fix(admin-v2): Restore complete admin-v2 application

The admin-v2 application was incomplete in the repository. This commit restores all missing components: - Admin pages (76 pages): dashboard, ai, compliance, dsgvo, education, infrastructure, communication, development, onboarding, rbac - SDK pages (45 pages): tom, dsfa, vvt, loeschfristen, einwilligungen, vendor-compliance, tom-generator, dsr, and more - Developer portal (25 pages): API docs, SDK guides, frameworks - All components, lib files, hooks, and types - Updated package.json with all dependencies The issue was caused by incomplete initial repository state - the full admin-v2 codebase existed in backend/admin-v2 and docs-src/admin-v2 but was never fully synced to the main admin-v2 directory. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-08 23:40:15 -08:00
parent f28244753f
commit 660295e218
385 changed files with 138126 additions and 3079 deletions
--- a/admin-v2/app/(admin)/developers/api/export/page.tsx
+++ b/admin-v2/app/(admin)/developers/api/export/page.tsx
@@ -0,0 +1,271 @@
+import { DevPortalLayout, ApiEndpoint, CodeBlock, ParameterTable, InfoBox } from '@/components/developers/DevPortalLayout'
+
+export default function ExportApiPage() {
+  return (
+    <DevPortalLayout
+      title="Export API"
+      description="Exportieren Sie Compliance-Daten in verschiedenen Formaten"
+    >
+      <h2>Uebersicht</h2>
+      <p>
+        Die Export API ermoeglicht den Download aller Compliance-Daten in
+        verschiedenen Formaten fuer Audits, Dokumentation und Archivierung.
+      </p>
+
+      <h2>Unterstuetzte Formate</h2>
+      <div className="my-4 overflow-x-auto not-prose">
+        <table className="min-w-full divide-y divide-gray-200">
+          <thead className="bg-gray-50">
+            <tr>
+              <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Format</th>
+              <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Beschreibung</th>
+              <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Use Case</th>
+            </tr>
+          </thead>
+          <tbody className="bg-white divide-y divide-gray-200 text-sm">
+            <tr>
+              <td className="px-4 py-3 font-mono">json</td>
+              <td className="px-4 py-3 text-gray-600">Kompletter State als JSON</td>
+              <td className="px-4 py-3 text-gray-600">Backup, Migration, API-Integration</td>
+            </tr>
+            <tr>
+              <td className="px-4 py-3 font-mono">pdf</td>
+              <td className="px-4 py-3 text-gray-600">Formatierter PDF-Report</td>
+              <td className="px-4 py-3 text-gray-600">Audits, Management-Reports</td>
+            </tr>
+            <tr>
+              <td className="px-4 py-3 font-mono">zip</td>
+              <td className="px-4 py-3 text-gray-600">Alle Dokumente als ZIP-Archiv</td>
+              <td className="px-4 py-3 text-gray-600">Vollstaendige Dokumentation</td>
+            </tr>
+          </tbody>
+        </table>
+      </div>
+
+      <h2>GET /export</h2>
+      <p>Exportiert den aktuellen State im gewuenschten Format.</p>
+
+      <h3>Query-Parameter</h3>
+      <ParameterTable
+        parameters={[
+          {
+            name: 'format',
+            type: 'string',
+            required: true,
+            description: 'Export-Format: json, pdf, zip',
+          },
+          {
+            name: 'tenantId',
+            type: 'string',
+            required: true,
+            description: 'Tenant-ID',
+          },
+          {
+            name: 'sections',
+            type: 'string',
+            required: false,
+            description: 'Kommaseparierte Liste: useCases,risks,controls,dsfa,toms,vvt (default: alle)',
+          },
+          {
+            name: 'phase',
+            type: 'number',
+            required: false,
+            description: 'Nur bestimmte Phase exportieren: 1 oder 2',
+          },
+          {
+            name: 'language',
+            type: 'string',
+            required: false,
+            description: 'Sprache fuer PDF: de, en (default: de)',
+          },
+        ]}
+      />
+
+      <h2>JSON Export</h2>
+
+      <h3>Request</h3>
+      <CodeBlock language="bash" filename="cURL">
+{`curl -X GET "https://api.breakpilot.io/sdk/v1/export?format=json&tenantId=your-tenant-id" \\
+  -H "Authorization: Bearer YOUR_API_KEY" \\
+  -o compliance-export.json`}
+      </CodeBlock>
+
+      <h3>Response</h3>
+      <CodeBlock language="json" filename="compliance-export.json">
+{`{
+  "exportedAt": "2026-02-04T12:00:00Z",
+  "version": "1.0.0",
+  "tenantId": "your-tenant-id",
+  "state": {
+    "currentPhase": 2,
+    "currentStep": "dsfa",
+    "completedSteps": [...],
+    "useCases": [...],
+    "risks": [...],
+    "controls": [...],
+    "dsfa": {...},
+    "toms": [...],
+    "vvt": [...]
+  },
+  "meta": {
+    "completionPercentage": 75,
+    "lastModified": "2026-02-04T11:55:00Z"
+  }
+}`}
+      </CodeBlock>
+
+      <h2>PDF Export</h2>
+
+      <h3>Request</h3>
+      <CodeBlock language="bash" filename="cURL">
+{`curl -X GET "https://api.breakpilot.io/sdk/v1/export?format=pdf&tenantId=your-tenant-id&sections=dsfa,toms" \\
+  -H "Authorization: Bearer YOUR_API_KEY" \\
+  -o compliance-report.pdf`}
+      </CodeBlock>
+
+      <h3>PDF Inhalt</h3>
+      <p>Das generierte PDF enthaelt:</p>
+      <ul>
+        <li>Deckblatt mit Tenant-Info und Exportdatum</li>
+        <li>Inhaltsverzeichnis</li>
+        <li>Executive Summary mit Fortschritt</li>
+        <li>Use Case Uebersicht</li>
+        <li>Risikoanalyse mit Matrix-Visualisierung</li>
+        <li>DSFA (falls generiert)</li>
+        <li>TOM-Katalog</li>
+        <li>VVT-Auszug</li>
+        <li>Checkpoint-Status</li>
+      </ul>
+
+      <InfoBox type="info" title="PDF Styling">
+        Das PDF folgt einem professionellen Audit-Layout mit Corporate Design.
+        Enterprise-Kunden koennen ein Custom-Logo und Farbschema konfigurieren.
+      </InfoBox>
+
+      <h2>ZIP Export</h2>
+
+      <h3>Request</h3>
+      <CodeBlock language="bash" filename="cURL">
+{`curl -X GET "https://api.breakpilot.io/sdk/v1/export?format=zip&tenantId=your-tenant-id" \\
+  -H "Authorization: Bearer YOUR_API_KEY" \\
+  -o compliance-export.zip`}
+      </CodeBlock>
+
+      <h3>ZIP Struktur</h3>
+      <CodeBlock language="text" filename="compliance-export.zip">
+{`compliance-export/
+├── README.md
+├── state.json                    # Kompletter State
+├── summary.pdf                   # Executive Summary
+├── use-cases/
+│   ├── uc-1-ki-analyse.json
+│   └── uc-2-chatbot.json
+├── risks/
+│   ├── risk-matrix.pdf
+│   └── risks.json
+├── documents/
+│   ├── dsfa.pdf
+│   ├── dsfa.json
+│   ├── toms.pdf
+│   ├── toms.json
+│   ├── vvt.pdf
+│   └── vvt.json
+├── checkpoints/
+│   └── checkpoint-status.json
+└── audit-trail/
+    └── changes.json`}
+      </CodeBlock>
+
+      <h2>SDK Integration</h2>
+      <CodeBlock language="typescript" filename="export-examples.ts">
+{`import { useSDK, exportToPDF, exportToZIP, downloadExport } from '@breakpilot/compliance-sdk'
+
+// Option 1: Ueber den Hook
+function ExportButton() {
+  const { exportState } = useSDK()
+
+  const handlePDFExport = async () => {
+    const blob = await exportState('pdf')
+    downloadExport(blob, 'compliance-report.pdf')
+  }
+
+  const handleZIPExport = async () => {
+    const blob = await exportState('zip')
+    downloadExport(blob, 'compliance-export.zip')
+  }
+
+  const handleJSONExport = async () => {
+    const blob = await exportState('json')
+    downloadExport(blob, 'compliance-state.json')
+  }
+
+  return (
+    <div className="flex gap-2">
+      <button onClick={handlePDFExport}>PDF Export</button>
+      <button onClick={handleZIPExport}>ZIP Export</button>
+      <button onClick={handleJSONExport}>JSON Export</button>
+    </div>
+  )
+}
+
+// Option 2: Direkte Funktionen
+async function exportManually(state: SDKState) {
+  // PDF generieren
+  const pdfBlob = await exportToPDF(state)
+  downloadExport(pdfBlob, \`compliance-\${Date.now()}.pdf\`)
+
+  // ZIP generieren
+  const zipBlob = await exportToZIP(state)
+  downloadExport(zipBlob, \`compliance-\${Date.now()}.zip\`)
+}`}
+      </CodeBlock>
+
+      <h2>Command Bar Integration</h2>
+      <p>
+        Exporte sind auch ueber die Command Bar verfuegbar:
+      </p>
+      <CodeBlock language="text" filename="Command Bar">
+{`Cmd+K → "pdf" → "Als PDF exportieren"
+Cmd+K → "zip" → "Als ZIP exportieren"
+Cmd+K → "json" → "Als JSON exportieren"`}
+      </CodeBlock>
+
+      <h2>Automatisierte Exports</h2>
+      <p>
+        Fuer regelmaessige Backups oder CI/CD-Integration:
+      </p>
+      <CodeBlock language="bash" filename="Cron Job">
+{`# Taeglicher Backup-Export um 02:00 Uhr
+0 2 * * * curl -X GET "https://api.breakpilot.io/sdk/v1/export?format=zip&tenantId=my-tenant" \\
+  -H "Authorization: Bearer $API_KEY" \\
+  -o "/backups/compliance-$(date +%Y%m%d).zip"`}
+      </CodeBlock>
+
+      <InfoBox type="warning" title="Dateigröße">
+        ZIP-Exporte koennen bei umfangreichen States mehrere MB gross werden.
+        Die API hat ein Timeout von 60 Sekunden. Bei sehr grossen States
+        verwenden Sie den asynchronen Export-Endpoint (Enterprise).
+      </InfoBox>
+
+      <h2>Fehlerbehandlung</h2>
+      <CodeBlock language="typescript" filename="error-handling.ts">
+{`import { exportState } from '@breakpilot/compliance-sdk'
+
+try {
+  const blob = await exportState('pdf')
+  downloadExport(blob, 'report.pdf')
+} catch (error) {
+  if (error.code === 'EMPTY_STATE') {
+    console.error('Keine Daten zum Exportieren vorhanden')
+  } else if (error.code === 'GENERATION_FAILED') {
+    console.error('PDF-Generierung fehlgeschlagen:', error.message)
+  } else if (error.code === 'TIMEOUT') {
+    console.error('Export-Timeout - versuchen Sie ZIP fuer grosse States')
+  } else {
+    console.error('Unbekannter Fehler:', error)
+  }
+}`}
+      </CodeBlock>
+    </DevPortalLayout>
+  )
+}
--- a/admin-v2/app/(admin)/developers/api/generate/page.tsx
+++ b/admin-v2/app/(admin)/developers/api/generate/page.tsx
@@ -0,0 +1,381 @@
+import { DevPortalLayout, ApiEndpoint, CodeBlock, ParameterTable, InfoBox } from '@/components/developers/DevPortalLayout'
+
+export default function GenerateApiPage() {
+  return (
+    <DevPortalLayout
+      title="Generation API"
+      description="Automatische Generierung von Compliance-Dokumenten"
+    >
+      <h2>Uebersicht</h2>
+      <p>
+        Die Generation API nutzt LLM-Technologie (Claude) zur automatischen Erstellung
+        von Compliance-Dokumenten basierend auf Ihrem SDK-State:
+      </p>
+      <ul>
+        <li><strong>DSFA</strong> - Datenschutz-Folgenabschaetzung</li>
+        <li><strong>TOM</strong> - Technische und Organisatorische Massnahmen</li>
+        <li><strong>VVT</strong> - Verarbeitungsverzeichnis nach Art. 30 DSGVO</li>
+      </ul>
+
+      <InfoBox type="info" title="LLM-Model">
+        Die Generierung verwendet Claude 3.5 Sonnet fuer optimale Qualitaet
+        bei deutschen Rechtstexten. RAG-Context wird automatisch einbezogen.
+      </InfoBox>
+
+      <h2>POST /generate/dsfa</h2>
+      <p>Generiert eine Datenschutz-Folgenabschaetzung basierend auf dem aktuellen State.</p>
+
+      <h3>Request Body</h3>
+      <ParameterTable
+        parameters={[
+          {
+            name: 'tenantId',
+            type: 'string',
+            required: true,
+            description: 'Tenant-ID fuer State-Zugriff',
+          },
+          {
+            name: 'useCaseId',
+            type: 'string',
+            required: false,
+            description: 'Optional: Nur fuer bestimmten Use Case generieren',
+          },
+          {
+            name: 'includeRisks',
+            type: 'boolean',
+            required: false,
+            description: 'Risiken aus Risk Matrix einbeziehen (default: true)',
+          },
+          {
+            name: 'includeControls',
+            type: 'boolean',
+            required: false,
+            description: 'Bestehende Controls referenzieren (default: true)',
+          },
+          {
+            name: 'language',
+            type: 'string',
+            required: false,
+            description: 'Sprache: de, en (default: de)',
+          },
+        ]}
+      />
+
+      <h3>Request</h3>
+      <CodeBlock language="bash" filename="cURL">
+{`curl -X POST "https://api.breakpilot.io/sdk/v1/generate/dsfa" \\
+  -H "Authorization: Bearer YOUR_API_KEY" \\
+  -H "Content-Type: application/json" \\
+  -d '{
+    "tenantId": "your-tenant-id",
+    "useCaseId": "uc-ki-kundenanalyse",
+    "includeRisks": true,
+    "includeControls": true,
+    "language": "de"
+  }'`}
+      </CodeBlock>
+
+      <h3>Response (200 OK)</h3>
+      <CodeBlock language="json" filename="Response">
+{`{
+  "success": true,
+  "data": {
+    "dsfa": {
+      "id": "dsfa-2026-02-04-abc123",
+      "version": "1.0",
+      "status": "DRAFT",
+      "createdAt": "2026-02-04T12:00:00Z",
+      "useCase": {
+        "id": "uc-ki-kundenanalyse",
+        "name": "KI-gestuetzte Kundenanalyse",
+        "description": "Analyse von Kundenverhalten mittels ML..."
+      },
+      "sections": {
+        "systematicDescription": {
+          "title": "1. Systematische Beschreibung",
+          "content": "Die geplante Verarbeitungstaetigkeit umfasst..."
+        },
+        "necessityAssessment": {
+          "title": "2. Bewertung der Notwendigkeit",
+          "content": "Die Verarbeitung ist notwendig fuer..."
+        },
+        "riskAssessment": {
+          "title": "3. Risikobewertung",
+          "risks": [
+            {
+              "id": "risk-1",
+              "title": "Unbefugter Datenzugriff",
+              "severity": "HIGH",
+              "likelihood": 3,
+              "impact": 4,
+              "description": "...",
+              "mitigations": ["Verschluesselung", "Zugriffskontrolle"]
+            }
+          ]
+        },
+        "mitigationMeasures": {
+          "title": "4. Abhilfemassnahmen",
+          "controls": [...]
+        },
+        "stakeholderConsultation": {
+          "title": "5. Einbeziehung Betroffener",
+          "content": "..."
+        },
+        "dpoOpinion": {
+          "title": "6. Stellungnahme des DSB",
+          "content": "Ausstehend - Freigabe erforderlich"
+        }
+      },
+      "conclusion": {
+        "overallRisk": "MEDIUM",
+        "recommendation": "PROCEED_WITH_CONDITIONS",
+        "conditions": [
+          "Implementierung der TOM-Empfehlungen",
+          "Regelmaessige Ueberpruefung"
+        ]
+      }
+    },
+    "generationMeta": {
+      "model": "claude-3.5-sonnet",
+      "ragContextUsed": true,
+      "tokensUsed": 4250,
+      "durationMs": 8500
+    }
+  }
+}`}
+      </CodeBlock>
+
+      <h2>POST /generate/tom</h2>
+      <p>Generiert technische und organisatorische Massnahmen.</p>
+
+      <h3>Request Body</h3>
+      <ParameterTable
+        parameters={[
+          {
+            name: 'tenantId',
+            type: 'string',
+            required: true,
+            description: 'Tenant-ID',
+          },
+          {
+            name: 'categories',
+            type: 'string[]',
+            required: false,
+            description: 'TOM-Kategorien: access_control, encryption, pseudonymization, etc.',
+          },
+          {
+            name: 'basedOnRisks',
+            type: 'boolean',
+            required: false,
+            description: 'TOMs basierend auf Risk Matrix generieren (default: true)',
+          },
+        ]}
+      />
+
+      <h3>Request</h3>
+      <CodeBlock language="bash" filename="cURL">
+{`curl -X POST "https://api.breakpilot.io/sdk/v1/generate/tom" \\
+  -H "Authorization: Bearer YOUR_API_KEY" \\
+  -H "Content-Type: application/json" \\
+  -d '{
+    "tenantId": "your-tenant-id",
+    "categories": ["access_control", "encryption", "backup"],
+    "basedOnRisks": true
+  }'`}
+      </CodeBlock>
+
+      <h3>Response (200 OK)</h3>
+      <CodeBlock language="json" filename="Response">
+{`{
+  "success": true,
+  "data": {
+    "toms": [
+      {
+        "id": "tom-1",
+        "category": "access_control",
+        "categoryLabel": "Zugangskontrolle",
+        "title": "Multi-Faktor-Authentifizierung",
+        "description": "Implementierung von MFA fuer alle Systemzugaenge",
+        "technicalMeasures": [
+          "TOTP-basierte 2FA",
+          "Hardware Security Keys (FIDO2)"
+        ],
+        "organizationalMeasures": [
+          "Schulung der Mitarbeiter",
+          "Dokumentation der Zugaenge"
+        ],
+        "article32Reference": "Art. 32 Abs. 1 lit. b DSGVO",
+        "priority": "HIGH",
+        "implementationStatus": "PLANNED"
+      },
+      {
+        "id": "tom-2",
+        "category": "encryption",
+        "categoryLabel": "Verschluesselung",
+        "title": "Transportverschluesselung",
+        "description": "TLS 1.3 fuer alle Datenuebert\\\\ragungen",
+        "technicalMeasures": [
+          "TLS 1.3 mit PFS",
+          "HSTS Header"
+        ],
+        "organizationalMeasures": [
+          "Zertifikatsmanagement",
+          "Regelmaessige Audits"
+        ],
+        "article32Reference": "Art. 32 Abs. 1 lit. a DSGVO",
+        "priority": "CRITICAL",
+        "implementationStatus": "IMPLEMENTED"
+      }
+    ],
+    "summary": {
+      "totalMeasures": 20,
+      "byCategory": {
+        "access_control": 5,
+        "encryption": 4,
+        "backup": 3,
+        "monitoring": 4,
+        "incident_response": 4
+      },
+      "implementationProgress": {
+        "implemented": 12,
+        "in_progress": 5,
+        "planned": 3
+      }
+    }
+  }
+}`}
+      </CodeBlock>
+
+      <h2>POST /generate/vvt</h2>
+      <p>Generiert ein Verarbeitungsverzeichnis nach Art. 30 DSGVO.</p>
+
+      <h3>Request Body</h3>
+      <ParameterTable
+        parameters={[
+          {
+            name: 'tenantId',
+            type: 'string',
+            required: true,
+            description: 'Tenant-ID',
+          },
+          {
+            name: 'organizationInfo',
+            type: 'object',
+            required: false,
+            description: 'Organisationsdaten (Name, Anschrift, DSB-Kontakt)',
+          },
+          {
+            name: 'includeRetentionPolicies',
+            type: 'boolean',
+            required: false,
+            description: 'Loeschfristen einbeziehen (default: true)',
+          },
+        ]}
+      />
+
+      <h3>Request</h3>
+      <CodeBlock language="bash" filename="cURL">
+{`curl -X POST "https://api.breakpilot.io/sdk/v1/generate/vvt" \\
+  -H "Authorization: Bearer YOUR_API_KEY" \\
+  -H "Content-Type: application/json" \\
+  -d '{
+    "tenantId": "your-tenant-id",
+    "organizationInfo": {
+      "name": "Beispiel GmbH",
+      "address": "Musterstrasse 1, 10115 Berlin",
+      "dpoContact": "datenschutz@beispiel.de"
+    },
+    "includeRetentionPolicies": true
+  }'`}
+      </CodeBlock>
+
+      <h3>Response (200 OK)</h3>
+      <CodeBlock language="json" filename="Response">
+{`{
+  "success": true,
+  "data": {
+    "vvt": {
+      "id": "vvt-2026-02-04",
+      "version": "1.0",
+      "organization": {
+        "name": "Beispiel GmbH",
+        "address": "Musterstrasse 1, 10115 Berlin",
+        "dpoContact": "datenschutz@beispiel.de"
+      },
+      "processingActivities": [
+        {
+          "id": "pa-1",
+          "name": "Kundendatenverarbeitung",
+          "purpose": "Vertragserfuellung und Kundenservice",
+          "legalBasis": "Art. 6 Abs. 1 lit. b DSGVO",
+          "dataCategories": ["Kontaktdaten", "Vertragsdaten", "Zahlungsdaten"],
+          "dataSubjects": ["Kunden", "Interessenten"],
+          "recipients": ["Zahlungsdienstleister", "Versanddienstleister"],
+          "thirdCountryTransfers": {
+            "exists": false,
+            "countries": [],
+            "safeguards": null
+          },
+          "retentionPeriod": "10 Jahre nach Vertragsende (HGB)",
+          "technicalMeasures": ["Verschluesselung", "Zugriffskontrolle"]
+        }
+      ],
+      "lastUpdated": "2026-02-04T12:00:00Z"
+    }
+  }
+}`}
+      </CodeBlock>
+
+      <h2>SDK Integration</h2>
+      <CodeBlock language="typescript" filename="document-generation.ts">
+{`import { getSDKBackendClient } from '@breakpilot/compliance-sdk'
+
+const client = getSDKBackendClient()
+
+// DSFA generieren
+async function generateDSFA(useCaseId: string) {
+  const dsfa = await client.generateDSFA({
+    useCaseId,
+    includeRisks: true,
+    includeControls: true,
+  })
+
+  console.log('DSFA generiert:', dsfa.id)
+  console.log('Gesamtrisiko:', dsfa.conclusion.overallRisk)
+  return dsfa
+}
+
+// TOMs generieren
+async function generateTOMs() {
+  const toms = await client.generateTOM({
+    categories: ['access_control', 'encryption'],
+    basedOnRisks: true,
+  })
+
+  console.log(\`\${toms.length} TOMs generiert\`)
+  return toms
+}
+
+// VVT generieren
+async function generateVVT() {
+  const vvt = await client.generateVVT({
+    organizationInfo: {
+      name: 'Beispiel GmbH',
+      address: 'Musterstrasse 1',
+      dpoContact: 'dpo@beispiel.de',
+    },
+  })
+
+  console.log(\`VVT mit \${vvt.processingActivities.length} Verarbeitungen\`)
+  return vvt
+}`}
+      </CodeBlock>
+
+      <InfoBox type="warning" title="Kosten">
+        Die Dokumentengenerierung verbraucht LLM-Tokens. Durchschnittliche Kosten:
+        DSFA ~5.000 Tokens, TOMs ~3.000 Tokens, VVT ~4.000 Tokens.
+        Enterprise-Kunden haben unbegrenzte Generierungen.
+      </InfoBox>
+    </DevPortalLayout>
+  )
+}
--- a/admin-v2/app/(admin)/developers/api/page.tsx
+++ b/admin-v2/app/(admin)/developers/api/page.tsx
@@ -0,0 +1,239 @@
+import Link from 'next/link'
+import { DevPortalLayout, ApiEndpoint, InfoBox } from '@/components/developers/DevPortalLayout'
+
+export default function ApiReferencePage() {
+  return (
+    <DevPortalLayout
+      title="API Reference"
+      description="Vollständige REST API Dokumentation"
+    >
+      <h2>Base URL</h2>
+      <p>
+        Alle API-Endpunkte sind unter folgender Basis-URL erreichbar:
+      </p>
+      <div className="bg-gray-100 p-4 rounded-lg font-mono text-sm my-4">
+        https://api.breakpilot.io/sdk/v1
+      </div>
+      <p>
+        Für Self-Hosted-Installationen verwenden Sie Ihre eigene Domain.
+      </p>
+
+      <h2>Authentifizierung</h2>
+      <p>
+        Alle API-Anfragen erfordern einen gültigen API Key im Header:
+      </p>
+      <div className="bg-gray-100 p-4 rounded-lg font-mono text-sm my-4">
+        Authorization: Bearer YOUR_API_KEY
+      </div>
+
+      <InfoBox type="info" title="Tenant-ID">
+        Die Tenant-ID wird aus dem API Key abgeleitet oder kann explizit
+        als Query-Parameter oder im Request-Body mitgegeben werden.
+      </InfoBox>
+
+      <h2>API Endpoints</h2>
+
+      <h3>State Management</h3>
+      <p>
+        Verwalten Sie den SDK-State für Ihren Tenant.
+      </p>
+
+      <ApiEndpoint
+        method="GET"
+        path="/state/{tenantId}"
+        description="Lädt den aktuellen SDK-State für einen Tenant"
+      />
+      <ApiEndpoint
+        method="POST"
+        path="/state"
+        description="Speichert den SDK-State (mit Versionierung)"
+      />
+      <ApiEndpoint
+        method="DELETE"
+        path="/state/{tenantId}"
+        description="Löscht den State für einen Tenant"
+      />
+
+      <p>
+        <Link href="/developers/api/state" className="text-blue-600 hover:underline">
+          → Vollständige State API Dokumentation
+        </Link>
+      </p>
+
+      <h3>RAG Search</h3>
+      <p>
+        Durchsuchen Sie den Compliance-Korpus (DSGVO, AI Act, NIS2).
+      </p>
+
+      <ApiEndpoint
+        method="GET"
+        path="/rag/search"
+        description="Semantische Suche im Legal Corpus"
+      />
+      <ApiEndpoint
+        method="GET"
+        path="/rag/status"
+        description="Status des RAG-Systems und Corpus-Informationen"
+      />
+
+      <p>
+        <Link href="/developers/api/rag" className="text-blue-600 hover:underline">
+          → Vollständige RAG API Dokumentation
+        </Link>
+      </p>
+
+      <h3>Document Generation</h3>
+      <p>
+        Generieren Sie Compliance-Dokumente automatisch.
+      </p>
+
+      <ApiEndpoint
+        method="POST"
+        path="/generate/dsfa"
+        description="Generiert eine Datenschutz-Folgenabschätzung"
+      />
+      <ApiEndpoint
+        method="POST"
+        path="/generate/tom"
+        description="Generiert technische und organisatorische Maßnahmen"
+      />
+      <ApiEndpoint
+        method="POST"
+        path="/generate/vvt"
+        description="Generiert ein Verarbeitungsverzeichnis"
+      />
+
+      <p>
+        <Link href="/developers/api/generate" className="text-blue-600 hover:underline">
+          → Vollständige Generation API Dokumentation
+        </Link>
+      </p>
+
+      <h3>Export</h3>
+      <p>
+        Exportieren Sie den Compliance-Stand in verschiedenen Formaten.
+      </p>
+
+      <ApiEndpoint
+        method="GET"
+        path="/export"
+        description="Exportiert den State (JSON, PDF, ZIP)"
+      />
+
+      <p>
+        <Link href="/developers/api/export" className="text-blue-600 hover:underline">
+          → Vollständige Export API Dokumentation
+        </Link>
+      </p>
+
+      <h2>Response Format</h2>
+      <p>
+        Alle Responses folgen einem einheitlichen Format:
+      </p>
+
+      <h3>Erfolgreiche Response</h3>
+      <div className="bg-gray-900 text-gray-100 p-4 rounded-lg font-mono text-sm my-4">
+{`{
+  "success": true,
+  "data": { ... },
+  "meta": {
+    "version": 1,
+    "timestamp": "2026-02-04T12:00:00Z"
+  }
+}`}
+      </div>
+
+      <h3>Fehler Response</h3>
+      <div className="bg-gray-900 text-gray-100 p-4 rounded-lg font-mono text-sm my-4">
+{`{
+  "success": false,
+  "error": {
+    "code": "VALIDATION_ERROR",
+    "message": "Tenant ID is required",
+    "details": { ... }
+  }
+}`}
+      </div>
+
+      <h2>Error Codes</h2>
+      <div className="my-4 overflow-x-auto not-prose">
+        <table className="min-w-full divide-y divide-gray-200">
+          <thead className="bg-gray-50">
+            <tr>
+              <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">HTTP Status</th>
+              <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Code</th>
+              <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Beschreibung</th>
+            </tr>
+          </thead>
+          <tbody className="bg-white divide-y divide-gray-200 text-sm">
+            <tr>
+              <td className="px-4 py-3">400</td>
+              <td className="px-4 py-3 font-mono text-red-600">VALIDATION_ERROR</td>
+              <td className="px-4 py-3 text-gray-600">Ungültige Request-Daten</td>
+            </tr>
+            <tr>
+              <td className="px-4 py-3">401</td>
+              <td className="px-4 py-3 font-mono text-red-600">UNAUTHORIZED</td>
+              <td className="px-4 py-3 text-gray-600">Fehlender oder ungültiger API Key</td>
+            </tr>
+            <tr>
+              <td className="px-4 py-3">403</td>
+              <td className="px-4 py-3 font-mono text-red-600">FORBIDDEN</td>
+              <td className="px-4 py-3 text-gray-600">Keine Berechtigung für diese Ressource</td>
+            </tr>
+            <tr>
+              <td className="px-4 py-3">404</td>
+              <td className="px-4 py-3 font-mono text-red-600">NOT_FOUND</td>
+              <td className="px-4 py-3 text-gray-600">Ressource nicht gefunden</td>
+            </tr>
+            <tr>
+              <td className="px-4 py-3">409</td>
+              <td className="px-4 py-3 font-mono text-red-600">CONFLICT</td>
+              <td className="px-4 py-3 text-gray-600">Versions-Konflikt (Optimistic Locking)</td>
+            </tr>
+            <tr>
+              <td className="px-4 py-3">429</td>
+              <td className="px-4 py-3 font-mono text-red-600">RATE_LIMITED</td>
+              <td className="px-4 py-3 text-gray-600">Zu viele Anfragen</td>
+            </tr>
+            <tr>
+              <td className="px-4 py-3">500</td>
+              <td className="px-4 py-3 font-mono text-red-600">INTERNAL_ERROR</td>
+              <td className="px-4 py-3 text-gray-600">Interner Server-Fehler</td>
+            </tr>
+          </tbody>
+        </table>
+      </div>
+
+      <h2>Rate Limits</h2>
+      <div className="my-4 overflow-x-auto not-prose">
+        <table className="min-w-full divide-y divide-gray-200">
+          <thead className="bg-gray-50">
+            <tr>
+              <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Plan</th>
+              <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Requests/Minute</th>
+              <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Requests/Tag</th>
+            </tr>
+          </thead>
+          <tbody className="bg-white divide-y divide-gray-200 text-sm">
+            <tr>
+              <td className="px-4 py-3">Starter</td>
+              <td className="px-4 py-3">60</td>
+              <td className="px-4 py-3">10.000</td>
+            </tr>
+            <tr>
+              <td className="px-4 py-3">Professional</td>
+              <td className="px-4 py-3">300</td>
+              <td className="px-4 py-3">100.000</td>
+            </tr>
+            <tr>
+              <td className="px-4 py-3">Enterprise</td>
+              <td className="px-4 py-3">Unbegrenzt</td>
+              <td className="px-4 py-3">Unbegrenzt</td>
+            </tr>
+          </tbody>
+        </table>
+      </div>
+    </DevPortalLayout>
+  )
+}
--- a/admin-v2/app/(admin)/developers/api/rag/page.tsx
+++ b/admin-v2/app/(admin)/developers/api/rag/page.tsx
@@ -0,0 +1,248 @@
+import { DevPortalLayout, ApiEndpoint, CodeBlock, ParameterTable, InfoBox } from '@/components/developers/DevPortalLayout'
+
+export default function RAGApiPage() {
+  return (
+    <DevPortalLayout
+      title="RAG API"
+      description="Semantische Suche im Legal Corpus (DSGVO, AI Act, NIS2)"
+    >
+      <h2>Uebersicht</h2>
+      <p>
+        Die RAG (Retrieval-Augmented Generation) API ermoeglicht semantische Suche
+        im Compliance-Korpus. Der Korpus enthaelt:
+      </p>
+      <ul>
+        <li>DSGVO (Datenschutz-Grundverordnung)</li>
+        <li>AI Act (EU KI-Verordnung)</li>
+        <li>NIS2 (Netzwerk- und Informationssicherheit)</li>
+        <li>ePrivacy-Verordnung</li>
+        <li>Bundesdatenschutzgesetz (BDSG)</li>
+      </ul>
+
+      <InfoBox type="info" title="Embedding-Modell">
+        Die Suche verwendet BGE-M3 Embeddings fuer praezise semantische Aehnlichkeit.
+        Die Vektoren werden in Qdrant gespeichert.
+      </InfoBox>
+
+      <h2>GET /rag/search</h2>
+      <p>Durchsucht den Legal Corpus semantisch.</p>
+
+      <h3>Query-Parameter</h3>
+      <ParameterTable
+        parameters={[
+          {
+            name: 'q',
+            type: 'string',
+            required: true,
+            description: 'Die Suchanfrage (z.B. "Einwilligung personenbezogene Daten")',
+          },
+          {
+            name: 'top_k',
+            type: 'number',
+            required: false,
+            description: 'Anzahl der Ergebnisse (default: 5, max: 20)',
+          },
+          {
+            name: 'corpus',
+            type: 'string',
+            required: false,
+            description: 'Einschraenkung auf bestimmten Corpus: dsgvo, ai_act, nis2, all (default: all)',
+          },
+          {
+            name: 'min_score',
+            type: 'number',
+            required: false,
+            description: 'Minimaler Relevanz-Score 0-1 (default: 0.5)',
+          },
+        ]}
+      />
+
+      <h3>Request</h3>
+      <CodeBlock language="bash" filename="cURL">
+{`curl -X GET "https://api.breakpilot.io/sdk/v1/rag/search?q=Einwilligung%20DSGVO&top_k=5" \\
+  -H "Authorization: Bearer YOUR_API_KEY"`}
+      </CodeBlock>
+
+      <h3>Response (200 OK)</h3>
+      <CodeBlock language="json" filename="Response">
+{`{
+  "success": true,
+  "data": {
+    "query": "Einwilligung DSGVO",
+    "results": [
+      {
+        "id": "dsgvo-art-7",
+        "title": "Art. 7 DSGVO - Bedingungen fuer die Einwilligung",
+        "content": "Beruht die Verarbeitung auf einer Einwilligung, muss der Verantwortliche nachweisen koennen, dass die betroffene Person in die Verarbeitung ihrer personenbezogenen Daten eingewilligt hat...",
+        "corpus": "dsgvo",
+        "article": "Art. 7",
+        "score": 0.92,
+        "metadata": {
+          "chapter": "II",
+          "section": "Einwilligung",
+          "url": "https://dsgvo-gesetz.de/art-7-dsgvo/"
+        }
+      },
+      {
+        "id": "dsgvo-art-6-1-a",
+        "title": "Art. 6 Abs. 1 lit. a DSGVO - Einwilligung als Rechtsgrundlage",
+        "content": "Die Verarbeitung ist nur rechtmaessig, wenn mindestens eine der nachstehenden Bedingungen erfuellt ist: a) Die betroffene Person hat ihre Einwilligung...",
+        "corpus": "dsgvo",
+        "article": "Art. 6",
+        "score": 0.88,
+        "metadata": {
+          "chapter": "II",
+          "section": "Rechtmaessigkeit",
+          "url": "https://dsgvo-gesetz.de/art-6-dsgvo/"
+        }
+      }
+    ],
+    "total_results": 2,
+    "search_time_ms": 45
+  },
+  "meta": {
+    "corpus_version": "2026-01",
+    "embedding_model": "bge-m3"
+  }
+}`}
+      </CodeBlock>
+
+      <h2>GET /rag/status</h2>
+      <p>Gibt Status-Informationen ueber das RAG-System zurueck.</p>
+
+      <h3>Request</h3>
+      <CodeBlock language="bash" filename="cURL">
+{`curl -X GET "https://api.breakpilot.io/sdk/v1/rag/status" \\
+  -H "Authorization: Bearer YOUR_API_KEY"`}
+      </CodeBlock>
+
+      <h3>Response (200 OK)</h3>
+      <CodeBlock language="json" filename="Response">
+{`{
+  "success": true,
+  "data": {
+    "status": "healthy",
+    "corpus": {
+      "dsgvo": {
+        "documents": 99,
+        "chunks": 1250,
+        "last_updated": "2026-01-15T00:00:00Z"
+      },
+      "ai_act": {
+        "documents": 89,
+        "chunks": 980,
+        "last_updated": "2026-01-20T00:00:00Z"
+      },
+      "nis2": {
+        "documents": 46,
+        "chunks": 520,
+        "last_updated": "2026-01-10T00:00:00Z"
+      }
+    },
+    "embedding_service": {
+      "status": "online",
+      "model": "bge-m3",
+      "dimension": 1024
+    },
+    "vector_db": {
+      "type": "qdrant",
+      "collections": 3,
+      "total_vectors": 2750
+    }
+  }
+}`}
+      </CodeBlock>
+
+      <h2>SDK Integration</h2>
+      <p>
+        Verwenden Sie den SDK-Client fuer einfache RAG-Suche:
+      </p>
+      <CodeBlock language="typescript" filename="rag-search.ts">
+{`import { getSDKBackendClient, isLegalQuery } from '@breakpilot/compliance-sdk'
+
+const client = getSDKBackendClient()
+
+// Pruefen ob die Query rechtliche Inhalte betrifft
+if (isLegalQuery('Was ist eine Einwilligung?')) {
+  // RAG-Suche durchfuehren
+  const results = await client.search('Einwilligung DSGVO', 5)
+
+  results.forEach(result => {
+    console.log(\`[\${result.corpus}] \${result.title}\`)
+    console.log(\`Score: \${result.score}\`)
+    console.log(\`URL: \${result.metadata.url}\`)
+    console.log('---')
+  })
+}`}
+      </CodeBlock>
+
+      <h2>Keyword-Erkennung</h2>
+      <p>
+        Die Funktion <code>isLegalQuery</code> erkennt automatisch rechtliche Anfragen:
+      </p>
+      <CodeBlock language="typescript" filename="keyword-detection.ts">
+{`import { isLegalQuery } from '@breakpilot/compliance-sdk'
+
+// Gibt true zurueck fuer:
+isLegalQuery('DSGVO Art. 5')        // true - Artikel-Referenz
+isLegalQuery('Einwilligung')        // true - DSGVO-Begriff
+isLegalQuery('AI Act Hochrisiko')   // true - AI Act Begriff
+isLegalQuery('NIS2 Richtlinie')     // true - NIS2 Referenz
+isLegalQuery('personenbezogene Daten') // true - Datenschutz-Begriff
+
+// Gibt false zurueck fuer:
+isLegalQuery('Wie ist das Wetter?') // false - Keine rechtliche Anfrage
+isLegalQuery('Programmiere mir X')  // false - Technische Anfrage`}
+      </CodeBlock>
+
+      <h2>Beispiel: Command Bar Integration</h2>
+      <CodeBlock language="typescript" filename="command-bar-rag.tsx">
+{`import { useState } from 'react'
+import { getSDKBackendClient, isLegalQuery } from '@breakpilot/compliance-sdk'
+
+function CommandBarSearch({ query }: { query: string }) {
+  const [results, setResults] = useState([])
+  const [loading, setLoading] = useState(false)
+
+  useEffect(() => {
+    if (query.length > 3 && isLegalQuery(query)) {
+      setLoading(true)
+      const client = getSDKBackendClient()
+
+      client.search(query, 3).then(data => {
+        setResults(data)
+        setLoading(false)
+      })
+    }
+  }, [query])
+
+  if (!isLegalQuery(query)) return null
+
+  return (
+    <div className="rag-results">
+      {loading ? (
+        <p>Suche im Legal Corpus...</p>
+      ) : (
+        results.map(result => (
+          <div key={result.id} className="result-card">
+            <h4>{result.title}</h4>
+            <p>{result.content.slice(0, 200)}...</p>
+            <a href={result.metadata.url} target="_blank">
+              Volltext lesen
+            </a>
+          </div>
+        ))
+      )}
+    </div>
+  )
+}`}
+      </CodeBlock>
+
+      <InfoBox type="warning" title="Rate Limits">
+        Die RAG-Suche ist auf 100 Anfragen/Minute (Professional) bzw.
+        unbegrenzt (Enterprise) limitiert. Implementieren Sie Client-Side
+        Debouncing fuer Echtzeit-Suche.
+      </InfoBox>
+    </DevPortalLayout>
+  )
+}
--- a/admin-v2/app/(admin)/developers/api/state/page.tsx
+++ b/admin-v2/app/(admin)/developers/api/state/page.tsx
@@ -0,0 +1,266 @@
+import { DevPortalLayout, ApiEndpoint, CodeBlock, ParameterTable, InfoBox } from '@/components/developers/DevPortalLayout'
+
+export default function StateApiPage() {
+  return (
+    <DevPortalLayout
+      title="State API"
+      description="Verwalten Sie den SDK-State für Ihren Tenant"
+    >
+      <h2>Übersicht</h2>
+      <p>
+        Die State API ermöglicht das Speichern und Abrufen des kompletten SDK-States.
+        Der State enthält alle Compliance-Daten: Use Cases, Risiken, Controls,
+        Checkpoints und mehr.
+      </p>
+
+      <InfoBox type="info" title="Versionierung">
+        Der State wird mit optimistischem Locking gespeichert. Bei jedem Speichern
+        wird die Version erhöht. Bei Konflikten erhalten Sie einen 409-Fehler.
+      </InfoBox>
+
+      <h2>GET /state/{'{tenantId}'}</h2>
+      <p>Lädt den aktuellen SDK-State für einen Tenant.</p>
+
+      <h3>Request</h3>
+      <CodeBlock language="bash" filename="cURL">
+{`curl -X GET "https://api.breakpilot.io/sdk/v1/state/your-tenant-id" \\
+  -H "Authorization: Bearer YOUR_API_KEY"`}
+      </CodeBlock>
+
+      <h3>Response (200 OK)</h3>
+      <CodeBlock language="json" filename="Response">
+{`{
+  "success": true,
+  "data": {
+    "version": "1.0.0",
+    "lastModified": "2026-02-04T12:00:00Z",
+    "tenantId": "your-tenant-id",
+    "userId": "user-123",
+    "subscription": "PROFESSIONAL",
+    "currentPhase": 1,
+    "currentStep": "use-case-workshop",
+    "completedSteps": ["use-case-workshop", "screening"],
+    "checkpoints": {
+      "CP-UC": {
+        "checkpointId": "CP-UC",
+        "passed": true,
+        "validatedAt": "2026-02-01T10:00:00Z",
+        "validatedBy": "user-123",
+        "errors": [],
+        "warnings": []
+      }
+    },
+    "useCases": [
+      {
+        "id": "uc-1",
+        "name": "KI-Kundenanalyse",
+        "description": "...",
+        "category": "Marketing",
+        "stepsCompleted": 5,
+        "assessmentResult": {
+          "riskLevel": "HIGH",
+          "dsfaRequired": true,
+          "aiActClassification": "LIMITED"
+        }
+      }
+    ],
+    "risks": [...],
+    "controls": [...],
+    "dsfa": {...},
+    "toms": [...],
+    "vvt": [...]
+  },
+  "meta": {
+    "version": 5,
+    "etag": "W/\\"abc123\\""
+  }
+}`}
+      </CodeBlock>
+
+      <h3>Response (404 Not Found)</h3>
+      <CodeBlock language="json" filename="Response">
+{`{
+  "success": false,
+  "error": {
+    "code": "NOT_FOUND",
+    "message": "No state found for tenant your-tenant-id"
+  }
+}`}
+      </CodeBlock>
+
+      <h2>POST /state</h2>
+      <p>Speichert den SDK-State. Unterstützt Versionierung und optimistisches Locking.</p>
+
+      <h3>Request Body</h3>
+      <ParameterTable
+        parameters={[
+          {
+            name: 'tenantId',
+            type: 'string',
+            required: true,
+            description: 'Eindeutige Tenant-ID',
+          },
+          {
+            name: 'userId',
+            type: 'string',
+            required: false,
+            description: 'User-ID für Audit-Trail',
+          },
+          {
+            name: 'state',
+            type: 'SDKState',
+            required: true,
+            description: 'Der komplette SDK-State',
+          },
+          {
+            name: 'expectedVersion',
+            type: 'number',
+            required: false,
+            description: 'Erwartete Version für optimistisches Locking',
+          },
+        ]}
+      />
+
+      <h3>Request</h3>
+      <CodeBlock language="bash" filename="cURL">
+{`curl -X POST "https://api.breakpilot.io/sdk/v1/state" \\
+  -H "Authorization: Bearer YOUR_API_KEY" \\
+  -H "Content-Type: application/json" \\
+  -H "If-Match: W/\\"abc123\\"" \\
+  -d '{
+    "tenantId": "your-tenant-id",
+    "userId": "user-123",
+    "state": {
+      "currentPhase": 1,
+      "currentStep": "risks",
+      "useCases": [...],
+      "risks": [...]
+    }
+  }'`}
+      </CodeBlock>
+
+      <h3>Response (200 OK)</h3>
+      <CodeBlock language="json" filename="Response">
+{`{
+  "success": true,
+  "data": {
+    "tenantId": "your-tenant-id",
+    "version": 6,
+    "updatedAt": "2026-02-04T12:05:00Z"
+  },
+  "meta": {
+    "etag": "W/\\"def456\\""
+  }
+}`}
+      </CodeBlock>
+
+      <h3>Response (409 Conflict)</h3>
+      <CodeBlock language="json" filename="Response">
+{`{
+  "success": false,
+  "error": {
+    "code": "CONFLICT",
+    "message": "Version conflict: expected 5, but current is 6",
+    "details": {
+      "expectedVersion": 5,
+      "currentVersion": 6
+    }
+  }
+}`}
+      </CodeBlock>
+
+      <InfoBox type="warning" title="Konfliktbehandlung">
+        Bei einem 409-Fehler sollten Sie den State erneut laden, Ihre Änderungen
+        mergen und erneut speichern.
+      </InfoBox>
+
+      <h2>DELETE /state/{'{tenantId}'}</h2>
+      <p>Löscht den kompletten State für einen Tenant.</p>
+
+      <h3>Request</h3>
+      <CodeBlock language="bash" filename="cURL">
+{`curl -X DELETE "https://api.breakpilot.io/sdk/v1/state/your-tenant-id" \\
+  -H "Authorization: Bearer YOUR_API_KEY"`}
+      </CodeBlock>
+
+      <h3>Response (200 OK)</h3>
+      <CodeBlock language="json" filename="Response">
+{`{
+  "success": true,
+  "data": {
+    "tenantId": "your-tenant-id",
+    "deleted": true
+  }
+}`}
+      </CodeBlock>
+
+      <h2>State-Struktur</h2>
+      <p>Der SDKState enthält alle Compliance-Daten:</p>
+
+      <CodeBlock language="typescript" filename="types.ts">
+{`interface SDKState {
+  // Metadata
+  version: string
+  lastModified: Date
+
+  // Tenant & User
+  tenantId: string
+  userId: string
+  subscription: 'FREE' | 'STARTER' | 'PROFESSIONAL' | 'ENTERPRISE'
+
+  // Progress
+  currentPhase: 1 | 2
+  currentStep: string
+  completedSteps: string[]
+  checkpoints: Record<string, CheckpointStatus>
+
+  // Phase 1 Data
+  useCases: UseCaseAssessment[]
+  activeUseCase: string | null
+  screening: ScreeningResult | null
+  modules: ServiceModule[]
+  requirements: Requirement[]
+  controls: Control[]
+  evidence: Evidence[]
+  checklist: ChecklistItem[]
+  risks: Risk[]
+
+  // Phase 2 Data
+  aiActClassification: AIActResult | null
+  obligations: Obligation[]
+  dsfa: DSFA | null
+  toms: TOM[]
+  retentionPolicies: RetentionPolicy[]
+  vvt: ProcessingActivity[]
+  documents: LegalDocument[]
+  cookieBanner: CookieBannerConfig | null
+  consents: ConsentRecord[]
+  dsrConfig: DSRConfig | null
+  escalationWorkflows: EscalationWorkflow[]
+
+  // UI State
+  preferences: UserPreferences
+}`}
+      </CodeBlock>
+
+      <h2>Beispiel: SDK Integration</h2>
+      <CodeBlock language="typescript" filename="sdk-client.ts">
+{`import { getSDKApiClient } from '@breakpilot/compliance-sdk'
+
+const client = getSDKApiClient('your-tenant-id')
+
+// State laden
+const state = await client.getState()
+console.log('Current step:', state.currentStep)
+console.log('Use cases:', state.useCases.length)
+
+// State speichern
+await client.saveState({
+  ...state,
+  currentStep: 'risks',
+  risks: [...state.risks, newRisk],
+})`}
+      </CodeBlock>
+    </DevPortalLayout>
+  )
+}