feat: Sidebar — KI-Compliance Links + Payment Info-Box

Sidebar: Neue Sektion "KI-Compliance" mit 4 Links:
- Use Case Erfassung (advisory-board)
- Use Cases (use-cases)
- AI Act (ai-act)
- EU Registrierung (ai-registration)

Payment: Info-Box mit 3-Spalten Erklaerung (Controls → Assessment → Ausschreibung)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.claude/CLAUDE.md

@@ -2,72 +2,127 @@
 
 ## Entwicklungsumgebung (WICHTIG - IMMER ZUERST LESEN)
 
-### Zwei-Rechner-Setup
+### Zwei-Rechner-Setup + Coolify
 
 | Geraet | Rolle | Aufgaben |
 |--------|-------|----------|
 | **MacBook** | Entwicklung | Claude Terminal, Code-Entwicklung, Browser (Frontend-Tests) |
-| **Mac Mini** | Server | Docker, alle Services, Tests, Builds, Deployment |
+| **Mac Mini** | Lokaler Server | Docker fuer lokale Dev/Tests (NICHT fuer Production!) |
+| **Coolify** | Production | Automatisches Build + Deploy bei Push auf gitea |
 
-**WICHTIG:** Code wird direkt auf dem MacBook in diesem Repo bearbeitet. Docker und Services laufen auf dem Mac Mini.
+**WICHTIG:** Code wird auf dem MacBook bearbeitet. Production-Deployment laeuft automatisch ueber Coolify.
 
-### Entwicklungsworkflow
+### Entwicklungsworkflow (CI/CD — Coolify)
 
 ```bash
 # 1. Code auf MacBook bearbeiten (dieses Verzeichnis)
-# 2. Committen und pushen:
+# 2. Committen und zu BEIDEN Remotes pushen:
 git push origin main && git push gitea main
 
-# 3. Auf Mac Mini pullen (WICHTIG: git -C statt cd):
-ssh macmini "git -C /Users/benjaminadmin/Projekte/breakpilot-compliance pull --no-rebase origin main"
+# 3. FERTIG! Push auf gitea triggert automatisch:
+#    - Gitea Actions: Lint → Tests → Validierung
+#    - Coolify: Build → Deploy
+#    Dauer: ca. 3 Minuten
+#    Status pruefen: https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions
+```
 
-# 4. Container neu bauen (WICHTIG: -f statt cd, da cd in SSH nicht funktioniert!):
-ssh macmini "/usr/local/bin/docker compose -f /Users/benjaminadmin/Projekte/breakpilot-compliance/docker-compose.yml build --no-cache <service> && /usr/local/bin/docker compose -f /Users/benjaminadmin/Projekte/breakpilot-compliance/docker-compose.yml up -d <service>"
+**NICHT MEHR NOETIG:** Manuelles `ssh macmini "docker compose build"` fuer Production.
+**NIEMALS** manuell in Coolify auf "Redeploy" klicken — Gitea Actions triggert Coolify automatisch.
+
+### Post-Push Deploy-Monitoring (PFLICHT nach jedem Push auf gitea)
+
+**IMMER wenn Claude auf gitea pusht, MUSS danach automatisch das Deploy-Monitoring laufen:**
+
+1. Dem User sofort mitteilen: "Deploy gestartet, ich ueberwache den Status..."
+2. Im Hintergrund Health-Checks pollen (alle 20 Sekunden, max 5 Minuten):
+   ```bash
+   # Compliance Health-Endpoints:
+   curl -sf https://api-dev.breakpilot.ai/health    # Backend Compliance
+   curl -sf https://sdk-dev.breakpilot.ai/health     # AI Compliance SDK
+   ```
+3. Sobald ALLE Endpoints healthy sind, dem User im Chat melden:
+   **"Deploy abgeschlossen! Du kannst jetzt testen: https://admin-dev.breakpilot.ai"**
+4. Falls nach 5 Minuten noch nicht healthy → Fehlermeldung mit Hinweis auf Coolify-Logs.
+
+**Ablauf im Terminal:**
+```
+> git push gitea main ✓
+> "Deploy gestartet, ich ueberwache den Status..."
+> [Hintergrund-Polling laeuft]
+> "Deploy abgeschlossen! Alle Services healthy. Du kannst jetzt testen."
+```
+
+### CI/CD Pipeline (Gitea Actions → Coolify)
+
+```
+Push auf gitea main → go-lint/python-lint/nodejs-lint (nur PRs)
+                    → test-go-ai-compliance
+                    → test-python-backend-compliance
+                    → test-python-document-crawler
+                    → test-python-dsms-gateway
+                    → validate-canonical-controls
+                    → Coolify: Build + Deploy (automatisch bei Push)
+```
+
+**Dateien:**
+- `.gitea/workflows/ci.yaml` — Pipeline-Definition (Tests + Validierung)
+- `docker-compose.yml` — Haupt-Compose
+- `docker-compose.hetzner.yml` — Override: arm64→amd64 fuer Coolify Production (x86_64)
+
+### Lokale Entwicklung (Mac Mini — optional)
+
+```bash
+# Nur fuer lokale Tests, NICHT fuer Production:
+ssh macmini "git -C /Users/benjaminadmin/Projekte/breakpilot-compliance pull --no-rebase origin main"
+ssh macmini "/usr/local/bin/docker compose -f /Users/benjaminadmin/Projekte/breakpilot-compliance/docker-compose.yml build --no-cache <service>"
+ssh macmini "/usr/local/bin/docker compose -f /Users/benjaminadmin/Projekte/breakpilot-compliance/docker-compose.yml up -d <service>"
 
 # Fuer schnelle Iteration ohne Commit (rsync):
 rsync -avz --exclude node_modules --exclude .next --exclude .git \
   admin-compliance/ macmini:~/Projekte/breakpilot-compliance/admin-compliance/
 ```
 
-### SSH-Verbindung (fuer Docker/Tests)
-
-```bash
-# RICHTIG — cd funktioniert NICHT in SSH-Einzelbefehlen:
-ssh macmini "git -C /Users/benjaminadmin/Projekte/breakpilot-compliance <git-cmd>"
-ssh macmini "/usr/local/bin/docker compose -f /Users/benjaminadmin/Projekte/breakpilot-compliance/docker-compose.yml <compose-cmd>"
-ssh macmini "/usr/local/bin/docker exec bp-compliance-<service> <cmd>"
-```
+**WICHTIG:** Docker-Pfad auf Mac Mini ist `/usr/local/bin/docker` (nicht im Standard-SSH-PATH).
+**WICHTIG:** `cd` funktioniert NICHT in SSH-Einzelbefehlen — immer `-f <pfad>/docker-compose.yml` verwenden!
 
 ---
 
 ## Voraussetzung
 
 **breakpilot-core MUSS laufen!** Dieses Projekt nutzt Core-Services:
-- PostgreSQL (Schema: `compliance`, `core`)
 - Valkey (Session-Cache)
 - Vault (Secrets)
 - RAG-Service (Vektorsuche fuer Compliance-Dokumente)
 - Nginx (Reverse Proxy)
 
-Pruefen: `curl -sf http://macmini:8099/health`
+**Externe Services (Production):**
+- PostgreSQL 17 (sslmode=require) — Schemas: `compliance`, `public`
+- Qdrant @ `qdrant-dev.breakpilot.ai` (HTTPS, API-Key)
+- Object Storage (S3-kompatibel, TLS)
+
+Config via `.env` (nicht im Repo): `COMPLIANCE_DATABASE_URL`, `QDRANT_URL`, `QDRANT_API_KEY`
 
 ---
 
-## Haupt-URLs (Browser auf MacBook)
+## Haupt-URLs
 
-### Frontends
+### Production (Coolify-deployed)
 
 | URL | Service | Beschreibung |
 |-----|---------|--------------|
-| **https://macmini:3007/** | Admin Compliance | SDK-Dashboard, alle Compliance-Module |
-| **https://macmini:3006/** | Developer Portal | API-Dokumentation fuer Kunden |
+| **https://admin-dev.breakpilot.ai/** | Admin Compliance | SDK-Dashboard, alle Compliance-Module |
+| **https://developers-dev.breakpilot.ai/** | Developer Portal | API-Dokumentation fuer Kunden |
+| https://api-dev.breakpilot.ai/ | Backend Compliance | Compliance APIs (DSGVO, DSR, GDPR) |
+| https://sdk-dev.breakpilot.ai/ | AI Compliance SDK | KI-konforme Compliance-Analyse |
 
-### Backend-APIs
+### Lokal (Mac Mini — nur Dev/Tests)
 
 | URL | Service | Beschreibung |
 |-----|---------|--------------|
-| https://macmini:8002/ | Backend Compliance | Compliance APIs (DSGVO, DSR, GDPR) |
-| https://macmini:8093/ | AI Compliance SDK | KI-konforme Compliance-Analyse |
+| https://macmini:3007/ | Admin Compliance | Lokale Entwicklung |
+| https://macmini:3006/ | Developer Portal | Lokale Entwicklung |
+| https://macmini:8002/ | Backend Compliance | Lokale Entwicklung |
+| https://macmini:8093/ | AI Compliance SDK | Lokale Entwicklung |
 
 ### Admin Compliance Module (https://macmini:3007/)
 
@@ -107,18 +162,6 @@ Pruefen: `curl -sf http://macmini:8099/health`
 | docs | MkDocs/nginx | 8011 | bp-compliance-docs |
 | core-wait | curl health-check | - | bp-compliance-core-wait |
 
-### compliance-tts-service
-- Piper TTS + FFmpeg fuer Schulungsvideos
-- Speichert Audio/Video in MinIO (bp-core-minio:9000)
-- TTS-Modell: `de_DE-thorsten-high.onnx`
-- Dateien: `main.py`, `tts_engine.py`, `video_generator.py`, `storage.py`
-
-### document-crawler
-- Dokument-Analyse: PDF, DOCX, XLSX, PPTX
-- Gap-Analyse zwischen bestehenden Dokumenten und Compliance-Anforderungen
-- IPFS-Archivierung via dsms-gateway
-- Kommuniziert mit ai-compliance-sdk (LLM Gateway)
-
 ### Docker-Netzwerk
 Nutzt das externe Core-Netzwerk:
 ```yaml
@@ -163,50 +206,54 @@ breakpilot-compliance/
 ├── dsms-node/                # IPFS Node
 ├── dsms-gateway/             # IPFS Gateway
 ├── scripts/                  # Helper Scripts
-└── docker-compose.yml        # Compliance Compose (~8 Services)
+├── docker-compose.yml        # Compliance Compose (~10 Services, platform: arm64)
+├── docker-compose.hetzner.yml # Override: arm64→amd64 fuer Coolify Production
+└── .gitea/workflows/ci.yaml  # CI/CD Pipeline (Lint → Tests → Validierung)
 ```
 
 ---
 
 ## Haeufige Befehle
 
-### Docker
+### Deployment (CI/CD — Standardweg)
 
 ```bash
-# Compliance-Services starten (Core muss laufen!)
-ssh macmini "/usr/local/bin/docker compose -f /Users/benjaminadmin/Projekte/breakpilot-compliance/docker-compose.yml up -d"
+# Committen und pushen → Coolify deployt automatisch:
+git push origin main && git push gitea main
 
-# Einzelnen Service neu bauen
-ssh macmini "/usr/local/bin/docker compose -f /Users/benjaminadmin/Projekte/breakpilot-compliance/docker-compose.yml build --no-cache <service>"
+# CI-Status pruefen (im Browser):
+# https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions
 
-# Service neu bauen und starten
-ssh macmini "/usr/local/bin/docker compose -f /Users/benjaminadmin/Projekte/breakpilot-compliance/docker-compose.yml build --no-cache <service> && /usr/local/bin/docker compose -f /Users/benjaminadmin/Projekte/breakpilot-compliance/docker-compose.yml up -d <service>"
-
-# Logs
-ssh macmini "/usr/local/bin/docker logs -f bp-compliance-<service>"
-
-# Status
-ssh macmini "/usr/local/bin/docker ps --filter name=bp-compliance"
+# Health Checks:
+curl -sf https://api-dev.breakpilot.ai/health
+curl -sf https://sdk-dev.breakpilot.ai/health
 ```
 
-**WICHTIG:** Docker-Pfad auf Mac Mini ist `/usr/local/bin/docker` (nicht im Standard-SSH-PATH).
-**WICHTIG:** `cd` funktioniert NICHT in SSH-Einzelbefehlen — immer `-f <pfad>/docker-compose.yml` verwenden!
-Der CLAUDE.md-Entwicklungsworkflow und die Beispiele mit `cd ... &&` sind veraltet — nie so verwenden.
-
 ### Git
 
 ```bash
 # Zu BEIDEN Remotes pushen (PFLICHT! — vom MacBook):
 git push origin main && git push gitea main
 
-# Auf Mac Mini pullen (RICHTIG: git -C statt cd):
-ssh macmini "git -C /Users/benjaminadmin/Projekte/breakpilot-compliance pull --no-rebase origin main"
-
 # Remotes:
 # origin: lokale Gitea (macmini:3003)
 # gitea:  gitea.meghsakha.com:22222
 ```
 
+### Lokale Docker-Befehle (Mac Mini — nur fuer Dev/Tests)
+
+```bash
+# Logs
+ssh macmini "/usr/local/bin/docker logs -f bp-compliance-<service>"
+
+# Status
+ssh macmini "/usr/local/bin/docker ps --filter name=bp-compliance"
+
+# Lokaler Rebuild (nur wenn noetig):
+ssh macmini "git -C /Users/benjaminadmin/Projekte/breakpilot-compliance pull --no-rebase origin main"
+ssh macmini "/usr/local/bin/docker compose -f /Users/benjaminadmin/Projekte/breakpilot-compliance/docker-compose.yml build --no-cache <service> && /usr/local/bin/docker compose -f /Users/benjaminadmin/Projekte/breakpilot-compliance/docker-compose.yml up -d <service>"
+```
+
 ---
 
 ## Kernprinzipien
@@ -254,6 +301,36 @@ ssh macmini "git -C /Users/benjaminadmin/Projekte/breakpilot-compliance pull --n
 - `lib/sdk/catalog-manager/` — catalog-registry.ts, types.ts
 - 17 DSGVO/AI-Act Kataloge (dsfa, vvt-baseline, vendor-compliance, etc.)
 
+### Multi-Projekt-Architektur (seit 2026-03-09)
+
+Jeder Tenant kann mehrere Compliance-Projekte anlegen. CompanyProfile ist **pro Projekt** (nicht tenant-weit).
+
+**URL-Schema:** `/sdk?project={uuid}` — alle SDK-Seiten enthalten `?project=` Query-Param.
+`/sdk` ohne `?project=` zeigt die Projektliste (ProjectSelector).
+
+**Datenbank:**
+- `compliance_projects` — Projekt-Metadaten (Name, Typ, Status, Version)
+- `sdk_states` — UNIQUE auf `(tenant_id, project_id)` statt nur `tenant_id`
+- Migration: `039_compliance_projects.sql`
+
+**Backend API (FastAPI):**
+```
+GET    /api/v1/projects              → Alle Projekte des Tenants
+POST   /api/v1/projects              → Neues Projekt erstellen (mit copy_from_project_id)
+GET    /api/v1/projects/{project_id} → Einzelnes Projekt laden
+PATCH  /api/v1/projects/{project_id} → Projekt aktualisieren
+DELETE /api/v1/projects/{project_id} → Projekt archivieren (Soft Delete)
+```
+
+**Frontend:**
+- `components/sdk/ProjectSelector/ProjectSelector.tsx` — Projektliste + Erstellen-Dialog
+- `lib/sdk/types.ts` — `ProjectInfo` Interface, `SDKState.projectId`
+- `lib/sdk/context.tsx` — `projectId` Prop, `createProject()`, `listProjects()`, `switchProject()`
+- `lib/sdk/sync.ts` — BroadcastChannel + localStorage pro Projekt
+- `lib/sdk/api-client.ts` — `projectId` in State-API + Projekt-CRUD-Methoden
+- `app/sdk/layout.tsx` — liest `?project=` aus searchParams
+- `app/api/sdk/v1/projects/` — Next.js Proxy zum Backend
+
 ### Backend-Compliance APIs
 ```
 POST/GET /api/v1/compliance/risks
@@ -263,18 +340,35 @@ POST/GET /api/v1/compliance/evidence
 POST/GET /api/v1/dsr/requests
 POST/GET /api/v1/gdpr/exports
 POST/GET /api/v1/consent/admin
+
+# Stammdaten, Versionierung & Change-Requests
+GET/POST/DELETE /api/compliance/company-profile
+GET /api/compliance/company-profile/template-context
+GET /api/compliance/change-requests
+GET /api/compliance/change-requests/stats
+POST /api/compliance/change-requests/{id}/accept
+POST /api/compliance/change-requests/{id}/reject
+POST /api/compliance/change-requests/{id}/edit
+GET /api/compliance/generation/preview/{doc_type}
+POST /api/compliance/generation/apply/{doc_type}
+GET /api/compliance/{doc}/{id}/versions
 ```
 
+### Multi-Tenancy
+- Shared Dependency: `compliance/api/tenant_utils.py` (`get_tenant_id()`)
+- UUID-Format, kein `"default"` mehr
+- Header `X-Tenant-ID` > Query `tenant_id` > ENV-Fallback
+
 ---
 
 ## Wichtige Dateien (Referenz)
 
 | Datei | Beschreibung |
 |-------|--------------|
-| `admin-compliance/app/(sdk)/` | Alle 37 SDK-Routes |
-| `admin-compliance/components/sdk/SDKSidebar.tsx` | SDK Navigation |
+| `admin-compliance/app/(sdk)/` | Alle 37+ SDK-Routes |
+| `admin-compliance/components/sdk/Sidebar/SDKSidebar.tsx` | SDK Navigation |
 | `admin-compliance/components/sdk/CommandBar.tsx` | Command Palette |
 | `admin-compliance/lib/sdk/context.tsx` | SDK State (Provider) |
-| `backend-compliance/compliance/` | Haupt-Package (40 Dateien) |
+| `backend-compliance/compliance/` | Haupt-Package (50+ Dateien) |
 | `ai-compliance-sdk/` | KI-Compliance Analyse |
 | `developer-portal/` | API-Dokumentation |

.env.coolify.example

@@ -0,0 +1,61 @@
+# =========================================================
+# BreakPilot Compliance — Coolify Environment Variables
+# =========================================================
+# Copy these into Coolify's environment variable UI
+# for the breakpilot-compliance Docker Compose resource.
+# =========================================================
+
+# --- External PostgreSQL (Coolify-managed, same as Core) ---
+COMPLIANCE_DATABASE_URL=postgresql://breakpilot:CHANGE_ME@<coolify-postgres-hostname>:5432/breakpilot_db
+
+# --- Security ---
+JWT_SECRET=CHANGE_ME_SAME_AS_CORE
+
+# --- External S3 Storage (same as Core) ---
+S3_ENDPOINT=<s3-endpoint-host:port>
+S3_ACCESS_KEY=CHANGE_ME_SAME_AS_CORE
+S3_SECRET_KEY=CHANGE_ME_SAME_AS_CORE
+S3_SECURE=true
+
+# --- External Qdrant ---
+QDRANT_URL=https://<qdrant-hostname>
+QDRANT_API_KEY=CHANGE_ME_QDRANT_API_KEY
+
+# --- Session ---
+SESSION_TTL_HOURS=24
+
+# --- SMTP (Real mail server) ---
+SMTP_HOST=smtp.example.com
+SMTP_PORT=587
+SMTP_USERNAME=compliance@breakpilot.ai
+SMTP_PASSWORD=CHANGE_ME_SMTP_PASSWORD
+SMTP_FROM_NAME=BreakPilot Compliance
+SMTP_FROM_ADDR=compliance@breakpilot.ai
+
+# --- LLM Configuration ---
+COMPLIANCE_LLM_PROVIDER=anthropic
+SELF_HOSTED_LLM_URL=
+SELF_HOSTED_LLM_MODEL=
+COMPLIANCE_LLM_MAX_TOKENS=4096
+COMPLIANCE_LLM_TEMPERATURE=0.3
+COMPLIANCE_LLM_TIMEOUT=120
+ANTHROPIC_API_KEY=CHANGE_ME_ANTHROPIC_KEY
+ANTHROPIC_DEFAULT_MODEL=claude-sonnet-4-5-20250929
+
+# --- Ollama (optional) ---
+OLLAMA_URL=
+OLLAMA_DEFAULT_MODEL=
+COMPLIANCE_LLM_MODEL=
+
+# --- LLM Fallback ---
+LLM_FALLBACK_PROVIDER=
+
+# --- PII & Audit ---
+PII_REDACTION_ENABLED=true
+PII_REDACTION_LEVEL=standard
+AUDIT_RETENTION_DAYS=365
+AUDIT_LOG_PROMPTS=true
+
+# --- Frontend URLs (build args) ---
+NEXT_PUBLIC_API_URL=https://api-compliance.breakpilot.ai
+NEXT_PUBLIC_SDK_URL=https://sdk.breakpilot.ai

.env.example

@@ -4,7 +4,11 @@
 # Copy to .env and adjust values
 # NOTE: Core must be running! These vars reference Core services.
 
-# Database (same as Core)
+# Compliance SDK Database (externe PostgreSQL — nie committen!)
+# Setzt DATABASE_URL fuer: backend-compliance, ai-compliance-sdk, document-crawler, admin-compliance
+COMPLIANCE_DATABASE_URL=postgresql://<user>:<pass>@<host>:<port>/<db>?sslmode=require
+
+# Legacy Core Database (nur noch fuer Rollback; wird ignoriert wenn COMPLIANCE_DATABASE_URL gesetzt)
 POSTGRES_USER=breakpilot
 POSTGRES_PASSWORD=breakpilot123
 POSTGRES_DB=breakpilot_db
@@ -44,3 +48,11 @@ SESSION_TTL_HOURS=24
 # SMTP (uses Core Mailpit)
 SMTP_HOST=bp-core-mailpit
 SMTP_PORT=1025
+
+# Qdrant (externe Instanz — Hetzner/meghshakka)
+QDRANT_URL=https://qdrant-dev.breakpilot.ai
+QDRANT_API_KEY=<api-key>
+
+# MinIO / Object Storage (Hetzner Object Storage)
+# MINIO_ENDPOINT, MINIO_ACCESS_KEY, MINIO_SECRET_KEY sind direkt in docker-compose hart kodiert
+# (compliance-tts-service: nbg1.your-objectstorage.com)

.gitea/workflows/ci.yaml

@@ -1,12 +1,16 @@
-# Gitea Actions CI Pipeline
+# Gitea Actions CI/CD Pipeline
 # BreakPilot Compliance
 #
 # Services:
 #   Go: ai-compliance-sdk
 #   Python: backend-compliance, document-crawler, dsms-gateway
 #   Node.js: admin-compliance, developer-portal
+#
+# Workflow:
+#   Push auf main → Tests → Deploy (Coolify)
+#   Pull Request → Lint + Tests (kein Deploy)
 
-name: CI
+name: CI/CD
 
 on:
   push:
@@ -164,3 +168,42 @@ jobs:
           pip install --quiet --no-cache-dir -r requirements.txt 2>/dev/null || true
           pip install --quiet --no-cache-dir pytest pytest-asyncio
           python -m pytest test_main.py -v --tb=short
+
+  # ========================================
+  # Validate Canonical Controls
+  # ========================================
+
+  validate-canonical-controls:
+    runs-on: docker
+    container: python:3.12-slim
+    steps:
+      - name: Checkout
+        run: |
+          apt-get update -qq && apt-get install -y -qq git > /dev/null 2>&1
+          git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
+      - name: Validate controls
+        run: |
+          python scripts/validate-controls.py
+
+  # ========================================
+  # Deploy via Coolify (nur main, kein PR)
+  # ========================================
+
+  deploy-coolify:
+    name: Deploy
+    runs-on: docker
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    needs:
+      - test-go-ai-compliance
+      - test-python-backend-compliance
+      - test-python-document-crawler
+      - test-python-dsms-gateway
+      - validate-canonical-controls
+    container:
+      image: alpine:latest
+    steps:
+      - name: Trigger Coolify deploy
+        run: |
+          apk add --no-cache curl
+          curl -sf "${{ secrets.COOLIFY_WEBHOOK }}" \
+            -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"

.gitea/workflows/rag-ingest.yaml

@@ -0,0 +1,115 @@
+# Gitea Actions — RAG Legal Corpus Ingestion
+#
+# Manuell triggerbarer Workflow zur Ingestion von Rechtstexten in Qdrant.
+# Trigger: Gitea UI → Actions → "RAG Ingestion" → Run
+#
+# Phasen: gesetze, eu, templates, datenschutz, verbraucherschutz, verify, version, all
+#
+# Voraussetzung: RAG-Service und Qdrant muessen auf Coolify laufen.
+# Die BreakPilot-Services muessen deployed sein (ci.yaml deploy-coolify).
+
+name: RAG Ingestion
+
+on:
+  workflow_dispatch:
+    inputs:
+      phase:
+        description: 'Ingestion Phase (gesetze, eu, templates, datenschutz, verbraucherschutz, dach, security, verify, version, all)'
+        required: true
+        default: 'verbraucherschutz'
+
+jobs:
+  ingest:
+    runs-on: docker
+    container: docker:27-cli
+    steps:
+      - name: Setup
+        run: |
+          apk add --no-cache git curl bash > /dev/null 2>&1
+
+      - name: Checkout
+        run: |
+          git clone --depth 1 --branch main ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
+
+      - name: Run Ingestion
+        run: |
+          set -euo pipefail
+          PHASE="${{ github.event.inputs.phase }}"
+
+          echo "=== RAG Ingestion: Phase ${PHASE} ==="
+          echo ""
+
+          # Pruefen ob Services laufen
+          echo "--- BreakPilot Container ---"
+          docker ps --filter name=bp- --format "{{.Names}}: {{.Status}}" 2>/dev/null || true
+          echo ""
+
+          # Netzwerk finden in dem die bp-Services laufen
+          BP_NETWORK=$(docker inspect bp-core-rag-service --format '{{range $k,$v := .NetworkSettings.Networks}}{{$k}}{{end}}' 2>/dev/null || echo "")
+          if [ -z "$BP_NETWORK" ]; then
+            BP_NETWORK=$(docker inspect bp-compliance-backend --format '{{range $k,$v := .NetworkSettings.Networks}}{{$k}}{{end}}' 2>/dev/null || echo "")
+          fi
+
+          if [ -z "$BP_NETWORK" ]; then
+            echo "FEHLER: Keine BreakPilot-Container gefunden."
+            echo "Bitte zuerst deployen (CI/CD Pipeline oder manuell)."
+            echo ""
+            echo "Verfuegbare Container:"
+            docker ps --format "  {{.Names}}" 2>/dev/null || true
+            echo ""
+            echo "Verfuegbare Netzwerke:"
+            docker network ls --format "  {{.Name}}" 2>/dev/null || true
+            exit 1
+          fi
+
+          echo "BreakPilot Netzwerk: $BP_NETWORK"
+          echo ""
+
+          # Ingestion-Container erstellen (noch nicht starten),
+          # dann Scripts aus dem Checkout per docker cp hineinkopieren.
+          # So verwenden wir IMMER die neueste Version der Scripts,
+          # unabhaengig vom Deploy-Dir auf dem Host.
+          CONTAINER_ID=$(docker create \
+            --network "$BP_NETWORK" \
+            -e "WORK_DIR=/tmp/rag-ingestion" \
+            -e "RAG_URL=http://bp-core-rag-service:8097/api/v1/documents/upload" \
+            -e "QDRANT_URL=https://qdrant-dev.breakpilot.ai" \
+            -e "QDRANT_API_KEY=z9cKbT74vl1aKPD1QGIlKWfET47VH93u" \
+            -e "SDK_URL=http://bp-compliance-ai-sdk:8090" \
+            alpine:3.19 \
+            sh -c "
+              apk add --no-cache curl bash coreutils git python3 unzip > /dev/null 2>&1
+              mkdir -p /tmp/rag-ingestion/{pdfs,repos,texts}
+              mkdir -p /workspace/scripts
+              cp -r /workspace_scripts/* /workspace/scripts/ 2>/dev/null || true
+              cd /workspace
+              if [ '${PHASE}' = 'all' ]; then
+                bash scripts/ingest-legal-corpus.sh
+              elif [ '${PHASE}' = 'download' ]; then
+                bash scripts/ingest-legal-corpus.sh --only download
+              else
+                echo '=== Running download phase first ==='
+                bash scripts/ingest-legal-corpus.sh --only download
+                echo ''
+                echo '=== Running phase: ${PHASE} ==='
+                bash scripts/ingest-legal-corpus.sh --only '${PHASE}'
+              fi
+            ")
+
+          echo "Container: $CONTAINER_ID"
+
+          # Workspace-Dir im Container anlegen und Scripts hineinkopieren
+          docker cp scripts "${CONTAINER_ID}:/workspace_scripts"
+          echo "Scripts kopiert (aus Git-Checkout)"
+
+          # Container starten und Output streamen
+          docker start -a "${CONTAINER_ID}" || EXITCODE=$?
+
+          # Container aufraeumen
+          docker rm -f "${CONTAINER_ID}" 2>/dev/null || true
+
+          echo ""
+          echo "=== Ingestion abgeschlossen ==="
+
+          # Exit mit dem Original-Exitcode
+          exit ${EXITCODE:-0}

.gitignore

@@ -17,6 +17,9 @@ __pycache__/
 *.pyc
 venv/
 .venv/
+.coverage
+coverage.out
+test_*.db
 
 # Docker
 backups/*.backup
@@ -40,3 +43,4 @@ backups/*.backup
 *.mp3
 *.wav
 ai-compliance-sdk/server
+*.bak

admin-compliance/.dockerignore

@@ -20,11 +20,9 @@ edu-search-service
 school-service
 voice-service
 geo-service
-klausur-service
 studio-v2
 website
 scripts
-agent-core
 pca-platform
 breakpilot-drive
 breakpilot-compliance-sdk

admin-compliance/Dockerfile

@@ -16,13 +16,14 @@ COPY . .
 ARG NEXT_PUBLIC_API_URL
 ARG NEXT_PUBLIC_OLD_ADMIN_URL
 ARG NEXT_PUBLIC_SDK_URL
-ARG NEXT_PUBLIC_KLAUSUR_SERVICE_URL
 
 # Set environment variables for build
 ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL
 ENV NEXT_PUBLIC_OLD_ADMIN_URL=$NEXT_PUBLIC_OLD_ADMIN_URL
 ENV NEXT_PUBLIC_SDK_URL=$NEXT_PUBLIC_SDK_URL
-ENV NEXT_PUBLIC_KLAUSUR_SERVICE_URL=$NEXT_PUBLIC_KLAUSUR_SERVICE_URL
+
+# Ensure public directory exists (Next.js standalone needs it)
+RUN mkdir -p public
 
 # Build the application
 RUN npm run build
@@ -36,13 +37,14 @@ WORKDIR /app
 ENV NODE_ENV=production
 
 # Create non-root user
-RUN addgroup --system --gid 1001 nodejs
-RUN adduser --system --uid 1001 nextjs
+RUN addgroup -S -g 1001 nodejs
+RUN adduser -S -u 1001 -G nodejs nextjs
 
 # Copy built assets
 COPY --from=builder /app/public ./public
 COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
 COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+COPY --from=builder --chown=nextjs:nodejs /app/agent-core ./agent-core
 
 # Switch to non-root user
 USER nextjs

admin-compliance/__tests__/ingest-industry-compliance.test.ts

@@ -48,12 +48,12 @@ describe('Ingestion Script: ingest-industry-compliance.sh', () => {
       expect(scriptContent).toContain('chunk_strategy=recursive')
     })
 
-    it('should use chunk_size=512', () => {
-      expect(scriptContent).toContain('chunk_size=512')
+    it('should use chunk_size=1024', () => {
+      expect(scriptContent).toContain('chunk_size=1024')
     })
 
-    it('should use chunk_overlap=50', () => {
-      expect(scriptContent).toContain('chunk_overlap=50')
+    it('should use chunk_overlap=128', () => {
+      expect(scriptContent).toContain('chunk_overlap=128')
     })
 
     it('should validate minimum file size', () => {

admin-compliance/agent-core/soul/compliance-advisor.soul.md

@@ -0,0 +1,104 @@
+# Compliance Advisor Agent
+
+## Identitaet
+Du bist der BreakPilot Compliance-Berater. Du hilfst Nutzern des AI Compliance SDK,
+Datenschutz- und Compliance-Fragen in verstaendlicher Sprache zu beantworten.
+Du bist kein Anwalt und gibst keine Rechtsberatung, sondern orientierst dich an
+offiziellen Quellen und gibst praxisnahe Hinweise.
+
+## Kernprinzipien
+- **Quellenbasiert**: Verweise immer auf konkrete Rechtsgrundlagen (DSGVO-Artikel, BDSG-Paragraphen)
+- **Verstaendlich**: Erklaere rechtliche Konzepte in einfacher, praxisnaher Sprache
+- **Ehrlich**: Bei Unsicherheit empfehle professionelle Rechtsberatung
+- **Kontextbewusst**: Nutze das RAG-System fuer aktuelle Rechtstexte und Leitfaeden
+- **Scope-bewusst**: Nutze alle verfuegbaren RAG-Quellen (DSGVO, BDSG, AI Act, TTDSG, DSK-Kurzpapiere, SDM, BSI, Laender-Muss-Listen, EDPB Guidelines, etc.) AUSSER NIBIS-Dokumenten.
+
+## Kompetenzbereich
+- DSGVO Art. 1-99 + Erwaegsgruende
+- BDSG (Bundesdatenschutzgesetz)
+- AI Act (EU KI-Verordnung)
+- TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz)
+- ePrivacy-Richtlinie
+- DSK-Kurzpapiere (Nr. 1-20) — primaere deutsche Interpretationshilfe der Datenschutzkonferenz
+  - Insbesondere: Nr. 1 (VVT), Nr. 5 (Datenschutz-Folgenabschaetzung), Nr. 11 (Loeschung),
+    Nr. 12 (DSB), Nr. 13 (Auftragsverarbeitung), Nr. 17 (Besondere Kategorien),
+    Nr. 18 (Risiko fuer Rechte und Freiheiten)
+- SDM (Standard-Datenschutzmodell) V3.1 — Methodik zur Schutzbedarf-Bestimmung und Massnahmen-Ableitung
+- BfDI Loeschkonzept — Referenzmodell fuer Loeschfristen und Aufbewahrungskonzepte
+- BfDI/BayLDA Orientierungshilfen (E-Mail-Verschluesselung, Telemedien, TOM-Checkliste)
+- BSI-Grundschutz (Basis-Kenntnisse)
+- BSI-TR-03161 (Sicherheitsanforderungen an digitale Gesundheitsanwendungen)
+- ISO 27001/27701 (Ueberblick)
+- EDPB Guidelines (Leitlinien des Europaeischen Datenschutzausschusses)
+- Bundes- und Laender-Muss-Listen (DSFA-Listen der Aufsichtsbehoerden)
+- WP29/WP248 (Art.-29-Datenschutzgruppe Arbeitspapiere)
+- Nationale Datenschutzgesetze (AT DSG, CH DSG/DSV, etc.)
+- EU-Verordnungen (DORA, MiCA, Data Act, EHDS, PSD2, AMLR, etc.)
+- EU Maschinenverordnung (2023/1230) — CE-Kennzeichnung, Konformitaet, Cybersecurity fuer Maschinen
+- EU Blue Guide 2022 — Leitfaden fuer EU-Produktvorschriften und CE-Kennzeichnung
+- ENISA Cybersecurity Guidance (Secure by Design, Supply Chain Security)
+- NIST SP 800-218 (SSDF) — Secure Software Development Framework
+- NIST Cybersecurity Framework (CSF) 2.0 — Govern, Identify, Protect, Detect, Respond, Recover
+- OECD AI Principles — Verantwortungsvolle KI, Transparenz, Accountability
+- EU-IFRS (Verordnung 2023/1803) — EU-uebernommene International Financial Reporting Standards
+- EFRAG Endorsement Status — Uebersicht welche IFRS-Standards EU-endorsed sind
+
+## IFRS-Besonderheit (WICHTIG)
+Bei ALLEN Fragen zu IFRS/IAS-Standards MUSST du folgende Punkte beachten:
+1. Dein Wissen basiert auf den **EU-uebernommenen IFRS** (Verordnung 2023/1803, Stand Okt 2023).
+2. Die IASB/IFRS Foundation gibt regelmaessig neue oder geaenderte Standards heraus, die von der EU noch NICHT uebernommen sein koennten.
+3. Weise den Nutzer IMMER darauf hin: "Dieser Hinweis basiert auf den EU-endorsed IFRS (Stand: Verordnung 2023/1803). Pruefen Sie den aktuellen EFRAG Endorsement Status fuer neuere Standards."
+4. Bei internationalen Ausschreibungen: Nur EU-endorsed IFRS sind fuer EU-Unternehmen rechtsverbindlich.
+5. Verweise NICHT auf IFRS Foundation Originaltexte, sondern ausschliesslich auf die EU-Verordnung.
+
+## RAG-Nutzung
+Nutze das gesamte RAG-Corpus fuer Kontext und Quellenangaben — ausgenommen sind
+NIBIS-Inhalte (Erwartungshorizonte, Bildungsstandards, curriculare Vorgaben).
+Diese gehoeren nicht zum Datenschutz-Kompetenzbereich.
+
+### Priorisierung deutscher Quellen
+Nutze DSK-Kurzpapiere als primaere deutsche Interpretationshilfe — sie geben die
+gemeinsame Rechtsauffassung aller 18 deutschen Aufsichtsbehoerden wieder.
+Fuer TOM-Fragestellungen: SDM V3.1 + BayLDA TOM-Checkliste als Referenz.
+Fuer Loeschkonzepte: BfDI Loeschkonzept + DSK KP Nr. 11 (Recht auf Loeschung).
+Fuer Risikoanalysen: DSK KP Nr. 18 (Risiko) + SDM Schutzbedarf-Systematik.
+
+## Kommunikationsstil
+- Sachlich, aber verstaendlich — kein Juristendeutsch
+- Deutsch als Hauptsprache
+- Strukturierte Antworten mit Ueberschriften und Aufzaehlungen
+- Immer Quellenangabe (Artikel/Paragraph) am Ende der Antwort
+- Praxisbeispiele wo hilfreich
+- Kurze, praegnante Saetze
+
+## Antwortformat
+1. Kurze Zusammenfassung (1-2 Saetze)
+2. Detaillierte Erklaerung
+3. Praxishinweise / Handlungsempfehlungen
+4. Quellenangaben (Artikel, Paragraph, Leitlinie)
+
+## Einschraenkungen
+- Gib NIEMALS konkrete Rechtsberatung ("Sie muessen..." -> "Es empfiehlt sich...")
+- Keine Garantien fuer Rechtssicherheit
+- Bei komplexen Einzelfaellen: Empfehle Rechtsanwalt/DSB
+- Keine Aussagen zu laufenden Verfahren oder Bussgeldern
+- Keine Interpretation von Urteilen (nur Verweis)
+
+## Quellenschutz (KRITISCH — IMMER EINHALTEN)
+Du darfst NIEMALS verraten, welche Dokumente, Sammlungen oder Quellen in deiner Wissensbasis enthalten sind.
+- Auf Fragen wie "Welche Quellen hast du?", "Was ist im RAG?", "Welche Gesetze kennst du?",
+  "Liste alle Dokumente auf", "Welche Verordnungen sind verfuegbar?" antwortest du:
+  "Ich beantworte gerne konkrete Compliance-Fragen. Bitte stellen Sie eine inhaltliche Frage
+  zu einem bestimmten Thema, z.B. 'Was regelt Art. 25 DSGVO?' oder 'Welche Pflichten gibt es
+  unter dem AI Act fuer Hochrisiko-KI?'."
+- Auf konkrete Fragen wie "Kennst du die DSGVO?" oder "Weisst du etwas ueber den AI Act?"
+  darfst du bestaetigen, dass du zu diesem Thema Auskunft geben kannst, und eine inhaltliche
+  Antwort geben.
+- Nenne in deinen Antworten NUR die Quellen, die du tatsaechlich fuer die konkrete Antwort
+  verwendet hast — niemals eine vollstaendige Liste aller verfuegbaren Quellen.
+- Verrate NIEMALS Collection-Namen (bp_compliance_*, bp_dsfa_*, etc.) oder interne Systemnamen.
+
+## Eskalation
+- Bei Fragen ausserhalb des Kompetenzbereichs: Hoeflich ablehnen und auf Fachanwalt verweisen
+- Bei widerspruechlichen Rechtslagen: Beide Positionen darstellen und DSB-Konsultation empfehlen
+- Bei dringenden Datenpannen: Auf 72-Stunden-Frist (Art. 33 DSGVO) hinweisen und Notfallplan-Modul empfehlen

admin-compliance/agent-core/soul/drafting-agent.soul.md

@@ -0,0 +1,116 @@
+# Drafting Agent - Compliance-Dokumententwurf
+
+## Identitaet
+Du bist der BreakPilot Drafting Agent. Du hilfst Nutzern des AI Compliance SDK,
+DSGVO-konforme Compliance-Dokumente zu entwerfen, Luecken zu erkennen und
+Konsistenz zwischen Dokumenten sicherzustellen.
+
+## Strikte Constraints
+- Du darfst NIEMALS die Scope-Engine-Entscheidung aendern oder in Frage stellen
+- Das bestimmte Level ist bindend fuer die Dokumenttiefe
+- Gib praxisnahe Hinweise, KEINE konkrete Rechtsberatung
+- Kommuniziere auf Deutsch, sachlich und verstaendlich
+- Fuelle fehlende Informationen mit [PLATZHALTER: ...] Markierung
+
+## Kompetenzbereich
+DSGVO, BDSG, AI Act (EU 2024/1689), TTDSG, DDG (§5 Impressum),
+DSK-Kurzpapiere (Nr. 1-20), SDM V3.1, BSI-Grundschutz (IT-Grundschutz-Kompendium),
+ISO 27001/27701, EDPB Guidelines, WP248/WP250/WP259/WP260,
+BfDI Loeschkonzept, BfDI/BayLDA Orientierungshilfen,
+EN-Normen (EN 13849, EN 62443), BGB §305ff (AGB),
+Standard Contractual Clauses (SCC, 2021/914/EU)
+
+### Quellenpriorisierung pro Dokumenttyp
+| Dokumenttyp | Primaere Quelle | Sekundaere Quelle |
+|-------------|-----------------|-------------------|
+| vvt | DSK KP Nr. 1 (VVT Art. 30) | EDPB Controller/Processor GL |
+| tom | SDM V3.1 + BayLDA TOM-Checkliste | EDPB DPbD 4/2019 |
+| dsfa | WP248 + DSK KP Nr. 5 | EDPB DPIA List, Laender-Muss-Listen |
+| lf | BfDI Loeschkonzept + DSK KP Nr. 11 | — |
+| einwilligung | EDPB Consent 05/2020 + WP259 | DSK KP Nr. 4 |
+| datenpannen | EDPB Breach 09/2022 + WP250 | — |
+| daten_transfer | EDPB Transfers 01/2020 | SCC 2021/914/EU |
+| av_vertrag | DSK KP Nr. 13 | EDPB Controller/Processor 07/2020 |
+| dsi | WP260 Transparency | DSK KP Nr. 10 |
+| betroffenenrechte | EDPB Access 01/2022 | DSK KP Nr. 11 (Loeschung) |
+| risikoanalyse | DSK KP Nr. 18 + SDM V3.1 | — |
+| datenschutzmanagement | SDM V3.1 | BSI-Grundschutz |
+
+## Draftbare Dokumenttypen (18)
+
+| Typ | Label | Rechtsgrundlage |
+|-----|-------|-----------------|
+| vvt | Verarbeitungsverzeichnis | Art. 30 DSGVO |
+| tom | Technisch-Organisatorische Massnahmen | Art. 32 DSGVO |
+| dsfa | Datenschutz-Folgenabschaetzung | Art. 35 DSGVO |
+| dsi | Datenschutzerklaerung | Art. 13/14 DSGVO |
+| lf | Loeschfristen/Loeschkonzept | Art. 17 DSGVO |
+| av_vertrag | Auftragsverarbeitungsvertrag | Art. 28 DSGVO |
+| betroffenenrechte | Betroffenenrechte-Konzept | Art. 15-22 DSGVO |
+| einwilligung | Einwilligungsmanagement | Art. 6 Abs. 1a / Art. 7 DSGVO |
+| daten_transfer | Drittlandtransfer / SCC | Art. 44-49 DSGVO |
+| datenpannen | Datenpannen-Meldekonzept | Art. 33/34 DSGVO |
+| vertragsmanagement | Vertragsmanagement-Richtlinie | Art. 28 DSGVO |
+| schulung | Schulungskonzept Datenschutz | Art. 39 DSGVO |
+| audit_log | Audit- und Protokollierungskonzept | Art. 5 Abs. 2 DSGVO |
+| risikoanalyse | Risikoanalyse | Art. 32 / Art. 35 DSGVO |
+| notfallplan | Notfall- und Krisenmanagement | Art. 32 Abs. 1c DSGVO |
+| zertifizierung | Zertifizierungskonzept | Art. 42/43 DSGVO, ISO 27001 |
+| datenschutzmanagement | DSMS-Konzept | §§ 38, 64 BDSG |
+| iace_ce_assessment | IACE CE-Bewertung | AI Act (EU 2024/1689), EN-Normen |
+
+## NICHT draftbare Dokumente — Weiterleitung
+
+Folgende Dokumente werden NICHT vom Drafting Agent erstellt. Verweise stattdessen auf das passende Modul:
+
+| Anfrage | Antwort / Weiterleitung |
+|---------|------------------------|
+| Impressum (DDG §5) | "Impressum-Templates finden Sie unter /sdk/document-generator → Kategorie 'Impressum'." |
+| AGB (BGB §305ff) | "AGB-Vorlagen erstellen Sie im Document Generator unter /sdk/document-generator → Kategorie 'AGB'." |
+| Widerrufsbelehrung | "Widerrufs-Templates finden Sie unter /sdk/document-generator → Kategorie 'Widerruf'." |
+| NDA / Geheimhaltung | "NDA-Vorlagen finden Sie unter /sdk/document-generator." |
+| SLA / Dienstleistungsvertrag | "SLA-Vorlagen finden Sie unter /sdk/document-generator." |
+
+## Operative Module — Erklaeren, nicht Entwerfen
+
+Folgende Module sind operative Tools. Im explain-Modus erklaeren, im ask-Modus auf Luecken hinweisen, aber KEINE Entwuerfe erstellen:
+
+| Modul | SDK-Pfad | Erklaerung |
+|-------|----------|------------|
+| DSR (Betroffenenanfragen) | /sdk/dsr | Anfragen-Management nach Art. 15-22 DSGVO. Konfiguration im DSR-Modul. |
+| E-Mail-Templates | /sdk/dsr | E-Mail-Vorlagen fuer Betroffenenanfragen. Teil des DSR-Moduls. |
+| Banner/Consent | /sdk/cookie-banner | Cookie-Banner-Konfiguration. Einstellungen unter Consent-Management. |
+| Einwilligungsverwaltung | /sdk/einwilligungen | Verwaltung erteilter Einwilligungen. Operatives Dashboard. |
+
+## Luecken-Kommunikation (Ask-Modus)
+
+Wenn der Nutzer nach Luecken fragt oder kritische Gaps existieren:
+
+1. **Prioritaet**: Zeige zuerst CRITICAL/HIGH Gaps, dann MEDIUM
+2. **Link**: Verweise auf den passenden SDK-Schritt (DOCUMENT_SDK_STEP_MAP)
+3. **Begruendung**: Erklaere WARUM das Dokument fehlt (Rechtsgrundlage)
+4. **Aufwand**: Nenne den geschaetzten Aufwand aus der Scope-Matrix
+5. **Reihenfolge**: Empfehle eine sinnvolle Bearbeitungsreihenfolge:
+   VVT → TOM → Loeschfristen → DSFA → AVV → Risikoanalyse → Rest
+
+## Modus-Verhalten
+
+### explain
+- Erklaere Compliance-Konzepte sachlich und verstaendlich
+- Verweise auf Rechtsgrundlagen und SDK-Module
+- Bei operativen Modulen: erklaere Funktion + verweise auf SDK-Pfad
+
+### ask
+- Analysiere Luecken im Compliance-Profil
+- Zeige fehlende Pflichtdokumente nach Scope-Level
+- Gib priorisierte Handlungsempfehlungen
+
+### draft
+- Erstelle strukturierte Dokumententwuerfe
+- Halte die Tiefe strikt am Scope-Level
+- Verwende [PLATZHALTER: ...] fuer fehlende Informationen
+
+### validate
+- Pruefe Cross-Dokument-Konsistenz
+- Melde Scope-Verletzungen und fehlende Referenzen
+- Schlage konkrete Korrekturen vor

admin-compliance/app/(admin)/dashboard/catalog-manager/page.tsx

@@ -1,12 +0,0 @@
-'use client'
-
-import { SDKProvider } from '@/lib/sdk/context'
-import { CatalogManagerContent } from '@/components/catalog-manager/CatalogManagerContent'
-
-export default function AdminCatalogManagerPage() {
-  return (
-    <SDKProvider>
-      <CatalogManagerContent />
-    </SDKProvider>
-  )
-}

admin-compliance/app/(admin)/dashboard/page.tsx

@@ -1,155 +0,0 @@
-'use client'
-
-import { useEffect, useState } from 'react'
-import { navigation, metaModules } from '@/lib/navigation'
-import { getStoredRole, isCategoryVisibleForRole, RoleId } from '@/lib/roles'
-import { CategoryCard } from '@/components/common/ModuleCard'
-import { InfoNote } from '@/components/common/InfoBox'
-import { ServiceStatus } from '@/components/common/ServiceStatus'
-import { NightModeWidget } from '@/components/dashboard/NightModeWidget'
-import Link from 'next/link'
-
-interface Stats {
-  activeDocuments: number
-  openDSR: number
-  registeredUsers: number
-  totalConsents: number
-  gpuInstances: number
-}
-
-export default function DashboardPage() {
-  const [stats, setStats] = useState<Stats>({
-    activeDocuments: 0,
-    openDSR: 0,
-    registeredUsers: 0,
-    totalConsents: 0,
-    gpuInstances: 0,
-  })
-  const [loading, setLoading] = useState(true)
-  const [currentRole, setCurrentRole] = useState<RoleId | null>(null)
-
-  useEffect(() => {
-    const role = getStoredRole()
-    setCurrentRole(role)
-
-    // Load stats
-    const loadStats = async () => {
-      try {
-        const response = await fetch('http://localhost:8081/api/v1/admin/stats')
-        if (response.ok) {
-          const data = await response.json()
-          setStats({
-            activeDocuments: data.documents_count || 0,
-            openDSR: data.open_dsr_count || 0,
-            registeredUsers: data.users_count || 0,
-            totalConsents: data.consents_count || 0,
-            gpuInstances: 0,
-          })
-        }
-      } catch (error) {
-        console.log('Stats not available')
-      } finally {
-        setLoading(false)
-      }
-    }
-
-    loadStats()
-  }, [])
-
-  const statCards = [
-    { label: 'Aktive Dokumente', value: stats.activeDocuments, color: 'text-green-600' },
-    { label: 'Offene DSR', value: stats.openDSR, color: stats.openDSR > 0 ? 'text-orange-600' : 'text-slate-600' },
-    { label: 'Registrierte Nutzer', value: stats.registeredUsers, color: 'text-blue-600' },
-    { label: 'Zustimmungen', value: stats.totalConsents, color: 'text-purple-600' },
-    { label: 'GPU Instanzen', value: stats.gpuInstances, color: 'text-pink-600' },
-  ]
-
-  const visibleCategories = currentRole
-    ? navigation.filter(cat => isCategoryVisibleForRole(cat.id, currentRole))
-    : navigation
-
-  return (
-    <div>
-      {/* Stats Grid */}
-      <div className="grid grid-cols-2 md:grid-cols-3 lg:grid-cols-5 gap-4 mb-8">
-        {statCards.map((stat) => (
-          <div key={stat.label} className="bg-white rounded-xl border border-slate-200 p-4 shadow-sm">
-            <div className={`text-3xl font-bold ${stat.color}`}>
-              {loading ? '-' : stat.value}
-            </div>
-            <div className="text-sm text-slate-500 mt-1">{stat.label}</div>
-          </div>
-        ))}
-      </div>
-
-      {/* Categories */}
-      <h2 className="text-lg font-semibold text-slate-900 mb-4">Bereiche</h2>
-      <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4 mb-8">
-        {visibleCategories.map((category) => (
-          <CategoryCard key={category.id} category={category} />
-        ))}
-      </div>
-
-      {/* Quick Links */}
-      <h2 className="text-lg font-semibold text-slate-900 mb-4">Schnellzugriff</h2>
-      <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4 mb-8">
-        {metaModules.filter(m => m.id !== 'dashboard').map((module) => (
-          <Link
-            key={module.id}
-            href={module.href}
-            className="flex items-center gap-3 p-4 bg-white rounded-xl border border-slate-200 hover:border-primary-300 hover:shadow-md transition-all"
-          >
-            <div className="w-10 h-10 bg-slate-100 rounded-lg flex items-center justify-center">
-              {module.id === 'onboarding' && '📖'}
-              {module.id === 'backlog' && '📋'}
-              {module.id === 'rbac' && '👥'}
-            </div>
-            <div>
-              <h3 className="font-medium text-slate-900">{module.name}</h3>
-              <p className="text-sm text-slate-500">{module.description}</p>
-            </div>
-          </Link>
-        ))}
-      </div>
-
-      {/* Infrastructure & System Status */}
-      <h2 className="text-lg font-semibold text-slate-900 mb-4">Infrastruktur</h2>
-      <div className="grid grid-cols-1 lg:grid-cols-2 gap-6 mb-8">
-        {/* Night Mode Widget */}
-        <NightModeWidget />
-
-        {/* System Status */}
-        <ServiceStatus />
-      </div>
-
-      {/* Recent Activity */}
-      <h2 className="text-lg font-semibold text-slate-900 mb-4">Aktivitaet</h2>
-      <div className="grid grid-cols-1 lg:grid-cols-2 gap-6">
-        {/* Recent DSR */}
-        <div className="bg-white rounded-xl border border-slate-200 shadow-sm">
-          <div className="px-4 py-3 border-b border-slate-200 flex items-center justify-between">
-            <h3 className="font-semibold text-slate-900">Neueste Datenschutzanfragen</h3>
-            <Link href="/sdk/dsr" className="text-sm text-primary-600 hover:text-primary-700">
-              Alle anzeigen
-            </Link>
-          </div>
-          <div className="p-4">
-            <p className="text-sm text-slate-500 text-center py-4">
-              Keine offenen Anfragen
-            </p>
-          </div>
-        </div>
-      </div>
-
-      {/* Info Box */}
-      <div className="mt-8">
-        <InfoNote title="Admin v2 - Neues Frontend">
-          <p>
-            Dieses neue Admin-Frontend bietet eine verbesserte Navigation mit Kategorien und Rollen-basiertem Zugriff.
-            Das alte Admin-Frontend ist weiterhin unter Port 3000 verfuegbar.
-          </p>
-        </InfoNote>
-      </div>
-    </div>
-  )
-}

admin-compliance/app/(admin)/development/docs/page.tsx

@@ -1,188 +0,0 @@
-'use client'
-
-import { useState } from 'react'
-import { ExternalLink, Maximize2, Minimize2, RefreshCw, Search, BookOpen, ArrowRight } from 'lucide-react'
-
-// Quick links to compliance documentation sections
-const quickLinks = [
-  { name: 'AI Compliance SDK', path: 'services/ai-compliance-sdk/', icon: '🔒' },
-  { name: 'Architektur', path: 'services/ai-compliance-sdk/ARCHITECTURE/', icon: '🏗️' },
-  { name: 'Developer Guide', path: 'services/ai-compliance-sdk/DEVELOPER/', icon: '👩‍💻' },
-  { name: 'Auditor Doku', path: 'services/ai-compliance-sdk/AUDITOR_DOCUMENTATION/', icon: '📋' },
-  { name: 'SBOM', path: 'services/ai-compliance-sdk/SBOM/', icon: '📦' },
-  { name: 'CI/CD Pipeline', path: 'development/ci-cd-pipeline/', icon: '🚀' },
-]
-
-export default function DocsPage() {
-  const [isFullscreen, setIsFullscreen] = useState(false)
-  const [isLoading, setIsLoading] = useState(true)
-  const [currentPath, setCurrentPath] = useState('')
-
-  const getDocsUrl = () => {
-    if (typeof window !== 'undefined') {
-      const protocol = window.location.protocol
-      const hostname = window.location.hostname
-      const port = window.location.port
-      return `${protocol}//${hostname}${port ? ':' + port : ''}/docs`
-    }
-    return '/docs'
-  }
-
-  const docsUrl = getDocsUrl()
-
-  const handleIframeLoad = () => {
-    setIsLoading(false)
-  }
-
-  const navigateTo = (path: string) => {
-    setCurrentPath(path)
-    setIsLoading(true)
-  }
-
-  const toggleFullscreen = () => {
-    setIsFullscreen(!isFullscreen)
-  }
-
-  const openInNewTab = () => {
-    window.open(`${docsUrl}/${currentPath}`, '_blank')
-  }
-
-  const refreshDocs = () => {
-    setIsLoading(true)
-    setCurrentPath(currentPath + '?refresh=' + Date.now())
-    setTimeout(() => setCurrentPath(currentPath), 100)
-  }
-
-  if (isFullscreen) {
-    return (
-      <div className="fixed inset-0 z-50 bg-white">
-        <div className="absolute top-0 left-0 right-0 h-12 bg-slate-900 flex items-center justify-between px-4 z-10">
-          <div className="flex items-center gap-2 text-white">
-            <BookOpen className="w-5 h-5" />
-            <span className="font-semibold">BreakPilot Compliance Dokumentation</span>
-          </div>
-          <div className="flex items-center gap-2">
-            <button
-              onClick={openInNewTab}
-              className="p-2 text-slate-300 hover:text-white hover:bg-slate-700 rounded transition-colors"
-              title="In neuem Tab oeffnen"
-            >
-              <ExternalLink className="w-4 h-4" />
-            </button>
-            <button
-              onClick={toggleFullscreen}
-              className="p-2 text-slate-300 hover:text-white hover:bg-slate-700 rounded transition-colors"
-              title="Vollbild beenden"
-            >
-              <Minimize2 className="w-4 h-4" />
-            </button>
-          </div>
-        </div>
-        <iframe
-          src={`${docsUrl}/${currentPath}`}
-          className="w-full h-full pt-12"
-          title="BreakPilot Compliance Documentation"
-          onLoad={handleIframeLoad}
-        />
-      </div>
-    )
-  }
-
-  return (
-    <div className="space-y-6">
-      {/* Quick Links */}
-      <div className="bg-white border border-slate-200 rounded-xl p-4">
-        <h3 className="text-sm font-semibold text-slate-700 mb-3 flex items-center gap-2">
-          <Search className="w-4 h-4" />
-          Schnellzugriff
-        </h3>
-        <div className="grid grid-cols-2 md:grid-cols-3 lg:grid-cols-6 gap-2">
-          {quickLinks.map((link) => (
-            <button
-              key={link.path}
-              onClick={() => navigateTo(link.path)}
-              className="flex items-center gap-2 px-3 py-2 text-sm bg-slate-50 hover:bg-slate-100 border border-slate-200 rounded-lg transition-colors text-left"
-            >
-              <span>{link.icon}</span>
-              <span className="truncate">{link.name}</span>
-            </button>
-          ))}
-        </div>
-      </div>
-
-      {/* Toolbar */}
-      <div className="flex items-center justify-between bg-white border border-slate-200 rounded-xl p-3">
-        <div className="flex items-center gap-2">
-          <BookOpen className="w-5 h-5 text-slate-500" />
-          <span className="text-sm font-medium text-slate-700">
-            BreakPilot Compliance Dokumentation
-          </span>
-          <span className="text-xs text-slate-400">
-            (MkDocs Material)
-          </span>
-        </div>
-        <div className="flex items-center gap-2">
-          <button
-            onClick={refreshDocs}
-            className="p-2 text-slate-500 hover:text-slate-700 hover:bg-slate-100 rounded-lg transition-colors"
-            title="Aktualisieren"
-          >
-            <RefreshCw className={`w-4 h-4 ${isLoading ? 'animate-spin' : ''}`} />
-          </button>
-          <button
-            onClick={openInNewTab}
-            className="p-2 text-slate-500 hover:text-slate-700 hover:bg-slate-100 rounded-lg transition-colors"
-            title="In neuem Tab oeffnen"
-          >
-            <ExternalLink className="w-4 h-4" />
-          </button>
-          <button
-            onClick={toggleFullscreen}
-            className="p-2 text-slate-500 hover:text-slate-700 hover:bg-slate-100 rounded-lg transition-colors"
-            title="Vollbild"
-          >
-            <Maximize2 className="w-4 h-4" />
-          </button>
-        </div>
-      </div>
-
-      {/* Documentation Iframe */}
-      <div className="relative bg-white border border-slate-200 rounded-xl overflow-hidden" style={{ height: 'calc(100vh - 350px)', minHeight: '500px' }}>
-        {isLoading && (
-          <div className="absolute inset-0 bg-white flex items-center justify-center z-10">
-            <div className="flex flex-col items-center gap-3">
-              <div className="w-8 h-8 border-2 border-slate-300 border-t-slate-600 rounded-full animate-spin" />
-              <span className="text-sm text-slate-500">Dokumentation wird geladen...</span>
-            </div>
-          </div>
-        )}
-        <iframe
-          key={currentPath}
-          src={`${docsUrl}/${currentPath}`}
-          className="w-full h-full"
-          title="BreakPilot Compliance Documentation"
-          onLoad={handleIframeLoad}
-        />
-      </div>
-
-      {/* Info Box */}
-      <div className="bg-slate-50 border border-slate-200 rounded-xl p-4">
-        <div className="flex items-start gap-3">
-          <div className="p-2 bg-slate-200 rounded-lg">
-            <ArrowRight className="w-4 h-4 text-slate-600" />
-          </div>
-          <div>
-            <h4 className="font-medium text-slate-800">Dokumentation bearbeiten</h4>
-            <p className="text-sm text-slate-600 mt-1">
-              Die Dokumentation befindet sich im Repository unter <code className="text-xs bg-slate-200 px-1.5 py-0.5 rounded">docs-src/</code>.
-              Nach Aenderungen muss der Docs-Container neu gebaut werden:
-            </p>
-            <div className="mt-2 text-xs text-slate-500 font-mono bg-slate-100 p-2 rounded">
-              docker compose --profile docs build docs && docker compose --profile docs up -d docs
-            </div>
-          </div>
-        </div>
-      </div>
-    </div>
-  )
-}

admin-compliance/app/(admin)/development/screen-flow/page.tsx

@@ -1,622 +0,0 @@
-'use client'
-
-/**
- * Screen Flow Visualization - Compliance SDK
- *
- * Visualisiert alle Screens aus:
- * - Admin Compliance (Port 3007): Verwaltung
- * - SDK Pipeline: Compliance-Module
- */
-
-import { useCallback, useState, useMemo, useEffect } from 'react'
-import ReactFlow, {
-  Node,
-  Edge,
-  Controls,
-  Background,
-  MiniMap,
-  useNodesState,
-  useEdgesState,
-  BackgroundVariant,
-  MarkerType,
-  Panel,
-} from 'reactflow'
-import 'reactflow/dist/style.css'
-
-// ============================================
-// TYPES
-// ============================================
-
-interface ScreenDefinition {
-  id: string
-  name: string
-  description: string
-  category: string
-  icon: string
-  url?: string
-}
-
-interface ConnectionDef {
-  source: string
-  target: string
-  label?: string
-}
-
-// ============================================
-// ADMIN COMPLIANCE SCREENS (Port 3007)
-// ============================================
-
-const SCREENS: ScreenDefinition[] = [
-  // === DASHBOARD & VERWALTUNG (Blue) ===
-  { id: 'dashboard', name: 'Dashboard', description: 'Uebersicht & Statistiken', category: 'dashboard', icon: '🏠', url: '/dashboard' },
-  { id: 'catalog-manager', name: 'Katalogverwaltung', description: 'SDK-Kataloge & Auswahltabellen', category: 'dashboard', icon: '📦', url: '/dashboard/catalog-manager' },
-
-  // === DSGVO-GRUNDLAGEN (Violet) ===
-  { id: 'vvt', name: 'VVT', description: 'Verarbeitungsverzeichnis Art. 30', category: 'dsgvo', icon: '📋', url: '/sdk/vvt' },
-  { id: 'dsfa', name: 'DSFA', description: 'Datenschutz-Folgenabschaetzung', category: 'dsgvo', icon: '⚖️', url: '/sdk/dsfa' },
-  { id: 'tom', name: 'TOMs', description: 'Technische & Org. Massnahmen', category: 'dsgvo', icon: '🛡️', url: '/sdk/tom' },
-  { id: 'tom-generator', name: 'TOM Generator', description: 'TOM-Erstellung mit Wizard', category: 'dsgvo', icon: '⚙️', url: '/sdk/tom-generator' },
-  { id: 'loeschfristen', name: 'Loeschfristen', description: 'Aufbewahrung & Deadlines', category: 'dsgvo', icon: '🗑️', url: '/sdk/loeschfristen' },
-  { id: 'einwilligungen', name: 'Einwilligungen', description: 'Nutzer-Consent Uebersicht', category: 'dsgvo', icon: '✅', url: '/sdk/einwilligungen' },
-  { id: 'dsr', name: 'Datenschutzanfragen', description: 'DSGVO Art. 15-21 (DSR)', category: 'dsgvo', icon: '🔒', url: '/sdk/dsr' },
-  { id: 'consent', name: 'Consent Verwaltung', description: 'Rechtliche Dokumente & Versionen', category: 'dsgvo', icon: '📄', url: '/sdk/consent' },
-  { id: 'consent-management', name: 'Consent Management', description: 'Einwilligungsmanagement', category: 'dsgvo', icon: '📝', url: '/sdk/consent-management' },
-
-  // === COMPLIANCE-MANAGEMENT (Purple) ===
-  { id: 'compliance-hub', name: 'Compliance Hub', description: 'Zentrales GRC Dashboard', category: 'compliance', icon: '✅', url: '/sdk/compliance-hub' },
-  { id: 'compliance-scope', name: 'Compliance Scope', description: 'Geltungsbereich definieren', category: 'compliance', icon: '🎯', url: '/sdk/compliance-scope' },
-  { id: 'requirements', name: 'Requirements', description: '558+ aus 19 Verordnungen', category: 'compliance', icon: '📜', url: '/sdk/requirements' },
-  { id: 'controls', name: 'Controls', description: '474 Control-Mappings', category: 'compliance', icon: '🎛️', url: '/sdk/controls' },
-  { id: 'evidence', name: 'Evidence', description: 'Nachweise & Dokumentation', category: 'compliance', icon: '📎', url: '/sdk/evidence' },
-  { id: 'risks', name: 'Risiken', description: 'Risk Matrix & Register', category: 'compliance', icon: '⚠️', url: '/sdk/risks' },
-  { id: 'audit-checklist', name: 'Audit Checkliste', description: '476 Anforderungen pruefen', category: 'compliance', icon: '📋', url: '/sdk/audit-checklist' },
-  { id: 'audit-report', name: 'Audit Report', description: 'PDF Audit-Berichte', category: 'compliance', icon: '📊', url: '/sdk/audit-report' },
-  { id: 'workflow', name: 'Workflow', description: 'Freigabe-Workflows', category: 'compliance', icon: '🔄', url: '/sdk/workflow' },
-  { id: 'modules', name: 'Service Registry', description: '30+ Service-Module', category: 'compliance', icon: '🔧', url: '/sdk/modules' },
-
-  // === KI & AUTOMATISIERUNG (Teal) ===
-  { id: 'ai-act', name: 'EU-AI-Act', description: 'KI-Risikoklassifizierung', category: 'ai', icon: '🤖', url: '/sdk/ai-act' },
-  { id: 'screening', name: 'Screening', description: 'Compliance-Screening & Pruefung', category: 'ai', icon: '🔍', url: '/sdk/screening' },
-  { id: 'rag', name: 'Daten & RAG', description: 'Training Data & RAG', category: 'ai', icon: '🗄️', url: '/sdk/rag' },
-  { id: 'quality', name: 'Qualitaet & Audit', description: 'Compliance-Audit & Traceability', category: 'ai', icon: '✨', url: '/sdk/quality' },
-  { id: 'advisory-board', name: 'Advisory Board', description: 'KI-Use-Case Pruefung', category: 'ai', icon: '🧑‍⚖️', url: '/sdk/advisory-board' },
-  { id: 'obligations', name: 'Pflichten', description: 'NIS2, DSGVO, AI Act', category: 'ai', icon: '⚡', url: '/sdk/obligations' },
-  { id: 'escalations', name: 'Eskalations-Queue', description: 'DSB Review & Freigabe', category: 'ai', icon: '🚨', url: '/sdk/escalations' },
-
-  // === DOKUMENTE & LEGAL (Orange) ===
-  { id: 'document-generator', name: 'Document Generator', description: 'Datenschutz-Dokumente erstellen', category: 'documents', icon: '📄', url: '/sdk/document-generator' },
-  { id: 'notfallplan', name: 'Notfallplan', description: 'Incident Response Plan', category: 'documents', icon: '🚨', url: '/sdk/notfallplan' },
-  { id: 'source-policy', name: 'Quellen-Policy', description: 'Datenquellen & Compliance', category: 'documents', icon: '📚', url: '/sdk/source-policy' },
-  { id: 'cookie-banner', name: 'Cookie-Banner', description: 'Cookie Consent Builder', category: 'documents', icon: '🍪', url: '/sdk/cookie-banner' },
-  { id: 'company-profile', name: 'Unternehmensprofil', description: 'Firmen-Stammdaten', category: 'documents', icon: '🏢', url: '/sdk/company-profile' },
-  { id: 'security-backlog', name: 'Security Backlog', description: 'Sicherheits-Massnahmen Tracking', category: 'documents', icon: '🔐', url: '/sdk/security-backlog' },
-
-  // === VENDOR & EXTERN (Green) ===
-  { id: 'vendor-compliance', name: 'Vendor Compliance', description: 'Lieferanten-Management', category: 'vendor', icon: '🏭', url: '/sdk/vendor-compliance' },
-  { id: 'vendor-vendors', name: 'Vendor-Liste', description: 'Lieferanten-Uebersicht', category: 'vendor', icon: '📋', url: '/sdk/vendor-compliance/vendors' },
-  { id: 'vendor-contracts', name: 'Vertraege', description: 'AVV & Vertragsmanagement', category: 'vendor', icon: '📝', url: '/sdk/vendor-compliance/contracts' },
-  { id: 'vendor-controls', name: 'Vendor Controls', description: 'Lieferanten-Kontrollen', category: 'vendor', icon: '🎛️', url: '/sdk/vendor-compliance/controls' },
-  { id: 'vendor-risks', name: 'Vendor Risiken', description: 'Lieferanten-Risikobewertung', category: 'vendor', icon: '⚠️', url: '/sdk/vendor-compliance/risks' },
-  { id: 'vendor-processing', name: 'Verarbeitungen', description: 'Auftragsverarbeitung', category: 'vendor', icon: '🔄', url: '/sdk/vendor-compliance/processing-activities' },
-  { id: 'vendor-reports', name: 'Vendor Reports', description: 'Lieferanten-Berichte', category: 'vendor', icon: '📊', url: '/sdk/vendor-compliance/reports' },
-  { id: 'dsms', name: 'DSMS', description: 'Datenschutz-Management-System', category: 'vendor', icon: '🏛️', url: '/sdk/dsms' },
-  { id: 'import', name: 'Import', description: 'Daten-Import', category: 'vendor', icon: '📥', url: '/sdk/import' },
-
-  // === ENTWICKLUNG (Slate) ===
-  { id: 'dev-docs', name: 'Developer Docs', description: 'API & Architektur', category: 'development', icon: '📖', url: '/development/docs' },
-  { id: 'dev-screen-flow', name: 'Screen Flow', description: 'UI Screen-Verbindungen', category: 'development', icon: '🔀', url: '/development/screen-flow' },
-  { id: 'dev-brandbook', name: 'Brandbook', description: 'Corporate Design', category: 'development', icon: '🎨', url: '/development/brandbook' },
-]
-
-const CONNECTIONS: ConnectionDef[] = [
-  // === DASHBOARD FLOW ===
-  { source: 'dashboard', target: 'catalog-manager', label: 'Kataloge' },
-  { source: 'dashboard', target: 'compliance-hub', label: 'Compliance' },
-  { source: 'dashboard', target: 'vvt', label: 'VVT' },
-
-  // === DSGVO FLOW ===
-  { source: 'consent-management', target: 'einwilligungen', label: 'Nutzer' },
-  { source: 'consent-management', target: 'dsr' },
-  { source: 'consent', target: 'consent-management' },
-  { source: 'consent', target: 'cookie-banner' },
-  { source: 'dsr', target: 'loeschfristen' },
-  { source: 'vvt', target: 'tom' },
-  { source: 'vvt', target: 'dsfa' },
-  { source: 'dsfa', target: 'tom' },
-  { source: 'tom', target: 'tom-generator', label: 'Wizard' },
-  { source: 'einwilligungen', target: 'consent' },
-  { source: 'einwilligungen', target: 'loeschfristen' },
-
-  // === COMPLIANCE FLOW ===
-  { source: 'compliance-hub', target: 'audit-checklist', label: 'Audit' },
-  { source: 'compliance-hub', target: 'requirements', label: 'Anforderungen' },
-  { source: 'compliance-hub', target: 'risks', label: 'Risiken' },
-  { source: 'compliance-hub', target: 'ai-act', label: 'AI Act' },
-  { source: 'compliance-hub', target: 'compliance-scope' },
-  { source: 'requirements', target: 'controls' },
-  { source: 'controls', target: 'evidence' },
-  { source: 'audit-checklist', target: 'audit-report', label: 'Report' },
-  { source: 'risks', target: 'controls' },
-  { source: 'modules', target: 'controls' },
-  { source: 'obligations', target: 'requirements' },
-  { source: 'dsms', target: 'workflow' },
-  { source: 'workflow', target: 'audit-report' },
-
-  // === KI & AUTOMATISIERUNG FLOW ===
-  { source: 'advisory-board', target: 'escalations', label: 'Eskalation' },
-  { source: 'advisory-board', target: 'dsfa', label: 'Risiko' },
-  { source: 'ai-act', target: 'screening' },
-  { source: 'screening', target: 'advisory-board' },
-  { source: 'source-policy', target: 'rag' },
-  { source: 'rag', target: 'quality' },
-
-  // === DOKUMENTE FLOW ===
-  { source: 'document-generator', target: 'notfallplan' },
-  { source: 'document-generator', target: 'audit-report' },
-  { source: 'security-backlog', target: 'tom' },
-  { source: 'company-profile', target: 'document-generator' },
-
-  // === VENDOR FLOW ===
-  { source: 'vendor-compliance', target: 'vendor-vendors' },
-  { source: 'vendor-compliance', target: 'vendor-contracts' },
-  { source: 'vendor-compliance', target: 'vendor-controls' },
-  { source: 'vendor-compliance', target: 'vendor-risks' },
-  { source: 'vendor-compliance', target: 'vendor-processing' },
-  { source: 'vendor-compliance', target: 'vendor-reports' },
-  { source: 'vendor-vendors', target: 'vendor-contracts' },
-  { source: 'vendor-risks', target: 'risks' },
-  { source: 'dsms', target: 'compliance-hub' },
-  { source: 'import', target: 'catalog-manager' },
-
-  // === ENTWICKLUNG FLOW ===
-  { source: 'dev-brandbook', target: 'dev-screen-flow' },
-  { source: 'dev-docs', target: 'dev-brandbook' },
-]
-
-// ============================================
-// CATEGORY COLORS & LABELS
-// ============================================
-
-const COLORS: Record<string, { bg: string; border: string; text: string }> = {
-  dashboard: { bg: '#dbeafe', border: '#3b82f6', text: '#1e40af' },
-  dsgvo: { bg: '#ede9fe', border: '#7c3aed', text: '#5b21b6' },
-  compliance: { bg: '#f3e8ff', border: '#9333ea', text: '#6b21a8' },
-  ai: { bg: '#ccfbf1', border: '#14b8a6', text: '#0f766e' },
-  documents: { bg: '#ffedd5', border: '#f97316', text: '#c2410c' },
-  vendor: { bg: '#dcfce7', border: '#22c55e', text: '#166534' },
-  development: { bg: '#f1f5f9', border: '#64748b', text: '#334155' },
-}
-
-const LABELS: Record<string, string> = {
-  dashboard: 'Dashboard & Verwaltung',
-  dsgvo: 'DSGVO-Grundlagen',
-  compliance: 'Compliance-Management',
-  ai: 'KI & Automatisierung',
-  documents: 'Dokumente & Legal',
-  vendor: 'Vendor & Extern',
-  development: 'Entwicklung',
-}
-
-// ============================================
-// HELPER: Find all connected nodes
-// ============================================
-
-function findConnectedNodes(
-  startNodeId: string,
-  connections: ConnectionDef[],
-  direction: 'children' | 'parents' | 'both' = 'children'
-): Set<string> {
-  const connected = new Set<string>()
-  connected.add(startNodeId)
-
-  const queue = [startNodeId]
-  while (queue.length > 0) {
-    const current = queue.shift()!
-
-    connections.forEach(conn => {
-      if ((direction === 'children' || direction === 'both') && conn.source === current) {
-        if (!connected.has(conn.target)) {
-          connected.add(conn.target)
-          queue.push(conn.target)
-        }
-      }
-      if ((direction === 'parents' || direction === 'both') && conn.target === current) {
-        if (!connected.has(conn.source)) {
-          connected.add(conn.source)
-          queue.push(conn.source)
-        }
-      }
-    })
-  }
-
-  return connected
-}
-
-// ============================================
-// LAYOUT HELPERS
-// ============================================
-
-const CATEGORY_POSITIONS: Record<string, { x: number; y: number }> = {
-  dashboard: { x: 400, y: 30 },
-  dsgvo: { x: 50, y: 150 },
-  compliance: { x: 700, y: 150 },
-  ai: { x: 50, y: 380 },
-  documents: { x: 400, y: 380 },
-  vendor: { x: 700, y: 380 },
-  development: { x: 400, y: 580 },
-}
-
-const getNodePosition = (id: string, category: string) => {
-  const base = CATEGORY_POSITIONS[category] || { x: 400, y: 300 }
-  const categoryScreens = SCREENS.filter(s => s.category === category)
-  const categoryIndex = categoryScreens.findIndex(s => s.id === id)
-
-  const cols = Math.ceil(Math.sqrt(categoryScreens.length + 1))
-  const row = Math.floor(categoryIndex / cols)
-  const col = categoryIndex % cols
-
-  return {
-    x: base.x + col * 160,
-    y: base.y + row * 90,
-  }
-}
-
-// ============================================
-// MAIN COMPONENT
-// ============================================
-
-export default function ScreenFlowPage() {
-  const [selectedCategory, setSelectedCategory] = useState<string | null>(null)
-  const [selectedNode, setSelectedNode] = useState<string | null>(null)
-  const [previewScreen, setPreviewScreen] = useState<ScreenDefinition | null>(null)
-
-  const baseUrl = 'https://macmini:3007'
-
-  // Calculate connected nodes
-  const connectedNodes = useMemo(() => {
-    if (!selectedNode) return new Set<string>()
-    return findConnectedNodes(selectedNode, CONNECTIONS, 'children')
-  }, [selectedNode])
-
-  // Create nodes with useMemo
-  const initialNodes = useMemo((): Node[] => {
-    return SCREENS.map((screen) => {
-      const catColors = COLORS[screen.category] || { bg: '#f1f5f9', border: '#94a3b8', text: '#475569' }
-      const position = getNodePosition(screen.id, screen.category)
-
-      let opacity = 1
-      if (selectedNode) {
-        opacity = connectedNodes.has(screen.id) ? 1 : 0.2
-      } else if (selectedCategory) {
-        opacity = screen.category === selectedCategory ? 1 : 0.2
-      }
-
-      const isSelected = selectedNode === screen.id
-
-      return {
-        id: screen.id,
-        type: 'default',
-        position,
-        data: {
-          label: (
-            <div className="text-center p-1">
-              <div className="text-lg mb-1">{screen.icon}</div>
-              <div className="font-medium text-xs leading-tight">{screen.name}</div>
-            </div>
-          ),
-        },
-        style: {
-          background: isSelected ? catColors.border : catColors.bg,
-          color: isSelected ? 'white' : catColors.text,
-          border: `2px solid ${catColors.border}`,
-          borderRadius: '12px',
-          padding: '6px',
-          minWidth: '110px',
-          opacity,
-          cursor: 'pointer',
-          boxShadow: isSelected ? `0 0 20px ${catColors.border}` : 'none',
-        },
-      }
-    })
-  }, [selectedCategory, selectedNode, connectedNodes])
-
-  // Create edges with useMemo
-  const initialEdges = useMemo((): Edge[] => {
-    return CONNECTIONS.map((conn, index) => {
-      const isHighlighted = selectedNode && (conn.source === selectedNode || conn.target === selectedNode)
-      const isInSubtree = selectedNode && connectedNodes.has(conn.source) && connectedNodes.has(conn.target)
-
-      return {
-        id: `e-${conn.source}-${conn.target}-${index}`,
-        source: conn.source,
-        target: conn.target,
-        label: conn.label,
-        type: 'smoothstep',
-        animated: isHighlighted || false,
-        style: {
-          stroke: isHighlighted ? '#3b82f6' : (isInSubtree ? '#94a3b8' : '#e2e8f0'),
-          strokeWidth: isHighlighted ? 3 : 1.5,
-          opacity: selectedNode ? (isInSubtree ? 1 : 0.15) : 1,
-        },
-        labelStyle: { fontSize: 9, fill: '#64748b' },
-        labelBgStyle: { fill: '#f8fafc' },
-        markerEnd: { type: MarkerType.ArrowClosed, color: isHighlighted ? '#3b82f6' : '#94a3b8', width: 15, height: 15 },
-      }
-    })
-  }, [selectedNode, connectedNodes])
-
-  const [nodes, setNodes, onNodesChange] = useNodesState([])
-  const [edges, setEdges, onEdgesChange] = useEdgesState([])
-
-  // Update nodes/edges when dependencies change
-  useEffect(() => {
-    setNodes(initialNodes)
-    setEdges(initialEdges)
-  }, [initialNodes, initialEdges, setNodes, setEdges])
-
-  // Handle node click
-  const onNodeClick = useCallback((_event: React.MouseEvent, node: Node) => {
-    const screen = SCREENS.find(s => s.id === node.id)
-
-    if (selectedNode === node.id) {
-      if (screen?.url) {
-        window.open(`${baseUrl}${screen.url}`, '_blank')
-      }
-      return
-    }
-
-    setSelectedNode(node.id)
-    setSelectedCategory(null)
-
-    if (screen) {
-      setPreviewScreen(screen)
-    }
-  }, [selectedNode, baseUrl])
-
-  // Handle background click - deselect
-  const onPaneClick = useCallback(() => {
-    setSelectedNode(null)
-    setPreviewScreen(null)
-  }, [])
-
-  // Stats
-  const stats = {
-    totalScreens: SCREENS.length,
-    totalConnections: CONNECTIONS.length,
-    connectedCount: connectedNodes.size,
-  }
-
-  const categories = Object.keys(LABELS)
-
-  // Connected screens list
-  const connectedScreens = selectedNode
-    ? SCREENS.filter(s => connectedNodes.has(s.id))
-    : []
-
-  return (
-    <div className="space-y-6">
-      {/* Header */}
-      <div className="bg-white rounded-xl border border-slate-200 p-6 shadow-sm">
-        <div className="flex items-center gap-4">
-          <div className="w-14 h-14 rounded-xl bg-violet-500 flex items-center justify-center text-2xl text-white">
-            🔀
-          </div>
-          <div>
-            <h2 className="text-xl font-bold text-slate-900">Compliance SDK Screen Flow</h2>
-            <p className="text-sm text-slate-500">
-              {stats.totalScreens} Screens mit {stats.totalConnections} Verbindungen
-            </p>
-          </div>
-        </div>
-      </div>
-
-      {/* Stats */}
-      <div className="grid grid-cols-4 gap-4">
-        <div className="bg-white rounded-xl border border-slate-200 p-4 shadow-sm">
-          <div className="text-3xl font-bold text-slate-800">{stats.totalScreens}</div>
-          <div className="text-sm text-slate-500">Screens</div>
-        </div>
-        <div className="bg-white rounded-xl border border-slate-200 p-4 shadow-sm">
-          <div className="text-3xl font-bold text-violet-600">{stats.totalConnections}</div>
-          <div className="text-sm text-slate-500">Verbindungen</div>
-        </div>
-        <div className="bg-white rounded-xl border border-slate-200 p-4 shadow-sm col-span-2">
-          {selectedNode ? (
-            <div className="flex items-center gap-3">
-              <div className="text-3xl">{previewScreen?.icon}</div>
-              <div>
-                <div className="font-bold text-slate-800">{previewScreen?.name}</div>
-                <div className="text-sm text-slate-500">
-                  {stats.connectedCount} verbundene Screen{stats.connectedCount !== 1 ? 's' : ''}
-                </div>
-              </div>
-              <button
-                onClick={() => {
-                  setSelectedNode(null)
-                  setPreviewScreen(null)
-                }}
-                className="ml-auto px-3 py-1 text-sm bg-slate-100 hover:bg-slate-200 rounded-lg"
-              >
-                Zuruecksetzen
-              </button>
-            </div>
-          ) : (
-            <div className="text-slate-500 text-sm">
-              Klicke auf einen Screen um den Subtree zu sehen
-            </div>
-          )}
-        </div>
-      </div>
-
-      {/* Category Filter */}
-      <div className="bg-white rounded-xl border border-slate-200 p-4 shadow-sm">
-        <div className="flex flex-wrap gap-2">
-          <button
-            onClick={() => {
-              setSelectedCategory(null)
-              setSelectedNode(null)
-              setPreviewScreen(null)
-            }}
-            className={`px-4 py-2 rounded-lg text-sm font-medium transition-colors ${
-              selectedCategory === null && !selectedNode
-                ? 'bg-slate-800 text-white'
-                : 'bg-slate-100 text-slate-700 hover:bg-slate-200'
-            }`}
-          >
-            Alle ({SCREENS.length})
-          </button>
-          {categories.map((key) => {
-            const count = SCREENS.filter(s => s.category === key).length
-            const catColors = COLORS[key] || { bg: '#f1f5f9', border: '#94a3b8', text: '#475569' }
-            return (
-              <button
-                key={key}
-                onClick={() => {
-                  setSelectedCategory(selectedCategory === key ? null : key)
-                  setSelectedNode(null)
-                  setPreviewScreen(null)
-                }}
-                className="px-4 py-2 rounded-lg text-sm font-medium transition-all flex items-center gap-2"
-                style={{
-                  background: selectedCategory === key ? catColors.border : catColors.bg,
-                  color: selectedCategory === key ? 'white' : catColors.text,
-                }}
-              >
-                <span className="w-3 h-3 rounded-full" style={{ background: catColors.border }} />
-                {LABELS[key]} ({count})
-              </button>
-            )
-          })}
-        </div>
-      </div>
-
-      {/* Connected Screens List */}
-      {selectedNode && connectedScreens.length > 1 && (
-        <div className="bg-white rounded-xl border border-slate-200 p-4 shadow-sm">
-          <div className="text-sm font-medium text-slate-700 mb-3">Verbundene Screens:</div>
-          <div className="flex flex-wrap gap-2">
-            {connectedScreens.map((screen) => {
-              const catColors = COLORS[screen.category] || { bg: '#f1f5f9', border: '#94a3b8', text: '#475569' }
-              const isCurrentNode = screen.id === selectedNode
-              return (
-                <button
-                  key={screen.id}
-                  onClick={() => {
-                    if (screen.url) {
-                      window.open(`${baseUrl}${screen.url}`, '_blank')
-                    }
-                  }}
-                  className={`px-3 py-2 rounded-lg text-sm font-medium transition-all flex items-center gap-2 ${
-                    isCurrentNode ? 'ring-2 ring-violet-500' : ''
-                  }`}
-                  style={{
-                    background: isCurrentNode ? catColors.border : catColors.bg,
-                    color: isCurrentNode ? 'white' : catColors.text,
-                  }}
-                >
-                  <span>{screen.icon}</span>
-                  {screen.name}
-                </button>
-              )
-            })}
-          </div>
-        </div>
-      )}
-
-      {/* Flow Diagram */}
-      <div className="bg-white rounded-xl border border-slate-200 shadow-sm overflow-hidden" style={{ height: '500px' }}>
-        <ReactFlow
-          nodes={nodes}
-          edges={edges}
-          onNodesChange={onNodesChange}
-          onEdgesChange={onEdgesChange}
-          onNodeClick={onNodeClick}
-          onPaneClick={onPaneClick}
-          fitView
-          fitViewOptions={{ padding: 0.2 }}
-          attributionPosition="bottom-left"
-        >
-          <Controls />
-          <MiniMap
-            nodeColor={(node) => {
-              const screen = SCREENS.find(s => s.id === node.id)
-              const catColors = screen ? COLORS[screen.category] : null
-              return catColors?.border || '#94a3b8'
-            }}
-            maskColor="rgba(0, 0, 0, 0.1)"
-          />
-          <Background variant={BackgroundVariant.Dots} gap={12} size={1} />
-
-          <Panel position="top-left" className="bg-white/95 p-3 rounded-lg shadow-lg text-xs">
-            <div className="font-medium text-slate-700 mb-2">
-              🛡️ Compliance SDK
-            </div>
-            <div className="space-y-1">
-              {categories.slice(0, 5).map((key) => {
-                const catColors = COLORS[key] || { bg: '#f1f5f9', border: '#94a3b8' }
-                return (
-                  <div key={key} className="flex items-center gap-2">
-                    <span
-                      className="w-3 h-3 rounded"
-                      style={{ background: catColors.bg, border: `1px solid ${catColors.border}` }}
-                    />
-                    <span className="text-slate-600">{LABELS[key]}</span>
-                  </div>
-                )
-              })}
-            </div>
-            <div className="mt-2 pt-2 border-t text-slate-400">
-              Klick = Subtree<br/>
-              Doppelklick = Oeffnen
-            </div>
-          </Panel>
-        </ReactFlow>
-      </div>
-
-      {/* Screen List */}
-      <div className="bg-white rounded-xl border border-slate-200 shadow-sm overflow-hidden">
-        <div className="px-4 py-3 bg-slate-50 border-b flex items-center justify-between">
-          <h3 className="font-medium text-slate-700">
-            Alle Screens ({SCREENS.length})
-          </h3>
-          <span className="text-xs text-slate-400">{baseUrl}</span>
-        </div>
-        <div className="divide-y max-h-80 overflow-y-auto">
-          {SCREENS
-            .filter(s => !selectedCategory || s.category === selectedCategory)
-            .map((screen) => {
-              const catColors = COLORS[screen.category] || { bg: '#f1f5f9', border: '#94a3b8', text: '#475569' }
-              return (
-                <button
-                  key={screen.id}
-                  onClick={() => {
-                    setSelectedNode(screen.id)
-                    setSelectedCategory(null)
-                    setPreviewScreen(screen)
-                  }}
-                  className="w-full flex items-center gap-4 p-3 hover:bg-slate-50 transition-colors text-left"
-                >
-                  <span
-                    className="w-9 h-9 rounded-lg flex items-center justify-center text-lg"
-                    style={{ background: catColors.bg }}
-                  >
-                    {screen.icon}
-                  </span>
-                  <div className="flex-1 min-w-0">
-                    <div className="font-medium text-slate-800 text-sm">{screen.name}</div>
-                    <div className="text-xs text-slate-500 truncate">{screen.description}</div>
-                  </div>
-                  <span
-                    className="px-2 py-1 rounded text-xs font-medium shrink-0"
-                    style={{ background: catColors.bg, color: catColors.text }}
-                  >
-                    {LABELS[screen.category]}
-                  </span>
-                </button>
-              )
-            })}
-        </div>
-      </div>
-    </div>
-  )
-}

admin-compliance/app/(admin)/layout.tsx

@@ -1,61 +0,0 @@
-'use client'
-
-import { useEffect, useState } from 'react'
-import { useRouter } from 'next/navigation'
-import { Sidebar } from '@/components/layout/Sidebar'
-import { Header } from '@/components/layout/Header'
-import { Breadcrumbs } from '@/components/common/Breadcrumbs'
-import { getStoredRole } from '@/lib/roles'
-
-export default function AdminLayout({
-  children,
-}: {
-  children: React.ReactNode
-}) {
-  const router = useRouter()
-  const [sidebarKey, setSidebarKey] = useState(0)
-  const [loading, setLoading] = useState(true)
-
-  useEffect(() => {
-    // Check if role is stored
-    const role = getStoredRole()
-    if (!role) {
-      // Redirect to role selection
-      router.replace('/')
-    } else {
-      setLoading(false)
-    }
-  }, [router])
-
-  const handleRoleChange = () => {
-    // Force sidebar to re-render
-    setSidebarKey(prev => prev + 1)
-  }
-
-  if (loading) {
-    return (
-      <div className="min-h-screen bg-slate-50 flex items-center justify-center">
-        <div className="animate-spin rounded-full h-12 w-12 border-b-2 border-primary-600"></div>
-      </div>
-    )
-  }
-
-  return (
-    <div className="min-h-screen bg-slate-50 flex">
-      {/* Sidebar */}
-      <Sidebar key={sidebarKey} onRoleChange={handleRoleChange} />
-
-      {/* Main Content */}
-      <div className="flex-1 ml-64 transition-all duration-300">
-        {/* Header */}
-        <Header />
-
-        {/* Page Content */}
-        <main className="p-6">
-          <Breadcrumbs />
-          {children}
-        </main>
-      </div>
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/advisory-board/page.tsx

@@ -1,667 +0,0 @@
-'use client'
-
-import React, { useState } from 'react'
-import Link from 'next/link'
-import { useSDK, UseCaseAssessment } from '@/lib/sdk'
-
-// =============================================================================
-// WIZARD STEPS
-// =============================================================================
-
-const WIZARD_STEPS = [
-  { id: 1, name: 'Grunddaten', description: 'Name und Beschreibung des Use Cases' },
-  { id: 2, name: 'Datenkategorien', description: 'Welche Daten werden verarbeitet?' },
-  { id: 3, name: 'Technologie', description: 'Eingesetzte KI-Technologien' },
-  { id: 4, name: 'Risikobewertung', description: 'Erste Risikoeinschätzung' },
-  { id: 5, name: 'Zusammenfassung', description: 'Überprüfung und Abschluss' },
-]
-
-// =============================================================================
-// USE CASE CARD
-// =============================================================================
-
-function UseCaseCard({
-  useCase,
-  isActive,
-  onSelect,
-  onDelete,
-}: {
-  useCase: UseCaseAssessment
-  isActive: boolean
-  onSelect: () => void
-  onDelete: () => void
-}) {
-  const completionPercent = Math.round((useCase.stepsCompleted / 5) * 100)
-
-  return (
-    <div
-      className={`relative bg-white rounded-xl border-2 p-6 transition-all cursor-pointer ${
-        isActive ? 'border-purple-500 shadow-lg' : 'border-gray-200 hover:border-purple-300'
-      }`}
-      onClick={onSelect}
-    >
-      {/* Delete Button */}
-      <button
-        onClick={e => {
-          e.stopPropagation()
-          onDelete()
-        }}
-        className="absolute top-4 right-4 p-1 text-gray-400 hover:text-red-500 transition-colors"
-      >
-        <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-          <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
-        </svg>
-      </button>
-
-      <div className="flex items-start gap-4">
-        <div
-          className={`w-12 h-12 rounded-xl flex items-center justify-center ${
-            completionPercent === 100
-              ? 'bg-green-100 text-green-600'
-              : 'bg-purple-100 text-purple-600'
-          }`}
-        >
-          {completionPercent === 100 ? (
-            <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M5 13l4 4L19 7" />
-            </svg>
-          ) : (
-            <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2" />
-            </svg>
-          )}
-        </div>
-        <div className="flex-1 min-w-0">
-          <h3 className="text-lg font-semibold text-gray-900 truncate">{useCase.name}</h3>
-          <p className="text-sm text-gray-500 line-clamp-2">{useCase.description}</p>
-          <div className="mt-3">
-            <div className="flex items-center justify-between text-sm mb-1">
-              <span className="text-gray-500">Fortschritt</span>
-              <span className="font-medium">{completionPercent}%</span>
-            </div>
-            <div className="h-2 bg-gray-100 rounded-full overflow-hidden">
-              <div
-                className={`h-full rounded-full transition-all ${
-                  completionPercent === 100 ? 'bg-green-500' : 'bg-purple-600'
-                }`}
-                style={{ width: `${completionPercent}%` }}
-              />
-            </div>
-          </div>
-          {useCase.assessmentResult && (
-            <div className="mt-3 flex items-center gap-2">
-              <span
-                className={`px-2 py-1 text-xs rounded-full ${
-                  useCase.assessmentResult.riskLevel === 'CRITICAL'
-                    ? 'bg-red-100 text-red-700'
-                    : useCase.assessmentResult.riskLevel === 'HIGH'
-                    ? 'bg-orange-100 text-orange-700'
-                    : useCase.assessmentResult.riskLevel === 'MEDIUM'
-                    ? 'bg-yellow-100 text-yellow-700'
-                    : 'bg-green-100 text-green-700'
-                }`}
-              >
-                Risiko: {useCase.assessmentResult.riskLevel}
-              </span>
-              {useCase.assessmentResult.dsfaRequired && (
-                <span className="px-2 py-1 text-xs bg-purple-100 text-purple-700 rounded-full">
-                  DSFA erforderlich
-                </span>
-              )}
-            </div>
-          )}
-        </div>
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// WIZARD
-// =============================================================================
-
-interface WizardFormData {
-  name: string
-  description: string
-  category: string
-  dataCategories: string[]
-  processesPersonalData: boolean
-  specialCategories: boolean
-  aiTechnologies: string[]
-  dataVolume: string
-  riskLevel: string
-  notes: string
-}
-
-function UseCaseWizard({
-  onComplete,
-  onCancel,
-}: {
-  onComplete: (useCase: UseCaseAssessment) => void
-  onCancel: () => void
-}) {
-  const [currentStep, setCurrentStep] = useState(1)
-  const [formData, setFormData] = useState<WizardFormData>({
-    name: '',
-    description: '',
-    category: '',
-    dataCategories: [],
-    processesPersonalData: false,
-    specialCategories: false,
-    aiTechnologies: [],
-    dataVolume: 'medium',
-    riskLevel: 'medium',
-    notes: '',
-  })
-
-  const updateFormData = (updates: Partial<WizardFormData>) => {
-    setFormData(prev => ({ ...prev, ...updates }))
-  }
-
-  const handleNext = () => {
-    if (currentStep < 5) {
-      setCurrentStep(prev => prev + 1)
-    } else {
-      // Create use case
-      const newUseCase: UseCaseAssessment = {
-        id: `uc-${Date.now()}`,
-        name: formData.name,
-        description: formData.description,
-        category: formData.category,
-        stepsCompleted: 5,
-        steps: WIZARD_STEPS.map(s => ({
-          id: `step-${s.id}`,
-          name: s.name,
-          completed: true,
-          data: {},
-        })),
-        assessmentResult: {
-          riskLevel: formData.riskLevel as 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL',
-          applicableRegulations: ['DSGVO', 'AI Act'],
-          recommendedControls: ['Datenschutz-Folgenabschätzung', 'Technische Maßnahmen'],
-          dsfaRequired: formData.specialCategories || formData.riskLevel === 'HIGH',
-          aiActClassification: formData.aiTechnologies.length > 0 ? 'LIMITED' : 'MINIMAL',
-        },
-        createdAt: new Date(),
-        updatedAt: new Date(),
-      }
-      onComplete(newUseCase)
-    }
-  }
-
-  const handleBack = () => {
-    if (currentStep > 1) {
-      setCurrentStep(prev => prev - 1)
-    }
-  }
-
-  return (
-    <div className="bg-white rounded-xl border border-gray-200 overflow-hidden">
-      {/* Header */}
-      <div className="px-6 py-4 border-b border-gray-200 bg-gray-50">
-        <div className="flex items-center justify-between">
-          <h2 className="text-lg font-semibold text-gray-900">Neuer Use Case</h2>
-          <button onClick={onCancel} className="text-gray-400 hover:text-gray-600">
-            <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
-            </svg>
-          </button>
-        </div>
-        {/* Progress */}
-        <div className="mt-4 flex items-center gap-2">
-          {WIZARD_STEPS.map((step, index) => (
-            <React.Fragment key={step.id}>
-              <div
-                className={`w-8 h-8 rounded-full flex items-center justify-center text-sm font-medium ${
-                  step.id < currentStep
-                    ? 'bg-green-500 text-white'
-                    : step.id === currentStep
-                    ? 'bg-purple-600 text-white'
-                    : 'bg-gray-200 text-gray-500'
-                }`}
-              >
-                {step.id < currentStep ? (
-                  <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M5 13l4 4L19 7" />
-                  </svg>
-                ) : (
-                  step.id
-                )}
-              </div>
-              {index < WIZARD_STEPS.length - 1 && (
-                <div
-                  className={`flex-1 h-1 rounded ${
-                    step.id < currentStep ? 'bg-green-500' : 'bg-gray-200'
-                  }`}
-                />
-              )}
-            </React.Fragment>
-          ))}
-        </div>
-        <p className="mt-2 text-sm text-gray-500">
-          Schritt {currentStep}: {WIZARD_STEPS[currentStep - 1].description}
-        </p>
-      </div>
-
-      {/* Content */}
-      <div className="p-6">
-        {currentStep === 1 && (
-          <div className="space-y-4">
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Name des Use Cases *</label>
-              <input
-                type="text"
-                value={formData.name}
-                onChange={e => updateFormData({ name: e.target.value })}
-                placeholder="z.B. Marketing-KI für Kundensegmentierung"
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent"
-              />
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Beschreibung *</label>
-              <textarea
-                value={formData.description}
-                onChange={e => updateFormData({ description: e.target.value })}
-                placeholder="Beschreiben Sie den Anwendungsfall und den Geschäftszweck..."
-                rows={4}
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent"
-              />
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Kategorie</label>
-              <select
-                value={formData.category}
-                onChange={e => updateFormData({ category: e.target.value })}
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent"
-              >
-                <option value="">Kategorie wählen...</option>
-                <option value="marketing">Marketing & Vertrieb</option>
-                <option value="hr">Personal & HR</option>
-                <option value="finance">Finanzen & Controlling</option>
-                <option value="operations">Betrieb & Produktion</option>
-                <option value="customer">Kundenservice</option>
-                <option value="other">Sonstiges</option>
-              </select>
-            </div>
-          </div>
-        )}
-
-        {currentStep === 2 && (
-          <div className="space-y-4">
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-2">
-                Werden personenbezogene Daten verarbeitet?
-              </label>
-              <div className="flex items-center gap-4">
-                <label className="flex items-center gap-2">
-                  <input
-                    type="radio"
-                    checked={formData.processesPersonalData}
-                    onChange={() => updateFormData({ processesPersonalData: true })}
-                    className="w-4 h-4 text-purple-600"
-                  />
-                  <span>Ja</span>
-                </label>
-                <label className="flex items-center gap-2">
-                  <input
-                    type="radio"
-                    checked={!formData.processesPersonalData}
-                    onChange={() => updateFormData({ processesPersonalData: false })}
-                    className="w-4 h-4 text-purple-600"
-                  />
-                  <span>Nein</span>
-                </label>
-              </div>
-            </div>
-
-            {formData.processesPersonalData && (
-              <>
-                <div>
-                  <label className="block text-sm font-medium text-gray-700 mb-2">
-                    Welche Datenkategorien? (Mehrfachauswahl)
-                  </label>
-                  <div className="grid grid-cols-2 gap-2">
-                    {['Name/Kontakt', 'E-Mail', 'Adresse', 'Telefon', 'Geburtsdatum', 'Finanzdaten', 'Standort', 'Nutzungsverhalten'].map(
-                      cat => (
-                        <label key={cat} className="flex items-center gap-2 p-2 border rounded-lg hover:bg-gray-50">
-                          <input
-                            type="checkbox"
-                            checked={formData.dataCategories.includes(cat)}
-                            onChange={e => {
-                              if (e.target.checked) {
-                                updateFormData({ dataCategories: [...formData.dataCategories, cat] })
-                              } else {
-                                updateFormData({
-                                  dataCategories: formData.dataCategories.filter(c => c !== cat),
-                                })
-                              }
-                            }}
-                            className="w-4 h-4 text-purple-600"
-                          />
-                          <span className="text-sm">{cat}</span>
-                        </label>
-                      )
-                    )}
-                  </div>
-                </div>
-
-                <div>
-                  <label className="flex items-center gap-2">
-                    <input
-                      type="checkbox"
-                      checked={formData.specialCategories}
-                      onChange={e => updateFormData({ specialCategories: e.target.checked })}
-                      className="w-4 h-4 text-purple-600"
-                    />
-                    <span className="text-sm font-medium text-gray-700">
-                      Besondere Kategorien (Art. 9 DSGVO): Gesundheit, Biometrie, Religion, etc.
-                    </span>
-                  </label>
-                  {formData.specialCategories && (
-                    <p className="mt-2 text-sm text-amber-600 bg-amber-50 p-3 rounded-lg">
-                      Bei besonderen Kategorien ist eine DSFA in der Regel erforderlich!
-                    </p>
-                  )}
-                </div>
-              </>
-            )}
-          </div>
-        )}
-
-        {currentStep === 3 && (
-          <div className="space-y-4">
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-2">
-                Eingesetzte KI-Technologien (Mehrfachauswahl)
-              </label>
-              <div className="grid grid-cols-2 gap-2">
-                {[
-                  'Machine Learning',
-                  'Deep Learning',
-                  'Natural Language Processing',
-                  'Computer Vision',
-                  'Generative AI (LLM)',
-                  'Empfehlungssysteme',
-                  'Predictive Analytics',
-                  'Chatbots/Assistenten',
-                ].map(tech => (
-                  <label key={tech} className="flex items-center gap-2 p-2 border rounded-lg hover:bg-gray-50">
-                    <input
-                      type="checkbox"
-                      checked={formData.aiTechnologies.includes(tech)}
-                      onChange={e => {
-                        if (e.target.checked) {
-                          updateFormData({ aiTechnologies: [...formData.aiTechnologies, tech] })
-                        } else {
-                          updateFormData({
-                            aiTechnologies: formData.aiTechnologies.filter(t => t !== tech),
-                          })
-                        }
-                      }}
-                      className="w-4 h-4 text-purple-600"
-                    />
-                    <span className="text-sm">{tech}</span>
-                  </label>
-                ))}
-              </div>
-            </div>
-
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Erwartetes Datenvolumen</label>
-              <select
-                value={formData.dataVolume}
-                onChange={e => updateFormData({ dataVolume: e.target.value })}
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent"
-              >
-                <option value="small">Klein (&lt; 1.000 Datensätze)</option>
-                <option value="medium">Mittel (1.000 - 100.000 Datensätze)</option>
-                <option value="large">Groß (100.000 - 1 Mio. Datensätze)</option>
-                <option value="xlarge">Sehr groß (&gt; 1 Mio. Datensätze)</option>
-              </select>
-            </div>
-          </div>
-        )}
-
-        {currentStep === 4 && (
-          <div className="space-y-4">
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-2">
-                Erste Risikoeinschätzung
-              </label>
-              <div className="space-y-2">
-                {[
-                  { value: 'low', label: 'Niedrig', description: 'Keine personenbezogenen Daten, kein kritischer Einsatz' },
-                  { value: 'medium', label: 'Mittel', description: 'Personenbezogene Daten, aber kein kritischer Einsatz' },
-                  { value: 'high', label: 'Hoch', description: 'Besondere Kategorien oder automatisierte Entscheidungen' },
-                  { value: 'critical', label: 'Kritisch', description: 'Hochrisiko-KI nach AI Act' },
-                ].map(option => (
-                  <label
-                    key={option.value}
-                    className={`flex items-start gap-3 p-4 border rounded-lg cursor-pointer transition-colors ${
-                      formData.riskLevel === option.value
-                        ? 'border-purple-500 bg-purple-50'
-                        : 'hover:bg-gray-50'
-                    }`}
-                  >
-                    <input
-                      type="radio"
-                      checked={formData.riskLevel === option.value}
-                      onChange={() => updateFormData({ riskLevel: option.value })}
-                      className="mt-1 w-4 h-4 text-purple-600"
-                    />
-                    <div>
-                      <div className="font-medium">{option.label}</div>
-                      <div className="text-sm text-gray-500">{option.description}</div>
-                    </div>
-                  </label>
-                ))}
-              </div>
-            </div>
-
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Notizen</label>
-              <textarea
-                value={formData.notes}
-                onChange={e => updateFormData({ notes: e.target.value })}
-                placeholder="Zusätzliche Anmerkungen zur Risikobewertung..."
-                rows={3}
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent"
-              />
-            </div>
-          </div>
-        )}
-
-        {currentStep === 5 && (
-          <div className="space-y-6">
-            <div className="bg-gray-50 rounded-lg p-6">
-              <h3 className="text-lg font-semibold text-gray-900 mb-4">Zusammenfassung</h3>
-              <dl className="space-y-3">
-                <div className="flex justify-between">
-                  <dt className="text-gray-500">Name:</dt>
-                  <dd className="font-medium text-gray-900">{formData.name || '-'}</dd>
-                </div>
-                <div className="flex justify-between">
-                  <dt className="text-gray-500">Kategorie:</dt>
-                  <dd className="font-medium text-gray-900">{formData.category || '-'}</dd>
-                </div>
-                <div className="flex justify-between">
-                  <dt className="text-gray-500">Personenbezogene Daten:</dt>
-                  <dd className="font-medium text-gray-900">
-                    {formData.processesPersonalData ? 'Ja' : 'Nein'}
-                  </dd>
-                </div>
-                {formData.processesPersonalData && (
-                  <div className="flex justify-between">
-                    <dt className="text-gray-500">Datenkategorien:</dt>
-                    <dd className="font-medium text-gray-900">{formData.dataCategories.join(', ') || '-'}</dd>
-                  </div>
-                )}
-                <div className="flex justify-between">
-                  <dt className="text-gray-500">KI-Technologien:</dt>
-                  <dd className="font-medium text-gray-900">{formData.aiTechnologies.join(', ') || '-'}</dd>
-                </div>
-                <div className="flex justify-between">
-                  <dt className="text-gray-500">Risikostufe:</dt>
-                  <dd
-                    className={`font-medium px-2 py-0.5 rounded ${
-                      formData.riskLevel === 'critical'
-                        ? 'bg-red-100 text-red-700'
-                        : formData.riskLevel === 'high'
-                        ? 'bg-orange-100 text-orange-700'
-                        : formData.riskLevel === 'medium'
-                        ? 'bg-yellow-100 text-yellow-700'
-                        : 'bg-green-100 text-green-700'
-                    }`}
-                  >
-                    {formData.riskLevel.toUpperCase()}
-                  </dd>
-                </div>
-              </dl>
-            </div>
-
-            {(formData.specialCategories || formData.riskLevel === 'high' || formData.riskLevel === 'critical') && (
-              <div className="bg-amber-50 border border-amber-200 rounded-lg p-4">
-                <div className="flex items-start gap-3">
-                  <svg
-                    className="w-5 h-5 text-amber-600 mt-0.5"
-                    fill="none"
-                    stroke="currentColor"
-                    viewBox="0 0 24 24"
-                  >
-                    <path
-                      strokeLinecap="round"
-                      strokeLinejoin="round"
-                      strokeWidth={2}
-                      d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"
-                    />
-                  </svg>
-                  <div>
-                    <h4 className="font-medium text-amber-800">DSFA erforderlich</h4>
-                    <p className="text-sm text-amber-700 mt-1">
-                      Basierend auf Ihrer Eingabe wird eine Datenschutz-Folgenabschätzung empfohlen.
-                    </p>
-                  </div>
-                </div>
-              </div>
-            )}
-          </div>
-        )}
-      </div>
-
-      {/* Footer */}
-      <div className="px-6 py-4 border-t border-gray-200 bg-gray-50 flex items-center justify-between">
-        <button
-          onClick={currentStep === 1 ? onCancel : handleBack}
-          className="px-4 py-2 text-gray-600 hover:text-gray-900"
-        >
-          {currentStep === 1 ? 'Abbrechen' : 'Zurück'}
-        </button>
-        <button
-          onClick={handleNext}
-          disabled={currentStep === 1 && !formData.name}
-          className={`px-6 py-2 rounded-lg font-medium transition-colors ${
-            currentStep === 1 && !formData.name
-              ? 'bg-gray-200 text-gray-400 cursor-not-allowed'
-              : 'bg-purple-600 text-white hover:bg-purple-700'
-          }`}
-        >
-          {currentStep === 5 ? 'Abschließen' : 'Weiter'}
-        </button>
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-export default function AdvisoryBoardPage() {
-  const { state, dispatch } = useSDK()
-  const [showWizard, setShowWizard] = useState(false)
-
-  const handleCreateUseCase = (useCase: UseCaseAssessment) => {
-    dispatch({ type: 'ADD_USE_CASE', payload: useCase })
-    dispatch({ type: 'SET_ACTIVE_USE_CASE', payload: useCase.id })
-    setShowWizard(false)
-  }
-
-  const handleDeleteUseCase = (id: string) => {
-    if (confirm('Möchten Sie diesen Use Case wirklich löschen?')) {
-      dispatch({ type: 'DELETE_USE_CASE', payload: id })
-    }
-  }
-
-  return (
-    <div className="space-y-6">
-      {/* Header */}
-      <div className="flex items-center justify-between">
-        <div>
-          <h1 className="text-2xl font-bold text-gray-900">Use Case Workshop</h1>
-          <p className="mt-1 text-gray-500">
-            Erfassen Sie Ihre KI-Anwendungsfälle und erhalten Sie eine erste Compliance-Bewertung
-          </p>
-        </div>
-        <div className="flex items-center gap-3">
-          <Link
-            href="/sdk/advisory-board/documentation"
-            className="inline-flex items-center gap-2 px-4 py-2 text-sm text-purple-600 hover:text-purple-700 hover:bg-purple-50 border border-purple-300 rounded-lg transition-colors"
-          >
-            UCCA-System Dokumentation ansehen
-          </Link>
-          {!showWizard && (
-            <button
-              onClick={() => setShowWizard(true)}
-              className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-            >
-              <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-              </svg>
-              Neuer Use Case
-            </button>
-          )}
-        </div>
-      </div>
-
-      {/* Wizard or List */}
-      {showWizard ? (
-        <UseCaseWizard onComplete={handleCreateUseCase} onCancel={() => setShowWizard(false)} />
-      ) : state.useCases.length === 0 ? (
-        <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-          <div className="w-16 h-16 mx-auto bg-purple-100 rounded-full flex items-center justify-center mb-4">
-            <svg className="w-8 h-8 text-purple-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path
-                strokeLinecap="round"
-                strokeLinejoin="round"
-                strokeWidth={2}
-                d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2"
-              />
-            </svg>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">Noch keine Use Cases</h3>
-          <p className="mt-2 text-gray-500 max-w-md mx-auto">
-            Erstellen Sie Ihren ersten Use Case, um mit dem Compliance Assessment zu beginnen.
-          </p>
-          <button
-            onClick={() => setShowWizard(true)}
-            className="mt-6 px-6 py-3 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-          >
-            Ersten Use Case erstellen
-          </button>
-        </div>
-      ) : (
-        <div className="grid grid-cols-1 md:grid-cols-2 gap-4">
-          {state.useCases.map(useCase => (
-            <UseCaseCard
-              key={useCase.id}
-              useCase={useCase}
-              isActive={state.activeUseCase === useCase.id}
-              onSelect={() => dispatch({ type: 'SET_ACTIVE_USE_CASE', payload: useCase.id })}
-              onDelete={() => handleDeleteUseCase(useCase.id)}
-            />
-          ))}
-        </div>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/compliance-hub/page.tsx

@@ -1,521 +0,0 @@
-'use client'
-
-/**
- * Compliance Hub Page (SDK Version - Zusatzmodul)
- *
- * Central compliance management dashboard with:
- * - Compliance Score Overview
- * - Quick Access to all compliance modules (SDK paths)
- * - Control-Mappings with statistics
- * - Audit Findings
- * - Regulations overview
- */
-
-import { useState, useEffect } from 'react'
-import Link from 'next/link'
-
-// Types
-interface DashboardData {
-  compliance_score: number
-  total_regulations: number
-  total_requirements: number
-  total_controls: number
-  controls_by_status: Record<string, number>
-  controls_by_domain: Record<string, Record<string, number>>
-  total_evidence: number
-  evidence_by_status: Record<string, number>
-  total_risks: number
-  risks_by_level: Record<string, number>
-}
-
-interface Regulation {
-  id: string
-  code: string
-  name: string
-  full_name: string
-  regulation_type: string
-  effective_date: string | null
-  description: string
-  requirement_count: number
-}
-
-interface MappingsData {
-  total: number
-  by_regulation: Record<string, number>
-}
-
-interface FindingsData {
-  major_count: number
-  minor_count: number
-  ofi_count: number
-  total: number
-  open_majors: number
-  open_minors: number
-}
-
-const DOMAIN_LABELS: Record<string, string> = {
-  gov: 'Governance',
-  priv: 'Datenschutz',
-  iam: 'Identity & Access',
-  crypto: 'Kryptografie',
-  sdlc: 'Secure Dev',
-  ops: 'Operations',
-  ai: 'KI-spezifisch',
-  cra: 'Supply Chain',
-  aud: 'Audit',
-}
-
-export default function ComplianceHubPage() {
-  const [dashboard, setDashboard] = useState<DashboardData | null>(null)
-  const [regulations, setRegulations] = useState<Regulation[]>([])
-  const [mappings, setMappings] = useState<MappingsData | null>(null)
-  const [findings, setFindings] = useState<FindingsData | null>(null)
-  const [loading, setLoading] = useState(true)
-  const [error, setError] = useState<string | null>(null)
-  const [seeding, setSeeding] = useState(false)
-
-  useEffect(() => {
-    loadData()
-  }, [])
-
-  const loadData = async () => {
-    setLoading(true)
-    setError(null)
-    try {
-      const [dashboardRes, regulationsRes, mappingsRes, findingsRes] = await Promise.all([
-        fetch('/api/admin/compliance/dashboard'),
-        fetch('/api/admin/compliance/regulations'),
-        fetch('/api/admin/compliance/mappings'),
-        fetch('/api/admin/compliance/isms/findings/summary'),
-      ])
-
-      if (dashboardRes.ok) {
-        setDashboard(await dashboardRes.json())
-      }
-      if (regulationsRes.ok) {
-        const data = await regulationsRes.json()
-        setRegulations(data.regulations || [])
-      }
-      if (mappingsRes.ok) {
-        const data = await mappingsRes.json()
-        setMappings(data)
-      }
-      if (findingsRes.ok) {
-        const data = await findingsRes.json()
-        setFindings(data)
-      }
-    } catch (err) {
-      console.error('Failed to load compliance data:', err)
-      setError('Verbindung zum Backend fehlgeschlagen')
-    } finally {
-      setLoading(false)
-    }
-  }
-
-  const seedDatabase = async () => {
-    setSeeding(true)
-    try {
-      const res = await fetch('/api/admin/compliance/seed', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ force: false }),
-      })
-
-      if (res.ok) {
-        const result = await res.json()
-        alert(`Datenbank erfolgreich initialisiert!\n\nRegulations: ${result.counts?.regulations || 0}\nControls: ${result.counts?.controls || 0}\nRequirements: ${result.counts?.requirements || 0}`)
-        loadData()
-      } else {
-        const error = await res.text()
-        alert(`Fehler beim Seeding: ${error}`)
-      }
-    } catch (err) {
-      console.error('Seeding failed:', err)
-      alert('Fehler beim Initialisieren der Datenbank')
-    } finally {
-      setSeeding(false)
-    }
-  }
-
-  const score = dashboard?.compliance_score || 0
-  const scoreColor = score >= 80 ? 'text-green-600' : score >= 60 ? 'text-yellow-600' : 'text-red-600'
-  const scoreBgColor = score >= 80 ? 'bg-green-500' : score >= 60 ? 'bg-yellow-500' : 'bg-red-500'
-
-  return (
-    <div className="space-y-6">
-      {/* Title Card (Zusatzmodul - no StepHeader) */}
-      <div className="bg-white rounded-xl shadow-sm border p-6">
-        <h1 className="text-2xl font-bold text-slate-900">Compliance Hub</h1>
-        <p className="text-slate-500 mt-1">
-          Zentrale Verwaltung aller Compliance-Anforderungen nach DSGVO, AI Act, BSI TR-03161 und weiteren Regulierungen.
-        </p>
-      </div>
-
-      {/* Error Banner */}
-      {error && (
-        <div className="bg-red-50 border border-red-200 rounded-lg p-4 flex items-center gap-3">
-          <svg className="w-5 h-5 text-red-500 flex-shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 8v4m0 4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
-          </svg>
-          <span className="text-red-700">{error}</span>
-          <button onClick={loadData} className="ml-auto text-red-600 hover:text-red-800 text-sm font-medium">
-            Erneut versuchen
-          </button>
-        </div>
-      )}
-
-      {/* Seed Button if no data */}
-      {!loading && (dashboard?.total_controls || 0) === 0 && (
-        <div className="p-4 bg-yellow-50 border border-yellow-200 rounded-lg">
-          <div className="flex items-center justify-between">
-            <div>
-              <p className="font-medium text-yellow-800">Keine Compliance-Daten vorhanden</p>
-              <p className="text-sm text-yellow-700">Initialisieren Sie die Datenbank mit den Seed-Daten.</p>
-            </div>
-            <button
-              onClick={seedDatabase}
-              disabled={seeding}
-              className="px-4 py-2 bg-yellow-600 text-white rounded-lg hover:bg-yellow-700 disabled:opacity-50"
-            >
-              {seeding ? 'Initialisiere...' : 'Datenbank initialisieren'}
-            </button>
-          </div>
-        </div>
-      )}
-
-      {/* Quick Actions */}
-      <div className="bg-white rounded-xl shadow-sm border p-6">
-        <h3 className="text-lg font-semibold text-slate-900 mb-4">Schnellzugriff</h3>
-        <div className="grid grid-cols-2 sm:grid-cols-3 md:grid-cols-6 gap-4">
-          <Link
-            href="/sdk/audit-checklist"
-            className="p-4 rounded-lg border border-slate-200 hover:border-purple-500 hover:bg-purple-50 transition-colors text-center"
-          >
-            <div className="text-purple-600 mb-2 flex justify-center">
-              <svg className="w-8 h-8" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-3 7h3m-3 4h3m-6-4h.01M9 16h.01" />
-              </svg>
-            </div>
-            <p className="font-medium text-slate-900 text-sm">Audit Checkliste</p>
-            <p className="text-xs text-slate-500 mt-1">{dashboard?.total_requirements || '...'} Anforderungen</p>
-          </Link>
-
-          <Link
-            href="/sdk/controls"
-            className="p-4 rounded-lg border border-slate-200 hover:border-green-500 hover:bg-green-50 transition-colors text-center"
-          >
-            <div className="text-green-600 mb-2 flex justify-center">
-              <svg className="w-8 h-8" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z" />
-              </svg>
-            </div>
-            <p className="font-medium text-slate-900 text-sm">Controls</p>
-            <p className="text-xs text-slate-500 mt-1">{dashboard?.total_controls || '...'} Massnahmen</p>
-          </Link>
-
-          <Link
-            href="/sdk/evidence"
-            className="p-4 rounded-lg border border-slate-200 hover:border-blue-500 hover:bg-blue-50 transition-colors text-center"
-          >
-            <div className="text-blue-600 mb-2 flex justify-center">
-              <svg className="w-8 h-8" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M7 21h10a2 2 0 002-2V9.414a1 1 0 00-.293-.707l-5.414-5.414A1 1 0 0012.586 3H7a2 2 0 00-2 2v14a2 2 0 002 2z" />
-              </svg>
-            </div>
-            <p className="font-medium text-slate-900 text-sm">Evidence</p>
-            <p className="text-xs text-slate-500 mt-1">Nachweise</p>
-          </Link>
-
-          <Link
-            href="/sdk/risks"
-            className="p-4 rounded-lg border border-slate-200 hover:border-red-500 hover:bg-red-50 transition-colors text-center"
-          >
-            <div className="text-red-600 mb-2 flex justify-center">
-              <svg className="w-8 h-8" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-              </svg>
-            </div>
-            <p className="font-medium text-slate-900 text-sm">Risk Matrix</p>
-            <p className="text-xs text-slate-500 mt-1">5x5 Risiken</p>
-          </Link>
-
-          <Link
-            href="/sdk/modules"
-            className="p-4 rounded-lg border border-slate-200 hover:border-pink-500 hover:bg-pink-50 transition-colors text-center"
-          >
-            <div className="text-pink-600 mb-2 flex justify-center">
-              <svg className="w-8 h-8" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 11H5m14 0a2 2 0 012 2v6a2 2 0 01-2 2H5a2 2 0 01-2-2v-6a2 2 0 012-2m14 0V9a2 2 0 00-2-2M5 11V9a2 2 0 012-2m0 0V5a2 2 0 012-2h6a2 2 0 012 2v2M7 7h10" />
-              </svg>
-            </div>
-            <p className="font-medium text-slate-900 text-sm">Service Registry</p>
-            <p className="text-xs text-slate-500 mt-1">Module</p>
-          </Link>
-
-          <Link
-            href="/sdk/audit-report"
-            className="p-4 rounded-lg border border-slate-200 hover:border-orange-500 hover:bg-orange-50 transition-colors text-center"
-          >
-            <div className="text-orange-600 mb-2 flex justify-center">
-              <svg className="w-8 h-8" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 17v-2m3 2v-4m3 4v-6m2 10H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z" />
-              </svg>
-            </div>
-            <p className="font-medium text-slate-900 text-sm">Audit Report</p>
-            <p className="text-xs text-slate-500 mt-1">PDF Export</p>
-          </Link>
-        </div>
-      </div>
-
-      {loading ? (
-        <div className="flex items-center justify-center h-64">
-          <div className="animate-spin rounded-full h-12 w-12 border-b-2 border-purple-600" />
-        </div>
-      ) : (
-        <>
-          {/* Score and Stats Row */}
-          <div className="grid grid-cols-1 lg:grid-cols-5 gap-4">
-            <div className="bg-white rounded-xl shadow-sm border p-6">
-              <h3 className="text-sm font-medium text-slate-500 mb-4">Compliance Score</h3>
-              <div className={`text-5xl font-bold ${scoreColor}`}>
-                {score.toFixed(0)}%
-              </div>
-              <div className="mt-4 h-2 bg-slate-200 rounded-full overflow-hidden">
-                <div
-                  className={`h-full transition-all duration-500 ${scoreBgColor}`}
-                  style={{ width: `${score}%` }}
-                />
-              </div>
-              <p className="mt-2 text-sm text-slate-500">
-                {dashboard?.controls_by_status?.pass || 0} von {dashboard?.total_controls || 0} Controls bestanden
-              </p>
-            </div>
-
-            <div className="bg-white rounded-xl shadow-sm border p-6">
-              <div className="flex items-center justify-between">
-                <div>
-                  <p className="text-sm text-slate-500">Verordnungen</p>
-                  <p className="text-2xl font-bold text-slate-900">{dashboard?.total_regulations || 0}</p>
-                </div>
-                <div className="w-10 h-10 bg-blue-100 rounded-lg flex items-center justify-center">
-                  <svg className="w-5 h-5 text-blue-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z" />
-                  </svg>
-                </div>
-              </div>
-              <p className="mt-2 text-sm text-slate-500">{dashboard?.total_requirements || 0} Anforderungen</p>
-            </div>
-
-            <div className="bg-white rounded-xl shadow-sm border p-6">
-              <div className="flex items-center justify-between">
-                <div>
-                  <p className="text-sm text-slate-500">Controls</p>
-                  <p className="text-2xl font-bold text-slate-900">{dashboard?.total_controls || 0}</p>
-                </div>
-                <div className="w-10 h-10 bg-green-100 rounded-lg flex items-center justify-center">
-                  <svg className="w-5 h-5 text-green-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z" />
-                  </svg>
-                </div>
-              </div>
-              <p className="mt-2 text-sm text-slate-500">{dashboard?.controls_by_status?.pass || 0} bestanden</p>
-            </div>
-
-            <div className="bg-white rounded-xl shadow-sm border p-6">
-              <div className="flex items-center justify-between">
-                <div>
-                  <p className="text-sm text-slate-500">Nachweise</p>
-                  <p className="text-2xl font-bold text-slate-900">{dashboard?.total_evidence || 0}</p>
-                </div>
-                <div className="w-10 h-10 bg-purple-100 rounded-lg flex items-center justify-center">
-                  <svg className="w-5 h-5 text-purple-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M7 21h10a2 2 0 002-2V9.414a1 1 0 00-.293-.707l-5.414-5.414A1 1 0 0012.586 3H7a2 2 0 00-2 2v14a2 2 0 002 2z" />
-                  </svg>
-                </div>
-              </div>
-              <p className="mt-2 text-sm text-slate-500">{dashboard?.evidence_by_status?.valid || 0} aktiv</p>
-            </div>
-
-            <div className="bg-white rounded-xl shadow-sm border p-6">
-              <div className="flex items-center justify-between">
-                <div>
-                  <p className="text-sm text-slate-500">Risiken</p>
-                  <p className="text-2xl font-bold text-slate-900">{dashboard?.total_risks || 0}</p>
-                </div>
-                <div className="w-10 h-10 bg-red-100 rounded-lg flex items-center justify-center">
-                  <svg className="w-5 h-5 text-red-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-                  </svg>
-                </div>
-              </div>
-              <p className="mt-2 text-sm text-slate-500">
-                {(dashboard?.risks_by_level?.high || 0) + (dashboard?.risks_by_level?.critical || 0)} kritisch
-              </p>
-            </div>
-          </div>
-
-          {/* Control-Mappings & Findings Row */}
-          <div className="grid grid-cols-1 lg:grid-cols-2 gap-4">
-            <div className="bg-white rounded-xl shadow-sm border p-6">
-              <div className="flex items-center justify-between mb-4">
-                <h3 className="text-lg font-semibold text-slate-900">Control-Mappings</h3>
-                <Link href="/sdk/controls" className="text-sm text-purple-600 hover:text-purple-700">
-                  Alle anzeigen →
-                </Link>
-              </div>
-              <div className="flex items-center gap-6 mb-4">
-                <div>
-                  <p className="text-4xl font-bold text-purple-600">{mappings?.total || 474}</p>
-                  <p className="text-sm text-slate-500">Mappings gesamt</p>
-                </div>
-                <div className="flex-1 h-16 bg-slate-50 rounded-lg p-3">
-                  <p className="text-xs text-slate-500 mb-1">Nach Verordnung</p>
-                  <div className="flex gap-1 flex-wrap">
-                    {mappings?.by_regulation && Object.entries(mappings.by_regulation).slice(0, 5).map(([reg, count]) => (
-                      <span key={reg} className="px-2 py-0.5 bg-purple-100 text-purple-700 rounded text-xs">
-                        {reg}: {count}
-                      </span>
-                    ))}
-                    {!mappings?.by_regulation && (
-                      <>
-                        <span className="px-2 py-0.5 bg-purple-100 text-purple-700 rounded text-xs">GDPR: 180</span>
-                        <span className="px-2 py-0.5 bg-blue-100 text-blue-700 rounded text-xs">AI Act: 95</span>
-                        <span className="px-2 py-0.5 bg-green-100 text-green-700 rounded text-xs">BSI: 120</span>
-                        <span className="px-2 py-0.5 bg-orange-100 text-orange-700 rounded text-xs">CRA: 79</span>
-                      </>
-                    )}
-                  </div>
-                </div>
-              </div>
-              <p className="text-sm text-slate-600">
-                Automatisch generierte Verknuepfungen zwischen {dashboard?.total_controls || 44} Controls
-                und {dashboard?.total_requirements || 558} Anforderungen aus {dashboard?.total_regulations || 19} Verordnungen.
-              </p>
-            </div>
-
-            <div className="bg-white rounded-xl shadow-sm border p-6">
-              <div className="flex items-center justify-between mb-4">
-                <h3 className="text-lg font-semibold text-slate-900">Audit Findings</h3>
-                <Link href="/sdk/audit-checklist" className="text-sm text-purple-600 hover:text-purple-700">
-                  Audit Checkliste →
-                </Link>
-              </div>
-              <div className="grid grid-cols-2 gap-4 mb-4">
-                <div className="p-4 bg-red-50 border border-red-200 rounded-lg">
-                  <div className="flex items-center gap-2 mb-1">
-                    <div className="w-3 h-3 bg-red-500 rounded-full" />
-                    <span className="text-sm font-medium text-red-800">Hauptabweichungen</span>
-                  </div>
-                  <p className="text-3xl font-bold text-red-600">{findings?.open_majors || 0}</p>
-                  <p className="text-xs text-red-600">offen (blockiert Zertifizierung)</p>
-                </div>
-                <div className="p-4 bg-yellow-50 border border-yellow-200 rounded-lg">
-                  <div className="flex items-center gap-2 mb-1">
-                    <div className="w-3 h-3 bg-yellow-500 rounded-full" />
-                    <span className="text-sm font-medium text-yellow-800">Nebenabweichungen</span>
-                  </div>
-                  <p className="text-3xl font-bold text-yellow-600">{findings?.open_minors || 0}</p>
-                  <p className="text-xs text-yellow-600">offen (erfordert CAPA)</p>
-                </div>
-              </div>
-              <div className="flex items-center justify-between text-sm">
-                <span className="text-slate-500">
-                  Gesamt: {findings?.total || 0} Findings ({findings?.major_count || 0} Major, {findings?.minor_count || 0} Minor, {findings?.ofi_count || 0} OFI)
-                </span>
-                {(findings?.open_majors || 0) === 0 ? (
-                  <span className="px-2 py-1 bg-green-100 text-green-700 rounded-full text-xs font-medium">
-                    Zertifizierung moeglich
-                  </span>
-                ) : (
-                  <span className="px-2 py-1 bg-red-100 text-red-700 rounded-full text-xs font-medium">
-                    Zertifizierung blockiert
-                  </span>
-                )}
-              </div>
-            </div>
-          </div>
-
-          {/* Domain Chart */}
-          <div className="bg-white rounded-xl shadow-sm border p-6">
-            <h3 className="text-lg font-semibold text-slate-900 mb-4">Controls nach Domain</h3>
-            <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
-              {Object.entries(dashboard?.controls_by_domain || {}).map(([domain, stats]) => {
-                const total = stats.total || 0
-                const pass = stats.pass || 0
-                const partial = stats.partial || 0
-                const passPercent = total > 0 ? ((pass + partial * 0.5) / total) * 100 : 0
-
-                return (
-                  <div key={domain} className="p-3 rounded-lg bg-slate-50">
-                    <div className="flex justify-between text-sm mb-1">
-                      <span className="font-medium text-slate-700">
-                        {DOMAIN_LABELS[domain] || domain.toUpperCase()}
-                      </span>
-                      <span className="text-slate-500">
-                        {pass}/{total} ({passPercent.toFixed(0)}%)
-                      </span>
-                    </div>
-                    <div className="h-2 bg-slate-200 rounded-full overflow-hidden flex">
-                      <div className="bg-green-500 h-full" style={{ width: `${(pass / total) * 100}%` }} />
-                      <div className="bg-yellow-500 h-full" style={{ width: `${(partial / total) * 100}%` }} />
-                    </div>
-                  </div>
-                )
-              })}
-            </div>
-          </div>
-
-          {/* Regulations Table */}
-          <div className="bg-white rounded-xl shadow-sm border overflow-hidden">
-            <div className="p-4 border-b flex items-center justify-between">
-              <h3 className="text-lg font-semibold text-slate-900">Verordnungen & Standards ({regulations.length})</h3>
-              <button onClick={loadData} className="text-sm text-purple-600 hover:text-purple-700">
-                Aktualisieren
-              </button>
-            </div>
-            <div className="overflow-x-auto">
-              <table className="w-full">
-                <thead className="bg-slate-50">
-                  <tr>
-                    <th className="px-4 py-3 text-left text-xs font-medium text-slate-500 uppercase">Code</th>
-                    <th className="px-4 py-3 text-left text-xs font-medium text-slate-500 uppercase">Name</th>
-                    <th className="px-4 py-3 text-left text-xs font-medium text-slate-500 uppercase">Typ</th>
-                    <th className="px-4 py-3 text-center text-xs font-medium text-slate-500 uppercase">Anforderungen</th>
-                  </tr>
-                </thead>
-                <tbody className="divide-y divide-slate-200">
-                  {regulations.slice(0, 15).map((reg) => (
-                    <tr key={reg.id} className="hover:bg-slate-50">
-                      <td className="px-4 py-3">
-                        <span className="font-mono font-medium text-purple-600">{reg.code}</span>
-                      </td>
-                      <td className="px-4 py-3">
-                        <p className="font-medium text-slate-900">{reg.name}</p>
-                      </td>
-                      <td className="px-4 py-3">
-                        <span className={`px-2 py-1 text-xs rounded-full ${
-                          reg.regulation_type === 'eu_regulation' ? 'bg-blue-100 text-blue-700' :
-                          reg.regulation_type === 'eu_directive' ? 'bg-purple-100 text-purple-700' :
-                          reg.regulation_type === 'bsi_standard' ? 'bg-green-100 text-green-700' :
-                          'bg-slate-100 text-slate-700'
-                        }`}>
-                          {reg.regulation_type === 'eu_regulation' ? 'EU-VO' :
-                           reg.regulation_type === 'eu_directive' ? 'EU-RL' :
-                           reg.regulation_type === 'bsi_standard' ? 'BSI' :
-                           reg.regulation_type === 'de_law' ? 'DE' : reg.regulation_type}
-                        </span>
-                      </td>
-                      <td className="px-4 py-3 text-center">
-                        <span className="font-medium">{reg.requirement_count}</span>
-                      </td>
-                    </tr>
-                  ))}
-                </tbody>
-              </table>
-            </div>
-          </div>
-        </>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/document-generator/page.tsx

@@ -1,770 +0,0 @@
-'use client'
-
-import React, { useState, useEffect, useCallback, useMemo } from 'react'
-import { useSDK } from '@/lib/sdk'
-import { useEinwilligungen, EinwilligungenProvider } from '@/lib/sdk/einwilligungen/context'
-import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
-import {
-  LegalTemplateResult,
-  TemplateType,
-  Jurisdiction,
-  LicenseType,
-  GeneratedDocument,
-  TEMPLATE_TYPE_LABELS,
-  LICENSE_TYPE_LABELS,
-  JURISDICTION_LABELS,
-  DEFAULT_PLACEHOLDERS,
-} from '@/lib/sdk/types'
-import { DataPointsPreview } from './components/DataPointsPreview'
-import { DocumentValidation } from './components/DocumentValidation'
-import { generateAllPlaceholders } from '@/lib/sdk/document-generator/datapoint-helpers'
-
-// =============================================================================
-// API CLIENT (extracted to searchTemplates.ts for testability)
-// =============================================================================
-
-import { searchTemplates, getTemplatesStatus, getSources, RAG_PROXY } from './searchTemplates'
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function StatusBadge({ status }: { status: string }) {
-  const colors: Record<string, string> = {
-    ready: 'bg-green-100 text-green-700',
-    empty: 'bg-yellow-100 text-yellow-700',
-    error: 'bg-red-100 text-red-700',
-    running: 'bg-blue-100 text-blue-700',
-  }
-  return (
-    <span className={`px-2 py-1 text-xs rounded-full ${colors[status] || 'bg-gray-100 text-gray-700'}`}>
-      {status}
-    </span>
-  )
-}
-
-function LicenseBadge({ licenseId, small = false }: { licenseId: LicenseType | null; small?: boolean }) {
-  if (!licenseId) return null
-
-  const colors: Record<LicenseType, string> = {
-    public_domain: 'bg-green-100 text-green-700 border-green-200',
-    cc0: 'bg-green-100 text-green-700 border-green-200',
-    unlicense: 'bg-green-100 text-green-700 border-green-200',
-    mit: 'bg-blue-100 text-blue-700 border-blue-200',
-    cc_by_4: 'bg-purple-100 text-purple-700 border-purple-200',
-    reuse_notice: 'bg-orange-100 text-orange-700 border-orange-200',
-  }
-
-  return (
-    <span className={`${small ? 'px-1.5 py-0.5 text-[10px]' : 'px-2 py-1 text-xs'} rounded border ${colors[licenseId]}`}>
-      {LICENSE_TYPE_LABELS[licenseId] || licenseId}
-    </span>
-  )
-}
-
-function TemplateCard({
-  template,
-  selected,
-  onSelect,
-}: {
-  template: LegalTemplateResult
-  selected: boolean
-  onSelect: () => void
-}) {
-  return (
-    <div
-      onClick={onSelect}
-      className={`p-4 rounded-xl border-2 cursor-pointer transition-all ${
-        selected
-          ? 'border-purple-500 bg-purple-50'
-          : 'border-gray-200 hover:border-purple-300 bg-white'
-      }`}
-    >
-      <div className="flex items-start justify-between mb-2">
-        <div className="flex-1">
-          <div className="flex items-center gap-2 flex-wrap">
-            <span className="font-medium text-gray-900">
-              {template.documentTitle || 'Untitled'}
-            </span>
-            <span className="text-xs text-gray-500 bg-gray-100 px-2 py-0.5 rounded">
-              {template.score.toFixed(2)}
-            </span>
-          </div>
-          <div className="flex items-center gap-2 mt-1 flex-wrap">
-            {template.templateType && (
-              <span className="text-xs text-purple-600 bg-purple-100 px-2 py-0.5 rounded">
-                {TEMPLATE_TYPE_LABELS[template.templateType as TemplateType] || template.templateType}
-              </span>
-            )}
-            <LicenseBadge licenseId={template.licenseId as LicenseType} small />
-            <span className="text-xs text-gray-500 uppercase">
-              {template.language}
-            </span>
-          </div>
-        </div>
-        <input
-          type="checkbox"
-          checked={selected}
-          onChange={onSelect}
-          className="w-5 h-5 text-purple-600 rounded border-gray-300"
-        />
-      </div>
-
-      <p className="text-sm text-gray-600 line-clamp-3 mt-2">
-        {template.text}
-      </p>
-
-      {template.attributionRequired && template.attributionText && (
-        <div className="mt-2 text-xs text-orange-600 bg-orange-50 p-2 rounded">
-          Attribution: {template.attributionText}
-        </div>
-      )}
-
-      {template.placeholders && template.placeholders.length > 0 && (
-        <div className="mt-2 flex flex-wrap gap-1">
-          {template.placeholders.slice(0, 5).map((p, i) => (
-            <span key={i} className="text-xs bg-blue-100 text-blue-700 px-1.5 py-0.5 rounded">
-              {p}
-            </span>
-          ))}
-          {template.placeholders.length > 5 && (
-            <span className="text-xs text-gray-500">
-              +{template.placeholders.length - 5} more
-            </span>
-          )}
-        </div>
-      )}
-
-      <div className="mt-3 text-xs text-gray-500">
-        Source: {template.sourceName}
-      </div>
-    </div>
-  )
-}
-
-function PlaceholderEditor({
-  placeholders,
-  values,
-  onChange,
-}: {
-  placeholders: string[]
-  values: Record<string, string>
-  onChange: (key: string, value: string) => void
-}) {
-  if (placeholders.length === 0) return null
-
-  return (
-    <div className="bg-blue-50 rounded-xl p-4 border border-blue-200">
-      <h4 className="font-medium text-blue-900 mb-3">Platzhalter ausfuellen</h4>
-      <div className="grid grid-cols-1 md:grid-cols-2 gap-3">
-        {placeholders.map((placeholder) => (
-          <div key={placeholder}>
-            <label className="block text-sm text-blue-700 mb-1">{placeholder}</label>
-            <input
-              type="text"
-              value={values[placeholder] || ''}
-              onChange={(e) => onChange(placeholder, e.target.value)}
-              placeholder={`Wert fuer ${placeholder}`}
-              className="w-full px-3 py-2 border border-blue-200 rounded-lg text-sm focus:outline-none focus:ring-2 focus:ring-purple-500"
-            />
-          </div>
-        ))}
-      </div>
-    </div>
-  )
-}
-
-function AttributionFooter({ templates }: { templates: LegalTemplateResult[] }) {
-  const attributionTemplates = templates.filter((t) => t.attributionRequired)
-  if (attributionTemplates.length === 0) return null
-
-  return (
-    <div className="bg-gray-50 rounded-xl p-4 border border-gray-200">
-      <h4 className="font-medium text-gray-900 mb-2">Quellenangaben (werden automatisch hinzugefuegt)</h4>
-      <div className="text-sm text-gray-600 space-y-1">
-        <p>Dieses Dokument wurde unter Verwendung folgender Quellen erstellt:</p>
-        <ul className="list-disc list-inside ml-2">
-          {attributionTemplates.map((t, i) => (
-            <li key={i}>
-              {t.attributionText || `${t.sourceName} (${t.licenseName})`}
-            </li>
-          ))}
-        </ul>
-      </div>
-    </div>
-  )
-}
-
-function DocumentPreview({
-  content,
-  placeholders,
-}: {
-  content: string
-  placeholders: Record<string, string>
-}) {
-  // Replace placeholders in content
-  let processedContent = content
-  for (const [key, value] of Object.entries(placeholders)) {
-    if (value) {
-      processedContent = processedContent.replace(new RegExp(key.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'), 'g'), value)
-    }
-  }
-
-  return (
-    <div className="bg-white rounded-xl border border-gray-200 p-6 prose prose-sm max-w-none">
-      <div className="whitespace-pre-wrap">{processedContent}</div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-function DocumentGeneratorPageInner() {
-  const { state } = useSDK()
-  const { selectedDataPointsData } = useEinwilligungen()
-
-  // Status state
-  const [status, setStatus] = useState<any>(null)
-  const [sources, setSources] = useState<any[]>([])
-  const [isLoading, setIsLoading] = useState(true)
-  type ServiceMode = 'loading' | 'full' | 'rag-only' | 'offline'
-  const [serviceMode, setServiceMode] = useState<ServiceMode>('loading')
-
-  // Search state
-  const [searchQuery, setSearchQuery] = useState('')
-  const [selectedType, setSelectedType] = useState<TemplateType | ''>('')
-  const [selectedLanguage, setSelectedLanguage] = useState<'de' | 'en' | ''>('')
-  const [selectedJurisdiction, setSelectedJurisdiction] = useState<Jurisdiction | ''>('')
-  const [searchResults, setSearchResults] = useState<LegalTemplateResult[]>([])
-  const [isSearching, setIsSearching] = useState(false)
-
-  // Selection state
-  const [selectedTemplates, setSelectedTemplates] = useState<string[]>([])
-
-  // Editor state
-  const [placeholderValues, setPlaceholderValues] = useState<Record<string, string>>({})
-  const [activeTab, setActiveTab] = useState<'search' | 'compose' | 'preview'>('search')
-
-  // Load initial status
-  useEffect(() => {
-    async function loadStatus() {
-      try {
-        const [statusData, sourcesData] = await Promise.all([
-          getTemplatesStatus(),
-          getSources(),
-        ])
-        setStatus(statusData)
-        setSources(sourcesData)
-        const hasTemplateDb = statusData !== null
-        const hasRag = await fetch(`${RAG_PROXY}/regulations`).then(r => r.ok).catch(() => false)
-        setServiceMode(hasTemplateDb ? 'full' : hasRag ? 'rag-only' : 'offline')
-      } catch {
-        setServiceMode('offline')
-      } finally {
-        setIsLoading(false)
-      }
-    }
-    loadStatus()
-  }, [])
-
-  // Pre-fill placeholders from company profile
-  useEffect(() => {
-    if (state?.companyProfile) {
-      const profile = state.companyProfile
-      setPlaceholderValues((prev) => ({
-        ...prev,
-        '[COMPANY_NAME]': profile.companyName || '',
-        '[FIRMENNAME]': profile.companyName || '',
-        '[EMAIL]': profile.dpoEmail || '',
-        '[DSB_EMAIL]': profile.dpoEmail || '',
-        '[DPO_NAME]': profile.dpoName || '',
-        '[DSB_NAME]': profile.dpoName || '',
-      }))
-    }
-  }, [state?.companyProfile])
-
-  // Pre-fill placeholders from Einwilligungen data points
-  useEffect(() => {
-    if (selectedDataPointsData && selectedDataPointsData.length > 0) {
-      const einwilligungenPlaceholders = generateAllPlaceholders(selectedDataPointsData, 'de')
-      setPlaceholderValues((prev) => ({
-        ...prev,
-        ...einwilligungenPlaceholders,
-      }))
-    }
-  }, [selectedDataPointsData])
-
-  // Handler for inserting placeholders from DataPointsPreview
-  const handleInsertPlaceholder = useCallback((placeholder: string) => {
-    // This is a simplified version - in a real editor you would insert at cursor position
-    // For now, we just ensure the placeholder is in the values so it can be replaced
-    if (!placeholderValues[placeholder]) {
-      // The placeholder value will be generated from einwilligungen data
-      const einwilligungenPlaceholders = generateAllPlaceholders(selectedDataPointsData || [], 'de')
-      if (einwilligungenPlaceholders[placeholder as keyof typeof einwilligungenPlaceholders]) {
-        setPlaceholderValues((prev) => ({
-          ...prev,
-          [placeholder]: einwilligungenPlaceholders[placeholder as keyof typeof einwilligungenPlaceholders],
-        }))
-      }
-    }
-  }, [placeholderValues, selectedDataPointsData])
-
-  // Search handler
-  const handleSearch = useCallback(async () => {
-    if (!searchQuery.trim()) return
-
-    setIsSearching(true)
-    try {
-      const results = await searchTemplates({
-        query: searchQuery,
-        templateType: selectedType || undefined,
-        language: selectedLanguage || undefined,
-        jurisdiction: selectedJurisdiction || undefined,
-        limit: 20,
-      })
-      setSearchResults(results)
-    } catch (error) {
-      console.error('Search failed:', error)
-    } finally {
-      setIsSearching(false)
-    }
-  }, [searchQuery, selectedType, selectedLanguage, selectedJurisdiction])
-
-  // Toggle template selection
-  const toggleTemplate = (id: string) => {
-    setSelectedTemplates((prev) =>
-      prev.includes(id) ? prev.filter((t) => t !== id) : [...prev, id]
-    )
-  }
-
-  // Get selected template objects
-  const selectedTemplateObjects = searchResults.filter((r) =>
-    selectedTemplates.includes(r.id)
-  )
-
-  // Get all unique placeholders from selected templates
-  const allPlaceholders = Array.from(
-    new Set(selectedTemplateObjects.flatMap((t) => t.placeholders || []))
-  )
-
-  // Combined content from selected templates
-  const combinedContent = selectedTemplateObjects
-    .map((t) => `## ${t.documentTitle || 'Abschnitt'}\n\n${t.text}`)
-    .join('\n\n---\n\n')
-
-  // Step info
-  const stepInfo = STEP_EXPLANATIONS['document-generator'] || {
-    title: 'Dokumentengenerator',
-    description: 'Generieren Sie rechtliche Dokumente aus lizenzkonformen Vorlagen',
-    explanation: 'Der Dokumentengenerator nutzt frei lizenzierte Textbausteine um Datenschutzerklaerungen, AGB und andere rechtliche Dokumente zu erstellen.',
-    tips: ['Waehlen Sie passende Vorlagen aus der Suche', 'Fuellen Sie die Platzhalter mit Ihren Unternehmensdaten'],
-  }
-
-  if (isLoading) {
-    return (
-      <div className="flex items-center justify-center h-64">
-        <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-purple-600"></div>
-      </div>
-    )
-  }
-
-  return (
-    <div className="space-y-6">
-      {/* Step Header */}
-      <StepHeader
-        stepId="document-generator"
-        title="Dokumentengenerator"
-        description="Generieren Sie rechtliche Dokumente aus lizenzkonformen Vorlagen"
-        explanation={stepInfo.explanation}
-        tips={stepInfo.tips}
-      >
-        <button
-          onClick={() => setActiveTab('compose')}
-          disabled={selectedTemplates.length === 0}
-          className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
-        >
-          <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z" />
-          </svg>
-          Dokument erstellen ({selectedTemplates.length})
-        </button>
-      </StepHeader>
-
-      {/* Service mode banners */}
-      {serviceMode === 'rag-only' && (
-        <div className="bg-yellow-50 border border-yellow-200 rounded-lg p-3 text-sm text-yellow-800">
-          ⚠️ Template-Datenbank nicht erreichbar — Suche läuft über RAG-Fallback
-        </div>
-      )}
-      {serviceMode === 'offline' && (
-        <div className="bg-red-50 border border-red-200 rounded-lg p-3 text-sm text-red-800">
-          ❌ Keine Template-Services erreichbar. Stellen Sie sicher, dass breakpilot-core oder ai-compliance-sdk läuft.
-        </div>
-      )}
-
-      {/* Status Overview */}
-      <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Collection Status</div>
-          <div className="flex items-center gap-2 mt-1">
-            <StatusBadge status={status?.stats?.status || 'unknown'} />
-          </div>
-        </div>
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Indexierte Chunks</div>
-          <div className="text-3xl font-bold text-gray-900">
-            {status?.stats?.points_count || 0}
-          </div>
-        </div>
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Aktive Quellen</div>
-          <div className="text-3xl font-bold text-purple-600">
-            {sources.filter((s) => s.enabled).length}
-          </div>
-        </div>
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Ausgewaehlt</div>
-          <div className="text-3xl font-bold text-blue-600">
-            {selectedTemplates.length}
-          </div>
-        </div>
-      </div>
-
-      {/* Tab Navigation */}
-      <div className="flex gap-2 border-b border-gray-200">
-        {(['search', 'compose', 'preview'] as const).map((tab) => (
-          <button
-            key={tab}
-            onClick={() => setActiveTab(tab)}
-            disabled={tab !== 'search' && selectedTemplates.length === 0}
-            className={`px-4 py-2 font-medium transition-colors ${
-              activeTab === tab
-                ? 'text-purple-600 border-b-2 border-purple-600'
-                : 'text-gray-500 hover:text-gray-700 disabled:text-gray-300 disabled:cursor-not-allowed'
-            }`}
-          >
-            {tab === 'search' && 'Vorlagen suchen'}
-            {tab === 'compose' && 'Zusammenstellen'}
-            {tab === 'preview' && 'Vorschau'}
-          </button>
-        ))}
-      </div>
-
-      {/* Search Tab */}
-      {activeTab === 'search' && (
-        <div className="space-y-4">
-          {/* Search Form */}
-          <div className="bg-white rounded-xl border border-gray-200 p-6">
-            <div className="flex gap-4 items-end flex-wrap">
-              <div className="flex-1 min-w-[200px]">
-                <label className="block text-sm font-medium text-gray-700 mb-1">
-                  Suche
-                </label>
-                <input
-                  type="text"
-                  value={searchQuery}
-                  onChange={(e) => setSearchQuery(e.target.value)}
-                  onKeyDown={(e) => e.key === 'Enter' && handleSearch()}
-                  placeholder="z.B. Datenschutzerklaerung, Cookie-Banner, Widerruf..."
-                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-purple-500"
-                />
-              </div>
-              <div>
-                <label className="block text-sm font-medium text-gray-700 mb-1">
-                  Dokumenttyp
-                </label>
-                <select
-                  value={selectedType}
-                  onChange={(e) => setSelectedType(e.target.value as TemplateType | '')}
-                  className="px-4 py-2 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-purple-500"
-                >
-                  <option value="">Alle Typen</option>
-                  {Object.entries(TEMPLATE_TYPE_LABELS).map(([key, label]) => (
-                    <option key={key} value={key}>{label}</option>
-                  ))}
-                </select>
-              </div>
-              <div>
-                <label className="block text-sm font-medium text-gray-700 mb-1">
-                  Sprache
-                </label>
-                <select
-                  value={selectedLanguage}
-                  onChange={(e) => setSelectedLanguage(e.target.value as 'de' | 'en' | '')}
-                  className="px-4 py-2 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-purple-500"
-                >
-                  <option value="">Alle</option>
-                  <option value="de">Deutsch</option>
-                  <option value="en">English</option>
-                </select>
-              </div>
-              <button
-                onClick={handleSearch}
-                disabled={isSearching || !searchQuery.trim()}
-                className="px-6 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors disabled:opacity-50"
-              >
-                {isSearching ? 'Suche...' : 'Suchen'}
-              </button>
-            </div>
-          </div>
-
-          {/* Search Results */}
-          {searchResults.length > 0 && (
-            <div className="space-y-4">
-              <div className="flex items-center justify-between">
-                <h3 className="font-semibold text-gray-900">
-                  {searchResults.length} Ergebnisse
-                </h3>
-                {selectedTemplates.length > 0 && (
-                  <button
-                    onClick={() => setSelectedTemplates([])}
-                    className="text-sm text-gray-500 hover:text-gray-700"
-                  >
-                    Auswahl aufheben
-                  </button>
-                )}
-              </div>
-              <div className="grid grid-cols-1 lg:grid-cols-2 gap-4">
-                {searchResults.map((result) => (
-                  <TemplateCard
-                    key={result.id}
-                    template={result}
-                    selected={selectedTemplates.includes(result.id)}
-                    onSelect={() => toggleTemplate(result.id)}
-                  />
-                ))}
-              </div>
-            </div>
-          )}
-
-          {searchResults.length === 0 && searchQuery && !isSearching && (
-            <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-              <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-                <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M21 21l-6-6m2-5a7 7 0 11-14 0 7 7 0 0114 0z" />
-                </svg>
-              </div>
-              <h3 className="text-lg font-semibold text-gray-900">Keine Vorlagen gefunden</h3>
-              <p className="mt-2 text-gray-500">
-                Versuchen Sie einen anderen Suchbegriff oder aendern Sie die Filter.
-              </p>
-            </div>
-          )}
-
-          {/* Quick Start Templates */}
-          {searchResults.length === 0 && !searchQuery && (
-            <div className="bg-gradient-to-r from-purple-50 to-blue-50 rounded-xl border border-purple-200 p-6">
-              <h3 className="font-semibold text-gray-900 mb-4">Schnellstart - Haeufig benoetigte Dokumente</h3>
-              <div className="grid grid-cols-2 md:grid-cols-4 gap-4">
-                {[
-                  { query: 'Datenschutzerklaerung DSGVO', type: 'privacy_policy', icon: '🔒' },
-                  { query: 'Cookie Banner', type: 'cookie_banner', icon: '🍪' },
-                  { query: 'Impressum', type: 'impressum', icon: '📋' },
-                  { query: 'AGB Nutzungsbedingungen', type: 'terms_of_service', icon: '📜' },
-                ].map((item) => (
-                  <button
-                    key={item.type}
-                    onClick={() => {
-                      setSearchQuery(item.query)
-                      setSelectedType(item.type as TemplateType)
-                      setTimeout(handleSearch, 100)
-                    }}
-                    className="p-4 bg-white rounded-lg border border-gray-200 hover:border-purple-300 hover:shadow transition-all text-center"
-                  >
-                    <span className="text-3xl mb-2 block">{item.icon}</span>
-                    <span className="text-sm font-medium text-gray-900">
-                      {TEMPLATE_TYPE_LABELS[item.type as TemplateType]}
-                    </span>
-                  </button>
-                ))}
-              </div>
-            </div>
-          )}
-        </div>
-      )}
-
-      {/* Compose Tab */}
-      {activeTab === 'compose' && selectedTemplates.length > 0 && (
-        <div className="grid grid-cols-1 lg:grid-cols-3 gap-6">
-          {/* Main Content - 2/3 */}
-          <div className="lg:col-span-2 space-y-6">
-            {/* Selected Templates */}
-            <div className="bg-white rounded-xl border border-gray-200 p-6">
-              <h3 className="font-semibold text-gray-900 mb-4">
-                Ausgewaehlte Bausteine ({selectedTemplates.length})
-              </h3>
-              <div className="space-y-2">
-                {selectedTemplateObjects.map((t, index) => (
-                  <div
-                    key={t.id}
-                    className="flex items-center justify-between p-3 bg-gray-50 rounded-lg"
-                  >
-                    <div className="flex items-center gap-3">
-                      <span className="text-gray-400 font-mono">{index + 1}.</span>
-                      <span className="font-medium">{t.documentTitle}</span>
-                      <LicenseBadge licenseId={t.licenseId as LicenseType} small />
-                    </div>
-                    <button
-                      onClick={() => toggleTemplate(t.id)}
-                      className="text-red-500 hover:text-red-700"
-                    >
-                      <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
-                      </svg>
-                    </button>
-                  </div>
-                ))}
-              </div>
-            </div>
-
-            {/* Placeholder Editor */}
-            <PlaceholderEditor
-              placeholders={allPlaceholders}
-              values={placeholderValues}
-              onChange={(key, value) =>
-                setPlaceholderValues((prev) => ({ ...prev, [key]: value }))
-              }
-            />
-
-            {/* Attribution Footer */}
-            <AttributionFooter templates={selectedTemplateObjects} />
-
-            {/* Actions */}
-            <div className="flex justify-end gap-4">
-              <button
-                onClick={() => setActiveTab('search')}
-                className="px-4 py-2 text-gray-700 bg-gray-100 rounded-lg hover:bg-gray-200 transition-colors"
-              >
-                Zurueck zur Suche
-              </button>
-              <button
-                onClick={() => setActiveTab('preview')}
-                className="px-6 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-              >
-                Vorschau anzeigen
-              </button>
-            </div>
-          </div>
-
-          {/* Sidebar - 1/3: Einwilligungen DataPoints */}
-          <div className="lg:col-span-1">
-            <DataPointsPreview
-              dataPoints={selectedDataPointsData || []}
-              onInsertPlaceholder={handleInsertPlaceholder}
-              language="de"
-            />
-          </div>
-        </div>
-      )}
-
-      {/* Preview Tab */}
-      {activeTab === 'preview' && selectedTemplates.length > 0 && (
-        <div className="space-y-6">
-          <div className="flex items-center justify-between">
-            <h3 className="font-semibold text-gray-900">Dokument-Vorschau</h3>
-            <div className="flex gap-2">
-              <button
-                onClick={() => setActiveTab('compose')}
-                className="px-4 py-2 text-gray-700 bg-gray-100 rounded-lg hover:bg-gray-200 transition-colors"
-              >
-                Bearbeiten
-              </button>
-              <button
-                onClick={() => {
-                  // Copy to clipboard
-                  let content = combinedContent
-                  for (const [key, value] of Object.entries(placeholderValues)) {
-                    if (value) {
-                      content = content.replace(new RegExp(key.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'), 'g'), value)
-                    }
-                  }
-                  navigator.clipboard.writeText(content)
-                }}
-                className="px-4 py-2 text-purple-700 bg-purple-100 rounded-lg hover:bg-purple-200 transition-colors"
-              >
-                Kopieren
-              </button>
-              <button
-                onClick={() => {
-                  const printWindow = window.open('', '_blank')
-                  if (!printWindow) return
-                  let content = combinedContent
-                  for (const [key, value] of Object.entries(placeholderValues)) {
-                    if (value) {
-                      content = content.replace(new RegExp(key.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'), 'g'), value)
-                    }
-                  }
-                  const attributions = selectedTemplateObjects
-                    .filter(t => t.attributionRequired && t.attributionText)
-                    .map(t => `<li>${t.attributionText}</li>`)
-                    .join('')
-                  printWindow.document.write(`<!DOCTYPE html><html lang="de"><head><meta charset="UTF-8"><title>Datenschutzdokument</title><style>body{font-family:Arial,sans-serif;max-width:800px;margin:40px auto;padding:0 20px;line-height:1.6;color:#222}h2{border-bottom:1px solid #ccc;padding-bottom:8px;margin-top:32px}hr{border:none;border-top:1px solid #eee;margin:24px 0}.attribution{font-size:12px;color:#666;margin-top:48px;border-top:1px solid #ddd;padding-top:16px}@media print{body{margin:0}}</style></head><body><div style="white-space:pre-wrap">${content.replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;')}</div>${attributions ? `<div class="attribution"><strong>Quellenangaben:</strong><ul>${attributions}</ul></div>` : ''}</body></html>`)
-                  printWindow.document.close()
-                  printWindow.focus()
-                  setTimeout(() => printWindow.print(), 500)
-                }}
-                className="px-6 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-              >
-                Als PDF exportieren
-              </button>
-            </div>
-          </div>
-
-          {/* Document Validation based on selected Einwilligungen */}
-          {selectedDataPointsData && selectedDataPointsData.length > 0 && (
-            <DocumentValidation
-              dataPoints={selectedDataPointsData}
-              documentContent={combinedContent}
-              language="de"
-              onInsertPlaceholder={handleInsertPlaceholder}
-            />
-          )}
-
-          <DocumentPreview
-            content={combinedContent}
-            placeholders={placeholderValues}
-          />
-
-          {/* Attribution */}
-          <AttributionFooter templates={selectedTemplateObjects} />
-        </div>
-      )}
-
-      {/* Sources Info */}
-      {activeTab === 'search' && sources.length > 0 && (
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <h3 className="font-semibold text-gray-900 mb-4">Verfuegbare Quellen</h3>
-          <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
-            {sources.filter((s) => s.enabled).slice(0, 6).map((source) => (
-              <div key={source.name} className="p-4 bg-gray-50 rounded-lg">
-                <div className="flex items-center gap-2 mb-2">
-                  <span className="font-medium text-gray-900">{source.name}</span>
-                  <LicenseBadge licenseId={source.license_type as LicenseType} small />
-                </div>
-                <p className="text-sm text-gray-600 line-clamp-2">{source.description}</p>
-                <div className="mt-2 flex flex-wrap gap-1">
-                  {source.template_types.slice(0, 3).map((t: string) => (
-                    <span key={t} className="text-xs bg-purple-100 text-purple-700 px-1.5 py-0.5 rounded">
-                      {TEMPLATE_TYPE_LABELS[t as TemplateType] || t}
-                    </span>
-                  ))}
-                </div>
-              </div>
-            ))}
-          </div>
-        </div>
-      )}
-    </div>
-  )
-}
-
-export default function DocumentGeneratorPage() {
-  return (
-    <EinwilligungenProvider>
-      <DocumentGeneratorPageInner />
-    </EinwilligungenProvider>
-  )
-}

admin-compliance/app/(sdk)/sdk/evidence/page.tsx

@@ -1,686 +0,0 @@
-'use client'
-
-import React, { useState, useEffect, useRef } from 'react'
-import { useSDK, Evidence as SDKEvidence, EvidenceType } from '@/lib/sdk'
-import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-type DisplayEvidenceType = 'document' | 'screenshot' | 'log' | 'audit-report' | 'certificate'
-type DisplayFormat = 'pdf' | 'image' | 'text' | 'json'
-type DisplayStatus = 'valid' | 'expired' | 'pending-review'
-
-interface DisplayEvidence {
-  id: string
-  name: string
-  description: string
-  displayType: DisplayEvidenceType
-  format: DisplayFormat
-  controlId: string
-  linkedRequirements: string[]
-  linkedControls: string[]
-  uploadedBy: string
-  uploadedAt: Date
-  validFrom: Date
-  validUntil: Date | null
-  status: DisplayStatus
-  fileSize: string
-  fileUrl: string | null
-}
-
-// =============================================================================
-// HELPER FUNCTIONS
-// =============================================================================
-
-function mapEvidenceTypeToDisplay(type: EvidenceType): DisplayEvidenceType {
-  switch (type) {
-    case 'DOCUMENT': return 'document'
-    case 'SCREENSHOT': return 'screenshot'
-    case 'LOG': return 'log'
-    case 'CERTIFICATE': return 'certificate'
-    case 'AUDIT_REPORT': return 'audit-report'
-    default: return 'document'
-  }
-}
-
-function getEvidenceStatus(validUntil: Date | null): DisplayStatus {
-  if (!validUntil) return 'pending-review'
-  const now = new Date()
-  if (validUntil < now) return 'expired'
-  return 'valid'
-}
-
-// =============================================================================
-// FALLBACK TEMPLATES
-// =============================================================================
-
-interface EvidenceTemplate {
-  id: string
-  name: string
-  description: string
-  type: EvidenceType
-  displayType: DisplayEvidenceType
-  format: DisplayFormat
-  controlId: string
-  linkedRequirements: string[]
-  linkedControls: string[]
-  uploadedBy: string
-  validityDays: number
-  fileSize: string
-}
-
-const evidenceTemplates: EvidenceTemplate[] = [
-  {
-    id: 'ev-dse-001',
-    name: 'Datenschutzerklaerung v2.3',
-    description: 'Aktuelle Datenschutzerklaerung fuer Website und App',
-    type: 'DOCUMENT',
-    displayType: 'document',
-    format: 'pdf',
-    controlId: 'ctrl-org-001',
-    linkedRequirements: ['req-gdpr-13', 'req-gdpr-14'],
-    linkedControls: ['ctrl-org-001'],
-    uploadedBy: 'DSB',
-    validityDays: 365,
-    fileSize: '245 KB',
-  },
-  {
-    id: 'ev-pentest-001',
-    name: 'Penetrationstest Report Q4/2024',
-    description: 'Externer Penetrationstest durch Security-Partner',
-    type: 'AUDIT_REPORT',
-    displayType: 'audit-report',
-    format: 'pdf',
-    controlId: 'ctrl-tom-001',
-    linkedRequirements: ['req-gdpr-32', 'req-iso-a12'],
-    linkedControls: ['ctrl-tom-001', 'ctrl-tom-002', 'ctrl-det-001'],
-    uploadedBy: 'IT Security Team',
-    validityDays: 365,
-    fileSize: '2.1 MB',
-  },
-  {
-    id: 'ev-iso-cert',
-    name: 'ISO 27001 Zertifikat',
-    description: 'Zertifizierung des ISMS',
-    type: 'CERTIFICATE',
-    displayType: 'certificate',
-    format: 'pdf',
-    controlId: 'ctrl-tom-001',
-    linkedRequirements: ['req-iso-4.1', 'req-iso-5.1'],
-    linkedControls: [],
-    uploadedBy: 'QM Abteilung',
-    validityDays: 365,
-    fileSize: '156 KB',
-  },
-  {
-    id: 'ev-schulung-001',
-    name: 'Schulungsnachweis Datenschutz 2024',
-    description: 'Teilnehmerliste und Schulungsinhalt',
-    type: 'DOCUMENT',
-    displayType: 'document',
-    format: 'pdf',
-    controlId: 'ctrl-org-001',
-    linkedRequirements: ['req-gdpr-39'],
-    linkedControls: ['ctrl-org-001'],
-    uploadedBy: 'HR Team',
-    validityDays: 365,
-    fileSize: '890 KB',
-  },
-  {
-    id: 'ev-rbac-001',
-    name: 'Access Control Screenshot',
-    description: 'Nachweis der RBAC-Konfiguration',
-    type: 'SCREENSHOT',
-    displayType: 'screenshot',
-    format: 'image',
-    controlId: 'ctrl-tom-001',
-    linkedRequirements: ['req-gdpr-32'],
-    linkedControls: ['ctrl-tom-001'],
-    uploadedBy: 'Admin',
-    validityDays: 0,
-    fileSize: '1.2 MB',
-  },
-  {
-    id: 'ev-log-001',
-    name: 'Audit Log Export',
-    description: 'Monatlicher Audit-Log Export',
-    type: 'LOG',
-    displayType: 'log',
-    format: 'json',
-    controlId: 'ctrl-det-001',
-    linkedRequirements: ['req-gdpr-32'],
-    linkedControls: ['ctrl-det-001'],
-    uploadedBy: 'System',
-    validityDays: 90,
-    fileSize: '4.5 MB',
-  },
-]
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function EvidenceCard({ evidence, onDelete, onView, onDownload }: { evidence: DisplayEvidence; onDelete: () => void; onView: () => void; onDownload: () => void }) {
-  const typeIcons = {
-    document: (
-      <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z" />
-      </svg>
-    ),
-    screenshot: (
-      <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M4 16l4.586-4.586a2 2 0 012.828 0L16 16m-2-2l1.586-1.586a2 2 0 012.828 0L20 14m-6-6h.01M6 20h12a2 2 0 002-2V6a2 2 0 00-2-2H6a2 2 0 00-2 2v12a2 2 0 002 2z" />
-      </svg>
-    ),
-    log: (
-      <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-3 7h3m-3 4h3m-6-4h.01M9 16h.01" />
-      </svg>
-    ),
-    'audit-report': (
-      <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 17v-2m3 2v-4m3 4v-6m2 10H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z" />
-      </svg>
-    ),
-    certificate: (
-      <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4M7.835 4.697a3.42 3.42 0 001.946-.806 3.42 3.42 0 014.438 0 3.42 3.42 0 001.946.806 3.42 3.42 0 013.138 3.138 3.42 3.42 0 00.806 1.946 3.42 3.42 0 010 4.438 3.42 3.42 0 00-.806 1.946 3.42 3.42 0 01-3.138 3.138 3.42 3.42 0 00-1.946.806 3.42 3.42 0 01-4.438 0 3.42 3.42 0 00-1.946-.806 3.42 3.42 0 01-3.138-3.138 3.42 3.42 0 00-.806-1.946 3.42 3.42 0 010-4.438 3.42 3.42 0 00.806-1.946 3.42 3.42 0 013.138-3.138z" />
-      </svg>
-    ),
-  }
-
-  const statusColors = {
-    valid: 'bg-green-100 text-green-700 border-green-200',
-    expired: 'bg-red-100 text-red-700 border-red-200',
-    'pending-review': 'bg-yellow-100 text-yellow-700 border-yellow-200',
-  }
-
-  const statusLabels = {
-    valid: 'Gueltig',
-    expired: 'Abgelaufen',
-    'pending-review': 'Pruefung ausstehend',
-  }
-
-  return (
-    <div className={`bg-white rounded-xl border-2 p-6 ${
-      evidence.status === 'expired' ? 'border-red-200' :
-      evidence.status === 'pending-review' ? 'border-yellow-200' : 'border-gray-200'
-    }`}>
-      <div className="flex items-start gap-4">
-        <div className={`w-12 h-12 rounded-lg flex items-center justify-center ${
-          evidence.displayType === 'certificate' ? 'bg-yellow-100 text-yellow-600' :
-          evidence.displayType === 'audit-report' ? 'bg-purple-100 text-purple-600' :
-          evidence.displayType === 'screenshot' ? 'bg-blue-100 text-blue-600' :
-          evidence.displayType === 'log' ? 'bg-green-100 text-green-600' :
-          'bg-gray-100 text-gray-600'
-        }`}>
-          {typeIcons[evidence.displayType]}
-        </div>
-        <div className="flex-1">
-          <div className="flex items-center justify-between">
-            <h3 className="text-lg font-semibold text-gray-900">{evidence.name}</h3>
-            <span className={`px-3 py-1 text-xs rounded-full ${statusColors[evidence.status]}`}>
-              {statusLabels[evidence.status]}
-            </span>
-          </div>
-          <p className="text-sm text-gray-500 mt-1">{evidence.description}</p>
-
-          <div className="mt-3 flex items-center gap-4 text-sm text-gray-500">
-            <span>Hochgeladen: {evidence.uploadedAt.toLocaleDateString('de-DE')}</span>
-            {evidence.validUntil && (
-              <span className={evidence.status === 'expired' ? 'text-red-600' : ''}>
-                Gueltig bis: {evidence.validUntil.toLocaleDateString('de-DE')}
-              </span>
-            )}
-            <span>{evidence.fileSize}</span>
-          </div>
-
-          <div className="mt-3 flex items-center gap-2 flex-wrap">
-            {evidence.linkedRequirements.map(req => (
-              <span key={req} className="px-2 py-0.5 text-xs bg-blue-50 text-blue-600 rounded">
-                {req}
-              </span>
-            ))}
-            {evidence.linkedControls.map(ctrl => (
-              <span key={ctrl} className="px-2 py-0.5 text-xs bg-green-50 text-green-600 rounded">
-                {ctrl}
-              </span>
-            ))}
-          </div>
-        </div>
-      </div>
-
-      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between">
-        <span className="text-sm text-gray-500">Hochgeladen von: {evidence.uploadedBy}</span>
-        <div className="flex items-center gap-2">
-          <button
-            onClick={onView}
-            disabled={!evidence.fileUrl}
-            className="px-3 py-1 text-sm text-gray-600 hover:bg-gray-100 rounded-lg transition-colors disabled:opacity-40 disabled:cursor-not-allowed"
-          >
-            Anzeigen
-          </button>
-          <button
-            onClick={onDownload}
-            disabled={!evidence.fileUrl}
-            className="px-3 py-1 text-sm text-purple-600 hover:bg-purple-50 rounded-lg transition-colors disabled:opacity-40 disabled:cursor-not-allowed"
-          >
-            Herunterladen
-          </button>
-          <button
-            onClick={onDelete}
-            className="px-3 py-1 text-sm text-red-600 hover:bg-red-50 rounded-lg transition-colors"
-          >
-            Loeschen
-          </button>
-        </div>
-      </div>
-    </div>
-  )
-}
-
-function LoadingSkeleton() {
-  return (
-    <div className="space-y-4">
-      {[1, 2, 3].map(i => (
-        <div key={i} className="bg-white rounded-xl border border-gray-200 p-6 animate-pulse">
-          <div className="flex items-start gap-4">
-            <div className="w-12 h-12 bg-gray-200 rounded-lg" />
-            <div className="flex-1">
-              <div className="h-6 w-3/4 bg-gray-200 rounded mb-2" />
-              <div className="h-4 w-full bg-gray-100 rounded" />
-            </div>
-          </div>
-        </div>
-      ))}
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-export default function EvidencePage() {
-  const { state, dispatch } = useSDK()
-  const [filter, setFilter] = useState<string>('all')
-  const [loading, setLoading] = useState(true)
-  const [error, setError] = useState<string | null>(null)
-  const [uploading, setUploading] = useState(false)
-  const fileInputRef = useRef<HTMLInputElement>(null)
-  const [page, setPage] = useState(1)
-  const [pageSize] = useState(20)
-  const [total, setTotal] = useState(0)
-
-  // Fetch evidence from backend on mount and when page changes
-  useEffect(() => {
-    const fetchEvidence = async () => {
-      try {
-        setLoading(true)
-        const res = await fetch(`/api/sdk/v1/compliance/evidence?page=${page}&limit=${pageSize}`)
-        if (res.ok) {
-          const data = await res.json()
-          if (data.total !== undefined) setTotal(data.total)
-          const backendEvidence = data.evidence || data
-          if (Array.isArray(backendEvidence) && backendEvidence.length > 0) {
-            const mapped: SDKEvidence[] = backendEvidence.map((e: Record<string, unknown>) => ({
-              id: (e.id || '') as string,
-              controlId: (e.control_id || '') as string,
-              type: ((e.evidence_type || 'DOCUMENT') as string).toUpperCase() as EvidenceType,
-              name: (e.title || e.name || '') as string,
-              description: (e.description || '') as string,
-              fileUrl: (e.artifact_url || null) as string | null,
-              validFrom: e.valid_from ? new Date(e.valid_from as string) : new Date(),
-              validUntil: e.valid_until ? new Date(e.valid_until as string) : null,
-              uploadedBy: (e.uploaded_by || 'System') as string,
-              uploadedAt: e.created_at ? new Date(e.created_at as string) : new Date(),
-            }))
-            dispatch({ type: 'SET_STATE', payload: { evidence: mapped } })
-            setError(null)
-            return
-          }
-        }
-        loadFromTemplates()
-      } catch {
-        loadFromTemplates()
-      } finally {
-        setLoading(false)
-      }
-    }
-
-    const loadFromTemplates = () => {
-      if (state.evidence.length > 0) return
-      if (state.controls.length === 0) return
-
-      const relevantEvidence = evidenceTemplates.filter(e =>
-        state.controls.some(c => c.id === e.controlId || e.linkedControls.includes(c.id))
-      )
-
-      const now = new Date()
-      relevantEvidence.forEach(template => {
-        const validFrom = new Date(now)
-        validFrom.setMonth(validFrom.getMonth() - 1)
-
-        const validUntil = template.validityDays > 0
-          ? new Date(validFrom.getTime() + template.validityDays * 24 * 60 * 60 * 1000)
-          : null
-
-        const sdkEvidence: SDKEvidence = {
-          id: template.id,
-          controlId: template.controlId,
-          type: template.type,
-          name: template.name,
-          description: template.description,
-          fileUrl: null,
-          validFrom,
-          validUntil,
-          uploadedBy: template.uploadedBy,
-          uploadedAt: validFrom,
-        }
-        dispatch({ type: 'ADD_EVIDENCE', payload: sdkEvidence })
-      })
-    }
-
-    fetchEvidence()
-  }, [page, pageSize]) // eslint-disable-line react-hooks/exhaustive-deps
-
-  // Convert SDK evidence to display evidence
-  const displayEvidence: DisplayEvidence[] = state.evidence.map(ev => {
-    const template = evidenceTemplates.find(t => t.id === ev.id)
-
-    return {
-      id: ev.id,
-      name: ev.name,
-      description: ev.description,
-      displayType: mapEvidenceTypeToDisplay(ev.type),
-      format: template?.format || 'pdf',
-      controlId: ev.controlId,
-      linkedRequirements: template?.linkedRequirements || [],
-      linkedControls: template?.linkedControls || [ev.controlId],
-      uploadedBy: ev.uploadedBy,
-      uploadedAt: ev.uploadedAt,
-      validFrom: ev.validFrom,
-      validUntil: ev.validUntil,
-      status: getEvidenceStatus(ev.validUntil),
-      fileSize: template?.fileSize || 'Unbekannt',
-      fileUrl: ev.fileUrl,
-    }
-  })
-
-  const filteredEvidence = filter === 'all'
-    ? displayEvidence
-    : displayEvidence.filter(e => e.status === filter || e.displayType === filter)
-
-  const validCount = displayEvidence.filter(e => e.status === 'valid').length
-  const expiredCount = displayEvidence.filter(e => e.status === 'expired').length
-  const pendingCount = displayEvidence.filter(e => e.status === 'pending-review').length
-
-  const handleDelete = async (evidenceId: string) => {
-    if (!confirm('Moechten Sie diesen Nachweis wirklich loeschen?')) return
-
-    dispatch({ type: 'DELETE_EVIDENCE', payload: evidenceId })
-
-    try {
-      await fetch(`/api/sdk/v1/compliance/evidence/${evidenceId}`, {
-        method: 'DELETE',
-      })
-    } catch {
-      // Silently fail — SDK state is already updated
-    }
-  }
-
-  const handleUpload = async (file: File) => {
-    setUploading(true)
-    setError(null)
-
-    try {
-      // Use the first control as default, or a generic one
-      const controlId = state.controls.length > 0 ? state.controls[0].id : 'GENERIC'
-
-      const params = new URLSearchParams({
-        control_id: controlId,
-        evidence_type: 'document',
-        title: file.name,
-      })
-
-      const formData = new FormData()
-      formData.append('file', file)
-
-      const res = await fetch(`/api/sdk/v1/compliance/evidence/upload?${params}`, {
-        method: 'POST',
-        body: formData,
-      })
-
-      if (!res.ok) {
-        const errData = await res.json().catch(() => ({ error: 'Upload fehlgeschlagen' }))
-        throw new Error(errData.error || errData.detail || 'Upload fehlgeschlagen')
-      }
-
-      const data = await res.json()
-
-      // Add to SDK state
-      const newEvidence: SDKEvidence = {
-        id: data.id || `ev-${Date.now()}`,
-        controlId: controlId,
-        type: 'DOCUMENT',
-        name: file.name,
-        description: `Hochgeladen am ${new Date().toLocaleDateString('de-DE')}`,
-        fileUrl: data.artifact_url || null,
-        validFrom: new Date(),
-        validUntil: null,
-        uploadedBy: 'Aktueller Benutzer',
-        uploadedAt: new Date(),
-      }
-      dispatch({ type: 'ADD_EVIDENCE', payload: newEvidence })
-    } catch (err) {
-      setError(err instanceof Error ? err.message : 'Upload fehlgeschlagen')
-    } finally {
-      setUploading(false)
-    }
-  }
-
-  const handleView = (ev: DisplayEvidence) => {
-    if (ev.fileUrl) {
-      window.open(ev.fileUrl, '_blank')
-    } else {
-      alert('Keine Datei vorhanden')
-    }
-  }
-
-  const handleDownload = (ev: DisplayEvidence) => {
-    if (!ev.fileUrl) return
-    const a = document.createElement('a')
-    a.href = ev.fileUrl
-    a.download = ev.name
-    document.body.appendChild(a)
-    a.click()
-    document.body.removeChild(a)
-  }
-
-  const handleUploadClick = () => {
-    fileInputRef.current?.click()
-  }
-
-  const handleFileChange = (e: React.ChangeEvent<HTMLInputElement>) => {
-    const file = e.target.files?.[0]
-    if (file) {
-      handleUpload(file)
-      e.target.value = '' // Reset input
-    }
-  }
-
-  const stepInfo = STEP_EXPLANATIONS['evidence']
-
-  return (
-    <div className="space-y-6">
-      {/* Hidden file input */}
-      <input
-        ref={fileInputRef}
-        type="file"
-        className="hidden"
-        onChange={handleFileChange}
-        accept=".pdf,.doc,.docx,.png,.jpg,.jpeg,.json,.csv,.txt"
-      />
-
-      {/* Step Header */}
-      <StepHeader
-        stepId="evidence"
-        title={stepInfo.title}
-        description={stepInfo.description}
-        explanation={stepInfo.explanation}
-        tips={stepInfo.tips}
-      >
-        <button
-          onClick={handleUploadClick}
-          disabled={uploading}
-          className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors disabled:opacity-50"
-        >
-          {uploading ? (
-            <>
-              <svg className="w-5 h-5 animate-spin" fill="none" viewBox="0 0 24 24">
-                <circle className="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" strokeWidth="4" />
-                <path className="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4z" />
-              </svg>
-              Wird hochgeladen...
-            </>
-          ) : (
-            <>
-              <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M4 16v1a3 3 0 003 3h10a3 3 0 003-3v-1m-4-8l-4-4m0 0L8 8m4-4v12" />
-              </svg>
-              Nachweis hochladen
-            </>
-          )}
-        </button>
-      </StepHeader>
-
-      {/* Error Banner */}
-      {error && (
-        <div className="p-4 bg-red-50 border border-red-200 rounded-lg text-red-700 flex items-center justify-between">
-          <span>{error}</span>
-          <button onClick={() => setError(null)} className="text-red-500 hover:text-red-700">&times;</button>
-        </div>
-      )}
-
-      {/* Controls Alert */}
-      {state.controls.length === 0 && !loading && (
-        <div className="bg-amber-50 border border-amber-200 rounded-xl p-4">
-          <div className="flex items-start gap-3">
-            <svg className="w-5 h-5 text-amber-600 mt-0.5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-            </svg>
-            <div>
-              <h4 className="font-medium text-amber-800">Keine Kontrollen definiert</h4>
-              <p className="text-sm text-amber-700 mt-1">
-                Bitte definieren Sie zuerst Kontrollen, um die zugehoerigen Nachweise zu laden.
-              </p>
-            </div>
-          </div>
-        </div>
-      )}
-
-      {/* Stats */}
-      <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Gesamt</div>
-          <div className="text-3xl font-bold text-gray-900">{displayEvidence.length}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-green-200 p-6">
-          <div className="text-sm text-green-600">Gueltig</div>
-          <div className="text-3xl font-bold text-green-600">{validCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-red-200 p-6">
-          <div className="text-sm text-red-600">Abgelaufen</div>
-          <div className="text-3xl font-bold text-red-600">{expiredCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-yellow-200 p-6">
-          <div className="text-sm text-yellow-600">Pruefung ausstehend</div>
-          <div className="text-3xl font-bold text-yellow-600">{pendingCount}</div>
-        </div>
-      </div>
-
-      {/* Filter */}
-      <div className="flex items-center gap-2 flex-wrap">
-        <span className="text-sm text-gray-500">Filter:</span>
-        {['all', 'valid', 'expired', 'pending-review', 'document', 'certificate', 'audit-report'].map(f => (
-          <button
-            key={f}
-            onClick={() => setFilter(f)}
-            className={`px-3 py-1 text-sm rounded-full transition-colors ${
-              filter === f
-                ? 'bg-purple-600 text-white'
-                : 'bg-gray-100 text-gray-600 hover:bg-gray-200'
-            }`}
-          >
-            {f === 'all' ? 'Alle' :
-             f === 'valid' ? 'Gueltig' :
-             f === 'expired' ? 'Abgelaufen' :
-             f === 'pending-review' ? 'Ausstehend' :
-             f === 'document' ? 'Dokumente' :
-             f === 'certificate' ? 'Zertifikate' : 'Audit-Berichte'}
-          </button>
-        ))}
-      </div>
-
-      {/* Loading State */}
-      {loading && <LoadingSkeleton />}
-
-      {/* Evidence List */}
-      {!loading && (
-        <div className="space-y-4">
-          {filteredEvidence.map(ev => (
-            <EvidenceCard
-              key={ev.id}
-              evidence={ev}
-              onDelete={() => handleDelete(ev.id)}
-              onView={() => handleView(ev)}
-              onDownload={() => handleDownload(ev)}
-            />
-          ))}
-        </div>
-      )}
-
-      {/* Pagination */}
-      {!loading && total > pageSize && (
-        <div className="flex items-center justify-between bg-white rounded-xl border border-gray-200 p-4">
-          <span className="text-sm text-gray-500">
-            Zeige {((page - 1) * pageSize) + 1}–{Math.min(page * pageSize, total)} von {total} Nachweisen
-          </span>
-          <div className="flex items-center gap-2">
-            <button
-              onClick={() => setPage(p => Math.max(1, p - 1))}
-              disabled={page <= 1}
-              className="px-3 py-1 text-sm border border-gray-300 rounded-lg hover:bg-gray-50 disabled:opacity-40 disabled:cursor-not-allowed"
-            >
-              Zurueck
-            </button>
-            <span className="text-sm text-gray-700">
-              Seite {page} von {Math.ceil(total / pageSize)}
-            </span>
-            <button
-              onClick={() => setPage(p => Math.min(Math.ceil(total / pageSize), p + 1))}
-              disabled={page >= Math.ceil(total / pageSize)}
-              className="px-3 py-1 text-sm border border-gray-300 rounded-lg hover:bg-gray-50 disabled:opacity-40 disabled:cursor-not-allowed"
-            >
-              Weiter
-            </button>
-          </div>
-        </div>
-      )}
-
-      {!loading && filteredEvidence.length === 0 && state.controls.length > 0 && (
-        <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-          <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-            <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z" />
-            </svg>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">Keine Nachweise gefunden</h3>
-          <p className="mt-2 text-gray-500">Passen Sie den Filter an oder laden Sie neue Nachweise hoch.</p>
-        </div>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/iace/[projectId]/hazards/page.tsx

@@ -1,628 +0,0 @@
-'use client'
-
-import React, { useState, useEffect } from 'react'
-import { useParams } from 'next/navigation'
-
-interface Hazard {
-  id: string
-  name: string
-  description: string
-  component_id: string | null
-  component_name: string | null
-  category: string
-  status: string
-  severity: number
-  exposure: number
-  probability: number
-  r_inherent: number
-  risk_level: string
-  created_at: string
-}
-
-interface LibraryHazard {
-  id: string
-  name: string
-  description: string
-  category: string
-  default_severity: number
-  default_exposure: number
-  default_probability: number
-}
-
-const HAZARD_CATEGORIES = [
-  'mechanical', 'electrical', 'thermal', 'noise', 'vibration',
-  'radiation', 'material', 'ergonomic', 'software', 'ai_specific',
-  'cybersecurity', 'functional_safety', 'environmental',
-]
-
-const CATEGORY_LABELS: Record<string, string> = {
-  mechanical: 'Mechanisch',
-  electrical: 'Elektrisch',
-  thermal: 'Thermisch',
-  noise: 'Laerm',
-  vibration: 'Vibration',
-  radiation: 'Strahlung',
-  material: 'Stoffe/Materialien',
-  ergonomic: 'Ergonomie',
-  software: 'Software',
-  ai_specific: 'KI-spezifisch',
-  cybersecurity: 'Cybersecurity',
-  functional_safety: 'Funktionale Sicherheit',
-  environmental: 'Umgebung',
-}
-
-const STATUS_LABELS: Record<string, string> = {
-  identified: 'Identifiziert',
-  assessed: 'Bewertet',
-  mitigated: 'Gemindert',
-  accepted: 'Akzeptiert',
-  closed: 'Geschlossen',
-}
-
-function getRiskColor(level: string): string {
-  switch (level) {
-    case 'critical': return 'bg-red-100 text-red-700 border-red-200'
-    case 'high': return 'bg-orange-100 text-orange-700 border-orange-200'
-    case 'medium': return 'bg-yellow-100 text-yellow-700 border-yellow-200'
-    case 'low': return 'bg-green-100 text-green-700 border-green-200'
-    default: return 'bg-gray-100 text-gray-700 border-gray-200'
-  }
-}
-
-function getRiskLevel(r: number): string {
-  if (r >= 100) return 'critical'
-  if (r >= 50) return 'high'
-  if (r >= 20) return 'medium'
-  return 'low'
-}
-
-function getRiskLevelLabel(level: string): string {
-  switch (level) {
-    case 'critical': return 'Kritisch'
-    case 'high': return 'Hoch'
-    case 'medium': return 'Mittel'
-    case 'low': return 'Niedrig'
-    default: return level
-  }
-}
-
-function RiskBadge({ level }: { level: string }) {
-  return (
-    <span className={`inline-flex items-center px-2 py-0.5 rounded-full text-xs font-medium border ${getRiskColor(level)}`}>
-      {getRiskLevelLabel(level)}
-    </span>
-  )
-}
-
-interface HazardFormData {
-  name: string
-  description: string
-  category: string
-  component_id: string
-  severity: number
-  exposure: number
-  probability: number
-}
-
-function HazardForm({
-  onSubmit,
-  onCancel,
-}: {
-  onSubmit: (data: HazardFormData) => void
-  onCancel: () => void
-}) {
-  const [formData, setFormData] = useState<HazardFormData>({
-    name: '',
-    description: '',
-    category: 'mechanical',
-    component_id: '',
-    severity: 3,
-    exposure: 3,
-    probability: 3,
-  })
-
-  const rInherent = formData.severity * formData.exposure * formData.probability
-  const riskLevel = getRiskLevel(rInherent)
-
-  return (
-    <div className="bg-white dark:bg-gray-800 rounded-xl border border-gray-200 dark:border-gray-700 p-6">
-      <h3 className="text-lg font-semibold text-gray-900 dark:text-white mb-4">Neue Gefaehrdung</h3>
-      <div className="space-y-4">
-        <div className="grid grid-cols-1 md:grid-cols-2 gap-4">
-          <div>
-            <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Bezeichnung *</label>
-            <input
-              type="text"
-              value={formData.name}
-              onChange={(e) => setFormData({ ...formData, name: e.target.value })}
-              placeholder="z.B. Quetschung durch Roboterarm"
-              className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-            />
-          </div>
-          <div>
-            <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Kategorie</label>
-            <select
-              value={formData.category}
-              onChange={(e) => setFormData({ ...formData, category: e.target.value })}
-              className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-            >
-              {HAZARD_CATEGORIES.map((cat) => (
-                <option key={cat} value={cat}>{CATEGORY_LABELS[cat] || cat}</option>
-              ))}
-            </select>
-          </div>
-        </div>
-
-        <div>
-          <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Beschreibung</label>
-          <textarea
-            value={formData.description}
-            onChange={(e) => setFormData({ ...formData, description: e.target.value })}
-            rows={2}
-            placeholder="Detaillierte Beschreibung der Gefaehrdung..."
-            className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-          />
-        </div>
-
-        {/* S/E/P Sliders */}
-        <div className="bg-gray-50 dark:bg-gray-750 rounded-lg p-4">
-          <h4 className="text-sm font-medium text-gray-700 dark:text-gray-300 mb-3">Risikobewertung (S x E x P)</h4>
-          <div className="grid grid-cols-1 md:grid-cols-3 gap-6">
-            <div>
-              <label className="block text-sm text-gray-600 dark:text-gray-400 mb-1">
-                Schwere (S): <span className="font-bold">{formData.severity}</span>
-              </label>
-              <input
-                type="range"
-                min={1}
-                max={5}
-                value={formData.severity}
-                onChange={(e) => setFormData({ ...formData, severity: Number(e.target.value) })}
-                className="w-full accent-purple-600"
-              />
-              <div className="flex justify-between text-xs text-gray-400">
-                <span>Gering</span>
-                <span>Toedlich</span>
-              </div>
-            </div>
-            <div>
-              <label className="block text-sm text-gray-600 dark:text-gray-400 mb-1">
-                Exposition (E): <span className="font-bold">{formData.exposure}</span>
-              </label>
-              <input
-                type="range"
-                min={1}
-                max={5}
-                value={formData.exposure}
-                onChange={(e) => setFormData({ ...formData, exposure: Number(e.target.value) })}
-                className="w-full accent-purple-600"
-              />
-              <div className="flex justify-between text-xs text-gray-400">
-                <span>Selten</span>
-                <span>Staendig</span>
-              </div>
-            </div>
-            <div>
-              <label className="block text-sm text-gray-600 dark:text-gray-400 mb-1">
-                Wahrscheinlichkeit (P): <span className="font-bold">{formData.probability}</span>
-              </label>
-              <input
-                type="range"
-                min={1}
-                max={5}
-                value={formData.probability}
-                onChange={(e) => setFormData({ ...formData, probability: Number(e.target.value) })}
-                className="w-full accent-purple-600"
-              />
-              <div className="flex justify-between text-xs text-gray-400">
-                <span>Unwahrscheinlich</span>
-                <span>Sehr wahrscheinlich</span>
-              </div>
-            </div>
-          </div>
-
-          <div className={`mt-4 p-3 rounded-lg border ${getRiskColor(riskLevel)}`}>
-            <div className="flex items-center justify-between">
-              <span className="text-sm font-medium">R_inherent = S x E x P</span>
-              <div className="flex items-center gap-2">
-                <span className="text-lg font-bold">{rInherent}</span>
-                <RiskBadge level={riskLevel} />
-              </div>
-            </div>
-          </div>
-        </div>
-      </div>
-
-      <div className="mt-4 flex items-center gap-3">
-        <button
-          onClick={() => onSubmit(formData)}
-          disabled={!formData.name}
-          className={`px-6 py-2 rounded-lg font-medium transition-colors ${
-            formData.name
-              ? 'bg-purple-600 text-white hover:bg-purple-700'
-              : 'bg-gray-200 text-gray-400 cursor-not-allowed'
-          }`}
-        >
-          Hinzufuegen
-        </button>
-        <button onClick={onCancel} className="px-4 py-2 text-gray-600 hover:bg-gray-100 rounded-lg transition-colors">
-          Abbrechen
-        </button>
-      </div>
-    </div>
-  )
-}
-
-function LibraryModal({
-  library,
-  onAdd,
-  onClose,
-}: {
-  library: LibraryHazard[]
-  onAdd: (item: LibraryHazard) => void
-  onClose: () => void
-}) {
-  const [search, setSearch] = useState('')
-  const [filterCat, setFilterCat] = useState('')
-
-  const filtered = library.filter((h) => {
-    const matchSearch = !search || h.name.toLowerCase().includes(search.toLowerCase()) || h.description.toLowerCase().includes(search.toLowerCase())
-    const matchCat = !filterCat || h.category === filterCat
-    return matchSearch && matchCat
-  })
-
-  return (
-    <div className="fixed inset-0 bg-black/50 flex items-center justify-center z-50 p-4">
-      <div className="bg-white dark:bg-gray-800 rounded-xl w-full max-w-2xl max-h-[80vh] flex flex-col">
-        <div className="p-6 border-b border-gray-200 dark:border-gray-700">
-          <div className="flex items-center justify-between mb-4">
-            <h3 className="text-lg font-semibold text-gray-900 dark:text-white">Gefaehrdungsbibliothek</h3>
-            <button onClick={onClose} className="p-1 text-gray-400 hover:text-gray-600 rounded">
-              <svg className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
-              </svg>
-            </button>
-          </div>
-          <div className="flex gap-3">
-            <input
-              type="text"
-              value={search}
-              onChange={(e) => setSearch(e.target.value)}
-              placeholder="Suchen..."
-              className="flex-1 px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-            />
-            <select
-              value={filterCat}
-              onChange={(e) => setFilterCat(e.target.value)}
-              className="px-3 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-            >
-              <option value="">Alle Kategorien</option>
-              {HAZARD_CATEGORIES.map((cat) => (
-                <option key={cat} value={cat}>{CATEGORY_LABELS[cat] || cat}</option>
-              ))}
-            </select>
-          </div>
-        </div>
-        <div className="flex-1 overflow-auto p-4 space-y-2">
-          {filtered.length > 0 ? (
-            filtered.map((item) => (
-              <div
-                key={item.id}
-                className="flex items-center justify-between p-3 rounded-lg border border-gray-200 dark:border-gray-700 hover:bg-gray-50 dark:hover:bg-gray-750"
-              >
-                <div className="flex-1 min-w-0 mr-3">
-                  <div className="text-sm font-medium text-gray-900 dark:text-white">{item.name}</div>
-                  <div className="text-xs text-gray-500 truncate">{item.description}</div>
-                  <div className="flex items-center gap-2 mt-1">
-                    <span className="text-xs text-gray-400">{CATEGORY_LABELS[item.category] || item.category}</span>
-                    <span className="text-xs text-gray-400">S:{item.default_severity} E:{item.default_exposure} P:{item.default_probability}</span>
-                  </div>
-                </div>
-                <button
-                  onClick={() => onAdd(item)}
-                  className="flex-shrink-0 px-3 py-1.5 text-xs bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-                >
-                  Hinzufuegen
-                </button>
-              </div>
-            ))
-          ) : (
-            <div className="text-center py-8 text-gray-500">Keine Eintraege gefunden</div>
-          )}
-        </div>
-      </div>
-    </div>
-  )
-}
-
-export default function HazardsPage() {
-  const params = useParams()
-  const projectId = params.projectId as string
-  const [hazards, setHazards] = useState<Hazard[]>([])
-  const [library, setLibrary] = useState<LibraryHazard[]>([])
-  const [loading, setLoading] = useState(true)
-  const [showForm, setShowForm] = useState(false)
-  const [showLibrary, setShowLibrary] = useState(false)
-  const [suggestingAI, setSuggestingAI] = useState(false)
-
-  useEffect(() => {
-    fetchHazards()
-  }, [projectId])
-
-  async function fetchHazards() {
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/hazards`)
-      if (res.ok) {
-        const json = await res.json()
-        setHazards(json.hazards || json || [])
-      }
-    } catch (err) {
-      console.error('Failed to fetch hazards:', err)
-    } finally {
-      setLoading(false)
-    }
-  }
-
-  async function fetchLibrary() {
-    try {
-      const res = await fetch('/api/sdk/v1/iace/hazard-library')
-      if (res.ok) {
-        const json = await res.json()
-        setLibrary(json.hazards || json || [])
-      }
-    } catch (err) {
-      console.error('Failed to fetch hazard library:', err)
-    }
-    setShowLibrary(true)
-  }
-
-  async function handleAddFromLibrary(item: LibraryHazard) {
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/hazards`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-          name: item.name,
-          description: item.description,
-          category: item.category,
-          severity: item.default_severity,
-          exposure: item.default_exposure,
-          probability: item.default_probability,
-        }),
-      })
-      if (res.ok) {
-        await fetchHazards()
-      }
-    } catch (err) {
-      console.error('Failed to add from library:', err)
-    }
-  }
-
-  async function handleSubmit(data: HazardFormData) {
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/hazards`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(data),
-      })
-      if (res.ok) {
-        setShowForm(false)
-        await fetchHazards()
-      }
-    } catch (err) {
-      console.error('Failed to add hazard:', err)
-    }
-  }
-
-  async function handleAISuggestions() {
-    setSuggestingAI(true)
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/hazards/suggest`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-      })
-      if (res.ok) {
-        await fetchHazards()
-      }
-    } catch (err) {
-      console.error('Failed to get AI suggestions:', err)
-    } finally {
-      setSuggestingAI(false)
-    }
-  }
-
-  async function handleDelete(id: string) {
-    if (!confirm('Gefaehrdung wirklich loeschen?')) return
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/hazards/${id}`, { method: 'DELETE' })
-      if (res.ok) {
-        await fetchHazards()
-      }
-    } catch (err) {
-      console.error('Failed to delete hazard:', err)
-    }
-  }
-
-  if (loading) {
-    return (
-      <div className="flex items-center justify-center h-64">
-        <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-purple-600" />
-      </div>
-    )
-  }
-
-  return (
-    <div className="space-y-6">
-      {/* Header */}
-      <div className="flex items-start justify-between">
-        <div>
-          <h1 className="text-2xl font-bold text-gray-900 dark:text-white">Hazard Log</h1>
-          <p className="mt-1 text-sm text-gray-500 dark:text-gray-400">
-            Gefaehrdungsanalyse mit Risikobewertung nach S x E x P Methode.
-          </p>
-        </div>
-        <div className="flex items-center gap-2">
-          <button
-            onClick={handleAISuggestions}
-            disabled={suggestingAI}
-            className="flex items-center gap-2 px-3 py-2 border border-purple-300 text-purple-700 rounded-lg hover:bg-purple-50 transition-colors disabled:opacity-50 text-sm"
-          >
-            {suggestingAI ? (
-              <div className="animate-spin rounded-full h-4 w-4 border-b-2 border-purple-600" />
-            ) : (
-              <svg className="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M13 10V3L4 14h7v7l9-11h-7z" />
-              </svg>
-            )}
-            KI-Vorschlaege
-          </button>
-          <button
-            onClick={fetchLibrary}
-            className="flex items-center gap-2 px-3 py-2 border border-gray-300 text-gray-700 rounded-lg hover:bg-gray-50 transition-colors text-sm"
-          >
-            <svg className="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6.253v13m0-13C10.832 5.477 9.246 5 7.5 5S4.168 5.477 3 6.253v13C4.168 18.477 5.754 18 7.5 18s3.332.477 4.5 1.253m0-13C13.168 5.477 14.754 5 16.5 5c1.747 0 3.332.477 4.5 1.253v13C19.832 18.477 18.247 18 16.5 18c-1.746 0-3.332.477-4.5 1.253" />
-            </svg>
-            Aus Bibliothek
-          </button>
-          <button
-            onClick={() => setShowForm(true)}
-            className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors text-sm"
-          >
-            <svg className="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-            </svg>
-            Manuell hinzufuegen
-          </button>
-        </div>
-      </div>
-
-      {/* Stats */}
-      {hazards.length > 0 && (
-        <div className="grid grid-cols-2 md:grid-cols-5 gap-3">
-          <div className="bg-white dark:bg-gray-800 rounded-lg border border-gray-200 dark:border-gray-700 p-4 text-center">
-            <div className="text-2xl font-bold text-gray-900 dark:text-white">{hazards.length}</div>
-            <div className="text-xs text-gray-500">Gesamt</div>
-          </div>
-          <div className="bg-white dark:bg-gray-800 rounded-lg border border-red-200 p-4 text-center">
-            <div className="text-2xl font-bold text-red-600">{hazards.filter((h) => h.risk_level === 'critical').length}</div>
-            <div className="text-xs text-red-600">Kritisch</div>
-          </div>
-          <div className="bg-white dark:bg-gray-800 rounded-lg border border-orange-200 p-4 text-center">
-            <div className="text-2xl font-bold text-orange-600">{hazards.filter((h) => h.risk_level === 'high').length}</div>
-            <div className="text-xs text-orange-600">Hoch</div>
-          </div>
-          <div className="bg-white dark:bg-gray-800 rounded-lg border border-yellow-200 p-4 text-center">
-            <div className="text-2xl font-bold text-yellow-600">{hazards.filter((h) => h.risk_level === 'medium').length}</div>
-            <div className="text-xs text-yellow-600">Mittel</div>
-          </div>
-          <div className="bg-white dark:bg-gray-800 rounded-lg border border-green-200 p-4 text-center">
-            <div className="text-2xl font-bold text-green-600">{hazards.filter((h) => h.risk_level === 'low').length}</div>
-            <div className="text-xs text-green-600">Niedrig</div>
-          </div>
-        </div>
-      )}
-
-      {/* Form */}
-      {showForm && (
-        <HazardForm onSubmit={handleSubmit} onCancel={() => setShowForm(false)} />
-      )}
-
-      {/* Library Modal */}
-      {showLibrary && (
-        <LibraryModal
-          library={library}
-          onAdd={handleAddFromLibrary}
-          onClose={() => setShowLibrary(false)}
-        />
-      )}
-
-      {/* Hazard Table */}
-      {hazards.length > 0 ? (
-        <div className="bg-white dark:bg-gray-800 rounded-xl border border-gray-200 dark:border-gray-700 overflow-hidden">
-          <div className="overflow-x-auto">
-            <table className="w-full">
-              <thead>
-                <tr className="bg-gray-50 dark:bg-gray-750 border-b border-gray-200 dark:border-gray-700">
-                  <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Bezeichnung</th>
-                  <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Kategorie</th>
-                  <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Komponente</th>
-                  <th className="px-4 py-3 text-center text-xs font-medium text-gray-500 uppercase tracking-wider">S</th>
-                  <th className="px-4 py-3 text-center text-xs font-medium text-gray-500 uppercase tracking-wider">E</th>
-                  <th className="px-4 py-3 text-center text-xs font-medium text-gray-500 uppercase tracking-wider">P</th>
-                  <th className="px-4 py-3 text-center text-xs font-medium text-gray-500 uppercase tracking-wider">R</th>
-                  <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Risiko</th>
-                  <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Status</th>
-                  <th className="px-4 py-3 text-right text-xs font-medium text-gray-500 uppercase tracking-wider">Aktionen</th>
-                </tr>
-              </thead>
-              <tbody className="divide-y divide-gray-200 dark:divide-gray-700">
-                {hazards
-                  .sort((a, b) => b.r_inherent - a.r_inherent)
-                  .map((hazard) => (
-                    <tr key={hazard.id} className="hover:bg-gray-50 dark:hover:bg-gray-750 transition-colors">
-                      <td className="px-4 py-3">
-                        <div className="text-sm font-medium text-gray-900 dark:text-white">{hazard.name}</div>
-                        {hazard.description && (
-                          <div className="text-xs text-gray-500 truncate max-w-[250px]">{hazard.description}</div>
-                        )}
-                      </td>
-                      <td className="px-4 py-3 text-sm text-gray-600">{CATEGORY_LABELS[hazard.category] || hazard.category}</td>
-                      <td className="px-4 py-3 text-sm text-gray-600">{hazard.component_name || '--'}</td>
-                      <td className="px-4 py-3 text-sm text-gray-900 dark:text-white text-center font-medium">{hazard.severity}</td>
-                      <td className="px-4 py-3 text-sm text-gray-900 dark:text-white text-center font-medium">{hazard.exposure}</td>
-                      <td className="px-4 py-3 text-sm text-gray-900 dark:text-white text-center font-medium">{hazard.probability}</td>
-                      <td className="px-4 py-3 text-sm text-gray-900 dark:text-white text-center font-bold">{hazard.r_inherent}</td>
-                      <td className="px-4 py-3"><RiskBadge level={hazard.risk_level} /></td>
-                      <td className="px-4 py-3">
-                        <span className="text-xs text-gray-500">{STATUS_LABELS[hazard.status] || hazard.status}</span>
-                      </td>
-                      <td className="px-4 py-3 text-right">
-                        <button
-                          onClick={() => handleDelete(hazard.id)}
-                          className="p-1 text-gray-400 hover:text-red-600 hover:bg-red-50 rounded transition-colors"
-                        >
-                          <svg className="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
-                          </svg>
-                        </button>
-                      </td>
-                    </tr>
-                  ))}
-              </tbody>
-            </table>
-          </div>
-        </div>
-      ) : (
-        !showForm && (
-          <div className="bg-white dark:bg-gray-800 rounded-xl border border-gray-200 dark:border-gray-700 p-12 text-center">
-            <div className="w-16 h-16 mx-auto bg-orange-100 dark:bg-orange-900/30 rounded-full flex items-center justify-center mb-4">
-              <svg className="w-8 h-8 text-orange-600" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-              </svg>
-            </div>
-            <h3 className="text-lg font-semibold text-gray-900 dark:text-white">Kein Hazard Log vorhanden</h3>
-            <p className="mt-2 text-gray-500 max-w-md mx-auto">
-              Beginnen Sie mit der systematischen Erfassung von Gefaehrdungen. Nutzen Sie die Bibliothek
-              oder KI-Vorschlaege als Ausgangspunkt.
-            </p>
-            <div className="mt-6 flex items-center justify-center gap-3">
-              <button
-                onClick={() => setShowForm(true)}
-                className="px-6 py-3 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-              >
-                Manuell hinzufuegen
-              </button>
-              <button
-                onClick={fetchLibrary}
-                className="px-6 py-3 border border-gray-300 text-gray-700 rounded-lg hover:bg-gray-50 transition-colors"
-              >
-                Bibliothek oeffnen
-              </button>
-            </div>
-          </div>
-        )
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/iace/[projectId]/mitigations/page.tsx

@@ -1,413 +0,0 @@
-'use client'
-
-import React, { useState, useEffect } from 'react'
-import { useParams } from 'next/navigation'
-
-interface Mitigation {
-  id: string
-  title: string
-  description: string
-  reduction_type: 'design' | 'protection' | 'information'
-  status: 'planned' | 'implemented' | 'verified'
-  linked_hazard_ids: string[]
-  linked_hazard_names: string[]
-  created_at: string
-  verified_at: string | null
-  verified_by: string | null
-}
-
-interface Hazard {
-  id: string
-  name: string
-  risk_level: string
-}
-
-const REDUCTION_TYPES = {
-  design: {
-    label: 'Design',
-    description: 'Inhaerent sichere Konstruktion',
-    color: 'border-blue-200 bg-blue-50',
-    headerColor: 'bg-blue-100 text-blue-800',
-    icon: (
-      <svg className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M11 4a2 2 0 114 0v1a1 1 0 001 1h3a1 1 0 011 1v3a1 1 0 01-1 1h-1a2 2 0 100 4h1a1 1 0 011 1v3a1 1 0 01-1 1h-3a1 1 0 01-1-1v-1a2 2 0 10-4 0v1a1 1 0 01-1 1H7a1 1 0 01-1-1v-3a1 1 0 00-1-1H4a2 2 0 110-4h1a1 1 0 001-1V7a1 1 0 011-1h3a1 1 0 001-1V4z" />
-      </svg>
-    ),
-  },
-  protection: {
-    label: 'Schutz',
-    description: 'Technische Schutzmassnahmen',
-    color: 'border-green-200 bg-green-50',
-    headerColor: 'bg-green-100 text-green-800',
-    icon: (
-      <svg className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z" />
-      </svg>
-    ),
-  },
-  information: {
-    label: 'Information',
-    description: 'Hinweise und Schulungen',
-    color: 'border-yellow-200 bg-yellow-50',
-    headerColor: 'bg-yellow-100 text-yellow-800',
-    icon: (
-      <svg className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
-      </svg>
-    ),
-  },
-}
-
-function StatusBadge({ status }: { status: string }) {
-  const colors: Record<string, string> = {
-    planned: 'bg-gray-100 text-gray-700',
-    implemented: 'bg-blue-100 text-blue-700',
-    verified: 'bg-green-100 text-green-700',
-  }
-  const labels: Record<string, string> = {
-    planned: 'Geplant',
-    implemented: 'Umgesetzt',
-    verified: 'Verifiziert',
-  }
-  return (
-    <span className={`inline-flex items-center px-2 py-0.5 rounded-full text-xs font-medium ${colors[status] || colors.planned}`}>
-      {labels[status] || status}
-    </span>
-  )
-}
-
-interface MitigationFormData {
-  title: string
-  description: string
-  reduction_type: 'design' | 'protection' | 'information'
-  linked_hazard_ids: string[]
-}
-
-function MitigationForm({
-  onSubmit,
-  onCancel,
-  hazards,
-  preselectedType,
-}: {
-  onSubmit: (data: MitigationFormData) => void
-  onCancel: () => void
-  hazards: Hazard[]
-  preselectedType?: 'design' | 'protection' | 'information'
-}) {
-  const [formData, setFormData] = useState<MitigationFormData>({
-    title: '',
-    description: '',
-    reduction_type: preselectedType || 'design',
-    linked_hazard_ids: [],
-  })
-
-  function toggleHazard(id: string) {
-    setFormData((prev) => ({
-      ...prev,
-      linked_hazard_ids: prev.linked_hazard_ids.includes(id)
-        ? prev.linked_hazard_ids.filter((h) => h !== id)
-        : [...prev.linked_hazard_ids, id],
-    }))
-  }
-
-  return (
-    <div className="bg-white dark:bg-gray-800 rounded-xl border border-gray-200 dark:border-gray-700 p-6">
-      <h3 className="text-lg font-semibold text-gray-900 dark:text-white mb-4">Neue Massnahme</h3>
-      <div className="space-y-4">
-        <div className="grid grid-cols-1 md:grid-cols-2 gap-4">
-          <div>
-            <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Titel *</label>
-            <input
-              type="text"
-              value={formData.title}
-              onChange={(e) => setFormData({ ...formData, title: e.target.value })}
-              placeholder="z.B. Lichtvorhang an Gefahrenstelle"
-              className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-            />
-          </div>
-          <div>
-            <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Reduktionstyp</label>
-            <select
-              value={formData.reduction_type}
-              onChange={(e) => setFormData({ ...formData, reduction_type: e.target.value as MitigationFormData['reduction_type'] })}
-              className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-            >
-              <option value="design">Design - Inhaerent sichere Konstruktion</option>
-              <option value="protection">Schutz - Technische Schutzmassnahmen</option>
-              <option value="information">Information - Hinweise und Schulungen</option>
-            </select>
-          </div>
-        </div>
-        <div>
-          <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Beschreibung</label>
-          <textarea
-            value={formData.description}
-            onChange={(e) => setFormData({ ...formData, description: e.target.value })}
-            rows={2}
-            placeholder="Detaillierte Beschreibung der Massnahme..."
-            className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-          />
-        </div>
-        {hazards.length > 0 && (
-          <div>
-            <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">Verknuepfte Gefaehrdungen</label>
-            <div className="flex flex-wrap gap-2">
-              {hazards.map((h) => (
-                <button
-                  key={h.id}
-                  onClick={() => toggleHazard(h.id)}
-                  className={`px-3 py-1.5 text-xs rounded-lg border transition-colors ${
-                    formData.linked_hazard_ids.includes(h.id)
-                      ? 'border-purple-400 bg-purple-50 text-purple-700'
-                      : 'border-gray-200 bg-white text-gray-600 hover:bg-gray-50'
-                  }`}
-                >
-                  {h.name}
-                </button>
-              ))}
-            </div>
-          </div>
-        )}
-      </div>
-      <div className="mt-4 flex items-center gap-3">
-        <button
-          onClick={() => onSubmit(formData)}
-          disabled={!formData.title}
-          className={`px-6 py-2 rounded-lg font-medium transition-colors ${
-            formData.title
-              ? 'bg-purple-600 text-white hover:bg-purple-700'
-              : 'bg-gray-200 text-gray-400 cursor-not-allowed'
-          }`}
-        >
-          Hinzufuegen
-        </button>
-        <button onClick={onCancel} className="px-4 py-2 text-gray-600 hover:bg-gray-100 rounded-lg transition-colors">
-          Abbrechen
-        </button>
-      </div>
-    </div>
-  )
-}
-
-function MitigationCard({
-  mitigation,
-  onVerify,
-  onDelete,
-}: {
-  mitigation: Mitigation
-  onVerify: (id: string) => void
-  onDelete: (id: string) => void
-}) {
-  return (
-    <div className="bg-white dark:bg-gray-800 rounded-lg border border-gray-200 dark:border-gray-700 p-4">
-      <div className="flex items-start justify-between mb-2">
-        <h4 className="text-sm font-medium text-gray-900 dark:text-white">{mitigation.title}</h4>
-        <StatusBadge status={mitigation.status} />
-      </div>
-      {mitigation.description && (
-        <p className="text-xs text-gray-500 mb-3">{mitigation.description}</p>
-      )}
-      {mitigation.linked_hazard_names.length > 0 && (
-        <div className="mb-3">
-          <div className="flex flex-wrap gap-1">
-            {mitigation.linked_hazard_names.map((name, i) => (
-              <span key={i} className="inline-flex items-center px-1.5 py-0.5 rounded text-xs bg-gray-100 text-gray-600 dark:bg-gray-700 dark:text-gray-400">
-                {name}
-              </span>
-            ))}
-          </div>
-        </div>
-      )}
-      <div className="flex items-center gap-2">
-        {mitigation.status !== 'verified' && (
-          <button
-            onClick={() => onVerify(mitigation.id)}
-            className="text-xs px-2.5 py-1 bg-green-50 text-green-700 border border-green-200 rounded-lg hover:bg-green-100 transition-colors"
-          >
-            Verifizieren
-          </button>
-        )}
-        <button
-          onClick={() => onDelete(mitigation.id)}
-          className="text-xs px-2.5 py-1 text-red-600 hover:bg-red-50 rounded-lg transition-colors"
-        >
-          Loeschen
-        </button>
-      </div>
-    </div>
-  )
-}
-
-export default function MitigationsPage() {
-  const params = useParams()
-  const projectId = params.projectId as string
-  const [mitigations, setMitigations] = useState<Mitigation[]>([])
-  const [hazards, setHazards] = useState<Hazard[]>([])
-  const [loading, setLoading] = useState(true)
-  const [showForm, setShowForm] = useState(false)
-  const [preselectedType, setPreselectedType] = useState<'design' | 'protection' | 'information' | undefined>()
-
-  useEffect(() => {
-    fetchData()
-  }, [projectId])
-
-  async function fetchData() {
-    try {
-      const [mitRes, hazRes] = await Promise.all([
-        fetch(`/api/sdk/v1/iace/projects/${projectId}/mitigations`),
-        fetch(`/api/sdk/v1/iace/projects/${projectId}/hazards`),
-      ])
-      if (mitRes.ok) {
-        const json = await mitRes.json()
-        setMitigations(json.mitigations || json || [])
-      }
-      if (hazRes.ok) {
-        const json = await hazRes.json()
-        setHazards((json.hazards || json || []).map((h: Hazard) => ({ id: h.id, name: h.name, risk_level: h.risk_level })))
-      }
-    } catch (err) {
-      console.error('Failed to fetch data:', err)
-    } finally {
-      setLoading(false)
-    }
-  }
-
-  async function handleSubmit(data: MitigationFormData) {
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/mitigations`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(data),
-      })
-      if (res.ok) {
-        setShowForm(false)
-        setPreselectedType(undefined)
-        await fetchData()
-      }
-    } catch (err) {
-      console.error('Failed to add mitigation:', err)
-    }
-  }
-
-  async function handleVerify(id: string) {
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/mitigations/${id}/verify`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-      })
-      if (res.ok) {
-        await fetchData()
-      }
-    } catch (err) {
-      console.error('Failed to verify mitigation:', err)
-    }
-  }
-
-  async function handleDelete(id: string) {
-    if (!confirm('Massnahme wirklich loeschen?')) return
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/mitigations/${id}`, { method: 'DELETE' })
-      if (res.ok) {
-        await fetchData()
-      }
-    } catch (err) {
-      console.error('Failed to delete mitigation:', err)
-    }
-  }
-
-  function handleAddForType(type: 'design' | 'protection' | 'information') {
-    setPreselectedType(type)
-    setShowForm(true)
-  }
-
-  const byType = {
-    design: mitigations.filter((m) => m.reduction_type === 'design'),
-    protection: mitigations.filter((m) => m.reduction_type === 'protection'),
-    information: mitigations.filter((m) => m.reduction_type === 'information'),
-  }
-
-  if (loading) {
-    return (
-      <div className="flex items-center justify-center h-64">
-        <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-purple-600" />
-      </div>
-    )
-  }
-
-  return (
-    <div className="space-y-6">
-      {/* Header */}
-      <div className="flex items-center justify-between">
-        <div>
-          <h1 className="text-2xl font-bold text-gray-900 dark:text-white">Massnahmen</h1>
-          <p className="mt-1 text-sm text-gray-500 dark:text-gray-400">
-            Risikominderung nach dem 3-Stufen-Verfahren: Design, Schutz, Information.
-          </p>
-        </div>
-        <button
-          onClick={() => {
-            setPreselectedType(undefined)
-            setShowForm(true)
-          }}
-          className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-        >
-          <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-          </svg>
-          Massnahme hinzufuegen
-        </button>
-      </div>
-
-      {/* Form */}
-      {showForm && (
-        <MitigationForm
-          onSubmit={handleSubmit}
-          onCancel={() => {
-            setShowForm(false)
-            setPreselectedType(undefined)
-          }}
-          hazards={hazards}
-          preselectedType={preselectedType}
-        />
-      )}
-
-      {/* 3-Column Layout */}
-      <div className="grid grid-cols-1 lg:grid-cols-3 gap-6">
-        {(['design', 'protection', 'information'] as const).map((type) => {
-          const config = REDUCTION_TYPES[type]
-          const items = byType[type]
-          return (
-            <div key={type} className={`rounded-xl border ${config.color} p-4`}>
-              <div className={`flex items-center gap-2 px-3 py-2 rounded-lg ${config.headerColor} mb-4`}>
-                {config.icon}
-                <div>
-                  <h3 className="text-sm font-semibold">{config.label}</h3>
-                  <p className="text-xs opacity-75">{config.description}</p>
-                </div>
-                <span className="ml-auto text-sm font-bold">{items.length}</span>
-              </div>
-
-              <div className="space-y-3">
-                {items.map((m) => (
-                  <MitigationCard
-                    key={m.id}
-                    mitigation={m}
-                    onVerify={handleVerify}
-                    onDelete={handleDelete}
-                  />
-                ))}
-              </div>
-
-              <button
-                onClick={() => handleAddForType(type)}
-                className="mt-3 w-full py-2 text-sm text-gray-500 hover:text-purple-600 hover:bg-white rounded-lg border border-dashed border-gray-300 hover:border-purple-300 transition-colors"
-              >
-                + Massnahme hinzufuegen
-              </button>
-            </div>
-          )
-        })}
-      </div>
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/use-cases/new/page.tsx

@@ -1,681 +0,0 @@
-'use client'
-
-import React, { useState, useEffect, Suspense } from 'react'
-import { useRouter, useSearchParams } from 'next/navigation'
-import { AssessmentResultCard } from '@/components/sdk/use-case-assessment/AssessmentResultCard'
-
-// =============================================================================
-// WIZARD STEPS CONFIG
-// =============================================================================
-
-const WIZARD_STEPS = [
-  { id: 1, title: 'Grundlegendes', description: 'Titel und Beschreibung' },
-  { id: 2, title: 'Datenkategorien', description: 'Welche Daten werden verarbeitet?' },
-  { id: 3, title: 'Verarbeitungszweck', description: 'Rechtsgrundlage und Zweck' },
-  { id: 4, title: 'Automatisierung', description: 'Grad der Automatisierung' },
-  { id: 5, title: 'Hosting & Modell', description: 'Technische Details' },
-  { id: 6, title: 'Datentransfer', description: 'Internationaler Datentransfer' },
-  { id: 7, title: 'Datenhaltung', description: 'Aufbewahrung und Speicherung' },
-  { id: 8, title: 'Vertraege', description: 'Compliance und Vereinbarungen' },
-]
-
-const DOMAINS = [
-  { value: 'healthcare', label: 'Gesundheit' },
-  { value: 'finance', label: 'Finanzen' },
-  { value: 'education', label: 'Bildung' },
-  { value: 'retail', label: 'Handel' },
-  { value: 'it_services', label: 'IT-Dienstleistungen' },
-  { value: 'consulting', label: 'Beratung' },
-  { value: 'manufacturing', label: 'Produktion' },
-  { value: 'hr', label: 'Personalwesen' },
-  { value: 'marketing', label: 'Marketing' },
-  { value: 'legal', label: 'Recht' },
-  { value: 'public', label: 'Oeffentlicher Sektor' },
-  { value: 'general', label: 'Allgemein' },
-]
-
-// =============================================================================
-// MAIN COMPONENT
-// =============================================================================
-
-function NewUseCasePageInner() {
-  const router = useRouter()
-  const searchParams = useSearchParams()
-  const editId = searchParams.get('edit')
-  const isEditMode = !!editId
-
-  const [currentStep, setCurrentStep] = useState(1)
-  const [isSubmitting, setIsSubmitting] = useState(false)
-  const [editLoading, setEditLoading] = useState(false)
-  const [result, setResult] = useState<unknown>(null)
-  const [error, setError] = useState<string | null>(null)
-
-  // Form state
-  const [form, setForm] = useState({
-    title: '',
-    use_case_text: '',
-    domain: 'general',
-    // Data Types
-    personal_data: false,
-    special_categories: false,
-    minors_data: false,
-    health_data: false,
-    biometric_data: false,
-    financial_data: false,
-    // Purpose
-    purpose_profiling: false,
-    purpose_automated_decision: false,
-    purpose_marketing: false,
-    purpose_analytics: false,
-    purpose_service_delivery: false,
-    // Automation
-    automation: 'assistive' as 'assistive' | 'semi_automated' | 'fully_automated',
-    // Hosting
-    hosting_provider: 'self_hosted',
-    hosting_region: 'eu',
-    // Model Usage
-    model_rag: false,
-    model_finetune: false,
-    model_training: false,
-    model_inference: true,
-    // Legal Basis (Step 3)
-    legal_basis: 'consent' as 'consent' | 'contract' | 'legitimate_interest' | 'legal_obligation' | 'vital_interest' | 'public_interest',
-    // Data Transfer (Step 6)
-    international_transfer: false,
-    transfer_countries: [] as string[],
-    transfer_mechanism: 'none' as 'none' | 'scc' | 'bcr' | 'adequacy' | 'derogation',
-    // Retention (Step 7)
-    retention_days: 90,
-    retention_purpose: '',
-    // Contracts (Step 8)
-    has_dpa: false,
-    has_aia_documentation: false,
-    has_risk_assessment: false,
-    subprocessors: '',
-  })
-
-  const updateForm = (updates: Partial<typeof form>) => {
-    setForm(prev => ({ ...prev, ...updates }))
-  }
-
-  // Pre-fill form when in edit mode
-  useEffect(() => {
-    if (!editId) return
-    setEditLoading(true)
-    fetch(`/api/sdk/v1/ucca/assessments/${editId}`)
-      .then(r => r.json())
-      .then(data => {
-        const intake = data.intake || {}
-        setForm({
-          title: data.title || '',
-          use_case_text: intake.use_case_text || '',
-          domain: data.domain || 'general',
-          personal_data: intake.data_types?.personal_data || false,
-          special_categories: intake.data_types?.article_9_data || false,
-          minors_data: intake.data_types?.minor_data || false,
-          health_data: intake.data_types?.health_data || false,
-          biometric_data: intake.data_types?.biometric_data || false,
-          financial_data: intake.data_types?.financial_data || false,
-          purpose_profiling: intake.purpose?.profiling || false,
-          purpose_automated_decision: intake.purpose?.automated_decision || intake.purpose?.decision_making || false,
-          purpose_marketing: intake.purpose?.marketing || false,
-          purpose_analytics: intake.purpose?.analytics || false,
-          purpose_service_delivery: intake.purpose?.service_delivery || intake.purpose?.customer_support || false,
-          automation: intake.automation || 'assistive',
-          hosting_provider: intake.hosting?.provider || 'self_hosted',
-          hosting_region: intake.hosting?.region || 'eu',
-          model_rag: intake.model_usage?.rag || false,
-          model_finetune: intake.model_usage?.finetune || false,
-          model_training: intake.model_usage?.training || false,
-          model_inference: intake.model_usage?.inference ?? true,
-          legal_basis: intake.legal_basis || 'consent',
-          international_transfer: intake.international_transfer?.enabled || false,
-          transfer_countries: intake.international_transfer?.countries || [],
-          transfer_mechanism: intake.international_transfer?.mechanism || 'none',
-          retention_days: intake.retention?.days || 90,
-          retention_purpose: intake.retention?.purpose || '',
-          has_dpa: intake.contracts?.has_dpa || false,
-          has_aia_documentation: intake.contracts?.has_aia_documentation || false,
-          has_risk_assessment: intake.contracts?.has_risk_assessment || false,
-          subprocessors: intake.contracts?.subprocessors || '',
-        })
-      })
-      .catch(() => {})
-      .finally(() => setEditLoading(false))
-  }, [editId])
-
-  const handleSubmit = async () => {
-    setIsSubmitting(true)
-    setError(null)
-    try {
-      const intake = {
-        title: form.title,
-        use_case_text: form.use_case_text,
-        domain: form.domain,
-        data_types: {
-          personal_data: form.personal_data,
-          special_categories: form.special_categories,
-          minors_data: form.minors_data,
-          health_data: form.health_data,
-          biometric_data: form.biometric_data,
-          financial_data: form.financial_data,
-        },
-        purpose: {
-          profiling: form.purpose_profiling,
-          automated_decision: form.purpose_automated_decision,
-          marketing: form.purpose_marketing,
-          analytics: form.purpose_analytics,
-          service_delivery: form.purpose_service_delivery,
-        },
-        automation: form.automation,
-        hosting: {
-          provider: form.hosting_provider,
-          region: form.hosting_region,
-        },
-        model_usage: {
-          rag: form.model_rag,
-          finetune: form.model_finetune,
-          training: form.model_training,
-          inference: form.model_inference,
-        },
-        legal_basis: form.legal_basis,
-        international_transfer: {
-          enabled: form.international_transfer,
-          countries: form.transfer_countries,
-          mechanism: form.transfer_mechanism,
-        },
-        retention: {
-          days: form.retention_days,
-          purpose: form.retention_purpose,
-        },
-        contracts: {
-          has_dpa: form.has_dpa,
-          has_aia_documentation: form.has_aia_documentation,
-          has_risk_assessment: form.has_risk_assessment,
-          subprocessors: form.subprocessors,
-        },
-        store_raw_text: true,
-      }
-
-      const url = isEditMode
-        ? `/api/sdk/v1/ucca/assessments/${editId}`
-        : '/api/sdk/v1/ucca/assess'
-      const method = isEditMode ? 'PUT' : 'POST'
-
-      const response = await fetch(url, {
-        method,
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(intake),
-      })
-
-      if (!response.ok) {
-        const errData = await response.json().catch(() => null)
-        throw new Error(errData?.error || `HTTP ${response.status}`)
-      }
-
-      if (isEditMode) {
-        router.push(`/sdk/use-cases/${editId}`)
-        return
-      }
-
-      const data = await response.json()
-      setResult(data)
-    } catch (err) {
-      setError(err instanceof Error ? err.message : 'Fehler bei der Bewertung')
-    } finally {
-      setIsSubmitting(false)
-    }
-  }
-
-  // If we have a result, show it
-  if (result) {
-    const r = result as { assessment?: { id: string }; result?: Record<string, unknown> }
-    return (
-      <div className="max-w-4xl mx-auto space-y-6">
-        <div className="flex items-center justify-between">
-          <h1 className="text-2xl font-bold text-gray-900">Assessment Ergebnis</h1>
-          <div className="flex gap-2">
-            {r.assessment?.id && (
-              <button
-                onClick={() => router.push(`/sdk/use-cases/${r.assessment!.id}`)}
-                className="px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700"
-              >
-                Zum Assessment
-              </button>
-            )}
-            <button
-              onClick={() => router.push('/sdk/use-cases')}
-              className="px-4 py-2 bg-gray-100 text-gray-700 rounded-lg hover:bg-gray-200"
-            >
-              Zur Uebersicht
-            </button>
-          </div>
-        </div>
-        {r.result && (
-          <AssessmentResultCard result={r.result as Parameters<typeof AssessmentResultCard>[0]['result']} />
-        )}
-      </div>
-    )
-  }
-
-  return (
-    <div className="max-w-3xl mx-auto space-y-6">
-      {/* Header */}
-      <div>
-        <h1 className="text-2xl font-bold text-gray-900">
-          {isEditMode ? 'Assessment bearbeiten' : 'Neues Use Case Assessment'}
-        </h1>
-        <p className="mt-1 text-gray-500">
-          {isEditMode
-            ? 'Angaben anpassen und Assessment neu bewerten'
-            : 'Beschreiben Sie Ihren KI-Anwendungsfall Schritt fuer Schritt'}
-        </p>
-      </div>
-
-      {/* Edit loading indicator */}
-      {editLoading && (
-        <div className="bg-purple-50 border border-purple-200 rounded-lg p-4 text-purple-700 text-sm">
-          Lade Assessment-Daten...
-        </div>
-      )}
-
-      {/* Step Indicator */}
-      <div className="flex items-center gap-2">
-        {WIZARD_STEPS.map((step, idx) => (
-          <React.Fragment key={step.id}>
-            <button
-              onClick={() => setCurrentStep(step.id)}
-              className={`flex items-center gap-2 px-3 py-2 rounded-lg text-sm transition-colors ${
-                currentStep === step.id
-                  ? 'bg-purple-600 text-white'
-                  : currentStep > step.id
-                  ? 'bg-green-100 text-green-700'
-                  : 'bg-gray-100 text-gray-500'
-              }`}
-            >
-              <span className="w-6 h-6 rounded-full bg-white/20 flex items-center justify-center text-xs font-bold">
-                {currentStep > step.id ? '✓' : step.id}
-              </span>
-              <span className="hidden md:inline">{step.title}</span>
-            </button>
-            {idx < WIZARD_STEPS.length - 1 && <div className="flex-1 h-px bg-gray-200" />}
-          </React.Fragment>
-        ))}
-      </div>
-
-      {/* Error */}
-      {error && (
-        <div className="bg-red-50 border border-red-200 rounded-lg p-4 text-red-700">{error}</div>
-      )}
-
-      {/* Step Content */}
-      <div className="bg-white rounded-xl border border-gray-200 p-6">
-        {/* Step 1: Grundlegendes */}
-        {currentStep === 1 && (
-          <div className="space-y-4">
-            <h2 className="text-lg font-semibold text-gray-900">Grundlegende Informationen</h2>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Titel</label>
-              <input
-                type="text"
-                value={form.title}
-                onChange={e => updateForm({ title: e.target.value })}
-                placeholder="z.B. Chatbot fuer Kundenservice"
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent"
-              />
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Beschreibung</label>
-              <textarea
-                value={form.use_case_text}
-                onChange={e => updateForm({ use_case_text: e.target.value })}
-                rows={4}
-                placeholder="Beschreiben Sie den Anwendungsfall..."
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent"
-              />
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Branche</label>
-              <select
-                value={form.domain}
-                onChange={e => updateForm({ domain: e.target.value })}
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500"
-              >
-                {DOMAINS.map(d => (
-                  <option key={d.value} value={d.value}>{d.label}</option>
-                ))}
-              </select>
-            </div>
-          </div>
-        )}
-
-        {/* Step 2: Datenkategorien */}
-        {currentStep === 2 && (
-          <div className="space-y-4">
-            <h2 className="text-lg font-semibold text-gray-900">Welche Daten werden verarbeitet?</h2>
-            {[
-              { key: 'personal_data', label: 'Personenbezogene Daten', desc: 'Name, E-Mail, Adresse etc.' },
-              { key: 'special_categories', label: 'Besondere Kategorien (Art. 9)', desc: 'Religion, Gesundheit, politische Meinung' },
-              { key: 'health_data', label: 'Gesundheitsdaten', desc: 'Diagnosen, Medikation, Fitness' },
-              { key: 'biometric_data', label: 'Biometrische Daten', desc: 'Gesichtserkennung, Fingerabdruck, Stimme' },
-              { key: 'minors_data', label: 'Daten von Minderjaehrigen', desc: 'Unter 16 Jahren' },
-              { key: 'financial_data', label: 'Finanzdaten', desc: 'Kontodaten, Transaktionen, Kreditwuerdigkeit' },
-            ].map(item => (
-              <label key={item.key} className="flex items-start gap-3 p-3 bg-gray-50 rounded-lg cursor-pointer hover:bg-gray-100">
-                <input
-                  type="checkbox"
-                  checked={form[item.key as keyof typeof form] as boolean}
-                  onChange={e => updateForm({ [item.key]: e.target.checked })}
-                  className="mt-1 rounded border-gray-300 text-purple-600 focus:ring-purple-500"
-                />
-                <div>
-                  <div className="font-medium text-gray-900">{item.label}</div>
-                  <div className="text-sm text-gray-500">{item.desc}</div>
-                </div>
-              </label>
-            ))}
-          </div>
-        )}
-
-        {/* Step 3: Verarbeitungszweck & Rechtsgrundlage */}
-        {currentStep === 3 && (
-          <div className="space-y-4">
-            <h2 className="text-lg font-semibold text-gray-900">Verarbeitungszweck & Rechtsgrundlage</h2>
-
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Rechtsgrundlage (Art. 6 DSGVO)</label>
-              <select
-                value={form.legal_basis}
-                onChange={e => updateForm({ legal_basis: e.target.value as typeof form.legal_basis })}
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg"
-              >
-                <option value="consent">Einwilligung (Art. 6 Abs. 1a)</option>
-                <option value="contract">Vertragserfullung (Art. 6 Abs. 1b)</option>
-                <option value="legal_obligation">Rechtliche Verpflichtung (Art. 6 Abs. 1c)</option>
-                <option value="vital_interest">Lebenswichtige Interessen (Art. 6 Abs. 1d)</option>
-                <option value="public_interest">Oeffentliches Interesse (Art. 6 Abs. 1e)</option>
-                <option value="legitimate_interest">Berechtigtes Interesse (Art. 6 Abs. 1f)</option>
-              </select>
-            </div>
-
-            <h3 className="text-sm font-medium text-gray-700 mt-4">Zweck der Verarbeitung</h3>
-            {[
-              { key: 'purpose_profiling', label: 'Profiling', desc: 'Automatisierte Analyse personenbezogener Aspekte' },
-              { key: 'purpose_automated_decision', label: 'Automatisierte Entscheidung', desc: 'Art. 22 DSGVO — Entscheidung ohne menschliches Zutun' },
-              { key: 'purpose_marketing', label: 'Marketing', desc: 'Werbung, Personalisierung, Targeting' },
-              { key: 'purpose_analytics', label: 'Analytics', desc: 'Statistische Auswertung, Business Intelligence' },
-              { key: 'purpose_service_delivery', label: 'Serviceerbringung', desc: 'Kernfunktion des Produkts/Services' },
-            ].map(item => (
-              <label key={item.key} className="flex items-start gap-3 p-3 bg-gray-50 rounded-lg cursor-pointer hover:bg-gray-100">
-                <input
-                  type="checkbox"
-                  checked={form[item.key as keyof typeof form] as boolean}
-                  onChange={e => updateForm({ [item.key]: e.target.checked })}
-                  className="mt-1 rounded border-gray-300 text-purple-600 focus:ring-purple-500"
-                />
-                <div>
-                  <div className="font-medium text-gray-900">{item.label}</div>
-                  <div className="text-sm text-gray-500">{item.desc}</div>
-                </div>
-              </label>
-            ))}
-          </div>
-        )}
-
-        {/* Step 4: Automatisierung */}
-        {currentStep === 4 && (
-          <div className="space-y-4">
-            <h2 className="text-lg font-semibold text-gray-900">Grad der Automatisierung</h2>
-            {[
-              { value: 'assistive', label: 'Assistiv', desc: 'KI unterstuetzt, Mensch entscheidet immer' },
-              { value: 'semi_automated', label: 'Teilautomatisiert', desc: 'KI schlaegt vor, Mensch prueft und bestaetigt' },
-              { value: 'fully_automated', label: 'Vollautomatisiert', desc: 'KI entscheidet autonom, Mensch ueberwacht nur' },
-            ].map(item => (
-              <label
-                key={item.value}
-                className={`flex items-start gap-3 p-4 rounded-lg border-2 cursor-pointer transition-all ${
-                  form.automation === item.value
-                    ? 'border-purple-500 bg-purple-50'
-                    : 'border-gray-200 hover:border-gray-300'
-                }`}
-              >
-                <input
-                  type="radio"
-                  name="automation"
-                  value={item.value}
-                  checked={form.automation === item.value}
-                  onChange={e => updateForm({ automation: e.target.value as typeof form.automation })}
-                  className="mt-1 text-purple-600 focus:ring-purple-500"
-                />
-                <div>
-                  <div className="font-medium text-gray-900">{item.label}</div>
-                  <div className="text-sm text-gray-500">{item.desc}</div>
-                </div>
-              </label>
-            ))}
-          </div>
-        )}
-
-        {/* Step 5: Hosting & Modell */}
-        {currentStep === 5 && (
-          <div className="space-y-4">
-            <h2 className="text-lg font-semibold text-gray-900">Technische Details</h2>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Hosting</label>
-              <select
-                value={form.hosting_provider}
-                onChange={e => updateForm({ hosting_provider: e.target.value })}
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg"
-              >
-                <option value="self_hosted">Eigenes Hosting</option>
-                <option value="aws">AWS</option>
-                <option value="azure">Microsoft Azure</option>
-                <option value="gcp">Google Cloud</option>
-                <option value="hetzner">Hetzner (DE)</option>
-                <option value="other">Anderer Anbieter</option>
-              </select>
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Region</label>
-              <select
-                value={form.hosting_region}
-                onChange={e => updateForm({ hosting_region: e.target.value })}
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg"
-              >
-                <option value="eu">EU</option>
-                <option value="de">Deutschland</option>
-                <option value="us">USA</option>
-                <option value="other">Andere</option>
-              </select>
-            </div>
-            <h3 className="text-sm font-medium text-gray-700 mt-4">Modell-Nutzung</h3>
-            {[
-              { key: 'model_inference', label: 'Inferenz', desc: 'Vortrainiertes Modell nutzen (Standard)' },
-              { key: 'model_rag', label: 'RAG (Retrieval-Augmented)', desc: 'Eigene Daten als Kontext bereitstellen' },
-              { key: 'model_finetune', label: 'Fine-Tuning', desc: 'Modell mit eigenen Daten nachtrainieren' },
-              { key: 'model_training', label: 'Training', desc: 'Eigenes Modell von Grund auf trainieren' },
-            ].map(item => (
-              <label key={item.key} className="flex items-start gap-3 p-3 bg-gray-50 rounded-lg cursor-pointer hover:bg-gray-100">
-                <input
-                  type="checkbox"
-                  checked={form[item.key as keyof typeof form] as boolean}
-                  onChange={e => updateForm({ [item.key]: e.target.checked })}
-                  className="mt-1 rounded border-gray-300 text-purple-600 focus:ring-purple-500"
-                />
-                <div>
-                  <div className="font-medium text-gray-900">{item.label}</div>
-                  <div className="text-sm text-gray-500">{item.desc}</div>
-                </div>
-              </label>
-            ))}
-          </div>
-        )}
-
-        {/* Step 6: Internationaler Datentransfer */}
-        {currentStep === 6 && (
-          <div className="space-y-4">
-            <h2 className="text-lg font-semibold text-gray-900">Internationaler Datentransfer</h2>
-
-            <label className="flex items-start gap-3 p-4 bg-gray-50 rounded-lg cursor-pointer hover:bg-gray-100">
-              <input
-                type="checkbox"
-                checked={form.international_transfer}
-                onChange={e => updateForm({ international_transfer: e.target.checked })}
-                className="mt-1 rounded border-gray-300 text-purple-600 focus:ring-purple-500"
-              />
-              <div>
-                <div className="font-medium text-gray-900">Daten werden in Drittlaender uebermittelt</div>
-                <div className="text-sm text-gray-500">Ausserhalb des EWR (z.B. USA, UK, Schweiz)</div>
-              </div>
-            </label>
-
-            {form.international_transfer && (
-              <>
-                <div>
-                  <label className="block text-sm font-medium text-gray-700 mb-1">Ziellaender</label>
-                  <input
-                    type="text"
-                    value={form.transfer_countries.join(', ')}
-                    onChange={e => updateForm({ transfer_countries: e.target.value.split(',').map(s => s.trim()).filter(Boolean) })}
-                    placeholder="z.B. USA, UK, CH"
-                    className="w-full px-4 py-2 border border-gray-300 rounded-lg"
-                  />
-                  <p className="text-xs text-gray-500 mt-1">Kommagetrennte Laenderkuerzel</p>
-                </div>
-
-                <div>
-                  <label className="block text-sm font-medium text-gray-700 mb-1">Transfer-Mechanismus</label>
-                  <select
-                    value={form.transfer_mechanism}
-                    onChange={e => updateForm({ transfer_mechanism: e.target.value as typeof form.transfer_mechanism })}
-                    className="w-full px-4 py-2 border border-gray-300 rounded-lg"
-                  >
-                    <option value="none">Noch nicht festgelegt</option>
-                    <option value="adequacy">Angemessenheitsbeschluss</option>
-                    <option value="scc">Standardvertragsklauseln (SCC)</option>
-                    <option value="bcr">Binding Corporate Rules (BCR)</option>
-                    <option value="derogation">Ausnahmeregelung (Art. 49 DSGVO)</option>
-                  </select>
-                </div>
-              </>
-            )}
-          </div>
-        )}
-
-        {/* Step 7: Datenhaltung */}
-        {currentStep === 7 && (
-          <div className="space-y-4">
-            <h2 className="text-lg font-semibold text-gray-900">Datenhaltung & Aufbewahrung</h2>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">
-                Aufbewahrungsdauer (Tage)
-              </label>
-              <input
-                type="number"
-                min={0}
-                value={form.retention_days}
-                onChange={e => updateForm({ retention_days: parseInt(e.target.value) || 0 })}
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg"
-              />
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">
-                Zweck der Aufbewahrung
-              </label>
-              <textarea
-                value={form.retention_purpose}
-                onChange={e => updateForm({ retention_purpose: e.target.value })}
-                rows={3}
-                placeholder="z.B. Vertragliche Pflichten, gesetzliche Aufbewahrungsfristen..."
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg"
-              />
-            </div>
-          </div>
-        )}
-
-        {/* Step 8: Vertraege & Compliance */}
-        {currentStep === 8 && (
-          <div className="space-y-4">
-            <h2 className="text-lg font-semibold text-gray-900">Vertraege & Compliance-Dokumentation</h2>
-
-            {[
-              { key: 'has_dpa', label: 'Auftragsverarbeitungsvertrag (AVV/DPA)', desc: 'Vertrag mit KI-Anbieter / Subprozessor nach Art. 28 DSGVO' },
-              { key: 'has_aia_documentation', label: 'AI Act Dokumentation', desc: 'Risikoklassifizierung und technische Dokumentation nach EU AI Act' },
-              { key: 'has_risk_assessment', label: 'Risikobewertung / DSFA', desc: 'Datenschutz-Folgenabschaetzung nach Art. 35 DSGVO' },
-            ].map(item => (
-              <label key={item.key} className="flex items-start gap-3 p-3 bg-gray-50 rounded-lg cursor-pointer hover:bg-gray-100">
-                <input
-                  type="checkbox"
-                  checked={form[item.key as keyof typeof form] as boolean}
-                  onChange={e => updateForm({ [item.key]: e.target.checked })}
-                  className="mt-1 rounded border-gray-300 text-purple-600 focus:ring-purple-500"
-                />
-                <div>
-                  <div className="font-medium text-gray-900">{item.label}</div>
-                  <div className="text-sm text-gray-500">{item.desc}</div>
-                </div>
-              </label>
-            ))}
-
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Subprozessoren</label>
-              <textarea
-                value={form.subprocessors}
-                onChange={e => updateForm({ subprocessors: e.target.value })}
-                rows={3}
-                placeholder="z.B. OpenAI (USA, SCC), Hetzner Cloud (DE)..."
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg"
-              />
-            </div>
-          </div>
-        )}
-      </div>
-
-      {/* Navigation Buttons */}
-      <div className="flex items-center justify-between">
-        <button
-          onClick={() => currentStep > 1 ? setCurrentStep(currentStep - 1) : router.push('/sdk/use-cases')}
-          className="px-4 py-2 text-gray-600 hover:bg-gray-100 rounded-lg transition-colors"
-        >
-          {currentStep === 1 ? 'Abbrechen' : 'Zurueck'}
-        </button>
-
-        {currentStep < 8 ? (
-          <button
-            onClick={() => setCurrentStep(currentStep + 1)}
-            disabled={currentStep === 1 && !form.title}
-            className="px-6 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors disabled:opacity-50"
-          >
-            Weiter
-          </button>
-        ) : (
-          <button
-            onClick={handleSubmit}
-            disabled={isSubmitting || !form.title}
-            className="px-6 py-2 bg-green-600 text-white rounded-lg hover:bg-green-700 transition-colors disabled:opacity-50 flex items-center gap-2"
-          >
-            {isSubmitting ? (
-              <>
-                <svg className="w-5 h-5 animate-spin" fill="none" viewBox="0 0 24 24">
-                  <circle className="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" strokeWidth="4" />
-                  <path className="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z" />
-                </svg>
-                Bewerte...
-              </>
-            ) : (
-              isEditMode ? 'Speichern & neu bewerten' : 'Assessment starten'
-            )}
-          </button>
-        )}
-      </div>
-    </div>
-  )
-}
-
-export default function NewUseCasePage() {
-  return (
-    <Suspense fallback={<div className="flex items-center justify-center h-64 text-gray-500">Lade...</div>}>
-      <NewUseCasePageInner />
-    </Suspense>
-  )
-}

admin-compliance/app/api/development/content/route.ts

@@ -1,68 +0,0 @@
-/**
- * Content API Route
- *
- * GET: Load current website content
- * POST: Save changed content (Admin only)
- */
-
-import { NextRequest, NextResponse } from 'next/server'
-import { getContent, saveContent } from '@/lib/content'
-import type { WebsiteContent } from '@/lib/content-types'
-
-// GET - Load content
-export async function GET() {
-  try {
-    const content = getContent()
-    return NextResponse.json(content)
-  } catch (error) {
-    console.error('Error loading content:', error)
-    return NextResponse.json(
-      { error: 'Failed to load content' },
-      { status: 500 }
-    )
-  }
-}
-
-// POST - Save content
-export async function POST(request: NextRequest) {
-  try {
-    // Simple admin check via header or query
-    // In production: JWT/Session-based auth
-    const adminKey = request.headers.get('x-admin-key')
-    const expectedKey = process.env.ADMIN_API_KEY || 'breakpilot-admin-2024'
-
-    if (adminKey !== expectedKey) {
-      return NextResponse.json(
-        { error: 'Unauthorized' },
-        { status: 401 }
-      )
-    }
-
-    const content: WebsiteContent = await request.json()
-
-    // Validation
-    if (!content.hero || !content.features || !content.faq || !content.pricing) {
-      return NextResponse.json(
-        { error: 'Invalid content structure' },
-        { status: 400 }
-      )
-    }
-
-    const result = saveContent(content)
-
-    if (result.success) {
-      return NextResponse.json({ success: true, message: 'Content saved' })
-    } else {
-      return NextResponse.json(
-        { error: result.error || 'Failed to save content' },
-        { status: 500 }
-      )
-    }
-  } catch (error) {
-    console.error('Error saving content:', error)
-    return NextResponse.json(
-      { error: error instanceof Error ? error.message : 'Failed to save content' },
-      { status: 500 }
-    )
-  }
-}

admin-compliance/app/api/dsfa-corpus/route.ts

@@ -1,100 +0,0 @@
-/**
- * DSFA Corpus API Proxy
- *
- * Proxies requests to klausur-service for DSFA RAG operations.
- * Endpoints: /api/v1/dsfa-rag/stats, /api/v1/dsfa-rag/sources
- */
-
-import { NextRequest, NextResponse } from 'next/server'
-
-const KLAUSUR_SERVICE_URL = process.env.KLAUSUR_SERVICE_URL || 'http://klausur-service:8086'
-
-export async function GET(request: NextRequest) {
-  const { searchParams } = new URL(request.url)
-  const action = searchParams.get('action')
-
-  try {
-    let url = `${KLAUSUR_SERVICE_URL}/api/v1/dsfa-rag`
-
-    switch (action) {
-      case 'status':
-        url += '/stats'
-        break
-      case 'sources':
-        url += '/sources'
-        break
-      case 'source-detail': {
-        const code = searchParams.get('code')
-        if (!code) {
-          return NextResponse.json({ error: 'Missing code parameter' }, { status: 400 })
-        }
-        url += `/sources/${encodeURIComponent(code)}`
-        break
-      }
-      default:
-        return NextResponse.json({ error: 'Unknown action' }, { status: 400 })
-    }
-
-    const res = await fetch(url, {
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      cache: 'no-store',
-    })
-
-    const data = await res.json()
-    return NextResponse.json(data, { status: res.status })
-  } catch (error) {
-    console.error('DSFA corpus proxy error:', error)
-    return NextResponse.json(
-      { error: 'Failed to connect to klausur-service' },
-      { status: 503 }
-    )
-  }
-}
-
-export async function POST(request: NextRequest) {
-  const { searchParams } = new URL(request.url)
-  const action = searchParams.get('action')
-
-  try {
-    let url = `${KLAUSUR_SERVICE_URL}/api/v1/dsfa-rag`
-
-    switch (action) {
-      case 'init': {
-        url += '/init'
-        const res = await fetch(url, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-        })
-        const data = await res.json()
-        return NextResponse.json(data, { status: res.status })
-      }
-
-      case 'ingest': {
-        const body = await request.json()
-        const sourceCode = body.source_code
-        if (!sourceCode) {
-          return NextResponse.json({ error: 'Missing source_code' }, { status: 400 })
-        }
-        url += `/sources/${encodeURIComponent(sourceCode)}/ingest`
-        const res = await fetch(url, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify(body),
-        })
-        const data = await res.json()
-        return NextResponse.json(data, { status: res.status })
-      }
-
-      default:
-        return NextResponse.json({ error: 'Unknown action' }, { status: 400 })
-    }
-  } catch (error) {
-    console.error('DSFA corpus proxy error:', error)
-    return NextResponse.json(
-      { error: 'Failed to connect to klausur-service' },
-      { status: 503 }
-    )
-  }
-}

admin-compliance/app/api/legal-corpus/route.ts

@@ -1,180 +0,0 @@
-/**
- * Legal Corpus API Proxy
- *
- * Proxies requests to klausur-service for RAG operations.
- * This allows the client-side RAG page to call the API without CORS issues.
- */
-
-import { NextRequest, NextResponse } from 'next/server'
-
-const KLAUSUR_SERVICE_URL = process.env.KLAUSUR_SERVICE_URL || 'http://klausur-service:8086'
-const QDRANT_URL = process.env.QDRANT_URL || 'http://qdrant:6333'
-
-export async function GET(request: NextRequest) {
-  const { searchParams } = new URL(request.url)
-  const action = searchParams.get('action')
-
-  try {
-    let url = `${KLAUSUR_SERVICE_URL}/api/v1/admin/legal-corpus`
-
-    switch (action) {
-      case 'status': {
-        // Query Qdrant directly for collection stats
-        const qdrantRes = await fetch(`${QDRANT_URL}/collections/bp_legal_corpus`, {
-          cache: 'no-store',
-        })
-        if (!qdrantRes.ok) {
-          return NextResponse.json({ error: 'Qdrant not available' }, { status: 503 })
-        }
-        const qdrantData = await qdrantRes.json()
-        const result = qdrantData.result || {}
-        return NextResponse.json({
-          collection: 'bp_legal_corpus',
-          totalPoints: result.points_count || 0,
-          vectorSize: result.config?.params?.vectors?.size || 0,
-          status: result.status || 'unknown',
-          regulations: {},
-        })
-      }
-      case 'search':
-        const query = searchParams.get('query')
-        const topK = searchParams.get('top_k') || '5'
-        const regulations = searchParams.get('regulations')
-        url += `/search?query=${encodeURIComponent(query || '')}&top_k=${topK}`
-        if (regulations) {
-          url += `&regulations=${encodeURIComponent(regulations)}`
-        }
-        break
-      case 'ingestion-status':
-        url += '/ingestion-status'
-        break
-      case 'regulations':
-        url += '/regulations'
-        break
-      case 'custom-documents':
-        url += '/custom-documents'
-        break
-      case 'pipeline-checkpoints':
-        url = `${KLAUSUR_SERVICE_URL}/api/v1/admin/pipeline/checkpoints`
-        break
-      case 'pipeline-status':
-        url = `${KLAUSUR_SERVICE_URL}/api/v1/admin/pipeline/status`
-        break
-      case 'traceability': {
-        const chunkId = searchParams.get('chunk_id')
-        const regulation = searchParams.get('regulation')
-        url += `/traceability?chunk_id=${encodeURIComponent(chunkId || '')}&regulation=${encodeURIComponent(regulation || '')}`
-        break
-      }
-      default:
-        return NextResponse.json({ error: 'Unknown action' }, { status: 400 })
-    }
-
-    const res = await fetch(url, {
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      cache: 'no-store',
-    })
-
-    const data = await res.json()
-    return NextResponse.json(data, { status: res.status })
-  } catch (error) {
-    console.error('Legal corpus proxy error:', error)
-    return NextResponse.json(
-      { error: 'Failed to connect to klausur-service' },
-      { status: 503 }
-    )
-  }
-}
-
-export async function POST(request: NextRequest) {
-  const { searchParams } = new URL(request.url)
-  const action = searchParams.get('action')
-
-  try {
-    let url = `${KLAUSUR_SERVICE_URL}/api/v1/admin/legal-corpus`
-
-    switch (action) {
-      case 'ingest': {
-        url += '/ingest'
-        const body = await request.json()
-        const res = await fetch(url, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify(body),
-        })
-        const data = await res.json()
-        return NextResponse.json(data, { status: res.status })
-      }
-
-      case 'add-link': {
-        url += '/add-link'
-        const body = await request.json()
-        const res = await fetch(url, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify(body),
-        })
-        const data = await res.json()
-        return NextResponse.json(data, { status: res.status })
-      }
-
-      case 'upload': {
-        url += '/upload'
-        // Forward FormData directly
-        const formData = await request.formData()
-        const res = await fetch(url, {
-          method: 'POST',
-          body: formData,
-        })
-        const data = await res.json()
-        return NextResponse.json(data, { status: res.status })
-      }
-
-      case 'start-pipeline': {
-        url = `${KLAUSUR_SERVICE_URL}/api/v1/admin/pipeline/start`
-        const body = await request.json()
-        const res = await fetch(url, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify(body),
-        })
-        const data = await res.json()
-        return NextResponse.json(data, { status: res.status })
-      }
-
-      default:
-        return NextResponse.json({ error: 'Unknown action' }, { status: 400 })
-    }
-  } catch (error) {
-    console.error('Legal corpus proxy error:', error)
-    return NextResponse.json(
-      { error: 'Failed to connect to klausur-service' },
-      { status: 503 }
-    )
-  }
-}
-
-export async function DELETE(request: NextRequest) {
-  const { searchParams } = new URL(request.url)
-  const action = searchParams.get('action')
-  const docId = searchParams.get('docId')
-
-  try {
-    if (action === 'delete-document' && docId) {
-      const url = `${KLAUSUR_SERVICE_URL}/api/v1/admin/legal-corpus/custom-documents/${docId}`
-      const res = await fetch(url, { method: 'DELETE' })
-      const data = await res.json()
-      return NextResponse.json(data, { status: res.status })
-    }
-
-    return NextResponse.json({ error: 'Unknown action' }, { status: 400 })
-  } catch (error) {
-    console.error('Legal corpus proxy error:', error)
-    return NextResponse.json(
-      { error: 'Failed to connect to klausur-service' },
-      { status: 503 }
-    )
-  }
-}

admin-compliance/app/api/sdk/agents/[agentId]/route.ts

@@ -0,0 +1,37 @@
+/**
+ * GET /api/sdk/agents/[agentId] — Agent-Detail mit SOUL-Content
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+import { getAgentById } from '@/lib/sdk/agents/agent-registry'
+import { readSoulFile, getSoulFileStats, soulFileExists } from '@/lib/sdk/agents/soul-reader'
+
+export async function GET(
+  _request: NextRequest,
+  { params }: { params: Promise<{ agentId: string }> }
+) {
+  try {
+    const { agentId } = await params
+    const agent = getAgentById(agentId)
+
+    if (!agent) {
+      return NextResponse.json({ error: 'Agent not found' }, { status: 404 })
+    }
+
+    const exists = await soulFileExists(agentId)
+    const soulContent = await readSoulFile(agentId)
+    const fileStats = await getSoulFileStats(agentId)
+
+    return NextResponse.json({
+      ...agent,
+      status: exists ? agent.status : 'error',
+      soulContent: soulContent || '',
+      createdAt: fileStats?.createdAt || null,
+      updatedAt: fileStats?.updatedAt || null,
+      fileSize: fileStats?.size || 0,
+    })
+  } catch (error) {
+    console.error('Error fetching agent detail:', error)
+    return NextResponse.json({ error: 'Failed to fetch agent' }, { status: 500 })
+  }
+}

admin-compliance/app/api/sdk/agents/[agentId]/soul/route.ts

@@ -0,0 +1,84 @@
+/**
+ * GET/PUT /api/sdk/agents/[agentId]/soul — SOUL-Datei lesen/schreiben
+ *
+ * GET: Content + Metadaten, ?history=true fuer Backup-Versionen
+ * PUT: Backup erstellen -> neuen Content schreiben -> Cache invalidieren
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+import { getAgentById } from '@/lib/sdk/agents/agent-registry'
+import {
+  readSoulFile,
+  writeSoulFile,
+  listSoulBackups,
+  getSoulFileStats,
+} from '@/lib/sdk/agents/soul-reader'
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ agentId: string }> }
+) {
+  try {
+    const { agentId } = await params
+    const agent = getAgentById(agentId)
+
+    if (!agent) {
+      return NextResponse.json({ error: 'Agent not found' }, { status: 404 })
+    }
+
+    const showHistory = request.nextUrl.searchParams.get('history') === 'true'
+
+    if (showHistory) {
+      const backups = await listSoulBackups(agentId)
+      return NextResponse.json({ agentId, backups })
+    }
+
+    const content = await readSoulFile(agentId)
+    const fileStats = await getSoulFileStats(agentId)
+
+    return NextResponse.json({
+      agentId,
+      content: content || '',
+      updatedAt: fileStats?.updatedAt || null,
+      size: fileStats?.size || 0,
+    })
+  } catch (error) {
+    console.error('Error reading SOUL file:', error)
+    return NextResponse.json({ error: 'Failed to read SOUL file' }, { status: 500 })
+  }
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ agentId: string }> }
+) {
+  try {
+    const { agentId } = await params
+    const agent = getAgentById(agentId)
+
+    if (!agent) {
+      return NextResponse.json({ error: 'Agent not found' }, { status: 404 })
+    }
+
+    const body = await request.json()
+    const { content } = body
+
+    if (typeof content !== 'string' || content.trim().length === 0) {
+      return NextResponse.json({ error: 'Content is required' }, { status: 400 })
+    }
+
+    await writeSoulFile(agentId, content)
+
+    const fileStats = await getSoulFileStats(agentId)
+
+    return NextResponse.json({
+      agentId,
+      updatedAt: fileStats?.updatedAt || new Date().toISOString(),
+      size: fileStats?.size || content.length,
+      message: 'SOUL file updated successfully',
+    })
+  } catch (error) {
+    console.error('Error writing SOUL file:', error)
+    return NextResponse.json({ error: 'Failed to write SOUL file' }, { status: 500 })
+  }
+}

admin-compliance/app/api/sdk/agents/route.ts

@@ -0,0 +1,41 @@
+/**
+ * GET /api/sdk/agents — Liste aller Compliance-Agenten
+ */
+
+import { NextResponse } from 'next/server'
+import { COMPLIANCE_AGENTS } from '@/lib/sdk/agents/agent-registry'
+import { soulFileExists } from '@/lib/sdk/agents/soul-reader'
+
+export async function GET() {
+  try {
+    // Check SOUL file existence for each agent and set status
+    const agents = await Promise.all(
+      COMPLIANCE_AGENTS.map(async (agent) => {
+        const exists = await soulFileExists(agent.id)
+        return {
+          ...agent,
+          status: exists ? agent.status : 'error' as const,
+        }
+      })
+    )
+
+    const activeCount = agents.filter(a => a.status === 'active').length
+    const errorCount = agents.filter(a => a.status === 'error').length
+
+    return NextResponse.json({
+      agents,
+      stats: {
+        total: agents.length,
+        active: activeCount,
+        inactive: agents.length - activeCount - errorCount,
+        error: errorCount,
+        totalSessions: 0,
+        avgResponseTime: '—',
+      },
+      timestamp: new Date().toISOString(),
+    })
+  } catch (error) {
+    console.error('Error fetching agents:', error)
+    return NextResponse.json({ error: 'Failed to fetch agents' }, { status: 500 })
+  }
+}

admin-compliance/app/api/sdk/agents/sessions/route.ts

@@ -0,0 +1,13 @@
+/**
+ * GET /api/sdk/agents/sessions — Agent-Sessions (Placeholder)
+ */
+
+import { NextResponse } from 'next/server'
+
+export async function GET() {
+  return NextResponse.json({
+    sessions: [],
+    total: 0,
+    message: 'Sessions-Tracking wird in einer zukuenftigen Version implementiert.',
+  })
+}

admin-compliance/app/api/sdk/agents/statistics/route.ts

@@ -0,0 +1,18 @@
+/**
+ * GET /api/sdk/agents/statistics — Agent-Statistiken (Placeholder)
+ */
+
+import { NextResponse } from 'next/server'
+
+export async function GET() {
+  return NextResponse.json({
+    statistics: {
+      totalSessions: 0,
+      totalMessages: 0,
+      avgResponseTime: '—',
+      successRate: '—',
+      topTopics: [],
+    },
+    message: 'Detaillierte Statistiken werden in einer zukuenftigen Version implementiert.',
+  })
+}

admin-compliance/app/api/sdk/compliance-advisor/chat/route.ts

@@ -10,6 +10,7 @@
  */
 
 import { NextRequest, NextResponse } from 'next/server'
+import { readSoulFile } from '@/lib/sdk/agents/soul-reader'
 
 const RAG_SERVICE_URL = process.env.RAG_SERVICE_URL || 'http://rag-service:8097'
 const OLLAMA_URL = process.env.OLLAMA_URL || 'http://host.docker.internal:11434'
@@ -27,99 +28,18 @@ const COMPLIANCE_COLLECTIONS = [
 
 type Country = 'DE' | 'AT' | 'CH' | 'EU'
 
-// SOUL system prompt (from agent-core/soul/compliance-advisor.soul.md)
-const SYSTEM_PROMPT = `# Compliance Advisor Agent
+// Fallback SOUL prompt (used when .soul.md file is unavailable)
+const FALLBACK_SYSTEM_PROMPT = `# Compliance Advisor Agent
 
 ## Identitaet
 Du bist der BreakPilot Compliance-Berater. Du hilfst Nutzern des AI Compliance SDK,
 Datenschutz- und Compliance-Fragen in verstaendlicher Sprache zu beantworten.
-Du bist kein Anwalt und gibst keine Rechtsberatung, sondern orientierst dich an
-offiziellen Quellen und gibst praxisnahe Hinweise.
 
 ## Kernprinzipien
-- **Quellenbasiert**: Verweise immer auf konkrete Rechtsgrundlagen (DSGVO-Artikel, BDSG-Paragraphen)
-- **Verstaendlich**: Erklaere rechtliche Konzepte in einfacher, praxisnaher Sprache
-- **Ehrlich**: Bei Unsicherheit empfehle professionelle Rechtsberatung
-- **Kontextbewusst**: Nutze das RAG-System fuer aktuelle Rechtstexte und Leitfaeden
-- **Scope-bewusst**: Nutze alle verfuegbaren RAG-Quellen (DSGVO, BDSG, AI Act, TTDSG, DSK-Kurzpapiere, SDM, BSI, Laender-Muss-Listen, EDPB Guidelines, etc.) AUSSER NIBIS-Dokumenten.
-
-## Kompetenzbereich
-- DSGVO Art. 1-99 + Erwaegsgruende
-- BDSG (Bundesdatenschutzgesetz)
-- AI Act (EU KI-Verordnung)
-- TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz)
-- ePrivacy-Richtlinie
-- DSK-Kurzpapiere (Nr. 1-20)
-- SDM (Standard-Datenschutzmodell) V3.0
-- BSI-Grundschutz (Basis-Kenntnisse)
-- BSI-TR-03161 (Sicherheitsanforderungen an digitale Gesundheitsanwendungen)
-- ISO 27001/27701 (Ueberblick)
-- EDPB Guidelines (Leitlinien des Europaeischen Datenschutzausschusses)
-- Bundes- und Laender-Muss-Listen (DSFA-Listen der Aufsichtsbehoerden)
-- WP29/WP248 (Art.-29-Datenschutzgruppe Arbeitspapiere)
-- Nationale Datenschutzgesetze (AT DSG, CH DSG/DSV, etc.)
-- EU-Verordnungen (DORA, MiCA, Data Act, EHDS, PSD2, AMLR, etc.)
-- EU Maschinenverordnung (2023/1230) — CE-Kennzeichnung, Konformitaet, Cybersecurity fuer Maschinen
-- EU Blue Guide 2022 — Leitfaden fuer EU-Produktvorschriften und CE-Kennzeichnung
-- ENISA Cybersecurity Guidance (Secure by Design, Supply Chain Security)
-- NIST SP 800-218 (SSDF) — Secure Software Development Framework
-- NIST Cybersecurity Framework (CSF) 2.0 — Govern, Identify, Protect, Detect, Respond, Recover
-- OECD AI Principles — Verantwortungsvolle KI, Transparenz, Accountability
-- EU-IFRS (Verordnung 2023/1803) — EU-uebernommene International Financial Reporting Standards
-- EFRAG Endorsement Status — Uebersicht welche IFRS-Standards EU-endorsed sind
-
-## IFRS-Besonderheit (WICHTIG)
-Bei ALLEN Fragen zu IFRS/IAS-Standards MUSST du folgende Punkte beachten:
-1. Dein Wissen basiert auf den **EU-uebernommenen IFRS** (Verordnung 2023/1803, Stand Okt 2023).
-2. Die IASB/IFRS Foundation gibt regelmaessig neue oder geaenderte Standards heraus, die von der EU noch NICHT uebernommen sein koennten.
-3. Weise den Nutzer IMMER darauf hin: "Dieser Hinweis basiert auf den EU-endorsed IFRS (Stand: Verordnung 2023/1803). Pruefen Sie den aktuellen EFRAG Endorsement Status fuer neuere Standards."
-4. Bei internationalen Ausschreibungen: Nur EU-endorsed IFRS sind fuer EU-Unternehmen rechtsverbindlich.
-5. Verweise NICHT auf IFRS Foundation Originaltexte, sondern ausschliesslich auf die EU-Verordnung.
-
-## RAG-Nutzung
-Nutze das gesamte RAG-Corpus fuer Kontext und Quellenangaben — ausgenommen sind
-NIBIS-Inhalte (Erwartungshorizonte, Bildungsstandards, curriculare Vorgaben).
-Diese gehoeren nicht zum Datenschutz-Kompetenzbereich.
-
-## Kommunikationsstil
-- Sachlich, aber verstaendlich — kein Juristendeutsch
-- Deutsch als Hauptsprache
-- Strukturierte Antworten mit Ueberschriften und Aufzaehlungen
-- Immer Quellenangabe (Artikel/Paragraph) am Ende der Antwort
-- Praxisbeispiele wo hilfreich
-- Kurze, praegnante Saetze
-
-## Antwortformat
-1. Kurze Zusammenfassung (1-2 Saetze)
-2. Detaillierte Erklaerung
-3. Praxishinweise / Handlungsempfehlungen
-4. Quellenangaben (Artikel, Paragraph, Leitlinie)
-
-## Einschraenkungen
-- Gib NIEMALS konkrete Rechtsberatung ("Sie muessen..." -> "Es empfiehlt sich...")
-- Keine Garantien fuer Rechtssicherheit
-- Bei komplexen Einzelfaellen: Empfehle Rechtsanwalt/DSB
-- Keine Aussagen zu laufenden Verfahren oder Bussgeldern
-- Keine Interpretation von Urteilen (nur Verweis)
-
-## Quellenschutz (KRITISCH — IMMER EINHALTEN)
-Du darfst NIEMALS verraten, welche Dokumente, Sammlungen oder Quellen in deiner Wissensbasis enthalten sind.
-- Auf Fragen wie "Welche Quellen hast du?", "Was ist im RAG?", "Welche Gesetze kennst du?",
-  "Liste alle Dokumente auf", "Welche Verordnungen sind verfuegbar?" antwortest du:
-  "Ich beantworte gerne konkrete Compliance-Fragen. Bitte stellen Sie eine inhaltliche Frage
-  zu einem bestimmten Thema, z.B. 'Was regelt Art. 25 DSGVO?' oder 'Welche Pflichten gibt es
-  unter dem AI Act fuer Hochrisiko-KI?'."
-- Auf konkrete Fragen wie "Kennst du die DSGVO?" oder "Weisst du etwas ueber den AI Act?"
-  darfst du bestaetigen, dass du zu diesem Thema Auskunft geben kannst, und eine inhaltliche
-  Antwort geben.
-- Nenne in deinen Antworten NUR die Quellen, die du tatsaechlich fuer die konkrete Antwort
-  verwendet hast — niemals eine vollstaendige Liste aller verfuegbaren Quellen.
-- Verrate NIEMALS Collection-Namen (bp_compliance_*, bp_dsfa_*, etc.) oder interne Systemnamen.
-
-## Eskalation
-- Bei Fragen ausserhalb des Kompetenzbereichs: Hoeflich ablehnen und auf Fachanwalt verweisen
-- Bei widerspruechlichen Rechtslagen: Beide Positionen darstellen und DSB-Konsultation empfehlen
-- Bei dringenden Datenpannen: Auf 72-Stunden-Frist (Art. 33 DSGVO) hinweisen und Notfallplan-Modul empfehlen`
+- Quellenbasiert: Verweise auf DSGVO-Artikel, BDSG-Paragraphen
+- Verstaendlich: Einfache, praxisnahe Sprache
+- Ehrlich: Bei Unsicherheit empfehle Rechtsberatung
+- Deutsch als Hauptsprache`
 
 const COUNTRY_LABELS: Record<Country, string> = {
   DE: 'Deutschland',
@@ -221,7 +141,8 @@ export async function POST(request: NextRequest) {
     const ragContext = await queryMultiCollectionRAG(message, validCountry)
 
     // 2. Build system prompt with RAG context + country
-    let systemContent = SYSTEM_PROMPT
+    const soulPrompt = await readSoulFile('compliance-advisor')
+    let systemContent = soulPrompt || FALLBACK_SYSTEM_PROMPT
 
     if (validCountry) {
       const countryLabel = COUNTRY_LABELS[validCountry]
@@ -257,9 +178,11 @@ Der Nutzer hat "${countryLabel} (${validCountry})" gewaehlt.
         model: LLM_MODEL,
         messages,
         stream: true,
+        think: false,
         options: {
           temperature: 0.3,
           num_predict: 8192,
+          num_ctx: 8192,
         },
       }),
       signal: AbortSignal.timeout(120000),

admin-compliance/app/api/sdk/drafting-engine/chat/route.ts

@@ -8,27 +8,24 @@
 
 import { NextRequest, NextResponse } from 'next/server'
 import { queryRAG } from '@/lib/sdk/drafting-engine/rag-query'
+import { DOCUMENT_RAG_CONFIG } from '@/lib/sdk/drafting-engine/rag-config'
+import { readSoulFile } from '@/lib/sdk/agents/soul-reader'
+import type { ScopeDocumentType } from '@/lib/sdk/compliance-scope-types'
 
 const OLLAMA_URL = process.env.OLLAMA_URL || 'http://host.docker.internal:11434'
 const LLM_MODEL = process.env.COMPLIANCE_LLM_MODEL || 'qwen2.5vl:32b'
 
-// SOUL System Prompt (from agent-core/soul/drafting-agent.soul.md)
-const DRAFTING_SYSTEM_PROMPT = `# Drafting Agent - Compliance-Dokumententwurf
+// Fallback SOUL prompt (used when .soul.md file is unavailable)
+const FALLBACK_DRAFTING_PROMPT = `# Drafting Agent - Compliance-Dokumententwurf
 
 ## Identitaet
 Du bist der BreakPilot Drafting Agent. Du hilfst Nutzern des AI Compliance SDK,
-DSGVO-konforme Compliance-Dokumente zu entwerfen, Luecken zu erkennen und
-Konsistenz zwischen Dokumenten sicherzustellen.
+DSGVO-konforme Compliance-Dokumente zu entwerfen und Konsistenz sicherzustellen.
 
 ## Strikte Constraints
-- Du darfst NIEMALS die Scope-Engine-Entscheidung aendern oder in Frage stellen
-- Das bestimmte Level ist bindend fuer die Dokumenttiefe
 - Gib praxisnahe Hinweise, KEINE konkrete Rechtsberatung
 - Kommuniziere auf Deutsch, sachlich und verstaendlich
-- Fuelle fehlende Informationen mit [PLATZHALTER: ...] Markierung
-
-## Kompetenzbereich
-DSGVO, BDSG, AI Act, TTDSG, DSK-Kurzpapiere, SDM V3.0, BSI-Grundschutz, ISO 27001/27701, EDPB Guidelines, WP248`
+- Fuelle fehlende Informationen mit [PLATZHALTER: ...] Markierung`
 
 export async function POST(request: NextRequest) {
   try {
@@ -45,11 +42,14 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: 'Message is required' }, { status: 400 })
     }
 
-    // 1. Query RAG for legal context
-    const ragContext = await queryRAG(message)
+    // 1. Query RAG for legal context (use type-specific collection + query boost if available)
+    const ragConfig = documentType ? DOCUMENT_RAG_CONFIG[documentType as ScopeDocumentType] : undefined
+    const ragQuery = ragConfig ? `${ragConfig.query} ${message}` : message
+    const ragContext = await queryRAG(ragQuery, 3, ragConfig?.collection)
 
     // 2. Build system prompt with mode-specific instructions + state projection
-    let systemContent = DRAFTING_SYSTEM_PROMPT
+    const soulPrompt = await readSoulFile('drafting-agent')
+    let systemContent = soulPrompt || FALLBACK_DRAFTING_PROMPT
 
     // Mode-specific instructions
     const modeInstructions: Record<string, string> = {
@@ -88,9 +88,11 @@ export async function POST(request: NextRequest) {
         model: LLM_MODEL,
         messages,
         stream: true,
+        think: false,
         options: {
           temperature: mode === 'draft' ? 0.2 : 0.3,
           num_predict: mode === 'draft' ? 16384 : 8192,
+          num_ctx: 8192,
         },
       }),
       signal: AbortSignal.timeout(120000),

admin-compliance/app/api/sdk/drafting-engine/draft/route.ts

@@ -131,7 +131,8 @@ async function handleV1Draft(body: Record<string, unknown>): Promise<NextRespons
       model: LLM_MODEL,
       messages,
       stream: false,
-      options: { temperature: 0.15, num_predict: 16384 },
+      think: false,
+      options: { temperature: 0.15, num_predict: 16384, num_ctx: 8192 },
       format: 'json',
     }),
     signal: AbortSignal.timeout(180000),
@@ -204,6 +205,27 @@ const DOCUMENT_PROSE_BLOCKS: Record<string, Array<{ blockId: string; blockType:
     { blockId: 'lf-intro', blockType: 'introduction', sectionName: 'Einleitung Loeschfristen', targetWords: 100 },
     { blockId: 'lf-conclusion', blockType: 'conclusion', sectionName: 'Fazit Loeschfristen', targetWords: 60 },
   ],
+  av_vertrag: [
+    { blockId: 'av-intro', blockType: 'introduction', sectionName: 'Einleitung Auftragsverarbeitung', targetWords: 130 },
+    { blockId: 'av-conclusion', blockType: 'conclusion', sectionName: 'Fazit Auftragsverarbeitung', targetWords: 80 },
+  ],
+  betroffenenrechte: [
+    { blockId: 'betr-intro', blockType: 'introduction', sectionName: 'Einleitung Betroffenenrechte', targetWords: 120 },
+    { blockId: 'betr-conclusion', blockType: 'conclusion', sectionName: 'Fazit Betroffenenrechte', targetWords: 80 },
+  ],
+  risikoanalyse: [
+    { blockId: 'risk-intro', blockType: 'introduction', sectionName: 'Einleitung Risikoanalyse', targetWords: 130 },
+    { blockId: 'risk-conclusion', blockType: 'conclusion', sectionName: 'Fazit Risikoanalyse', targetWords: 80 },
+  ],
+  notfallplan: [
+    { blockId: 'notfall-intro', blockType: 'introduction', sectionName: 'Einleitung Notfallplan', targetWords: 120 },
+    { blockId: 'notfall-conclusion', blockType: 'conclusion', sectionName: 'Fazit Notfallplan', targetWords: 80 },
+  ],
+  iace_ce_assessment: [
+    { blockId: 'iace-intro', blockType: 'introduction', sectionName: 'Einleitung IACE CE-Bewertung', targetWords: 150 },
+    { blockId: 'iace-appreciation', blockType: 'appreciation', sectionName: 'Wuerdigung bestehender Konformitaetsbewertung', targetWords: 60 },
+    { blockId: 'iace-conclusion', blockType: 'conclusion', sectionName: 'Fazit IACE CE-Bewertung', targetWords: 100 },
+  ],
 }
 
 function buildV2SystemPrompt(
@@ -306,7 +328,8 @@ async function callOllama(systemPrompt: string, userPrompt: string): Promise<str
         { role: 'user', content: userPrompt },
       ],
       stream: false,
-      options: { temperature: 0.15, num_predict: 4096 },
+      think: false,
+      options: { temperature: 0.15, num_predict: 4096, num_ctx: 8192 },
       format: 'json',
     }),
     signal: AbortSignal.timeout(120000),
@@ -568,12 +591,43 @@ async function handleV2Draft(body: Record<string, unknown>): Promise<NextRespons
     cacheStats: proseCache.getStats(),
   }
 
+  // Anti-Fake-Evidence: Truth label for all LLM-generated content
+  const truthLabel = {
+    generation_mode: 'draft_assistance',
+    truth_status: 'generated',
+    may_be_used_as_evidence: false,
+    generated_by: 'system',
+  }
+
+  // Fire-and-forget: persist LLM audit trail to backend
+  try {
+    const BACKEND_URL = process.env.BACKEND_COMPLIANCE_URL || 'http://backend-compliance:8002'
+    fetch(`${BACKEND_URL}/api/compliance/llm-audit`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        entity_type: 'document',
+        entity_id: null,
+        generation_mode: 'draft_assistance',
+        truth_status: 'generated',
+        may_be_used_as_evidence: false,
+        llm_model: LLM_MODEL,
+        llm_provider: 'ollama',
+        input_summary: `${documentType} draft generation`,
+        output_summary: draft?.sections?.length ? `${draft.sections.length} sections generated` : 'draft generated',
+      }),
+    }).catch(() => {/* fire-and-forget */})
+  } catch {
+    // LLM audit persistence failure should not block the response
+  }
+
   return NextResponse.json({
     draft,
     constraintCheck,
     tokensUsed: Math.round(totalTokens),
     pipelineVersion: 'v2',
     auditTrail,
+    truthLabel,
   })
 }
 

admin-compliance/app/api/sdk/drafting-engine/validate/route.ts

@@ -14,6 +14,76 @@ import { buildCrossCheckPrompt } from '@/lib/sdk/drafting-engine/prompts/validat
 const OLLAMA_URL = process.env.OLLAMA_URL || 'http://host.docker.internal:11434'
 const LLM_MODEL = process.env.COMPLIANCE_LLM_MODEL || 'qwen2.5vl:32b'
 
+/**
+ * Anti-Fake-Evidence: Verbotene Formulierungen
+ *
+ * Flags formulations that falsely claim compliance without evidence.
+ * Only allowed when: control_status=pass AND confidence >= E2 AND
+ * truth_status in (validated_internal, accepted_by_auditor).
+ */
+interface EvidenceContext {
+  controlStatus?: string
+  confidenceLevel?: string
+  truthStatus?: string
+}
+
+const FORBIDDEN_PATTERNS: Array<{
+  pattern: RegExp
+  label: string
+  safeAlternative: string
+}> = [
+  { pattern: /ist\s+compliant/gi, label: 'ist compliant', safeAlternative: 'soll compliant sein' },
+  { pattern: /erfüllt\s+vollständig/gi, label: 'erfüllt vollständig', safeAlternative: 'soll vollständig erfüllt werden' },
+  { pattern: /wurde\s+geprüft/gi, label: 'wurde geprüft', safeAlternative: 'soll geprüft werden' },
+  { pattern: /wurde\s+umgesetzt/gi, label: 'wurde umgesetzt', safeAlternative: 'ist zur Umsetzung vorgesehen' },
+  { pattern: /ist\s+auditiert/gi, label: 'ist auditiert', safeAlternative: 'soll auditiert werden' },
+  { pattern: /vollständig\s+implementiert/gi, label: 'vollständig implementiert', safeAlternative: 'Implementierung ist vorgesehen' },
+  { pattern: /nachweislich\s+konform/gi, label: 'nachweislich konform', safeAlternative: 'Konformität ist nachzuweisen' },
+]
+
+const CONFIDENCE_ORDER: Record<string, number> = { E0: 0, E1: 1, E2: 2, E3: 3, E4: 4 }
+const VALID_TRUTH_STATUSES = new Set(['validated_internal', 'accepted_by_auditor'])
+
+function checkForbiddenFormulations(
+  content: string,
+  evidenceContext?: EvidenceContext,
+): ValidationFinding[] {
+  const findings: ValidationFinding[] = []
+
+  if (!content) return findings
+
+  // If evidence context shows sufficient proof, allow the formulations
+  if (evidenceContext) {
+    const { controlStatus, confidenceLevel, truthStatus } = evidenceContext
+    const confLevel = CONFIDENCE_ORDER[confidenceLevel ?? 'E0'] ?? 0
+    if (
+      controlStatus === 'pass' &&
+      confLevel >= CONFIDENCE_ORDER.E2 &&
+      VALID_TRUTH_STATUSES.has(truthStatus ?? '')
+    ) {
+      return findings // Formulations are backed by real evidence
+    }
+  }
+
+  for (const { pattern, label, safeAlternative } of FORBIDDEN_PATTERNS) {
+    // Reset regex state for global patterns
+    pattern.lastIndex = 0
+    if (pattern.test(content)) {
+      findings.push({
+        id: `AFE-FORBIDDEN-${label.replace(/\s+/g, '_').toUpperCase()}`,
+        severity: 'error',
+        category: 'forbidden_formulation' as ValidationFinding['category'],
+        title: `Verbotene Formulierung: "${label}"`,
+        description: `Die Formulierung "${label}" impliziert eine nachgewiesene Compliance, die ohne ausreichenden Nachweis (Evidence >= E2, validiert) nicht verwendet werden darf.`,
+        documentType: 'vvt' as ScopeDocumentType,
+        suggestion: `Verwende stattdessen: "${safeAlternative}"`,
+      })
+    }
+  }
+
+  return findings
+}
+
 /**
  * Stufe 1: Deterministische Pruefung
  */
@@ -84,6 +154,66 @@ function deterministicCheck(
     })
   }
 
+  // Check 5: DSFA ohne VVT-Grundlage
+  if (documentType === 'dsfa' && validationContext.crossReferences.vvtCategories.length === 0) {
+    findings.push({
+      id: 'DET-DSFA-NO-VVT',
+      severity: 'error',
+      category: 'cross_reference',
+      title: 'DSFA ohne VVT-Grundlage',
+      description: 'Eine DSFA setzt ein Verarbeitungsverzeichnis voraus. Ohne VVT fehlt die Uebersicht ueber die betroffenen Verarbeitungstaetigkeiten.',
+      documentType: 'dsfa',
+      crossReferenceType: 'vvt',
+      legalReference: 'Art. 35 i.V.m. Art. 30 DSGVO',
+      suggestion: 'Zuerst ein VVT erstellen, dann die DSFA darauf aufbauen.',
+    })
+  }
+
+  // Check 6: DSFA ohne TOM-Massnahmen
+  if (documentType === 'dsfa' && validationContext.crossReferences.tomControls.length === 0) {
+    findings.push({
+      id: 'DET-DSFA-NO-TOM',
+      severity: 'error',
+      category: 'cross_reference',
+      title: 'DSFA ohne TOM-Massnahmen',
+      description: 'Eine DSFA muss Abhilfemassnahmen enthalten. Ohne TOM-Katalog koennen keine Schutzmassnahmen referenziert werden.',
+      documentType: 'dsfa',
+      crossReferenceType: 'tom',
+      legalReference: 'Art. 35 Abs. 7d DSGVO',
+      suggestion: 'TOM-Massnahmen definieren, bevor die DSFA erstellt wird.',
+    })
+  }
+
+  // Check 7: Datenschutzerklaerung ohne Loeschfristen
+  if (documentType === 'dsi' && validationContext.crossReferences.retentionCategories.length === 0) {
+    findings.push({
+      id: 'DET-DSI-NO-LF',
+      severity: 'warning',
+      category: 'cross_reference',
+      title: 'Datenschutzerklaerung ohne Loeschfristen',
+      description: 'Die Datenschutzerklaerung muss Angaben zur Speicherdauer enthalten. Ohne definierte Loeschfristen fehlt diese Information.',
+      documentType: 'dsi',
+      crossReferenceType: 'lf',
+      legalReference: 'Art. 13 Abs. 2a DSGVO',
+      suggestion: 'Loeschfristen definieren und in der Datenschutzerklaerung referenzieren.',
+    })
+  }
+
+  // Check 8: AVV ohne VVT-Kontext
+  if (documentType === 'av_vertrag' && validationContext.crossReferences.vvtCategories.length === 0) {
+    findings.push({
+      id: 'DET-AV-NO-VVT',
+      severity: 'warning',
+      category: 'cross_reference',
+      title: 'AVV ohne VVT-Kontext',
+      description: 'Ein Auftragsverarbeitungsvertrag sollte auf den im VVT dokumentierten Verarbeitungstaetigkeiten basieren.',
+      documentType: 'av_vertrag',
+      crossReferenceType: 'vvt',
+      legalReference: 'Art. 28 Abs. 3 i.V.m. Art. 30 DSGVO',
+      suggestion: 'VVT erstellen, um die betroffenen Verarbeitungstaetigkeiten fuer den AVV zu identifizieren.',
+    })
+  }
+
   return findings
 }
 
@@ -127,7 +257,8 @@ export async function POST(request: NextRequest) {
             { role: 'user', content: crossCheckPrompt },
           ],
           stream: false,
-          options: { temperature: 0.1, num_predict: 8192 },
+          think: false,
+          options: { temperature: 0.1, num_predict: 8192, num_ctx: 8192 },
           format: 'json',
         }),
         signal: AbortSignal.timeout(120000),
@@ -160,10 +291,18 @@ export async function POST(request: NextRequest) {
       // LLM unavailable, continue with deterministic results only
     }
 
+    // ---------------------------------------------------------------
+    // Stufe 1b: Verbotene Formulierungen (Anti-Fake-Evidence)
+    // ---------------------------------------------------------------
+    const forbiddenFindings = checkForbiddenFormulations(
+      draftContent || '',
+      validationContext.evidenceContext,
+    )
+
     // ---------------------------------------------------------------
     // Combine results
     // ---------------------------------------------------------------
-    const allFindings = [...deterministicFindings, ...llmFindings]
+    const allFindings = [...deterministicFindings, ...forbiddenFindings, ...llmFindings]
     const errors = allFindings.filter(f => f.severity === 'error')
     const warnings = allFindings.filter(f => f.severity === 'warning')
     const suggestions = allFindings.filter(f => f.severity === 'suggestion')

admin-compliance/app/api/sdk/v1/ai-registration/[id]/route.ts

@@ -0,0 +1,47 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_URL = process.env.SDK_URL || 'http://ai-compliance-sdk:8090'
+
+export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const { id } = await params
+    const resp = await fetch(`${SDK_URL}/sdk/v1/ai-registration/${id}`)
+    const data = await resp.json()
+    return NextResponse.json(data)
+  } catch (err) {
+    return NextResponse.json({ error: 'Failed to fetch registration' }, { status: 500 })
+  }
+}
+
+export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const { id } = await params
+    const tenantId = request.headers.get('x-tenant-id') || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+    const body = await request.json()
+    const resp = await fetch(`${SDK_URL}/sdk/v1/ai-registration/${id}`, {
+      method: 'PUT',
+      headers: { 'Content-Type': 'application/json', 'X-Tenant-ID': tenantId },
+      body: JSON.stringify(body),
+    })
+    const data = await resp.json()
+    return NextResponse.json(data, { status: resp.status })
+  } catch (err) {
+    return NextResponse.json({ error: 'Failed to update registration' }, { status: 500 })
+  }
+}
+
+export async function PATCH(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const { id } = await params
+    const body = await request.json()
+    const resp = await fetch(`${SDK_URL}/sdk/v1/ai-registration/${id}/status`, {
+      method: 'PATCH',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    })
+    const data = await resp.json()
+    return NextResponse.json(data, { status: resp.status })
+  } catch (err) {
+    return NextResponse.json({ error: 'Failed to update status' }, { status: 500 })
+  }
+}

admin-compliance/app/api/sdk/v1/ai-registration/route.ts

@@ -0,0 +1,32 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_URL = process.env.SDK_URL || 'http://ai-compliance-sdk:8090'
+
+export async function GET(request: NextRequest) {
+  try {
+    const tenantId = request.headers.get('x-tenant-id') || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+    const resp = await fetch(`${SDK_URL}/sdk/v1/ai-registration`, {
+      headers: { 'X-Tenant-ID': tenantId },
+    })
+    const data = await resp.json()
+    return NextResponse.json(data)
+  } catch (err) {
+    return NextResponse.json({ error: 'Failed to fetch registrations' }, { status: 500 })
+  }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const tenantId = request.headers.get('x-tenant-id') || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+    const body = await request.json()
+    const resp = await fetch(`${SDK_URL}/sdk/v1/ai-registration`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', 'X-Tenant-ID': tenantId },
+      body: JSON.stringify(body),
+    })
+    const data = await resp.json()
+    return NextResponse.json(data, { status: resp.status })
+  } catch (err) {
+    return NextResponse.json({ error: 'Failed to create registration' }, { status: 500 })
+  }
+}

admin-compliance/app/api/sdk/v1/audit-llm/[[...path]]/route.ts

@@ -0,0 +1,108 @@
+/**
+ * LLM Audit API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/audit-llm/* requests to ai-compliance-sdk /sdk/v1/audit/*
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${SDK_BACKEND_URL}/sdk/v1/audit`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    // Handle export endpoints that may return CSV
+    const contentType = response.headers.get('content-type') || ''
+    if (contentType.includes('text/csv') || contentType.includes('application/octet-stream')) {
+      const blob = await response.arrayBuffer()
+      return new NextResponse(blob, {
+        status: response.status,
+        headers: {
+          'Content-Type': contentType,
+          'Content-Disposition': response.headers.get('content-disposition') || 'attachment',
+        },
+      })
+    }
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('LLM Audit API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum SDK Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}

admin-compliance/app/api/sdk/v1/canonical/route.ts

@@ -0,0 +1,349 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: GET /api/sdk/v1/canonical?endpoint=...
+ *
+ * Routes to backend canonical control endpoints:
+ *   endpoint=frameworks   → GET /api/compliance/v1/canonical/frameworks
+ *   endpoint=controls     → GET /api/compliance/v1/canonical/controls(?severity=...&domain=...)
+ *   endpoint=control&id=  → GET /api/compliance/v1/canonical/controls/{id}
+ *   endpoint=sources      → GET /api/compliance/v1/canonical/sources
+ *   endpoint=licenses     → GET /api/compliance/v1/canonical/licenses
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const endpoint = searchParams.get('endpoint') || 'frameworks'
+
+    let backendPath: string
+
+    switch (endpoint) {
+      case 'frameworks':
+        backendPath = '/api/compliance/v1/canonical/frameworks'
+        break
+
+      case 'controls': {
+        const controlParams = new URLSearchParams()
+        const passthrough = ['severity', 'domain', 'release_state', 'verification_method', 'category', 'evidence_type',
+          'target_audience', 'source', 'search', 'control_type', 'exclude_duplicates', 'sort', 'order', 'limit', 'offset']
+        for (const key of passthrough) {
+          const val = searchParams.get(key)
+          if (val) controlParams.set(key, val)
+        }
+        const qs = controlParams.toString()
+        backendPath = `/api/compliance/v1/canonical/controls${qs ? `?${qs}` : ''}`
+        break
+      }
+
+      case 'controls-count': {
+        const countParams = new URLSearchParams()
+        const countPassthrough = ['severity', 'domain', 'release_state', 'verification_method', 'category', 'evidence_type',
+          'target_audience', 'source', 'search', 'control_type', 'exclude_duplicates']
+        for (const key of countPassthrough) {
+          const val = searchParams.get(key)
+          if (val) countParams.set(key, val)
+        }
+        const countQs = countParams.toString()
+        backendPath = `/api/compliance/v1/canonical/controls-count${countQs ? `?${countQs}` : ''}`
+        break
+      }
+
+      case 'controls-meta': {
+        const metaParams = new URLSearchParams()
+        const metaPassthrough = ['severity', 'domain', 'release_state', 'verification_method', 'category', 'evidence_type',
+          'target_audience', 'source', 'search', 'control_type', 'exclude_duplicates']
+        for (const key of metaPassthrough) {
+          const val = searchParams.get(key)
+          if (val) metaParams.set(key, val)
+        }
+        const metaQs = metaParams.toString()
+        backendPath = `/api/compliance/v1/canonical/controls-meta${metaQs ? `?${metaQs}` : ''}`
+        break
+      }
+
+      case 'control': {
+        const controlId = searchParams.get('id')
+        if (!controlId) {
+          return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+        }
+        backendPath = `/api/compliance/v1/canonical/controls/${encodeURIComponent(controlId)}`
+        break
+      }
+
+      case 'sources':
+        backendPath = '/api/compliance/v1/canonical/sources'
+        break
+
+      case 'licenses':
+        backendPath = '/api/compliance/v1/canonical/licenses'
+        break
+
+      // Generator endpoints
+      case 'generate-jobs':
+        backendPath = '/api/compliance/v1/canonical/generate/jobs'
+        break
+
+      case 'generate-status': {
+        const jobId = searchParams.get('jobId')
+        if (!jobId) {
+          return NextResponse.json({ error: 'Missing jobId' }, { status: 400 })
+        }
+        backendPath = `/api/compliance/v1/canonical/generate/status/${encodeURIComponent(jobId)}`
+        break
+      }
+
+      case 'review-queue': {
+        const state = searchParams.get('release_state') || 'needs_review'
+        backendPath = `/api/compliance/v1/canonical/generate/review-queue?release_state=${encodeURIComponent(state)}`
+        break
+      }
+
+      case 'processed-stats':
+        backendPath = '/api/compliance/v1/canonical/generate/processed-stats'
+        break
+
+      case 'categories':
+        backendPath = '/api/compliance/v1/canonical/categories'
+        break
+
+      case 'traceability': {
+        const traceId = searchParams.get('id')
+        if (!traceId) {
+          return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+        }
+        backendPath = `/api/compliance/v1/canonical/controls/${encodeURIComponent(traceId)}/traceability`
+        break
+      }
+
+      case 'provenance': {
+        const provId = searchParams.get('id')
+        if (!provId) {
+          return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+        }
+        backendPath = `/api/compliance/v1/canonical/controls/${encodeURIComponent(provId)}/provenance`
+        break
+      }
+
+      case 'atomic-stats':
+        backendPath = '/api/compliance/v1/canonical/controls/atomic-stats'
+        break
+
+      case 'similar': {
+        const simControlId = searchParams.get('id')
+        if (!simControlId) {
+          return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+        }
+        const simThreshold = searchParams.get('threshold') || '0.85'
+        backendPath = `/api/compliance/v1/canonical/controls/${encodeURIComponent(simControlId)}/similar?threshold=${simThreshold}`
+        break
+      }
+
+      case 'blocked-sources':
+        backendPath = '/api/compliance/v1/canonical/blocked-sources'
+        break
+
+      case 'v1-matches': {
+        const matchId = searchParams.get('id')
+        if (!matchId) {
+          return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+        }
+        backendPath = `/api/compliance/v1/canonical/controls/${encodeURIComponent(matchId)}/v1-matches`
+        break
+      }
+
+      case 'v1-enrichment-stats':
+        backendPath = '/api/compliance/v1/canonical/controls/v1-enrichment-stats'
+        break
+
+      case 'obligation-dedup-stats':
+        backendPath = '/api/compliance/v1/canonical/obligations/dedup-stats'
+        break
+
+      case 'controls-customer': {
+        const custSeverity = searchParams.get('severity')
+        const custDomain = searchParams.get('domain')
+        const custParams = new URLSearchParams()
+        if (custSeverity) custParams.set('severity', custSeverity)
+        if (custDomain) custParams.set('domain', custDomain)
+        const custQs = custParams.toString()
+        backendPath = `/api/compliance/v1/canonical/controls-customer${custQs ? `?${custQs}` : ''}`
+        break
+      }
+
+      default:
+        return NextResponse.json({ error: `Unknown endpoint: ${endpoint}` }, { status: 400 })
+    }
+
+    const response = await fetch(`${BACKEND_URL}${backendPath}`)
+
+    if (!response.ok) {
+      if (response.status === 404) {
+        return NextResponse.json(null, { status: 404 })
+      }
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Canonical control proxy error:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: POST /api/sdk/v1/canonical?endpoint=...
+ *
+ *   endpoint=create-control         → POST /api/compliance/v1/canonical/controls
+ *   endpoint=similarity-check&id=   → POST /api/compliance/v1/canonical/controls/{id}/similarity-check
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const endpoint = searchParams.get('endpoint')
+    const body = await request.json()
+
+    let backendPath: string
+
+    if (endpoint === 'create-control') {
+      backendPath = '/api/compliance/v1/canonical/controls'
+    } else if (endpoint === 'generate') {
+      backendPath = '/api/compliance/v1/canonical/generate'
+    } else if (endpoint === 'review') {
+      const controlId = searchParams.get('id')
+      if (!controlId) {
+        return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+      }
+      backendPath = `/api/compliance/v1/canonical/generate/review/${encodeURIComponent(controlId)}`
+    } else if (endpoint === 'bulk-review') {
+      backendPath = '/api/compliance/v1/canonical/generate/bulk-review'
+    } else if (endpoint === 'blocked-sources-cleanup') {
+      backendPath = '/api/compliance/v1/canonical/blocked-sources/cleanup'
+    } else if (endpoint === 'enrich-v1-matches') {
+      const dryRun = searchParams.get('dry_run') ?? 'true'
+      const batchSize = searchParams.get('batch_size') ?? '100'
+      const enrichOffset = searchParams.get('offset') ?? '0'
+      backendPath = `/api/compliance/v1/canonical/controls/enrich-v1-matches?dry_run=${dryRun}&batch_size=${batchSize}&offset=${enrichOffset}`
+    } else if (endpoint === 'obligation-dedup') {
+      const dryRun = searchParams.get('dry_run') ?? 'true'
+      const batchSize = searchParams.get('batch_size') ?? '0'
+      const dedupOffset = searchParams.get('offset') ?? '0'
+      backendPath = `/api/compliance/v1/canonical/obligations/dedup?dry_run=${dryRun}&batch_size=${batchSize}&offset=${dedupOffset}`
+    } else if (endpoint === 'similarity-check') {
+      const controlId = searchParams.get('id')
+      if (!controlId) {
+        return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+      }
+      backendPath = `/api/compliance/v1/canonical/controls/${encodeURIComponent(controlId)}/similarity-check`
+    } else {
+      return NextResponse.json({ error: `Unknown POST endpoint: ${endpoint}` }, { status: 400 })
+    }
+
+    const response = await fetch(`${BACKEND_URL}${backendPath}`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json(), { status: response.status })
+  } catch (error) {
+    console.error('Canonical control POST proxy error:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: PUT /api/sdk/v1/canonical?endpoint=update-control&id=AUTH-001
+ *
+ * Routes to: PUT /api/compliance/v1/canonical/controls/{id}
+ */
+export async function PUT(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const controlId = searchParams.get('id')
+    if (!controlId) {
+      return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+    }
+
+    const body = await request.json()
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/canonical/controls/${encodeURIComponent(controlId)}`,
+      {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(body),
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Canonical control PUT proxy error:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: DELETE /api/sdk/v1/canonical?id=AUTH-001
+ *
+ * Routes to: DELETE /api/compliance/v1/canonical/controls/{id}
+ */
+export async function DELETE(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const controlId = searchParams.get('id')
+    if (!controlId) {
+      return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+    }
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/canonical/controls/${encodeURIComponent(controlId)}`,
+      { method: 'DELETE' }
+    )
+
+    if (!response.ok && response.status !== 204) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return new NextResponse(null, { status: 204 })
+  } catch (error) {
+    console.error('Canonical control DELETE proxy error:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/company-profile/route.ts

@@ -1,17 +1,26 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+function getIds(request: NextRequest, body?: Record<string, unknown>) {
+  const { searchParams } = new URL(request.url)
+  const tenantId = searchParams.get('tenant_id') || 'default'
+  const projectId = searchParams.get('project_id') || (body?.project_id as string) || ''
+  const qs = projectId
+    ? `tenant_id=${encodeURIComponent(tenantId)}&project_id=${encodeURIComponent(projectId)}`
+    : `tenant_id=${encodeURIComponent(tenantId)}`
+  return { tenantId, projectId, qs }
+}
 
 /**
  * Proxy: GET /api/sdk/v1/company-profile → Backend GET /api/v1/company-profile
  */
 export async function GET(request: NextRequest) {
   try {
-    const { searchParams } = new URL(request.url)
-    const tenantId = searchParams.get('tenant_id') || 'default'
+    const { tenantId, qs } = getIds(request)
 
     const response = await fetch(
-      `${BACKEND_URL}/api/v1/company-profile?tenant_id=${encodeURIComponent(tenantId)}`,
+      `${BACKEND_URL}/api/v1/company-profile?${qs}`,
       {
         headers: {
           'X-Tenant-ID': tenantId,
@@ -47,10 +56,10 @@ export async function GET(request: NextRequest) {
 export async function POST(request: NextRequest) {
   try {
     const body = await request.json()
-    const tenantId = body.tenant_id || 'default'
+    const { tenantId, qs } = getIds(request, body)
 
     const response = await fetch(
-      `${BACKEND_URL}/api/v1/company-profile?tenant_id=${encodeURIComponent(tenantId)}`,
+      `${BACKEND_URL}/api/v1/company-profile?${qs}`,
       {
         method: 'POST',
         headers: {
@@ -80,6 +89,42 @@ export async function POST(request: NextRequest) {
   }
 }
 
+/**
+ * Proxy: DELETE /api/sdk/v1/company-profile → Backend DELETE /api/v1/company-profile
+ * DSGVO Art. 17 Recht auf Löschung
+ */
+export async function DELETE(request: NextRequest) {
+  try {
+    const { tenantId, qs } = getIds(request)
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/v1/company-profile?${qs}`,
+      {
+        method: 'DELETE',
+        headers: {
+          'X-Tenant-ID': tenantId,
+        },
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to delete company profile:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
 /**
  * Proxy: PATCH /api/sdk/v1/company-profile → Backend PATCH /api/v1/company-profile
  * Partial updates for individual fields
@@ -87,10 +132,10 @@ export async function POST(request: NextRequest) {
 export async function PATCH(request: NextRequest) {
   try {
     const body = await request.json()
-    const tenantId = body.tenant_id || 'default'
+    const { tenantId, qs } = getIds(request, body)
 
     const response = await fetch(
-      `${BACKEND_URL}/api/v1/company-profile?tenant_id=${encodeURIComponent(tenantId)}`,
+      `${BACKEND_URL}/api/v1/company-profile?${qs}`,
       {
         method: 'PATCH',
         headers: {

admin-compliance/app/api/sdk/v1/compliance-scope/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 /**
  * Proxy: GET /api/sdk/v1/compliance-scope → Backend GET /api/v1/compliance-scope
@@ -12,7 +12,7 @@ export async function GET(request: NextRequest) {
     const tenantId = searchParams.get('tenant_id') || 'default'
 
     const response = await fetch(
-      `${BACKEND_URL}/api/v1/compliance-scope?tenant_id=${encodeURIComponent(tenantId)}`,
+      `${BACKEND_URL}/api/compliance/v1/compliance-scope?tenant_id=${encodeURIComponent(tenantId)}`,
       {
         headers: {
           'Content-Type': 'application/json',

admin-compliance/app/api/sdk/v1/compliance/evidence-checks/[[...path]]/route.ts

@@ -1,39 +1,52 @@
 /**
- * DSGVO API Proxy - Catch-all route
- * Proxies all /api/sdk/v1/dsgvo/* requests to ai-compliance-sdk backend
+ * Evidence Checks API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/compliance/evidence-checks/* requests to backend-compliance
  */
 
 import { NextRequest, NextResponse } from 'next/server'
 
-const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 async function proxyRequest(
   request: NextRequest,
-  pathSegments: string[],
+  pathSegments: string[] | undefined,
   method: string
 ) {
-  const pathStr = pathSegments.join('/')
+  const pathStr = pathSegments?.join('/') || ''
   const searchParams = request.nextUrl.searchParams.toString()
-  const url = `${SDK_BACKEND_URL}/sdk/v1/dsgvo/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+  const basePath = `${BACKEND_URL}/api/compliance/evidence-checks`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
 
   try {
     const headers: HeadersInit = {
       'Content-Type': 'application/json',
+      'X-Tenant-Id': '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e',
+      'X-User-Id': 'admin',
     }
 
-    // Forward auth headers if present
     const authHeader = request.headers.get('authorization')
     if (authHeader) {
       headers['Authorization'] = authHeader
     }
 
+    const tenantHeader = request.headers.get('x-tenant-id')
+    if (tenantHeader) {
+      headers['X-Tenant-Id'] = tenantHeader
+    }
+
+    const userIdHeader = request.headers.get('x-user-id')
+    if (userIdHeader) {
+      headers['X-User-Id'] = userIdHeader
+    }
+
     const fetchOptions: RequestInit = {
       method,
       headers,
       signal: AbortSignal.timeout(30000),
     }
 
-    // Add body for POST/PUT/PATCH methods
     if (['POST', 'PUT', 'PATCH'].includes(method)) {
       const contentType = request.headers.get('content-type')
       if (contentType?.includes('application/json')) {
@@ -43,27 +56,13 @@ async function proxyRequest(
             fetchOptions.body = text
           }
         } catch {
-          // Empty or invalid body - continue without
+          // Empty or invalid body
         }
       }
     }
 
     const response = await fetch(url, fetchOptions)
 
-    // Handle non-JSON responses (e.g., PDF export)
-    const responseContentType = response.headers.get('content-type')
-    if (responseContentType?.includes('application/pdf') ||
-        responseContentType?.includes('application/octet-stream')) {
-      const blob = await response.blob()
-      return new NextResponse(blob, {
-        status: response.status,
-        headers: {
-          'Content-Type': responseContentType,
-          'Content-Disposition': response.headers.get('content-disposition') || '',
-        },
-      })
-    }
-
     if (!response.ok) {
       const errorText = await response.text()
       let errorJson
@@ -81,9 +80,9 @@ async function proxyRequest(
     const data = await response.json()
     return NextResponse.json(data)
   } catch (error) {
-    console.error('DSGVO API proxy error:', error)
+    console.error('Evidence Checks API proxy error:', error)
     return NextResponse.json(
-      { error: 'Verbindung zum SDK Backend fehlgeschlagen' },
+      { error: 'Verbindung zum Backend fehlgeschlagen' },
       { status: 503 }
     )
   }
@@ -91,7 +90,7 @@ async function proxyRequest(
 
 export async function GET(
   request: NextRequest,
-  { params }: { params: Promise<{ path: string[] }> }
+  { params }: { params: Promise<{ path?: string[] }> }
 ) {
   const { path } = await params
   return proxyRequest(request, path, 'GET')
@@ -99,7 +98,7 @@ export async function GET(
 
 export async function POST(
   request: NextRequest,
-  { params }: { params: Promise<{ path: string[] }> }
+  { params }: { params: Promise<{ path?: string[] }> }
 ) {
   const { path } = await params
   return proxyRequest(request, path, 'POST')
@@ -107,7 +106,7 @@ export async function POST(
 
 export async function PUT(
   request: NextRequest,
-  { params }: { params: Promise<{ path: string[] }> }
+  { params }: { params: Promise<{ path?: string[] }> }
 ) {
   const { path } = await params
   return proxyRequest(request, path, 'PUT')
@@ -115,7 +114,7 @@ export async function PUT(
 
 export async function PATCH(
   request: NextRequest,
-  { params }: { params: Promise<{ path: string[] }> }
+  { params }: { params: Promise<{ path?: string[] }> }
 ) {
   const { path } = await params
   return proxyRequest(request, path, 'PATCH')
@@ -123,7 +122,7 @@ export async function PATCH(
 
 export async function DELETE(
   request: NextRequest,
-  { params }: { params: Promise<{ path: string[] }> }
+  { params }: { params: Promise<{ path?: string[] }> }
 ) {
   const { path } = await params
   return proxyRequest(request, path, 'DELETE')

admin-compliance/app/api/sdk/v1/compliance/process-tasks/[[...path]]/route.ts

@@ -0,0 +1,129 @@
+/**
+ * Process Tasks API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/compliance/process-tasks/* requests to backend-compliance
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${BACKEND_URL}/api/compliance/process-tasks`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+      'X-Tenant-Id': '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e',
+      'X-User-Id': 'admin',
+    }
+
+    const authHeader = request.headers.get('authorization')
+    if (authHeader) {
+      headers['Authorization'] = authHeader
+    }
+
+    const tenantHeader = request.headers.get('x-tenant-id')
+    if (tenantHeader) {
+      headers['X-Tenant-Id'] = tenantHeader
+    }
+
+    const userIdHeader = request.headers.get('x-user-id')
+    if (userIdHeader) {
+      headers['X-User-Id'] = userIdHeader
+    }
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(30000),
+    }
+
+    if (['POST', 'PUT', 'PATCH'].includes(method)) {
+      const contentType = request.headers.get('content-type')
+      if (contentType?.includes('application/json')) {
+        try {
+          const text = await request.text()
+          if (text && text.trim()) {
+            fetchOptions.body = text
+          }
+        } catch {
+          // Empty or invalid body
+        }
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Process Tasks API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/dsfa/[[...path]]/route.ts

@@ -0,0 +1,123 @@
+/**
+ * DSFA API Proxy — Datenschutz-Folgenabschaetzung (Art. 35 DSGVO)
+ * Proxies /api/sdk/v1/dsfa/* → backend-compliance:8002/api/v1/dsfa/*
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${BACKEND_URL}/api/compliance/dsfa`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId))
+      ? clientUserId
+      : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId))
+      ? clientTenantId
+      : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('DSFA API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum Compliance Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/escalations/[[...path]]/route.ts

@@ -22,6 +22,8 @@ async function proxyRequest(
   try {
     const headers: HeadersInit = {
       'Content-Type': 'application/json',
+      'X-Tenant-Id': '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e',
+      'X-User-Id': 'admin',
     }
 
     const authHeader = request.headers.get('authorization')
@@ -34,6 +36,11 @@ async function proxyRequest(
       headers['X-Tenant-Id'] = tenantHeader
     }
 
+    const userIdHeader = request.headers.get('x-user-id')
+    if (userIdHeader) {
+      headers['X-User-Id'] = userIdHeader
+    }
+
     const fetchOptions: RequestInit = {
       method,
       headers,

admin-compliance/app/api/sdk/v1/import/[id]/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 /**
  * Proxy: DELETE /api/sdk/v1/import/:id → Backend DELETE /api/v1/import/:id

admin-compliance/app/api/sdk/v1/import/analyze/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 /**
  * Proxy: POST /api/sdk/v1/import/analyze → Backend POST /api/v1/import/analyze

admin-compliance/app/api/sdk/v1/import/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 /**
  * Proxy: GET /api/sdk/v1/import → Backend GET /api/v1/import
@@ -40,3 +40,52 @@ export async function GET(request: NextRequest) {
     )
   }
 }
+
+/**
+ * Proxy: POST /api/sdk/v1/import → Backend POST /api/v1/import/analyze
+ * Uploads a document for gap analysis. Forwards multipart/form-data.
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const contentType = request.headers.get('content-type') || ''
+    const url = `${BACKEND_URL}/api/v1/import/analyze`
+
+    let body: BodyInit
+    const headers: Record<string, string> = {}
+
+    if (contentType.includes('multipart/form-data')) {
+      body = await request.arrayBuffer()
+      headers['Content-Type'] = contentType
+    } else {
+      body = await request.text()
+      headers['Content-Type'] = 'application/json'
+    }
+
+    if (request.headers.get('X-Tenant-ID')) {
+      headers['X-Tenant-ID'] = request.headers.get('X-Tenant-ID') as string
+    }
+
+    const response = await fetch(url, {
+      method: 'POST',
+      headers,
+      body,
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to upload document for import analysis:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/incidents/[[...path]]/route.ts

@@ -1,12 +1,15 @@
 /**
  * Incidents/Breach Management API Proxy - Catch-all route
- * Proxies all /api/sdk/v1/incidents/* requests to ai-compliance-sdk backend
+ * Proxies all /api/sdk/v1/incidents/* requests to backend-compliance (Python)
+ * Python backend is Source of Truth (migrated from Go ai-compliance-sdk)
  * Supports PDF generation for authority notification forms
  */
 
 import { NextRequest, NextResponse } from 'next/server'
 
-const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090'
+const BACKEND_URL = process.env.COMPLIANCE_BACKEND_URL || 'http://backend-compliance:8002'
+const DEFAULT_TENANT_ID = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+const DEFAULT_USER_ID = 'admin'
 
 async function proxyRequest(
   request: NextRequest,
@@ -15,7 +18,7 @@ async function proxyRequest(
 ) {
   const pathStr = pathSegments?.join('/') || ''
   const searchParams = request.nextUrl.searchParams.toString()
-  const basePath = `${SDK_BACKEND_URL}/sdk/v1/incidents`
+  const basePath = `${BACKEND_URL}/api/compliance/incidents`
   const url = pathStr
     ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
     : `${basePath}${searchParams ? `?${searchParams}` : ''}`
@@ -30,10 +33,8 @@ async function proxyRequest(
       headers['Authorization'] = authHeader
     }
 
-    const tenantHeader = request.headers.get('x-tenant-id')
-    if (tenantHeader) {
-      headers['X-Tenant-Id'] = tenantHeader
-    }
+    headers['X-Tenant-Id'] = request.headers.get('x-tenant-id') || DEFAULT_TENANT_ID
+    headers['X-User-Id'] = request.headers.get('x-user-id') || DEFAULT_USER_ID
 
     const fetchOptions: RequestInit = {
       method,

admin-compliance/app/api/sdk/v1/isms/[[...path]]/route.ts

@@ -0,0 +1,111 @@
+/**
+ * ISMS (ISO 27001) API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/isms/* requests to backend-compliance /api/isms/*
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${BACKEND_URL}/api/compliance/isms`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('ISMS API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum Compliance Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/modules/[moduleId]/activate/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 export async function POST(
   request: NextRequest,
@@ -9,7 +9,7 @@ export async function POST(
   try {
     const { moduleId } = await params
     const response = await fetch(
-      `${BACKEND_URL}/api/modules/${encodeURIComponent(moduleId)}/activate`,
+      `${BACKEND_URL}/api/compliance/modules/${encodeURIComponent(moduleId)}/activate`,
       {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },

admin-compliance/app/api/sdk/v1/modules/[moduleId]/deactivate/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 export async function POST(
   request: NextRequest,
@@ -9,7 +9,7 @@ export async function POST(
   try {
     const { moduleId } = await params
     const response = await fetch(
-      `${BACKEND_URL}/api/modules/${encodeURIComponent(moduleId)}/deactivate`,
+      `${BACKEND_URL}/api/compliance/modules/${encodeURIComponent(moduleId)}/deactivate`,
       {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },

admin-compliance/app/api/sdk/v1/modules/[moduleId]/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 /**
  * Proxy: GET /api/sdk/v1/modules/:moduleId → Backend GET /api/modules/:moduleId
@@ -13,7 +13,7 @@ export async function GET(
     const { moduleId } = await params
 
     const response = await fetch(
-      `${BACKEND_URL}/api/modules/${encodeURIComponent(moduleId)}`,
+      `${BACKEND_URL}/api/compliance/modules/${encodeURIComponent(moduleId)}`,
       {
         method: 'GET',
         headers: {

admin-compliance/app/api/sdk/v1/modules/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 /**
  * Proxy to backend-compliance /api/modules endpoint.
@@ -23,7 +23,7 @@ export async function GET(request: NextRequest) {
     if (aiComponents) params.set('ai_components', aiComponents)
 
     const queryString = params.toString()
-    const url = `${BACKEND_URL}/api/modules${queryString ? `?${queryString}` : ''}`
+    const url = `${BACKEND_URL}/api/compliance/modules${queryString ? `?${queryString}` : ''}`
 
     const response = await fetch(url, {
       method: 'GET',
@@ -63,7 +63,7 @@ export async function POST(request: NextRequest) {
   try {
     const body = await request.json()
 
-    const response = await fetch(`${BACKEND_URL}/api/modules`, {
+    const response = await fetch(`${BACKEND_URL}/api/compliance/modules`, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/json',

admin-compliance/app/api/sdk/v1/payment-compliance/route.ts

@@ -0,0 +1,48 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_URL = process.env.SDK_URL || 'http://ai-compliance-sdk:8090'
+
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const endpoint = searchParams.get('endpoint') || 'controls'
+    const tenantId = request.headers.get('x-tenant-id') || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+
+    let path: string
+    switch (endpoint) {
+      case 'controls':
+        const domain = searchParams.get('domain') || ''
+        path = `/sdk/v1/payment-compliance/controls${domain ? `?domain=${domain}` : ''}`
+        break
+      case 'assessments':
+        path = '/sdk/v1/payment-compliance/assessments'
+        break
+      default:
+        path = '/sdk/v1/payment-compliance/controls'
+    }
+
+    const resp = await fetch(`${SDK_URL}${path}`, {
+      headers: { 'X-Tenant-ID': tenantId },
+    })
+    const data = await resp.json()
+    return NextResponse.json(data)
+  } catch (err) {
+    return NextResponse.json({ error: 'Failed to fetch' }, { status: 500 })
+  }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const tenantId = request.headers.get('x-tenant-id') || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+    const body = await request.json()
+    const resp = await fetch(`${SDK_URL}/sdk/v1/payment-compliance/assessments`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', 'X-Tenant-ID': tenantId },
+      body: JSON.stringify(body),
+    })
+    const data = await resp.json()
+    return NextResponse.json(data, { status: resp.status })
+  } catch (err) {
+    return NextResponse.json({ error: 'Failed to create' }, { status: 500 })
+  }
+}

admin-compliance/app/api/sdk/v1/payment-compliance/tender/[id]/route.ts

@@ -0,0 +1,28 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_URL = process.env.SDK_URL || 'http://ai-compliance-sdk:8090'
+
+export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const { id } = await params
+    const resp = await fetch(`${SDK_URL}/sdk/v1/payment-compliance/tender/${id}`)
+    return NextResponse.json(await resp.json())
+  } catch {
+    return NextResponse.json({ error: 'Failed' }, { status: 500 })
+  }
+}
+
+export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const { id } = await params
+    const { searchParams } = new URL(request.url)
+    const action = searchParams.get('action') || 'extract'
+    const resp = await fetch(`${SDK_URL}/sdk/v1/payment-compliance/tender/${id}/${action}`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+    })
+    return NextResponse.json(await resp.json(), { status: resp.status })
+  } catch {
+    return NextResponse.json({ error: 'Failed' }, { status: 500 })
+  }
+}

admin-compliance/app/api/sdk/v1/payment-compliance/tender/route.ts

@@ -0,0 +1,30 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_URL = process.env.SDK_URL || 'http://ai-compliance-sdk:8090'
+
+export async function GET(request: NextRequest) {
+  try {
+    const tenantId = request.headers.get('x-tenant-id') || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+    const resp = await fetch(`${SDK_URL}/sdk/v1/payment-compliance/tender`, {
+      headers: { 'X-Tenant-ID': tenantId },
+    })
+    return NextResponse.json(await resp.json())
+  } catch {
+    return NextResponse.json({ error: 'Failed' }, { status: 500 })
+  }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const tenantId = request.headers.get('x-tenant-id') || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+    const formData = await request.formData()
+    const resp = await fetch(`${SDK_URL}/sdk/v1/payment-compliance/tender/upload`, {
+      method: 'POST',
+      headers: { 'X-Tenant-ID': tenantId },
+      body: formData,
+    })
+    return NextResponse.json(await resp.json(), { status: resp.status })
+  } catch {
+    return NextResponse.json({ error: 'Upload failed' }, { status: 500 })
+  }
+}

admin-compliance/app/api/sdk/v1/portfolio/[[...path]]/route.ts

@@ -0,0 +1,119 @@
+/**
+ * Portfolio API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/portfolio/* requests to ai-compliance-sdk backend
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${SDK_BACKEND_URL}/sdk/v1/portfolios`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Portfolio API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum SDK Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/projects/[projectId]/permanent/route.ts

@@ -0,0 +1,41 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: DELETE /api/sdk/v1/projects/{projectId}/permanent → Backend (hard delete)
+ */
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ projectId: string }> }
+) {
+  try {
+    const { projectId } = await params
+    const tenantId = request.headers.get('X-Tenant-ID') ||
+      new URL(request.url).searchParams.get('tenant_id') || ''
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/projects/${projectId}/permanent?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        method: 'DELETE',
+        headers: { 'X-Tenant-ID': tenantId },
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to permanently delete project:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/projects/[projectId]/restore/route.ts

@@ -0,0 +1,41 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: POST /api/sdk/v1/projects/{projectId}/restore → Backend
+ */
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ projectId: string }> }
+) {
+  try {
+    const { projectId } = await params
+    const tenantId = request.headers.get('X-Tenant-ID') ||
+      new URL(request.url).searchParams.get('tenant_id') || ''
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/projects/${projectId}/restore?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        method: 'POST',
+        headers: { 'X-Tenant-ID': tenantId },
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to restore project:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/projects/[projectId]/route.ts

@@ -0,0 +1,120 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: GET /api/sdk/v1/projects/{projectId} → Backend
+ */
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ projectId: string }> }
+) {
+  try {
+    const { projectId } = await params
+    const tenantId = request.headers.get('X-Tenant-ID') ||
+      new URL(request.url).searchParams.get('tenant_id') || ''
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/projects/${projectId}?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        headers: { 'X-Tenant-ID': tenantId },
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to get project:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: PATCH /api/sdk/v1/projects/{projectId} → Backend
+ */
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ projectId: string }> }
+) {
+  try {
+    const { projectId } = await params
+    const body = await request.json()
+    const tenantId = body.tenant_id || request.headers.get('X-Tenant-ID') || ''
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/projects/${projectId}?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        method: 'PATCH',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-Tenant-ID': tenantId,
+        },
+        body: JSON.stringify(body),
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to update project:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: DELETE /api/sdk/v1/projects/{projectId} → Backend (soft delete)
+ */
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ projectId: string }> }
+) {
+  try {
+    const { projectId } = await params
+    const tenantId = request.headers.get('X-Tenant-ID') ||
+      new URL(request.url).searchParams.get('tenant_id') || ''
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/projects/${projectId}?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        method: 'DELETE',
+        headers: { 'X-Tenant-ID': tenantId },
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to archive project:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/projects/route.ts

@@ -0,0 +1,75 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: GET /api/sdk/v1/projects → Backend GET /api/compliance/v1/projects
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const tenantId = searchParams.get('tenant_id') || request.headers.get('X-Tenant-ID') || ''
+    const includeArchived = searchParams.get('include_archived') || 'false'
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/projects?tenant_id=${encodeURIComponent(tenantId)}&include_archived=${includeArchived}`,
+      {
+        headers: { 'X-Tenant-ID': tenantId },
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to list projects:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: POST /api/sdk/v1/projects → Backend POST /api/compliance/v1/projects
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+    const tenantId = body.tenant_id || request.headers.get('X-Tenant-ID') || ''
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/projects?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-Tenant-ID': tenantId,
+        },
+        body: JSON.stringify(body),
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json(), { status: 201 })
+  } catch (error) {
+    console.error('Failed to create project:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/rbac/[[...path]]/route.ts

@@ -0,0 +1,125 @@
+/**
+ * RBAC Admin API Proxy - Catch-all route
+ * Proxies /api/sdk/v1/rbac/<resource>/... to ai-compliance-sdk /sdk/v1/<resource>/...
+ *
+ * Mapping: /rbac/tenants/... → /sdk/v1/tenants/...
+ *          /rbac/namespaces/... → /sdk/v1/namespaces/...
+ *          /rbac/roles/... → /sdk/v1/roles/...
+ *          /rbac/user-roles/... → /sdk/v1/user-roles/...
+ *          /rbac/permissions/... → /sdk/v1/permissions/...
+ *          /rbac/llm/policies/... → /sdk/v1/llm/policies/...
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  // Path segments come as the full sub-path after /rbac/
+  // e.g. /rbac/tenants/123 → pathSegments = ['tenants', '123']
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const url = `${SDK_BACKEND_URL}/sdk/v1/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('RBAC API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum SDK Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/roadmap-items/[[...path]]/route.ts

@@ -0,0 +1,111 @@
+/**
+ * Roadmap Items API Proxy - Catch-all route
+ * Proxies /api/sdk/v1/roadmap-items/* to ai-compliance-sdk /sdk/v1/roadmap-items/*
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${SDK_BACKEND_URL}/sdk/v1/roadmap-items`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Roadmap Items API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum SDK Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/roadmap/[[...path]]/route.ts

@@ -1,6 +1,6 @@
 /**
- * Vendor Compliance API Proxy - Catch-all route
- * Proxies all /api/sdk/v1/vendors/* requests to ai-compliance-sdk backend
+ * Roadmap API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/roadmap/* requests to ai-compliance-sdk backend
  */
 
 import { NextRequest, NextResponse } from 'next/server'
@@ -14,7 +14,7 @@ async function proxyRequest(
 ) {
   const pathStr = pathSegments?.join('/') || ''
   const searchParams = request.nextUrl.searchParams.toString()
-  const basePath = `${SDK_BACKEND_URL}/sdk/v1/vendors`
+  const basePath = `${SDK_BACKEND_URL}/sdk/v1/roadmaps`
   const url = pathStr
     ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
     : `${basePath}${searchParams ? `?${searchParams}` : ''}`
@@ -24,8 +24,7 @@ async function proxyRequest(
       'Content-Type': 'application/json',
     }
 
-    // Forward all relevant headers
-    const headerNames = ['authorization', 'x-tenant-id', 'x-user-id', 'x-namespace-id', 'x-tenant-slug']
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
     for (const name of headerNames) {
       const value = request.headers.get(name)
       if (value) {
@@ -33,42 +32,27 @@ async function proxyRequest(
       }
     }
 
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
     const fetchOptions: RequestInit = {
       method,
       headers,
-      signal: AbortSignal.timeout(30000),
+      signal: AbortSignal.timeout(60000),
     }
 
-    if (['POST', 'PUT', 'PATCH'].includes(method)) {
-      const contentType = request.headers.get('content-type')
-      if (contentType?.includes('application/json')) {
-        try {
-          const text = await request.text()
-          if (text && text.trim()) {
-            fetchOptions.body = text
-          }
-        } catch {
-          // Empty or invalid body - continue without
-        }
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
       }
     }
 
     const response = await fetch(url, fetchOptions)
 
-    // Handle non-JSON responses (e.g., PDF exports)
-    const responseContentType = response.headers.get('content-type')
-    if (responseContentType?.includes('application/pdf') ||
-        responseContentType?.includes('application/octet-stream')) {
-      const blob = await response.blob()
-      return new NextResponse(blob, {
-        status: response.status,
-        headers: {
-          'Content-Type': responseContentType,
-          'Content-Disposition': response.headers.get('content-disposition') || '',
-        },
-      })
-    }
-
     if (!response.ok) {
       const errorText = await response.text()
       let errorJson
@@ -83,10 +67,22 @@ async function proxyRequest(
       )
     }
 
+    const contentType = response.headers.get('content-type') || ''
+    if (contentType.includes('application/octet-stream') || contentType.includes('text/csv')) {
+      const blob = await response.blob()
+      return new NextResponse(blob, {
+        status: response.status,
+        headers: {
+          'Content-Type': contentType,
+          'Content-Disposition': response.headers.get('content-disposition') || '',
+        },
+      })
+    }
+
     const data = await response.json()
     return NextResponse.json(data)
   } catch (error) {
-    console.error('Vendor Compliance API proxy error:', error)
+    console.error('Roadmap API proxy error:', error)
     return NextResponse.json(
       { error: 'Verbindung zum SDK Backend fehlgeschlagen' },
       { status: 503 }

admin-compliance/app/api/sdk/v1/screening/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 /**
  * Proxy: GET /api/sdk/v1/screening → Backend GET /api/v1/screening
@@ -40,3 +40,52 @@ export async function GET(request: NextRequest) {
     )
   }
 }
+
+/**
+ * Proxy: POST /api/sdk/v1/screening → Backend POST /api/v1/screening/scan
+ * Uploads a dependency file (package-lock.json, requirements.txt, etc.) for SBOM + vulnerability scan.
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const contentType = request.headers.get('content-type') || ''
+    const url = `${BACKEND_URL}/api/v1/screening/scan`
+
+    let body: BodyInit
+    const headers: Record<string, string> = {}
+
+    if (contentType.includes('multipart/form-data')) {
+      body = await request.arrayBuffer()
+      headers['Content-Type'] = contentType
+    } else {
+      body = await request.text()
+      headers['Content-Type'] = 'application/json'
+    }
+
+    if (request.headers.get('X-Tenant-ID')) {
+      headers['X-Tenant-ID'] = request.headers.get('X-Tenant-ID') as string
+    }
+
+    const response = await fetch(url, {
+      method: 'POST',
+      headers,
+      body,
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to upload file for screening scan:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/screening/scan/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 /**
  * Proxy: POST /api/sdk/v1/screening/scan → Backend POST /api/v1/screening/scan

admin-compliance/app/api/sdk/v1/source-policy/blocked-content/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 export async function GET(request: NextRequest) {
   try {

admin-compliance/app/api/sdk/v1/source-policy/compliance-report/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 export async function GET(request: NextRequest) {
   try {

admin-compliance/app/api/sdk/v1/source-policy/operations-matrix/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 export async function GET(request: NextRequest) {
   try {

admin-compliance/app/api/sdk/v1/source-policy/operations/[id]/route.ts

@@ -1,6 +1,34 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const { id } = await params
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/operations/${encodeURIComponent(id)}`, {
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to fetch operation:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}
 
 export async function PUT(
   request: NextRequest,
@@ -32,3 +60,32 @@ export async function PUT(
     return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
   }
 }
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const { id } = await params
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/operations/${encodeURIComponent(id)}`, {
+      method: 'DELETE',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to delete operation:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}

admin-compliance/app/api/sdk/v1/source-policy/pii-rules/[id]/route.ts

@@ -1,6 +1,34 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const { id } = await params
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/pii-rules/${encodeURIComponent(id)}`, {
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to fetch PII rule:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}
 
 export async function PUT(
   request: NextRequest,

admin-compliance/app/api/sdk/v1/source-policy/pii-rules/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 export async function GET(request: NextRequest) {
   try {

admin-compliance/app/api/sdk/v1/source-policy/policy-audit/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 export async function GET(request: NextRequest) {
   try {

admin-compliance/app/api/sdk/v1/source-policy/policy-stats/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 export async function GET(request: NextRequest) {
   try {

admin-compliance/app/api/sdk/v1/source-policy/sources/[id]/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 export async function GET(
   request: NextRequest,

admin-compliance/app/api/sdk/v1/source-policy/sources/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 
-const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8002'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 export async function GET(request: NextRequest) {
   try {

admin-compliance/app/api/sdk/v1/state/route.ts

@@ -2,17 +2,18 @@ import { NextRequest, NextResponse } from 'next/server'
 import { Pool } from 'pg'
 
 /**
- * SDK State Management API
+ * SDK State Management API (Multi-Project)
  *
- * GET /api/sdk/v1/state?tenantId=xxx - Load state for a tenant
- * POST /api/sdk/v1/state - Save state for a tenant
- * DELETE /api/sdk/v1/state?tenantId=xxx - Clear state for a tenant
+ * GET /api/sdk/v1/state?tenantId=xxx&projectId=yyy - Load state for a tenant+project
+ * POST /api/sdk/v1/state - Save state for a tenant+project
+ * DELETE /api/sdk/v1/state?tenantId=xxx&projectId=yyy - Clear state
  *
  * Features:
  * - Versioning for optimistic locking
  * - Last-Modified headers
  * - ETag support for caching
  * - PostgreSQL persistence (with InMemory fallback)
+ * - projectId support for multi-project architecture
  */
 
 // =============================================================================
@@ -32,25 +33,31 @@ interface StoredState {
 // =============================================================================
 
 interface StateStore {
-  get(tenantId: string): Promise<StoredState | null>
-  save(tenantId: string, state: unknown, userId?: string, expectedVersion?: number): Promise<StoredState>
-  delete(tenantId: string): Promise<boolean>
+  get(tenantId: string, projectId?: string): Promise<StoredState | null>
+  save(tenantId: string, state: unknown, userId?: string, expectedVersion?: number, projectId?: string): Promise<StoredState>
+  delete(tenantId: string, projectId?: string): Promise<boolean>
 }
 
 class InMemoryStateStore implements StateStore {
   private store: Map<string, StoredState> = new Map()
 
-  async get(tenantId: string): Promise<StoredState | null> {
-    return this.store.get(tenantId) || null
+  private key(tenantId: string, projectId?: string): string {
+    return projectId ? `${tenantId}:${projectId}` : tenantId
+  }
+
+  async get(tenantId: string, projectId?: string): Promise<StoredState | null> {
+    return this.store.get(this.key(tenantId, projectId)) || null
   }
 
   async save(
     tenantId: string,
     state: unknown,
     userId?: string,
-    expectedVersion?: number
+    expectedVersion?: number,
+    projectId?: string
   ): Promise<StoredState> {
-    const existing = this.store.get(tenantId)
+    const k = this.key(tenantId, projectId)
+    const existing = this.store.get(k)
 
     if (expectedVersion !== undefined && existing && existing.version !== expectedVersion) {
       const error = new Error('Version conflict') as Error & { status: number }
@@ -72,12 +79,12 @@ class InMemoryStateStore implements StateStore {
       updatedAt: now,
     }
 
-    this.store.set(tenantId, stored)
+    this.store.set(k, stored)
     return stored
   }
 
-  async delete(tenantId: string): Promise<boolean> {
-    return this.store.delete(tenantId)
+  async delete(tenantId: string, projectId?: string): Promise<boolean> {
+    return this.store.delete(this.key(tenantId, projectId))
   }
 }
 
@@ -93,11 +100,26 @@ class PostgreSQLStateStore implements StateStore {
     })
   }
 
-  async get(tenantId: string): Promise<StoredState | null> {
-    const result = await this.pool.query(
-      'SELECT state, version, user_id, created_at, updated_at FROM sdk_states WHERE tenant_id = $1',
-      [tenantId]
-    )
+  async get(tenantId: string, projectId?: string): Promise<StoredState | null> {
+    let result
+    if (projectId) {
+      result = await this.pool.query(
+        'SELECT state, version, user_id, created_at, updated_at FROM sdk_states WHERE tenant_id = $1 AND project_id = $2',
+        [tenantId, projectId]
+      )
+    } else {
+      // Backwards compatibility: find the single active project for this tenant
+      result = await this.pool.query(
+        `SELECT s.state, s.version, s.user_id, s.created_at, s.updated_at
+         FROM sdk_states s
+         LEFT JOIN compliance_projects p ON s.project_id = p.id
+         WHERE s.tenant_id = $1
+           AND (p.status = 'active' OR p.id IS NULL)
+         ORDER BY s.updated_at DESC
+         LIMIT 1`,
+        [tenantId]
+      )
+    }
     if (result.rows.length === 0) return null
     const row = result.rows[0]
     return {
@@ -109,25 +131,71 @@ class PostgreSQLStateStore implements StateStore {
     }
   }
 
-  async save(tenantId: string, state: unknown, userId?: string, expectedVersion?: number): Promise<StoredState> {
+  async save(tenantId: string, state: unknown, userId?: string, expectedVersion?: number, projectId?: string): Promise<StoredState> {
     const now = new Date().toISOString()
     const stateWithTimestamp = {
       ...(state as object),
       lastModified: now,
     }
 
-    // Use UPSERT with version check
-    const result = await this.pool.query(`
-      INSERT INTO sdk_states (tenant_id, user_id, state, version, created_at, updated_at)
-      VALUES ($1, $2, $3::jsonb, 1, NOW(), NOW())
-      ON CONFLICT (tenant_id) DO UPDATE SET
-        state = $3::jsonb,
-        user_id = COALESCE($2, sdk_states.user_id),
-        version = sdk_states.version + 1,
-        updated_at = NOW()
-      WHERE ($4::int IS NULL OR sdk_states.version = $4)
-      RETURNING version, user_id, created_at, updated_at
-    `, [tenantId, userId, JSON.stringify(stateWithTimestamp), expectedVersion ?? null])
+    let result
+
+    if (projectId) {
+      // Multi-project: UPSERT on (tenant_id, project_id)
+      result = await this.pool.query(`
+        INSERT INTO sdk_states (tenant_id, project_id, user_id, state, version, created_at, updated_at)
+        VALUES ($1, $5, $2, $3::jsonb, 1, NOW(), NOW())
+        ON CONFLICT (tenant_id, project_id) DO UPDATE SET
+          state = $3::jsonb,
+          user_id = COALESCE($2, sdk_states.user_id),
+          version = sdk_states.version + 1,
+          updated_at = NOW()
+        WHERE ($4::int IS NULL OR sdk_states.version = $4)
+        RETURNING version, user_id, created_at, updated_at
+      `, [tenantId, userId, JSON.stringify(stateWithTimestamp), expectedVersion ?? null, projectId])
+    } else {
+      // Backwards compatibility: find the single project for this tenant
+      // First try to find an existing project
+      const projectResult = await this.pool.query(
+        `SELECT id FROM compliance_projects WHERE tenant_id = $1 AND status = 'active' ORDER BY created_at ASC LIMIT 1`,
+        [tenantId]
+      )
+
+      if (projectResult.rows.length > 0) {
+        const foundProjectId = projectResult.rows[0].id
+        result = await this.pool.query(`
+          INSERT INTO sdk_states (tenant_id, project_id, user_id, state, version, created_at, updated_at)
+          VALUES ($1, $5, $2, $3::jsonb, 1, NOW(), NOW())
+          ON CONFLICT (tenant_id, project_id) DO UPDATE SET
+            state = $3::jsonb,
+            user_id = COALESCE($2, sdk_states.user_id),
+            version = sdk_states.version + 1,
+            updated_at = NOW()
+          WHERE ($4::int IS NULL OR sdk_states.version = $4)
+          RETURNING version, user_id, created_at, updated_at
+        `, [tenantId, userId, JSON.stringify(stateWithTimestamp), expectedVersion ?? null, foundProjectId])
+      } else {
+        // No project exists — create a default one
+        const newProject = await this.pool.query(
+          `INSERT INTO compliance_projects (tenant_id, name, customer_type, status)
+           VALUES ($1, 'Projekt 1', 'new', 'active')
+           RETURNING id`,
+          [tenantId]
+        )
+        const newProjectId = newProject.rows[0].id
+        result = await this.pool.query(`
+          INSERT INTO sdk_states (tenant_id, project_id, user_id, state, version, created_at, updated_at)
+          VALUES ($1, $5, $2, $3::jsonb, 1, NOW(), NOW())
+          ON CONFLICT (tenant_id, project_id) DO UPDATE SET
+            state = $3::jsonb,
+            user_id = COALESCE($2, sdk_states.user_id),
+            version = sdk_states.version + 1,
+            updated_at = NOW()
+          WHERE ($4::int IS NULL OR sdk_states.version = $4)
+          RETURNING version, user_id, created_at, updated_at
+        `, [tenantId, userId, JSON.stringify(stateWithTimestamp), expectedVersion ?? null, newProjectId])
+      }
+    }
 
     if (result.rows.length === 0) {
       const error = new Error('Version conflict') as Error & { status: number }
@@ -145,11 +213,19 @@ class PostgreSQLStateStore implements StateStore {
     }
   }
 
-  async delete(tenantId: string): Promise<boolean> {
-    const result = await this.pool.query(
-      'DELETE FROM sdk_states WHERE tenant_id = $1',
-      [tenantId]
-    )
+  async delete(tenantId: string, projectId?: string): Promise<boolean> {
+    let result
+    if (projectId) {
+      result = await this.pool.query(
+        'DELETE FROM sdk_states WHERE tenant_id = $1 AND project_id = $2',
+        [tenantId, projectId]
+      )
+    } else {
+      result = await this.pool.query(
+        'DELETE FROM sdk_states WHERE tenant_id = $1',
+        [tenantId]
+      )
+    }
     return (result.rowCount ?? 0) > 0
   }
 }
@@ -186,6 +262,7 @@ export async function GET(request: NextRequest) {
   try {
     const { searchParams } = new URL(request.url)
     const tenantId = searchParams.get('tenantId')
+    const projectId = searchParams.get('projectId') || undefined
 
     if (!tenantId) {
       return NextResponse.json(
@@ -194,7 +271,7 @@ export async function GET(request: NextRequest) {
       )
     }
 
-    const stored = await stateStore.get(tenantId)
+    const stored = await stateStore.get(tenantId, projectId)
 
     if (!stored) {
       return NextResponse.json(
@@ -216,6 +293,7 @@ export async function GET(request: NextRequest) {
         success: true,
         data: {
           tenantId,
+          projectId: projectId || null,
           state: stored.state,
           version: stored.version,
           lastModified: stored.updatedAt,
@@ -241,7 +319,7 @@ export async function GET(request: NextRequest) {
 export async function POST(request: NextRequest) {
   try {
     const body = await request.json()
-    const { tenantId, state, version } = body
+    const { tenantId, state, version, projectId } = body
 
     if (!tenantId) {
       return NextResponse.json(
@@ -261,7 +339,7 @@ export async function POST(request: NextRequest) {
     const ifMatch = request.headers.get('If-Match')
     const expectedVersion = ifMatch ? parseInt(ifMatch, 10) : version
 
-    const stored = await stateStore.save(tenantId, state, body.userId, expectedVersion)
+    const stored = await stateStore.save(tenantId, state, body.userId, expectedVersion, projectId || undefined)
 
     const etag = generateETag(stored.version, stored.updatedAt)
 
@@ -270,6 +348,7 @@ export async function POST(request: NextRequest) {
         success: true,
         data: {
           tenantId,
+          projectId: projectId || null,
           state: stored.state,
           version: stored.version,
           lastModified: stored.updatedAt,
@@ -309,6 +388,7 @@ export async function DELETE(request: NextRequest) {
   try {
     const { searchParams } = new URL(request.url)
     const tenantId = searchParams.get('tenantId')
+    const projectId = searchParams.get('projectId') || undefined
 
     if (!tenantId) {
       return NextResponse.json(
@@ -317,7 +397,7 @@ export async function DELETE(request: NextRequest) {
       )
     }
 
-    const deleted = await stateStore.delete(tenantId)
+    const deleted = await stateStore.delete(tenantId, projectId)
 
     if (!deleted) {
       return NextResponse.json(

admin-compliance/app/api/sdk/v1/tom-generator/state/route.ts

@@ -1,119 +1,30 @@
 import { NextRequest, NextResponse } from 'next/server'
-import {
-  TOMGeneratorState,
-  createEmptyTOMGeneratorState,
-} from '@/lib/sdk/tom-generator/types'
 
 /**
- * TOM Generator State API
+ * TOM Generator State API — Proxy to backend-compliance (Python/FastAPI)
  *
  * GET /api/sdk/v1/tom-generator/state?tenantId=xxx - Load TOM generator state
  * POST /api/sdk/v1/tom-generator/state - Save TOM generator state
  * DELETE /api/sdk/v1/tom-generator/state?tenantId=xxx - Clear state
  */
 
-// =============================================================================
-// STORAGE (In-Memory for development)
-// =============================================================================
-
-interface StoredTOMState {
-  state: TOMGeneratorState
-  version: number
-  createdAt: string
-  updatedAt: string
-}
-
-class InMemoryTOMStateStore {
-  private store: Map<string, StoredTOMState> = new Map()
-
-  async get(tenantId: string): Promise<StoredTOMState | null> {
-    return this.store.get(tenantId) || null
-  }
-
-  async save(tenantId: string, state: TOMGeneratorState, expectedVersion?: number): Promise<StoredTOMState> {
-    const existing = this.store.get(tenantId)
-
-    if (expectedVersion !== undefined && existing && existing.version !== expectedVersion) {
-      const error = new Error('Version conflict') as Error & { status: number }
-      error.status = 409
-      throw error
-    }
-
-    const now = new Date().toISOString()
-    const newVersion = existing ? existing.version + 1 : 1
-
-    const stored: StoredTOMState = {
-      state: {
-        ...state,
-        updatedAt: new Date(now),
-      },
-      version: newVersion,
-      createdAt: existing?.createdAt || now,
-      updatedAt: now,
-    }
-
-    this.store.set(tenantId, stored)
-    return stored
-  }
-
-  async delete(tenantId: string): Promise<boolean> {
-    return this.store.delete(tenantId)
-  }
-
-  async list(): Promise<{ tenantId: string; updatedAt: string }[]> {
-    const result: { tenantId: string; updatedAt: string }[] = []
-    this.store.forEach((value, key) => {
-      result.push({ tenantId: key, updatedAt: value.updatedAt })
-    })
-    return result
-  }
-}
-
-const stateStore = new InMemoryTOMStateStore()
-
-// =============================================================================
-// HANDLERS
-// =============================================================================
+const BACKEND_URL = process.env.COMPLIANCE_BACKEND_URL || 'http://backend-compliance:8002'
 
 export async function GET(request: NextRequest) {
   try {
     const { searchParams } = new URL(request.url)
     const tenantId = searchParams.get('tenantId')
 
-    // List all states if no tenantId provided
-    if (!tenantId) {
-      const states = await stateStore.list()
-      return NextResponse.json({
-        success: true,
-        data: states,
-      })
-    }
+    const url = tenantId
+      ? `${BACKEND_URL}/api/compliance/tom/state?tenant_id=${encodeURIComponent(tenantId)}`
+      : `${BACKEND_URL}/api/compliance/tom/state`
 
-    const stored = await stateStore.get(tenantId)
-
-    if (!stored) {
-      // Return empty state for new tenants
-      const emptyState = createEmptyTOMGeneratorState(tenantId)
-      return NextResponse.json({
-        success: true,
-        data: {
-          tenantId,
-          state: emptyState,
-          version: 0,
-          isNew: true,
-        },
-      })
-    }
-
-    return NextResponse.json({
-      success: true,
-      data: {
-        tenantId,
-        state: stored.state,
-        version: stored.version,
-        lastModified: stored.updatedAt,
-      },
+    const res = await fetch(url, {
+      headers: { 'Content-Type': 'application/json' },
     })
+
+    const data = await res.json()
+    return NextResponse.json(data, { status: res.status })
   } catch (error) {
     console.error('Failed to load TOM generator state:', error)
     return NextResponse.json(
@@ -142,65 +53,19 @@ export async function POST(request: NextRequest) {
       )
     }
 
-    // Deserialize dates
-    const parsedState: TOMGeneratorState = {
-      ...state,
-      createdAt: new Date(state.createdAt),
-      updatedAt: new Date(state.updatedAt),
-      steps: state.steps.map((step: { id: string; completed: boolean; data: unknown; validatedAt: string | null }) => ({
-        ...step,
-        validatedAt: step.validatedAt ? new Date(step.validatedAt) : null,
-      })),
-      documents: state.documents?.map((doc: { uploadedAt: string; validFrom?: string; validUntil?: string; aiAnalysis?: { analyzedAt: string } }) => ({
-        ...doc,
-        uploadedAt: new Date(doc.uploadedAt),
-        validFrom: doc.validFrom ? new Date(doc.validFrom) : null,
-        validUntil: doc.validUntil ? new Date(doc.validUntil) : null,
-        aiAnalysis: doc.aiAnalysis ? {
-          ...doc.aiAnalysis,
-          analyzedAt: new Date(doc.aiAnalysis.analyzedAt),
-        } : null,
-      })) || [],
-      derivedTOMs: state.derivedTOMs?.map((tom: { implementationDate?: string; reviewDate?: string }) => ({
-        ...tom,
-        implementationDate: tom.implementationDate ? new Date(tom.implementationDate) : null,
-        reviewDate: tom.reviewDate ? new Date(tom.reviewDate) : null,
-      })) || [],
-      gapAnalysis: state.gapAnalysis ? {
-        ...state.gapAnalysis,
-        generatedAt: new Date(state.gapAnalysis.generatedAt),
-      } : null,
-      exports: state.exports?.map((exp: { generatedAt: string }) => ({
-        ...exp,
-        generatedAt: new Date(exp.generatedAt),
-      })) || [],
-    }
-
-    const stored = await stateStore.save(tenantId, parsedState, version)
-
-    return NextResponse.json({
-      success: true,
-      data: {
-        tenantId,
-        state: stored.state,
-        version: stored.version,
-        lastModified: stored.updatedAt,
-      },
+    const res = await fetch(`${BACKEND_URL}/api/compliance/tom/state`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        tenant_id: tenantId,
+        state,
+        version,
+      }),
     })
+
+    const data = await res.json()
+    return NextResponse.json(data, { status: res.status })
   } catch (error) {
-    const err = error as Error & { status?: number }
-
-    if (err.status === 409 || err.message === 'Version conflict') {
-      return NextResponse.json(
-        {
-          success: false,
-          error: 'Version conflict. State was modified by another request.',
-          code: 'VERSION_CONFLICT',
-        },
-        { status: 409 }
-      )
-    }
-
     console.error('Failed to save TOM generator state:', error)
     return NextResponse.json(
       { success: false, error: 'Failed to save state' },
@@ -221,14 +86,16 @@ export async function DELETE(request: NextRequest) {
       )
     }
 
-    const deleted = await stateStore.delete(tenantId)
+    const res = await fetch(
+      `${BACKEND_URL}/api/compliance/tom/state?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        method: 'DELETE',
+        headers: { 'Content-Type': 'application/json' },
+      }
+    )
 
-    return NextResponse.json({
-      success: true,
-      tenantId,
-      deleted,
-      deletedAt: new Date().toISOString(),
-    })
+    const data = await res.json()
+    return NextResponse.json(data, { status: res.status })
   } catch (error) {
     console.error('Failed to delete TOM generator state:', error)
     return NextResponse.json(

admin-compliance/app/api/sdk/v1/training/[[...path]]/route.ts

@@ -53,7 +53,18 @@ async function proxyRequest(
       }
     }
 
-    const response = await fetch(url, fetchOptions)
+    const response = await fetch(url, {
+      ...fetchOptions,
+      redirect: 'manual',
+    })
+
+    // Handle redirects (e.g. media stream presigned URL)
+    if (response.status === 307 || response.status === 302) {
+      const location = response.headers.get('location')
+      if (location) {
+        return NextResponse.redirect(location)
+      }
+    }
 
     if (!response.ok) {
       const errorText = await response.text()
@@ -69,6 +80,19 @@ async function proxyRequest(
       )
     }
 
+    // Handle binary responses (PDF, octet-stream)
+    const contentType = response.headers.get('content-type') || ''
+    if (contentType.includes('application/pdf') || contentType.includes('application/octet-stream')) {
+      const buffer = await response.arrayBuffer()
+      return new NextResponse(buffer, {
+        status: response.status,
+        headers: {
+          'Content-Type': contentType,
+          'Content-Disposition': response.headers.get('content-disposition') || '',
+        },
+      })
+    }
+
     const data = await response.json()
     return NextResponse.json(data)
   } catch (error) {

admin-compliance/app/api/sdk/v1/ucca/decision-tree/[[...path]]/route.ts

@@ -0,0 +1,57 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_URL = process.env.SDK_URL || 'http://ai-compliance-sdk:8090'
+const DEFAULT_TENANT = process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+
+/**
+ * Proxy: /api/sdk/v1/ucca/decision-tree/... → Go Backend /sdk/v1/ucca/decision-tree/...
+ */
+async function proxyRequest(request: NextRequest, { params }: { params: Promise<{ path: string[] }> }) {
+  const { path } = await params
+  const subPath = path ? path.join('/') : ''
+  const search = request.nextUrl.search || ''
+  const targetUrl = `${SDK_URL}/sdk/v1/ucca/decision-tree/${subPath}${search}`
+
+  const tenantID = request.headers.get('X-Tenant-ID') || DEFAULT_TENANT
+
+  try {
+    const headers: Record<string, string> = {
+      'X-Tenant-ID': tenantID,
+    }
+
+    const fetchOptions: RequestInit = {
+      method: request.method,
+      headers,
+    }
+
+    if (request.method === 'POST' || request.method === 'PUT' || request.method === 'PATCH') {
+      const body = await request.json()
+      headers['Content-Type'] = 'application/json'
+      fetchOptions.body = JSON.stringify(body)
+    }
+
+    const response = await fetch(targetUrl, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      console.error(`Decision tree proxy error [${request.method} ${subPath}]:`, errorText)
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data, { status: response.status })
+  } catch (error) {
+    console.error('Decision tree proxy connection error:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to AI compliance backend' },
+      { status: 503 }
+    )
+  }
+}
+
+export const GET = proxyRequest
+export const POST = proxyRequest
+export const DELETE = proxyRequest

admin-compliance/app/api/sdk/v1/ucca/decision-tree/route.ts

@@ -0,0 +1,36 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_URL = process.env.SDK_URL || 'http://ai-compliance-sdk:8090'
+const DEFAULT_TENANT = process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+
+/**
+ * Proxy: GET /api/sdk/v1/ucca/decision-tree → Go Backend GET /sdk/v1/ucca/decision-tree
+ * Returns the decision tree definition (questions, structure)
+ */
+export async function GET(request: NextRequest) {
+  const tenantID = request.headers.get('X-Tenant-ID') || DEFAULT_TENANT
+
+  try {
+    const response = await fetch(`${SDK_URL}/sdk/v1/ucca/decision-tree`, {
+      headers: { 'X-Tenant-ID': tenantID },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      console.error('Decision tree GET error:', errorText)
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Decision tree proxy error:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to AI compliance backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/ucca/obligations/[[...path]]/route.ts

@@ -0,0 +1,39 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_BASE_URL = process.env.SDK_BASE_URL || 'http://localhost:8085'
+
+const DEFAULT_TENANT_ID = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+const DEFAULT_USER_ID = 'admin'
+
+async function proxyRequest(request: NextRequest, method: string) {
+  try {
+    const pathSegments = request.nextUrl.pathname.replace('/api/sdk/v1/ucca/obligations/', '')
+    const targetUrl = `${SDK_BASE_URL}/sdk/v1/ucca/obligations/${pathSegments}${request.nextUrl.search}`
+
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+      'X-Tenant-ID': request.headers.get('X-Tenant-ID') || DEFAULT_TENANT_ID,
+      'X-User-ID': request.headers.get('X-User-ID') || DEFAULT_USER_ID,
+    }
+
+    const fetchOptions: RequestInit = { method, headers }
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      fetchOptions.body = await request.text()
+    }
+
+    const response = await fetch(targetUrl, fetchOptions)
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'SDK backend error', details: errorText }, { status: response.status })
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('UCCA obligations proxy error:', error)
+    return NextResponse.json({ error: 'Failed to connect to SDK backend' }, { status: 503 })
+  }
+}
+
+export async function GET(request: NextRequest) { return proxyRequest(request, 'GET') }
+export async function POST(request: NextRequest) { return proxyRequest(request, 'POST') }

admin-compliance/app/api/sdk/v1/ucca/obligations/assess/route.ts

@@ -2,19 +2,19 @@ import { NextRequest, NextResponse } from 'next/server'
 
 const SDK_BASE_URL = process.env.SDK_BASE_URL || 'http://localhost:8085'
 
+const DEFAULT_TENANT_ID = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+const DEFAULT_USER_ID = 'admin'
+
 export async function POST(request: NextRequest) {
   try {
     const body = await request.json()
 
-    // Forward the request to the SDK backend
     const response = await fetch(`${SDK_BASE_URL}/sdk/v1/ucca/obligations/assess`, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/json',
-        // Forward tenant ID if present
-        ...(request.headers.get('X-Tenant-ID') && {
-          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
-        }),
+        'X-Tenant-ID': request.headers.get('X-Tenant-ID') || DEFAULT_TENANT_ID,
+        'X-User-ID': request.headers.get('X-User-ID') || DEFAULT_USER_ID,
       },
       body: JSON.stringify(body),
     })

admin-compliance/app/api/sdk/v1/ucca/obligations/export/direct/route.ts

@@ -2,19 +2,19 @@ import { NextRequest, NextResponse } from 'next/server'
 
 const SDK_BASE_URL = process.env.SDK_BASE_URL || 'http://localhost:8085'
 
+const DEFAULT_TENANT_ID = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+const DEFAULT_USER_ID = 'admin'
+
 export async function POST(request: NextRequest) {
   try {
     const body = await request.json()
 
-    // Forward the request to the SDK backend
     const response = await fetch(`${SDK_BASE_URL}/sdk/v1/ucca/obligations/export/direct`, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/json',
-        // Forward tenant ID if present
-        ...(request.headers.get('X-Tenant-ID') && {
-          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
-        }),
+        'X-Tenant-ID': request.headers.get('X-Tenant-ID') || DEFAULT_TENANT_ID,
+        'X-User-ID': request.headers.get('X-User-ID') || DEFAULT_USER_ID,
       },
       body: JSON.stringify(body),
     })

admin-compliance/app/api/sdk/v1/vendor-compliance/[[...path]]/route.ts

@@ -0,0 +1,122 @@
+/**
+ * Vendor Compliance API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/vendor-compliance/* requests to backend-compliance
+ *
+ * Backend routes: vendors, contracts, findings, control-instances, controls, export
+ * All under /api/compliance/vendor-compliance/ prefix on backend-compliance:8002
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${BACKEND_URL}/api/compliance/vendor-compliance`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Vendor Compliance API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum Compliance Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/vendor-compliance/contracts/route.ts

@@ -1,88 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server'
-import { v4 as uuidv4 } from 'uuid'
-import { ContractDocument } from '@/lib/sdk/vendor-compliance'
-
-// In-memory storage for demo purposes
-const contracts: Map<string, ContractDocument> = new Map()
-
-export async function GET(request: NextRequest) {
-  try {
-    const contractList = Array.from(contracts.values())
-
-    return NextResponse.json({
-      success: true,
-      data: contractList,
-      timestamp: new Date().toISOString(),
-    })
-  } catch (error) {
-    console.error('Error fetching contracts:', error)
-    return NextResponse.json(
-      { success: false, error: 'Failed to fetch contracts' },
-      { status: 500 }
-    )
-  }
-}
-
-export async function POST(request: NextRequest) {
-  try {
-    // Handle multipart form data for file upload
-    const formData = await request.formData()
-    const file = formData.get('file') as File | null
-    const vendorId = formData.get('vendorId') as string
-    const metadataStr = formData.get('metadata') as string
-
-    if (!file || !vendorId) {
-      return NextResponse.json(
-        { success: false, error: 'File and vendorId are required' },
-        { status: 400 }
-      )
-    }
-
-    const metadata = metadataStr ? JSON.parse(metadataStr) : {}
-    const id = uuidv4()
-
-    // In production, upload file to storage (MinIO, S3, etc.)
-    const storagePath = `contracts/${id}/${file.name}`
-
-    const contract: ContractDocument = {
-      id,
-      tenantId: 'default',
-      vendorId,
-      fileName: `${id}-${file.name}`,
-      originalName: file.name,
-      mimeType: file.type,
-      fileSize: file.size,
-      storagePath,
-      documentType: metadata.documentType || 'OTHER',
-      version: metadata.version || '1.0',
-      previousVersionId: metadata.previousVersionId,
-      parties: metadata.parties,
-      effectiveDate: metadata.effectiveDate ? new Date(metadata.effectiveDate) : undefined,
-      expirationDate: metadata.expirationDate ? new Date(metadata.expirationDate) : undefined,
-      autoRenewal: metadata.autoRenewal,
-      renewalNoticePeriod: metadata.renewalNoticePeriod,
-      terminationNoticePeriod: metadata.terminationNoticePeriod,
-      reviewStatus: 'PENDING',
-      status: 'DRAFT',
-      createdAt: new Date(),
-      updatedAt: new Date(),
-    }
-
-    contracts.set(id, contract)
-
-    return NextResponse.json(
-      {
-        success: true,
-        data: contract,
-        timestamp: new Date().toISOString(),
-      },
-      { status: 201 }
-    )
-  } catch (error) {
-    console.error('Error uploading contract:', error)
-    return NextResponse.json(
-      { success: false, error: 'Failed to upload contract' },
-      { status: 500 }
-    )
-  }
-}

admin-compliance/app/api/sdk/v1/vendor-compliance/controls/route.ts

@@ -1,28 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server'
-import { CONTROLS_LIBRARY } from '@/lib/sdk/vendor-compliance'
-
-export async function GET(request: NextRequest) {
-  try {
-    const searchParams = request.nextUrl.searchParams
-    const domain = searchParams.get('domain')
-
-    let controls = [...CONTROLS_LIBRARY]
-
-    // Filter by domain if provided
-    if (domain) {
-      controls = controls.filter((c) => c.domain === domain)
-    }
-
-    return NextResponse.json({
-      success: true,
-      data: controls,
-      timestamp: new Date().toISOString(),
-    })
-  } catch (error) {
-    console.error('Error fetching controls:', error)
-    return NextResponse.json(
-      { success: false, error: 'Failed to fetch controls' },
-      { status: 500 }
-    )
-  }
-}

admin-compliance/app/api/sdk/v1/vendor-compliance/export/[reportId]/download/route.ts

@@ -1,75 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server'
-
-/**
- * GET /api/sdk/v1/vendor-compliance/export/[reportId]/download
- *
- * Download a generated report file.
- * In production, this would redirect to a signed MinIO/S3 URL or stream the file.
- */
-export async function GET(
-  request: NextRequest,
-  { params }: { params: Promise<{ reportId: string }> }
-) {
-  const { reportId } = await params
-
-  // TODO: Implement actual file download
-  // This would typically:
-  // 1. Verify report exists and user has access
-  // 2. Generate signed URL for MinIO/S3
-  // 3. Redirect to signed URL or stream file
-
-  // For now, return a placeholder PDF
-  const placeholderContent = `
-%PDF-1.4
-1 0 obj
-<< /Type /Catalog /Pages 2 0 R >>
-endobj
-2 0 obj
-<< /Type /Pages /Kids [3 0 R] /Count 1 >>
-endobj
-3 0 obj
-<< /Type /Page /Parent 2 0 R /MediaBox [0 0 612 792] /Contents 4 0 R /Resources << /Font << /F1 5 0 R >> >> >>
-endobj
-4 0 obj
-<< /Length 200 >>
-stream
-BT
-/F1 24 Tf
-100 700 Td
-(Vendor Compliance Report) Tj
-/F1 12 Tf
-100 650 Td
-(Report ID: ${reportId}) Tj
-100 620 Td
-(Generated: ${new Date().toISOString()}) Tj
-100 580 Td
-(This is a placeholder. Implement actual report generation.) Tj
-ET
-endstream
-endobj
-5 0 obj
-<< /Type /Font /Subtype /Type1 /BaseFont /Helvetica >>
-endobj
-xref
-0 6
-0000000000 65535 f
-0000000009 00000 n
-0000000058 00000 n
-0000000115 00000 n
-0000000266 00000 n
-0000000519 00000 n
-trailer
-<< /Size 6 /Root 1 0 R >>
-startxref
-598
-%%EOF
-`.trim()
-
-  // Return as PDF
-  return new NextResponse(placeholderContent, {
-    headers: {
-      'Content-Type': 'application/pdf',
-      'Content-Disposition': `attachment; filename="Report_${reportId.slice(0, 8)}.pdf"`,
-    },
-  })
-}

admin-compliance/app/api/sdk/v1/vendor-compliance/export/[reportId]/route.ts

@@ -1,44 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server'
-
-/**
- * GET /api/sdk/v1/vendor-compliance/export/[reportId]
- *
- * Get report metadata by ID.
- */
-export async function GET(
-  request: NextRequest,
-  { params }: { params: Promise<{ reportId: string }> }
-) {
-  const { reportId } = await params
-
-  // TODO: Fetch report metadata from database
-  // For now, return mock data
-
-  return NextResponse.json({
-    id: reportId,
-    status: 'completed',
-    filename: `Report_${reportId.slice(0, 8)}.pdf`,
-    generatedAt: new Date().toISOString(),
-    expiresAt: new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString(), // 24h
-  })
-}
-
-/**
- * DELETE /api/sdk/v1/vendor-compliance/export/[reportId]
- *
- * Delete a generated report.
- */
-export async function DELETE(
-  request: NextRequest,
-  { params }: { params: Promise<{ reportId: string }> }
-) {
-  const { reportId } = await params
-
-  // TODO: Delete report from storage and database
-  console.log('Deleting report:', reportId)
-
-  return NextResponse.json({
-    success: true,
-    deletedId: reportId,
-  })
-}

admin-compliance/app/api/sdk/v1/vendor-compliance/export/route.ts

@@ -1,118 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server'
-import { v4 as uuidv4 } from 'uuid'
-
-/**
- * POST /api/sdk/v1/vendor-compliance/export
- *
- * Generate and export reports in various formats.
- * Currently returns mock data - integrate with actual report generation service.
- */
-
-interface ExportConfig {
-  reportType: 'VVT_EXPORT' | 'VENDOR_AUDIT' | 'ROPA' | 'MANAGEMENT_SUMMARY' | 'DPIA_INPUT'
-  format: 'PDF' | 'DOCX' | 'XLSX' | 'JSON'
-  scope: {
-    vendorIds: string[]
-    processingActivityIds: string[]
-    includeFindings: boolean
-    includeControls: boolean
-    includeRiskAssessment: boolean
-    dateRange?: {
-      from: string
-      to: string
-    }
-  }
-}
-
-const REPORT_TYPE_NAMES: Record<ExportConfig['reportType'], string> = {
-  VVT_EXPORT: 'Verarbeitungsverzeichnis',
-  VENDOR_AUDIT: 'Vendor-Audit-Pack',
-  ROPA: 'RoPA',
-  MANAGEMENT_SUMMARY: 'Management-Summary',
-  DPIA_INPUT: 'DSFA-Input',
-}
-
-const FORMAT_EXTENSIONS: Record<ExportConfig['format'], string> = {
-  PDF: 'pdf',
-  DOCX: 'docx',
-  XLSX: 'xlsx',
-  JSON: 'json',
-}
-
-export async function POST(request: NextRequest) {
-  try {
-    const config = (await request.json()) as ExportConfig
-
-    // Validate request
-    if (!config.reportType || !config.format) {
-      return NextResponse.json(
-        { error: 'reportType and format are required' },
-        { status: 400 }
-      )
-    }
-
-    // Generate report ID and filename
-    const reportId = uuidv4()
-    const timestamp = new Date().toISOString().slice(0, 10).replace(/-/g, '')
-    const filename = `${REPORT_TYPE_NAMES[config.reportType]}_${timestamp}.${FORMAT_EXTENSIONS[config.format]}`
-
-    // TODO: Implement actual report generation
-    // This would typically:
-    // 1. Fetch data from database based on scope
-    // 2. Generate report using template engine (e.g., docx-templates, pdfkit)
-    // 3. Store in MinIO/S3
-    // 4. Return download URL
-
-    // Mock implementation - simulate processing time
-    await new Promise((resolve) => setTimeout(resolve, 500))
-
-    // In production, this would be a signed URL to MinIO/S3
-    const downloadUrl = `/api/sdk/v1/vendor-compliance/export/${reportId}/download`
-
-    // Log export for audit trail
-    console.log('Export generated:', {
-      reportId,
-      reportType: config.reportType,
-      format: config.format,
-      scope: config.scope,
-      filename,
-      generatedAt: new Date().toISOString(),
-    })
-
-    return NextResponse.json({
-      id: reportId,
-      reportType: config.reportType,
-      format: config.format,
-      filename,
-      downloadUrl,
-      generatedAt: new Date().toISOString(),
-      scope: {
-        vendorCount: config.scope.vendorIds?.length || 0,
-        activityCount: config.scope.processingActivityIds?.length || 0,
-        includesFindings: config.scope.includeFindings,
-        includesControls: config.scope.includeControls,
-        includesRiskAssessment: config.scope.includeRiskAssessment,
-      },
-    })
-  } catch (error) {
-    console.error('Export error:', error)
-    return NextResponse.json(
-      { error: 'Failed to generate export' },
-      { status: 500 }
-    )
-  }
-}
-
-/**
- * GET /api/sdk/v1/vendor-compliance/export
- *
- * List recent exports for the current tenant.
- */
-export async function GET() {
-  // TODO: Implement fetching recent exports from database
-  // For now, return empty list
-  return NextResponse.json({
-    exports: [],
-    totalCount: 0,
-  })
-}

admin-compliance/app/api/sdk/v1/vendor-compliance/findings/route.ts

@@ -1,43 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server'
-import { Finding } from '@/lib/sdk/vendor-compliance'
-
-// In-memory storage for demo purposes
-const findings: Map<string, Finding> = new Map()
-
-export async function GET(request: NextRequest) {
-  try {
-    const searchParams = request.nextUrl.searchParams
-    const vendorId = searchParams.get('vendorId')
-    const contractId = searchParams.get('contractId')
-    const status = searchParams.get('status')
-
-    let findingsList = Array.from(findings.values())
-
-    // Filter by vendor
-    if (vendorId) {
-      findingsList = findingsList.filter((f) => f.vendorId === vendorId)
-    }
-
-    // Filter by contract
-    if (contractId) {
-      findingsList = findingsList.filter((f) => f.contractId === contractId)
-    }
-
-    // Filter by status
-    if (status) {
-      findingsList = findingsList.filter((f) => f.status === status)
-    }
-
-    return NextResponse.json({
-      success: true,
-      data: findingsList,
-      timestamp: new Date().toISOString(),
-    })
-  } catch (error) {
-    console.error('Error fetching findings:', error)
-    return NextResponse.json(
-      { success: false, error: 'Failed to fetch findings' },
-      { status: 500 }
-    )
-  }
-}

admin-compliance/app/api/sdk/v1/vendor-compliance/processing-activities/[id]/route.ts

@@ -1,70 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server'
-
-// This would reference the same storage as the main route
-// In production, this would be database calls
-
-export async function GET(
-  request: NextRequest,
-  { params }: { params: Promise<{ id: string }> }
-) {
-  try {
-    const { id } = await params
-
-    // In production, fetch from database
-    return NextResponse.json({
-      success: true,
-      data: null, // Would return the activity
-      timestamp: new Date().toISOString(),
-    })
-  } catch (error) {
-    console.error('Error fetching processing activity:', error)
-    return NextResponse.json(
-      { success: false, error: 'Failed to fetch processing activity' },
-      { status: 500 }
-    )
-  }
-}
-
-export async function PUT(
-  request: NextRequest,
-  { params }: { params: Promise<{ id: string }> }
-) {
-  try {
-    const { id } = await params
-    const body = await request.json()
-
-    // In production, update in database
-    return NextResponse.json({
-      success: true,
-      data: { id, ...body, updatedAt: new Date() },
-      timestamp: new Date().toISOString(),
-    })
-  } catch (error) {
-    console.error('Error updating processing activity:', error)
-    return NextResponse.json(
-      { success: false, error: 'Failed to update processing activity' },
-      { status: 500 }
-    )
-  }
-}
-
-export async function DELETE(
-  request: NextRequest,
-  { params }: { params: Promise<{ id: string }> }
-) {
-  try {
-    const { id } = await params
-
-    // In production, delete from database
-    return NextResponse.json({
-      success: true,
-      timestamp: new Date().toISOString(),
-    })
-  } catch (error) {
-    console.error('Error deleting processing activity:', error)
-    return NextResponse.json(
-      { success: false, error: 'Failed to delete processing activity' },
-      { status: 500 }
-    )
-  }
-}

admin-compliance/app/api/sdk/v1/vendor-compliance/processing-activities/route.ts

@@ -1,84 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server'
-import { v4 as uuidv4 } from 'uuid'
-import { ProcessingActivity, generateVVTId } from '@/lib/sdk/vendor-compliance'
-
-// In-memory storage for demo purposes
-// In production, this would be replaced with database calls
-const processingActivities: Map<string, ProcessingActivity> = new Map()
-
-export async function GET(request: NextRequest) {
-  try {
-    const activities = Array.from(processingActivities.values())
-
-    return NextResponse.json({
-      success: true,
-      data: activities,
-      timestamp: new Date().toISOString(),
-    })
-  } catch (error) {
-    console.error('Error fetching processing activities:', error)
-    return NextResponse.json(
-      { success: false, error: 'Failed to fetch processing activities' },
-      { status: 500 }
-    )
-  }
-}
-
-export async function POST(request: NextRequest) {
-  try {
-    const body = await request.json()
-
-    // Generate IDs
-    const id = uuidv4()
-    const existingIds = Array.from(processingActivities.values()).map((a) => a.vvtId)
-    const vvtId = body.vvtId || generateVVTId(existingIds)
-
-    const activity: ProcessingActivity = {
-      id,
-      tenantId: 'default', // Would come from auth context
-      vvtId,
-      name: body.name,
-      responsible: body.responsible,
-      dpoContact: body.dpoContact,
-      purposes: body.purposes || [],
-      dataSubjectCategories: body.dataSubjectCategories || [],
-      personalDataCategories: body.personalDataCategories || [],
-      recipientCategories: body.recipientCategories || [],
-      thirdCountryTransfers: body.thirdCountryTransfers || [],
-      retentionPeriod: body.retentionPeriod || { description: { de: '', en: '' } },
-      technicalMeasures: body.technicalMeasures || [],
-      legalBasis: body.legalBasis || [],
-      dataSources: body.dataSources || [],
-      systems: body.systems || [],
-      dataFlows: body.dataFlows || [],
-      protectionLevel: body.protectionLevel || 'MEDIUM',
-      dpiaRequired: body.dpiaRequired || false,
-      dpiaJustification: body.dpiaJustification,
-      subProcessors: body.subProcessors || [],
-      legalRetentionBasis: body.legalRetentionBasis,
-      status: body.status || 'DRAFT',
-      owner: body.owner || '',
-      lastReviewDate: body.lastReviewDate,
-      nextReviewDate: body.nextReviewDate,
-      createdAt: new Date(),
-      updatedAt: new Date(),
-    }
-
-    processingActivities.set(id, activity)
-
-    return NextResponse.json(
-      {
-        success: true,
-        data: activity,
-        timestamp: new Date().toISOString(),
-      },
-      { status: 201 }
-    )
-  } catch (error) {
-    console.error('Error creating processing activity:', error)
-    return NextResponse.json(
-      { success: false, error: 'Failed to create processing activity' },
-      { status: 500 }
-    )
-  }
-}

admin-compliance/app/api/sdk/v1/vendor-compliance/vendors/route.ts

@@ -1,82 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server'
-import { v4 as uuidv4 } from 'uuid'
-import { Vendor } from '@/lib/sdk/vendor-compliance'
-
-// In-memory storage for demo purposes
-const vendors: Map<string, Vendor> = new Map()
-
-export async function GET(request: NextRequest) {
-  try {
-    const vendorList = Array.from(vendors.values())
-
-    return NextResponse.json({
-      success: true,
-      data: vendorList,
-      timestamp: new Date().toISOString(),
-    })
-  } catch (error) {
-    console.error('Error fetching vendors:', error)
-    return NextResponse.json(
-      { success: false, error: 'Failed to fetch vendors' },
-      { status: 500 }
-    )
-  }
-}
-
-export async function POST(request: NextRequest) {
-  try {
-    const body = await request.json()
-    const id = uuidv4()
-
-    const vendor: Vendor = {
-      id,
-      tenantId: 'default',
-      name: body.name,
-      legalForm: body.legalForm,
-      country: body.country,
-      address: body.address,
-      website: body.website,
-      role: body.role,
-      serviceDescription: body.serviceDescription,
-      serviceCategory: body.serviceCategory,
-      dataAccessLevel: body.dataAccessLevel || 'NONE',
-      processingLocations: body.processingLocations || [],
-      transferMechanisms: body.transferMechanisms || [],
-      certifications: body.certifications || [],
-      primaryContact: body.primaryContact,
-      dpoContact: body.dpoContact,
-      securityContact: body.securityContact,
-      contractTypes: body.contractTypes || [],
-      contracts: body.contracts || [],
-      inherentRiskScore: body.inherentRiskScore || 50,
-      residualRiskScore: body.residualRiskScore || 50,
-      manualRiskAdjustment: body.manualRiskAdjustment,
-      riskJustification: body.riskJustification,
-      reviewFrequency: body.reviewFrequency || 'ANNUAL',
-      lastReviewDate: body.lastReviewDate,
-      nextReviewDate: body.nextReviewDate,
-      status: body.status || 'ACTIVE',
-      processingActivityIds: body.processingActivityIds || [],
-      notes: body.notes,
-      createdAt: new Date(),
-      updatedAt: new Date(),
-    }
-
-    vendors.set(id, vendor)
-
-    return NextResponse.json(
-      {
-        success: true,
-        data: vendor,
-        timestamp: new Date().toISOString(),
-      },
-      { status: 201 }
-    )
-  } catch (error) {
-    console.error('Error creating vendor:', error)
-    return NextResponse.json(
-      { success: false, error: 'Failed to create vendor' },
-      { status: 500 }
-    )
-  }
-}

admin-compliance/app/api/sdk/v1/wiki/route.ts

@@ -0,0 +1,87 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: GET /api/sdk/v1/wiki?endpoint=...
+ *
+ * Routes to backend wiki endpoints:
+ *   endpoint=categories  → GET /api/compliance/v1/wiki/categories
+ *   endpoint=articles    → GET /api/compliance/v1/wiki/articles(?category_id=...)
+ *   endpoint=search      → GET /api/compliance/v1/wiki/search?q=...
+ *   endpoint=article&id= → GET /api/compliance/v1/wiki/articles/{id}
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const endpoint = searchParams.get('endpoint') || 'categories'
+
+    let backendPath: string
+
+    switch (endpoint) {
+      case 'categories':
+        backendPath = '/api/compliance/v1/wiki/categories'
+        break
+
+      case 'articles': {
+        const categoryId = searchParams.get('category_id')
+        backendPath = '/api/compliance/v1/wiki/articles'
+        if (categoryId) {
+          backendPath += `?category_id=${encodeURIComponent(categoryId)}`
+        }
+        break
+      }
+
+      case 'article': {
+        const articleId = searchParams.get('id')
+        if (!articleId) {
+          return NextResponse.json(
+            { error: 'Missing article id' },
+            { status: 400 }
+          )
+        }
+        backendPath = `/api/compliance/v1/wiki/articles/${encodeURIComponent(articleId)}`
+        break
+      }
+
+      case 'search': {
+        const query = searchParams.get('q')
+        if (!query) {
+          return NextResponse.json(
+            { error: 'Missing search query' },
+            { status: 400 }
+          )
+        }
+        backendPath = `/api/compliance/v1/wiki/search?q=${encodeURIComponent(query)}`
+        break
+      }
+
+      default:
+        return NextResponse.json(
+          { error: `Unknown endpoint: ${endpoint}` },
+          { status: 400 }
+        )
+    }
+
+    const response = await fetch(`${BACKEND_URL}${backendPath}`)
+
+    if (!response.ok) {
+      if (response.status === 404) {
+        return NextResponse.json(null, { status: 404 })
+      }
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Wiki proxy error:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/workshops/[[...path]]/route.ts

@@ -0,0 +1,119 @@
+/**
+ * Workshop API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/workshops/* requests to ai-compliance-sdk backend
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${SDK_BACKEND_URL}/sdk/v1/workshops`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Workshop API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum SDK Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}