisiteSteps: ['cookie-banner'], + isOptional: true, + visibleWhen: () => true, + }, + { + id: 'workflow', + seq: 3400, + phase: 2, + package: 'rechtliche-texte', + order: 5, + name: 'Document Workflow', + nameShort: 'Workflow', + description: 'Versionierung & Freigabe-Workflow', + url: '/sdk/workflow', + checkpointId: 'CP-WRKF', + prerequisiteSteps: ['cookie-banner'], + isOptional: false }, + + // PAKET 5: BETRIEB (Operations) + { + id: 'dsr', + seq: 4000, + phase: 2, + package: 'betrieb', + order: 1, + name: 'DSR Portal', + nameShort: 'DSR', + description: 'Betroffenenrechte-Portal', + url: '/sdk/dsr', + checkpointId: 'CP-DSR', + prerequisiteSteps: ['workflow'], + isOptional: false }, + { + id: 'escalations', + seq: 4100, + phase: 2, + package: 'betrieb', + order: 2, + name: 'Escalations', + nameShort: 'Eskalationen', + description: 'Management-Workflows', + url: '/sdk/escalations', + checkpointId: 'CP-ESC', + prerequisiteSteps: ['dsr'], + isOptional: false }, + { + id: 'vendor-compliance', + seq: 4200, + phase: 2, + package: 'betrieb', + order: 3, + name: 'Vendor Compliance', + nameShort: 'Vendor', + description: 'Dienstleister-Management', + url: '/sdk/vendor-compliance', + checkpointId: 'CP-VEND', + prerequisiteSteps: ['escalations'], + isOptional: false }, + { + id: 'consent-management', + seq: 4300, + phase: 2, + package: 'betrieb', + order: 4, + name: 'Consent Verwaltung', + nameShort: 'Consent Mgmt', + description: 'Dokument-Lifecycle & DSGVO-Prozesse', + url: '/sdk/consent-management', + checkpointId: 'CP-CMGMT', + prerequisiteSteps: ['vendor-compliance'], + isOptional: false }, + { + id: 'email-templates', + seq: 4350, + phase: 2, + package: 'betrieb', + order: 5, + name: 'E-Mail-Templates', + nameShort: 'E-Mails', + description: 'Benachrichtigungs-Vorlagen verwalten', + url: '/sdk/email-templates', + checkpointId: 'CP-EMAIL', + prerequisiteSteps: ['consent-management'], + isOptional: false }, + { + id: 'notfallplan', + seq: 4400, + phase: 2, + package: 'betrieb', + order: 6, + name: 'Notfallplan & Breach Response', + nameShort: 'Notfallplan', + description: 'Datenpannen-Management nach Art. 33/34 DSGVO', + url: '/sdk/notfallplan', + checkpointId: 'CP-NOTF', + prerequisiteSteps: ['email-templates'], + isOptional: false }, + { + id: 'incidents', + seq: 4500, + phase: 2, + package: 'betrieb', + order: 7, + name: 'Incident Management', + nameShort: 'Incidents', + description: 'Datenpannen erfassen, bewerten und melden (Art. 33/34 DSGVO)', + url: '/sdk/incidents', + checkpointId: 'CP-INC', + prerequisiteSteps: ['notfallplan'], + isOptional: false }, + { + id: 'whistleblower', + seq: 4600, + phase: 2, + package: 'betrieb', + order: 8, + name: 'Hinweisgebersystem', + nameShort: 'Whistleblower', + description: 'Anonymes Meldesystem gemaess HinSchG', + url: '/sdk/whistleblower', + checkpointId: 'CP-WB', + prerequisiteSteps: ['incidents'], + isOptional: false }, + { + id: 'academy', + seq: 4700, + phase: 2, + package: 'betrieb', + order: 9, + name: 'Compliance Academy', + nameShort: 'Academy', + description: 'Mitarbeiter-Schulungen & Zertifikate', + url: '/sdk/academy', + checkpointId: 'CP-ACAD', + prerequisiteSteps: ['whistleblower'], + isOptional: false }, + { + id: 'training', + seq: 4800, + phase: 2, + package: 'betrieb', + order: 10, + name: 'Training Engine', + nameShort: 'Training', + description: 'KI-generierte Schulungsinhalte, Quiz & Medien', + url: '/sdk/training', + checkpointId: 'CP-TRAIN', + prerequisiteSteps: ['academy'], + isOptional: false }, + { + id: 'control-library', + seq: 4900, + phase: 2, + package: 'betrieb', + order: 11, + name: 'Control Library', + nameShort: 'Controls', + description: 'Canonical Security Controls mit Open-Source-Referenzen', + url: '/sdk/control-library', + checkpointId: 'CP-CLIB', + prerequisiteSteps: [], + isOptional: true, + }, + { + id: 'control-provenance', + seq: 4950, + phase: 2, + package: 'betrieb', + order: 12, + name: 'Control Provenance', + nameShort: 'Provenance', + description: 'Herkunftsnachweis: Offene Quellen, Lizenzen, Too-Close-Pruefung', + url: '/sdk/control-provenance', + checkpointId: 'CP-CPROV', + prerequisiteSteps: [], + isOptional: true, + }, +]