feat: Vorbereitung-Module auf 100% — Persistenz, Backend-Services, UCCA Frontend

Phase A: PostgreSQL State Store (sdk_states Tabelle, InMemory-Fallback)
Phase B: Modules dynamisch vom Backend, Scope DB-Persistenz, Source Policy State
Phase C: UCCA Frontend (3 Seiten, Wizard, RiskScoreGauge), Obligations Live-Daten
Phase D: Document Import (PDF/LLM/Gap-Analyse), System Screening (SBOM/OSV.dev)
Phase E: Company Profile CRUD mit Audit-Logging
Phase F: Tests (Python + TypeScript), flow-data.ts DB-Tabellen aktualisiert

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

admin-compliance/app/api/sdk/v1/company-profile/route.ts

@@ -0,0 +1,81 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+
+/**
+ * Proxy: GET /api/sdk/v1/company-profile → Backend GET /api/v1/company-profile
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const tenantId = searchParams.get('tenant_id') || 'default'
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/v1/company-profile?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        headers: {
+          'X-Tenant-ID': tenantId,
+        },
+      }
+    )
+
+    if (!response.ok) {
+      if (response.status === 404) {
+        return NextResponse.json(null, { status: 404 })
+      }
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to fetch company profile:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: POST /api/sdk/v1/company-profile → Backend POST /api/v1/company-profile
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+    const tenantId = body.tenant_id || 'default'
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/v1/company-profile?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-Tenant-ID': tenantId,
+        },
+        body: JSON.stringify(body),
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to save company profile:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/import/analyze/route.ts

@@ -0,0 +1,36 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+
+/**
+ * Proxy: POST /api/sdk/v1/import/analyze → Backend POST /api/v1/import/analyze
+ * Forwards multipart form data (PDF file upload) to the backend for analysis.
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const formData = await request.formData()
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/import/analyze`, {
+      method: 'POST',
+      body: formData,
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      console.error('Import analyze error:', errorText)
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to call import analyze:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/modules/route.ts

@@ -0,0 +1,56 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+
+/**
+ * Proxy to backend-compliance /api/modules endpoint.
+ * Returns the list of service modules from the database.
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const params = new URLSearchParams()
+
+    // Forward filter params
+    const serviceType = searchParams.get('service_type')
+    const criticality = searchParams.get('criticality')
+    const processesPii = searchParams.get('processes_pii')
+    const aiComponents = searchParams.get('ai_components')
+
+    if (serviceType) params.set('service_type', serviceType)
+    if (criticality) params.set('criticality', criticality)
+    if (processesPii) params.set('processes_pii', processesPii)
+    if (aiComponents) params.set('ai_components', aiComponents)
+
+    const queryString = params.toString()
+    const url = `${BACKEND_URL}/api/modules${queryString ? `?${queryString}` : ''}`
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      console.error('Backend modules error:', errorText)
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to fetch modules from backend:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/screening/scan/route.ts

@@ -0,0 +1,36 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+
+/**
+ * Proxy: POST /api/sdk/v1/screening/scan → Backend POST /api/v1/screening/scan
+ * Forwards multipart form data (dependency file upload) to the backend for scanning.
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const formData = await request.formData()
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/screening/scan`, {
+      method: 'POST',
+      body: formData,
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      console.error('Screening scan error:', errorText)
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to call screening scan:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/state/route.ts

@@ -1,4 +1,5 @@
 import { NextRequest, NextResponse } from 'next/server'
+import { Pool } from 'pg'
 
 /**
  * SDK State Management API
@@ -11,7 +12,7 @@ import { NextRequest, NextResponse } from 'next/server'
  * - Versioning for optimistic locking
  * - Last-Modified headers
  * - ETag support for caching
- * - Prepared for PostgreSQL migration
+ * - PostgreSQL persistence (with InMemory fallback)
  */
 
 // =============================================================================
@@ -27,27 +28,9 @@ interface StoredState {
 }
 
 // =============================================================================
-// STORAGE LAYER (Abstract - Easy to swap to PostgreSQL)
+// STORAGE LAYER
 // =============================================================================
 
-/**
- * In-memory storage for development
- * TODO: Replace with PostgreSQL implementation
- *
- * PostgreSQL Schema:
- * CREATE TABLE sdk_states (
- *   id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
- *   tenant_id VARCHAR(255) NOT NULL UNIQUE,
- *   user_id VARCHAR(255),
- *   state JSONB NOT NULL,
- *   version INTEGER DEFAULT 1,
- *   created_at TIMESTAMP DEFAULT NOW(),
- *   updated_at TIMESTAMP DEFAULT NOW()
- * );
- *
- * CREATE INDEX idx_sdk_states_tenant ON sdk_states(tenant_id);
- */
-
 interface StateStore {
   get(tenantId: string): Promise<StoredState | null>
   save(tenantId: string, state: unknown, userId?: string, expectedVersion?: number): Promise<StoredState>
@@ -69,7 +52,6 @@ class InMemoryStateStore implements StateStore {
   ): Promise<StoredState> {
     const existing = this.store.get(tenantId)
 
-    // Optimistic locking check
     if (expectedVersion !== undefined && existing && existing.version !== expectedVersion) {
       const error = new Error('Version conflict') as Error & { status: number }
       error.status = 409
@@ -99,68 +81,94 @@ class InMemoryStateStore implements StateStore {
   }
 }
 
-// Future PostgreSQL implementation would look like:
-// class PostgreSQLStateStore implements StateStore {
-//   private db: Pool
-//
-//   constructor(connectionString: string) {
-//     this.db = new Pool({ connectionString })
-//   }
-//
-//   async get(tenantId: string): Promise<StoredState | null> {
-//     const result = await this.db.query(
-//       'SELECT state, version, user_id, created_at, updated_at FROM sdk_states WHERE tenant_id = $1',
-//       [tenantId]
-//     )
-//     if (result.rows.length === 0) return null
-//     const row = result.rows[0]
-//     return {
-//       state: row.state,
-//       version: row.version,
-//       userId: row.user_id,
-//       createdAt: row.created_at,
-//       updatedAt: row.updated_at,
-//     }
-//   }
-//
-//   async save(tenantId: string, state: unknown, userId?: string, expectedVersion?: number): Promise<StoredState> {
-//     // Use UPSERT with version check
-//     const result = await this.db.query(`
-//       INSERT INTO sdk_states (tenant_id, user_id, state, version)
-//       VALUES ($1, $2, $3, 1)
-//       ON CONFLICT (tenant_id) DO UPDATE SET
-//         state = $3,
-//         user_id = COALESCE($2, sdk_states.user_id),
-//         version = sdk_states.version + 1,
-//         updated_at = NOW()
-//       WHERE ($4::int IS NULL OR sdk_states.version = $4)
-//       RETURNING version, created_at, updated_at
-//     `, [tenantId, userId, JSON.stringify(state), expectedVersion])
-//
-//     if (result.rows.length === 0) {
-//       throw new Error('Version conflict')
-//     }
-//
-//     return {
-//       state,
-//       version: result.rows[0].version,
-//       userId,
-//       createdAt: result.rows[0].created_at,
-//       updatedAt: result.rows[0].updated_at,
-//     }
-//   }
-//
-//   async delete(tenantId: string): Promise<boolean> {
-//     const result = await this.db.query(
-//       'DELETE FROM sdk_states WHERE tenant_id = $1',
-//       [tenantId]
-//     )
-//     return result.rowCount > 0
-//   }
-// }
+class PostgreSQLStateStore implements StateStore {
+  private pool: Pool
 
-// Use in-memory store for now
-const stateStore: StateStore = new InMemoryStateStore()
+  constructor(connectionString: string) {
+    this.pool = new Pool({
+      connectionString,
+      max: 5,
+      // Set search_path for compliance schema
+      options: '-c search_path=compliance,core,public',
+    })
+  }
+
+  async get(tenantId: string): Promise<StoredState | null> {
+    const result = await this.pool.query(
+      'SELECT state, version, user_id, created_at, updated_at FROM sdk_states WHERE tenant_id = $1',
+      [tenantId]
+    )
+    if (result.rows.length === 0) return null
+    const row = result.rows[0]
+    return {
+      state: row.state,
+      version: row.version,
+      userId: row.user_id,
+      createdAt: row.created_at instanceof Date ? row.created_at.toISOString() : row.created_at,
+      updatedAt: row.updated_at instanceof Date ? row.updated_at.toISOString() : row.updated_at,
+    }
+  }
+
+  async save(tenantId: string, state: unknown, userId?: string, expectedVersion?: number): Promise<StoredState> {
+    const now = new Date().toISOString()
+    const stateWithTimestamp = {
+      ...(state as object),
+      lastModified: now,
+    }
+
+    // Use UPSERT with version check
+    const result = await this.pool.query(`
+      INSERT INTO sdk_states (tenant_id, user_id, state, version, created_at, updated_at)
+      VALUES ($1, $2, $3::jsonb, 1, NOW(), NOW())
+      ON CONFLICT (tenant_id) DO UPDATE SET
+        state = $3::jsonb,
+        user_id = COALESCE($2, sdk_states.user_id),
+        version = sdk_states.version + 1,
+        updated_at = NOW()
+      WHERE ($4::int IS NULL OR sdk_states.version = $4)
+      RETURNING version, user_id, created_at, updated_at
+    `, [tenantId, userId, JSON.stringify(stateWithTimestamp), expectedVersion ?? null])
+
+    if (result.rows.length === 0) {
+      const error = new Error('Version conflict') as Error & { status: number }
+      error.status = 409
+      throw error
+    }
+
+    const row = result.rows[0]
+    return {
+      state: stateWithTimestamp,
+      version: row.version,
+      userId: row.user_id,
+      createdAt: row.created_at instanceof Date ? row.created_at.toISOString() : row.created_at,
+      updatedAt: row.updated_at instanceof Date ? row.updated_at.toISOString() : row.updated_at,
+    }
+  }
+
+  async delete(tenantId: string): Promise<boolean> {
+    const result = await this.pool.query(
+      'DELETE FROM sdk_states WHERE tenant_id = $1',
+      [tenantId]
+    )
+    return (result.rowCount ?? 0) > 0
+  }
+}
+
+// =============================================================================
+// STORE INITIALIZATION
+// =============================================================================
+
+function createStateStore(): StateStore {
+  const databaseUrl = process.env.DATABASE_URL
+  if (databaseUrl) {
+    console.log('[SDK State] Using PostgreSQL state store')
+    return new PostgreSQLStateStore(databaseUrl)
+  }
+  console.log('[SDK State] Using in-memory state store (no DATABASE_URL)')
+  return new InMemoryStateStore()
+}
+
+const stateStore: StateStore = createStateStore()
 
 // =============================================================================
 // HELPER FUNCTIONS

admin-compliance/app/api/sdk/v1/ucca/assess/route.ts

@@ -0,0 +1,41 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_URL = process.env.SDK_URL || 'http://ai-compliance-sdk:8090'
+
+/**
+ * Proxy: POST /api/sdk/v1/ucca/assess → Go Backend POST /sdk/v1/ucca/assess
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+
+    const response = await fetch(`${SDK_URL}/sdk/v1/ucca/assess`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+      body: JSON.stringify(body),
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      console.error('UCCA assess error:', errorText)
+      return NextResponse.json(
+        { error: 'UCCA backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data, { status: 201 })
+  } catch (error) {
+    console.error('Failed to call UCCA assess:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to UCCA backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/ucca/assessments/route.ts

@@ -0,0 +1,48 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_URL = process.env.SDK_URL || 'http://ai-compliance-sdk:8090'
+
+/**
+ * Proxy: GET /api/sdk/v1/ucca/assessments → Go Backend GET /sdk/v1/ucca/assessments
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const params = new URLSearchParams()
+
+    // Forward filter params
+    for (const [key, value] of searchParams.entries()) {
+      params.set(key, value)
+    }
+
+    const queryString = params.toString()
+    const url = `${SDK_URL}/sdk/v1/ucca/assessments${queryString ? `?${queryString}` : ''}`
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'UCCA backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to fetch UCCA assessments:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to UCCA backend' },
+      { status: 503 }
+    )
+  }
+}