feat(sources): externer Reputations-Layer (IFCN + EUvsDisinfo)

Externe Datenquellen (kostenlos, Open Data) ergaenzen die LLM-geschaetzte
Reliability-Achse mit objektiven Signalen:

- IFCN-Signatories (raw.githubusercontent.com/IFCN/verified-signatories):
  Plain-Text-Liste anerkannter Faktencheck-Organisationen.
- EUvsDisinfo (Zenodo CSV): Pro-Kreml-Desinformations-Datenbank.

Schema-Erweiterung:
- ifcn_signatory, eu_disinfo_listed, eu_disinfo_case_count,
  eu_disinfo_last_seen, external_data_synced_at.

Service src/services/external_reputation.py:
- sync_ifcn_signatories(), sync_eu_disinfo(), apply_reputation_overrides(),
  sync_all() mit Domain-Normalisierung (lowercase, ohne www., ohne Schema).

Reliability-Override-Regeln (laufen nach Approve und manuellem Sync):
- ifcn_signatory=1 -> reliability=sehr_hoch
- eu_disinfo_case_count >= 5 -> reliability=sehr_niedrig
- eu_disinfo_case_count >= 1 -> Reliability eine Stufe runter (max niedrig)

API: POST /api/sources/external-reputation/sync (Admin, BackgroundTask).
Filter: ?ifcn_signatory=true, ?eu_disinfo_listed=true.

UI:
- Filter-Dropdown "Externe Reputation" im Quellen-Modal.
- Badges: gruenes "IFCN" und rotes "EU-Desinfo (n)".
- Tooltip macht Reliability-Quelle transparent: "(IFCN-Faktenchecker)",
  "(EU-Desinfo, n Faelle)" oder "(LLM-Schaetzung)".
- "Externe Daten syncen"-Button im Review-Toolbar (Admin-only).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/routers/sources.py

@@ -6,6 +6,7 @@ from fastapi import APIRouter, BackgroundTasks, Depends, HTTPException, status
 from models import SourceCreate, SourceUpdate, SourceResponse, DiscoverRequest, DiscoverResponse, DiscoverMultiResponse, DomainActionRequest
 from auth import get_current_user
 from database import db_dependency, get_db, refresh_source_counts
+from services.external_reputation import apply_reputation_overrides, sync_all as sync_external_reputation
 from services.source_classifier import bulk_classify, classify_source
 from source_rules import discover_source, discover_all_feeds, evaluate_feeds_with_claude, _extract_domain, _detect_category, domain_to_display_name, _DOMAIN_ALIASES
 import aiosqlite
@@ -90,6 +91,8 @@ async def list_sources(
     reliability: str = None,
     state_affiliated: bool = None,
     alignment: str = None,
+    ifcn_signatory: bool = None,
+    eu_disinfo_listed: bool = None,
     current_user: dict = Depends(get_current_user),
     db: aiosqlite.Connection = Depends(db_dependency),
 ):
@@ -124,6 +127,12 @@ async def list_sources(
     if alignment:
         query += " AND EXISTS (SELECT 1 FROM source_alignments sa WHERE sa.source_id = s.id AND sa.alignment = ?)"
         params.append(alignment.lower())
+    if ifcn_signatory is not None:
+        query += " AND s.ifcn_signatory = ?"
+        params.append(1 if ifcn_signatory else 0)
+    if eu_disinfo_listed is not None:
+        query += " AND s.eu_disinfo_listed = ?"
+        params.append(1 if eu_disinfo_listed else 0)
 
     query += " ORDER BY s.source_type, s.category, s.name"
     cursor = await db.execute(query, params)
@@ -133,6 +142,8 @@ async def list_sources(
     for d in results:
         d["is_global"] = d.get("tenant_id") is None
         d["state_affiliated"] = bool(d.get("state_affiliated"))
+        d["ifcn_signatory"] = bool(d.get("ifcn_signatory"))
+        d["eu_disinfo_listed"] = bool(d.get("eu_disinfo_listed"))
         d["alignments"] = alignments_map.get(d["id"], [])
     return results
 
@@ -864,6 +875,11 @@ async def approve_classification(
     await _replace_alignments(db, source_id, [a for a in proposed_aligns if a in ALLOWED_ALIGNMENTS])
     await _clear_proposed(db, source_id)
     await db.commit()
+    # Reliability-Override anwenden (IFCN/EUvsDisinfo)
+    try:
+        await apply_reputation_overrides(db, source_id)
+    except Exception as e:
+        logger.warning("Reputation-Override fuer source_id=%s fehlgeschlagen: %s", source_id, e)
     return {"source_id": source_id, "status": "approved"}
 
 
@@ -939,6 +955,26 @@ async def trigger_bulk_classify(
     return {"status": "started", "limit": limit, "only_unclassified": only_unclassified}
 
 
+@router.post("/external-reputation/sync")
+async def trigger_external_reputation_sync(
+    background_tasks: BackgroundTasks,
+    current_user: dict = Depends(get_current_user),
+):
+    """Startet Sync von IFCN- und EUvsDisinfo-Daten (Admin, Hintergrund)."""
+    if current_user.get("role") != "org_admin":
+        raise HTTPException(status_code=403, detail="Nur Admins koennen den externen Sync starten")
+
+    async def _bg():
+        db = await get_db()
+        try:
+            await sync_external_reputation(db)
+        finally:
+            await db.close()
+
+    background_tasks.add_task(_bg)
+    return {"status": "started"}
+
+
 @router.post("/classification/bulk-approve")
 async def bulk_approve_classifications(
     min_confidence: float = 0.85,
@@ -995,4 +1031,10 @@ async def bulk_approve_classifications(
         await _clear_proposed(db, src["id"])
         approved_ids.append(src["id"])
     await db.commit()
+    # Reliability-Override fuer alle gerade Approved
+    try:
+        for sid in approved_ids:
+            await apply_reputation_overrides(db, sid)
+    except Exception as e:
+        logger.warning("Bulk Reputation-Override fehlgeschlagen: %s", e)
     return {"approved_count": len(approved_ids), "min_confidence": min_confidence}