feat: Async scan with polling — no more timeout issues

Fundamental fix: scans now run asynchronously with progress polling.

Backend:
- POST /scan starts background task, returns scan_id immediately
- GET /scan/{scan_id} returns status + progress + result when done
- 7 progress steps shown: Website scan, DSI discovery, DSE analysis,
  SOLL/IST comparison, corrections, report, email
- In-memory job store (dict with scan_id → status/result)
- No timeout limits on scan duration

Frontend:
- POST starts scan, receives scan_id
- Polls GET every 5 seconds (max 120 attempts = 10 min)
- Shows live progress message during scan
- Displays result when completed, error when failed

Proxy:
- POST timeout reduced to 30s (just starts the job)
- GET timeout 10s (just status check)
- No more 504/connection-dropped errors

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

admin-compliance/app/api/sdk/v1/agent/scan/route.ts

@@ -1,6 +1,8 @@
 /**
- * Agent Scan API Proxy
- * POST /api/sdk/v1/agent/scan → backend-compliance /api/compliance/agent/scan
+ * Agent Scan API Proxy — async scan with polling
+ *
+ * POST /api/sdk/v1/agent/scan → starts scan, returns scan_id
+ * GET  /api/sdk/v1/agent/scan?scan_id=xxx → poll status/results
  */
 
 import { NextRequest, NextResponse } from 'next/server'
@@ -11,11 +13,12 @@ export async function POST(request: NextRequest) {
   try {
     const body = await request.text()
 
+    // Start async scan — returns immediately with scan_id
     const response = await fetch(`${BACKEND_URL}/api/compliance/agent/scan`, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body,
-      signal: AbortSignal.timeout(600000), // 10 min — 50 pages + 20 DSI docs + LLM corrections
+      signal: AbortSignal.timeout(30000), // 30s — just needs to start the job
     })
 
     if (!response.ok) {
@@ -31,7 +34,36 @@ export async function POST(request: NextRequest) {
   } catch (error) {
     console.error('Agent scan proxy error:', error)
     return NextResponse.json(
-      { error: 'Scan fehlgeschlagen oder Timeout' },
+      { error: 'Scan konnte nicht gestartet werden' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(request: NextRequest) {
+  const scanId = request.nextUrl.searchParams.get('scan_id')
+  if (!scanId) {
+    return NextResponse.json({ error: 'scan_id parameter required' }, { status: 400 })
+  }
+
+  try {
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/agent/scan/${scanId}`,
+      { signal: AbortSignal.timeout(10000) }
+    )
+
+    if (!response.ok) {
+      return NextResponse.json(
+        { error: `Backend: ${response.status}` },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    return NextResponse.json(
+      { error: 'Status-Abfrage fehlgeschlagen' },
       { status: 503 }
     )
   }