fix: Restore all files lost during destructive rebase

A previous `git pull --rebase origin main` dropped 177 local commits,
losing 3400+ files across admin-v2, backend, studio-v2, website,
klausur-service, and many other services. The partial restore attempt
(660295e2) only recovered some files.

This commit restores all missing files from pre-rebase ref 98933f5e
while preserving post-rebase additions (night-scheduler, night-mode UI,
NightModeWidget dashboard integration).

Restored features include:
- AI Module Sidebar (FAB), OCR Labeling, OCR Compare
- GPU Dashboard, RAG Pipeline, Magic Help
- Klausur-Korrektur (8 files), Abitur-Archiv (5+ files)
- Companion, Zeugnisse-Crawler, Screen Flow
- Full backend, studio-v2, website, klausur-service
- All compliance SDKs, agent-core, voice-service
- CI/CD configs, documentation, scripts

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

breakpilot-compliance-sdk/legal-corpus/README.md

@@ -0,0 +1,98 @@
+# BreakPilot Compliance SDK - Legal Corpus
+
+Pre-indexed legal documents for the RAG system.
+
+## EU Regulations
+
+| Document | Chunks | Description |
+|----------|--------|-------------|
+| DSGVO (GDPR) | ~99 | EU General Data Protection Regulation |
+| AI Act | ~85 | EU Artificial Intelligence Act |
+| NIS2 | ~46 | Network and Information Security Directive |
+| ePrivacy | ~32 | ePrivacy Directive (Cookie Directive) |
+| CRA | ~41 | Cyber Resilience Act |
+| EUCSA | ~28 | EU Cybersecurity Act |
+| Data Act | ~35 | EU Data Act |
+| DGA | ~25 | Data Governance Act |
+| DSA | ~52 | Digital Services Act |
+| DMA | ~38 | Digital Markets Act |
+| EAA | ~22 | European Accessibility Act |
+| SCC | ~18 | Standard Contractual Clauses |
+| DPF | ~15 | EU-US Data Privacy Framework |
+
+## German Regulations
+
+| Document | Chunks | Description |
+|----------|--------|-------------|
+| TDDDG | ~28 | Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz |
+| TTDSG | ~24 | Telekommunikation-Telemedien-Datenschutz-Gesetz |
+| BDSG | ~45 | Bundesdatenschutzgesetz |
+| IT-SiG | ~32 | IT-Sicherheitsgesetz |
+| BSI-KritisV | ~28 | BSI-Kritisverordnung |
+
+## Directory Structure
+
+```
+legal-corpus/
+├── eu/
+│   ├── dsgvo/
+│   │   ├── articles/
+│   │   ├── recitals/
+│   │   └── metadata.json
+│   ├── ai-act/
+│   ├── nis2/
+│   ├── eprivacy/
+│   ├── cra/
+│   ├── eucsa/
+│   ├── data-act/
+│   ├── dga/
+│   ├── dsa/
+│   ├── dma/
+│   ├── eaa/
+│   ├── scc/
+│   └── dpf/
+├── de/
+│   ├── tdddg/
+│   ├── ttdsg/
+│   ├── bdsg/
+│   ├── it-sig/
+│   └── bsi-kritisv/
+└── embeddings/
+    └── (generated vector embeddings)
+```
+
+## Indexing
+
+Documents are automatically indexed on first startup of the RAG service.
+
+To manually re-index:
+
+```bash
+# Via CLI
+breakpilot-cli index --all
+
+# Via API
+POST /api/v1/rag/index
+```
+
+## Adding Custom Documents
+
+Organizations can add their own internal documents:
+
+```bash
+# Upload via CLI
+breakpilot-cli upload --file policy.pdf --category internal
+
+# Via API
+POST /api/v1/rag/documents
+Content-Type: multipart/form-data
+```
+
+## Embedding Model
+
+Default: `bge-m3` via Ollama
+
+Supports:
+- German legal terminology
+- Multi-lingual (DE/EN)
+- High-quality semantic search

breakpilot-compliance-sdk/legal-corpus/de/tdddg/metadata.json

@@ -0,0 +1,53 @@
+{
+  "id": "tdddg",
+  "name": "Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz",
+  "nameEn": "Telecommunications Digital Services Data Protection Act",
+  "abbreviation": "TDDDG",
+  "type": "law",
+  "jurisdiction": "DE",
+  "effectiveDate": "2024-12-13",
+  "officialReference": "BGBl. 2024 I Nr. 383",
+  "articles": 31,
+  "estimatedChunks": 28,
+  "language": "de",
+  "topics": [
+    "telecommunications",
+    "digital-services",
+    "cookies",
+    "tracking",
+    "end-user-privacy"
+  ],
+  "keyArticles": [
+    {
+      "article": 2,
+      "title": "Anwendungsbereich",
+      "importance": "high"
+    },
+    {
+      "article": 4,
+      "title": "Schutz der Privatsphaere",
+      "importance": "critical"
+    },
+    {
+      "article": 6,
+      "title": "Einwilligung",
+      "importance": "critical"
+    },
+    {
+      "article": 7,
+      "title": "Anerkannte Dienste zur Einwilligungsverwaltung",
+      "importance": "high"
+    },
+    {
+      "article": 8,
+      "title": "Technische und organisatorische Massnahmen",
+      "importance": "high"
+    }
+  ],
+  "replacedBy": null,
+  "replaces": ["ttdsg"],
+  "relatedRegulations": [
+    "dsgvo",
+    "eprivacy"
+  ]
+}

breakpilot-compliance-sdk/legal-corpus/eu/ai-act/metadata.json

@@ -0,0 +1,110 @@
+{
+  "id": "ai-act",
+  "name": "Verordnung ueber kuenstliche Intelligenz",
+  "nameEn": "Artificial Intelligence Act",
+  "abbreviation": "KI-VO",
+  "abbreviationEn": "AI Act",
+  "type": "regulation",
+  "jurisdiction": "EU",
+  "effectiveDate": "2024-08-01",
+  "officialReference": "Verordnung (EU) 2024/1689",
+  "articles": 113,
+  "recitals": 180,
+  "chapters": 13,
+  "estimatedChunks": 85,
+  "language": "de",
+  "topics": [
+    "artificial-intelligence",
+    "machine-learning",
+    "high-risk-ai",
+    "prohibited-ai",
+    "transparency",
+    "conformity-assessment",
+    "ai-governance"
+  ],
+  "riskCategories": [
+    {
+      "level": "unacceptable",
+      "title": "Verbotene KI-Praktiken",
+      "articles": [5],
+      "examples": [
+        "Social Scoring",
+        "Biometrische Fernidentifizierung",
+        "Emotionserkennung am Arbeitsplatz"
+      ]
+    },
+    {
+      "level": "high",
+      "title": "Hochrisiko-KI-Systeme",
+      "articles": [6, 7, 8, 9, 10, 11, 12, 13, 14, 15],
+      "examples": [
+        "Biometrische Identifizierung",
+        "Kritische Infrastruktur",
+        "Bildung und Berufsausbildung",
+        "Beschaeftigung",
+        "Zugang zu oeffentlichen Diensten"
+      ]
+    },
+    {
+      "level": "limited",
+      "title": "Begrenzte Transparenzpflichten",
+      "articles": [50],
+      "examples": [
+        "Chatbots",
+        "Deepfakes",
+        "Emotionserkennung"
+      ]
+    },
+    {
+      "level": "minimal",
+      "title": "Minimales Risiko",
+      "articles": [],
+      "examples": [
+        "Spam-Filter",
+        "Videospiel-KI"
+      ]
+    }
+  ],
+  "keyArticles": [
+    {
+      "article": 5,
+      "title": "Verbotene Praktiken im KI-Bereich",
+      "importance": "critical"
+    },
+    {
+      "article": 6,
+      "title": "Klassifizierungsregeln fuer Hochrisiko-KI",
+      "importance": "critical"
+    },
+    {
+      "article": 9,
+      "title": "Risikomanagementsystem",
+      "importance": "high"
+    },
+    {
+      "article": 10,
+      "title": "Daten und Daten-Governance",
+      "importance": "high"
+    },
+    {
+      "article": 13,
+      "title": "Transparenz und Bereitstellung von Informationen",
+      "importance": "high"
+    },
+    {
+      "article": 14,
+      "title": "Menschliche Aufsicht",
+      "importance": "high"
+    },
+    {
+      "article": 50,
+      "title": "Transparenzpflichten fuer bestimmte KI-Systeme",
+      "importance": "high"
+    }
+  ],
+  "relatedRegulations": [
+    "dsgvo",
+    "nis2",
+    "cra"
+  ]
+}

breakpilot-compliance-sdk/legal-corpus/eu/dsgvo/metadata.json

@@ -0,0 +1,95 @@
+{
+  "id": "dsgvo",
+  "name": "Datenschutz-Grundverordnung",
+  "nameEn": "General Data Protection Regulation",
+  "abbreviation": "DSGVO",
+  "abbreviationEn": "GDPR",
+  "type": "regulation",
+  "jurisdiction": "EU",
+  "effectiveDate": "2018-05-25",
+  "officialReference": "Verordnung (EU) 2016/679",
+  "articles": 99,
+  "recitals": 173,
+  "chapters": 11,
+  "estimatedChunks": 99,
+  "language": "de",
+  "topics": [
+    "data-protection",
+    "privacy",
+    "consent",
+    "data-subject-rights",
+    "data-processing",
+    "data-transfers",
+    "data-breach",
+    "dpo",
+    "impact-assessment"
+  ],
+  "keyArticles": [
+    {
+      "article": 5,
+      "title": "Grundsaetze fuer die Verarbeitung personenbezogener Daten",
+      "importance": "critical"
+    },
+    {
+      "article": 6,
+      "title": "Rechtmaessigkeit der Verarbeitung",
+      "importance": "critical"
+    },
+    {
+      "article": 7,
+      "title": "Bedingungen fuer die Einwilligung",
+      "importance": "high"
+    },
+    {
+      "article": 9,
+      "title": "Verarbeitung besonderer Kategorien",
+      "importance": "high"
+    },
+    {
+      "article": 13,
+      "title": "Informationspflicht bei Erhebung",
+      "importance": "high"
+    },
+    {
+      "article": 15,
+      "title": "Auskunftsrecht",
+      "importance": "critical"
+    },
+    {
+      "article": 17,
+      "title": "Recht auf Loeschung",
+      "importance": "critical"
+    },
+    {
+      "article": 25,
+      "title": "Datenschutz durch Technikgestaltung",
+      "importance": "high"
+    },
+    {
+      "article": 30,
+      "title": "Verzeichnis von Verarbeitungstaetigkeiten",
+      "importance": "high"
+    },
+    {
+      "article": 32,
+      "title": "Sicherheit der Verarbeitung",
+      "importance": "high"
+    },
+    {
+      "article": 33,
+      "title": "Meldung von Verletzungen",
+      "importance": "critical"
+    },
+    {
+      "article": 35,
+      "title": "Datenschutz-Folgenabschaetzung",
+      "importance": "high"
+    }
+  ],
+  "relatedRegulations": [
+    "bdsg",
+    "ttdsg",
+    "tdddg",
+    "eprivacy"
+  ]
+}

breakpilot-compliance-sdk/legal-corpus/eu/nis2/metadata.json

@@ -0,0 +1,102 @@
+{
+  "id": "nis2",
+  "name": "Richtlinie ueber Massnahmen fuer ein hohes gemeinsames Cybersicherheitsniveau",
+  "nameEn": "Network and Information Security Directive 2",
+  "abbreviation": "NIS2",
+  "abbreviationEn": "NIS2",
+  "type": "directive",
+  "jurisdiction": "EU",
+  "effectiveDate": "2024-10-18",
+  "officialReference": "Richtlinie (EU) 2022/2555",
+  "articles": 46,
+  "recitals": 144,
+  "chapters": 9,
+  "estimatedChunks": 46,
+  "language": "de",
+  "topics": [
+    "cybersecurity",
+    "critical-infrastructure",
+    "incident-reporting",
+    "risk-management",
+    "supply-chain-security"
+  ],
+  "entityCategories": [
+    {
+      "type": "essential",
+      "title": "Wesentliche Einrichtungen",
+      "sectors": [
+        "Energie",
+        "Verkehr",
+        "Bankwesen",
+        "Finanzmarktinfrastrukturen",
+        "Gesundheitswesen",
+        "Trinkwasser",
+        "Abwasser",
+        "Digitale Infrastruktur",
+        "IKT-Dienste",
+        "Oeffentliche Verwaltung",
+        "Weltraum"
+      ]
+    },
+    {
+      "type": "important",
+      "title": "Wichtige Einrichtungen",
+      "sectors": [
+        "Post- und Kurierdienste",
+        "Abfallbewirtschaftung",
+        "Chemische Industrie",
+        "Lebensmittel",
+        "Verarbeitendes Gewerbe",
+        "Digitale Anbieter",
+        "Forschung"
+      ]
+    }
+  ],
+  "keyArticles": [
+    {
+      "article": 21,
+      "title": "Risikomanagementmassnahmen",
+      "importance": "critical"
+    },
+    {
+      "article": 23,
+      "title": "Berichtspflichten",
+      "importance": "critical"
+    },
+    {
+      "article": 24,
+      "title": "Verwendung von Zertifizierungsschemata",
+      "importance": "high"
+    },
+    {
+      "article": 25,
+      "title": "Normung",
+      "importance": "high"
+    },
+    {
+      "article": 32,
+      "title": "Aufsichtsmassnahmen - Wesentliche Einrichtungen",
+      "importance": "high"
+    },
+    {
+      "article": 33,
+      "title": "Aufsichtsmassnahmen - Wichtige Einrichtungen",
+      "importance": "high"
+    },
+    {
+      "article": 34,
+      "title": "Sanktionen",
+      "importance": "high"
+    }
+  ],
+  "reportingTimelines": {
+    "initialNotification": "24 hours",
+    "incidentNotification": "72 hours",
+    "finalReport": "1 month"
+  },
+  "relatedRegulations": [
+    "cra",
+    "eucsa",
+    "dsgvo"
+  ]
+}