INSIGHT-MVP/docs/Stand.md

# INSIGHT MVP — Aktueller Implementierungsstand
*Stand: 2026-03-15*

---

## Alle Services live und gesund

| Service | Container | Status |
|---------|-----------|--------|
| Core Service | `insight-core` | ✅ healthy |
| CRM Service | `insight-crm` | ✅ healthy |
| Frontend | `insight-frontend` | ✅ healthy |
| PostgreSQL | `insight-postgres` | ✅ healthy |
| PgBouncer | `insight-pgbouncer` | ✅ healthy |
| Redis | `insight-redis` | ✅ healthy |
| Traefik | `insight-traefik` | ✅ healthy |
| step-ca | `insight-step-ca` | ✅ healthy |

---

## Implementierte Features (vollständig deployed)

### Auth & Benutzer
- ✅ Login (lokal + SSO via Microsoft Entra ID)
- ✅ JWT (RS256, Access in Memory, Refresh HttpOnly Cookie)
- ✅ 2FA (TOTP)
- ✅ Silent Refresh
- ✅ Passwort ändern
- ✅ Profilbild-Upload

### Microsoft 365 Integration
- ✅ OAuth2-Flow (`/auth/integrations/microsoft-365`)
- ✅ Token-Storage verschlüsselt (AES-256-GCM) in `user_integrations`
- ✅ Token-Refresh automatisch
- ✅ Scopes: Mail.Read, Calendars.Read, Tasks.ReadWrite, offline_access
- ✅ O365-Profilfelder: jobTitle, department, companyName, officeLocation
- ✅ Profilbild-Sync aus O365 (96x96, nur wenn kein INSIGHT-Avatar)
- ✅ Auto-Sync beim Login (`useO365ProfileSync` Hook)

### Dashboard
- ✅ Home-Tab: Analoguhr, 3-Tage-Wetter-Prognose, Spruch des Tages, kompakte Widgets
- ✅ E-Mail-Tab (O365 Inbox mit Lesefenster)
- ✅ Kalender-Tab (O365 Events)
- ✅ Aufgaben-Tab (O365 + CRM bidirektional)
- ✅ Kontakte-Tab (O365 + CRM verknüpft)

### CRM (Phase 1–2.5)
- ✅ Companies, Contacts, Deals, Activities (vollständiges CRUD)
- ✅ Pipelines & Stages
- ✅ Custom Fields
- ✅ Kanban-Board (`/crm/kanban`) mit Drag & Drop (@dnd-kit)
- ✅ Forecast-Ansicht
- ✅ Lexware Office Integration (Kontakte, Belege)
- ✅ North Data Enrichment
- ✅ **CRM Berechtigungsmodell (Phase 2.5)**:
  - Sichtbarkeitsfilter OWN/TEAM/ALL pro Entity (COMPANY, CONTACT, DEAL, ACTIVITY)
  - JWT enthält `tenantRole` + `department`
  - ReadonlyGuard für READONLY-Rolle
  - Admin-Einstellungsseite `/admin/crm-settings`
  - Redis-Cache für Visibility-Settings (5 Min TTL)

### Expertenprofil
- ✅ Skills, Erfahrungen, Projekte, Zertifizierungen, Sprachen, Anhänge
- ✅ 3-Spalten-Layout
- ✅ PDF-Export (Timeline, Logo, Akzentfarbe aus Branding)
- ✅ Word-Export (DOCX)

### Profilzugriff (Admin)
- ✅ `ProfileAccessGroup` + `ProfileAccessGroupMember` Modelle
- ✅ Benutzergruppen mit canView/canExport/canEdit Berechtigungen
- ✅ Admin-UI `/admin/profile-access`:
  - Tab "Gruppen": CRUD + Mitglieder verwalten
  - Tab "Profile": alle User mit Aktionen (Ansehen, PDF, DOCX, Bearbeiten)
- ✅ Admin-Detailseite `/admin/profiles/:userId` (Profil im Admin-Kontext bearbeiten)
- ✅ Admin-Endpoints für alle Profil-Mutationen (`/expert-profile/admin/users/...`)

### Admin-Bereich
- ✅ Benutzerverwaltung (`/admin/users`)
- ✅ SSO-Konfiguration (`/admin/sso`)
- ✅ Externe Links (`/admin/external-links`)
- ✅ **Anpassungen (`/admin/customize`)**:
  - Sidebar-Breite, Logo, Farben
  - Login-Hintergrund (Farbverlauf / Einfarbig / Hintergrundbild)
  - **Button-/Primärfarbe** (6 Presets, freier Color-Picker, Live-Vorschau)
- ✅ Firmendaten (`/admin/company`)
- ✅ Events (`/admin/events`)
- ✅ SSL/Domain (`/admin/ssl`)
- ✅ Profilzugriff (`/admin/profile-access`)
- ✅ CRM Sichtbarkeit (`/admin/crm-settings`)

### Login-Screen-Branding
- ✅ Dynamischer Hintergrund aus Branding-Einstellungen
- ✅ Logo auf Login-Seite (statt "INSIGHT"-Text)
- ✅ Typen: Farbverlauf, Einfarbig, Hintergrundbild (max 2MB)
- ✅ Button-/Primärfarbe: `--color-primary` CSS-Variable global dynamisch aus Branding

---

## Technische Infrastruktur

| Komponente | Version/Details |
|------------|-----------------|
| Backend | NestJS 10, TypeScript strict |
| Frontend | React 18, Vite |
| Datenbank | PostgreSQL 16, Prisma ORM |
| Cache | Redis 7 (Pub/Sub + Cache) |
| Connection Pool | PgBouncer |
| API Gateway | Traefik 3 |
| Auth | RS256 JWT, bcrypt Cost 12 |
| mTLS | step-ca (Smallstep) |
| Container | Docker Compose |

### Prisma-Schemas
- `core.schema.prisma` — User, Auth, Profile, Tenant, Integrations, ProfileAccess
- `crm.schema.prisma` — CRM-Entities, Pipelines, CustomFields, Contracts, Visibility

### Branching
- Aktiver Branch: `feature/crm-service`
- ~205 Commits seit Initial

---

## API-Endpunkte (Core Service)

```
POST   /api/v1/auth/login
POST   /api/v1/auth/refresh
POST   /api/v1/auth/logout
GET    /api/v1/auth/integrations/microsoft-365          ← OAuth-Flow
GET    /api/v1/auth/integrations/microsoft-365/callback

GET    /api/v1/users/me
PATCH  /api/v1/users/me
GET    /api/v1/users/team-members
GET    /api/v1/users/me/integrations
DELETE /api/v1/users/me/integrations/microsoft-365

GET    /api/v1/expert-profile/me
PATCH  /api/v1/expert-profile/me/skills
POST   /api/v1/expert-profile/me/experiences
...    (Projekte, Zertifizierungen, Sprachen, Anhänge)
GET    /api/v1/expert-profile/me/export/pdf
GET    /api/v1/expert-profile/me/export/docx
GET    /api/v1/expert-profile/admin/users
GET    /api/v1/expert-profile/admin/users/:userId
GET    /api/v1/expert-profile/admin/users/:userId/export/pdf
...    (alle Profil-Mutationen für Admin)

GET    /api/v1/profile-access/groups
POST   /api/v1/profile-access/groups
PATCH  /api/v1/profile-access/groups/:id
DELETE /api/v1/profile-access/groups/:id
GET/POST/DELETE /api/v1/profile-access/groups/:id/members/:userId

GET    /api/v1/settings/branding
POST   /api/v1/settings/branding
GET    /api/v1/settings/company
POST   /api/v1/settings/company
```

## API-Endpunkte (CRM Service)

```
Companies, Contacts, Deals, Activities, Pipelines, ... (vollständiges CRUD)
GET    /api/v1/crm/visibility-settings
PUT    /api/v1/crm/visibility-settings/:entity
GET    /api/v1/crm/office365/emails
GET    /api/v1/crm/office365/calendar
GET    /api/v1/crm/office365/tasks
POST   /api/v1/crm/office365/tasks
GET    /api/v1/crm/office365/profile
```