# admin-compliance

Next.js 15 dashboard for BreakPilot Compliance — SDK module UI, company profile, DSR, DSFA, VVT, TOM, consent, AI Act, training, audit, change requests, etc. Also hosts 96+ API routes that proxy/orchestrate backend services.

**Port:** `3007` (container: `bp-compliance-admin`)
**Stack:** Next.js 15 App Router, React 18, TailwindCSS, TypeScript strict.

## Architecture (target — Phase 3)

```
app/
├── <route>/
│   ├── page.tsx              # Server Component (≤200 LOC)
│   ├── _components/          # Colocated UI, each ≤300 LOC
│   ├── _hooks/               # Client hooks
│   └── _server/              # Server actions
├── api/<domain>/route.ts     # Thin handlers → lib/server/<domain>/
lib/
├── <domain>/                 # Pure helpers, zod schemas
└── server/<domain>/          # "server-only" logic
components/                   # App-wide shared UI
```

See `../AGENTS.typescript.md`.

## Run locally

```bash
cd admin-compliance
npm install
npm run dev          # http://localhost:3007
```

## Tests

```bash
npm test                      # Vitest unit + component tests
npx playwright test           # E2E
npx tsc --noEmit              # Type-check
npx next lint
```

## Known debt (Phase 3 targets)

- `app/sdk/company-profile/page.tsx` (3017 LOC), `tom-generator/controls/loader.ts` (2521), `lib/sdk/types.ts` (2511), `app/sdk/loeschfristen/page.tsx` (2322), `app/sdk/dsb-portal/page.tsx` (2068) — all must be split.
- 0 test files for 182 monolithic pages. Phase 3 adds Playwright smoke + Vitest unit coverage.

## Don't touch

- Backend API paths without updating `backend-compliance/` in the same change.
- `lib/sdk/types.ts` in large contiguous chunks — it's being domain-split.