feat: add verification method, categories, and dedup UI to control library

- Migration 047: verification_method + category columns, 17 category lookup table
- Backend: new filters, GET /categories, GET /controls/{id}/similar (embedding-based)
- Frontend: filter dropdowns, badges, dedup UI in ControlDetail with merge workflow
- ControlForm: verification method + category selects
- Provenance: verification methods, categories, master library strategy sections
- Fix UUID cast syntax in generator routes (::uuid -> CAST)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

admin-compliance/app/sdk/control-library/components/helpers.tsx

@@ -42,6 +42,8 @@ export interface CanonicalControl {
   source_original_text?: string | null
   source_citation?: Record<string, string> | null
   customer_visible?: boolean
+  verification_method: string | null
+  category: string | null
   generation_metadata?: Record<string, unknown> | null
   created_at: string
   updated_at: string
@@ -92,6 +94,8 @@ export const EMPTY_CONTROL = {
   open_anchors: [{ framework: '', ref: '', url: '' }],
   release_state: 'draft',
   tags: [] as string[],
+  verification_method: null as string | null,
+  category: null as string | null,
 }
 
 export const DOMAIN_OPTIONS = [
@@ -107,6 +111,33 @@ export const DOMAIN_OPTIONS = [
   { value: 'COMP', label: 'COMP — Compliance' },
 ]
 
+export const VERIFICATION_METHODS: Record<string, { bg: string; label: string }> = {
+  code_review: { bg: 'bg-blue-100 text-blue-700', label: 'Code Review' },
+  document: { bg: 'bg-amber-100 text-amber-700', label: 'Dokument' },
+  tool: { bg: 'bg-teal-100 text-teal-700', label: 'Tool' },
+  hybrid: { bg: 'bg-purple-100 text-purple-700', label: 'Hybrid' },
+}
+
+export const CATEGORY_OPTIONS = [
+  { value: 'encryption', label: 'Verschluesselung & Kryptographie' },
+  { value: 'authentication', label: 'Authentisierung & Zugriffskontrolle' },
+  { value: 'network', label: 'Netzwerksicherheit' },
+  { value: 'data_protection', label: 'Datenschutz & Datensicherheit' },
+  { value: 'logging', label: 'Logging & Monitoring' },
+  { value: 'incident', label: 'Vorfallmanagement' },
+  { value: 'continuity', label: 'Notfall & Wiederherstellung' },
+  { value: 'compliance', label: 'Compliance & Audit' },
+  { value: 'supply_chain', label: 'Lieferkettenmanagement' },
+  { value: 'physical', label: 'Physische Sicherheit' },
+  { value: 'personnel', label: 'Personal & Schulung' },
+  { value: 'application', label: 'Anwendungssicherheit' },
+  { value: 'system', label: 'Systemhaertung & -betrieb' },
+  { value: 'risk', label: 'Risikomanagement' },
+  { value: 'governance', label: 'Sicherheitsorganisation' },
+  { value: 'hardware', label: 'Hardware & Plattformsicherheit' },
+  { value: 'identity', label: 'Identitaetsmanagement' },
+]
+
 export const COLLECTION_OPTIONS = [
   { value: 'bp_compliance_ce', label: 'CE (OWASP, ENISA, BSI)' },
   { value: 'bp_compliance_gesetze', label: 'Gesetze (EU, DE, BSI)' },
@@ -165,6 +196,23 @@ export function LicenseRuleBadge({ rule }: { rule: number | null | undefined })
   return <span className={`inline-flex items-center px-2 py-0.5 rounded text-xs font-medium ${c.bg}`}>{c.label}</span>
 }
 
+export function VerificationMethodBadge({ method }: { method: string | null }) {
+  if (!method) return null
+  const config = VERIFICATION_METHODS[method]
+  if (!config) return null
+  return <span className={`inline-flex items-center px-2 py-0.5 rounded text-xs font-medium ${config.bg}`}>{config.label}</span>
+}
+
+export function CategoryBadge({ category }: { category: string | null }) {
+  if (!category) return null
+  const opt = CATEGORY_OPTIONS.find(c => c.value === category)
+  return (
+    <span className="inline-flex items-center px-2 py-0.5 rounded text-xs font-medium bg-indigo-50 text-indigo-700">
+      {opt?.label || category}
+    </span>
+  )
+}
+
 export function getDomain(controlId: string): string {
   return controlId.split('-')[0] || ''
 }