feat: Vorbereitung-Module auf 100% — Persistenz, Backend-Services, UCCA Frontend

Phase A: PostgreSQL State Store (sdk_states Tabelle, InMemory-Fallback)
Phase B: Modules dynamisch vom Backend, Scope DB-Persistenz, Source Policy State
Phase C: UCCA Frontend (3 Seiten, Wizard, RiskScoreGauge), Obligations Live-Daten
Phase D: Document Import (PDF/LLM/Gap-Analyse), System Screening (SBOM/OSV.dev)
Phase E: Company Profile CRUD mit Audit-Logging
Phase F: Tests (Python + TypeScript), flow-data.ts DB-Tabellen aktualisiert

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend-compliance/migrations/002_sdk_states.sql

@@ -0,0 +1,19 @@
+-- =============================================================================
+-- Migration 002: SDK States Table
+--
+-- Persistent storage for SDK state management.
+-- Replaces the in-memory store used during development.
+-- =============================================================================
+
+CREATE TABLE IF NOT EXISTS sdk_states (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id VARCHAR(255) NOT NULL UNIQUE,
+    user_id VARCHAR(255),
+    state JSONB NOT NULL,
+    version INTEGER DEFAULT 1,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_sdk_states_tenant ON sdk_states(tenant_id);
+CREATE INDEX IF NOT EXISTS idx_sdk_states_updated ON sdk_states(updated_at);

backend-compliance/migrations/003_document_import.sql

@@ -0,0 +1,41 @@
+-- =============================================================================
+-- Migration 003: Document Import Tables
+--
+-- Tables for imported compliance documents and gap analysis results.
+-- =============================================================================
+
+CREATE TABLE IF NOT EXISTS compliance_imported_documents (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id VARCHAR(255) NOT NULL,
+    filename VARCHAR(500) NOT NULL,
+    file_type VARCHAR(50) NOT NULL,
+    file_size INTEGER,
+    detected_type VARCHAR(50),
+    detection_confidence FLOAT,
+    extracted_text TEXT,
+    extracted_entities JSONB DEFAULT '[]',
+    recommendations JSONB DEFAULT '[]',
+    status VARCHAR(20) DEFAULT 'pending',
+    analyzed_at TIMESTAMPTZ,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_imported_docs_tenant ON compliance_imported_documents(tenant_id);
+CREATE INDEX IF NOT EXISTS idx_imported_docs_status ON compliance_imported_documents(status);
+
+CREATE TABLE IF NOT EXISTS compliance_gap_analyses (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id VARCHAR(255) NOT NULL,
+    document_id UUID REFERENCES compliance_imported_documents(id) ON DELETE CASCADE,
+    total_gaps INTEGER DEFAULT 0,
+    critical_gaps INTEGER DEFAULT 0,
+    high_gaps INTEGER DEFAULT 0,
+    medium_gaps INTEGER DEFAULT 0,
+    low_gaps INTEGER DEFAULT 0,
+    gaps JSONB DEFAULT '[]',
+    recommended_packages JSONB DEFAULT '[]',
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_gap_analyses_tenant ON compliance_gap_analyses(tenant_id);
+CREATE INDEX IF NOT EXISTS idx_gap_analyses_document ON compliance_gap_analyses(document_id);

backend-compliance/migrations/004_screening.sql

@@ -0,0 +1,45 @@
+-- =============================================================================
+-- Migration 004: System Screening Tables
+--
+-- Tables for SBOM generation and vulnerability scanning results.
+-- =============================================================================
+
+CREATE TABLE IF NOT EXISTS compliance_screenings (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id VARCHAR(255) NOT NULL,
+    status VARCHAR(20) DEFAULT 'pending',
+    sbom_format VARCHAR(50) DEFAULT 'CycloneDX',
+    sbom_version VARCHAR(20) DEFAULT '1.5',
+    total_components INTEGER DEFAULT 0,
+    total_issues INTEGER DEFAULT 0,
+    critical_issues INTEGER DEFAULT 0,
+    high_issues INTEGER DEFAULT 0,
+    medium_issues INTEGER DEFAULT 0,
+    low_issues INTEGER DEFAULT 0,
+    sbom_data JSONB,
+    started_at TIMESTAMPTZ,
+    completed_at TIMESTAMPTZ,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_screenings_tenant ON compliance_screenings(tenant_id);
+CREATE INDEX IF NOT EXISTS idx_screenings_status ON compliance_screenings(status);
+
+CREATE TABLE IF NOT EXISTS compliance_security_issues (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    screening_id UUID NOT NULL REFERENCES compliance_screenings(id) ON DELETE CASCADE,
+    severity VARCHAR(20) NOT NULL,
+    title VARCHAR(500) NOT NULL,
+    description TEXT,
+    cve VARCHAR(50),
+    cvss FLOAT,
+    affected_component VARCHAR(255),
+    affected_version VARCHAR(100),
+    fixed_in VARCHAR(100),
+    remediation TEXT,
+    status VARCHAR(20) DEFAULT 'OPEN',
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_security_issues_screening ON compliance_security_issues(screening_id);
+CREATE INDEX IF NOT EXISTS idx_security_issues_severity ON compliance_security_issues(severity);

backend-compliance/migrations/005_company_profile.sql

@@ -0,0 +1,74 @@
+-- =============================================================================
+-- Migration 005: Company Profile Table
+--
+-- Dedicated table for company profiles with audit logging.
+-- =============================================================================
+
+CREATE TABLE IF NOT EXISTS compliance_company_profiles (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id VARCHAR(255) NOT NULL UNIQUE,
+
+    -- Basic Info
+    company_name VARCHAR(500) NOT NULL DEFAULT '',
+    legal_form VARCHAR(50) DEFAULT 'GmbH',
+    industry VARCHAR(255) DEFAULT '',
+    founded_year INTEGER,
+
+    -- Business Model
+    business_model VARCHAR(20) DEFAULT 'B2B',
+    offerings JSONB DEFAULT '[]'::jsonb,
+
+    -- Size & Scope
+    company_size VARCHAR(20) DEFAULT 'small',
+    employee_count VARCHAR(20) DEFAULT '1-9',
+    annual_revenue VARCHAR(50) DEFAULT '< 2 Mio',
+
+    -- Locations
+    headquarters_country VARCHAR(10) DEFAULT 'DE',
+    headquarters_city VARCHAR(255) DEFAULT '',
+    has_international_locations BOOLEAN DEFAULT FALSE,
+    international_countries JSONB DEFAULT '[]'::jsonb,
+
+    -- Target Markets & Legal Scope
+    target_markets JSONB DEFAULT '["DE"]'::jsonb,
+    primary_jurisdiction VARCHAR(10) DEFAULT 'DE',
+
+    -- Data Processing Role
+    is_data_controller BOOLEAN DEFAULT TRUE,
+    is_data_processor BOOLEAN DEFAULT FALSE,
+
+    -- AI Usage
+    uses_ai BOOLEAN DEFAULT FALSE,
+    ai_use_cases JSONB DEFAULT '[]'::jsonb,
+
+    -- Contact Persons
+    dpo_name VARCHAR(255),
+    dpo_email VARCHAR(255),
+    legal_contact_name VARCHAR(255),
+    legal_contact_email VARCHAR(255),
+
+    -- Machine Builder Profile (optional)
+    machine_builder JSONB,
+
+    -- Completion
+    is_complete BOOLEAN DEFAULT FALSE,
+    completed_at TIMESTAMPTZ,
+
+    -- Timestamps
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_company_profiles_tenant ON compliance_company_profiles(tenant_id);
+
+-- Audit log for company profile changes
+CREATE TABLE IF NOT EXISTS compliance_company_profile_audit (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id VARCHAR(255) NOT NULL,
+    action VARCHAR(20) NOT NULL,
+    changed_fields JSONB,
+    changed_by VARCHAR(255),
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_company_profile_audit_tenant ON compliance_company_profile_audit(tenant_id);