feat: add reporting frontend, fix module categorization, update docs

- Create Reporting module frontend (page.tsx) with executive dashboard
  showing compliance score, risk overview, deadlines, module KPIs
- Create Reporting lib (types.ts, api.ts) matching Go backend models
- Add Reporting to STEP_EXPLANATIONS and both SDK sidebars
- Remove DSB Portal, Multi-Tenant, SSO from SDK sidebars (admin-only)
- Add Multi-Tenant, SSO, DSB Portal to dashboard navigation.ts
  with 'Plattform-Verwaltung' subgroup
- Update docs: academy.md (PDF certs), reporting.md (new),
  index.md (SDK vs Admin categorization), mkdocs.yml (all modules)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

admin-compliance/lib/navigation.ts

@@ -49,6 +49,35 @@ export const navigation: NavCategory[] = [
         purpose: 'Zentrale Verwaltung aller Dropdown- und Auswahltabellen im SDK. Systemkataloge (Risiken, Massnahmen, Vorlagen) anzeigen und benutzerdefinierte Eintraege ergaenzen, bearbeiten und loeschen.',
         audience: ['DSB', 'Compliance Officer', 'Administratoren'],
       },
+      // --- Plattform-Verwaltung (interne Admin-Tools) ---
+      {
+        id: 'multi-tenant',
+        name: 'Mandantenverwaltung',
+        href: '/dashboard/multi-tenant',
+        description: 'B2B-Kundenverwaltung & Mandanten',
+        purpose: 'Verwaltung aller Compliance-Mandanten (B2B-Kunden). Mandanten anlegen, konfigurieren, Lizenzen zuweisen und Nutzungsstatistiken einsehen.',
+        audience: ['Plattform-Admins', 'Entwickler'],
+        subgroup: 'Plattform-Verwaltung',
+      },
+      {
+        id: 'sso',
+        name: 'SSO-Konfiguration',
+        href: '/dashboard/sso',
+        description: 'Single Sign-On & Authentifizierung',
+        purpose: 'Konfiguration der Authentifizierung fuer Mandanten. SAML/OIDC-Provider anbinden, SSO-Policies verwalten und Login-Flows testen.',
+        audience: ['Plattform-Admins', 'Entwickler'],
+        subgroup: 'Plattform-Verwaltung',
+      },
+      {
+        id: 'dsb-portal',
+        name: 'DSB Portal',
+        href: '/dashboard/dsb-portal',
+        description: 'Datenschutzbeauftragter-Arbeitsbereich',
+        purpose: 'Zentraler Arbeitsbereich fuer den externen Datenschutzbeauftragten (DSB). Aufgabenverwaltung, Beratungsprotokolle, Taetigkeitsbericht und mandantenuebergreifende Uebersicht gemaess Art. 37-39 DSGVO.',
+        audience: ['DSB', 'Plattform-Admins'],
+        gdprArticles: ['Art. 37', 'Art. 38', 'Art. 39'],
+        subgroup: 'Plattform-Verwaltung',
+      },
     ],
   },
   // =========================================================================

admin-compliance/lib/sdk/reporting/api.ts

@@ -0,0 +1,65 @@
+/**
+ * Reporting API Client
+ *
+ * Client functions for the Executive Reporting module.
+ * Communicates with the Go backend via Next.js API proxy at /api/sdk/v1/reporting/*
+ */
+
+import type {
+  ExecutiveReport,
+  ComplianceScoreResponse,
+  Deadline,
+  RiskOverview,
+} from './types'
+
+const BASE_URL = '/api/sdk/v1/reporting'
+
+async function apiFetch<T>(path: string): Promise<T> {
+  const res = await fetch(`${BASE_URL}${path}`, {
+    headers: {
+      'Content-Type': 'application/json',
+      'X-Tenant-ID': typeof window !== 'undefined'
+        ? (localStorage.getItem('bp-tenant-id') || 'default')
+        : 'default',
+    },
+  })
+
+  if (!res.ok) {
+    const error = await res.json().catch(() => ({ error: res.statusText }))
+    throw new Error(error.error || `API Error: ${res.status}`)
+  }
+
+  return res.json()
+}
+
+/**
+ * Vollstaendigen Executive Report abrufen
+ * GET /sdk/v1/reporting/executive
+ */
+export async function getExecutiveReport(): Promise<ExecutiveReport> {
+  return apiFetch<ExecutiveReport>('/executive')
+}
+
+/**
+ * Nur den Compliance-Score abrufen (leichtgewichtig)
+ * GET /sdk/v1/reporting/score
+ */
+export async function getComplianceScore(): Promise<ComplianceScoreResponse> {
+  return apiFetch<ComplianceScoreResponse>('/score')
+}
+
+/**
+ * Bevorstehende Fristen abrufen
+ * GET /sdk/v1/reporting/deadlines
+ */
+export async function getUpcomingDeadlines(): Promise<{ deadlines: Deadline[]; total: number }> {
+  return apiFetch<{ deadlines: Deadline[]; total: number }>('/deadlines')
+}
+
+/**
+ * Risikouebersicht abrufen
+ * GET /sdk/v1/reporting/risks
+ */
+export async function getRiskOverview(): Promise<RiskOverview> {
+  return apiFetch<RiskOverview>('/risks')
+}

admin-compliance/lib/sdk/reporting/index.ts

@@ -0,0 +1,2 @@
+export * from './types'
+export * from './api'

admin-compliance/lib/sdk/reporting/types.ts

@@ -0,0 +1,168 @@
+/**
+ * Reporting Module Types
+ *
+ * TypeScript definitions for the Executive Reporting module.
+ * Provides compliance KPIs, risk overview, deadlines, and activity tracking
+ * for top management and compliance officers.
+ */
+
+// =============================================================================
+// RISK LEVELS
+// =============================================================================
+
+export type RiskLevel = 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL'
+export type DeadlineSeverity = 'INFO' | 'WARNING' | 'URGENT' | 'OVERDUE'
+
+export const RISK_LEVEL_INFO: Record<RiskLevel, { label: string; color: string; bgColor: string; borderColor: string }> = {
+  LOW: { label: 'Niedrig', color: 'text-green-700', bgColor: 'bg-green-100', borderColor: 'border-green-200' },
+  MEDIUM: { label: 'Mittel', color: 'text-yellow-700', bgColor: 'bg-yellow-100', borderColor: 'border-yellow-200' },
+  HIGH: { label: 'Hoch', color: 'text-orange-700', bgColor: 'bg-orange-100', borderColor: 'border-orange-200' },
+  CRITICAL: { label: 'Kritisch', color: 'text-red-700', bgColor: 'bg-red-100', borderColor: 'border-red-200' },
+}
+
+export const DEADLINE_SEVERITY_INFO: Record<DeadlineSeverity, { label: string; color: string; bgColor: string }> = {
+  INFO: { label: 'Info', color: 'text-blue-700', bgColor: 'bg-blue-100' },
+  WARNING: { label: 'Warnung', color: 'text-yellow-700', bgColor: 'bg-yellow-100' },
+  URGENT: { label: 'Dringend', color: 'text-orange-700', bgColor: 'bg-orange-100' },
+  OVERDUE: { label: 'Ueberfaellig', color: 'text-red-700', bgColor: 'bg-red-100' },
+}
+
+// =============================================================================
+// MODULE SUMMARIES
+// =============================================================================
+
+export interface DSGVOSummary {
+  processingActivities: number
+  activeProcessings: number
+  tomsImplemented: number
+  tomsPlanned: number
+  tomsTotal: number
+  completionPercent: number
+  openDSRs: number
+  overdueDSRs: number
+  dsfasCompleted: number
+  retentionPolicies: number
+}
+
+export interface VendorSummary {
+  totalVendors: number
+  activeVendors: number
+  byRiskLevel: Record<string, number>
+  pendingReviews: number
+  expiredContracts: number
+}
+
+export interface IncidentSummary {
+  totalIncidents: number
+  openIncidents: number
+  criticalIncidents: number
+  notificationsPending: number
+  avgResolutionHours: number
+}
+
+export interface WhistleblowerSummary {
+  totalReports: number
+  openReports: number
+  overdueAcknowledgments: number
+  overdueFeedbacks: number
+  avgResolutionDays: number
+}
+
+export interface AcademySummary {
+  totalCourses: number
+  totalEnrollments: number
+  completionRate: number
+  overdueCount: number
+  avgCompletionDays: number
+}
+
+// =============================================================================
+// RISK & DEADLINES
+// =============================================================================
+
+export interface ModuleRisk {
+  module: string
+  level: RiskLevel
+  score: number
+  issues: number
+}
+
+export interface RiskOverview {
+  overallLevel: RiskLevel
+  moduleRisks: ModuleRisk[]
+  openFindings: number
+  criticalFindings: number
+}
+
+export interface Deadline {
+  module: string
+  type: string
+  description: string
+  dueDate: string
+  daysLeft: number
+  severity: DeadlineSeverity
+}
+
+export interface ActivityEntry {
+  timestamp: string
+  module: string
+  action: string
+  description: string
+  userId?: string
+}
+
+// =============================================================================
+// EXECUTIVE REPORT (Main Response)
+// =============================================================================
+
+export interface ExecutiveReport {
+  generatedAt: string
+  tenantId: string
+  complianceScore: number
+
+  dsgvo: DSGVOSummary
+  vendors: VendorSummary
+  incidents: IncidentSummary
+  whistleblower: WhistleblowerSummary
+  academy: AcademySummary
+
+  riskOverview: RiskOverview
+  upcomingDeadlines: Deadline[]
+  recentActivity: ActivityEntry[]
+}
+
+// =============================================================================
+// COMPACT SCORE RESPONSE
+// =============================================================================
+
+export interface ComplianceScoreResponse {
+  complianceScore: number
+  riskLevel: RiskLevel
+  generatedAt: string
+}
+
+// =============================================================================
+// HELPER FUNCTIONS
+// =============================================================================
+
+export function getRiskLevelInfo(level: RiskLevel) {
+  return RISK_LEVEL_INFO[level]
+}
+
+export function getDeadlineSeverityInfo(severity: DeadlineSeverity) {
+  return DEADLINE_SEVERITY_INFO[severity]
+}
+
+export function getScoreColor(score: number): string {
+  if (score >= 80) return 'text-green-600'
+  if (score >= 60) return 'text-yellow-600'
+  if (score >= 40) return 'text-orange-600'
+  return 'text-red-600'
+}
+
+export function getScoreBgColor(score: number): string {
+  if (score >= 80) return 'bg-green-500'
+  if (score >= 60) return 'bg-yellow-500'
+  if (score >= 40) return 'bg-orange-500'
+  return 'bg-red-500'
+}