feat: add AI deadline extraction frontend page (Phase 2M)

- ExtractionForm: PDF dropzone (react-dropzone) + text textarea + case selector
- ExtractionResults: review table with edit/remove per row, confidence color-coding
- Page at /ai/extract: upload -> analyze -> review -> adopt deadlines to case
- Extended API client with postFormData for multipart uploads
- Added ExtractedDeadline and ExtractionResponse types

.env.example

@@ -7,6 +7,7 @@ PORT=8080
 # Supabase (required for database access)
 SUPABASE_URL=
 SUPABASE_ANON_KEY=
+SUPABASE_SERVICE_KEY=
 
 # Claude API (required for AI features)
 ANTHROPIC_API_KEY=

backend/cmd/server/main.go

@@ -23,7 +23,7 @@ func main() {
 	defer database.Close()
 
 	authMW := auth.NewMiddleware(cfg.SupabaseJWTSecret, database)
-	handler := router.New(database, authMW, cfg.AnthropicAPIKey)
+	handler := router.New(database, authMW, cfg)
 
 	log.Printf("Starting KanzlAI API server on :%s", cfg.Port)
 	if err := http.ListenAndServe(":"+cfg.Port, handler); err != nil {

backend/internal/config/config.go

@@ -10,6 +10,7 @@ type Config struct {
 	DatabaseURL       string
 	SupabaseURL       string
 	SupabaseAnonKey   string
+	SupabaseServiceKey string
 	SupabaseJWTSecret string
 	AnthropicAPIKey   string
 }
@@ -20,6 +21,7 @@ func Load() (*Config, error) {
 		DatabaseURL:      os.Getenv("DATABASE_URL"),
 		SupabaseURL:      os.Getenv("SUPABASE_URL"),
 		SupabaseAnonKey:   os.Getenv("SUPABASE_ANON_KEY"),
+		SupabaseServiceKey: os.Getenv("SUPABASE_SERVICE_KEY"),
 		SupabaseJWTSecret: os.Getenv("SUPABASE_JWT_SECRET"),
 		AnthropicAPIKey:  os.Getenv("ANTHROPIC_API_KEY"),
 	}

backend/internal/handlers/dashboard.go

@@ -0,0 +1,32 @@
+package handlers
+
+import (
+	"net/http"
+
+	"mgit.msbls.de/m/KanzlAI-mGMT/internal/auth"
+	"mgit.msbls.de/m/KanzlAI-mGMT/internal/services"
+)
+
+type DashboardHandler struct {
+	svc *services.DashboardService
+}
+
+func NewDashboardHandler(svc *services.DashboardService) *DashboardHandler {
+	return &DashboardHandler{svc: svc}
+}
+
+func (h *DashboardHandler) Get(w http.ResponseWriter, r *http.Request) {
+	tenantID, ok := auth.TenantFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusForbidden, "missing tenant")
+		return
+	}
+
+	data, err := h.svc.Get(r.Context(), tenantID)
+	if err != nil {
+		writeError(w, http.StatusInternalServerError, err.Error())
+		return
+	}
+
+	writeJSON(w, http.StatusOK, data)
+}

backend/internal/handlers/documents.go

@@ -0,0 +1,183 @@
+package handlers
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+
+	"mgit.msbls.de/m/KanzlAI-mGMT/internal/auth"
+	"mgit.msbls.de/m/KanzlAI-mGMT/internal/services"
+
+	"github.com/google/uuid"
+)
+
+const maxUploadSize = 50 << 20 // 50 MB
+
+type DocumentHandler struct {
+	svc *services.DocumentService
+}
+
+func NewDocumentHandler(svc *services.DocumentService) *DocumentHandler {
+	return &DocumentHandler{svc: svc}
+}
+
+func (h *DocumentHandler) ListByCase(w http.ResponseWriter, r *http.Request) {
+	tenantID, ok := auth.TenantFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusForbidden, "missing tenant")
+		return
+	}
+
+	caseID, err := uuid.Parse(r.PathValue("id"))
+	if err != nil {
+		writeError(w, http.StatusBadRequest, "invalid case ID")
+		return
+	}
+
+	docs, err := h.svc.ListByCase(r.Context(), tenantID, caseID)
+	if err != nil {
+		writeError(w, http.StatusInternalServerError, err.Error())
+		return
+	}
+
+	writeJSON(w, http.StatusOK, map[string]any{
+		"documents": docs,
+		"total":     len(docs),
+	})
+}
+
+func (h *DocumentHandler) Upload(w http.ResponseWriter, r *http.Request) {
+	tenantID, ok := auth.TenantFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusForbidden, "missing tenant")
+		return
+	}
+	userID, _ := auth.UserFromContext(r.Context())
+
+	caseID, err := uuid.Parse(r.PathValue("id"))
+	if err != nil {
+		writeError(w, http.StatusBadRequest, "invalid case ID")
+		return
+	}
+
+	r.Body = http.MaxBytesReader(w, r.Body, maxUploadSize)
+	if err := r.ParseMultipartForm(maxUploadSize); err != nil {
+		writeError(w, http.StatusBadRequest, "file too large or invalid multipart form")
+		return
+	}
+
+	file, header, err := r.FormFile("file")
+	if err != nil {
+		writeError(w, http.StatusBadRequest, "missing file field")
+		return
+	}
+	defer file.Close()
+
+	title := r.FormValue("title")
+	if title == "" {
+		title = header.Filename
+	}
+
+	contentType := header.Header.Get("Content-Type")
+	if contentType == "" {
+		contentType = "application/octet-stream"
+	}
+
+	input := services.CreateDocumentInput{
+		Title:       title,
+		DocType:     r.FormValue("doc_type"),
+		Filename:    header.Filename,
+		ContentType: contentType,
+		Size:        int(header.Size),
+		Data:        file,
+	}
+
+	doc, err := h.svc.Create(r.Context(), tenantID, caseID, userID, input)
+	if err != nil {
+		if err.Error() == "case not found" {
+			writeError(w, http.StatusNotFound, "case not found")
+			return
+		}
+		writeError(w, http.StatusInternalServerError, err.Error())
+		return
+	}
+
+	writeJSON(w, http.StatusCreated, doc)
+}
+
+func (h *DocumentHandler) Download(w http.ResponseWriter, r *http.Request) {
+	tenantID, ok := auth.TenantFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusForbidden, "missing tenant")
+		return
+	}
+
+	docID, err := uuid.Parse(r.PathValue("docId"))
+	if err != nil {
+		writeError(w, http.StatusBadRequest, "invalid document ID")
+		return
+	}
+
+	body, contentType, title, err := h.svc.Download(r.Context(), tenantID, docID)
+	if err != nil {
+		if err.Error() == "document not found" || err.Error() == "document has no file" {
+			writeError(w, http.StatusNotFound, err.Error())
+			return
+		}
+		writeError(w, http.StatusInternalServerError, err.Error())
+		return
+	}
+	defer body.Close()
+
+	w.Header().Set("Content-Type", contentType)
+	w.Header().Set("Content-Disposition", fmt.Sprintf(`attachment; filename="%s"`, title))
+	io.Copy(w, body)
+}
+
+func (h *DocumentHandler) GetMeta(w http.ResponseWriter, r *http.Request) {
+	tenantID, ok := auth.TenantFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusForbidden, "missing tenant")
+		return
+	}
+
+	docID, err := uuid.Parse(r.PathValue("docId"))
+	if err != nil {
+		writeError(w, http.StatusBadRequest, "invalid document ID")
+		return
+	}
+
+	doc, err := h.svc.GetByID(r.Context(), tenantID, docID)
+	if err != nil {
+		writeError(w, http.StatusInternalServerError, err.Error())
+		return
+	}
+	if doc == nil {
+		writeError(w, http.StatusNotFound, "document not found")
+		return
+	}
+
+	writeJSON(w, http.StatusOK, doc)
+}
+
+func (h *DocumentHandler) Delete(w http.ResponseWriter, r *http.Request) {
+	tenantID, ok := auth.TenantFromContext(r.Context())
+	if !ok {
+		writeError(w, http.StatusForbidden, "missing tenant")
+		return
+	}
+	userID, _ := auth.UserFromContext(r.Context())
+
+	docID, err := uuid.Parse(r.PathValue("docId"))
+	if err != nil {
+		writeError(w, http.StatusBadRequest, "invalid document ID")
+		return
+	}
+
+	if err := h.svc.Delete(r.Context(), tenantID, docID, userID); err != nil {
+		writeError(w, http.StatusNotFound, "document not found")
+		return
+	}
+
+	writeJSON(w, http.StatusOK, map[string]string{"status": "deleted"})
+}

backend/internal/router/router.go

@@ -7,11 +7,12 @@ import (
 	"github.com/jmoiron/sqlx"
 
 	"mgit.msbls.de/m/KanzlAI-mGMT/internal/auth"
+	"mgit.msbls.de/m/KanzlAI-mGMT/internal/config"
 	"mgit.msbls.de/m/KanzlAI-mGMT/internal/handlers"
 	"mgit.msbls.de/m/KanzlAI-mGMT/internal/services"
 )
 
-func New(db *sqlx.DB, authMW *auth.Middleware, anthropicAPIKey string) http.Handler {
+func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config) http.Handler {
 	mux := http.NewServeMux()
 
 	// Services
@@ -23,17 +24,21 @@ func New(db *sqlx.DB, authMW *auth.Middleware, anthropicAPIKey string) http.Hand
 	deadlineSvc := services.NewDeadlineService(db)
 	deadlineRuleSvc := services.NewDeadlineRuleService(db)
 	calculator := services.NewDeadlineCalculator(holidaySvc)
+	storageCli := services.NewStorageClient(cfg.SupabaseURL, cfg.SupabaseServiceKey)
+	documentSvc := services.NewDocumentService(db, storageCli)
 
 	// AI service (optional — only if API key is configured)
 	var aiH *handlers.AIHandler
-	if anthropicAPIKey != "" {
-		aiSvc := services.NewAIService(anthropicAPIKey, db)
+	if cfg.AnthropicAPIKey != "" {
+		aiSvc := services.NewAIService(cfg.AnthropicAPIKey, db)
 		aiH = handlers.NewAIHandler(aiSvc, db)
 	}
 
 	// Middleware
 	tenantResolver := auth.NewTenantResolver(tenantSvc)
 
+	dashboardSvc := services.NewDashboardService(db)
+
 	// Handlers
 	tenantH := handlers.NewTenantHandler(tenantSvc)
 	caseH := handlers.NewCaseHandler(caseSvc)
@@ -42,6 +47,8 @@ func New(db *sqlx.DB, authMW *auth.Middleware, anthropicAPIKey string) http.Hand
 	deadlineH := handlers.NewDeadlineHandlers(deadlineSvc, db)
 	ruleH := handlers.NewDeadlineRuleHandlers(deadlineRuleSvc)
 	calcH := handlers.NewCalculateHandlers(calculator, deadlineRuleSvc)
+	dashboardH := handlers.NewDashboardHandler(dashboardSvc)
+	docH := handlers.NewDocumentHandler(documentSvc)
 
 	// Public routes
 	mux.HandleFunc("GET /health", handleHealth(db))
@@ -93,15 +100,22 @@ func New(db *sqlx.DB, authMW *auth.Middleware, anthropicAPIKey string) http.Hand
 	scoped.HandleFunc("PUT /api/appointments/{id}", apptH.Update)
 	scoped.HandleFunc("DELETE /api/appointments/{id}", apptH.Delete)
 
+	// Dashboard
+	scoped.HandleFunc("GET /api/dashboard", dashboardH.Get)
+
+	// Documents
+	scoped.HandleFunc("GET /api/cases/{id}/documents", docH.ListByCase)
+	scoped.HandleFunc("POST /api/cases/{id}/documents", docH.Upload)
+	scoped.HandleFunc("GET /api/documents/{docId}", docH.Download)
+	scoped.HandleFunc("GET /api/documents/{docId}/meta", docH.GetMeta)
+	scoped.HandleFunc("DELETE /api/documents/{docId}", docH.Delete)
+
 	// AI endpoints
 	if aiH != nil {
 		scoped.HandleFunc("POST /api/ai/extract-deadlines", aiH.ExtractDeadlines)
 		scoped.HandleFunc("POST /api/ai/summarize-case", aiH.SummarizeCase)
 	}
 
-	// Placeholder routes for future phases
-	scoped.HandleFunc("GET /api/documents", placeholder("documents"))
-
 	// Wire: auth -> tenant routes go directly, scoped routes get tenant resolver
 	api.Handle("/api/", tenantResolver.Resolve(scoped))
 
@@ -122,12 +136,3 @@ func handleHealth(db *sqlx.DB) http.HandlerFunc {
 	}
 }
 
-func placeholder(resource string) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(map[string]string{
-			"status":   "not_implemented",
-			"resource": resource,
-		})
-	}
-}

backend/internal/services/dashboard_service.go

@@ -0,0 +1,151 @@
+package services
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/jmoiron/sqlx"
+)
+
+type DashboardService struct {
+	db *sqlx.DB
+}
+
+func NewDashboardService(db *sqlx.DB) *DashboardService {
+	return &DashboardService{db: db}
+}
+
+type DashboardData struct {
+	DeadlineSummary      DeadlineSummary       `json:"deadline_summary"`
+	CaseSummary          CaseSummary           `json:"case_summary"`
+	UpcomingDeadlines    []UpcomingDeadline    `json:"upcoming_deadlines"`
+	UpcomingAppointments []UpcomingAppointment `json:"upcoming_appointments"`
+	RecentActivity       []RecentActivity      `json:"recent_activity"`
+}
+
+type DeadlineSummary struct {
+	OverdueCount int `json:"overdue_count" db:"overdue_count"`
+	DueThisWeek  int `json:"due_this_week" db:"due_this_week"`
+	DueNextWeek  int `json:"due_next_week" db:"due_next_week"`
+	OKCount      int `json:"ok_count" db:"ok_count"`
+}
+
+type CaseSummary struct {
+	ActiveCount  int `json:"active_count" db:"active_count"`
+	NewThisMonth int `json:"new_this_month" db:"new_this_month"`
+	ClosedCount  int `json:"closed_count" db:"closed_count"`
+}
+
+type UpcomingDeadline struct {
+	ID         uuid.UUID `json:"id" db:"id"`
+	Title      string    `json:"title" db:"title"`
+	DueDate    string    `json:"due_date" db:"due_date"`
+	CaseNumber string    `json:"case_number" db:"case_number"`
+	CaseTitle  string    `json:"case_title" db:"case_title"`
+	Status     string    `json:"status" db:"status"`
+}
+
+type UpcomingAppointment struct {
+	ID         uuid.UUID  `json:"id" db:"id"`
+	Title      string     `json:"title" db:"title"`
+	StartAt    time.Time  `json:"start_at" db:"start_at"`
+	CaseNumber *string    `json:"case_number" db:"case_number"`
+	Location   *string    `json:"location" db:"location"`
+}
+
+type RecentActivity struct {
+	EventType  *string    `json:"event_type" db:"event_type"`
+	Title      string     `json:"title" db:"title"`
+	CaseNumber string     `json:"case_number" db:"case_number"`
+	EventDate  *time.Time `json:"event_date" db:"event_date"`
+}
+
+func (s *DashboardService) Get(ctx context.Context, tenantID uuid.UUID) (*DashboardData, error) {
+	now := time.Now()
+	today := now.Format("2006-01-02")
+	endOfWeek := now.AddDate(0, 0, 7-int(now.Weekday())).Format("2006-01-02")
+	endOfNextWeek := now.AddDate(0, 0, 14-int(now.Weekday())).Format("2006-01-02")
+	in7Days := now.AddDate(0, 0, 7).Format("2006-01-02")
+	startOfMonth := time.Date(now.Year(), now.Month(), 1, 0, 0, 0, 0, now.Location()).Format("2006-01-02")
+
+	data := &DashboardData{}
+
+	// Single query with CTEs for deadline + case summaries
+	summaryQuery := `
+		WITH deadline_stats AS (
+			SELECT
+				COUNT(*) FILTER (WHERE due_date < $2 AND status = 'pending') AS overdue_count,
+				COUNT(*) FILTER (WHERE due_date >= $2 AND due_date <= $3 AND status = 'pending') AS due_this_week,
+				COUNT(*) FILTER (WHERE due_date > $3 AND due_date <= $4 AND status = 'pending') AS due_next_week,
+				COUNT(*) FILTER (WHERE due_date > $4 AND status = 'pending') AS ok_count
+			FROM deadlines
+			WHERE tenant_id = $1
+		),
+		case_stats AS (
+			SELECT
+				COUNT(*) FILTER (WHERE status = 'active') AS active_count,
+				COUNT(*) FILTER (WHERE created_at >= $5::date AND status != 'archived') AS new_this_month,
+				COUNT(*) FILTER (WHERE status IN ('closed', 'archived')) AS closed_count
+			FROM cases
+			WHERE tenant_id = $1
+		)
+		SELECT
+			ds.overdue_count, ds.due_this_week, ds.due_next_week, ds.ok_count,
+			cs.active_count, cs.new_this_month, cs.closed_count
+		FROM deadline_stats ds, case_stats cs`
+
+	var summaryRow struct {
+		DeadlineSummary
+		CaseSummary
+	}
+	err := s.db.GetContext(ctx, &summaryRow, summaryQuery, tenantID, today, endOfWeek, endOfNextWeek, startOfMonth)
+	if err != nil {
+		return nil, fmt.Errorf("dashboard summary: %w", err)
+	}
+	data.DeadlineSummary = summaryRow.DeadlineSummary
+	data.CaseSummary = summaryRow.CaseSummary
+
+	// Upcoming deadlines (next 7 days)
+	deadlineQuery := `
+		SELECT d.id, d.title, d.due_date, c.case_number, c.title AS case_title, d.status
+		FROM deadlines d
+		JOIN cases c ON c.id = d.case_id AND c.tenant_id = d.tenant_id
+		WHERE d.tenant_id = $1 AND d.status = 'pending' AND d.due_date >= $2 AND d.due_date <= $3
+		ORDER BY d.due_date ASC`
+
+	data.UpcomingDeadlines = []UpcomingDeadline{}
+	if err := s.db.SelectContext(ctx, &data.UpcomingDeadlines, deadlineQuery, tenantID, today, in7Days); err != nil {
+		return nil, fmt.Errorf("dashboard upcoming deadlines: %w", err)
+	}
+
+	// Upcoming appointments (next 7 days)
+	appointmentQuery := `
+		SELECT a.id, a.title, a.start_at, c.case_number, a.location
+		FROM appointments a
+		LEFT JOIN cases c ON c.id = a.case_id AND c.tenant_id = a.tenant_id
+		WHERE a.tenant_id = $1 AND a.start_at >= $2::timestamp AND a.start_at < ($2::date + interval '7 days')
+		ORDER BY a.start_at ASC`
+
+	data.UpcomingAppointments = []UpcomingAppointment{}
+	if err := s.db.SelectContext(ctx, &data.UpcomingAppointments, appointmentQuery, tenantID, now); err != nil {
+		return nil, fmt.Errorf("dashboard upcoming appointments: %w", err)
+	}
+
+	// Recent activity (last 10 case events)
+	activityQuery := `
+		SELECT ce.event_type, ce.title, c.case_number, ce.event_date
+		FROM case_events ce
+		JOIN cases c ON c.id = ce.case_id AND c.tenant_id = ce.tenant_id
+		WHERE ce.tenant_id = $1
+		ORDER BY COALESCE(ce.event_date, ce.created_at) DESC
+		LIMIT 10`
+
+	data.RecentActivity = []RecentActivity{}
+	if err := s.db.SelectContext(ctx, &data.RecentActivity, activityQuery, tenantID); err != nil {
+		return nil, fmt.Errorf("dashboard recent activity: %w", err)
+	}
+
+	return data, nil
+}

backend/internal/services/dashboard_service_test.go

@@ -0,0 +1,33 @@
+package services
+
+import (
+	"testing"
+	"time"
+)
+
+func TestDashboardDateCalculations(t *testing.T) {
+	// Verify the date range logic used in Get()
+	now := time.Date(2026, 3, 25, 14, 0, 0, 0, time.UTC) // Wednesday
+
+	today := now.Format("2006-01-02")
+	endOfWeek := now.AddDate(0, 0, 7-int(now.Weekday())).Format("2006-01-02")
+	endOfNextWeek := now.AddDate(0, 0, 14-int(now.Weekday())).Format("2006-01-02")
+	in7Days := now.AddDate(0, 0, 7).Format("2006-01-02")
+	startOfMonth := time.Date(now.Year(), now.Month(), 1, 0, 0, 0, 0, now.Location()).Format("2006-01-02")
+
+	if today != "2026-03-25" {
+		t.Errorf("today = %s, want 2026-03-25", today)
+	}
+	if endOfWeek != "2026-03-29" { // Sunday
+		t.Errorf("endOfWeek = %s, want 2026-03-29", endOfWeek)
+	}
+	if endOfNextWeek != "2026-04-05" {
+		t.Errorf("endOfNextWeek = %s, want 2026-04-05", endOfNextWeek)
+	}
+	if in7Days != "2026-04-01" {
+		t.Errorf("in7Days = %s, want 2026-04-01", in7Days)
+	}
+	if startOfMonth != "2026-03-01" {
+		t.Errorf("startOfMonth = %s, want 2026-03-01", startOfMonth)
+	}
+}

backend/internal/services/document_service.go

@@ -0,0 +1,163 @@
+package services
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"io"
+	"time"
+
+	"mgit.msbls.de/m/KanzlAI-mGMT/internal/models"
+
+	"github.com/google/uuid"
+	"github.com/jmoiron/sqlx"
+)
+
+const documentBucket = "kanzlai-documents"
+
+type DocumentService struct {
+	db      *sqlx.DB
+	storage *StorageClient
+}
+
+func NewDocumentService(db *sqlx.DB, storage *StorageClient) *DocumentService {
+	return &DocumentService{db: db, storage: storage}
+}
+
+type CreateDocumentInput struct {
+	Title       string `json:"title"`
+	DocType     string `json:"doc_type"`
+	Filename    string
+	ContentType string
+	Size        int
+	Data        io.Reader
+}
+
+func (s *DocumentService) ListByCase(ctx context.Context, tenantID, caseID uuid.UUID) ([]models.Document, error) {
+	var docs []models.Document
+	err := s.db.SelectContext(ctx, &docs,
+		"SELECT * FROM documents WHERE tenant_id = $1 AND case_id = $2 ORDER BY created_at DESC",
+		tenantID, caseID)
+	if err != nil {
+		return nil, fmt.Errorf("listing documents: %w", err)
+	}
+	return docs, nil
+}
+
+func (s *DocumentService) GetByID(ctx context.Context, tenantID, docID uuid.UUID) (*models.Document, error) {
+	var doc models.Document
+	err := s.db.GetContext(ctx, &doc,
+		"SELECT * FROM documents WHERE id = $1 AND tenant_id = $2", docID, tenantID)
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, nil
+		}
+		return nil, fmt.Errorf("getting document: %w", err)
+	}
+	return &doc, nil
+}
+
+func (s *DocumentService) Create(ctx context.Context, tenantID, caseID, userID uuid.UUID, input CreateDocumentInput) (*models.Document, error) {
+	// Verify case belongs to tenant
+	var caseExists int
+	if err := s.db.GetContext(ctx, &caseExists,
+		"SELECT COUNT(*) FROM cases WHERE id = $1 AND tenant_id = $2",
+		caseID, tenantID); err != nil {
+		return nil, fmt.Errorf("verifying case: %w", err)
+	}
+	if caseExists == 0 {
+		return nil, fmt.Errorf("case not found")
+	}
+
+	id := uuid.New()
+	storagePath := fmt.Sprintf("%s/%s/%s_%s", tenantID, caseID, id, input.Filename)
+
+	// Upload to Supabase Storage
+	if err := s.storage.Upload(ctx, documentBucket, storagePath, input.ContentType, input.Data); err != nil {
+		return nil, fmt.Errorf("uploading file: %w", err)
+	}
+
+	// Insert metadata record
+	now := time.Now()
+	_, err := s.db.ExecContext(ctx,
+		`INSERT INTO documents (id, tenant_id, case_id, title, doc_type, file_path, file_size, mime_type, uploaded_by, created_at, updated_at)
+		 VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $10)`,
+		id, tenantID, caseID, input.Title, nilIfEmpty(input.DocType), storagePath, input.Size, input.ContentType, userID, now)
+	if err != nil {
+		// Best effort: clean up uploaded file
+		_ = s.storage.Delete(ctx, documentBucket, []string{storagePath})
+		return nil, fmt.Errorf("inserting document record: %w", err)
+	}
+
+	// Log case event
+	createEvent(ctx, s.db, tenantID, caseID, userID, "document_uploaded",
+		fmt.Sprintf("Document uploaded: %s", input.Title), nil)
+
+	var doc models.Document
+	if err := s.db.GetContext(ctx, &doc, "SELECT * FROM documents WHERE id = $1", id); err != nil {
+		return nil, fmt.Errorf("fetching created document: %w", err)
+	}
+	return &doc, nil
+}
+
+func (s *DocumentService) Download(ctx context.Context, tenantID, docID uuid.UUID) (io.ReadCloser, string, string, error) {
+	doc, err := s.GetByID(ctx, tenantID, docID)
+	if err != nil {
+		return nil, "", "", err
+	}
+	if doc == nil {
+		return nil, "", "", fmt.Errorf("document not found")
+	}
+	if doc.FilePath == nil {
+		return nil, "", "", fmt.Errorf("document has no file")
+	}
+
+	body, contentType, err := s.storage.Download(ctx, documentBucket, *doc.FilePath)
+	if err != nil {
+		return nil, "", "", fmt.Errorf("downloading file: %w", err)
+	}
+
+	// Use stored mime_type if available, fall back to storage response
+	if doc.MimeType != nil && *doc.MimeType != "" {
+		contentType = *doc.MimeType
+	}
+
+	return body, contentType, doc.Title, nil
+}
+
+func (s *DocumentService) Delete(ctx context.Context, tenantID, docID, userID uuid.UUID) error {
+	doc, err := s.GetByID(ctx, tenantID, docID)
+	if err != nil {
+		return err
+	}
+	if doc == nil {
+		return sql.ErrNoRows
+	}
+
+	// Delete from storage
+	if doc.FilePath != nil {
+		if err := s.storage.Delete(ctx, documentBucket, []string{*doc.FilePath}); err != nil {
+			return fmt.Errorf("deleting file from storage: %w", err)
+		}
+	}
+
+	// Delete database record
+	_, err = s.db.ExecContext(ctx,
+		"DELETE FROM documents WHERE id = $1 AND tenant_id = $2", docID, tenantID)
+	if err != nil {
+		return fmt.Errorf("deleting document record: %w", err)
+	}
+
+	// Log case event
+	createEvent(ctx, s.db, tenantID, doc.CaseID, userID, "document_deleted",
+		fmt.Sprintf("Document deleted: %s", doc.Title), nil)
+
+	return nil
+}
+
+func nilIfEmpty(s string) *string {
+	if s == "" {
+		return nil
+	}
+	return &s
+}

backend/internal/services/storage.go

@@ -0,0 +1,112 @@
+package services
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+)
+
+// StorageClient interacts with Supabase Storage via REST API.
+type StorageClient struct {
+	baseURL    string
+	serviceKey string
+	httpClient *http.Client
+}
+
+func NewStorageClient(supabaseURL, serviceKey string) *StorageClient {
+	return &StorageClient{
+		baseURL:    supabaseURL,
+		serviceKey: serviceKey,
+		httpClient: &http.Client{},
+	}
+}
+
+// Upload stores a file in the given bucket at the specified path.
+func (s *StorageClient) Upload(ctx context.Context, bucket, path, contentType string, data io.Reader) error {
+	url := fmt.Sprintf("%s/storage/v1/object/%s/%s", s.baseURL, bucket, path)
+
+	req, err := http.NewRequestWithContext(ctx, "POST", url, data)
+	if err != nil {
+		return fmt.Errorf("creating upload request: %w", err)
+	}
+
+	req.Header.Set("Authorization", "Bearer "+s.serviceKey)
+	req.Header.Set("Content-Type", contentType)
+	req.Header.Set("x-upsert", "true")
+
+	resp, err := s.httpClient.Do(req)
+	if err != nil {
+		return fmt.Errorf("uploading to storage: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated {
+		body, _ := io.ReadAll(resp.Body)
+		return fmt.Errorf("storage upload failed (status %d): %s", resp.StatusCode, string(body))
+	}
+
+	return nil
+}
+
+// Download retrieves a file from storage. Caller must close the returned ReadCloser.
+func (s *StorageClient) Download(ctx context.Context, bucket, path string) (io.ReadCloser, string, error) {
+	url := fmt.Sprintf("%s/storage/v1/object/%s/%s", s.baseURL, bucket, path)
+
+	req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
+	if err != nil {
+		return nil, "", fmt.Errorf("creating download request: %w", err)
+	}
+
+	req.Header.Set("Authorization", "Bearer "+s.serviceKey)
+
+	resp, err := s.httpClient.Do(req)
+	if err != nil {
+		return nil, "", fmt.Errorf("downloading from storage: %w", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		resp.Body.Close()
+		if resp.StatusCode == http.StatusNotFound {
+			return nil, "", fmt.Errorf("file not found in storage")
+		}
+		body, _ := io.ReadAll(resp.Body)
+		return nil, "", fmt.Errorf("storage download failed (status %d): %s", resp.StatusCode, string(body))
+	}
+
+	ct := resp.Header.Get("Content-Type")
+	return resp.Body, ct, nil
+}
+
+// Delete removes files from storage by their paths.
+func (s *StorageClient) Delete(ctx context.Context, bucket string, paths []string) error {
+	url := fmt.Sprintf("%s/storage/v1/object/%s", s.baseURL, bucket)
+
+	body, err := json.Marshal(map[string][]string{"prefixes": paths})
+	if err != nil {
+		return fmt.Errorf("marshaling delete request: %w", err)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "DELETE", url, bytes.NewReader(body))
+	if err != nil {
+		return fmt.Errorf("creating delete request: %w", err)
+	}
+
+	req.Header.Set("Authorization", "Bearer "+s.serviceKey)
+	req.Header.Set("Content-Type", "application/json")
+
+	resp, err := s.httpClient.Do(req)
+	if err != nil {
+		return fmt.Errorf("deleting from storage: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusNoContent {
+		respBody, _ := io.ReadAll(resp.Body)
+		return fmt.Errorf("storage delete failed (status %d): %s", resp.StatusCode, string(respBody))
+	}
+
+	return nil
+}

frontend/bun.lock

@@ -5,9 +5,16 @@
     "": {
       "name": "frontend",
       "dependencies": {
+        "@supabase/ssr": "^0.9.0",
+        "@supabase/supabase-js": "^2.100.0",
+        "@tanstack/react-query": "^5.95.2",
+        "date-fns": "^4.1.0",
+        "lucide-react": "^1.6.0",
         "next": "15.5.14",
         "react": "19.1.0",
         "react-dom": "19.1.0",
+        "react-dropzone": "^15.0.0",
+        "sonner": "^2.0.7",
       },
       "devDependencies": {
         "@eslint/eslintrc": "^3",
@@ -151,6 +158,22 @@
 
     "@rushstack/eslint-patch": ["@rushstack/eslint-patch@1.16.1", "", {}, "sha512-TvZbIpeKqGQQ7X0zSCvPH9riMSFQFSggnfBjFZ1mEoILW+UuXCKwOoPcgjMwiUtRqFZ8jWhPJc4um14vC6I4ag=="],
 
+    "@supabase/auth-js": ["@supabase/auth-js@2.100.0", "", { "dependencies": { "tslib": "2.8.1" } }, "sha512-pdT3ye3UVRN1Cg0wom6BmyY+XTtp5DiJaYnPi6j8ht5i8Lq8kfqxJMJz9GI9YDKk3w1nhGOPnh6Qz5qpyYm+1w=="],
+
+    "@supabase/functions-js": ["@supabase/functions-js@2.100.0", "", { "dependencies": { "tslib": "2.8.1" } }, "sha512-keLg79RPwP+uiwHuxFPTFgDRxPV46LM4j/swjyR2GKJgWniTVSsgiBHfbIBDcrQwehLepy09b/9QSHUywtKRWQ=="],
+
+    "@supabase/phoenix": ["@supabase/phoenix@0.4.0", "", {}, "sha512-RHSx8bHS02xwfHdAbX5Lpbo6PXbgyf7lTaXTlwtFDPwOIw64NnVRwFAXGojHhjtVYI+PEPNSWwkL90f4agN3bw=="],
+
+    "@supabase/postgrest-js": ["@supabase/postgrest-js@2.100.0", "", { "dependencies": { "tslib": "2.8.1" } }, "sha512-xYNvNbBJaXOGcrZ44wxwp5830uo1okMHGS8h8dm3u4f0xcZ39yzbryUsubTJW41MG2gbL/6U57cA4Pi6YMZ9pA=="],
+
+    "@supabase/realtime-js": ["@supabase/realtime-js@2.100.0", "", { "dependencies": { "@supabase/phoenix": "^0.4.0", "@types/ws": "^8.18.1", "tslib": "2.8.1", "ws": "^8.18.2" } }, "sha512-2AZs00zzEF0HuCKY8grz5eCYlwEfVi5HONLZFoNR6aDfxQivl8zdQYNjyFoqN2MZiVhQHD7u6XV/xHwM8mCEHw=="],
+
+    "@supabase/ssr": ["@supabase/ssr@0.9.0", "", { "dependencies": { "cookie": "^1.0.2" }, "peerDependencies": { "@supabase/supabase-js": "^2.97.0" } }, "sha512-UFY6otYV3yqCgV+AyHj80vNkTvbf1Gas2LW4dpbQ4ap6p6v3eB2oaDfcI99jsuJzwVBCFU4BJI+oDYyhNk1z0Q=="],
+
+    "@supabase/storage-js": ["@supabase/storage-js@2.100.0", "", { "dependencies": { "iceberg-js": "^0.8.1", "tslib": "2.8.1" } }, "sha512-d4EeuK6RNIgYNA2MU9kj8lQrLm5AzZ+WwpWjGkii6SADQNIGTC/uiaTRu02XJ5AmFALQfo8fLl9xuCkO6Xw+iQ=="],
+
+    "@supabase/supabase-js": ["@supabase/supabase-js@2.100.0", "", { "dependencies": { "@supabase/auth-js": "2.100.0", "@supabase/functions-js": "2.100.0", "@supabase/postgrest-js": "2.100.0", "@supabase/realtime-js": "2.100.0", "@supabase/storage-js": "2.100.0" } }, "sha512-r0tlcukejJXJ1m/2eG/Ya5eYs4W8AC7oZfShpG3+SIo/eIU9uIt76ZeYI1SoUwUmcmzlAbgch+HDZDR/toVQPQ=="],
+
     "@swc/helpers": ["@swc/helpers@0.5.15", "", { "dependencies": { "tslib": "^2.8.0" } }, "sha512-JQ5TuMi45Owi4/BIMAJBoSQoOJu12oOk/gADqlcUL9JEdHB8vyjUSsxqeNXnmXHjYKMi2WcYtezGEEhqUI/E2g=="],
 
     "@tailwindcss/node": ["@tailwindcss/node@4.2.2", "", { "dependencies": { "@jridgewell/remapping": "^2.3.5", "enhanced-resolve": "^5.19.0", "jiti": "^2.6.1", "lightningcss": "1.32.0", "magic-string": "^0.30.21", "source-map-js": "^1.2.1", "tailwindcss": "4.2.2" } }, "sha512-pXS+wJ2gZpVXqFaUEjojq7jzMpTGf8rU6ipJz5ovJV6PUGmlJ+jvIwGrzdHdQ80Sg+wmQxUFuoW1UAAwHNEdFA=="],
@@ -183,6 +206,10 @@
 
     "@tailwindcss/postcss": ["@tailwindcss/postcss@4.2.2", "", { "dependencies": { "@alloc/quick-lru": "^5.2.0", "@tailwindcss/node": "4.2.2", "@tailwindcss/oxide": "4.2.2", "postcss": "^8.5.6", "tailwindcss": "4.2.2" } }, "sha512-n4goKQbW8RVXIbNKRB/45LzyUqN451deQK0nzIeauVEqjlI49slUlgKYJM2QyUzap/PcpnS7kzSUmPb1sCRvYQ=="],
 
+    "@tanstack/query-core": ["@tanstack/query-core@5.95.2", "", {}, "sha512-o4T8vZHZET4Bib3jZ/tCW9/7080urD4c+0/AUaYVpIqOsr7y0reBc1oX3ttNaSW5mYyvZHctiQ/UOP2PfdmFEQ=="],
+
+    "@tanstack/react-query": ["@tanstack/react-query@5.95.2", "", { "dependencies": { "@tanstack/query-core": "5.95.2" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-/wGkvLj/st5Ud1Q76KF1uFxScV7WeqN1slQx5280ycwAyYkIPGaRZAEgHxe3bjirSd5Zpwkj6zNcR4cqYni/ZA=="],
+
     "@tybys/wasm-util": ["@tybys/wasm-util@0.10.1", "", { "dependencies": { "tslib": "^2.4.0" } }, "sha512-9tTaPJLSiejZKx+Bmog4uSubteqTvFrVrURwkmHixBo0G4seD0zUxp98E1DzUBJxLQ3NPwXrGKDiVjwx/DpPsg=="],
 
     "@types/estree": ["@types/estree@1.0.8", "", {}, "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w=="],
@@ -197,6 +224,8 @@
 
     "@types/react-dom": ["@types/react-dom@19.2.3", "", { "peerDependencies": { "@types/react": "^19.2.0" } }, "sha512-jp2L/eY6fn+KgVVQAOqYItbF0VY/YApe5Mz2F0aykSO8gx31bYCZyvSeYxCHKvzHG5eZjc+zyaS5BrBWya2+kQ=="],
 
+    "@types/ws": ["@types/ws@8.18.1", "", { "dependencies": { "@types/node": "*" } }, "sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg=="],
+
     "@typescript-eslint/eslint-plugin": ["@typescript-eslint/eslint-plugin@8.57.2", "", { "dependencies": { "@eslint-community/regexpp": "^4.12.2", "@typescript-eslint/scope-manager": "8.57.2", "@typescript-eslint/type-utils": "8.57.2", "@typescript-eslint/utils": "8.57.2", "@typescript-eslint/visitor-keys": "8.57.2", "ignore": "^7.0.5", "natural-compare": "^1.4.0", "ts-api-utils": "^2.4.0" }, "peerDependencies": { "@typescript-eslint/parser": "^8.57.2", "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-NZZgp0Fm2IkD+La5PR81sd+g+8oS6JwJje+aRWsDocxHkjyRw0J5L5ZTlN3LI1LlOcGL7ph3eaIUmTXMIjLk0w=="],
 
     "@typescript-eslint/parser": ["@typescript-eslint/parser@8.57.2", "", { "dependencies": { "@typescript-eslint/scope-manager": "8.57.2", "@typescript-eslint/types": "8.57.2", "@typescript-eslint/typescript-estree": "8.57.2", "@typescript-eslint/visitor-keys": "8.57.2", "debug": "^4.4.3" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-30ScMRHIAD33JJQkgfGW1t8CURZtjc2JpTrq5n2HFhOefbAhb7ucc7xJwdWcrEtqUIYJ73Nybpsggii6GtAHjA=="],
@@ -287,6 +316,8 @@
 
     "async-function": ["async-function@1.0.0", "", {}, "sha512-hsU18Ae8CDTR6Kgu9DYf0EbCr/a5iGL0rytQDobUcdpYOKokk8LEjVphnXkDkgpi0wYVsqrXuP0bZxJaTqdgoA=="],
 
+    "attr-accept": ["attr-accept@2.2.5", "", {}, "sha512-0bDNnY/u6pPwHDMoF0FieU354oBi0a8rD9FcsLwzcGWbc8KS8KPIi7y+s13OlVY+gMWc/9xEMUgNE6Qm8ZllYQ=="],
+
     "available-typed-arrays": ["available-typed-arrays@1.0.7", "", { "dependencies": { "possible-typed-array-names": "^1.0.0" } }, "sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ=="],
 
     "axe-core": ["axe-core@4.11.1", "", {}, "sha512-BASOg+YwO2C+346x3LZOeoovTIoTrRqEsqMa6fmfAV0P+U9mFr9NsyOEpiYvFjbc64NMrSswhV50WdXzdb/Z5A=="],
@@ -319,6 +350,8 @@
 
     "concat-map": ["concat-map@0.0.1", "", {}, "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg=="],
 
+    "cookie": ["cookie@1.1.1", "", {}, "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ=="],
+
     "cross-spawn": ["cross-spawn@7.0.6", "", { "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", "which": "^2.0.1" } }, "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA=="],
 
     "csstype": ["csstype@3.2.3", "", {}, "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ=="],
@@ -331,6 +364,8 @@
 
     "data-view-byte-offset": ["data-view-byte-offset@1.0.1", "", { "dependencies": { "call-bound": "^1.0.2", "es-errors": "^1.3.0", "is-data-view": "^1.0.1" } }, "sha512-BS8PfmtDGnrgYdOonGZQdLZslWIeCGFP9tpan0hi1Co2Zr2NKADsvGYA8XxuG/4UWgJ6Cjtv+YJnB6MM69QGlQ=="],
 
+    "date-fns": ["date-fns@4.1.0", "", {}, "sha512-Ukq0owbQXxa/U3EGtsdVBkR1w7KOQ5gIBqdH2hkvknzZPYvBxb/aa6E8L7tmjFtkwZBu3UXBbjIgPo/Ez4xaNg=="],
+
     "debug": ["debug@4.4.3", "", { "dependencies": { "ms": "^2.1.3" } }, "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA=="],
 
     "deep-is": ["deep-is@0.1.4", "", {}, "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ=="],
@@ -413,6 +448,8 @@
 
     "file-entry-cache": ["file-entry-cache@8.0.0", "", { "dependencies": { "flat-cache": "^4.0.0" } }, "sha512-XXTUwCvisa5oacNGRP9SfNtYBNAMi+RPwBFmblZEF7N7swHYQS6/Zfk7SRwx4D5j3CH211YNRco1DEMNVfZCnQ=="],
 
+    "file-selector": ["file-selector@2.1.2", "", { "dependencies": { "tslib": "^2.7.0" } }, "sha512-QgXo+mXTe8ljeqUFaX3QVHc5osSItJ/Km+xpocx0aSqWGMSCf6qYs/VnzZgS864Pjn5iceMRFigeAV7AfTlaig=="],
+
     "fill-range": ["fill-range@7.1.1", "", { "dependencies": { "to-regex-range": "^5.0.1" } }, "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg=="],
 
     "find-up": ["find-up@5.0.0", "", { "dependencies": { "locate-path": "^6.0.0", "path-exists": "^4.0.0" } }, "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng=="],
@@ -463,6 +500,8 @@
 
     "hasown": ["hasown@2.0.2", "", { "dependencies": { "function-bind": "^1.1.2" } }, "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ=="],
 
+    "iceberg-js": ["iceberg-js@0.8.1", "", {}, "sha512-1dhVQZXhcHje7798IVM+xoo/1ZdVfzOMIc8/rgVSijRK38EDqOJoGula9N/8ZI5RD8QTxNQtK/Gozpr+qUqRRA=="],
+
     "ignore": ["ignore@5.3.2", "", {}, "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g=="],
 
     "import-fresh": ["import-fresh@3.3.1", "", { "dependencies": { "parent-module": "^1.0.0", "resolve-from": "^4.0.0" } }, "sha512-TR3KfrTZTYLPB6jUjfx6MF9WcWrHL9su5TObK4ZkYgBdWKPOFoSoQIdEuTuR82pmtxH2spWG9h6etwfr1pLBqQ=="],
@@ -583,6 +622,8 @@
 
     "loose-envify": ["loose-envify@1.4.0", "", { "dependencies": { "js-tokens": "^3.0.0 || ^4.0.0" }, "bin": { "loose-envify": "cli.js" } }, "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q=="],
 
+    "lucide-react": ["lucide-react@1.6.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-YxLKVCOF5ZDI1AhKQE5IBYMY9y/Nr4NT15+7QEWpsTSVCdn4vmZhww+6BP76jWYjQx8rSz1Z+gGme1f+UycWEw=="],
+
     "magic-string": ["magic-string@0.30.21", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.5" } }, "sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ=="],
 
     "math-intrinsics": ["math-intrinsics@1.1.0", "", {}, "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g=="],
@@ -659,6 +700,8 @@
 
     "react-dom": ["react-dom@19.1.0", "", { "dependencies": { "scheduler": "^0.26.0" }, "peerDependencies": { "react": "^19.1.0" } }, "sha512-Xs1hdnE+DyKgeHJeJznQmYMIBG3TKIHJJT95Q58nHLSrElKlGQqDTR2HQ9fx5CN/Gk6Vh/kupBTDLU11/nDk/g=="],
 
+    "react-dropzone": ["react-dropzone@15.0.0", "", { "dependencies": { "attr-accept": "^2.2.4", "file-selector": "^2.1.0", "prop-types": "^15.8.1" }, "peerDependencies": { "react": ">= 16.8 || 18.0.0" } }, "sha512-lGjYV/EoqEjEWPnmiSvH4v5IoIAwQM2W4Z1C0Q/Pw2xD0eVzKPS359BQTUMum+1fa0kH2nrKjuavmTPOGhpLPg=="],
+
     "react-is": ["react-is@16.13.1", "", {}, "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ=="],
 
     "reflect.getprototypeof": ["reflect.getprototypeof@1.0.10", "", { "dependencies": { "call-bind": "^1.0.8", "define-properties": "^1.2.1", "es-abstract": "^1.23.9", "es-errors": "^1.3.0", "es-object-atoms": "^1.0.0", "get-intrinsic": "^1.2.7", "get-proto": "^1.0.1", "which-builtin-type": "^1.2.1" } }, "sha512-00o4I+DVrefhv+nX0ulyi3biSHCPDe+yLv5o/p6d/UVlirijB8E16FtfwSAi4g3tcqrQ4lRAqQSoFEZJehYEcw=="],
@@ -705,6 +748,8 @@
 
     "side-channel-weakmap": ["side-channel-weakmap@1.0.2", "", { "dependencies": { "call-bound": "^1.0.2", "es-errors": "^1.3.0", "get-intrinsic": "^1.2.5", "object-inspect": "^1.13.3", "side-channel-map": "^1.0.1" } }, "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A=="],
 
+    "sonner": ["sonner@2.0.7", "", { "peerDependencies": { "react": "^18.0.0 || ^19.0.0 || ^19.0.0-rc", "react-dom": "^18.0.0 || ^19.0.0 || ^19.0.0-rc" } }, "sha512-W6ZN4p58k8aDKA4XPcx2hpIQXBRAgyiWVkYhT7CvK6D3iAu7xjvVyhQHg2/iaKJZ1XVJ4r7XuwGL+WGEK37i9w=="],
+
     "source-map-js": ["source-map-js@1.2.1", "", {}, "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA=="],
 
     "stable-hash": ["stable-hash@0.0.5", "", {}, "sha512-+L3ccpzibovGXFK+Ap/f8LOS0ahMrHTf3xu7mMLSpEGU0EO9ucaysSylKo9eRDFNhWve/y275iPmIZ4z39a9iA=="],
@@ -779,6 +824,8 @@
 
     "word-wrap": ["word-wrap@1.2.5", "", {}, "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA=="],
 
+    "ws": ["ws@8.20.0", "", { "peerDependencies": { "bufferutil": "^4.0.1", "utf-8-validate": ">=5.0.2" }, "optionalPeers": ["bufferutil", "utf-8-validate"] }, "sha512-sAt8BhgNbzCtgGbt2OxmpuryO63ZoDk/sqaB/znQm94T4fCEsy/yV+7CdC1kJhOU9lboAEU7R3kquuycDoibVA=="],
+
     "yocto-queue": ["yocto-queue@0.1.0", "", {}, "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q=="],
 
     "@eslint-community/eslint-utils/eslint-visitor-keys": ["eslint-visitor-keys@3.4.3", "", {}, "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag=="],

frontend/next-env.d.ts

@@ -0,0 +1,6 @@
+/// <reference types="next" />
+/// <reference types="next/image-types/global" />
+/// <reference path="./.next/types/routes.d.ts" />
+
+// NOTE: This file should not be edited
+// see https://nextjs.org/docs/app/api-reference/config/typescript for more information.

frontend/package.json

@@ -9,9 +9,16 @@
     "lint": "eslint"
   },
   "dependencies": {
+    "@supabase/ssr": "^0.9.0",
+    "@supabase/supabase-js": "^2.100.0",
+    "@tanstack/react-query": "^5.95.2",
+    "date-fns": "^4.1.0",
+    "lucide-react": "^1.6.0",
+    "next": "15.5.14",
     "react": "19.1.0",
     "react-dom": "19.1.0",
-    "next": "15.5.14"
+    "react-dropzone": "^15.0.0",
+    "sonner": "^2.0.7"
   },
   "devDependencies": {
     "typescript": "^5",

frontend/src/app/(app)/ai/extract/page.tsx

@@ -0,0 +1,142 @@
+"use client";
+
+import { useState } from "react";
+import { useQuery } from "@tanstack/react-query";
+import { useRouter } from "next/navigation";
+import { toast } from "sonner";
+import { Brain } from "lucide-react";
+import { api } from "@/lib/api";
+import type {
+  Case,
+  ExtractedDeadline,
+  ExtractionResponse,
+  PaginatedResponse,
+} from "@/lib/types";
+import { ExtractionForm } from "@/components/ai/ExtractionForm";
+import { ExtractionResults } from "@/components/ai/ExtractionResults";
+
+export default function AIExtractPage() {
+  const router = useRouter();
+  const [selectedCaseId, setSelectedCaseId] = useState("");
+  const [isExtracting, setIsExtracting] = useState(false);
+  const [isAdopting, setIsAdopting] = useState(false);
+  const [results, setResults] = useState<ExtractedDeadline[] | null>(null);
+
+  const { data: casesData } = useQuery({
+    queryKey: ["cases"],
+    queryFn: () => api.get<PaginatedResponse<Case>>("/api/cases"),
+  });
+
+  const cases = casesData?.data ?? [];
+
+  async function handleExtract(file: File | null, text: string) {
+    setIsExtracting(true);
+    setResults(null);
+
+    try {
+      let response: ExtractionResponse;
+
+      if (file) {
+        const formData = new FormData();
+        formData.append("file", file);
+        response = await api.postFormData<ExtractionResponse>(
+          "/api/ai/extract-deadlines",
+          formData,
+        );
+      } else {
+        response = await api.post<ExtractionResponse>(
+          "/api/ai/extract-deadlines",
+          { text },
+        );
+      }
+
+      setResults(response.deadlines);
+
+      if (response.count === 0) {
+        toast.info("Keine Fristen im Dokument gefunden.");
+      } else {
+        toast.success(`${response.count} Frist(en) erkannt.`);
+      }
+    } catch (err: unknown) {
+      const message =
+        err && typeof err === "object" && "error" in err
+          ? (err as { error: string }).error
+          : "Analyse fehlgeschlagen";
+      toast.error(message);
+    } finally {
+      setIsExtracting(false);
+    }
+  }
+
+  async function handleAdopt(deadlines: ExtractedDeadline[]) {
+    if (!selectedCaseId) return;
+    setIsAdopting(true);
+
+    try {
+      const promises = deadlines.map((d) =>
+        api.post(`/api/cases/${selectedCaseId}/deadlines`, {
+          title: d.title,
+          due_date: d.due_date ?? "",
+          source: "ai_extraction",
+          notes: [
+            d.rule_reference ? `Rechtsgrundlage: ${d.rule_reference}` : "",
+            d.source_quote ? `Quelle: "${d.source_quote}"` : "",
+            `Konfidenz: ${Math.round(d.confidence * 100)}%`,
+          ]
+            .filter(Boolean)
+            .join("\n"),
+        }),
+      );
+
+      await Promise.all(promises);
+      toast.success(
+        `${deadlines.length} Frist(en) erfolgreich uebernommen.`,
+      );
+      router.push(`/akten/${selectedCaseId}`);
+    } catch (err: unknown) {
+      const message =
+        err && typeof err === "object" && "error" in err
+          ? (err as { error: string }).error
+          : "Uebernahme fehlgeschlagen";
+      toast.error(message);
+    } finally {
+      setIsAdopting(false);
+    }
+  }
+
+  return (
+    <div className="mx-auto max-w-4xl">
+      <div className="mb-6 flex items-center gap-3">
+        <Brain className="h-5 w-5 text-neutral-500" />
+        <div>
+          <h1 className="text-lg font-semibold text-neutral-900">
+            AI Fristenanalyse
+          </h1>
+          <p className="text-sm text-neutral-500">
+            Fristen automatisch aus Dokumenten extrahieren
+          </p>
+        </div>
+      </div>
+
+      <div className="rounded-lg border border-neutral-200 bg-white p-6">
+        <ExtractionForm
+          cases={cases}
+          selectedCaseId={selectedCaseId}
+          onCaseChange={setSelectedCaseId}
+          onExtract={handleExtract}
+          isLoading={isExtracting}
+        />
+      </div>
+
+      {results !== null && (
+        <div className="mt-6 rounded-lg border border-neutral-200 bg-white p-6">
+          <ExtractionResults
+            deadlines={results}
+            onAdopt={handleAdopt}
+            isAdopting={isAdopting}
+          />
+        </div>
+      )}
+    </div>
+  );
+}

frontend/src/app/(app)/layout.tsx

@@ -0,0 +1,20 @@
+import { Sidebar } from "@/components/layout/Sidebar";
+import { Header } from "@/components/layout/Header";
+
+export const dynamic = "force-dynamic";
+
+export default function AppLayout({
+  children,
+}: {
+  children: React.ReactNode;
+}) {
+  return (
+    <div className="flex h-screen overflow-hidden bg-neutral-50">
+      <Sidebar />
+      <div className="flex flex-1 flex-col overflow-hidden">
+        <Header />
+        <main className="flex-1 overflow-y-auto p-6">{children}</main>
+      </div>
+    </div>
+  );
+}

frontend/src/app/(app)/page.tsx

@@ -0,0 +1,10 @@
+export default function DashboardPage() {
+  return (
+    <div>
+      <h1 className="text-lg font-semibold text-neutral-900">Dashboard</h1>
+      <p className="mt-1 text-sm text-neutral-500">
+        Willkommen bei KanzlAI
+      </p>
+    </div>
+  );
+}

frontend/src/app/(auth)/callback/page.tsx

@@ -0,0 +1,25 @@
+"use client";
+
+import { createClient } from "@/lib/supabase/client";
+import { useRouter } from "next/navigation";
+import { useEffect } from "react";
+
+export default function CallbackPage() {
+  const router = useRouter();
+  const supabase = createClient();
+
+  useEffect(() => {
+    supabase.auth.onAuthStateChange((event) => {
+      if (event === "SIGNED_IN") {
+        router.push("/");
+        router.refresh();
+      }
+    });
+  }, [router, supabase.auth]);
+
+  return (
+    <div className="flex min-h-screen items-center justify-center bg-neutral-50">
+      <p className="text-sm text-neutral-500">Authentifizierung...</p>
+    </div>
+  );
+}

frontend/src/app/(auth)/layout.tsx

@@ -0,0 +1,9 @@
+export const dynamic = "force-dynamic";
+
+export default function AuthLayout({
+  children,
+}: {
+  children: React.ReactNode;
+}) {
+  return <>{children}</>;
+}

frontend/src/app/(auth)/login/page.tsx

@@ -0,0 +1,189 @@
+"use client";
+
+import { createClient } from "@/lib/supabase/client";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+
+export default function LoginPage() {
+  const [email, setEmail] = useState("");
+  const [password, setPassword] = useState("");
+  const [mode, setMode] = useState<"password" | "magic">("password");
+  const [loading, setLoading] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+  const [magicSent, setMagicSent] = useState(false);
+  const router = useRouter();
+  const supabase = createClient();
+
+  async function handlePasswordLogin(e: React.FormEvent) {
+    e.preventDefault();
+    setLoading(true);
+    setError(null);
+
+    const { error } = await supabase.auth.signInWithPassword({
+      email,
+      password,
+    });
+
+    if (error) {
+      setError(error.message);
+      setLoading(false);
+      return;
+    }
+
+    router.push("/");
+    router.refresh();
+  }
+
+  async function handleMagicLink(e: React.FormEvent) {
+    e.preventDefault();
+    setLoading(true);
+    setError(null);
+
+    const { error } = await supabase.auth.signInWithOtp({
+      email,
+      options: {
+        emailRedirectTo: `${window.location.origin}/callback`,
+      },
+    });
+
+    if (error) {
+      setError(error.message);
+      setLoading(false);
+      return;
+    }
+
+    setMagicSent(true);
+    setLoading(false);
+  }
+
+  if (magicSent) {
+    return (
+      <div className="flex min-h-screen items-center justify-center bg-neutral-50">
+        <div className="w-full max-w-sm space-y-6 rounded-lg border border-neutral-200 bg-white p-8">
+          <div className="text-center">
+            <h1 className="text-lg font-semibold text-neutral-900">
+              Link gesendet
+            </h1>
+            <p className="mt-2 text-sm text-neutral-500">
+              Wir haben einen Login-Link an{" "}
+              <span className="font-medium text-neutral-700">{email}</span>{" "}
+              gesendet. Bitte pruefen Sie Ihren Posteingang.
+            </p>
+          </div>
+          <button
+            onClick={() => setMagicSent(false)}
+            className="w-full text-center text-sm text-neutral-500 hover:text-neutral-700"
+          >
+            Zurueck zum Login
+          </button>
+        </div>
+      </div>
+    );
+  }
+
+  return (
+    <div className="flex min-h-screen items-center justify-center bg-neutral-50">
+      <div className="w-full max-w-sm space-y-6 rounded-lg border border-neutral-200 bg-white p-8">
+        <div className="text-center">
+          <h1 className="text-lg font-semibold text-neutral-900">
+            KanzlAI
+          </h1>
+          <p className="mt-1 text-sm text-neutral-500">
+            Melden Sie sich an
+          </p>
+        </div>
+
+        <div className="flex rounded-md border border-neutral-200 bg-neutral-50 p-0.5">
+          <button
+            onClick={() => setMode("password")}
+            className={`flex-1 rounded-md px-3 py-1.5 text-sm font-medium transition-colors ${
+              mode === "password"
+                ? "bg-white text-neutral-900 shadow-sm"
+                : "text-neutral-500 hover:text-neutral-700"
+            }`}
+          >
+            Passwort
+          </button>
+          <button
+            onClick={() => setMode("magic")}
+            className={`flex-1 rounded-md px-3 py-1.5 text-sm font-medium transition-colors ${
+              mode === "magic"
+                ? "bg-white text-neutral-900 shadow-sm"
+                : "text-neutral-500 hover:text-neutral-700"
+            }`}
+          >
+            Magic Link
+          </button>
+        </div>
+
+        <form
+          onSubmit={mode === "password" ? handlePasswordLogin : handleMagicLink}
+          className="space-y-4"
+        >
+          <div>
+            <label
+              htmlFor="email"
+              className="block text-sm font-medium text-neutral-700"
+            >
+              E-Mail
+            </label>
+            <input
+              id="email"
+              type="email"
+              value={email}
+              onChange={(e) => setEmail(e.target.value)}
+              required
+              className="mt-1 block w-full rounded-md border border-neutral-300 px-3 py-2 text-sm placeholder-neutral-400 focus:border-neutral-900 focus:outline-none focus:ring-1 focus:ring-neutral-900"
+              placeholder="anwalt@kanzlei.de"
+            />
+          </div>
+
+          {mode === "password" && (
+            <div>
+              <label
+                htmlFor="password"
+                className="block text-sm font-medium text-neutral-700"
+              >
+                Passwort
+              </label>
+              <input
+                id="password"
+                type="password"
+                value={password}
+                onChange={(e) => setPassword(e.target.value)}
+                required
+                className="mt-1 block w-full rounded-md border border-neutral-300 px-3 py-2 text-sm placeholder-neutral-400 focus:border-neutral-900 focus:outline-none focus:ring-1 focus:ring-neutral-900"
+              />
+            </div>
+          )}
+
+          {error && (
+            <p className="text-sm text-red-600">{error}</p>
+          )}
+
+          <button
+            type="submit"
+            disabled={loading}
+            className="w-full rounded-md bg-neutral-900 px-4 py-2 text-sm font-medium text-white hover:bg-neutral-800 focus:outline-none focus:ring-2 focus:ring-neutral-900 focus:ring-offset-2 disabled:opacity-50"
+          >
+            {loading
+              ? "..."
+              : mode === "password"
+                ? "Anmelden"
+                : "Link senden"}
+          </button>
+        </form>
+
+        <p className="text-center text-sm text-neutral-500">
+          Noch kein Konto?{" "}
+          <a
+            href="/register"
+            className="font-medium text-neutral-900 hover:underline"
+          >
+            Registrieren
+          </a>
+        </p>
+      </div>
+    </div>
+  );
+}

frontend/src/app/(auth)/register/page.tsx

@@ -0,0 +1,151 @@
+"use client";
+
+import { createClient } from "@/lib/supabase/client";
+import { api } from "@/lib/api";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+
+export default function RegisterPage() {
+  const [email, setEmail] = useState("");
+  const [password, setPassword] = useState("");
+  const [firmName, setFirmName] = useState("");
+  const [loading, setLoading] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+  const router = useRouter();
+  const supabase = createClient();
+
+  async function handleRegister(e: React.FormEvent) {
+    e.preventDefault();
+    setLoading(true);
+    setError(null);
+
+    // 1. Create auth user
+    const { data, error: authError } = await supabase.auth.signUp({
+      email,
+      password,
+      options: {
+        emailRedirectTo: `${window.location.origin}/callback`,
+      },
+    });
+
+    if (authError) {
+      setError(authError.message);
+      setLoading(false);
+      return;
+    }
+
+    // 2. Create tenant via backend (the backend adds the user as owner)
+    if (data.session) {
+      try {
+        await api.post("/tenants", { name: firmName });
+      } catch (err: unknown) {
+        const apiErr = err as { error?: string };
+        setError(apiErr.error || "Kanzlei konnte nicht erstellt werden");
+        setLoading(false);
+        return;
+      }
+
+      router.push("/");
+      router.refresh();
+    } else {
+      // Email confirmation required
+      router.push("/login");
+    }
+
+    setLoading(false);
+  }
+
+  return (
+    <div className="flex min-h-screen items-center justify-center bg-neutral-50">
+      <div className="w-full max-w-sm space-y-6 rounded-lg border border-neutral-200 bg-white p-8">
+        <div className="text-center">
+          <h1 className="text-lg font-semibold text-neutral-900">
+            KanzlAI
+          </h1>
+          <p className="mt-1 text-sm text-neutral-500">
+            Erstellen Sie Ihr Konto
+          </p>
+        </div>
+
+        <form onSubmit={handleRegister} className="space-y-4">
+          <div>
+            <label
+              htmlFor="firm"
+              className="block text-sm font-medium text-neutral-700"
+            >
+              Kanzleiname
+            </label>
+            <input
+              id="firm"
+              type="text"
+              value={firmName}
+              onChange={(e) => setFirmName(e.target.value)}
+              required
+              className="mt-1 block w-full rounded-md border border-neutral-300 px-3 py-2 text-sm placeholder-neutral-400 focus:border-neutral-900 focus:outline-none focus:ring-1 focus:ring-neutral-900"
+              placeholder="Muster & Partner Rechtsanwaelte"
+            />
+          </div>
+
+          <div>
+            <label
+              htmlFor="email"
+              className="block text-sm font-medium text-neutral-700"
+            >
+              E-Mail
+            </label>
+            <input
+              id="email"
+              type="email"
+              value={email}
+              onChange={(e) => setEmail(e.target.value)}
+              required
+              className="mt-1 block w-full rounded-md border border-neutral-300 px-3 py-2 text-sm placeholder-neutral-400 focus:border-neutral-900 focus:outline-none focus:ring-1 focus:ring-neutral-900"
+              placeholder="anwalt@kanzlei.de"
+            />
+          </div>
+
+          <div>
+            <label
+              htmlFor="password"
+              className="block text-sm font-medium text-neutral-700"
+            >
+              Passwort
+            </label>
+            <input
+              id="password"
+              type="password"
+              value={password}
+              onChange={(e) => setPassword(e.target.value)}
+              required
+              minLength={8}
+              className="mt-1 block w-full rounded-md border border-neutral-300 px-3 py-2 text-sm placeholder-neutral-400 focus:border-neutral-900 focus:outline-none focus:ring-1 focus:ring-neutral-900"
+            />
+            <p className="mt-1 text-xs text-neutral-400">Mindestens 8 Zeichen</p>
+          </div>
+
+          {error && (
+            <p className="text-sm text-red-600">{error}</p>
+          )}
+
+          <button
+            type="submit"
+            disabled={loading}
+            className="w-full rounded-md bg-neutral-900 px-4 py-2 text-sm font-medium text-white hover:bg-neutral-800 focus:outline-none focus:ring-2 focus:ring-neutral-900 focus:ring-offset-2 disabled:opacity-50"
+          >
+            {loading ? "..." : "Konto erstellen"}
+          </button>
+        </form>
+
+        <p className="text-center text-sm text-neutral-500">
+          Bereits registriert?{" "}
+          <a
+            href="/login"
+            className="font-medium text-neutral-900 hover:underline"
+          >
+            Anmelden
+          </a>
+        </p>
+      </div>
+    </div>
+  );
+}

frontend/src/app/globals.css

@@ -1,26 +1,11 @@
 @import "tailwindcss";
 
-:root {
-  --background: #ffffff;
-  --foreground: #171717;
-}
-
 @theme inline {
-  --color-background: var(--background);
-  --color-foreground: var(--foreground);
   --font-sans: var(--font-geist-sans);
   --font-mono: var(--font-geist-mono);
 }
 
-@media (prefers-color-scheme: dark) {
-  :root {
-    --background: #0a0a0a;
-    --foreground: #ededed;
-  }
-}
-
 body {
-  background: var(--background);
-  color: var(--foreground);
-  font-family: Arial, Helvetica, sans-serif;
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
 }

frontend/src/app/layout.tsx

@@ -1,5 +1,6 @@
 import type { Metadata } from "next";
 import { Geist, Geist_Mono } from "next/font/google";
+import { Providers } from "@/components/Providers";
 import "./globals.css";
 
 const geistSans = Geist({
@@ -13,7 +14,7 @@ const geistMono = Geist_Mono({
 });
 
 export const metadata: Metadata = {
-  title: "KanzlAI-mGMT",
+  title: "KanzlAI",
   description: "Kanzleimanagement online",
 };
 
@@ -23,11 +24,11 @@ export default function RootLayout({
   children: React.ReactNode;
 }>) {
   return (
-    <html lang="en">
+    <html lang="de">
       <body
-        className={`${geistSans.variable} ${geistMono.variable} antialiased`}
+        className={`${geistSans.variable} ${geistMono.variable} font-sans antialiased`}
       >
-        {children}
+        <Providers>{children}</Providers>
       </body>
     </html>
   );

frontend/src/app/page.tsx

@@ -1,7 +0,0 @@
-export default function Home() {
-  return (
-    <main className="flex min-h-screen items-center justify-center">
-      <h1 className="text-4xl font-bold">KanzlAI-mGMT</h1>
-    </main>
-  );
-}

frontend/src/components/Providers.tsx

@@ -0,0 +1,26 @@
+"use client";
+
+import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
+import { Toaster } from "sonner";
+import { useState } from "react";
+
+export function Providers({ children }: { children: React.ReactNode }) {
+  const [queryClient] = useState(
+    () =>
+      new QueryClient({
+        defaultOptions: {
+          queries: {
+            staleTime: 30 * 1000,
+            retry: 1,
+          },
+        },
+      }),
+  );
+
+  return (
+    <QueryClientProvider client={queryClient}>
+      {children}
+      <Toaster position="bottom-right" richColors />
+    </QueryClientProvider>
+  );
+}

frontend/src/components/ai/ExtractionForm.tsx

@@ -0,0 +1,169 @@
+"use client";
+
+import { useCallback, useState } from "react";
+import { useDropzone } from "react-dropzone";
+import { Upload, FileText, X, Loader2 } from "lucide-react";
+import type { Case } from "@/lib/types";
+
+interface ExtractionFormProps {
+  cases: Case[];
+  selectedCaseId: string;
+  onCaseChange: (caseId: string) => void;
+  onExtract: (file: File | null, text: string) => void;
+  isLoading: boolean;
+}
+
+export function ExtractionForm({
+  cases,
+  selectedCaseId,
+  onCaseChange,
+  onExtract,
+  isLoading,
+}: ExtractionFormProps) {
+  const [file, setFile] = useState<File | null>(null);
+  const [text, setText] = useState("");
+
+  const onDrop = useCallback((acceptedFiles: File[]) => {
+    if (acceptedFiles.length > 0) {
+      setFile(acceptedFiles[0]);
+      setText("");
+    }
+  }, []);
+
+  const { getRootProps, getInputProps, isDragActive } = useDropzone({
+    onDrop,
+    accept: { "application/pdf": [".pdf"] },
+    maxFiles: 1,
+    disabled: isLoading,
+  });
+
+  function removeFile() {
+    setFile(null);
+  }
+
+  function handleSubmit(e: React.FormEvent) {
+    e.preventDefault();
+    if (!selectedCaseId || (!file && !text.trim())) return;
+    onExtract(file, text.trim());
+  }
+
+  const hasInput = file !== null || text.trim().length > 0;
+
+  return (
+    <form onSubmit={handleSubmit} className="space-y-5">
+      {/* Case selector */}
+      <div>
+        <label
+          htmlFor="case-select"
+          className="mb-1.5 block text-sm font-medium text-neutral-700"
+        >
+          Akte
+        </label>
+        <select
+          id="case-select"
+          value={selectedCaseId}
+          onChange={(e) => onCaseChange(e.target.value)}
+          className="w-full rounded-md border border-neutral-300 bg-white px-3 py-2 text-sm text-neutral-900 focus:border-neutral-500 focus:outline-none focus:ring-1 focus:ring-neutral-500"
+          disabled={isLoading}
+        >
+          <option value="">Akte auswaehlen...</option>
+          {cases.map((c) => (
+            <option key={c.id} value={c.id}>
+              {c.case_number} - {c.title}
+            </option>
+          ))}
+        </select>
+      </div>
+
+      {/* PDF dropzone */}
+      <div>
+        <label className="mb-1.5 block text-sm font-medium text-neutral-700">
+          PDF hochladen
+        </label>
+        {file ? (
+          <div className="flex items-center gap-3 rounded-md border border-neutral-200 bg-neutral-50 px-4 py-3">
+            <FileText className="h-5 w-5 shrink-0 text-neutral-500" />
+            <div className="min-w-0 flex-1">
+              <p className="truncate text-sm font-medium text-neutral-900">
+                {file.name}
+              </p>
+              <p className="text-xs text-neutral-500">
+                {(file.size / 1024).toFixed(0)} KB
+              </p>
+            </div>
+            <button
+              type="button"
+              onClick={removeFile}
+              disabled={isLoading}
+              className="rounded p-1 text-neutral-400 hover:bg-neutral-200 hover:text-neutral-600"
+            >
+              <X className="h-4 w-4" />
+            </button>
+          </div>
+        ) : (
+          <div
+            {...getRootProps()}
+            className={`cursor-pointer rounded-md border-2 border-dashed px-6 py-8 text-center transition-colors ${
+              isDragActive
+                ? "border-neutral-500 bg-neutral-50"
+                : "border-neutral-300 hover:border-neutral-400"
+            } ${isLoading ? "pointer-events-none opacity-50" : ""}`}
+          >
+            <input {...getInputProps()} />
+            <Upload className="mx-auto h-8 w-8 text-neutral-400" />
+            <p className="mt-2 text-sm text-neutral-600">
+              PDF hierher ziehen oder{" "}
+              <span className="font-medium text-neutral-900">durchsuchen</span>
+            </p>
+            <p className="mt-1 text-xs text-neutral-400">Nur PDF-Dateien</p>
+          </div>
+        )}
+      </div>
+
+      {/* Divider */}
+      <div className="flex items-center gap-3">
+        <div className="h-px flex-1 bg-neutral-200" />
+        <span className="text-xs text-neutral-400">oder</span>
+        <div className="h-px flex-1 bg-neutral-200" />
+      </div>
+
+      {/* Text input */}
+      <div>
+        <label
+          htmlFor="text-input"
+          className="mb-1.5 block text-sm font-medium text-neutral-700"
+        >
+          Text eingeben
+        </label>
+        <textarea
+          id="text-input"
+          value={text}
+          onChange={(e) => {
+            setText(e.target.value);
+            if (e.target.value.trim()) setFile(null);
+          }}
+          placeholder="Gerichtsschriftsatz, Beschluss oder sonstigen Text hier einfuegen..."
+          rows={6}
+          disabled={isLoading}
+          className="w-full rounded-md border border-neutral-300 px-3 py-2 text-sm text-neutral-900 placeholder:text-neutral-400 focus:border-neutral-500 focus:outline-none focus:ring-1 focus:ring-neutral-500 disabled:opacity-50"
+        />
+      </div>
+
+      {/* Submit */}
+      <button
+        type="submit"
+        disabled={isLoading || !hasInput || !selectedCaseId}
+        className="inline-flex items-center gap-2 rounded-md bg-neutral-900 px-4 py-2 text-sm font-medium text-white transition-colors hover:bg-neutral-800 disabled:cursor-not-allowed disabled:opacity-50"
+      >
+        {isLoading ? (
+          <>
+            <Loader2 className="h-4 w-4 animate-spin" />
+            Analysiere...
+          </>
+        ) : (
+          "Analysieren"
+        )}
+      </button>
+    </form>
+  );
+}

frontend/src/components/ai/ExtractionResults.tsx

@@ -0,0 +1,238 @@
+"use client";
+
+import { useState } from "react";
+import { Trash2, Check, Pencil, X, Loader2 } from "lucide-react";
+import type { ExtractedDeadline } from "@/lib/types";
+
+interface ExtractionResultsProps {
+  deadlines: ExtractedDeadline[];
+  onAdopt: (deadlines: ExtractedDeadline[]) => void;
+  isAdopting: boolean;
+}
+
+function confidenceColor(confidence: number): string {
+  if (confidence >= 0.8) return "bg-green-100 text-green-800";
+  if (confidence >= 0.5) return "bg-yellow-100 text-yellow-800";
+  return "bg-red-100 text-red-800";
+}
+
+function confidenceLabel(confidence: number): string {
+  if (confidence >= 0.8) return "Hoch";
+  if (confidence >= 0.5) return "Mittel";
+  return "Niedrig";
+}
+
+export function ExtractionResults({
+  deadlines: initialDeadlines,
+  onAdopt,
+  isAdopting,
+}: ExtractionResultsProps) {
+  const [deadlines, setDeadlines] = useState(initialDeadlines);
+  const [editingIndex, setEditingIndex] = useState<number | null>(null);
+  const [editForm, setEditForm] = useState<ExtractedDeadline | null>(null);
+
+  function removeDeadline(index: number) {
+    setDeadlines((prev) => prev.filter((_, i) => i !== index));
+  }
+
+  function startEdit(index: number) {
+    setEditingIndex(index);
+    setEditForm({ ...deadlines[index] });
+  }
+
+  function cancelEdit() {
+    setEditingIndex(null);
+    setEditForm(null);
+  }
+
+  function saveEdit() {
+    if (editingIndex === null || !editForm) return;
+    setDeadlines((prev) =>
+      prev.map((d, i) => (i === editingIndex ? editForm : d)),
+    );
+    setEditingIndex(null);
+    setEditForm(null);
+  }
+
+  if (deadlines.length === 0) {
+    return (
+      <div className="rounded-md border border-neutral-200 bg-neutral-50 p-6 text-center">
+        <p className="text-sm text-neutral-500">
+          Keine Fristen gefunden. Alle extrahierten Fristen wurden entfernt.
+        </p>
+      </div>
+    );
+  }
+
+  return (
+    <div className="space-y-4">
+      <div className="flex items-center justify-between">
+        <h3 className="text-sm font-medium text-neutral-900">
+          {deadlines.length} Frist{deadlines.length !== 1 ? "en" : ""} erkannt
+        </h3>
+        <button
+          onClick={() => onAdopt(deadlines)}
+          disabled={isAdopting || deadlines.length === 0}
+          className="inline-flex items-center gap-2 rounded-md bg-neutral-900 px-4 py-2 text-sm font-medium text-white transition-colors hover:bg-neutral-800 disabled:cursor-not-allowed disabled:opacity-50"
+        >
+          {isAdopting ? (
+            <>
+              <Loader2 className="h-4 w-4 animate-spin" />
+              Uebernehme...
+            </>
+          ) : (
+            <>
+              <Check className="h-4 w-4" />
+              Fristen uebernehmen
+            </>
+          )}
+        </button>
+      </div>
+
+      <div className="overflow-hidden rounded-md border border-neutral-200">
+        <table className="w-full text-sm">
+          <thead>
+            <tr className="border-b border-neutral-200 bg-neutral-50">
+              <th className="px-4 py-2.5 text-left font-medium text-neutral-700">
+                Frist
+              </th>
+              <th className="px-4 py-2.5 text-left font-medium text-neutral-700">
+                Faelligkeitsdatum
+              </th>
+              <th className="px-4 py-2.5 text-left font-medium text-neutral-700">
+                Rechtsgrundlage
+              </th>
+              <th className="px-4 py-2.5 text-left font-medium text-neutral-700">
+                Konfidenz
+              </th>
+              <th className="px-4 py-2.5 text-left font-medium text-neutral-700">
+                Quellenangabe
+              </th>
+              <th className="px-4 py-2.5 text-right font-medium text-neutral-700">
+                Aktionen
+              </th>
+            </tr>
+          </thead>
+          <tbody>
+            {deadlines.map((d, i) => (
+              <tr
+                key={i}
+                className="border-b border-neutral-100 last:border-b-0"
+              >
+                {editingIndex === i && editForm ? (
+                  <>
+                    <td className="px-4 py-2">
+                      <input
+                        value={editForm.title}
+                        onChange={(e) =>
+                          setEditForm({ ...editForm, title: e.target.value })
+                        }
+                        className="w-full rounded border border-neutral-300 px-2 py-1 text-sm"
+                      />
+                    </td>
+                    <td className="px-4 py-2">
+                      <input
+                        type="date"
+                        value={editForm.due_date ?? ""}
+                        onChange={(e) =>
+                          setEditForm({
+                            ...editForm,
+                            due_date: e.target.value || null,
+                          })
+                        }
+                        className="rounded border border-neutral-300 px-2 py-1 text-sm"
+                      />
+                    </td>
+                    <td className="px-4 py-2">
+                      <input
+                        value={editForm.rule_reference}
+                        onChange={(e) =>
+                          setEditForm({
+                            ...editForm,
+                            rule_reference: e.target.value,
+                          })
+                        }
+                        className="w-full rounded border border-neutral-300 px-2 py-1 text-sm"
+                      />
+                    </td>
+                    <td className="px-4 py-2">
+                      <span
+                        className={`inline-block rounded-full px-2 py-0.5 text-xs font-medium ${confidenceColor(editForm.confidence)}`}
+                      >
+                        {confidenceLabel(editForm.confidence)}
+                      </span>
+                    </td>
+                    <td className="px-4 py-2 text-xs text-neutral-500">
+                      {editForm.source_quote}
+                    </td>
+                    <td className="px-4 py-2 text-right">
+                      <div className="flex items-center justify-end gap-1">
+                        <button
+                          onClick={saveEdit}
+                          className="rounded p-1 text-green-600 hover:bg-green-50"
+                          title="Speichern"
+                        >
+                          <Check className="h-4 w-4" />
+                        </button>
+                        <button
+                          onClick={cancelEdit}
+                          className="rounded p-1 text-neutral-400 hover:bg-neutral-100"
+                          title="Abbrechen"
+                        >
+                          <X className="h-4 w-4" />
+                        </button>
+                      </div>
+                    </td>
+                  </>
+                ) : (
+                  <>
+                    <td className="px-4 py-2.5 font-medium text-neutral-900">
+                      {d.title}
+                    </td>
+                    <td className="px-4 py-2.5 text-neutral-700">
+                      {d.due_date
+                        ? new Date(d.due_date).toLocaleDateString("de-DE")
+                        : `${d.duration_value} ${d.duration_unit}`}
+                    </td>
+                    <td className="px-4 py-2.5 text-neutral-600">
+                      {d.rule_reference || "-"}
+                    </td>
+                    <td className="px-4 py-2.5">
+                      <span
+                        className={`inline-block rounded-full px-2 py-0.5 text-xs font-medium ${confidenceColor(d.confidence)}`}
+                      >
+                        {confidenceLabel(d.confidence)}{" "}
+                        {Math.round(d.confidence * 100)}%
+                      </span>
+                    </td>
+                    <td className="max-w-48 truncate px-4 py-2.5 text-xs text-neutral-500">
+                      {d.source_quote || "-"}
+                    </td>
+                    <td className="px-4 py-2.5 text-right">
+                      <div className="flex items-center justify-end gap-1">
+                        <button
+                          onClick={() => startEdit(i)}
+                          className="rounded p-1 text-neutral-400 hover:bg-neutral-100 hover:text-neutral-600"
+                          title="Bearbeiten"
+                        >
+                          <Pencil className="h-3.5 w-3.5" />
+                        </button>
+                        <button
+                          onClick={() => removeDeadline(i)}
+                          className="rounded p-1 text-neutral-400 hover:bg-red-50 hover:text-red-600"
+                          title="Entfernen"
+                        >
+                          <Trash2 className="h-3.5 w-3.5" />
+                        </button>
+                      </div>
+                    </td>
+                  </>
+                )}
+              </tr>
+            ))}
+          </tbody>
+        </table>
+      </div>
+    </div>
+  );
+}

frontend/src/components/layout/Header.tsx

@@ -0,0 +1,44 @@
+"use client";
+
+import { createClient } from "@/lib/supabase/client";
+import { TenantSwitcher } from "./TenantSwitcher";
+import { LogOut } from "lucide-react";
+import { useRouter } from "next/navigation";
+import { useEffect, useState } from "react";
+
+export function Header() {
+  const [email, setEmail] = useState<string | null>(null);
+  const router = useRouter();
+  const supabase = createClient();
+
+  useEffect(() => {
+    supabase.auth.getUser().then(({ data: { user } }) => {
+      setEmail(user?.email ?? null);
+    });
+  }, [supabase.auth]);
+
+  async function handleLogout() {
+    await supabase.auth.signOut();
+    router.push("/login");
+    router.refresh();
+  }
+
+  return (
+    <header className="flex h-14 items-center justify-between border-b border-neutral-200 bg-white px-4">
+      <div />
+      <div className="flex items-center gap-3">
+        <TenantSwitcher />
+        {email && (
+          <span className="text-sm text-neutral-500">{email}</span>
+        )}
+        <button
+          onClick={handleLogout}
+          title="Abmelden"
+          className="rounded-md p-1.5 text-neutral-400 hover:bg-neutral-100 hover:text-neutral-600"
+        >
+          <LogOut className="h-4 w-4" />
+        </button>
+      </div>
+    </header>
+  );
+}

frontend/src/components/layout/Sidebar.tsx

@@ -0,0 +1,55 @@
+"use client";
+
+import Link from "next/link";
+import { usePathname } from "next/navigation";
+import {
+  LayoutDashboard,
+  FolderOpen,
+  Clock,
+  Calendar,
+  Brain,
+  Settings,
+} from "lucide-react";
+
+const navigation = [
+  { name: "Dashboard", href: "/", icon: LayoutDashboard },
+  { name: "Akten", href: "/akten", icon: FolderOpen },
+  { name: "Fristen", href: "/fristen", icon: Clock },
+  { name: "Termine", href: "/termine", icon: Calendar },
+  { name: "AI Analyse", href: "/ai/extract", icon: Brain },
+  { name: "Einstellungen", href: "/einstellungen", icon: Settings },
+];
+
+export function Sidebar() {
+  const pathname = usePathname();
+
+  return (
+    <aside className="flex h-full w-56 flex-col border-r border-neutral-200 bg-white">
+      <div className="flex h-14 items-center border-b border-neutral-200 px-4">
+        <span className="text-sm font-semibold text-neutral-900">KanzlAI</span>
+      </div>
+      <nav className="flex-1 space-y-0.5 p-2">
+        {navigation.map((item) => {
+          const isActive =
+            item.href === "/"
+              ? pathname === "/"
+              : pathname.startsWith(item.href);
+          return (
+            <Link
+              key={item.href}
+              href={item.href}
+              className={`flex items-center gap-2.5 rounded-md px-2.5 py-1.5 text-sm transition-colors ${
+                isActive
+                  ? "bg-neutral-100 font-medium text-neutral-900"
+                  : "text-neutral-600 hover:bg-neutral-50 hover:text-neutral-900"
+              }`}
+            >
+              <item.icon className="h-4 w-4 shrink-0" />
+              {item.name}
+            </Link>
+          );
+        })}
+      </nav>
+    </aside>
+  );
+}

frontend/src/components/layout/TenantSwitcher.tsx

@@ -0,0 +1,79 @@
+"use client";
+
+import { api } from "@/lib/api";
+import type { TenantWithRole } from "@/lib/types";
+import { ChevronsUpDown } from "lucide-react";
+import { useEffect, useRef, useState } from "react";
+
+export function TenantSwitcher() {
+  const [tenants, setTenants] = useState<TenantWithRole[]>([]);
+  const [current, setCurrent] = useState<TenantWithRole | null>(null);
+  const [open, setOpen] = useState(false);
+  const ref = useRef<HTMLDivElement>(null);
+
+  useEffect(() => {
+    api.get<TenantWithRole[]>("/tenants").then((data) => {
+      setTenants(data);
+      const savedId = localStorage.getItem("kanzlai_tenant_id");
+      const match = data.find((t) => t.id === savedId) || data[0];
+      if (match) {
+        setCurrent(match);
+        localStorage.setItem("kanzlai_tenant_id", match.id);
+      }
+    }).catch(() => {
+      // Not authenticated or no tenants
+    });
+  }, []);
+
+  useEffect(() => {
+    function handleClick(e: MouseEvent) {
+      if (ref.current && !ref.current.contains(e.target as Node)) {
+        setOpen(false);
+      }
+    }
+    document.addEventListener("mousedown", handleClick);
+    return () => document.removeEventListener("mousedown", handleClick);
+  }, []);
+
+  function switchTenant(tenant: TenantWithRole) {
+    setCurrent(tenant);
+    localStorage.setItem("kanzlai_tenant_id", tenant.id);
+    setOpen(false);
+    window.location.reload();
+  }
+
+  if (!current) return null;
+
+  return (
+    <div ref={ref} className="relative">
+      <button
+        onClick={() => setOpen(!open)}
+        className="flex items-center gap-1.5 rounded-md border border-neutral-200 bg-white px-2.5 py-1.5 text-sm text-neutral-700 hover:bg-neutral-50"
+      >
+        <span className="max-w-[160px] truncate">{current.name}</span>
+        <ChevronsUpDown className="h-3.5 w-3.5 text-neutral-400" />
+      </button>
+
+      {open && tenants.length > 1 && (
+        <div className="absolute right-0 top-full z-50 mt-1 w-56 rounded-md border border-neutral-200 bg-white py-1 shadow-lg">
+          {tenants.map((tenant) => (
+            <button
+              key={tenant.id}
+              onClick={() => switchTenant(tenant)}
+              className={`flex w-full items-center px-3 py-1.5 text-left text-sm transition-colors ${
+                tenant.id === current.id
+                  ? "bg-neutral-50 font-medium text-neutral-900"
+                  : "text-neutral-600 hover:bg-neutral-50"
+              }`}
+            >
+              <span className="truncate">{tenant.name}</span>
+              <span className="ml-auto text-xs text-neutral-400">
+                {tenant.role}
+              </span>
+            </button>
+          ))}
+        </div>
+      )}
+    </div>
+  );
+}

frontend/src/lib/api.ts

@@ -0,0 +1,112 @@
+import { createClient } from "@/lib/supabase/client";
+import type { ApiError } from "@/lib/types";
+
+class ApiClient {
+  private baseUrl = "/api";
+
+  private async getHeaders(): Promise<HeadersInit> {
+    const supabase = createClient();
+    const {
+      data: { session },
+    } = await supabase.auth.getSession();
+
+    const headers: HeadersInit = {
+      "Content-Type": "application/json",
+    };
+
+    if (session?.access_token) {
+      headers["Authorization"] = `Bearer ${session.access_token}`;
+    }
+
+    const tenantId = typeof window !== "undefined"
+      ? localStorage.getItem("kanzlai_tenant_id")
+      : null;
+    if (tenantId) {
+      headers["X-Tenant-ID"] = tenantId;
+    }
+
+    return headers;
+  }
+
+  private async request<T>(
+    path: string,
+    options: RequestInit = {},
+  ): Promise<T> {
+    const headers = await this.getHeaders();
+    const res = await fetch(`${this.baseUrl}${path}`, {
+      ...options,
+      headers: { ...headers, ...options.headers },
+    });
+
+    if (!res.ok) {
+      const body = await res.json().catch(() => ({}));
+      const err: ApiError = {
+        error: body.error || res.statusText,
+        status: res.status,
+      };
+      throw err;
+    }
+
+    if (res.status === 204) return undefined as T;
+    return res.json();
+  }
+
+  get<T>(path: string) {
+    return this.request<T>(path, { method: "GET" });
+  }
+
+  post<T>(path: string, body?: unknown) {
+    return this.request<T>(path, {
+      method: "POST",
+      body: body ? JSON.stringify(body) : undefined,
+    });
+  }
+
+  put<T>(path: string, body?: unknown) {
+    return this.request<T>(path, {
+      method: "PUT",
+      body: body ? JSON.stringify(body) : undefined,
+    });
+  }
+
+  delete<T>(path: string) {
+    return this.request<T>(path, { method: "DELETE" });
+  }
+
+  async postFormData<T>(path: string, formData: FormData): Promise<T> {
+    const supabase = createClient();
+    const {
+      data: { session },
+    } = await supabase.auth.getSession();
+
+    const headers: HeadersInit = {};
+    if (session?.access_token) {
+      headers["Authorization"] = `Bearer ${session.access_token}`;
+    }
+    const tenantId = typeof window !== "undefined"
+      ? localStorage.getItem("kanzlai_tenant_id")
+      : null;
+    if (tenantId) {
+      headers["X-Tenant-ID"] = tenantId;
+    }
+
+    const res = await fetch(`${this.baseUrl}${path}`, {
+      method: "POST",
+      headers,
+      body: formData,
+    });
+
+    if (!res.ok) {
+      const body = await res.json().catch(() => ({}));
+      const err: ApiError = {
+        error: body.error || res.statusText,
+        status: res.status,
+      };
+      throw err;
+    }
+
+    return res.json();
+  }
+}
+
+export const api = new ApiClient();

frontend/src/lib/supabase/client.ts

@@ -0,0 +1,8 @@
+import { createBrowserClient } from "@supabase/ssr";
+
+export function createClient() {
+  return createBrowserClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL!,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+  );
+}

frontend/src/lib/supabase/server.ts

@@ -0,0 +1,29 @@
+import { createServerClient } from "@supabase/ssr";
+import { cookies } from "next/headers";
+
+export async function createClient() {
+  const cookieStore = await cookies();
+
+  return createServerClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL!,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+    {
+      cookies: {
+        getAll() {
+          return cookieStore.getAll();
+        },
+        setAll(cookiesToSet) {
+          try {
+            cookiesToSet.forEach(({ name, value, options }) =>
+              cookieStore.set(name, value, options),
+            );
+          } catch {
+            // setAll is called from Server Components where cookies
+            // cannot be set. This is safe to ignore when middleware
+            // handles the session refresh.
+          }
+        },
+      },
+    },
+  );
+}

frontend/src/lib/types.ts

@@ -0,0 +1,134 @@
+export interface Tenant {
+  id: string;
+  name: string;
+  slug: string;
+  settings: Record<string, unknown>;
+  created_at: string;
+  updated_at: string;
+}
+
+export interface TenantWithRole extends Tenant {
+  role: string;
+}
+
+export interface UserTenant {
+  user_id: string;
+  tenant_id: string;
+  role: string;
+  created_at: string;
+}
+
+export interface Case {
+  id: string;
+  tenant_id: string;
+  case_number: string;
+  title: string;
+  case_type?: string;
+  court?: string;
+  court_ref?: string;
+  status: string;
+  ai_summary?: string;
+  metadata: Record<string, unknown>;
+  created_at: string;
+  updated_at: string;
+}
+
+export interface Party {
+  id: string;
+  tenant_id: string;
+  case_id: string;
+  name: string;
+  role?: string;
+  representative?: string;
+  contact_info: Record<string, unknown>;
+}
+
+export interface Deadline {
+  id: string;
+  tenant_id: string;
+  case_id: string;
+  title: string;
+  description?: string;
+  due_date: string;
+  original_due_date?: string;
+  warning_date?: string;
+  source: string;
+  rule_id?: string;
+  status: string;
+  completed_at?: string;
+  notes?: string;
+  created_at: string;
+  updated_at: string;
+}
+
+export interface Appointment {
+  id: string;
+  tenant_id: string;
+  case_id?: string;
+  title: string;
+  description?: string;
+  start_at: string;
+  end_at?: string;
+  location?: string;
+  appointment_type?: string;
+  created_at: string;
+  updated_at: string;
+}
+
+export interface CaseEvent {
+  id: string;
+  tenant_id: string;
+  case_id: string;
+  event_type?: string;
+  title: string;
+  description?: string;
+  event_date?: string;
+  created_by?: string;
+  metadata: Record<string, unknown>;
+  created_at: string;
+  updated_at: string;
+}
+
+export interface Document {
+  id: string;
+  tenant_id: string;
+  case_id: string;
+  title: string;
+  doc_type?: string;
+  file_path?: string;
+  file_size?: number;
+  mime_type?: string;
+  ai_extracted?: Record<string, unknown>;
+  uploaded_by?: string;
+  created_at: string;
+  updated_at: string;
+}
+
+export interface ExtractedDeadline {
+  title: string;
+  due_date: string | null;
+  duration_value: number;
+  duration_unit: string;
+  timing: string;
+  trigger_event: string;
+  rule_reference: string;
+  confidence: number;
+  source_quote: string;
+}
+
+export interface ExtractionResponse {
+  deadlines: ExtractedDeadline[];
+  count: number;
+}
+
+export interface ApiError {
+  error: string;
+  status: number;
+}
+
+export interface PaginatedResponse<T> {
+  data: T[];
+  total: number;
+  page: number;
+  per_page: number;
+}

frontend/src/middleware.ts

@@ -0,0 +1,60 @@
+import { createServerClient } from "@supabase/ssr";
+import { NextResponse, type NextRequest } from "next/server";
+
+export async function middleware(request: NextRequest) {
+  let supabaseResponse = NextResponse.next({ request });
+
+  const supabase = createServerClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL!,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+    {
+      cookies: {
+        getAll() {
+          return request.cookies.getAll();
+        },
+        setAll(cookiesToSet) {
+          cookiesToSet.forEach(({ name, value }) =>
+            request.cookies.set(name, value),
+          );
+          supabaseResponse = NextResponse.next({ request });
+          cookiesToSet.forEach(({ name, value, options }) =>
+            supabaseResponse.cookies.set(name, value, options),
+          );
+        },
+      },
+    },
+  );
+
+  const {
+    data: { user },
+  } = await supabase.auth.getUser();
+
+  const { pathname } = request.nextUrl;
+
+  // Auth pages — redirect to app if already logged in
+  if (user && (pathname === "/login" || pathname === "/register")) {
+    const url = request.nextUrl.clone();
+    url.pathname = "/";
+    return NextResponse.redirect(url);
+  }
+
+  // Protected routes — redirect to login if not authenticated
+  if (
+    !user &&
+    !pathname.startsWith("/login") &&
+    !pathname.startsWith("/register") &&
+    !pathname.startsWith("/callback")
+  ) {
+    const url = request.nextUrl.clone();
+    url.pathname = "/login";
+    return NextResponse.redirect(url);
+  }
+
+  return supabaseResponse;
+}
+
+export const config = {
+  matcher: [
+    "/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)",
+  ],
+};