feat(admin-v2): Major SDK/Compliance overhaul and new modules

SDK modules added/enhanced:
- compliance-hub, compliance-scope, consent-management, notfallplan
- audit-report, workflow, source-policy, dsms
- advisory-board documentation section
- TOM dashboard components, TOM generator SDM mapping
- DSFA: mitigation library, risk catalog, threshold analysis, source attribution
- VVT: baseline catalog, profiling engine, types
- Loeschfristen: baseline catalog, compliance engine, export, profiling, types
- Compliance scope: engine, profiling, golden tests, types

Existing SDK pages updated:
- dsfa/[id], tom, vvt, loeschfristen, advisory-board — expanded functionality
- SDKSidebar, StepHeader — new navigation items and layout
- SDK layout, context, types — expanded type system

Other admin-v2 changes:
- AI agents page, RAG pipeline DSFA integration
- GridOverlay component updates
- Companion feature (development + education)
- Compliance advisor SOUL definition

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

admin-v2/lib/sdk/tom-generator/sdm-mapping.ts

@@ -0,0 +1,192 @@
+// =============================================================================
+// SDM (Standard-Datenschutzmodell) Mapping
+// Maps ControlCategories to SDM Gewaehrleistungsziele and Spec Modules
+// =============================================================================
+
+import { ControlCategory } from './types'
+
+// =============================================================================
+// TYPES
+// =============================================================================
+
+export type SDMGewaehrleistungsziel =
+  | 'Verfuegbarkeit'
+  | 'Integritaet'
+  | 'Vertraulichkeit'
+  | 'Nichtverkettung'
+  | 'Intervenierbarkeit'
+  | 'Transparenz'
+  | 'Datenminimierung'
+
+export type TOMModuleCategory =
+  | 'IDENTITY_AUTH'
+  | 'LOGGING'
+  | 'DOCUMENTATION'
+  | 'SEPARATION'
+  | 'RETENTION'
+  | 'DELETION'
+  | 'TRAINING'
+  | 'REVIEW'
+
+export const SDM_GOAL_LABELS: Record<SDMGewaehrleistungsziel, string> = {
+  Verfuegbarkeit: 'Verfuegbarkeit',
+  Integritaet: 'Integritaet',
+  Vertraulichkeit: 'Vertraulichkeit',
+  Nichtverkettung: 'Nichtverkettung',
+  Intervenierbarkeit: 'Intervenierbarkeit',
+  Transparenz: 'Transparenz',
+  Datenminimierung: 'Datenminimierung',
+}
+
+export const SDM_GOAL_DESCRIPTIONS: Record<SDMGewaehrleistungsziel, string> = {
+  Verfuegbarkeit: 'Personenbezogene Daten muessen zeitgerecht zur Verfuegung stehen und ordnungsgemaess verarbeitet werden koennen.',
+  Integritaet: 'Personenbezogene Daten muessen unversehrt, vollstaendig und aktuell bleiben.',
+  Vertraulichkeit: 'Nur Befugte duerfen personenbezogene Daten zur Kenntnis nehmen.',
+  Nichtverkettung: 'Daten duerfen nicht ohne Weiteres fuer andere Zwecke zusammengefuehrt werden.',
+  Intervenierbarkeit: 'Betroffene muessen ihre Rechte wahrnehmen koennen (Auskunft, Berichtigung, Loeschung).',
+  Transparenz: 'Verarbeitungsvorgaenge muessen nachvollziehbar dokumentiert sein.',
+  Datenminimierung: 'Nur die fuer den Zweck erforderlichen Daten duerfen verarbeitet werden.',
+}
+
+export const MODULE_LABELS: Record<TOMModuleCategory, string> = {
+  IDENTITY_AUTH: 'Identitaet & Authentifizierung',
+  LOGGING: 'Protokollierung',
+  DOCUMENTATION: 'Dokumentation',
+  SEPARATION: 'Trennung',
+  RETENTION: 'Aufbewahrung',
+  DELETION: 'Loeschung & Vernichtung',
+  TRAINING: 'Schulung & Vertraulichkeit',
+  REVIEW: 'Ueberpruefung & Bewertung',
+}
+
+// =============================================================================
+// MAPPINGS
+// =============================================================================
+
+/**
+ * Maps ControlCategory to its primary SDM Gewaehrleistungsziele
+ */
+export const SDM_CATEGORY_MAPPING: Record<ControlCategory, SDMGewaehrleistungsziel[]> = {
+  ACCESS_CONTROL: ['Vertraulichkeit'],
+  ADMISSION_CONTROL: ['Vertraulichkeit', 'Integritaet'],
+  ACCESS_AUTHORIZATION: ['Vertraulichkeit', 'Nichtverkettung'],
+  TRANSFER_CONTROL: ['Vertraulichkeit', 'Integritaet'],
+  INPUT_CONTROL: ['Integritaet', 'Transparenz'],
+  ORDER_CONTROL: ['Transparenz', 'Intervenierbarkeit'],
+  AVAILABILITY: ['Verfuegbarkeit'],
+  SEPARATION: ['Nichtverkettung', 'Datenminimierung'],
+  ENCRYPTION: ['Vertraulichkeit', 'Integritaet'],
+  PSEUDONYMIZATION: ['Datenminimierung', 'Nichtverkettung'],
+  RESILIENCE: ['Verfuegbarkeit'],
+  RECOVERY: ['Verfuegbarkeit', 'Integritaet'],
+  REVIEW: ['Transparenz', 'Intervenierbarkeit'],
+}
+
+/**
+ * Maps ControlCategory to Spec Module Categories
+ */
+export const MODULE_CATEGORY_MAPPING: Record<ControlCategory, TOMModuleCategory[]> = {
+  ACCESS_CONTROL: ['IDENTITY_AUTH'],
+  ADMISSION_CONTROL: ['IDENTITY_AUTH'],
+  ACCESS_AUTHORIZATION: ['IDENTITY_AUTH', 'DOCUMENTATION'],
+  TRANSFER_CONTROL: ['DOCUMENTATION'],
+  INPUT_CONTROL: ['LOGGING'],
+  ORDER_CONTROL: ['DOCUMENTATION'],
+  AVAILABILITY: ['REVIEW'],
+  SEPARATION: ['SEPARATION'],
+  ENCRYPTION: ['IDENTITY_AUTH'],
+  PSEUDONYMIZATION: ['SEPARATION', 'DELETION'],
+  RESILIENCE: ['REVIEW'],
+  RECOVERY: ['REVIEW'],
+  REVIEW: ['REVIEW', 'TRAINING'],
+}
+
+// =============================================================================
+// HELPER FUNCTIONS
+// =============================================================================
+
+import type { DerivedTOM, ControlLibraryEntry } from './types'
+import { getControlById } from './controls/loader'
+
+/**
+ * Get SDM goals for a given control (by looking up its category)
+ */
+export function getSDMGoalsForControl(controlId: string): SDMGewaehrleistungsziel[] {
+  const control = getControlById(controlId)
+  if (!control) return []
+  return SDM_CATEGORY_MAPPING[control.category] || []
+}
+
+/**
+ * Get derived TOMs that map to a specific SDM goal
+ */
+export function getTOMsBySDMGoal(
+  toms: DerivedTOM[],
+  goal: SDMGewaehrleistungsziel
+): DerivedTOM[] {
+  return toms.filter(tom => {
+    const goals = getSDMGoalsForControl(tom.controlId)
+    return goals.includes(goal)
+  })
+}
+
+/**
+ * Get derived TOMs belonging to a specific module
+ */
+export function getTOMsByModule(
+  toms: DerivedTOM[],
+  module: TOMModuleCategory
+): DerivedTOM[] {
+  return toms.filter(tom => {
+    const control = getControlById(tom.controlId)
+    if (!control) return false
+    const modules = MODULE_CATEGORY_MAPPING[control.category] || []
+    return modules.includes(module)
+  })
+}
+
+/**
+ * Get SDM goal coverage statistics
+ */
+export function getSDMCoverageStats(toms: DerivedTOM[]): Record<SDMGewaehrleistungsziel, {
+  total: number
+  implemented: number
+  partial: number
+  missing: number
+}> {
+  const goals = Object.keys(SDM_GOAL_LABELS) as SDMGewaehrleistungsziel[]
+  const stats = {} as Record<SDMGewaehrleistungsziel, { total: number; implemented: number; partial: number; missing: number }>
+
+  for (const goal of goals) {
+    const goalTOMs = getTOMsBySDMGoal(toms, goal)
+    stats[goal] = {
+      total: goalTOMs.length,
+      implemented: goalTOMs.filter(t => t.implementationStatus === 'IMPLEMENTED').length,
+      partial: goalTOMs.filter(t => t.implementationStatus === 'PARTIAL').length,
+      missing: goalTOMs.filter(t => t.implementationStatus === 'NOT_IMPLEMENTED').length,
+    }
+  }
+
+  return stats
+}
+
+/**
+ * Get module coverage statistics
+ */
+export function getModuleCoverageStats(toms: DerivedTOM[]): Record<TOMModuleCategory, {
+  total: number
+  implemented: number
+}> {
+  const modules = Object.keys(MODULE_LABELS) as TOMModuleCategory[]
+  const stats = {} as Record<TOMModuleCategory, { total: number; implemented: number }>
+
+  for (const mod of modules) {
+    const modTOMs = getTOMsByModule(toms, mod)
+    stats[mod] = {
+      total: modTOMs.length,
+      implemented: modTOMs.filter(t => t.implementationStatus === 'IMPLEMENTED').length,
+    }
+  }
+
+  return stats
+}