docs: SDK-Flow + Wiki — EU Registration Step + 4 Domain-Artikel

1. SDK-Flow: Neuer Step "EU AI Database Registrierung" (seq 350, CP-REG)
2. Wiki: 4 Domain-Compliance-Artikel (Recruiting, Bildung, Gesundheit, Finance)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.claude/CLAUDE.md

@@ -2,67 +2,127 @@
 
 ## Entwicklungsumgebung (WICHTIG - IMMER ZUERST LESEN)
 
-### Zwei-Rechner-Setup
+### Zwei-Rechner-Setup + Coolify
 
 | Geraet | Rolle | Aufgaben |
 |--------|-------|----------|
 | **MacBook** | Entwicklung | Claude Terminal, Code-Entwicklung, Browser (Frontend-Tests) |
-| **Mac Mini** | Server | Docker, alle Services, Tests, Builds, Deployment |
+| **Mac Mini** | Lokaler Server | Docker fuer lokale Dev/Tests (NICHT fuer Production!) |
+| **Coolify** | Production | Automatisches Build + Deploy bei Push auf gitea |
 
-**WICHTIG:** Code wird direkt auf dem MacBook in diesem Repo bearbeitet. Docker und Services laufen auf dem Mac Mini.
+**WICHTIG:** Code wird auf dem MacBook bearbeitet. Production-Deployment laeuft automatisch ueber Coolify.
 
-### Entwicklungsworkflow
+### Entwicklungsworkflow (CI/CD — Coolify)
 
 ```bash
 # 1. Code auf MacBook bearbeiten (dieses Verzeichnis)
-# 2. Committen und pushen:
+# 2. Committen und zu BEIDEN Remotes pushen:
 git push origin main && git push gitea main
 
-# 3. Auf Mac Mini pullen und Container neu bauen:
-ssh macmini "cd /Users/benjaminadmin/Projekte/breakpilot-compliance && git pull --no-rebase origin main"
-ssh macmini "cd /Users/benjaminadmin/Projekte/breakpilot-compliance && /usr/local/bin/docker compose build --no-cache <service> && /usr/local/bin/docker compose up -d <service>"
+# 3. FERTIG! Push auf gitea triggert automatisch:
+#    - Gitea Actions: Lint → Tests → Validierung
+#    - Coolify: Build → Deploy
+#    Dauer: ca. 3 Minuten
+#    Status pruefen: https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions
+```
+
+**NICHT MEHR NOETIG:** Manuelles `ssh macmini "docker compose build"` fuer Production.
+**NIEMALS** manuell in Coolify auf "Redeploy" klicken — Gitea Actions triggert Coolify automatisch.
+
+### Post-Push Deploy-Monitoring (PFLICHT nach jedem Push auf gitea)
+
+**IMMER wenn Claude auf gitea pusht, MUSS danach automatisch das Deploy-Monitoring laufen:**
+
+1. Dem User sofort mitteilen: "Deploy gestartet, ich ueberwache den Status..."
+2. Im Hintergrund Health-Checks pollen (alle 20 Sekunden, max 5 Minuten):
+   ```bash
+   # Compliance Health-Endpoints:
+   curl -sf https://api-dev.breakpilot.ai/health    # Backend Compliance
+   curl -sf https://sdk-dev.breakpilot.ai/health     # AI Compliance SDK
+   ```
+3. Sobald ALLE Endpoints healthy sind, dem User im Chat melden:
+   **"Deploy abgeschlossen! Du kannst jetzt testen: https://admin-dev.breakpilot.ai"**
+4. Falls nach 5 Minuten noch nicht healthy → Fehlermeldung mit Hinweis auf Coolify-Logs.
+
+**Ablauf im Terminal:**
+```
+> git push gitea main ✓
+> "Deploy gestartet, ich ueberwache den Status..."
+> [Hintergrund-Polling laeuft]
+> "Deploy abgeschlossen! Alle Services healthy. Du kannst jetzt testen."
+```
+
+### CI/CD Pipeline (Gitea Actions → Coolify)
+
+```
+Push auf gitea main → go-lint/python-lint/nodejs-lint (nur PRs)
+                    → test-go-ai-compliance
+                    → test-python-backend-compliance
+                    → test-python-document-crawler
+                    → test-python-dsms-gateway
+                    → validate-canonical-controls
+                    → Coolify: Build + Deploy (automatisch bei Push)
+```
+
+**Dateien:**
+- `.gitea/workflows/ci.yaml` — Pipeline-Definition (Tests + Validierung)
+- `docker-compose.yml` — Haupt-Compose
+- `docker-compose.hetzner.yml` — Override: arm64→amd64 fuer Coolify Production (x86_64)
+
+### Lokale Entwicklung (Mac Mini — optional)
+
+```bash
+# Nur fuer lokale Tests, NICHT fuer Production:
+ssh macmini "git -C /Users/benjaminadmin/Projekte/breakpilot-compliance pull --no-rebase origin main"
+ssh macmini "/usr/local/bin/docker compose -f /Users/benjaminadmin/Projekte/breakpilot-compliance/docker-compose.yml build --no-cache <service>"
+ssh macmini "/usr/local/bin/docker compose -f /Users/benjaminadmin/Projekte/breakpilot-compliance/docker-compose.yml up -d <service>"
 
 # Fuer schnelle Iteration ohne Commit (rsync):
 rsync -avz --exclude node_modules --exclude .next --exclude .git \
   admin-compliance/ macmini:~/Projekte/breakpilot-compliance/admin-compliance/
 ```
 
-### SSH-Verbindung (fuer Docker/Tests)
-
-```bash
-ssh macmini "cd /Users/benjaminadmin/Projekte/breakpilot-compliance && <cmd>"
-```
+**WICHTIG:** Docker-Pfad auf Mac Mini ist `/usr/local/bin/docker` (nicht im Standard-SSH-PATH).
+**WICHTIG:** `cd` funktioniert NICHT in SSH-Einzelbefehlen — immer `-f <pfad>/docker-compose.yml` verwenden!
 
 ---
 
 ## Voraussetzung
 
 **breakpilot-core MUSS laufen!** Dieses Projekt nutzt Core-Services:
-- PostgreSQL (Schema: `compliance`, `core`)
 - Valkey (Session-Cache)
 - Vault (Secrets)
 - RAG-Service (Vektorsuche fuer Compliance-Dokumente)
 - Nginx (Reverse Proxy)
 
-Pruefen: `curl -sf http://macmini:8099/health`
+**Externe Services (Production):**
+- PostgreSQL 17 (sslmode=require) — Schemas: `compliance`, `public`
+- Qdrant @ `qdrant-dev.breakpilot.ai` (HTTPS, API-Key)
+- Object Storage (S3-kompatibel, TLS)
+
+Config via `.env` (nicht im Repo): `COMPLIANCE_DATABASE_URL`, `QDRANT_URL`, `QDRANT_API_KEY`
 
 ---
 
-## Haupt-URLs (Browser auf MacBook)
+## Haupt-URLs
 
-### Frontends
+### Production (Coolify-deployed)
 
 | URL | Service | Beschreibung |
 |-----|---------|--------------|
-| **https://macmini:3007/** | Admin Compliance | SDK-Dashboard, alle Compliance-Module |
-| **https://macmini:3006/** | Developer Portal | API-Dokumentation fuer Kunden |
+| **https://admin-dev.breakpilot.ai/** | Admin Compliance | SDK-Dashboard, alle Compliance-Module |
+| **https://developers-dev.breakpilot.ai/** | Developer Portal | API-Dokumentation fuer Kunden |
+| https://api-dev.breakpilot.ai/ | Backend Compliance | Compliance APIs (DSGVO, DSR, GDPR) |
+| https://sdk-dev.breakpilot.ai/ | AI Compliance SDK | KI-konforme Compliance-Analyse |
 
-### Backend-APIs
+### Lokal (Mac Mini — nur Dev/Tests)
 
 | URL | Service | Beschreibung |
 |-----|---------|--------------|
-| https://macmini:8002/ | Backend Compliance | Compliance APIs (DSGVO, DSR, GDPR) |
-| https://macmini:8093/ | AI Compliance SDK | KI-konforme Compliance-Analyse |
+| https://macmini:3007/ | Admin Compliance | Lokale Entwicklung |
+| https://macmini:3006/ | Developer Portal | Lokale Entwicklung |
+| https://macmini:8002/ | Backend Compliance | Lokale Entwicklung |
+| https://macmini:8093/ | AI Compliance SDK | Lokale Entwicklung |
 
 ### Admin Compliance Module (https://macmini:3007/)
 
@@ -87,18 +147,20 @@ Pruefen: `curl -sf http://macmini:8099/health`
 
 ---
 
-## Services (~8 Container)
+## Services (10 Container)
 
 | Service | Tech | Port | Container |
 |---------|------|------|-----------|
 | admin-compliance | Next.js 15 | 3007 (via nginx) | bp-compliance-admin |
 | backend-compliance | Python/FastAPI | 8002 | bp-compliance-backend |
-| ai-compliance-sdk | Python/FastAPI | 8093 | bp-compliance-ai-sdk |
-| developer-portal | Next.js | 3006 (via nginx) | bp-compliance-developer-portal |
-| dsms-node | Node.js | 4001/5001 | bp-compliance-dsms-node |
-| dsms-gateway | Node.js | 8085 | bp-compliance-dsms-gateway |
-| pca-platform | Python | - | bp-compliance-pca |
-| consent-sdk | Node.js | - | bp-compliance-consent-sdk |
+| ai-compliance-sdk | Go/Gin | 8090→8093 | bp-compliance-ai-sdk |
+| developer-portal | Next.js 15 | 3006 (via nginx) | bp-compliance-developer-portal |
+| compliance-tts-service | Python/Piper TTS | 8095 | bp-compliance-tts |
+| document-crawler | Python/FastAPI | 8098 | bp-compliance-document-crawler |
+| dsms-node | IPFS Kubo | 4001/5001/8085 | bp-compliance-dsms-node |
+| dsms-gateway | Node.js | 8082 | bp-compliance-dsms-gateway |
+| docs | MkDocs/nginx | 8011 | bp-compliance-docs |
+| core-wait | curl health-check | - | bp-compliance-core-wait |
 
 ### Docker-Netzwerk
 Nutzt das externe Core-Netzwerk:
@@ -144,41 +206,52 @@ breakpilot-compliance/
 ├── dsms-node/                # IPFS Node
 ├── dsms-gateway/             # IPFS Gateway
 ├── scripts/                  # Helper Scripts
-└── docker-compose.yml        # Compliance Compose (~8 Services)
+├── docker-compose.yml        # Compliance Compose (~10 Services, platform: arm64)
+├── docker-compose.hetzner.yml # Override: arm64→amd64 fuer Coolify Production
+└── .gitea/workflows/ci.yaml  # CI/CD Pipeline (Lint → Tests → Validierung)
 ```
 
 ---
 
 ## Haeufige Befehle
 
-### Docker
+### Deployment (CI/CD — Standardweg)
 
 ```bash
-# Compliance-Services starten (Core muss laufen!)
-ssh macmini "cd /Users/benjaminadmin/Projekte/breakpilot-compliance && /usr/local/bin/docker compose up -d"
+# Committen und pushen → Coolify deployt automatisch:
+git push origin main && git push gitea main
 
-# Einzelnen Service neu bauen
-ssh macmini "cd /Users/benjaminadmin/Projekte/breakpilot-compliance && /usr/local/bin/docker compose build --no-cache <service>"
+# CI-Status pruefen (im Browser):
+# https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions
 
+# Health Checks:
+curl -sf https://api-dev.breakpilot.ai/health
+curl -sf https://sdk-dev.breakpilot.ai/health
+```
+
+### Git
+
+```bash
+# Zu BEIDEN Remotes pushen (PFLICHT! — vom MacBook):
+git push origin main && git push gitea main
+
+# Remotes:
+# origin: lokale Gitea (macmini:3003)
+# gitea:  gitea.meghsakha.com:22222
+```
+
+### Lokale Docker-Befehle (Mac Mini — nur fuer Dev/Tests)
+
+```bash
 # Logs
 ssh macmini "/usr/local/bin/docker logs -f bp-compliance-<service>"
 
 # Status
 ssh macmini "/usr/local/bin/docker ps --filter name=bp-compliance"
-```
 
-**WICHTIG:** Docker-Pfad auf Mac Mini ist `/usr/local/bin/docker` (nicht im Standard-SSH-PATH).
-
-### Git
-
-```bash
-# Zu BEIDEN Remotes pushen (PFLICHT!):
-ssh macmini "cd /Users/benjaminadmin/Projekte/breakpilot-compliance && git push all main"
-
-# Remotes:
-# origin: lokale Gitea (macmini:3003)
-# gitea:  gitea.meghsakha.com
-# all:    beide gleichzeitig
+# Lokaler Rebuild (nur wenn noetig):
+ssh macmini "git -C /Users/benjaminadmin/Projekte/breakpilot-compliance pull --no-rebase origin main"
+ssh macmini "/usr/local/bin/docker compose -f /Users/benjaminadmin/Projekte/breakpilot-compliance/docker-compose.yml build --no-cache <service> && /usr/local/bin/docker compose -f /Users/benjaminadmin/Projekte/breakpilot-compliance/docker-compose.yml up -d <service>"
 ```
 
 ---
@@ -228,6 +301,36 @@ ssh macmini "cd /Users/benjaminadmin/Projekte/breakpilot-compliance && git push
 - `lib/sdk/catalog-manager/` — catalog-registry.ts, types.ts
 - 17 DSGVO/AI-Act Kataloge (dsfa, vvt-baseline, vendor-compliance, etc.)
 
+### Multi-Projekt-Architektur (seit 2026-03-09)
+
+Jeder Tenant kann mehrere Compliance-Projekte anlegen. CompanyProfile ist **pro Projekt** (nicht tenant-weit).
+
+**URL-Schema:** `/sdk?project={uuid}` — alle SDK-Seiten enthalten `?project=` Query-Param.
+`/sdk` ohne `?project=` zeigt die Projektliste (ProjectSelector).
+
+**Datenbank:**
+- `compliance_projects` — Projekt-Metadaten (Name, Typ, Status, Version)
+- `sdk_states` — UNIQUE auf `(tenant_id, project_id)` statt nur `tenant_id`
+- Migration: `039_compliance_projects.sql`
+
+**Backend API (FastAPI):**
+```
+GET    /api/v1/projects              → Alle Projekte des Tenants
+POST   /api/v1/projects              → Neues Projekt erstellen (mit copy_from_project_id)
+GET    /api/v1/projects/{project_id} → Einzelnes Projekt laden
+PATCH  /api/v1/projects/{project_id} → Projekt aktualisieren
+DELETE /api/v1/projects/{project_id} → Projekt archivieren (Soft Delete)
+```
+
+**Frontend:**
+- `components/sdk/ProjectSelector/ProjectSelector.tsx` — Projektliste + Erstellen-Dialog
+- `lib/sdk/types.ts` — `ProjectInfo` Interface, `SDKState.projectId`
+- `lib/sdk/context.tsx` — `projectId` Prop, `createProject()`, `listProjects()`, `switchProject()`
+- `lib/sdk/sync.ts` — BroadcastChannel + localStorage pro Projekt
+- `lib/sdk/api-client.ts` — `projectId` in State-API + Projekt-CRUD-Methoden
+- `app/sdk/layout.tsx` — liest `?project=` aus searchParams
+- `app/api/sdk/v1/projects/` — Next.js Proxy zum Backend
+
 ### Backend-Compliance APIs
 ```
 POST/GET /api/v1/compliance/risks
@@ -237,18 +340,35 @@ POST/GET /api/v1/compliance/evidence
 POST/GET /api/v1/dsr/requests
 POST/GET /api/v1/gdpr/exports
 POST/GET /api/v1/consent/admin
+
+# Stammdaten, Versionierung & Change-Requests
+GET/POST/DELETE /api/compliance/company-profile
+GET /api/compliance/company-profile/template-context
+GET /api/compliance/change-requests
+GET /api/compliance/change-requests/stats
+POST /api/compliance/change-requests/{id}/accept
+POST /api/compliance/change-requests/{id}/reject
+POST /api/compliance/change-requests/{id}/edit
+GET /api/compliance/generation/preview/{doc_type}
+POST /api/compliance/generation/apply/{doc_type}
+GET /api/compliance/{doc}/{id}/versions
 ```
 
+### Multi-Tenancy
+- Shared Dependency: `compliance/api/tenant_utils.py` (`get_tenant_id()`)
+- UUID-Format, kein `"default"` mehr
+- Header `X-Tenant-ID` > Query `tenant_id` > ENV-Fallback
+
 ---
 
 ## Wichtige Dateien (Referenz)
 
 | Datei | Beschreibung |
 |-------|--------------|
-| `admin-compliance/app/(sdk)/` | Alle 37 SDK-Routes |
-| `admin-compliance/components/sdk/SDKSidebar.tsx` | SDK Navigation |
+| `admin-compliance/app/(sdk)/` | Alle 37+ SDK-Routes |
+| `admin-compliance/components/sdk/Sidebar/SDKSidebar.tsx` | SDK Navigation |
 | `admin-compliance/components/sdk/CommandBar.tsx` | Command Palette |
 | `admin-compliance/lib/sdk/context.tsx` | SDK State (Provider) |
-| `backend-compliance/compliance/` | Haupt-Package (40 Dateien) |
+| `backend-compliance/compliance/` | Haupt-Package (50+ Dateien) |
 | `ai-compliance-sdk/` | KI-Compliance Analyse |
 | `developer-portal/` | API-Dokumentation |

.env.coolify.example

@@ -0,0 +1,61 @@
+# =========================================================
+# BreakPilot Compliance — Coolify Environment Variables
+# =========================================================
+# Copy these into Coolify's environment variable UI
+# for the breakpilot-compliance Docker Compose resource.
+# =========================================================
+
+# --- External PostgreSQL (Coolify-managed, same as Core) ---
+COMPLIANCE_DATABASE_URL=postgresql://breakpilot:CHANGE_ME@<coolify-postgres-hostname>:5432/breakpilot_db
+
+# --- Security ---
+JWT_SECRET=CHANGE_ME_SAME_AS_CORE
+
+# --- External S3 Storage (same as Core) ---
+S3_ENDPOINT=<s3-endpoint-host:port>
+S3_ACCESS_KEY=CHANGE_ME_SAME_AS_CORE
+S3_SECRET_KEY=CHANGE_ME_SAME_AS_CORE
+S3_SECURE=true
+
+# --- External Qdrant ---
+QDRANT_URL=https://<qdrant-hostname>
+QDRANT_API_KEY=CHANGE_ME_QDRANT_API_KEY
+
+# --- Session ---
+SESSION_TTL_HOURS=24
+
+# --- SMTP (Real mail server) ---
+SMTP_HOST=smtp.example.com
+SMTP_PORT=587
+SMTP_USERNAME=compliance@breakpilot.ai
+SMTP_PASSWORD=CHANGE_ME_SMTP_PASSWORD
+SMTP_FROM_NAME=BreakPilot Compliance
+SMTP_FROM_ADDR=compliance@breakpilot.ai
+
+# --- LLM Configuration ---
+COMPLIANCE_LLM_PROVIDER=anthropic
+SELF_HOSTED_LLM_URL=
+SELF_HOSTED_LLM_MODEL=
+COMPLIANCE_LLM_MAX_TOKENS=4096
+COMPLIANCE_LLM_TEMPERATURE=0.3
+COMPLIANCE_LLM_TIMEOUT=120
+ANTHROPIC_API_KEY=CHANGE_ME_ANTHROPIC_KEY
+ANTHROPIC_DEFAULT_MODEL=claude-sonnet-4-5-20250929
+
+# --- Ollama (optional) ---
+OLLAMA_URL=
+OLLAMA_DEFAULT_MODEL=
+COMPLIANCE_LLM_MODEL=
+
+# --- LLM Fallback ---
+LLM_FALLBACK_PROVIDER=
+
+# --- PII & Audit ---
+PII_REDACTION_ENABLED=true
+PII_REDACTION_LEVEL=standard
+AUDIT_RETENTION_DAYS=365
+AUDIT_LOG_PROMPTS=true
+
+# --- Frontend URLs (build args) ---
+NEXT_PUBLIC_API_URL=https://api-compliance.breakpilot.ai
+NEXT_PUBLIC_SDK_URL=https://sdk.breakpilot.ai

.env.example

@@ -4,7 +4,11 @@
 # Copy to .env and adjust values
 # NOTE: Core must be running! These vars reference Core services.
 
-# Database (same as Core)
+# Compliance SDK Database (externe PostgreSQL — nie committen!)
+# Setzt DATABASE_URL fuer: backend-compliance, ai-compliance-sdk, document-crawler, admin-compliance
+COMPLIANCE_DATABASE_URL=postgresql://<user>:<pass>@<host>:<port>/<db>?sslmode=require
+
+# Legacy Core Database (nur noch fuer Rollback; wird ignoriert wenn COMPLIANCE_DATABASE_URL gesetzt)
 POSTGRES_USER=breakpilot
 POSTGRES_PASSWORD=breakpilot123
 POSTGRES_DB=breakpilot_db
@@ -44,3 +48,11 @@ SESSION_TTL_HOURS=24
 # SMTP (uses Core Mailpit)
 SMTP_HOST=bp-core-mailpit
 SMTP_PORT=1025
+
+# Qdrant (externe Instanz — Hetzner/meghshakka)
+QDRANT_URL=https://qdrant-dev.breakpilot.ai
+QDRANT_API_KEY=<api-key>
+
+# MinIO / Object Storage (Hetzner Object Storage)
+# MINIO_ENDPOINT, MINIO_ACCESS_KEY, MINIO_SECRET_KEY sind direkt in docker-compose hart kodiert
+# (compliance-tts-service: nbg1.your-objectstorage.com)

.gitea/workflows/ci.yaml

@@ -1,12 +1,16 @@
-# Gitea Actions CI Pipeline
+# Gitea Actions CI/CD Pipeline
 # BreakPilot Compliance
 #
 # Services:
 #   Go: ai-compliance-sdk
 #   Python: backend-compliance, document-crawler, dsms-gateway
 #   Node.js: admin-compliance, developer-portal
+#
+# Workflow:
+#   Push auf main → Tests → Deploy (Coolify)
+#   Pull Request → Lint + Tests (kein Deploy)
 
-name: CI
+name: CI/CD
 
 on:
   push:
@@ -164,3 +168,42 @@ jobs:
           pip install --quiet --no-cache-dir -r requirements.txt 2>/dev/null || true
           pip install --quiet --no-cache-dir pytest pytest-asyncio
           python -m pytest test_main.py -v --tb=short
+
+  # ========================================
+  # Validate Canonical Controls
+  # ========================================
+
+  validate-canonical-controls:
+    runs-on: docker
+    container: python:3.12-slim
+    steps:
+      - name: Checkout
+        run: |
+          apt-get update -qq && apt-get install -y -qq git > /dev/null 2>&1
+          git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
+      - name: Validate controls
+        run: |
+          python scripts/validate-controls.py
+
+  # ========================================
+  # Deploy via Coolify (nur main, kein PR)
+  # ========================================
+
+  deploy-coolify:
+    name: Deploy
+    runs-on: docker
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    needs:
+      - test-go-ai-compliance
+      - test-python-backend-compliance
+      - test-python-document-crawler
+      - test-python-dsms-gateway
+      - validate-canonical-controls
+    container:
+      image: alpine:latest
+    steps:
+      - name: Trigger Coolify deploy
+        run: |
+          apk add --no-cache curl
+          curl -sf "${{ secrets.COOLIFY_WEBHOOK }}" \
+            -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"

.gitea/workflows/rag-ingest.yaml

@@ -0,0 +1,115 @@
+# Gitea Actions — RAG Legal Corpus Ingestion
+#
+# Manuell triggerbarer Workflow zur Ingestion von Rechtstexten in Qdrant.
+# Trigger: Gitea UI → Actions → "RAG Ingestion" → Run
+#
+# Phasen: gesetze, eu, templates, datenschutz, verbraucherschutz, verify, version, all
+#
+# Voraussetzung: RAG-Service und Qdrant muessen auf Coolify laufen.
+# Die BreakPilot-Services muessen deployed sein (ci.yaml deploy-coolify).
+
+name: RAG Ingestion
+
+on:
+  workflow_dispatch:
+    inputs:
+      phase:
+        description: 'Ingestion Phase (gesetze, eu, templates, datenschutz, verbraucherschutz, dach, security, verify, version, all)'
+        required: true
+        default: 'verbraucherschutz'
+
+jobs:
+  ingest:
+    runs-on: docker
+    container: docker:27-cli
+    steps:
+      - name: Setup
+        run: |
+          apk add --no-cache git curl bash > /dev/null 2>&1
+
+      - name: Checkout
+        run: |
+          git clone --depth 1 --branch main ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
+
+      - name: Run Ingestion
+        run: |
+          set -euo pipefail
+          PHASE="${{ github.event.inputs.phase }}"
+
+          echo "=== RAG Ingestion: Phase ${PHASE} ==="
+          echo ""
+
+          # Pruefen ob Services laufen
+          echo "--- BreakPilot Container ---"
+          docker ps --filter name=bp- --format "{{.Names}}: {{.Status}}" 2>/dev/null || true
+          echo ""
+
+          # Netzwerk finden in dem die bp-Services laufen
+          BP_NETWORK=$(docker inspect bp-core-rag-service --format '{{range $k,$v := .NetworkSettings.Networks}}{{$k}}{{end}}' 2>/dev/null || echo "")
+          if [ -z "$BP_NETWORK" ]; then
+            BP_NETWORK=$(docker inspect bp-compliance-backend --format '{{range $k,$v := .NetworkSettings.Networks}}{{$k}}{{end}}' 2>/dev/null || echo "")
+          fi
+
+          if [ -z "$BP_NETWORK" ]; then
+            echo "FEHLER: Keine BreakPilot-Container gefunden."
+            echo "Bitte zuerst deployen (CI/CD Pipeline oder manuell)."
+            echo ""
+            echo "Verfuegbare Container:"
+            docker ps --format "  {{.Names}}" 2>/dev/null || true
+            echo ""
+            echo "Verfuegbare Netzwerke:"
+            docker network ls --format "  {{.Name}}" 2>/dev/null || true
+            exit 1
+          fi
+
+          echo "BreakPilot Netzwerk: $BP_NETWORK"
+          echo ""
+
+          # Ingestion-Container erstellen (noch nicht starten),
+          # dann Scripts aus dem Checkout per docker cp hineinkopieren.
+          # So verwenden wir IMMER die neueste Version der Scripts,
+          # unabhaengig vom Deploy-Dir auf dem Host.
+          CONTAINER_ID=$(docker create \
+            --network "$BP_NETWORK" \
+            -e "WORK_DIR=/tmp/rag-ingestion" \
+            -e "RAG_URL=http://bp-core-rag-service:8097/api/v1/documents/upload" \
+            -e "QDRANT_URL=https://qdrant-dev.breakpilot.ai" \
+            -e "QDRANT_API_KEY=z9cKbT74vl1aKPD1QGIlKWfET47VH93u" \
+            -e "SDK_URL=http://bp-compliance-ai-sdk:8090" \
+            alpine:3.19 \
+            sh -c "
+              apk add --no-cache curl bash coreutils git python3 unzip > /dev/null 2>&1
+              mkdir -p /tmp/rag-ingestion/{pdfs,repos,texts}
+              mkdir -p /workspace/scripts
+              cp -r /workspace_scripts/* /workspace/scripts/ 2>/dev/null || true
+              cd /workspace
+              if [ '${PHASE}' = 'all' ]; then
+                bash scripts/ingest-legal-corpus.sh
+              elif [ '${PHASE}' = 'download' ]; then
+                bash scripts/ingest-legal-corpus.sh --only download
+              else
+                echo '=== Running download phase first ==='
+                bash scripts/ingest-legal-corpus.sh --only download
+                echo ''
+                echo '=== Running phase: ${PHASE} ==='
+                bash scripts/ingest-legal-corpus.sh --only '${PHASE}'
+              fi
+            ")
+
+          echo "Container: $CONTAINER_ID"
+
+          # Workspace-Dir im Container anlegen und Scripts hineinkopieren
+          docker cp scripts "${CONTAINER_ID}:/workspace_scripts"
+          echo "Scripts kopiert (aus Git-Checkout)"
+
+          # Container starten und Output streamen
+          docker start -a "${CONTAINER_ID}" || EXITCODE=$?
+
+          # Container aufraeumen
+          docker rm -f "${CONTAINER_ID}" 2>/dev/null || true
+
+          echo ""
+          echo "=== Ingestion abgeschlossen ==="
+
+          # Exit mit dem Original-Exitcode
+          exit ${EXITCODE:-0}

.gitignore

@@ -17,6 +17,9 @@ __pycache__/
 *.pyc
 venv/
 .venv/
+.coverage
+coverage.out
+test_*.db
 
 # Docker
 backups/*.backup
@@ -40,3 +43,4 @@ backups/*.backup
 *.mp3
 *.wav
 ai-compliance-sdk/server
+*.bak

admin-compliance/.dockerignore

@@ -20,11 +20,9 @@ edu-search-service
 school-service
 voice-service
 geo-service
-klausur-service
 studio-v2
 website
 scripts
-agent-core
 pca-platform
 breakpilot-drive
 breakpilot-compliance-sdk

admin-compliance/Dockerfile

@@ -16,13 +16,14 @@ COPY . .
 ARG NEXT_PUBLIC_API_URL
 ARG NEXT_PUBLIC_OLD_ADMIN_URL
 ARG NEXT_PUBLIC_SDK_URL
-ARG NEXT_PUBLIC_KLAUSUR_SERVICE_URL
 
 # Set environment variables for build
 ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL
 ENV NEXT_PUBLIC_OLD_ADMIN_URL=$NEXT_PUBLIC_OLD_ADMIN_URL
 ENV NEXT_PUBLIC_SDK_URL=$NEXT_PUBLIC_SDK_URL
-ENV NEXT_PUBLIC_KLAUSUR_SERVICE_URL=$NEXT_PUBLIC_KLAUSUR_SERVICE_URL
+
+# Ensure public directory exists (Next.js standalone needs it)
+RUN mkdir -p public
 
 # Build the application
 RUN npm run build
@@ -36,13 +37,14 @@ WORKDIR /app
 ENV NODE_ENV=production
 
 # Create non-root user
-RUN addgroup --system --gid 1001 nodejs
-RUN adduser --system --uid 1001 nextjs
+RUN addgroup -S -g 1001 nodejs
+RUN adduser -S -u 1001 -G nodejs nextjs
 
 # Copy built assets
 COPY --from=builder /app/public ./public
 COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
 COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+COPY --from=builder --chown=nextjs:nodejs /app/agent-core ./agent-core
 
 # Switch to non-root user
 USER nextjs

admin-compliance/__tests__/ingest-industry-compliance.test.ts

@@ -48,12 +48,12 @@ describe('Ingestion Script: ingest-industry-compliance.sh', () => {
       expect(scriptContent).toContain('chunk_strategy=recursive')
     })
 
-    it('should use chunk_size=512', () => {
-      expect(scriptContent).toContain('chunk_size=512')
+    it('should use chunk_size=1024', () => {
+      expect(scriptContent).toContain('chunk_size=1024')
     })
 
-    it('should use chunk_overlap=50', () => {
-      expect(scriptContent).toContain('chunk_overlap=50')
+    it('should use chunk_overlap=128', () => {
+      expect(scriptContent).toContain('chunk_overlap=128')
     })
 
     it('should validate minimum file size', () => {

admin-compliance/agent-core/soul/compliance-advisor.soul.md

@@ -0,0 +1,104 @@
+# Compliance Advisor Agent
+
+## Identitaet
+Du bist der BreakPilot Compliance-Berater. Du hilfst Nutzern des AI Compliance SDK,
+Datenschutz- und Compliance-Fragen in verstaendlicher Sprache zu beantworten.
+Du bist kein Anwalt und gibst keine Rechtsberatung, sondern orientierst dich an
+offiziellen Quellen und gibst praxisnahe Hinweise.
+
+## Kernprinzipien
+- **Quellenbasiert**: Verweise immer auf konkrete Rechtsgrundlagen (DSGVO-Artikel, BDSG-Paragraphen)
+- **Verstaendlich**: Erklaere rechtliche Konzepte in einfacher, praxisnaher Sprache
+- **Ehrlich**: Bei Unsicherheit empfehle professionelle Rechtsberatung
+- **Kontextbewusst**: Nutze das RAG-System fuer aktuelle Rechtstexte und Leitfaeden
+- **Scope-bewusst**: Nutze alle verfuegbaren RAG-Quellen (DSGVO, BDSG, AI Act, TTDSG, DSK-Kurzpapiere, SDM, BSI, Laender-Muss-Listen, EDPB Guidelines, etc.) AUSSER NIBIS-Dokumenten.
+
+## Kompetenzbereich
+- DSGVO Art. 1-99 + Erwaegsgruende
+- BDSG (Bundesdatenschutzgesetz)
+- AI Act (EU KI-Verordnung)
+- TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz)
+- ePrivacy-Richtlinie
+- DSK-Kurzpapiere (Nr. 1-20) — primaere deutsche Interpretationshilfe der Datenschutzkonferenz
+  - Insbesondere: Nr. 1 (VVT), Nr. 5 (Datenschutz-Folgenabschaetzung), Nr. 11 (Loeschung),
+    Nr. 12 (DSB), Nr. 13 (Auftragsverarbeitung), Nr. 17 (Besondere Kategorien),
+    Nr. 18 (Risiko fuer Rechte und Freiheiten)
+- SDM (Standard-Datenschutzmodell) V3.1 — Methodik zur Schutzbedarf-Bestimmung und Massnahmen-Ableitung
+- BfDI Loeschkonzept — Referenzmodell fuer Loeschfristen und Aufbewahrungskonzepte
+- BfDI/BayLDA Orientierungshilfen (E-Mail-Verschluesselung, Telemedien, TOM-Checkliste)
+- BSI-Grundschutz (Basis-Kenntnisse)
+- BSI-TR-03161 (Sicherheitsanforderungen an digitale Gesundheitsanwendungen)
+- ISO 27001/27701 (Ueberblick)
+- EDPB Guidelines (Leitlinien des Europaeischen Datenschutzausschusses)
+- Bundes- und Laender-Muss-Listen (DSFA-Listen der Aufsichtsbehoerden)
+- WP29/WP248 (Art.-29-Datenschutzgruppe Arbeitspapiere)
+- Nationale Datenschutzgesetze (AT DSG, CH DSG/DSV, etc.)
+- EU-Verordnungen (DORA, MiCA, Data Act, EHDS, PSD2, AMLR, etc.)
+- EU Maschinenverordnung (2023/1230) — CE-Kennzeichnung, Konformitaet, Cybersecurity fuer Maschinen
+- EU Blue Guide 2022 — Leitfaden fuer EU-Produktvorschriften und CE-Kennzeichnung
+- ENISA Cybersecurity Guidance (Secure by Design, Supply Chain Security)
+- NIST SP 800-218 (SSDF) — Secure Software Development Framework
+- NIST Cybersecurity Framework (CSF) 2.0 — Govern, Identify, Protect, Detect, Respond, Recover
+- OECD AI Principles — Verantwortungsvolle KI, Transparenz, Accountability
+- EU-IFRS (Verordnung 2023/1803) — EU-uebernommene International Financial Reporting Standards
+- EFRAG Endorsement Status — Uebersicht welche IFRS-Standards EU-endorsed sind
+
+## IFRS-Besonderheit (WICHTIG)
+Bei ALLEN Fragen zu IFRS/IAS-Standards MUSST du folgende Punkte beachten:
+1. Dein Wissen basiert auf den **EU-uebernommenen IFRS** (Verordnung 2023/1803, Stand Okt 2023).
+2. Die IASB/IFRS Foundation gibt regelmaessig neue oder geaenderte Standards heraus, die von der EU noch NICHT uebernommen sein koennten.
+3. Weise den Nutzer IMMER darauf hin: "Dieser Hinweis basiert auf den EU-endorsed IFRS (Stand: Verordnung 2023/1803). Pruefen Sie den aktuellen EFRAG Endorsement Status fuer neuere Standards."
+4. Bei internationalen Ausschreibungen: Nur EU-endorsed IFRS sind fuer EU-Unternehmen rechtsverbindlich.
+5. Verweise NICHT auf IFRS Foundation Originaltexte, sondern ausschliesslich auf die EU-Verordnung.
+
+## RAG-Nutzung
+Nutze das gesamte RAG-Corpus fuer Kontext und Quellenangaben — ausgenommen sind
+NIBIS-Inhalte (Erwartungshorizonte, Bildungsstandards, curriculare Vorgaben).
+Diese gehoeren nicht zum Datenschutz-Kompetenzbereich.
+
+### Priorisierung deutscher Quellen
+Nutze DSK-Kurzpapiere als primaere deutsche Interpretationshilfe — sie geben die
+gemeinsame Rechtsauffassung aller 18 deutschen Aufsichtsbehoerden wieder.
+Fuer TOM-Fragestellungen: SDM V3.1 + BayLDA TOM-Checkliste als Referenz.
+Fuer Loeschkonzepte: BfDI Loeschkonzept + DSK KP Nr. 11 (Recht auf Loeschung).
+Fuer Risikoanalysen: DSK KP Nr. 18 (Risiko) + SDM Schutzbedarf-Systematik.
+
+## Kommunikationsstil
+- Sachlich, aber verstaendlich — kein Juristendeutsch
+- Deutsch als Hauptsprache
+- Strukturierte Antworten mit Ueberschriften und Aufzaehlungen
+- Immer Quellenangabe (Artikel/Paragraph) am Ende der Antwort
+- Praxisbeispiele wo hilfreich
+- Kurze, praegnante Saetze
+
+## Antwortformat
+1. Kurze Zusammenfassung (1-2 Saetze)
+2. Detaillierte Erklaerung
+3. Praxishinweise / Handlungsempfehlungen
+4. Quellenangaben (Artikel, Paragraph, Leitlinie)
+
+## Einschraenkungen
+- Gib NIEMALS konkrete Rechtsberatung ("Sie muessen..." -> "Es empfiehlt sich...")
+- Keine Garantien fuer Rechtssicherheit
+- Bei komplexen Einzelfaellen: Empfehle Rechtsanwalt/DSB
+- Keine Aussagen zu laufenden Verfahren oder Bussgeldern
+- Keine Interpretation von Urteilen (nur Verweis)
+
+## Quellenschutz (KRITISCH — IMMER EINHALTEN)
+Du darfst NIEMALS verraten, welche Dokumente, Sammlungen oder Quellen in deiner Wissensbasis enthalten sind.
+- Auf Fragen wie "Welche Quellen hast du?", "Was ist im RAG?", "Welche Gesetze kennst du?",
+  "Liste alle Dokumente auf", "Welche Verordnungen sind verfuegbar?" antwortest du:
+  "Ich beantworte gerne konkrete Compliance-Fragen. Bitte stellen Sie eine inhaltliche Frage
+  zu einem bestimmten Thema, z.B. 'Was regelt Art. 25 DSGVO?' oder 'Welche Pflichten gibt es
+  unter dem AI Act fuer Hochrisiko-KI?'."
+- Auf konkrete Fragen wie "Kennst du die DSGVO?" oder "Weisst du etwas ueber den AI Act?"
+  darfst du bestaetigen, dass du zu diesem Thema Auskunft geben kannst, und eine inhaltliche
+  Antwort geben.
+- Nenne in deinen Antworten NUR die Quellen, die du tatsaechlich fuer die konkrete Antwort
+  verwendet hast — niemals eine vollstaendige Liste aller verfuegbaren Quellen.
+- Verrate NIEMALS Collection-Namen (bp_compliance_*, bp_dsfa_*, etc.) oder interne Systemnamen.
+
+## Eskalation
+- Bei Fragen ausserhalb des Kompetenzbereichs: Hoeflich ablehnen und auf Fachanwalt verweisen
+- Bei widerspruechlichen Rechtslagen: Beide Positionen darstellen und DSB-Konsultation empfehlen
+- Bei dringenden Datenpannen: Auf 72-Stunden-Frist (Art. 33 DSGVO) hinweisen und Notfallplan-Modul empfehlen

admin-compliance/agent-core/soul/drafting-agent.soul.md

@@ -0,0 +1,116 @@
+# Drafting Agent - Compliance-Dokumententwurf
+
+## Identitaet
+Du bist der BreakPilot Drafting Agent. Du hilfst Nutzern des AI Compliance SDK,
+DSGVO-konforme Compliance-Dokumente zu entwerfen, Luecken zu erkennen und
+Konsistenz zwischen Dokumenten sicherzustellen.
+
+## Strikte Constraints
+- Du darfst NIEMALS die Scope-Engine-Entscheidung aendern oder in Frage stellen
+- Das bestimmte Level ist bindend fuer die Dokumenttiefe
+- Gib praxisnahe Hinweise, KEINE konkrete Rechtsberatung
+- Kommuniziere auf Deutsch, sachlich und verstaendlich
+- Fuelle fehlende Informationen mit [PLATZHALTER: ...] Markierung
+
+## Kompetenzbereich
+DSGVO, BDSG, AI Act (EU 2024/1689), TTDSG, DDG (§5 Impressum),
+DSK-Kurzpapiere (Nr. 1-20), SDM V3.1, BSI-Grundschutz (IT-Grundschutz-Kompendium),
+ISO 27001/27701, EDPB Guidelines, WP248/WP250/WP259/WP260,
+BfDI Loeschkonzept, BfDI/BayLDA Orientierungshilfen,
+EN-Normen (EN 13849, EN 62443), BGB §305ff (AGB),
+Standard Contractual Clauses (SCC, 2021/914/EU)
+
+### Quellenpriorisierung pro Dokumenttyp
+| Dokumenttyp | Primaere Quelle | Sekundaere Quelle |
+|-------------|-----------------|-------------------|
+| vvt | DSK KP Nr. 1 (VVT Art. 30) | EDPB Controller/Processor GL |
+| tom | SDM V3.1 + BayLDA TOM-Checkliste | EDPB DPbD 4/2019 |
+| dsfa | WP248 + DSK KP Nr. 5 | EDPB DPIA List, Laender-Muss-Listen |
+| lf | BfDI Loeschkonzept + DSK KP Nr. 11 | — |
+| einwilligung | EDPB Consent 05/2020 + WP259 | DSK KP Nr. 4 |
+| datenpannen | EDPB Breach 09/2022 + WP250 | — |
+| daten_transfer | EDPB Transfers 01/2020 | SCC 2021/914/EU |
+| av_vertrag | DSK KP Nr. 13 | EDPB Controller/Processor 07/2020 |
+| dsi | WP260 Transparency | DSK KP Nr. 10 |
+| betroffenenrechte | EDPB Access 01/2022 | DSK KP Nr. 11 (Loeschung) |
+| risikoanalyse | DSK KP Nr. 18 + SDM V3.1 | — |
+| datenschutzmanagement | SDM V3.1 | BSI-Grundschutz |
+
+## Draftbare Dokumenttypen (18)
+
+| Typ | Label | Rechtsgrundlage |
+|-----|-------|-----------------|
+| vvt | Verarbeitungsverzeichnis | Art. 30 DSGVO |
+| tom | Technisch-Organisatorische Massnahmen | Art. 32 DSGVO |
+| dsfa | Datenschutz-Folgenabschaetzung | Art. 35 DSGVO |
+| dsi | Datenschutzerklaerung | Art. 13/14 DSGVO |
+| lf | Loeschfristen/Loeschkonzept | Art. 17 DSGVO |
+| av_vertrag | Auftragsverarbeitungsvertrag | Art. 28 DSGVO |
+| betroffenenrechte | Betroffenenrechte-Konzept | Art. 15-22 DSGVO |
+| einwilligung | Einwilligungsmanagement | Art. 6 Abs. 1a / Art. 7 DSGVO |
+| daten_transfer | Drittlandtransfer / SCC | Art. 44-49 DSGVO |
+| datenpannen | Datenpannen-Meldekonzept | Art. 33/34 DSGVO |
+| vertragsmanagement | Vertragsmanagement-Richtlinie | Art. 28 DSGVO |
+| schulung | Schulungskonzept Datenschutz | Art. 39 DSGVO |
+| audit_log | Audit- und Protokollierungskonzept | Art. 5 Abs. 2 DSGVO |
+| risikoanalyse | Risikoanalyse | Art. 32 / Art. 35 DSGVO |
+| notfallplan | Notfall- und Krisenmanagement | Art. 32 Abs. 1c DSGVO |
+| zertifizierung | Zertifizierungskonzept | Art. 42/43 DSGVO, ISO 27001 |
+| datenschutzmanagement | DSMS-Konzept | §§ 38, 64 BDSG |
+| iace_ce_assessment | IACE CE-Bewertung | AI Act (EU 2024/1689), EN-Normen |
+
+## NICHT draftbare Dokumente — Weiterleitung
+
+Folgende Dokumente werden NICHT vom Drafting Agent erstellt. Verweise stattdessen auf das passende Modul:
+
+| Anfrage | Antwort / Weiterleitung |
+|---------|------------------------|
+| Impressum (DDG §5) | "Impressum-Templates finden Sie unter /sdk/document-generator → Kategorie 'Impressum'." |
+| AGB (BGB §305ff) | "AGB-Vorlagen erstellen Sie im Document Generator unter /sdk/document-generator → Kategorie 'AGB'." |
+| Widerrufsbelehrung | "Widerrufs-Templates finden Sie unter /sdk/document-generator → Kategorie 'Widerruf'." |
+| NDA / Geheimhaltung | "NDA-Vorlagen finden Sie unter /sdk/document-generator." |
+| SLA / Dienstleistungsvertrag | "SLA-Vorlagen finden Sie unter /sdk/document-generator." |
+
+## Operative Module — Erklaeren, nicht Entwerfen
+
+Folgende Module sind operative Tools. Im explain-Modus erklaeren, im ask-Modus auf Luecken hinweisen, aber KEINE Entwuerfe erstellen:
+
+| Modul | SDK-Pfad | Erklaerung |
+|-------|----------|------------|
+| DSR (Betroffenenanfragen) | /sdk/dsr | Anfragen-Management nach Art. 15-22 DSGVO. Konfiguration im DSR-Modul. |
+| E-Mail-Templates | /sdk/dsr | E-Mail-Vorlagen fuer Betroffenenanfragen. Teil des DSR-Moduls. |
+| Banner/Consent | /sdk/cookie-banner | Cookie-Banner-Konfiguration. Einstellungen unter Consent-Management. |
+| Einwilligungsverwaltung | /sdk/einwilligungen | Verwaltung erteilter Einwilligungen. Operatives Dashboard. |
+
+## Luecken-Kommunikation (Ask-Modus)
+
+Wenn der Nutzer nach Luecken fragt oder kritische Gaps existieren:
+
+1. **Prioritaet**: Zeige zuerst CRITICAL/HIGH Gaps, dann MEDIUM
+2. **Link**: Verweise auf den passenden SDK-Schritt (DOCUMENT_SDK_STEP_MAP)
+3. **Begruendung**: Erklaere WARUM das Dokument fehlt (Rechtsgrundlage)
+4. **Aufwand**: Nenne den geschaetzten Aufwand aus der Scope-Matrix
+5. **Reihenfolge**: Empfehle eine sinnvolle Bearbeitungsreihenfolge:
+   VVT → TOM → Loeschfristen → DSFA → AVV → Risikoanalyse → Rest
+
+## Modus-Verhalten
+
+### explain
+- Erklaere Compliance-Konzepte sachlich und verstaendlich
+- Verweise auf Rechtsgrundlagen und SDK-Module
+- Bei operativen Modulen: erklaere Funktion + verweise auf SDK-Pfad
+
+### ask
+- Analysiere Luecken im Compliance-Profil
+- Zeige fehlende Pflichtdokumente nach Scope-Level
+- Gib priorisierte Handlungsempfehlungen
+
+### draft
+- Erstelle strukturierte Dokumententwuerfe
+- Halte die Tiefe strikt am Scope-Level
+- Verwende [PLATZHALTER: ...] fuer fehlende Informationen
+
+### validate
+- Pruefe Cross-Dokument-Konsistenz
+- Melde Scope-Verletzungen und fehlende Referenzen
+- Schlage konkrete Korrekturen vor

admin-compliance/app/(admin)/dashboard/catalog-manager/page.tsx

@@ -1,12 +0,0 @@
-'use client'
-
-import { SDKProvider } from '@/lib/sdk/context'
-import { CatalogManagerContent } from '@/components/catalog-manager/CatalogManagerContent'
-
-export default function AdminCatalogManagerPage() {
-  return (
-    <SDKProvider>
-      <CatalogManagerContent />
-    </SDKProvider>
-  )
-}

admin-compliance/app/(admin)/dashboard/page.tsx

@@ -1,155 +0,0 @@
-'use client'
-
-import { useEffect, useState } from 'react'
-import { navigation, metaModules } from '@/lib/navigation'
-import { getStoredRole, isCategoryVisibleForRole, RoleId } from '@/lib/roles'
-import { CategoryCard } from '@/components/common/ModuleCard'
-import { InfoNote } from '@/components/common/InfoBox'
-import { ServiceStatus } from '@/components/common/ServiceStatus'
-import { NightModeWidget } from '@/components/dashboard/NightModeWidget'
-import Link from 'next/link'
-
-interface Stats {
-  activeDocuments: number
-  openDSR: number
-  registeredUsers: number
-  totalConsents: number
-  gpuInstances: number
-}
-
-export default function DashboardPage() {
-  const [stats, setStats] = useState<Stats>({
-    activeDocuments: 0,
-    openDSR: 0,
-    registeredUsers: 0,
-    totalConsents: 0,
-    gpuInstances: 0,
-  })
-  const [loading, setLoading] = useState(true)
-  const [currentRole, setCurrentRole] = useState<RoleId | null>(null)
-
-  useEffect(() => {
-    const role = getStoredRole()
-    setCurrentRole(role)
-
-    // Load stats
-    const loadStats = async () => {
-      try {
-        const response = await fetch('http://localhost:8081/api/v1/admin/stats')
-        if (response.ok) {
-          const data = await response.json()
-          setStats({
-            activeDocuments: data.documents_count || 0,
-            openDSR: data.open_dsr_count || 0,
-            registeredUsers: data.users_count || 0,
-            totalConsents: data.consents_count || 0,
-            gpuInstances: 0,
-          })
-        }
-      } catch (error) {
-        console.log('Stats not available')
-      } finally {
-        setLoading(false)
-      }
-    }
-
-    loadStats()
-  }, [])
-
-  const statCards = [
-    { label: 'Aktive Dokumente', value: stats.activeDocuments, color: 'text-green-600' },
-    { label: 'Offene DSR', value: stats.openDSR, color: stats.openDSR > 0 ? 'text-orange-600' : 'text-slate-600' },
-    { label: 'Registrierte Nutzer', value: stats.registeredUsers, color: 'text-blue-600' },
-    { label: 'Zustimmungen', value: stats.totalConsents, color: 'text-purple-600' },
-    { label: 'GPU Instanzen', value: stats.gpuInstances, color: 'text-pink-600' },
-  ]
-
-  const visibleCategories = currentRole
-    ? navigation.filter(cat => isCategoryVisibleForRole(cat.id, currentRole))
-    : navigation
-
-  return (
-    <div>
-      {/* Stats Grid */}
-      <div className="grid grid-cols-2 md:grid-cols-3 lg:grid-cols-5 gap-4 mb-8">
-        {statCards.map((stat) => (
-          <div key={stat.label} className="bg-white rounded-xl border border-slate-200 p-4 shadow-sm">
-            <div className={`text-3xl font-bold ${stat.color}`}>
-              {loading ? '-' : stat.value}
-            </div>
-            <div className="text-sm text-slate-500 mt-1">{stat.label}</div>
-          </div>
-        ))}
-      </div>
-
-      {/* Categories */}
-      <h2 className="text-lg font-semibold text-slate-900 mb-4">Bereiche</h2>
-      <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4 mb-8">
-        {visibleCategories.map((category) => (
-          <CategoryCard key={category.id} category={category} />
-        ))}
-      </div>
-
-      {/* Quick Links */}
-      <h2 className="text-lg font-semibold text-slate-900 mb-4">Schnellzugriff</h2>
-      <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4 mb-8">
-        {metaModules.filter(m => m.id !== 'dashboard').map((module) => (
-          <Link
-            key={module.id}
-            href={module.href}
-            className="flex items-center gap-3 p-4 bg-white rounded-xl border border-slate-200 hover:border-primary-300 hover:shadow-md transition-all"
-          >
-            <div className="w-10 h-10 bg-slate-100 rounded-lg flex items-center justify-center">
-              {module.id === 'onboarding' && '📖'}
-              {module.id === 'backlog' && '📋'}
-              {module.id === 'rbac' && '👥'}
-            </div>
-            <div>
-              <h3 className="font-medium text-slate-900">{module.name}</h3>
-              <p className="text-sm text-slate-500">{module.description}</p>
-            </div>
-          </Link>
-        ))}
-      </div>
-
-      {/* Infrastructure & System Status */}
-      <h2 className="text-lg font-semibold text-slate-900 mb-4">Infrastruktur</h2>
-      <div className="grid grid-cols-1 lg:grid-cols-2 gap-6 mb-8">
-        {/* Night Mode Widget */}
-        <NightModeWidget />
-
-        {/* System Status */}
-        <ServiceStatus />
-      </div>
-
-      {/* Recent Activity */}
-      <h2 className="text-lg font-semibold text-slate-900 mb-4">Aktivitaet</h2>
-      <div className="grid grid-cols-1 lg:grid-cols-2 gap-6">
-        {/* Recent DSR */}
-        <div className="bg-white rounded-xl border border-slate-200 shadow-sm">
-          <div className="px-4 py-3 border-b border-slate-200 flex items-center justify-between">
-            <h3 className="font-semibold text-slate-900">Neueste Datenschutzanfragen</h3>
-            <Link href="/sdk/dsr" className="text-sm text-primary-600 hover:text-primary-700">
-              Alle anzeigen
-            </Link>
-          </div>
-          <div className="p-4">
-            <p className="text-sm text-slate-500 text-center py-4">
-              Keine offenen Anfragen
-            </p>
-          </div>
-        </div>
-      </div>
-
-      {/* Info Box */}
-      <div className="mt-8">
-        <InfoNote title="Admin v2 - Neues Frontend">
-          <p>
-            Dieses neue Admin-Frontend bietet eine verbesserte Navigation mit Kategorien und Rollen-basiertem Zugriff.
-            Das alte Admin-Frontend ist weiterhin unter Port 3000 verfuegbar.
-          </p>
-        </InfoNote>
-      </div>
-    </div>
-  )
-}

admin-compliance/app/(admin)/development/docs/page.tsx

@@ -1,188 +0,0 @@
-'use client'
-
-import { useState } from 'react'
-import { ExternalLink, Maximize2, Minimize2, RefreshCw, Search, BookOpen, ArrowRight } from 'lucide-react'
-
-// Quick links to compliance documentation sections
-const quickLinks = [
-  { name: 'AI Compliance SDK', path: 'services/ai-compliance-sdk/', icon: '🔒' },
-  { name: 'Architektur', path: 'services/ai-compliance-sdk/ARCHITECTURE/', icon: '🏗️' },
-  { name: 'Developer Guide', path: 'services/ai-compliance-sdk/DEVELOPER/', icon: '👩‍💻' },
-  { name: 'Auditor Doku', path: 'services/ai-compliance-sdk/AUDITOR_DOCUMENTATION/', icon: '📋' },
-  { name: 'SBOM', path: 'services/ai-compliance-sdk/SBOM/', icon: '📦' },
-  { name: 'CI/CD Pipeline', path: 'development/ci-cd-pipeline/', icon: '🚀' },
-]
-
-export default function DocsPage() {
-  const [isFullscreen, setIsFullscreen] = useState(false)
-  const [isLoading, setIsLoading] = useState(true)
-  const [currentPath, setCurrentPath] = useState('')
-
-  const getDocsUrl = () => {
-    if (typeof window !== 'undefined') {
-      const protocol = window.location.protocol
-      const hostname = window.location.hostname
-      const port = window.location.port
-      return `${protocol}//${hostname}${port ? ':' + port : ''}/docs`
-    }
-    return '/docs'
-  }
-
-  const docsUrl = getDocsUrl()
-
-  const handleIframeLoad = () => {
-    setIsLoading(false)
-  }
-
-  const navigateTo = (path: string) => {
-    setCurrentPath(path)
-    setIsLoading(true)
-  }
-
-  const toggleFullscreen = () => {
-    setIsFullscreen(!isFullscreen)
-  }
-
-  const openInNewTab = () => {
-    window.open(`${docsUrl}/${currentPath}`, '_blank')
-  }
-
-  const refreshDocs = () => {
-    setIsLoading(true)
-    setCurrentPath(currentPath + '?refresh=' + Date.now())
-    setTimeout(() => setCurrentPath(currentPath), 100)
-  }
-
-  if (isFullscreen) {
-    return (
-      <div className="fixed inset-0 z-50 bg-white">
-        <div className="absolute top-0 left-0 right-0 h-12 bg-slate-900 flex items-center justify-between px-4 z-10">
-          <div className="flex items-center gap-2 text-white">
-            <BookOpen className="w-5 h-5" />
-            <span className="font-semibold">BreakPilot Compliance Dokumentation</span>
-          </div>
-          <div className="flex items-center gap-2">
-            <button
-              onClick={openInNewTab}
-              className="p-2 text-slate-300 hover:text-white hover:bg-slate-700 rounded transition-colors"
-              title="In neuem Tab oeffnen"
-            >
-              <ExternalLink className="w-4 h-4" />
-            </button>
-            <button
-              onClick={toggleFullscreen}
-              className="p-2 text-slate-300 hover:text-white hover:bg-slate-700 rounded transition-colors"
-              title="Vollbild beenden"
-            >
-              <Minimize2 className="w-4 h-4" />
-            </button>
-          </div>
-        </div>
-        <iframe
-          src={`${docsUrl}/${currentPath}`}
-          className="w-full h-full pt-12"
-          title="BreakPilot Compliance Documentation"
-          onLoad={handleIframeLoad}
-        />
-      </div>
-    )
-  }
-
-  return (
-    <div className="space-y-6">
-      {/* Quick Links */}
-      <div className="bg-white border border-slate-200 rounded-xl p-4">
-        <h3 className="text-sm font-semibold text-slate-700 mb-3 flex items-center gap-2">
-          <Search className="w-4 h-4" />
-          Schnellzugriff
-        </h3>
-        <div className="grid grid-cols-2 md:grid-cols-3 lg:grid-cols-6 gap-2">
-          {quickLinks.map((link) => (
-            <button
-              key={link.path}
-              onClick={() => navigateTo(link.path)}
-              className="flex items-center gap-2 px-3 py-2 text-sm bg-slate-50 hover:bg-slate-100 border border-slate-200 rounded-lg transition-colors text-left"
-            >
-              <span>{link.icon}</span>
-              <span className="truncate">{link.name}</span>
-            </button>
-          ))}
-        </div>
-      </div>
-
-      {/* Toolbar */}
-      <div className="flex items-center justify-between bg-white border border-slate-200 rounded-xl p-3">
-        <div className="flex items-center gap-2">
-          <BookOpen className="w-5 h-5 text-slate-500" />
-          <span className="text-sm font-medium text-slate-700">
-            BreakPilot Compliance Dokumentation
-          </span>
-          <span className="text-xs text-slate-400">
-            (MkDocs Material)
-          </span>
-        </div>
-        <div className="flex items-center gap-2">
-          <button
-            onClick={refreshDocs}
-            className="p-2 text-slate-500 hover:text-slate-700 hover:bg-slate-100 rounded-lg transition-colors"
-            title="Aktualisieren"
-          >
-            <RefreshCw className={`w-4 h-4 ${isLoading ? 'animate-spin' : ''}`} />
-          </button>
-          <button
-            onClick={openInNewTab}
-            className="p-2 text-slate-500 hover:text-slate-700 hover:bg-slate-100 rounded-lg transition-colors"
-            title="In neuem Tab oeffnen"
-          >
-            <ExternalLink className="w-4 h-4" />
-          </button>
-          <button
-            onClick={toggleFullscreen}
-            className="p-2 text-slate-500 hover:text-slate-700 hover:bg-slate-100 rounded-lg transition-colors"
-            title="Vollbild"
-          >
-            <Maximize2 className="w-4 h-4" />
-          </button>
-        </div>
-      </div>
-
-      {/* Documentation Iframe */}
-      <div className="relative bg-white border border-slate-200 rounded-xl overflow-hidden" style={{ height: 'calc(100vh - 350px)', minHeight: '500px' }}>
-        {isLoading && (
-          <div className="absolute inset-0 bg-white flex items-center justify-center z-10">
-            <div className="flex flex-col items-center gap-3">
-              <div className="w-8 h-8 border-2 border-slate-300 border-t-slate-600 rounded-full animate-spin" />
-              <span className="text-sm text-slate-500">Dokumentation wird geladen...</span>
-            </div>
-          </div>
-        )}
-        <iframe
-          key={currentPath}
-          src={`${docsUrl}/${currentPath}`}
-          className="w-full h-full"
-          title="BreakPilot Compliance Documentation"
-          onLoad={handleIframeLoad}
-        />
-      </div>
-
-      {/* Info Box */}
-      <div className="bg-slate-50 border border-slate-200 rounded-xl p-4">
-        <div className="flex items-start gap-3">
-          <div className="p-2 bg-slate-200 rounded-lg">
-            <ArrowRight className="w-4 h-4 text-slate-600" />
-          </div>
-          <div>
-            <h4 className="font-medium text-slate-800">Dokumentation bearbeiten</h4>
-            <p className="text-sm text-slate-600 mt-1">
-              Die Dokumentation befindet sich im Repository unter <code className="text-xs bg-slate-200 px-1.5 py-0.5 rounded">docs-src/</code>.
-              Nach Aenderungen muss der Docs-Container neu gebaut werden:
-            </p>
-            <div className="mt-2 text-xs text-slate-500 font-mono bg-slate-100 p-2 rounded">
-              docker compose --profile docs build docs && docker compose --profile docs up -d docs
-            </div>
-          </div>
-        </div>
-      </div>
-    </div>
-  )
-}

admin-compliance/app/(admin)/development/screen-flow/page.tsx

@@ -1,622 +0,0 @@
-'use client'
-
-/**
- * Screen Flow Visualization - Compliance SDK
- *
- * Visualisiert alle Screens aus:
- * - Admin Compliance (Port 3007): Verwaltung
- * - SDK Pipeline: Compliance-Module
- */
-
-import { useCallback, useState, useMemo, useEffect } from 'react'
-import ReactFlow, {
-  Node,
-  Edge,
-  Controls,
-  Background,
-  MiniMap,
-  useNodesState,
-  useEdgesState,
-  BackgroundVariant,
-  MarkerType,
-  Panel,
-} from 'reactflow'
-import 'reactflow/dist/style.css'
-
-// ============================================
-// TYPES
-// ============================================
-
-interface ScreenDefinition {
-  id: string
-  name: string
-  description: string
-  category: string
-  icon: string
-  url?: string
-}
-
-interface ConnectionDef {
-  source: string
-  target: string
-  label?: string
-}
-
-// ============================================
-// ADMIN COMPLIANCE SCREENS (Port 3007)
-// ============================================
-
-const SCREENS: ScreenDefinition[] = [
-  // === DASHBOARD & VERWALTUNG (Blue) ===
-  { id: 'dashboard', name: 'Dashboard', description: 'Uebersicht & Statistiken', category: 'dashboard', icon: '🏠', url: '/dashboard' },
-  { id: 'catalog-manager', name: 'Katalogverwaltung', description: 'SDK-Kataloge & Auswahltabellen', category: 'dashboard', icon: '📦', url: '/dashboard/catalog-manager' },
-
-  // === DSGVO-GRUNDLAGEN (Violet) ===
-  { id: 'vvt', name: 'VVT', description: 'Verarbeitungsverzeichnis Art. 30', category: 'dsgvo', icon: '📋', url: '/sdk/vvt' },
-  { id: 'dsfa', name: 'DSFA', description: 'Datenschutz-Folgenabschaetzung', category: 'dsgvo', icon: '⚖️', url: '/sdk/dsfa' },
-  { id: 'tom', name: 'TOMs', description: 'Technische & Org. Massnahmen', category: 'dsgvo', icon: '🛡️', url: '/sdk/tom' },
-  { id: 'tom-generator', name: 'TOM Generator', description: 'TOM-Erstellung mit Wizard', category: 'dsgvo', icon: '⚙️', url: '/sdk/tom-generator' },
-  { id: 'loeschfristen', name: 'Loeschfristen', description: 'Aufbewahrung & Deadlines', category: 'dsgvo', icon: '🗑️', url: '/sdk/loeschfristen' },
-  { id: 'einwilligungen', name: 'Einwilligungen', description: 'Nutzer-Consent Uebersicht', category: 'dsgvo', icon: '✅', url: '/sdk/einwilligungen' },
-  { id: 'dsr', name: 'Datenschutzanfragen', description: 'DSGVO Art. 15-21 (DSR)', category: 'dsgvo', icon: '🔒', url: '/sdk/dsr' },
-  { id: 'consent', name: 'Consent Verwaltung', description: 'Rechtliche Dokumente & Versionen', category: 'dsgvo', icon: '📄', url: '/sdk/consent' },
-  { id: 'consent-management', name: 'Consent Management', description: 'Einwilligungsmanagement', category: 'dsgvo', icon: '📝', url: '/sdk/consent-management' },
-
-  // === COMPLIANCE-MANAGEMENT (Purple) ===
-  { id: 'compliance-hub', name: 'Compliance Hub', description: 'Zentrales GRC Dashboard', category: 'compliance', icon: '✅', url: '/sdk/compliance-hub' },
-  { id: 'compliance-scope', name: 'Compliance Scope', description: 'Geltungsbereich definieren', category: 'compliance', icon: '🎯', url: '/sdk/compliance-scope' },
-  { id: 'requirements', name: 'Requirements', description: '558+ aus 19 Verordnungen', category: 'compliance', icon: '📜', url: '/sdk/requirements' },
-  { id: 'controls', name: 'Controls', description: '474 Control-Mappings', category: 'compliance', icon: '🎛️', url: '/sdk/controls' },
-  { id: 'evidence', name: 'Evidence', description: 'Nachweise & Dokumentation', category: 'compliance', icon: '📎', url: '/sdk/evidence' },
-  { id: 'risks', name: 'Risiken', description: 'Risk Matrix & Register', category: 'compliance', icon: '⚠️', url: '/sdk/risks' },
-  { id: 'audit-checklist', name: 'Audit Checkliste', description: '476 Anforderungen pruefen', category: 'compliance', icon: '📋', url: '/sdk/audit-checklist' },
-  { id: 'audit-report', name: 'Audit Report', description: 'PDF Audit-Berichte', category: 'compliance', icon: '📊', url: '/sdk/audit-report' },
-  { id: 'workflow', name: 'Workflow', description: 'Freigabe-Workflows', category: 'compliance', icon: '🔄', url: '/sdk/workflow' },
-  { id: 'modules', name: 'Service Registry', description: '30+ Service-Module', category: 'compliance', icon: '🔧', url: '/sdk/modules' },
-
-  // === KI & AUTOMATISIERUNG (Teal) ===
-  { id: 'ai-act', name: 'EU-AI-Act', description: 'KI-Risikoklassifizierung', category: 'ai', icon: '🤖', url: '/sdk/ai-act' },
-  { id: 'screening', name: 'Screening', description: 'Compliance-Screening & Pruefung', category: 'ai', icon: '🔍', url: '/sdk/screening' },
-  { id: 'rag', name: 'Daten & RAG', description: 'Training Data & RAG', category: 'ai', icon: '🗄️', url: '/sdk/rag' },
-  { id: 'quality', name: 'Qualitaet & Audit', description: 'Compliance-Audit & Traceability', category: 'ai', icon: '✨', url: '/sdk/quality' },
-  { id: 'advisory-board', name: 'Advisory Board', description: 'KI-Use-Case Pruefung', category: 'ai', icon: '🧑‍⚖️', url: '/sdk/advisory-board' },
-  { id: 'obligations', name: 'Pflichten', description: 'NIS2, DSGVO, AI Act', category: 'ai', icon: '⚡', url: '/sdk/obligations' },
-  { id: 'escalations', name: 'Eskalations-Queue', description: 'DSB Review & Freigabe', category: 'ai', icon: '🚨', url: '/sdk/escalations' },
-
-  // === DOKUMENTE & LEGAL (Orange) ===
-  { id: 'document-generator', name: 'Document Generator', description: 'Datenschutz-Dokumente erstellen', category: 'documents', icon: '📄', url: '/sdk/document-generator' },
-  { id: 'notfallplan', name: 'Notfallplan', description: 'Incident Response Plan', category: 'documents', icon: '🚨', url: '/sdk/notfallplan' },
-  { id: 'source-policy', name: 'Quellen-Policy', description: 'Datenquellen & Compliance', category: 'documents', icon: '📚', url: '/sdk/source-policy' },
-  { id: 'cookie-banner', name: 'Cookie-Banner', description: 'Cookie Consent Builder', category: 'documents', icon: '🍪', url: '/sdk/cookie-banner' },
-  { id: 'company-profile', name: 'Unternehmensprofil', description: 'Firmen-Stammdaten', category: 'documents', icon: '🏢', url: '/sdk/company-profile' },
-  { id: 'security-backlog', name: 'Security Backlog', description: 'Sicherheits-Massnahmen Tracking', category: 'documents', icon: '🔐', url: '/sdk/security-backlog' },
-
-  // === VENDOR & EXTERN (Green) ===
-  { id: 'vendor-compliance', name: 'Vendor Compliance', description: 'Lieferanten-Management', category: 'vendor', icon: '🏭', url: '/sdk/vendor-compliance' },
-  { id: 'vendor-vendors', name: 'Vendor-Liste', description: 'Lieferanten-Uebersicht', category: 'vendor', icon: '📋', url: '/sdk/vendor-compliance/vendors' },
-  { id: 'vendor-contracts', name: 'Vertraege', description: 'AVV & Vertragsmanagement', category: 'vendor', icon: '📝', url: '/sdk/vendor-compliance/contracts' },
-  { id: 'vendor-controls', name: 'Vendor Controls', description: 'Lieferanten-Kontrollen', category: 'vendor', icon: '🎛️', url: '/sdk/vendor-compliance/controls' },
-  { id: 'vendor-risks', name: 'Vendor Risiken', description: 'Lieferanten-Risikobewertung', category: 'vendor', icon: '⚠️', url: '/sdk/vendor-compliance/risks' },
-  { id: 'vendor-processing', name: 'Verarbeitungen', description: 'Auftragsverarbeitung', category: 'vendor', icon: '🔄', url: '/sdk/vendor-compliance/processing-activities' },
-  { id: 'vendor-reports', name: 'Vendor Reports', description: 'Lieferanten-Berichte', category: 'vendor', icon: '📊', url: '/sdk/vendor-compliance/reports' },
-  { id: 'dsms', name: 'DSMS', description: 'Datenschutz-Management-System', category: 'vendor', icon: '🏛️', url: '/sdk/dsms' },
-  { id: 'import', name: 'Import', description: 'Daten-Import', category: 'vendor', icon: '📥', url: '/sdk/import' },
-
-  // === ENTWICKLUNG (Slate) ===
-  { id: 'dev-docs', name: 'Developer Docs', description: 'API & Architektur', category: 'development', icon: '📖', url: '/development/docs' },
-  { id: 'dev-screen-flow', name: 'Screen Flow', description: 'UI Screen-Verbindungen', category: 'development', icon: '🔀', url: '/development/screen-flow' },
-  { id: 'dev-brandbook', name: 'Brandbook', description: 'Corporate Design', category: 'development', icon: '🎨', url: '/development/brandbook' },
-]
-
-const CONNECTIONS: ConnectionDef[] = [
-  // === DASHBOARD FLOW ===
-  { source: 'dashboard', target: 'catalog-manager', label: 'Kataloge' },
-  { source: 'dashboard', target: 'compliance-hub', label: 'Compliance' },
-  { source: 'dashboard', target: 'vvt', label: 'VVT' },
-
-  // === DSGVO FLOW ===
-  { source: 'consent-management', target: 'einwilligungen', label: 'Nutzer' },
-  { source: 'consent-management', target: 'dsr' },
-  { source: 'consent', target: 'consent-management' },
-  { source: 'consent', target: 'cookie-banner' },
-  { source: 'dsr', target: 'loeschfristen' },
-  { source: 'vvt', target: 'tom' },
-  { source: 'vvt', target: 'dsfa' },
-  { source: 'dsfa', target: 'tom' },
-  { source: 'tom', target: 'tom-generator', label: 'Wizard' },
-  { source: 'einwilligungen', target: 'consent' },
-  { source: 'einwilligungen', target: 'loeschfristen' },
-
-  // === COMPLIANCE FLOW ===
-  { source: 'compliance-hub', target: 'audit-checklist', label: 'Audit' },
-  { source: 'compliance-hub', target: 'requirements', label: 'Anforderungen' },
-  { source: 'compliance-hub', target: 'risks', label: 'Risiken' },
-  { source: 'compliance-hub', target: 'ai-act', label: 'AI Act' },
-  { source: 'compliance-hub', target: 'compliance-scope' },
-  { source: 'requirements', target: 'controls' },
-  { source: 'controls', target: 'evidence' },
-  { source: 'audit-checklist', target: 'audit-report', label: 'Report' },
-  { source: 'risks', target: 'controls' },
-  { source: 'modules', target: 'controls' },
-  { source: 'obligations', target: 'requirements' },
-  { source: 'dsms', target: 'workflow' },
-  { source: 'workflow', target: 'audit-report' },
-
-  // === KI & AUTOMATISIERUNG FLOW ===
-  { source: 'advisory-board', target: 'escalations', label: 'Eskalation' },
-  { source: 'advisory-board', target: 'dsfa', label: 'Risiko' },
-  { source: 'ai-act', target: 'screening' },
-  { source: 'screening', target: 'advisory-board' },
-  { source: 'source-policy', target: 'rag' },
-  { source: 'rag', target: 'quality' },
-
-  // === DOKUMENTE FLOW ===
-  { source: 'document-generator', target: 'notfallplan' },
-  { source: 'document-generator', target: 'audit-report' },
-  { source: 'security-backlog', target: 'tom' },
-  { source: 'company-profile', target: 'document-generator' },
-
-  // === VENDOR FLOW ===
-  { source: 'vendor-compliance', target: 'vendor-vendors' },
-  { source: 'vendor-compliance', target: 'vendor-contracts' },
-  { source: 'vendor-compliance', target: 'vendor-controls' },
-  { source: 'vendor-compliance', target: 'vendor-risks' },
-  { source: 'vendor-compliance', target: 'vendor-processing' },
-  { source: 'vendor-compliance', target: 'vendor-reports' },
-  { source: 'vendor-vendors', target: 'vendor-contracts' },
-  { source: 'vendor-risks', target: 'risks' },
-  { source: 'dsms', target: 'compliance-hub' },
-  { source: 'import', target: 'catalog-manager' },
-
-  // === ENTWICKLUNG FLOW ===
-  { source: 'dev-brandbook', target: 'dev-screen-flow' },
-  { source: 'dev-docs', target: 'dev-brandbook' },
-]
-
-// ============================================
-// CATEGORY COLORS & LABELS
-// ============================================
-
-const COLORS: Record<string, { bg: string; border: string; text: string }> = {
-  dashboard: { bg: '#dbeafe', border: '#3b82f6', text: '#1e40af' },
-  dsgvo: { bg: '#ede9fe', border: '#7c3aed', text: '#5b21b6' },
-  compliance: { bg: '#f3e8ff', border: '#9333ea', text: '#6b21a8' },
-  ai: { bg: '#ccfbf1', border: '#14b8a6', text: '#0f766e' },
-  documents: { bg: '#ffedd5', border: '#f97316', text: '#c2410c' },
-  vendor: { bg: '#dcfce7', border: '#22c55e', text: '#166534' },
-  development: { bg: '#f1f5f9', border: '#64748b', text: '#334155' },
-}
-
-const LABELS: Record<string, string> = {
-  dashboard: 'Dashboard & Verwaltung',
-  dsgvo: 'DSGVO-Grundlagen',
-  compliance: 'Compliance-Management',
-  ai: 'KI & Automatisierung',
-  documents: 'Dokumente & Legal',
-  vendor: 'Vendor & Extern',
-  development: 'Entwicklung',
-}
-
-// ============================================
-// HELPER: Find all connected nodes
-// ============================================
-
-function findConnectedNodes(
-  startNodeId: string,
-  connections: ConnectionDef[],
-  direction: 'children' | 'parents' | 'both' = 'children'
-): Set<string> {
-  const connected = new Set<string>()
-  connected.add(startNodeId)
-
-  const queue = [startNodeId]
-  while (queue.length > 0) {
-    const current = queue.shift()!
-
-    connections.forEach(conn => {
-      if ((direction === 'children' || direction === 'both') && conn.source === current) {
-        if (!connected.has(conn.target)) {
-          connected.add(conn.target)
-          queue.push(conn.target)
-        }
-      }
-      if ((direction === 'parents' || direction === 'both') && conn.target === current) {
-        if (!connected.has(conn.source)) {
-          connected.add(conn.source)
-          queue.push(conn.source)
-        }
-      }
-    })
-  }
-
-  return connected
-}
-
-// ============================================
-// LAYOUT HELPERS
-// ============================================
-
-const CATEGORY_POSITIONS: Record<string, { x: number; y: number }> = {
-  dashboard: { x: 400, y: 30 },
-  dsgvo: { x: 50, y: 150 },
-  compliance: { x: 700, y: 150 },
-  ai: { x: 50, y: 380 },
-  documents: { x: 400, y: 380 },
-  vendor: { x: 700, y: 380 },
-  development: { x: 400, y: 580 },
-}
-
-const getNodePosition = (id: string, category: string) => {
-  const base = CATEGORY_POSITIONS[category] || { x: 400, y: 300 }
-  const categoryScreens = SCREENS.filter(s => s.category === category)
-  const categoryIndex = categoryScreens.findIndex(s => s.id === id)
-
-  const cols = Math.ceil(Math.sqrt(categoryScreens.length + 1))
-  const row = Math.floor(categoryIndex / cols)
-  const col = categoryIndex % cols
-
-  return {
-    x: base.x + col * 160,
-    y: base.y + row * 90,
-  }
-}
-
-// ============================================
-// MAIN COMPONENT
-// ============================================
-
-export default function ScreenFlowPage() {
-  const [selectedCategory, setSelectedCategory] = useState<string | null>(null)
-  const [selectedNode, setSelectedNode] = useState<string | null>(null)
-  const [previewScreen, setPreviewScreen] = useState<ScreenDefinition | null>(null)
-
-  const baseUrl = 'https://macmini:3007'
-
-  // Calculate connected nodes
-  const connectedNodes = useMemo(() => {
-    if (!selectedNode) return new Set<string>()
-    return findConnectedNodes(selectedNode, CONNECTIONS, 'children')
-  }, [selectedNode])
-
-  // Create nodes with useMemo
-  const initialNodes = useMemo((): Node[] => {
-    return SCREENS.map((screen) => {
-      const catColors = COLORS[screen.category] || { bg: '#f1f5f9', border: '#94a3b8', text: '#475569' }
-      const position = getNodePosition(screen.id, screen.category)
-
-      let opacity = 1
-      if (selectedNode) {
-        opacity = connectedNodes.has(screen.id) ? 1 : 0.2
-      } else if (selectedCategory) {
-        opacity = screen.category === selectedCategory ? 1 : 0.2
-      }
-
-      const isSelected = selectedNode === screen.id
-
-      return {
-        id: screen.id,
-        type: 'default',
-        position,
-        data: {
-          label: (
-            <div className="text-center p-1">
-              <div className="text-lg mb-1">{screen.icon}</div>
-              <div className="font-medium text-xs leading-tight">{screen.name}</div>
-            </div>
-          ),
-        },
-        style: {
-          background: isSelected ? catColors.border : catColors.bg,
-          color: isSelected ? 'white' : catColors.text,
-          border: `2px solid ${catColors.border}`,
-          borderRadius: '12px',
-          padding: '6px',
-          minWidth: '110px',
-          opacity,
-          cursor: 'pointer',
-          boxShadow: isSelected ? `0 0 20px ${catColors.border}` : 'none',
-        },
-      }
-    })
-  }, [selectedCategory, selectedNode, connectedNodes])
-
-  // Create edges with useMemo
-  const initialEdges = useMemo((): Edge[] => {
-    return CONNECTIONS.map((conn, index) => {
-      const isHighlighted = selectedNode && (conn.source === selectedNode || conn.target === selectedNode)
-      const isInSubtree = selectedNode && connectedNodes.has(conn.source) && connectedNodes.has(conn.target)
-
-      return {
-        id: `e-${conn.source}-${conn.target}-${index}`,
-        source: conn.source,
-        target: conn.target,
-        label: conn.label,
-        type: 'smoothstep',
-        animated: isHighlighted || false,
-        style: {
-          stroke: isHighlighted ? '#3b82f6' : (isInSubtree ? '#94a3b8' : '#e2e8f0'),
-          strokeWidth: isHighlighted ? 3 : 1.5,
-          opacity: selectedNode ? (isInSubtree ? 1 : 0.15) : 1,
-        },
-        labelStyle: { fontSize: 9, fill: '#64748b' },
-        labelBgStyle: { fill: '#f8fafc' },
-        markerEnd: { type: MarkerType.ArrowClosed, color: isHighlighted ? '#3b82f6' : '#94a3b8', width: 15, height: 15 },
-      }
-    })
-  }, [selectedNode, connectedNodes])
-
-  const [nodes, setNodes, onNodesChange] = useNodesState([])
-  const [edges, setEdges, onEdgesChange] = useEdgesState([])
-
-  // Update nodes/edges when dependencies change
-  useEffect(() => {
-    setNodes(initialNodes)
-    setEdges(initialEdges)
-  }, [initialNodes, initialEdges, setNodes, setEdges])
-
-  // Handle node click
-  const onNodeClick = useCallback((_event: React.MouseEvent, node: Node) => {
-    const screen = SCREENS.find(s => s.id === node.id)
-
-    if (selectedNode === node.id) {
-      if (screen?.url) {
-        window.open(`${baseUrl}${screen.url}`, '_blank')
-      }
-      return
-    }
-
-    setSelectedNode(node.id)
-    setSelectedCategory(null)
-
-    if (screen) {
-      setPreviewScreen(screen)
-    }
-  }, [selectedNode, baseUrl])
-
-  // Handle background click - deselect
-  const onPaneClick = useCallback(() => {
-    setSelectedNode(null)
-    setPreviewScreen(null)
-  }, [])
-
-  // Stats
-  const stats = {
-    totalScreens: SCREENS.length,
-    totalConnections: CONNECTIONS.length,
-    connectedCount: connectedNodes.size,
-  }
-
-  const categories = Object.keys(LABELS)
-
-  // Connected screens list
-  const connectedScreens = selectedNode
-    ? SCREENS.filter(s => connectedNodes.has(s.id))
-    : []
-
-  return (
-    <div className="space-y-6">
-      {/* Header */}
-      <div className="bg-white rounded-xl border border-slate-200 p-6 shadow-sm">
-        <div className="flex items-center gap-4">
-          <div className="w-14 h-14 rounded-xl bg-violet-500 flex items-center justify-center text-2xl text-white">
-            🔀
-          </div>
-          <div>
-            <h2 className="text-xl font-bold text-slate-900">Compliance SDK Screen Flow</h2>
-            <p className="text-sm text-slate-500">
-              {stats.totalScreens} Screens mit {stats.totalConnections} Verbindungen
-            </p>
-          </div>
-        </div>
-      </div>
-
-      {/* Stats */}
-      <div className="grid grid-cols-4 gap-4">
-        <div className="bg-white rounded-xl border border-slate-200 p-4 shadow-sm">
-          <div className="text-3xl font-bold text-slate-800">{stats.totalScreens}</div>
-          <div className="text-sm text-slate-500">Screens</div>
-        </div>
-        <div className="bg-white rounded-xl border border-slate-200 p-4 shadow-sm">
-          <div className="text-3xl font-bold text-violet-600">{stats.totalConnections}</div>
-          <div className="text-sm text-slate-500">Verbindungen</div>
-        </div>
-        <div className="bg-white rounded-xl border border-slate-200 p-4 shadow-sm col-span-2">
-          {selectedNode ? (
-            <div className="flex items-center gap-3">
-              <div className="text-3xl">{previewScreen?.icon}</div>
-              <div>
-                <div className="font-bold text-slate-800">{previewScreen?.name}</div>
-                <div className="text-sm text-slate-500">
-                  {stats.connectedCount} verbundene Screen{stats.connectedCount !== 1 ? 's' : ''}
-                </div>
-              </div>
-              <button
-                onClick={() => {
-                  setSelectedNode(null)
-                  setPreviewScreen(null)
-                }}
-                className="ml-auto px-3 py-1 text-sm bg-slate-100 hover:bg-slate-200 rounded-lg"
-              >
-                Zuruecksetzen
-              </button>
-            </div>
-          ) : (
-            <div className="text-slate-500 text-sm">
-              Klicke auf einen Screen um den Subtree zu sehen
-            </div>
-          )}
-        </div>
-      </div>
-
-      {/* Category Filter */}
-      <div className="bg-white rounded-xl border border-slate-200 p-4 shadow-sm">
-        <div className="flex flex-wrap gap-2">
-          <button
-            onClick={() => {
-              setSelectedCategory(null)
-              setSelectedNode(null)
-              setPreviewScreen(null)
-            }}
-            className={`px-4 py-2 rounded-lg text-sm font-medium transition-colors ${
-              selectedCategory === null && !selectedNode
-                ? 'bg-slate-800 text-white'
-                : 'bg-slate-100 text-slate-700 hover:bg-slate-200'
-            }`}
-          >
-            Alle ({SCREENS.length})
-          </button>
-          {categories.map((key) => {
-            const count = SCREENS.filter(s => s.category === key).length
-            const catColors = COLORS[key] || { bg: '#f1f5f9', border: '#94a3b8', text: '#475569' }
-            return (
-              <button
-                key={key}
-                onClick={() => {
-                  setSelectedCategory(selectedCategory === key ? null : key)
-                  setSelectedNode(null)
-                  setPreviewScreen(null)
-                }}
-                className="px-4 py-2 rounded-lg text-sm font-medium transition-all flex items-center gap-2"
-                style={{
-                  background: selectedCategory === key ? catColors.border : catColors.bg,
-                  color: selectedCategory === key ? 'white' : catColors.text,
-                }}
-              >
-                <span className="w-3 h-3 rounded-full" style={{ background: catColors.border }} />
-                {LABELS[key]} ({count})
-              </button>
-            )
-          })}
-        </div>
-      </div>
-
-      {/* Connected Screens List */}
-      {selectedNode && connectedScreens.length > 1 && (
-        <div className="bg-white rounded-xl border border-slate-200 p-4 shadow-sm">
-          <div className="text-sm font-medium text-slate-700 mb-3">Verbundene Screens:</div>
-          <div className="flex flex-wrap gap-2">
-            {connectedScreens.map((screen) => {
-              const catColors = COLORS[screen.category] || { bg: '#f1f5f9', border: '#94a3b8', text: '#475569' }
-              const isCurrentNode = screen.id === selectedNode
-              return (
-                <button
-                  key={screen.id}
-                  onClick={() => {
-                    if (screen.url) {
-                      window.open(`${baseUrl}${screen.url}`, '_blank')
-                    }
-                  }}
-                  className={`px-3 py-2 rounded-lg text-sm font-medium transition-all flex items-center gap-2 ${
-                    isCurrentNode ? 'ring-2 ring-violet-500' : ''
-                  }`}
-                  style={{
-                    background: isCurrentNode ? catColors.border : catColors.bg,
-                    color: isCurrentNode ? 'white' : catColors.text,
-                  }}
-                >
-                  <span>{screen.icon}</span>
-                  {screen.name}
-                </button>
-              )
-            })}
-          </div>
-        </div>
-      )}
-
-      {/* Flow Diagram */}
-      <div className="bg-white rounded-xl border border-slate-200 shadow-sm overflow-hidden" style={{ height: '500px' }}>
-        <ReactFlow
-          nodes={nodes}
-          edges={edges}
-          onNodesChange={onNodesChange}
-          onEdgesChange={onEdgesChange}
-          onNodeClick={onNodeClick}
-          onPaneClick={onPaneClick}
-          fitView
-          fitViewOptions={{ padding: 0.2 }}
-          attributionPosition="bottom-left"
-        >
-          <Controls />
-          <MiniMap
-            nodeColor={(node) => {
-              const screen = SCREENS.find(s => s.id === node.id)
-              const catColors = screen ? COLORS[screen.category] : null
-              return catColors?.border || '#94a3b8'
-            }}
-            maskColor="rgba(0, 0, 0, 0.1)"
-          />
-          <Background variant={BackgroundVariant.Dots} gap={12} size={1} />
-
-          <Panel position="top-left" className="bg-white/95 p-3 rounded-lg shadow-lg text-xs">
-            <div className="font-medium text-slate-700 mb-2">
-              🛡️ Compliance SDK
-            </div>
-            <div className="space-y-1">
-              {categories.slice(0, 5).map((key) => {
-                const catColors = COLORS[key] || { bg: '#f1f5f9', border: '#94a3b8' }
-                return (
-                  <div key={key} className="flex items-center gap-2">
-                    <span
-                      className="w-3 h-3 rounded"
-                      style={{ background: catColors.bg, border: `1px solid ${catColors.border}` }}
-                    />
-                    <span className="text-slate-600">{LABELS[key]}</span>
-                  </div>
-                )
-              })}
-            </div>
-            <div className="mt-2 pt-2 border-t text-slate-400">
-              Klick = Subtree<br/>
-              Doppelklick = Oeffnen
-            </div>
-          </Panel>
-        </ReactFlow>
-      </div>
-
-      {/* Screen List */}
-      <div className="bg-white rounded-xl border border-slate-200 shadow-sm overflow-hidden">
-        <div className="px-4 py-3 bg-slate-50 border-b flex items-center justify-between">
-          <h3 className="font-medium text-slate-700">
-            Alle Screens ({SCREENS.length})
-          </h3>
-          <span className="text-xs text-slate-400">{baseUrl}</span>
-        </div>
-        <div className="divide-y max-h-80 overflow-y-auto">
-          {SCREENS
-            .filter(s => !selectedCategory || s.category === selectedCategory)
-            .map((screen) => {
-              const catColors = COLORS[screen.category] || { bg: '#f1f5f9', border: '#94a3b8', text: '#475569' }
-              return (
-                <button
-                  key={screen.id}
-                  onClick={() => {
-                    setSelectedNode(screen.id)
-                    setSelectedCategory(null)
-                    setPreviewScreen(screen)
-                  }}
-                  className="w-full flex items-center gap-4 p-3 hover:bg-slate-50 transition-colors text-left"
-                >
-                  <span
-                    className="w-9 h-9 rounded-lg flex items-center justify-center text-lg"
-                    style={{ background: catColors.bg }}
-                  >
-                    {screen.icon}
-                  </span>
-                  <div className="flex-1 min-w-0">
-                    <div className="font-medium text-slate-800 text-sm">{screen.name}</div>
-                    <div className="text-xs text-slate-500 truncate">{screen.description}</div>
-                  </div>
-                  <span
-                    className="px-2 py-1 rounded text-xs font-medium shrink-0"
-                    style={{ background: catColors.bg, color: catColors.text }}
-                  >
-                    {LABELS[screen.category]}
-                  </span>
-                </button>
-              )
-            })}
-        </div>
-      </div>
-    </div>
-  )
-}

admin-compliance/app/(admin)/layout.tsx

@@ -1,61 +0,0 @@
-'use client'
-
-import { useEffect, useState } from 'react'
-import { useRouter } from 'next/navigation'
-import { Sidebar } from '@/components/layout/Sidebar'
-import { Header } from '@/components/layout/Header'
-import { Breadcrumbs } from '@/components/common/Breadcrumbs'
-import { getStoredRole } from '@/lib/roles'
-
-export default function AdminLayout({
-  children,
-}: {
-  children: React.ReactNode
-}) {
-  const router = useRouter()
-  const [sidebarKey, setSidebarKey] = useState(0)
-  const [loading, setLoading] = useState(true)
-
-  useEffect(() => {
-    // Check if role is stored
-    const role = getStoredRole()
-    if (!role) {
-      // Redirect to role selection
-      router.replace('/')
-    } else {
-      setLoading(false)
-    }
-  }, [router])
-
-  const handleRoleChange = () => {
-    // Force sidebar to re-render
-    setSidebarKey(prev => prev + 1)
-  }
-
-  if (loading) {
-    return (
-      <div className="min-h-screen bg-slate-50 flex items-center justify-center">
-        <div className="animate-spin rounded-full h-12 w-12 border-b-2 border-primary-600"></div>
-      </div>
-    )
-  }
-
-  return (
-    <div className="min-h-screen bg-slate-50 flex">
-      {/* Sidebar */}
-      <Sidebar key={sidebarKey} onRoleChange={handleRoleChange} />
-
-      {/* Main Content */}
-      <div className="flex-1 ml-64 transition-all duration-300">
-        {/* Header */}
-        <Header />
-
-        {/* Page Content */}
-        <main className="p-6">
-          <Breadcrumbs />
-          {children}
-        </main>
-      </div>
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/academy/page.tsx

@@ -1,759 +0,0 @@
-'use client'
-
-import React, { useState, useEffect, useMemo } from 'react'
-import Link from 'next/link'
-import { useSDK } from '@/lib/sdk'
-import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
-import {
-  Course,
-  CourseCategory,
-  Enrollment,
-  EnrollmentStatus,
-  AcademyStatistics,
-  COURSE_CATEGORY_INFO,
-  ENROLLMENT_STATUS_INFO,
-  isEnrollmentOverdue,
-  getDaysUntilDeadline
-} from '@/lib/sdk/academy/types'
-import { fetchSDKAcademyList, generateAllCourses } from '@/lib/sdk/academy/api'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-type TabId = 'overview' | 'courses' | 'enrollments' | 'certificates' | 'settings'
-
-interface Tab {
-  id: TabId
-  label: string
-  count?: number
-  countColor?: string
-}
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function TabNavigation({
-  tabs,
-  activeTab,
-  onTabChange
-}: {
-  tabs: Tab[]
-  activeTab: TabId
-  onTabChange: (tab: TabId) => void
-}) {
-  return (
-    <div className="border-b border-gray-200">
-      <nav className="flex gap-1 -mb-px" aria-label="Tabs">
-        {tabs.map(tab => (
-          <button
-            key={tab.id}
-            onClick={() => onTabChange(tab.id)}
-            className={`
-              px-4 py-3 text-sm font-medium border-b-2 transition-colors
-              ${activeTab === tab.id
-                ? 'border-purple-600 text-purple-600'
-                : 'border-transparent text-gray-500 hover:text-gray-700 hover:border-gray-300'
-              }
-            `}
-          >
-            <span className="flex items-center gap-2">
-              {tab.label}
-              {tab.count !== undefined && tab.count > 0 && (
-                <span className={`
-                  px-2 py-0.5 text-xs rounded-full
-                  ${tab.countColor || 'bg-gray-100 text-gray-600'}
-                `}>
-                  {tab.count}
-                </span>
-              )}
-            </span>
-          </button>
-        ))}
-      </nav>
-    </div>
-  )
-}
-
-function StatCard({
-  label,
-  value,
-  color = 'gray',
-  icon,
-  trend
-}: {
-  label: string
-  value: number | string
-  color?: 'gray' | 'blue' | 'yellow' | 'red' | 'green' | 'purple'
-  icon?: React.ReactNode
-  trend?: { value: number; label: string }
-}) {
-  const colorClasses = {
-    gray: 'border-gray-200 text-gray-900',
-    blue: 'border-blue-200 text-blue-600',
-    yellow: 'border-yellow-200 text-yellow-600',
-    red: 'border-red-200 text-red-600',
-    green: 'border-green-200 text-green-600',
-    purple: 'border-purple-200 text-purple-600'
-  }
-
-  return (
-    <div className={`bg-white rounded-xl border ${colorClasses[color]} p-6`}>
-      <div className="flex items-start justify-between">
-        <div>
-          <div className={`text-sm ${color === 'gray' ? 'text-gray-500' : `text-${color}-600`}`}>
-            {label}
-          </div>
-          <div className={`text-3xl font-bold mt-1 ${colorClasses[color].split(' ')[1]}`}>
-            {value}
-          </div>
-          {trend && (
-            <div className={`text-xs mt-1 ${trend.value >= 0 ? 'text-green-600' : 'text-red-600'}`}>
-              {trend.value >= 0 ? '+' : ''}{trend.value} {trend.label}
-            </div>
-          )}
-        </div>
-        {icon && (
-          <div className={`w-10 h-10 rounded-lg flex items-center justify-center bg-${color}-50`}>
-            {icon}
-          </div>
-        )}
-      </div>
-    </div>
-  )
-}
-
-function CourseCard({ course, enrollmentCount }: { course: Course; enrollmentCount: number }) {
-  const categoryInfo = COURSE_CATEGORY_INFO[course.category] || COURSE_CATEGORY_INFO['custom']
-
-  return (
-    <Link href={`/sdk/academy/${course.id}`}>
-      <div className={`
-        bg-white rounded-xl border-2 p-6 hover:shadow-md transition-all cursor-pointer
-        border-gray-200 hover:border-purple-300
-      `}>
-        <div className="flex items-start justify-between">
-          <div className="flex-1 min-w-0">
-            {/* Header Badges */}
-            <div className="flex items-center gap-2 mb-2 flex-wrap">
-              <span className={`px-2 py-1 text-xs rounded-full ${categoryInfo.bgColor} ${categoryInfo.color}`}>
-                {categoryInfo.label}
-              </span>
-            </div>
-
-            {/* Course Title */}
-            <h3 className="text-lg font-semibold text-gray-900 truncate">
-              {course.title}
-            </h3>
-            <p className="text-sm text-gray-500 mt-1 line-clamp-2">
-              {course.description}
-            </p>
-
-            {/* Course Meta */}
-            <div className="mt-3 flex items-center gap-4 text-sm text-gray-500">
-              <span className="flex items-center gap-1">
-                <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6.253v13m0-13C10.832 5.477 9.246 5 7.5 5S4.168 5.477 3 6.253v13C4.168 18.477 5.754 18 7.5 18s3.332.477 4.5 1.253m0-13C13.168 5.477 14.754 5 16.5 5c1.747 0 3.332.477 4.5 1.253v13C19.832 18.477 18.247 18 16.5 18c-1.746 0-3.332.477-4.5 1.253" />
-                </svg>
-                {course.lessons.length} Lektionen
-              </span>
-              <span className="flex items-center gap-1">
-                <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 8v4l3 3m6-3a9 9 0 11-18 0 9 9 0 0118 0z" />
-                </svg>
-                {course.durationMinutes} Min.
-              </span>
-              <span className="flex items-center gap-1">
-                <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M17 20h5v-2a3 3 0 00-5.356-1.857M17 20H7m10 0v-2c0-.656-.126-1.283-.356-1.857M7 20H2v-2a3 3 0 015.356-1.857M7 20v-2c0-.656.126-1.283.356-1.857m0 0a5.002 5.002 0 019.288 0M15 7a3 3 0 11-6 0 3 3 0 016 0z" />
-                </svg>
-                {enrollmentCount} Teilnehmer
-              </span>
-            </div>
-          </div>
-
-          {/* Right Side - Roles */}
-          <div className="text-right ml-4 text-gray-500">
-            <div className="text-sm font-medium">
-              {course.requiredForRoles.includes('all') ? 'Pflicht fuer alle' : `${course.requiredForRoles.length} Rollen`}
-            </div>
-            <div className="text-xs mt-0.5">
-              {new Date(course.updatedAt).toLocaleDateString('de-DE')}
-            </div>
-          </div>
-        </div>
-
-        {/* Footer */}
-        <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between">
-          <div className="text-sm text-gray-500">
-            Erstellt: {new Date(course.createdAt).toLocaleDateString('de-DE')}
-          </div>
-          <div className="flex items-center gap-2">
-            <span className="px-3 py-1 text-sm text-purple-600 hover:bg-purple-50 rounded-lg transition-colors">
-              Details
-            </span>
-          </div>
-        </div>
-      </div>
-    </Link>
-  )
-}
-
-function EnrollmentCard({ enrollment, courseName }: { enrollment: Enrollment; courseName: string }) {
-  const statusInfo = ENROLLMENT_STATUS_INFO[enrollment.status]
-  const overdue = isEnrollmentOverdue(enrollment)
-  const daysUntil = getDaysUntilDeadline(enrollment.deadline)
-
-  return (
-    <div className={`
-      bg-white rounded-xl border-2 p-6
-      ${overdue ? 'border-red-300' :
-        enrollment.status === 'completed' ? 'border-green-200' :
-        enrollment.status === 'in_progress' ? 'border-yellow-200' :
-        'border-gray-200'
-      }
-    `}>
-      <div className="flex items-start justify-between">
-        <div className="flex-1 min-w-0">
-          {/* Status Badge */}
-          <div className="flex items-center gap-2 mb-2 flex-wrap">
-            <span className={`px-2 py-1 text-xs rounded-full ${statusInfo.bgColor} ${statusInfo.color}`}>
-              {statusInfo.label}
-            </span>
-            {overdue && (
-              <span className="px-2 py-1 text-xs bg-red-100 text-red-700 rounded-full flex items-center gap-1">
-                <svg className="w-3 h-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-                </svg>
-                Ueberfaellig
-              </span>
-            )}
-          </div>
-
-          {/* User Info */}
-          <h3 className="text-lg font-semibold text-gray-900 truncate">
-            {enrollment.userName}
-          </h3>
-          <p className="text-sm text-gray-500">{enrollment.userEmail}</p>
-          <p className="text-sm text-gray-600 mt-1 font-medium">{courseName}</p>
-
-          {/* Progress Bar */}
-          <div className="mt-3">
-            <div className="flex items-center justify-between text-sm mb-1">
-              <span className="text-gray-500">Fortschritt</span>
-              <span className="font-medium text-gray-700">{enrollment.progress}%</span>
-            </div>
-            <div className="w-full h-2 bg-gray-200 rounded-full overflow-hidden">
-              <div
-                className={`h-full rounded-full transition-all ${
-                  enrollment.progress === 100 ? 'bg-green-500' :
-                  overdue ? 'bg-red-500' :
-                  'bg-purple-500'
-                }`}
-                style={{ width: `${enrollment.progress}%` }}
-              />
-            </div>
-          </div>
-        </div>
-
-        {/* Right Side - Deadline */}
-        <div className={`text-right ml-4 ${
-          overdue ? 'text-red-600' :
-          daysUntil <= 7 ? 'text-orange-600' :
-          'text-gray-500'
-        }`}>
-          <div className="text-sm font-medium">
-            {enrollment.status === 'completed'
-              ? 'Abgeschlossen'
-              : overdue
-                ? `${Math.abs(daysUntil)} Tage ueberfaellig`
-                : `${daysUntil} Tage verbleibend`
-            }
-          </div>
-          <div className="text-xs mt-0.5">
-            Frist: {new Date(enrollment.deadline).toLocaleDateString('de-DE')}
-          </div>
-        </div>
-      </div>
-
-      {/* Footer */}
-      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between">
-        <div className="text-sm text-gray-500">
-          Gestartet: {new Date(enrollment.startedAt).toLocaleDateString('de-DE')}
-        </div>
-        {enrollment.completedAt && (
-          <div className="text-sm text-green-600">
-            Abgeschlossen: {new Date(enrollment.completedAt).toLocaleDateString('de-DE')}
-          </div>
-        )}
-      </div>
-    </div>
-  )
-}
-
-function FilterBar({
-  selectedCategory,
-  selectedStatus,
-  onCategoryChange,
-  onStatusChange,
-  onClear
-}: {
-  selectedCategory: CourseCategory | 'all'
-  selectedStatus: EnrollmentStatus | 'all'
-  onCategoryChange: (category: CourseCategory | 'all') => void
-  onStatusChange: (status: EnrollmentStatus | 'all') => void
-  onClear: () => void
-}) {
-  const hasFilters = selectedCategory !== 'all' || selectedStatus !== 'all'
-
-  return (
-    <div className="flex items-center gap-4 flex-wrap">
-      <span className="text-sm text-gray-500">Filter:</span>
-
-      {/* Category Filter */}
-      <select
-        value={selectedCategory}
-        onChange={(e) => onCategoryChange(e.target.value as CourseCategory | 'all')}
-        className="px-3 py-1.5 text-sm border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-purple-500"
-      >
-        <option value="all">Alle Kategorien</option>
-        {Object.entries(COURSE_CATEGORY_INFO).map(([cat, info]) => (
-          <option key={cat} value={cat}>{info.label}</option>
-        ))}
-      </select>
-
-      {/* Enrollment Status Filter */}
-      <select
-        value={selectedStatus}
-        onChange={(e) => onStatusChange(e.target.value as EnrollmentStatus | 'all')}
-        className="px-3 py-1.5 text-sm border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-purple-500"
-      >
-        <option value="all">Alle Status</option>
-        {Object.entries(ENROLLMENT_STATUS_INFO).map(([status, info]) => (
-          <option key={status} value={status}>{info.label}</option>
-        ))}
-      </select>
-
-      {/* Clear Filters */}
-      {hasFilters && (
-        <button
-          onClick={onClear}
-          className="px-3 py-1.5 text-sm text-gray-500 hover:text-gray-700 hover:bg-gray-100 rounded-lg transition-colors"
-        >
-          Filter zuruecksetzen
-        </button>
-      )}
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-export default function AcademyPage() {
-  const { state } = useSDK()
-  const [activeTab, setActiveTab] = useState<TabId>('overview')
-  const [courses, setCourses] = useState<Course[]>([])
-  const [enrollments, setEnrollments] = useState<Enrollment[]>([])
-  const [statistics, setStatistics] = useState<AcademyStatistics | null>(null)
-  const [isLoading, setIsLoading] = useState(true)
-  const [isGenerating, setIsGenerating] = useState(false)
-  const [generateResult, setGenerateResult] = useState<{ generated: number; skipped: number; errors: string[] } | null>(null)
-
-  // Filters
-  const [selectedCategory, setSelectedCategory] = useState<CourseCategory | 'all'>('all')
-  const [selectedStatus, setSelectedStatus] = useState<EnrollmentStatus | 'all'>('all')
-
-  // Load data from SDK backend
-  useEffect(() => {
-    loadData()
-  }, [])
-
-  // Calculate tab counts
-  const tabCounts = useMemo(() => {
-    return {
-      courses: courses.length,
-      enrollments: enrollments.filter(e => e.status !== 'completed').length,
-      certificates: enrollments.filter(e => e.certificateId).length,
-      overdue: enrollments.filter(e => isEnrollmentOverdue(e)).length
-    }
-  }, [courses, enrollments])
-
-  // Filtered courses
-  const filteredCourses = useMemo(() => {
-    let filtered = [...courses]
-
-    if (selectedCategory !== 'all') {
-      filtered = filtered.filter(c => c.category === selectedCategory)
-    }
-
-    return filtered.sort((a, b) => new Date(b.updatedAt).getTime() - new Date(a.updatedAt).getTime())
-  }, [courses, selectedCategory])
-
-  // Filtered enrollments
-  const filteredEnrollments = useMemo(() => {
-    let filtered = [...enrollments]
-
-    if (selectedStatus !== 'all') {
-      filtered = filtered.filter(e => e.status === selectedStatus)
-    }
-
-    // Sort: overdue first, then by deadline
-    return filtered.sort((a, b) => {
-      const aOverdue = isEnrollmentOverdue(a) ? -1 : 0
-      const bOverdue = isEnrollmentOverdue(b) ? -1 : 0
-      if (aOverdue !== bOverdue) return aOverdue - bOverdue
-      return getDaysUntilDeadline(a.deadline) - getDaysUntilDeadline(b.deadline)
-    })
-  }, [enrollments, selectedStatus])
-
-  // Enrollment counts per course
-  const enrollmentCountByCourseId = useMemo(() => {
-    const counts: Record<string, number> = {}
-    enrollments.forEach(e => {
-      counts[e.courseId] = (counts[e.courseId] || 0) + 1
-    })
-    return counts
-  }, [enrollments])
-
-  // Course name lookup
-  const courseNameById = useMemo(() => {
-    const map: Record<string, string> = {}
-    courses.forEach(c => { map[c.id] = c.title })
-    return map
-  }, [courses])
-
-  const tabs: Tab[] = [
-    { id: 'overview', label: 'Uebersicht' },
-    { id: 'courses', label: 'Kurse', count: tabCounts.courses, countColor: 'bg-blue-100 text-blue-600' },
-    { id: 'enrollments', label: 'Einschreibungen', count: tabCounts.enrollments, countColor: 'bg-yellow-100 text-yellow-600' },
-    { id: 'certificates', label: 'Zertifikate', count: tabCounts.certificates, countColor: 'bg-green-100 text-green-600' },
-    { id: 'settings', label: 'Einstellungen' }
-  ]
-
-  const stepInfo = STEP_EXPLANATIONS['academy']
-
-  const loadData = async () => {
-    setIsLoading(true)
-    try {
-      const data = await fetchSDKAcademyList()
-      setCourses(data.courses)
-      setEnrollments(data.enrollments)
-      setStatistics(data.statistics)
-    } catch (error) {
-      console.error('Failed to load Academy data:', error)
-    } finally {
-      setIsLoading(false)
-    }
-  }
-
-  const handleGenerateAll = async () => {
-    setIsGenerating(true)
-    setGenerateResult(null)
-    try {
-      const result = await generateAllCourses()
-      setGenerateResult({ generated: result.generated, skipped: result.skipped, errors: result.errors || [] })
-      // Reload data to show new courses
-      await loadData()
-    } catch (error) {
-      console.error('Failed to generate courses:', error)
-      setGenerateResult({ generated: 0, skipped: 0, errors: [error instanceof Error ? error.message : 'Fehler bei der Generierung'] })
-    } finally {
-      setIsGenerating(false)
-    }
-  }
-
-  const clearFilters = () => {
-    setSelectedCategory('all')
-    setSelectedStatus('all')
-  }
-
-  return (
-    <div className="space-y-6">
-      {/* Step Header */}
-      <StepHeader
-        stepId="academy"
-        title={stepInfo?.title || 'Compliance Academy'}
-        description={stepInfo?.description || 'E-Learning Plattform fuer Compliance-Schulungen'}
-        explanation={stepInfo?.explanation}
-        tips={stepInfo?.tips}
-      >
-        <div className="flex gap-2">
-          <button
-            onClick={handleGenerateAll}
-            disabled={isGenerating}
-            className="flex items-center gap-2 px-4 py-2 bg-green-600 text-white rounded-lg hover:bg-green-700 transition-colors disabled:opacity-50"
-          >
-            {isGenerating ? (
-              <svg className="animate-spin w-5 h-5" fill="none" viewBox="0 0 24 24">
-                <circle className="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" strokeWidth="4" />
-                <path className="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z" />
-              </svg>
-            ) : (
-              <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M13 10V3L4 14h7v7l9-11h-7z" />
-              </svg>
-            )}
-            {isGenerating ? 'Generiere...' : 'Alle Kurse generieren'}
-          </button>
-          <Link
-            href="/sdk/academy/new"
-            className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-          >
-            <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-            </svg>
-            Kurs erstellen
-          </Link>
-        </div>
-      </StepHeader>
-
-      {/* Generation Result */}
-      {generateResult && (
-        <div className={`p-4 rounded-lg border ${generateResult.errors.length > 0 ? 'bg-yellow-50 border-yellow-200' : 'bg-green-50 border-green-200'}`}>
-          <div className="flex items-center gap-4 text-sm">
-            <span className="text-green-700 font-medium">{generateResult.generated} Kurse generiert</span>
-            <span className="text-gray-500">{generateResult.skipped} uebersprungen</span>
-            {generateResult.errors.length > 0 && (
-              <span className="text-red-600">{generateResult.errors.length} Fehler</span>
-            )}
-          </div>
-          {generateResult.errors.length > 0 && (
-            <div className="mt-2 text-xs text-red-600">
-              {generateResult.errors.map((err, i) => <div key={i}>{err}</div>)}
-            </div>
-          )}
-        </div>
-      )}
-
-      {/* Tab Navigation */}
-      <TabNavigation
-        tabs={tabs}
-        activeTab={activeTab}
-        onTabChange={setActiveTab}
-      />
-
-      {/* Loading State */}
-      {isLoading ? (
-        <div className="flex items-center justify-center py-12">
-          <svg className="animate-spin w-8 h-8 text-purple-600" fill="none" viewBox="0 0 24 24">
-            <circle className="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" strokeWidth="4" />
-            <path className="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z" />
-          </svg>
-        </div>
-      ) : activeTab === 'settings' ? (
-        /* Settings Tab */
-        <div className="bg-white rounded-xl border border-gray-200 p-8 text-center">
-          <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-            <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10.325 4.317c.426-1.756 2.924-1.756 3.35 0a1.724 1.724 0 002.573 1.066c1.543-.94 3.31.826 2.37 2.37a1.724 1.724 0 001.065 2.572c1.756.426 1.756 2.924 0 3.35a1.724 1.724 0 00-1.066 2.573c.94 1.543-.826 3.31-2.37 2.37a1.724 1.724 0 00-2.572 1.065c-.426 1.756-2.924 1.756-3.35 0a1.724 1.724 0 00-2.573-1.066c-1.543.94-3.31-.826-2.37-2.37a1.724 1.724 0 00-1.065-2.572c-1.756-.426-1.756-2.924 0-3.35a1.724 1.724 0 001.066-2.573c-.94-1.543.826-3.31 2.37-2.37.996.608 2.296.07 2.572-1.065z" />
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M15 12a3 3 0 11-6 0 3 3 0 016 0z" />
-            </svg>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">Einstellungen</h3>
-          <p className="mt-2 text-gray-500">
-            Academy-Einstellungen, E-Mail-Benachrichtigungen und Kurs-Vorlagen
-            werden in einer spaeteren Version verfuegbar sein.
-          </p>
-        </div>
-      ) : activeTab === 'certificates' ? (
-        /* Certificates Tab Placeholder */
-        <div className="bg-white rounded-xl border border-gray-200 p-8 text-center">
-          <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-            <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4M7.835 4.697a3.42 3.42 0 001.946-.806 3.42 3.42 0 014.438 0 3.42 3.42 0 001.946.806 3.42 3.42 0 013.138 3.138 3.42 3.42 0 00.806 1.946 3.42 3.42 0 010 4.438 3.42 3.42 0 00-.806 1.946 3.42 3.42 0 01-3.138 3.138 3.42 3.42 0 00-1.946.806 3.42 3.42 0 01-4.438 0 3.42 3.42 0 00-1.946-.806 3.42 3.42 0 01-3.138-3.138 3.42 3.42 0 00-.806-1.946 3.42 3.42 0 010-4.438 3.42 3.42 0 00.806-1.946 3.42 3.42 0 013.138-3.138z" />
-            </svg>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">Zertifikate</h3>
-          <p className="mt-2 text-gray-500">
-            Zertifikate werden automatisch nach erfolgreichem Kursabschluss generiert.
-            Die Zertifikatsverwaltung wird in einer spaeteren Version verfuegbar sein.
-          </p>
-          {tabCounts.certificates > 0 && (
-            <p className="mt-2 text-sm text-purple-600 font-medium">
-              {tabCounts.certificates} Zertifikat(e) vorhanden
-            </p>
-          )}
-        </div>
-      ) : (
-        <>
-          {/* Statistics (Overview Tab) */}
-          {activeTab === 'overview' && statistics && (
-            <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-              <StatCard
-                label="Kurse gesamt"
-                value={statistics.totalCourses}
-                color="gray"
-              />
-              <StatCard
-                label="Aktive Teilnehmer"
-                value={(statistics.byStatus?.in_progress || 0) + (statistics.byStatus?.not_started || 0)}
-                color="blue"
-              />
-              <StatCard
-                label="Abschlussrate"
-                value={`${statistics.completionRate}%`}
-                color="green"
-              />
-              <StatCard
-                label="Ueberfaellig"
-                value={statistics.overdueCount}
-                color={statistics.overdueCount > 0 ? 'red' : 'green'}
-              />
-            </div>
-          )}
-
-          {/* Overdue Alert */}
-          {tabCounts.overdue > 0 && (
-            <div className="bg-red-50 border border-red-200 rounded-xl p-4 flex items-center gap-4">
-              <div className="w-10 h-10 bg-red-100 rounded-full flex items-center justify-center flex-shrink-0">
-                <svg className="w-5 h-5 text-red-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-                </svg>
-              </div>
-              <div className="flex-1">
-                <h4 className="font-medium text-red-800">
-                  Achtung: {tabCounts.overdue} ueberfaellige Schulung(en)
-                </h4>
-                <p className="text-sm text-red-600">
-                  Mitarbeiter haben Pflichtschulungen nicht fristgerecht abgeschlossen. Handeln Sie umgehend.
-                </p>
-              </div>
-              <button
-                onClick={() => {
-                  setActiveTab('enrollments')
-                  setSelectedStatus('all')
-                }}
-                className="px-4 py-2 bg-red-600 text-white rounded-lg hover:bg-red-700 transition-colors text-sm font-medium"
-              >
-                Anzeigen
-              </button>
-            </div>
-          )}
-
-          {/* Info Box (Overview Tab) */}
-          {activeTab === 'overview' && (
-            <div className="bg-blue-50 border border-blue-200 rounded-xl p-4">
-              <div className="flex items-start gap-3">
-                <svg className="w-5 h-5 text-blue-600 mt-0.5 flex-shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
-                </svg>
-                <div>
-                  <h4 className="font-medium text-blue-800">Schulungspflicht nach Art. 39 DSGVO</h4>
-                  <p className="text-sm text-blue-600 mt-1">
-                    Gemaess Art. 39 Abs. 1 lit. b DSGVO gehoert die Sensibilisierung und Schulung
-                    der an den Verarbeitungsvorgaengen beteiligten Mitarbeiter zu den Aufgaben des
-                    Datenschutzbeauftragten. Nachweisbare Compliance-Schulungen sind Pflicht und
-                    sollten mindestens jaehrlich aufgefrischt werden.
-                  </p>
-                </div>
-              </div>
-            </div>
-          )}
-
-          {/* Filters */}
-          <FilterBar
-            selectedCategory={selectedCategory}
-            selectedStatus={selectedStatus}
-            onCategoryChange={setSelectedCategory}
-            onStatusChange={setSelectedStatus}
-            onClear={clearFilters}
-          />
-
-          {/* Courses Tab */}
-          {(activeTab === 'overview' || activeTab === 'courses') && (
-            <div className="space-y-4">
-              {activeTab === 'courses' && (
-                <h2 className="text-lg font-semibold text-gray-900">Kurse ({filteredCourses.length})</h2>
-              )}
-              {filteredCourses.map(course => (
-                <CourseCard
-                  key={course.id}
-                  course={course}
-                  enrollmentCount={enrollmentCountByCourseId[course.id] || 0}
-                />
-              ))}
-            </div>
-          )}
-
-          {/* Enrollments Tab */}
-          {activeTab === 'enrollments' && (
-            <div className="space-y-4">
-              <h2 className="text-lg font-semibold text-gray-900">Einschreibungen ({filteredEnrollments.length})</h2>
-              {filteredEnrollments.map(enrollment => (
-                <EnrollmentCard
-                  key={enrollment.id}
-                  enrollment={enrollment}
-                  courseName={courseNameById[enrollment.courseId] || 'Unbekannter Kurs'}
-                />
-              ))}
-            </div>
-          )}
-
-          {/* Empty States */}
-          {activeTab === 'courses' && filteredCourses.length === 0 && (
-            <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-              <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-                <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6.253v13m0-13C10.832 5.477 9.246 5 7.5 5S4.168 5.477 3 6.253v13C4.168 18.477 5.754 18 7.5 18s3.332.477 4.5 1.253m0-13C13.168 5.477 14.754 5 16.5 5c1.747 0 3.332.477 4.5 1.253v13C19.832 18.477 18.247 18 16.5 18c-1.746 0-3.332.477-4.5 1.253" />
-                </svg>
-              </div>
-              <h3 className="text-lg font-semibold text-gray-900">Keine Kurse gefunden</h3>
-              <p className="mt-2 text-gray-500">
-                {selectedCategory !== 'all'
-                  ? 'Passen Sie die Filter an oder'
-                  : 'Es sind noch keine Kurse vorhanden.'
-                }
-              </p>
-              {selectedCategory !== 'all' ? (
-                <button
-                  onClick={clearFilters}
-                  className="mt-4 px-4 py-2 text-purple-600 hover:bg-purple-50 rounded-lg transition-colors"
-                >
-                  Filter zuruecksetzen
-                </button>
-              ) : (
-                <Link
-                  href="/sdk/academy/new"
-                  className="mt-4 inline-flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-                >
-                  <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-                  </svg>
-                  Ersten Kurs erstellen
-                </Link>
-              )}
-            </div>
-          )}
-
-          {activeTab === 'enrollments' && filteredEnrollments.length === 0 && (
-            <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-              <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-                <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M17 20h5v-2a3 3 0 00-5.356-1.857M17 20H7m10 0v-2c0-.656-.126-1.283-.356-1.857M7 20H2v-2a3 3 0 015.356-1.857M7 20v-2c0-.656.126-1.283.356-1.857m0 0a5.002 5.002 0 019.288 0M15 7a3 3 0 11-6 0 3 3 0 016 0z" />
-                </svg>
-              </div>
-              <h3 className="text-lg font-semibold text-gray-900">Keine Einschreibungen gefunden</h3>
-              <p className="mt-2 text-gray-500">
-                {selectedStatus !== 'all'
-                  ? 'Passen Sie die Filter an.'
-                  : 'Es sind noch keine Mitarbeiter in Kurse eingeschrieben.'
-                }
-              </p>
-              {selectedStatus !== 'all' && (
-                <button
-                  onClick={clearFilters}
-                  className="mt-4 px-4 py-2 text-purple-600 hover:bg-purple-50 rounded-lg transition-colors"
-                >
-                  Filter zuruecksetzen
-                </button>
-              )}
-            </div>
-          )}
-        </>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/advisory-board/page.tsx

@@ -1,667 +0,0 @@
-'use client'
-
-import React, { useState } from 'react'
-import Link from 'next/link'
-import { useSDK, UseCaseAssessment } from '@/lib/sdk'
-
-// =============================================================================
-// WIZARD STEPS
-// =============================================================================
-
-const WIZARD_STEPS = [
-  { id: 1, name: 'Grunddaten', description: 'Name und Beschreibung des Use Cases' },
-  { id: 2, name: 'Datenkategorien', description: 'Welche Daten werden verarbeitet?' },
-  { id: 3, name: 'Technologie', description: 'Eingesetzte KI-Technologien' },
-  { id: 4, name: 'Risikobewertung', description: 'Erste Risikoeinschätzung' },
-  { id: 5, name: 'Zusammenfassung', description: 'Überprüfung und Abschluss' },
-]
-
-// =============================================================================
-// USE CASE CARD
-// =============================================================================
-
-function UseCaseCard({
-  useCase,
-  isActive,
-  onSelect,
-  onDelete,
-}: {
-  useCase: UseCaseAssessment
-  isActive: boolean
-  onSelect: () => void
-  onDelete: () => void
-}) {
-  const completionPercent = Math.round((useCase.stepsCompleted / 5) * 100)
-
-  return (
-    <div
-      className={`relative bg-white rounded-xl border-2 p-6 transition-all cursor-pointer ${
-        isActive ? 'border-purple-500 shadow-lg' : 'border-gray-200 hover:border-purple-300'
-      }`}
-      onClick={onSelect}
-    >
-      {/* Delete Button */}
-      <button
-        onClick={e => {
-          e.stopPropagation()
-          onDelete()
-        }}
-        className="absolute top-4 right-4 p-1 text-gray-400 hover:text-red-500 transition-colors"
-      >
-        <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-          <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
-        </svg>
-      </button>
-
-      <div className="flex items-start gap-4">
-        <div
-          className={`w-12 h-12 rounded-xl flex items-center justify-center ${
-            completionPercent === 100
-              ? 'bg-green-100 text-green-600'
-              : 'bg-purple-100 text-purple-600'
-          }`}
-        >
-          {completionPercent === 100 ? (
-            <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M5 13l4 4L19 7" />
-            </svg>
-          ) : (
-            <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2" />
-            </svg>
-          )}
-        </div>
-        <div className="flex-1 min-w-0">
-          <h3 className="text-lg font-semibold text-gray-900 truncate">{useCase.name}</h3>
-          <p className="text-sm text-gray-500 line-clamp-2">{useCase.description}</p>
-          <div className="mt-3">
-            <div className="flex items-center justify-between text-sm mb-1">
-              <span className="text-gray-500">Fortschritt</span>
-              <span className="font-medium">{completionPercent}%</span>
-            </div>
-            <div className="h-2 bg-gray-100 rounded-full overflow-hidden">
-              <div
-                className={`h-full rounded-full transition-all ${
-                  completionPercent === 100 ? 'bg-green-500' : 'bg-purple-600'
-                }`}
-                style={{ width: `${completionPercent}%` }}
-              />
-            </div>
-          </div>
-          {useCase.assessmentResult && (
-            <div className="mt-3 flex items-center gap-2">
-              <span
-                className={`px-2 py-1 text-xs rounded-full ${
-                  useCase.assessmentResult.riskLevel === 'CRITICAL'
-                    ? 'bg-red-100 text-red-700'
-                    : useCase.assessmentResult.riskLevel === 'HIGH'
-                    ? 'bg-orange-100 text-orange-700'
-                    : useCase.assessmentResult.riskLevel === 'MEDIUM'
-                    ? 'bg-yellow-100 text-yellow-700'
-                    : 'bg-green-100 text-green-700'
-                }`}
-              >
-                Risiko: {useCase.assessmentResult.riskLevel}
-              </span>
-              {useCase.assessmentResult.dsfaRequired && (
-                <span className="px-2 py-1 text-xs bg-purple-100 text-purple-700 rounded-full">
-                  DSFA erforderlich
-                </span>
-              )}
-            </div>
-          )}
-        </div>
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// WIZARD
-// =============================================================================
-
-interface WizardFormData {
-  name: string
-  description: string
-  category: string
-  dataCategories: string[]
-  processesPersonalData: boolean
-  specialCategories: boolean
-  aiTechnologies: string[]
-  dataVolume: string
-  riskLevel: string
-  notes: string
-}
-
-function UseCaseWizard({
-  onComplete,
-  onCancel,
-}: {
-  onComplete: (useCase: UseCaseAssessment) => void
-  onCancel: () => void
-}) {
-  const [currentStep, setCurrentStep] = useState(1)
-  const [formData, setFormData] = useState<WizardFormData>({
-    name: '',
-    description: '',
-    category: '',
-    dataCategories: [],
-    processesPersonalData: false,
-    specialCategories: false,
-    aiTechnologies: [],
-    dataVolume: 'medium',
-    riskLevel: 'medium',
-    notes: '',
-  })
-
-  const updateFormData = (updates: Partial<WizardFormData>) => {
-    setFormData(prev => ({ ...prev, ...updates }))
-  }
-
-  const handleNext = () => {
-    if (currentStep < 5) {
-      setCurrentStep(prev => prev + 1)
-    } else {
-      // Create use case
-      const newUseCase: UseCaseAssessment = {
-        id: `uc-${Date.now()}`,
-        name: formData.name,
-        description: formData.description,
-        category: formData.category,
-        stepsCompleted: 5,
-        steps: WIZARD_STEPS.map(s => ({
-          id: `step-${s.id}`,
-          name: s.name,
-          completed: true,
-          data: {},
-        })),
-        assessmentResult: {
-          riskLevel: formData.riskLevel as 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL',
-          applicableRegulations: ['DSGVO', 'AI Act'],
-          recommendedControls: ['Datenschutz-Folgenabschätzung', 'Technische Maßnahmen'],
-          dsfaRequired: formData.specialCategories || formData.riskLevel === 'HIGH',
-          aiActClassification: formData.aiTechnologies.length > 0 ? 'LIMITED' : 'MINIMAL',
-        },
-        createdAt: new Date(),
-        updatedAt: new Date(),
-      }
-      onComplete(newUseCase)
-    }
-  }
-
-  const handleBack = () => {
-    if (currentStep > 1) {
-      setCurrentStep(prev => prev - 1)
-    }
-  }
-
-  return (
-    <div className="bg-white rounded-xl border border-gray-200 overflow-hidden">
-      {/* Header */}
-      <div className="px-6 py-4 border-b border-gray-200 bg-gray-50">
-        <div className="flex items-center justify-between">
-          <h2 className="text-lg font-semibold text-gray-900">Neuer Use Case</h2>
-          <button onClick={onCancel} className="text-gray-400 hover:text-gray-600">
-            <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
-            </svg>
-          </button>
-        </div>
-        {/* Progress */}
-        <div className="mt-4 flex items-center gap-2">
-          {WIZARD_STEPS.map((step, index) => (
-            <React.Fragment key={step.id}>
-              <div
-                className={`w-8 h-8 rounded-full flex items-center justify-center text-sm font-medium ${
-                  step.id < currentStep
-                    ? 'bg-green-500 text-white'
-                    : step.id === currentStep
-                    ? 'bg-purple-600 text-white'
-                    : 'bg-gray-200 text-gray-500'
-                }`}
-              >
-                {step.id < currentStep ? (
-                  <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M5 13l4 4L19 7" />
-                  </svg>
-                ) : (
-                  step.id
-                )}
-              </div>
-              {index < WIZARD_STEPS.length - 1 && (
-                <div
-                  className={`flex-1 h-1 rounded ${
-                    step.id < currentStep ? 'bg-green-500' : 'bg-gray-200'
-                  }`}
-                />
-              )}
-            </React.Fragment>
-          ))}
-        </div>
-        <p className="mt-2 text-sm text-gray-500">
-          Schritt {currentStep}: {WIZARD_STEPS[currentStep - 1].description}
-        </p>
-      </div>
-
-      {/* Content */}
-      <div className="p-6">
-        {currentStep === 1 && (
-          <div className="space-y-4">
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Name des Use Cases *</label>
-              <input
-                type="text"
-                value={formData.name}
-                onChange={e => updateFormData({ name: e.target.value })}
-                placeholder="z.B. Marketing-KI für Kundensegmentierung"
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent"
-              />
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Beschreibung *</label>
-              <textarea
-                value={formData.description}
-                onChange={e => updateFormData({ description: e.target.value })}
-                placeholder="Beschreiben Sie den Anwendungsfall und den Geschäftszweck..."
-                rows={4}
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent"
-              />
-            </div>
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Kategorie</label>
-              <select
-                value={formData.category}
-                onChange={e => updateFormData({ category: e.target.value })}
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent"
-              >
-                <option value="">Kategorie wählen...</option>
-                <option value="marketing">Marketing & Vertrieb</option>
-                <option value="hr">Personal & HR</option>
-                <option value="finance">Finanzen & Controlling</option>
-                <option value="operations">Betrieb & Produktion</option>
-                <option value="customer">Kundenservice</option>
-                <option value="other">Sonstiges</option>
-              </select>
-            </div>
-          </div>
-        )}
-
-        {currentStep === 2 && (
-          <div className="space-y-4">
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-2">
-                Werden personenbezogene Daten verarbeitet?
-              </label>
-              <div className="flex items-center gap-4">
-                <label className="flex items-center gap-2">
-                  <input
-                    type="radio"
-                    checked={formData.processesPersonalData}
-                    onChange={() => updateFormData({ processesPersonalData: true })}
-                    className="w-4 h-4 text-purple-600"
-                  />
-                  <span>Ja</span>
-                </label>
-                <label className="flex items-center gap-2">
-                  <input
-                    type="radio"
-                    checked={!formData.processesPersonalData}
-                    onChange={() => updateFormData({ processesPersonalData: false })}
-                    className="w-4 h-4 text-purple-600"
-                  />
-                  <span>Nein</span>
-                </label>
-              </div>
-            </div>
-
-            {formData.processesPersonalData && (
-              <>
-                <div>
-                  <label className="block text-sm font-medium text-gray-700 mb-2">
-                    Welche Datenkategorien? (Mehrfachauswahl)
-                  </label>
-                  <div className="grid grid-cols-2 gap-2">
-                    {['Name/Kontakt', 'E-Mail', 'Adresse', 'Telefon', 'Geburtsdatum', 'Finanzdaten', 'Standort', 'Nutzungsverhalten'].map(
-                      cat => (
-                        <label key={cat} className="flex items-center gap-2 p-2 border rounded-lg hover:bg-gray-50">
-                          <input
-                            type="checkbox"
-                            checked={formData.dataCategories.includes(cat)}
-                            onChange={e => {
-                              if (e.target.checked) {
-                                updateFormData({ dataCategories: [...formData.dataCategories, cat] })
-                              } else {
-                                updateFormData({
-                                  dataCategories: formData.dataCategories.filter(c => c !== cat),
-                                })
-                              }
-                            }}
-                            className="w-4 h-4 text-purple-600"
-                          />
-                          <span className="text-sm">{cat}</span>
-                        </label>
-                      )
-                    )}
-                  </div>
-                </div>
-
-                <div>
-                  <label className="flex items-center gap-2">
-                    <input
-                      type="checkbox"
-                      checked={formData.specialCategories}
-                      onChange={e => updateFormData({ specialCategories: e.target.checked })}
-                      className="w-4 h-4 text-purple-600"
-                    />
-                    <span className="text-sm font-medium text-gray-700">
-                      Besondere Kategorien (Art. 9 DSGVO): Gesundheit, Biometrie, Religion, etc.
-                    </span>
-                  </label>
-                  {formData.specialCategories && (
-                    <p className="mt-2 text-sm text-amber-600 bg-amber-50 p-3 rounded-lg">
-                      Bei besonderen Kategorien ist eine DSFA in der Regel erforderlich!
-                    </p>
-                  )}
-                </div>
-              </>
-            )}
-          </div>
-        )}
-
-        {currentStep === 3 && (
-          <div className="space-y-4">
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-2">
-                Eingesetzte KI-Technologien (Mehrfachauswahl)
-              </label>
-              <div className="grid grid-cols-2 gap-2">
-                {[
-                  'Machine Learning',
-                  'Deep Learning',
-                  'Natural Language Processing',
-                  'Computer Vision',
-                  'Generative AI (LLM)',
-                  'Empfehlungssysteme',
-                  'Predictive Analytics',
-                  'Chatbots/Assistenten',
-                ].map(tech => (
-                  <label key={tech} className="flex items-center gap-2 p-2 border rounded-lg hover:bg-gray-50">
-                    <input
-                      type="checkbox"
-                      checked={formData.aiTechnologies.includes(tech)}
-                      onChange={e => {
-                        if (e.target.checked) {
-                          updateFormData({ aiTechnologies: [...formData.aiTechnologies, tech] })
-                        } else {
-                          updateFormData({
-                            aiTechnologies: formData.aiTechnologies.filter(t => t !== tech),
-                          })
-                        }
-                      }}
-                      className="w-4 h-4 text-purple-600"
-                    />
-                    <span className="text-sm">{tech}</span>
-                  </label>
-                ))}
-              </div>
-            </div>
-
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Erwartetes Datenvolumen</label>
-              <select
-                value={formData.dataVolume}
-                onChange={e => updateFormData({ dataVolume: e.target.value })}
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent"
-              >
-                <option value="small">Klein (&lt; 1.000 Datensätze)</option>
-                <option value="medium">Mittel (1.000 - 100.000 Datensätze)</option>
-                <option value="large">Groß (100.000 - 1 Mio. Datensätze)</option>
-                <option value="xlarge">Sehr groß (&gt; 1 Mio. Datensätze)</option>
-              </select>
-            </div>
-          </div>
-        )}
-
-        {currentStep === 4 && (
-          <div className="space-y-4">
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-2">
-                Erste Risikoeinschätzung
-              </label>
-              <div className="space-y-2">
-                {[
-                  { value: 'low', label: 'Niedrig', description: 'Keine personenbezogenen Daten, kein kritischer Einsatz' },
-                  { value: 'medium', label: 'Mittel', description: 'Personenbezogene Daten, aber kein kritischer Einsatz' },
-                  { value: 'high', label: 'Hoch', description: 'Besondere Kategorien oder automatisierte Entscheidungen' },
-                  { value: 'critical', label: 'Kritisch', description: 'Hochrisiko-KI nach AI Act' },
-                ].map(option => (
-                  <label
-                    key={option.value}
-                    className={`flex items-start gap-3 p-4 border rounded-lg cursor-pointer transition-colors ${
-                      formData.riskLevel === option.value
-                        ? 'border-purple-500 bg-purple-50'
-                        : 'hover:bg-gray-50'
-                    }`}
-                  >
-                    <input
-                      type="radio"
-                      checked={formData.riskLevel === option.value}
-                      onChange={() => updateFormData({ riskLevel: option.value })}
-                      className="mt-1 w-4 h-4 text-purple-600"
-                    />
-                    <div>
-                      <div className="font-medium">{option.label}</div>
-                      <div className="text-sm text-gray-500">{option.description}</div>
-                    </div>
-                  </label>
-                ))}
-              </div>
-            </div>
-
-            <div>
-              <label className="block text-sm font-medium text-gray-700 mb-1">Notizen</label>
-              <textarea
-                value={formData.notes}
-                onChange={e => updateFormData({ notes: e.target.value })}
-                placeholder="Zusätzliche Anmerkungen zur Risikobewertung..."
-                rows={3}
-                className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent"
-              />
-            </div>
-          </div>
-        )}
-
-        {currentStep === 5 && (
-          <div className="space-y-6">
-            <div className="bg-gray-50 rounded-lg p-6">
-              <h3 className="text-lg font-semibold text-gray-900 mb-4">Zusammenfassung</h3>
-              <dl className="space-y-3">
-                <div className="flex justify-between">
-                  <dt className="text-gray-500">Name:</dt>
-                  <dd className="font-medium text-gray-900">{formData.name || '-'}</dd>
-                </div>
-                <div className="flex justify-between">
-                  <dt className="text-gray-500">Kategorie:</dt>
-                  <dd className="font-medium text-gray-900">{formData.category || '-'}</dd>
-                </div>
-                <div className="flex justify-between">
-                  <dt className="text-gray-500">Personenbezogene Daten:</dt>
-                  <dd className="font-medium text-gray-900">
-                    {formData.processesPersonalData ? 'Ja' : 'Nein'}
-                  </dd>
-                </div>
-                {formData.processesPersonalData && (
-                  <div className="flex justify-between">
-                    <dt className="text-gray-500">Datenkategorien:</dt>
-                    <dd className="font-medium text-gray-900">{formData.dataCategories.join(', ') || '-'}</dd>
-                  </div>
-                )}
-                <div className="flex justify-between">
-                  <dt className="text-gray-500">KI-Technologien:</dt>
-                  <dd className="font-medium text-gray-900">{formData.aiTechnologies.join(', ') || '-'}</dd>
-                </div>
-                <div className="flex justify-between">
-                  <dt className="text-gray-500">Risikostufe:</dt>
-                  <dd
-                    className={`font-medium px-2 py-0.5 rounded ${
-                      formData.riskLevel === 'critical'
-                        ? 'bg-red-100 text-red-700'
-                        : formData.riskLevel === 'high'
-                        ? 'bg-orange-100 text-orange-700'
-                        : formData.riskLevel === 'medium'
-                        ? 'bg-yellow-100 text-yellow-700'
-                        : 'bg-green-100 text-green-700'
-                    }`}
-                  >
-                    {formData.riskLevel.toUpperCase()}
-                  </dd>
-                </div>
-              </dl>
-            </div>
-
-            {(formData.specialCategories || formData.riskLevel === 'high' || formData.riskLevel === 'critical') && (
-              <div className="bg-amber-50 border border-amber-200 rounded-lg p-4">
-                <div className="flex items-start gap-3">
-                  <svg
-                    className="w-5 h-5 text-amber-600 mt-0.5"
-                    fill="none"
-                    stroke="currentColor"
-                    viewBox="0 0 24 24"
-                  >
-                    <path
-                      strokeLinecap="round"
-                      strokeLinejoin="round"
-                      strokeWidth={2}
-                      d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"
-                    />
-                  </svg>
-                  <div>
-                    <h4 className="font-medium text-amber-800">DSFA erforderlich</h4>
-                    <p className="text-sm text-amber-700 mt-1">
-                      Basierend auf Ihrer Eingabe wird eine Datenschutz-Folgenabschätzung empfohlen.
-                    </p>
-                  </div>
-                </div>
-              </div>
-            )}
-          </div>
-        )}
-      </div>
-
-      {/* Footer */}
-      <div className="px-6 py-4 border-t border-gray-200 bg-gray-50 flex items-center justify-between">
-        <button
-          onClick={currentStep === 1 ? onCancel : handleBack}
-          className="px-4 py-2 text-gray-600 hover:text-gray-900"
-        >
-          {currentStep === 1 ? 'Abbrechen' : 'Zurück'}
-        </button>
-        <button
-          onClick={handleNext}
-          disabled={currentStep === 1 && !formData.name}
-          className={`px-6 py-2 rounded-lg font-medium transition-colors ${
-            currentStep === 1 && !formData.name
-              ? 'bg-gray-200 text-gray-400 cursor-not-allowed'
-              : 'bg-purple-600 text-white hover:bg-purple-700'
-          }`}
-        >
-          {currentStep === 5 ? 'Abschließen' : 'Weiter'}
-        </button>
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-export default function AdvisoryBoardPage() {
-  const { state, dispatch } = useSDK()
-  const [showWizard, setShowWizard] = useState(false)
-
-  const handleCreateUseCase = (useCase: UseCaseAssessment) => {
-    dispatch({ type: 'ADD_USE_CASE', payload: useCase })
-    dispatch({ type: 'SET_ACTIVE_USE_CASE', payload: useCase.id })
-    setShowWizard(false)
-  }
-
-  const handleDeleteUseCase = (id: string) => {
-    if (confirm('Möchten Sie diesen Use Case wirklich löschen?')) {
-      dispatch({ type: 'DELETE_USE_CASE', payload: id })
-    }
-  }
-
-  return (
-    <div className="space-y-6">
-      {/* Header */}
-      <div className="flex items-center justify-between">
-        <div>
-          <h1 className="text-2xl font-bold text-gray-900">Use Case Workshop</h1>
-          <p className="mt-1 text-gray-500">
-            Erfassen Sie Ihre KI-Anwendungsfälle und erhalten Sie eine erste Compliance-Bewertung
-          </p>
-        </div>
-        <div className="flex items-center gap-3">
-          <Link
-            href="/sdk/advisory-board/documentation"
-            className="inline-flex items-center gap-2 px-4 py-2 text-sm text-purple-600 hover:text-purple-700 hover:bg-purple-50 border border-purple-300 rounded-lg transition-colors"
-          >
-            UCCA-System Dokumentation ansehen
-          </Link>
-          {!showWizard && (
-            <button
-              onClick={() => setShowWizard(true)}
-              className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-            >
-              <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-              </svg>
-              Neuer Use Case
-            </button>
-          )}
-        </div>
-      </div>
-
-      {/* Wizard or List */}
-      {showWizard ? (
-        <UseCaseWizard onComplete={handleCreateUseCase} onCancel={() => setShowWizard(false)} />
-      ) : state.useCases.length === 0 ? (
-        <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-          <div className="w-16 h-16 mx-auto bg-purple-100 rounded-full flex items-center justify-center mb-4">
-            <svg className="w-8 h-8 text-purple-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path
-                strokeLinecap="round"
-                strokeLinejoin="round"
-                strokeWidth={2}
-                d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2"
-              />
-            </svg>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">Noch keine Use Cases</h3>
-          <p className="mt-2 text-gray-500 max-w-md mx-auto">
-            Erstellen Sie Ihren ersten Use Case, um mit dem Compliance Assessment zu beginnen.
-          </p>
-          <button
-            onClick={() => setShowWizard(true)}
-            className="mt-6 px-6 py-3 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-          >
-            Ersten Use Case erstellen
-          </button>
-        </div>
-      ) : (
-        <div className="grid grid-cols-1 md:grid-cols-2 gap-4">
-          {state.useCases.map(useCase => (
-            <UseCaseCard
-              key={useCase.id}
-              useCase={useCase}
-              isActive={state.activeUseCase === useCase.id}
-              onSelect={() => dispatch({ type: 'SET_ACTIVE_USE_CASE', payload: useCase.id })}
-              onDelete={() => handleDeleteUseCase(useCase.id)}
-            />
-          ))}
-        </div>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/ai-act/page.tsx

@@ -1,295 +0,0 @@
-'use client'
-
-import React, { useState } from 'react'
-import { useSDK } from '@/lib/sdk'
-import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-interface AISystem {
-  id: string
-  name: string
-  description: string
-  classification: 'prohibited' | 'high-risk' | 'limited-risk' | 'minimal-risk' | 'unclassified'
-  purpose: string
-  sector: string
-  status: 'draft' | 'classified' | 'compliant' | 'non-compliant'
-  obligations: string[]
-  assessmentDate: Date | null
-}
-
-// =============================================================================
-// MOCK DATA
-// =============================================================================
-
-const mockAISystems: AISystem[] = [
-  {
-    id: 'ai-1',
-    name: 'Kundenservice Chatbot',
-    description: 'KI-gestuetzter Chatbot fuer Kundenanfragen',
-    classification: 'limited-risk',
-    purpose: 'Automatisierte Beantwortung von Kundenanfragen',
-    sector: 'Kundenservice',
-    status: 'classified',
-    obligations: ['Transparenzpflicht', 'Kennzeichnung als KI-System'],
-    assessmentDate: new Date('2024-01-15'),
-  },
-  {
-    id: 'ai-2',
-    name: 'Bewerber-Screening',
-    description: 'KI-System zur Vorauswahl von Bewerbungen',
-    classification: 'high-risk',
-    purpose: 'Automatisierte Bewertung von Bewerbungsunterlagen',
-    sector: 'Personal',
-    status: 'non-compliant',
-    obligations: ['Risikomanagementsystem', 'Datenlenkung', 'Technische Dokumentation', 'Menschliche Aufsicht', 'Transparenz'],
-    assessmentDate: new Date('2024-01-10'),
-  },
-  {
-    id: 'ai-3',
-    name: 'Empfehlungsalgorithmus',
-    description: 'Personalisierte Produktempfehlungen',
-    classification: 'minimal-risk',
-    purpose: 'Verbesserung der Kundenerfahrung durch personalisierte Empfehlungen',
-    sector: 'E-Commerce',
-    status: 'compliant',
-    obligations: [],
-    assessmentDate: new Date('2024-01-05'),
-  },
-  {
-    id: 'ai-4',
-    name: 'Neue KI-Anwendung',
-    description: 'Noch nicht klassifiziertes System',
-    classification: 'unclassified',
-    purpose: 'In Evaluierung',
-    sector: 'Unbestimmt',
-    status: 'draft',
-    obligations: [],
-    assessmentDate: null,
-  },
-]
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function RiskPyramid({ systems }: { systems: AISystem[] }) {
-  const counts = {
-    prohibited: systems.filter(s => s.classification === 'prohibited').length,
-    'high-risk': systems.filter(s => s.classification === 'high-risk').length,
-    'limited-risk': systems.filter(s => s.classification === 'limited-risk').length,
-    'minimal-risk': systems.filter(s => s.classification === 'minimal-risk').length,
-  }
-
-  return (
-    <div className="bg-white rounded-xl border border-gray-200 p-6">
-      <h3 className="text-lg font-semibold text-gray-900 mb-4">AI Act Risikopyramide</h3>
-      <div className="flex flex-col items-center space-y-1">
-        <div className="w-24 h-12 bg-red-500 text-white flex items-center justify-center rounded-t-lg text-sm font-medium">
-          Verboten ({counts.prohibited})
-        </div>
-        <div className="w-40 h-12 bg-orange-500 text-white flex items-center justify-center text-sm font-medium">
-          Hochrisiko ({counts['high-risk']})
-        </div>
-        <div className="w-56 h-12 bg-yellow-500 text-white flex items-center justify-center text-sm font-medium">
-          Begrenztes Risiko ({counts['limited-risk']})
-        </div>
-        <div className="w-72 h-12 bg-green-500 text-white flex items-center justify-center rounded-b-lg text-sm font-medium">
-          Minimales Risiko ({counts['minimal-risk']})
-        </div>
-      </div>
-      <div className="mt-4 text-center text-sm text-gray-500">
-        {systems.filter(s => s.classification === 'unclassified').length} System(e) noch nicht klassifiziert
-      </div>
-    </div>
-  )
-}
-
-function AISystemCard({ system }: { system: AISystem }) {
-  const classificationColors = {
-    prohibited: 'bg-red-100 text-red-700 border-red-200',
-    'high-risk': 'bg-orange-100 text-orange-700 border-orange-200',
-    'limited-risk': 'bg-yellow-100 text-yellow-700 border-yellow-200',
-    'minimal-risk': 'bg-green-100 text-green-700 border-green-200',
-    unclassified: 'bg-gray-100 text-gray-500 border-gray-200',
-  }
-
-  const classificationLabels = {
-    prohibited: 'Verboten',
-    'high-risk': 'Hochrisiko',
-    'limited-risk': 'Begrenztes Risiko',
-    'minimal-risk': 'Minimales Risiko',
-    unclassified: 'Nicht klassifiziert',
-  }
-
-  const statusColors = {
-    draft: 'bg-gray-100 text-gray-500',
-    classified: 'bg-blue-100 text-blue-700',
-    compliant: 'bg-green-100 text-green-700',
-    'non-compliant': 'bg-red-100 text-red-700',
-  }
-
-  const statusLabels = {
-    draft: 'Entwurf',
-    classified: 'Klassifiziert',
-    compliant: 'Konform',
-    'non-compliant': 'Nicht konform',
-  }
-
-  return (
-    <div className={`bg-white rounded-xl border-2 p-6 ${
-      system.classification === 'high-risk' ? 'border-orange-200' :
-      system.classification === 'prohibited' ? 'border-red-200' : 'border-gray-200'
-    }`}>
-      <div className="flex items-start justify-between">
-        <div className="flex-1">
-          <div className="flex items-center gap-2 mb-2">
-            <span className={`px-2 py-1 text-xs rounded-full ${classificationColors[system.classification]}`}>
-              {classificationLabels[system.classification]}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${statusColors[system.status]}`}>
-              {statusLabels[system.status]}
-            </span>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">{system.name}</h3>
-          <p className="text-sm text-gray-500 mt-1">{system.description}</p>
-          <div className="mt-2 text-sm text-gray-500">
-            <span>Sektor: {system.sector}</span>
-            {system.assessmentDate && (
-              <span className="ml-4">Klassifiziert: {system.assessmentDate.toLocaleDateString('de-DE')}</span>
-            )}
-          </div>
-        </div>
-      </div>
-
-      {system.obligations.length > 0 && (
-        <div className="mt-4 pt-4 border-t border-gray-100">
-          <p className="text-sm font-medium text-gray-700 mb-2">Pflichten nach AI Act:</p>
-          <div className="flex flex-wrap gap-2">
-            {system.obligations.map(obl => (
-              <span key={obl} className="px-2 py-1 text-xs bg-purple-50 text-purple-700 rounded">
-                {obl}
-              </span>
-            ))}
-          </div>
-        </div>
-      )}
-
-      <div className="mt-4 flex items-center gap-2">
-        <button className="flex-1 px-4 py-2 text-sm bg-purple-50 text-purple-700 rounded-lg hover:bg-purple-100 transition-colors">
-          {system.classification === 'unclassified' ? 'Klassifizierung starten' : 'Details anzeigen'}
-        </button>
-        <button className="px-4 py-2 text-sm text-gray-600 hover:bg-gray-100 rounded-lg transition-colors">
-          Bearbeiten
-        </button>
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-export default function AIActPage() {
-  const { state } = useSDK()
-  const [systems] = useState<AISystem[]>(mockAISystems)
-  const [filter, setFilter] = useState<string>('all')
-
-  const filteredSystems = filter === 'all'
-    ? systems
-    : systems.filter(s => s.classification === filter || s.status === filter)
-
-  const highRiskCount = systems.filter(s => s.classification === 'high-risk').length
-  const compliantCount = systems.filter(s => s.status === 'compliant').length
-  const unclassifiedCount = systems.filter(s => s.classification === 'unclassified').length
-
-  const stepInfo = STEP_EXPLANATIONS['ai-act']
-
-  return (
-    <div className="space-y-6">
-      {/* Step Header */}
-      <StepHeader
-        stepId="ai-act"
-        title={stepInfo.title}
-        description={stepInfo.description}
-        explanation={stepInfo.explanation}
-        tips={stepInfo.tips}
-      >
-        <button className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors">
-          <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-          </svg>
-          KI-System registrieren
-        </button>
-      </StepHeader>
-
-      {/* Stats */}
-      <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">KI-Systeme gesamt</div>
-          <div className="text-3xl font-bold text-gray-900">{systems.length}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-orange-200 p-6">
-          <div className="text-sm text-orange-600">Hochrisiko</div>
-          <div className="text-3xl font-bold text-orange-600">{highRiskCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-green-200 p-6">
-          <div className="text-sm text-green-600">Konform</div>
-          <div className="text-3xl font-bold text-green-600">{compliantCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Nicht klassifiziert</div>
-          <div className="text-3xl font-bold text-gray-500">{unclassifiedCount}</div>
-        </div>
-      </div>
-
-      {/* Risk Pyramid */}
-      <RiskPyramid systems={systems} />
-
-      {/* Filter */}
-      <div className="flex items-center gap-2 flex-wrap">
-        <span className="text-sm text-gray-500">Filter:</span>
-        {['all', 'high-risk', 'limited-risk', 'minimal-risk', 'unclassified', 'compliant', 'non-compliant'].map(f => (
-          <button
-            key={f}
-            onClick={() => setFilter(f)}
-            className={`px-3 py-1 text-sm rounded-full transition-colors ${
-              filter === f
-                ? 'bg-purple-600 text-white'
-                : 'bg-gray-100 text-gray-600 hover:bg-gray-200'
-            }`}
-          >
-            {f === 'all' ? 'Alle' :
-             f === 'high-risk' ? 'Hochrisiko' :
-             f === 'limited-risk' ? 'Begrenztes Risiko' :
-             f === 'minimal-risk' ? 'Minimales Risiko' :
-             f === 'unclassified' ? 'Nicht klassifiziert' :
-             f === 'compliant' ? 'Konform' : 'Nicht konform'}
-          </button>
-        ))}
-      </div>
-
-      {/* AI Systems List */}
-      <div className="grid grid-cols-1 md:grid-cols-2 gap-6">
-        {filteredSystems.map(system => (
-          <AISystemCard key={system.id} system={system} />
-        ))}
-      </div>
-
-      {filteredSystems.length === 0 && (
-        <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-          <div className="w-16 h-16 mx-auto bg-purple-100 rounded-full flex items-center justify-center mb-4">
-            <svg className="w-8 h-8 text-purple-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9.75 17L9 20l-1 1h8l-1-1-.75-3M3 13h18M5 17h14a2 2 0 002-2V5a2 2 0 00-2-2H5a2 2 0 00-2 2v10a2 2 0 002 2z" />
-            </svg>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">Keine KI-Systeme gefunden</h3>
-          <p className="mt-2 text-gray-500">Passen Sie den Filter an oder registrieren Sie ein neues KI-System.</p>
-        </div>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/compliance-hub/page.tsx

@@ -1,521 +0,0 @@
-'use client'
-
-/**
- * Compliance Hub Page (SDK Version - Zusatzmodul)
- *
- * Central compliance management dashboard with:
- * - Compliance Score Overview
- * - Quick Access to all compliance modules (SDK paths)
- * - Control-Mappings with statistics
- * - Audit Findings
- * - Regulations overview
- */
-
-import { useState, useEffect } from 'react'
-import Link from 'next/link'
-
-// Types
-interface DashboardData {
-  compliance_score: number
-  total_regulations: number
-  total_requirements: number
-  total_controls: number
-  controls_by_status: Record<string, number>
-  controls_by_domain: Record<string, Record<string, number>>
-  total_evidence: number
-  evidence_by_status: Record<string, number>
-  total_risks: number
-  risks_by_level: Record<string, number>
-}
-
-interface Regulation {
-  id: string
-  code: string
-  name: string
-  full_name: string
-  regulation_type: string
-  effective_date: string | null
-  description: string
-  requirement_count: number
-}
-
-interface MappingsData {
-  total: number
-  by_regulation: Record<string, number>
-}
-
-interface FindingsData {
-  major_count: number
-  minor_count: number
-  ofi_count: number
-  total: number
-  open_majors: number
-  open_minors: number
-}
-
-const DOMAIN_LABELS: Record<string, string> = {
-  gov: 'Governance',
-  priv: 'Datenschutz',
-  iam: 'Identity & Access',
-  crypto: 'Kryptografie',
-  sdlc: 'Secure Dev',
-  ops: 'Operations',
-  ai: 'KI-spezifisch',
-  cra: 'Supply Chain',
-  aud: 'Audit',
-}
-
-export default function ComplianceHubPage() {
-  const [dashboard, setDashboard] = useState<DashboardData | null>(null)
-  const [regulations, setRegulations] = useState<Regulation[]>([])
-  const [mappings, setMappings] = useState<MappingsData | null>(null)
-  const [findings, setFindings] = useState<FindingsData | null>(null)
-  const [loading, setLoading] = useState(true)
-  const [error, setError] = useState<string | null>(null)
-  const [seeding, setSeeding] = useState(false)
-
-  useEffect(() => {
-    loadData()
-  }, [])
-
-  const loadData = async () => {
-    setLoading(true)
-    setError(null)
-    try {
-      const [dashboardRes, regulationsRes, mappingsRes, findingsRes] = await Promise.all([
-        fetch('/api/admin/compliance/dashboard'),
-        fetch('/api/admin/compliance/regulations'),
-        fetch('/api/admin/compliance/mappings'),
-        fetch('/api/admin/compliance/isms/findings/summary'),
-      ])
-
-      if (dashboardRes.ok) {
-        setDashboard(await dashboardRes.json())
-      }
-      if (regulationsRes.ok) {
-        const data = await regulationsRes.json()
-        setRegulations(data.regulations || [])
-      }
-      if (mappingsRes.ok) {
-        const data = await mappingsRes.json()
-        setMappings(data)
-      }
-      if (findingsRes.ok) {
-        const data = await findingsRes.json()
-        setFindings(data)
-      }
-    } catch (err) {
-      console.error('Failed to load compliance data:', err)
-      setError('Verbindung zum Backend fehlgeschlagen')
-    } finally {
-      setLoading(false)
-    }
-  }
-
-  const seedDatabase = async () => {
-    setSeeding(true)
-    try {
-      const res = await fetch('/api/admin/compliance/seed', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ force: false }),
-      })
-
-      if (res.ok) {
-        const result = await res.json()
-        alert(`Datenbank erfolgreich initialisiert!\n\nRegulations: ${result.counts?.regulations || 0}\nControls: ${result.counts?.controls || 0}\nRequirements: ${result.counts?.requirements || 0}`)
-        loadData()
-      } else {
-        const error = await res.text()
-        alert(`Fehler beim Seeding: ${error}`)
-      }
-    } catch (err) {
-      console.error('Seeding failed:', err)
-      alert('Fehler beim Initialisieren der Datenbank')
-    } finally {
-      setSeeding(false)
-    }
-  }
-
-  const score = dashboard?.compliance_score || 0
-  const scoreColor = score >= 80 ? 'text-green-600' : score >= 60 ? 'text-yellow-600' : 'text-red-600'
-  const scoreBgColor = score >= 80 ? 'bg-green-500' : score >= 60 ? 'bg-yellow-500' : 'bg-red-500'
-
-  return (
-    <div className="space-y-6">
-      {/* Title Card (Zusatzmodul - no StepHeader) */}
-      <div className="bg-white rounded-xl shadow-sm border p-6">
-        <h1 className="text-2xl font-bold text-slate-900">Compliance Hub</h1>
-        <p className="text-slate-500 mt-1">
-          Zentrale Verwaltung aller Compliance-Anforderungen nach DSGVO, AI Act, BSI TR-03161 und weiteren Regulierungen.
-        </p>
-      </div>
-
-      {/* Error Banner */}
-      {error && (
-        <div className="bg-red-50 border border-red-200 rounded-lg p-4 flex items-center gap-3">
-          <svg className="w-5 h-5 text-red-500 flex-shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 8v4m0 4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
-          </svg>
-          <span className="text-red-700">{error}</span>
-          <button onClick={loadData} className="ml-auto text-red-600 hover:text-red-800 text-sm font-medium">
-            Erneut versuchen
-          </button>
-        </div>
-      )}
-
-      {/* Seed Button if no data */}
-      {!loading && (dashboard?.total_controls || 0) === 0 && (
-        <div className="p-4 bg-yellow-50 border border-yellow-200 rounded-lg">
-          <div className="flex items-center justify-between">
-            <div>
-              <p className="font-medium text-yellow-800">Keine Compliance-Daten vorhanden</p>
-              <p className="text-sm text-yellow-700">Initialisieren Sie die Datenbank mit den Seed-Daten.</p>
-            </div>
-            <button
-              onClick={seedDatabase}
-              disabled={seeding}
-              className="px-4 py-2 bg-yellow-600 text-white rounded-lg hover:bg-yellow-700 disabled:opacity-50"
-            >
-              {seeding ? 'Initialisiere...' : 'Datenbank initialisieren'}
-            </button>
-          </div>
-        </div>
-      )}
-
-      {/* Quick Actions */}
-      <div className="bg-white rounded-xl shadow-sm border p-6">
-        <h3 className="text-lg font-semibold text-slate-900 mb-4">Schnellzugriff</h3>
-        <div className="grid grid-cols-2 sm:grid-cols-3 md:grid-cols-6 gap-4">
-          <Link
-            href="/sdk/audit-checklist"
-            className="p-4 rounded-lg border border-slate-200 hover:border-purple-500 hover:bg-purple-50 transition-colors text-center"
-          >
-            <div className="text-purple-600 mb-2 flex justify-center">
-              <svg className="w-8 h-8" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-3 7h3m-3 4h3m-6-4h.01M9 16h.01" />
-              </svg>
-            </div>
-            <p className="font-medium text-slate-900 text-sm">Audit Checkliste</p>
-            <p className="text-xs text-slate-500 mt-1">{dashboard?.total_requirements || '...'} Anforderungen</p>
-          </Link>
-
-          <Link
-            href="/sdk/controls"
-            className="p-4 rounded-lg border border-slate-200 hover:border-green-500 hover:bg-green-50 transition-colors text-center"
-          >
-            <div className="text-green-600 mb-2 flex justify-center">
-              <svg className="w-8 h-8" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z" />
-              </svg>
-            </div>
-            <p className="font-medium text-slate-900 text-sm">Controls</p>
-            <p className="text-xs text-slate-500 mt-1">{dashboard?.total_controls || '...'} Massnahmen</p>
-          </Link>
-
-          <Link
-            href="/sdk/evidence"
-            className="p-4 rounded-lg border border-slate-200 hover:border-blue-500 hover:bg-blue-50 transition-colors text-center"
-          >
-            <div className="text-blue-600 mb-2 flex justify-center">
-              <svg className="w-8 h-8" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M7 21h10a2 2 0 002-2V9.414a1 1 0 00-.293-.707l-5.414-5.414A1 1 0 0012.586 3H7a2 2 0 00-2 2v14a2 2 0 002 2z" />
-              </svg>
-            </div>
-            <p className="font-medium text-slate-900 text-sm">Evidence</p>
-            <p className="text-xs text-slate-500 mt-1">Nachweise</p>
-          </Link>
-
-          <Link
-            href="/sdk/risks"
-            className="p-4 rounded-lg border border-slate-200 hover:border-red-500 hover:bg-red-50 transition-colors text-center"
-          >
-            <div className="text-red-600 mb-2 flex justify-center">
-              <svg className="w-8 h-8" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-              </svg>
-            </div>
-            <p className="font-medium text-slate-900 text-sm">Risk Matrix</p>
-            <p className="text-xs text-slate-500 mt-1">5x5 Risiken</p>
-          </Link>
-
-          <Link
-            href="/sdk/modules"
-            className="p-4 rounded-lg border border-slate-200 hover:border-pink-500 hover:bg-pink-50 transition-colors text-center"
-          >
-            <div className="text-pink-600 mb-2 flex justify-center">
-              <svg className="w-8 h-8" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 11H5m14 0a2 2 0 012 2v6a2 2 0 01-2 2H5a2 2 0 01-2-2v-6a2 2 0 012-2m14 0V9a2 2 0 00-2-2M5 11V9a2 2 0 012-2m0 0V5a2 2 0 012-2h6a2 2 0 012 2v2M7 7h10" />
-              </svg>
-            </div>
-            <p className="font-medium text-slate-900 text-sm">Service Registry</p>
-            <p className="text-xs text-slate-500 mt-1">Module</p>
-          </Link>
-
-          <Link
-            href="/sdk/audit-report"
-            className="p-4 rounded-lg border border-slate-200 hover:border-orange-500 hover:bg-orange-50 transition-colors text-center"
-          >
-            <div className="text-orange-600 mb-2 flex justify-center">
-              <svg className="w-8 h-8" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 17v-2m3 2v-4m3 4v-6m2 10H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z" />
-              </svg>
-            </div>
-            <p className="font-medium text-slate-900 text-sm">Audit Report</p>
-            <p className="text-xs text-slate-500 mt-1">PDF Export</p>
-          </Link>
-        </div>
-      </div>
-
-      {loading ? (
-        <div className="flex items-center justify-center h-64">
-          <div className="animate-spin rounded-full h-12 w-12 border-b-2 border-purple-600" />
-        </div>
-      ) : (
-        <>
-          {/* Score and Stats Row */}
-          <div className="grid grid-cols-1 lg:grid-cols-5 gap-4">
-            <div className="bg-white rounded-xl shadow-sm border p-6">
-              <h3 className="text-sm font-medium text-slate-500 mb-4">Compliance Score</h3>
-              <div className={`text-5xl font-bold ${scoreColor}`}>
-                {score.toFixed(0)}%
-              </div>
-              <div className="mt-4 h-2 bg-slate-200 rounded-full overflow-hidden">
-                <div
-                  className={`h-full transition-all duration-500 ${scoreBgColor}`}
-                  style={{ width: `${score}%` }}
-                />
-              </div>
-              <p className="mt-2 text-sm text-slate-500">
-                {dashboard?.controls_by_status?.pass || 0} von {dashboard?.total_controls || 0} Controls bestanden
-              </p>
-            </div>
-
-            <div className="bg-white rounded-xl shadow-sm border p-6">
-              <div className="flex items-center justify-between">
-                <div>
-                  <p className="text-sm text-slate-500">Verordnungen</p>
-                  <p className="text-2xl font-bold text-slate-900">{dashboard?.total_regulations || 0}</p>
-                </div>
-                <div className="w-10 h-10 bg-blue-100 rounded-lg flex items-center justify-center">
-                  <svg className="w-5 h-5 text-blue-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z" />
-                  </svg>
-                </div>
-              </div>
-              <p className="mt-2 text-sm text-slate-500">{dashboard?.total_requirements || 0} Anforderungen</p>
-            </div>
-
-            <div className="bg-white rounded-xl shadow-sm border p-6">
-              <div className="flex items-center justify-between">
-                <div>
-                  <p className="text-sm text-slate-500">Controls</p>
-                  <p className="text-2xl font-bold text-slate-900">{dashboard?.total_controls || 0}</p>
-                </div>
-                <div className="w-10 h-10 bg-green-100 rounded-lg flex items-center justify-center">
-                  <svg className="w-5 h-5 text-green-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z" />
-                  </svg>
-                </div>
-              </div>
-              <p className="mt-2 text-sm text-slate-500">{dashboard?.controls_by_status?.pass || 0} bestanden</p>
-            </div>
-
-            <div className="bg-white rounded-xl shadow-sm border p-6">
-              <div className="flex items-center justify-between">
-                <div>
-                  <p className="text-sm text-slate-500">Nachweise</p>
-                  <p className="text-2xl font-bold text-slate-900">{dashboard?.total_evidence || 0}</p>
-                </div>
-                <div className="w-10 h-10 bg-purple-100 rounded-lg flex items-center justify-center">
-                  <svg className="w-5 h-5 text-purple-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M7 21h10a2 2 0 002-2V9.414a1 1 0 00-.293-.707l-5.414-5.414A1 1 0 0012.586 3H7a2 2 0 00-2 2v14a2 2 0 002 2z" />
-                  </svg>
-                </div>
-              </div>
-              <p className="mt-2 text-sm text-slate-500">{dashboard?.evidence_by_status?.valid || 0} aktiv</p>
-            </div>
-
-            <div className="bg-white rounded-xl shadow-sm border p-6">
-              <div className="flex items-center justify-between">
-                <div>
-                  <p className="text-sm text-slate-500">Risiken</p>
-                  <p className="text-2xl font-bold text-slate-900">{dashboard?.total_risks || 0}</p>
-                </div>
-                <div className="w-10 h-10 bg-red-100 rounded-lg flex items-center justify-center">
-                  <svg className="w-5 h-5 text-red-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-                  </svg>
-                </div>
-              </div>
-              <p className="mt-2 text-sm text-slate-500">
-                {(dashboard?.risks_by_level?.high || 0) + (dashboard?.risks_by_level?.critical || 0)} kritisch
-              </p>
-            </div>
-          </div>
-
-          {/* Control-Mappings & Findings Row */}
-          <div className="grid grid-cols-1 lg:grid-cols-2 gap-4">
-            <div className="bg-white rounded-xl shadow-sm border p-6">
-              <div className="flex items-center justify-between mb-4">
-                <h3 className="text-lg font-semibold text-slate-900">Control-Mappings</h3>
-                <Link href="/sdk/controls" className="text-sm text-purple-600 hover:text-purple-700">
-                  Alle anzeigen →
-                </Link>
-              </div>
-              <div className="flex items-center gap-6 mb-4">
-                <div>
-                  <p className="text-4xl font-bold text-purple-600">{mappings?.total || 474}</p>
-                  <p className="text-sm text-slate-500">Mappings gesamt</p>
-                </div>
-                <div className="flex-1 h-16 bg-slate-50 rounded-lg p-3">
-                  <p className="text-xs text-slate-500 mb-1">Nach Verordnung</p>
-                  <div className="flex gap-1 flex-wrap">
-                    {mappings?.by_regulation && Object.entries(mappings.by_regulation).slice(0, 5).map(([reg, count]) => (
-                      <span key={reg} className="px-2 py-0.5 bg-purple-100 text-purple-700 rounded text-xs">
-                        {reg}: {count}
-                      </span>
-                    ))}
-                    {!mappings?.by_regulation && (
-                      <>
-                        <span className="px-2 py-0.5 bg-purple-100 text-purple-700 rounded text-xs">GDPR: 180</span>
-                        <span className="px-2 py-0.5 bg-blue-100 text-blue-700 rounded text-xs">AI Act: 95</span>
-                        <span className="px-2 py-0.5 bg-green-100 text-green-700 rounded text-xs">BSI: 120</span>
-                        <span className="px-2 py-0.5 bg-orange-100 text-orange-700 rounded text-xs">CRA: 79</span>
-                      </>
-                    )}
-                  </div>
-                </div>
-              </div>
-              <p className="text-sm text-slate-600">
-                Automatisch generierte Verknuepfungen zwischen {dashboard?.total_controls || 44} Controls
-                und {dashboard?.total_requirements || 558} Anforderungen aus {dashboard?.total_regulations || 19} Verordnungen.
-              </p>
-            </div>
-
-            <div className="bg-white rounded-xl shadow-sm border p-6">
-              <div className="flex items-center justify-between mb-4">
-                <h3 className="text-lg font-semibold text-slate-900">Audit Findings</h3>
-                <Link href="/sdk/audit-checklist" className="text-sm text-purple-600 hover:text-purple-700">
-                  Audit Checkliste →
-                </Link>
-              </div>
-              <div className="grid grid-cols-2 gap-4 mb-4">
-                <div className="p-4 bg-red-50 border border-red-200 rounded-lg">
-                  <div className="flex items-center gap-2 mb-1">
-                    <div className="w-3 h-3 bg-red-500 rounded-full" />
-                    <span className="text-sm font-medium text-red-800">Hauptabweichungen</span>
-                  </div>
-                  <p className="text-3xl font-bold text-red-600">{findings?.open_majors || 0}</p>
-                  <p className="text-xs text-red-600">offen (blockiert Zertifizierung)</p>
-                </div>
-                <div className="p-4 bg-yellow-50 border border-yellow-200 rounded-lg">
-                  <div className="flex items-center gap-2 mb-1">
-                    <div className="w-3 h-3 bg-yellow-500 rounded-full" />
-                    <span className="text-sm font-medium text-yellow-800">Nebenabweichungen</span>
-                  </div>
-                  <p className="text-3xl font-bold text-yellow-600">{findings?.open_minors || 0}</p>
-                  <p className="text-xs text-yellow-600">offen (erfordert CAPA)</p>
-                </div>
-              </div>
-              <div className="flex items-center justify-between text-sm">
-                <span className="text-slate-500">
-                  Gesamt: {findings?.total || 0} Findings ({findings?.major_count || 0} Major, {findings?.minor_count || 0} Minor, {findings?.ofi_count || 0} OFI)
-                </span>
-                {(findings?.open_majors || 0) === 0 ? (
-                  <span className="px-2 py-1 bg-green-100 text-green-700 rounded-full text-xs font-medium">
-                    Zertifizierung moeglich
-                  </span>
-                ) : (
-                  <span className="px-2 py-1 bg-red-100 text-red-700 rounded-full text-xs font-medium">
-                    Zertifizierung blockiert
-                  </span>
-                )}
-              </div>
-            </div>
-          </div>
-
-          {/* Domain Chart */}
-          <div className="bg-white rounded-xl shadow-sm border p-6">
-            <h3 className="text-lg font-semibold text-slate-900 mb-4">Controls nach Domain</h3>
-            <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
-              {Object.entries(dashboard?.controls_by_domain || {}).map(([domain, stats]) => {
-                const total = stats.total || 0
-                const pass = stats.pass || 0
-                const partial = stats.partial || 0
-                const passPercent = total > 0 ? ((pass + partial * 0.5) / total) * 100 : 0
-
-                return (
-                  <div key={domain} className="p-3 rounded-lg bg-slate-50">
-                    <div className="flex justify-between text-sm mb-1">
-                      <span className="font-medium text-slate-700">
-                        {DOMAIN_LABELS[domain] || domain.toUpperCase()}
-                      </span>
-                      <span className="text-slate-500">
-                        {pass}/{total} ({passPercent.toFixed(0)}%)
-                      </span>
-                    </div>
-                    <div className="h-2 bg-slate-200 rounded-full overflow-hidden flex">
-                      <div className="bg-green-500 h-full" style={{ width: `${(pass / total) * 100}%` }} />
-                      <div className="bg-yellow-500 h-full" style={{ width: `${(partial / total) * 100}%` }} />
-                    </div>
-                  </div>
-                )
-              })}
-            </div>
-          </div>
-
-          {/* Regulations Table */}
-          <div className="bg-white rounded-xl shadow-sm border overflow-hidden">
-            <div className="p-4 border-b flex items-center justify-between">
-              <h3 className="text-lg font-semibold text-slate-900">Verordnungen & Standards ({regulations.length})</h3>
-              <button onClick={loadData} className="text-sm text-purple-600 hover:text-purple-700">
-                Aktualisieren
-              </button>
-            </div>
-            <div className="overflow-x-auto">
-              <table className="w-full">
-                <thead className="bg-slate-50">
-                  <tr>
-                    <th className="px-4 py-3 text-left text-xs font-medium text-slate-500 uppercase">Code</th>
-                    <th className="px-4 py-3 text-left text-xs font-medium text-slate-500 uppercase">Name</th>
-                    <th className="px-4 py-3 text-left text-xs font-medium text-slate-500 uppercase">Typ</th>
-                    <th className="px-4 py-3 text-center text-xs font-medium text-slate-500 uppercase">Anforderungen</th>
-                  </tr>
-                </thead>
-                <tbody className="divide-y divide-slate-200">
-                  {regulations.slice(0, 15).map((reg) => (
-                    <tr key={reg.id} className="hover:bg-slate-50">
-                      <td className="px-4 py-3">
-                        <span className="font-mono font-medium text-purple-600">{reg.code}</span>
-                      </td>
-                      <td className="px-4 py-3">
-                        <p className="font-medium text-slate-900">{reg.name}</p>
-                      </td>
-                      <td className="px-4 py-3">
-                        <span className={`px-2 py-1 text-xs rounded-full ${
-                          reg.regulation_type === 'eu_regulation' ? 'bg-blue-100 text-blue-700' :
-                          reg.regulation_type === 'eu_directive' ? 'bg-purple-100 text-purple-700' :
-                          reg.regulation_type === 'bsi_standard' ? 'bg-green-100 text-green-700' :
-                          'bg-slate-100 text-slate-700'
-                        }`}>
-                          {reg.regulation_type === 'eu_regulation' ? 'EU-VO' :
-                           reg.regulation_type === 'eu_directive' ? 'EU-RL' :
-                           reg.regulation_type === 'bsi_standard' ? 'BSI' :
-                           reg.regulation_type === 'de_law' ? 'DE' : reg.regulation_type}
-                        </span>
-                      </td>
-                      <td className="px-4 py-3 text-center">
-                        <span className="font-medium">{reg.requirement_count}</span>
-                      </td>
-                    </tr>
-                  ))}
-                </tbody>
-              </table>
-            </div>
-          </div>
-        </>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/controls/page.tsx

@@ -1,484 +0,0 @@
-'use client'
-
-import React, { useState, useEffect } from 'react'
-import { useSDK, Control as SDKControl, ControlType, ImplementationStatus, RiskSeverity } from '@/lib/sdk'
-import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-type DisplayControlType = 'preventive' | 'detective' | 'corrective'
-type DisplayCategory = 'technical' | 'organizational' | 'physical'
-type DisplayStatus = 'implemented' | 'partial' | 'planned' | 'not-implemented'
-
-// DisplayControl uses SDK Control properties but adds UI-specific fields
-interface DisplayControl {
-  // From SDKControl
-  id: string
-  name: string
-  description: string
-  type: ControlType
-  category: string
-  implementationStatus: ImplementationStatus
-  evidence: string[]
-  owner: string | null
-  dueDate: Date | null
-  // UI-specific fields
-  code: string
-  displayType: DisplayControlType
-  displayCategory: DisplayCategory
-  displayStatus: DisplayStatus
-  effectivenessPercent: number
-  linkedRequirements: string[]
-  lastReview: Date
-}
-
-// =============================================================================
-// HELPER FUNCTIONS
-// =============================================================================
-
-function mapControlTypeToDisplay(type: ControlType): DisplayCategory {
-  switch (type) {
-    case 'TECHNICAL': return 'technical'
-    case 'ORGANIZATIONAL': return 'organizational'
-    case 'PHYSICAL': return 'physical'
-    default: return 'technical'
-  }
-}
-
-function mapStatusToDisplay(status: ImplementationStatus): DisplayStatus {
-  switch (status) {
-    case 'IMPLEMENTED': return 'implemented'
-    case 'PARTIAL': return 'partial'
-    case 'NOT_IMPLEMENTED': return 'not-implemented'
-    default: return 'not-implemented'
-  }
-}
-
-// =============================================================================
-// CONTROL TEMPLATES
-// =============================================================================
-
-interface ControlTemplate {
-  id: string
-  code: string
-  name: string
-  description: string
-  type: ControlType
-  displayType: DisplayControlType
-  displayCategory: DisplayCategory
-  category: string
-  owner: string
-  linkedRequirements: string[]
-}
-
-const controlTemplates: ControlTemplate[] = [
-  {
-    id: 'ctrl-tom-001',
-    code: 'TOM-001',
-    name: 'Zugriffskontrolle',
-    description: 'Rollenbasierte Zugriffskontrolle (RBAC) fuer alle Systeme',
-    type: 'TECHNICAL',
-    displayType: 'preventive',
-    displayCategory: 'technical',
-    category: 'Zutrittskontrolle',
-    owner: 'IT Security',
-    linkedRequirements: ['req-gdpr-32'],
-  },
-  {
-    id: 'ctrl-tom-002',
-    code: 'TOM-002',
-    name: 'Verschluesselung',
-    description: 'Verschluesselung von Daten at rest und in transit',
-    type: 'TECHNICAL',
-    displayType: 'preventive',
-    displayCategory: 'technical',
-    category: 'Weitergabekontrolle',
-    owner: 'IT Security',
-    linkedRequirements: ['req-gdpr-32'],
-  },
-  {
-    id: 'ctrl-org-001',
-    code: 'ORG-001',
-    name: 'Datenschutzschulung',
-    description: 'Jaehrliche Datenschutzschulung fuer alle Mitarbeiter',
-    type: 'ORGANIZATIONAL',
-    displayType: 'preventive',
-    displayCategory: 'organizational',
-    category: 'Schulung',
-    owner: 'HR',
-    linkedRequirements: ['req-gdpr-6', 'req-gdpr-32'],
-  },
-  {
-    id: 'ctrl-det-001',
-    code: 'DET-001',
-    name: 'Logging und Monitoring',
-    description: 'Umfassendes Logging aller Datenzugriffe',
-    type: 'TECHNICAL',
-    displayType: 'detective',
-    displayCategory: 'technical',
-    category: 'Eingabekontrolle',
-    owner: 'IT Operations',
-    linkedRequirements: ['req-gdpr-32', 'req-nis2-21'],
-  },
-  {
-    id: 'ctrl-cor-001',
-    code: 'COR-001',
-    name: 'Incident Response',
-    description: 'Prozess zur Behandlung von Datenschutzvorfaellen',
-    type: 'ORGANIZATIONAL',
-    displayType: 'corrective',
-    displayCategory: 'organizational',
-    category: 'Incident Management',
-    owner: 'CISO',
-    linkedRequirements: ['req-gdpr-32', 'req-nis2-21'],
-  },
-  {
-    id: 'ctrl-ai-001',
-    code: 'AI-001',
-    name: 'KI-Risikomonitoring',
-    description: 'Kontinuierliche Ueberwachung von KI-Systemrisiken',
-    type: 'TECHNICAL',
-    displayType: 'detective',
-    displayCategory: 'technical',
-    category: 'KI-Governance',
-    owner: 'AI Team',
-    linkedRequirements: ['req-ai-act-9', 'req-ai-act-13'],
-  },
-]
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function ControlCard({
-  control,
-  onStatusChange,
-  onEffectivenessChange,
-}: {
-  control: DisplayControl
-  onStatusChange: (status: ImplementationStatus) => void
-  onEffectivenessChange: (effectivenessPercent: number) => void
-}) {
-  const [showEffectivenessSlider, setShowEffectivenessSlider] = useState(false)
-
-  const typeColors = {
-    preventive: 'bg-blue-100 text-blue-700',
-    detective: 'bg-purple-100 text-purple-700',
-    corrective: 'bg-orange-100 text-orange-700',
-  }
-
-  const categoryColors = {
-    technical: 'bg-green-100 text-green-700',
-    organizational: 'bg-yellow-100 text-yellow-700',
-    physical: 'bg-gray-100 text-gray-700',
-  }
-
-  const statusColors = {
-    implemented: 'border-green-200 bg-green-50',
-    partial: 'border-yellow-200 bg-yellow-50',
-    planned: 'border-blue-200 bg-blue-50',
-    'not-implemented': 'border-red-200 bg-red-50',
-  }
-
-  const statusLabels = {
-    implemented: 'Implementiert',
-    partial: 'Teilweise',
-    planned: 'Geplant',
-    'not-implemented': 'Nicht implementiert',
-  }
-
-  return (
-    <div className={`bg-white rounded-xl border-2 p-6 ${statusColors[control.displayStatus]}`}>
-      <div className="flex items-start justify-between">
-        <div className="flex-1">
-          <div className="flex items-center gap-2 mb-2">
-            <span className="px-2 py-1 text-xs bg-gray-100 text-gray-700 rounded font-mono">
-              {control.code}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${typeColors[control.displayType]}`}>
-              {control.displayType === 'preventive' ? 'Praeventiv' :
-               control.displayType === 'detective' ? 'Detektiv' : 'Korrektiv'}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${categoryColors[control.displayCategory]}`}>
-              {control.displayCategory === 'technical' ? 'Technisch' :
-               control.displayCategory === 'organizational' ? 'Organisatorisch' : 'Physisch'}
-            </span>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">{control.name}</h3>
-          <p className="text-sm text-gray-500 mt-1">{control.description}</p>
-        </div>
-        <select
-          value={control.implementationStatus}
-          onChange={(e) => onStatusChange(e.target.value as ImplementationStatus)}
-          className={`px-3 py-1 text-sm rounded-full border ${statusColors[control.displayStatus]}`}
-        >
-          <option value="NOT_IMPLEMENTED">Nicht implementiert</option>
-          <option value="PARTIAL">Teilweise</option>
-          <option value="IMPLEMENTED">Implementiert</option>
-        </select>
-      </div>
-
-      <div className="mt-4">
-        <div
-          className="flex items-center justify-between text-sm mb-1 cursor-pointer"
-          onClick={() => setShowEffectivenessSlider(!showEffectivenessSlider)}
-        >
-          <span className="text-gray-500">Wirksamkeit</span>
-          <span className="font-medium">{control.effectivenessPercent}%</span>
-        </div>
-        <div className="h-2 bg-gray-200 rounded-full overflow-hidden">
-          <div
-            className={`h-full rounded-full transition-all ${
-              control.effectivenessPercent >= 80 ? 'bg-green-500' :
-              control.effectivenessPercent >= 50 ? 'bg-yellow-500' : 'bg-red-500'
-            }`}
-            style={{ width: `${control.effectivenessPercent}%` }}
-          />
-        </div>
-        {showEffectivenessSlider && (
-          <div className="mt-2">
-            <input
-              type="range"
-              min={0}
-              max={100}
-              value={control.effectivenessPercent}
-              onChange={(e) => onEffectivenessChange(Number(e.target.value))}
-              className="w-full"
-            />
-          </div>
-        )}
-      </div>
-
-      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between text-sm">
-        <div className="text-gray-500">
-          <span>Verantwortlich: </span>
-          <span className="font-medium text-gray-700">{control.owner || 'Nicht zugewiesen'}</span>
-        </div>
-        <div className="text-gray-500">
-          Letzte Pruefung: {control.lastReview.toLocaleDateString('de-DE')}
-        </div>
-      </div>
-
-      <div className="mt-3 flex items-center justify-between">
-        <div className="flex items-center gap-1 flex-wrap">
-          {control.linkedRequirements.slice(0, 3).map(req => (
-            <span key={req} className="px-2 py-0.5 text-xs bg-gray-100 text-gray-600 rounded">
-              {req}
-            </span>
-          ))}
-          {control.linkedRequirements.length > 3 && (
-            <span className="px-2 py-0.5 text-xs bg-gray-100 text-gray-600 rounded">
-              +{control.linkedRequirements.length - 3}
-            </span>
-          )}
-        </div>
-        <span className={`px-3 py-1 text-xs rounded-full ${
-          control.displayStatus === 'implemented' ? 'bg-green-100 text-green-700' :
-          control.displayStatus === 'partial' ? 'bg-yellow-100 text-yellow-700' :
-          control.displayStatus === 'planned' ? 'bg-blue-100 text-blue-700' : 'bg-red-100 text-red-700'
-        }`}>
-          {statusLabels[control.displayStatus]}
-        </span>
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-export default function ControlsPage() {
-  const { state, dispatch } = useSDK()
-  const [filter, setFilter] = useState<string>('all')
-
-  // Track effectiveness locally as it's not in the SDK state type
-  const [effectivenessMap, setEffectivenessMap] = useState<Record<string, number>>({})
-
-  // Load controls based on requirements when requirements exist
-  useEffect(() => {
-    if (state.requirements.length > 0 && state.controls.length === 0) {
-      // Add relevant controls based on requirements
-      const relevantControls = controlTemplates.filter(c =>
-        c.linkedRequirements.some(reqId => state.requirements.some(r => r.id === reqId))
-      )
-
-      relevantControls.forEach(ctrl => {
-        const sdkControl: SDKControl = {
-          id: ctrl.id,
-          name: ctrl.name,
-          description: ctrl.description,
-          type: ctrl.type,
-          category: ctrl.category,
-          implementationStatus: 'NOT_IMPLEMENTED',
-          effectiveness: 'LOW',
-          evidence: [],
-          owner: ctrl.owner,
-          dueDate: null,
-        }
-        dispatch({ type: 'ADD_CONTROL', payload: sdkControl })
-      })
-    }
-  }, [state.requirements, state.controls.length, dispatch])
-
-  // Convert SDK controls to display controls
-  const displayControls: DisplayControl[] = state.controls.map(ctrl => {
-    const template = controlTemplates.find(t => t.id === ctrl.id)
-    const effectivenessPercent = effectivenessMap[ctrl.id] ??
-      (ctrl.implementationStatus === 'IMPLEMENTED' ? 85 :
-       ctrl.implementationStatus === 'PARTIAL' ? 50 : 0)
-
-    return {
-      id: ctrl.id,
-      name: ctrl.name,
-      description: ctrl.description,
-      type: ctrl.type,
-      category: ctrl.category,
-      implementationStatus: ctrl.implementationStatus,
-      evidence: ctrl.evidence,
-      owner: ctrl.owner,
-      dueDate: ctrl.dueDate,
-      code: template?.code || ctrl.id,
-      displayType: template?.displayType || 'preventive',
-      displayCategory: mapControlTypeToDisplay(ctrl.type),
-      displayStatus: mapStatusToDisplay(ctrl.implementationStatus),
-      effectivenessPercent,
-      linkedRequirements: template?.linkedRequirements || [],
-      lastReview: new Date(),
-    }
-  })
-
-  const filteredControls = filter === 'all'
-    ? displayControls
-    : displayControls.filter(c =>
-        c.displayStatus === filter ||
-        c.displayType === filter ||
-        c.displayCategory === filter
-      )
-
-  const implementedCount = displayControls.filter(c => c.displayStatus === 'implemented').length
-  const avgEffectiveness = displayControls.length > 0
-    ? Math.round(displayControls.reduce((sum, c) => sum + c.effectivenessPercent, 0) / displayControls.length)
-    : 0
-  const partialCount = displayControls.filter(c => c.displayStatus === 'partial').length
-
-  const handleStatusChange = (controlId: string, status: ImplementationStatus) => {
-    dispatch({
-      type: 'UPDATE_CONTROL',
-      payload: { id: controlId, data: { implementationStatus: status } },
-    })
-  }
-
-  const handleEffectivenessChange = (controlId: string, effectiveness: number) => {
-    setEffectivenessMap(prev => ({ ...prev, [controlId]: effectiveness }))
-  }
-
-  const stepInfo = STEP_EXPLANATIONS['controls']
-
-  return (
-    <div className="space-y-6">
-      {/* Step Header */}
-      <StepHeader
-        stepId="controls"
-        title={stepInfo.title}
-        description={stepInfo.description}
-        explanation={stepInfo.explanation}
-        tips={stepInfo.tips}
-      >
-        <button className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors">
-          <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-          </svg>
-          Kontrolle hinzufuegen
-        </button>
-      </StepHeader>
-
-      {/* Requirements Alert */}
-      {state.requirements.length === 0 && (
-        <div className="bg-amber-50 border border-amber-200 rounded-xl p-4">
-          <div className="flex items-start gap-3">
-            <svg className="w-5 h-5 text-amber-600 mt-0.5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-            </svg>
-            <div>
-              <h4 className="font-medium text-amber-800">Keine Anforderungen definiert</h4>
-              <p className="text-sm text-amber-700 mt-1">
-                Bitte definieren Sie zuerst Anforderungen, um die zugehoerigen Kontrollen zu laden.
-              </p>
-            </div>
-          </div>
-        </div>
-      )}
-
-      {/* Stats */}
-      <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Gesamt</div>
-          <div className="text-3xl font-bold text-gray-900">{displayControls.length}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-green-200 p-6">
-          <div className="text-sm text-green-600">Implementiert</div>
-          <div className="text-3xl font-bold text-green-600">{implementedCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-purple-200 p-6">
-          <div className="text-sm text-purple-600">Durchschn. Wirksamkeit</div>
-          <div className="text-3xl font-bold text-purple-600">{avgEffectiveness}%</div>
-        </div>
-        <div className="bg-white rounded-xl border border-yellow-200 p-6">
-          <div className="text-sm text-yellow-600">Teilweise</div>
-          <div className="text-3xl font-bold text-yellow-600">{partialCount}</div>
-        </div>
-      </div>
-
-      {/* Filter */}
-      <div className="flex items-center gap-2 flex-wrap">
-        <span className="text-sm text-gray-500">Filter:</span>
-        {['all', 'implemented', 'partial', 'not-implemented', 'technical', 'organizational', 'preventive', 'detective'].map(f => (
-          <button
-            key={f}
-            onClick={() => setFilter(f)}
-            className={`px-3 py-1 text-sm rounded-full transition-colors ${
-              filter === f
-                ? 'bg-purple-600 text-white'
-                : 'bg-gray-100 text-gray-600 hover:bg-gray-200'
-            }`}
-          >
-            {f === 'all' ? 'Alle' :
-             f === 'implemented' ? 'Implementiert' :
-             f === 'partial' ? 'Teilweise' :
-             f === 'not-implemented' ? 'Offen' :
-             f === 'technical' ? 'Technisch' :
-             f === 'organizational' ? 'Organisatorisch' :
-             f === 'preventive' ? 'Praeventiv' : 'Detektiv'}
-          </button>
-        ))}
-      </div>
-
-      {/* Controls List */}
-      <div className="space-y-4">
-        {filteredControls.map(control => (
-          <ControlCard
-            key={control.id}
-            control={control}
-            onStatusChange={(status) => handleStatusChange(control.id, status)}
-            onEffectivenessChange={(effectiveness) => handleEffectivenessChange(control.id, effectiveness)}
-          />
-        ))}
-      </div>
-
-      {filteredControls.length === 0 && state.requirements.length > 0 && (
-        <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-          <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-            <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z" />
-            </svg>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">Keine Kontrollen gefunden</h3>
-          <p className="mt-2 text-gray-500">Passen Sie den Filter an oder fuegen Sie neue Kontrollen hinzu.</p>
-        </div>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/document-generator/page.tsx

@@ -1,793 +0,0 @@
-'use client'
-
-import React, { useState, useEffect, useCallback, useMemo } from 'react'
-import { useSDK } from '@/lib/sdk'
-import { useEinwilligungen } from '@/lib/sdk/einwilligungen/context'
-import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
-import {
-  LegalTemplateResult,
-  TemplateType,
-  Jurisdiction,
-  LicenseType,
-  GeneratedDocument,
-  TEMPLATE_TYPE_LABELS,
-  LICENSE_TYPE_LABELS,
-  JURISDICTION_LABELS,
-  DEFAULT_PLACEHOLDERS,
-} from '@/lib/sdk/types'
-import { DataPointsPreview } from './components/DataPointsPreview'
-import { DocumentValidation } from './components/DocumentValidation'
-import { generateAllPlaceholders } from '@/lib/sdk/document-generator/datapoint-helpers'
-
-// =============================================================================
-// API CLIENT
-// =============================================================================
-
-const KLAUSUR_SERVICE_URL = process.env.NEXT_PUBLIC_KLAUSUR_SERVICE_URL || 'http://localhost:8086'
-
-async function searchTemplates(params: {
-  query: string
-  templateType?: TemplateType
-  licenseTypes?: LicenseType[]
-  language?: 'de' | 'en'
-  jurisdiction?: Jurisdiction
-  limit?: number
-}): Promise<LegalTemplateResult[]> {
-  const response = await fetch(`${KLAUSUR_SERVICE_URL}/api/v1/admin/templates/search`, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({
-      query: params.query,
-      template_type: params.templateType,
-      license_types: params.licenseTypes,
-      language: params.language,
-      jurisdiction: params.jurisdiction,
-      limit: params.limit || 10,
-    }),
-  })
-
-  if (!response.ok) {
-    throw new Error('Search failed')
-  }
-
-  const data = await response.json()
-  return data.map((r: any) => ({
-    id: r.id,
-    score: r.score,
-    text: r.text,
-    documentTitle: r.document_title,
-    templateType: r.template_type,
-    clauseCategory: r.clause_category,
-    language: r.language,
-    jurisdiction: r.jurisdiction,
-    licenseId: r.license_id,
-    licenseName: r.license_name,
-    licenseUrl: r.license_url,
-    attributionRequired: r.attribution_required,
-    attributionText: r.attribution_text,
-    sourceName: r.source_name,
-    sourceUrl: r.source_url,
-    sourceRepo: r.source_repo,
-    placeholders: r.placeholders || [],
-    isCompleteDocument: r.is_complete_document,
-    isModular: r.is_modular,
-    requiresCustomization: r.requires_customization,
-    outputAllowed: r.output_allowed ?? true,
-    modificationAllowed: r.modification_allowed ?? true,
-    distortionProhibited: r.distortion_prohibited ?? false,
-  }))
-}
-
-async function getTemplatesStatus(): Promise<any> {
-  const response = await fetch(`${KLAUSUR_SERVICE_URL}/api/v1/admin/templates/status`)
-  if (!response.ok) return null
-  return response.json()
-}
-
-async function getSources(): Promise<any[]> {
-  const response = await fetch(`${KLAUSUR_SERVICE_URL}/api/v1/admin/templates/sources`)
-  if (!response.ok) return []
-  const data = await response.json()
-  return data.sources || []
-}
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function StatusBadge({ status }: { status: string }) {
-  const colors: Record<string, string> = {
-    ready: 'bg-green-100 text-green-700',
-    empty: 'bg-yellow-100 text-yellow-700',
-    error: 'bg-red-100 text-red-700',
-    running: 'bg-blue-100 text-blue-700',
-  }
-  return (
-    <span className={`px-2 py-1 text-xs rounded-full ${colors[status] || 'bg-gray-100 text-gray-700'}`}>
-      {status}
-    </span>
-  )
-}
-
-function LicenseBadge({ licenseId, small = false }: { licenseId: LicenseType | null; small?: boolean }) {
-  if (!licenseId) return null
-
-  const colors: Record<LicenseType, string> = {
-    public_domain: 'bg-green-100 text-green-700 border-green-200',
-    cc0: 'bg-green-100 text-green-700 border-green-200',
-    unlicense: 'bg-green-100 text-green-700 border-green-200',
-    mit: 'bg-blue-100 text-blue-700 border-blue-200',
-    cc_by_4: 'bg-purple-100 text-purple-700 border-purple-200',
-    reuse_notice: 'bg-orange-100 text-orange-700 border-orange-200',
-  }
-
-  return (
-    <span className={`${small ? 'px-1.5 py-0.5 text-[10px]' : 'px-2 py-1 text-xs'} rounded border ${colors[licenseId]}`}>
-      {LICENSE_TYPE_LABELS[licenseId] || licenseId}
-    </span>
-  )
-}
-
-function TemplateCard({
-  template,
-  selected,
-  onSelect,
-}: {
-  template: LegalTemplateResult
-  selected: boolean
-  onSelect: () => void
-}) {
-  return (
-    <div
-      onClick={onSelect}
-      className={`p-4 rounded-xl border-2 cursor-pointer transition-all ${
-        selected
-          ? 'border-purple-500 bg-purple-50'
-          : 'border-gray-200 hover:border-purple-300 bg-white'
-      }`}
-    >
-      <div className="flex items-start justify-between mb-2">
-        <div className="flex-1">
-          <div className="flex items-center gap-2 flex-wrap">
-            <span className="font-medium text-gray-900">
-              {template.documentTitle || 'Untitled'}
-            </span>
-            <span className="text-xs text-gray-500 bg-gray-100 px-2 py-0.5 rounded">
-              {template.score.toFixed(2)}
-            </span>
-          </div>
-          <div className="flex items-center gap-2 mt-1 flex-wrap">
-            {template.templateType && (
-              <span className="text-xs text-purple-600 bg-purple-100 px-2 py-0.5 rounded">
-                {TEMPLATE_TYPE_LABELS[template.templateType as TemplateType] || template.templateType}
-              </span>
-            )}
-            <LicenseBadge licenseId={template.licenseId as LicenseType} small />
-            <span className="text-xs text-gray-500 uppercase">
-              {template.language}
-            </span>
-          </div>
-        </div>
-        <input
-          type="checkbox"
-          checked={selected}
-          onChange={onSelect}
-          className="w-5 h-5 text-purple-600 rounded border-gray-300"
-        />
-      </div>
-
-      <p className="text-sm text-gray-600 line-clamp-3 mt-2">
-        {template.text}
-      </p>
-
-      {template.attributionRequired && template.attributionText && (
-        <div className="mt-2 text-xs text-orange-600 bg-orange-50 p-2 rounded">
-          Attribution: {template.attributionText}
-        </div>
-      )}
-
-      {template.placeholders && template.placeholders.length > 0 && (
-        <div className="mt-2 flex flex-wrap gap-1">
-          {template.placeholders.slice(0, 5).map((p, i) => (
-            <span key={i} className="text-xs bg-blue-100 text-blue-700 px-1.5 py-0.5 rounded">
-              {p}
-            </span>
-          ))}
-          {template.placeholders.length > 5 && (
-            <span className="text-xs text-gray-500">
-              +{template.placeholders.length - 5} more
-            </span>
-          )}
-        </div>
-      )}
-
-      <div className="mt-3 text-xs text-gray-500">
-        Source: {template.sourceName}
-      </div>
-    </div>
-  )
-}
-
-function PlaceholderEditor({
-  placeholders,
-  values,
-  onChange,
-}: {
-  placeholders: string[]
-  values: Record<string, string>
-  onChange: (key: string, value: string) => void
-}) {
-  if (placeholders.length === 0) return null
-
-  return (
-    <div className="bg-blue-50 rounded-xl p-4 border border-blue-200">
-      <h4 className="font-medium text-blue-900 mb-3">Platzhalter ausfuellen</h4>
-      <div className="grid grid-cols-1 md:grid-cols-2 gap-3">
-        {placeholders.map((placeholder) => (
-          <div key={placeholder}>
-            <label className="block text-sm text-blue-700 mb-1">{placeholder}</label>
-            <input
-              type="text"
-              value={values[placeholder] || ''}
-              onChange={(e) => onChange(placeholder, e.target.value)}
-              placeholder={`Wert fuer ${placeholder}`}
-              className="w-full px-3 py-2 border border-blue-200 rounded-lg text-sm focus:outline-none focus:ring-2 focus:ring-purple-500"
-            />
-          </div>
-        ))}
-      </div>
-    </div>
-  )
-}
-
-function AttributionFooter({ templates }: { templates: LegalTemplateResult[] }) {
-  const attributionTemplates = templates.filter((t) => t.attributionRequired)
-  if (attributionTemplates.length === 0) return null
-
-  return (
-    <div className="bg-gray-50 rounded-xl p-4 border border-gray-200">
-      <h4 className="font-medium text-gray-900 mb-2">Quellenangaben (werden automatisch hinzugefuegt)</h4>
-      <div className="text-sm text-gray-600 space-y-1">
-        <p>Dieses Dokument wurde unter Verwendung folgender Quellen erstellt:</p>
-        <ul className="list-disc list-inside ml-2">
-          {attributionTemplates.map((t, i) => (
-            <li key={i}>
-              {t.attributionText || `${t.sourceName} (${t.licenseName})`}
-            </li>
-          ))}
-        </ul>
-      </div>
-    </div>
-  )
-}
-
-function DocumentPreview({
-  content,
-  placeholders,
-}: {
-  content: string
-  placeholders: Record<string, string>
-}) {
-  // Replace placeholders in content
-  let processedContent = content
-  for (const [key, value] of Object.entries(placeholders)) {
-    if (value) {
-      processedContent = processedContent.replace(new RegExp(key.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'), 'g'), value)
-    }
-  }
-
-  return (
-    <div className="bg-white rounded-xl border border-gray-200 p-6 prose prose-sm max-w-none">
-      <div className="whitespace-pre-wrap">{processedContent}</div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-export default function DocumentGeneratorPage() {
-  const { state } = useSDK()
-  const { selectedDataPointsData } = useEinwilligungen()
-
-  // Status state
-  const [status, setStatus] = useState<any>(null)
-  const [sources, setSources] = useState<any[]>([])
-  const [isLoading, setIsLoading] = useState(true)
-
-  // Search state
-  const [searchQuery, setSearchQuery] = useState('')
-  const [selectedType, setSelectedType] = useState<TemplateType | ''>('')
-  const [selectedLanguage, setSelectedLanguage] = useState<'de' | 'en' | ''>('')
-  const [selectedJurisdiction, setSelectedJurisdiction] = useState<Jurisdiction | ''>('')
-  const [searchResults, setSearchResults] = useState<LegalTemplateResult[]>([])
-  const [isSearching, setIsSearching] = useState(false)
-
-  // Selection state
-  const [selectedTemplates, setSelectedTemplates] = useState<string[]>([])
-
-  // Editor state
-  const [placeholderValues, setPlaceholderValues] = useState<Record<string, string>>({})
-  const [activeTab, setActiveTab] = useState<'search' | 'compose' | 'preview'>('search')
-
-  // Load initial status
-  useEffect(() => {
-    async function loadStatus() {
-      try {
-        const [statusData, sourcesData] = await Promise.all([
-          getTemplatesStatus(),
-          getSources(),
-        ])
-        setStatus(statusData)
-        setSources(sourcesData)
-      } catch (error) {
-        console.error('Failed to load status:', error)
-      } finally {
-        setIsLoading(false)
-      }
-    }
-    loadStatus()
-  }, [])
-
-  // Pre-fill placeholders from company profile
-  useEffect(() => {
-    if (state?.companyProfile) {
-      const profile = state.companyProfile
-      setPlaceholderValues((prev) => ({
-        ...prev,
-        '[COMPANY_NAME]': profile.companyName || '',
-        '[FIRMENNAME]': profile.companyName || '',
-        '[EMAIL]': profile.dpoEmail || '',
-        '[DSB_EMAIL]': profile.dpoEmail || '',
-        '[DPO_NAME]': profile.dpoName || '',
-        '[DSB_NAME]': profile.dpoName || '',
-      }))
-    }
-  }, [state?.companyProfile])
-
-  // Pre-fill placeholders from Einwilligungen data points
-  useEffect(() => {
-    if (selectedDataPointsData && selectedDataPointsData.length > 0) {
-      const einwilligungenPlaceholders = generateAllPlaceholders(selectedDataPointsData, 'de')
-      setPlaceholderValues((prev) => ({
-        ...prev,
-        ...einwilligungenPlaceholders,
-      }))
-    }
-  }, [selectedDataPointsData])
-
-  // Handler for inserting placeholders from DataPointsPreview
-  const handleInsertPlaceholder = useCallback((placeholder: string) => {
-    // This is a simplified version - in a real editor you would insert at cursor position
-    // For now, we just ensure the placeholder is in the values so it can be replaced
-    if (!placeholderValues[placeholder]) {
-      // The placeholder value will be generated from einwilligungen data
-      const einwilligungenPlaceholders = generateAllPlaceholders(selectedDataPointsData || [], 'de')
-      if (einwilligungenPlaceholders[placeholder as keyof typeof einwilligungenPlaceholders]) {
-        setPlaceholderValues((prev) => ({
-          ...prev,
-          [placeholder]: einwilligungenPlaceholders[placeholder as keyof typeof einwilligungenPlaceholders],
-        }))
-      }
-    }
-  }, [placeholderValues, selectedDataPointsData])
-
-  // Search handler
-  const handleSearch = useCallback(async () => {
-    if (!searchQuery.trim()) return
-
-    setIsSearching(true)
-    try {
-      const results = await searchTemplates({
-        query: searchQuery,
-        templateType: selectedType || undefined,
-        language: selectedLanguage || undefined,
-        jurisdiction: selectedJurisdiction || undefined,
-        limit: 20,
-      })
-      setSearchResults(results)
-    } catch (error) {
-      console.error('Search failed:', error)
-    } finally {
-      setIsSearching(false)
-    }
-  }, [searchQuery, selectedType, selectedLanguage, selectedJurisdiction])
-
-  // Toggle template selection
-  const toggleTemplate = (id: string) => {
-    setSelectedTemplates((prev) =>
-      prev.includes(id) ? prev.filter((t) => t !== id) : [...prev, id]
-    )
-  }
-
-  // Get selected template objects
-  const selectedTemplateObjects = searchResults.filter((r) =>
-    selectedTemplates.includes(r.id)
-  )
-
-  // Get all unique placeholders from selected templates
-  const allPlaceholders = Array.from(
-    new Set(selectedTemplateObjects.flatMap((t) => t.placeholders || []))
-  )
-
-  // Combined content from selected templates
-  const combinedContent = selectedTemplateObjects
-    .map((t) => `## ${t.documentTitle || 'Abschnitt'}\n\n${t.text}`)
-    .join('\n\n---\n\n')
-
-  // Step info - using 'consent' as base since document-generator doesn't exist yet
-  const stepInfo = STEP_EXPLANATIONS['consent'] || {
-    title: 'Dokumentengenerator',
-    description: 'Generieren Sie rechtliche Dokumente aus lizenzkonformen Vorlagen',
-    explanation: 'Der Dokumentengenerator nutzt frei lizenzierte Textbausteine um Datenschutzerklaerungen, AGB und andere rechtliche Dokumente zu erstellen.',
-    tips: ['Waehlen Sie passende Vorlagen aus der Suche', 'Fuellen Sie die Platzhalter mit Ihren Unternehmensdaten'],
-  }
-
-  if (isLoading) {
-    return (
-      <div className="flex items-center justify-center h-64">
-        <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-purple-600"></div>
-      </div>
-    )
-  }
-
-  return (
-    <div className="space-y-6">
-      {/* Step Header */}
-      <StepHeader
-        stepId="document-generator"
-        title="Dokumentengenerator"
-        description="Generieren Sie rechtliche Dokumente aus lizenzkonformen Vorlagen"
-        explanation={stepInfo.explanation}
-        tips={stepInfo.tips}
-      >
-        <button
-          onClick={() => setActiveTab('compose')}
-          disabled={selectedTemplates.length === 0}
-          className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
-        >
-          <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z" />
-          </svg>
-          Dokument erstellen ({selectedTemplates.length})
-        </button>
-      </StepHeader>
-
-      {/* Status Overview */}
-      <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Collection Status</div>
-          <div className="flex items-center gap-2 mt-1">
-            <StatusBadge status={status?.stats?.status || 'unknown'} />
-          </div>
-        </div>
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Indexierte Chunks</div>
-          <div className="text-3xl font-bold text-gray-900">
-            {status?.stats?.points_count || 0}
-          </div>
-        </div>
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Aktive Quellen</div>
-          <div className="text-3xl font-bold text-purple-600">
-            {sources.filter((s) => s.enabled).length}
-          </div>
-        </div>
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Ausgewaehlt</div>
-          <div className="text-3xl font-bold text-blue-600">
-            {selectedTemplates.length}
-          </div>
-        </div>
-      </div>
-
-      {/* Tab Navigation */}
-      <div className="flex gap-2 border-b border-gray-200">
-        {(['search', 'compose', 'preview'] as const).map((tab) => (
-          <button
-            key={tab}
-            onClick={() => setActiveTab(tab)}
-            disabled={tab !== 'search' && selectedTemplates.length === 0}
-            className={`px-4 py-2 font-medium transition-colors ${
-              activeTab === tab
-                ? 'text-purple-600 border-b-2 border-purple-600'
-                : 'text-gray-500 hover:text-gray-700 disabled:text-gray-300 disabled:cursor-not-allowed'
-            }`}
-          >
-            {tab === 'search' && 'Vorlagen suchen'}
-            {tab === 'compose' && 'Zusammenstellen'}
-            {tab === 'preview' && 'Vorschau'}
-          </button>
-        ))}
-      </div>
-
-      {/* Search Tab */}
-      {activeTab === 'search' && (
-        <div className="space-y-4">
-          {/* Search Form */}
-          <div className="bg-white rounded-xl border border-gray-200 p-6">
-            <div className="flex gap-4 items-end flex-wrap">
-              <div className="flex-1 min-w-[200px]">
-                <label className="block text-sm font-medium text-gray-700 mb-1">
-                  Suche
-                </label>
-                <input
-                  type="text"
-                  value={searchQuery}
-                  onChange={(e) => setSearchQuery(e.target.value)}
-                  onKeyDown={(e) => e.key === 'Enter' && handleSearch()}
-                  placeholder="z.B. Datenschutzerklaerung, Cookie-Banner, Widerruf..."
-                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-purple-500"
-                />
-              </div>
-              <div>
-                <label className="block text-sm font-medium text-gray-700 mb-1">
-                  Dokumenttyp
-                </label>
-                <select
-                  value={selectedType}
-                  onChange={(e) => setSelectedType(e.target.value as TemplateType | '')}
-                  className="px-4 py-2 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-purple-500"
-                >
-                  <option value="">Alle Typen</option>
-                  {Object.entries(TEMPLATE_TYPE_LABELS).map(([key, label]) => (
-                    <option key={key} value={key}>{label}</option>
-                  ))}
-                </select>
-              </div>
-              <div>
-                <label className="block text-sm font-medium text-gray-700 mb-1">
-                  Sprache
-                </label>
-                <select
-                  value={selectedLanguage}
-                  onChange={(e) => setSelectedLanguage(e.target.value as 'de' | 'en' | '')}
-                  className="px-4 py-2 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-purple-500"
-                >
-                  <option value="">Alle</option>
-                  <option value="de">Deutsch</option>
-                  <option value="en">English</option>
-                </select>
-              </div>
-              <button
-                onClick={handleSearch}
-                disabled={isSearching || !searchQuery.trim()}
-                className="px-6 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors disabled:opacity-50"
-              >
-                {isSearching ? 'Suche...' : 'Suchen'}
-              </button>
-            </div>
-          </div>
-
-          {/* Search Results */}
-          {searchResults.length > 0 && (
-            <div className="space-y-4">
-              <div className="flex items-center justify-between">
-                <h3 className="font-semibold text-gray-900">
-                  {searchResults.length} Ergebnisse
-                </h3>
-                {selectedTemplates.length > 0 && (
-                  <button
-                    onClick={() => setSelectedTemplates([])}
-                    className="text-sm text-gray-500 hover:text-gray-700"
-                  >
-                    Auswahl aufheben
-                  </button>
-                )}
-              </div>
-              <div className="grid grid-cols-1 lg:grid-cols-2 gap-4">
-                {searchResults.map((result) => (
-                  <TemplateCard
-                    key={result.id}
-                    template={result}
-                    selected={selectedTemplates.includes(result.id)}
-                    onSelect={() => toggleTemplate(result.id)}
-                  />
-                ))}
-              </div>
-            </div>
-          )}
-
-          {searchResults.length === 0 && searchQuery && !isSearching && (
-            <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-              <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-                <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M21 21l-6-6m2-5a7 7 0 11-14 0 7 7 0 0114 0z" />
-                </svg>
-              </div>
-              <h3 className="text-lg font-semibold text-gray-900">Keine Vorlagen gefunden</h3>
-              <p className="mt-2 text-gray-500">
-                Versuchen Sie einen anderen Suchbegriff oder aendern Sie die Filter.
-              </p>
-            </div>
-          )}
-
-          {/* Quick Start Templates */}
-          {searchResults.length === 0 && !searchQuery && (
-            <div className="bg-gradient-to-r from-purple-50 to-blue-50 rounded-xl border border-purple-200 p-6">
-              <h3 className="font-semibold text-gray-900 mb-4">Schnellstart - Haeufig benoetigte Dokumente</h3>
-              <div className="grid grid-cols-2 md:grid-cols-4 gap-4">
-                {[
-                  { query: 'Datenschutzerklaerung DSGVO', type: 'privacy_policy', icon: '🔒' },
-                  { query: 'Cookie Banner', type: 'cookie_banner', icon: '🍪' },
-                  { query: 'Impressum', type: 'impressum', icon: '📋' },
-                  { query: 'AGB Nutzungsbedingungen', type: 'terms_of_service', icon: '📜' },
-                ].map((item) => (
-                  <button
-                    key={item.type}
-                    onClick={() => {
-                      setSearchQuery(item.query)
-                      setSelectedType(item.type as TemplateType)
-                      setTimeout(handleSearch, 100)
-                    }}
-                    className="p-4 bg-white rounded-lg border border-gray-200 hover:border-purple-300 hover:shadow transition-all text-center"
-                  >
-                    <span className="text-3xl mb-2 block">{item.icon}</span>
-                    <span className="text-sm font-medium text-gray-900">
-                      {TEMPLATE_TYPE_LABELS[item.type as TemplateType]}
-                    </span>
-                  </button>
-                ))}
-              </div>
-            </div>
-          )}
-        </div>
-      )}
-
-      {/* Compose Tab */}
-      {activeTab === 'compose' && selectedTemplates.length > 0 && (
-        <div className="grid grid-cols-1 lg:grid-cols-3 gap-6">
-          {/* Main Content - 2/3 */}
-          <div className="lg:col-span-2 space-y-6">
-            {/* Selected Templates */}
-            <div className="bg-white rounded-xl border border-gray-200 p-6">
-              <h3 className="font-semibold text-gray-900 mb-4">
-                Ausgewaehlte Bausteine ({selectedTemplates.length})
-              </h3>
-              <div className="space-y-2">
-                {selectedTemplateObjects.map((t, index) => (
-                  <div
-                    key={t.id}
-                    className="flex items-center justify-between p-3 bg-gray-50 rounded-lg"
-                  >
-                    <div className="flex items-center gap-3">
-                      <span className="text-gray-400 font-mono">{index + 1}.</span>
-                      <span className="font-medium">{t.documentTitle}</span>
-                      <LicenseBadge licenseId={t.licenseId as LicenseType} small />
-                    </div>
-                    <button
-                      onClick={() => toggleTemplate(t.id)}
-                      className="text-red-500 hover:text-red-700"
-                    >
-                      <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
-                      </svg>
-                    </button>
-                  </div>
-                ))}
-              </div>
-            </div>
-
-            {/* Placeholder Editor */}
-            <PlaceholderEditor
-              placeholders={allPlaceholders}
-              values={placeholderValues}
-              onChange={(key, value) =>
-                setPlaceholderValues((prev) => ({ ...prev, [key]: value }))
-              }
-            />
-
-            {/* Attribution Footer */}
-            <AttributionFooter templates={selectedTemplateObjects} />
-
-            {/* Actions */}
-            <div className="flex justify-end gap-4">
-              <button
-                onClick={() => setActiveTab('search')}
-                className="px-4 py-2 text-gray-700 bg-gray-100 rounded-lg hover:bg-gray-200 transition-colors"
-              >
-                Zurueck zur Suche
-              </button>
-              <button
-                onClick={() => setActiveTab('preview')}
-                className="px-6 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-              >
-                Vorschau anzeigen
-              </button>
-            </div>
-          </div>
-
-          {/* Sidebar - 1/3: Einwilligungen DataPoints */}
-          <div className="lg:col-span-1">
-            <DataPointsPreview
-              dataPoints={selectedDataPointsData || []}
-              onInsertPlaceholder={handleInsertPlaceholder}
-              language="de"
-            />
-          </div>
-        </div>
-      )}
-
-      {/* Preview Tab */}
-      {activeTab === 'preview' && selectedTemplates.length > 0 && (
-        <div className="space-y-6">
-          <div className="flex items-center justify-between">
-            <h3 className="font-semibold text-gray-900">Dokument-Vorschau</h3>
-            <div className="flex gap-2">
-              <button
-                onClick={() => setActiveTab('compose')}
-                className="px-4 py-2 text-gray-700 bg-gray-100 rounded-lg hover:bg-gray-200 transition-colors"
-              >
-                Bearbeiten
-              </button>
-              <button
-                onClick={() => {
-                  // Copy to clipboard
-                  let content = combinedContent
-                  for (const [key, value] of Object.entries(placeholderValues)) {
-                    if (value) {
-                      content = content.replace(new RegExp(key.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'), 'g'), value)
-                    }
-                  }
-                  navigator.clipboard.writeText(content)
-                }}
-                className="px-4 py-2 text-purple-700 bg-purple-100 rounded-lg hover:bg-purple-200 transition-colors"
-              >
-                Kopieren
-              </button>
-              <button
-                className="px-6 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-              >
-                Als PDF exportieren
-              </button>
-            </div>
-          </div>
-
-          {/* Document Validation based on selected Einwilligungen */}
-          {selectedDataPointsData && selectedDataPointsData.length > 0 && (
-            <DocumentValidation
-              dataPoints={selectedDataPointsData}
-              documentContent={combinedContent}
-              language="de"
-              onInsertPlaceholder={handleInsertPlaceholder}
-            />
-          )}
-
-          <DocumentPreview
-            content={combinedContent}
-            placeholders={placeholderValues}
-          />
-
-          {/* Attribution */}
-          <AttributionFooter templates={selectedTemplateObjects} />
-        </div>
-      )}
-
-      {/* Sources Info */}
-      {activeTab === 'search' && sources.length > 0 && (
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <h3 className="font-semibold text-gray-900 mb-4">Verfuegbare Quellen</h3>
-          <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
-            {sources.filter((s) => s.enabled).slice(0, 6).map((source) => (
-              <div key={source.name} className="p-4 bg-gray-50 rounded-lg">
-                <div className="flex items-center gap-2 mb-2">
-                  <span className="font-medium text-gray-900">{source.name}</span>
-                  <LicenseBadge licenseId={source.license_type as LicenseType} small />
-                </div>
-                <p className="text-sm text-gray-600 line-clamp-2">{source.description}</p>
-                <div className="mt-2 flex flex-wrap gap-1">
-                  {source.template_types.slice(0, 3).map((t: string) => (
-                    <span key={t} className="text-xs bg-purple-100 text-purple-700 px-1.5 py-0.5 rounded">
-                      {TEMPLATE_TYPE_LABELS[t as TemplateType] || t}
-                    </span>
-                  ))}
-                </div>
-              </div>
-            ))}
-          </div>
-        </div>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/dsr/page.tsx

@@ -1,592 +0,0 @@
-'use client'
-
-import React, { useState, useEffect, useMemo } from 'react'
-import Link from 'next/link'
-import { useSDK } from '@/lib/sdk'
-import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
-import {
-  DSRRequest,
-  DSRType,
-  DSRStatus,
-  DSRStatistics,
-  DSR_TYPE_INFO,
-  DSR_STATUS_INFO,
-  getDaysRemaining,
-  isOverdue,
-  isUrgent
-} from '@/lib/sdk/dsr/types'
-import { fetchSDKDSRList } from '@/lib/sdk/dsr/api'
-import { DSRWorkflowStepperCompact } from '@/components/sdk/dsr'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-type TabId = 'overview' | 'intake' | 'processing' | 'completed' | 'settings'
-
-interface Tab {
-  id: TabId
-  label: string
-  count?: number
-  countColor?: string
-}
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function TabNavigation({
-  tabs,
-  activeTab,
-  onTabChange
-}: {
-  tabs: Tab[]
-  activeTab: TabId
-  onTabChange: (tab: TabId) => void
-}) {
-  return (
-    <div className="border-b border-gray-200">
-      <nav className="flex gap-1 -mb-px" aria-label="Tabs">
-        {tabs.map(tab => (
-          <button
-            key={tab.id}
-            onClick={() => onTabChange(tab.id)}
-            className={`
-              px-4 py-3 text-sm font-medium border-b-2 transition-colors
-              ${activeTab === tab.id
-                ? 'border-purple-600 text-purple-600'
-                : 'border-transparent text-gray-500 hover:text-gray-700 hover:border-gray-300'
-              }
-            `}
-          >
-            <span className="flex items-center gap-2">
-              {tab.label}
-              {tab.count !== undefined && tab.count > 0 && (
-                <span className={`
-                  px-2 py-0.5 text-xs rounded-full
-                  ${tab.countColor || 'bg-gray-100 text-gray-600'}
-                `}>
-                  {tab.count}
-                </span>
-              )}
-            </span>
-          </button>
-        ))}
-      </nav>
-    </div>
-  )
-}
-
-function StatCard({
-  label,
-  value,
-  color = 'gray',
-  icon,
-  trend
-}: {
-  label: string
-  value: number | string
-  color?: 'gray' | 'blue' | 'yellow' | 'red' | 'green' | 'purple'
-  icon?: React.ReactNode
-  trend?: { value: number; label: string }
-}) {
-  const colorClasses = {
-    gray: 'border-gray-200 text-gray-900',
-    blue: 'border-blue-200 text-blue-600',
-    yellow: 'border-yellow-200 text-yellow-600',
-    red: 'border-red-200 text-red-600',
-    green: 'border-green-200 text-green-600',
-    purple: 'border-purple-200 text-purple-600'
-  }
-
-  return (
-    <div className={`bg-white rounded-xl border ${colorClasses[color]} p-6`}>
-      <div className="flex items-start justify-between">
-        <div>
-          <div className={`text-sm ${color === 'gray' ? 'text-gray-500' : `text-${color}-600`}`}>
-            {label}
-          </div>
-          <div className={`text-3xl font-bold mt-1 ${colorClasses[color].split(' ')[1]}`}>
-            {value}
-          </div>
-          {trend && (
-            <div className={`text-xs mt-1 ${trend.value >= 0 ? 'text-green-600' : 'text-red-600'}`}>
-              {trend.value >= 0 ? '+' : ''}{trend.value} {trend.label}
-            </div>
-          )}
-        </div>
-        {icon && (
-          <div className={`w-10 h-10 rounded-lg flex items-center justify-center bg-${color}-50`}>
-            {icon}
-          </div>
-        )}
-      </div>
-    </div>
-  )
-}
-
-function RequestCard({ request }: { request: DSRRequest }) {
-  const typeInfo = DSR_TYPE_INFO[request.type]
-  const statusInfo = DSR_STATUS_INFO[request.status]
-  const daysRemaining = getDaysRemaining(request.deadline.currentDeadline)
-  const overdue = isOverdue(request)
-  const urgent = isUrgent(request)
-
-  return (
-    <Link href={`/sdk/dsr/${request.id}`}>
-      <div className={`
-        bg-white rounded-xl border-2 p-6 hover:shadow-md transition-all cursor-pointer
-        ${overdue ? 'border-red-300 hover:border-red-400' :
-          urgent ? 'border-orange-300 hover:border-orange-400' :
-          request.status === 'completed' ? 'border-green-200 hover:border-green-300' :
-          'border-gray-200 hover:border-purple-300'
-        }
-      `}>
-        <div className="flex items-start justify-between">
-          <div className="flex-1 min-w-0">
-            {/* Header Badges */}
-            <div className="flex items-center gap-2 mb-2 flex-wrap">
-              <span className="text-xs text-gray-500 font-mono">
-                {request.referenceNumber}
-              </span>
-              <span className={`px-2 py-1 text-xs rounded-full ${typeInfo.bgColor} ${typeInfo.color}`}>
-                {typeInfo.article} {typeInfo.labelShort}
-              </span>
-              {!request.identityVerification.verified && request.status !== 'completed' && request.status !== 'rejected' && (
-                <span className="px-2 py-1 text-xs bg-yellow-100 text-yellow-700 rounded-full flex items-center gap-1">
-                  <svg className="w-3 h-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-                  </svg>
-                  ID fehlt
-                </span>
-              )}
-            </div>
-
-            {/* Requester Info */}
-            <h3 className="text-lg font-semibold text-gray-900 truncate">
-              {request.requester.name}
-            </h3>
-            <p className="text-sm text-gray-500 truncate">{request.requester.email}</p>
-
-            {/* Workflow Status */}
-            <div className="mt-3">
-              <DSRWorkflowStepperCompact currentStatus={request.status} />
-            </div>
-          </div>
-
-          {/* Right Side - Deadline */}
-          <div className={`text-right ml-4 ${
-            overdue ? 'text-red-600' :
-            urgent ? 'text-orange-600' :
-            'text-gray-500'
-          }`}>
-            <div className="text-sm font-medium">
-              {request.status === 'completed' || request.status === 'rejected' || request.status === 'cancelled'
-                ? statusInfo.label
-                : overdue
-                  ? `${Math.abs(daysRemaining)} Tage ueberfaellig`
-                  : `${daysRemaining} Tage`
-              }
-            </div>
-            <div className="text-xs mt-0.5">
-              {new Date(request.receivedAt).toLocaleDateString('de-DE')}
-            </div>
-          </div>
-        </div>
-
-        {/* Notes Preview */}
-        {request.notes && (
-          <div className="mt-3 p-3 bg-gray-50 rounded-lg text-sm text-gray-600 line-clamp-2">
-            {request.notes}
-          </div>
-        )}
-
-        {/* Footer */}
-        <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between">
-          <div className="text-sm text-gray-500">
-            {request.assignment.assignedTo
-              ? `Zugewiesen: ${request.assignment.assignedTo}`
-              : 'Nicht zugewiesen'
-            }
-          </div>
-          <div className="flex items-center gap-2">
-            {request.status !== 'completed' && request.status !== 'rejected' && request.status !== 'cancelled' && (
-              <>
-                {!request.identityVerification.verified && (
-                  <span className="px-3 py-1 text-sm bg-yellow-50 text-yellow-700 rounded-lg">
-                    ID pruefen
-                  </span>
-                )}
-                <span className="px-3 py-1 text-sm text-purple-600 hover:bg-purple-50 rounded-lg transition-colors">
-                  Bearbeiten
-                </span>
-              </>
-            )}
-            {request.status === 'completed' && (
-              <span className="px-3 py-1 text-sm text-gray-600 hover:bg-gray-100 rounded-lg transition-colors">
-                Details
-              </span>
-            )}
-          </div>
-        </div>
-      </div>
-    </Link>
-  )
-}
-
-function FilterBar({
-  selectedType,
-  selectedStatus,
-  selectedPriority,
-  onTypeChange,
-  onStatusChange,
-  onPriorityChange,
-  onClear
-}: {
-  selectedType: DSRType | 'all'
-  selectedStatus: DSRStatus | 'all'
-  selectedPriority: string
-  onTypeChange: (type: DSRType | 'all') => void
-  onStatusChange: (status: DSRStatus | 'all') => void
-  onPriorityChange: (priority: string) => void
-  onClear: () => void
-}) {
-  const hasFilters = selectedType !== 'all' || selectedStatus !== 'all' || selectedPriority !== 'all'
-
-  return (
-    <div className="flex items-center gap-4 flex-wrap">
-      <span className="text-sm text-gray-500">Filter:</span>
-
-      {/* Type Filter */}
-      <select
-        value={selectedType}
-        onChange={(e) => onTypeChange(e.target.value as DSRType | 'all')}
-        className="px-3 py-1.5 text-sm border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-purple-500"
-      >
-        <option value="all">Alle Typen</option>
-        {Object.entries(DSR_TYPE_INFO).map(([type, info]) => (
-          <option key={type} value={type}>{info.article} - {info.labelShort}</option>
-        ))}
-      </select>
-
-      {/* Status Filter */}
-      <select
-        value={selectedStatus}
-        onChange={(e) => onStatusChange(e.target.value as DSRStatus | 'all')}
-        className="px-3 py-1.5 text-sm border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-purple-500"
-      >
-        <option value="all">Alle Status</option>
-        {Object.entries(DSR_STATUS_INFO).map(([status, info]) => (
-          <option key={status} value={status}>{info.label}</option>
-        ))}
-      </select>
-
-      {/* Priority Filter */}
-      <select
-        value={selectedPriority}
-        onChange={(e) => onPriorityChange(e.target.value)}
-        className="px-3 py-1.5 text-sm border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-purple-500"
-      >
-        <option value="all">Alle Prioritaeten</option>
-        <option value="critical">Kritisch</option>
-        <option value="high">Hoch</option>
-        <option value="normal">Normal</option>
-        <option value="low">Niedrig</option>
-      </select>
-
-      {/* Clear Filters */}
-      {hasFilters && (
-        <button
-          onClick={onClear}
-          className="px-3 py-1.5 text-sm text-gray-500 hover:text-gray-700 hover:bg-gray-100 rounded-lg transition-colors"
-        >
-          Filter zuruecksetzen
-        </button>
-      )}
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-export default function DSRPage() {
-  const { state } = useSDK()
-  const [activeTab, setActiveTab] = useState<TabId>('overview')
-  const [requests, setRequests] = useState<DSRRequest[]>([])
-  const [statistics, setStatistics] = useState<DSRStatistics | null>(null)
-  const [isLoading, setIsLoading] = useState(true)
-
-  // Filters
-  const [selectedType, setSelectedType] = useState<DSRType | 'all'>('all')
-  const [selectedStatus, setSelectedStatus] = useState<DSRStatus | 'all'>('all')
-  const [selectedPriority, setSelectedPriority] = useState<string>('all')
-
-  // Load data from SDK backend
-  useEffect(() => {
-    const loadData = async () => {
-      setIsLoading(true)
-      try {
-        const { requests: dsrRequests, statistics: dsrStats } = await fetchSDKDSRList()
-        setRequests(dsrRequests)
-        setStatistics(dsrStats)
-      } catch (error) {
-        console.error('Failed to load DSR data:', error)
-      } finally {
-        setIsLoading(false)
-      }
-    }
-    loadData()
-  }, [])
-
-  // Calculate tab counts
-  const tabCounts = useMemo(() => {
-    return {
-      intake: requests.filter(r => r.status === 'intake' || r.status === 'identity_verification').length,
-      processing: requests.filter(r => r.status === 'processing').length,
-      completed: requests.filter(r => r.status === 'completed' || r.status === 'rejected' || r.status === 'cancelled').length,
-      overdue: requests.filter(r => isOverdue(r)).length
-    }
-  }, [requests])
-
-  // Filter requests based on active tab and filters
-  const filteredRequests = useMemo(() => {
-    let filtered = [...requests]
-
-    // Tab-based filtering
-    if (activeTab === 'intake') {
-      filtered = filtered.filter(r => r.status === 'intake' || r.status === 'identity_verification')
-    } else if (activeTab === 'processing') {
-      filtered = filtered.filter(r => r.status === 'processing')
-    } else if (activeTab === 'completed') {
-      filtered = filtered.filter(r => r.status === 'completed' || r.status === 'rejected' || r.status === 'cancelled')
-    }
-
-    // Type filter
-    if (selectedType !== 'all') {
-      filtered = filtered.filter(r => r.type === selectedType)
-    }
-
-    // Status filter
-    if (selectedStatus !== 'all') {
-      filtered = filtered.filter(r => r.status === selectedStatus)
-    }
-
-    // Priority filter
-    if (selectedPriority !== 'all') {
-      filtered = filtered.filter(r => r.priority === selectedPriority)
-    }
-
-    // Sort by urgency
-    return filtered.sort((a, b) => {
-      const getUrgency = (r: DSRRequest) => {
-        if (r.status === 'completed' || r.status === 'rejected' || r.status === 'cancelled') return 100
-        const days = getDaysRemaining(r.deadline.currentDeadline)
-        if (days < 0) return -100 + days // Overdue items first
-        return days
-      }
-      return getUrgency(a) - getUrgency(b)
-    })
-  }, [requests, activeTab, selectedType, selectedStatus, selectedPriority])
-
-  const tabs: Tab[] = [
-    { id: 'overview', label: 'Uebersicht' },
-    { id: 'intake', label: 'Eingang', count: tabCounts.intake, countColor: 'bg-blue-100 text-blue-600' },
-    { id: 'processing', label: 'In Bearbeitung', count: tabCounts.processing, countColor: 'bg-yellow-100 text-yellow-600' },
-    { id: 'completed', label: 'Abgeschlossen', count: tabCounts.completed, countColor: 'bg-green-100 text-green-600' },
-    { id: 'settings', label: 'Einstellungen' }
-  ]
-
-  const stepInfo = STEP_EXPLANATIONS['dsr']
-
-  const clearFilters = () => {
-    setSelectedType('all')
-    setSelectedStatus('all')
-    setSelectedPriority('all')
-  }
-
-  return (
-    <div className="space-y-6">
-      {/* Step Header */}
-      <StepHeader
-        stepId="dsr"
-        title={stepInfo.title}
-        description={stepInfo.description}
-        explanation={stepInfo.explanation}
-        tips={stepInfo.tips}
-      >
-        <Link
-          href="/sdk/dsr/new"
-          className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-        >
-          <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-          </svg>
-          Anfrage erfassen
-        </Link>
-      </StepHeader>
-
-      {/* Tab Navigation */}
-      <TabNavigation
-        tabs={tabs}
-        activeTab={activeTab}
-        onTabChange={setActiveTab}
-      />
-
-      {/* Loading State */}
-      {isLoading ? (
-        <div className="flex items-center justify-center py-12">
-          <svg className="animate-spin w-8 h-8 text-purple-600" fill="none" viewBox="0 0 24 24">
-            <circle className="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" strokeWidth="4" />
-            <path className="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z" />
-          </svg>
-        </div>
-      ) : activeTab === 'settings' ? (
-        /* Settings Tab */
-        <div className="bg-white rounded-xl border border-gray-200 p-8 text-center">
-          <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-            <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10.325 4.317c.426-1.756 2.924-1.756 3.35 0a1.724 1.724 0 002.573 1.066c1.543-.94 3.31.826 2.37 2.37a1.724 1.724 0 001.065 2.572c1.756.426 1.756 2.924 0 3.35a1.724 1.724 0 00-1.066 2.573c.94 1.543-.826 3.31-2.37 2.37a1.724 1.724 0 00-2.572 1.065c-.426 1.756-2.924 1.756-3.35 0a1.724 1.724 0 00-2.573-1.066c-1.543.94-3.31-.826-2.37-2.37a1.724 1.724 0 00-1.065-2.572c-1.756-.426-1.756-2.924 0-3.35a1.724 1.724 0 001.066-2.573c-.94-1.543.826-3.31 2.37-2.37.996.608 2.296.07 2.572-1.065z" />
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M15 12a3 3 0 11-6 0 3 3 0 016 0z" />
-            </svg>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">Einstellungen</h3>
-          <p className="mt-2 text-gray-500">
-            DSR-Portal-Einstellungen, E-Mail-Vorlagen und Workflow-Konfiguration
-            werden in einer spaeteren Version verfuegbar sein.
-          </p>
-        </div>
-      ) : (
-        <>
-          {/* Statistics (Overview Tab) */}
-          {activeTab === 'overview' && statistics && (
-            <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-              <StatCard
-                label="Gesamt"
-                value={statistics.total}
-                color="gray"
-              />
-              <StatCard
-                label="Neue Anfragen"
-                value={statistics.byStatus.intake + statistics.byStatus.identity_verification}
-                color="blue"
-              />
-              <StatCard
-                label="In Bearbeitung"
-                value={statistics.byStatus.processing}
-                color="yellow"
-              />
-              <StatCard
-                label="Ueberfaellig"
-                value={tabCounts.overdue}
-                color={tabCounts.overdue > 0 ? 'red' : 'green'}
-              />
-            </div>
-          )}
-
-          {/* Overdue Alert */}
-          {tabCounts.overdue > 0 && (
-            <div className="bg-red-50 border border-red-200 rounded-xl p-4 flex items-center gap-4">
-              <div className="w-10 h-10 bg-red-100 rounded-full flex items-center justify-center flex-shrink-0">
-                <svg className="w-5 h-5 text-red-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-                </svg>
-              </div>
-              <div className="flex-1">
-                <h4 className="font-medium text-red-800">
-                  Achtung: {tabCounts.overdue} ueberfaellige Anfrage(n)
-                </h4>
-                <p className="text-sm text-red-600">
-                  Die gesetzliche Frist ist abgelaufen. Handeln Sie umgehend, um Bussgelder zu vermeiden.
-                </p>
-              </div>
-              <button
-                onClick={() => {
-                  setActiveTab('overview')
-                  setSelectedStatus('all')
-                }}
-                className="px-4 py-2 bg-red-600 text-white rounded-lg hover:bg-red-700 transition-colors text-sm font-medium"
-              >
-                Anzeigen
-              </button>
-            </div>
-          )}
-
-          {/* Info Box (Overview Tab) */}
-          {activeTab === 'overview' && (
-            <div className="bg-blue-50 border border-blue-200 rounded-xl p-4">
-              <div className="flex items-start gap-3">
-                <svg className="w-5 h-5 text-blue-600 mt-0.5 flex-shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
-                </svg>
-                <div>
-                  <h4 className="font-medium text-blue-800">Fristen beachten</h4>
-                  <p className="text-sm text-blue-600 mt-1">
-                    Nach Art. 12 DSGVO muessen Anfragen innerhalb von einem Monat beantwortet werden.
-                    Eine Verlaengerung um zwei weitere Monate ist bei komplexen Anfragen moeglich,
-                    sofern der Betroffene innerhalb eines Monats darueber informiert wird.
-                  </p>
-                </div>
-              </div>
-            </div>
-          )}
-
-          {/* Filters */}
-          <FilterBar
-            selectedType={selectedType}
-            selectedStatus={selectedStatus}
-            selectedPriority={selectedPriority}
-            onTypeChange={setSelectedType}
-            onStatusChange={setSelectedStatus}
-            onPriorityChange={setSelectedPriority}
-            onClear={clearFilters}
-          />
-
-          {/* Requests List */}
-          <div className="space-y-4">
-            {filteredRequests.map(request => (
-              <RequestCard key={request.id} request={request} />
-            ))}
-          </div>
-
-          {/* Empty State */}
-          {filteredRequests.length === 0 && (
-            <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-              <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-                <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2" />
-                </svg>
-              </div>
-              <h3 className="text-lg font-semibold text-gray-900">Keine Anfragen gefunden</h3>
-              <p className="mt-2 text-gray-500">
-                {selectedType !== 'all' || selectedStatus !== 'all' || selectedPriority !== 'all'
-                  ? 'Passen Sie die Filter an oder'
-                  : 'Es sind noch keine Anfragen vorhanden.'
-                }
-              </p>
-              {(selectedType !== 'all' || selectedStatus !== 'all' || selectedPriority !== 'all') ? (
-                <button
-                  onClick={clearFilters}
-                  className="mt-4 px-4 py-2 text-purple-600 hover:bg-purple-50 rounded-lg transition-colors"
-                >
-                  Filter zuruecksetzen
-                </button>
-              ) : (
-                <Link
-                  href="/sdk/dsr/new"
-                  className="mt-4 inline-flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-                >
-                  <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-                  </svg>
-                  Erste Anfrage erfassen
-                </Link>
-              )}
-            </div>
-          )}
-        </>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/escalations/page.tsx

@@ -1,401 +0,0 @@
-'use client'
-
-import React, { useState } from 'react'
-import { useSDK } from '@/lib/sdk'
-import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-interface Escalation {
-  id: string
-  title: string
-  description: string
-  type: 'data-breach' | 'dsr-overdue' | 'audit-finding' | 'compliance-gap' | 'security-incident'
-  severity: 'critical' | 'high' | 'medium' | 'low'
-  status: 'open' | 'in-progress' | 'resolved' | 'escalated'
-  createdAt: Date
-  deadline: Date | null
-  assignedTo: string
-  escalatedTo: string | null
-  relatedItems: string[]
-  actions: EscalationAction[]
-}
-
-interface EscalationAction {
-  id: string
-  action: string
-  performedBy: string
-  performedAt: Date
-}
-
-// =============================================================================
-// MOCK DATA
-// =============================================================================
-
-const mockEscalations: Escalation[] = [
-  {
-    id: 'esc-001',
-    title: 'Potenzielle Datenpanne - Kundendaten',
-    description: 'Unberechtigter Zugriff auf Kundendatenbank festgestellt',
-    type: 'data-breach',
-    severity: 'critical',
-    status: 'escalated',
-    createdAt: new Date('2024-01-22'),
-    deadline: new Date('2024-01-25'),
-    assignedTo: 'IT Security',
-    escalatedTo: 'CISO',
-    relatedItems: ['INC-2024-001'],
-    actions: [
-      { id: 'a1', action: 'Incident erkannt und gemeldet', performedBy: 'SOC Team', performedAt: new Date('2024-01-22T08:00:00') },
-      { id: 'a2', action: 'An CISO eskaliert', performedBy: 'IT Security', performedAt: new Date('2024-01-22T09:30:00') },
-    ],
-  },
-  {
-    id: 'esc-002',
-    title: 'DSR-Anfrage ueberfaellig',
-    description: 'Auskunftsanfrage von Max Mustermann ueberschreitet 30-Tage-Frist',
-    type: 'dsr-overdue',
-    severity: 'high',
-    status: 'in-progress',
-    createdAt: new Date('2024-01-20'),
-    deadline: new Date('2024-01-23'),
-    assignedTo: 'DSB Mueller',
-    escalatedTo: null,
-    relatedItems: ['DSR-001'],
-    actions: [
-      { id: 'a1', action: 'Automatische Eskalation bei Fristueberschreitung', performedBy: 'System', performedAt: new Date('2024-01-20') },
-    ],
-  },
-  {
-    id: 'esc-003',
-    title: 'Kritische Audit-Feststellung',
-    description: 'Fehlende Auftragsverarbeitungsvertraege mit Cloud-Providern',
-    type: 'audit-finding',
-    severity: 'high',
-    status: 'in-progress',
-    createdAt: new Date('2024-01-15'),
-    deadline: new Date('2024-02-15'),
-    assignedTo: 'Rechtsabteilung',
-    escalatedTo: null,
-    relatedItems: ['AUDIT-2024-Q1-003'],
-    actions: [
-      { id: 'a1', action: 'Feststellung dokumentiert', performedBy: 'Auditor', performedAt: new Date('2024-01-15') },
-      { id: 'a2', action: 'An Rechtsabteilung zugewiesen', performedBy: 'DSB Mueller', performedAt: new Date('2024-01-16') },
-    ],
-  },
-  {
-    id: 'esc-004',
-    title: 'AI Act Compliance-Luecke',
-    description: 'Hochrisiko-KI-System ohne Risikomanagementsystem',
-    type: 'compliance-gap',
-    severity: 'high',
-    status: 'open',
-    createdAt: new Date('2024-01-18'),
-    deadline: new Date('2024-03-01'),
-    assignedTo: 'KI-Compliance Team',
-    escalatedTo: null,
-    relatedItems: ['AI-SYS-002'],
-    actions: [],
-  },
-  {
-    id: 'esc-005',
-    title: 'Sicherheitsluecke in Anwendung',
-    description: 'Kritische CVE in verwendeter Bibliothek entdeckt',
-    type: 'security-incident',
-    severity: 'medium',
-    status: 'resolved',
-    createdAt: new Date('2024-01-10'),
-    deadline: new Date('2024-01-17'),
-    assignedTo: 'Entwicklung',
-    escalatedTo: null,
-    relatedItems: ['CVE-2024-12345'],
-    actions: [
-      { id: 'a1', action: 'CVE identifiziert', performedBy: 'Security Scanner', performedAt: new Date('2024-01-10') },
-      { id: 'a2', action: 'Patch entwickelt', performedBy: 'Entwicklung', performedAt: new Date('2024-01-12') },
-      { id: 'a3', action: 'Patch deployed', performedBy: 'DevOps', performedAt: new Date('2024-01-13') },
-      { id: 'a4', action: 'Eskalation geschlossen', performedBy: 'IT Security', performedAt: new Date('2024-01-14') },
-    ],
-  },
-]
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function EscalationCard({ escalation }: { escalation: Escalation }) {
-  const [expanded, setExpanded] = useState(false)
-
-  const typeLabels = {
-    'data-breach': 'Datenpanne',
-    'dsr-overdue': 'DSR ueberfaellig',
-    'audit-finding': 'Audit-Feststellung',
-    'compliance-gap': 'Compliance-Luecke',
-    'security-incident': 'Sicherheitsvorfall',
-  }
-
-  const typeColors = {
-    'data-breach': 'bg-red-100 text-red-700',
-    'dsr-overdue': 'bg-orange-100 text-orange-700',
-    'audit-finding': 'bg-yellow-100 text-yellow-700',
-    'compliance-gap': 'bg-purple-100 text-purple-700',
-    'security-incident': 'bg-blue-100 text-blue-700',
-  }
-
-  const severityColors = {
-    critical: 'bg-red-500 text-white',
-    high: 'bg-orange-500 text-white',
-    medium: 'bg-yellow-500 text-white',
-    low: 'bg-green-500 text-white',
-  }
-
-  const statusColors = {
-    open: 'bg-blue-100 text-blue-700',
-    'in-progress': 'bg-yellow-100 text-yellow-700',
-    resolved: 'bg-green-100 text-green-700',
-    escalated: 'bg-red-100 text-red-700',
-  }
-
-  const statusLabels = {
-    open: 'Offen',
-    'in-progress': 'In Bearbeitung',
-    resolved: 'Geloest',
-    escalated: 'Eskaliert',
-  }
-
-  return (
-    <div className={`bg-white rounded-xl border-2 p-6 ${
-      escalation.severity === 'critical' ? 'border-red-300' :
-      escalation.severity === 'high' ? 'border-orange-300' :
-      escalation.status === 'resolved' ? 'border-green-200' : 'border-gray-200'
-    }`}>
-      <div className="flex items-start justify-between">
-        <div className="flex-1">
-          <div className="flex items-center gap-2 mb-2">
-            <span className={`px-2 py-1 text-xs rounded-full ${severityColors[escalation.severity]}`}>
-              {escalation.severity.toUpperCase()}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${typeColors[escalation.type]}`}>
-              {typeLabels[escalation.type]}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${statusColors[escalation.status]}`}>
-              {statusLabels[escalation.status]}
-            </span>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">{escalation.title}</h3>
-          <p className="text-sm text-gray-500 mt-1">{escalation.description}</p>
-        </div>
-      </div>
-
-      <div className="mt-4 grid grid-cols-2 gap-4 text-sm">
-        <div>
-          <span className="text-gray-500">Zugewiesen: </span>
-          <span className="font-medium text-gray-700">{escalation.assignedTo}</span>
-        </div>
-        {escalation.escalatedTo && (
-          <div>
-            <span className="text-gray-500">Eskaliert an: </span>
-            <span className="font-medium text-red-600">{escalation.escalatedTo}</span>
-          </div>
-        )}
-        {escalation.deadline && (
-          <div>
-            <span className="text-gray-500">Frist: </span>
-            <span className="font-medium text-gray-700">{escalation.deadline.toLocaleDateString('de-DE')}</span>
-          </div>
-        )}
-        <div>
-          <span className="text-gray-500">Erstellt: </span>
-          <span className="font-medium text-gray-700">{escalation.createdAt.toLocaleDateString('de-DE')}</span>
-        </div>
-      </div>
-
-      {escalation.relatedItems.length > 0 && (
-        <div className="mt-3 flex items-center gap-2">
-          <span className="text-sm text-gray-500">Verknuepft:</span>
-          {escalation.relatedItems.map(item => (
-            <span key={item} className="px-2 py-0.5 text-xs bg-gray-100 text-gray-600 rounded font-mono">
-              {item}
-            </span>
-          ))}
-        </div>
-      )}
-
-      {escalation.actions.length > 0 && (
-        <div className="mt-4">
-          <button
-            onClick={() => setExpanded(!expanded)}
-            className="text-sm text-purple-600 hover:text-purple-700 flex items-center gap-1"
-          >
-            <span>{expanded ? 'Verlauf ausblenden' : `Verlauf anzeigen (${escalation.actions.length})`}</span>
-            <svg className={`w-4 h-4 transition-transform ${expanded ? 'rotate-180' : ''}`} fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 9l-7 7-7-7" />
-            </svg>
-          </button>
-          {expanded && (
-            <div className="mt-3 space-y-2">
-              {escalation.actions.map(action => (
-                <div key={action.id} className="flex items-start gap-3 text-sm p-2 bg-gray-50 rounded-lg">
-                  <div className="w-2 h-2 bg-purple-500 rounded-full mt-1.5" />
-                  <div className="flex-1">
-                    <p className="text-gray-700">{action.action}</p>
-                    <p className="text-gray-500 text-xs">
-                      {action.performedBy} - {action.performedAt.toLocaleString('de-DE')}
-                    </p>
-                  </div>
-                </div>
-              ))}
-            </div>
-          )}
-        </div>
-      )}
-
-      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between">
-        <span className="text-xs text-gray-500">{escalation.id}</span>
-        {escalation.status !== 'resolved' && (
-          <div className="flex items-center gap-2">
-            <button className="px-3 py-1 text-sm text-purple-600 hover:bg-purple-50 rounded-lg transition-colors">
-              Aktion hinzufuegen
-            </button>
-            {escalation.status !== 'escalated' && (
-              <button className="px-3 py-1 text-sm text-orange-600 hover:bg-orange-50 rounded-lg transition-colors">
-                Eskalieren
-              </button>
-            )}
-            <button className="px-3 py-1 text-sm bg-green-50 text-green-700 hover:bg-green-100 rounded-lg transition-colors">
-              Loesen
-            </button>
-          </div>
-        )}
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-export default function EscalationsPage() {
-  const { state } = useSDK()
-  const [escalations] = useState<Escalation[]>(mockEscalations)
-  const [filter, setFilter] = useState<string>('all')
-
-  const filteredEscalations = filter === 'all'
-    ? escalations
-    : escalations.filter(e => e.type === filter || e.status === filter || e.severity === filter)
-
-  const openCount = escalations.filter(e => e.status === 'open').length
-  const criticalCount = escalations.filter(e => e.severity === 'critical' && e.status !== 'resolved').length
-  const escalatedCount = escalations.filter(e => e.status === 'escalated').length
-
-  const stepInfo = STEP_EXPLANATIONS['escalations']
-
-  return (
-    <div className="space-y-6">
-      {/* Step Header */}
-      <StepHeader
-        stepId="escalations"
-        title={stepInfo.title}
-        description={stepInfo.description}
-        explanation={stepInfo.explanation}
-        tips={stepInfo.tips}
-      >
-        <button className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors">
-          <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-          </svg>
-          Eskalation erstellen
-        </button>
-      </StepHeader>
-
-      {/* Stats */}
-      <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Gesamt aktiv</div>
-          <div className="text-3xl font-bold text-gray-900">
-            {escalations.filter(e => e.status !== 'resolved').length}
-          </div>
-        </div>
-        <div className="bg-white rounded-xl border border-red-200 p-6">
-          <div className="text-sm text-red-600">Kritisch</div>
-          <div className="text-3xl font-bold text-red-600">{criticalCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-orange-200 p-6">
-          <div className="text-sm text-orange-600">Eskaliert</div>
-          <div className="text-3xl font-bold text-orange-600">{escalatedCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-blue-200 p-6">
-          <div className="text-sm text-blue-600">Offen</div>
-          <div className="text-3xl font-bold text-blue-600">{openCount}</div>
-        </div>
-      </div>
-
-      {/* Critical Alert */}
-      {criticalCount > 0 && (
-        <div className="bg-red-50 border border-red-200 rounded-xl p-4 flex items-center gap-4">
-          <div className="w-10 h-10 bg-red-100 rounded-full flex items-center justify-center">
-            <svg className="w-5 h-5 text-red-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-            </svg>
-          </div>
-          <div>
-            <h4 className="font-medium text-red-800">{criticalCount} kritische Eskalation(en) erfordern sofortige Aufmerksamkeit</h4>
-            <p className="text-sm text-red-600">Priorisieren Sie diese Vorfaelle zur Vermeidung von Schaeden.</p>
-          </div>
-        </div>
-      )}
-
-      {/* Filter */}
-      <div className="flex items-center gap-2 flex-wrap">
-        <span className="text-sm text-gray-500">Filter:</span>
-        {['all', 'open', 'escalated', 'critical', 'data-breach', 'compliance-gap'].map(f => (
-          <button
-            key={f}
-            onClick={() => setFilter(f)}
-            className={`px-3 py-1 text-sm rounded-full transition-colors ${
-              filter === f
-                ? 'bg-purple-600 text-white'
-                : 'bg-gray-100 text-gray-600 hover:bg-gray-200'
-            }`}
-          >
-            {f === 'all' ? 'Alle' :
-             f === 'open' ? 'Offen' :
-             f === 'escalated' ? 'Eskaliert' :
-             f === 'critical' ? 'Kritisch' :
-             f === 'data-breach' ? 'Datenpannen' : 'Compliance-Luecken'}
-          </button>
-        ))}
-      </div>
-
-      {/* Escalations List */}
-      <div className="space-y-4">
-        {filteredEscalations
-          .sort((a, b) => {
-            // Sort by severity and status
-            const severityOrder = { critical: 0, high: 1, medium: 2, low: 3 }
-            const statusOrder = { escalated: 0, open: 1, 'in-progress': 2, resolved: 3 }
-            const severityDiff = severityOrder[a.severity] - severityOrder[b.severity]
-            if (severityDiff !== 0) return severityDiff
-            return statusOrder[a.status] - statusOrder[b.status]
-          })
-          .map(escalation => (
-            <EscalationCard key={escalation.id} escalation={escalation} />
-          ))}
-      </div>
-
-      {filteredEscalations.length === 0 && (
-        <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-          <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-            <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z" />
-            </svg>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">Keine Eskalationen gefunden</h3>
-          <p className="mt-2 text-gray-500">Passen Sie den Filter an.</p>
-        </div>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/evidence/page.tsx

@@ -1,470 +0,0 @@
-'use client'
-
-import React, { useState, useEffect } from 'react'
-import { useSDK, Evidence as SDKEvidence, EvidenceType } from '@/lib/sdk'
-import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-type DisplayEvidenceType = 'document' | 'screenshot' | 'log' | 'audit-report' | 'certificate'
-type DisplayFormat = 'pdf' | 'image' | 'text' | 'json'
-type DisplayStatus = 'valid' | 'expired' | 'pending-review'
-
-interface DisplayEvidence {
-  id: string
-  name: string
-  description: string
-  displayType: DisplayEvidenceType
-  format: DisplayFormat
-  controlId: string
-  linkedRequirements: string[]
-  linkedControls: string[]
-  uploadedBy: string
-  uploadedAt: Date
-  validFrom: Date
-  validUntil: Date | null
-  status: DisplayStatus
-  fileSize: string
-  fileUrl: string | null
-}
-
-// =============================================================================
-// HELPER FUNCTIONS
-// =============================================================================
-
-function mapEvidenceTypeToDisplay(type: EvidenceType): DisplayEvidenceType {
-  switch (type) {
-    case 'DOCUMENT': return 'document'
-    case 'SCREENSHOT': return 'screenshot'
-    case 'LOG': return 'log'
-    case 'CERTIFICATE': return 'certificate'
-    case 'AUDIT_REPORT': return 'audit-report'
-    default: return 'document'
-  }
-}
-
-function mapDisplayTypeToEvidence(type: DisplayEvidenceType): EvidenceType {
-  switch (type) {
-    case 'document': return 'DOCUMENT'
-    case 'screenshot': return 'SCREENSHOT'
-    case 'log': return 'LOG'
-    case 'certificate': return 'CERTIFICATE'
-    case 'audit-report': return 'AUDIT_REPORT'
-    default: return 'DOCUMENT'
-  }
-}
-
-function getEvidenceStatus(validUntil: Date | null): DisplayStatus {
-  if (!validUntil) return 'pending-review'
-  const now = new Date()
-  if (validUntil < now) return 'expired'
-  return 'valid'
-}
-
-// =============================================================================
-// EVIDENCE TEMPLATES
-// =============================================================================
-
-interface EvidenceTemplate {
-  id: string
-  name: string
-  description: string
-  type: EvidenceType
-  displayType: DisplayEvidenceType
-  format: DisplayFormat
-  controlId: string
-  linkedRequirements: string[]
-  linkedControls: string[]
-  uploadedBy: string
-  validityDays: number
-  fileSize: string
-}
-
-const evidenceTemplates: EvidenceTemplate[] = [
-  {
-    id: 'ev-dse-001',
-    name: 'Datenschutzerklaerung v2.3',
-    description: 'Aktuelle Datenschutzerklaerung fuer Website und App',
-    type: 'DOCUMENT',
-    displayType: 'document',
-    format: 'pdf',
-    controlId: 'ctrl-org-001',
-    linkedRequirements: ['req-gdpr-13', 'req-gdpr-14'],
-    linkedControls: ['ctrl-org-001'],
-    uploadedBy: 'DSB',
-    validityDays: 365,
-    fileSize: '245 KB',
-  },
-  {
-    id: 'ev-pentest-001',
-    name: 'Penetrationstest Report Q4/2024',
-    description: 'Externer Penetrationstest durch Security-Partner',
-    type: 'AUDIT_REPORT',
-    displayType: 'audit-report',
-    format: 'pdf',
-    controlId: 'ctrl-tom-001',
-    linkedRequirements: ['req-gdpr-32', 'req-iso-a12'],
-    linkedControls: ['ctrl-tom-001', 'ctrl-tom-002', 'ctrl-det-001'],
-    uploadedBy: 'IT Security Team',
-    validityDays: 365,
-    fileSize: '2.1 MB',
-  },
-  {
-    id: 'ev-iso-cert',
-    name: 'ISO 27001 Zertifikat',
-    description: 'Zertifizierung des ISMS',
-    type: 'CERTIFICATE',
-    displayType: 'certificate',
-    format: 'pdf',
-    controlId: 'ctrl-tom-001',
-    linkedRequirements: ['req-iso-4.1', 'req-iso-5.1'],
-    linkedControls: [],
-    uploadedBy: 'QM Abteilung',
-    validityDays: 365,
-    fileSize: '156 KB',
-  },
-  {
-    id: 'ev-schulung-001',
-    name: 'Schulungsnachweis Datenschutz 2024',
-    description: 'Teilnehmerliste und Schulungsinhalt',
-    type: 'DOCUMENT',
-    displayType: 'document',
-    format: 'pdf',
-    controlId: 'ctrl-org-001',
-    linkedRequirements: ['req-gdpr-39'],
-    linkedControls: ['ctrl-org-001'],
-    uploadedBy: 'HR Team',
-    validityDays: 365,
-    fileSize: '890 KB',
-  },
-  {
-    id: 'ev-rbac-001',
-    name: 'Access Control Screenshot',
-    description: 'Nachweis der RBAC-Konfiguration',
-    type: 'SCREENSHOT',
-    displayType: 'screenshot',
-    format: 'image',
-    controlId: 'ctrl-tom-001',
-    linkedRequirements: ['req-gdpr-32'],
-    linkedControls: ['ctrl-tom-001'],
-    uploadedBy: 'Admin',
-    validityDays: 0,
-    fileSize: '1.2 MB',
-  },
-  {
-    id: 'ev-log-001',
-    name: 'Audit Log Export',
-    description: 'Monatlicher Audit-Log Export',
-    type: 'LOG',
-    displayType: 'log',
-    format: 'json',
-    controlId: 'ctrl-det-001',
-    linkedRequirements: ['req-gdpr-32'],
-    linkedControls: ['ctrl-det-001'],
-    uploadedBy: 'System',
-    validityDays: 90,
-    fileSize: '4.5 MB',
-  },
-]
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function EvidenceCard({ evidence, onDelete }: { evidence: DisplayEvidence; onDelete: () => void }) {
-  const typeIcons = {
-    document: (
-      <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z" />
-      </svg>
-    ),
-    screenshot: (
-      <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M4 16l4.586-4.586a2 2 0 012.828 0L16 16m-2-2l1.586-1.586a2 2 0 012.828 0L20 14m-6-6h.01M6 20h12a2 2 0 002-2V6a2 2 0 00-2-2H6a2 2 0 00-2 2v12a2 2 0 002 2z" />
-      </svg>
-    ),
-    log: (
-      <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-3 7h3m-3 4h3m-6-4h.01M9 16h.01" />
-      </svg>
-    ),
-    'audit-report': (
-      <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 17v-2m3 2v-4m3 4v-6m2 10H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z" />
-      </svg>
-    ),
-    certificate: (
-      <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4M7.835 4.697a3.42 3.42 0 001.946-.806 3.42 3.42 0 014.438 0 3.42 3.42 0 001.946.806 3.42 3.42 0 013.138 3.138 3.42 3.42 0 00.806 1.946 3.42 3.42 0 010 4.438 3.42 3.42 0 00-.806 1.946 3.42 3.42 0 01-3.138 3.138 3.42 3.42 0 00-1.946.806 3.42 3.42 0 01-4.438 0 3.42 3.42 0 00-1.946-.806 3.42 3.42 0 01-3.138-3.138 3.42 3.42 0 00-.806-1.946 3.42 3.42 0 010-4.438 3.42 3.42 0 00.806-1.946 3.42 3.42 0 013.138-3.138z" />
-      </svg>
-    ),
-  }
-
-  const statusColors = {
-    valid: 'bg-green-100 text-green-700 border-green-200',
-    expired: 'bg-red-100 text-red-700 border-red-200',
-    'pending-review': 'bg-yellow-100 text-yellow-700 border-yellow-200',
-  }
-
-  const statusLabels = {
-    valid: 'Gueltig',
-    expired: 'Abgelaufen',
-    'pending-review': 'Pruefung ausstehend',
-  }
-
-  return (
-    <div className={`bg-white rounded-xl border-2 p-6 ${
-      evidence.status === 'expired' ? 'border-red-200' :
-      evidence.status === 'pending-review' ? 'border-yellow-200' : 'border-gray-200'
-    }`}>
-      <div className="flex items-start gap-4">
-        <div className={`w-12 h-12 rounded-lg flex items-center justify-center ${
-          evidence.displayType === 'certificate' ? 'bg-yellow-100 text-yellow-600' :
-          evidence.displayType === 'audit-report' ? 'bg-purple-100 text-purple-600' :
-          evidence.displayType === 'screenshot' ? 'bg-blue-100 text-blue-600' :
-          evidence.displayType === 'log' ? 'bg-green-100 text-green-600' :
-          'bg-gray-100 text-gray-600'
-        }`}>
-          {typeIcons[evidence.displayType]}
-        </div>
-        <div className="flex-1">
-          <div className="flex items-center justify-between">
-            <h3 className="text-lg font-semibold text-gray-900">{evidence.name}</h3>
-            <span className={`px-3 py-1 text-xs rounded-full ${statusColors[evidence.status]}`}>
-              {statusLabels[evidence.status]}
-            </span>
-          </div>
-          <p className="text-sm text-gray-500 mt-1">{evidence.description}</p>
-
-          <div className="mt-3 flex items-center gap-4 text-sm text-gray-500">
-            <span>Hochgeladen: {evidence.uploadedAt.toLocaleDateString('de-DE')}</span>
-            {evidence.validUntil && (
-              <span className={evidence.status === 'expired' ? 'text-red-600' : ''}>
-                Gueltig bis: {evidence.validUntil.toLocaleDateString('de-DE')}
-              </span>
-            )}
-            <span>{evidence.fileSize}</span>
-          </div>
-
-          <div className="mt-3 flex items-center gap-2 flex-wrap">
-            {evidence.linkedRequirements.map(req => (
-              <span key={req} className="px-2 py-0.5 text-xs bg-blue-50 text-blue-600 rounded">
-                {req}
-              </span>
-            ))}
-            {evidence.linkedControls.map(ctrl => (
-              <span key={ctrl} className="px-2 py-0.5 text-xs bg-green-50 text-green-600 rounded">
-                {ctrl}
-              </span>
-            ))}
-          </div>
-        </div>
-      </div>
-
-      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between">
-        <span className="text-sm text-gray-500">Hochgeladen von: {evidence.uploadedBy}</span>
-        <div className="flex items-center gap-2">
-          <button className="px-3 py-1 text-sm text-gray-600 hover:bg-gray-100 rounded-lg transition-colors">
-            Anzeigen
-          </button>
-          <button className="px-3 py-1 text-sm text-purple-600 hover:bg-purple-50 rounded-lg transition-colors">
-            Herunterladen
-          </button>
-          <button
-            onClick={onDelete}
-            className="px-3 py-1 text-sm text-red-600 hover:bg-red-50 rounded-lg transition-colors"
-          >
-            Loeschen
-          </button>
-        </div>
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-export default function EvidencePage() {
-  const { state, dispatch } = useSDK()
-  const [filter, setFilter] = useState<string>('all')
-
-  // Load evidence based on controls when controls exist
-  useEffect(() => {
-    if (state.controls.length > 0 && state.evidence.length === 0) {
-      // Add relevant evidence based on controls
-      const relevantEvidence = evidenceTemplates.filter(e =>
-        state.controls.some(c => c.id === e.controlId || e.linkedControls.includes(c.id))
-      )
-
-      const now = new Date()
-      relevantEvidence.forEach(template => {
-        const validFrom = new Date(now)
-        validFrom.setMonth(validFrom.getMonth() - 1) // Uploaded 1 month ago
-
-        const validUntil = template.validityDays > 0
-          ? new Date(validFrom.getTime() + template.validityDays * 24 * 60 * 60 * 1000)
-          : null
-
-        const sdkEvidence: SDKEvidence = {
-          id: template.id,
-          controlId: template.controlId,
-          type: template.type,
-          name: template.name,
-          description: template.description,
-          fileUrl: null,
-          validFrom,
-          validUntil,
-          uploadedBy: template.uploadedBy,
-          uploadedAt: validFrom,
-        }
-        dispatch({ type: 'ADD_EVIDENCE', payload: sdkEvidence })
-      })
-    }
-  }, [state.controls, state.evidence.length, dispatch])
-
-  // Convert SDK evidence to display evidence
-  const displayEvidence: DisplayEvidence[] = state.evidence.map(ev => {
-    const template = evidenceTemplates.find(t => t.id === ev.id)
-
-    return {
-      id: ev.id,
-      name: ev.name,
-      description: ev.description,
-      displayType: mapEvidenceTypeToDisplay(ev.type),
-      format: template?.format || 'pdf',
-      controlId: ev.controlId,
-      linkedRequirements: template?.linkedRequirements || [],
-      linkedControls: template?.linkedControls || [ev.controlId],
-      uploadedBy: ev.uploadedBy,
-      uploadedAt: ev.uploadedAt,
-      validFrom: ev.validFrom,
-      validUntil: ev.validUntil,
-      status: getEvidenceStatus(ev.validUntil),
-      fileSize: template?.fileSize || 'Unbekannt',
-      fileUrl: ev.fileUrl,
-    }
-  })
-
-  const filteredEvidence = filter === 'all'
-    ? displayEvidence
-    : displayEvidence.filter(e => e.status === filter || e.displayType === filter)
-
-  const validCount = displayEvidence.filter(e => e.status === 'valid').length
-  const expiredCount = displayEvidence.filter(e => e.status === 'expired').length
-  const pendingCount = displayEvidence.filter(e => e.status === 'pending-review').length
-
-  const handleDelete = (evidenceId: string) => {
-    if (confirm('Moechten Sie diesen Nachweis wirklich loeschen?')) {
-      dispatch({ type: 'DELETE_EVIDENCE', payload: evidenceId })
-    }
-  }
-
-  const stepInfo = STEP_EXPLANATIONS['evidence']
-
-  return (
-    <div className="space-y-6">
-      {/* Step Header */}
-      <StepHeader
-        stepId="evidence"
-        title={stepInfo.title}
-        description={stepInfo.description}
-        explanation={stepInfo.explanation}
-        tips={stepInfo.tips}
-      >
-        <button className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors">
-          <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M4 16v1a3 3 0 003 3h10a3 3 0 003-3v-1m-4-8l-4-4m0 0L8 8m4-4v12" />
-          </svg>
-          Nachweis hochladen
-        </button>
-      </StepHeader>
-
-      {/* Controls Alert */}
-      {state.controls.length === 0 && (
-        <div className="bg-amber-50 border border-amber-200 rounded-xl p-4">
-          <div className="flex items-start gap-3">
-            <svg className="w-5 h-5 text-amber-600 mt-0.5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-            </svg>
-            <div>
-              <h4 className="font-medium text-amber-800">Keine Kontrollen definiert</h4>
-              <p className="text-sm text-amber-700 mt-1">
-                Bitte definieren Sie zuerst Kontrollen, um die zugehoerigen Nachweise zu laden.
-              </p>
-            </div>
-          </div>
-        </div>
-      )}
-
-      {/* Stats */}
-      <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Gesamt</div>
-          <div className="text-3xl font-bold text-gray-900">{displayEvidence.length}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-green-200 p-6">
-          <div className="text-sm text-green-600">Gueltig</div>
-          <div className="text-3xl font-bold text-green-600">{validCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-red-200 p-6">
-          <div className="text-sm text-red-600">Abgelaufen</div>
-          <div className="text-3xl font-bold text-red-600">{expiredCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-yellow-200 p-6">
-          <div className="text-sm text-yellow-600">Pruefung ausstehend</div>
-          <div className="text-3xl font-bold text-yellow-600">{pendingCount}</div>
-        </div>
-      </div>
-
-      {/* Filter */}
-      <div className="flex items-center gap-2 flex-wrap">
-        <span className="text-sm text-gray-500">Filter:</span>
-        {['all', 'valid', 'expired', 'pending-review', 'document', 'certificate', 'audit-report'].map(f => (
-          <button
-            key={f}
-            onClick={() => setFilter(f)}
-            className={`px-3 py-1 text-sm rounded-full transition-colors ${
-              filter === f
-                ? 'bg-purple-600 text-white'
-                : 'bg-gray-100 text-gray-600 hover:bg-gray-200'
-            }`}
-          >
-            {f === 'all' ? 'Alle' :
-             f === 'valid' ? 'Gueltig' :
-             f === 'expired' ? 'Abgelaufen' :
-             f === 'pending-review' ? 'Ausstehend' :
-             f === 'document' ? 'Dokumente' :
-             f === 'certificate' ? 'Zertifikate' : 'Audit-Berichte'}
-          </button>
-        ))}
-      </div>
-
-      {/* Evidence List */}
-      <div className="space-y-4">
-        {filteredEvidence.map(ev => (
-          <EvidenceCard
-            key={ev.id}
-            evidence={ev}
-            onDelete={() => handleDelete(ev.id)}
-          />
-        ))}
-      </div>
-
-      {filteredEvidence.length === 0 && state.controls.length > 0 && (
-        <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-          <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-            <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z" />
-            </svg>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">Keine Nachweise gefunden</h3>
-          <p className="mt-2 text-gray-500">Passen Sie den Filter an oder laden Sie neue Nachweise hoch.</p>
-        </div>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/iace/[projectId]/hazards/page.tsx

@@ -1,628 +0,0 @@
-'use client'
-
-import React, { useState, useEffect } from 'react'
-import { useParams } from 'next/navigation'
-
-interface Hazard {
-  id: string
-  name: string
-  description: string
-  component_id: string | null
-  component_name: string | null
-  category: string
-  status: string
-  severity: number
-  exposure: number
-  probability: number
-  r_inherent: number
-  risk_level: string
-  created_at: string
-}
-
-interface LibraryHazard {
-  id: string
-  name: string
-  description: string
-  category: string
-  default_severity: number
-  default_exposure: number
-  default_probability: number
-}
-
-const HAZARD_CATEGORIES = [
-  'mechanical', 'electrical', 'thermal', 'noise', 'vibration',
-  'radiation', 'material', 'ergonomic', 'software', 'ai_specific',
-  'cybersecurity', 'functional_safety', 'environmental',
-]
-
-const CATEGORY_LABELS: Record<string, string> = {
-  mechanical: 'Mechanisch',
-  electrical: 'Elektrisch',
-  thermal: 'Thermisch',
-  noise: 'Laerm',
-  vibration: 'Vibration',
-  radiation: 'Strahlung',
-  material: 'Stoffe/Materialien',
-  ergonomic: 'Ergonomie',
-  software: 'Software',
-  ai_specific: 'KI-spezifisch',
-  cybersecurity: 'Cybersecurity',
-  functional_safety: 'Funktionale Sicherheit',
-  environmental: 'Umgebung',
-}
-
-const STATUS_LABELS: Record<string, string> = {
-  identified: 'Identifiziert',
-  assessed: 'Bewertet',
-  mitigated: 'Gemindert',
-  accepted: 'Akzeptiert',
-  closed: 'Geschlossen',
-}
-
-function getRiskColor(level: string): string {
-  switch (level) {
-    case 'critical': return 'bg-red-100 text-red-700 border-red-200'
-    case 'high': return 'bg-orange-100 text-orange-700 border-orange-200'
-    case 'medium': return 'bg-yellow-100 text-yellow-700 border-yellow-200'
-    case 'low': return 'bg-green-100 text-green-700 border-green-200'
-    default: return 'bg-gray-100 text-gray-700 border-gray-200'
-  }
-}
-
-function getRiskLevel(r: number): string {
-  if (r >= 100) return 'critical'
-  if (r >= 50) return 'high'
-  if (r >= 20) return 'medium'
-  return 'low'
-}
-
-function getRiskLevelLabel(level: string): string {
-  switch (level) {
-    case 'critical': return 'Kritisch'
-    case 'high': return 'Hoch'
-    case 'medium': return 'Mittel'
-    case 'low': return 'Niedrig'
-    default: return level
-  }
-}
-
-function RiskBadge({ level }: { level: string }) {
-  return (
-    <span className={`inline-flex items-center px-2 py-0.5 rounded-full text-xs font-medium border ${getRiskColor(level)}`}>
-      {getRiskLevelLabel(level)}
-    </span>
-  )
-}
-
-interface HazardFormData {
-  name: string
-  description: string
-  category: string
-  component_id: string
-  severity: number
-  exposure: number
-  probability: number
-}
-
-function HazardForm({
-  onSubmit,
-  onCancel,
-}: {
-  onSubmit: (data: HazardFormData) => void
-  onCancel: () => void
-}) {
-  const [formData, setFormData] = useState<HazardFormData>({
-    name: '',
-    description: '',
-    category: 'mechanical',
-    component_id: '',
-    severity: 3,
-    exposure: 3,
-    probability: 3,
-  })
-
-  const rInherent = formData.severity * formData.exposure * formData.probability
-  const riskLevel = getRiskLevel(rInherent)
-
-  return (
-    <div className="bg-white dark:bg-gray-800 rounded-xl border border-gray-200 dark:border-gray-700 p-6">
-      <h3 className="text-lg font-semibold text-gray-900 dark:text-white mb-4">Neue Gefaehrdung</h3>
-      <div className="space-y-4">
-        <div className="grid grid-cols-1 md:grid-cols-2 gap-4">
-          <div>
-            <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Bezeichnung *</label>
-            <input
-              type="text"
-              value={formData.name}
-              onChange={(e) => setFormData({ ...formData, name: e.target.value })}
-              placeholder="z.B. Quetschung durch Roboterarm"
-              className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-            />
-          </div>
-          <div>
-            <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Kategorie</label>
-            <select
-              value={formData.category}
-              onChange={(e) => setFormData({ ...formData, category: e.target.value })}
-              className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-            >
-              {HAZARD_CATEGORIES.map((cat) => (
-                <option key={cat} value={cat}>{CATEGORY_LABELS[cat] || cat}</option>
-              ))}
-            </select>
-          </div>
-        </div>
-
-        <div>
-          <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Beschreibung</label>
-          <textarea
-            value={formData.description}
-            onChange={(e) => setFormData({ ...formData, description: e.target.value })}
-            rows={2}
-            placeholder="Detaillierte Beschreibung der Gefaehrdung..."
-            className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-          />
-        </div>
-
-        {/* S/E/P Sliders */}
-        <div className="bg-gray-50 dark:bg-gray-750 rounded-lg p-4">
-          <h4 className="text-sm font-medium text-gray-700 dark:text-gray-300 mb-3">Risikobewertung (S x E x P)</h4>
-          <div className="grid grid-cols-1 md:grid-cols-3 gap-6">
-            <div>
-              <label className="block text-sm text-gray-600 dark:text-gray-400 mb-1">
-                Schwere (S): <span className="font-bold">{formData.severity}</span>
-              </label>
-              <input
-                type="range"
-                min={1}
-                max={5}
-                value={formData.severity}
-                onChange={(e) => setFormData({ ...formData, severity: Number(e.target.value) })}
-                className="w-full accent-purple-600"
-              />
-              <div className="flex justify-between text-xs text-gray-400">
-                <span>Gering</span>
-                <span>Toedlich</span>
-              </div>
-            </div>
-            <div>
-              <label className="block text-sm text-gray-600 dark:text-gray-400 mb-1">
-                Exposition (E): <span className="font-bold">{formData.exposure}</span>
-              </label>
-              <input
-                type="range"
-                min={1}
-                max={5}
-                value={formData.exposure}
-                onChange={(e) => setFormData({ ...formData, exposure: Number(e.target.value) })}
-                className="w-full accent-purple-600"
-              />
-              <div className="flex justify-between text-xs text-gray-400">
-                <span>Selten</span>
-                <span>Staendig</span>
-              </div>
-            </div>
-            <div>
-              <label className="block text-sm text-gray-600 dark:text-gray-400 mb-1">
-                Wahrscheinlichkeit (P): <span className="font-bold">{formData.probability}</span>
-              </label>
-              <input
-                type="range"
-                min={1}
-                max={5}
-                value={formData.probability}
-                onChange={(e) => setFormData({ ...formData, probability: Number(e.target.value) })}
-                className="w-full accent-purple-600"
-              />
-              <div className="flex justify-between text-xs text-gray-400">
-                <span>Unwahrscheinlich</span>
-                <span>Sehr wahrscheinlich</span>
-              </div>
-            </div>
-          </div>
-
-          <div className={`mt-4 p-3 rounded-lg border ${getRiskColor(riskLevel)}`}>
-            <div className="flex items-center justify-between">
-              <span className="text-sm font-medium">R_inherent = S x E x P</span>
-              <div className="flex items-center gap-2">
-                <span className="text-lg font-bold">{rInherent}</span>
-                <RiskBadge level={riskLevel} />
-              </div>
-            </div>
-          </div>
-        </div>
-      </div>
-
-      <div className="mt-4 flex items-center gap-3">
-        <button
-          onClick={() => onSubmit(formData)}
-          disabled={!formData.name}
-          className={`px-6 py-2 rounded-lg font-medium transition-colors ${
-            formData.name
-              ? 'bg-purple-600 text-white hover:bg-purple-700'
-              : 'bg-gray-200 text-gray-400 cursor-not-allowed'
-          }`}
-        >
-          Hinzufuegen
-        </button>
-        <button onClick={onCancel} className="px-4 py-2 text-gray-600 hover:bg-gray-100 rounded-lg transition-colors">
-          Abbrechen
-        </button>
-      </div>
-    </div>
-  )
-}
-
-function LibraryModal({
-  library,
-  onAdd,
-  onClose,
-}: {
-  library: LibraryHazard[]
-  onAdd: (item: LibraryHazard) => void
-  onClose: () => void
-}) {
-  const [search, setSearch] = useState('')
-  const [filterCat, setFilterCat] = useState('')
-
-  const filtered = library.filter((h) => {
-    const matchSearch = !search || h.name.toLowerCase().includes(search.toLowerCase()) || h.description.toLowerCase().includes(search.toLowerCase())
-    const matchCat = !filterCat || h.category === filterCat
-    return matchSearch && matchCat
-  })
-
-  return (
-    <div className="fixed inset-0 bg-black/50 flex items-center justify-center z-50 p-4">
-      <div className="bg-white dark:bg-gray-800 rounded-xl w-full max-w-2xl max-h-[80vh] flex flex-col">
-        <div className="p-6 border-b border-gray-200 dark:border-gray-700">
-          <div className="flex items-center justify-between mb-4">
-            <h3 className="text-lg font-semibold text-gray-900 dark:text-white">Gefaehrdungsbibliothek</h3>
-            <button onClick={onClose} className="p-1 text-gray-400 hover:text-gray-600 rounded">
-              <svg className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
-              </svg>
-            </button>
-          </div>
-          <div className="flex gap-3">
-            <input
-              type="text"
-              value={search}
-              onChange={(e) => setSearch(e.target.value)}
-              placeholder="Suchen..."
-              className="flex-1 px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-            />
-            <select
-              value={filterCat}
-              onChange={(e) => setFilterCat(e.target.value)}
-              className="px-3 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-            >
-              <option value="">Alle Kategorien</option>
-              {HAZARD_CATEGORIES.map((cat) => (
-                <option key={cat} value={cat}>{CATEGORY_LABELS[cat] || cat}</option>
-              ))}
-            </select>
-          </div>
-        </div>
-        <div className="flex-1 overflow-auto p-4 space-y-2">
-          {filtered.length > 0 ? (
-            filtered.map((item) => (
-              <div
-                key={item.id}
-                className="flex items-center justify-between p-3 rounded-lg border border-gray-200 dark:border-gray-700 hover:bg-gray-50 dark:hover:bg-gray-750"
-              >
-                <div className="flex-1 min-w-0 mr-3">
-                  <div className="text-sm font-medium text-gray-900 dark:text-white">{item.name}</div>
-                  <div className="text-xs text-gray-500 truncate">{item.description}</div>
-                  <div className="flex items-center gap-2 mt-1">
-                    <span className="text-xs text-gray-400">{CATEGORY_LABELS[item.category] || item.category}</span>
-                    <span className="text-xs text-gray-400">S:{item.default_severity} E:{item.default_exposure} P:{item.default_probability}</span>
-                  </div>
-                </div>
-                <button
-                  onClick={() => onAdd(item)}
-                  className="flex-shrink-0 px-3 py-1.5 text-xs bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-                >
-                  Hinzufuegen
-                </button>
-              </div>
-            ))
-          ) : (
-            <div className="text-center py-8 text-gray-500">Keine Eintraege gefunden</div>
-          )}
-        </div>
-      </div>
-    </div>
-  )
-}
-
-export default function HazardsPage() {
-  const params = useParams()
-  const projectId = params.projectId as string
-  const [hazards, setHazards] = useState<Hazard[]>([])
-  const [library, setLibrary] = useState<LibraryHazard[]>([])
-  const [loading, setLoading] = useState(true)
-  const [showForm, setShowForm] = useState(false)
-  const [showLibrary, setShowLibrary] = useState(false)
-  const [suggestingAI, setSuggestingAI] = useState(false)
-
-  useEffect(() => {
-    fetchHazards()
-  }, [projectId])
-
-  async function fetchHazards() {
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/hazards`)
-      if (res.ok) {
-        const json = await res.json()
-        setHazards(json.hazards || json || [])
-      }
-    } catch (err) {
-      console.error('Failed to fetch hazards:', err)
-    } finally {
-      setLoading(false)
-    }
-  }
-
-  async function fetchLibrary() {
-    try {
-      const res = await fetch('/api/sdk/v1/iace/hazard-library')
-      if (res.ok) {
-        const json = await res.json()
-        setLibrary(json.hazards || json || [])
-      }
-    } catch (err) {
-      console.error('Failed to fetch hazard library:', err)
-    }
-    setShowLibrary(true)
-  }
-
-  async function handleAddFromLibrary(item: LibraryHazard) {
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/hazards`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-          name: item.name,
-          description: item.description,
-          category: item.category,
-          severity: item.default_severity,
-          exposure: item.default_exposure,
-          probability: item.default_probability,
-        }),
-      })
-      if (res.ok) {
-        await fetchHazards()
-      }
-    } catch (err) {
-      console.error('Failed to add from library:', err)
-    }
-  }
-
-  async function handleSubmit(data: HazardFormData) {
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/hazards`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(data),
-      })
-      if (res.ok) {
-        setShowForm(false)
-        await fetchHazards()
-      }
-    } catch (err) {
-      console.error('Failed to add hazard:', err)
-    }
-  }
-
-  async function handleAISuggestions() {
-    setSuggestingAI(true)
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/hazards/suggest`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-      })
-      if (res.ok) {
-        await fetchHazards()
-      }
-    } catch (err) {
-      console.error('Failed to get AI suggestions:', err)
-    } finally {
-      setSuggestingAI(false)
-    }
-  }
-
-  async function handleDelete(id: string) {
-    if (!confirm('Gefaehrdung wirklich loeschen?')) return
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/hazards/${id}`, { method: 'DELETE' })
-      if (res.ok) {
-        await fetchHazards()
-      }
-    } catch (err) {
-      console.error('Failed to delete hazard:', err)
-    }
-  }
-
-  if (loading) {
-    return (
-      <div className="flex items-center justify-center h-64">
-        <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-purple-600" />
-      </div>
-    )
-  }
-
-  return (
-    <div className="space-y-6">
-      {/* Header */}
-      <div className="flex items-start justify-between">
-        <div>
-          <h1 className="text-2xl font-bold text-gray-900 dark:text-white">Hazard Log</h1>
-          <p className="mt-1 text-sm text-gray-500 dark:text-gray-400">
-            Gefaehrdungsanalyse mit Risikobewertung nach S x E x P Methode.
-          </p>
-        </div>
-        <div className="flex items-center gap-2">
-          <button
-            onClick={handleAISuggestions}
-            disabled={suggestingAI}
-            className="flex items-center gap-2 px-3 py-2 border border-purple-300 text-purple-700 rounded-lg hover:bg-purple-50 transition-colors disabled:opacity-50 text-sm"
-          >
-            {suggestingAI ? (
-              <div className="animate-spin rounded-full h-4 w-4 border-b-2 border-purple-600" />
-            ) : (
-              <svg className="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M13 10V3L4 14h7v7l9-11h-7z" />
-              </svg>
-            )}
-            KI-Vorschlaege
-          </button>
-          <button
-            onClick={fetchLibrary}
-            className="flex items-center gap-2 px-3 py-2 border border-gray-300 text-gray-700 rounded-lg hover:bg-gray-50 transition-colors text-sm"
-          >
-            <svg className="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6.253v13m0-13C10.832 5.477 9.246 5 7.5 5S4.168 5.477 3 6.253v13C4.168 18.477 5.754 18 7.5 18s3.332.477 4.5 1.253m0-13C13.168 5.477 14.754 5 16.5 5c1.747 0 3.332.477 4.5 1.253v13C19.832 18.477 18.247 18 16.5 18c-1.746 0-3.332.477-4.5 1.253" />
-            </svg>
-            Aus Bibliothek
-          </button>
-          <button
-            onClick={() => setShowForm(true)}
-            className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors text-sm"
-          >
-            <svg className="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-            </svg>
-            Manuell hinzufuegen
-          </button>
-        </div>
-      </div>
-
-      {/* Stats */}
-      {hazards.length > 0 && (
-        <div className="grid grid-cols-2 md:grid-cols-5 gap-3">
-          <div className="bg-white dark:bg-gray-800 rounded-lg border border-gray-200 dark:border-gray-700 p-4 text-center">
-            <div className="text-2xl font-bold text-gray-900 dark:text-white">{hazards.length}</div>
-            <div className="text-xs text-gray-500">Gesamt</div>
-          </div>
-          <div className="bg-white dark:bg-gray-800 rounded-lg border border-red-200 p-4 text-center">
-            <div className="text-2xl font-bold text-red-600">{hazards.filter((h) => h.risk_level === 'critical').length}</div>
-            <div className="text-xs text-red-600">Kritisch</div>
-          </div>
-          <div className="bg-white dark:bg-gray-800 rounded-lg border border-orange-200 p-4 text-center">
-            <div className="text-2xl font-bold text-orange-600">{hazards.filter((h) => h.risk_level === 'high').length}</div>
-            <div className="text-xs text-orange-600">Hoch</div>
-          </div>
-          <div className="bg-white dark:bg-gray-800 rounded-lg border border-yellow-200 p-4 text-center">
-            <div className="text-2xl font-bold text-yellow-600">{hazards.filter((h) => h.risk_level === 'medium').length}</div>
-            <div className="text-xs text-yellow-600">Mittel</div>
-          </div>
-          <div className="bg-white dark:bg-gray-800 rounded-lg border border-green-200 p-4 text-center">
-            <div className="text-2xl font-bold text-green-600">{hazards.filter((h) => h.risk_level === 'low').length}</div>
-            <div className="text-xs text-green-600">Niedrig</div>
-          </div>
-        </div>
-      )}
-
-      {/* Form */}
-      {showForm && (
-        <HazardForm onSubmit={handleSubmit} onCancel={() => setShowForm(false)} />
-      )}
-
-      {/* Library Modal */}
-      {showLibrary && (
-        <LibraryModal
-          library={library}
-          onAdd={handleAddFromLibrary}
-          onClose={() => setShowLibrary(false)}
-        />
-      )}
-
-      {/* Hazard Table */}
-      {hazards.length > 0 ? (
-        <div className="bg-white dark:bg-gray-800 rounded-xl border border-gray-200 dark:border-gray-700 overflow-hidden">
-          <div className="overflow-x-auto">
-            <table className="w-full">
-              <thead>
-                <tr className="bg-gray-50 dark:bg-gray-750 border-b border-gray-200 dark:border-gray-700">
-                  <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Bezeichnung</th>
-                  <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Kategorie</th>
-                  <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Komponente</th>
-                  <th className="px-4 py-3 text-center text-xs font-medium text-gray-500 uppercase tracking-wider">S</th>
-                  <th className="px-4 py-3 text-center text-xs font-medium text-gray-500 uppercase tracking-wider">E</th>
-                  <th className="px-4 py-3 text-center text-xs font-medium text-gray-500 uppercase tracking-wider">P</th>
-                  <th className="px-4 py-3 text-center text-xs font-medium text-gray-500 uppercase tracking-wider">R</th>
-                  <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Risiko</th>
-                  <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Status</th>
-                  <th className="px-4 py-3 text-right text-xs font-medium text-gray-500 uppercase tracking-wider">Aktionen</th>
-                </tr>
-              </thead>
-              <tbody className="divide-y divide-gray-200 dark:divide-gray-700">
-                {hazards
-                  .sort((a, b) => b.r_inherent - a.r_inherent)
-                  .map((hazard) => (
-                    <tr key={hazard.id} className="hover:bg-gray-50 dark:hover:bg-gray-750 transition-colors">
-                      <td className="px-4 py-3">
-                        <div className="text-sm font-medium text-gray-900 dark:text-white">{hazard.name}</div>
-                        {hazard.description && (
-                          <div className="text-xs text-gray-500 truncate max-w-[250px]">{hazard.description}</div>
-                        )}
-                      </td>
-                      <td className="px-4 py-3 text-sm text-gray-600">{CATEGORY_LABELS[hazard.category] || hazard.category}</td>
-                      <td className="px-4 py-3 text-sm text-gray-600">{hazard.component_name || '--'}</td>
-                      <td className="px-4 py-3 text-sm text-gray-900 dark:text-white text-center font-medium">{hazard.severity}</td>
-                      <td className="px-4 py-3 text-sm text-gray-900 dark:text-white text-center font-medium">{hazard.exposure}</td>
-                      <td className="px-4 py-3 text-sm text-gray-900 dark:text-white text-center font-medium">{hazard.probability}</td>
-                      <td className="px-4 py-3 text-sm text-gray-900 dark:text-white text-center font-bold">{hazard.r_inherent}</td>
-                      <td className="px-4 py-3"><RiskBadge level={hazard.risk_level} /></td>
-                      <td className="px-4 py-3">
-                        <span className="text-xs text-gray-500">{STATUS_LABELS[hazard.status] || hazard.status}</span>
-                      </td>
-                      <td className="px-4 py-3 text-right">
-                        <button
-                          onClick={() => handleDelete(hazard.id)}
-                          className="p-1 text-gray-400 hover:text-red-600 hover:bg-red-50 rounded transition-colors"
-                        >
-                          <svg className="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
-                          </svg>
-                        </button>
-                      </td>
-                    </tr>
-                  ))}
-              </tbody>
-            </table>
-          </div>
-        </div>
-      ) : (
-        !showForm && (
-          <div className="bg-white dark:bg-gray-800 rounded-xl border border-gray-200 dark:border-gray-700 p-12 text-center">
-            <div className="w-16 h-16 mx-auto bg-orange-100 dark:bg-orange-900/30 rounded-full flex items-center justify-center mb-4">
-              <svg className="w-8 h-8 text-orange-600" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-              </svg>
-            </div>
-            <h3 className="text-lg font-semibold text-gray-900 dark:text-white">Kein Hazard Log vorhanden</h3>
-            <p className="mt-2 text-gray-500 max-w-md mx-auto">
-              Beginnen Sie mit der systematischen Erfassung von Gefaehrdungen. Nutzen Sie die Bibliothek
-              oder KI-Vorschlaege als Ausgangspunkt.
-            </p>
-            <div className="mt-6 flex items-center justify-center gap-3">
-              <button
-                onClick={() => setShowForm(true)}
-                className="px-6 py-3 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-              >
-                Manuell hinzufuegen
-              </button>
-              <button
-                onClick={fetchLibrary}
-                className="px-6 py-3 border border-gray-300 text-gray-700 rounded-lg hover:bg-gray-50 transition-colors"
-              >
-                Bibliothek oeffnen
-              </button>
-            </div>
-          </div>
-        )
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/iace/[projectId]/mitigations/page.tsx

@@ -1,413 +0,0 @@
-'use client'
-
-import React, { useState, useEffect } from 'react'
-import { useParams } from 'next/navigation'
-
-interface Mitigation {
-  id: string
-  title: string
-  description: string
-  reduction_type: 'design' | 'protection' | 'information'
-  status: 'planned' | 'implemented' | 'verified'
-  linked_hazard_ids: string[]
-  linked_hazard_names: string[]
-  created_at: string
-  verified_at: string | null
-  verified_by: string | null
-}
-
-interface Hazard {
-  id: string
-  name: string
-  risk_level: string
-}
-
-const REDUCTION_TYPES = {
-  design: {
-    label: 'Design',
-    description: 'Inhaerent sichere Konstruktion',
-    color: 'border-blue-200 bg-blue-50',
-    headerColor: 'bg-blue-100 text-blue-800',
-    icon: (
-      <svg className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M11 4a2 2 0 114 0v1a1 1 0 001 1h3a1 1 0 011 1v3a1 1 0 01-1 1h-1a2 2 0 100 4h1a1 1 0 011 1v3a1 1 0 01-1 1h-3a1 1 0 01-1-1v-1a2 2 0 10-4 0v1a1 1 0 01-1 1H7a1 1 0 01-1-1v-3a1 1 0 00-1-1H4a2 2 0 110-4h1a1 1 0 001-1V7a1 1 0 011-1h3a1 1 0 001-1V4z" />
-      </svg>
-    ),
-  },
-  protection: {
-    label: 'Schutz',
-    description: 'Technische Schutzmassnahmen',
-    color: 'border-green-200 bg-green-50',
-    headerColor: 'bg-green-100 text-green-800',
-    icon: (
-      <svg className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z" />
-      </svg>
-    ),
-  },
-  information: {
-    label: 'Information',
-    description: 'Hinweise und Schulungen',
-    color: 'border-yellow-200 bg-yellow-50',
-    headerColor: 'bg-yellow-100 text-yellow-800',
-    icon: (
-      <svg className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
-      </svg>
-    ),
-  },
-}
-
-function StatusBadge({ status }: { status: string }) {
-  const colors: Record<string, string> = {
-    planned: 'bg-gray-100 text-gray-700',
-    implemented: 'bg-blue-100 text-blue-700',
-    verified: 'bg-green-100 text-green-700',
-  }
-  const labels: Record<string, string> = {
-    planned: 'Geplant',
-    implemented: 'Umgesetzt',
-    verified: 'Verifiziert',
-  }
-  return (
-    <span className={`inline-flex items-center px-2 py-0.5 rounded-full text-xs font-medium ${colors[status] || colors.planned}`}>
-      {labels[status] || status}
-    </span>
-  )
-}
-
-interface MitigationFormData {
-  title: string
-  description: string
-  reduction_type: 'design' | 'protection' | 'information'
-  linked_hazard_ids: string[]
-}
-
-function MitigationForm({
-  onSubmit,
-  onCancel,
-  hazards,
-  preselectedType,
-}: {
-  onSubmit: (data: MitigationFormData) => void
-  onCancel: () => void
-  hazards: Hazard[]
-  preselectedType?: 'design' | 'protection' | 'information'
-}) {
-  const [formData, setFormData] = useState<MitigationFormData>({
-    title: '',
-    description: '',
-    reduction_type: preselectedType || 'design',
-    linked_hazard_ids: [],
-  })
-
-  function toggleHazard(id: string) {
-    setFormData((prev) => ({
-      ...prev,
-      linked_hazard_ids: prev.linked_hazard_ids.includes(id)
-        ? prev.linked_hazard_ids.filter((h) => h !== id)
-        : [...prev.linked_hazard_ids, id],
-    }))
-  }
-
-  return (
-    <div className="bg-white dark:bg-gray-800 rounded-xl border border-gray-200 dark:border-gray-700 p-6">
-      <h3 className="text-lg font-semibold text-gray-900 dark:text-white mb-4">Neue Massnahme</h3>
-      <div className="space-y-4">
-        <div className="grid grid-cols-1 md:grid-cols-2 gap-4">
-          <div>
-            <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Titel *</label>
-            <input
-              type="text"
-              value={formData.title}
-              onChange={(e) => setFormData({ ...formData, title: e.target.value })}
-              placeholder="z.B. Lichtvorhang an Gefahrenstelle"
-              className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-            />
-          </div>
-          <div>
-            <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Reduktionstyp</label>
-            <select
-              value={formData.reduction_type}
-              onChange={(e) => setFormData({ ...formData, reduction_type: e.target.value as MitigationFormData['reduction_type'] })}
-              className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-            >
-              <option value="design">Design - Inhaerent sichere Konstruktion</option>
-              <option value="protection">Schutz - Technische Schutzmassnahmen</option>
-              <option value="information">Information - Hinweise und Schulungen</option>
-            </select>
-          </div>
-        </div>
-        <div>
-          <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Beschreibung</label>
-          <textarea
-            value={formData.description}
-            onChange={(e) => setFormData({ ...formData, description: e.target.value })}
-            rows={2}
-            placeholder="Detaillierte Beschreibung der Massnahme..."
-            className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent dark:bg-gray-700 dark:border-gray-600 dark:text-white"
-          />
-        </div>
-        {hazards.length > 0 && (
-          <div>
-            <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">Verknuepfte Gefaehrdungen</label>
-            <div className="flex flex-wrap gap-2">
-              {hazards.map((h) => (
-                <button
-                  key={h.id}
-                  onClick={() => toggleHazard(h.id)}
-                  className={`px-3 py-1.5 text-xs rounded-lg border transition-colors ${
-                    formData.linked_hazard_ids.includes(h.id)
-                      ? 'border-purple-400 bg-purple-50 text-purple-700'
-                      : 'border-gray-200 bg-white text-gray-600 hover:bg-gray-50'
-                  }`}
-                >
-                  {h.name}
-                </button>
-              ))}
-            </div>
-          </div>
-        )}
-      </div>
-      <div className="mt-4 flex items-center gap-3">
-        <button
-          onClick={() => onSubmit(formData)}
-          disabled={!formData.title}
-          className={`px-6 py-2 rounded-lg font-medium transition-colors ${
-            formData.title
-              ? 'bg-purple-600 text-white hover:bg-purple-700'
-              : 'bg-gray-200 text-gray-400 cursor-not-allowed'
-          }`}
-        >
-          Hinzufuegen
-        </button>
-        <button onClick={onCancel} className="px-4 py-2 text-gray-600 hover:bg-gray-100 rounded-lg transition-colors">
-          Abbrechen
-        </button>
-      </div>
-    </div>
-  )
-}
-
-function MitigationCard({
-  mitigation,
-  onVerify,
-  onDelete,
-}: {
-  mitigation: Mitigation
-  onVerify: (id: string) => void
-  onDelete: (id: string) => void
-}) {
-  return (
-    <div className="bg-white dark:bg-gray-800 rounded-lg border border-gray-200 dark:border-gray-700 p-4">
-      <div className="flex items-start justify-between mb-2">
-        <h4 className="text-sm font-medium text-gray-900 dark:text-white">{mitigation.title}</h4>
-        <StatusBadge status={mitigation.status} />
-      </div>
-      {mitigation.description && (
-        <p className="text-xs text-gray-500 mb-3">{mitigation.description}</p>
-      )}
-      {mitigation.linked_hazard_names.length > 0 && (
-        <div className="mb-3">
-          <div className="flex flex-wrap gap-1">
-            {mitigation.linked_hazard_names.map((name, i) => (
-              <span key={i} className="inline-flex items-center px-1.5 py-0.5 rounded text-xs bg-gray-100 text-gray-600 dark:bg-gray-700 dark:text-gray-400">
-                {name}
-              </span>
-            ))}
-          </div>
-        </div>
-      )}
-      <div className="flex items-center gap-2">
-        {mitigation.status !== 'verified' && (
-          <button
-            onClick={() => onVerify(mitigation.id)}
-            className="text-xs px-2.5 py-1 bg-green-50 text-green-700 border border-green-200 rounded-lg hover:bg-green-100 transition-colors"
-          >
-            Verifizieren
-          </button>
-        )}
-        <button
-          onClick={() => onDelete(mitigation.id)}
-          className="text-xs px-2.5 py-1 text-red-600 hover:bg-red-50 rounded-lg transition-colors"
-        >
-          Loeschen
-        </button>
-      </div>
-    </div>
-  )
-}
-
-export default function MitigationsPage() {
-  const params = useParams()
-  const projectId = params.projectId as string
-  const [mitigations, setMitigations] = useState<Mitigation[]>([])
-  const [hazards, setHazards] = useState<Hazard[]>([])
-  const [loading, setLoading] = useState(true)
-  const [showForm, setShowForm] = useState(false)
-  const [preselectedType, setPreselectedType] = useState<'design' | 'protection' | 'information' | undefined>()
-
-  useEffect(() => {
-    fetchData()
-  }, [projectId])
-
-  async function fetchData() {
-    try {
-      const [mitRes, hazRes] = await Promise.all([
-        fetch(`/api/sdk/v1/iace/projects/${projectId}/mitigations`),
-        fetch(`/api/sdk/v1/iace/projects/${projectId}/hazards`),
-      ])
-      if (mitRes.ok) {
-        const json = await mitRes.json()
-        setMitigations(json.mitigations || json || [])
-      }
-      if (hazRes.ok) {
-        const json = await hazRes.json()
-        setHazards((json.hazards || json || []).map((h: Hazard) => ({ id: h.id, name: h.name, risk_level: h.risk_level })))
-      }
-    } catch (err) {
-      console.error('Failed to fetch data:', err)
-    } finally {
-      setLoading(false)
-    }
-  }
-
-  async function handleSubmit(data: MitigationFormData) {
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/mitigations`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(data),
-      })
-      if (res.ok) {
-        setShowForm(false)
-        setPreselectedType(undefined)
-        await fetchData()
-      }
-    } catch (err) {
-      console.error('Failed to add mitigation:', err)
-    }
-  }
-
-  async function handleVerify(id: string) {
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/mitigations/${id}/verify`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-      })
-      if (res.ok) {
-        await fetchData()
-      }
-    } catch (err) {
-      console.error('Failed to verify mitigation:', err)
-    }
-  }
-
-  async function handleDelete(id: string) {
-    if (!confirm('Massnahme wirklich loeschen?')) return
-    try {
-      const res = await fetch(`/api/sdk/v1/iace/projects/${projectId}/mitigations/${id}`, { method: 'DELETE' })
-      if (res.ok) {
-        await fetchData()
-      }
-    } catch (err) {
-      console.error('Failed to delete mitigation:', err)
-    }
-  }
-
-  function handleAddForType(type: 'design' | 'protection' | 'information') {
-    setPreselectedType(type)
-    setShowForm(true)
-  }
-
-  const byType = {
-    design: mitigations.filter((m) => m.reduction_type === 'design'),
-    protection: mitigations.filter((m) => m.reduction_type === 'protection'),
-    information: mitigations.filter((m) => m.reduction_type === 'information'),
-  }
-
-  if (loading) {
-    return (
-      <div className="flex items-center justify-center h-64">
-        <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-purple-600" />
-      </div>
-    )
-  }
-
-  return (
-    <div className="space-y-6">
-      {/* Header */}
-      <div className="flex items-center justify-between">
-        <div>
-          <h1 className="text-2xl font-bold text-gray-900 dark:text-white">Massnahmen</h1>
-          <p className="mt-1 text-sm text-gray-500 dark:text-gray-400">
-            Risikominderung nach dem 3-Stufen-Verfahren: Design, Schutz, Information.
-          </p>
-        </div>
-        <button
-          onClick={() => {
-            setPreselectedType(undefined)
-            setShowForm(true)
-          }}
-          className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors"
-        >
-          <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-          </svg>
-          Massnahme hinzufuegen
-        </button>
-      </div>
-
-      {/* Form */}
-      {showForm && (
-        <MitigationForm
-          onSubmit={handleSubmit}
-          onCancel={() => {
-            setShowForm(false)
-            setPreselectedType(undefined)
-          }}
-          hazards={hazards}
-          preselectedType={preselectedType}
-        />
-      )}
-
-      {/* 3-Column Layout */}
-      <div className="grid grid-cols-1 lg:grid-cols-3 gap-6">
-        {(['design', 'protection', 'information'] as const).map((type) => {
-          const config = REDUCTION_TYPES[type]
-          const items = byType[type]
-          return (
-            <div key={type} className={`rounded-xl border ${config.color} p-4`}>
-              <div className={`flex items-center gap-2 px-3 py-2 rounded-lg ${config.headerColor} mb-4`}>
-                {config.icon}
-                <div>
-                  <h3 className="text-sm font-semibold">{config.label}</h3>
-                  <p className="text-xs opacity-75">{config.description}</p>
-                </div>
-                <span className="ml-auto text-sm font-bold">{items.length}</span>
-              </div>
-
-              <div className="space-y-3">
-                {items.map((m) => (
-                  <MitigationCard
-                    key={m.id}
-                    mitigation={m}
-                    onVerify={handleVerify}
-                    onDelete={handleDelete}
-                  />
-                ))}
-              </div>
-
-              <button
-                onClick={() => handleAddForType(type)}
-                className="mt-3 w-full py-2 text-sm text-gray-500 hover:text-purple-600 hover:bg-white rounded-lg border border-dashed border-gray-300 hover:border-purple-300 transition-colors"
-              >
-                + Massnahme hinzufuegen
-              </button>
-            </div>
-          )
-        })}
-      </div>
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/obligations/page.tsx

@@ -1,313 +0,0 @@
-'use client'
-
-import React, { useState } from 'react'
-import { useSDK } from '@/lib/sdk'
-import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-interface Obligation {
-  id: string
-  title: string
-  description: string
-  source: string
-  sourceArticle: string
-  deadline: Date | null
-  status: 'pending' | 'in-progress' | 'completed' | 'overdue'
-  priority: 'critical' | 'high' | 'medium' | 'low'
-  responsible: string
-  linkedSystems: string[]
-}
-
-// =============================================================================
-// MOCK DATA
-// =============================================================================
-
-const mockObligations: Obligation[] = [
-  {
-    id: 'obl-1',
-    title: 'Risikomanagementsystem implementieren',
-    description: 'Ein Risikomanagementsystem fuer das Hochrisiko-KI-System muss implementiert werden.',
-    source: 'AI Act',
-    sourceArticle: 'Art. 9',
-    deadline: new Date('2024-06-01'),
-    status: 'in-progress',
-    priority: 'critical',
-    responsible: 'IT Security',
-    linkedSystems: ['Bewerber-Screening'],
-  },
-  {
-    id: 'obl-2',
-    title: 'Technische Dokumentation erstellen',
-    description: 'Umfassende technische Dokumentation fuer alle Hochrisiko-KI-Systeme.',
-    source: 'AI Act',
-    sourceArticle: 'Art. 11',
-    deadline: new Date('2024-05-15'),
-    status: 'pending',
-    priority: 'high',
-    responsible: 'Entwicklung',
-    linkedSystems: ['Bewerber-Screening'],
-  },
-  {
-    id: 'obl-3',
-    title: 'Datenschutzerklaerung aktualisieren',
-    description: 'Die Datenschutzerklaerung muss an die neuen KI-Verarbeitungen angepasst werden.',
-    source: 'DSGVO',
-    sourceArticle: 'Art. 13/14',
-    deadline: new Date('2024-02-01'),
-    status: 'overdue',
-    priority: 'high',
-    responsible: 'Datenschutz',
-    linkedSystems: ['Kundenservice Chatbot', 'Empfehlungsalgorithmus'],
-  },
-  {
-    id: 'obl-4',
-    title: 'KI-Kennzeichnung implementieren',
-    description: 'Nutzer muessen informiert werden, dass sie mit einem KI-System interagieren.',
-    source: 'AI Act',
-    sourceArticle: 'Art. 52',
-    deadline: new Date('2024-03-01'),
-    status: 'completed',
-    priority: 'medium',
-    responsible: 'UX Team',
-    linkedSystems: ['Kundenservice Chatbot'],
-  },
-  {
-    id: 'obl-5',
-    title: 'Menschliche Aufsicht sicherstellen',
-    description: 'Prozesse fuer menschliche Aufsicht bei automatisierten Entscheidungen.',
-    source: 'AI Act',
-    sourceArticle: 'Art. 14',
-    deadline: new Date('2024-04-01'),
-    status: 'pending',
-    priority: 'critical',
-    responsible: 'Operations',
-    linkedSystems: ['Bewerber-Screening'],
-  },
-]
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function ObligationCard({ obligation }: { obligation: Obligation }) {
-  const priorityColors = {
-    critical: 'bg-red-100 text-red-700',
-    high: 'bg-orange-100 text-orange-700',
-    medium: 'bg-yellow-100 text-yellow-700',
-    low: 'bg-green-100 text-green-700',
-  }
-
-  const statusColors = {
-    pending: 'bg-gray-100 text-gray-600 border-gray-200',
-    'in-progress': 'bg-blue-100 text-blue-700 border-blue-200',
-    completed: 'bg-green-100 text-green-700 border-green-200',
-    overdue: 'bg-red-100 text-red-700 border-red-200',
-  }
-
-  const statusLabels = {
-    pending: 'Ausstehend',
-    'in-progress': 'In Bearbeitung',
-    completed: 'Abgeschlossen',
-    overdue: 'Ueberfaellig',
-  }
-
-  const daysUntilDeadline = obligation.deadline
-    ? Math.ceil((obligation.deadline.getTime() - new Date().getTime()) / (1000 * 60 * 60 * 24))
-    : null
-
-  return (
-    <div className={`bg-white rounded-xl border-2 p-6 ${
-      obligation.status === 'overdue' ? 'border-red-200' :
-      obligation.status === 'completed' ? 'border-green-200' : 'border-gray-200'
-    }`}>
-      <div className="flex items-start justify-between">
-        <div className="flex-1">
-          <div className="flex items-center gap-2 mb-2">
-            <span className={`px-2 py-1 text-xs rounded-full ${priorityColors[obligation.priority]}`}>
-              {obligation.priority === 'critical' ? 'Kritisch' :
-               obligation.priority === 'high' ? 'Hoch' :
-               obligation.priority === 'medium' ? 'Mittel' : 'Niedrig'}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${statusColors[obligation.status]}`}>
-              {statusLabels[obligation.status]}
-            </span>
-            <span className="px-2 py-1 text-xs bg-purple-50 text-purple-700 rounded">
-              {obligation.source} {obligation.sourceArticle}
-            </span>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">{obligation.title}</h3>
-          <p className="text-sm text-gray-500 mt-1">{obligation.description}</p>
-        </div>
-      </div>
-
-      <div className="mt-4 grid grid-cols-2 gap-4 text-sm">
-        <div>
-          <span className="text-gray-500">Verantwortlich: </span>
-          <span className="font-medium text-gray-700">{obligation.responsible}</span>
-        </div>
-        {obligation.deadline && (
-          <div className={daysUntilDeadline && daysUntilDeadline < 0 ? 'text-red-600' : ''}>
-            <span className="text-gray-500">Frist: </span>
-            <span className="font-medium">
-              {obligation.deadline.toLocaleDateString('de-DE')}
-              {daysUntilDeadline !== null && (
-                <span className="ml-2">
-                  ({daysUntilDeadline < 0 ? `${Math.abs(daysUntilDeadline)} Tage ueberfaellig` : `${daysUntilDeadline} Tage`})
-                </span>
-              )}
-            </span>
-          </div>
-        )}
-      </div>
-
-      {obligation.linkedSystems.length > 0 && (
-        <div className="mt-3 flex items-center gap-2 flex-wrap">
-          <span className="text-sm text-gray-500">Betroffene Systeme:</span>
-          {obligation.linkedSystems.map(sys => (
-            <span key={sys} className="px-2 py-0.5 text-xs bg-gray-100 text-gray-600 rounded">
-              {sys}
-            </span>
-          ))}
-        </div>
-      )}
-
-      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between">
-        <button className="text-sm text-purple-600 hover:text-purple-700 font-medium">
-          Details anzeigen
-        </button>
-        {obligation.status !== 'completed' && (
-          <button className="px-4 py-2 text-sm bg-purple-50 text-purple-700 rounded-lg hover:bg-purple-100 transition-colors">
-            Als erledigt markieren
-          </button>
-        )}
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-export default function ObligationsPage() {
-  const { state } = useSDK()
-  const [obligations] = useState<Obligation[]>(mockObligations)
-  const [filter, setFilter] = useState<string>('all')
-
-  const filteredObligations = filter === 'all'
-    ? obligations
-    : obligations.filter(o => o.status === filter || o.priority === filter || o.source.toLowerCase().includes(filter))
-
-  const pendingCount = obligations.filter(o => o.status === 'pending').length
-  const inProgressCount = obligations.filter(o => o.status === 'in-progress').length
-  const overdueCount = obligations.filter(o => o.status === 'overdue').length
-  const completedCount = obligations.filter(o => o.status === 'completed').length
-
-  const stepInfo = STEP_EXPLANATIONS['obligations']
-
-  return (
-    <div className="space-y-6">
-      {/* Step Header */}
-      <StepHeader
-        stepId="obligations"
-        title={stepInfo.title}
-        description={stepInfo.description}
-        explanation={stepInfo.explanation}
-        tips={stepInfo.tips}
-      >
-        <button className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors">
-          <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-          </svg>
-          Pflicht hinzufuegen
-        </button>
-      </StepHeader>
-
-      {/* Stats */}
-      <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Ausstehend</div>
-          <div className="text-3xl font-bold text-gray-900">{pendingCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-blue-200 p-6">
-          <div className="text-sm text-blue-600">In Bearbeitung</div>
-          <div className="text-3xl font-bold text-blue-600">{inProgressCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-red-200 p-6">
-          <div className="text-sm text-red-600">Ueberfaellig</div>
-          <div className="text-3xl font-bold text-red-600">{overdueCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-green-200 p-6">
-          <div className="text-sm text-green-600">Abgeschlossen</div>
-          <div className="text-3xl font-bold text-green-600">{completedCount}</div>
-        </div>
-      </div>
-
-      {/* Urgent Alert */}
-      {overdueCount > 0 && (
-        <div className="bg-red-50 border border-red-200 rounded-xl p-4 flex items-center gap-4">
-          <div className="w-10 h-10 bg-red-100 rounded-full flex items-center justify-center">
-            <svg className="w-5 h-5 text-red-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-            </svg>
-          </div>
-          <div>
-            <h4 className="font-medium text-red-800">Achtung: {overdueCount} ueberfaellige Pflicht(en)</h4>
-            <p className="text-sm text-red-600">Diese Pflichten erfordern sofortige Aufmerksamkeit.</p>
-          </div>
-        </div>
-      )}
-
-      {/* Filter */}
-      <div className="flex items-center gap-2 flex-wrap">
-        <span className="text-sm text-gray-500">Filter:</span>
-        {['all', 'overdue', 'pending', 'in-progress', 'completed', 'critical', 'ai'].map(f => (
-          <button
-            key={f}
-            onClick={() => setFilter(f)}
-            className={`px-3 py-1 text-sm rounded-full transition-colors ${
-              filter === f
-                ? 'bg-purple-600 text-white'
-                : 'bg-gray-100 text-gray-600 hover:bg-gray-200'
-            }`}
-          >
-            {f === 'all' ? 'Alle' :
-             f === 'overdue' ? 'Ueberfaellig' :
-             f === 'pending' ? 'Ausstehend' :
-             f === 'in-progress' ? 'In Bearbeitung' :
-             f === 'completed' ? 'Abgeschlossen' :
-             f === 'critical' ? 'Kritisch' : 'AI Act'}
-          </button>
-        ))}
-      </div>
-
-      {/* Obligations List */}
-      <div className="space-y-4">
-        {filteredObligations
-          .sort((a, b) => {
-            // Sort by status priority: overdue > in-progress > pending > completed
-            const statusOrder = { overdue: 0, 'in-progress': 1, pending: 2, completed: 3 }
-            return statusOrder[a.status] - statusOrder[b.status]
-          })
-          .map(obligation => (
-            <ObligationCard key={obligation.id} obligation={obligation} />
-          ))}
-      </div>
-
-      {filteredObligations.length === 0 && (
-        <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-          <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-            <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2" />
-            </svg>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">Keine Pflichten gefunden</h3>
-          <p className="mt-2 text-gray-500">Passen Sie den Filter an oder fuegen Sie neue Pflichten hinzu.</p>
-        </div>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/quality/page.tsx

@@ -1,368 +0,0 @@
-'use client'
-
-import React, { useState } from 'react'
-import { useSDK } from '@/lib/sdk'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-interface QualityMetric {
-  id: string
-  name: string
-  category: 'accuracy' | 'fairness' | 'robustness' | 'explainability' | 'performance'
-  score: number
-  threshold: number
-  trend: 'up' | 'down' | 'stable'
-  lastMeasured: Date
-  aiSystem: string
-}
-
-interface QualityTest {
-  id: string
-  name: string
-  status: 'passed' | 'failed' | 'warning' | 'pending'
-  lastRun: Date
-  duration: string
-  aiSystem: string
-  details: string
-}
-
-// =============================================================================
-// MOCK DATA
-// =============================================================================
-
-const mockMetrics: QualityMetric[] = [
-  {
-    id: 'm-1',
-    name: 'Accuracy Score',
-    category: 'accuracy',
-    score: 94.5,
-    threshold: 90,
-    trend: 'up',
-    lastMeasured: new Date('2024-01-22'),
-    aiSystem: 'Bewerber-Screening',
-  },
-  {
-    id: 'm-2',
-    name: 'Fairness Index (Gender)',
-    category: 'fairness',
-    score: 87.2,
-    threshold: 85,
-    trend: 'stable',
-    lastMeasured: new Date('2024-01-22'),
-    aiSystem: 'Bewerber-Screening',
-  },
-  {
-    id: 'm-3',
-    name: 'Fairness Index (Age)',
-    category: 'fairness',
-    score: 78.5,
-    threshold: 85,
-    trend: 'down',
-    lastMeasured: new Date('2024-01-22'),
-    aiSystem: 'Bewerber-Screening',
-  },
-  {
-    id: 'm-4',
-    name: 'Robustness Score',
-    category: 'robustness',
-    score: 91.0,
-    threshold: 85,
-    trend: 'up',
-    lastMeasured: new Date('2024-01-21'),
-    aiSystem: 'Kundenservice Chatbot',
-  },
-  {
-    id: 'm-5',
-    name: 'Explainability Index',
-    category: 'explainability',
-    score: 72.3,
-    threshold: 75,
-    trend: 'up',
-    lastMeasured: new Date('2024-01-22'),
-    aiSystem: 'Empfehlungsalgorithmus',
-  },
-  {
-    id: 'm-6',
-    name: 'Response Time (P95)',
-    category: 'performance',
-    score: 95.0,
-    threshold: 90,
-    trend: 'stable',
-    lastMeasured: new Date('2024-01-22'),
-    aiSystem: 'Kundenservice Chatbot',
-  },
-]
-
-const mockTests: QualityTest[] = [
-  {
-    id: 't-1',
-    name: 'Bias Detection Test',
-    status: 'warning',
-    lastRun: new Date('2024-01-22T10:30:00'),
-    duration: '45min',
-    aiSystem: 'Bewerber-Screening',
-    details: 'Leichte Verzerrung bei Altersgruppe 50+ erkannt',
-  },
-  {
-    id: 't-2',
-    name: 'Accuracy Benchmark',
-    status: 'passed',
-    lastRun: new Date('2024-01-22T08:00:00'),
-    duration: '2h 15min',
-    aiSystem: 'Bewerber-Screening',
-    details: 'Alle Schwellenwerte eingehalten',
-  },
-  {
-    id: 't-3',
-    name: 'Adversarial Testing',
-    status: 'passed',
-    lastRun: new Date('2024-01-21T14:00:00'),
-    duration: '1h 30min',
-    aiSystem: 'Kundenservice Chatbot',
-    details: 'System robust gegen Manipulation',
-  },
-  {
-    id: 't-4',
-    name: 'Explainability Test',
-    status: 'failed',
-    lastRun: new Date('2024-01-22T09:00:00'),
-    duration: '30min',
-    aiSystem: 'Empfehlungsalgorithmus',
-    details: 'SHAP-Werte unter Schwellenwert',
-  },
-  {
-    id: 't-5',
-    name: 'Performance Load Test',
-    status: 'passed',
-    lastRun: new Date('2024-01-22T06:00:00'),
-    duration: '3h',
-    aiSystem: 'Kundenservice Chatbot',
-    details: '10.000 gleichzeitige Anfragen verarbeitet',
-  },
-]
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function MetricCard({ metric }: { metric: QualityMetric }) {
-  const isAboveThreshold = metric.score >= metric.threshold
-  const categoryColors = {
-    accuracy: 'bg-blue-100 text-blue-700',
-    fairness: 'bg-purple-100 text-purple-700',
-    robustness: 'bg-green-100 text-green-700',
-    explainability: 'bg-yellow-100 text-yellow-700',
-    performance: 'bg-orange-100 text-orange-700',
-  }
-
-  const categoryLabels = {
-    accuracy: 'Genauigkeit',
-    fairness: 'Fairness',
-    robustness: 'Robustheit',
-    explainability: 'Erklaerbarkeit',
-    performance: 'Performance',
-  }
-
-  return (
-    <div className={`bg-white rounded-xl border-2 p-6 ${
-      isAboveThreshold ? 'border-gray-200' : 'border-red-200'
-    }`}>
-      <div className="flex items-start justify-between mb-4">
-        <div>
-          <span className={`px-2 py-1 text-xs rounded-full ${categoryColors[metric.category]}`}>
-            {categoryLabels[metric.category]}
-          </span>
-          <h4 className="font-semibold text-gray-900 mt-2">{metric.name}</h4>
-          <p className="text-xs text-gray-500">{metric.aiSystem}</p>
-        </div>
-        <div className={`flex items-center gap-1 text-sm ${
-          metric.trend === 'up' ? 'text-green-600' :
-          metric.trend === 'down' ? 'text-red-600' : 'text-gray-500'
-        }`}>
-          {metric.trend === 'up' && (
-            <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M5 10l7-7m0 0l7 7m-7-7v18" />
-            </svg>
-          )}
-          {metric.trend === 'down' && (
-            <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 14l-7 7m0 0l-7-7m7 7V3" />
-            </svg>
-          )}
-          {metric.trend === 'stable' && (
-            <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M5 12h14" />
-            </svg>
-          )}
-        </div>
-      </div>
-
-      <div className="flex items-end justify-between">
-        <div>
-          <div className={`text-3xl font-bold ${isAboveThreshold ? 'text-gray-900' : 'text-red-600'}`}>
-            {metric.score}%
-          </div>
-          <div className="text-sm text-gray-500">
-            Schwellenwert: {metric.threshold}%
-          </div>
-        </div>
-        <div className="w-24 h-2 bg-gray-100 rounded-full overflow-hidden">
-          <div
-            className={`h-full rounded-full ${isAboveThreshold ? 'bg-green-500' : 'bg-red-500'}`}
-            style={{ width: `${metric.score}%` }}
-          />
-        </div>
-      </div>
-    </div>
-  )
-}
-
-function TestRow({ test }: { test: QualityTest }) {
-  const statusColors = {
-    passed: 'bg-green-100 text-green-700',
-    failed: 'bg-red-100 text-red-700',
-    warning: 'bg-yellow-100 text-yellow-700',
-    pending: 'bg-gray-100 text-gray-500',
-  }
-
-  const statusLabels = {
-    passed: 'Bestanden',
-    failed: 'Fehlgeschlagen',
-    warning: 'Warnung',
-    pending: 'Ausstehend',
-  }
-
-  return (
-    <tr className="hover:bg-gray-50">
-      <td className="px-6 py-4">
-        <div className="font-medium text-gray-900">{test.name}</div>
-        <div className="text-xs text-gray-500">{test.aiSystem}</div>
-      </td>
-      <td className="px-6 py-4">
-        <span className={`px-2 py-1 text-xs rounded-full ${statusColors[test.status]}`}>
-          {statusLabels[test.status]}
-        </span>
-      </td>
-      <td className="px-6 py-4 text-sm text-gray-500">
-        {test.lastRun.toLocaleString('de-DE')}
-      </td>
-      <td className="px-6 py-4 text-sm text-gray-500">{test.duration}</td>
-      <td className="px-6 py-4 text-sm text-gray-500 max-w-xs truncate">{test.details}</td>
-      <td className="px-6 py-4">
-        <button className="text-sm text-purple-600 hover:text-purple-700">Details</button>
-      </td>
-    </tr>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-export default function QualityPage() {
-  const { state } = useSDK()
-  const [metrics] = useState<QualityMetric[]>(mockMetrics)
-  const [tests] = useState<QualityTest[]>(mockTests)
-
-  const passedTests = tests.filter(t => t.status === 'passed').length
-  const failedTests = tests.filter(t => t.status === 'failed').length
-  const metricsAboveThreshold = metrics.filter(m => m.score >= m.threshold).length
-  const avgScore = Math.round(metrics.reduce((sum, m) => sum + m.score, 0) / metrics.length)
-
-  return (
-    <div className="space-y-6">
-      {/* Header */}
-      <div className="flex items-center justify-between">
-        <div>
-          <h1 className="text-2xl font-bold text-gray-900">AI Quality Dashboard</h1>
-          <p className="mt-1 text-gray-500">
-            Ueberwachen Sie die Qualitaet und Fairness Ihrer KI-Systeme
-          </p>
-        </div>
-        <button className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors">
-          <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M4 4v5h.582m15.356 2A8.001 8.001 0 004.582 9m0 0H9m11 11v-5h-.581m0 0a8.003 8.003 0 01-15.357-2m15.357 2H15" />
-          </svg>
-          Tests ausfuehren
-        </button>
-      </div>
-
-      {/* Stats */}
-      <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Durchschnittlicher Score</div>
-          <div className="text-3xl font-bold text-gray-900">{avgScore}%</div>
-        </div>
-        <div className="bg-white rounded-xl border border-green-200 p-6">
-          <div className="text-sm text-green-600">Metriken ueber Schwellenwert</div>
-          <div className="text-3xl font-bold text-green-600">{metricsAboveThreshold}/{metrics.length}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-green-200 p-6">
-          <div className="text-sm text-green-600">Tests bestanden</div>
-          <div className="text-3xl font-bold text-green-600">{passedTests}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-red-200 p-6">
-          <div className="text-sm text-red-600">Tests fehlgeschlagen</div>
-          <div className="text-3xl font-bold text-red-600">{failedTests}</div>
-        </div>
-      </div>
-
-      {/* Alert for failed metrics */}
-      {metrics.filter(m => m.score < m.threshold).length > 0 && (
-        <div className="bg-yellow-50 border border-yellow-200 rounded-xl p-4 flex items-center gap-4">
-          <div className="w-10 h-10 bg-yellow-100 rounded-full flex items-center justify-center">
-            <svg className="w-5 h-5 text-yellow-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-            </svg>
-          </div>
-          <div>
-            <h4 className="font-medium text-yellow-800">
-              {metrics.filter(m => m.score < m.threshold).length} Metrik(en) unter Schwellenwert
-            </h4>
-            <p className="text-sm text-yellow-600">
-              Ueberpruefen Sie die betroffenen KI-Systeme und ergreifen Sie Korrekturmassnahmen.
-            </p>
-          </div>
-        </div>
-      )}
-
-      {/* Metrics Grid */}
-      <div>
-        <h3 className="text-lg font-semibold text-gray-900 mb-4">Qualitaetsmetriken</h3>
-        <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
-          {metrics.map(metric => (
-            <MetricCard key={metric.id} metric={metric} />
-          ))}
-        </div>
-      </div>
-
-      {/* Tests Table */}
-      <div>
-        <h3 className="text-lg font-semibold text-gray-900 mb-4">Testergebnisse</h3>
-        <div className="bg-white rounded-xl border border-gray-200 overflow-hidden">
-          <div className="overflow-x-auto">
-            <table className="w-full">
-              <thead className="bg-gray-50">
-                <tr>
-                  <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">Test</th>
-                  <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">Status</th>
-                  <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">Letzter Lauf</th>
-                  <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">Dauer</th>
-                  <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">Details</th>
-                  <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">Aktion</th>
-                </tr>
-              </thead>
-              <tbody className="divide-y divide-gray-100">
-                {tests.map(test => (
-                  <TestRow key={test.id} test={test} />
-                ))}
-              </tbody>
-            </table>
-          </div>
-        </div>
-      </div>
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/requirements/page.tsx

@@ -1,427 +0,0 @@
-'use client'
-
-import React, { useState, useEffect } from 'react'
-import { useSDK, Requirement as SDKRequirement, RequirementStatus, RiskSeverity } from '@/lib/sdk'
-import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-type DisplayPriority = 'critical' | 'high' | 'medium' | 'low'
-type DisplayStatus = 'compliant' | 'partial' | 'non-compliant' | 'not-applicable'
-
-interface DisplayRequirement extends SDKRequirement {
-  code: string
-  source: string
-  category: string
-  priority: DisplayPriority
-  displayStatus: DisplayStatus
-  controlsLinked: number
-  evidenceCount: number
-}
-
-// =============================================================================
-// HELPER FUNCTIONS
-// =============================================================================
-
-function mapCriticalityToPriority(criticality: RiskSeverity): DisplayPriority {
-  switch (criticality) {
-    case 'CRITICAL': return 'critical'
-    case 'HIGH': return 'high'
-    case 'MEDIUM': return 'medium'
-    case 'LOW': return 'low'
-    default: return 'medium'
-  }
-}
-
-function mapStatusToDisplayStatus(status: RequirementStatus): DisplayStatus {
-  switch (status) {
-    case 'VERIFIED':
-    case 'IMPLEMENTED': return 'compliant'
-    case 'IN_PROGRESS': return 'partial'
-    case 'NOT_STARTED': return 'non-compliant'
-    default: return 'non-compliant'
-  }
-}
-
-// =============================================================================
-// AVAILABLE REQUIREMENTS (Templates)
-// =============================================================================
-
-const requirementTemplates: Omit<DisplayRequirement, 'displayStatus' | 'controlsLinked' | 'evidenceCount'>[] = [
-  {
-    id: 'req-gdpr-6',
-    regulation: 'DSGVO',
-    article: 'Art. 6',
-    code: 'GDPR-6.1',
-    title: 'Rechtmaessigkeit der Verarbeitung',
-    description: 'Personenbezogene Daten duerfen nur verarbeitet werden, wenn eine Rechtsgrundlage vorliegt.',
-    source: 'DSGVO Art. 6',
-    category: 'Rechtmaessigkeit',
-    priority: 'critical',
-    criticality: 'CRITICAL',
-    applicableModules: ['mod-gdpr'],
-    status: 'NOT_STARTED',
-    controls: [],
-  },
-  {
-    id: 'req-gdpr-13',
-    regulation: 'DSGVO',
-    article: 'Art. 13/14',
-    code: 'GDPR-13',
-    title: 'Informationspflichten',
-    description: 'Betroffene Personen muessen ueber die Datenverarbeitung informiert werden.',
-    source: 'DSGVO Art. 13/14',
-    category: 'Transparenz',
-    priority: 'high',
-    criticality: 'HIGH',
-    applicableModules: ['mod-gdpr'],
-    status: 'NOT_STARTED',
-    controls: [],
-  },
-  {
-    id: 'req-ai-act-9',
-    regulation: 'AI Act',
-    article: 'Art. 9',
-    code: 'AI-ACT-9',
-    title: 'Risikomanagementsystem',
-    description: 'Hochrisiko-KI-Systeme erfordern ein Risikomanagementsystem.',
-    source: 'AI Act Art. 9',
-    category: 'KI-Governance',
-    priority: 'high',
-    criticality: 'HIGH',
-    applicableModules: ['mod-ai-act'],
-    status: 'NOT_STARTED',
-    controls: [],
-  },
-  {
-    id: 'req-gdpr-32',
-    regulation: 'DSGVO',
-    article: 'Art. 32',
-    code: 'GDPR-32',
-    title: 'Sicherheit der Verarbeitung',
-    description: 'Geeignete technische und organisatorische Massnahmen zur Datensicherheit.',
-    source: 'DSGVO Art. 32',
-    category: 'Sicherheit',
-    priority: 'critical',
-    criticality: 'CRITICAL',
-    applicableModules: ['mod-gdpr', 'mod-iso27001'],
-    status: 'NOT_STARTED',
-    controls: [],
-  },
-  {
-    id: 'req-gdpr-35',
-    regulation: 'DSGVO',
-    article: 'Art. 35',
-    code: 'GDPR-35',
-    title: 'Datenschutz-Folgenabschaetzung',
-    description: 'Bei hohem Risiko ist eine DSFA durchzufuehren.',
-    source: 'DSGVO Art. 35',
-    category: 'Risikobewertung',
-    priority: 'high',
-    criticality: 'HIGH',
-    applicableModules: ['mod-gdpr'],
-    status: 'NOT_STARTED',
-    controls: [],
-  },
-  {
-    id: 'req-ai-act-13',
-    regulation: 'AI Act',
-    article: 'Art. 13',
-    code: 'AI-ACT-13',
-    title: 'Transparenzanforderungen',
-    description: 'KI-Systeme muessen fuer Nutzer nachvollziehbar und transparent sein.',
-    source: 'AI Act Art. 13',
-    category: 'Transparenz',
-    priority: 'high',
-    criticality: 'HIGH',
-    applicableModules: ['mod-ai-act'],
-    status: 'NOT_STARTED',
-    controls: [],
-  },
-  {
-    id: 'req-nis2-21',
-    regulation: 'NIS2',
-    article: 'Art. 21',
-    code: 'NIS2-21',
-    title: 'Risikomanagementmassnahmen',
-    description: 'Wesentliche und wichtige Einrichtungen muessen Cybersicherheitsmassnahmen implementieren.',
-    source: 'NIS2 Art. 21',
-    category: 'Cybersicherheit',
-    priority: 'high',
-    criticality: 'HIGH',
-    applicableModules: ['mod-nis2'],
-    status: 'NOT_STARTED',
-    controls: [],
-  },
-]
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function RequirementCard({
-  requirement,
-  onStatusChange,
-}: {
-  requirement: DisplayRequirement
-  onStatusChange: (status: RequirementStatus) => void
-}) {
-  const priorityColors = {
-    critical: 'bg-red-100 text-red-700',
-    high: 'bg-orange-100 text-orange-700',
-    medium: 'bg-yellow-100 text-yellow-700',
-    low: 'bg-green-100 text-green-700',
-  }
-
-  const statusColors = {
-    compliant: 'bg-green-100 text-green-700 border-green-200',
-    partial: 'bg-yellow-100 text-yellow-700 border-yellow-200',
-    'non-compliant': 'bg-red-100 text-red-700 border-red-200',
-    'not-applicable': 'bg-gray-100 text-gray-500 border-gray-200',
-  }
-
-  const statusLabels = {
-    compliant: 'Konform',
-    partial: 'Teilweise',
-    'non-compliant': 'Nicht konform',
-    'not-applicable': 'N/A',
-  }
-
-  return (
-    <div className={`bg-white rounded-xl border-2 p-6 ${statusColors[requirement.displayStatus]}`}>
-      <div className="flex items-start justify-between">
-        <div className="flex-1">
-          <div className="flex items-center gap-2 mb-2">
-            <span className="px-2 py-1 text-xs bg-gray-100 text-gray-700 rounded font-mono">
-              {requirement.code}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${priorityColors[requirement.priority]}`}>
-              {requirement.priority === 'critical' ? 'Kritisch' :
-               requirement.priority === 'high' ? 'Hoch' :
-               requirement.priority === 'medium' ? 'Mittel' : 'Niedrig'}
-            </span>
-            <span className="px-2 py-1 text-xs bg-blue-50 text-blue-600 rounded">
-              {requirement.regulation}
-            </span>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">{requirement.title}</h3>
-          <p className="text-sm text-gray-500 mt-1">{requirement.description}</p>
-          <p className="text-xs text-gray-400 mt-2">Quelle: {requirement.source}</p>
-        </div>
-        <select
-          value={requirement.status}
-          onChange={(e) => onStatusChange(e.target.value as RequirementStatus)}
-          className={`px-3 py-1 text-sm rounded-full border ${statusColors[requirement.displayStatus]}`}
-        >
-          <option value="NOT_STARTED">Nicht begonnen</option>
-          <option value="IN_PROGRESS">In Bearbeitung</option>
-          <option value="IMPLEMENTED">Implementiert</option>
-          <option value="VERIFIED">Verifiziert</option>
-        </select>
-      </div>
-
-      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between">
-        <div className="flex items-center gap-4 text-sm text-gray-500">
-          <span>{requirement.controlsLinked} Kontrollen</span>
-          <span>{requirement.evidenceCount} Nachweise</span>
-        </div>
-        <button className="text-sm text-purple-600 hover:text-purple-700 font-medium">
-          Details anzeigen
-        </button>
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-export default function RequirementsPage() {
-  const { state, dispatch } = useSDK()
-  const [filter, setFilter] = useState<string>('all')
-  const [searchQuery, setSearchQuery] = useState('')
-
-  // Load requirements based on active modules
-  useEffect(() => {
-    // Only add requirements if there are active modules and no requirements yet
-    if (state.modules.length > 0 && state.requirements.length === 0) {
-      const activeModuleIds = state.modules.map(m => m.id)
-      const relevantRequirements = requirementTemplates.filter(r =>
-        r.applicableModules.some(m => activeModuleIds.includes(m))
-      )
-
-      relevantRequirements.forEach(req => {
-        const sdkRequirement: SDKRequirement = {
-          id: req.id,
-          regulation: req.regulation,
-          article: req.article,
-          title: req.title,
-          description: req.description,
-          criticality: req.criticality,
-          applicableModules: req.applicableModules,
-          status: 'NOT_STARTED',
-          controls: [],
-        }
-        dispatch({ type: 'ADD_REQUIREMENT', payload: sdkRequirement })
-      })
-    }
-  }, [state.modules, state.requirements.length, dispatch])
-
-  // Convert SDK requirements to display requirements
-  const displayRequirements: DisplayRequirement[] = state.requirements.map(req => {
-    const template = requirementTemplates.find(t => t.id === req.id)
-    const linkedControls = state.controls.filter(c => c.evidence.includes(req.id))
-    const linkedEvidence = state.evidence.filter(e => e.controlId && linkedControls.some(c => c.id === e.controlId))
-
-    return {
-      ...req,
-      code: template?.code || req.id,
-      source: template?.source || `${req.regulation} ${req.article}`,
-      category: template?.category || req.regulation,
-      priority: mapCriticalityToPriority(req.criticality),
-      displayStatus: mapStatusToDisplayStatus(req.status),
-      controlsLinked: linkedControls.length,
-      evidenceCount: linkedEvidence.length,
-    }
-  })
-
-  const filteredRequirements = displayRequirements.filter(req => {
-    const matchesFilter = filter === 'all' ||
-      req.displayStatus === filter ||
-      req.priority === filter
-    const matchesSearch = searchQuery === '' ||
-      req.title.toLowerCase().includes(searchQuery.toLowerCase()) ||
-      req.code.toLowerCase().includes(searchQuery.toLowerCase())
-    return matchesFilter && matchesSearch
-  })
-
-  const compliantCount = displayRequirements.filter(r => r.displayStatus === 'compliant').length
-  const partialCount = displayRequirements.filter(r => r.displayStatus === 'partial').length
-  const nonCompliantCount = displayRequirements.filter(r => r.displayStatus === 'non-compliant').length
-
-  const handleStatusChange = (requirementId: string, status: RequirementStatus) => {
-    dispatch({
-      type: 'UPDATE_REQUIREMENT',
-      payload: { id: requirementId, data: { status } },
-    })
-  }
-
-  const stepInfo = STEP_EXPLANATIONS['requirements']
-
-  return (
-    <div className="space-y-6">
-      {/* Step Header */}
-      <StepHeader
-        stepId="requirements"
-        title={stepInfo.title}
-        description={stepInfo.description}
-        explanation={stepInfo.explanation}
-        tips={stepInfo.tips}
-      >
-        <button className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors">
-          <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-          </svg>
-          Anforderung hinzufuegen
-        </button>
-      </StepHeader>
-
-      {/* Module Alert */}
-      {state.modules.length === 0 && (
-        <div className="bg-amber-50 border border-amber-200 rounded-xl p-4">
-          <div className="flex items-start gap-3">
-            <svg className="w-5 h-5 text-amber-600 mt-0.5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-            </svg>
-            <div>
-              <h4 className="font-medium text-amber-800">Keine Module aktiviert</h4>
-              <p className="text-sm text-amber-700 mt-1">
-                Bitte aktivieren Sie zuerst Compliance-Module, um die zugehoerigen Anforderungen zu laden.
-              </p>
-            </div>
-          </div>
-        </div>
-      )}
-
-      {/* Stats */}
-      <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Gesamt</div>
-          <div className="text-3xl font-bold text-gray-900">{displayRequirements.length}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-green-200 p-6">
-          <div className="text-sm text-green-600">Konform</div>
-          <div className="text-3xl font-bold text-green-600">{compliantCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-yellow-200 p-6">
-          <div className="text-sm text-yellow-600">In Bearbeitung</div>
-          <div className="text-3xl font-bold text-yellow-600">{partialCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-red-200 p-6">
-          <div className="text-sm text-red-600">Offen</div>
-          <div className="text-3xl font-bold text-red-600">{nonCompliantCount}</div>
-        </div>
-      </div>
-
-      {/* Search and Filter */}
-      <div className="flex items-center gap-4">
-        <div className="flex-1 relative">
-          <svg className="w-5 h-5 text-gray-400 absolute left-3 top-1/2 -translate-y-1/2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M21 21l-6-6m2-5a7 7 0 11-14 0 7 7 0 0114 0z" />
-          </svg>
-          <input
-            type="text"
-            value={searchQuery}
-            onChange={(e) => setSearchQuery(e.target.value)}
-            placeholder="Anforderungen durchsuchen..."
-            className="w-full pl-10 pr-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-transparent"
-          />
-        </div>
-        <div className="flex items-center gap-2">
-          {['all', 'compliant', 'partial', 'non-compliant', 'critical'].map(f => (
-            <button
-              key={f}
-              onClick={() => setFilter(f)}
-              className={`px-3 py-1 text-sm rounded-full transition-colors ${
-                filter === f
-                  ? 'bg-purple-600 text-white'
-                  : 'bg-gray-100 text-gray-600 hover:bg-gray-200'
-              }`}
-            >
-              {f === 'all' ? 'Alle' :
-               f === 'compliant' ? 'Konform' :
-               f === 'partial' ? 'Teilweise' :
-               f === 'non-compliant' ? 'Offen' : 'Kritisch'}
-            </button>
-          ))}
-        </div>
-      </div>
-
-      {/* Requirements List */}
-      <div className="space-y-4">
-        {filteredRequirements.map(requirement => (
-          <RequirementCard
-            key={requirement.id}
-            requirement={requirement}
-            onStatusChange={(status) => handleStatusChange(requirement.id, status)}
-          />
-        ))}
-      </div>
-
-      {filteredRequirements.length === 0 && state.modules.length > 0 && (
-        <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-          <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-            <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2" />
-            </svg>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">Keine Anforderungen gefunden</h3>
-          <p className="mt-2 text-gray-500">Passen Sie die Suche oder den Filter an.</p>
-        </div>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/security-backlog/page.tsx

@@ -1,392 +0,0 @@
-'use client'
-
-import React, { useState } from 'react'
-import { useSDK } from '@/lib/sdk'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-interface SecurityItem {
-  id: string
-  title: string
-  description: string
-  type: 'vulnerability' | 'misconfiguration' | 'compliance' | 'hardening'
-  severity: 'critical' | 'high' | 'medium' | 'low'
-  status: 'open' | 'in-progress' | 'resolved' | 'accepted-risk'
-  source: string
-  cve: string | null
-  cvss: number | null
-  affectedAsset: string
-  assignedTo: string | null
-  createdAt: Date
-  dueDate: Date | null
-  remediation: string
-}
-
-// =============================================================================
-// MOCK DATA
-// =============================================================================
-
-const mockItems: SecurityItem[] = [
-  {
-    id: 'sec-001',
-    title: 'SQL Injection in Login-Modul',
-    description: 'Unzureichende Validierung von Benutzereingaben ermoeglicht SQL Injection',
-    type: 'vulnerability',
-    severity: 'critical',
-    status: 'in-progress',
-    source: 'Penetrationstest',
-    cve: 'CVE-2024-12345',
-    cvss: 9.8,
-    affectedAsset: 'auth-service',
-    assignedTo: 'Entwicklung',
-    createdAt: new Date('2024-01-15'),
-    dueDate: new Date('2024-01-25'),
-    remediation: 'Parameterisierte Queries verwenden, Input-Validierung implementieren',
-  },
-  {
-    id: 'sec-002',
-    title: 'Veraltete TLS-Version',
-    description: 'Server unterstuetzt noch TLS 1.0 und 1.1',
-    type: 'misconfiguration',
-    severity: 'high',
-    status: 'open',
-    source: 'Vulnerability Scanner',
-    cve: null,
-    cvss: 7.5,
-    affectedAsset: 'web-server',
-    assignedTo: null,
-    createdAt: new Date('2024-01-18'),
-    dueDate: new Date('2024-02-01'),
-    remediation: 'TLS 1.2 als Minimum konfigurieren, TLS 1.3 bevorzugen',
-  },
-  {
-    id: 'sec-003',
-    title: 'Fehlende Content-Security-Policy',
-    description: 'HTTP-Header CSP nicht konfiguriert',
-    type: 'hardening',
-    severity: 'medium',
-    status: 'open',
-    source: 'Security Audit',
-    cve: null,
-    cvss: 5.4,
-    affectedAsset: 'website',
-    assignedTo: 'DevOps',
-    createdAt: new Date('2024-01-10'),
-    dueDate: new Date('2024-02-15'),
-    remediation: 'Strikte CSP-Header implementieren',
-  },
-  {
-    id: 'sec-004',
-    title: 'Unsichere Cookie-Konfiguration',
-    description: 'Session-Cookies ohne Secure und HttpOnly Flags',
-    type: 'misconfiguration',
-    severity: 'medium',
-    status: 'resolved',
-    source: 'Code Review',
-    cve: null,
-    cvss: 5.3,
-    affectedAsset: 'auth-service',
-    assignedTo: 'Entwicklung',
-    createdAt: new Date('2024-01-05'),
-    dueDate: new Date('2024-01-15'),
-    remediation: 'Cookie-Flags setzen: Secure, HttpOnly, SameSite',
-  },
-  {
-    id: 'sec-005',
-    title: 'Veraltete Abhaengigkeit lodash',
-    description: 'Bekannte Schwachstelle in lodash < 4.17.21',
-    type: 'vulnerability',
-    severity: 'high',
-    status: 'in-progress',
-    source: 'SBOM Scan',
-    cve: 'CVE-2021-23337',
-    cvss: 7.2,
-    affectedAsset: 'frontend-app',
-    assignedTo: 'Entwicklung',
-    createdAt: new Date('2024-01-20'),
-    dueDate: new Date('2024-01-30'),
-    remediation: 'Abhaengigkeit auf Version 4.17.21 oder hoeher aktualisieren',
-  },
-  {
-    id: 'sec-006',
-    title: 'Fehlende Verschluesselung at Rest',
-    description: 'Datenbank-Backup ohne Verschluesselung',
-    type: 'compliance',
-    severity: 'high',
-    status: 'accepted-risk',
-    source: 'Compliance Audit',
-    cve: null,
-    cvss: null,
-    affectedAsset: 'database-backup',
-    assignedTo: 'IT Operations',
-    createdAt: new Date('2024-01-08'),
-    dueDate: null,
-    remediation: 'Backup-Verschluesselung aktivieren (AES-256)',
-  },
-]
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function SecurityItemCard({ item }: { item: SecurityItem }) {
-  const typeLabels = {
-    vulnerability: 'Schwachstelle',
-    misconfiguration: 'Fehlkonfiguration',
-    compliance: 'Compliance',
-    hardening: 'Haertung',
-  }
-
-  const typeColors = {
-    vulnerability: 'bg-red-100 text-red-700',
-    misconfiguration: 'bg-orange-100 text-orange-700',
-    compliance: 'bg-purple-100 text-purple-700',
-    hardening: 'bg-blue-100 text-blue-700',
-  }
-
-  const severityColors = {
-    critical: 'bg-red-500 text-white',
-    high: 'bg-orange-500 text-white',
-    medium: 'bg-yellow-500 text-white',
-    low: 'bg-green-500 text-white',
-  }
-
-  const statusColors = {
-    open: 'bg-blue-100 text-blue-700',
-    'in-progress': 'bg-yellow-100 text-yellow-700',
-    resolved: 'bg-green-100 text-green-700',
-    'accepted-risk': 'bg-gray-100 text-gray-600',
-  }
-
-  const statusLabels = {
-    open: 'Offen',
-    'in-progress': 'In Bearbeitung',
-    resolved: 'Behoben',
-    'accepted-risk': 'Akzeptiert',
-  }
-
-  const isOverdue = item.dueDate && item.dueDate < new Date() && item.status !== 'resolved'
-
-  return (
-    <div className={`bg-white rounded-xl border-2 p-6 ${
-      item.severity === 'critical' && item.status !== 'resolved' ? 'border-red-300' :
-      isOverdue ? 'border-orange-300' :
-      item.status === 'resolved' ? 'border-green-200' : 'border-gray-200'
-    }`}>
-      <div className="flex items-start justify-between">
-        <div className="flex-1">
-          <div className="flex items-center gap-2 mb-2">
-            <span className={`px-2 py-1 text-xs rounded-full ${severityColors[item.severity]}`}>
-              {item.severity.toUpperCase()}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${typeColors[item.type]}`}>
-              {typeLabels[item.type]}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${statusColors[item.status]}`}>
-              {statusLabels[item.status]}
-            </span>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">{item.title}</h3>
-          <p className="text-sm text-gray-500 mt-1">{item.description}</p>
-        </div>
-      </div>
-
-      <div className="mt-4 grid grid-cols-2 gap-4 text-sm">
-        <div>
-          <span className="text-gray-500">Betroffenes Asset: </span>
-          <span className="font-medium text-gray-700">{item.affectedAsset}</span>
-        </div>
-        <div>
-          <span className="text-gray-500">Quelle: </span>
-          <span className="font-medium text-gray-700">{item.source}</span>
-        </div>
-        {item.cve && (
-          <div>
-            <span className="text-gray-500">CVE: </span>
-            <span className="font-mono text-gray-700">{item.cve}</span>
-          </div>
-        )}
-        {item.cvss && (
-          <div>
-            <span className="text-gray-500">CVSS: </span>
-            <span className={`font-bold ${
-              item.cvss >= 9 ? 'text-red-600' :
-              item.cvss >= 7 ? 'text-orange-600' :
-              item.cvss >= 4 ? 'text-yellow-600' : 'text-green-600'
-            }`}>{item.cvss}</span>
-          </div>
-        )}
-        <div>
-          <span className="text-gray-500">Zugewiesen: </span>
-          <span className="font-medium text-gray-700">{item.assignedTo || 'Nicht zugewiesen'}</span>
-        </div>
-        {item.dueDate && (
-          <div className={isOverdue ? 'text-red-600' : ''}>
-            <span className="text-gray-500">Frist: </span>
-            <span className="font-medium">
-              {item.dueDate.toLocaleDateString('de-DE')}
-              {isOverdue && ' (ueberfaellig)'}
-            </span>
-          </div>
-        )}
-      </div>
-
-      <div className="mt-4 p-3 bg-gray-50 rounded-lg">
-        <span className="text-sm text-gray-500">Empfohlene Massnahme: </span>
-        <span className="text-sm text-gray-700">{item.remediation}</span>
-      </div>
-
-      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between">
-        <span className="text-xs text-gray-500">
-          Erstellt: {item.createdAt.toLocaleDateString('de-DE')}
-        </span>
-        {item.status !== 'resolved' && (
-          <div className="flex items-center gap-2">
-            <button className="px-3 py-1 text-sm text-purple-600 hover:bg-purple-50 rounded-lg transition-colors">
-              Bearbeiten
-            </button>
-            <button className="px-3 py-1 text-sm bg-green-50 text-green-700 hover:bg-green-100 rounded-lg transition-colors">
-              Als behoben markieren
-            </button>
-          </div>
-        )}
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-export default function SecurityBacklogPage() {
-  const { state } = useSDK()
-  const [items] = useState<SecurityItem[]>(mockItems)
-  const [filter, setFilter] = useState<string>('all')
-
-  const filteredItems = filter === 'all'
-    ? items
-    : items.filter(i => i.severity === filter || i.status === filter || i.type === filter)
-
-  const openItems = items.filter(i => i.status === 'open').length
-  const criticalCount = items.filter(i => i.severity === 'critical' && i.status !== 'resolved').length
-  const highCount = items.filter(i => i.severity === 'high' && i.status !== 'resolved').length
-  const overdueCount = items.filter(i =>
-    i.dueDate && i.dueDate < new Date() && i.status !== 'resolved'
-  ).length
-
-  return (
-    <div className="space-y-6">
-      {/* Header */}
-      <div className="flex items-center justify-between">
-        <div>
-          <h1 className="text-2xl font-bold text-gray-900">Security Backlog</h1>
-          <p className="mt-1 text-gray-500">
-            Verwalten Sie Sicherheitsbefunde und verfolgen Sie deren Behebung
-          </p>
-        </div>
-        <div className="flex items-center gap-2">
-          <button className="px-4 py-2 text-gray-600 hover:bg-gray-100 rounded-lg transition-colors">
-            SBOM importieren
-          </button>
-          <button className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors">
-            <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
-            </svg>
-            Befund erfassen
-          </button>
-        </div>
-      </div>
-
-      {/* Stats */}
-      <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Offen</div>
-          <div className="text-3xl font-bold text-gray-900">{openItems}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-red-200 p-6">
-          <div className="text-sm text-red-600">Kritisch</div>
-          <div className="text-3xl font-bold text-red-600">{criticalCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-orange-200 p-6">
-          <div className="text-sm text-orange-600">Hoch</div>
-          <div className="text-3xl font-bold text-orange-600">{highCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-yellow-200 p-6">
-          <div className="text-sm text-yellow-600">Ueberfaellig</div>
-          <div className="text-3xl font-bold text-yellow-600">{overdueCount}</div>
-        </div>
-      </div>
-
-      {/* Critical Alert */}
-      {criticalCount > 0 && (
-        <div className="bg-red-50 border border-red-200 rounded-xl p-4 flex items-center gap-4">
-          <div className="w-10 h-10 bg-red-100 rounded-full flex items-center justify-center">
-            <svg className="w-5 h-5 text-red-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-            </svg>
-          </div>
-          <div>
-            <h4 className="font-medium text-red-800">{criticalCount} kritische Schwachstelle(n) erfordern sofortige Aufmerksamkeit</h4>
-            <p className="text-sm text-red-600">
-              Diese Befunde haben ein CVSS von 9.0 oder hoeher und sollten priorisiert werden.
-            </p>
-          </div>
-        </div>
-      )}
-
-      {/* Filter */}
-      <div className="flex items-center gap-2 flex-wrap">
-        <span className="text-sm text-gray-500">Filter:</span>
-        {['all', 'open', 'in-progress', 'critical', 'high', 'vulnerability', 'misconfiguration'].map(f => (
-          <button
-            key={f}
-            onClick={() => setFilter(f)}
-            className={`px-3 py-1 text-sm rounded-full transition-colors ${
-              filter === f
-                ? 'bg-purple-600 text-white'
-                : 'bg-gray-100 text-gray-600 hover:bg-gray-200'
-            }`}
-          >
-            {f === 'all' ? 'Alle' :
-             f === 'open' ? 'Offen' :
-             f === 'in-progress' ? 'In Bearbeitung' :
-             f === 'critical' ? 'Kritisch' :
-             f === 'high' ? 'Hoch' :
-             f === 'vulnerability' ? 'Schwachstellen' : 'Fehlkonfigurationen'}
-          </button>
-        ))}
-      </div>
-
-      {/* Items List */}
-      <div className="space-y-4">
-        {filteredItems
-          .sort((a, b) => {
-            // Sort by severity and status
-            const severityOrder = { critical: 0, high: 1, medium: 2, low: 3 }
-            const statusOrder = { open: 0, 'in-progress': 1, 'accepted-risk': 2, resolved: 3 }
-            const severityDiff = severityOrder[a.severity] - severityOrder[b.severity]
-            if (severityDiff !== 0) return severityDiff
-            return statusOrder[a.status] - statusOrder[b.status]
-          })
-          .map(item => (
-            <SecurityItemCard key={item.id} item={item} />
-          ))}
-      </div>
-
-      {filteredItems.length === 0 && (
-        <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-          <div className="w-16 h-16 mx-auto bg-green-100 rounded-full flex items-center justify-center mb-4">
-            <svg className="w-8 h-8 text-green-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z" />
-            </svg>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">Keine Befunde gefunden</h3>
-          <p className="mt-2 text-gray-500">Passen Sie den Filter an oder fuehren Sie einen neuen Scan durch.</p>
-        </div>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/source-policy/page.tsx

@@ -1,202 +0,0 @@
-'use client'
-
-/**
- * Source Policy Management Page (SDK Version)
- *
- * Whitelist-based data source management for edu-search-service.
- * For auditors: Full audit trail for all changes.
- */
-
-import { useState, useEffect } from 'react'
-import { useSDK } from '@/lib/sdk'
-import StepHeader from '@/components/sdk/StepHeader/StepHeader'
-import { SourcesTab } from '@/components/sdk/source-policy/SourcesTab'
-import { OperationsMatrixTab } from '@/components/sdk/source-policy/OperationsMatrixTab'
-import { PIIRulesTab } from '@/components/sdk/source-policy/PIIRulesTab'
-import { AuditTab } from '@/components/sdk/source-policy/AuditTab'
-
-// API base URL for edu-search-service
-const getApiBase = () => {
-  if (typeof window === 'undefined') return 'http://localhost:8088'
-  const hostname = window.location.hostname
-  if (hostname === 'localhost' || hostname === '127.0.0.1') {
-    return 'http://localhost:8088'
-  }
-  return `https://${hostname}:8089`
-}
-
-interface PolicyStats {
-  active_policies: number
-  allowed_sources: number
-  pii_rules: number
-  blocked_today: number
-  blocked_total: number
-}
-
-type TabId = 'dashboard' | 'sources' | 'operations' | 'pii' | 'audit'
-
-export default function SourcePolicyPage() {
-  const { state } = useSDK()
-  const [activeTab, setActiveTab] = useState<TabId>('dashboard')
-  const [stats, setStats] = useState<PolicyStats | null>(null)
-  const [loading, setLoading] = useState(true)
-  const [error, setError] = useState<string | null>(null)
-  const [apiBase, setApiBase] = useState<string | null>(null)
-
-  useEffect(() => {
-    const base = getApiBase()
-    setApiBase(base)
-  }, [])
-
-  useEffect(() => {
-    if (apiBase !== null) {
-      fetchStats()
-    }
-  }, [apiBase])
-
-  const fetchStats = async () => {
-    try {
-      setLoading(true)
-      const res = await fetch(`${apiBase}/v1/admin/policy-stats`)
-
-      if (!res.ok) {
-        throw new Error('Fehler beim Laden der Statistiken')
-      }
-
-      const data = await res.json()
-      setStats(data)
-    } catch (err) {
-      setError(err instanceof Error ? err.message : 'Unbekannter Fehler')
-      setStats({
-        active_policies: 0,
-        allowed_sources: 0,
-        pii_rules: 0,
-        blocked_today: 0,
-        blocked_total: 0,
-      })
-    } finally {
-      setLoading(false)
-    }
-  }
-
-  const tabs: { id: TabId; name: string; icon: JSX.Element }[] = [
-    {
-      id: 'dashboard',
-      name: 'Dashboard',
-      icon: (
-        <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-          <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M4 6a2 2 0 012-2h2a2 2 0 012 2v2a2 2 0 01-2 2H6a2 2 0 01-2-2V6zM14 6a2 2 0 012-2h2a2 2 0 012 2v2a2 2 0 01-2 2h-2a2 2 0 01-2-2V6zM4 16a2 2 0 012-2h2a2 2 0 012 2v2a2 2 0 01-2 2H6a2 2 0 01-2-2v-2zM14 16a2 2 0 012-2h2a2 2 0 012 2v2a2 2 0 01-2 2h-2a2 2 0 01-2-2v-2z" />
-        </svg>
-      ),
-    },
-    {
-      id: 'sources',
-      name: 'Quellen',
-      icon: (
-        <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-          <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M21 12a9 9 0 01-9 9m9-9a9 9 0 00-9-9m9 9H3m9 9a9 9 0 01-9-9m9 9c1.657 0 3-4.03 3-9s-1.343-9-3-9m0 18c-1.657 0-3-4.03-3-9s1.343-9 3-9m-9 9a9 9 0 019-9" />
-        </svg>
-      ),
-    },
-    {
-      id: 'operations',
-      name: 'Operations',
-      icon: (
-        <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-          <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4" />
-        </svg>
-      ),
-    },
-    {
-      id: 'pii',
-      name: 'PII-Regeln',
-      icon: (
-        <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-          <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" />
-        </svg>
-      ),
-    },
-    {
-      id: 'audit',
-      name: 'Audit',
-      icon: (
-        <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-          <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z" />
-        </svg>
-      ),
-    },
-  ]
-
-  return (
-    <div className="space-y-6">
-      <StepHeader stepId="source-policy" showProgress={true} />
-
-      {/* Error Display */}
-      {error && (
-        <div className="mb-4 p-4 bg-red-50 border border-red-200 rounded-lg text-red-700 flex items-center justify-between">
-          <span>{error}</span>
-          <button onClick={() => setError(null)} className="text-red-500 hover:text-red-700">
-            &times;
-          </button>
-        </div>
-      )}
-
-      {/* Stats Cards */}
-      {stats && (
-        <div className="grid grid-cols-2 md:grid-cols-4 gap-4">
-          <div className="bg-white rounded-xl border border-slate-200 p-4">
-            <div className="text-2xl font-bold text-purple-600">{stats.active_policies}</div>
-            <div className="text-sm text-slate-500">Aktive Policies</div>
-          </div>
-          <div className="bg-white rounded-xl border border-slate-200 p-4">
-            <div className="text-2xl font-bold text-green-600">{stats.allowed_sources}</div>
-            <div className="text-sm text-slate-500">Zugelassene Quellen</div>
-          </div>
-          <div className="bg-white rounded-xl border border-slate-200 p-4">
-            <div className="text-2xl font-bold text-red-600">{stats.blocked_today}</div>
-            <div className="text-sm text-slate-500">Blockiert (heute)</div>
-          </div>
-          <div className="bg-white rounded-xl border border-slate-200 p-4">
-            <div className="text-2xl font-bold text-blue-600">{stats.pii_rules}</div>
-            <div className="text-sm text-slate-500">PII-Regeln</div>
-          </div>
-        </div>
-      )}
-
-      {/* Tabs */}
-      <div className="flex gap-2 flex-wrap">
-        {tabs.map((tab) => (
-          <button
-            key={tab.id}
-            onClick={() => setActiveTab(tab.id)}
-            className={`px-4 py-2 rounded-lg font-medium transition-colors flex items-center gap-2 ${
-              activeTab === tab.id
-                ? 'bg-purple-600 text-white'
-                : 'bg-slate-100 text-slate-700 hover:bg-slate-200'
-            }`}
-          >
-            {tab.icon}
-            {tab.name}
-          </button>
-        ))}
-      </div>
-
-      {/* Tab Content */}
-      {apiBase === null ? (
-        <div className="text-center py-12 text-slate-500">Initialisiere...</div>
-      ) : (
-        <>
-          {activeTab === 'dashboard' && (
-            <div className="text-center py-12 text-slate-500">
-              {loading ? 'Lade Dashboard...' : 'Dashboard-Ansicht - Wechseln Sie zu einem Tab fuer Details.'}
-            </div>
-          )}
-          {activeTab === 'sources' && <SourcesTab apiBase={apiBase} onUpdate={fetchStats} />}
-          {activeTab === 'operations' && <OperationsMatrixTab apiBase={apiBase} />}
-          {activeTab === 'pii' && <PIIRulesTab apiBase={apiBase} onUpdate={fetchStats} />}
-          {activeTab === 'audit' && <AuditTab apiBase={apiBase} />}
-        </>
-      )}
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/training/page.tsx

@@ -1,607 +0,0 @@
-'use client'
-
-import { useEffect, useState } from 'react'
-import {
-  getModules, getMatrix, getAssignments, getStats, getDeadlines, getModuleMedia,
-  getAuditLog, generateContent, generateQuiz,
-  publishContent, checkEscalation, getContent,
-  generateAllContent, generateAllQuizzes,
-} from '@/lib/sdk/training/api'
-import type {
-  TrainingModule, TrainingAssignment,
-  MatrixResponse, TrainingStats, DeadlineInfo, AuditLogEntry, ModuleContent, TrainingMedia, VideoScript,
-} from '@/lib/sdk/training/types'
-import {
-  REGULATION_LABELS, REGULATION_COLORS, FREQUENCY_LABELS,
-  STATUS_LABELS, STATUS_COLORS, ROLE_LABELS, ALL_ROLES,
-} from '@/lib/sdk/training/types'
-import AudioPlayer from '@/components/training/AudioPlayer'
-import VideoPlayer from '@/components/training/VideoPlayer'
-import ScriptPreview from '@/components/training/ScriptPreview'
-type Tab = 'overview' | 'modules' | 'matrix' | 'assignments' | 'content' | 'audit'
-
-export default function TrainingPage() {
-  const [activeTab, setActiveTab] = useState<Tab>('overview')
-  const [loading, setLoading] = useState(true)
-  const [error, setError] = useState<string | null>(null)
-
-  const [stats, setStats] = useState<TrainingStats | null>(null)
-  const [modules, setModules] = useState<TrainingModule[]>([])
-  const [matrix, setMatrix] = useState<MatrixResponse | null>(null)
-  const [assignments, setAssignments] = useState<TrainingAssignment[]>([])
-  const [deadlines, setDeadlines] = useState<DeadlineInfo[]>([])
-  const [auditLog, setAuditLog] = useState<AuditLogEntry[]>([])
-
-  const [selectedModuleId, setSelectedModuleId] = useState<string>('')
-  const [generatedContent, setGeneratedContent] = useState<ModuleContent | null>(null)
-  const [generating, setGenerating] = useState(false)
-  const [bulkGenerating, setBulkGenerating] = useState(false)
-  const [bulkResult, setBulkResult] = useState<{ generated: number; skipped: number; errors: string[] } | null>(null)
-  const [moduleMedia, setModuleMedia] = useState<TrainingMedia[]>([])
-
-  const [statusFilter, setStatusFilter] = useState<string>('')
-  const [regulationFilter, setRegulationFilter] = useState<string>('')
-
-  useEffect(() => {
-    loadData()
-  }, [])
-
-  async function loadData() {
-    setLoading(true)
-    setError(null)
-    try {
-      const [statsRes, modulesRes, matrixRes, assignmentsRes, deadlinesRes, auditRes] = await Promise.allSettled([
-        getStats(),
-        getModules(),
-        getMatrix(),
-        getAssignments({ limit: 50 }),
-        getDeadlines(10),
-        getAuditLog({ limit: 30 }),
-      ])
-
-      if (statsRes.status === 'fulfilled') setStats(statsRes.value)
-      if (modulesRes.status === 'fulfilled') setModules(modulesRes.value.modules)
-      if (matrixRes.status === 'fulfilled') setMatrix(matrixRes.value)
-      if (assignmentsRes.status === 'fulfilled') setAssignments(assignmentsRes.value.assignments)
-      if (deadlinesRes.status === 'fulfilled') setDeadlines(deadlinesRes.value.deadlines)
-      if (auditRes.status === 'fulfilled') setAuditLog(auditRes.value.entries)
-    } catch (e) {
-      setError(e instanceof Error ? e.message : 'Fehler beim Laden')
-    } finally {
-      setLoading(false)
-    }
-  }
-
-  async function handleGenerateContent() {
-    if (!selectedModuleId) return
-    setGenerating(true)
-    try {
-      const content = await generateContent(selectedModuleId)
-      setGeneratedContent(content)
-    } catch (e) {
-      setError(e instanceof Error ? e.message : 'Fehler bei der Content-Generierung')
-    } finally {
-      setGenerating(false)
-    }
-  }
-
-  async function handleGenerateQuiz() {
-    if (!selectedModuleId) return
-    setGenerating(true)
-    try {
-      await generateQuiz(selectedModuleId, 5)
-      await loadData()
-    } catch (e) {
-      setError(e instanceof Error ? e.message : 'Fehler bei der Quiz-Generierung')
-    } finally {
-      setGenerating(false)
-    }
-  }
-
-  async function handlePublishContent(contentId: string) {
-    try {
-      await publishContent(contentId)
-      setGeneratedContent(null)
-      await loadData()
-    } catch (e) {
-      setError(e instanceof Error ? e.message : 'Fehler beim Veroeffentlichen')
-    }
-  }
-
-  async function handleCheckEscalation() {
-    try {
-      const result = await checkEscalation()
-      alert(`Eskalation geprueft: ${result.total_checked} geprueft, ${result.escalated} eskaliert`)
-      await loadData()
-    } catch (e) {
-      setError(e instanceof Error ? e.message : 'Fehler bei der Eskalationspruefung')
-    }
-  }
-
-  async function handleLoadContent(moduleId: string) {
-    try {
-      const content = await getContent(moduleId)
-      setGeneratedContent(content)
-    } catch {
-      setGeneratedContent(null)
-    }
-  }
-
-  async function handleBulkContent() {
-    setBulkGenerating(true)
-    setBulkResult(null)
-    try {
-      const result = await generateAllContent('de')
-      setBulkResult({ generated: result.generated ?? 0, skipped: result.skipped ?? 0, errors: result.errors ?? [] })
-      await loadData()
-    } catch (e) {
-      setError(e instanceof Error ? e.message : 'Fehler bei der Bulk-Generierung')
-    } finally {
-      setBulkGenerating(false)
-    }
-  }
-
-  async function loadModuleMedia(moduleId: string) {
-    try {
-      const result = await getModuleMedia(moduleId)
-      setModuleMedia(result.media)
-    } catch {
-      setModuleMedia([])
-    }
-  }
-
-  async function handleBulkQuiz() {
-    setBulkGenerating(true)
-    setBulkResult(null)
-    try {
-      const result = await generateAllQuizzes()
-      setBulkResult({ generated: result.generated ?? 0, skipped: result.skipped ?? 0, errors: result.errors ?? [] })
-      await loadData()
-    } catch (e) {
-      setError(e instanceof Error ? e.message : 'Fehler bei der Bulk-Quiz-Generierung')
-    } finally {
-      setBulkGenerating(false)
-    }
-  }
-
-  const tabs: { id: Tab; label: string }[] = [
-    { id: 'overview', label: 'Uebersicht' },
-    { id: 'modules', label: 'Modulkatalog' },
-    { id: 'matrix', label: 'Training Matrix' },
-    { id: 'assignments', label: 'Zuweisungen' },
-    { id: 'content', label: 'Content-Generator' },
-    { id: 'audit', label: 'Audit Trail' },
-  ]
-
-  const filteredModules = modules.filter(m =>
-    (!regulationFilter || m.regulation_area === regulationFilter)
-  )
-
-  const filteredAssignments = assignments.filter(a =>
-    (!statusFilter || a.status === statusFilter)
-  )
-
-  if (loading) {
-    return (
-      <div className="p-6">
-        <div className="animate-pulse space-y-4">
-          <div className="h-8 bg-gray-200 rounded w-1/3"></div>
-          <div className="grid grid-cols-4 gap-4">
-            {[1,2,3,4].map(i => <div key={i} className="h-24 bg-gray-200 rounded"></div>)}
-          </div>
-        </div>
-      </div>
-    )
-  }
-
-  return (
-    <div className="p-6 space-y-6">
-      {/* Header */}
-      <div className="flex items-center justify-between">
-        <div>
-          <h1 className="text-2xl font-bold text-gray-900">Compliance Training Engine</h1>
-          <p className="text-sm text-gray-500 mt-1">
-            Training-Module, Zuweisungen und Compliance-Schulungen verwalten
-          </p>
-        </div>
-        <button
-          onClick={handleCheckEscalation}
-          className="px-4 py-2 text-sm bg-orange-50 text-orange-700 border border-orange-200 rounded-lg hover:bg-orange-100"
-        >
-          Eskalation pruefen
-        </button>
-      </div>
-
-      {error && (
-        <div className="bg-red-50 border border-red-200 text-red-700 px-4 py-3 rounded-lg text-sm">
-          {error}
-          <button onClick={() => setError(null)} className="ml-2 underline">Schliessen</button>
-        </div>
-      )}
-
-      {/* Tabs */}
-      <div className="border-b border-gray-200">
-        <nav className="flex -mb-px space-x-6">
-          {tabs.map(tab => (
-            <button
-              key={tab.id}
-              onClick={() => setActiveTab(tab.id)}
-              className={`pb-3 px-1 text-sm font-medium border-b-2 transition-colors ${
-                activeTab === tab.id
-                  ? 'border-blue-500 text-blue-600'
-                  : 'border-transparent text-gray-500 hover:text-gray-700 hover:border-gray-300'
-              }`}
-            >
-              {tab.label}
-            </button>
-          ))}
-        </nav>
-      </div>
-
-      {/* Tab Content */}
-      {activeTab === 'overview' && stats && (
-        <div className="space-y-6">
-          <div className="grid grid-cols-2 md:grid-cols-4 gap-4">
-            <KPICard label="Module" value={stats.total_modules} />
-            <KPICard label="Zuweisungen" value={stats.total_assignments} />
-            <KPICard label="Abschlussrate" value={`${stats.completion_rate.toFixed(1)}%`} color={stats.completion_rate >= 80 ? 'green' : stats.completion_rate >= 50 ? 'yellow' : 'red'} />
-            <KPICard label="Ueberfaellig" value={stats.overdue_count} color={stats.overdue_count > 0 ? 'red' : 'green'} />
-          </div>
-
-          <div className="grid grid-cols-2 md:grid-cols-4 gap-4">
-            <KPICard label="Ausstehend" value={stats.pending_count} />
-            <KPICard label="In Bearbeitung" value={stats.in_progress_count} />
-            <KPICard label="Avg. Quiz-Score" value={`${stats.avg_quiz_score.toFixed(1)}%`} />
-            <KPICard label="Deadlines (7d)" value={stats.upcoming_deadlines} color={stats.upcoming_deadlines > 5 ? 'yellow' : 'green'} />
-          </div>
-
-          {/* Status Bar */}
-          <div className="bg-white border rounded-lg p-4">
-            <h3 className="text-sm font-medium text-gray-700 mb-3">Status-Verteilung</h3>
-            {stats.total_assignments > 0 && (
-              <div className="flex gap-1 h-6 rounded-full overflow-hidden bg-gray-100">
-                {stats.completed_count > 0 && <div className="bg-green-500" style={{ width: `${(stats.completed_count / stats.total_assignments) * 100}%` }} title={`Abgeschlossen: ${stats.completed_count}`} />}
-                {stats.in_progress_count > 0 && <div className="bg-blue-500" style={{ width: `${(stats.in_progress_count / stats.total_assignments) * 100}%` }} title={`In Bearbeitung: ${stats.in_progress_count}`} />}
-                {stats.pending_count > 0 && <div className="bg-gray-400" style={{ width: `${(stats.pending_count / stats.total_assignments) * 100}%` }} title={`Ausstehend: ${stats.pending_count}`} />}
-                {stats.overdue_count > 0 && <div className="bg-red-500" style={{ width: `${(stats.overdue_count / stats.total_assignments) * 100}%` }} title={`Ueberfaellig: ${stats.overdue_count}`} />}
-              </div>
-            )}
-            <div className="flex gap-4 mt-2 text-xs text-gray-500">
-              <span className="flex items-center gap-1"><span className="w-3 h-3 rounded-full bg-green-500 inline-block" /> Abgeschlossen</span>
-              <span className="flex items-center gap-1"><span className="w-3 h-3 rounded-full bg-blue-500 inline-block" /> In Bearbeitung</span>
-              <span className="flex items-center gap-1"><span className="w-3 h-3 rounded-full bg-gray-400 inline-block" /> Ausstehend</span>
-              <span className="flex items-center gap-1"><span className="w-3 h-3 rounded-full bg-red-500 inline-block" /> Ueberfaellig</span>
-            </div>
-          </div>
-
-          {/* Deadlines */}
-          {deadlines.length > 0 && (
-            <div className="bg-white border rounded-lg p-4">
-              <h3 className="text-sm font-medium text-gray-700 mb-3">Naechste Deadlines</h3>
-              <div className="space-y-2">
-                {deadlines.slice(0, 5).map(d => (
-                  <div key={d.assignment_id} className="flex items-center justify-between text-sm">
-                    <div>
-                      <span className="font-medium">{d.module_title}</span>
-                      <span className="text-gray-500 ml-2">({d.user_name})</span>
-                    </div>
-                    <span className={`px-2 py-0.5 rounded text-xs ${
-                      d.days_left <= 0 ? 'bg-red-100 text-red-700' :
-                      d.days_left <= 7 ? 'bg-yellow-100 text-yellow-700' :
-                      'bg-gray-100 text-gray-600'
-                    }`}>
-                      {d.days_left <= 0 ? `${Math.abs(d.days_left)} Tage ueberfaellig` : `${d.days_left} Tage`}
-                    </span>
-                  </div>
-                ))}
-              </div>
-            </div>
-          )}
-        </div>
-      )}
-
-      {activeTab === 'modules' && (
-        <div className="space-y-4">
-          <div className="flex gap-3">
-            <select value={regulationFilter} onChange={e => setRegulationFilter(e.target.value)} className="px-3 py-1.5 text-sm border rounded-lg bg-white">
-              <option value="">Alle Bereiche</option>
-              {Object.entries(REGULATION_LABELS).map(([key, label]) => (
-                <option key={key} value={key}>{label}</option>
-              ))}
-            </select>
-          </div>
-
-          <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
-            {filteredModules.map(m => (
-              <div key={m.id} className="bg-white border rounded-lg p-4 hover:shadow-sm transition-shadow">
-                <div className="flex items-start justify-between">
-                  <div>
-                    <span className={`inline-block px-2 py-0.5 rounded text-xs font-medium ${REGULATION_COLORS[m.regulation_area]?.bg || 'bg-gray-100'} ${REGULATION_COLORS[m.regulation_area]?.text || 'text-gray-700'}`}>
-                      {REGULATION_LABELS[m.regulation_area] || m.regulation_area}
-                    </span>
-                    <h3 className="mt-2 font-medium text-gray-900">{m.title}</h3>
-                    <p className="text-xs text-gray-500 mt-0.5">{m.module_code}</p>
-                  </div>
-                  {m.nis2_relevant && (
-                    <span className="text-xs px-1.5 py-0.5 bg-purple-100 text-purple-700 rounded">NIS2</span>
-                  )}
-                </div>
-                {m.description && <p className="text-sm text-gray-600 mt-2 line-clamp-2">{m.description}</p>}
-                <div className="flex items-center gap-3 mt-3 text-xs text-gray-500">
-                  <span>{m.duration_minutes} Min.</span>
-                  <span>{FREQUENCY_LABELS[m.frequency_type]}</span>
-                  <span>Quiz: {m.pass_threshold}%</span>
-                </div>
-              </div>
-            ))}
-          </div>
-          {filteredModules.length === 0 && <p className="text-center text-gray-500 py-8">Keine Module gefunden</p>}
-        </div>
-      )}
-
-      {activeTab === 'matrix' && matrix && (
-        <div className="space-y-4">
-          <p className="text-sm text-gray-600">Compliance Training Matrix (CTM): Welche Rollen benoetigen welche Schulungsmodule</p>
-          <div className="overflow-x-auto">
-            <table className="w-full text-sm border-collapse">
-              <thead>
-                <tr className="bg-gray-50">
-                  <th className="text-left p-2 border font-medium text-gray-700 w-48">Rolle</th>
-                  <th className="text-left p-2 border font-medium text-gray-700">Module</th>
-                  <th className="text-center p-2 border font-medium text-gray-700 w-20">Anzahl</th>
-                </tr>
-              </thead>
-              <tbody>
-                {ALL_ROLES.map(role => {
-                  const entries = matrix.entries[role] || []
-                  return (
-                    <tr key={role} className="border-b hover:bg-gray-50">
-                      <td className="p-2 border font-medium">
-                        <span className="text-gray-900">{role}</span>
-                        <span className="text-gray-500 ml-1 text-xs">{ROLE_LABELS[role]}</span>
-                      </td>
-                      <td className="p-2 border">
-                        <div className="flex flex-wrap gap-1">
-                          {entries.map(e => (
-                            <span key={e.id || e.module_id} className={`inline-block px-2 py-0.5 rounded text-xs ${e.is_mandatory ? 'bg-blue-100 text-blue-700' : 'bg-gray-100 text-gray-600'}`} title={`${e.module_title} (${e.is_mandatory ? 'Pflicht' : 'Optional'})`}>
-                              {e.module_code}
-                            </span>
-                          ))}
-                          {entries.length === 0 && <span className="text-gray-400 text-xs">Keine Module</span>}
-                        </div>
-                      </td>
-                      <td className="p-2 border text-center">{entries.length}</td>
-                    </tr>
-                  )
-                })}
-              </tbody>
-            </table>
-          </div>
-        </div>
-      )}
-
-      {activeTab === 'assignments' && (
-        <div className="space-y-4">
-          <div className="flex gap-3">
-            <select value={statusFilter} onChange={e => setStatusFilter(e.target.value)} className="px-3 py-1.5 text-sm border rounded-lg bg-white">
-              <option value="">Alle Status</option>
-              {Object.entries(STATUS_LABELS).map(([key, label]) => (
-                <option key={key} value={key}>{label}</option>
-              ))}
-            </select>
-          </div>
-
-          <div className="overflow-x-auto">
-            <table className="w-full text-sm border-collapse">
-              <thead>
-                <tr className="bg-gray-50">
-                  <th className="text-left p-2 border font-medium text-gray-700">Modul</th>
-                  <th className="text-left p-2 border font-medium text-gray-700">Mitarbeiter</th>
-                  <th className="text-left p-2 border font-medium text-gray-700">Rolle</th>
-                  <th className="text-center p-2 border font-medium text-gray-700">Fortschritt</th>
-                  <th className="text-center p-2 border font-medium text-gray-700">Status</th>
-                  <th className="text-center p-2 border font-medium text-gray-700">Quiz</th>
-                  <th className="text-left p-2 border font-medium text-gray-700">Deadline</th>
-                  <th className="text-center p-2 border font-medium text-gray-700">Eskalation</th>
-                </tr>
-              </thead>
-              <tbody>
-                {filteredAssignments.map(a => (
-                  <tr key={a.id} className="border-b hover:bg-gray-50">
-                    <td className="p-2 border">
-                      <div className="font-medium">{a.module_title || a.module_code}</div>
-                      <div className="text-xs text-gray-500">{a.module_code}</div>
-                    </td>
-                    <td className="p-2 border">
-                      <div>{a.user_name}</div>
-                      <div className="text-xs text-gray-500">{a.user_email}</div>
-                    </td>
-                    <td className="p-2 border text-xs">{a.role_code || '-'}</td>
-                    <td className="p-2 border text-center">
-                      <div className="flex items-center gap-2">
-                        <div className="flex-1 bg-gray-200 rounded-full h-2">
-                          <div className="bg-blue-500 h-2 rounded-full" style={{ width: `${a.progress_percent}%` }} />
-                        </div>
-                        <span className="text-xs w-8">{a.progress_percent}%</span>
-                      </div>
-                    </td>
-                    <td className="p-2 border text-center">
-                      <span className={`px-2 py-0.5 rounded text-xs ${STATUS_COLORS[a.status]?.bg || ''} ${STATUS_COLORS[a.status]?.text || ''}`}>
-                        {STATUS_LABELS[a.status] || a.status}
-                      </span>
-                    </td>
-                    <td className="p-2 border text-center text-xs">
-                      {a.quiz_score != null ? (
-                        <span className={`font-medium ${a.quiz_passed ? 'text-green-600' : 'text-red-600'}`}>{a.quiz_score.toFixed(0)}%</span>
-                      ) : '-'}
-                    </td>
-                    <td className="p-2 border text-xs">{new Date(a.deadline).toLocaleDateString('de-DE')}</td>
-                    <td className="p-2 border text-center">
-                      {a.escalation_level > 0 ? <span className="px-2 py-0.5 rounded text-xs bg-red-100 text-red-700">L{a.escalation_level}</span> : '-'}
-                    </td>
-                  </tr>
-                ))}
-              </tbody>
-            </table>
-          </div>
-          {filteredAssignments.length === 0 && <p className="text-center text-gray-500 py-8">Keine Zuweisungen</p>}
-        </div>
-      )}
-
-      {activeTab === 'content' && (
-        <div className="space-y-6">
-          {/* Bulk Generation */}
-          <div className="bg-white border rounded-lg p-4">
-            <h3 className="text-sm font-medium text-gray-700 mb-3">Bulk-Generierung</h3>
-            <p className="text-xs text-gray-500 mb-4">Generiere Inhalte und Quiz-Fragen fuer alle Module auf einmal</p>
-            <div className="flex gap-3">
-              <button
-                onClick={handleBulkContent}
-                disabled={bulkGenerating}
-                className="px-4 py-2 text-sm bg-green-600 text-white rounded-lg hover:bg-green-700 disabled:opacity-50"
-              >
-                {bulkGenerating ? 'Generiere...' : 'Alle Inhalte generieren'}
-              </button>
-              <button
-                onClick={handleBulkQuiz}
-                disabled={bulkGenerating}
-                className="px-4 py-2 text-sm bg-indigo-600 text-white rounded-lg hover:bg-indigo-700 disabled:opacity-50"
-              >
-                {bulkGenerating ? 'Generiere...' : 'Alle Quizfragen generieren'}
-              </button>
-            </div>
-            {bulkResult && (
-              <div className="mt-4 p-3 bg-gray-50 rounded-lg text-sm">
-                <div className="flex gap-6">
-                  <span className="text-green-700">Generiert: {bulkResult.generated}</span>
-                  <span className="text-gray-500">Uebersprungen: {bulkResult.skipped}</span>
-                  {bulkResult.errors?.length > 0 && (
-                    <span className="text-red-600">Fehler: {bulkResult.errors.length}</span>
-                  )}
-                </div>
-                {bulkResult.errors?.length > 0 && (
-                  <div className="mt-2 text-xs text-red-600">
-                    {bulkResult.errors.map((err, i) => <div key={i}>{err}</div>)}
-                  </div>
-                )}
-              </div>
-            )}
-          </div>
-
-          <div className="bg-white border rounded-lg p-4">
-            <h3 className="text-sm font-medium text-gray-700 mb-3">LLM-Content-Generator</h3>
-            <p className="text-xs text-gray-500 mb-4">Generiere Schulungsinhalte und Quiz-Fragen automatisch via KI</p>
-            <div className="flex gap-3 items-end">
-              <div className="flex-1">
-                <label className="text-xs text-gray-600 block mb-1">Modul auswaehlen</label>
-                <select
-                  value={selectedModuleId}
-                  onChange={e => { setSelectedModuleId(e.target.value); setGeneratedContent(null); setModuleMedia([]); if (e.target.value) { handleLoadContent(e.target.value); loadModuleMedia(e.target.value); } }}
-                  className="w-full px-3 py-2 text-sm border rounded-lg bg-white"
-                >
-                  <option value="">Modul waehlen...</option>
-                  {modules.map(m => <option key={m.id} value={m.id}>{m.module_code} - {m.title}</option>)}
-                </select>
-              </div>
-              <button onClick={handleGenerateContent} disabled={!selectedModuleId || generating} className="px-4 py-2 text-sm bg-blue-600 text-white rounded-lg hover:bg-blue-700 disabled:opacity-50">
-                {generating ? 'Generiere...' : 'Inhalt generieren'}
-              </button>
-              <button onClick={handleGenerateQuiz} disabled={!selectedModuleId || generating} className="px-4 py-2 text-sm bg-purple-600 text-white rounded-lg hover:bg-purple-700 disabled:opacity-50">
-                {generating ? 'Generiere...' : 'Quiz generieren'}
-              </button>
-            </div>
-          </div>
-
-          {generatedContent && (
-            <div className="bg-white border rounded-lg p-4">
-              <div className="flex items-center justify-between mb-3">
-                <div>
-                  <h3 className="text-sm font-medium text-gray-700">Generierter Inhalt (v{generatedContent.version})</h3>
-                  <p className="text-xs text-gray-500">Generiert von: {generatedContent.generated_by} ({generatedContent.llm_model})</p>
-                </div>
-                {!generatedContent.is_published ? (
-                  <button onClick={() => handlePublishContent(generatedContent.id)} className="px-3 py-1.5 text-xs bg-green-600 text-white rounded hover:bg-green-700">Veroeffentlichen</button>
-                ) : (
-                  <span className="px-3 py-1.5 text-xs bg-green-100 text-green-700 rounded">Veroeffentlicht</span>
-                )}
-              </div>
-              <div className="prose prose-sm max-w-none border rounded p-4 bg-gray-50 max-h-96 overflow-y-auto">
-                <pre className="whitespace-pre-wrap text-sm text-gray-800">{generatedContent.content_body}</pre>
-              </div>
-            </div>
-          )}
-
-          {/* Audio Player */}
-          {selectedModuleId && generatedContent?.is_published && (
-            <AudioPlayer
-              moduleId={selectedModuleId}
-              audio={moduleMedia.find(m => m.media_type === 'audio') || null}
-              onMediaUpdate={() => loadModuleMedia(selectedModuleId)}
-            />
-          )}
-
-          {/* Video Player */}
-          {selectedModuleId && generatedContent?.is_published && (
-            <VideoPlayer
-              moduleId={selectedModuleId}
-              video={moduleMedia.find(m => m.media_type === 'video') || null}
-              onMediaUpdate={() => loadModuleMedia(selectedModuleId)}
-            />
-          )}
-
-          {/* Script Preview */}
-          {selectedModuleId && generatedContent?.is_published && (
-            <ScriptPreview moduleId={selectedModuleId} />
-          )}
-        </div>
-      )}
-
-      {activeTab === 'audit' && (
-        <div className="space-y-4">
-          <div className="overflow-x-auto">
-            <table className="w-full text-sm border-collapse">
-              <thead>
-                <tr className="bg-gray-50">
-                  <th className="text-left p-2 border font-medium text-gray-700">Zeitpunkt</th>
-                  <th className="text-left p-2 border font-medium text-gray-700">Aktion</th>
-                  <th className="text-left p-2 border font-medium text-gray-700">Entitaet</th>
-                  <th className="text-left p-2 border font-medium text-gray-700">Details</th>
-                </tr>
-              </thead>
-              <tbody>
-                {auditLog.map(entry => (
-                  <tr key={entry.id} className="border-b hover:bg-gray-50">
-                    <td className="p-2 border text-xs text-gray-600">{new Date(entry.created_at).toLocaleString('de-DE')}</td>
-                    <td className="p-2 border"><span className="px-2 py-0.5 rounded text-xs bg-gray-100 text-gray-700">{entry.action}</span></td>
-                    <td className="p-2 border text-xs">{entry.entity_type}</td>
-                    <td className="p-2 border text-xs text-gray-600">{JSON.stringify(entry.details).substring(0, 100)}</td>
-                  </tr>
-                ))}
-              </tbody>
-            </table>
-          </div>
-          {auditLog.length === 0 && <p className="text-center text-gray-500 py-8">Keine Audit-Eintraege</p>}
-        </div>
-      )}
-    </div>
-  )
-}
-
-function KPICard({ label, value, color }: { label: string; value: string | number; color?: string }) {
-  const colorMap: Record<string, string> = {
-    green: 'bg-green-50 border-green-200',
-    yellow: 'bg-yellow-50 border-yellow-200',
-    red: 'bg-red-50 border-red-200',
-  }
-  const textMap: Record<string, string> = {
-    green: 'text-green-700',
-    yellow: 'text-yellow-700',
-    red: 'text-red-700',
-  }
-  return (
-    <div className={`border rounded-lg p-4 ${color ? colorMap[color] || 'bg-white border-gray-200' : 'bg-white border-gray-200'}`}>
-      <p className="text-xs text-gray-500">{label}</p>
-      <p className={`text-2xl font-bold mt-1 ${color ? textMap[color] || 'text-gray-900' : 'text-gray-900'}`}>{value}</p>
-    </div>
-  )
-}

admin-compliance/app/(sdk)/sdk/whistleblower/page.tsx

@@ -1,669 +0,0 @@
-'use client'
-
-import React, { useState, useEffect, useMemo } from 'react'
-import { useSDK } from '@/lib/sdk'
-import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
-import {
-  WhistleblowerReport,
-  WhistleblowerStatistics,
-  ReportCategory,
-  ReportStatus,
-  ReportPriority,
-  REPORT_CATEGORY_INFO,
-  REPORT_STATUS_INFO,
-  isAcknowledgmentOverdue,
-  isFeedbackOverdue,
-  getDaysUntilAcknowledgment,
-  getDaysUntilFeedback
-} from '@/lib/sdk/whistleblower/types'
-import { fetchSDKWhistleblowerList } from '@/lib/sdk/whistleblower/api'
-
-// =============================================================================
-// TYPES
-// =============================================================================
-
-type TabId = 'overview' | 'new_reports' | 'investigation' | 'closed' | 'settings'
-
-interface Tab {
-  id: TabId
-  label: string
-  count?: number
-  countColor?: string
-}
-
-// =============================================================================
-// COMPONENTS
-// =============================================================================
-
-function TabNavigation({
-  tabs,
-  activeTab,
-  onTabChange
-}: {
-  tabs: Tab[]
-  activeTab: TabId
-  onTabChange: (tab: TabId) => void
-}) {
-  return (
-    <div className="border-b border-gray-200">
-      <nav className="flex gap-1 -mb-px" aria-label="Tabs">
-        {tabs.map(tab => (
-          <button
-            key={tab.id}
-            onClick={() => onTabChange(tab.id)}
-            className={`
-              px-4 py-3 text-sm font-medium border-b-2 transition-colors
-              ${activeTab === tab.id
-                ? 'border-purple-600 text-purple-600'
-                : 'border-transparent text-gray-500 hover:text-gray-700 hover:border-gray-300'
-              }
-            `}
-          >
-            <span className="flex items-center gap-2">
-              {tab.label}
-              {tab.count !== undefined && tab.count > 0 && (
-                <span className={`
-                  px-2 py-0.5 text-xs rounded-full
-                  ${tab.countColor || 'bg-gray-100 text-gray-600'}
-                `}>
-                  {tab.count}
-                </span>
-              )}
-            </span>
-          </button>
-        ))}
-      </nav>
-    </div>
-  )
-}
-
-function StatCard({
-  label,
-  value,
-  color = 'gray',
-  icon,
-  trend
-}: {
-  label: string
-  value: number | string
-  color?: 'gray' | 'blue' | 'yellow' | 'red' | 'green' | 'purple'
-  icon?: React.ReactNode
-  trend?: { value: number; label: string }
-}) {
-  const colorClasses = {
-    gray: 'border-gray-200 text-gray-900',
-    blue: 'border-blue-200 text-blue-600',
-    yellow: 'border-yellow-200 text-yellow-600',
-    red: 'border-red-200 text-red-600',
-    green: 'border-green-200 text-green-600',
-    purple: 'border-purple-200 text-purple-600'
-  }
-
-  return (
-    <div className={`bg-white rounded-xl border ${colorClasses[color]} p-6`}>
-      <div className="flex items-start justify-between">
-        <div>
-          <div className={`text-sm ${color === 'gray' ? 'text-gray-500' : `text-${color}-600`}`}>
-            {label}
-          </div>
-          <div className={`text-3xl font-bold mt-1 ${colorClasses[color].split(' ')[1]}`}>
-            {value}
-          </div>
-          {trend && (
-            <div className={`text-xs mt-1 ${trend.value >= 0 ? 'text-green-600' : 'text-red-600'}`}>
-              {trend.value >= 0 ? '+' : ''}{trend.value} {trend.label}
-            </div>
-          )}
-        </div>
-        {icon && (
-          <div className={`w-10 h-10 rounded-lg flex items-center justify-center bg-${color}-50`}>
-            {icon}
-          </div>
-        )}
-      </div>
-    </div>
-  )
-}
-
-function FilterBar({
-  selectedCategory,
-  selectedStatus,
-  selectedPriority,
-  onCategoryChange,
-  onStatusChange,
-  onPriorityChange,
-  onClear
-}: {
-  selectedCategory: ReportCategory | 'all'
-  selectedStatus: ReportStatus | 'all'
-  selectedPriority: ReportPriority | 'all'
-  onCategoryChange: (category: ReportCategory | 'all') => void
-  onStatusChange: (status: ReportStatus | 'all') => void
-  onPriorityChange: (priority: ReportPriority | 'all') => void
-  onClear: () => void
-}) {
-  const hasFilters = selectedCategory !== 'all' || selectedStatus !== 'all' || selectedPriority !== 'all'
-
-  return (
-    <div className="flex items-center gap-4 flex-wrap">
-      <span className="text-sm text-gray-500">Filter:</span>
-
-      {/* Category Filter */}
-      <select
-        value={selectedCategory}
-        onChange={(e) => onCategoryChange(e.target.value as ReportCategory | 'all')}
-        className="px-3 py-1.5 text-sm border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-purple-500"
-      >
-        <option value="all">Alle Kategorien</option>
-        {Object.entries(REPORT_CATEGORY_INFO).map(([key, info]) => (
-          <option key={key} value={key}>{info.label}</option>
-        ))}
-      </select>
-
-      {/* Status Filter */}
-      <select
-        value={selectedStatus}
-        onChange={(e) => onStatusChange(e.target.value as ReportStatus | 'all')}
-        className="px-3 py-1.5 text-sm border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-purple-500"
-      >
-        <option value="all">Alle Status</option>
-        {Object.entries(REPORT_STATUS_INFO).map(([status, info]) => (
-          <option key={status} value={status}>{info.label}</option>
-        ))}
-      </select>
-
-      {/* Priority Filter */}
-      <select
-        value={selectedPriority}
-        onChange={(e) => onPriorityChange(e.target.value as ReportPriority | 'all')}
-        className="px-3 py-1.5 text-sm border border-gray-300 rounded-lg focus:ring-2 focus:ring-purple-500 focus:border-purple-500"
-      >
-        <option value="all">Alle Prioritaeten</option>
-        <option value="critical">Kritisch</option>
-        <option value="high">Hoch</option>
-        <option value="normal">Normal</option>
-        <option value="low">Niedrig</option>
-      </select>
-
-      {/* Clear Filters */}
-      {hasFilters && (
-        <button
-          onClick={onClear}
-          className="px-3 py-1.5 text-sm text-gray-500 hover:text-gray-700 hover:bg-gray-100 rounded-lg transition-colors"
-        >
-          Filter zuruecksetzen
-        </button>
-      )}
-    </div>
-  )
-}
-
-function ReportCard({ report }: { report: WhistleblowerReport }) {
-  const categoryInfo = REPORT_CATEGORY_INFO[report.category]
-  const statusInfo = REPORT_STATUS_INFO[report.status]
-  const isClosed = report.status === 'closed' || report.status === 'rejected'
-
-  const ackOverdue = isAcknowledgmentOverdue(report)
-  const fbOverdue = isFeedbackOverdue(report)
-  const daysAck = getDaysUntilAcknowledgment(report)
-  const daysFb = getDaysUntilFeedback(report)
-
-  const completedMeasures = report.measures.filter(m => m.status === 'completed').length
-  const totalMeasures = report.measures.length
-
-  const priorityLabels: Record<ReportPriority, string> = {
-    low: 'Niedrig',
-    normal: 'Normal',
-    high: 'Hoch',
-    critical: 'Kritisch'
-  }
-
-  return (
-    <div className={`
-      bg-white rounded-xl border-2 p-6 hover:shadow-md transition-all cursor-pointer
-      ${ackOverdue || fbOverdue ? 'border-red-300 hover:border-red-400' :
-        report.priority === 'critical' ? 'border-orange-300 hover:border-orange-400' :
-        isClosed ? 'border-green-200 hover:border-green-300' :
-        'border-gray-200 hover:border-purple-300'
-      }
-    `}>
-      <div className="flex items-start justify-between">
-        <div className="flex-1 min-w-0">
-          {/* Header Badges */}
-          <div className="flex items-center gap-2 mb-2 flex-wrap">
-            <span className="text-xs text-gray-500 font-mono">
-              {report.referenceNumber}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${categoryInfo.bgColor} ${categoryInfo.color}`}>
-              {categoryInfo.label}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${statusInfo.bgColor} ${statusInfo.color}`}>
-              {statusInfo.label}
-            </span>
-            {report.isAnonymous && (
-              <span className="px-2 py-1 text-xs bg-gray-100 text-gray-700 rounded-full flex items-center gap-1">
-                <svg className="w-3 h-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z" />
-                </svg>
-                Anonym
-              </span>
-            )}
-            {report.priority === 'critical' && (
-              <span className="px-2 py-1 text-xs bg-red-100 text-red-700 rounded-full flex items-center gap-1">
-                <svg className="w-3 h-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-                </svg>
-                Kritisch
-              </span>
-            )}
-            {report.priority === 'high' && (
-              <span className="px-2 py-1 text-xs bg-orange-100 text-orange-700 rounded-full">
-                Hoch
-              </span>
-            )}
-          </div>
-
-          {/* Title */}
-          <h3 className="text-lg font-semibold text-gray-900 truncate">
-            {report.title}
-          </h3>
-
-          {/* Description Preview */}
-          {report.description && (
-            <p className="text-sm text-gray-500 mt-1 line-clamp-2">
-              {report.description}
-            </p>
-          )}
-
-          {/* Deadline Info */}
-          {!isClosed && (
-            <div className="flex items-center gap-4 mt-3 text-xs">
-              {report.status === 'new' && (
-                <span className={`flex items-center gap-1 ${ackOverdue ? 'text-red-600 font-medium' : daysAck <= 2 ? 'text-orange-600' : 'text-gray-500'}`}>
-                  <svg className="w-3.5 h-3.5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 8v4l3 3m6-3a9 9 0 11-18 0 9 9 0 0118 0z" />
-                  </svg>
-                  {ackOverdue
-                    ? `Bestaetigung ${Math.abs(daysAck)} Tage ueberfaellig`
-                    : `Bestaetigung in ${daysAck} Tagen`
-                  }
-                </span>
-              )}
-              <span className={`flex items-center gap-1 ${fbOverdue ? 'text-red-600 font-medium' : daysFb <= 14 ? 'text-orange-600' : 'text-gray-500'}`}>
-                <svg className="w-3.5 h-3.5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M8 7V3m8 4V3m-9 8h10M5 21h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v12a2 2 0 002 2z" />
-                </svg>
-                {fbOverdue
-                  ? `Rueckmeldung ${Math.abs(daysFb)} Tage ueberfaellig`
-                  : `Rueckmeldung in ${daysFb} Tagen`
-                }
-              </span>
-            </div>
-          )}
-        </div>
-
-        {/* Right Side - Date & Priority */}
-        <div className={`text-right ml-4 ${
-          ackOverdue || fbOverdue ? 'text-red-600' :
-          report.priority === 'critical' ? 'text-orange-600' :
-          'text-gray-500'
-        }`}>
-          <div className="text-sm font-medium">
-            {isClosed
-              ? statusInfo.label
-              : ackOverdue
-                ? 'Ueberfaellig'
-                : priorityLabels[report.priority]
-            }
-          </div>
-          <div className="text-xs mt-0.5">
-            {new Date(report.receivedAt).toLocaleDateString('de-DE')}
-          </div>
-        </div>
-      </div>
-
-      {/* Footer */}
-      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between">
-        <div className="flex items-center gap-4">
-          <div className="text-sm text-gray-500">
-            {report.assignedTo
-              ? `Zugewiesen: ${report.assignedTo}`
-              : 'Nicht zugewiesen'
-            }
-          </div>
-          {report.attachments.length > 0 && (
-            <span className="flex items-center gap-1 text-xs text-gray-400">
-              <svg className="w-3.5 h-3.5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M15.172 7l-6.586 6.586a2 2 0 102.828 2.828l6.414-6.586a4 4 0 00-5.656-5.656l-6.415 6.585a6 6 0 108.486 8.486L20.5 13" />
-              </svg>
-              {report.attachments.length} Anhang{report.attachments.length !== 1 ? 'e' : ''}
-            </span>
-          )}
-          {totalMeasures > 0 && (
-            <span className={`flex items-center gap-1 text-xs ${completedMeasures === totalMeasures ? 'text-green-600' : 'text-yellow-600'}`}>
-              <svg className="w-3.5 h-3.5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4" />
-              </svg>
-              {completedMeasures}/{totalMeasures} Massnahmen
-            </span>
-          )}
-          {report.messages.length > 0 && (
-            <span className="flex items-center gap-1 text-xs text-gray-400">
-              <svg className="w-3.5 h-3.5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M8 12h.01M12 12h.01M16 12h.01M21 12c0 4.418-4.03 8-9 8a9.863 9.863 0 01-4.255-.949L3 20l1.395-3.72C3.512 15.042 3 13.574 3 12c0-4.418 4.03-8 9-8s9 3.582 9 8z" />
-              </svg>
-              {report.messages.length} Nachricht{report.messages.length !== 1 ? 'en' : ''}
-            </span>
-          )}
-        </div>
-        <div className="flex items-center gap-2">
-          {!isClosed && (
-            <span className="px-3 py-1 text-sm text-purple-600 hover:bg-purple-50 rounded-lg transition-colors">
-              Bearbeiten
-            </span>
-          )}
-          {isClosed && (
-            <span className="px-3 py-1 text-sm text-gray-600 hover:bg-gray-100 rounded-lg transition-colors">
-              Details
-            </span>
-          )}
-        </div>
-      </div>
-    </div>
-  )
-}
-
-// =============================================================================
-// MAIN PAGE
-// =============================================================================
-
-export default function WhistleblowerPage() {
-  const { state } = useSDK()
-  const [activeTab, setActiveTab] = useState<TabId>('overview')
-  const [reports, setReports] = useState<WhistleblowerReport[]>([])
-  const [statistics, setStatistics] = useState<WhistleblowerStatistics | null>(null)
-  const [isLoading, setIsLoading] = useState(true)
-
-  // Filters
-  const [selectedCategory, setSelectedCategory] = useState<ReportCategory | 'all'>('all')
-  const [selectedStatus, setSelectedStatus] = useState<ReportStatus | 'all'>('all')
-  const [selectedPriority, setSelectedPriority] = useState<ReportPriority | 'all'>('all')
-
-  // Load data from SDK backend
-  useEffect(() => {
-    const loadData = async () => {
-      setIsLoading(true)
-      try {
-        const { reports: wbReports, statistics: wbStats } = await fetchSDKWhistleblowerList()
-        setReports(wbReports)
-        setStatistics(wbStats)
-      } catch (error) {
-        console.error('Failed to load Whistleblower data:', error)
-      } finally {
-        setIsLoading(false)
-      }
-    }
-    loadData()
-  }, [])
-
-  // Locally computed overdue counts (always fresh)
-  const overdueCounts = useMemo(() => {
-    const overdueAck = reports.filter(r => isAcknowledgmentOverdue(r)).length
-    const overdueFb = reports.filter(r => isFeedbackOverdue(r)).length
-    return { overdueAck, overdueFb }
-  }, [reports])
-
-  // Calculate tab counts
-  const tabCounts = useMemo(() => {
-    const investigationStatuses: ReportStatus[] = ['acknowledged', 'under_review', 'investigation', 'measures_taken']
-    const closedStatuses: ReportStatus[] = ['closed', 'rejected']
-    return {
-      new_reports: reports.filter(r => r.status === 'new').length,
-      investigation: reports.filter(r => investigationStatuses.includes(r.status)).length,
-      closed: reports.filter(r => closedStatuses.includes(r.status)).length
-    }
-  }, [reports])
-
-  // Filter reports based on active tab and filters
-  const filteredReports = useMemo(() => {
-    let filtered = [...reports]
-
-    // Tab-based filtering
-    const investigationStatuses: ReportStatus[] = ['acknowledged', 'under_review', 'investigation', 'measures_taken']
-    const closedStatuses: ReportStatus[] = ['closed', 'rejected']
-
-    if (activeTab === 'new_reports') {
-      filtered = filtered.filter(r => r.status === 'new')
-    } else if (activeTab === 'investigation') {
-      filtered = filtered.filter(r => investigationStatuses.includes(r.status))
-    } else if (activeTab === 'closed') {
-      filtered = filtered.filter(r => closedStatuses.includes(r.status))
-    }
-
-    // Category filter
-    if (selectedCategory !== 'all') {
-      filtered = filtered.filter(r => r.category === selectedCategory)
-    }
-
-    // Status filter
-    if (selectedStatus !== 'all') {
-      filtered = filtered.filter(r => r.status === selectedStatus)
-    }
-
-    // Priority filter
-    if (selectedPriority !== 'all') {
-      filtered = filtered.filter(r => r.priority === selectedPriority)
-    }
-
-    // Sort: overdue first, then by priority, then by date
-    return filtered.sort((a, b) => {
-      const closedStatuses: ReportStatus[] = ['closed', 'rejected']
-
-      const getUrgency = (r: WhistleblowerReport) => {
-        if (closedStatuses.includes(r.status)) return 1000
-        const ackOd = isAcknowledgmentOverdue(r)
-        const fbOd = isFeedbackOverdue(r)
-        if (ackOd || fbOd) return -100
-        const priorityScore = { critical: 0, high: 1, normal: 2, low: 3 }
-        return priorityScore[r.priority] ?? 2
-      }
-
-      const urgencyDiff = getUrgency(a) - getUrgency(b)
-      if (urgencyDiff !== 0) return urgencyDiff
-
-      return new Date(b.receivedAt).getTime() - new Date(a.receivedAt).getTime()
-    })
-  }, [reports, activeTab, selectedCategory, selectedStatus, selectedPriority])
-
-  const tabs: Tab[] = [
-    { id: 'overview', label: 'Uebersicht' },
-    { id: 'new_reports', label: 'Neue Meldungen', count: tabCounts.new_reports, countColor: 'bg-blue-100 text-blue-600' },
-    { id: 'investigation', label: 'In Untersuchung', count: tabCounts.investigation, countColor: 'bg-yellow-100 text-yellow-600' },
-    { id: 'closed', label: 'Abgeschlossen', count: tabCounts.closed, countColor: 'bg-green-100 text-green-600' },
-    { id: 'settings', label: 'Einstellungen' }
-  ]
-
-  const stepInfo = STEP_EXPLANATIONS['whistleblower']
-
-  const clearFilters = () => {
-    setSelectedCategory('all')
-    setSelectedStatus('all')
-    setSelectedPriority('all')
-  }
-
-  return (
-    <div className="space-y-6">
-      {/* Step Header - NO "create report" button (reports come from the public form) */}
-      <StepHeader
-        stepId="whistleblower"
-        title={stepInfo.title}
-        description={stepInfo.description}
-        explanation={stepInfo.explanation}
-        tips={stepInfo.tips}
-      />
-
-      {/* Tab Navigation */}
-      <TabNavigation
-        tabs={tabs}
-        activeTab={activeTab}
-        onTabChange={setActiveTab}
-      />
-
-      {/* Loading State */}
-      {isLoading ? (
-        <div className="flex items-center justify-center py-12">
-          <svg className="animate-spin w-8 h-8 text-purple-600" fill="none" viewBox="0 0 24 24">
-            <circle className="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" strokeWidth="4" />
-            <path className="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z" />
-          </svg>
-        </div>
-      ) : activeTab === 'settings' ? (
-        /* Settings Tab */
-        <div className="bg-white rounded-xl border border-gray-200 p-8 text-center">
-          <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-            <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10.325 4.317c.426-1.756 2.924-1.756 3.35 0a1.724 1.724 0 002.573 1.066c1.543-.94 3.31.826 2.37 2.37a1.724 1.724 0 001.065 2.572c1.756.426 1.756 2.924 0 3.35a1.724 1.724 0 00-1.066 2.573c.94 1.543-.826 3.31-2.37 2.37a1.724 1.724 0 00-2.572 1.065c-.426 1.756-2.924 1.756-3.35 0a1.724 1.724 0 00-2.573-1.066c-1.543.94-3.31-.826-2.37-2.37a1.724 1.724 0 00-1.065-2.572c-1.756-.426-1.756-2.924 0-3.35a1.724 1.724 0 001.066-2.573c-.94-1.543.826-3.31 2.37-2.37.996.608 2.296.07 2.572-1.065z" />
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M15 12a3 3 0 11-6 0 3 3 0 016 0z" />
-            </svg>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">Einstellungen</h3>
-          <p className="mt-2 text-gray-500">
-            Hinweisgebersystem-Einstellungen, Meldekanal-Konfiguration, Ombudsperson-Verwaltung
-            und E-Mail-Vorlagen werden in einer spaeteren Version verfuegbar sein.
-          </p>
-        </div>
-      ) : (
-        <>
-          {/* Statistics (Overview Tab) */}
-          {activeTab === 'overview' && statistics && (
-            <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-              <StatCard
-                label="Gesamt Meldungen"
-                value={statistics.totalReports}
-                color="gray"
-              />
-              <StatCard
-                label="Neue Meldungen"
-                value={statistics.newReports}
-                color="blue"
-              />
-              <StatCard
-                label="In Untersuchung"
-                value={statistics.underReview}
-                color="yellow"
-              />
-              <StatCard
-                label="Ueberfaellige Bestaetigung"
-                value={overdueCounts.overdueAck}
-                color={overdueCounts.overdueAck > 0 ? 'red' : 'green'}
-              />
-            </div>
-          )}
-
-          {/* Overdue Alert for Acknowledgment Deadline (7 days HinSchG) */}
-          {(overdueCounts.overdueAck > 0 || overdueCounts.overdueFb > 0) && (activeTab === 'overview' || activeTab === 'new_reports' || activeTab === 'investigation') && (
-            <div className="bg-red-50 border border-red-200 rounded-xl p-4 flex items-center gap-4">
-              <div className="w-10 h-10 bg-red-100 rounded-full flex items-center justify-center flex-shrink-0">
-                <svg className="w-5 h-5 text-red-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-                </svg>
-              </div>
-              <div className="flex-1">
-                <h4 className="font-medium text-red-800">
-                  Achtung: Gesetzliche Fristen ueberschritten
-                </h4>
-                <p className="text-sm text-red-600 mt-0.5">
-                  {overdueCounts.overdueAck > 0 && (
-                    <span>{overdueCounts.overdueAck} Meldung(en) ohne Eingangsbestaetigung (mehr als 7 Tage, HinSchG ss 17 Abs. 1). </span>
-                  )}
-                  {overdueCounts.overdueFb > 0 && (
-                    <span>{overdueCounts.overdueFb} Meldung(en) ohne Rueckmeldung (mehr als 3 Monate, HinSchG ss 17 Abs. 2). </span>
-                  )}
-                  Handeln Sie umgehend, um Bussgelder und Haftungsrisiken zu vermeiden.
-                </p>
-              </div>
-              <button
-                onClick={() => {
-                  if (overdueCounts.overdueAck > 0) {
-                    setActiveTab('new_reports')
-                  } else {
-                    setActiveTab('investigation')
-                  }
-                }}
-                className="px-4 py-2 bg-red-600 text-white rounded-lg hover:bg-red-700 transition-colors text-sm font-medium"
-              >
-                Anzeigen
-              </button>
-            </div>
-          )}
-
-          {/* Info Box about HinSchG Deadlines (Overview Tab) */}
-          {activeTab === 'overview' && (
-            <div className="bg-blue-50 border border-blue-200 rounded-xl p-4">
-              <div className="flex items-start gap-3">
-                <svg className="w-5 h-5 text-blue-600 mt-0.5 flex-shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
-                </svg>
-                <div>
-                  <h4 className="font-medium text-blue-800">HinSchG-Fristen</h4>
-                  <p className="text-sm text-blue-600 mt-1">
-                    Nach dem Hinweisgeberschutzgesetz (HinSchG) gelten folgende Fristen:
-                    Die Eingangsbestaetigung muss innerhalb von <strong>7 Tagen</strong> an den
-                    Hinweisgeber versendet werden (ss 17 Abs. 1 S. 2).
-                    Eine Rueckmeldung ueber ergriffene Massnahmen muss innerhalb von <strong>3 Monaten</strong> nach
-                    Eingangsbestaetigung erfolgen (ss 17 Abs. 2).
-                    Der Schutz des Hinweisgebers vor Repressalien ist zwingend sicherzustellen (ss 36).
-                  </p>
-                </div>
-              </div>
-            </div>
-          )}
-
-          {/* Filters */}
-          <FilterBar
-            selectedCategory={selectedCategory}
-            selectedStatus={selectedStatus}
-            selectedPriority={selectedPriority}
-            onCategoryChange={setSelectedCategory}
-            onStatusChange={setSelectedStatus}
-            onPriorityChange={setSelectedPriority}
-            onClear={clearFilters}
-          />
-
-          {/* Report List */}
-          <div className="space-y-4">
-            {filteredReports.map(report => (
-              <ReportCard key={report.id} report={report} />
-            ))}
-          </div>
-
-          {/* Empty State */}
-          {filteredReports.length === 0 && (
-            <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-              <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-                <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M20 13V6a2 2 0 00-2-2H6a2 2 0 00-2 2v7m16 0v5a2 2 0 01-2 2H6a2 2 0 01-2-2v-5m16 0h-2.586a1 1 0 00-.707.293l-2.414 2.414a1 1 0 01-.707.293h-3.172a1 1 0 01-.707-.293l-2.414-2.414A1 1 0 006.586 13H4" />
-                </svg>
-              </div>
-              <h3 className="text-lg font-semibold text-gray-900">Keine Meldungen gefunden</h3>
-              <p className="mt-2 text-gray-500">
-                {selectedCategory !== 'all' || selectedStatus !== 'all' || selectedPriority !== 'all'
-                  ? 'Passen Sie die Filter an oder setzen Sie sie zurueck.'
-                  : 'Es sind noch keine Meldungen im Hinweisgebersystem vorhanden. Meldungen werden ueber das oeffentliche Meldeformular eingereicht.'
-                }
-              </p>
-              {(selectedCategory !== 'all' || selectedStatus !== 'all' || selectedPriority !== 'all') && (
-                <button
-                  onClick={clearFilters}
-                  className="mt-4 px-4 py-2 text-purple-600 hover:bg-purple-50 rounded-lg transition-colors"
-                >
-                  Filter zuruecksetzen
-                </button>
-              )}
-            </div>
-          )}
-        </>
-      )}
-    </div>
-  )
-}

admin-compliance/app/api/admin/consent/[[...path]]/route.ts

@@ -0,0 +1,121 @@
+/**
+ * Admin Consent API Proxy - Catch-all route
+ * Proxies all /api/admin/consent/* requests to backend-compliance
+ *
+ * Maps: /api/admin/consent/<path> → backend-compliance:8002/api/compliance/legal-documents/<path>
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${BACKEND_URL}/api/compliance/legal-documents`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {}
+    const contentType = request.headers.get('Content-Type')
+    if (contentType) headers['Content-Type'] = contentType
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT') {
+      const isMultipart = contentType?.includes('multipart/form-data')
+      if (isMultipart) {
+        const buffer = await request.arrayBuffer()
+        if (buffer.byteLength > 0) {
+          fetchOptions.body = buffer
+        }
+      } else {
+        const body = await request.text()
+        if (body) {
+          fetchOptions.body = body
+        }
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Admin Consent API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum Compliance Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/development/content/route.ts

@@ -1,68 +0,0 @@
-/**
- * Content API Route
- *
- * GET: Load current website content
- * POST: Save changed content (Admin only)
- */
-
-import { NextRequest, NextResponse } from 'next/server'
-import { getContent, saveContent } from '@/lib/content'
-import type { WebsiteContent } from '@/lib/content-types'
-
-// GET - Load content
-export async function GET() {
-  try {
-    const content = getContent()
-    return NextResponse.json(content)
-  } catch (error) {
-    console.error('Error loading content:', error)
-    return NextResponse.json(
-      { error: 'Failed to load content' },
-      { status: 500 }
-    )
-  }
-}
-
-// POST - Save content
-export async function POST(request: NextRequest) {
-  try {
-    // Simple admin check via header or query
-    // In production: JWT/Session-based auth
-    const adminKey = request.headers.get('x-admin-key')
-    const expectedKey = process.env.ADMIN_API_KEY || 'breakpilot-admin-2024'
-
-    if (adminKey !== expectedKey) {
-      return NextResponse.json(
-        { error: 'Unauthorized' },
-        { status: 401 }
-      )
-    }
-
-    const content: WebsiteContent = await request.json()
-
-    // Validation
-    if (!content.hero || !content.features || !content.faq || !content.pricing) {
-      return NextResponse.json(
-        { error: 'Invalid content structure' },
-        { status: 400 }
-      )
-    }
-
-    const result = saveContent(content)
-
-    if (result.success) {
-      return NextResponse.json({ success: true, message: 'Content saved' })
-    } else {
-      return NextResponse.json(
-        { error: result.error || 'Failed to save content' },
-        { status: 500 }
-      )
-    }
-  } catch (error) {
-    console.error('Error saving content:', error)
-    return NextResponse.json(
-      { error: error instanceof Error ? error.message : 'Failed to save content' },
-      { status: 500 }
-    )
-  }
-}

admin-compliance/app/api/dsfa-corpus/route.ts

@@ -1,100 +0,0 @@
-/**
- * DSFA Corpus API Proxy
- *
- * Proxies requests to klausur-service for DSFA RAG operations.
- * Endpoints: /api/v1/dsfa-rag/stats, /api/v1/dsfa-rag/sources
- */
-
-import { NextRequest, NextResponse } from 'next/server'
-
-const KLAUSUR_SERVICE_URL = process.env.KLAUSUR_SERVICE_URL || 'http://klausur-service:8086'
-
-export async function GET(request: NextRequest) {
-  const { searchParams } = new URL(request.url)
-  const action = searchParams.get('action')
-
-  try {
-    let url = `${KLAUSUR_SERVICE_URL}/api/v1/dsfa-rag`
-
-    switch (action) {
-      case 'status':
-        url += '/stats'
-        break
-      case 'sources':
-        url += '/sources'
-        break
-      case 'source-detail': {
-        const code = searchParams.get('code')
-        if (!code) {
-          return NextResponse.json({ error: 'Missing code parameter' }, { status: 400 })
-        }
-        url += `/sources/${encodeURIComponent(code)}`
-        break
-      }
-      default:
-        return NextResponse.json({ error: 'Unknown action' }, { status: 400 })
-    }
-
-    const res = await fetch(url, {
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      cache: 'no-store',
-    })
-
-    const data = await res.json()
-    return NextResponse.json(data, { status: res.status })
-  } catch (error) {
-    console.error('DSFA corpus proxy error:', error)
-    return NextResponse.json(
-      { error: 'Failed to connect to klausur-service' },
-      { status: 503 }
-    )
-  }
-}
-
-export async function POST(request: NextRequest) {
-  const { searchParams } = new URL(request.url)
-  const action = searchParams.get('action')
-
-  try {
-    let url = `${KLAUSUR_SERVICE_URL}/api/v1/dsfa-rag`
-
-    switch (action) {
-      case 'init': {
-        url += '/init'
-        const res = await fetch(url, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-        })
-        const data = await res.json()
-        return NextResponse.json(data, { status: res.status })
-      }
-
-      case 'ingest': {
-        const body = await request.json()
-        const sourceCode = body.source_code
-        if (!sourceCode) {
-          return NextResponse.json({ error: 'Missing source_code' }, { status: 400 })
-        }
-        url += `/sources/${encodeURIComponent(sourceCode)}/ingest`
-        const res = await fetch(url, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify(body),
-        })
-        const data = await res.json()
-        return NextResponse.json(data, { status: res.status })
-      }
-
-      default:
-        return NextResponse.json({ error: 'Unknown action' }, { status: 400 })
-    }
-  } catch (error) {
-    console.error('DSFA corpus proxy error:', error)
-    return NextResponse.json(
-      { error: 'Failed to connect to klausur-service' },
-      { status: 503 }
-    )
-  }
-}

admin-compliance/app/api/legal-corpus/route.ts

@@ -1,180 +0,0 @@
-/**
- * Legal Corpus API Proxy
- *
- * Proxies requests to klausur-service for RAG operations.
- * This allows the client-side RAG page to call the API without CORS issues.
- */
-
-import { NextRequest, NextResponse } from 'next/server'
-
-const KLAUSUR_SERVICE_URL = process.env.KLAUSUR_SERVICE_URL || 'http://klausur-service:8086'
-const QDRANT_URL = process.env.QDRANT_URL || 'http://qdrant:6333'
-
-export async function GET(request: NextRequest) {
-  const { searchParams } = new URL(request.url)
-  const action = searchParams.get('action')
-
-  try {
-    let url = `${KLAUSUR_SERVICE_URL}/api/v1/admin/legal-corpus`
-
-    switch (action) {
-      case 'status': {
-        // Query Qdrant directly for collection stats
-        const qdrantRes = await fetch(`${QDRANT_URL}/collections/bp_legal_corpus`, {
-          cache: 'no-store',
-        })
-        if (!qdrantRes.ok) {
-          return NextResponse.json({ error: 'Qdrant not available' }, { status: 503 })
-        }
-        const qdrantData = await qdrantRes.json()
-        const result = qdrantData.result || {}
-        return NextResponse.json({
-          collection: 'bp_legal_corpus',
-          totalPoints: result.points_count || 0,
-          vectorSize: result.config?.params?.vectors?.size || 0,
-          status: result.status || 'unknown',
-          regulations: {},
-        })
-      }
-      case 'search':
-        const query = searchParams.get('query')
-        const topK = searchParams.get('top_k') || '5'
-        const regulations = searchParams.get('regulations')
-        url += `/search?query=${encodeURIComponent(query || '')}&top_k=${topK}`
-        if (regulations) {
-          url += `&regulations=${encodeURIComponent(regulations)}`
-        }
-        break
-      case 'ingestion-status':
-        url += '/ingestion-status'
-        break
-      case 'regulations':
-        url += '/regulations'
-        break
-      case 'custom-documents':
-        url += '/custom-documents'
-        break
-      case 'pipeline-checkpoints':
-        url = `${KLAUSUR_SERVICE_URL}/api/v1/admin/pipeline/checkpoints`
-        break
-      case 'pipeline-status':
-        url = `${KLAUSUR_SERVICE_URL}/api/v1/admin/pipeline/status`
-        break
-      case 'traceability': {
-        const chunkId = searchParams.get('chunk_id')
-        const regulation = searchParams.get('regulation')
-        url += `/traceability?chunk_id=${encodeURIComponent(chunkId || '')}&regulation=${encodeURIComponent(regulation || '')}`
-        break
-      }
-      default:
-        return NextResponse.json({ error: 'Unknown action' }, { status: 400 })
-    }
-
-    const res = await fetch(url, {
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      cache: 'no-store',
-    })
-
-    const data = await res.json()
-    return NextResponse.json(data, { status: res.status })
-  } catch (error) {
-    console.error('Legal corpus proxy error:', error)
-    return NextResponse.json(
-      { error: 'Failed to connect to klausur-service' },
-      { status: 503 }
-    )
-  }
-}
-
-export async function POST(request: NextRequest) {
-  const { searchParams } = new URL(request.url)
-  const action = searchParams.get('action')
-
-  try {
-    let url = `${KLAUSUR_SERVICE_URL}/api/v1/admin/legal-corpus`
-
-    switch (action) {
-      case 'ingest': {
-        url += '/ingest'
-        const body = await request.json()
-        const res = await fetch(url, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify(body),
-        })
-        const data = await res.json()
-        return NextResponse.json(data, { status: res.status })
-      }
-
-      case 'add-link': {
-        url += '/add-link'
-        const body = await request.json()
-        const res = await fetch(url, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify(body),
-        })
-        const data = await res.json()
-        return NextResponse.json(data, { status: res.status })
-      }
-
-      case 'upload': {
-        url += '/upload'
-        // Forward FormData directly
-        const formData = await request.formData()
-        const res = await fetch(url, {
-          method: 'POST',
-          body: formData,
-        })
-        const data = await res.json()
-        return NextResponse.json(data, { status: res.status })
-      }
-
-      case 'start-pipeline': {
-        url = `${KLAUSUR_SERVICE_URL}/api/v1/admin/pipeline/start`
-        const body = await request.json()
-        const res = await fetch(url, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify(body),
-        })
-        const data = await res.json()
-        return NextResponse.json(data, { status: res.status })
-      }
-
-      default:
-        return NextResponse.json({ error: 'Unknown action' }, { status: 400 })
-    }
-  } catch (error) {
-    console.error('Legal corpus proxy error:', error)
-    return NextResponse.json(
-      { error: 'Failed to connect to klausur-service' },
-      { status: 503 }
-    )
-  }
-}
-
-export async function DELETE(request: NextRequest) {
-  const { searchParams } = new URL(request.url)
-  const action = searchParams.get('action')
-  const docId = searchParams.get('docId')
-
-  try {
-    if (action === 'delete-document' && docId) {
-      const url = `${KLAUSUR_SERVICE_URL}/api/v1/admin/legal-corpus/custom-documents/${docId}`
-      const res = await fetch(url, { method: 'DELETE' })
-      const data = await res.json()
-      return NextResponse.json(data, { status: res.status })
-    }
-
-    return NextResponse.json({ error: 'Unknown action' }, { status: 400 })
-  } catch (error) {
-    console.error('Legal corpus proxy error:', error)
-    return NextResponse.json(
-      { error: 'Failed to connect to klausur-service' },
-      { status: 503 }
-    )
-  }
-}

admin-compliance/app/api/sdk/agents/[agentId]/route.ts

@@ -0,0 +1,37 @@
+/**
+ * GET /api/sdk/agents/[agentId] — Agent-Detail mit SOUL-Content
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+import { getAgentById } from '@/lib/sdk/agents/agent-registry'
+import { readSoulFile, getSoulFileStats, soulFileExists } from '@/lib/sdk/agents/soul-reader'
+
+export async function GET(
+  _request: NextRequest,
+  { params }: { params: Promise<{ agentId: string }> }
+) {
+  try {
+    const { agentId } = await params
+    const agent = getAgentById(agentId)
+
+    if (!agent) {
+      return NextResponse.json({ error: 'Agent not found' }, { status: 404 })
+    }
+
+    const exists = await soulFileExists(agentId)
+    const soulContent = await readSoulFile(agentId)
+    const fileStats = await getSoulFileStats(agentId)
+
+    return NextResponse.json({
+      ...agent,
+      status: exists ? agent.status : 'error',
+      soulContent: soulContent || '',
+      createdAt: fileStats?.createdAt || null,
+      updatedAt: fileStats?.updatedAt || null,
+      fileSize: fileStats?.size || 0,
+    })
+  } catch (error) {
+    console.error('Error fetching agent detail:', error)
+    return NextResponse.json({ error: 'Failed to fetch agent' }, { status: 500 })
+  }
+}

admin-compliance/app/api/sdk/agents/[agentId]/soul/route.ts

@@ -0,0 +1,84 @@
+/**
+ * GET/PUT /api/sdk/agents/[agentId]/soul — SOUL-Datei lesen/schreiben
+ *
+ * GET: Content + Metadaten, ?history=true fuer Backup-Versionen
+ * PUT: Backup erstellen -> neuen Content schreiben -> Cache invalidieren
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+import { getAgentById } from '@/lib/sdk/agents/agent-registry'
+import {
+  readSoulFile,
+  writeSoulFile,
+  listSoulBackups,
+  getSoulFileStats,
+} from '@/lib/sdk/agents/soul-reader'
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ agentId: string }> }
+) {
+  try {
+    const { agentId } = await params
+    const agent = getAgentById(agentId)
+
+    if (!agent) {
+      return NextResponse.json({ error: 'Agent not found' }, { status: 404 })
+    }
+
+    const showHistory = request.nextUrl.searchParams.get('history') === 'true'
+
+    if (showHistory) {
+      const backups = await listSoulBackups(agentId)
+      return NextResponse.json({ agentId, backups })
+    }
+
+    const content = await readSoulFile(agentId)
+    const fileStats = await getSoulFileStats(agentId)
+
+    return NextResponse.json({
+      agentId,
+      content: content || '',
+      updatedAt: fileStats?.updatedAt || null,
+      size: fileStats?.size || 0,
+    })
+  } catch (error) {
+    console.error('Error reading SOUL file:', error)
+    return NextResponse.json({ error: 'Failed to read SOUL file' }, { status: 500 })
+  }
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ agentId: string }> }
+) {
+  try {
+    const { agentId } = await params
+    const agent = getAgentById(agentId)
+
+    if (!agent) {
+      return NextResponse.json({ error: 'Agent not found' }, { status: 404 })
+    }
+
+    const body = await request.json()
+    const { content } = body
+
+    if (typeof content !== 'string' || content.trim().length === 0) {
+      return NextResponse.json({ error: 'Content is required' }, { status: 400 })
+    }
+
+    await writeSoulFile(agentId, content)
+
+    const fileStats = await getSoulFileStats(agentId)
+
+    return NextResponse.json({
+      agentId,
+      updatedAt: fileStats?.updatedAt || new Date().toISOString(),
+      size: fileStats?.size || content.length,
+      message: 'SOUL file updated successfully',
+    })
+  } catch (error) {
+    console.error('Error writing SOUL file:', error)
+    return NextResponse.json({ error: 'Failed to write SOUL file' }, { status: 500 })
+  }
+}

admin-compliance/app/api/sdk/agents/route.ts

@@ -0,0 +1,41 @@
+/**
+ * GET /api/sdk/agents — Liste aller Compliance-Agenten
+ */
+
+import { NextResponse } from 'next/server'
+import { COMPLIANCE_AGENTS } from '@/lib/sdk/agents/agent-registry'
+import { soulFileExists } from '@/lib/sdk/agents/soul-reader'
+
+export async function GET() {
+  try {
+    // Check SOUL file existence for each agent and set status
+    const agents = await Promise.all(
+      COMPLIANCE_AGENTS.map(async (agent) => {
+        const exists = await soulFileExists(agent.id)
+        return {
+          ...agent,
+          status: exists ? agent.status : 'error' as const,
+        }
+      })
+    )
+
+    const activeCount = agents.filter(a => a.status === 'active').length
+    const errorCount = agents.filter(a => a.status === 'error').length
+
+    return NextResponse.json({
+      agents,
+      stats: {
+        total: agents.length,
+        active: activeCount,
+        inactive: agents.length - activeCount - errorCount,
+        error: errorCount,
+        totalSessions: 0,
+        avgResponseTime: '—',
+      },
+      timestamp: new Date().toISOString(),
+    })
+  } catch (error) {
+    console.error('Error fetching agents:', error)
+    return NextResponse.json({ error: 'Failed to fetch agents' }, { status: 500 })
+  }
+}

admin-compliance/app/api/sdk/agents/sessions/route.ts

@@ -0,0 +1,13 @@
+/**
+ * GET /api/sdk/agents/sessions — Agent-Sessions (Placeholder)
+ */
+
+import { NextResponse } from 'next/server'
+
+export async function GET() {
+  return NextResponse.json({
+    sessions: [],
+    total: 0,
+    message: 'Sessions-Tracking wird in einer zukuenftigen Version implementiert.',
+  })
+}

admin-compliance/app/api/sdk/agents/statistics/route.ts

@@ -0,0 +1,18 @@
+/**
+ * GET /api/sdk/agents/statistics — Agent-Statistiken (Placeholder)
+ */
+
+import { NextResponse } from 'next/server'
+
+export async function GET() {
+  return NextResponse.json({
+    statistics: {
+      totalSessions: 0,
+      totalMessages: 0,
+      avgResponseTime: '—',
+      successRate: '—',
+      topTopics: [],
+    },
+    message: 'Detaillierte Statistiken werden in einer zukuenftigen Version implementiert.',
+  })
+}

admin-compliance/app/api/sdk/compliance-advisor/chat/route.ts

@@ -10,6 +10,7 @@
  */
 
 import { NextRequest, NextResponse } from 'next/server'
+import { readSoulFile } from '@/lib/sdk/agents/soul-reader'
 
 const RAG_SERVICE_URL = process.env.RAG_SERVICE_URL || 'http://rag-service:8097'
 const OLLAMA_URL = process.env.OLLAMA_URL || 'http://host.docker.internal:11434'
@@ -27,85 +28,18 @@ const COMPLIANCE_COLLECTIONS = [
 
 type Country = 'DE' | 'AT' | 'CH' | 'EU'
 
-// SOUL system prompt (from agent-core/soul/compliance-advisor.soul.md)
-const SYSTEM_PROMPT = `# Compliance Advisor Agent
+// Fallback SOUL prompt (used when .soul.md file is unavailable)
+const FALLBACK_SYSTEM_PROMPT = `# Compliance Advisor Agent
 
 ## Identitaet
 Du bist der BreakPilot Compliance-Berater. Du hilfst Nutzern des AI Compliance SDK,
 Datenschutz- und Compliance-Fragen in verstaendlicher Sprache zu beantworten.
-Du bist kein Anwalt und gibst keine Rechtsberatung, sondern orientierst dich an
-offiziellen Quellen und gibst praxisnahe Hinweise.
 
 ## Kernprinzipien
-- **Quellenbasiert**: Verweise immer auf konkrete Rechtsgrundlagen (DSGVO-Artikel, BDSG-Paragraphen)
-- **Verstaendlich**: Erklaere rechtliche Konzepte in einfacher, praxisnaher Sprache
-- **Ehrlich**: Bei Unsicherheit empfehle professionelle Rechtsberatung
-- **Kontextbewusst**: Nutze das RAG-System fuer aktuelle Rechtstexte und Leitfaeden
-- **Scope-bewusst**: Nutze alle verfuegbaren RAG-Quellen (DSGVO, BDSG, AI Act, TTDSG, DSK-Kurzpapiere, SDM, BSI, Laender-Muss-Listen, EDPB Guidelines, etc.) AUSSER NIBIS-Dokumenten.
-
-## Kompetenzbereich
-- DSGVO Art. 1-99 + Erwaegsgruende
-- BDSG (Bundesdatenschutzgesetz)
-- AI Act (EU KI-Verordnung)
-- TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz)
-- ePrivacy-Richtlinie
-- DSK-Kurzpapiere (Nr. 1-20)
-- SDM (Standard-Datenschutzmodell) V3.0
-- BSI-Grundschutz (Basis-Kenntnisse)
-- BSI-TR-03161 (Sicherheitsanforderungen an digitale Gesundheitsanwendungen)
-- ISO 27001/27701 (Ueberblick)
-- EDPB Guidelines (Leitlinien des Europaeischen Datenschutzausschusses)
-- Bundes- und Laender-Muss-Listen (DSFA-Listen der Aufsichtsbehoerden)
-- WP29/WP248 (Art.-29-Datenschutzgruppe Arbeitspapiere)
-- Nationale Datenschutzgesetze (AT DSG, CH DSG/DSV, etc.)
-- EU-Verordnungen (DORA, MiCA, Data Act, EHDS, PSD2, AMLR, etc.)
-- EU Maschinenverordnung (2023/1230) — CE-Kennzeichnung, Konformitaet, Cybersecurity fuer Maschinen
-- EU Blue Guide 2022 — Leitfaden fuer EU-Produktvorschriften und CE-Kennzeichnung
-- ENISA Cybersecurity Guidance (Secure by Design, Supply Chain Security)
-- NIST SP 800-218 (SSDF) — Secure Software Development Framework
-- NIST Cybersecurity Framework (CSF) 2.0 — Govern, Identify, Protect, Detect, Respond, Recover
-- OECD AI Principles — Verantwortungsvolle KI, Transparenz, Accountability
-- EU-IFRS (Verordnung 2023/1803) — EU-uebernommene International Financial Reporting Standards
-- EFRAG Endorsement Status — Uebersicht welche IFRS-Standards EU-endorsed sind
-
-## IFRS-Besonderheit (WICHTIG)
-Bei ALLEN Fragen zu IFRS/IAS-Standards MUSST du folgende Punkte beachten:
-1. Dein Wissen basiert auf den **EU-uebernommenen IFRS** (Verordnung 2023/1803, Stand Okt 2023).
-2. Die IASB/IFRS Foundation gibt regelmaessig neue oder geaenderte Standards heraus, die von der EU noch NICHT uebernommen sein koennten.
-3. Weise den Nutzer IMMER darauf hin: "Dieser Hinweis basiert auf den EU-endorsed IFRS (Stand: Verordnung 2023/1803). Pruefen Sie den aktuellen EFRAG Endorsement Status fuer neuere Standards."
-4. Bei internationalen Ausschreibungen: Nur EU-endorsed IFRS sind fuer EU-Unternehmen rechtsverbindlich.
-5. Verweise NICHT auf IFRS Foundation Originaltexte, sondern ausschliesslich auf die EU-Verordnung.
-
-## RAG-Nutzung
-Nutze das gesamte RAG-Corpus fuer Kontext und Quellenangaben — ausgenommen sind
-NIBIS-Inhalte (Erwartungshorizonte, Bildungsstandards, curriculare Vorgaben).
-Diese gehoeren nicht zum Datenschutz-Kompetenzbereich.
-
-## Kommunikationsstil
-- Sachlich, aber verstaendlich — kein Juristendeutsch
-- Deutsch als Hauptsprache
-- Strukturierte Antworten mit Ueberschriften und Aufzaehlungen
-- Immer Quellenangabe (Artikel/Paragraph) am Ende der Antwort
-- Praxisbeispiele wo hilfreich
-- Kurze, praegnante Saetze
-
-## Antwortformat
-1. Kurze Zusammenfassung (1-2 Saetze)
-2. Detaillierte Erklaerung
-3. Praxishinweise / Handlungsempfehlungen
-4. Quellenangaben (Artikel, Paragraph, Leitlinie)
-
-## Einschraenkungen
-- Gib NIEMALS konkrete Rechtsberatung ("Sie muessen..." -> "Es empfiehlt sich...")
-- Keine Garantien fuer Rechtssicherheit
-- Bei komplexen Einzelfaellen: Empfehle Rechtsanwalt/DSB
-- Keine Aussagen zu laufenden Verfahren oder Bussgeldern
-- Keine Interpretation von Urteilen (nur Verweis)
-
-## Eskalation
-- Bei Fragen ausserhalb des Kompetenzbereichs: Hoeflich ablehnen und auf Fachanwalt verweisen
-- Bei widerspruechlichen Rechtslagen: Beide Positionen darstellen und DSB-Konsultation empfehlen
-- Bei dringenden Datenpannen: Auf 72-Stunden-Frist (Art. 33 DSGVO) hinweisen und Notfallplan-Modul empfehlen`
+- Quellenbasiert: Verweise auf DSGVO-Artikel, BDSG-Paragraphen
+- Verstaendlich: Einfache, praxisnahe Sprache
+- Ehrlich: Bei Unsicherheit empfehle Rechtsberatung
+- Deutsch als Hauptsprache`
 
 const COUNTRY_LABELS: Record<Country, string> = {
   DE: 'Deutschland',
@@ -182,8 +116,7 @@ async function queryMultiCollectionRAG(query: string, country?: Country): Promis
     return topResults
       .map((r, i) => {
         const source = r.source_name || r.source_code || 'Unbekannt'
-        const col = r.collection ? ` [${r.collection}]` : ''
-        return `[Quelle ${i + 1}: ${source}${col}]\n${r.content || ''}`
+        return `[Quelle ${i + 1}: ${source}]\n${r.content || ''}`
       })
       .join('\n\n---\n\n')
   } catch (error) {
@@ -208,7 +141,8 @@ export async function POST(request: NextRequest) {
     const ragContext = await queryMultiCollectionRAG(message, validCountry)
 
     // 2. Build system prompt with RAG context + country
-    let systemContent = SYSTEM_PROMPT
+    const soulPrompt = await readSoulFile('compliance-advisor')
+    let systemContent = soulPrompt || FALLBACK_SYSTEM_PROMPT
 
     if (validCountry) {
       const countryLabel = COUNTRY_LABELS[validCountry]
@@ -244,9 +178,11 @@ Der Nutzer hat "${countryLabel} (${validCountry})" gewaehlt.
         model: LLM_MODEL,
         messages,
         stream: true,
+        think: false,
         options: {
           temperature: 0.3,
-          num_predict: 2048,
+          num_predict: 8192,
+          num_ctx: 8192,
         },
       }),
       signal: AbortSignal.timeout(120000),

admin-compliance/app/api/sdk/drafting-engine/chat/route.ts

@@ -7,56 +7,25 @@
  */
 
 import { NextRequest, NextResponse } from 'next/server'
+import { queryRAG } from '@/lib/sdk/drafting-engine/rag-query'
+import { DOCUMENT_RAG_CONFIG } from '@/lib/sdk/drafting-engine/rag-config'
+import { readSoulFile } from '@/lib/sdk/agents/soul-reader'
+import type { ScopeDocumentType } from '@/lib/sdk/compliance-scope-types'
 
-const KLAUSUR_SERVICE_URL = process.env.KLAUSUR_SERVICE_URL || 'http://klausur-service:8086'
 const OLLAMA_URL = process.env.OLLAMA_URL || 'http://host.docker.internal:11434'
 const LLM_MODEL = process.env.COMPLIANCE_LLM_MODEL || 'qwen2.5vl:32b'
 
-// SOUL System Prompt (from agent-core/soul/drafting-agent.soul.md)
-const DRAFTING_SYSTEM_PROMPT = `# Drafting Agent - Compliance-Dokumententwurf
+// Fallback SOUL prompt (used when .soul.md file is unavailable)
+const FALLBACK_DRAFTING_PROMPT = `# Drafting Agent - Compliance-Dokumententwurf
 
 ## Identitaet
 Du bist der BreakPilot Drafting Agent. Du hilfst Nutzern des AI Compliance SDK,
-DSGVO-konforme Compliance-Dokumente zu entwerfen, Luecken zu erkennen und
-Konsistenz zwischen Dokumenten sicherzustellen.
+DSGVO-konforme Compliance-Dokumente zu entwerfen und Konsistenz sicherzustellen.
 
 ## Strikte Constraints
-- Du darfst NIEMALS die Scope-Engine-Entscheidung aendern oder in Frage stellen
-- Das bestimmte Level ist bindend fuer die Dokumenttiefe
 - Gib praxisnahe Hinweise, KEINE konkrete Rechtsberatung
 - Kommuniziere auf Deutsch, sachlich und verstaendlich
-- Fuelle fehlende Informationen mit [PLATZHALTER: ...] Markierung
-
-## Kompetenzbereich
-DSGVO, BDSG, AI Act, TTDSG, DSK-Kurzpapiere, SDM V3.0, BSI-Grundschutz, ISO 27001/27701, EDPB Guidelines, WP248`
-
-/**
- * Query the RAG corpus for relevant documents
- */
-async function queryRAG(query: string): Promise<string> {
-  try {
-    const url = `${KLAUSUR_SERVICE_URL}/api/v1/dsfa-rag/search?query=${encodeURIComponent(query)}&top_k=3`
-    const res = await fetch(url, {
-      headers: { 'Content-Type': 'application/json' },
-      signal: AbortSignal.timeout(10000),
-    })
-
-    if (!res.ok) return ''
-
-    const data = await res.json()
-    if (data.results?.length > 0) {
-      return data.results
-        .map(
-          (r: { source_name?: string; source_code?: string; content?: string }, i: number) =>
-            `[Quelle ${i + 1}: ${r.source_name || r.source_code || 'Unbekannt'}]\n${r.content || ''}`
-        )
-        .join('\n\n---\n\n')
-    }
-    return ''
-  } catch {
-    return ''
-  }
-}
+- Fuelle fehlende Informationen mit [PLATZHALTER: ...] Markierung`
 
 export async function POST(request: NextRequest) {
   try {
@@ -73,11 +42,14 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: 'Message is required' }, { status: 400 })
     }
 
-    // 1. Query RAG for legal context
-    const ragContext = await queryRAG(message)
+    // 1. Query RAG for legal context (use type-specific collection + query boost if available)
+    const ragConfig = documentType ? DOCUMENT_RAG_CONFIG[documentType as ScopeDocumentType] : undefined
+    const ragQuery = ragConfig ? `${ragConfig.query} ${message}` : message
+    const ragContext = await queryRAG(ragQuery, 3, ragConfig?.collection)
 
     // 2. Build system prompt with mode-specific instructions + state projection
-    let systemContent = DRAFTING_SYSTEM_PROMPT
+    const soulPrompt = await readSoulFile('drafting-agent')
+    let systemContent = soulPrompt || FALLBACK_DRAFTING_PROMPT
 
     // Mode-specific instructions
     const modeInstructions: Record<string, string> = {
@@ -116,9 +88,11 @@ export async function POST(request: NextRequest) {
         model: LLM_MODEL,
         messages,
         stream: true,
+        think: false,
         options: {
           temperature: mode === 'draft' ? 0.2 : 0.3,
           num_predict: mode === 'draft' ? 16384 : 8192,
+          num_ctx: 8192,
         },
       }),
       signal: AbortSignal.timeout(120000),

admin-compliance/app/api/sdk/drafting-engine/draft/route.ts

@@ -31,6 +31,8 @@ import { sanitizeAllowedFacts, validateNoRemainingPII, SanitizationError } from
 import { terminologyToPromptString, styleContractToPromptString } from '@/lib/sdk/drafting-engine/terminology'
 import { executeRepairLoop, type ProseBlockOutput, type RepairAudit } from '@/lib/sdk/drafting-engine/prose-validator'
 import { ProseCacheManager, computeChecksumSync, type CacheKeyParams } from '@/lib/sdk/drafting-engine/cache'
+import { queryRAG } from '@/lib/sdk/drafting-engine/rag-query'
+import { DOCUMENT_RAG_CONFIG } from '@/lib/sdk/drafting-engine/rag-config'
 
 // ============================================================================
 // Shared State
@@ -103,9 +105,18 @@ async function handleV1Draft(body: Record<string, unknown>): Promise<NextRespons
     }, { status: 403 })
   }
 
+  // RAG: Fetch relevant legal context (config-based)
+  const ragCfg = DOCUMENT_RAG_CONFIG[documentType]
+  const ragContext = await queryRAG(ragCfg.query, 3, ragCfg.collection)
+
+  let v1SystemPrompt = V1_SYSTEM_PROMPT
+  if (ragContext) {
+    v1SystemPrompt += `\n\n## Relevanter Rechtskontext\n${ragContext}`
+  }
+
   const draftPrompt = buildPromptForDocumentType(documentType, draftContext, instructions)
   const messages = [
-    { role: 'system', content: V1_SYSTEM_PROMPT },
+    { role: 'system', content: v1SystemPrompt },
     ...(existingDraft ? [{
       role: 'assistant',
       content: `Bisheriger Entwurf:\n${JSON.stringify(existingDraft.sections, null, 2)}`,
@@ -120,7 +131,8 @@ async function handleV1Draft(body: Record<string, unknown>): Promise<NextRespons
       model: LLM_MODEL,
       messages,
       stream: false,
-      options: { temperature: 0.15, num_predict: 16384 },
+      think: false,
+      options: { temperature: 0.15, num_predict: 16384, num_ctx: 8192 },
       format: 'json',
     }),
     signal: AbortSignal.timeout(180000),
@@ -193,6 +205,27 @@ const DOCUMENT_PROSE_BLOCKS: Record<string, Array<{ blockId: string; blockType:
     { blockId: 'lf-intro', blockType: 'introduction', sectionName: 'Einleitung Loeschfristen', targetWords: 100 },
     { blockId: 'lf-conclusion', blockType: 'conclusion', sectionName: 'Fazit Loeschfristen', targetWords: 60 },
   ],
+  av_vertrag: [
+    { blockId: 'av-intro', blockType: 'introduction', sectionName: 'Einleitung Auftragsverarbeitung', targetWords: 130 },
+    { blockId: 'av-conclusion', blockType: 'conclusion', sectionName: 'Fazit Auftragsverarbeitung', targetWords: 80 },
+  ],
+  betroffenenrechte: [
+    { blockId: 'betr-intro', blockType: 'introduction', sectionName: 'Einleitung Betroffenenrechte', targetWords: 120 },
+    { blockId: 'betr-conclusion', blockType: 'conclusion', sectionName: 'Fazit Betroffenenrechte', targetWords: 80 },
+  ],
+  risikoanalyse: [
+    { blockId: 'risk-intro', blockType: 'introduction', sectionName: 'Einleitung Risikoanalyse', targetWords: 130 },
+    { blockId: 'risk-conclusion', blockType: 'conclusion', sectionName: 'Fazit Risikoanalyse', targetWords: 80 },
+  ],
+  notfallplan: [
+    { blockId: 'notfall-intro', blockType: 'introduction', sectionName: 'Einleitung Notfallplan', targetWords: 120 },
+    { blockId: 'notfall-conclusion', blockType: 'conclusion', sectionName: 'Fazit Notfallplan', targetWords: 80 },
+  ],
+  iace_ce_assessment: [
+    { blockId: 'iace-intro', blockType: 'introduction', sectionName: 'Einleitung IACE CE-Bewertung', targetWords: 150 },
+    { blockId: 'iace-appreciation', blockType: 'appreciation', sectionName: 'Wuerdigung bestehender Konformitaetsbewertung', targetWords: 60 },
+    { blockId: 'iace-conclusion', blockType: 'conclusion', sectionName: 'Fazit IACE CE-Bewertung', targetWords: 100 },
+  ],
 }
 
 function buildV2SystemPrompt(
@@ -295,7 +328,8 @@ async function callOllama(systemPrompt: string, userPrompt: string): Promise<str
         { role: 'user', content: userPrompt },
       ],
       stream: false,
-      options: { temperature: 0.15, num_predict: 4096 },
+      think: false,
+      options: { temperature: 0.15, num_predict: 4096, num_ctx: 8192 },
       format: 'json',
     }),
     signal: AbortSignal.timeout(120000),
@@ -368,6 +402,10 @@ async function handleV2Draft(body: Record<string, unknown>): Promise<NextRespons
   // Compute prompt hash for audit
   const promptHash = computeChecksumSync({ factsString, tagsString, termsString, styleString, disallowedString })
 
+  // Step 5b: RAG Legal Context (config-based)
+  const v2RagCfg = DOCUMENT_RAG_CONFIG[documentType]
+  const v2RagContext = await queryRAG(v2RagCfg.query, 3, v2RagCfg.collection)
+
   // Step 6: Generate Prose Blocks (with cache + repair loop)
   const proseBlocks = DOCUMENT_PROSE_BLOCKS[documentType] || DOCUMENT_PROSE_BLOCKS.tom
   const generatedBlocks: ProseBlockOutput[] = []
@@ -399,12 +437,15 @@ async function handleV2Draft(body: Record<string, unknown>): Promise<NextRespons
     }
 
     // Build prompts
-    const systemPrompt = buildV2SystemPrompt(
+    let systemPrompt = buildV2SystemPrompt(
       factsString, tagsString, termsString, styleString, disallowedString,
       sanitizedFacts.companyName,
       blockDef.blockId, blockDef.blockType, blockDef.sectionName,
       documentType, blockDef.targetWords
     )
+    if (v2RagContext) {
+      systemPrompt += `\n\nRECHTSKONTEXT (als Referenz, nicht woertlich uebernehmen):\n${v2RagContext}`
+    }
     const userPrompt = buildBlockSpecificPrompt(
       blockDef.blockType, blockDef.sectionName, documentType
     ) + (instructions ? `\n\nZusaetzliche Anweisungen: ${instructions}` : '')
@@ -550,12 +591,43 @@ async function handleV2Draft(body: Record<string, unknown>): Promise<NextRespons
     cacheStats: proseCache.getStats(),
   }
 
+  // Anti-Fake-Evidence: Truth label for all LLM-generated content
+  const truthLabel = {
+    generation_mode: 'draft_assistance',
+    truth_status: 'generated',
+    may_be_used_as_evidence: false,
+    generated_by: 'system',
+  }
+
+  // Fire-and-forget: persist LLM audit trail to backend
+  try {
+    const BACKEND_URL = process.env.BACKEND_COMPLIANCE_URL || 'http://backend-compliance:8002'
+    fetch(`${BACKEND_URL}/api/compliance/llm-audit`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        entity_type: 'document',
+        entity_id: null,
+        generation_mode: 'draft_assistance',
+        truth_status: 'generated',
+        may_be_used_as_evidence: false,
+        llm_model: LLM_MODEL,
+        llm_provider: 'ollama',
+        input_summary: `${documentType} draft generation`,
+        output_summary: draft?.sections?.length ? `${draft.sections.length} sections generated` : 'draft generated',
+      }),
+    }).catch(() => {/* fire-and-forget */})
+  } catch {
+    // LLM audit persistence failure should not block the response
+  }
+
   return NextResponse.json({
     draft,
     constraintCheck,
     tokensUsed: Math.round(totalTokens),
     pipelineVersion: 'v2',
     auditTrail,
+    truthLabel,
   })
 }
 

admin-compliance/app/api/sdk/drafting-engine/validate/route.ts

@@ -14,6 +14,76 @@ import { buildCrossCheckPrompt } from '@/lib/sdk/drafting-engine/prompts/validat
 const OLLAMA_URL = process.env.OLLAMA_URL || 'http://host.docker.internal:11434'
 const LLM_MODEL = process.env.COMPLIANCE_LLM_MODEL || 'qwen2.5vl:32b'
 
+/**
+ * Anti-Fake-Evidence: Verbotene Formulierungen
+ *
+ * Flags formulations that falsely claim compliance without evidence.
+ * Only allowed when: control_status=pass AND confidence >= E2 AND
+ * truth_status in (validated_internal, accepted_by_auditor).
+ */
+interface EvidenceContext {
+  controlStatus?: string
+  confidenceLevel?: string
+  truthStatus?: string
+}
+
+const FORBIDDEN_PATTERNS: Array<{
+  pattern: RegExp
+  label: string
+  safeAlternative: string
+}> = [
+  { pattern: /ist\s+compliant/gi, label: 'ist compliant', safeAlternative: 'soll compliant sein' },
+  { pattern: /erfüllt\s+vollständig/gi, label: 'erfüllt vollständig', safeAlternative: 'soll vollständig erfüllt werden' },
+  { pattern: /wurde\s+geprüft/gi, label: 'wurde geprüft', safeAlternative: 'soll geprüft werden' },
+  { pattern: /wurde\s+umgesetzt/gi, label: 'wurde umgesetzt', safeAlternative: 'ist zur Umsetzung vorgesehen' },
+  { pattern: /ist\s+auditiert/gi, label: 'ist auditiert', safeAlternative: 'soll auditiert werden' },
+  { pattern: /vollständig\s+implementiert/gi, label: 'vollständig implementiert', safeAlternative: 'Implementierung ist vorgesehen' },
+  { pattern: /nachweislich\s+konform/gi, label: 'nachweislich konform', safeAlternative: 'Konformität ist nachzuweisen' },
+]
+
+const CONFIDENCE_ORDER: Record<string, number> = { E0: 0, E1: 1, E2: 2, E3: 3, E4: 4 }
+const VALID_TRUTH_STATUSES = new Set(['validated_internal', 'accepted_by_auditor'])
+
+function checkForbiddenFormulations(
+  content: string,
+  evidenceContext?: EvidenceContext,
+): ValidationFinding[] {
+  const findings: ValidationFinding[] = []
+
+  if (!content) return findings
+
+  // If evidence context shows sufficient proof, allow the formulations
+  if (evidenceContext) {
+    const { controlStatus, confidenceLevel, truthStatus } = evidenceContext
+    const confLevel = CONFIDENCE_ORDER[confidenceLevel ?? 'E0'] ?? 0
+    if (
+      controlStatus === 'pass' &&
+      confLevel >= CONFIDENCE_ORDER.E2 &&
+      VALID_TRUTH_STATUSES.has(truthStatus ?? '')
+    ) {
+      return findings // Formulations are backed by real evidence
+    }
+  }
+
+  for (const { pattern, label, safeAlternative } of FORBIDDEN_PATTERNS) {
+    // Reset regex state for global patterns
+    pattern.lastIndex = 0
+    if (pattern.test(content)) {
+      findings.push({
+        id: `AFE-FORBIDDEN-${label.replace(/\s+/g, '_').toUpperCase()}`,
+        severity: 'error',
+        category: 'forbidden_formulation' as ValidationFinding['category'],
+        title: `Verbotene Formulierung: "${label}"`,
+        description: `Die Formulierung "${label}" impliziert eine nachgewiesene Compliance, die ohne ausreichenden Nachweis (Evidence >= E2, validiert) nicht verwendet werden darf.`,
+        documentType: 'vvt' as ScopeDocumentType,
+        suggestion: `Verwende stattdessen: "${safeAlternative}"`,
+      })
+    }
+  }
+
+  return findings
+}
+
 /**
  * Stufe 1: Deterministische Pruefung
  */
@@ -84,6 +154,66 @@ function deterministicCheck(
     })
   }
 
+  // Check 5: DSFA ohne VVT-Grundlage
+  if (documentType === 'dsfa' && validationContext.crossReferences.vvtCategories.length === 0) {
+    findings.push({
+      id: 'DET-DSFA-NO-VVT',
+      severity: 'error',
+      category: 'cross_reference',
+      title: 'DSFA ohne VVT-Grundlage',
+      description: 'Eine DSFA setzt ein Verarbeitungsverzeichnis voraus. Ohne VVT fehlt die Uebersicht ueber die betroffenen Verarbeitungstaetigkeiten.',
+      documentType: 'dsfa',
+      crossReferenceType: 'vvt',
+      legalReference: 'Art. 35 i.V.m. Art. 30 DSGVO',
+      suggestion: 'Zuerst ein VVT erstellen, dann die DSFA darauf aufbauen.',
+    })
+  }
+
+  // Check 6: DSFA ohne TOM-Massnahmen
+  if (documentType === 'dsfa' && validationContext.crossReferences.tomControls.length === 0) {
+    findings.push({
+      id: 'DET-DSFA-NO-TOM',
+      severity: 'error',
+      category: 'cross_reference',
+      title: 'DSFA ohne TOM-Massnahmen',
+      description: 'Eine DSFA muss Abhilfemassnahmen enthalten. Ohne TOM-Katalog koennen keine Schutzmassnahmen referenziert werden.',
+      documentType: 'dsfa',
+      crossReferenceType: 'tom',
+      legalReference: 'Art. 35 Abs. 7d DSGVO',
+      suggestion: 'TOM-Massnahmen definieren, bevor die DSFA erstellt wird.',
+    })
+  }
+
+  // Check 7: Datenschutzerklaerung ohne Loeschfristen
+  if (documentType === 'dsi' && validationContext.crossReferences.retentionCategories.length === 0) {
+    findings.push({
+      id: 'DET-DSI-NO-LF',
+      severity: 'warning',
+      category: 'cross_reference',
+      title: 'Datenschutzerklaerung ohne Loeschfristen',
+      description: 'Die Datenschutzerklaerung muss Angaben zur Speicherdauer enthalten. Ohne definierte Loeschfristen fehlt diese Information.',
+      documentType: 'dsi',
+      crossReferenceType: 'lf',
+      legalReference: 'Art. 13 Abs. 2a DSGVO',
+      suggestion: 'Loeschfristen definieren und in der Datenschutzerklaerung referenzieren.',
+    })
+  }
+
+  // Check 8: AVV ohne VVT-Kontext
+  if (documentType === 'av_vertrag' && validationContext.crossReferences.vvtCategories.length === 0) {
+    findings.push({
+      id: 'DET-AV-NO-VVT',
+      severity: 'warning',
+      category: 'cross_reference',
+      title: 'AVV ohne VVT-Kontext',
+      description: 'Ein Auftragsverarbeitungsvertrag sollte auf den im VVT dokumentierten Verarbeitungstaetigkeiten basieren.',
+      documentType: 'av_vertrag',
+      crossReferenceType: 'vvt',
+      legalReference: 'Art. 28 Abs. 3 i.V.m. Art. 30 DSGVO',
+      suggestion: 'VVT erstellen, um die betroffenen Verarbeitungstaetigkeiten fuer den AVV zu identifizieren.',
+    })
+  }
+
   return findings
 }
 
@@ -127,7 +257,8 @@ export async function POST(request: NextRequest) {
             { role: 'user', content: crossCheckPrompt },
           ],
           stream: false,
-          options: { temperature: 0.1, num_predict: 8192 },
+          think: false,
+          options: { temperature: 0.1, num_predict: 8192, num_ctx: 8192 },
           format: 'json',
         }),
         signal: AbortSignal.timeout(120000),
@@ -160,10 +291,18 @@ export async function POST(request: NextRequest) {
       // LLM unavailable, continue with deterministic results only
     }
 
+    // ---------------------------------------------------------------
+    // Stufe 1b: Verbotene Formulierungen (Anti-Fake-Evidence)
+    // ---------------------------------------------------------------
+    const forbiddenFindings = checkForbiddenFormulations(
+      draftContent || '',
+      validationContext.evidenceContext,
+    )
+
     // ---------------------------------------------------------------
     // Combine results
     // ---------------------------------------------------------------
-    const allFindings = [...deterministicFindings, ...llmFindings]
+    const allFindings = [...deterministicFindings, ...forbiddenFindings, ...llmFindings]
     const errors = allFindings.filter(f => f.severity === 'error')
     const warnings = allFindings.filter(f => f.severity === 'warning')
     const suggestions = allFindings.filter(f => f.severity === 'suggestion')

admin-compliance/app/api/sdk/v1/ai-registration/[id]/route.ts

@@ -0,0 +1,47 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_URL = process.env.SDK_URL || 'http://ai-compliance-sdk:8090'
+
+export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const { id } = await params
+    const resp = await fetch(`${SDK_URL}/sdk/v1/ai-registration/${id}`)
+    const data = await resp.json()
+    return NextResponse.json(data)
+  } catch (err) {
+    return NextResponse.json({ error: 'Failed to fetch registration' }, { status: 500 })
+  }
+}
+
+export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const { id } = await params
+    const tenantId = request.headers.get('x-tenant-id') || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+    const body = await request.json()
+    const resp = await fetch(`${SDK_URL}/sdk/v1/ai-registration/${id}`, {
+      method: 'PUT',
+      headers: { 'Content-Type': 'application/json', 'X-Tenant-ID': tenantId },
+      body: JSON.stringify(body),
+    })
+    const data = await resp.json()
+    return NextResponse.json(data, { status: resp.status })
+  } catch (err) {
+    return NextResponse.json({ error: 'Failed to update registration' }, { status: 500 })
+  }
+}
+
+export async function PATCH(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const { id } = await params
+    const body = await request.json()
+    const resp = await fetch(`${SDK_URL}/sdk/v1/ai-registration/${id}/status`, {
+      method: 'PATCH',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    })
+    const data = await resp.json()
+    return NextResponse.json(data, { status: resp.status })
+  } catch (err) {
+    return NextResponse.json({ error: 'Failed to update status' }, { status: 500 })
+  }
+}

admin-compliance/app/api/sdk/v1/ai-registration/route.ts

@@ -0,0 +1,32 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_URL = process.env.SDK_URL || 'http://ai-compliance-sdk:8090'
+
+export async function GET(request: NextRequest) {
+  try {
+    const tenantId = request.headers.get('x-tenant-id') || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+    const resp = await fetch(`${SDK_URL}/sdk/v1/ai-registration`, {
+      headers: { 'X-Tenant-ID': tenantId },
+    })
+    const data = await resp.json()
+    return NextResponse.json(data)
+  } catch (err) {
+    return NextResponse.json({ error: 'Failed to fetch registrations' }, { status: 500 })
+  }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const tenantId = request.headers.get('x-tenant-id') || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+    const body = await request.json()
+    const resp = await fetch(`${SDK_URL}/sdk/v1/ai-registration`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', 'X-Tenant-ID': tenantId },
+      body: JSON.stringify(body),
+    })
+    const data = await resp.json()
+    return NextResponse.json(data, { status: resp.status })
+  } catch (err) {
+    return NextResponse.json({ error: 'Failed to create registration' }, { status: 500 })
+  }
+}

admin-compliance/app/api/sdk/v1/audit-llm/[[...path]]/route.ts

@@ -0,0 +1,108 @@
+/**
+ * LLM Audit API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/audit-llm/* requests to ai-compliance-sdk /sdk/v1/audit/*
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${SDK_BACKEND_URL}/sdk/v1/audit`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    // Handle export endpoints that may return CSV
+    const contentType = response.headers.get('content-type') || ''
+    if (contentType.includes('text/csv') || contentType.includes('application/octet-stream')) {
+      const blob = await response.arrayBuffer()
+      return new NextResponse(blob, {
+        status: response.status,
+        headers: {
+          'Content-Type': contentType,
+          'Content-Disposition': response.headers.get('content-disposition') || 'attachment',
+        },
+      })
+    }
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('LLM Audit API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum SDK Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}

admin-compliance/app/api/sdk/v1/canonical/route.ts

@@ -0,0 +1,349 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: GET /api/sdk/v1/canonical?endpoint=...
+ *
+ * Routes to backend canonical control endpoints:
+ *   endpoint=frameworks   → GET /api/compliance/v1/canonical/frameworks
+ *   endpoint=controls     → GET /api/compliance/v1/canonical/controls(?severity=...&domain=...)
+ *   endpoint=control&id=  → GET /api/compliance/v1/canonical/controls/{id}
+ *   endpoint=sources      → GET /api/compliance/v1/canonical/sources
+ *   endpoint=licenses     → GET /api/compliance/v1/canonical/licenses
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const endpoint = searchParams.get('endpoint') || 'frameworks'
+
+    let backendPath: string
+
+    switch (endpoint) {
+      case 'frameworks':
+        backendPath = '/api/compliance/v1/canonical/frameworks'
+        break
+
+      case 'controls': {
+        const controlParams = new URLSearchParams()
+        const passthrough = ['severity', 'domain', 'release_state', 'verification_method', 'category', 'evidence_type',
+          'target_audience', 'source', 'search', 'control_type', 'exclude_duplicates', 'sort', 'order', 'limit', 'offset']
+        for (const key of passthrough) {
+          const val = searchParams.get(key)
+          if (val) controlParams.set(key, val)
+        }
+        const qs = controlParams.toString()
+        backendPath = `/api/compliance/v1/canonical/controls${qs ? `?${qs}` : ''}`
+        break
+      }
+
+      case 'controls-count': {
+        const countParams = new URLSearchParams()
+        const countPassthrough = ['severity', 'domain', 'release_state', 'verification_method', 'category', 'evidence_type',
+          'target_audience', 'source', 'search', 'control_type', 'exclude_duplicates']
+        for (const key of countPassthrough) {
+          const val = searchParams.get(key)
+          if (val) countParams.set(key, val)
+        }
+        const countQs = countParams.toString()
+        backendPath = `/api/compliance/v1/canonical/controls-count${countQs ? `?${countQs}` : ''}`
+        break
+      }
+
+      case 'controls-meta': {
+        const metaParams = new URLSearchParams()
+        const metaPassthrough = ['severity', 'domain', 'release_state', 'verification_method', 'category', 'evidence_type',
+          'target_audience', 'source', 'search', 'control_type', 'exclude_duplicates']
+        for (const key of metaPassthrough) {
+          const val = searchParams.get(key)
+          if (val) metaParams.set(key, val)
+        }
+        const metaQs = metaParams.toString()
+        backendPath = `/api/compliance/v1/canonical/controls-meta${metaQs ? `?${metaQs}` : ''}`
+        break
+      }
+
+      case 'control': {
+        const controlId = searchParams.get('id')
+        if (!controlId) {
+          return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+        }
+        backendPath = `/api/compliance/v1/canonical/controls/${encodeURIComponent(controlId)}`
+        break
+      }
+
+      case 'sources':
+        backendPath = '/api/compliance/v1/canonical/sources'
+        break
+
+      case 'licenses':
+        backendPath = '/api/compliance/v1/canonical/licenses'
+        break
+
+      // Generator endpoints
+      case 'generate-jobs':
+        backendPath = '/api/compliance/v1/canonical/generate/jobs'
+        break
+
+      case 'generate-status': {
+        const jobId = searchParams.get('jobId')
+        if (!jobId) {
+          return NextResponse.json({ error: 'Missing jobId' }, { status: 400 })
+        }
+        backendPath = `/api/compliance/v1/canonical/generate/status/${encodeURIComponent(jobId)}`
+        break
+      }
+
+      case 'review-queue': {
+        const state = searchParams.get('release_state') || 'needs_review'
+        backendPath = `/api/compliance/v1/canonical/generate/review-queue?release_state=${encodeURIComponent(state)}`
+        break
+      }
+
+      case 'processed-stats':
+        backendPath = '/api/compliance/v1/canonical/generate/processed-stats'
+        break
+
+      case 'categories':
+        backendPath = '/api/compliance/v1/canonical/categories'
+        break
+
+      case 'traceability': {
+        const traceId = searchParams.get('id')
+        if (!traceId) {
+          return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+        }
+        backendPath = `/api/compliance/v1/canonical/controls/${encodeURIComponent(traceId)}/traceability`
+        break
+      }
+
+      case 'provenance': {
+        const provId = searchParams.get('id')
+        if (!provId) {
+          return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+        }
+        backendPath = `/api/compliance/v1/canonical/controls/${encodeURIComponent(provId)}/provenance`
+        break
+      }
+
+      case 'atomic-stats':
+        backendPath = '/api/compliance/v1/canonical/controls/atomic-stats'
+        break
+
+      case 'similar': {
+        const simControlId = searchParams.get('id')
+        if (!simControlId) {
+          return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+        }
+        const simThreshold = searchParams.get('threshold') || '0.85'
+        backendPath = `/api/compliance/v1/canonical/controls/${encodeURIComponent(simControlId)}/similar?threshold=${simThreshold}`
+        break
+      }
+
+      case 'blocked-sources':
+        backendPath = '/api/compliance/v1/canonical/blocked-sources'
+        break
+
+      case 'v1-matches': {
+        const matchId = searchParams.get('id')
+        if (!matchId) {
+          return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+        }
+        backendPath = `/api/compliance/v1/canonical/controls/${encodeURIComponent(matchId)}/v1-matches`
+        break
+      }
+
+      case 'v1-enrichment-stats':
+        backendPath = '/api/compliance/v1/canonical/controls/v1-enrichment-stats'
+        break
+
+      case 'obligation-dedup-stats':
+        backendPath = '/api/compliance/v1/canonical/obligations/dedup-stats'
+        break
+
+      case 'controls-customer': {
+        const custSeverity = searchParams.get('severity')
+        const custDomain = searchParams.get('domain')
+        const custParams = new URLSearchParams()
+        if (custSeverity) custParams.set('severity', custSeverity)
+        if (custDomain) custParams.set('domain', custDomain)
+        const custQs = custParams.toString()
+        backendPath = `/api/compliance/v1/canonical/controls-customer${custQs ? `?${custQs}` : ''}`
+        break
+      }
+
+      default:
+        return NextResponse.json({ error: `Unknown endpoint: ${endpoint}` }, { status: 400 })
+    }
+
+    const response = await fetch(`${BACKEND_URL}${backendPath}`)
+
+    if (!response.ok) {
+      if (response.status === 404) {
+        return NextResponse.json(null, { status: 404 })
+      }
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Canonical control proxy error:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: POST /api/sdk/v1/canonical?endpoint=...
+ *
+ *   endpoint=create-control         → POST /api/compliance/v1/canonical/controls
+ *   endpoint=similarity-check&id=   → POST /api/compliance/v1/canonical/controls/{id}/similarity-check
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const endpoint = searchParams.get('endpoint')
+    const body = await request.json()
+
+    let backendPath: string
+
+    if (endpoint === 'create-control') {
+      backendPath = '/api/compliance/v1/canonical/controls'
+    } else if (endpoint === 'generate') {
+      backendPath = '/api/compliance/v1/canonical/generate'
+    } else if (endpoint === 'review') {
+      const controlId = searchParams.get('id')
+      if (!controlId) {
+        return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+      }
+      backendPath = `/api/compliance/v1/canonical/generate/review/${encodeURIComponent(controlId)}`
+    } else if (endpoint === 'bulk-review') {
+      backendPath = '/api/compliance/v1/canonical/generate/bulk-review'
+    } else if (endpoint === 'blocked-sources-cleanup') {
+      backendPath = '/api/compliance/v1/canonical/blocked-sources/cleanup'
+    } else if (endpoint === 'enrich-v1-matches') {
+      const dryRun = searchParams.get('dry_run') ?? 'true'
+      const batchSize = searchParams.get('batch_size') ?? '100'
+      const enrichOffset = searchParams.get('offset') ?? '0'
+      backendPath = `/api/compliance/v1/canonical/controls/enrich-v1-matches?dry_run=${dryRun}&batch_size=${batchSize}&offset=${enrichOffset}`
+    } else if (endpoint === 'obligation-dedup') {
+      const dryRun = searchParams.get('dry_run') ?? 'true'
+      const batchSize = searchParams.get('batch_size') ?? '0'
+      const dedupOffset = searchParams.get('offset') ?? '0'
+      backendPath = `/api/compliance/v1/canonical/obligations/dedup?dry_run=${dryRun}&batch_size=${batchSize}&offset=${dedupOffset}`
+    } else if (endpoint === 'similarity-check') {
+      const controlId = searchParams.get('id')
+      if (!controlId) {
+        return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+      }
+      backendPath = `/api/compliance/v1/canonical/controls/${encodeURIComponent(controlId)}/similarity-check`
+    } else {
+      return NextResponse.json({ error: `Unknown POST endpoint: ${endpoint}` }, { status: 400 })
+    }
+
+    const response = await fetch(`${BACKEND_URL}${backendPath}`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json(), { status: response.status })
+  } catch (error) {
+    console.error('Canonical control POST proxy error:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: PUT /api/sdk/v1/canonical?endpoint=update-control&id=AUTH-001
+ *
+ * Routes to: PUT /api/compliance/v1/canonical/controls/{id}
+ */
+export async function PUT(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const controlId = searchParams.get('id')
+    if (!controlId) {
+      return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+    }
+
+    const body = await request.json()
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/canonical/controls/${encodeURIComponent(controlId)}`,
+      {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(body),
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Canonical control PUT proxy error:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: DELETE /api/sdk/v1/canonical?id=AUTH-001
+ *
+ * Routes to: DELETE /api/compliance/v1/canonical/controls/{id}
+ */
+export async function DELETE(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const controlId = searchParams.get('id')
+    if (!controlId) {
+      return NextResponse.json({ error: 'Missing control id' }, { status: 400 })
+    }
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/canonical/controls/${encodeURIComponent(controlId)}`,
+      { method: 'DELETE' }
+    )
+
+    if (!response.ok && response.status !== 204) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return new NextResponse(null, { status: 204 })
+  } catch (error) {
+    console.error('Canonical control DELETE proxy error:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/company-profile/route.ts

@@ -0,0 +1,166 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+function getIds(request: NextRequest, body?: Record<string, unknown>) {
+  const { searchParams } = new URL(request.url)
+  const tenantId = searchParams.get('tenant_id') || 'default'
+  const projectId = searchParams.get('project_id') || (body?.project_id as string) || ''
+  const qs = projectId
+    ? `tenant_id=${encodeURIComponent(tenantId)}&project_id=${encodeURIComponent(projectId)}`
+    : `tenant_id=${encodeURIComponent(tenantId)}`
+  return { tenantId, projectId, qs }
+}
+
+/**
+ * Proxy: GET /api/sdk/v1/company-profile → Backend GET /api/v1/company-profile
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { tenantId, qs } = getIds(request)
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/v1/company-profile?${qs}`,
+      {
+        headers: {
+          'X-Tenant-ID': tenantId,
+        },
+      }
+    )
+
+    if (!response.ok) {
+      if (response.status === 404) {
+        return NextResponse.json(null, { status: 404 })
+      }
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to fetch company profile:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: POST /api/sdk/v1/company-profile → Backend POST /api/v1/company-profile
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+    const { tenantId, qs } = getIds(request, body)
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/v1/company-profile?${qs}`,
+      {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-Tenant-ID': tenantId,
+        },
+        body: JSON.stringify(body),
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to save company profile:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: DELETE /api/sdk/v1/company-profile → Backend DELETE /api/v1/company-profile
+ * DSGVO Art. 17 Recht auf Löschung
+ */
+export async function DELETE(request: NextRequest) {
+  try {
+    const { tenantId, qs } = getIds(request)
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/v1/company-profile?${qs}`,
+      {
+        method: 'DELETE',
+        headers: {
+          'X-Tenant-ID': tenantId,
+        },
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to delete company profile:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: PATCH /api/sdk/v1/company-profile → Backend PATCH /api/v1/company-profile
+ * Partial updates for individual fields
+ */
+export async function PATCH(request: NextRequest) {
+  try {
+    const body = await request.json()
+    const { tenantId, qs } = getIds(request, body)
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/v1/company-profile?${qs}`,
+      {
+        method: 'PATCH',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-Tenant-ID': tenantId,
+        },
+        body: JSON.stringify(body),
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to patch company profile:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/compliance-scope/route.ts

@@ -0,0 +1,84 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: GET /api/sdk/v1/compliance-scope → Backend GET /api/v1/compliance-scope
+ * Retrieves the persisted scope decision for a tenant.
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const tenantId = searchParams.get('tenant_id') || 'default'
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/compliance-scope?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        headers: {
+          'Content-Type': 'application/json',
+          'X-Tenant-ID': tenantId,
+        },
+      }
+    )
+
+    if (!response.ok) {
+      if (response.status === 404) {
+        return NextResponse.json(null, { status: 404 })
+      }
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to fetch compliance scope:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: POST /api/sdk/v1/compliance-scope → Backend POST /api/v1/compliance-scope
+ * Persists the scope decision and answers.
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+    const tenantId = body.tenant_id || 'default'
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/v1/compliance-scope?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-Tenant-ID': tenantId,
+        },
+        body: JSON.stringify(body),
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to save compliance scope:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/compliance/[[...path]]/route.ts

@@ -0,0 +1,135 @@
+/**
+ * Compliance API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/compliance/* requests to backend-compliance
+ *
+ * Backend routes: requirements, controls, evidence, risks, audit, ai
+ * All under /api/compliance/ prefix on backend-compliance:8002
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${BACKEND_URL}/api/compliance`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    // Handle PDF/binary responses
+    const contentType = response.headers.get('content-type') || ''
+    if (contentType.includes('application/pdf') || contentType.includes('application/octet-stream')) {
+      const blob = await response.blob()
+      return new NextResponse(blob, {
+        status: response.status,
+        headers: {
+          'Content-Type': contentType,
+          'Content-Disposition': response.headers.get('content-disposition') || '',
+        },
+      })
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Compliance API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum Compliance Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/compliance/evidence-checks/[[...path]]/route.ts

@@ -1,39 +1,52 @@
 /**
- * DSGVO API Proxy - Catch-all route
- * Proxies all /api/sdk/v1/dsgvo/* requests to ai-compliance-sdk backend
+ * Evidence Checks API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/compliance/evidence-checks/* requests to backend-compliance
  */
 
 import { NextRequest, NextResponse } from 'next/server'
 
-const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090'
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
 async function proxyRequest(
   request: NextRequest,
-  pathSegments: string[],
+  pathSegments: string[] | undefined,
   method: string
 ) {
-  const pathStr = pathSegments.join('/')
+  const pathStr = pathSegments?.join('/') || ''
   const searchParams = request.nextUrl.searchParams.toString()
-  const url = `${SDK_BACKEND_URL}/sdk/v1/dsgvo/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+  const basePath = `${BACKEND_URL}/api/compliance/evidence-checks`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
 
   try {
     const headers: HeadersInit = {
       'Content-Type': 'application/json',
+      'X-Tenant-Id': '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e',
+      'X-User-Id': 'admin',
     }
 
-    // Forward auth headers if present
     const authHeader = request.headers.get('authorization')
     if (authHeader) {
       headers['Authorization'] = authHeader
     }
 
+    const tenantHeader = request.headers.get('x-tenant-id')
+    if (tenantHeader) {
+      headers['X-Tenant-Id'] = tenantHeader
+    }
+
+    const userIdHeader = request.headers.get('x-user-id')
+    if (userIdHeader) {
+      headers['X-User-Id'] = userIdHeader
+    }
+
     const fetchOptions: RequestInit = {
       method,
       headers,
       signal: AbortSignal.timeout(30000),
     }
 
-    // Add body for POST/PUT/PATCH methods
     if (['POST', 'PUT', 'PATCH'].includes(method)) {
       const contentType = request.headers.get('content-type')
       if (contentType?.includes('application/json')) {
@@ -43,27 +56,13 @@ async function proxyRequest(
             fetchOptions.body = text
           }
         } catch {
-          // Empty or invalid body - continue without
+          // Empty or invalid body
         }
       }
     }
 
     const response = await fetch(url, fetchOptions)
 
-    // Handle non-JSON responses (e.g., PDF export)
-    const responseContentType = response.headers.get('content-type')
-    if (responseContentType?.includes('application/pdf') ||
-        responseContentType?.includes('application/octet-stream')) {
-      const blob = await response.blob()
-      return new NextResponse(blob, {
-        status: response.status,
-        headers: {
-          'Content-Type': responseContentType,
-          'Content-Disposition': response.headers.get('content-disposition') || '',
-        },
-      })
-    }
-
     if (!response.ok) {
       const errorText = await response.text()
       let errorJson
@@ -81,9 +80,9 @@ async function proxyRequest(
     const data = await response.json()
     return NextResponse.json(data)
   } catch (error) {
-    console.error('DSGVO API proxy error:', error)
+    console.error('Evidence Checks API proxy error:', error)
     return NextResponse.json(
-      { error: 'Verbindung zum SDK Backend fehlgeschlagen' },
+      { error: 'Verbindung zum Backend fehlgeschlagen' },
       { status: 503 }
     )
   }
@@ -91,7 +90,7 @@ async function proxyRequest(
 
 export async function GET(
   request: NextRequest,
-  { params }: { params: Promise<{ path: string[] }> }
+  { params }: { params: Promise<{ path?: string[] }> }
 ) {
   const { path } = await params
   return proxyRequest(request, path, 'GET')
@@ -99,7 +98,7 @@ export async function GET(
 
 export async function POST(
   request: NextRequest,
-  { params }: { params: Promise<{ path: string[] }> }
+  { params }: { params: Promise<{ path?: string[] }> }
 ) {
   const { path } = await params
   return proxyRequest(request, path, 'POST')
@@ -107,7 +106,7 @@ export async function POST(
 
 export async function PUT(
   request: NextRequest,
-  { params }: { params: Promise<{ path: string[] }> }
+  { params }: { params: Promise<{ path?: string[] }> }
 ) {
   const { path } = await params
   return proxyRequest(request, path, 'PUT')
@@ -115,7 +114,7 @@ export async function PUT(
 
 export async function PATCH(
   request: NextRequest,
-  { params }: { params: Promise<{ path: string[] }> }
+  { params }: { params: Promise<{ path?: string[] }> }
 ) {
   const { path } = await params
   return proxyRequest(request, path, 'PATCH')
@@ -123,7 +122,7 @@ export async function PATCH(
 
 export async function DELETE(
   request: NextRequest,
-  { params }: { params: Promise<{ path: string[] }> }
+  { params }: { params: Promise<{ path?: string[] }> }
 ) {
   const { path } = await params
   return proxyRequest(request, path, 'DELETE')

admin-compliance/app/api/sdk/v1/compliance/process-tasks/[[...path]]/route.ts

@@ -0,0 +1,129 @@
+/**
+ * Process Tasks API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/compliance/process-tasks/* requests to backend-compliance
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${BACKEND_URL}/api/compliance/process-tasks`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+      'X-Tenant-Id': '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e',
+      'X-User-Id': 'admin',
+    }
+
+    const authHeader = request.headers.get('authorization')
+    if (authHeader) {
+      headers['Authorization'] = authHeader
+    }
+
+    const tenantHeader = request.headers.get('x-tenant-id')
+    if (tenantHeader) {
+      headers['X-Tenant-Id'] = tenantHeader
+    }
+
+    const userIdHeader = request.headers.get('x-user-id')
+    if (userIdHeader) {
+      headers['X-User-Id'] = userIdHeader
+    }
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(30000),
+    }
+
+    if (['POST', 'PUT', 'PATCH'].includes(method)) {
+      const contentType = request.headers.get('content-type')
+      if (contentType?.includes('application/json')) {
+        try {
+          const text = await request.text()
+          if (text && text.trim()) {
+            fetchOptions.body = text
+          }
+        } catch {
+          // Empty or invalid body
+        }
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Process Tasks API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/consent-templates/[[...path]]/route.ts

@@ -0,0 +1,122 @@
+/**
+ * Consent Templates API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/consent-templates/* requests to backend-compliance
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_API_URL || 'http://backend-compliance:8002'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${BACKEND_URL}/api/compliance/consent-templates`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const authHeader = request.headers.get('authorization')
+    if (authHeader) {
+      headers['Authorization'] = authHeader
+    }
+
+    const tenantHeader = request.headers.get('x-tenant-id')
+    if (tenantHeader) {
+      headers['X-Tenant-ID'] = tenantHeader
+    }
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(30000),
+    }
+
+    if (['POST', 'PUT', 'PATCH'].includes(method)) {
+      const contentType = request.headers.get('content-type')
+      if (contentType?.includes('application/json')) {
+        try {
+          const text = await request.text()
+          if (text && text.trim()) {
+            fetchOptions.body = text
+          }
+        } catch {
+          // Empty or invalid body
+        }
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Consent Templates API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/dsfa/[[...path]]/route.ts

@@ -0,0 +1,123 @@
+/**
+ * DSFA API Proxy — Datenschutz-Folgenabschaetzung (Art. 35 DSGVO)
+ * Proxies /api/sdk/v1/dsfa/* → backend-compliance:8002/api/v1/dsfa/*
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${BACKEND_URL}/api/compliance/dsfa`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId))
+      ? clientUserId
+      : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId))
+      ? clientTenantId
+      : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('DSFA API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum Compliance Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/einwilligungen/catalog/route.ts

@@ -1,255 +1,181 @@
 /**
  * API Route: Datenpunktkatalog
  *
- * GET  - Katalog abrufen (inkl. kundenspezifischer Datenpunkte)
- * POST - Katalog speichern/aktualisieren
+ * Proxies to backend-compliance for DB persistence.
+ * GET  - Katalog abrufen
+ * POST - Katalog speichern (forward as PUT to backend)
+ * PUT  - Katalog-Einzeloperationen (add/update/delete)
  */
 
 import { NextRequest, NextResponse } from 'next/server'
-import {
-  DataPointCatalog,
-  CompanyInfo,
-  CookieBannerConfig,
-  DataPoint,
-} from '@/lib/sdk/einwilligungen/types'
-import { createDefaultCatalog, PREDEFINED_DATA_POINTS } from '@/lib/sdk/einwilligungen/catalog/loader'
 
-// In-Memory Storage (in Produktion: Datenbank)
-const catalogStorage = new Map<string, {
-  catalog: DataPointCatalog
-  companyInfo: CompanyInfo | null
-  cookieBannerConfig: CookieBannerConfig | null
-}>()
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+function getHeaders(request: NextRequest): HeadersInit {
+  const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+  const clientTenantId = request.headers.get('x-tenant-id') || request.headers.get('X-Tenant-ID')
+  const tenantId = (clientTenantId && uuidRegex.test(clientTenantId))
+    ? clientTenantId
+    : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+  return {
+    'Content-Type': 'application/json',
+    'X-Tenant-ID': tenantId,
+  }
+}
 
 /**
  * GET /api/sdk/v1/einwilligungen/catalog
- *
- * Laedt den Datenpunktkatalog fuer einen Tenant
  */
 export async function GET(request: NextRequest) {
   try {
-    const tenantId = request.headers.get('X-Tenant-ID')
+    const headers = getHeaders(request)
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/einwilligungen/catalog`,
+      { method: 'GET', headers, signal: AbortSignal.timeout(30000) }
+    )
 
-    if (!tenantId) {
-      return NextResponse.json(
-        { error: 'Tenant ID required' },
-        { status: 400 }
-      )
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: errorText }, { status: response.status })
     }
 
-    // Hole gespeicherte Daten oder erstelle Default
-    let stored = catalogStorage.get(tenantId)
-
-    if (!stored) {
-      // Erstelle Default-Katalog
-      const defaultCatalog = createDefaultCatalog(tenantId)
-      stored = {
-        catalog: defaultCatalog,
-        companyInfo: null,
-        cookieBannerConfig: null,
-      }
-      catalogStorage.set(tenantId, stored)
-    }
-
-    return NextResponse.json({
-      catalog: stored.catalog,
-      companyInfo: stored.companyInfo,
-      cookieBannerConfig: stored.cookieBannerConfig,
-    })
+    const data = await response.json()
+    return NextResponse.json(data)
   } catch (error) {
     console.error('Error loading catalog:', error)
-    return NextResponse.json(
-      { error: 'Failed to load catalog' },
-      { status: 500 }
-    )
+    return NextResponse.json({ error: 'Failed to load catalog' }, { status: 500 })
   }
 }
 
 /**
  * POST /api/sdk/v1/einwilligungen/catalog
- *
- * Speichert den Datenpunktkatalog fuer einen Tenant
+ * Saves catalog via PUT to backend
  */
 export async function POST(request: NextRequest) {
   try {
-    const tenantId = request.headers.get('X-Tenant-ID')
-
-    if (!tenantId) {
-      return NextResponse.json(
-        { error: 'Tenant ID required' },
-        { status: 400 }
-      )
-    }
-
+    const headers = getHeaders(request)
     const body = await request.json()
-    const { catalog, companyInfo, cookieBannerConfig } = body
 
-    if (!catalog) {
-      return NextResponse.json(
-        { error: 'Catalog data required' },
-        { status: 400 }
-      )
+    // Extract catalog data for backend format
+    const { catalog, companyInfo } = body
+    const backendPayload: Record<string, unknown> = {
+      selected_data_point_ids: catalog?.dataPoints
+        ?.filter((dp: { isActive?: boolean }) => dp.isActive)
+        ?.map((dp: { id: string }) => dp.id) || [],
+      custom_data_points: catalog?.customDataPoints || [],
     }
 
-    // Validiere den Katalog
-    if (!catalog.tenantId || catalog.tenantId !== tenantId) {
-      return NextResponse.json(
-        { error: 'Tenant ID mismatch' },
-        { status: 400 }
-      )
+    const catalogResponse = await fetch(
+      `${BACKEND_URL}/api/compliance/einwilligungen/catalog`,
+      {
+        method: 'PUT',
+        headers,
+        body: JSON.stringify(backendPayload),
+        signal: AbortSignal.timeout(30000),
+      }
+    )
+
+    if (!catalogResponse.ok) {
+      const errorText = await catalogResponse.text()
+      return NextResponse.json({ error: errorText }, { status: catalogResponse.status })
     }
 
-    // Aktualisiere den Katalog
-    const updatedCatalog: DataPointCatalog = {
-      ...catalog,
-      updatedAt: new Date(),
+    // Save company info if provided
+    if (companyInfo) {
+      await fetch(`${BACKEND_URL}/api/compliance/einwilligungen/company`, {
+        method: 'PUT',
+        headers,
+        body: JSON.stringify({ data: companyInfo }),
+        signal: AbortSignal.timeout(30000),
+      })
     }
 
-    // Speichere
-    catalogStorage.set(tenantId, {
-      catalog: updatedCatalog,
-      companyInfo: companyInfo || null,
-      cookieBannerConfig: cookieBannerConfig || null,
-    })
-
-    return NextResponse.json({
-      success: true,
-      catalog: updatedCatalog,
-    })
+    const result = await catalogResponse.json()
+    return NextResponse.json({ success: true, catalog: result })
   } catch (error) {
     console.error('Error saving catalog:', error)
-    return NextResponse.json(
-      { error: 'Failed to save catalog' },
-      { status: 500 }
-    )
+    return NextResponse.json({ error: 'Failed to save catalog' }, { status: 500 })
   }
 }
 
 /**
- * POST /api/sdk/v1/einwilligungen/catalog/customize
- *
- * Fuegt einen kundenspezifischen Datenpunkt hinzu
+ * PUT /api/sdk/v1/einwilligungen/catalog
+ * Katalog-Einzeloperationen (add/update/delete custom data points)
  */
 export async function PUT(request: NextRequest) {
   try {
-    const tenantId = request.headers.get('X-Tenant-ID')
-
-    if (!tenantId) {
-      return NextResponse.json(
-        { error: 'Tenant ID required' },
-        { status: 400 }
-      )
-    }
-
+    const headers = getHeaders(request)
     const body = await request.json()
-    const { action, dataPoint, dataPointId } = body
+    const { action, dataPoint, dataPointId, selectedIds, customDataPoints } = body
 
-    let stored = catalogStorage.get(tenantId)
-
-    if (!stored) {
-      const defaultCatalog = createDefaultCatalog(tenantId)
-      stored = {
-        catalog: defaultCatalog,
-        companyInfo: null,
-        cookieBannerConfig: null,
-      }
+    // For bulk updates (selectedIds + customDataPoints), use upsert
+    if (selectedIds !== undefined || customDataPoints !== undefined) {
+      const response = await fetch(
+        `${BACKEND_URL}/api/compliance/einwilligungen/catalog`,
+        {
+          method: 'PUT',
+          headers,
+          body: JSON.stringify({
+            selected_data_point_ids: selectedIds || [],
+            custom_data_points: customDataPoints || [],
+          }),
+          signal: AbortSignal.timeout(30000),
+        }
+      )
+      const data = await response.json()
+      return NextResponse.json({ success: true, ...data })
     }
 
+    // For individual add/update/delete, fetch current state and modify
+    const currentResponse = await fetch(
+      `${BACKEND_URL}/api/compliance/einwilligungen/catalog`,
+      { method: 'GET', headers, signal: AbortSignal.timeout(30000) }
+    )
+    const current = await currentResponse.json()
+    const currentCustom: unknown[] = current.custom_data_points || []
+    const currentSelected: string[] = current.selected_data_point_ids || []
+
+    let updatedCustom = [...currentCustom]
+    let updatedSelected = [...currentSelected]
+
     switch (action) {
-      case 'add': {
-        if (!dataPoint) {
-          return NextResponse.json(
-            { error: 'Data point required' },
-            { status: 400 }
+      case 'add':
+        if (dataPoint) {
+          updatedCustom.push({ ...dataPoint, id: `custom-${Date.now()}`, isCustom: true })
+        }
+        break
+      case 'update':
+        if (dataPointId && dataPoint) {
+          updatedCustom = updatedCustom.map((dp: unknown) =>
+            (dp as { id: string }).id === dataPointId ? { ...(dp as object), ...dataPoint } : dp
           )
         }
-
-        // Generiere eindeutige ID
-        const newDataPoint: DataPoint = {
-          ...dataPoint,
-          id: `custom-${tenantId}-${Date.now()}`,
-          isCustom: true,
+        break
+      case 'delete':
+        if (dataPointId) {
+          updatedCustom = updatedCustom.filter((dp: unknown) => (dp as { id: string }).id !== dataPointId)
+          updatedSelected = updatedSelected.filter((id) => id !== dataPointId)
         }
-
-        stored.catalog.customDataPoints.push(newDataPoint)
-        stored.catalog.updatedAt = new Date()
-        catalogStorage.set(tenantId, stored)
-
-        return NextResponse.json({
-          success: true,
-          dataPoint: newDataPoint,
-        })
-      }
-
-      case 'update': {
-        if (!dataPointId || !dataPoint) {
-          return NextResponse.json(
-            { error: 'Data point ID and data required' },
-            { status: 400 }
-          )
-        }
-
-        // Pruefe ob es ein kundenspezifischer Datenpunkt ist
-        const customIndex = stored.catalog.customDataPoints.findIndex(
-          (dp) => dp.id === dataPointId
-        )
-
-        if (customIndex !== -1) {
-          stored.catalog.customDataPoints[customIndex] = {
-            ...stored.catalog.customDataPoints[customIndex],
-            ...dataPoint,
-          }
-        } else {
-          // Vordefinierter Datenpunkt - nur isActive aendern
-          const predefinedIndex = stored.catalog.dataPoints.findIndex(
-            (dp) => dp.id === dataPointId
-          )
-          if (predefinedIndex !== -1 && 'isActive' in dataPoint) {
-            stored.catalog.dataPoints[predefinedIndex] = {
-              ...stored.catalog.dataPoints[predefinedIndex],
-              isActive: dataPoint.isActive,
-            }
-          }
-        }
-
-        stored.catalog.updatedAt = new Date()
-        catalogStorage.set(tenantId, stored)
-
-        return NextResponse.json({
-          success: true,
-        })
-      }
-
-      case 'delete': {
-        if (!dataPointId) {
-          return NextResponse.json(
-            { error: 'Data point ID required' },
-            { status: 400 }
-          )
-        }
-
-        stored.catalog.customDataPoints = stored.catalog.customDataPoints.filter(
-          (dp) => dp.id !== dataPointId
-        )
-        stored.catalog.updatedAt = new Date()
-        catalogStorage.set(tenantId, stored)
-
-        return NextResponse.json({
-          success: true,
-        })
-      }
-
-      default:
-        return NextResponse.json(
-          { error: 'Invalid action' },
-          { status: 400 }
-        )
+        break
     }
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/einwilligungen/catalog`,
+      {
+        method: 'PUT',
+        headers,
+        body: JSON.stringify({
+          selected_data_point_ids: updatedSelected,
+          custom_data_points: updatedCustom,
+        }),
+        signal: AbortSignal.timeout(30000),
+      }
+    )
+    const data = await response.json()
+    return NextResponse.json({ success: true, ...data })
   } catch (error) {
     console.error('Error customizing catalog:', error)
-    return NextResponse.json(
-      { error: 'Failed to customize catalog' },
-      { status: 500 }
-    )
+    return NextResponse.json({ error: 'Failed to customize catalog' }, { status: 500 })
   }
 }

admin-compliance/app/api/sdk/v1/einwilligungen/consent/[id]/history/route.ts

@@ -0,0 +1,53 @@
+/**
+ * API Route: Consent History
+ *
+ * GET /api/sdk/v1/einwilligungen/consent/{id}/history
+ * Proxies to backend-compliance: GET /api/compliance/einwilligungen/consents/{id}/history
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+function getTenantId(request: NextRequest): string {
+  const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+  const clientTenantId = request.headers.get('x-tenant-id') || request.headers.get('X-Tenant-ID')
+  return (clientTenantId && uuidRegex.test(clientTenantId))
+    ? clientTenantId
+    : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+}
+
+/**
+ * GET /api/sdk/v1/einwilligungen/consent/{id}/history
+ * Gibt die Änderungshistorie einer Einwilligung zurück.
+ */
+export async function GET(
+  request: NextRequest,
+  { params }: { params: { id: string } }
+) {
+  try {
+    const tenantId = getTenantId(request)
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/einwilligungen/consents/${params.id}/history`,
+      {
+        method: 'GET',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-Tenant-ID': tenantId,
+        },
+        signal: AbortSignal.timeout(30000),
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: errorText }, { status: response.status })
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Error fetching consent history:', error)
+    return NextResponse.json({ error: 'Failed to fetch consent history' }, { status: 500 })
+  }
+}

admin-compliance/app/api/sdk/v1/einwilligungen/consent/route.ts

@@ -1,51 +1,38 @@
 /**
  * API Route: Consent Management
  *
+ * Proxies to backend-compliance for DB persistence.
  * POST - Consent erfassen
- * GET  - Consent-Status abrufen
+ * GET  - Consent-Status und Statistiken abrufen
+ * PUT  - Batch-Update von Consents
  */
 
 import { NextRequest, NextResponse } from 'next/server'
-import {
-  ConsentEntry,
-  ConsentStatistics,
-  DataPointCategory,
-  LegalBasis,
-} from '@/lib/sdk/einwilligungen/types'
-import { PREDEFINED_DATA_POINTS } from '@/lib/sdk/einwilligungen/catalog/loader'
 
-// In-Memory Storage fuer Consents
-const consentStorage = new Map<string, ConsentEntry[]>() // tenantId -> consents
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
 
-// Hilfsfunktion: Generiere eindeutige ID
-function generateId(): string {
-  return `consent-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`
+function getHeaders(request: NextRequest): HeadersInit {
+  const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+  const clientTenantId = request.headers.get('x-tenant-id') || request.headers.get('X-Tenant-ID')
+  const tenantId = (clientTenantId && uuidRegex.test(clientTenantId))
+    ? clientTenantId
+    : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+  return {
+    'Content-Type': 'application/json',
+    'X-Tenant-ID': tenantId,
+  }
 }
 
 /**
  * POST /api/sdk/v1/einwilligungen/consent
- *
  * Erfasst eine neue Einwilligung
- *
- * Body:
- * - userId: string - Benutzer-ID
- * - dataPointId: string - ID des Datenpunkts
- * - granted: boolean - Einwilligung erteilt?
- * - consentVersion?: string - Version der Einwilligung
  */
 export async function POST(request: NextRequest) {
   try {
-    const tenantId = request.headers.get('X-Tenant-ID')
-
-    if (!tenantId) {
-      return NextResponse.json(
-        { error: 'Tenant ID required' },
-        { status: 400 }
-      )
-    }
-
+    const headers = getHeaders(request)
     const body = await request.json()
-    const { userId, dataPointId, granted, consentVersion = '1.0.0' } = body
+    const { userId, dataPointId, granted, consentVersion = '1.0.0', source } = body
 
     if (!userId || !dataPointId || typeof granted !== 'boolean') {
       return NextResponse.json(
@@ -54,316 +41,163 @@ export async function POST(request: NextRequest) {
       )
     }
 
-    // Hole IP und User-Agent
     const ipAddress = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || null
     const userAgent = request.headers.get('user-agent') || null
 
-    // Erstelle Consent-Eintrag
-    const consent: ConsentEntry = {
-      id: generateId(),
-      userId,
-      dataPointId,
-      granted,
-      grantedAt: new Date(),
-      revokedAt: undefined,
-      ipAddress: ipAddress || undefined,
-      userAgent: userAgent || undefined,
-      consentVersion,
-    }
-
-    // Hole bestehende Consents
-    const tenantConsents = consentStorage.get(tenantId) || []
-
-    // Pruefe auf bestehende Einwilligung fuer diesen Datenpunkt
-    const existingIndex = tenantConsents.findIndex(
-      (c) => c.userId === userId && c.dataPointId === dataPointId && !c.revokedAt
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/einwilligungen/consents`,
+      {
+        method: 'POST',
+        headers,
+        body: JSON.stringify({
+          user_id: userId,
+          data_point_id: dataPointId,
+          granted,
+          consent_version: consentVersion,
+          source: source || null,
+          ip_address: ipAddress,
+          user_agent: userAgent,
+        }),
+        signal: AbortSignal.timeout(30000),
+      }
     )
 
-    if (existingIndex !== -1) {
-      if (!granted) {
-        // Widerruf: Setze revokedAt
-        tenantConsents[existingIndex].revokedAt = new Date()
-      }
-      // Bei granted=true: Keine Aenderung noetig, Consent existiert bereits
-    } else if (granted) {
-      // Neuer Consent
-      tenantConsents.push(consent)
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: errorText }, { status: response.status })
     }
 
-    consentStorage.set(tenantId, tenantConsents)
-
+    const data = await response.json()
     return NextResponse.json({
       success: true,
       consent: {
-        id: consent.id,
-        dataPointId: consent.dataPointId,
-        granted: consent.granted,
-        grantedAt: consent.grantedAt,
+        id: data.id,
+        dataPointId: data.data_point_id,
+        granted: data.granted,
+        grantedAt: data.granted_at,
       },
     })
   } catch (error) {
     console.error('Error recording consent:', error)
-    return NextResponse.json(
-      { error: 'Failed to record consent' },
-      { status: 500 }
-    )
+    return NextResponse.json({ error: 'Failed to record consent' }, { status: 500 })
   }
 }
 
 /**
  * GET /api/sdk/v1/einwilligungen/consent
- *
  * Ruft Consent-Status und Statistiken ab
- *
- * Query Parameters:
- * - userId?: string - Fuer spezifischen Benutzer
- * - stats?: boolean - Statistiken inkludieren
  */
 export async function GET(request: NextRequest) {
   try {
-    const tenantId = request.headers.get('X-Tenant-ID')
-
-    if (!tenantId) {
-      return NextResponse.json(
-        { error: 'Tenant ID required' },
-        { status: 400 }
-      )
-    }
-
+    const headers = getHeaders(request)
     const { searchParams } = new URL(request.url)
     const userId = searchParams.get('userId')
     const includeStats = searchParams.get('stats') === 'true'
 
-    const tenantConsents = consentStorage.get(tenantId) || []
-
-    if (userId) {
-      // Spezifischer Benutzer
-      const userConsents = tenantConsents.filter((c) => c.userId === userId)
-
-      // Gruppiere nach Datenpunkt
-      const consentMap: Record<string, { granted: boolean; grantedAt: Date; revokedAt?: Date }> = {}
-      for (const consent of userConsents) {
-        consentMap[consent.dataPointId] = {
-          granted: consent.granted && !consent.revokedAt,
-          grantedAt: consent.grantedAt,
-          revokedAt: consent.revokedAt,
-        }
-      }
-
-      return NextResponse.json({
-        userId,
-        consents: consentMap,
-        totalConsents: Object.keys(consentMap).length,
-        activeConsents: Object.values(consentMap).filter((c) => c.granted).length,
-      })
-    }
-
-    // Statistiken fuer alle Consents
     if (includeStats) {
-      const stats = calculateStatistics(tenantConsents)
-      return NextResponse.json({
-        statistics: stats,
-        recentConsents: tenantConsents
-          .sort((a, b) => new Date(b.grantedAt).getTime() - new Date(a.grantedAt).getTime())
-          .slice(0, 10)
-          .map((c) => ({
-            id: c.id,
-            userId: c.userId.substring(0, 8) + '...', // Anonymisiert
-            dataPointId: c.dataPointId,
-            granted: c.granted,
-            grantedAt: c.grantedAt,
-          })),
-      })
+      const statsResponse = await fetch(
+        `${BACKEND_URL}/api/compliance/einwilligungen/consents/stats`,
+        { method: 'GET', headers, signal: AbortSignal.timeout(30000) }
+      )
+      if (!statsResponse.ok) {
+        return NextResponse.json({ error: 'Failed to fetch stats' }, { status: statsResponse.status })
+      }
+      const stats = await statsResponse.json()
+      return NextResponse.json({ statistics: stats })
     }
 
-    // Standard: Alle Consents (anonymisiert)
+    // Fetch consents — forward pagination params from frontend
+    const limit = searchParams.get('limit') || '50'
+    const offset = searchParams.get('offset') || '0'
+    const queryParams = new URLSearchParams()
+    if (userId) queryParams.set('user_id', userId)
+    queryParams.set('limit', limit)
+    queryParams.set('offset', offset)
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/einwilligungen/consents?${queryParams.toString()}`,
+      { method: 'GET', headers, signal: AbortSignal.timeout(30000) }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: errorText }, { status: response.status })
+    }
+
+    const data = await response.json()
     return NextResponse.json({
-      totalConsents: tenantConsents.length,
-      activeConsents: tenantConsents.filter((c) => c.granted && !c.revokedAt).length,
-      revokedConsents: tenantConsents.filter((c) => c.revokedAt).length,
+      total: data.total || 0,
+      totalConsents: data.total || 0,
+      offset: data.offset || 0,
+      limit: data.limit || parseInt(limit),
+      consents: data.consents || [],
     })
   } catch (error) {
     console.error('Error fetching consents:', error)
-    return NextResponse.json(
-      { error: 'Failed to fetch consents' },
-      { status: 500 }
-    )
+    return NextResponse.json({ error: 'Failed to fetch consents' }, { status: 500 })
   }
 }
 
 /**
  * PUT /api/sdk/v1/einwilligungen/consent
- *
- * Batch-Update von Consents (z.B. Cookie-Banner)
+ * Batch-Update oder Revoke einzelner Consents
  */
 export async function PUT(request: NextRequest) {
   try {
-    const tenantId = request.headers.get('X-Tenant-ID')
-
-    if (!tenantId) {
-      return NextResponse.json(
-        { error: 'Tenant ID required' },
-        { status: 400 }
-      )
-    }
-
+    const headers = getHeaders(request)
     const body = await request.json()
-    const { userId, consents, consentVersion = '1.0.0' } = body
+    const { consentId, action } = body
 
-    if (!userId || !consents || typeof consents !== 'object') {
-      return NextResponse.json(
-        { error: 'userId and consents object required' },
-        { status: 400 }
+    // Single consent revoke
+    if (consentId && action === 'revoke') {
+      const response = await fetch(
+        `${BACKEND_URL}/api/compliance/einwilligungen/consents/${consentId}/revoke`,
+        { method: 'PUT', headers, body: '{}', signal: AbortSignal.timeout(30000) }
       )
+      if (!response.ok) {
+        const errorText = await response.text()
+        return NextResponse.json({ error: errorText }, { status: response.status })
+      }
+      const data = await response.json()
+      return NextResponse.json({ success: true, ...data })
     }
 
-    const ipAddress = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || null
+    // Batch update: { userId, consents: { dataPointId: boolean } }
+    const { userId, consents, consentVersion = '1.0.0' } = body
+    if (!userId || !consents) {
+      return NextResponse.json({ error: 'userId and consents required' }, { status: 400 })
+    }
+
+    const ipAddress = request.headers.get('x-forwarded-for') || null
     const userAgent = request.headers.get('user-agent') || null
+    const results = []
 
-    const tenantConsents = consentStorage.get(tenantId) || []
-    const now = new Date()
-
-    // Verarbeite jeden Consent
     for (const [dataPointId, granted] of Object.entries(consents)) {
       if (typeof granted !== 'boolean') continue
-
-      const existingIndex = tenantConsents.findIndex(
-        (c) => c.userId === userId && c.dataPointId === dataPointId && !c.revokedAt
-      )
-
-      if (existingIndex !== -1) {
-        const existing = tenantConsents[existingIndex]
-        if (existing.granted !== granted) {
-          if (!granted) {
-            // Widerruf
-            tenantConsents[existingIndex].revokedAt = now
-          } else {
-            // Neuer Consent nach Widerruf
-            tenantConsents.push({
-              id: generateId(),
-              userId,
-              dataPointId,
-              granted: true,
-              grantedAt: now,
-              ipAddress: ipAddress || undefined,
-              userAgent: userAgent || undefined,
-              consentVersion,
-            })
-          }
+      const resp = await fetch(
+        `${BACKEND_URL}/api/compliance/einwilligungen/consents`,
+        {
+          method: 'POST',
+          headers,
+          body: JSON.stringify({
+            user_id: userId,
+            data_point_id: dataPointId,
+            granted,
+            consent_version: consentVersion,
+            ip_address: ipAddress,
+            user_agent: userAgent,
+          }),
+          signal: AbortSignal.timeout(30000),
         }
-      } else if (granted) {
-        // Neuer Consent
-        tenantConsents.push({
-          id: generateId(),
-          userId,
-          dataPointId,
-          granted: true,
-          grantedAt: now,
-          ipAddress: ipAddress || undefined,
-          userAgent: userAgent || undefined,
-          consentVersion,
-        })
+      )
+      if (resp.ok) {
+        results.push(await resp.json())
       }
     }
 
-    consentStorage.set(tenantId, tenantConsents)
-
-    // Zaehle aktive Consents fuer diesen User
-    const activeConsents = tenantConsents.filter(
-      (c) => c.userId === userId && c.granted && !c.revokedAt
-    ).length
-
-    return NextResponse.json({
-      success: true,
-      userId,
-      activeConsents,
-      updatedAt: now,
-    })
+    return NextResponse.json({ success: true, userId, updated: results.length })
   } catch (error) {
     console.error('Error updating consents:', error)
-    return NextResponse.json(
-      { error: 'Failed to update consents' },
-      { status: 500 }
-    )
-  }
-}
-
-/**
- * Berechnet Consent-Statistiken
- */
-function calculateStatistics(consents: ConsentEntry[]): ConsentStatistics {
-  const activeConsents = consents.filter((c) => c.granted && !c.revokedAt)
-  const revokedConsents = consents.filter((c) => c.revokedAt)
-
-  // Gruppiere nach Kategorie (18 Kategorien A-R)
-  const byCategory: Record<DataPointCategory, { total: number; active: number; revoked: number }> = {
-    MASTER_DATA: { total: 0, active: 0, revoked: 0 },
-    CONTACT_DATA: { total: 0, active: 0, revoked: 0 },
-    AUTHENTICATION: { total: 0, active: 0, revoked: 0 },
-    CONSENT: { total: 0, active: 0, revoked: 0 },
-    COMMUNICATION: { total: 0, active: 0, revoked: 0 },
-    PAYMENT: { total: 0, active: 0, revoked: 0 },
-    USAGE_DATA: { total: 0, active: 0, revoked: 0 },
-    LOCATION: { total: 0, active: 0, revoked: 0 },
-    DEVICE_DATA: { total: 0, active: 0, revoked: 0 },
-    MARKETING: { total: 0, active: 0, revoked: 0 },
-    ANALYTICS: { total: 0, active: 0, revoked: 0 },
-    SOCIAL_MEDIA: { total: 0, active: 0, revoked: 0 },
-    HEALTH_DATA: { total: 0, active: 0, revoked: 0 },
-    EMPLOYEE_DATA: { total: 0, active: 0, revoked: 0 },
-    CONTRACT_DATA: { total: 0, active: 0, revoked: 0 },
-    LOG_DATA: { total: 0, active: 0, revoked: 0 },
-    AI_DATA: { total: 0, active: 0, revoked: 0 },
-    SECURITY: { total: 0, active: 0, revoked: 0 },
-  }
-
-  for (const consent of consents) {
-    const dataPoint = PREDEFINED_DATA_POINTS.find((dp) => dp.id === consent.dataPointId)
-    if (dataPoint) {
-      byCategory[dataPoint.category].total++
-      if (consent.granted && !consent.revokedAt) {
-        byCategory[dataPoint.category].active++
-      }
-      if (consent.revokedAt) {
-        byCategory[dataPoint.category].revoked++
-      }
-    }
-  }
-
-  // Gruppiere nach Rechtsgrundlage (7 Rechtsgrundlagen)
-  const byLegalBasis: Record<LegalBasis, { total: number; active: number }> = {
-    CONTRACT: { total: 0, active: 0 },
-    CONSENT: { total: 0, active: 0 },
-    EXPLICIT_CONSENT: { total: 0, active: 0 },
-    LEGITIMATE_INTEREST: { total: 0, active: 0 },
-    LEGAL_OBLIGATION: { total: 0, active: 0 },
-    VITAL_INTERESTS: { total: 0, active: 0 },
-    PUBLIC_INTEREST: { total: 0, active: 0 },
-  }
-
-  for (const consent of consents) {
-    const dataPoint = PREDEFINED_DATA_POINTS.find((dp) => dp.id === consent.dataPointId)
-    if (dataPoint) {
-      byLegalBasis[dataPoint.legalBasis].total++
-      if (consent.granted && !consent.revokedAt) {
-        byLegalBasis[dataPoint.legalBasis].active++
-      }
-    }
-  }
-
-  // Berechne Conversion Rate (Unique Users mit mindestens einem Consent)
-  const uniqueUsers = new Set(consents.map((c) => c.userId))
-  const usersWithActiveConsent = new Set(activeConsents.map((c) => c.userId))
-  const conversionRate = uniqueUsers.size > 0
-    ? (usersWithActiveConsent.size / uniqueUsers.size) * 100
-    : 0
-
-  return {
-    totalConsents: consents.length,
-    activeConsents: activeConsents.length,
-    revokedConsents: revokedConsents.length,
-    byCategory,
-    byLegalBasis,
-    conversionRate: Math.round(conversionRate * 10) / 10,
+    return NextResponse.json({ error: 'Failed to update consents' }, { status: 500 })
   }
 }

admin-compliance/app/api/sdk/v1/einwilligungen/cookie-banner/config/route.ts

@@ -1,215 +1,160 @@
 /**
  * API Route: Cookie Banner Configuration
  *
+ * Proxies to backend-compliance for DB persistence.
  * GET  - Cookie Banner Konfiguration abrufen
  * POST - Cookie Banner Konfiguration speichern
+ * PUT  - Einzelne Kategorie aktualisieren
  */
 
 import { NextRequest, NextResponse } from 'next/server'
-import {
-  CookieBannerConfig,
-  CookieBannerStyling,
-  CookieBannerTexts,
-  DataPoint,
-} from '@/lib/sdk/einwilligungen/types'
-import {
-  generateCookieBannerConfig,
-  DEFAULT_COOKIE_BANNER_STYLING,
-  DEFAULT_COOKIE_BANNER_TEXTS,
-} from '@/lib/sdk/einwilligungen/generator/cookie-banner'
-import { PREDEFINED_DATA_POINTS } from '@/lib/sdk/einwilligungen/catalog/loader'
 
-// In-Memory Storage fuer Cookie Banner Configs
-const configStorage = new Map<string, CookieBannerConfig>()
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+function getHeaders(request: NextRequest): HeadersInit {
+  const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+  const clientTenantId = request.headers.get('x-tenant-id') || request.headers.get('X-Tenant-ID')
+  const tenantId = (clientTenantId && uuidRegex.test(clientTenantId))
+    ? clientTenantId
+    : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+  return {
+    'Content-Type': 'application/json',
+    'X-Tenant-ID': tenantId,
+  }
+}
 
 /**
  * GET /api/sdk/v1/einwilligungen/cookie-banner/config
- *
- * Laedt die Cookie Banner Konfiguration fuer einen Tenant
  */
 export async function GET(request: NextRequest) {
   try {
-    const tenantId = request.headers.get('X-Tenant-ID')
+    const headers = getHeaders(request)
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/einwilligungen/cookies`,
+      { method: 'GET', headers, signal: AbortSignal.timeout(30000) }
+    )
 
-    if (!tenantId) {
-      return NextResponse.json(
-        { error: 'Tenant ID required' },
-        { status: 400 }
-      )
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: errorText }, { status: response.status })
     }
 
-    let config = configStorage.get(tenantId)
-
-    if (!config) {
-      // Generiere Default-Konfiguration
-      config = generateCookieBannerConfig(tenantId, PREDEFINED_DATA_POINTS)
-      configStorage.set(tenantId, config)
-    }
-
-    return NextResponse.json(config)
+    const data = await response.json()
+    // Return in the format the frontend expects (CookieBannerConfig-like)
+    return NextResponse.json({
+      categories: data.categories || [],
+      config: data.config || {},
+      updatedAt: data.updated_at,
+    })
   } catch (error) {
     console.error('Error loading cookie banner config:', error)
-    return NextResponse.json(
-      { error: 'Failed to load cookie banner config' },
-      { status: 500 }
-    )
+    return NextResponse.json({ error: 'Failed to load cookie banner config' }, { status: 500 })
   }
 }
 
 /**
  * POST /api/sdk/v1/einwilligungen/cookie-banner/config
- *
- * Speichert oder aktualisiert die Cookie Banner Konfiguration
- *
- * Body:
- * - dataPointIds?: string[] - IDs der Datenpunkte (fuer Neuberechnung)
- * - styling?: Partial<CookieBannerStyling> - Styling-Optionen
- * - texts?: Partial<CookieBannerTexts> - Text-Optionen
- * - customDataPoints?: DataPoint[] - Kundenspezifische Datenpunkte
  */
 export async function POST(request: NextRequest) {
   try {
-    const tenantId = request.headers.get('X-Tenant-ID')
-
-    if (!tenantId) {
-      return NextResponse.json(
-        { error: 'Tenant ID required' },
-        { status: 400 }
-      )
-    }
-
+    const headers = getHeaders(request)
     const body = await request.json()
-    const {
-      dataPointIds,
-      styling,
-      texts,
-      customDataPoints = [],
-    } = body
+    const { categories, config, styling, texts } = body
 
-    // Hole bestehende Konfiguration oder erstelle neue
-    let config = configStorage.get(tenantId)
-
-    if (dataPointIds && Array.isArray(dataPointIds)) {
-      // Neu berechnen basierend auf Datenpunkten
-      const allDataPoints: DataPoint[] = [
-        ...PREDEFINED_DATA_POINTS,
-        ...customDataPoints,
-      ]
-
-      const selectedDataPoints = dataPointIds
-        .map((id: string) => allDataPoints.find((dp) => dp.id === id))
-        .filter((dp): dp is DataPoint => dp !== undefined)
-
-      config = generateCookieBannerConfig(
-        tenantId,
-        selectedDataPoints,
-        texts,
-        styling
-      )
-    } else if (config) {
-      // Nur Styling/Texts aktualisieren
-      if (styling) {
-        config.styling = {
-          ...config.styling,
-          ...styling,
-        }
-      }
-      if (texts) {
-        config.texts = {
-          ...config.texts,
-          ...texts,
-        }
-      }
-      config.updatedAt = new Date()
-    } else {
-      // Erstelle Default
-      config = generateCookieBannerConfig(
-        tenantId,
-        PREDEFINED_DATA_POINTS,
-        texts,
-        styling
-      )
+    const payload = {
+      categories: categories || [],
+      config: { ...(config || {}), styling: styling || {}, texts: texts || {} },
     }
 
-    configStorage.set(tenantId, config)
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/einwilligungen/cookies`,
+      {
+        method: 'PUT',
+        headers,
+        body: JSON.stringify(payload),
+        signal: AbortSignal.timeout(30000),
+      }
+    )
 
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: errorText }, { status: response.status })
+    }
+
+    const data = await response.json()
     return NextResponse.json({
       success: true,
-      config,
+      categories: data.categories || [],
+      config: data.config || {},
+      updatedAt: data.updated_at,
     })
   } catch (error) {
     console.error('Error saving cookie banner config:', error)
-    return NextResponse.json(
-      { error: 'Failed to save cookie banner config' },
-      { status: 500 }
-    )
+    return NextResponse.json({ error: 'Failed to save cookie banner config' }, { status: 500 })
   }
 }
 
 /**
  * PUT /api/sdk/v1/einwilligungen/cookie-banner/config
- *
  * Aktualisiert einzelne Kategorien
  */
 export async function PUT(request: NextRequest) {
   try {
-    const tenantId = request.headers.get('X-Tenant-ID')
-
-    if (!tenantId) {
-      return NextResponse.json(
-        { error: 'Tenant ID required' },
-        { status: 400 }
-      )
-    }
-
+    const headers = getHeaders(request)
     const body = await request.json()
-    const { categoryId, enabled } = body
+    const { categoryId, enabled, categories, config } = body
 
+    // If full categories array is provided, save it directly
+    if (categories !== undefined) {
+      const response = await fetch(
+        `${BACKEND_URL}/api/compliance/einwilligungen/cookies`,
+        {
+          method: 'PUT',
+          headers,
+          body: JSON.stringify({ categories, config: config || {} }),
+          signal: AbortSignal.timeout(30000),
+        }
+      )
+      const data = await response.json()
+      return NextResponse.json({ success: true, ...data })
+    }
+
+    // Single category toggle: fetch current, update, save back
     if (!categoryId || typeof enabled !== 'boolean') {
-      return NextResponse.json(
-        { error: 'categoryId and enabled required' },
-        { status: 400 }
-      )
+      return NextResponse.json({ error: 'categoryId and enabled required' }, { status: 400 })
     }
 
-    let config = configStorage.get(tenantId)
+    const currentResponse = await fetch(
+      `${BACKEND_URL}/api/compliance/einwilligungen/cookies`,
+      { method: 'GET', headers, signal: AbortSignal.timeout(30000) }
+    )
+    const current = await currentResponse.json()
 
-    if (!config) {
-      config = generateCookieBannerConfig(tenantId, PREDEFINED_DATA_POINTS)
-    }
+    const updatedCategories = (current.categories || []).map((cat: { id: string; isRequired?: boolean; defaultEnabled?: boolean }) => {
+      if (cat.id !== categoryId) return cat
+      if (cat.isRequired && !enabled) return cat  // Essential cookies cannot be disabled
+      return { ...cat, defaultEnabled: enabled }
+    })
 
-    // Finde und aktualisiere die Kategorie
-    const categoryIndex = config.categories.findIndex((c) => c.id === categoryId)
-
-    if (categoryIndex === -1) {
-      return NextResponse.json(
-        { error: 'Category not found' },
-        { status: 404 }
-      )
-    }
-
-    // Essenzielle Cookies koennen nicht deaktiviert werden
-    if (config.categories[categoryIndex].isRequired && !enabled) {
-      return NextResponse.json(
-        { error: 'Essential cookies cannot be disabled' },
-        { status: 400 }
-      )
-    }
-
-    config.categories[categoryIndex].defaultEnabled = enabled
-    config.updatedAt = new Date()
-
-    configStorage.set(tenantId, config)
+    const saveResponse = await fetch(
+      `${BACKEND_URL}/api/compliance/einwilligungen/cookies`,
+      {
+        method: 'PUT',
+        headers,
+        body: JSON.stringify({ categories: updatedCategories, config: current.config || {} }),
+        signal: AbortSignal.timeout(30000),
+      }
+    )
 
+    const data = await saveResponse.json()
     return NextResponse.json({
       success: true,
-      category: config.categories[categoryIndex],
+      category: updatedCategories.find((c: { id: string }) => c.id === categoryId),
+      ...data,
     })
   } catch (error) {
     console.error('Error updating cookie category:', error)
-    return NextResponse.json(
-      { error: 'Failed to update cookie category' },
-      { status: 500 }
-    )
+    return NextResponse.json({ error: 'Failed to update cookie category' }, { status: 500 })
   }
 }

admin-compliance/app/api/sdk/v1/einwilligungen/cookie-banner/embed-code/route.ts

@@ -5,20 +5,20 @@
  */
 
 import { NextRequest, NextResponse } from 'next/server'
-import { CookieBannerConfig, CookieBannerEmbedCode } from '@/lib/sdk/einwilligungen/types'
+import { CookieBannerConfig } from '@/lib/sdk/einwilligungen/types'
 import {
   generateCookieBannerConfig,
   generateEmbedCode,
 } from '@/lib/sdk/einwilligungen/generator/cookie-banner'
 import { PREDEFINED_DATA_POINTS } from '@/lib/sdk/einwilligungen/catalog/loader'
 
-// In-Memory Storage (in Produktion mit configStorage aus config/route.ts teilen)
-const configStorage = new Map<string, CookieBannerConfig>()
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+const DEFAULT_TENANT_ID = process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
 
 /**
  * GET /api/sdk/v1/einwilligungen/cookie-banner/embed-code
  *
- * Generiert den Embed-Code fuer den Cookie Banner
+ * Generiert den Embed-Code fuer den Cookie Banner (DB-backed)
  *
  * Query Parameters:
  * - privacyPolicyUrl: string - URL zur Datenschutzerklaerung (default: /datenschutz)
@@ -26,25 +26,37 @@ const configStorage = new Map<string, CookieBannerConfig>()
  */
 export async function GET(request: NextRequest) {
   try {
-    const tenantId = request.headers.get('X-Tenant-ID')
-
-    if (!tenantId) {
-      return NextResponse.json(
-        { error: 'Tenant ID required' },
-        { status: 400 }
-      )
-    }
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientTenantId = request.headers.get('X-Tenant-ID') || request.headers.get('x-tenant-id')
+    const tenantId = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : DEFAULT_TENANT_ID
 
     const { searchParams } = new URL(request.url)
     const privacyPolicyUrl = searchParams.get('privacyPolicyUrl') || '/datenschutz'
     const format = searchParams.get('format') || 'combined'
 
-    // Hole oder erstelle Konfiguration
-    let config = configStorage.get(tenantId)
-
-    if (!config) {
+    // Lade Konfiguration aus DB (Backend), fallback auf generierte Standardkonfiguration
+    let config: CookieBannerConfig
+    try {
+      const configRes = await fetch(
+        `${BACKEND_URL}/api/compliance/einwilligungen/cookies?tenant_id=${tenantId}`,
+        { signal: AbortSignal.timeout(5000) }
+      )
+      if (configRes.ok) {
+        const configData = await configRes.json()
+        config = generateCookieBannerConfig(tenantId, PREDEFINED_DATA_POINTS)
+        if (configData.config && Object.keys(configData.config).length > 0) {
+          const saved = configData.config
+          config = {
+            ...config,
+            styling: { ...config.styling, ...(saved.styling || {}) },
+            texts: { ...config.texts, ...(saved.banner_texts || saved.texts || {}) },
+          }
+        }
+      } else {
+        config = generateCookieBannerConfig(tenantId, PREDEFINED_DATA_POINTS)
+      }
+    } catch {
       config = generateCookieBannerConfig(tenantId, PREDEFINED_DATA_POINTS)
-      configStorage.set(tenantId, config)
     }
 
     // Generiere Embed-Code
@@ -110,6 +122,7 @@ ${embedCode.js}
 `.trim()
 
     return NextResponse.json({
+      embed_code: combinedCode,
       embedCode: combinedCode,
       scriptTag: embedCode.scriptTag,
       config: {
@@ -143,14 +156,9 @@ ${embedCode.js}
  */
 export async function POST(request: NextRequest) {
   try {
-    const tenantId = request.headers.get('X-Tenant-ID')
-
-    if (!tenantId) {
-      return NextResponse.json(
-        { error: 'Tenant ID required' },
-        { status: 400 }
-      )
-    }
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientTenantId = request.headers.get('X-Tenant-ID') || request.headers.get('x-tenant-id')
+    const tenantId = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : DEFAULT_TENANT_ID
 
     const body = await request.json()
     const {
@@ -160,25 +168,13 @@ export async function POST(request: NextRequest) {
       language = 'de',
     } = body
 
-    // Hole oder erstelle Konfiguration
-    let config = configStorage.get(tenantId)
-
-    if (!config) {
-      config = generateCookieBannerConfig(tenantId, PREDEFINED_DATA_POINTS, texts, styling)
-    } else {
-      // Wende temporaere Anpassungen an
-      if (styling) {
-        config = {
-          ...config,
-          styling: { ...config.styling, ...styling },
-        }
-      }
-      if (texts) {
-        config = {
-          ...config,
-          texts: { ...config.texts, ...texts },
-        }
-      }
+    // Erstelle Konfiguration mit optionalen Overrides
+    let config: CookieBannerConfig = generateCookieBannerConfig(tenantId, PREDEFINED_DATA_POINTS, texts, styling)
+    if (styling) {
+      config = { ...config, styling: { ...config.styling, ...styling } }
+    }
+    if (texts) {
+      config = { ...config, texts: { ...config.texts, ...texts } }
     }
 
     const embedCode = generateEmbedCode(config, privacyPolicyUrl)

admin-compliance/app/api/sdk/v1/escalations/[[...path]]/route.ts

@@ -0,0 +1,129 @@
+/**
+ * Escalations API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/escalations/* requests to backend-compliance
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_API_URL || 'http://backend-compliance:8002'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${BACKEND_URL}/api/compliance/escalations`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+      'X-Tenant-Id': '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e',
+      'X-User-Id': 'admin',
+    }
+
+    const authHeader = request.headers.get('authorization')
+    if (authHeader) {
+      headers['Authorization'] = authHeader
+    }
+
+    const tenantHeader = request.headers.get('x-tenant-id')
+    if (tenantHeader) {
+      headers['X-Tenant-Id'] = tenantHeader
+    }
+
+    const userIdHeader = request.headers.get('x-user-id')
+    if (userIdHeader) {
+      headers['X-User-Id'] = userIdHeader
+    }
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(30000),
+    }
+
+    if (['POST', 'PUT', 'PATCH'].includes(method)) {
+      const contentType = request.headers.get('content-type')
+      if (contentType?.includes('application/json')) {
+        try {
+          const text = await request.text()
+          if (text && text.trim()) {
+            fetchOptions.body = text
+          }
+        } catch {
+          // Empty or invalid body
+        }
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Escalations API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/import/[id]/route.ts

@@ -0,0 +1,41 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: DELETE /api/sdk/v1/import/:id → Backend DELETE /api/v1/import/:id
+ */
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const { id } = await params
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/import/${encodeURIComponent(id)}`, {
+      method: 'DELETE',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json({ success: true })
+  } catch (error) {
+    console.error('Failed to delete import:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/import/analyze/route.ts

@@ -0,0 +1,36 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: POST /api/sdk/v1/import/analyze → Backend POST /api/v1/import/analyze
+ * Forwards multipart form data (PDF file upload) to the backend for analysis.
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const formData = await request.formData()
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/import/analyze`, {
+      method: 'POST',
+      body: formData,
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      console.error('Import analyze error:', errorText)
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to call import analyze:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/import/route.ts

@@ -0,0 +1,91 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: GET /api/sdk/v1/import → Backend GET /api/v1/import
+ * Lists imported documents for the current tenant.
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const queryString = searchParams.toString()
+    const url = `${BACKEND_URL}/api/v1/import${queryString ? `?${queryString}` : ''}`
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to fetch imported documents:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: POST /api/sdk/v1/import → Backend POST /api/v1/import/analyze
+ * Uploads a document for gap analysis. Forwards multipart/form-data.
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const contentType = request.headers.get('content-type') || ''
+    const url = `${BACKEND_URL}/api/v1/import/analyze`
+
+    let body: BodyInit
+    const headers: Record<string, string> = {}
+
+    if (contentType.includes('multipart/form-data')) {
+      body = await request.arrayBuffer()
+      headers['Content-Type'] = contentType
+    } else {
+      body = await request.text()
+      headers['Content-Type'] = 'application/json'
+    }
+
+    if (request.headers.get('X-Tenant-ID')) {
+      headers['X-Tenant-ID'] = request.headers.get('X-Tenant-ID') as string
+    }
+
+    const response = await fetch(url, {
+      method: 'POST',
+      headers,
+      body,
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to upload document for import analysis:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/incidents/[[...path]]/route.ts

@@ -1,12 +1,15 @@
 /**
  * Incidents/Breach Management API Proxy - Catch-all route
- * Proxies all /api/sdk/v1/incidents/* requests to ai-compliance-sdk backend
+ * Proxies all /api/sdk/v1/incidents/* requests to backend-compliance (Python)
+ * Python backend is Source of Truth (migrated from Go ai-compliance-sdk)
  * Supports PDF generation for authority notification forms
  */
 
 import { NextRequest, NextResponse } from 'next/server'
 
-const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090'
+const BACKEND_URL = process.env.COMPLIANCE_BACKEND_URL || 'http://backend-compliance:8002'
+const DEFAULT_TENANT_ID = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
+const DEFAULT_USER_ID = 'admin'
 
 async function proxyRequest(
   request: NextRequest,
@@ -15,7 +18,7 @@ async function proxyRequest(
 ) {
   const pathStr = pathSegments?.join('/') || ''
   const searchParams = request.nextUrl.searchParams.toString()
-  const basePath = `${SDK_BACKEND_URL}/sdk/v1/incidents`
+  const basePath = `${BACKEND_URL}/api/compliance/incidents`
   const url = pathStr
     ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
     : `${basePath}${searchParams ? `?${searchParams}` : ''}`
@@ -30,10 +33,8 @@ async function proxyRequest(
       headers['Authorization'] = authHeader
     }
 
-    const tenantHeader = request.headers.get('x-tenant-id')
-    if (tenantHeader) {
-      headers['X-Tenant-Id'] = tenantHeader
-    }
+    headers['X-Tenant-Id'] = request.headers.get('x-tenant-id') || DEFAULT_TENANT_ID
+    headers['X-User-Id'] = request.headers.get('x-user-id') || DEFAULT_USER_ID
 
     const fetchOptions: RequestInit = {
       method,

admin-compliance/app/api/sdk/v1/isms/[[...path]]/route.ts

@@ -0,0 +1,111 @@
+/**
+ * ISMS (ISO 27001) API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/isms/* requests to backend-compliance /api/isms/*
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${BACKEND_URL}/api/compliance/isms`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('ISMS API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum Compliance Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/modules/[moduleId]/activate/route.ts

@@ -0,0 +1,36 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ moduleId: string }> }
+) {
+  try {
+    const { moduleId } = await params
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/modules/${encodeURIComponent(moduleId)}/activate`,
+      {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to activate module:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/modules/[moduleId]/deactivate/route.ts

@@ -0,0 +1,36 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ moduleId: string }> }
+) {
+  try {
+    const { moduleId } = await params
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/modules/${encodeURIComponent(moduleId)}/deactivate`,
+      {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to deactivate module:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/modules/[moduleId]/route.ts

@@ -0,0 +1,45 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: GET /api/sdk/v1/modules/:moduleId → Backend GET /api/modules/:moduleId
+ */
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ moduleId: string }> }
+) {
+  try {
+    const { moduleId } = await params
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/modules/${encodeURIComponent(moduleId)}`,
+      {
+        method: 'GET',
+        headers: {
+          'Content-Type': 'application/json',
+          ...(request.headers.get('X-Tenant-ID') && {
+            'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+          }),
+        },
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to fetch module:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/modules/route.ts

@@ -0,0 +1,94 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy to backend-compliance /api/modules endpoint.
+ * Returns the list of service modules from the database.
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const params = new URLSearchParams()
+
+    // Forward filter params
+    const serviceType = searchParams.get('service_type')
+    const criticality = searchParams.get('criticality')
+    const processesPii = searchParams.get('processes_pii')
+    const aiComponents = searchParams.get('ai_components')
+
+    if (serviceType) params.set('service_type', serviceType)
+    if (criticality) params.set('criticality', criticality)
+    if (processesPii) params.set('processes_pii', processesPii)
+    if (aiComponents) params.set('ai_components', aiComponents)
+
+    const queryString = params.toString()
+    const url = `${BACKEND_URL}/api/compliance/modules${queryString ? `?${queryString}` : ''}`
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      console.error('Backend modules error:', errorText)
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to fetch modules from backend:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: POST /api/sdk/v1/modules → Backend POST /api/modules
+ * Creates a new custom module.
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+
+    const response = await fetch(`${BACKEND_URL}/api/compliance/modules`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+      body: JSON.stringify(body),
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to create module:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/notfallplan/[[...path]]/route.ts

@@ -0,0 +1,122 @@
+/**
+ * Notfallplan API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/notfallplan/* requests to backend-compliance
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_API_URL || 'http://backend-compliance:8002'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${BACKEND_URL}/api/compliance/notfallplan`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const authHeader = request.headers.get('authorization')
+    if (authHeader) {
+      headers['Authorization'] = authHeader
+    }
+
+    const tenantHeader = request.headers.get('x-tenant-id')
+    if (tenantHeader) {
+      headers['X-Tenant-ID'] = tenantHeader
+    }
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(30000),
+    }
+
+    if (['POST', 'PUT', 'PATCH'].includes(method)) {
+      const contentType = request.headers.get('content-type')
+      if (contentType?.includes('application/json')) {
+        try {
+          const text = await request.text()
+          if (text && text.trim()) {
+            fetchOptions.body = text
+          }
+        } catch {
+          // Empty or invalid body
+        }
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Notfallplan API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/portfolio/[[...path]]/route.ts

@@ -0,0 +1,119 @@
+/**
+ * Portfolio API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/portfolio/* requests to ai-compliance-sdk backend
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${SDK_BACKEND_URL}/sdk/v1/portfolios`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Portfolio API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum SDK Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/projects/[projectId]/permanent/route.ts

@@ -0,0 +1,41 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: DELETE /api/sdk/v1/projects/{projectId}/permanent → Backend (hard delete)
+ */
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ projectId: string }> }
+) {
+  try {
+    const { projectId } = await params
+    const tenantId = request.headers.get('X-Tenant-ID') ||
+      new URL(request.url).searchParams.get('tenant_id') || ''
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/projects/${projectId}/permanent?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        method: 'DELETE',
+        headers: { 'X-Tenant-ID': tenantId },
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to permanently delete project:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/projects/[projectId]/restore/route.ts

@@ -0,0 +1,41 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: POST /api/sdk/v1/projects/{projectId}/restore → Backend
+ */
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ projectId: string }> }
+) {
+  try {
+    const { projectId } = await params
+    const tenantId = request.headers.get('X-Tenant-ID') ||
+      new URL(request.url).searchParams.get('tenant_id') || ''
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/projects/${projectId}/restore?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        method: 'POST',
+        headers: { 'X-Tenant-ID': tenantId },
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to restore project:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/projects/[projectId]/route.ts

@@ -0,0 +1,120 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: GET /api/sdk/v1/projects/{projectId} → Backend
+ */
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ projectId: string }> }
+) {
+  try {
+    const { projectId } = await params
+    const tenantId = request.headers.get('X-Tenant-ID') ||
+      new URL(request.url).searchParams.get('tenant_id') || ''
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/projects/${projectId}?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        headers: { 'X-Tenant-ID': tenantId },
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to get project:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: PATCH /api/sdk/v1/projects/{projectId} → Backend
+ */
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ projectId: string }> }
+) {
+  try {
+    const { projectId } = await params
+    const body = await request.json()
+    const tenantId = body.tenant_id || request.headers.get('X-Tenant-ID') || ''
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/projects/${projectId}?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        method: 'PATCH',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-Tenant-ID': tenantId,
+        },
+        body: JSON.stringify(body),
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to update project:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: DELETE /api/sdk/v1/projects/{projectId} → Backend (soft delete)
+ */
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ projectId: string }> }
+) {
+  try {
+    const { projectId } = await params
+    const tenantId = request.headers.get('X-Tenant-ID') ||
+      new URL(request.url).searchParams.get('tenant_id') || ''
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/projects/${projectId}?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        method: 'DELETE',
+        headers: { 'X-Tenant-ID': tenantId },
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to archive project:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/projects/route.ts

@@ -0,0 +1,75 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: GET /api/sdk/v1/projects → Backend GET /api/compliance/v1/projects
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const tenantId = searchParams.get('tenant_id') || request.headers.get('X-Tenant-ID') || ''
+    const includeArchived = searchParams.get('include_archived') || 'false'
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/projects?tenant_id=${encodeURIComponent(tenantId)}&include_archived=${includeArchived}`,
+      {
+        headers: { 'X-Tenant-ID': tenantId },
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to list projects:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: POST /api/sdk/v1/projects → Backend POST /api/compliance/v1/projects
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+    const tenantId = body.tenant_id || request.headers.get('X-Tenant-ID') || ''
+
+    const response = await fetch(
+      `${BACKEND_URL}/api/compliance/v1/projects?tenant_id=${encodeURIComponent(tenantId)}`,
+      {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-Tenant-ID': tenantId,
+        },
+        body: JSON.stringify(body),
+      }
+    )
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    return NextResponse.json(await response.json(), { status: 201 })
+  } catch (error) {
+    console.error('Failed to create project:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/rag/[[...path]]/route.ts

@@ -0,0 +1,100 @@
+/**
+ * RAG API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/rag/* requests to ai-compliance-sdk backend (Port 8090)
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${SDK_BACKEND_URL}/sdk/v1/rag`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const authHeader = request.headers.get('authorization')
+    if (authHeader) {
+      headers['Authorization'] = authHeader
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const userHeader = request.headers.get('x-user-id')
+    headers['X-User-ID'] = (userHeader && uuidRegex.test(userHeader)) ? userHeader : '00000000-0000-0000-0000-000000000001'
+
+    const tenantHeader = request.headers.get('x-tenant-id')
+    headers['X-Tenant-ID'] = (tenantHeader && uuidRegex.test(tenantHeader)) ? tenantHeader : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(30000),
+    }
+
+    if (['POST', 'PUT', 'PATCH'].includes(method)) {
+      const contentType = request.headers.get('content-type')
+      if (contentType?.includes('application/json')) {
+        try {
+          const text = await request.text()
+          if (text && text.trim()) {
+            fetchOptions.body = text
+          }
+        } catch {
+          // Empty or invalid body - continue without
+        }
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('RAG API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum RAG Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}

admin-compliance/app/api/sdk/v1/rbac/[[...path]]/route.ts

@@ -0,0 +1,125 @@
+/**
+ * RBAC Admin API Proxy - Catch-all route
+ * Proxies /api/sdk/v1/rbac/<resource>/... to ai-compliance-sdk /sdk/v1/<resource>/...
+ *
+ * Mapping: /rbac/tenants/... → /sdk/v1/tenants/...
+ *          /rbac/namespaces/... → /sdk/v1/namespaces/...
+ *          /rbac/roles/... → /sdk/v1/roles/...
+ *          /rbac/user-roles/... → /sdk/v1/user-roles/...
+ *          /rbac/permissions/... → /sdk/v1/permissions/...
+ *          /rbac/llm/policies/... → /sdk/v1/llm/policies/...
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  // Path segments come as the full sub-path after /rbac/
+  // e.g. /rbac/tenants/123 → pathSegments = ['tenants', '123']
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const url = `${SDK_BACKEND_URL}/sdk/v1/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('RBAC API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum SDK Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/roadmap-items/[[...path]]/route.ts

@@ -0,0 +1,111 @@
+/**
+ * Roadmap Items API Proxy - Catch-all route
+ * Proxies /api/sdk/v1/roadmap-items/* to ai-compliance-sdk /sdk/v1/roadmap-items/*
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${SDK_BACKEND_URL}/sdk/v1/roadmap-items`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Roadmap Items API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum SDK Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/api/sdk/v1/roadmap/[[...path]]/route.ts

@@ -1,6 +1,6 @@
 /**
- * Vendor Compliance API Proxy - Catch-all route
- * Proxies all /api/sdk/v1/vendors/* requests to ai-compliance-sdk backend
+ * Roadmap API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/roadmap/* requests to ai-compliance-sdk backend
  */
 
 import { NextRequest, NextResponse } from 'next/server'
@@ -14,7 +14,7 @@ async function proxyRequest(
 ) {
   const pathStr = pathSegments?.join('/') || ''
   const searchParams = request.nextUrl.searchParams.toString()
-  const basePath = `${SDK_BACKEND_URL}/sdk/v1/vendors`
+  const basePath = `${SDK_BACKEND_URL}/sdk/v1/roadmaps`
   const url = pathStr
     ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
     : `${basePath}${searchParams ? `?${searchParams}` : ''}`
@@ -24,8 +24,7 @@ async function proxyRequest(
       'Content-Type': 'application/json',
     }
 
-    // Forward all relevant headers
-    const headerNames = ['authorization', 'x-tenant-id', 'x-user-id', 'x-namespace-id', 'x-tenant-slug']
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
     for (const name of headerNames) {
       const value = request.headers.get(name)
       if (value) {
@@ -33,42 +32,27 @@ async function proxyRequest(
       }
     }
 
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
     const fetchOptions: RequestInit = {
       method,
       headers,
-      signal: AbortSignal.timeout(30000),
+      signal: AbortSignal.timeout(60000),
     }
 
-    if (['POST', 'PUT', 'PATCH'].includes(method)) {
-      const contentType = request.headers.get('content-type')
-      if (contentType?.includes('application/json')) {
-        try {
-          const text = await request.text()
-          if (text && text.trim()) {
-            fetchOptions.body = text
-          }
-        } catch {
-          // Empty or invalid body - continue without
-        }
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
       }
     }
 
     const response = await fetch(url, fetchOptions)
 
-    // Handle non-JSON responses (e.g., PDF exports)
-    const responseContentType = response.headers.get('content-type')
-    if (responseContentType?.includes('application/pdf') ||
-        responseContentType?.includes('application/octet-stream')) {
-      const blob = await response.blob()
-      return new NextResponse(blob, {
-        status: response.status,
-        headers: {
-          'Content-Type': responseContentType,
-          'Content-Disposition': response.headers.get('content-disposition') || '',
-        },
-      })
-    }
-
     if (!response.ok) {
       const errorText = await response.text()
       let errorJson
@@ -83,10 +67,22 @@ async function proxyRequest(
       )
     }
 
+    const contentType = response.headers.get('content-type') || ''
+    if (contentType.includes('application/octet-stream') || contentType.includes('text/csv')) {
+      const blob = await response.blob()
+      return new NextResponse(blob, {
+        status: response.status,
+        headers: {
+          'Content-Type': contentType,
+          'Content-Disposition': response.headers.get('content-disposition') || '',
+        },
+      })
+    }
+
     const data = await response.json()
     return NextResponse.json(data)
   } catch (error) {
-    console.error('Vendor Compliance API proxy error:', error)
+    console.error('Roadmap API proxy error:', error)
     return NextResponse.json(
       { error: 'Verbindung zum SDK Backend fehlgeschlagen' },
       { status: 503 }

admin-compliance/app/api/sdk/v1/screening/route.ts

@@ -0,0 +1,91 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: GET /api/sdk/v1/screening → Backend GET /api/v1/screening
+ * Lists screenings for the current tenant.
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const queryString = searchParams.toString()
+    const url = `${BACKEND_URL}/api/v1/screening${queryString ? `?${queryString}` : ''}`
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to fetch screenings:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}
+
+/**
+ * Proxy: POST /api/sdk/v1/screening → Backend POST /api/v1/screening/scan
+ * Uploads a dependency file (package-lock.json, requirements.txt, etc.) for SBOM + vulnerability scan.
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const contentType = request.headers.get('content-type') || ''
+    const url = `${BACKEND_URL}/api/v1/screening/scan`
+
+    let body: BodyInit
+    const headers: Record<string, string> = {}
+
+    if (contentType.includes('multipart/form-data')) {
+      body = await request.arrayBuffer()
+      headers['Content-Type'] = contentType
+    } else {
+      body = await request.text()
+      headers['Content-Type'] = 'application/json'
+    }
+
+    if (request.headers.get('X-Tenant-ID')) {
+      headers['X-Tenant-ID'] = request.headers.get('X-Tenant-ID') as string
+    }
+
+    const response = await fetch(url, {
+      method: 'POST',
+      headers,
+      body,
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to upload file for screening scan:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/screening/scan/route.ts

@@ -0,0 +1,36 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+/**
+ * Proxy: POST /api/sdk/v1/screening/scan → Backend POST /api/v1/screening/scan
+ * Forwards multipart form data (dependency file upload) to the backend for scanning.
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const formData = await request.formData()
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/screening/scan`, {
+      method: 'POST',
+      body: formData,
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      console.error('Screening scan error:', errorText)
+      return NextResponse.json(
+        { error: 'Backend error', details: errorText },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('Failed to call screening scan:', error)
+    return NextResponse.json(
+      { error: 'Failed to connect to backend' },
+      { status: 503 }
+    )
+  }
+}

admin-compliance/app/api/sdk/v1/source-policy/blocked-content/route.ts

@@ -0,0 +1,30 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const queryString = searchParams.toString()
+    const url = `${BACKEND_URL}/api/v1/admin/blocked-content${queryString ? `?${queryString}` : ''}`
+
+    const response = await fetch(url, {
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to fetch blocked content:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}

admin-compliance/app/api/sdk/v1/source-policy/compliance-report/route.ts

@@ -0,0 +1,30 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const queryString = searchParams.toString()
+    const url = `${BACKEND_URL}/api/v1/admin/compliance-report${queryString ? `?${queryString}` : ''}`
+
+    const response = await fetch(url, {
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to fetch compliance report:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}

admin-compliance/app/api/sdk/v1/source-policy/operations-matrix/route.ts

@@ -0,0 +1,26 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+export async function GET(request: NextRequest) {
+  try {
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/operations-matrix`, {
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to fetch operations matrix:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}

admin-compliance/app/api/sdk/v1/source-policy/operations/[id]/route.ts

@@ -0,0 +1,91 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const { id } = await params
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/operations/${encodeURIComponent(id)}`, {
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to fetch operation:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const { id } = await params
+    const body = await request.json()
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/operations/${encodeURIComponent(id)}`, {
+      method: 'PUT',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+      body: JSON.stringify(body),
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to update operation:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const { id } = await params
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/operations/${encodeURIComponent(id)}`, {
+      method: 'DELETE',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to delete operation:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}

admin-compliance/app/api/sdk/v1/source-policy/pii-rules/[id]/route.ts

@@ -0,0 +1,91 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const { id } = await params
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/pii-rules/${encodeURIComponent(id)}`, {
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to fetch PII rule:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const { id } = await params
+    const body = await request.json()
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/pii-rules/${encodeURIComponent(id)}`, {
+      method: 'PUT',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+      body: JSON.stringify(body),
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to update PII rule:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const { id } = await params
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/pii-rules/${encodeURIComponent(id)}`, {
+      method: 'DELETE',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to delete PII rule:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}

admin-compliance/app/api/sdk/v1/source-policy/pii-rules/route.ts

@@ -0,0 +1,53 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+export async function GET(request: NextRequest) {
+  try {
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/pii-rules`, {
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to fetch PII rules:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/pii-rules`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+      body: JSON.stringify(body),
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to create PII rule:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}

admin-compliance/app/api/sdk/v1/source-policy/policy-audit/route.ts

@@ -0,0 +1,30 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const queryString = searchParams.toString()
+    const url = `${BACKEND_URL}/api/v1/admin/policy-audit${queryString ? `?${queryString}` : ''}`
+
+    const response = await fetch(url, {
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to fetch policy audit:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}

admin-compliance/app/api/sdk/v1/source-policy/policy-stats/route.ts

@@ -0,0 +1,26 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+export async function GET(request: NextRequest) {
+  try {
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/policy-stats`, {
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to fetch policy stats:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}

admin-compliance/app/api/sdk/v1/source-policy/sources/[id]/route.ts

@@ -0,0 +1,90 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const { id } = await params
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/sources/${encodeURIComponent(id)}`, {
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to fetch source:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const { id } = await params
+    const body = await request.json()
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/sources/${encodeURIComponent(id)}`, {
+      method: 'PUT',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+      body: JSON.stringify(body),
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to update source:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const { id } = await params
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/sources/${encodeURIComponent(id)}`, {
+      method: 'DELETE',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to delete source:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}

admin-compliance/app/api/sdk/v1/source-policy/sources/route.ts

@@ -0,0 +1,57 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const queryString = searchParams.toString()
+    const url = `${BACKEND_URL}/api/v1/admin/sources${queryString ? `?${queryString}` : ''}`
+
+    const response = await fetch(url, {
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to fetch sources:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+
+    const response = await fetch(`${BACKEND_URL}/api/v1/admin/sources`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(request.headers.get('X-Tenant-ID') && {
+          'X-Tenant-ID': request.headers.get('X-Tenant-ID') as string,
+        }),
+      },
+      body: JSON.stringify(body),
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      return NextResponse.json({ error: 'Backend error', details: errorText }, { status: response.status })
+    }
+
+    return NextResponse.json(await response.json())
+  } catch (error) {
+    console.error('Failed to create source:', error)
+    return NextResponse.json({ error: 'Failed to connect to backend' }, { status: 503 })
+  }
+}

admin-compliance/app/api/sdk/v1/state/route.ts

@@ -1,17 +1,19 @@
 import { NextRequest, NextResponse } from 'next/server'
+import { Pool } from 'pg'
 
 /**
- * SDK State Management API
+ * SDK State Management API (Multi-Project)
  *
- * GET /api/sdk/v1/state?tenantId=xxx - Load state for a tenant
- * POST /api/sdk/v1/state - Save state for a tenant
- * DELETE /api/sdk/v1/state?tenantId=xxx - Clear state for a tenant
+ * GET /api/sdk/v1/state?tenantId=xxx&projectId=yyy - Load state for a tenant+project
+ * POST /api/sdk/v1/state - Save state for a tenant+project
+ * DELETE /api/sdk/v1/state?tenantId=xxx&projectId=yyy - Clear state
  *
  * Features:
  * - Versioning for optimistic locking
  * - Last-Modified headers
  * - ETag support for caching
- * - Prepared for PostgreSQL migration
+ * - PostgreSQL persistence (with InMemory fallback)
+ * - projectId support for multi-project architecture
  */
 
 // =============================================================================
@@ -27,49 +29,36 @@ interface StoredState {
 }
 
 // =============================================================================
-// STORAGE LAYER (Abstract - Easy to swap to PostgreSQL)
+// STORAGE LAYER
 // =============================================================================
 
-/**
- * In-memory storage for development
- * TODO: Replace with PostgreSQL implementation
- *
- * PostgreSQL Schema:
- * CREATE TABLE sdk_states (
- *   id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
- *   tenant_id VARCHAR(255) NOT NULL UNIQUE,
- *   user_id VARCHAR(255),
- *   state JSONB NOT NULL,
- *   version INTEGER DEFAULT 1,
- *   created_at TIMESTAMP DEFAULT NOW(),
- *   updated_at TIMESTAMP DEFAULT NOW()
- * );
- *
- * CREATE INDEX idx_sdk_states_tenant ON sdk_states(tenant_id);
- */
-
 interface StateStore {
-  get(tenantId: string): Promise<StoredState | null>
-  save(tenantId: string, state: unknown, userId?: string, expectedVersion?: number): Promise<StoredState>
-  delete(tenantId: string): Promise<boolean>
+  get(tenantId: string, projectId?: string): Promise<StoredState | null>
+  save(tenantId: string, state: unknown, userId?: string, expectedVersion?: number, projectId?: string): Promise<StoredState>
+  delete(tenantId: string, projectId?: string): Promise<boolean>
 }
 
 class InMemoryStateStore implements StateStore {
   private store: Map<string, StoredState> = new Map()
 
-  async get(tenantId: string): Promise<StoredState | null> {
-    return this.store.get(tenantId) || null
+  private key(tenantId: string, projectId?: string): string {
+    return projectId ? `${tenantId}:${projectId}` : tenantId
+  }
+
+  async get(tenantId: string, projectId?: string): Promise<StoredState | null> {
+    return this.store.get(this.key(tenantId, projectId)) || null
   }
 
   async save(
     tenantId: string,
     state: unknown,
     userId?: string,
-    expectedVersion?: number
+    expectedVersion?: number,
+    projectId?: string
   ): Promise<StoredState> {
-    const existing = this.store.get(tenantId)
+    const k = this.key(tenantId, projectId)
+    const existing = this.store.get(k)
 
-    // Optimistic locking check
     if (expectedVersion !== undefined && existing && existing.version !== expectedVersion) {
       const error = new Error('Version conflict') as Error & { status: number }
       error.status = 409
@@ -90,77 +79,172 @@ class InMemoryStateStore implements StateStore {
       updatedAt: now,
     }
 
-    this.store.set(tenantId, stored)
+    this.store.set(k, stored)
     return stored
   }
 
-  async delete(tenantId: string): Promise<boolean> {
-    return this.store.delete(tenantId)
+  async delete(tenantId: string, projectId?: string): Promise<boolean> {
+    return this.store.delete(this.key(tenantId, projectId))
   }
 }
 
-// Future PostgreSQL implementation would look like:
-// class PostgreSQLStateStore implements StateStore {
-//   private db: Pool
-//
-//   constructor(connectionString: string) {
-//     this.db = new Pool({ connectionString })
-//   }
-//
-//   async get(tenantId: string): Promise<StoredState | null> {
-//     const result = await this.db.query(
-//       'SELECT state, version, user_id, created_at, updated_at FROM sdk_states WHERE tenant_id = $1',
-//       [tenantId]
-//     )
-//     if (result.rows.length === 0) return null
-//     const row = result.rows[0]
-//     return {
-//       state: row.state,
-//       version: row.version,
-//       userId: row.user_id,
-//       createdAt: row.created_at,
-//       updatedAt: row.updated_at,
-//     }
-//   }
-//
-//   async save(tenantId: string, state: unknown, userId?: string, expectedVersion?: number): Promise<StoredState> {
-//     // Use UPSERT with version check
-//     const result = await this.db.query(`
-//       INSERT INTO sdk_states (tenant_id, user_id, state, version)
-//       VALUES ($1, $2, $3, 1)
-//       ON CONFLICT (tenant_id) DO UPDATE SET
-//         state = $3,
-//         user_id = COALESCE($2, sdk_states.user_id),
-//         version = sdk_states.version + 1,
-//         updated_at = NOW()
-//       WHERE ($4::int IS NULL OR sdk_states.version = $4)
-//       RETURNING version, created_at, updated_at
-//     `, [tenantId, userId, JSON.stringify(state), expectedVersion])
-//
-//     if (result.rows.length === 0) {
-//       throw new Error('Version conflict')
-//     }
-//
-//     return {
-//       state,
-//       version: result.rows[0].version,
-//       userId,
-//       createdAt: result.rows[0].created_at,
-//       updatedAt: result.rows[0].updated_at,
-//     }
-//   }
-//
-//   async delete(tenantId: string): Promise<boolean> {
-//     const result = await this.db.query(
-//       'DELETE FROM sdk_states WHERE tenant_id = $1',
-//       [tenantId]
-//     )
-//     return result.rowCount > 0
-//   }
-// }
+class PostgreSQLStateStore implements StateStore {
+  private pool: Pool
 
-// Use in-memory store for now
-const stateStore: StateStore = new InMemoryStateStore()
+  constructor(connectionString: string) {
+    this.pool = new Pool({
+      connectionString,
+      max: 5,
+      // Set search_path for compliance schema
+      options: '-c search_path=compliance,core,public',
+    })
+  }
+
+  async get(tenantId: string, projectId?: string): Promise<StoredState | null> {
+    let result
+    if (projectId) {
+      result = await this.pool.query(
+        'SELECT state, version, user_id, created_at, updated_at FROM sdk_states WHERE tenant_id = $1 AND project_id = $2',
+        [tenantId, projectId]
+      )
+    } else {
+      // Backwards compatibility: find the single active project for this tenant
+      result = await this.pool.query(
+        `SELECT s.state, s.version, s.user_id, s.created_at, s.updated_at
+         FROM sdk_states s
+         LEFT JOIN compliance_projects p ON s.project_id = p.id
+         WHERE s.tenant_id = $1
+           AND (p.status = 'active' OR p.id IS NULL)
+         ORDER BY s.updated_at DESC
+         LIMIT 1`,
+        [tenantId]
+      )
+    }
+    if (result.rows.length === 0) return null
+    const row = result.rows[0]
+    return {
+      state: row.state,
+      version: row.version,
+      userId: row.user_id,
+      createdAt: row.created_at instanceof Date ? row.created_at.toISOString() : row.created_at,
+      updatedAt: row.updated_at instanceof Date ? row.updated_at.toISOString() : row.updated_at,
+    }
+  }
+
+  async save(tenantId: string, state: unknown, userId?: string, expectedVersion?: number, projectId?: string): Promise<StoredState> {
+    const now = new Date().toISOString()
+    const stateWithTimestamp = {
+      ...(state as object),
+      lastModified: now,
+    }
+
+    let result
+
+    if (projectId) {
+      // Multi-project: UPSERT on (tenant_id, project_id)
+      result = await this.pool.query(`
+        INSERT INTO sdk_states (tenant_id, project_id, user_id, state, version, created_at, updated_at)
+        VALUES ($1, $5, $2, $3::jsonb, 1, NOW(), NOW())
+        ON CONFLICT (tenant_id, project_id) DO UPDATE SET
+          state = $3::jsonb,
+          user_id = COALESCE($2, sdk_states.user_id),
+          version = sdk_states.version + 1,
+          updated_at = NOW()
+        WHERE ($4::int IS NULL OR sdk_states.version = $4)
+        RETURNING version, user_id, created_at, updated_at
+      `, [tenantId, userId, JSON.stringify(stateWithTimestamp), expectedVersion ?? null, projectId])
+    } else {
+      // Backwards compatibility: find the single project for this tenant
+      // First try to find an existing project
+      const projectResult = await this.pool.query(
+        `SELECT id FROM compliance_projects WHERE tenant_id = $1 AND status = 'active' ORDER BY created_at ASC LIMIT 1`,
+        [tenantId]
+      )
+
+      if (projectResult.rows.length > 0) {
+        const foundProjectId = projectResult.rows[0].id
+        result = await this.pool.query(`
+          INSERT INTO sdk_states (tenant_id, project_id, user_id, state, version, created_at, updated_at)
+          VALUES ($1, $5, $2, $3::jsonb, 1, NOW(), NOW())
+          ON CONFLICT (tenant_id, project_id) DO UPDATE SET
+            state = $3::jsonb,
+            user_id = COALESCE($2, sdk_states.user_id),
+            version = sdk_states.version + 1,
+            updated_at = NOW()
+          WHERE ($4::int IS NULL OR sdk_states.version = $4)
+          RETURNING version, user_id, created_at, updated_at
+        `, [tenantId, userId, JSON.stringify(stateWithTimestamp), expectedVersion ?? null, foundProjectId])
+      } else {
+        // No project exists — create a default one
+        const newProject = await this.pool.query(
+          `INSERT INTO compliance_projects (tenant_id, name, customer_type, status)
+           VALUES ($1, 'Projekt 1', 'new', 'active')
+           RETURNING id`,
+          [tenantId]
+        )
+        const newProjectId = newProject.rows[0].id
+        result = await this.pool.query(`
+          INSERT INTO sdk_states (tenant_id, project_id, user_id, state, version, created_at, updated_at)
+          VALUES ($1, $5, $2, $3::jsonb, 1, NOW(), NOW())
+          ON CONFLICT (tenant_id, project_id) DO UPDATE SET
+            state = $3::jsonb,
+            user_id = COALESCE($2, sdk_states.user_id),
+            version = sdk_states.version + 1,
+            updated_at = NOW()
+          WHERE ($4::int IS NULL OR sdk_states.version = $4)
+          RETURNING version, user_id, created_at, updated_at
+        `, [tenantId, userId, JSON.stringify(stateWithTimestamp), expectedVersion ?? null, newProjectId])
+      }
+    }
+
+    if (result.rows.length === 0) {
+      const error = new Error('Version conflict') as Error & { status: number }
+      error.status = 409
+      throw error
+    }
+
+    const row = result.rows[0]
+    return {
+      state: stateWithTimestamp,
+      version: row.version,
+      userId: row.user_id,
+      createdAt: row.created_at instanceof Date ? row.created_at.toISOString() : row.created_at,
+      updatedAt: row.updated_at instanceof Date ? row.updated_at.toISOString() : row.updated_at,
+    }
+  }
+
+  async delete(tenantId: string, projectId?: string): Promise<boolean> {
+    let result
+    if (projectId) {
+      result = await this.pool.query(
+        'DELETE FROM sdk_states WHERE tenant_id = $1 AND project_id = $2',
+        [tenantId, projectId]
+      )
+    } else {
+      result = await this.pool.query(
+        'DELETE FROM sdk_states WHERE tenant_id = $1',
+        [tenantId]
+      )
+    }
+    return (result.rowCount ?? 0) > 0
+  }
+}
+
+// =============================================================================
+// STORE INITIALIZATION
+// =============================================================================
+
+function createStateStore(): StateStore {
+  const databaseUrl = process.env.DATABASE_URL
+  if (databaseUrl) {
+    console.log('[SDK State] Using PostgreSQL state store')
+    return new PostgreSQLStateStore(databaseUrl)
+  }
+  console.log('[SDK State] Using in-memory state store (no DATABASE_URL)')
+  return new InMemoryStateStore()
+}
+
+const stateStore: StateStore = createStateStore()
 
 // =============================================================================
 // HELPER FUNCTIONS
@@ -178,6 +262,7 @@ export async function GET(request: NextRequest) {
   try {
     const { searchParams } = new URL(request.url)
     const tenantId = searchParams.get('tenantId')
+    const projectId = searchParams.get('projectId') || undefined
 
     if (!tenantId) {
       return NextResponse.json(
@@ -186,7 +271,7 @@ export async function GET(request: NextRequest) {
       )
     }
 
-    const stored = await stateStore.get(tenantId)
+    const stored = await stateStore.get(tenantId, projectId)
 
     if (!stored) {
       return NextResponse.json(
@@ -208,6 +293,7 @@ export async function GET(request: NextRequest) {
         success: true,
         data: {
           tenantId,
+          projectId: projectId || null,
           state: stored.state,
           version: stored.version,
           lastModified: stored.updatedAt,
@@ -233,7 +319,7 @@ export async function GET(request: NextRequest) {
 export async function POST(request: NextRequest) {
   try {
     const body = await request.json()
-    const { tenantId, state, version } = body
+    const { tenantId, state, version, projectId } = body
 
     if (!tenantId) {
       return NextResponse.json(
@@ -253,7 +339,7 @@ export async function POST(request: NextRequest) {
     const ifMatch = request.headers.get('If-Match')
     const expectedVersion = ifMatch ? parseInt(ifMatch, 10) : version
 
-    const stored = await stateStore.save(tenantId, state, body.userId, expectedVersion)
+    const stored = await stateStore.save(tenantId, state, body.userId, expectedVersion, projectId || undefined)
 
     const etag = generateETag(stored.version, stored.updatedAt)
 
@@ -262,6 +348,7 @@ export async function POST(request: NextRequest) {
         success: true,
         data: {
           tenantId,
+          projectId: projectId || null,
           state: stored.state,
           version: stored.version,
           lastModified: stored.updatedAt,
@@ -301,6 +388,7 @@ export async function DELETE(request: NextRequest) {
   try {
     const { searchParams } = new URL(request.url)
     const tenantId = searchParams.get('tenantId')
+    const projectId = searchParams.get('projectId') || undefined
 
     if (!tenantId) {
       return NextResponse.json(
@@ -309,7 +397,7 @@ export async function DELETE(request: NextRequest) {
       )
     }
 
-    const deleted = await stateStore.delete(tenantId)
+    const deleted = await stateStore.delete(tenantId, projectId)
 
     if (!deleted) {
       return NextResponse.json(