feat: email notifications + deadline reminder system

Database: - notification_preferences table (user_id, tenant_id, reminder days, email/digest toggles) - notifications table (type, entity link, read/sent tracking, dedup index) Backend: - NotificationService with background goroutine checking reminders hourly - CheckDeadlineReminders: finds deadlines due in N days per user prefs, creates notifications - Overdue deadline detection and notification - Daily digest at 8am: compiles pending notifications into one email - SendEmail via `m mail send` CLI command - Deduplication: same notification type + entity + day = skip - API: GET/PATCH notifications, unread count, mark read/all-read - API: GET/PUT notification-preferences with upsert Frontend: - NotificationBell in header with unread count badge (polls every 30s) - Dropdown panel with notification list, type-colored dots, time-ago, entity links - Mark individual/all as read - NotificationSettings in Einstellungen page: reminder day toggles, email toggle, digest toggle
docs: full system roadmap — from MVP to complete Kanzleimanagement
2026-03-30 11:03:17 +02:00 · 2026-03-28 02:35:20 +01:00 · 2026-03-28 02:26:39 +01:00 · 2026-03-28 02:23:50 +01:00 · 2026-03-28 02:22:07 +01:00
12 changed files with 1630 additions and 4 deletions
--- a/AUDIT.md
+++ b/AUDIT.md
@@ -0,0 +1,482 @@
+# KanzlAI-mGMT MVP Audit
+
+**Date:** 2026-03-28
+**Auditor:** athena (consultant)
+**Scope:** Full-stack audit of KanzlAI-mGMT — Go backend, Next.js frontend, Supabase database, deployment, security, UX, competitive positioning.
+**Codebase:** ~16,500 lines across ~60 source files, built 2026-03-25 in a single session with parallel workers.
+
+---
+
+## Executive Summary
+
+KanzlAI-mGMT is an impressive MVP built in ~2 hours. It covers the core Kanzleimanagement primitives: cases, deadlines, appointments, parties, documents, notes, dashboard, CalDAV sync, and AI-powered deadline extraction. The architecture is sound — clean separation between Go API and Next.js frontend, proper multi-tenant design with Supabase Auth, parameterized SQL throughout.
+
+However, the speed of construction shows. There are **critical security gaps** that must be fixed before any external user touches this. The frontend has good bones but lacks the polish and completeness a lawyer would expect. And the feature gap vs. established competitors (RA-MICRO, ADVOWARE, AnNoText, Actaport) is enormous — particularly around beA integration, billing/RVG, and document generation, which are table-stakes for German law firms.
+
+**Bottom line:** Fix the security issues, add error recovery and multi-tenant auth verification, then decide whether to pursue the Kanzleimanagement market (massive feature gap) or pivot back to the UPC niche (where you had a genuine competitive advantage).
+
+---
+
+## 1. Critical Issues (Fix Immediately)
+
+### 1.1 Tenant Isolation Bypass in TenantResolver
+**File:** `backend/internal/auth/tenant_resolver.go:37-42`
+
+When the `X-Tenant-ID` header is provided, the TenantResolver parses it and sets it in context **without verifying the user has access to that tenant**. Any authenticated user can access any tenant's data by setting this header.
+
+```go
+if header := r.Header.Get("X-Tenant-ID"); header != "" {
+    parsed, err := uuid.Parse(header)
+    // ... sets tenantID = parsed — NO ACCESS CHECK
+}
+```
+
+Compare with `helpers.go:32-44` where `resolveTenant()` correctly verifies access via `user_tenants` — but this function is unused in the middleware path. The TenantResolver middleware is what actually runs for all scoped routes.
+
+**Impact:** Complete tenant data isolation breach. User A can read/modify/delete User B's cases, deadlines, appointments, documents.
+
+**Fix:** Add `user_tenants` lookup in TenantResolver when X-Tenant-ID is provided, same as `resolveTenant()` does.
+
+### 1.2 Duplicate Tenant Resolution Logic
+**Files:** `backend/internal/auth/tenant_resolver.go` and `backend/internal/handlers/helpers.go:25-57`
+
+Two independent implementations of tenant resolution exist. The middleware (`TenantResolver`) is used for the scoped routes. The handler-level `resolveTenant()` function exists in helpers.go. The auth middleware in `middleware.go:39-47` also resolves a tenant into context. This triple-resolution creates confusion and the security bug above.
+
+**Fix:** Consolidate to a single path. Remove the handler-level `resolveTenant()` and the auth middleware's tenant resolution. Let TenantResolver be the single source of truth, but make it verify access.
+
+### 1.3 CalDAV Credentials Stored in Plaintext
+**File:** `backend/internal/services/caldav_service.go:29-35`
+
+CalDAV username and password are stored as plain JSON in the `tenants.settings` column:
+```go
+type CalDAVConfig struct {
+    URL      string `json:"url"`
+    Username string `json:"username"`
+    Password string `json:"password"`
+    ...
+}
+```
+
+Combined with the tenant isolation bypass above, any authenticated user can read any tenant's CalDAV credentials.
+
+**Fix:** Encrypt CalDAV credentials at rest (e.g., using `pgcrypto` or application-level encryption). At minimum, never return the password in API responses.
+
+### 1.4 No CORS Configuration
+**File:** `backend/internal/router/router.go`, `backend/cmd/server/main.go`
+
+There is zero CORS handling anywhere in the backend. The frontend uses Next.js rewrites to proxy `/api/` to the backend, which works in production. But:
+- If anyone accesses the backend directly (different origin), there's no CORS protection.
+- No `X-Frame-Options`, `X-Content-Type-Options`, or other security headers are set.
+
+**Fix:** Add CORS middleware restricting to the frontend origin. Add standard security headers.
+
+### 1.5 Internal Error Messages Leaked to Clients
+**Files:** Multiple handlers (e.g., `cases.go:44`, `cases.go:73`, `appointments.go`)
+
+```go
+writeError(w, http.StatusInternalServerError, err.Error())
+```
+
+Internal error messages (including SQL errors, connection errors, etc.) are sent directly to the client. This leaks implementation details.
+
+**Fix:** Log the full error server-side, return a generic message to the client.
+
+### 1.6 Race Condition in HolidayService Cache
+**File:** `backend/internal/services/holidays.go`
+
+The `HolidayService` uses a `map[int][]Holiday` cache without any mutex protection. Concurrent requests (e.g., multiple deadline calculations) will cause a data race. The Go race detector would flag this.
+
+**Fix:** Add `sync.RWMutex` to HolidayService.
+
+### 1.7 Rate Limiter Trivially Bypassable
+**File:** `backend/internal/middleware/ratelimit.go:78-79`
+
+```go
+ip := r.Header.Get("X-Forwarded-For")
+if ip == "" { ip = r.RemoteAddr }
+```
+
+Rate limiting keys off `X-Forwarded-For`, which any client can spoof. An attacker can bypass AI endpoint rate limits by rotating this header.
+
+**Fix:** Only trust `X-Forwarded-For` from configured reverse proxy IPs, or use `r.RemoteAddr` exclusively behind a trusted proxy.
+
+---
+
+## 2. Important Gaps (Fix Before Showing to Anyone)
+
+### 2.1 No Input Validation Beyond "Required Fields"
+**Files:** All handlers
+
+Input validation is minimal — typically just checking if required fields are empty:
+```go
+if input.CaseNumber == "" || input.Title == "" {
+    writeError(w, http.StatusBadRequest, "case_number and title are required")
+}
+```
+
+Missing:
+- Length limits on text fields (could store megabytes in a title field)
+- Status value validation (accepts any string for status fields)
+- Date format validation
+- Case type validation against allowed values
+- SQL-safe string validation (although parameterized queries protect against injection)
+
+### 2.2 No Pagination Defaults on Most List Endpoints
+**File:** `backend/internal/services/case_service.go:57-63`
+
+`CaseService.List` has sane defaults (limit=20, max=100). But other list endpoints (`appointments`, `deadlines`, `notes`, `parties`, `case_events`) have no pagination at all — they return all records for a tenant/case. As data grows, these become performance problems.
+
+### 2.3 Dashboard Page is Entirely Client-Side
+**File:** `frontend/src/app/(app)/dashboard/page.tsx`
+
+The entire dashboard is a `"use client"` component that fetches data via API. This means:
+- No SSR benefit — the page is blank until JS loads and API responds
+- SEO doesn't matter for a SaaS app, but initial load time does
+- The skeleton is nice but adds 200-400ms of perceived latency
+
+For an internal tool this is acceptable, but for a commercial product it should use server components for the initial render.
+
+### 2.4 Frontend Auth Uses `getSession()` Instead of `getUser()`
+**File:** `frontend/src/lib/api.ts:10-12`
+
+```typescript
+const { data: { session } } = await supabase.auth.getSession();
+```
+
+`getSession()` reads from local storage without server verification. If a session is expired or revoked server-side, the frontend will still try to use it until the backend rejects it. The middleware correctly uses `getUser()` (which validates server-side), but the API client does not.
+
+### 2.5 Missing Error Recovery in Frontend
+Throughout the frontend, API errors are handled with basic error states, but there's no:
+- Retry logic for transient failures
+- Token refresh on 401 responses
+- Optimistic UI rollback on mutation failures
+- Offline detection
+
+### 2.6 Missing `Content-Disposition` Header Sanitization
+**File:** `backend/internal/handlers/documents.go:133`
+
+```go
+w.Header().Set("Content-Disposition", fmt.Sprintf(`attachment; filename="%s"`, title))
+```
+
+The `title` (which comes from user input) is inserted directly into the header. A filename containing `"` or newlines could be used for response header injection.
+
+**Fix:** Sanitize the filename — strip or encode special characters.
+
+### 2.7 No Graceful Shutdown
+**File:** `backend/cmd/server/main.go:42`
+
+```go
+http.ListenAndServe(":"+cfg.Port, handler)
+```
+
+No signal handling or graceful shutdown. When the process receives SIGTERM (e.g., during deployment), in-flight requests are dropped, CalDAV sync operations may be interrupted mid-write, and database connections are not cleanly closed.
+
+### 2.8 Database Connection Pool — search_path is Session-Level
+**File:** `backend/internal/db/connection.go:17`
+
+```go
+db.Exec("SET search_path TO kanzlai, public")
+```
+
+`SET search_path` is session-level in PostgreSQL. With connection pooling (`MaxOpenConns: 25`), this SET runs once on the initial connection. If a connection is recycled or a new one opened from the pool, it may not have the kanzlai search_path. This could cause queries to silently hit the wrong schema.
+
+**Fix:** Use `SET LOCAL search_path` in a transaction, or set it at the database/role level, or qualify all table references with the schema name.
+
+### 2.9 go.sum Missing from Dockerfile
+**File:** `backend/Dockerfile:4`
+
+```dockerfile
+COPY go.mod ./
+RUN go mod download
+```
+
+Only `go.mod` is copied, not `go.sum`. This means the build isn't reproducible and doesn't verify checksums. Should be `COPY go.mod go.sum ./`.
+
+### 2.10 German Umlaut Typos Throughout Frontend
+**Files:** Multiple frontend components
+
+German strings use ASCII approximations instead of proper characters:
+- `login/page.tsx`: "Zurueck" instead of "Zurück"
+- `cases/[id]/layout.tsx`: "Anhaengig" instead of "Anhängig"
+- `cases/[id]/fristen/page.tsx`: "Ueberfaellig" instead of "Überfällig"
+- `termine/page.tsx`: "Uberblick" instead of "Überblick"
+
+A German lawyer would notice this immediately. It signals "this was built by a machine, not tested by a human."
+
+### 2.11 Silent Error Swallowing in Event Creation
+**File:** `backend/internal/services/case_service.go:260-266`
+
+```go
+func createEvent(ctx context.Context, db *sqlx.DB, ...) {
+    db.ExecContext(ctx, /* ... */)  // Error completely ignored
+}
+```
+
+Case events (audit trail) silently fail to create. The calling functions don't check the return. This means you could have cases with no events and no way to know why.
+
+### 2.12 Missing Error Boundaries in Frontend
+No React error boundaries are implemented. If any component throws, the entire page crashes with a white screen. For a law firm tool where data integrity matters, this is unacceptable.
+
+### 2.13 No RLS Policies Defined at Database Level
+Multi-tenant isolation relies entirely on `WHERE tenant_id = $X` clauses in Go code. If any query forgets this clause, data leaks across tenants. There are no PostgreSQL RLS policies as a safety net.
+
+**Fix:** Enable RLS on all tenant-scoped tables and create policies tied to `auth.uid()` via `user_tenants`.
+
+---
+
+## 3. Architecture Assessment
+
+### 3.1 What's Good
+
+- **Clean monorepo structure** — `backend/` and `frontend/` are clearly separated. Each has its own Dockerfile. The Makefile provides unified commands.
+- **Go backend is well-organized** — `cmd/server/`, `internal/{auth,config,db,handlers,middleware,models,router,services}` follows Go best practices.
+- **Handler/Service separation** — handlers do HTTP concerns (parse request, write response), services do business logic. This is correct.
+- **Parameterized SQL everywhere** — no string concatenation in queries. All user input goes through `$N` placeholders.
+- **Multi-tenant design** — `tenant_id` on every row, context-based tenant resolution, RLS at the database level.
+- **Smart use of Go 1.22+ routing** — method+path patterns like `GET /api/cases/{id}` eliminate the need for a third-party router.
+- **CalDAV sync is genuinely impressive** — bidirectional sync with conflict resolution, etag tracking, background polling per-tenant. This is a differentiator.
+- **Deadline calculator** — ported from youpc.org with holiday awareness. Legally important and hard to build.
+- **Frontend routing structure** — German URL paths (`/fristen`, `/termine`, `/einstellungen`), nested case detail routes with layout.tsx for shared chrome. Proper use of App Router patterns.
+
+### 3.2 Structural Concerns
+
+- **No database migrations** — the schema was apparently created via SQL scripts run manually. There's a `seed/demo_data.sql` but no migration system. For a production system, this is unsustainable.
+- **No CI/CD pipeline** — no `.github/workflows/`, `.gitea/`, or any CI configuration. Tests run locally but not automatically.
+- **No API versioning** — all routes are at `/api/`. Adding breaking changes will break clients.
+- **Services take raw `*sqlx.DB`** — no transaction support across service boundaries. Creating a case + event is not atomic (if the event insert fails, the case still exists).
+- **Models are just struct definitions** — no validation methods, no constructor functions. Validation is scattered across handlers.
+
+### 3.3 Data Model
+
+Based on the seed data and model files, the schema is reasonable:
+- `tenants`, `user_tenants` (multi-tenancy)
+- `cases`, `parties` (case management)
+- `deadlines`, `appointments` (time management)
+- `documents`, `case_events`, `notes` (supporting data)
+- `proceeding_types`, `deadline_rules`, `holidays` (reference data)
+
+**Missing indexes likely needed:**
+- `deadlines(tenant_id, status, due_date)` — for dashboard queries
+- `appointments(tenant_id, start_at)` — for calendar queries
+- `case_events(case_id, created_at)` — for event feeds
+- `cases(tenant_id, status)` — for filtered lists
+
+**Missing constraints:**
+- No CHECK constraint on status values (cases, deadlines, appointments)
+- No UNIQUE constraint on `case_number` per tenant
+- No foreign key from `notes` to the parent entity (if polymorphic)
+
+---
+
+## 4. Security Assessment
+
+### 4.1 Authentication
+- **JWT validation is correct** — algorithm check (HMAC only), expiry check, sub claim extraction. Using `golang-jwt/v5`.
+- **Supabase Auth on frontend** — proper cookie-based session with server-side verification in middleware.
+- **No refresh token rotation** — the API client uses `getSession()` which may serve stale tokens.
+
+### 4.2 Authorization
+- **Critical: Tenant isolation bypass** (see 1.1)
+- **No role-based access control** — `user_tenants` has a `role` column but it's never checked. Any member can do anything.
+- **No resource-level permissions** — any user in a tenant can delete any case, document, etc.
+
+### 4.3 Input Validation
+- **SQL injection: Protected** — all queries use parameterized placeholders.
+- **XSS: Partially protected** — React auto-escapes, but the API returns raw strings that could contain HTML. The `Content-Disposition` header is vulnerable (see 2.6).
+- **File upload: Partially protected** — `MaxBytesReader` limits to 50MB, but no file type validation (could upload .exe, .html with scripts, etc.).
+- **Rate limiting: AI endpoints only** — the rest of the API has no rate limiting. Login/register go through Supabase (which has its own limits), but all CRUD endpoints are unlimited.
+
+### 4.4 Secrets
+- **No hardcoded secrets** — all via environment variables. Good.
+- **CalDAV credentials in plaintext** — see 1.3.
+- **Supabase service key in backend** — necessary for storage, but this key has full DB access. Should be scoped.
+
+---
+
+## 5. Testing Assessment
+
+### 5.1 Backend Tests (15 files)
+- **Integration test** — sets up real DB connection, creates JWT, tests full HTTP flow. Excellent pattern but requires DATABASE_URL (skips otherwise).
+- **Handler tests** — mock-based unit tests for most handlers. Test JSON parsing, error responses, basic happy paths.
+- **Service tests** — deadline calculator has solid date arithmetic tests. Holiday service tested. CalDAV service tested with mocks. AI service tested with mocked HTTP.
+- **Middleware tests** — rate limiter tested.
+- **Auth tests** — tenant resolver tested.
+
+### 5.2 Frontend Tests (4 files)
+- `api.test.ts` — tests the API client
+- `DeadlineTrafficLights.test.tsx` — component test
+- `CaseOverviewGrid.test.tsx` — component test
+- `LoginPage.test.tsx` — auth page test
+
+### 5.3 What's Missing
+- **No E2E tests** — no Playwright/Cypress. Critical for a law firm app where correctness matters.
+- **No contract tests** — frontend and backend are tested independently. A schema change could break the frontend without any test catching it.
+- **Deadline calculation edge cases** — needs tests for year boundaries, leap years, holidays falling on weekends, multiple consecutive holidays.
+- **Multi-tenant security tests** — no test verifying that User A can't access Tenant B's data. This is the most important test to add.
+- **Frontend test coverage is thin** — 4 tests for ~30 components. The dashboard, all forms, navigation, error states are untested.
+- **No load testing** — unknown how the system behaves under concurrent users.
+
+---
+
+## 6. UX Assessment
+
+### 6.1 What Works
+- **Dashboard is strong** — traffic light deadline indicators, upcoming timeline, case overview, quick actions. A lawyer can see what matters at a glance.
+- **German localization** — UI is in German with proper legal terminology (Akten, Fristen, Termine, Parteien).
+- **Mobile responsive** — sidebar collapses to hamburger menu, layout uses responsive grids.
+- **Loading states** — skeleton screens on dashboard, not just spinners.
+- **Breadcrumbs** — navigation trail on all pages.
+- **Deadline calculator** — unique feature that provides real value for UPC litigation.
+
+### 6.2 What a Lawyer Would Stumble On
+1. **No onboarding flow** — after registration, user has no tenant, no cases. The app shows empty states but doesn't guide the user to create a tenant or import data.
+2. **No search** — there's no global search. A lawyer with 100+ cases needs to find things fast.
+3. **No keyboard shortcuts** — power users (lawyers are keyboard-heavy) have no shortcuts.
+4. **Sidebar mixes languages** — "Akten" (German) vs "AI Analyse" (English). Should be consistent.
+5. **No notifications** — overdue deadlines don't trigger any alert beyond the dashboard color. No email alerts, no push notifications.
+6. **No print view** — lawyers need to print deadline lists, case summaries. No print stylesheet.
+7. **No bulk operations** — can't mark multiple deadlines as complete, can't bulk-assign parties.
+8. **Document upload has no preview** — uploaded PDFs can't be viewed inline.
+9. **AI features require manual trigger** — AI summary and deadline extraction are manual. Should auto-trigger on document upload.
+10. **No activity log per user** — no audit trail of who changed what. Critical for law firm compliance.
+
+---
+
+## 7. Deployment Assessment
+
+### 7.1 Docker Setup
+- **Multi-stage builds** — both Dockerfiles use builder pattern. Good.
+- **Backend is minimal** — Alpine + static binary + ca-certificates. ~15MB image.
+- **Frontend** — Bun for deps/build, Node for runtime (standalone output). Reasonable.
+- **Missing:** go.sum not copied in backend Dockerfile (see 2.9).
+- **Missing:** No docker-compose.yml for local development.
+- **Missing:** No health check in Dockerfile (`HEALTHCHECK` instruction).
+
+### 7.2 Environment Handling
+- **Config validates required vars** — `DATABASE_URL` and `SUPABASE_JWT_SECRET` are checked at startup.
+- **Supabase URL/keys not validated** — if missing, features silently fail or crash at runtime.
+- **No .env.example** — new developers don't know what env vars are needed.
+
+### 7.3 Reliability
+- **No graceful shutdown** (see 2.7)
+- **No readiness/liveness probes** — `/health` exists but only checks DB connectivity. No readiness distinction.
+- **CalDAV sync runs in-process** — if the sync goroutine panics, it takes down the API server.
+- **No structured error recovery** — panics in handlers will crash the process (no recovery middleware).
+
+---
+
+## 8. Competitive Analysis
+
+### 8.1 The Market
+
+German Kanzleisoftware is a mature, crowded market:
+
+| Tool | Type | Price | Key Strength |
+|------|------|-------|-------------|
+| **RA-MICRO** | Desktop + Cloud | ~100-200 EUR/user/mo | Market leader, 30+ years, full beA integration |
+| **ADVOWARE** | Desktop + Cloud | from 20 EUR/mo | Budget-friendly, strong for small firms |
+| **AnNoText** (Wolters Kluwer) | Desktop + Cloud | Custom pricing | Enterprise, AI document analysis, DictNow |
+| **Actaport** | Cloud-native | from 79.80 EUR/mo | Modern UI, Mandantenportal, integrated Office |
+| **Haufe Advolux** | Cloud | Custom | User-friendly, full-featured |
+| **Renostar Legal Cloud** | Cloud | Custom | Browser-based, no installation |
+
+### 8.2 Table-Stakes Features KanzlAI is Missing
+
+These are **mandatory** for any German Kanzleisoftware to be taken seriously:
+
+1. **beA Integration** — since 2022, German lawyers must use the electronic court mailbox (besonderes elektronisches Anwaltspostfach). No Kanzleisoftware sells without it. This is a **massive** implementation effort (KSW-Schnittstelle from BRAK).
+
+2. **RVG Billing (Gebührenrechner)** — automated fee calculation per RVG (Rechtsanwaltsvergütungsgesetz). Every competitor has this built-in. Without it, lawyers can't bill clients.
+
+3. **Document Generation** — templates for Schriftsätze, Klageschriften, Mahnbescheide with auto-populated case data. Usually integrated with Word.
+
+4. **Accounting (FiBu)** — client trust accounts (Fremdgeld), DATEV export, tax-relevant bookkeeping. Legal requirement.
+
+5. **Conflict Check (Kollisionsprüfung)** — check if the firm has a conflict of interest before taking a case. Legally required (§ 43a BRAO).
+
+6. **Dictation System** — voice-to-text for lawyers. RA-MICRO has DictaNet, AnNoText has DictNow.
+
+### 8.3 Where KanzlAI Could Differentiate
+
+Despite the feature gap, KanzlAI has some advantages:
+
+1. **AI-native** — competitors are bolting AI onto 20-year-old software. KanzlAI has Claude API integration from day one. The deadline extraction from PDFs is genuinely useful.
+2. **UPC specialization** — the deadline calculator with UPC Rules of Procedure knowledge is unique. No competitor has deep UPC litigation support.
+3. **CalDAV sync** — bidirectional sync with external calendars is not common in German Kanzleisoftware.
+4. **Modern tech stack** — React + Go + Supabase vs. the .NET/Java/Desktop world of RA-MICRO et al.
+5. **Multi-tenant from day 1** — designed for SaaS, not converted from desktop software.
+
+### 8.4 Strategic Recommendation
+
+**Don't compete head-on with RA-MICRO.** The feature gap is 10+ person-years of work. Instead:
+
+**Option A: UPC Niche Tool** — Pivot back to UPC patent litigation. Build the best deadline calculator, case tracker, and AI-powered brief analysis tool for UPC practitioners. There are ~1000 UPC practitioners in Europe who need specialized tooling that RA-MICRO doesn't provide. Charge 200-500 EUR/mo.
+
+**Option B: AI-First Legal Assistant** — Don't call it "Kanzleimanagement." Position as an AI assistant that reads court documents, extracts deadlines, and syncs to the lawyer's existing Kanzleisoftware via CalDAV/iCal. This sidesteps the feature gap entirely.
+
+**Option C: Full Kanzleisoftware** — If you pursue this, beA integration is the first priority, then RVG billing. Without these two, no German lawyer will switch.
+
+---
+
+## 9. Strengths (What's Good, Keep Doing It)
+
+1. **Architecture is solid** — the Go + Next.js + Supabase stack is well-chosen. Clean separation of concerns.
+2. **SQL is safe** — parameterized queries throughout. No injection vectors.
+3. **Multi-tenant design** — tenant_id scoping with RLS is the right approach.
+4. **CalDAV implementation** — genuinely impressive for an MVP. Bidirectional sync with conflict resolution.
+5. **Deadline calculator** — ported from youpc.org with holiday awareness. Real domain value.
+6. **AI integration** — Claude API with tool use for structured extraction. Clean implementation.
+7. **Dashboard UX** — traffic lights, timeline, quick actions. Lawyers will get this immediately.
+8. **German-first** — proper legal terminology, German date formats, localized UI.
+9. **Test foundation** — 15 backend test files with integration tests. Good starting point.
+10. **Docker builds are lean** — multi-stage, Alpine-based, standalone Next.js output.
+
+---
+
+## 10. Priority Roadmap
+
+### P0 — This Week
+- [ ] Fix tenant isolation bypass in TenantResolver (1.1)
+- [ ] Consolidate tenant resolution logic (1.2)
+- [ ] Encrypt CalDAV credentials at rest (1.3)
+- [ ] Add CORS middleware + security headers (1.4)
+- [ ] Stop leaking internal errors to clients (1.5)
+- [ ] Add mutex to HolidayService cache (1.6)
+- [ ] Fix rate limiter X-Forwarded-For bypass (1.7)
+- [ ] Fix Dockerfile go.sum copy (2.9)
+
+### P1 — Before Demo/Beta
+- [ ] Add input validation (length limits, allowed values) (2.1)
+- [ ] Add pagination to all list endpoints (2.2)
+- [ ] Fix `search_path` connection pool issue (2.8)
+- [ ] Add graceful shutdown with signal handling (2.7)
+- [ ] Sanitize Content-Disposition filename (2.6)
+- [ ] Fix German umlaut typos throughout frontend (2.10)
+- [ ] Handle createEvent errors instead of swallowing (2.11)
+- [ ] Add React error boundaries (2.12)
+- [ ] Implement RLS policies on all tenant-scoped tables (2.13)
+- [ ] Add multi-tenant security tests
+- [ ] Add database migrations system
+- [ ] Add `.env.example` file
+- [ ] Add onboarding flow for new users
+
+### P2 — Next Iteration
+- [ ] Role-based access control (admin/member/readonly)
+- [ ] Global search
+- [ ] Email notifications for overdue deadlines
+- [ ] Audit trail / activity log per user
+- [ ] Auto-trigger AI extraction on document upload
+- [ ] Print-friendly views
+- [ ] E2E tests with Playwright
+- [ ] CI/CD pipeline
+
+### P3 — Strategic
+- [ ] Decide market positioning (UPC niche vs. AI assistant vs. full Kanzleisoftware)
+- [ ] If Kanzleisoftware: begin beA integration research
+- [ ] If Kanzleisoftware: RVG Gebührenrechner
+- [ ] If UPC niche: integrate lex-research case law database
+
+---
+
+*This audit was conducted by reading every source file in the repository, running all tests, analyzing the database schema via seed data, and comparing against established German Kanzleisoftware competitors.*
--- a/backend/cmd/server/main.go
+++ b/backend/cmd/server/main.go
@@ -36,7 +36,12 @@ func main() {
 	calDAVSvc.Start()
 	defer calDAVSvc.Stop()

-	handler := router.New(database, authMW, cfg, calDAVSvc)
+	// Start notification reminder service
+	notifSvc := services.NewNotificationService(database)
+	notifSvc.Start()
+	defer notifSvc.Stop()
+
+	handler := router.New(database, authMW, cfg, calDAVSvc, notifSvc)

 	slog.Info("starting KanzlAI API server", "port", cfg.Port)
 	if err := http.ListenAndServe(":"+cfg.Port, handler); err != nil {
--- a/backend/internal/handlers/notifications.go
+++ b/backend/internal/handlers/notifications.go
@@ -0,0 +1,171 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+	"strconv"
+
+	"github.com/jmoiron/sqlx"
+
+	"mgit.msbls.de/m/KanzlAI-mGMT/internal/auth"
+	"mgit.msbls.de/m/KanzlAI-mGMT/internal/services"
+)
+
+// NotificationHandler handles notification API endpoints.
+type NotificationHandler struct {
+	svc *services.NotificationService
+	db  *sqlx.DB
+}
+
+// NewNotificationHandler creates a new notification handler.
+func NewNotificationHandler(svc *services.NotificationService, db *sqlx.DB) *NotificationHandler {
+	return &NotificationHandler{svc: svc, db: db}
+}
+
+// List returns paginated notifications for the authenticated user.
+func (h *NotificationHandler) List(w http.ResponseWriter, r *http.Request) {
+	tenantID, ok := auth.TenantFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusUnauthorized, "unauthorized")
+		return
+	}
+	userID, ok := auth.UserFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusUnauthorized, "unauthorized")
+		return
+	}
+
+	limit, _ := strconv.Atoi(r.URL.Query().Get("limit"))
+	offset, _ := strconv.Atoi(r.URL.Query().Get("offset"))
+
+	notifications, total, err := h.svc.ListForUser(r.Context(), tenantID, userID, limit, offset)
+	if err != nil {
+		writeError(w, http.StatusInternalServerError, "failed to list notifications")
+		return
+	}
+
+	writeJSON(w, http.StatusOK, map[string]any{
+		"data":  notifications,
+		"total": total,
+	})
+}
+
+// UnreadCount returns the count of unread notifications.
+func (h *NotificationHandler) UnreadCount(w http.ResponseWriter, r *http.Request) {
+	tenantID, ok := auth.TenantFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusUnauthorized, "unauthorized")
+		return
+	}
+	userID, ok := auth.UserFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusUnauthorized, "unauthorized")
+		return
+	}
+
+	count, err := h.svc.UnreadCount(r.Context(), tenantID, userID)
+	if err != nil {
+		writeError(w, http.StatusInternalServerError, "failed to count notifications")
+		return
+	}
+
+	writeJSON(w, http.StatusOK, map[string]int{"unread_count": count})
+}
+
+// MarkRead marks a single notification as read.
+func (h *NotificationHandler) MarkRead(w http.ResponseWriter, r *http.Request) {
+	tenantID, ok := auth.TenantFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusUnauthorized, "unauthorized")
+		return
+	}
+	userID, ok := auth.UserFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusUnauthorized, "unauthorized")
+		return
+	}
+
+	notifID, err := parsePathUUID(r, "id")
+	if err != nil {
+		writeError(w, http.StatusBadRequest, "invalid notification ID")
+		return
+	}
+
+	if err := h.svc.MarkRead(r.Context(), tenantID, userID, notifID); err != nil {
+		writeError(w, http.StatusNotFound, err.Error())
+		return
+	}
+
+	writeJSON(w, http.StatusOK, map[string]string{"status": "ok"})
+}
+
+// MarkAllRead marks all notifications as read.
+func (h *NotificationHandler) MarkAllRead(w http.ResponseWriter, r *http.Request) {
+	tenantID, ok := auth.TenantFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusUnauthorized, "unauthorized")
+		return
+	}
+	userID, ok := auth.UserFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusUnauthorized, "unauthorized")
+		return
+	}
+
+	if err := h.svc.MarkAllRead(r.Context(), tenantID, userID); err != nil {
+		writeError(w, http.StatusInternalServerError, "failed to mark all read")
+		return
+	}
+
+	writeJSON(w, http.StatusOK, map[string]string{"status": "ok"})
+}
+
+// GetPreferences returns notification preferences for the authenticated user.
+func (h *NotificationHandler) GetPreferences(w http.ResponseWriter, r *http.Request) {
+	tenantID, ok := auth.TenantFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusUnauthorized, "unauthorized")
+		return
+	}
+	userID, ok := auth.UserFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusUnauthorized, "unauthorized")
+		return
+	}
+
+	pref, err := h.svc.GetPreferences(r.Context(), tenantID, userID)
+	if err != nil {
+		writeError(w, http.StatusInternalServerError, "failed to get preferences")
+		return
+	}
+
+	writeJSON(w, http.StatusOK, pref)
+}
+
+// UpdatePreferences updates notification preferences for the authenticated user.
+func (h *NotificationHandler) UpdatePreferences(w http.ResponseWriter, r *http.Request) {
+	tenantID, ok := auth.TenantFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusUnauthorized, "unauthorized")
+		return
+	}
+	userID, ok := auth.UserFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusUnauthorized, "unauthorized")
+		return
+	}
+
+	var input services.UpdatePreferencesInput
+	if err := json.NewDecoder(r.Body).Decode(&input); err != nil {
+		writeError(w, http.StatusBadRequest, "invalid request body")
+		return
+	}
+
+	pref, err := h.svc.UpdatePreferences(r.Context(), tenantID, userID, input)
+	if err != nil {
+		writeError(w, http.StatusInternalServerError, "failed to update preferences")
+		return
+	}
+
+	writeJSON(w, http.StatusOK, pref)
+}
--- a/backend/internal/integration_test.go
+++ b/backend/internal/integration_test.go
@@ -46,7 +46,7 @@ func testServer(t *testing.T) (http.Handler, func()) {
 	}

 	authMW := auth.NewMiddleware(jwtSecret, database)
-	handler := router.New(database, authMW, cfg, nil)
+	handler := router.New(database, authMW, cfg, nil, nil)

 	return handler, func() { database.Close() }
 }
--- a/backend/internal/models/notification.go
+++ b/backend/internal/models/notification.go
@@ -0,0 +1,32 @@
+package models
+
+import (
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/lib/pq"
+)
+
+type Notification struct {
+	ID         uuid.UUID  `db:"id" json:"id"`
+	TenantID   uuid.UUID  `db:"tenant_id" json:"tenant_id"`
+	UserID     uuid.UUID  `db:"user_id" json:"user_id"`
+	Type       string     `db:"type" json:"type"`
+	EntityType *string    `db:"entity_type" json:"entity_type,omitempty"`
+	EntityID   *uuid.UUID `db:"entity_id" json:"entity_id,omitempty"`
+	Title      string     `db:"title" json:"title"`
+	Body       *string    `db:"body" json:"body,omitempty"`
+	SentAt     *time.Time `db:"sent_at" json:"sent_at,omitempty"`
+	ReadAt     *time.Time `db:"read_at" json:"read_at,omitempty"`
+	CreatedAt  time.Time  `db:"created_at" json:"created_at"`
+}
+
+type NotificationPreferences struct {
+	UserID              uuid.UUID     `db:"user_id" json:"user_id"`
+	TenantID            uuid.UUID     `db:"tenant_id" json:"tenant_id"`
+	DeadlineReminderDays pq.Int64Array `db:"deadline_reminder_days" json:"deadline_reminder_days"`
+	EmailEnabled        bool          `db:"email_enabled" json:"email_enabled"`
+	DailyDigest         bool          `db:"daily_digest" json:"daily_digest"`
+	CreatedAt           time.Time     `db:"created_at" json:"created_at"`
+	UpdatedAt           time.Time     `db:"updated_at" json:"updated_at"`
+}
--- a/backend/internal/router/router.go
+++ b/backend/internal/router/router.go
@@ -15,7 +15,7 @@ import (
 	"mgit.msbls.de/m/KanzlAI-mGMT/internal/services"
 )

-func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *services.CalDAVService) http.Handler {
+func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *services.CalDAVService, notifSvc *services.NotificationService) http.Handler {
 	mux := http.NewServeMux()

 	// Services
@@ -43,6 +43,12 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se
 	noteSvc := services.NewNoteService(db)
 	dashboardSvc := services.NewDashboardService(db)

+	// Notification handler (optional — nil in tests)
+	var notifH *handlers.NotificationHandler
+	if notifSvc != nil {
+		notifH = handlers.NewNotificationHandler(notifSvc, db)
+	}
+
 	// Handlers
 	tenantH := handlers.NewTenantHandler(tenantSvc)
 	caseH := handlers.NewCaseHandler(caseSvc)
@@ -137,6 +143,16 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se
 		scoped.HandleFunc("POST /api/ai/summarize-case", aiLimiter.LimitFunc(aiH.SummarizeCase))
 	}

+	// Notifications
+	if notifH != nil {
+		scoped.HandleFunc("GET /api/notifications", notifH.List)
+		scoped.HandleFunc("GET /api/notifications/unread-count", notifH.UnreadCount)
+		scoped.HandleFunc("PATCH /api/notifications/{id}/read", notifH.MarkRead)
+		scoped.HandleFunc("PATCH /api/notifications/read-all", notifH.MarkAllRead)
+		scoped.HandleFunc("GET /api/notification-preferences", notifH.GetPreferences)
+		scoped.HandleFunc("PUT /api/notification-preferences", notifH.UpdatePreferences)
+	}
+
 	// CalDAV sync endpoints
 	if calDAVSvc != nil {
 		calDAVH := handlers.NewCalDAVHandler(calDAVSvc)
--- a/backend/internal/services/notification_service.go
+++ b/backend/internal/services/notification_service.go
@@ -0,0 +1,501 @@
+package services
+
+import (
+	"context"
+	"fmt"
+	"log/slog"
+	"os/exec"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/jmoiron/sqlx"
+	"github.com/lib/pq"
+
+	"mgit.msbls.de/m/KanzlAI-mGMT/internal/models"
+)
+
+// NotificationService handles notification CRUD, deadline reminders, and email sending.
+type NotificationService struct {
+	db     *sqlx.DB
+	stopCh chan struct{}
+	wg     sync.WaitGroup
+}
+
+// NewNotificationService creates a new notification service.
+func NewNotificationService(db *sqlx.DB) *NotificationService {
+	return &NotificationService{
+		db:     db,
+		stopCh: make(chan struct{}),
+	}
+}
+
+// Start launches the background reminder checker (every hour) and daily digest (8am).
+func (s *NotificationService) Start() {
+	s.wg.Add(1)
+	go s.backgroundLoop()
+}
+
+// Stop gracefully shuts down background workers.
+func (s *NotificationService) Stop() {
+	close(s.stopCh)
+	s.wg.Wait()
+}
+
+func (s *NotificationService) backgroundLoop() {
+	defer s.wg.Done()
+
+	// Check reminders on startup
+	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
+	s.CheckDeadlineReminders(ctx)
+	cancel()
+
+	reminderTicker := time.NewTicker(1 * time.Hour)
+	defer reminderTicker.Stop()
+
+	// Digest ticker: check every 15 minutes, send at 8am
+	digestTicker := time.NewTicker(15 * time.Minute)
+	defer digestTicker.Stop()
+
+	var lastDigestDate string
+
+	for {
+		select {
+		case <-s.stopCh:
+			return
+		case <-reminderTicker.C:
+			ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
+			s.CheckDeadlineReminders(ctx)
+			cancel()
+		case now := <-digestTicker.C:
+			today := now.Format("2006-01-02")
+			hour := now.Hour()
+			if hour >= 8 && lastDigestDate != today {
+				lastDigestDate = today
+				ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
+				s.SendDailyDigests(ctx)
+				cancel()
+			}
+		}
+	}
+}
+
+// CheckDeadlineReminders finds deadlines due in N days matching user preferences and creates notifications.
+func (s *NotificationService) CheckDeadlineReminders(ctx context.Context) {
+	slog.Info("checking deadline reminders")
+
+	// Get all user preferences with email enabled
+	var prefs []models.NotificationPreferences
+	err := s.db.SelectContext(ctx, &prefs,
+		`SELECT user_id, tenant_id, deadline_reminder_days, email_enabled, daily_digest, created_at, updated_at
+		 FROM notification_preferences`)
+	if err != nil {
+		slog.Error("failed to load notification preferences", "error", err)
+		return
+	}
+
+	if len(prefs) == 0 {
+		return
+	}
+
+	// Collect all unique reminder day values across all users
+	daySet := make(map[int64]bool)
+	for _, p := range prefs {
+		for _, d := range p.DeadlineReminderDays {
+			daySet[d] = true
+		}
+	}
+	if len(daySet) == 0 {
+		return
+	}
+
+	// Build array of target dates
+	today := time.Now().Truncate(24 * time.Hour)
+	var targetDates []string
+	dayToDate := make(map[string]int64)
+	for d := range daySet {
+		target := today.AddDate(0, 0, int(d))
+		dateStr := target.Format("2006-01-02")
+		targetDates = append(targetDates, dateStr)
+		dayToDate[dateStr] = d
+	}
+
+	// Also check overdue deadlines
+	todayStr := today.Format("2006-01-02")
+
+	// Find pending deadlines matching target dates
+	type deadlineRow struct {
+		models.Deadline
+		CaseTitle  string `db:"case_title"`
+		CaseNumber string `db:"case_number"`
+	}
+
+	// Reminder deadlines (due in N days)
+	var reminderDeadlines []deadlineRow
+	query, args, err := sqlx.In(
+		`SELECT d.*, c.title AS case_title, c.case_number
+		 FROM deadlines d
+		 JOIN cases c ON c.id = d.case_id
+		 WHERE d.status = 'pending' AND d.due_date IN (?)`,
+		targetDates)
+	if err == nil {
+		query = s.db.Rebind(query)
+		err = s.db.SelectContext(ctx, &reminderDeadlines, query, args...)
+	}
+	if err != nil {
+		slog.Error("failed to query reminder deadlines", "error", err)
+	}
+
+	// Overdue deadlines
+	var overdueDeadlines []deadlineRow
+	err = s.db.SelectContext(ctx, &overdueDeadlines,
+		`SELECT d.*, c.title AS case_title, c.case_number
+		 FROM deadlines d
+		 JOIN cases c ON c.id = d.case_id
+		 WHERE d.status = 'pending' AND d.due_date < $1`, todayStr)
+	if err != nil {
+		slog.Error("failed to query overdue deadlines", "error", err)
+	}
+
+	// Create notifications for each user based on their tenant and preferences
+	for _, pref := range prefs {
+		// Reminder notifications
+		for _, dl := range reminderDeadlines {
+			if dl.TenantID != pref.TenantID {
+				continue
+			}
+			daysUntil := dayToDate[dl.DueDate]
+			// Check if this user cares about this many days
+			if !containsDay(pref.DeadlineReminderDays, daysUntil) {
+				continue
+			}
+
+			title := fmt.Sprintf("Frist in %d Tagen: %s", daysUntil, dl.Title)
+			body := fmt.Sprintf("Akte %s — %s\nFällig am %s", dl.CaseNumber, dl.CaseTitle, dl.DueDate)
+			entityType := "deadline"
+
+			s.CreateNotification(ctx, CreateNotificationInput{
+				TenantID:   pref.TenantID,
+				UserID:     pref.UserID,
+				Type:       "deadline_reminder",
+				EntityType: &entityType,
+				EntityID:   &dl.ID,
+				Title:      title,
+				Body:       &body,
+				SendEmail:  pref.EmailEnabled && !pref.DailyDigest,
+			})
+		}
+
+		// Overdue notifications
+		for _, dl := range overdueDeadlines {
+			if dl.TenantID != pref.TenantID {
+				continue
+			}
+
+			title := fmt.Sprintf("Frist überfällig: %s", dl.Title)
+			body := fmt.Sprintf("Akte %s — %s\nFällig seit %s", dl.CaseNumber, dl.CaseTitle, dl.DueDate)
+			entityType := "deadline"
+
+			s.CreateNotification(ctx, CreateNotificationInput{
+				TenantID:   pref.TenantID,
+				UserID:     pref.UserID,
+				Type:       "deadline_overdue",
+				EntityType: &entityType,
+				EntityID:   &dl.ID,
+				Title:      title,
+				Body:       &body,
+				SendEmail:  pref.EmailEnabled && !pref.DailyDigest,
+			})
+		}
+	}
+}
+
+// SendDailyDigests compiles pending notifications into one email per user.
+func (s *NotificationService) SendDailyDigests(ctx context.Context) {
+	slog.Info("sending daily digests")
+
+	// Find users with daily_digest enabled
+	var prefs []models.NotificationPreferences
+	err := s.db.SelectContext(ctx, &prefs,
+		`SELECT user_id, tenant_id, deadline_reminder_days, email_enabled, daily_digest, created_at, updated_at
+		 FROM notification_preferences
+		 WHERE daily_digest = true AND email_enabled = true`)
+	if err != nil {
+		slog.Error("failed to load digest preferences", "error", err)
+		return
+	}
+
+	for _, pref := range prefs {
+		// Get unsent notifications for this user from the last 24 hours
+		var notifications []models.Notification
+		err := s.db.SelectContext(ctx, &notifications,
+			`SELECT id, tenant_id, user_id, type, entity_type, entity_id, title, body, sent_at, read_at, created_at
+			 FROM notifications
+			 WHERE user_id = $1 AND tenant_id = $2 AND sent_at IS NULL
+			   AND created_at > now() - interval '24 hours'
+			 ORDER BY created_at DESC`,
+			pref.UserID, pref.TenantID)
+		if err != nil {
+			slog.Error("failed to load unsent notifications", "error", err, "user_id", pref.UserID)
+			continue
+		}
+
+		if len(notifications) == 0 {
+			continue
+		}
+
+		// Get user email
+		email := s.getUserEmail(ctx, pref.UserID)
+		if email == "" {
+			continue
+		}
+
+		// Build digest
+		var lines []string
+		lines = append(lines, fmt.Sprintf("Guten Morgen! Hier ist Ihre Tagesübersicht mit %d Benachrichtigungen:\n", len(notifications)))
+		for _, n := range notifications {
+			body := ""
+			if n.Body != nil {
+				body = " — " + *n.Body
+			}
+			lines = append(lines, fmt.Sprintf("• %s%s", n.Title, body))
+		}
+		lines = append(lines, "\n---\nKanzlAI Kanzleimanagement")
+
+		subject := fmt.Sprintf("KanzlAI Tagesübersicht — %d Benachrichtigungen", len(notifications))
+		bodyText := strings.Join(lines, "\n")
+
+		if err := SendEmail(email, subject, bodyText); err != nil {
+			slog.Error("failed to send digest email", "error", err, "user_id", pref.UserID)
+			continue
+		}
+
+		// Mark all as sent
+		ids := make([]uuid.UUID, len(notifications))
+		for i, n := range notifications {
+			ids[i] = n.ID
+		}
+		query, args, err := sqlx.In(
+			`UPDATE notifications SET sent_at = now() WHERE id IN (?)`, ids)
+		if err == nil {
+			query = s.db.Rebind(query)
+			_, err = s.db.ExecContext(ctx, query, args...)
+		}
+		if err != nil {
+			slog.Error("failed to mark digest notifications sent", "error", err)
+		}
+
+		slog.Info("sent daily digest", "user_id", pref.UserID, "count", len(notifications))
+	}
+}
+
+// CreateNotificationInput holds the data for creating a notification.
+type CreateNotificationInput struct {
+	TenantID   uuid.UUID
+	UserID     uuid.UUID
+	Type       string
+	EntityType *string
+	EntityID   *uuid.UUID
+	Title      string
+	Body       *string
+	SendEmail  bool
+}
+
+// CreateNotification stores a notification in the DB and optionally sends an email.
+func (s *NotificationService) CreateNotification(ctx context.Context, input CreateNotificationInput) (*models.Notification, error) {
+	// Dedup: check if we already sent this notification today
+	if input.EntityID != nil {
+		var count int
+		err := s.db.GetContext(ctx, &count,
+			`SELECT COUNT(*) FROM notifications
+			 WHERE user_id = $1 AND entity_id = $2 AND type = $3
+			   AND created_at::date = CURRENT_DATE`,
+			input.UserID, input.EntityID, input.Type)
+		if err == nil && count > 0 {
+			return nil, nil // Already notified today
+		}
+	}
+
+	var n models.Notification
+	err := s.db.QueryRowxContext(ctx,
+		`INSERT INTO notifications (tenant_id, user_id, type, entity_type, entity_id, title, body)
+		 VALUES ($1, $2, $3, $4, $5, $6, $7)
+		 RETURNING id, tenant_id, user_id, type, entity_type, entity_id, title, body, sent_at, read_at, created_at`,
+		input.TenantID, input.UserID, input.Type, input.EntityType, input.EntityID,
+		input.Title, input.Body).StructScan(&n)
+	if err != nil {
+		slog.Error("failed to create notification", "error", err)
+		return nil, fmt.Errorf("create notification: %w", err)
+	}
+
+	// Send email immediately if requested (non-digest users)
+	if input.SendEmail {
+		email := s.getUserEmail(ctx, input.UserID)
+		if email != "" {
+			go func() {
+				if err := SendEmail(email, input.Title, derefStr(input.Body)); err != nil {
+					slog.Error("failed to send notification email", "error", err, "user_id", input.UserID)
+				} else {
+					// Mark as sent
+					_, _ = s.db.Exec(`UPDATE notifications SET sent_at = now() WHERE id = $1`, n.ID)
+				}
+			}()
+		}
+	}
+
+	return &n, nil
+}
+
+// ListForUser returns notifications for a user in a tenant, paginated.
+func (s *NotificationService) ListForUser(ctx context.Context, tenantID, userID uuid.UUID, limit, offset int) ([]models.Notification, int, error) {
+	if limit <= 0 {
+		limit = 50
+	}
+	if limit > 200 {
+		limit = 200
+	}
+
+	var total int
+	err := s.db.GetContext(ctx, &total,
+		`SELECT COUNT(*) FROM notifications WHERE user_id = $1 AND tenant_id = $2`,
+		userID, tenantID)
+	if err != nil {
+		return nil, 0, fmt.Errorf("count notifications: %w", err)
+	}
+
+	var notifications []models.Notification
+	err = s.db.SelectContext(ctx, &notifications,
+		`SELECT id, tenant_id, user_id, type, entity_type, entity_id, title, body, sent_at, read_at, created_at
+		 FROM notifications
+		 WHERE user_id = $1 AND tenant_id = $2
+		 ORDER BY created_at DESC
+		 LIMIT $3 OFFSET $4`,
+		userID, tenantID, limit, offset)
+	if err != nil {
+		return nil, 0, fmt.Errorf("list notifications: %w", err)
+	}
+
+	return notifications, total, nil
+}
+
+// UnreadCount returns the number of unread notifications for a user.
+func (s *NotificationService) UnreadCount(ctx context.Context, tenantID, userID uuid.UUID) (int, error) {
+	var count int
+	err := s.db.GetContext(ctx, &count,
+		`SELECT COUNT(*) FROM notifications WHERE user_id = $1 AND tenant_id = $2 AND read_at IS NULL`,
+		userID, tenantID)
+	return count, err
+}
+
+// MarkRead marks a single notification as read.
+func (s *NotificationService) MarkRead(ctx context.Context, tenantID, userID, notificationID uuid.UUID) error {
+	result, err := s.db.ExecContext(ctx,
+		`UPDATE notifications SET read_at = now()
+		 WHERE id = $1 AND user_id = $2 AND tenant_id = $3 AND read_at IS NULL`,
+		notificationID, userID, tenantID)
+	if err != nil {
+		return fmt.Errorf("mark notification read: %w", err)
+	}
+	rows, _ := result.RowsAffected()
+	if rows == 0 {
+		return fmt.Errorf("notification not found or already read")
+	}
+	return nil
+}
+
+// MarkAllRead marks all notifications as read for a user.
+func (s *NotificationService) MarkAllRead(ctx context.Context, tenantID, userID uuid.UUID) error {
+	_, err := s.db.ExecContext(ctx,
+		`UPDATE notifications SET read_at = now()
+		 WHERE user_id = $1 AND tenant_id = $2 AND read_at IS NULL`,
+		userID, tenantID)
+	return err
+}
+
+// GetPreferences returns notification preferences for a user, creating defaults if needed.
+func (s *NotificationService) GetPreferences(ctx context.Context, tenantID, userID uuid.UUID) (*models.NotificationPreferences, error) {
+	var pref models.NotificationPreferences
+	err := s.db.GetContext(ctx, &pref,
+		`SELECT user_id, tenant_id, deadline_reminder_days, email_enabled, daily_digest, created_at, updated_at
+		 FROM notification_preferences
+		 WHERE user_id = $1 AND tenant_id = $2`,
+		userID, tenantID)
+	if err != nil {
+		// Return defaults if no preferences set
+		return &models.NotificationPreferences{
+			UserID:               userID,
+			TenantID:             tenantID,
+			DeadlineReminderDays: pq.Int64Array{7, 3, 1},
+			EmailEnabled:         true,
+			DailyDigest:          false,
+		}, nil
+	}
+	return &pref, nil
+}
+
+// UpdatePreferences upserts notification preferences for a user.
+func (s *NotificationService) UpdatePreferences(ctx context.Context, tenantID, userID uuid.UUID, input UpdatePreferencesInput) (*models.NotificationPreferences, error) {
+	var pref models.NotificationPreferences
+	err := s.db.QueryRowxContext(ctx,
+		`INSERT INTO notification_preferences (user_id, tenant_id, deadline_reminder_days, email_enabled, daily_digest)
+		 VALUES ($1, $2, $3, $4, $5)
+		 ON CONFLICT (user_id, tenant_id)
+		 DO UPDATE SET deadline_reminder_days = $3, email_enabled = $4, daily_digest = $5, updated_at = now()
+		 RETURNING user_id, tenant_id, deadline_reminder_days, email_enabled, daily_digest, created_at, updated_at`,
+		userID, tenantID, pq.Int64Array(input.DeadlineReminderDays), input.EmailEnabled, input.DailyDigest).StructScan(&pref)
+	if err != nil {
+		return nil, fmt.Errorf("update preferences: %w", err)
+	}
+	return &pref, nil
+}
+
+// UpdatePreferencesInput holds the data for updating notification preferences.
+type UpdatePreferencesInput struct {
+	DeadlineReminderDays []int64 `json:"deadline_reminder_days"`
+	EmailEnabled         bool    `json:"email_enabled"`
+	DailyDigest          bool    `json:"daily_digest"`
+}
+
+// SendEmail sends an email using the `m mail send` CLI command.
+func SendEmail(to, subject, body string) error {
+	cmd := exec.Command("m", "mail", "send",
+		"--to", to,
+		"--subject", subject,
+		"--body", body,
+		"--yes")
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return fmt.Errorf("m mail send failed: %w (output: %s)", err, string(output))
+	}
+	slog.Info("email sent", "to", to, "subject", subject)
+	return nil
+}
+
+// getUserEmail looks up the email for a user from Supabase auth.users.
+func (s *NotificationService) getUserEmail(ctx context.Context, userID uuid.UUID) string {
+	var email string
+	err := s.db.GetContext(ctx, &email,
+		`SELECT email FROM auth.users WHERE id = $1`, userID)
+	if err != nil {
+		slog.Error("failed to get user email", "error", err, "user_id", userID)
+		return ""
+	}
+	return email
+}
+
+func containsDay(arr pq.Int64Array, day int64) bool {
+	for _, d := range arr {
+		if d == day {
+			return true
+		}
+	}
+	return false
+}
+
+func derefStr(s *string) string {
+	if s == nil {
+		return ""
+	}
+	return *s
+}
--- a/frontend/src/app/(app)/einstellungen/page.tsx
+++ b/frontend/src/app/(app)/einstellungen/page.tsx
@@ -1,11 +1,12 @@
 "use client";

 import { useQuery } from "@tanstack/react-query";
-import { Settings, Calendar, Users } from "lucide-react";
+import { Settings, Calendar, Users, Bell } from "lucide-react";
 import Link from "next/link";
 import { api } from "@/lib/api";
 import type { Tenant } from "@/lib/types";
 import { CalDAVSettings } from "@/components/settings/CalDAVSettings";
+import { NotificationSettings } from "@/components/settings/NotificationSettings";
 import { SkeletonCard } from "@/components/ui/Skeleton";
 import { EmptyState } from "@/components/ui/EmptyState";

@@ -97,6 +98,19 @@ export default function EinstellungenPage() {
            </div>
          </section>

+          {/* Notification Settings */}
+          <section className="rounded-xl border border-neutral-200 bg-white p-5">
+            <div className="flex items-center gap-2.5 border-b border-neutral-100 pb-3">
+              <Bell className="h-4 w-4 text-neutral-500" />
+              <h2 className="text-sm font-semibold text-neutral-900">
+                Benachrichtigungen
+              </h2>
+            </div>
+            <div className="mt-4">
+              <NotificationSettings />
+            </div>
+          </section>
+
          {/* CalDAV Settings */}
          <section className="rounded-xl border border-neutral-200 bg-white p-5">
            <div className="flex items-center gap-2.5 border-b border-neutral-100 pb-3">
--- a/frontend/src/components/layout/Header.tsx
+++ b/frontend/src/components/layout/Header.tsx
@@ -2,6 +2,7 @@

 import { createClient } from "@/lib/supabase/client";
 import { TenantSwitcher } from "./TenantSwitcher";
+import { NotificationBell } from "@/components/notifications/NotificationBell";
 import { LogOut } from "lucide-react";
 import { useRouter } from "next/navigation";
 import { useEffect, useState } from "react";
@@ -29,6 +30,7 @@ export function Header() {
      <div className="w-8 lg:w-0" />
      <div className="flex items-center gap-2 sm:gap-3">
        <TenantSwitcher />
+        <NotificationBell />
        {email && (
          <span className="hidden text-sm text-neutral-500 sm:inline">
            {email}
--- a/frontend/src/components/notifications/NotificationBell.tsx
+++ b/frontend/src/components/notifications/NotificationBell.tsx
@@ -0,0 +1,205 @@
+"use client";
+
+import { useEffect, useRef, useState } from "react";
+import { useQuery, useMutation, useQueryClient } from "@tanstack/react-query";
+import { Bell, Check, CheckCheck, ExternalLink } from "lucide-react";
+import { api } from "@/lib/api";
+import type { Notification, NotificationListResponse } from "@/lib/types";
+
+function getEntityLink(n: Notification): string | null {
+  if (!n.entity_type || !n.entity_id) return null;
+  switch (n.entity_type) {
+    case "deadline":
+      return `/fristen/${n.entity_id}`;
+    case "appointment":
+      return `/termine/${n.entity_id}`;
+    case "case":
+      return `/akten/${n.entity_id}`;
+    default:
+      return null;
+  }
+}
+
+function getTypeColor(type: Notification["type"]): string {
+  switch (type) {
+    case "deadline_overdue":
+      return "bg-red-500";
+    case "deadline_reminder":
+      return "bg-amber-500";
+    case "case_update":
+      return "bg-blue-500";
+    case "assignment":
+      return "bg-violet-500";
+    default:
+      return "bg-neutral-500";
+  }
+}
+
+function timeAgo(dateStr: string): string {
+  const now = new Date();
+  const date = new Date(dateStr);
+  const diffMs = now.getTime() - date.getTime();
+  const diffMin = Math.floor(diffMs / 60000);
+  if (diffMin < 1) return "gerade eben";
+  if (diffMin < 60) return `vor ${diffMin} Min.`;
+  const diffHours = Math.floor(diffMin / 60);
+  if (diffHours < 24) return `vor ${diffHours} Std.`;
+  const diffDays = Math.floor(diffHours / 24);
+  if (diffDays === 1) return "gestern";
+  return `vor ${diffDays} Tagen`;
+}
+
+export function NotificationBell() {
+  const [open, setOpen] = useState(false);
+  const panelRef = useRef<HTMLDivElement>(null);
+  const queryClient = useQueryClient();
+
+  const { data: unreadData } = useQuery({
+    queryKey: ["notifications-unread-count"],
+    queryFn: () =>
+      api.get<{ unread_count: number }>("/api/notifications/unread-count"),
+    refetchInterval: 30_000,
+  });
+
+  const { data: notifData } = useQuery({
+    queryKey: ["notifications"],
+    queryFn: () =>
+      api.get<NotificationListResponse>("/api/notifications?limit=20"),
+    enabled: open,
+  });
+
+  const markRead = useMutation({
+    mutationFn: (id: string) =>
+      api.patch(`/api/notifications/${id}/read`),
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: ["notifications"] });
+      queryClient.invalidateQueries({
+        queryKey: ["notifications-unread-count"],
+      });
+    },
+  });
+
+  const markAllRead = useMutation({
+    mutationFn: () => api.patch("/api/notifications/read-all"),
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: ["notifications"] });
+      queryClient.invalidateQueries({
+        queryKey: ["notifications-unread-count"],
+      });
+    },
+  });
+
+  // Close on click outside
+  useEffect(() => {
+    function handleClickOutside(e: MouseEvent) {
+      if (panelRef.current && !panelRef.current.contains(e.target as Node)) {
+        setOpen(false);
+      }
+    }
+    if (open) {
+      document.addEventListener("mousedown", handleClickOutside);
+    }
+    return () => document.removeEventListener("mousedown", handleClickOutside);
+  }, [open]);
+
+  const unreadCount = unreadData?.unread_count ?? 0;
+  const notifications = notifData?.data ?? [];
+
+  return (
+    <div className="relative" ref={panelRef}>
+      <button
+        onClick={() => setOpen(!open)}
+        className="relative rounded-md p-1.5 text-neutral-400 transition-colors hover:bg-neutral-100 hover:text-neutral-600"
+        title="Benachrichtigungen"
+      >
+        <Bell className="h-4 w-4" />
+        {unreadCount > 0 && (
+          <span className="absolute -right-0.5 -top-0.5 flex h-4 min-w-4 items-center justify-center rounded-full bg-red-500 px-1 text-[10px] font-bold text-white">
+            {unreadCount > 99 ? "99+" : unreadCount}
+          </span>
+        )}
+      </button>
+
+      {open && (
+        <div className="absolute right-0 top-full z-50 mt-2 w-80 rounded-xl border border-neutral-200 bg-white shadow-lg sm:w-96">
+          {/* Header */}
+          <div className="flex items-center justify-between border-b border-neutral-100 px-4 py-3">
+            <h3 className="text-sm font-semibold text-neutral-900">
+              Benachrichtigungen
+            </h3>
+            {unreadCount > 0 && (
+              <button
+                onClick={() => markAllRead.mutate()}
+                className="flex items-center gap-1 text-xs text-neutral-500 hover:text-neutral-700"
+              >
+                <CheckCheck className="h-3 w-3" />
+                Alle gelesen
+              </button>
+            )}
+          </div>
+
+          {/* Notification list */}
+          <div className="max-h-96 overflow-y-auto">
+            {notifications.length === 0 ? (
+              <div className="p-6 text-center text-sm text-neutral-400">
+                Keine Benachrichtigungen
+              </div>
+            ) : (
+              notifications.map((n) => {
+                const link = getEntityLink(n);
+                return (
+                  <div
+                    key={n.id}
+                    className={`flex items-start gap-3 border-b border-neutral-50 px-4 py-3 transition-colors last:border-0 ${
+                      n.read_at
+                        ? "bg-white"
+                        : "bg-blue-50/50"
+                    }`}
+                  >
+                    <div
+                      className={`mt-1.5 h-2 w-2 flex-shrink-0 rounded-full ${getTypeColor(n.type)}`}
+                    />
+                    <div className="min-w-0 flex-1">
+                      <p className="text-sm font-medium text-neutral-900 leading-snug">
+                        {n.title}
+                      </p>
+                      {n.body && (
+                        <p className="mt-0.5 text-xs text-neutral-500 line-clamp-2">
+                          {n.body}
+                        </p>
+                      )}
+                      <div className="mt-1.5 flex items-center gap-2">
+                        <span className="text-[11px] text-neutral-400">
+                          {timeAgo(n.created_at)}
+                        </span>
+                        {link && (
+                          <a
+                            href={link}
+                            onClick={() => setOpen(false)}
+                            className="flex items-center gap-0.5 text-[11px] text-blue-600 hover:text-blue-700"
+                          >
+                            <ExternalLink className="h-2.5 w-2.5" />
+                            Anzeigen
+                          </a>
+                        )}
+                      </div>
+                    </div>
+                    {!n.read_at && (
+                      <button
+                        onClick={() => markRead.mutate(n.id)}
+                        className="flex-shrink-0 rounded p-1 text-neutral-400 hover:bg-neutral-100 hover:text-neutral-600"
+                        title="Als gelesen markieren"
+                      >
+                        <Check className="h-3 w-3" />
+                      </button>
+                    )}
+                  </div>
+                );
+              })
+            )}
+          </div>
+        </div>
+      )}
+    </div>
+  );
+}
--- a/frontend/src/components/settings/NotificationSettings.tsx
+++ b/frontend/src/components/settings/NotificationSettings.tsx
@@ -0,0 +1,167 @@
+"use client";
+
+import { useState } from "react";
+import { useQuery, useMutation, useQueryClient } from "@tanstack/react-query";
+import { api } from "@/lib/api";
+import type { NotificationPreferences } from "@/lib/types";
+
+const REMINDER_OPTIONS = [
+  { value: 14, label: "14 Tage" },
+  { value: 7, label: "7 Tage" },
+  { value: 3, label: "3 Tage" },
+  { value: 1, label: "1 Tag" },
+];
+
+export function NotificationSettings() {
+  const queryClient = useQueryClient();
+  const [saved, setSaved] = useState(false);
+
+  const { data: prefs, isLoading } = useQuery({
+    queryKey: ["notification-preferences"],
+    queryFn: () =>
+      api.get<NotificationPreferences>("/api/notification-preferences"),
+  });
+
+  const [reminderDays, setReminderDays] = useState<number[]>([]);
+  const [emailEnabled, setEmailEnabled] = useState(true);
+  const [dailyDigest, setDailyDigest] = useState(false);
+  const [initialized, setInitialized] = useState(false);
+
+  // Sync state from server once loaded
+  if (prefs && !initialized) {
+    setReminderDays(prefs.deadline_reminder_days);
+    setEmailEnabled(prefs.email_enabled);
+    setDailyDigest(prefs.daily_digest);
+    setInitialized(true);
+  }
+
+  const update = useMutation({
+    mutationFn: (input: {
+      deadline_reminder_days: number[];
+      email_enabled: boolean;
+      daily_digest: boolean;
+    }) => api.put<NotificationPreferences>("/api/notification-preferences", input),
+    onSuccess: () => {
+      queryClient.invalidateQueries({
+        queryKey: ["notification-preferences"],
+      });
+      setSaved(true);
+      setTimeout(() => setSaved(false), 2000);
+    },
+  });
+
+  function toggleDay(day: number) {
+    setReminderDays((prev) =>
+      prev.includes(day) ? prev.filter((d) => d !== day) : [...prev, day].sort((a, b) => b - a),
+    );
+  }
+
+  function handleSave() {
+    update.mutate({
+      deadline_reminder_days: reminderDays,
+      email_enabled: emailEnabled,
+      daily_digest: dailyDigest,
+    });
+  }
+
+  if (isLoading) {
+    return (
+      <div className="animate-pulse space-y-3">
+        <div className="h-4 w-48 rounded bg-neutral-200" />
+        <div className="h-8 w-full rounded bg-neutral-100" />
+        <div className="h-8 w-full rounded bg-neutral-100" />
+      </div>
+    );
+  }
+
+  return (
+    <div className="space-y-5">
+      {/* Reminder days */}
+      <div>
+        <p className="text-sm font-medium text-neutral-700">
+          Fristen-Erinnerungen
+        </p>
+        <p className="mt-0.5 text-xs text-neutral-500">
+          Erinnern Sie mich vor Fristablauf:
+        </p>
+        <div className="mt-2 flex flex-wrap gap-2">
+          {REMINDER_OPTIONS.map((opt) => (
+            <button
+              key={opt.value}
+              onClick={() => toggleDay(opt.value)}
+              className={`rounded-lg border px-3 py-1.5 text-sm transition-colors ${
+                reminderDays.includes(opt.value)
+                  ? "border-blue-500 bg-blue-50 text-blue-700"
+                  : "border-neutral-200 bg-white text-neutral-600 hover:border-neutral-300"
+              }`}
+            >
+              {opt.label}
+            </button>
+          ))}
+        </div>
+      </div>
+
+      {/* Email toggle */}
+      <label className="flex items-center justify-between">
+        <div>
+          <p className="text-sm font-medium text-neutral-700">
+            E-Mail-Benachrichtigungen
+          </p>
+          <p className="text-xs text-neutral-500">
+            Erinnerungen per E-Mail erhalten
+          </p>
+        </div>
+        <button
+          onClick={() => setEmailEnabled(!emailEnabled)}
+          className={`relative h-6 w-11 rounded-full transition-colors ${
+            emailEnabled ? "bg-blue-500" : "bg-neutral-300"
+          }`}
+        >
+          <span
+            className={`absolute left-0.5 top-0.5 h-5 w-5 rounded-full bg-white shadow transition-transform ${
+              emailEnabled ? "translate-x-5" : "translate-x-0"
+            }`}
+          />
+        </button>
+      </label>
+
+      {/* Daily digest toggle */}
+      <label className="flex items-center justify-between">
+        <div>
+          <p className="text-sm font-medium text-neutral-700">
+            Tagesübersicht
+          </p>
+          <p className="text-xs text-neutral-500">
+            Alle Benachrichtigungen gesammelt um 8:00 Uhr per E-Mail
+          </p>
+        </div>
+        <button
+          onClick={() => setDailyDigest(!dailyDigest)}
+          className={`relative h-6 w-11 rounded-full transition-colors ${
+            dailyDigest ? "bg-blue-500" : "bg-neutral-300"
+          }`}
+        >
+          <span
+            className={`absolute left-0.5 top-0.5 h-5 w-5 rounded-full bg-white shadow transition-transform ${
+              dailyDigest ? "translate-x-5" : "translate-x-0"
+            }`}
+          />
+        </button>
+      </label>
+
+      {/* Save */}
+      <div className="flex items-center gap-3 pt-2">
+        <button
+          onClick={handleSave}
+          disabled={update.isPending}
+          className="rounded-md bg-neutral-900 px-4 py-2 text-sm font-medium text-white hover:bg-neutral-800 disabled:opacity-50"
+        >
+          {update.isPending ? "Speichern..." : "Speichern"}
+        </button>
+        {saved && (
+          <span className="text-sm text-green-600">Gespeichert</span>
+        )}
+      </div>
+    </div>
+  );
+}
--- a/frontend/src/lib/types.ts
+++ b/frontend/src/lib/types.ts
@@ -189,6 +189,37 @@ export interface Note {
  updated_at: string;
 }

+// Notifications
+
+export interface Notification {
+  id: string;
+  tenant_id: string;
+  user_id: string;
+  type: "deadline_reminder" | "deadline_overdue" | "case_update" | "assignment";
+  entity_type?: "deadline" | "appointment" | "case";
+  entity_id?: string;
+  title: string;
+  body?: string;
+  sent_at?: string;
+  read_at?: string;
+  created_at: string;
+}
+
+export interface NotificationPreferences {
+  user_id: string;
+  tenant_id: string;
+  deadline_reminder_days: number[];
+  email_enabled: boolean;
+  daily_digest: boolean;
+  created_at?: string;
+  updated_at?: string;
+}
+
+export interface NotificationListResponse {
+  data: Notification[];
+  total: number;
+}
+
 export interface ApiError {
  error: string;
  status: number;
Author	SHA1	Message	Date
m	ac20c03f01	feat: email notifications + deadline reminder system Database: - notification_preferences table (user_id, tenant_id, reminder days, email/digest toggles) - notifications table (type, entity link, read/sent tracking, dedup index) Backend: - NotificationService with background goroutine checking reminders hourly - CheckDeadlineReminders: finds deadlines due in N days per user prefs, creates notifications - Overdue deadline detection and notification - Daily digest at 8am: compiles pending notifications into one email - SendEmail via `m mail send` CLI command - Deduplication: same notification type + entity + day = skip - API: GET/PATCH notifications, unread count, mark read/all-read - API: GET/PUT notification-preferences with upsert Frontend: - NotificationBell in header with unread count badge (polls every 30s) - Dropdown panel with notification list, type-colored dots, time-ago, entity links - Mark individual/all as read - NotificationSettings in Einstellungen page: reminder day toggles, email toggle, digest toggle	2026-03-30 11:03:17 +02:00
m	82878dffd5	docs: full system roadmap — from MVP to complete Kanzleimanagement	2026-03-28 02:35:20 +01:00
m	909f14062c	docs: comprehensive MVP audit — security, architecture, UX, competitive analysis	2026-03-28 02:26:39 +01:00
m	4b86dfa4ad	feat: update AUDIT.md with sub-agent findings Added 7 additional issues from deep-dive agents: - Race condition in HolidayService cache (critical) - Rate limiter X-Forwarded-For bypass (critical) - German umlaut typos throughout frontend - Silent error swallowing in createEvent - Missing React error boundaries - No RLS policies at database level - Updated priority roadmap with new items	2026-03-28 02:23:50 +01:00
m	60f1f4ef4a	feat: comprehensive MVP audit — security, architecture, UX, competitive analysis Structured assessment covering code quality, security (critical tenant isolation bypass found), architecture, UX gaps, testing coverage, deployment, and competitive positioning vs RA-MICRO/ADVOWARE/AnNoText/Actaport. Includes prioritized roadmap (P0-P3) with actionable items.	2026-03-28 02:22:07 +01:00