feat(project-picker): show auto-derived project code in parent typeahead

t-paliad-222 follow-up — wire .code into the parent-project picker so
two same-titled projects in different trees can be disambiguated by
their auto-derived dotted code. Search includes the code; the badge
renders only when distinct from the manual reference.

Excel __meta sheet still pending — the JSON code field is populated
by PopulateProjectCodes for every list payload, so the export
generator only needs to add one row in a follow-up shift.

.m/config.yaml

@@ -1,6 +1,3 @@
-# Project-specific mai configuration
-# Auto-generated by 'mai init' — run 'mai setup' to customize
-
 provider: claude
 providers:
     claude:
@@ -47,21 +44,13 @@ worker:
     name_scheme: role
     default_level: standard
     auto_discard: false
-    max_workers: 5
+    max_workers: 7
     persistent: true
 head:
-    name: "paliadin"
-    max_loops: 50
-    infinity_mode: false
-    max_idle_duration: 2h0m0s
-    backoff_intervals:
-        - 5
-        - 10
-        - 15
-        - 30
+    name: paliadin
 capacity:
     global:
-        max_workers: 5
+        max_workers: 7
         max_heads: 3
     per_worker:
         max_tasks_lifetime: 0

cmd/server/main.go

@@ -178,14 +178,23 @@ func main() {
 			UserView:       services.NewUserViewService(pool),
 			Broadcast:      services.NewBroadcastService(pool, mailSvc, users, teamSvc, emailTemplateSvc),
 			Pin:            services.NewPinService(pool, projectSvc),
-			CardLayout:     services.NewCardLayoutService(pool),
-			Projection:     services.NewProjectionService(pool, projectSvc, deadlineSvc, appointmentSvc, services.NewFristenrechnerService(rules, holidays, courts), rules),
+			CardLayout:      services.NewCardLayoutService(pool),
+			DashboardLayout: services.NewDashboardLayoutService(pool),
+			Projection:      services.NewProjectionService(pool, projectSvc, deadlineSvc, appointmentSvc, services.NewFristenrechnerService(rules, holidays, courts), rules),
 			// t-paliad-214 Slice 1 — personal-scope data export. firm name
 			// is captured into __meta of every export and printed in the
 			// embedded README.
 			Export: services.NewExportService(pool, branding.Name),
 		}
 
+		// t-paliad-219 Slice A3 — stitch DashboardService → ApprovalService
+		// for the inbox-approvals widget. Done post-construction to avoid
+		// a circular constructor dependency (ApprovalService doesn't need
+		// the dashboard, and DashboardService can render its other widgets
+		// without approvals — so keeping this a setter keeps both
+		// constructors simple).
+		svcBundle.Dashboard.SetApprovalService(svcBundle.Approval)
+
 		// t-paliad-215 Slice 1 — submission generator. Three services
 		// stitched together by handlers/submissions.go: registry pulls
 		// templates from Gitea (reuses GITEA_TOKEN env), vars builds

docs/design-project-metadata-rework-2026-05-20.md

@@ -0,0 +1,686 @@
+# Project metadata rework — Client Role + auto-derived project codes
+
+Status: design, ready for head review (2026-05-20)
+Task: t-paliad-222
+Issues: m/paliad#47 (Client Role) + m/paliad#50 (project codes)
+Branch: `mai/kepler/inventorcoder-project`
+
+Pairs two related changes because both touch `paliad.projects` schema, the
+project form, and downstream consumers (Fristenrechner Determinator,
+submission templates, Verlauf, picker / breadcrumb surfaces). One design,
+two migrations, one coder shift.
+
+---
+
+## §1 Scope & non-goals
+
+In scope:
+
+- Drop "Wir vertreten" entirely on `type='client'`, `'litigation'`, `'patent'`.
+- Rename to "Client Role" / "Mandantenrolle" on `type='case'` with new
+  option set (Active / Reactive / Third Party / Other).
+- Widen `paliad.projects.our_side` CHECK to the new sub-role values; drop
+  `'court'` and `'both'`; backfill existing rows to NULL.
+- Add `paliad.projects.opponent_code text` on `type='litigation'` rows
+  (segment source for project codes).
+- New Go helper `services.BuildProjectCode(ctx, projectID) (string, error)`
+  that walks the ancestor chain via the existing ltree `path` and assembles
+  the dotted code. Custom `paliad.projects.reference` on the project itself
+  wins.
+- Wire the helper into project header, breadcrumb, picker labels, the
+  submission-template variable bag (`{{project.code}}`), and the Excel
+  export `__meta` sheet.
+
+Out of scope (handled separately or dropped):
+
+- Reshaping `paliad.parties` (per-party role rows are unchanged).
+- New analytics / reports breaking out sub-roles.
+- Bulk-renaming user-facing copy that says "Klägerseite" /
+  "Beklagtenseite" outside the project form.
+- Reverse lookup (project by code) — already works via `reference`.
+- Audit-history for who changed an override and when — not requested.
+- Bulk regeneration of existing `reference` strings — manual entries stay
+  intact; auto-derive only fills empty slots.
+- Renaming the `our_side` DB column — see §2.2 / Q1.
+
+---
+
+## §2 Issue #47 — Client Role rework
+
+### §2.1 Current state (verified 2026-05-20)
+
+- Column: `paliad.projects.our_side text`, CHECK constraint
+  `projects_our_side_check` allows `('claimant','defendant','court','both',NULL)`
+  (mig 072).
+- Live data audit (`SELECT our_side, count(*) FROM paliad.projects
+  GROUP BY our_side`): **all 12 rows are NULL**. Zero rows on
+  `'court'` or `'both'` — backfill is a no-op. The migration is risk-free
+  on the current dataset.
+- Form: rendered for every project type by
+  `frontend/src/components/ProjectFormFields.tsx:156-168` (one
+  `<select id="project-our-side">` with five static `<option>`s, no
+  conditional render).
+- Downstream consumers (verified by grep on `our_side` /
+  `OurSide` in `internal/` and `frontend/src/`):
+  - `frontend/src/client/fristenrechner.ts:2187,2734,3754-3776` —
+    Determinator Slice 3c, `ourSideToPerspective()` maps
+    `claimant → claimant`, `defendant → defendant`, anything else
+    (incl. `'court'`, `'both'`, NULL) → `null` (chip free-pick).
+  - `internal/services/submission_vars.go:276-278,390-418` —
+    `{{project.our_side_de}}` / `_en` legal-prose forms. `ourSideDE` /
+    `ourSideEN` switch on the 4 enum values.
+  - `internal/services/project_service.go:1083-1104` —
+    `our_side_changed` project-event row on writes.
+  - `internal/services/project_service.go:1228,1372,1955-` — CCR
+    counterclaim child default-inverts `our_side`; `nullableOurSide()`
+    and `isValidOurSide()` (`project_service.go:1915`) gate writes.
+
+### §2.2 Decisions
+
+**Q1 — Rename column `our_side → client_role`?**
+**Pick: NO. Keep `our_side`.** Renaming forces churn in eleven Go files,
+the Determinator client bundle (`fristenrechner.ts` type literal +
+`ourSideToPerspective`), all submission-template tests
+(`submission_render_test.go:275`), the project-event title key
+(`event.title.our_side_changed`), and every `{{project.our_side*}}` template
+that exists in the wild on user systems. The label is purely UI; the column
+name is internal. Future grep stays clean because the new label
+("Client Role") and the column (`our_side`) describe the same concept from
+different perspectives ("which side the firm represents" =
+"what role the client plays"). Keeping the column avoids a 200-line
+mechanical rename with non-trivial risk for zero functional gain. The
+i18n keys *do* rename (`projects.field.our_side` → `projects.field.client_role`)
+so user-facing copy stays clean.
+
+**Q2 — Sub-role granularity (7 distinct values vs 3 groups)?**
+**Pick: 7 sub-roles** — `claimant, defendant, applicant, appellant,
+respondent, third_party, other`. Lawyers care about the specific
+procedural posture; Applicant ≠ Claimant in some UPC contexts (e.g. PI
+applications use "Applicant"). Group-level aggregation is trivial at
+display time (`switch role { case claimant, applicant, appellant:
+return "Active" }`). Storing the group only would be a lossy choice we
+cannot reconstruct from.
+
+**Q3 — Project types where the field is visible?**
+**Pick: ONLY `type='case'`.** m's wording is unambiguous ("only plays a
+role in case projects — and even there the question should be 'Client
+Role'"). Hide on `client`, `litigation`, `patent`, and the generic
+`project` type. The client-level "industry / country" block stays as is
+(those are client-attributes, not procedural roles). The form already
+has `projekt-fields-case` conditional render (`ProjectFormFields.tsx:143`)
+— moving the role select into that block is a 4-line change.
+
+**Q4 — Existing `'court'` / `'both'` row backfill?**
+**Pick: backfill to NULL** in the same migration that widens the CHECK.
+Zero rows in production (verified 2026-05-20), so the backfill is a
+no-op today; it's there for safety if any test fixture or
+not-yet-deployed instance has them. No audit-event emission for the
+backfill (it's schema cleanup, not user action).
+
+**Q5 — Determinator perspective mapping for new sub-roles?**
+**Pick: Active group → `claimant`, Reactive group → `defendant`, Third
+Party / Other → `null` (chip free-pick).** Concretely:
+
+  - `claimant`, `applicant`, `appellant` → perspective `'claimant'`
+  - `defendant`, `respondent` → perspective `'defendant'`
+  - `third_party`, `other`, NULL → perspective `null`
+
+This keeps the Determinator's existing claimant-rule / defendant-rule
+filter logic unchanged; only `ourSideToPerspective()`'s switch widens.
+
+**Q6 — Submission template `_de` / `_en` prose for new sub-roles?**
+
+| value         | `_de` (Nominativ)             | `_en`         |
+|---------------|-------------------------------|---------------|
+| `claimant`    | Klägerin                      | Claimant      |
+| `defendant`   | Beklagte                      | Defendant     |
+| `applicant`   | Antragstellerin               | Applicant     |
+| `appellant`   | Berufungsklägerin             | Appellant     |
+| `respondent`  | Antragsgegnerin               | Respondent    |
+| `third_party` | Streithelferin                | Third Party   |
+| `other`       | sonstige Verfahrensbeteiligte | other party   |
+
+Existing `'court'`/`'both'` switch arms get deleted (no live rows; if a
+stale `our_side='court'` slipped through somehow, the function returns
+`""` — same fallback as today for unknown values).
+
+### §2.3 Migration `112_client_role_rework`
+
+```sql
+-- 112_client_role_rework.up.sql (renumbered 2026-05-20 — mig 110 was claimed by m/paliad#51, mig 111 by m/paliad#48)
+-- t-paliad-222 / m/paliad#47.
+-- Widens projects.our_side CHECK to seven sub-role values and drops
+-- the legacy 'court' / 'both' entries. Backfill is a no-op on the
+-- current dataset (verified 2026-05-20: all 12 rows are NULL), but
+-- runs defensively in case any test fixture / staging instance still
+-- carries the old values.
+
+BEGIN;
+
+-- 1. Backfill any 'court' / 'both' rows to NULL. Idempotent.
+UPDATE paliad.projects
+   SET our_side = NULL
+ WHERE our_side IN ('court', 'both');
+
+-- 2. Drop the old CHECK, add the widened one. Both are idempotent
+--    against partially-applied state.
+ALTER TABLE paliad.projects
+    DROP CONSTRAINT IF EXISTS projects_our_side_check;
+
+ALTER TABLE paliad.projects
+    ADD CONSTRAINT projects_our_side_check
+    CHECK (our_side IS NULL OR our_side IN (
+        'claimant', 'defendant',
+        'applicant', 'appellant',
+        'respondent',
+        'third_party', 'other'
+    ));
+
+COMMENT ON COLUMN paliad.projects.our_side IS
+    'Which side the firm represents on this case project (renamed in '
+    'the UI to "Client Role" — t-paliad-222 / m/paliad#47). Allowed '
+    'sub-roles, grouped at display time: Active (claimant, applicant, '
+    'appellant); Reactive (defendant, respondent); Third Party / Other '
+    '(third_party, other). NULL = unknown. Hidden in the form on '
+    'non-case project types. Drives the Fristenrechner Determinator '
+    'perspective chip (Active→claimant, Reactive→defendant, else null).';
+
+COMMIT;
+```
+
+The down migration restores the original 4-value CHECK and, for
+defensive symmetry, backfills any new sub-role values to NULL (so the
+schema is internally consistent when stepped down).
+
+### §2.4 Frontend changes
+
+`frontend/src/components/ProjectFormFields.tsx`:
+
+1. Move the `<div className="form-field">` containing
+   `#project-our-side` from the always-visible block (line 156) into
+   the `projekt-fields-case` block (after the court / case-number
+   row).
+2. Rename label `data-i18n="projects.field.our_side"` →
+   `projects.field.client_role`.
+3. Replace the five flat `<option>`s with three `<optgroup>`s + the
+   seven new options + an "Unbekannt" empty option.
+4. Update the hint text to mention the Determinator group mapping
+   (Active/Reactive).
+
+`frontend/src/client/i18n.ts` — add new keys (DE + EN):
+
+```
+projects.field.client_role                  → "Mandantenrolle" / "Client Role"
+projects.field.client_role.hint             → "..."
+projects.field.client_role.unset            → "Unbekannt" / "Unknown"
+projects.field.client_role.group.active     → "Aktiv (wir greifen an)"  / "Active (we initiate)"
+projects.field.client_role.group.reactive   → "Reaktiv (wir verteidigen)" / "Reactive (we defend)"
+projects.field.client_role.group.other      → "Dritte / Sonstige"        / "Third Party / Other"
+projects.field.client_role.claimant         → "Klägerseite"              / "Claimant"
+projects.field.client_role.applicant        → "Antragsteller"            / "Applicant"
+projects.field.client_role.appellant        → "Berufungsführer"          / "Appellant"
+projects.field.client_role.defendant        → "Beklagtenseite"           / "Defendant"
+projects.field.client_role.respondent       → "Antragsgegner"            / "Respondent"
+projects.field.client_role.third_party      → "Streithelfer / Dritter"   / "Third Party"
+projects.field.client_role.other            → "Sonstige Beteiligte"      / "Other party"
+```
+
+The legacy `projects.field.our_side.*` keys stay deprecated-but-present
+for one release so any cached browser bundle keeps rendering. They get
+deleted in a follow-up housekeeping shift once the rollout is confirmed.
+
+`frontend/src/client/project-form.ts:182-230` — adjust the payload
+read/write to only include `our_side` when the field is in the DOM
+(non-case forms no longer emit it). The current code does
+`if (v) payload.our_side = v` which already handles the "field absent"
+case gracefully (osSel becomes `null`, no payload key set).
+
+`frontend/src/client/fristenrechner.ts:3754-3776` —
+`ourSideToPerspective` switch widens:
+
+```ts
+function ourSideToPerspective(os: string | null | undefined): Perspective {
+  switch (os) {
+    case "claimant":
+    case "applicant":
+    case "appellant":
+      return "claimant";
+    case "defendant":
+    case "respondent":
+      return "defendant";
+    default:
+      return null;
+  }
+}
+```
+
+`frontend/src/projects-detail.tsx` Verlauf — the `our_side_changed`
+event description currently renders the raw enum. Update the renderer
+to use a label lookup so "Mandant: Beklagte → Antragsteller" reads
+correctly. Same `event.title.our_side_changed` key stays (the *title*
+is "Vertretene Seite geändert" / "Represented side changed", which is
+still accurate semantically).
+
+### §2.5 Backend changes
+
+`internal/services/project_service.go:1915` — `isValidOurSide()` widens
+its allowlist:
+
+```go
+case "", "claimant", "defendant",
+    "applicant", "appellant",
+    "respondent",
+    "third_party", "other":
+    return nil
+```
+
+`internal/services/project_service.go:1372` —
+`derivedCounterclaimOurSide()` (CCR flip logic): widen the flip map to
+mirror the Determinator grouping:
+
+  - claimant ↔ defendant (current behaviour)
+  - applicant ↔ respondent
+  - appellant → defendant (CCR against an appellant is rare; pick
+    the most-likely procedural posture; can be overridden by
+    explicit `flip_our_side=false`)
+  - third_party / other / NULL → keep as-is (no flip)
+
+`internal/services/submission_vars.go:391-418` — `ourSideDE` /
+`ourSideEN` switch arms add the five new values per the table in
+§2.2 Q6. `'court'` and `'both'` arms get deleted.
+
+`internal/services/project_service.go:1083-1104` — `our_side_changed`
+audit emission unchanged (it just records old → new on the column).
+
+`frontend/build.ts` — no change; bundling already picks up
+`projects.field.client_role.*` i18n keys via `i18n-keys.ts` regeneration.
+
+`frontend/src/i18n-keys.ts` — regenerate via existing scripted path
+(adds the new keys, keeps the legacy ones as deprecated entries until
+the housekeeping pass).
+
+### §2.6 Tests
+
+- `internal/services/submission_render_test.go:275` —
+  `TestOurSideTranslations` widens the table to cover the 7 new values
+  in both DE and EN.
+- `internal/services/projection_service_unit_test.go:319` —
+  `TestDerivedCounterclaimOurSide` widens to cover the new flip map.
+- New: `TestProjectFormHidesOurSideForNonCase` — unit test on the
+  project-form payload reader confirms `our_side` is silently dropped
+  when the form renders for a non-case project type.
+
+### §2.7 Acceptance (issue #47)
+
+- [x] Creating a project of `type='client'`, `'litigation'`, `'patent'`,
+      `'project'` does **not** show the field.
+- [x] Creating a project of `type='case'` shows the field labelled
+      "Mandantenrolle" (DE) / "Client Role" (EN) with three optgroups
+      and seven options.
+- [x] Existing `'court'` / `'both'` rows (none in prod, but defensive)
+      are migrated to NULL.
+- [x] Submission templates referencing `{{project.our_side_de}}` /
+      `_en` render coherent prose for the five new values.
+- [x] Determinator perspective chip pre-fills correctly from each
+      sub-role (Active→claimant, Reactive→defendant, Other→null).
+- [x] CCR counterclaim flip yields a sensible child role for the new
+      sub-roles.
+- [x] `go build && go test ./internal/... && cd frontend && bun run
+      build` clean.
+
+---
+
+## §3 Issue #50 — Auto-derived project codes
+
+### §3.1 Current state (verified 2026-05-20)
+
+- `paliad.projects.reference text` exists and is informally used (live
+  values: `EXMPL` on a client, `L-2026-001` on a litigation, `C-UPC-0001`
+  on a case, `P-EP1111222` on a patent). No format enforcement.
+- `paliad.projects.path ltree` is maintained by a Postgres trigger
+  (`projects.path` joined UUIDs root-to-self). Walking ancestors in Go
+  is straightforward: `SELECT * FROM paliad.projects WHERE path @>
+  $1::ltree ORDER BY nlevel(path)`.
+- No `opponent` field exists anywhere. Opponent text lives only inside
+  the litigation `title` (e.g. "Siemens AG ./. Huawei Technologies").
+- `paliad.proceeding_types.code` is dot-separated:
+  `upc.inf.cfi`, `upc.rev.cfi`, `de.inf.lg`, `upc.apl.merits`, etc.
+  Splitting on `.` and upper-casing yields `INF`, `REV`, `LG`,
+  `APL.MERITS`. Suitable as the case segment.
+- `paliad.projects.court text` is free-text on cases (live values:
+  `UPC`, `UPC CoA`, `LG München I`). Not normalised; use the
+  proceeding_type code instead — it carries the same info structurally.
+
+### §3.2 Decisions
+
+**Q1 — Litigation opponent source: new column or regex on title?**
+**Pick: new column `paliad.projects.opponent_code text` on litigation
+rows.** Regex on title is brittle ("./.", "v.", "vs", "—", varying
+order) and the user already knows the short code at creation time. New
+field with explicit validation (slug-cased, max 16 chars) is clean and
+takes one form field + one migration. Title stays as the human-readable
+caption; `opponent_code` is the machine-readable segment source.
+NULL → segment skipped silently.
+
+**Q2 — Patent segment: always last 3, or last-N variable?**
+**Pick: last 3 digits when the digit-stream is ≥ 4 digits long; full
+digit-stream when shorter.** m's example (`EP3456789 → 789`) is 7
+digits last-3 = 789 ✓. UPC publication numbers (10+ digits) collapse to
+their last 3 just fine — uniqueness inside the same litigation tree is
+near-certain because the same litigation tree won't hold two patents
+sharing the same last-3. If it ever does, the user can set a custom
+`reference` (Q5). No need for last-4 / last-N logic.
+
+The patent-number regex extracts the digit-stream from any common
+format (`EP1234567`, `EP 1 234 567`, `EP1234567A1`, `WO2020/123456A1`):
+strip non-digits, take last 3 (or whole if shorter), upper-cased.
+
+**Q3 — Case segment from `proceeding_types.code`?**
+**Pick: take `proceeding_types.code` (e.g. `upc.inf.cfi`), split on `.`,
+drop the leading jurisdiction segment, uppercase the rest, join with
+`.`.** Examples:
+
+  - `upc.inf.cfi` → `INF.CFI`
+  - `upc.rev.cfi` → `REV.CFI`
+  - `upc.pi.cfi`  → `PI.CFI`
+  - `upc.apl.merits` → `APL.MERITS`
+  - `de.inf.lg`   → `INF.LG`
+  - `de.inf.olg`  → `INF.OLG` (appeal instance → segment already
+    encodes "OLG", so we get the appeal level for free; no separate
+    instance segment needed)
+
+The jurisdiction is dropped because the parent client/patent already
+implies the jurisdiction context. If the user wants explicit
+jurisdiction in the code, custom `reference` wins.
+
+If `proceeding_type_id` is NULL on the case, segment is omitted
+silently. No fallback to `court` text — that's free-text and noisy.
+
+**Q4 — Override semantics: wholesale or per-segment?**
+**Pick: wholesale.** When `paliad.projects.reference` is non-empty on
+the project the helper is asked about, that string is returned
+verbatim — no auto-derivation, no string-concatenation, no merging.
+Per-segment override doubles the implementation complexity for a UX
+nobody asked for. Users who want partial overrides set the
+`reference` on the relevant ancestor and let the rest auto-derive
+naturally.
+
+**Q5 — Where the user types the override?**
+**Pick: existing `paliad.projects.reference` field.** Already there,
+already labelled "Interne Referenz (optional)", already used by users.
+Adding a second "project_code_override" alongside `reference` would
+confuse the form. The hint text gets a small addendum: "Leer lassen
+für automatischen Code aus dem Projekt-Baum."
+
+**Q6 — Collision handling (two cases derive to the same code)?**
+**Pick: advisory in v1; no disambiguator.** Codes are display-only
+(not a primary key, not a unique constraint). Real-world collisions
+inside the same litigation tree are vanishingly rare; if they happen,
+the user notices in the picker and sets a custom `reference` on one.
+Adding `-N` suffixes silently would mask a data issue the user should
+see. A future surface could flag duplicates as a project-detail warning,
+but it's not in v1.
+
+**Q7 (new) — Helper signature and call site?**
+**Pick: `ProjectService.BuildProjectCode(ctx context.Context, projectID
+uuid.UUID) (string, error)`.** Lives on the existing ProjectService
+(it needs DB access for the ancestor walk). Internally builds segments
+with a small `projectCodeSegment(p Project) string` pure function per
+type that's table-test-friendly. The helper is called from the
+projection layer when a project gets serialised for the API
+(adds a `code` field to the JSON), so every surface — header,
+breadcrumb, picker, dashboard tile, Excel export — gets the code for
+free without each surface re-walking the tree. Pricier than a
+display-time call but eliminates N+1 walks in list views.
+
+**Q8 (new) — Cache strategy?**
+**Pick: no cache in v1.** Each ancestor walk is one indexed lookup
+on `paliad.projects(path)`. With 12 projects in prod and order-of-100s
+in any plausible firm-scale future, this is microsecond-cheap. If
+profiling later shows it as a hotspot in list views (which fetch many
+projects), introduce a materialised view
+`paliad.projects_derived_codes(project_id, derived_code)` refreshed by
+trigger on `projects` writes. Don't pre-optimise.
+
+### §3.3 Migration `113_projects_opponent_code`
+
+```sql
+-- 113_projects_opponent_code.up.sql (renumbered 2026-05-20)
+-- t-paliad-222 / m/paliad#50.
+-- Add an opponent-code field on litigation projects. Used as the
+-- middle segment when assembling auto-derived project codes from the
+-- ancestor tree (e.g. EXMPL.OPNT.567.INF.CFI). NULL = segment is
+-- skipped silently. No backfill — existing litigation rows simply
+-- yield codes without an opponent segment until the user sets one.
+
+BEGIN;
+
+ALTER TABLE paliad.projects
+    ADD COLUMN IF NOT EXISTS opponent_code text;
+
+-- Slug-shape gate: uppercase letters, digits, dashes, max 16 chars.
+-- Matches the style of m's example "OPNT". Keeps the auto-code clean.
+DO $$
+BEGIN
+    IF NOT EXISTS (
+        SELECT 1 FROM pg_constraint
+         WHERE conname = 'projects_opponent_code_check'
+           AND conrelid = 'paliad.projects'::regclass
+    ) THEN
+        ALTER TABLE paliad.projects
+            ADD CONSTRAINT projects_opponent_code_check
+            CHECK (opponent_code IS NULL
+                OR (opponent_code ~ '^[A-Z0-9-]{1,16}$'
+                    AND type = 'litigation'));
+    END IF;
+END $$;
+
+COMMENT ON COLUMN paliad.projects.opponent_code IS
+    'Short slug for the opposing party on a litigation project '
+    '(uppercase letters, digits, dashes, max 16 chars). Used as the '
+    'middle segment when BuildProjectCode walks the ancestor tree to '
+    'assemble a dotted project code (t-paliad-222 / m/paliad#50). '
+    'NULL = segment skipped silently.';
+
+COMMIT;
+```
+
+The down migration drops the constraint then the column.
+
+### §3.4 Go helper
+
+New file `internal/services/project_code.go`:
+
+```go
+// Package-level function (not a method) so it can be called from any
+// service that already has a *sqlx.DB. ProjectService has a thin
+// wrapper that calls into this.
+//
+// BuildProjectCode assembles the dotted ancestor code for projectID
+// from the existing paliad.projects.path ltree. If the target row's
+// reference column is non-empty, it wins outright (no derivation).
+// Missing ancestor segments are skipped silently — there is no
+// "unknown" placeholder.
+func BuildProjectCode(ctx context.Context, db sqlx.QueryerContext, projectID uuid.UUID) (string, error)
+
+// projectCodeSegment is the per-type segment derivation. Pure, table-
+// test friendly, never touches the DB.
+//
+//   client     → opts.PreferShortReference (reference if set, else slug(title))
+//   litigation → opts.PreferShortReference (opponent_code if set, else "")
+//   patent     → last 3 digits of patent_number (full digits if <4)
+//   case       → uppercase tail of proceeding_types.code (jurisdiction segment dropped)
+//   project    → "" (generic projects don't contribute a segment)
+//
+// proceedingCode is only needed for case rows; the caller resolves
+// it via a single join (or a cached small lookup) before calling.
+func projectCodeSegment(p models.Project, proceedingCode string) string
+```
+
+Sanitisation helpers live alongside as unexported funcs:
+
+- `sanitizeClientShort(s string) string` — uppercase, strip diacritics
+  via `golang.org/x/text/unicode/norm` + filter, replace non-alnum
+  with `-`, trim, cap at 8 chars. Already similar to what
+  `internal/util/slug` does for the global slug helper.
+- `patentLast3(s string) string` — strip non-digits, take last 3
+  characters (or the whole digit-stream when shorter); uppercase.
+  Empty → "".
+- `proceedingTail(code string) string` — split on `.`, drop element 0
+  (jurisdiction), uppercase + join the rest. `""` → `""`.
+
+`BuildProjectCode` SQL is a single round-trip:
+
+```sql
+SELECT p.id, p.type, p.title, p.reference, p.opponent_code,
+       p.patent_number, p.proceeding_type_id,
+       pt.code AS proceeding_code
+  FROM paliad.projects p
+  LEFT JOIN paliad.proceeding_types pt ON pt.id = p.proceeding_type_id
+ WHERE p.path @> (SELECT path FROM paliad.projects WHERE id = $1)
+ ORDER BY nlevel(p.path);
+```
+
+It returns the chain root-to-target. The function:
+
+1. If the last row (the target) has non-empty `reference` → return it
+   verbatim. Done.
+2. Otherwise walk the chain top-to-bottom, call `projectCodeSegment`
+   on each row, skip empty segments, join with `.`, return.
+
+### §3.5 Wiring into surfaces
+
+- `internal/services/project_service.go` projection — add a `Code`
+  string field to the read-side struct and populate it in the single
+  fetch path. For list endpoints, do **one** ancestor-chain query per
+  page (CTE that groups by target id) rather than N+1.
+- `internal/services/submission_vars.go:277` — add
+  `bag["project.code"] = derefString(p.Code)` so submission templates
+  can reference `{{project.code}}`.
+- `frontend/src/components/ProjectHeader.tsx` (current header
+  component on `/projects/{id}`) — render `code` next to the title
+  (small monospace badge) if non-empty.
+- `frontend/src/components/Breadcrumb*.tsx` — when rendering the
+  trail, use `project.code` as the trailing badge per segment if the
+  caller asks for it (opt-in to avoid breaking other consumers).
+- `frontend/src/client/project-form.ts` and any project-picker
+  typeahead — show `code · title` in the dropdown labels when `code`
+  is non-empty.
+- Excel `__meta` sheet — add a `Project Code` row (already enumerates
+  project metadata).
+
+The "copy reference" affordance in the header gets a second line: if
+both `reference` (user override) and the auto-derived code differ, both
+are visible (override above, derived below, smaller).
+
+### §3.6 Tests
+
+- `TestProjectCodeSegment` (table) — every project type × multiple
+  shapes (with/without reference, NULL ancestors, patent_number
+  formats, proceeding codes with 1/2/3 segments).
+- `TestBuildProjectCodeFullChain` — fixture tree
+  Client → Litigation → Patent → Case yields `EXMPL.OPNT.567.INF.CFI`.
+- `TestBuildProjectCodeRespectsOverride` — non-empty `reference` wins
+  outright.
+- `TestBuildProjectCodeMissingAncestors` — case directly under client
+  (no litigation, no patent) yields `EXMPL.INF.CFI`.
+- `TestBuildProjectCodeCollisionDoesNotDisambiguate` — two sibling
+  cases with identical derived codes both return the same string (v1
+  contract per Q6).
+- Migration sanity test (existing harness in
+  `internal/db/migrations_test.go` if present) — up → down → up.
+
+### §3.7 Acceptance (issue #50)
+
+- [x] `BuildProjectCode` returns `EXMPL.OPNT.567.INF.CFI` for the
+      reference tree (Client EXMPL → Litigation OPNT → Patent
+      EP1234567 → Case `upc.inf.cfi`).
+- [x] Setting `projects.reference = 'CUSTOM-CODE'` on the case
+      returns `CUSTOM-CODE` verbatim.
+- [x] Missing ancestor segments are skipped silently
+      (no `..` collapses, no "?" placeholder).
+- [x] `{{project.code}}` resolves in submission templates.
+- [x] Project header, breadcrumb, picker, Excel `__meta` all show the
+      code when set/derived.
+- [x] Litigation form has a new "Opponent Code" field (DE:
+      "Gegner-Kürzel") with the slug pattern validation. Hidden on
+      non-litigation types.
+- [x] `go build && go test ./internal/... && cd frontend && bun run
+      build` clean.
+
+---
+
+## §4 Open questions for the head
+
+(Head: default to the §2.2 / §3.2 "Pick" recommendations unless something
+material pushes back. Coder shift only after head signs off.)
+
+1. **§2.2 Q1** — Keep column name `our_side`? (Recommend YES; rename
+   touches 11+ Go files + bundled-template wire format for zero gain.)
+2. **§2.2 Q2** — Store 7 sub-roles? (Recommend YES; group-only is
+   lossy.)
+3. **§2.2 Q3** — Hide the field on `litigation` and `patent` too, not
+   just on `client`? (Recommend YES per m's "only on case projects".)
+4. **§2.2 Q6** — German prose forms use feminine grammatical gender
+   (Klägerin, Beklagte) per the existing translation table? Or
+   masculine / neutral? (Recommend feminine to match existing
+   `ourSideDE` — keeps consistency with already-rendered templates.)
+5. **§3.2 Q1** — Add a dedicated `opponent_code` column on
+   litigations? (Recommend YES; regex-on-title is brittle.)
+6. **§3.2 Q2** — Patent segment = last 3 digits (variable for
+   <4-digit numbers)? (Recommend YES, matches m's example.)
+7. **§3.2 Q3** — Case segment drops the jurisdiction prefix from
+   `proceeding_types.code` (so `upc.inf.cfi` → `INF.CFI`, not
+   `UPC.INF.CFI`)? (Recommend YES — jurisdiction is implied by the
+   ancestor client/patent context.)
+8. **§3.2 Q7** — `BuildProjectCode` populates a `code` field on every
+   projected Project JSON (not lazy per-render)? (Recommend YES;
+   simpler consumers, one DB round-trip per list page.)
+9. **§3.2 Q8** — No cache / materialised view in v1? (Recommend YES;
+   profile later if list views get slow.)
+
+---
+
+## §5 Implementation order (coder phase)
+
+1. **Mig 112** (client role widen + backfill) → mig 113 (opponent_code).
+   *Renumbered twice on 2026-05-20 — mig 110 claimed by m/paliad#51 project_type_other; mig 111 claimed by m/paliad#48 project_admin_and_select; boltzmann's gap-tolerant runner hard-fails on collisions so this is a strict rebump.*
+   Run `ls internal/db/migrations/ | tail` first to verify slot
+   availability (boltzmann's gap-tolerant runner means 110 is fine
+   even if 109 was the last applied).
+2. **Backend** — `isValidOurSide`, `ourSideDE/EN`,
+   `derivedCounterclaimOurSide`, new `project_code.go` package
+   + ProjectService wiring + projection `Code` field.
+3. **Frontend** — `ProjectFormFields.tsx` (conditional render + new
+   options + opponent_code field on litigation block), `i18n.ts` keys,
+   `fristenrechner.ts` `ourSideToPerspective` widen, header /
+   breadcrumb / picker code-badge wiring.
+4. **Tests** — pinning tests above; `go test ./internal/...` clean.
+5. **Build verification** — `go build && cd frontend && bun run build`
+   clean.
+6. **Commit per slice** — three commits (migration + backend, frontend,
+   tests) keep review tractable.
+
+---
+
+## §6 Risks & rollback
+
+- **Submission templates in the wild.** Users may have downloaded /
+  customised submission templates that still reference
+  `{{project.our_side_de}}` for `our_side='court'` or `'both'`. After
+  this change those values are unreachable, so the template arm
+  returns `""`. Already the fallback behaviour for unknown values;
+  no breakage, just an empty render. Mention in release notes.
+- **Browser cache.** Users with a stale bundle still see the old
+  "Wir vertreten" form for one cache-bust cycle. The legacy i18n keys
+  stay until housekeeping (§2.4), so labels still resolve.
+- **Migration down path.** Stepping down from 110 restores the old
+  4-value CHECK; new sub-role rows would violate it. The down
+  migration backfills new sub-roles → NULL to stay consistent.
+- **Per-tree opponent_code uniqueness.** Two litigations under the
+  same client with the same `opponent_code` would derive identical
+  case codes. Per Q6 we accept this; users see it in the picker and
+  customise `reference` if it bothers them.
+- **No new env vars, no Dokploy compose change** — both changes are
+  pure code + schema; deploy is the existing main-push → webhook →
+  Dokploy auto-redeploy path.

frontend/src/client/components/approval-edit-modal.ts

@@ -76,12 +76,15 @@ interface FieldSpec {
   required?: boolean;
 }
 
+// Deadline-only fields rendered in the editable section. `rule_code` and
+// `event_type_ids` are intentionally NOT here — they're bundled into the
+// dedicated "Verfahrenshandlung" section below the base fields so the
+// event-type (parent concept) reads before the rule (m/paliad#56).
 const DEADLINE_FIELDS: ReadonlyArray<FieldSpec> = [
   { key: "title",             labelKey: "deadlines.field.title",        inputType: "text",     required: true },
   { key: "due_date",          labelKey: "deadlines.field.due",          inputType: "date" },
   { key: "original_due_date", labelKey: "approvals.suggest.field.original_due_date", inputType: "date" },
   { key: "warning_date",      labelKey: "approvals.suggest.field.warning_date",      inputType: "date" },
-  { key: "rule_code",         labelKey: "approvals.suggest.field.rule_code",         inputType: "text" },
   { key: "description",       labelKey: "approvals.suggest.field.description",       inputType: "textarea" },
   { key: "notes",             labelKey: "deadlines.field.notes",        inputType: "textarea" },
 ];
@@ -121,7 +124,7 @@ export async function openApprovalEditModal(
   let eventTypePicker: PickerHandle | null = null;
   let eventTypePickerLoaded = false;
   if (args.entityType === "deadline") {
-    const pickerSection = renderEventTypePickerSection();
+    const pickerSection = renderEventTypePickerSection(original, preImage);
     body.appendChild(pickerSection.section);
     void (async () => {
       try {
@@ -191,67 +194,94 @@ function renderFieldsSection(
   section.appendChild(h);
 
   for (const f of fields) {
-    const wrap = document.createElement("div");
-    wrap.className = "form-field approval-suggest-field";
-
-    const label = document.createElement("label");
-    label.textContent = t(f.labelKey as never);
-    wrap.appendChild(label);
-
-    const value = formatFieldForInput(original[f.key], f.inputType);
-
-    let input: HTMLInputElement | HTMLTextAreaElement;
-    if (f.inputType === "textarea") {
-      input = document.createElement("textarea");
-      input.rows = 3;
-      (input as HTMLTextAreaElement).value = value;
-    } else {
-      input = document.createElement("input");
-      (input as HTMLInputElement).type = f.inputType;
-      (input as HTMLInputElement).value = value;
-    }
-    input.dataset.suggestField = f.key;
-    input.dataset.suggestOriginal = value;
-    input.dataset.suggestInputType = f.inputType;
-    if (f.required) input.required = true;
-
-    // Wire the <label> to focus the <input> on click.
-    const inputID = `suggest-field-${f.key}`;
-    input.id = inputID;
-    label.setAttribute("for", inputID);
-
-    wrap.appendChild(input);
-
-    // "Vorher" hint when pre_image carries a distinct value for this field.
-    const preVal = formatFieldForInput(preImage[f.key], f.inputType);
-    if (preVal && preVal !== value) {
-      const hint = document.createElement("span");
-      hint.className = "approval-suggest-prehint";
-      hint.textContent = `${t("approvals.diff.before")}: ${preVal}`;
-      wrap.appendChild(hint);
-    }
-
-    section.appendChild(wrap);
+    section.appendChild(renderSingleField(f, original, preImage));
   }
   return section;
 }
 
-function renderEventTypePickerSection(): { section: HTMLElement; host: HTMLElement } {
+// Verfahrenshandlung section — bundles the event-type picker and the
+// rule_code input so the editor reads "what procedural step? which rule
+// cites it?" instead of two disconnected fields with rule above type
+// (m/paliad#56). The hint underneath spells out the parent/child
+// relationship so first-time editors don't read them as peers.
+function renderEventTypePickerSection(
+  original: Record<string, unknown>,
+  preImage: Record<string, unknown>,
+): { section: HTMLElement; host: HTMLElement } {
   const section = document.createElement("section");
   section.className = "approval-suggest-section approval-suggest-section--editable";
 
   const h = document.createElement("h3");
   h.className = "approval-suggest-section-title";
-  h.textContent = t("deadlines.field.event_type");
+  h.textContent = t("approvals.suggest.section.event_type_rule");
   section.appendChild(h);
 
   const host = document.createElement("div");
   host.className = "approval-suggest-event-type-picker";
   section.appendChild(host);
 
+  // Rule citation — rendered as a sub-field directly beneath the picker so
+  // the visual hierarchy matches the conceptual one (rule is meta on the
+  // event type, not a peer).
+  const ruleField: FieldSpec = {
+    key: "rule_code",
+    labelKey: "approvals.suggest.field.rule_code",
+    inputType: "text",
+  };
+  section.appendChild(renderSingleField(ruleField, original, preImage));
+
   return { section, host };
 }
 
+// renderSingleField builds one labelled input in the same shape as the
+// fields-section loop. Extracted so the Verfahrenshandlung section can
+// host the rule_code input next to the picker without duplicating the
+// wiring (dirty-tracking, pre_image hint, label/for binding).
+function renderSingleField(
+  f: FieldSpec,
+  original: Record<string, unknown>,
+  preImage: Record<string, unknown>,
+): HTMLElement {
+  const wrap = document.createElement("div");
+  wrap.className = "form-field approval-suggest-field";
+
+  const label = document.createElement("label");
+  label.textContent = t(f.labelKey as never);
+  wrap.appendChild(label);
+
+  const value = formatFieldForInput(original[f.key], f.inputType);
+
+  let input: HTMLInputElement | HTMLTextAreaElement;
+  if (f.inputType === "textarea") {
+    input = document.createElement("textarea");
+    input.rows = 3;
+    (input as HTMLTextAreaElement).value = value;
+  } else {
+    input = document.createElement("input");
+    (input as HTMLInputElement).type = f.inputType;
+    (input as HTMLInputElement).value = value;
+  }
+  input.dataset.suggestField = f.key;
+  input.dataset.suggestOriginal = value;
+  input.dataset.suggestInputType = f.inputType;
+  if (f.required) input.required = true;
+
+  const inputID = `suggest-field-${f.key}`;
+  input.id = inputID;
+  label.setAttribute("for", inputID);
+
+  wrap.appendChild(input);
+
+  const preVal = formatFieldForInput(preImage[f.key], f.inputType);
+  if (preVal && preVal !== value) {
+    const hint = document.createElement("span");
+    hint.className = "approval-suggest-prehint";
+    hint.textContent = `${t("approvals.diff.before")}: ${preVal}`;
+    wrap.appendChild(hint);
+  }
+  return wrap;
+}
+
 function renderContextSection(
   args: ApprovalEditModalArgs,
   original: Record<string, unknown>,

frontend/src/client/dashboard.ts

@@ -65,14 +65,60 @@ interface DashboardData {
   upcoming_deadlines: UpcomingDeadline[];
   upcoming_appointments: UpcomingAppointment[];
   recent_activity: ActivityEntry[];
+  inbox_summary?: InboxSummary;
+}
+
+interface InboxEntry {
+  id: string;
+  entity_type: string;
+  entity_title?: string | null;
+  project_id: string;
+  project_title: string;
+  requested_at: string;
+  requester_id: string;
+  requester_name: string;
+}
+
+interface InboxSummary {
+  pending_count: number;
+  top: InboxEntry[];
+}
+
+// DashboardLayoutSpec mirrors the Go shape in
+// internal/services/dashboard_layout_spec.go. The client treats the spec
+// as advice: unknown widget keys are dropped silently (server is the
+// source of truth for the catalog).
+interface DashboardWidgetRef {
+  key: string;
+  visible: boolean;
+  settings?: { count?: number; horizon_days?: number };
+}
+interface DashboardLayoutSpec {
+  v: number;
+  widgets: DashboardWidgetRef[];
 }
 
 declare global {
   interface Window {
     __PALIAD_DASHBOARD__?: DashboardData | null;
+    __PALIAD_DASHBOARD_LAYOUT__?: DashboardLayoutSpec | null;
+    __PALIAD_DASHBOARD_CATALOG__?: unknown;
   }
 }
 
+let currentLayout: DashboardLayoutSpec | null = null;
+
+// settingsFor returns the (possibly-empty) settings blob for a given
+// widget key in the active layout. Falls back to an empty object so
+// renderers can read `.count ?? defaultN` without null checks.
+function settingsFor(key: string): { count?: number; horizon_days?: number } {
+  if (!currentLayout) return {};
+  for (const w of currentLayout.widgets) {
+    if (w.key === key) return w.settings ?? {};
+  }
+  return {};
+}
+
 const POLL_INTERVAL_MS = 60_000;
 // 30-day look-ahead matches the agenda.tsx default chip and the server's
 // default `to=today+30d` window — keeps the inline agenda visually
@@ -110,7 +156,13 @@ function render(): void {
   renderAppointments(data.upcoming_appointments);
   renderAgenda();
   renderActivity(data.recent_activity);
+  renderInbox(data.inbox_summary ?? { pending_count: 0, top: [] });
   toggleOnboardingHint(data.user);
+  // Apply the saved layout AFTER renderers so the per-widget settings
+  // applied above (count truncation, horizon filtering) are stable
+  // before we toggle visibility + reorder. Failing to find the layout
+  // is non-fatal — the factory default markup order takes over.
+  applyLayout();
 }
 
 function renderGreeting(user: DashboardUser | null): void {
@@ -162,6 +214,13 @@ function renderDeadlines(items: UpcomingDeadline[]): void {
   const list = document.getElementById("dashboard-deadlines-list")!;
   const empty = document.getElementById("dashboard-deadlines-empty")!;
 
+  // Per-widget settings: truncate by count + filter by horizon. Backend
+  // returns 40 rows / 60d; the widget settings narrow it. Defaults match
+  // the catalog (10 rows, 30 days).
+  const s = settingsFor("upcoming-deadlines");
+  items = filterByHorizonDays(items, s.horizon_days ?? 30, (d) => d.due_date);
+  items = items.slice(0, s.count ?? 10);
+
   if (!items.length) {
     list.innerHTML = "";
     list.style.display = "none";
@@ -191,6 +250,10 @@ function renderAppointments(items: UpcomingAppointment[]): void {
   const list = document.getElementById("dashboard-appointments-list")!;
   const empty = document.getElementById("dashboard-appointments-empty")!;
 
+  const s = settingsFor("upcoming-appointments");
+  items = filterByHorizonDays(items, s.horizon_days ?? 30, (a) => a.start_at);
+  items = items.slice(0, s.count ?? 10);
+
   if (!items.length) {
     list.innerHTML = "";
     list.style.display = "none";
@@ -226,6 +289,9 @@ function renderActivity(items: ActivityEntry[]): void {
   const list = document.getElementById("dashboard-activity-list")!;
   const empty = document.getElementById("dashboard-activity-empty")!;
 
+  const s = settingsFor("recent-activity");
+  items = items.slice(0, s.count ?? 10);
+
   if (!items.length) {
     list.innerHTML = "";
     list.style.display = "none";
@@ -344,8 +410,10 @@ function renderAgenda(): void {
 }
 
 async function loadAgenda(): Promise<void> {
+  const s = settingsFor("inline-agenda");
+  const horizon = s.horizon_days ?? AGENDA_LOOKAHEAD_DAYS;
   const from = toAgendaDate(startOfToday());
-  const to = toAgendaDate(addDays(startOfToday(), AGENDA_LOOKAHEAD_DAYS - 1));
+  const to = toAgendaDate(addDays(startOfToday(), horizon - 1));
   try {
     const resp = await fetch(`/api/agenda?from=${from}&to=${to}&types=deadlines,appointments`);
     if (!resp.ok) {
@@ -439,6 +507,125 @@ function syncCollapseAriaLabels(): void {
     });
 }
 
+function renderInbox(s: InboxSummary): void {
+  const summary = document.getElementById("dashboard-inbox-summary");
+  const list = document.getElementById("dashboard-inbox-list");
+  const empty = document.getElementById("dashboard-inbox-empty");
+  if (!summary || !list || !empty) return;
+
+  const settings = settingsFor("inbox-approvals");
+  const cap = settings.count ?? 3;
+  const top = s.top.slice(0, cap);
+
+  if (s.pending_count === 0) {
+    summary.style.display = "none";
+    list.innerHTML = "";
+    list.style.display = "none";
+    empty.style.display = "block";
+    return;
+  }
+  empty.style.display = "none";
+  summary.style.display = "block";
+  summary.textContent = getLang() === "de"
+    ? `${s.pending_count} offene Freigaben warten auf dich.`
+    : `${s.pending_count} open approvals are waiting for you.`;
+  list.style.display = "";
+  list.innerHTML = top.map((e) => {
+    const entityLabel = e.entity_type === "deadline"
+      ? tDyn("dashboard.inbox.entity.deadline")
+      : (e.entity_type === "appointment"
+        ? tDyn("dashboard.inbox.entity.appointment")
+        : e.entity_type);
+    const title = e.entity_title || entityLabel;
+    return `<li class="dashboard-list-item">
+      <a href="/inbox" class="dashboard-list-link">
+        <div class="dashboard-list-main">
+          <span class="dashboard-list-title">${esc(title)}</span>
+          <span class="dashboard-list-ref" title="${escAttr(`${e.project_title} · ${e.requester_name}`)}">${esc(e.project_title)} &middot; ${esc(e.requester_name)}</span>
+        </div>
+        <div class="dashboard-list-meta">
+          <span class="dashboard-appt-time">${esc(formatDateTime(e.requested_at))}</span>
+        </div>
+      </a>
+    </li>`;
+  }).join("");
+}
+
+// applyLayout walks the saved DashboardLayoutSpec and hides widgets whose
+// keys are `visible: false`, then reorders the visible ones to match the
+// layout's order. Widgets in the layout but missing from the DOM are
+// ignored (the catalog must define the markup for them — Slice A has
+// every catalog widget pre-rendered in dashboard.tsx). Widgets in the
+// DOM but missing from the layout (e.g. a deploy added markup ahead of a
+// migration) stay in their authored position so nothing disappears
+// silently.
+//
+// Reordering target: the visible widgets live in two parents — the
+// outer .container and the .dashboard-columns 2-up grid. We respect
+// that boundary: widgets inside .dashboard-columns are reordered within
+// it; widgets outside are reordered relative to each other inside
+// .container. This keeps the existing 2-up behaviour for the
+// deadlines+appointments pair without forcing a full container flatten.
+function applyLayout(): void {
+  if (!currentLayout || !Array.isArray(currentLayout.widgets)) return;
+
+  // Discover widget elements once. data-widget-key set in dashboard.tsx.
+  const allWidgets = Array.from(
+    document.querySelectorAll<HTMLElement>("[data-widget-key]"),
+  );
+  if (!allWidgets.length) return;
+  const byKey = new Map<string, HTMLElement>();
+  allWidgets.forEach((el) => {
+    const k = el.dataset.widgetKey;
+    if (k) byKey.set(k, el);
+  });
+
+  // Hide widgets whose layout entry says visible:false. Anything not in
+  // the layout at all stays untouched.
+  const seenInLayout = new Set<string>();
+  for (const w of currentLayout.widgets) {
+    seenInLayout.add(w.key);
+    const el = byKey.get(w.key);
+    if (!el) continue;
+    el.style.display = w.visible ? "" : "none";
+  }
+
+  // Reorder visible widgets inside each parent. We group widgets by their
+  // current parent element so we don't move them out of .dashboard-columns
+  // and lose the 2-up grid layout.
+  const groups = new Map<HTMLElement, HTMLElement[]>();
+  for (const w of currentLayout.widgets) {
+    if (!w.visible) continue;
+    const el = byKey.get(w.key);
+    if (!el || !el.parentElement) continue;
+    const arr = groups.get(el.parentElement) ?? [];
+    arr.push(el);
+    groups.set(el.parentElement, arr);
+  }
+  groups.forEach((widgets, parent) => {
+    widgets.forEach((el) => parent.appendChild(el));
+  });
+}
+
+// filterByHorizonDays drops items whose key date is more than `days`
+// days from today. Items without a parseable date stay in (we don't
+// want to silently hide rows on bad data). today is inclusive.
+function filterByHorizonDays<T>(items: T[], days: number, key: (t: T) => string): T[] {
+  if (!Number.isFinite(days) || days <= 0) return items;
+  const cutoff = new Date();
+  cutoff.setHours(0, 0, 0, 0);
+  cutoff.setDate(cutoff.getDate() + days);
+  return items.filter((t) => {
+    const raw = key(t);
+    if (!raw) return true;
+    // due_date is "YYYY-MM-DD"; start_at is RFC 3339. Both parseable
+    // by Date.
+    const d = new Date(raw.length === 10 ? raw + "T00:00:00" : raw);
+    if (isNaN(d.getTime())) return true;
+    return d.getTime() <= cutoff.getTime();
+  });
+}
+
 function toggleOnboardingHint(user: DashboardUser | null): void {
   // Belt-and-braces: the server-side gate (gateOnboarded in handlers.go)
   // already redirects users without a paliad.users row to /onboarding before
@@ -518,6 +705,23 @@ document.addEventListener("DOMContentLoaded", () => {
     syncCollapseAriaLabels();
   });
 
+  // Configurable layout (t-paliad-219). The Go shell handler splices
+  // the user's saved layout into __PALIAD_DASHBOARD_LAYOUT__. If it's
+  // missing (knowledge-platform-only deploy, hydration failure), the
+  // dashboard renders the factory order baked into dashboard.tsx; the
+  // client also kicks off a best-effort fetch so a slow-hydrating user
+  // still gets their saved layout on the next render pass.
+  const layoutInline = window.__PALIAD_DASHBOARD_LAYOUT__;
+  if (layoutInline) {
+    currentLayout = layoutInline;
+  } else if (layoutInline === undefined) {
+    void fetch("/api/me/dashboard-layout").then(async (r) => {
+      if (!r.ok) return;
+      currentLayout = (await r.json()) as DashboardLayoutSpec;
+      if (data) render();
+    }).catch(() => { /* silent — factory order is the fallback */ });
+  }
+
   // Inline agenda fetch is independent of the main dashboard payload.
   // Kicked off in parallel so the agenda section paints as soon as the
   // /api/agenda response lands instead of waiting on the dashboard

frontend/src/client/events.ts

@@ -125,8 +125,11 @@ const STATUS_OPTIONS_DEADLINE: StatusOption[] = [
   { value: "completed", key: "deadlines.filter.completed" },
 ];
 
+// Appointment status options — m/paliad#54: the legacy 'upcoming' /
+// "Ab heute" option was a UI lie (backend never narrowed past events for
+// appointments) and is removed. 'today' is the sane default — matches the
+// dashboard tile. 'all' stays as the explicit opt-in for past events.
 const STATUS_OPTIONS_APPOINTMENT: StatusOption[] = [
-  { value: "upcoming", key: "events.filter.status.upcoming" },
   { value: "today", key: "deadlines.filter.today" },
   { value: "this_week", key: "deadlines.filter.thisweek" },
   { value: "next_week", key: "deadlines.filter.nextweek" },
@@ -140,7 +143,7 @@ function statusOptionsFor(type: EventTypeChoice): StatusOption[] {
 }
 
 function defaultStatusFor(type: EventTypeChoice): string {
-  return type === "appointment" ? "upcoming" : "pending";
+  return type === "appointment" ? "today" : "pending";
 }
 
 let currentType: EventTypeChoice = "deadline";

frontend/src/client/fristenrechner.ts

@@ -2,11 +2,11 @@
 // 3-step wizard: select proceeding -> enter date -> view timeline
 //
 // Rendering primitives (renderTimelineBody / renderColumnsBody /
-// deadlineCardHtml / formatDate / partyBadge / court picker) live in
-// `./views/verfahrensablauf-core` and are shared with the
-// /tools/verfahrensablauf page (t-paliad-179 Slice 1). This module owns
-// the Step1/2/3a wizard, Pathway A/B, Akte save flow, anchor-override
-// click-to-edit — none of which Verfahrensablauf wants.
+// deadlineCardHtml / formatDate / partyBadge / court picker / inline
+// date editor) live in `./views/verfahrensablauf-core` and are shared
+// with /tools/verfahrensablauf. This module owns the Step1/2/3a
+// wizard, Pathway A/B, Akte save flow — none of which Verfahrensablauf
+// wants.
 
 import { initI18n, t, tDyn, getLang, onLangChange } from "./i18n";
 import { initSidebar } from "./sidebar";
@@ -22,6 +22,7 @@ import {
   priorityRendering,
   renderColumnsBody,
   renderTimelineBody,
+  wireDateEditClicks,
 } from "./views/verfahrensablauf-core";
 
 let lastResponse: DeadlineResponse | null = null;
@@ -186,12 +187,21 @@ interface ProjectOption {
   // (Slice 3b) can scope the cascade by the project's jurisdiction
   // without an extra fetch.
   proceeding_type_id?: number | null;
-  // our_side carries which side the firm represents on this project
-  // (t-paliad-164). When a user selects an Akte, the perspective chip
-  // pre-locks to this value; a small hint above the strip flags the
+  // our_side carries which side the firm represents on this case
+  // project (Client Role; t-paliad-164, widened in t-paliad-222).
+  // When a user selects an Akte, the perspective chip pre-locks via
+  // ourSideToPerspective(); a small hint above the strip flags the
   // pre-selection and the user can still click another chip to
   // override. NULL/undefined leaves the chip unset (free-pick).
-  our_side?: "claimant" | "defendant" | "court" | "both" | null;
+  our_side?:
+    | "claimant"
+    | "defendant"
+    | "applicant"
+    | "appellant"
+    | "respondent"
+    | "third_party"
+    | "other"
+    | null;
 }
 
 async function fetchProjects(): Promise<ProjectOption[]> {
@@ -250,6 +260,19 @@ function closeSaveModal() {
   if (modal) modal.style.display = "none";
 }
 
+// preselectedProjectId returns the project the user picked in Step 1
+// (if any) so the various save/add flows can default their project
+// pickers to it. Carries through anywhere a "save to Akte" pop-out
+// renders \u2014 preselection is *only* a default; the picker still
+// renders every available project and the user can override.
+// m/paliad#57 part 1: 2026-05-20 user complaint \u2014 "the pre-selected
+// project should be pre-selected" on Add.
+function preselectedProjectId(): string {
+  return currentStep1Context.kind === "project" && currentStep1Context.projectId
+    ? currentStep1Context.projectId
+    : "";
+}
+
 async function openSaveModal() {
   if (!lastResponse) return;
   ensureSaveModal();
@@ -266,6 +289,7 @@ async function openSaveModal() {
     sel.style.display = "";
     noProjects.style.display = "none";
     submit.disabled = false;
+    const preselected = preselectedProjectId();
     sel.innerHTML = projects
       .map((p) => {
         const ref = (p.reference || "").trim();
@@ -273,9 +297,11 @@ async function openSaveModal() {
         const label = ref
           ? `${indent}${escHtml(ref)} \u2014 ${escHtml(p.title)}`
           : `${indent}${escHtml(p.title)}`;
-        return `<option value="${escAttr(p.id)}">${label}</option>`;
+        const selected = p.id === preselected ? " selected" : "";
+        return `<option value="${escAttr(p.id)}"${selected}>${label}</option>`;
       })
       .join("");
+    if (preselected) sel.value = preselected;
   }
 
   const list = document.getElementById("frist-save-list")!;
@@ -430,54 +456,21 @@ function renderProcedureResults(data: DeadlineResponse) {
   applyPendingFocus();
 }
 
-// openInlineDateEditor swaps the date span for a date input. On commit
-// (blur or Enter), the override is recorded and the timeline re-fetched.
-// On Escape, the editor closes without changing anything. An empty
-// commit clears the override (lets the user revert to the calculated
-// date or to the IsCourtSet placeholder).
-function openInlineDateEditor(span: HTMLElement) {
-  const ruleCode = span.dataset.ruleCode!;
-  const current = span.dataset.currentDate || anchorOverrides.get(ruleCode) || "";
-  const editor = document.createElement("input");
-  editor.type = "date";
-  editor.className = "frist-date-edit-input";
-  editor.value = current;
-
-  const commit = (newValue: string) => {
-    if (newValue === "") {
-      anchorOverrides.delete(ruleCode);
-    } else {
-      anchorOverrides.set(ruleCode, newValue);
-    }
-    void calculate();
-  };
-
-  const cancel = () => {
-    editor.replaceWith(span);
-  };
-
-  editor.addEventListener("blur", () => {
-    if (editor.value !== current) commit(editor.value);
-    else cancel();
-  });
-  editor.addEventListener("keydown", (e) => {
-    const ke = e as KeyboardEvent;
-    if (ke.key === "Enter") {
-      e.preventDefault();
-      editor.blur();
-    } else if (ke.key === "Escape") {
-      e.preventDefault();
-      cancel();
-    }
-  });
-
-  span.replaceWith(editor);
-  editor.focus();
-  if (editor.value) editor.select();
+// onDateEditCommit is the click-to-edit callback handed to the shared
+// wireDateEditClicks() helper: persist the per-rule override (empty value
+// clears it) then recompute so downstream rules re-anchor.
+function onDateEditCommit(ruleCode: string, newValue: string) {
+  if (newValue === "") {
+    anchorOverrides.delete(ruleCode);
+  } else {
+    anchorOverrides.set(ruleCode, newValue);
+  }
+  void calculate();
 }
 
-// deadlineCardHtml / renderTimelineBody / renderColumnsBody moved to
-// ./views/verfahrensablauf-core (t-paliad-179 Slice 1).
+// deadlineCardHtml / renderTimelineBody / renderColumnsBody /
+// openInlineDateEditor / wireDateEditClicks moved to
+// ./views/verfahrensablauf-core.
 
 function reset() {
   selectedType = "";
@@ -648,21 +641,7 @@ document.addEventListener("DOMContentLoaded", () => {
   // rules re-anchor on the user's date. Delegated on the container so
   // it survives renderProcedureResults() innerHTML rewrites.
   const timelineContainer = document.getElementById("timeline-container");
-  if (timelineContainer) {
-    timelineContainer.addEventListener("click", (e) => {
-      const target = (e.target as HTMLElement).closest<HTMLElement>(".frist-date-edit");
-      if (!target || !target.dataset.ruleCode) return;
-      openInlineDateEditor(target);
-    });
-    timelineContainer.addEventListener("keydown", (e) => {
-      const ke = e as KeyboardEvent;
-      if (ke.key !== "Enter" && ke.key !== " ") return;
-      const target = (e.target as HTMLElement).closest<HTMLElement>(".frist-date-edit");
-      if (!target || !target.dataset.ruleCode) return;
-      e.preventDefault();
-      openInlineDateEditor(target);
-    });
-  }
+  if (timelineContainer) wireDateEditClicks(timelineContainer, onDateEditCommit);
 
   // Reset button
   document.getElementById("reset-btn")!.addEventListener("click", reset);
@@ -1306,19 +1285,27 @@ function expandCardCalc(card: HTMLElement, autoSelectPill: HTMLElement | null) {
   card.classList.add("is-expanded");
   card.setAttribute("aria-expanded", "true");
 
-  const panel = buildCalcPanel(cardData, rulePills);
-  card.appendChild(panel);
+  // m/paliad#57 part 4: when the user clicked a specific rule pill, the
+  // context is already known — the calc panel renders with that pill
+  // locked in and no "Which context?" picker. The card's pill list is
+  // hidden via CSS while is-expanded so the rules aren't listed twice.
+  // When the user clicked the card body (no autoSelectPill), the picker
+  // is the primary surface — still no duplicate pill list above it.
+  const lockedPill = (autoSelectPill && autoSelectPill.dataset.kind === "rule")
+    ? rulePills.find((p) =>
+        p.proceeding?.code === autoSelectPill.dataset.proc
+        && (autoSelectPill.dataset.focus
+            ? p.rule_local_code === autoSelectPill.dataset.focus
+            : true))
+    : undefined;
 
-  // Auto-select the clicked pill if it's a rule pill; otherwise the
-  // first pill is preselected by buildCalcPanel.
-  if (autoSelectPill && autoSelectPill.dataset.kind === "rule") {
-    selectCalcPill(card, autoSelectPill.dataset.proc, autoSelectPill.dataset.focus);
-  }
+  const panel = buildCalcPanel(cardData, rulePills, lockedPill || null);
+  card.appendChild(panel);
 
   scheduleCardCalc(card);
 }
 
-function buildCalcPanel(_cardData: SearchCard, rulePills: SearchPill[]): HTMLElement {
+function buildCalcPanel(_cardData: SearchCard, rulePills: SearchPill[], lockedPill: SearchPill | null = null): HTMLElement {
   const panel = document.createElement("div");
   panel.className = "fristen-card-calc";
   // stopPropagation so clicks inside the panel don't bubble to the
@@ -1329,10 +1316,38 @@ function buildCalcPanel(_cardData: SearchCard, rulePills: SearchPill[]): HTMLEle
   const lang = getLang();
   const today = new Date().toISOString().split("T")[0];
 
-  // Pill picker (only when >1 rule pill).
-  const pickerHtml = rulePills.length <= 1
-    ? `<input type="hidden" class="fristen-card-calc-pill-picker" data-proc="${escAttr(rulePills[0].proceeding?.code || "")}" data-focus="${escAttr(rulePills[0].rule_local_code || "")}" />`
-    : `<fieldset class="fristen-card-calc-pill-picker" role="radiogroup">
+  // Picker semantics (m/paliad#57 part 4):
+  //   - lockedPill set        → context known (user clicked a specific
+  //                             rule pill on the card). Render as a
+  //                             hidden input only; the calc panel shows
+  //                             no "Which context?" question. A small
+  //                             "ändern" link reopens the picker fieldset.
+  //   - rulePills.length <= 1 → only one possible context, never a
+  //                             picker (hidden input carries the data).
+  //   - otherwise             → show the picker as primary surface; the
+  //                             card's pill list is hidden via CSS while
+  //                             the panel is open, so the user isn't
+  //                             asked the same thing twice.
+  let pickerHtml: string;
+  if (lockedPill) {
+    const procName = lockedPill.proceeding
+      ? (lang === "en" && lockedPill.proceeding.name_en ? lockedPill.proceeding.name_en : lockedPill.proceeding.name_de)
+      : "";
+    const ruleName = lang === "en" && lockedPill.rule_name_en ? lockedPill.rule_name_en : lockedPill.rule_name_de;
+    const src = lockedPill.legal_source_display || lockedPill.legal_source || "";
+    const reopenLabel = t("deadlines.card.calc.pill_picker.change");
+    pickerHtml = `<div class="fristen-card-calc-pill-locked">
+      <span class="fristen-card-calc-pill-locked-label">${escHtml(t("deadlines.card.calc.pill_picker.locked_label"))}</span>
+      <span class="fristen-card-calc-pill-locked-proc">${escHtml(procName)}</span>
+      <span class="fristen-card-calc-pill-locked-rule">${escHtml(ruleName)}</span>
+      ${src ? `<span class="fristen-card-calc-pill-locked-source">${escHtml(src)}</span>` : ""}
+      ${rulePills.length > 1 ? `<button type="button" class="fristen-card-calc-pill-change">${escHtml(reopenLabel)}</button>` : ""}
+      <input type="hidden" class="fristen-card-calc-pill-picker" data-proc="${escAttr(lockedPill.proceeding?.code || "")}" data-focus="${escAttr(lockedPill.rule_local_code || "")}" />
+    </div>`;
+  } else if (rulePills.length <= 1) {
+    pickerHtml = `<input type="hidden" class="fristen-card-calc-pill-picker" data-proc="${escAttr(rulePills[0].proceeding?.code || "")}" data-focus="${escAttr(rulePills[0].rule_local_code || "")}" />`;
+  } else {
+    pickerHtml = `<fieldset class="fristen-card-calc-pill-picker" role="radiogroup">
          <legend class="fristen-card-calc-label">${escHtml(t("deadlines.card.calc.pill_picker.label"))}</legend>
          ${rulePills.map((p, i) => {
            const procName = p.proceeding ? (lang === "en" && p.proceeding.name_en ? p.proceeding.name_en : p.proceeding.name_de) : "";
@@ -1346,6 +1361,7 @@ function buildCalcPanel(_cardData: SearchCard, rulePills: SearchPill[]): HTMLEle
            </label>`;
          }).join("")}
        </fieldset>`;
+  }
 
   panel.innerHTML = `
     <button type="button" class="fristen-card-calc-close" aria-label="${escAttr(t("deadlines.card.calc.close"))}">×</button>
@@ -1398,6 +1414,38 @@ function buildCalcPanel(_cardData: SearchCard, rulePills: SearchPill[]): HTMLEle
     void addCalcToProject(card, last);
   });
 
+  // "ändern" — swap the locked-context caption for the full radio
+  // picker so the user can change context without collapsing the panel.
+  panel.querySelector<HTMLButtonElement>(".fristen-card-calc-pill-change")?.addEventListener("click", () => {
+    const card = panel.closest<HTMLElement>(".fristen-card");
+    const locked = panel.querySelector<HTMLElement>(".fristen-card-calc-pill-locked");
+    if (!card || !locked) return;
+    const fieldset = document.createElement("fieldset");
+    fieldset.className = "fristen-card-calc-pill-picker";
+    fieldset.setAttribute("role", "radiogroup");
+    const lockedProc = locked.querySelector<HTMLInputElement>("input.fristen-card-calc-pill-picker")?.dataset.proc || "";
+    const lockedFocus = locked.querySelector<HTMLInputElement>("input.fristen-card-calc-pill-picker")?.dataset.focus || "";
+    fieldset.innerHTML = `
+      <legend class="fristen-card-calc-label">${escHtml(t("deadlines.card.calc.pill_picker.label"))}</legend>
+      ${rulePills.map((p, i) => {
+        const procName = p.proceeding ? (lang === "en" && p.proceeding.name_en ? p.proceeding.name_en : p.proceeding.name_de) : "";
+        const ruleName = lang === "en" && p.rule_name_en ? p.rule_name_en : p.rule_name_de;
+        const src = p.legal_source_display || p.legal_source || "";
+        const isChecked = (p.proceeding?.code || "") === lockedProc
+          && (p.rule_local_code || "") === lockedFocus;
+        return `<label class="fristen-card-calc-pill-option">
+          <input type="radio" name="fristen-card-calc-pill" value="${i}" ${isChecked ? "checked" : ""} data-proc="${escAttr(p.proceeding?.code || "")}" data-focus="${escAttr(p.rule_local_code || "")}" />
+          <span class="fristen-card-calc-pill-option-proc">${escHtml(procName)}</span>
+          <span class="fristen-card-calc-pill-option-rule">${escHtml(ruleName)}</span>
+          ${src ? `<span class="fristen-card-calc-pill-option-source">${escHtml(src)}</span>` : ""}
+        </label>`;
+      }).join("")}`;
+    locked.replaceWith(fieldset);
+    fieldset.querySelectorAll<HTMLInputElement>('input[name="fristen-card-calc-pill"]').forEach((r) => {
+      r.addEventListener("change", () => scheduleCardCalc(card, 0));
+    });
+  });
+
   return panel;
 }
 
@@ -1601,6 +1649,7 @@ async function addCalcToProject(card: HTMLElement, calc: RuleCalcResponse) {
   const lang = getLang();
   const ruleName = lang === "en" ? calc.rule.nameEN : calc.rule.nameDE;
   const dueLabel = formatDate(calc.dueDate);
+  const preselected = preselectedProjectId();
   msgEl.innerHTML = `
     <div class="fristen-card-calc-add-picker">
       <label class="fristen-card-calc-label">${escHtml(t("deadlines.save.modal.akte"))}
@@ -1609,7 +1658,8 @@ async function addCalcToProject(card: HTMLElement, calc: RuleCalcResponse) {
             const ref = (p.reference || "").trim();
             const indent = projectIndent(p.path);
             const label = ref ? `${indent}${ref} — ${p.title}` : `${indent}${p.title}`;
-            return `<option value="${escAttr(p.id)}">${escHtml(label)}</option>`;
+            const selected = p.id === preselected ? " selected" : "";
+            return `<option value="${escAttr(p.id)}"${selected}>${escHtml(label)}</option>`;
           }).join("")}
         </select>
       </label>
@@ -1619,6 +1669,7 @@ async function addCalcToProject(card: HTMLElement, calc: RuleCalcResponse) {
   `;
 
   const sel = msgEl.querySelector<HTMLSelectElement>(".fristen-card-calc-add-select")!;
+  if (preselected) sel.value = preselected;
   msgEl.querySelector<HTMLButtonElement>(".fristen-card-calc-add-cancel")!.addEventListener("click", () => {
     msgEl.innerHTML = "";
     addBtn.disabled = false;
@@ -1688,12 +1739,12 @@ function renderConceptCard(card: SearchCard, lang: "de" | "en"): string {
   const triggerPills = card.pills.filter((p) => p.kind === "trigger");
 
   const ruleSection = rulePills.length === 0 ? "" : `
-    <div class="fristen-card-pills-section">
+    <div class="fristen-card-pills-section fristen-card-pills-section--rules">
       <h4 class="fristen-card-pills-heading">${escHtml(t("deadlines.search.pills.heading"))}</h4>
       <div class="fristen-card-pills">${rulePills.map((p) => renderPill(p, lang)).join("")}</div>
     </div>`;
   const triggerSection = triggerPills.length === 0 ? "" : `
-    <div class="fristen-card-pills-section">
+    <div class="fristen-card-pills-section fristen-card-pills-section--cross">
       <h4 class="fristen-card-pills-heading">${escHtml(t("deadlines.search.pills.cross_cutting"))}</h4>
       <div class="fristen-card-pills">${triggerPills.map((p) => renderPill(p, lang)).join("")}</div>
     </div>`;
@@ -2469,6 +2520,17 @@ interface EventCategoryNode {
 let eventCategoryTree: EventCategoryNode[] | null = null;
 let eventCategoryFetchInflight: Promise<EventCategoryNode[]> | null = null;
 
+// Top-level cascade roots that represent forward-looking workflows ("I
+// want to file X, what deadlines does my action trigger?") rather than
+// the backward-looking calc the Fristenrechner is built for ("event Y
+// happened, what deadlines spawn?"). m's 2026-05-20 ask (m/paliad#57):
+// remove these from the "Was ist passiert?" picker — they belong in a
+// future forward-workflow tool, not here. The DB rows stay so that
+// future tool can pick them back up; we just hide them at the UI layer.
+const HIDDEN_CASCADE_ROOTS: ReadonlySet<string> = new Set([
+  "ich-moechte-einreichen",
+]);
+
 async function loadEventCategoryTree(): Promise<EventCategoryNode[]> {
   if (eventCategoryTree) return eventCategoryTree;
   if (eventCategoryFetchInflight) return eventCategoryFetchInflight;
@@ -2477,7 +2539,8 @@ async function loadEventCategoryTree(): Promise<EventCategoryNode[]> {
       const r = await fetch("/api/tools/fristenrechner/event-categories");
       if (!r.ok) throw new Error(`HTTP ${r.status}`);
       const data = await r.json();
-      eventCategoryTree = (data.tree || []) as EventCategoryNode[];
+      const raw = (data.tree || []) as EventCategoryNode[];
+      eventCategoryTree = raw.filter((n) => !HIDDEN_CASCADE_ROOTS.has(n.slug));
       return eventCategoryTree;
     } finally {
       eventCategoryFetchInflight = null;
@@ -3747,14 +3810,30 @@ function applyPerspective(p: Perspective) {
   triggerCascadeRefresh();
 }
 
-// ourSideToPerspective maps the project-level "Wir vertreten" enum
-// onto the chip-strip Perspective. 'court' / 'both' map to null
-// (chip cleared) — court actions are neutral to the user's side and
-// "both" is explicit no-filter intent.
+// ourSideToPerspective maps the project-level "Client Role" enum
+// (DB column: our_side) onto the chip-strip Perspective.
+//
+// Per t-paliad-222 (m/paliad#47) the field carries one of seven
+// sub-role values grouped at display time:
+//   Active   (we initiate) : claimant, applicant, appellant   → "claimant"
+//   Reactive (we defend)   : defendant, respondent            → "defendant"
+//   Other                  : third_party, other, NULL         → null
+//
+// Legacy 'court' / 'both' values no longer exist in the column
+// (mig 110 backfilled them to NULL); both fall through to the null
+// default arm if a stale value sneaks in.
 function ourSideToPerspective(os: string | null | undefined): Perspective {
-  if (os === "claimant") return "claimant";
-  if (os === "defendant") return "defendant";
-  return null;
+  switch (os) {
+    case "claimant":
+    case "applicant":
+    case "appellant":
+      return "claimant";
+    case "defendant":
+    case "respondent":
+      return "defendant";
+    default:
+      return null;
+  }
 }
 
 // applyOurSidePredefine locks the perspective from project.our_side

frontend/src/client/i18n.ts

@@ -272,10 +272,10 @@ const translations: Record<Lang, Record<string, string>> = {
     "deadlines.step1.divider.new": "oder eine neue Akte",
     "deadlines.step1.divider.adhoc": "oder ad-hoc, ohne Akte",
     "deadlines.step1.new.cta": "+ Neue Akte anlegen",
-    "deadlines.step1.adhoc.upc": "Custom UPC-Verfahren",
-    "deadlines.step1.adhoc.de": "Custom DE-Verfahren",
-    "deadlines.step1.adhoc.epa": "Custom EPA-Verfahren",
-    "deadlines.step1.adhoc.dpma": "Custom DPMA-Verfahren",
+    "deadlines.step1.adhoc.upc": "UPC-Verfahren",
+    "deadlines.step1.adhoc.de": "DE-Verfahren",
+    "deadlines.step1.adhoc.epa": "EPA-Verfahren",
+    "deadlines.step1.adhoc.dpma": "DPMA-Verfahren",
     "deadlines.step1.selected": "Akte:",
     "deadlines.step1.reselect": "Andere Akte",
     "deadlines.step1.summary.adhoc.suffix": "ohne Akte (Erkundung)",
@@ -345,6 +345,8 @@ const translations: Record<Lang, Record<string, string>> = {
     "deadlines.card.calc.expand_hint": "Frist berechnen oder zu Akte hinzufügen",
     "deadlines.card.calc.close": "schließen",
     "deadlines.card.calc.pill_picker.label": "Welcher Kontext?",
+    "deadlines.card.calc.pill_picker.locked_label": "Kontext:",
+    "deadlines.card.calc.pill_picker.change": "ändern",
     "deadlines.card.calc.trigger.label": "Datum des auslösenden Ereignisses",
     "deadlines.card.calc.flags.label": "Bedingungen:",
     "deadlines.card.calc.flag.with_ccr": "Mit Nichtigkeitswiderklage",
@@ -911,6 +913,12 @@ const translations: Record<Lang, Record<string, string>> = {
     "dashboard.agenda.heading": "Agenda",
     "dashboard.agenda.empty": "Keine F\u00e4lligkeiten in den n\u00e4chsten 30 Tagen.",
     "dashboard.agenda.full_link": "Vollst\u00e4ndige Agenda \u00f6ffnen \u2192",
+    // Inbox-approvals widget (t-paliad-219).
+    "dashboard.inbox.heading": "Offene Freigaben",
+    "dashboard.inbox.empty": "Keine offenen Freigaben.",
+    "dashboard.inbox.full_link": "Vollst\u00e4ndigen Posteingang \u00f6ffnen \u2192",
+    "dashboard.inbox.entity.deadline": "Frist",
+    "dashboard.inbox.entity.appointment": "Termin",
     // Collapsible-section toggle a11y labels (t-paliad-162). Both states
     // are needed because the aria-label flips with the expanded state.
     "dashboard.section.collapse": "Abschnitt einklappen",
@@ -1202,9 +1210,30 @@ const translations: Record<Lang, Record<string, string>> = {
     "projects.field.our_side.unset": "Unbekannt / nicht gesetzt",
     "projects.field.our_side.claimant": "Klägerseite",
     "projects.field.our_side.defendant": "Beklagtenseite",
+    "projects.field.our_side.applicant": "Antragsteller",
+    "projects.field.our_side.appellant": "Berufungsführer",
+    "projects.field.our_side.respondent": "Antragsgegner",
+    "projects.field.our_side.third_party": "Streithelfer / Dritter",
+    "projects.field.our_side.other": "Sonstige Beteiligte",
     "projects.field.our_side.court": "Gericht / Tribunal",
     "projects.field.our_side.both": "Beide Seiten",
     "projects.field.our_side.none": "—",
+    "projects.field.client_role": "Mandantenrolle",
+    "projects.field.client_role.hint": "Bestimmt die Voreinstellung der Perspektive im Fristenrechner-Determinator: Aktiv → Klägerseite, Reaktiv → Beklagtenseite. Lässt sich dort jederzeit überschreiben.",
+    "projects.field.client_role.unset": "Unbekannt",
+    "projects.field.client_role.group.active": "Aktiv (wir greifen an)",
+    "projects.field.client_role.group.reactive": "Reaktiv (wir verteidigen)",
+    "projects.field.client_role.group.other": "Dritte / Sonstige",
+    "projects.field.client_role.claimant": "Klägerseite",
+    "projects.field.client_role.applicant": "Antragsteller",
+    "projects.field.client_role.appellant": "Berufungsführer",
+    "projects.field.client_role.defendant": "Beklagtenseite",
+    "projects.field.client_role.respondent": "Antragsgegner",
+    "projects.field.client_role.third_party": "Streithelfer / Dritter",
+    "projects.field.client_role.other": "Sonstige Beteiligte",
+    "projects.field.opponent_code": "Gegner-Kürzel",
+    "projects.field.opponent_code.placeholder": "z.B. OPNT",
+    "projects.field.opponent_code.hint": "Kurzes Kürzel der Gegenseite (Großbuchstaben, Ziffern, Bindestriche, max. 16 Zeichen). Wird als mittleres Segment in automatisch abgeleiteten Projekt-Codes verwendet (z.B. EXMPL.OPNT.567.INF.CFI).",
     "projects.field.status": "Status",
     "projects.error.title_required": "Titel erforderlich",
     "projects.detail.edit.type_change_warning.title": "Diese Felder werden geleert:",
@@ -1399,6 +1428,7 @@ const translations: Record<Lang, Record<string, string>> = {
     "projects.type.patent": "Patent",
     "projects.type.case": "Verfahren",
     "projects.type.project": "Projekt",
+    "projects.type.other": "Sonstiges",
     "projects.team.role.lead": "Leitung",
     "projects.team.role.associate": "Associate",
     "projects.team.role.pa": "PA",
@@ -1406,10 +1436,15 @@ const translations: Record<Lang, Record<string, string>> = {
     "projects.team.role.local_counsel": "Local Counsel",
     "projects.team.role.expert": "Experte",
     "projects.team.role.observer": "Beobachter",
+    "projects.team.responsibility.admin": "Admin",
+    "projects.team.responsibility.admin.hint": "Kann Team und Rollen auf diesem Projekt und Unterprojekten verwalten",
     "projects.team.responsibility.lead": "Leitung",
     "projects.team.responsibility.member": "Mitglied",
     "projects.team.responsibility.observer": "Beobachter",
     "projects.team.responsibility.external": "Extern",
+    "projects.team.error.last_admin": "Mindestens ein Admin muss auf diesem Projekt oder einem übergeordneten verbleiben.",
+    "projects.team.error.forbidden": "Diese Aktion ist nicht erlaubt.",
+    "projects.team.error.generic": "Aktion fehlgeschlagen.",
     "projects.team.profession.partner": "Partner",
     "projects.team.profession.of_counsel": "Of Counsel",
     "projects.team.profession.associate": "Associate",
@@ -1459,6 +1494,7 @@ const translations: Record<Lang, Record<string, string>> = {
     "projects.chip.type.patent": "Patent",
     "projects.chip.type.case": "Verfahren",
     "projects.chip.type.project": "Projekt",
+    "projects.chip.type.other": "Sonstiges",
     "projects.chip.multi.none": "Keine Auswahl",
     "projects.chip.multi.count": "{n} ausgew\u00e4hlt",
     "projects.empty.filtered.action": "Filter zur\u00fccksetzen",
@@ -1801,6 +1837,14 @@ const translations: Record<Lang, Record<string, string>> = {
     "team.filter.project.all": "Alle Projekte",
     "team.filter.project.selected": "ausgewählt",
     "team.filter.project.clear": "Alle abwählen",
+    // Click-to-select (t-paliad-223 #53). Layered ON TOP of the existing
+    // filter pills — selection is an explicit subset of the visible set,
+    // pruned on filter change, wiped on page navigation.
+    "team.selection.count": "{n} ausgewählt",
+    "team.selection.clear": "Auswahl aufheben",
+    "team.selection.send": "E-Mail an Auswahl",
+    "team.selection.select_all": "Alle sichtbaren auswählen",
+    "team.selection.toggle_card": "Kontakt auswählen",
     // Broadcast modal (t-paliad-147)
     "team.broadcast.button": "E-Mail an Auswahl",
     "team.broadcast.title": "E-Mail an Auswahl",
@@ -2287,6 +2331,7 @@ const translations: Record<Lang, Record<string, string>> = {
     "approvals.suggest.next_request_link": "→ Neuer Vorschlag von {name}",
     "approvals.suggest.unsupported_lifecycle": "Änderungen vorschlagen ist nur für Update-Anfragen möglich.",
     "approvals.suggest.section.editable": "Felder",
+    "approvals.suggest.section.event_type_rule": "Verfahrenshandlung (Typ + Regel)",
     "approvals.suggest.section.context": "Kontext",
     "approvals.suggest.context.project": "Projekt",
     "approvals.suggest.context.requester": "Eingereicht von",
@@ -2954,10 +2999,10 @@ const translations: Record<Lang, Record<string, string>> = {
     "deadlines.step1.divider.new": "or a new matter",
     "deadlines.step1.divider.adhoc": "or ad-hoc, without a matter",
     "deadlines.step1.new.cta": "+ Create new matter",
-    "deadlines.step1.adhoc.upc": "Custom UPC proceeding",
-    "deadlines.step1.adhoc.de": "Custom DE proceeding",
-    "deadlines.step1.adhoc.epa": "Custom EPA proceeding",
-    "deadlines.step1.adhoc.dpma": "Custom DPMA proceeding",
+    "deadlines.step1.adhoc.upc": "UPC proceeding",
+    "deadlines.step1.adhoc.de": "DE proceeding",
+    "deadlines.step1.adhoc.epa": "EPA proceeding",
+    "deadlines.step1.adhoc.dpma": "DPMA proceeding",
     "deadlines.step1.selected": "Matter:",
     "deadlines.step1.reselect": "Other matter",
     "deadlines.step1.summary.adhoc.suffix": "no matter (exploration)",
@@ -3034,6 +3079,8 @@ const translations: Record<Lang, Record<string, string>> = {
     "deadlines.card.calc.expand_hint": "Calculate deadline or add to project",
     "deadlines.card.calc.close": "close",
     "deadlines.card.calc.pill_picker.label": "Which context?",
+    "deadlines.card.calc.pill_picker.locked_label": "Context:",
+    "deadlines.card.calc.pill_picker.change": "change",
     "deadlines.card.calc.trigger.label": "Date of triggering event",
     "deadlines.card.calc.flags.label": "Conditions:",
     "deadlines.card.calc.flag.with_ccr": "With counterclaim for revocation",
@@ -3589,6 +3636,11 @@ const translations: Record<Lang, Record<string, string>> = {
     "dashboard.agenda.heading": "Agenda",
     "dashboard.agenda.empty": "Nothing due in the next 30 days.",
     "dashboard.agenda.full_link": "Open full agenda →",
+    "dashboard.inbox.heading": "Open approvals",
+    "dashboard.inbox.empty": "No open approvals.",
+    "dashboard.inbox.full_link": "Open full inbox →",
+    "dashboard.inbox.entity.deadline": "Deadline",
+    "dashboard.inbox.entity.appointment": "Appointment",
     "dashboard.section.collapse": "Collapse section",
     "dashboard.section.expand": "Expand section",
     "dashboard.urgency.overdue": "Overdue",
@@ -3872,9 +3924,30 @@ const translations: Record<Lang, Record<string, string>> = {
     "projects.field.our_side.unset": "Unknown / not set",
     "projects.field.our_side.claimant": "Claimant side",
     "projects.field.our_side.defendant": "Defendant side",
+    "projects.field.our_side.applicant": "Applicant",
+    "projects.field.our_side.appellant": "Appellant",
+    "projects.field.our_side.respondent": "Respondent",
+    "projects.field.our_side.third_party": "Third Party",
+    "projects.field.our_side.other": "Other party",
     "projects.field.our_side.court": "Court / tribunal",
     "projects.field.our_side.both": "Both sides",
     "projects.field.our_side.none": "—",
+    "projects.field.client_role": "Client Role",
+    "projects.field.client_role.hint": "Pre-selects the perspective chip in the Fristenrechner Determinator: Active → claimant side, Reactive → defendant side. Always overridable from there.",
+    "projects.field.client_role.unset": "Unknown",
+    "projects.field.client_role.group.active": "Active (we initiate)",
+    "projects.field.client_role.group.reactive": "Reactive (we defend)",
+    "projects.field.client_role.group.other": "Third Party / Other",
+    "projects.field.client_role.claimant": "Claimant side",
+    "projects.field.client_role.applicant": "Applicant",
+    "projects.field.client_role.appellant": "Appellant",
+    "projects.field.client_role.defendant": "Defendant side",
+    "projects.field.client_role.respondent": "Respondent",
+    "projects.field.client_role.third_party": "Third Party",
+    "projects.field.client_role.other": "Other party",
+    "projects.field.opponent_code": "Opponent code",
+    "projects.field.opponent_code.placeholder": "e.g. OPNT",
+    "projects.field.opponent_code.hint": "Short slug for the opposing party (uppercase letters, digits, dashes, max 16 chars). Used as the middle segment in auto-derived project codes (e.g. EXMPL.OPNT.567.INF.CFI).",
     "projects.field.status": "Status",
     "projects.error.title_required": "Title required",
     "projects.detail.edit.type_change_warning.title": "These fields will be cleared:",
@@ -4068,6 +4141,7 @@ const translations: Record<Lang, Record<string, string>> = {
     "projects.type.patent": "Patent",
     "projects.type.case": "Case",
     "projects.type.project": "Project",
+    "projects.type.other": "Other",
     "projects.team.role.lead": "Lead",
     "projects.team.role.associate": "Associate",
     "projects.team.role.pa": "PA",
@@ -4075,10 +4149,15 @@ const translations: Record<Lang, Record<string, string>> = {
     "projects.team.role.local_counsel": "Local Counsel",
     "projects.team.role.expert": "Expert",
     "projects.team.role.observer": "Observer",
+    "projects.team.responsibility.admin": "Admin",
+    "projects.team.responsibility.admin.hint": "Can manage team and roles on this project and its sub-projects",
     "projects.team.responsibility.lead": "Lead",
     "projects.team.responsibility.member": "Member",
     "projects.team.responsibility.observer": "Observer",
     "projects.team.responsibility.external": "External",
+    "projects.team.error.last_admin": "At least one admin must remain on this project or an ancestor.",
+    "projects.team.error.forbidden": "This action is not permitted.",
+    "projects.team.error.generic": "Action failed.",
     "projects.team.profession.partner": "Partner",
     "projects.team.profession.of_counsel": "Of Counsel",
     "projects.team.profession.associate": "Associate",
@@ -4128,6 +4207,7 @@ const translations: Record<Lang, Record<string, string>> = {
     "projects.chip.type.patent": "Patent",
     "projects.chip.type.case": "Case",
     "projects.chip.type.project": "Project",
+    "projects.chip.type.other": "Other",
     "projects.chip.multi.none": "Nothing selected",
     "projects.chip.multi.count": "{n} selected",
     "projects.empty.filtered.action": "Reset filters",
@@ -4467,6 +4547,12 @@ const translations: Record<Lang, Record<string, string>> = {
     "team.filter.project.all": "All projects",
     "team.filter.project.selected": "selected",
     "team.filter.project.clear": "Deselect all",
+    // Click-to-select (t-paliad-223 #53).
+    "team.selection.count": "{n} selected",
+    "team.selection.clear": "Clear selection",
+    "team.selection.send": "Email selection",
+    "team.selection.select_all": "Select all visible",
+    "team.selection.toggle_card": "Select contact",
     // Broadcast modal (t-paliad-147)
     "team.broadcast.button": "Email selection",
     "team.broadcast.title": "Email selection",
@@ -4953,6 +5039,7 @@ const translations: Record<Lang, Record<string, string>> = {
     "approvals.suggest.next_request_link": "→ New suggestion by {name}",
     "approvals.suggest.unsupported_lifecycle": "Suggest changes is only available for update requests.",
     "approvals.suggest.section.editable": "Fields",
+    "approvals.suggest.section.event_type_rule": "Event type + rule",
     "approvals.suggest.section.context": "Context",
     "approvals.suggest.context.project": "Project",
     "approvals.suggest.context.requester": "Submitted by",

frontend/src/client/project-form.ts

@@ -8,6 +8,11 @@ export interface ProjectMini {
   title: string;
   type: string;
   reference?: string | null;
+  // t-paliad-222 / m/paliad#50: auto-derived dotted project code from
+  // the ancestor tree. Populated by the service projection on every
+  // /api/projects response, so the picker can show the code without an
+  // extra fetch.
+  code?: string;
 }
 
 export interface ProjectFormState {
@@ -48,9 +53,11 @@ function tryGet(id: string): HTMLElement | null {
 export function showFieldsForType(typeSel: string) {
   const parentWrap = tryGet("projekt-parent-wrap") as HTMLDivElement | null;
   const clientFields = tryGet("fields-client") as HTMLDivElement | null;
+  const litigationFields = tryGet("fields-litigation") as HTMLDivElement | null;
   const patentFields = tryGet("fields-patent") as HTMLDivElement | null;
   const caseFields = tryGet("fields-case") as HTMLDivElement | null;
   if (clientFields) clientFields.style.display = typeSel === "client" ? "block" : "none";
+  if (litigationFields) litigationFields.style.display = typeSel === "litigation" ? "block" : "none";
   if (patentFields) patentFields.style.display = typeSel === "patent" ? "block" : "none";
   if (caseFields) caseFields.style.display = typeSel === "case" ? "block" : "none";
   if (parentWrap) parentWrap.style.display = typeSel === "client" ? "none" : "block";
@@ -88,18 +95,28 @@ export function initParentPicker() {
     }
     const matches = parentCandidates
       .filter((p) => {
-        const hay = (p.title + " " + (p.reference || "")).toLowerCase();
+        // Search across title + manual reference + auto-derived code
+        // so the user can type "EXMPL" or "INF.CFI" and find the row.
+        const hay = (p.title + " " + (p.reference || "") + " " + (p.code || "")).toLowerCase();
         return hay.includes(q);
       })
       .slice(0, 8);
     sugs.innerHTML = matches
-      .map(
-        (p) =>
-          `<div class="collab-suggestion" data-id="${esc(p.id)}" data-title="${esc(p.title)}">
+      .map((p) => {
+        // Render the auto-derived code (if any, and distinct from
+        // reference) as a small mono badge on the right so the user
+        // can disambiguate two same-titled projects by their tree
+        // position. Single template literal kept readable inline.
+        const code = p.code && p.code !== (p.reference || "") ? p.code : "";
+        const codeBadge = code
+          ? `<span class="entity-ref entity-ref-code">${esc(code)}</span>`
+          : "";
+        return `<div class="collab-suggestion" data-id="${esc(p.id)}" data-title="${esc(p.title)}">
             <strong>${esc(p.title)}</strong>
             <span class="entity-type-chip entity-type-${esc(p.type)}">${esc(tDyn("projects.type." + p.type) || p.type)}</span>
-          </div>`,
-      )
+            ${codeBadge}
+          </div>`;
+      })
       .join("");
     sugs.querySelectorAll<HTMLDivElement>(".collab-suggestion").forEach((el) => {
       el.addEventListener("click", () => {
@@ -174,20 +191,32 @@ export function readPayload(
     const gd = ($("project-grant-date") as HTMLInputElement).value;
     if (gd) payload.grant_date = gd + "T00:00:00Z";
   }
+  if (type === "litigation") {
+    // opponent_code is the litigation-only short slug used as the
+    // middle segment when BuildProjectCode auto-derives a project
+    // code from the ancestor tree (t-paliad-222 / m/paliad#50).
+    // Uppercased on submit so the user can type lowercase comfortably
+    // — the DB CHECK enforces the [A-Z0-9-]{1,16} pattern.
+    const ocEl = tryGet("project-opponent-code") as HTMLInputElement | null;
+    if (ocEl) {
+      const v = ocEl.value.trim().toUpperCase();
+      if (v) payload.opponent_code = v;
+      else if (!opts.omitEmpty) payload.opponent_code = "";
+    }
+  }
   if (type === "case") {
     stringField("project-court", "court");
     stringField("project-case-number", "case_number");
-  }
 
-  // our_side is type-agnostic — every project type can carry "Wir
-  // vertreten" because the Determinator picks it up regardless of
-  // type. The select uses "" for the unset option; the service maps
-  // empty string to NULL via nullableOurSide.
-  const osSel = tryGet("project-our-side") as HTMLSelectElement | null;
-  if (osSel) {
-    const v = osSel.value.trim();
-    if (v) payload.our_side = v;
-    else if (!opts.omitEmpty) payload.our_side = "";
+    // Client Role (DB column: our_side) — case-only after t-paliad-222.
+    // The select uses "" for the unset option; the service maps empty
+    // string to NULL via nullableOurSide.
+    const osSel = tryGet("project-our-side") as HTMLSelectElement | null;
+    if (osSel) {
+      const v = osSel.value.trim();
+      if (v) payload.our_side = v;
+      else if (!opts.omitEmpty) payload.our_side = "";
+    }
   }
 
   const desc = ($("project-description") as HTMLTextAreaElement).value.trim();
@@ -228,6 +257,8 @@ export function prefillForm(p: Record<string, unknown>) {
   get("project-case-number").value = String(p.case_number ?? "");
   const osSel = tryGet("project-our-side") as HTMLSelectElement | null;
   if (osSel) osSel.value = String(p.our_side ?? "");
+  const ocEl = tryGet("project-opponent-code") as HTMLInputElement | null;
+  if (ocEl) ocEl.value = String(p.opponent_code ?? "");
   getTA("project-description").value = String(p.description ?? "");
   getSel("project-status").value = String(p.status ?? "active");
 }

frontend/src/client/projects-detail.ts

@@ -21,6 +21,12 @@ interface Project {
   path: string;
   title: string;
   reference?: string | null;
+  // t-paliad-222 / m/paliad#50: auto-derived dotted project code from
+  // the ancestor tree (e.g. EXMPL.OPNT.789.INF.CFI). Populated by the
+  // service layer on every projection; equal to `reference` when the
+  // user typed an override.
+  code?: string;
+  opponent_code?: string | null;
   description?: string | null;
   status: string;
   client_number?: string | null;
@@ -34,6 +40,12 @@ interface Project {
   grant_date?: string | null;
   court?: string | null;
   case_number?: string | null;
+  // t-paliad-223: piggybacked onto the GET /api/projects/{id} payload so
+  // the team panel can render an inline <select> for callers who can
+  // change responsibilities (global_admin or effective_project_admin on
+  // this project / ancestor). Optional for back-compat with cached
+  // payloads.
+  effective_admin?: boolean;
   updated_at: string;
   created_at: string;
 }
@@ -1089,6 +1101,24 @@ function renderHeader() {
   (document.getElementById("project-title-display") as HTMLElement).textContent = project.title;
   (document.getElementById("project-ref-display") as HTMLElement).textContent = project.reference || "";
 
+  // t-paliad-222 / m/paliad#50 — show the auto-derived project code
+  // as a second badge whenever it's non-empty AND distinct from the
+  // manual reference. Hides when the derived value equals reference
+  // (avoids visual duplication when the user typed the same string)
+  // or when no derivation produced a value.
+  const codeEl = document.getElementById("project-code-display") as HTMLElement | null;
+  if (codeEl) {
+    const code = project.code ?? "";
+    const ref = project.reference ?? "";
+    if (code && code !== ref) {
+      codeEl.textContent = code;
+      codeEl.style.display = "";
+    } else {
+      codeEl.textContent = "";
+      codeEl.style.display = "none";
+    }
+  }
+
   // t-paliad-177 — link from Verlauf header to standalone chart page.
   // Wired here (not in the TSX shell) because we need the resolved
   // project id, which only exists after the detail fetch settles.
@@ -2494,6 +2524,11 @@ function renderTeam() {
   }
   empty.style.display = "none";
 
+  // t-paliad-223: callers with effective_project_admin authority see an
+  // inline <select> on the Rolle cell. Everyone else sees the read-only
+  // <span>. The bool comes from the GET /api/projects/{id} payload.
+  const canEditResponsibility = !!project?.effective_admin;
+
   body.innerHTML = teamMembers
     .map((m) => {
       // t-paliad-148: profession is firm-wide (read-only badge) and
@@ -2519,11 +2554,20 @@ function renderTeam() {
           : "";
       const officeLabel = m.user_office ? tDyn("office." + m.user_office) || m.user_office : "";
       const profCls = m.user_profession ? "projekt-team-profession" : "projekt-team-profession projekt-team-profession--none";
+
+      // Inline-select only on direct rows where the caller can edit.
+      // Inherited rows stay read-only — the edit must happen at the
+      // ancestor where the row is direct.
+      const responsibilityCell =
+        canEditResponsibility && !m.inherited
+          ? renderResponsibilitySelect(m.user_id, responsibility)
+          : `<span class="projekt-team-responsibility">${esc(responsibilityLabel)}</span>`;
+
       return `<tr>
         <td><strong>${esc(m.user_display_name || m.user_email)}</strong>
             <span class="form-hint">&middot; ${esc(m.user_email)}${officeLabel ? " &middot; " + esc(officeLabel) : ""}</span></td>
         <td><span class="${profCls}" title="${escAttr(professionTitle)}">${esc(professionLabel)}</span></td>
-        <td><span class="projekt-team-responsibility">${esc(responsibilityLabel)}</span></td>
+        <td>${responsibilityCell}</td>
         <td>${source}</td>
         <td>${removeBtn}</td>
       </tr>`;
@@ -2542,6 +2586,47 @@ function renderTeam() {
       if (resp.ok) {
         await loadTeam(project.id);
         renderTeam();
+      } else {
+        await showTeamErrorToast(resp);
+      }
+    });
+  });
+
+  body.querySelectorAll<HTMLSelectElement>(".team-responsibility-select").forEach((sel) => {
+    // Capture the pre-change value on focus so we can roll back the
+    // <select> if the PATCH fails (e.g. last-admin guard).
+    sel.dataset.previous = sel.value;
+    sel.addEventListener("focus", () => {
+      sel.dataset.previous = sel.value;
+    });
+    sel.addEventListener("change", async () => {
+      if (!project) return;
+      const userID = sel.dataset.userId!;
+      const previous = sel.dataset.previous || "member";
+      const next = sel.value;
+      if (next === previous) return;
+      sel.disabled = true;
+      try {
+        const resp = await fetch(
+          `/api/projects/${project.id}/team/${encodeURIComponent(userID)}`,
+          {
+            method: "PATCH",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ responsibility: next }),
+          },
+        );
+        if (!resp.ok) {
+          sel.value = previous;
+          await showTeamErrorToast(resp);
+          return;
+        }
+        sel.dataset.previous = next;
+        // Refresh the team list so derived/descendant sections re-render
+        // with the new authority shape.
+        await loadTeam(project.id);
+        renderTeam();
+      } finally {
+        sel.disabled = false;
       }
     });
   });
@@ -2725,7 +2810,54 @@ function wireExportButton(projectID: string): void {
 function canRemoveTeamMember(m: ProjectTeamMember): boolean {
   if (!me) return false;
   if (m.user_id === me.id) return true;
-  return me.global_role === "global_admin";
+  if (me.global_role === "global_admin") return true;
+  // t-paliad-223: effective_project_admin (from the project payload)
+  // also covers remove. RLS makes the request fail anyway if the bit is
+  // stale; this just hides the affordance.
+  return !!project?.effective_admin;
+}
+
+// t-paliad-223: build the inline <select> for the responsibility cell.
+// Options mirror the IsValidResponsibility set in approval_levels.go.
+function renderResponsibilitySelect(userID: string, current: string): string {
+  const options = ["admin", "lead", "member", "observer", "external"]
+    .map((v) => {
+      const label = tDyn(`projects.team.responsibility.${v}`) || v;
+      const sel = v === current ? " selected" : "";
+      return `<option value="${esc(v)}"${sel}>${esc(label)}</option>`;
+    })
+    .join("");
+  return `<select class="team-responsibility-select projekt-team-responsibility" data-user-id="${esc(userID)}">${options}</select>`;
+}
+
+// t-paliad-223: surface backend error responses (last-admin guard / 403
+// from RLS / etc.) as a transient toast. We have no global toast service
+// yet on this page, so write into #team-msg.
+async function showTeamErrorToast(resp: Response): Promise<void> {
+  const msg = document.getElementById("team-msg") as HTMLParagraphElement | null;
+  if (!msg) return;
+  let text = "";
+  try {
+    const data = (await resp.json()) as { error?: string };
+    text = data?.error || "";
+  } catch {
+    text = "";
+  }
+  if (!text) {
+    if (resp.status === 409) text = t("projects.team.error.last_admin") || "Mindestens ein Admin muss auf diesem Projekt oder einem übergeordneten verbleiben.";
+    else if (resp.status === 403 || resp.status === 404) text = t("projects.team.error.forbidden") || "Diese Aktion ist nicht erlaubt.";
+    else text = t("projects.team.error.generic") || "Aktion fehlgeschlagen.";
+  }
+  msg.textContent = text;
+  msg.classList.add("form-msg--error");
+  // Auto-clear after 5s so a stale error doesn't linger past the next
+  // successful action.
+  window.setTimeout(() => {
+    if (msg.textContent === text) {
+      msg.textContent = "";
+      msg.classList.remove("form-msg--error");
+    }
+  }, 5000);
 }
 
 function initTeamForm(id: string) {

frontend/src/client/team.ts

@@ -77,6 +77,25 @@ let activeRole = "all";
 let activeProjectIDs: Set<string> = new Set();
 let searchQuery = "";
 
+// t-paliad-223 (#53) — explicit click-to-select layer ON TOP of the existing
+// filter pills. When selection.size > 0 the sticky footer takes over the
+// broadcast action and targets only the explicit subset; with empty
+// selection the existing top-bar broadcast button still targets the whole
+// filter result (purely additive).
+//
+// Invariant: selection only ever holds user_ids that match the current
+// filter set — render() prunes drop-outs every cycle. This keeps the
+// counter honest and avoids "hidden-but-selected" debug nightmares.
+const selectedUserIDs: Set<string> = new Set();
+// For Shift-click range select — the user_id of the most recent toggle
+// in the currently-rendered list order. Reset to null on any filter
+// change so the range never spans an invisible row.
+let lastToggledUserID: string | null = null;
+// Snapshot of the rendered user-IDs in DOM order, refreshed on each render.
+// Drives Shift-click range expansion and the master-checkbox "select all
+// visible" action.
+let renderedUserIDs: string[] = [];
+
 const ICON_MAIL = '<svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M4 4h16c1.1 0 2 .9 2 2v12c0 1.1-.9 2-2 2H4c-1.1 0-2-.9-2-2V6c0-1.1.9-2 2-2z"/><polyline points="22,6 12,13 2,6"/></svg>';
 const ICON_PIN = '<svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 10c0 7-9 13-9 13s-9-6-9-13a9 9 0 0 1 18 0z"/><circle cx="12" cy="10" r="3"/></svg>';
 
@@ -403,8 +422,17 @@ function memberAsUser(m: DepartmentMember): User | undefined {
 function renderUserCard(u: User): string {
   const additional = (u.additional_offices ?? []).filter((o) => o !== u.office);
   const jobTitle = (u.job_title ?? "").trim();
+  // t-paliad-223 (#53): per-row select-checkbox. Wrapped in a label so a
+  // click on the checkbox cell triggers the toggle; the rest of the card
+  // (links, email, etc.) keeps its native behaviour. Selection state
+  // mirrored to data-selected so the CSS can highlight the card.
+  const selected = selectedUserIDs.has(u.id);
+  const selectAria = t("team.selection.toggle_card") || "Kontakt auswählen";
   return `
-  <article class="team-card">
+  <article class="team-card" data-user-id="${esc(u.id)}" data-selected="${selected ? "true" : "false"}">
+    <label class="team-card-select" title="${escAttr(selectAria)}">
+      <input type="checkbox" class="team-card-select-input" data-user-id="${esc(u.id)}"${selected ? " checked" : ""} aria-label="${escAttr(selectAria)}" />
+    </label>
     <div class="team-avatar" aria-hidden="true">${esc(initials(u.display_name))}</div>
     <div class="team-card-body">
       <div class="team-card-name">${esc(u.display_name)}</div>
@@ -418,6 +446,13 @@ function renderUserCard(u: User): string {
   </article>`;
 }
 
+// escAttr is the attribute-context counterpart of esc. Used in title=""
+// + aria-label="" where esc()'s div-textContent trick is fine but
+// double-quote-escaping is the bit we actually need.
+function escAttr(s: string): string {
+  return esc(s).replace(/"/g, "&quot;");
+}
+
 function renderGroupByOffice(filtered: User[]): string {
   const present = presentOffices();
   const sections = present
@@ -505,12 +540,22 @@ function render() {
   const filtered = users.filter(
     (u) => userMatchesOffice(u) && userMatchesRole(u) && userMatchesProject(u) && userMatchesSearch(u),
   );
+
+  // t-paliad-223 (#53): prune drop-outs from the explicit selection. The
+  // invariant is "selection ⊆ visible"; carrying invisible IDs forward
+  // would create stale "12 selected" counters that don't match what the
+  // user sees on screen.
+  pruneSelectionToVisible(new Set(filtered.map((u) => u.id)));
+
   count.textContent = `${filtered.length} / ${users.length}`;
   updateBroadcastButton();
 
   if (filtered.length === 0) {
     list.innerHTML = "";
     empty.style.display = "block";
+    renderedUserIDs = [];
+    syncMasterCheckbox();
+    renderSelectionFooter();
     return;
   }
   empty.style.display = "none";
@@ -518,6 +563,223 @@ function render() {
   list.innerHTML = groupBy === "office"
     ? renderGroupByOffice(filtered)
     : renderGroupByDepartment(filtered);
+
+  // Refresh the DOM-order snapshot Shift-click + master-checkbox rely on.
+  renderedUserIDs = Array.from(
+    list.querySelectorAll<HTMLElement>(".team-card"),
+  ).map((el) => el.dataset.userId || "");
+
+  wireSelectionCheckboxes(list);
+  syncMasterCheckbox();
+  renderSelectionFooter();
+}
+
+// pruneSelectionToVisible drops user_ids from selection that no longer
+// match the visible set. Always called from render() before painting so
+// the per-row "checked" state and the footer counter stay in sync.
+function pruneSelectionToVisible(visible: Set<string>): void {
+  const removed: string[] = [];
+  for (const id of selectedUserIDs) {
+    if (!visible.has(id)) removed.push(id);
+  }
+  for (const id of removed) selectedUserIDs.delete(id);
+  if (removed.length > 0 && lastToggledUserID && !visible.has(lastToggledUserID)) {
+    lastToggledUserID = null;
+  }
+}
+
+// wireSelectionCheckboxes attaches click handlers to every per-row
+// checkbox in the freshly-rendered list. Each click toggles the
+// underlying selection Set + the data-selected attribute on the card.
+// Shift-click extends a contiguous range from the previous toggle to
+// the current row using renderedUserIDs as the order reference.
+function wireSelectionCheckboxes(list: HTMLElement): void {
+  list.querySelectorAll<HTMLInputElement>(".team-card-select-input").forEach((cb) => {
+    cb.addEventListener("click", (ev) => {
+      const id = cb.dataset.userId || "";
+      if (!id) return;
+      const checked = cb.checked;
+      if ((ev as MouseEvent).shiftKey && lastToggledUserID && lastToggledUserID !== id) {
+        applyRangeSelection(lastToggledUserID, id, checked);
+      } else {
+        if (checked) selectedUserIDs.add(id);
+        else selectedUserIDs.delete(id);
+      }
+      lastToggledUserID = id;
+      // Visual + footer refresh without a full re-render (selection
+      // changes don't affect the filter set; render() is reserved for
+      // filter/data changes to keep typing in the search box fast).
+      refreshCardSelectedAttribute();
+      syncMasterCheckbox();
+      renderSelectionFooter();
+    });
+  });
+}
+
+// applyRangeSelection sets selection state for every user between
+// (inclusive) startID and endID in renderedUserIDs order. Mode = the
+// final state — checked => add to selection, unchecked => remove.
+function applyRangeSelection(startID: string, endID: string, mode: boolean): void {
+  const a = renderedUserIDs.indexOf(startID);
+  const b = renderedUserIDs.indexOf(endID);
+  if (a === -1 || b === -1) {
+    // One of the anchors dropped out of the current visible set; fall
+    // back to a single-row toggle of the end-id.
+    if (mode) selectedUserIDs.add(endID);
+    else selectedUserIDs.delete(endID);
+    return;
+  }
+  const [lo, hi] = a <= b ? [a, b] : [b, a];
+  for (let i = lo; i <= hi; i++) {
+    const id = renderedUserIDs[i];
+    if (mode) selectedUserIDs.add(id);
+    else selectedUserIDs.delete(id);
+  }
+}
+
+// refreshCardSelectedAttribute syncs every visible card's data-selected
+// + checkbox.checked to the canonical Set, without a full re-render.
+function refreshCardSelectedAttribute(): void {
+  const list = document.getElementById("team-list");
+  if (!list) return;
+  list.querySelectorAll<HTMLElement>(".team-card").forEach((card) => {
+    const id = card.dataset.userId || "";
+    const selected = selectedUserIDs.has(id);
+    card.dataset.selected = selected ? "true" : "false";
+    const cb = card.querySelector<HTMLInputElement>(".team-card-select-input");
+    if (cb) cb.checked = selected;
+  });
+}
+
+// renderSelectionFooter mounts (or hides) the sticky footer that takes
+// over the broadcast action when ≥ 1 row is checked. The footer lives
+// outside the main content tree so it can be position: fixed without
+// fighting any of the existing layout rules.
+function renderSelectionFooter(): void {
+  let footer = document.getElementById("team-selection-footer") as HTMLDivElement | null;
+  const n = selectedUserIDs.size;
+  if (n === 0) {
+    if (footer) footer.style.display = "none";
+    document.body.classList.remove("team-has-selection");
+    return;
+  }
+  if (!footer) {
+    footer = document.createElement("div");
+    footer.id = "team-selection-footer";
+    footer.className = "team-selection-footer";
+    document.body.appendChild(footer);
+  }
+  const countLabel = (t("team.selection.count") || "{n} ausgewählt").replace(
+    "{n}",
+    String(n),
+  );
+  footer.innerHTML = `
+    <span class="team-selection-count">${esc(countLabel)}</span>
+    <button type="button" class="btn-secondary btn-small" id="team-selection-clear">
+      ${esc(t("team.selection.clear") || "Auswahl aufheben")}
+    </button>
+    <button type="button" class="btn-primary" id="team-selection-send">
+      ${esc(t("team.selection.send") || "E-Mail an Auswahl")}
+    </button>
+  `;
+  footer.style.display = "";
+  document.body.classList.add("team-has-selection");
+  document.getElementById("team-selection-clear")?.addEventListener("click", () => {
+    selectedUserIDs.clear();
+    lastToggledUserID = null;
+    refreshCardSelectedAttribute();
+    syncMasterCheckbox();
+    renderSelectionFooter();
+  });
+  document.getElementById("team-selection-send")?.addEventListener("click", () => {
+    onBroadcastFromSelection();
+  });
+}
+
+// selectedRecipients maps the explicit selection Set into the
+// BroadcastRecipient shape openBroadcastModal expects. Mirrors the
+// role-resolution rules of displayedRecipients() (active project
+// filter wins; falls back to first available role).
+function selectedRecipients(): BroadcastRecipient[] {
+  const out: BroadcastRecipient[] = [];
+  for (const id of selectedUserIDs) {
+    const u = users.find((u) => u.id === id);
+    if (!u) continue;
+    const m = memberships.find((m) => m.user_id === u.id);
+    let role = "";
+    if (m) {
+      if (activeProjectIDs.size > 0) {
+        const idx = m.project_ids.findIndex((pid) => activeProjectIDs.has(pid));
+        if (idx >= 0) role = m.roles[idx];
+      } else if (m.roles.length > 0) {
+        role = m.roles[0];
+      }
+    }
+    out.push({
+      user_id: u.id,
+      email: u.email,
+      display_name: u.display_name,
+      first_name: firstName(u.display_name),
+      role_on_project: role,
+    });
+  }
+  return out;
+}
+
+function onBroadcastFromSelection(): void {
+  const recipients = selectedRecipients();
+  if (recipients.length === 0) return;
+  const selectedProjectIDs = Array.from(activeProjectIDs);
+  // Same scope-resolution as displayedRecipients/onBroadcastClick: pass
+  // project_id only when exactly one is selected so the server can
+  // verify lead-ship; multi-project relies on global_admin.
+  const projectID = selectedProjectIDs.length === 1 ? selectedProjectIDs[0] : null;
+  const offices = activeOffice === "all" ? [] : [activeOffice];
+  const roles = activeRole === "all" ? [] : [activeRole];
+  openBroadcastModal({
+    recipients,
+    projectID,
+    projectIDs: selectedProjectIDs,
+    offices,
+    roles,
+  });
+}
+
+// syncMasterCheckbox refreshes the master "select all visible" checkbox
+// to one of three states: empty / partial / full. The HTML element lives
+// in team.tsx (#team-select-master); when missing (older shells) the
+// helper no-ops so the page still works.
+function syncMasterCheckbox(): void {
+  const master = document.getElementById("team-select-master") as HTMLInputElement | null;
+  if (!master) return;
+  const visible = renderedUserIDs.length;
+  if (visible === 0) {
+    master.checked = false;
+    master.indeterminate = false;
+    master.disabled = true;
+    return;
+  }
+  master.disabled = false;
+  let selectedHere = 0;
+  for (const id of renderedUserIDs) {
+    if (selectedUserIDs.has(id)) selectedHere++;
+  }
+  master.checked = selectedHere === visible;
+  master.indeterminate = selectedHere > 0 && selectedHere < visible;
+}
+
+function onMasterToggle(): void {
+  const master = document.getElementById("team-select-master") as HTMLInputElement | null;
+  if (!master) return;
+  const checked = master.checked;
+  for (const id of renderedUserIDs) {
+    if (checked) selectedUserIDs.add(id);
+    else selectedUserIDs.delete(id);
+  }
+  lastToggledUserID = checked && renderedUserIDs.length > 0 ? renderedUserIDs[renderedUserIDs.length - 1] : null;
+  refreshCardSelectedAttribute();
+  syncMasterCheckbox();
+  renderSelectionFooter();
 }
 
 function initToggle() {
@@ -547,6 +809,8 @@ document.addEventListener("DOMContentLoaded", () => {
   initSidebar();
   initSearch();
   initToggle();
+  // t-paliad-223 (#53): master checkbox toggles every visible row.
+  document.getElementById("team-select-master")?.addEventListener("change", onMasterToggle);
   onLangChange(() => {
     buildOfficeFilters();
     buildRoleFilters();

frontend/src/client/verfahrensablauf.ts

@@ -17,11 +17,21 @@ import {
   populateCourtPicker,
   renderColumnsBody,
   renderTimelineBody,
+  wireDateEditClicks,
 } from "./views/verfahrensablauf-core";
 
 let selectedType = "";
 let lastResponse: DeadlineResponse | null = null;
 
+// Per-rule anchor overrides set by the click-to-edit affordance on
+// timeline / column date cells. Posted as `anchorOverrides` to the
+// /api/tools/fristenrechner calc so downstream rules re-anchor off the
+// user's chosen date. Cleared whenever the trigger changes (proceeding,
+// trigger date, flag toggle) so a fresh calc starts unanchored — same
+// semantic as /tools/fristenrechner.
+const anchorOverrides = new Map<string, string>();
+function clearAnchorOverrides() { anchorOverrides.clear(); }
+
 type ProcedureView = "timeline" | "columns";
 let procedureView: ProcedureView = "columns";
 
@@ -125,10 +135,14 @@ async function doCalc() {
     ? courtPicker.value
     : "";
 
+  const overrides: Record<string, string> = {};
+  for (const [code, date] of anchorOverrides) overrides[code] = date;
+
   const data = await calculateDeadlines({
     proceedingType: selectedType,
     triggerDate,
     flags: readFlags(),
+    anchorOverrides: overrides,
     courtId,
   });
   if (seq !== calcSeq) return;
@@ -180,8 +194,8 @@ function renderResults(data: DeadlineResponse) {
   </div>`;
 
   const bodyHtml = procedureView === "columns"
-    ? renderColumnsBody(data, { showNotes })
-    : renderTimelineBody(data, { showParty: true, showNotes });
+    ? renderColumnsBody(data, { editable: true, showNotes })
+    : renderTimelineBody(data, { showParty: true, editable: true, showNotes });
 
   container.innerHTML = headerHtml + bodyHtml;
   if (printBtn) printBtn.style.display = "block";
@@ -229,7 +243,12 @@ function syncInfAmendEnabled() {
 function selectProceeding(btn: HTMLButtonElement) {
   document.querySelectorAll(".proceeding-btn").forEach((b) => b.classList.remove("active"));
   btn.classList.add("active");
-  selectedType = btn.dataset.code || "";
+  const nextType = btn.dataset.code || "";
+  // Different proceeding tree → previously-set overrides reference
+  // rule codes that don't exist in the new tree. Clear before the
+  // next calc so the fresh proceeding starts unanchored.
+  if (selectedType !== nextType) clearAnchorOverrides();
+  selectedType = nextType;
 
   // Trigger-event label fires from the calc response (root rule).
   // Until step 3 renders, fall back to an em-dash placeholder.
@@ -312,6 +331,21 @@ document.addEventListener("DOMContentLoaded", () => {
 
   document.getElementById("fristen-print-btn")?.addEventListener("click", () => window.print());
 
+  // Click-to-edit on timeline / column date cells — same delegated
+  // pattern as /tools/fristenrechner. Survives renderResults()'s
+  // innerHTML rewrites because the listener lives on the container.
+  const timelineContainer = document.getElementById("timeline-container");
+  if (timelineContainer) {
+    wireDateEditClicks(timelineContainer, (ruleCode, newValue) => {
+      if (newValue === "") {
+        anchorOverrides.delete(ruleCode);
+      } else {
+        anchorOverrides.set(ruleCode, newValue);
+      }
+      scheduleCalc(0);
+    });
+  }
+
   // Notes toggle — restores last preference on load + re-renders when
   // the user flips it. Lives in the same toggle bar as the view picker.
   const notesShowCb = document.getElementById("fristen-notes-show") as HTMLInputElement | null;

frontend/src/client/views/verfahrensablauf-core.test.ts

@@ -0,0 +1,67 @@
+import { describe, expect, test } from "bun:test";
+import {
+  type CalculatedDeadline,
+  deadlineCardHtml,
+} from "./verfahrensablauf-core";
+
+// Regression tests for the editable→click-to-edit wiring on timeline date
+// cells (m/paliad#59). When CardOpts.editable=true the card renderer must
+// emit `class="… frist-date-edit"` with `data-rule-code` + `data-current-
+// date` on the date span. Pages then attach a delegated click handler that
+// resolves that selector to swap in an inline `<input type="date">`. If a
+// future refactor drops the attrs, /tools/verfahrensablauf and
+// /tools/fristenrechner both silently lose click-to-edit (no script error,
+// nothing happens on click). These tests pin the contract.
+//
+// Fixture leaves ruleRef/legalSource* empty so deadlineCardHtml stays
+// inside its non-DOM code paths (escHtml is DOM-backed and bun test runs
+// in plain Node without jsdom).
+
+const dl = (overrides: Partial<CalculatedDeadline> = {}): CalculatedDeadline => ({
+  code: "upc-rop-12",
+  name: "Klageerwiderung",
+  nameEN: "Statement of Defence",
+  party: "defendant",
+  priority: "mandatory",
+  ruleRef: "",
+  dueDate: "2026-07-15",
+  originalDate: "2026-07-15",
+  wasAdjusted: false,
+  isRootEvent: false,
+  isCourtSet: false,
+  ...overrides,
+});
+
+describe("deadlineCardHtml — editable=true emits click-to-edit attrs", () => {
+  test("date span carries frist-date-edit class + data-rule-code + data-current-date", () => {
+    const html = deadlineCardHtml(dl(), { showParty: true, editable: true });
+    expect(html).toContain('class="timeline-date frist-date-edit"');
+    expect(html).toContain('data-rule-code="upc-rop-12"');
+    expect(html).toContain('data-current-date="2026-07-15"');
+    expect(html).toContain('role="button"');
+    expect(html).toContain('tabindex="0"');
+  });
+
+  test("editable=false (default) emits the date span without click-to-edit attrs", () => {
+    const html = deadlineCardHtml(dl(), { showParty: true });
+    expect(html).toContain("timeline-date");
+    expect(html).not.toContain("data-rule-code=");
+    expect(html).not.toContain('role="button"');
+  });
+
+  test("root event suppresses editable even when editable=true (root has no override semantic)", () => {
+    const html = deadlineCardHtml(dl({ isRootEvent: true }), { showParty: true, editable: true });
+    expect(html).not.toContain("data-rule-code=");
+  });
+
+  test("isCourtSet renders the court-set placeholder with click-to-edit so users can pin a real date", () => {
+    const html = deadlineCardHtml(dl({ isCourtSet: true }), { showParty: true, editable: true });
+    expect(html).toContain("timeline-court-set frist-date-edit");
+    expect(html).toContain('data-rule-code="upc-rop-12"');
+  });
+
+  test("empty rule code with editable=true still suppresses click-to-edit (no anchor target)", () => {
+    const html = deadlineCardHtml(dl({ code: "" }), { showParty: true, editable: true });
+    expect(html).not.toContain("data-rule-code=");
+  });
+});

frontend/src/client/views/verfahrensablauf-core.ts

@@ -299,6 +299,87 @@ export function deadlineCardHtml(dl: CalculatedDeadline, opts: CardOpts): string
     ${notesBlock}`;
 }
 
+// ─── inline date editor (click-to-edit per-rule due date) ────────────────
+//
+// The renderer emits `<span class="frist-date-edit" data-rule-code="…"
+// data-current-date="YYYY-MM-DD" role="button" tabindex="0">…</span>` when
+// CardOpts.editable is true. Pages call wireDateEditClicks() on their
+// result container once, and the delegated click/keydown handlers swap a
+// clicked span for a `<input type="date">` editor via openInlineDateEditor.
+// The caller's onCommit callback receives (ruleCode, newValue) — an empty
+// newValue means "revert" (clear the anchor override and let the calculator
+// re-project). The actual recompute is the caller's job — they own the
+// anchor-overrides map + the calc dispatch.
+
+export function openInlineDateEditor(
+  span: HTMLElement,
+  onCommit: (ruleCode: string, newValue: string) => void,
+): void {
+  const ruleCode = span.dataset.ruleCode || "";
+  if (!ruleCode) return;
+  const current = span.dataset.currentDate || "";
+  const editor = document.createElement("input");
+  editor.type = "date";
+  editor.className = "frist-date-edit-input";
+  editor.value = current;
+
+  let done = false;
+  const cancel = () => {
+    if (done) return;
+    done = true;
+    editor.replaceWith(span);
+  };
+  const commit = (newValue: string) => {
+    if (done) return;
+    done = true;
+    onCommit(ruleCode, newValue);
+  };
+
+  editor.addEventListener("blur", () => {
+    if (editor.value !== current) commit(editor.value);
+    else cancel();
+  });
+  editor.addEventListener("keydown", (e) => {
+    const ke = e as KeyboardEvent;
+    if (ke.key === "Enter") {
+      e.preventDefault();
+      editor.blur();
+    } else if (ke.key === "Escape") {
+      e.preventDefault();
+      cancel();
+    }
+  });
+
+  span.replaceWith(editor);
+  editor.focus();
+  if (editor.value) editor.select();
+}
+
+// wireDateEditClicks attaches delegated click + keyboard handlers to the
+// timeline result container so click-to-edit survives every innerHTML
+// rewrite the page does on recalc. Idempotent — re-calling on the same
+// container does nothing (the dataset flag short-circuits).
+export function wireDateEditClicks(
+  container: HTMLElement,
+  onCommit: (ruleCode: string, newValue: string) => void,
+): void {
+  if (container.dataset.dateEditWired === "1") return;
+  container.dataset.dateEditWired = "1";
+  container.addEventListener("click", (e) => {
+    const target = (e.target as HTMLElement).closest<HTMLElement>(".frist-date-edit");
+    if (!target || !target.dataset.ruleCode) return;
+    openInlineDateEditor(target, onCommit);
+  });
+  container.addEventListener("keydown", (e) => {
+    const ke = e as KeyboardEvent;
+    if (ke.key !== "Enter" && ke.key !== " ") return;
+    const target = (e.target as HTMLElement).closest<HTMLElement>(".frist-date-edit");
+    if (!target || !target.dataset.ruleCode) return;
+    e.preventDefault();
+    openInlineDateEditor(target, onCommit);
+  });
+}
+
 export function renderTimelineBody(data: DeadlineResponse, opts: CardOpts = { showParty: true }): string {
   let html = '<div class="timeline">';
   for (const dl of data.deadlines) {

frontend/src/components/ProjectFormFields.tsx

@@ -22,6 +22,7 @@ export function ProjectFormFields(): string {
           <option value="patent" data-i18n="projects.type.patent">Patent</option>
           <option value="case" data-i18n="projects.type.case">Verfahren</option>
           <option value="project" data-i18n="projects.type.project">Projekt (generisch)</option>
+          <option value="other" data-i18n="projects.type.other">Sonstiges</option>
         </select>
       </div>
 
@@ -139,6 +140,24 @@ export function ProjectFormFields(): string {
         </div>
       </div>
 
+      {/* Litigation-specific */}
+      <div className="projekt-fields projekt-fields-litigation" id="fields-litigation" style="display:none">
+        <div className="form-field">
+          <label htmlFor="project-opponent-code" data-i18n="projects.field.opponent_code">Gegner-K&uuml;rzel</label>
+          <input
+            type="text"
+            id="project-opponent-code"
+            maxLength={16}
+            pattern="[A-Z0-9-]{1,16}"
+            placeholder="OPNT"
+            data-i18n-placeholder="projects.field.opponent_code.placeholder"
+          />
+          <p className="form-hint" data-i18n="projects.field.opponent_code.hint">
+            Kurzes K&uuml;rzel der Gegenseite (Grossbuchstaben, Ziffern, Bindestriche, max. 16 Zeichen). Wird als mittleres Segment in automatisch abgeleiteten Projekt-Codes verwendet (z.B. EXMPL.OPNT.567.INF.CFI).
+          </p>
+        </div>
+      </div>
+
       {/* Case-specific */}
       <div className="projekt-fields projekt-fields-case" id="fields-case" style="display:none">
         <div className="form-field-row">
@@ -151,20 +170,29 @@ export function ProjectFormFields(): string {
             <input type="text" id="project-case-number" placeholder="UPC_CFI_123/2026" />
           </div>
         </div>
-      </div>
 
-      <div className="form-field">
-        <label htmlFor="project-our-side" data-i18n="projects.field.our_side">Wir vertreten</label>
-        <select id="project-our-side">
-          <option value="" data-i18n="projects.field.our_side.unset">Unbekannt / nicht gesetzt</option>
-          <option value="claimant" data-i18n="projects.field.our_side.claimant">Kl&auml;gerseite</option>
-          <option value="defendant" data-i18n="projects.field.our_side.defendant">Beklagtenseite</option>
-          <option value="court" data-i18n="projects.field.our_side.court">Gericht / Tribunal</option>
-          <option value="both" data-i18n="projects.field.our_side.both">Beide Seiten</option>
-        </select>
-        <p className="form-hint" data-i18n="projects.field.our_side.hint">
-          Bestimmt die Voreinstellung der Perspektive im Fristenrechner-Determinator. L&auml;sst sich dort jederzeit &uuml;berschreiben.
-        </p>
+        <div className="form-field">
+          <label htmlFor="project-our-side" data-i18n="projects.field.client_role">Mandantenrolle</label>
+          <select id="project-our-side">
+            <option value="" data-i18n="projects.field.client_role.unset">Unbekannt</option>
+            <optgroup data-i18n-label="projects.field.client_role.group.active" label="Aktiv (wir greifen an)">
+              <option value="claimant" data-i18n="projects.field.client_role.claimant">Kl&auml;gerseite</option>
+              <option value="applicant" data-i18n="projects.field.client_role.applicant">Antragsteller</option>
+              <option value="appellant" data-i18n="projects.field.client_role.appellant">Berufungsf&uuml;hrer</option>
+            </optgroup>
+            <optgroup data-i18n-label="projects.field.client_role.group.reactive" label="Reaktiv (wir verteidigen)">
+              <option value="defendant" data-i18n="projects.field.client_role.defendant">Beklagtenseite</option>
+              <option value="respondent" data-i18n="projects.field.client_role.respondent">Antragsgegner</option>
+            </optgroup>
+            <optgroup data-i18n-label="projects.field.client_role.group.other" label="Dritte / Sonstige">
+              <option value="third_party" data-i18n="projects.field.client_role.third_party">Streithelfer / Dritter</option>
+              <option value="other" data-i18n="projects.field.client_role.other">Sonstige Beteiligte</option>
+            </optgroup>
+          </select>
+          <p className="form-hint" data-i18n="projects.field.client_role.hint">
+            Bestimmt die Voreinstellung der Perspektive im Fristenrechner-Determinator: Aktiv &rarr; Kl&auml;gerseite, Reaktiv &rarr; Beklagtenseite. L&auml;sst sich dort jederzeit &uuml;berschreiben.
+          </p>
+        </div>
       </div>
 
       <div className="form-field">

frontend/src/dashboard.tsx

@@ -5,12 +5,14 @@ import { BottomNav } from "./components/BottomNav";
 import { Footer } from "./components/Footer";
 import { PWAHead } from "./components/PWAHead";
 
-// The /* __PALIAD_DASHBOARD_DATA__ */ token below is replaced at request time
-// by the Go handler (internal/handlers/dashboard_shell.go) with a JSON blob
-// assigned to window.__PALIAD_DASHBOARD__. Keep the token intact and exactly
-// once in the output.
+// The three /* __PALIAD_DASHBOARD_*__ */ tokens below are replaced at
+// request time by the Go handler (internal/handlers/dashboard_shell.go)
+// with JSON blobs assigned to window.__PALIAD_DASHBOARD__,
+// window.__PALIAD_DASHBOARD_LAYOUT__, and window.__PALIAD_DASHBOARD_CATALOG__.
+// Keep each token intact and exactly once in the output. The latter two
+// power the per-user configurable layout (t-paliad-219).
 const HYDRATION_SCRIPT =
-  "/*__PALIAD_DASHBOARD_DATA__*/";
+  "/*__PALIAD_DASHBOARD_DATA__*//*__PALIAD_DASHBOARD_LAYOUT__*//*__PALIAD_DASHBOARD_CATALOG__*/";
 
 // Chevron used as the collapsible-section disclosure indicator. CSS rotates
 // it 90deg clockwise when the section is open via the
@@ -23,12 +25,13 @@ const ICON_CHEVRON = '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor"
 // renders all sections expanded so unstyled fallback is sensible.
 function CollapsibleSection(props: {
   id: string;
+  widgetKey: string;
   headingI18n: string;
   headingDe: string;
   children: any;
 }): string {
   return (
-    <section className="dashboard-section" data-collapse-key={props.id} aria-expanded="true">
+    <section className="dashboard-section" data-collapse-key={props.id} data-widget-key={props.widgetKey} aria-expanded="true">
       <button type="button" className="dashboard-section-toggle" aria-expanded="true">
         <h3 className="dashboard-section-heading" data-i18n={props.headingI18n}>{props.headingDe}</h3>
         <span className="dashboard-section-chevron" aria-hidden="true"
@@ -88,7 +91,7 @@ export function renderDashboard(): string {
               </div>
 
               {/* Traffic-light deadline summary (4+1: Überfällig conditional + 4 universal — t-paliad-110) */}
-              <CollapsibleSection id="summary" headingI18n="dashboard.summary.heading" headingDe="Fristen auf einen Blick">
+              <CollapsibleSection id="summary" widgetKey="deadline-summary" headingI18n="dashboard.summary.heading" headingDe="Fristen auf einen Blick">
                 <div className="dashboard-summary-grid">
                   <a href="/deadlines?status=overdue" className="dashboard-card dashboard-card-red" id="dashboard-card-overdue">
                     <div className="dashboard-card-count" id="dashboard-count-overdue">0</div>
@@ -116,7 +119,7 @@ export function renderDashboard(): string {
               {/* Matter summary card — single tappable card, kept outside the
                   collapsible scaffold because its h3 is internal to the card
                   and doubles as the navigation affordance. */}
-              <section className="dashboard-matters">
+              <section className="dashboard-matters" data-widget-key="matter-summary">
                 <a href="/projects" className="dashboard-matter-card">
                   <div className="dashboard-matter-header">
                     <h3 data-i18n="dashboard.matters.heading">Meine Akten</h3>
@@ -145,14 +148,14 @@ export function renderDashboard(): string {
                   layout still applies; collapse hides the body of each col
                   but leaves the heading row in the grid. */}
               <div className="dashboard-columns">
-                <CollapsibleSection id="deadlines" headingI18n="dashboard.deadlines.heading" headingDe="Kommende Fristen">
+                <CollapsibleSection id="deadlines" widgetKey="upcoming-deadlines" headingI18n="dashboard.deadlines.heading" headingDe="Kommende Fristen">
                   <ul className="dashboard-list" id="dashboard-deadlines-list"></ul>
                   <p className="dashboard-empty" id="dashboard-deadlines-empty" style="display:none" data-i18n="dashboard.deadlines.empty">
                     Keine Fristen in den n&auml;chsten 7 Tagen.
                   </p>
                 </CollapsibleSection>
 
-                <CollapsibleSection id="appointments" headingI18n="dashboard.appointments.heading" headingDe="Kommende Termine">
+                <CollapsibleSection id="appointments" widgetKey="upcoming-appointments" headingI18n="dashboard.appointments.heading" headingDe="Kommende Termine">
                   <ul className="dashboard-list" id="dashboard-appointments-list"></ul>
                   <p className="dashboard-empty" id="dashboard-appointments-empty" style="display:none" data-i18n="dashboard.appointments.empty">
                     Keine Termine in den n&auml;chsten 7 Tagen.
@@ -166,7 +169,7 @@ export function renderDashboard(): string {
                   no chip filters, no URL state — a 30-day window of
                   upcoming items grouped by day. The standalone /agenda
                   route is unchanged for direct-link compatibility. */}
-              <CollapsibleSection id="agenda" headingI18n="dashboard.agenda.heading" headingDe="Agenda">
+              <CollapsibleSection id="agenda" widgetKey="inline-agenda" headingI18n="dashboard.agenda.heading" headingDe="Agenda">
                 <div className="dashboard-agenda">
                   <div className="agenda-timeline" id="dashboard-agenda-timeline" />
                   <p className="dashboard-empty" id="dashboard-agenda-empty" style="display:none" data-i18n="dashboard.agenda.empty">
@@ -178,9 +181,26 @@ export function renderDashboard(): string {
                 </div>
               </CollapsibleSection>
 
+              {/* Inbox-approvals widget (t-paliad-219 — new in v1). The
+                  list mirrors /inbox's "Approver" axis but capped at the
+                  widget's count setting. Renders the empty state when
+                  the user has no open approvals to review. */}
+              <CollapsibleSection id="inbox-approvals" widgetKey="inbox-approvals" headingI18n="dashboard.inbox.heading" headingDe="Offene Freigaben">
+                <div className="dashboard-inbox">
+                  <p className="dashboard-inbox-summary" id="dashboard-inbox-summary" style="display:none"></p>
+                  <ul className="dashboard-list" id="dashboard-inbox-list"></ul>
+                  <p className="dashboard-empty" id="dashboard-inbox-empty" style="display:none" data-i18n="dashboard.inbox.empty">
+                    Keine offenen Freigaben.
+                  </p>
+                  <p className="dashboard-agenda-link">
+                    <a href="/inbox" data-i18n="dashboard.inbox.full_link">Vollst&auml;ndigen Posteingang &ouml;ffnen &rarr;</a>
+                  </p>
+                </div>
+              </CollapsibleSection>
+
               {/* Activity feed — moved under Agenda per m's design call
                   (t-paliad-162). */}
-              <CollapsibleSection id="activity" headingI18n="dashboard.activity.heading" headingDe="Letzte Aktivität">
+              <CollapsibleSection id="activity" widgetKey="recent-activity" headingI18n="dashboard.activity.heading" headingDe="Letzte Aktivität">
                 <ul className="dashboard-activity-list" id="dashboard-activity-list"></ul>
                 <p className="dashboard-empty" id="dashboard-activity-empty" style="display:none" data-i18n="dashboard.activity.empty">
                   Noch keine Aktivit&auml;t erfasst.

frontend/src/deadlines-detail.tsx

@@ -82,15 +82,21 @@ export function renderDeadlinesDetail(): string {
                       <input type="date" id="deadline-due-edit" style="display:none" />
                     </dd>
 
-                    <dt data-i18n="deadlines.detail.rule">Regel</dt>
-                    <dd id="deadline-rule-display">&mdash;</dd>
-
+                    {/* m/paliad#56 — Verfahrenshandlung block.
+                        Event type (parent concept) renders first; rule
+                        sits beneath as the citation under that event
+                        type. Editor splits them back into separate
+                        pickers but the read-only stack reads as one
+                        compound "Typ — Regel" surface. */}
                     <dt data-i18n="deadlines.field.event_type">Typ (optional)</dt>
                     <dd>
                       <span id="deadline-event-types-display">&mdash;</span>
                       <div id="deadline-event-types-edit" className="event-type-picker-host" style="display:none" />
                     </dd>
 
+                    <dt data-i18n="deadlines.detail.rule">Regel</dt>
+                    <dd id="deadline-rule-display">&mdash;</dd>
+
                     <dt data-i18n="deadlines.detail.source">Quelle</dt>
                     <dd id="deadline-source-display" />
 

frontend/src/deadlines-new.tsx

@@ -101,18 +101,19 @@ export function renderDeadlinesNew(): string {
                   </p>
                 </div>
 
-                <div className="form-field-row">
-                  <div className="form-field">
-                    <label htmlFor="deadline-due" data-i18n="deadlines.field.due">F&auml;lligkeitsdatum</label>
-                    <input type="date" id="deadline-due" required />
-                  </div>
+                {/* m/paliad#56 — Regel sits directly beneath the Typ
+                    picker so the parent/child relationship reads at a
+                    glance. Due date is its own row below. */}
+                <div className="form-field">
+                  <label htmlFor="deadline-rule" data-i18n="deadlines.field.rule">Regel (optional)</label>
+                  <select id="deadline-rule">
+                    <option value="" data-i18n="deadlines.field.rule.none">Keine Regel</option>
+                  </select>
+                </div>
 
-                  <div className="form-field">
-                    <label htmlFor="deadline-rule" data-i18n="deadlines.field.rule">Regel (optional)</label>
-                    <select id="deadline-rule">
-                      <option value="" data-i18n="deadlines.field.rule.none">Keine Regel</option>
-                    </select>
-                  </div>
+                <div className="form-field">
+                  <label htmlFor="deadline-due" data-i18n="deadlines.field.due">F&auml;lligkeitsdatum</label>
+                  <input type="date" id="deadline-due" required />
                 </div>
 
                 <div className="form-field">

frontend/src/fristenrechner.tsx

@@ -161,19 +161,19 @@ export function renderFristenrechner(): string {
                 <div className="fristen-adhoc-chips" role="group" aria-label="Ad-hoc proceeding">
                   <button type="button" className="fristen-adhoc-chip" data-ad-hoc="upc"
                           data-i18n="deadlines.step1.adhoc.upc">
-                    Custom UPC proceeding
+                    UPC proceeding
                   </button>
                   <button type="button" className="fristen-adhoc-chip" data-ad-hoc="de"
                           data-i18n="deadlines.step1.adhoc.de">
-                    Custom DE proceeding
+                    DE proceeding
                   </button>
                   <button type="button" className="fristen-adhoc-chip" data-ad-hoc="epa"
                           data-i18n="deadlines.step1.adhoc.epa">
-                    Custom EPA proceeding
+                    EPA proceeding
                   </button>
                   <button type="button" className="fristen-adhoc-chip" data-ad-hoc="dpma"
                           data-i18n="deadlines.step1.adhoc.dpma">
-                    Custom DPMA proceeding
+                    DPMA proceeding
                   </button>
                 </div>
               </div>
@@ -485,7 +485,10 @@ export function renderFristenrechner(): string {
 
                   <div className="date-input-group">
                     <div className="date-field-row">
-                      <label htmlFor="trigger-event" className="date-label" data-i18n="deadlines.trigger.event">Ausl&ouml;sendes Ereignis:</label>
+                      {/* Read-only caption labelling the value <span>. Not a
+                          <label htmlFor> — m/paliad#60: <label for=…> must
+                          point at a labelable form control, never a span. */}
+                      <span className="date-label" data-i18n="deadlines.trigger.event">Ausl&ouml;sendes Ereignis:</span>
                       <span id="trigger-event" className="trigger-event-name">&mdash;</span>
                     </div>
                     <div className="date-field-row">

frontend/src/i18n-keys.ts

@@ -658,6 +658,7 @@ export type I18nKey =
   | "approvals.suggest.note_placeholder"
   | "approvals.suggest.section.context"
   | "approvals.suggest.section.editable"
+  | "approvals.suggest.section.event_type_rule"
   | "approvals.suggest.submit"
   | "approvals.suggest.submit_disabled_hint"
   | "approvals.suggest.unsupported_lifecycle"
@@ -927,6 +928,11 @@ export type I18nKey =
   | "dashboard.deadlines.empty"
   | "dashboard.deadlines.heading"
   | "dashboard.greeting.prefix"
+  | "dashboard.inbox.empty"
+  | "dashboard.inbox.entity.appointment"
+  | "dashboard.inbox.entity.deadline"
+  | "dashboard.inbox.full_link"
+  | "dashboard.inbox.heading"
   | "dashboard.matters.active"
   | "dashboard.matters.archived"
   | "dashboard.matters.heading"
@@ -966,7 +972,9 @@ export type I18nKey =
   | "deadlines.card.calc.flag.with_cci"
   | "deadlines.card.calc.flag.with_ccr"
   | "deadlines.card.calc.flags.label"
+  | "deadlines.card.calc.pill_picker.change"
   | "deadlines.card.calc.pill_picker.label"
+  | "deadlines.card.calc.pill_picker.locked_label"
   | "deadlines.card.calc.result.calculating"
   | "deadlines.card.calc.result.court_set"
   | "deadlines.card.calc.result.due"
@@ -1967,6 +1975,7 @@ export type I18nKey =
   | "projects.chip.type.case"
   | "projects.chip.type.client"
   | "projects.chip.type.litigation"
+  | "projects.chip.type.other"
   | "projects.chip.type.patent"
   | "projects.chip.type.project"
   | "projects.col.clientmatter"
@@ -2154,6 +2163,19 @@ export type I18nKey =
   | "projects.field.billing_reference"
   | "projects.field.case_number"
   | "projects.field.client_number"
+  | "projects.field.client_role"
+  | "projects.field.client_role.appellant"
+  | "projects.field.client_role.applicant"
+  | "projects.field.client_role.claimant"
+  | "projects.field.client_role.defendant"
+  | "projects.field.client_role.group.active"
+  | "projects.field.client_role.group.other"
+  | "projects.field.client_role.group.reactive"
+  | "projects.field.client_role.hint"
+  | "projects.field.client_role.other"
+  | "projects.field.client_role.respondent"
+  | "projects.field.client_role.third_party"
+  | "projects.field.client_role.unset"
   | "projects.field.clientmatter.hint"
   | "projects.field.collaborators"
   | "projects.field.collaborators.hint"
@@ -2171,13 +2193,21 @@ export type I18nKey =
   | "projects.field.matter_number"
   | "projects.field.netdocuments_url"
   | "projects.field.office"
+  | "projects.field.opponent_code"
+  | "projects.field.opponent_code.hint"
+  | "projects.field.opponent_code.placeholder"
   | "projects.field.our_side"
+  | "projects.field.our_side.appellant"
+  | "projects.field.our_side.applicant"
   | "projects.field.our_side.both"
   | "projects.field.our_side.claimant"
   | "projects.field.our_side.court"
   | "projects.field.our_side.defendant"
   | "projects.field.our_side.hint"
   | "projects.field.our_side.none"
+  | "projects.field.our_side.other"
+  | "projects.field.our_side.respondent"
+  | "projects.field.our_side.third_party"
   | "projects.field.our_side.unset"
   | "projects.field.parent"
   | "projects.field.parent.hint"
@@ -2224,6 +2254,9 @@ export type I18nKey =
   | "projects.team.derived.from"
   | "projects.team.derived.visibility"
   | "projects.team.direct"
+  | "projects.team.error.forbidden"
+  | "projects.team.error.generic"
+  | "projects.team.error.last_admin"
   | "projects.team.inherited.hint"
   | "projects.team.profession.associate"
   | "projects.team.profession.hint"
@@ -2234,6 +2267,8 @@ export type I18nKey =
   | "projects.team.profession.paralegal"
   | "projects.team.profession.partner"
   | "projects.team.profession.senior_pa"
+  | "projects.team.responsibility.admin"
+  | "projects.team.responsibility.admin.hint"
   | "projects.team.responsibility.external"
   | "projects.team.responsibility.lead"
   | "projects.team.responsibility.member"
@@ -2282,6 +2317,7 @@ export type I18nKey =
   | "projects.type.case"
   | "projects.type.client"
   | "projects.type.litigation"
+  | "projects.type.other"
   | "projects.type.patent"
   | "projects.type.project"
   | "projects.unavailable"
@@ -2348,6 +2384,11 @@ export type I18nKey =
   | "team.role.senior_associate"
   | "team.role.trainee"
   | "team.search.placeholder"
+  | "team.selection.clear"
+  | "team.selection.count"
+  | "team.selection.select_all"
+  | "team.selection.send"
+  | "team.selection.toggle_card"
   | "team.subtitle"
   | "team.title"
   | "theme.toggle.auto"

frontend/src/projects-detail.tsx

@@ -50,6 +50,14 @@ export function renderProjectsDetail(): string {
                       <div className="entity-detail-meta">
                         <span id="project-type-chip" className="entity-type-chip" />
                         <span className="entity-ref" id="project-ref-display" />
+                        {/* Auto-derived project code (t-paliad-222 / m/paliad#50).
+                            Rendered as a separate badge so the user can still
+                            distinguish a custom reference (left badge) from a
+                            tree-derived code (right badge); when reference is
+                            blank, the derived code IS reference and only this
+                            badge shows. Hidden via inline style until the
+                            client populates it. */}
+                        <span className="entity-ref entity-ref-code" id="project-code-display" style="display:none" title="Auto-derived project code" />
                         <span id="project-clientmatter" className="entity-ref" />
                         <span id="project-status-chip" className="entity-status-chip" />
                         <a id="project-netdocs" className="netdocs-link" target="_blank" rel="noopener" style="display:none">netDocuments &nearr;</a>
@@ -262,6 +270,7 @@ export function renderProjectsDetail(): string {
                       <div className="form-field">
                         <label htmlFor="team-responsibility" data-i18n="projects.detail.team.form.responsibility">Rolle im Projekt</label>
                         <select id="team-responsibility">
+                          <option value="admin" data-i18n="projects.team.responsibility.admin">Admin</option>
                           <option value="lead" data-i18n="projects.team.responsibility.lead">Lead</option>
                           <option value="member" selected data-i18n="projects.team.responsibility.member">Mitglied</option>
                           <option value="observer" data-i18n="projects.team.responsibility.observer">Beobachter</option>

frontend/src/projects.tsx

@@ -127,7 +127,8 @@ export function renderProjects(): string {
                     <label><input type="checkbox" value="litigation" /><span data-i18n="projects.chip.type.litigation">Streitsache</span></label>
                     <label><input type="checkbox" value="patent" /><span data-i18n="projects.chip.type.patent">Patent</span></label>
                     <label><input type="checkbox" value="case" /><span data-i18n="projects.chip.type.case">Verfahren</span></label>
-                    <label><input type="checkbox" value="project" data-i18n-text="projects.chip.type.project"><span data-i18n="projects.chip.type.project">Projekt</span></input></label>
+                    <label><input type="checkbox" value="project" /><span data-i18n="projects.chip.type.project">Projekt</span></label>
+                    <label><input type="checkbox" value="other" /><span data-i18n="projects.chip.type.other">Sonstiges</span></label>
                   </div>
                 </details>
                 <button type="button" className="projects-chip" data-chip="has_open_deadlines" data-i18n="projects.chip.has_open_deadlines">Mit aktiven Fristen</button>

frontend/src/styles/global.css

@@ -59,6 +59,14 @@
     --color-overlay-strong: rgba(0, 0, 0, 0.10);
     --color-overlay-modal:  rgba(0, 0, 0, 0.4);   /* modal/drawer scrim */
 
+    /* Segmented-control active pill — brand-lime accent so every density /
+       view-mode toggle reads as the same primary action (m/paliad#52).
+       Surfaces consuming these tokens: .filter-bar-segment (FilterBar
+       density + future view-mode segments). Override on dark mode below. */
+    --color-segment-active-bg:     var(--color-accent);
+    --color-segment-active-fg:     var(--color-accent-dark);
+    --color-segment-active-border: var(--color-accent);
+
     /* Status palette — five buckets (red/amber/green/blue/neutral) shared
        across dashboard cards, frist-due-chips, agenda urgency, termin
        badges, login forms. Light values match the existing pastel-on-dark
@@ -173,6 +181,13 @@
     --color-overlay-strong: rgba(255, 255, 255, 0.12);
     --color-overlay-modal:  rgba(0, 0, 0, 0.65);
 
+    /* Segmented active pill — lime stays the brand on dark mode too; the
+       --color-accent-dark token already resolves to midnight in both
+       themes, keeping the foreground WCAG-AA on lime. */
+    --color-segment-active-bg:     var(--color-accent);
+    --color-segment-active-fg:     var(--color-accent-dark);
+    --color-segment-active-border: var(--color-accent);
+
     --shadow: 0 1px 3px rgba(0, 0, 0, 0.4), 0 1px 2px rgba(0, 0, 0, 0.3);
     --shadow-md: 0 4px 12px rgba(0, 0, 0, 0.45);
     --shadow-lg: 0 8px 32px rgba(0, 0, 0, 0.55);
@@ -2670,6 +2685,61 @@ input[type="range"]::-moz-range-thumb {
     font-family: ui-monospace, monospace;
 }
 
+/* m/paliad#57 part 4 — once a card is expanded into a calc panel,
+   the rule-pill list is redundant with the calc panel's context
+   picker (locked caption or fieldset). Hide it so the user isn't
+   asked the same thing twice. The cross-cutting section stays —
+   those pills are alternative concepts to explore, not the same
+   proceeding context. */
+.fristen-card.is-expanded .fristen-card-pills-section--rules {
+    display: none;
+}
+
+/* Locked-context caption when the user clicked a specific rule pill
+   to expand. Shows the picked (proceeding, rule) tuple compactly
+   with a small "ändern" button to swap back to the radio picker. */
+.fristen-card-calc-pill-locked {
+    display: flex;
+    flex-wrap: wrap;
+    align-items: baseline;
+    gap: 0.4rem;
+    padding: 0.35rem 0.55rem;
+    border: 1px solid var(--color-border-subtle, #ececec);
+    border-radius: 5px;
+    background: rgba(198, 244, 28, 0.06);
+    font-size: 0.88rem;
+}
+.fristen-card-calc-pill-locked-label {
+    font-weight: 600;
+    color: var(--color-muted, #777);
+    text-transform: uppercase;
+    font-size: 0.74rem;
+    letter-spacing: 0.04em;
+}
+.fristen-card-calc-pill-locked-proc {
+    font-weight: 600;
+    color: var(--color-text, #222);
+}
+.fristen-card-calc-pill-locked-rule {
+    color: var(--color-text, #222);
+}
+.fristen-card-calc-pill-locked-source {
+    font-size: 0.8rem;
+    color: var(--color-muted, #888);
+    font-family: ui-monospace, monospace;
+}
+.fristen-card-calc-pill-change {
+    margin-left: auto;
+    background: transparent;
+    border: 0;
+    padding: 0;
+    color: var(--color-link, #1267a8);
+    cursor: pointer;
+    font-size: 0.82rem;
+    text-decoration: underline;
+}
+.fristen-card-calc-pill-change:hover { text-decoration: none; }
+
 .fristen-card-calc-inputs {
     display: flex;
     flex-wrap: wrap;
@@ -6723,6 +6793,17 @@ dialog.modal::backdrop {
     max-width: 100%;
 }
 
+/* Auto-derived project code badge (t-paliad-222 / m/paliad#50).
+   Distinct from the user's manual reference badge — same mono shape,
+   subtly bracketed so the reader knows it's a derived/computed value
+   rather than something typed by hand. Renders only when distinct
+   from the manual reference (see renderHeader in projects-detail.ts). */
+.entity-ref-code {
+    opacity: 0.75;
+}
+.entity-ref-code::before { content: "[ "; }
+.entity-ref-code::after { content: " ]"; }
+
 .entity-detail-actions {
     display: flex;
     gap: 0.5rem;
@@ -9527,7 +9608,7 @@ label.caldav-toggle-label {
     background: var(--color-surface);
     border: 1px solid var(--color-border, #e5e5ed);
     border-radius: 12px;
-    transition: border-color 0.15s, box-shadow 0.15s;
+    transition: border-color 0.15s, box-shadow 0.15s, background 0.15s;
 }
 
 .team-card:hover {
@@ -9535,6 +9616,95 @@ label.caldav-toggle-label {
     box-shadow: 0 2px 8px rgba(0, 0, 0, 0.04);
 }
 
+/* t-paliad-223 (#53) — selected card highlight. */
+.team-card[data-selected="true"] {
+    border-color: var(--color-accent, var(--hlc-lime));
+    background: var(--color-bg-lime-tint, rgba(198, 244, 28, 0.08));
+    box-shadow: 0 0 0 1px var(--color-accent, var(--hlc-lime)) inset;
+}
+
+.team-card-select {
+    flex-shrink: 0;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    cursor: pointer;
+    padding-top: 0.15rem;
+}
+
+.team-card-select-input {
+    width: 18px;
+    height: 18px;
+    cursor: pointer;
+    accent-color: var(--color-accent, var(--hlc-lime));
+}
+
+/* Master "select all visible" row, sits above the team list. */
+.team-select-master-row {
+    display: flex;
+    align-items: center;
+    gap: 0.5rem;
+    margin: 0.5rem 0 0.75rem;
+    padding: 0.35rem 0.75rem;
+    font-size: 0.82rem;
+    color: var(--color-text-muted, #64647a);
+}
+
+.team-select-master-label {
+    display: inline-flex;
+    align-items: center;
+    gap: 0.5rem;
+    cursor: pointer;
+}
+
+.team-select-master-label input[type="checkbox"] {
+    width: 16px;
+    height: 16px;
+    accent-color: var(--color-accent, var(--hlc-lime));
+}
+
+/* Sticky footer that takes over the broadcast action when ≥ 1 row is
+   selected. z-index 150 sits above the mobile bottom-nav (100) and well
+   below modal overlays (1000+), per t-paliad-223 design §4.5. */
+.team-selection-footer {
+    position: fixed;
+    left: 0;
+    right: 0;
+    bottom: 0;
+    z-index: 150;
+    display: flex;
+    align-items: center;
+    justify-content: flex-end;
+    gap: 0.75rem;
+    padding: 0.8rem 1.25rem;
+    background: var(--color-surface, #ffffff);
+    border-top: 2px solid var(--color-accent, var(--hlc-lime));
+    box-shadow: 0 -4px 16px rgba(0, 0, 0, 0.08);
+}
+
+.team-selection-count {
+    flex: 1;
+    font-weight: 600;
+    color: var(--color-text, var(--hlc-midnight));
+}
+
+/* Reserve a small bottom margin on the main content while the footer is
+   visible so the last row of cards doesn't tuck under the bar. */
+body.team-has-selection main {
+    padding-bottom: 4.5rem;
+}
+
+@media (max-width: 600px) {
+    .team-selection-footer {
+        flex-wrap: wrap;
+        padding-bottom: calc(0.8rem + env(safe-area-inset-bottom, 0));
+    }
+    .team-selection-count {
+        width: 100%;
+        margin-bottom: 0.25rem;
+    }
+}
+
 .team-avatar {
     flex-shrink: 0;
     width: 40px;
@@ -14103,8 +14273,9 @@ dialog.quick-add-sheet::backdrop {
     border: 1px solid transparent;
 }
 .filter-bar-segment .filter-bar-chip.agenda-chip-active {
-    background: var(--color-surface, #ffffff);
-    border-color: var(--color-border, #e5e7eb);
+    background: var(--color-segment-active-bg);
+    color: var(--color-segment-active-fg);
+    border-color: var(--color-segment-active-border);
 }
 
 .filter-bar-chip-pending {

frontend/src/team.tsx

@@ -75,6 +75,14 @@ export function renderTeam(): string {
               <div className="team-broadcast-wrap" id="team-broadcast-wrap" style="display:none">
               </div>
 
+              {/* t-paliad-223 (#53) — master "select all visible" checkbox. */}
+              <div className="team-select-master-row">
+                <label className="team-select-master-label">
+                  <input type="checkbox" id="team-select-master" />
+                  <span data-i18n="team.selection.select_all">Alle sichtbaren ausw&auml;hlen</span>
+                </label>
+              </div>
+
               <div className="team-list" id="team-list" />
 
               <div className="glossar-empty" id="team-empty" style="display:none">

frontend/src/verfahrensablauf.tsx

@@ -163,7 +163,10 @@ export function renderVerfahrensablauf(): string {
 
                   <div className="date-input-group">
                     <div className="date-field-row">
-                      <label htmlFor="trigger-event" className="date-label" data-i18n="deadlines.trigger.event">Ausl&ouml;sendes Ereignis:</label>
+                      {/* Read-only caption labelling the value <span>. Not a
+                          <label htmlFor> — m/paliad#60: <label for=…> must
+                          point at a labelable form control, never a span. */}
+                      <span className="date-label" data-i18n="deadlines.trigger.event">Ausl&ouml;sendes Ereignis:</span>
                       <span id="trigger-event" className="trigger-event-name">&mdash;</span>
                     </div>
                     <div className="date-field-row">

go.mod

@@ -8,6 +8,7 @@ require (
 	github.com/jmoiron/sqlx v1.4.0
 	github.com/lib/pq v1.12.3
 	github.com/xuri/excelize/v2 v2.10.1
+	golang.org/x/text v0.34.0
 )
 
 require (
@@ -20,5 +21,4 @@ require (
 	github.com/xuri/nfp v0.0.2-0.20250530014748-2ddeb826f9a9 // indirect
 	golang.org/x/crypto v0.48.0 // indirect
 	golang.org/x/net v0.50.0 // indirect
-	golang.org/x/text v0.34.0 // indirect
 )

internal/db/migrations/109_user_dashboard_layouts.down.sql

@@ -0,0 +1,3 @@
+-- Reverse of 109_user_dashboard_layouts.up.sql.
+
+DROP TABLE IF EXISTS paliad.user_dashboard_layouts;

internal/db/migrations/109_user_dashboard_layouts.up.sql

@@ -0,0 +1,29 @@
+-- t-paliad-219 Slice A1: per-user dashboard layout.
+--
+-- Design: docs/design-dashboard-configurable-2026-05-20.md §5.1 (newton,
+-- m-locked 2026-05-20: single layout per user, Q2).
+--
+-- Stores one configurable dashboard layout per user as a single jsonb
+-- column. The layout is an ordered list of (widget_key, visible, settings)
+-- triples; see internal/services/dashboard_layout_spec.go DashboardLayoutSpec.
+--
+-- Single-row-per-user PK because m's Q2 pick is one layout per user (v1) —
+-- no named-layout switcher. Forward path to named layouts (drop the PK, add
+-- id+name+is_default columns) stays open if m later changes course.
+--
+-- RLS owner-only mirrors user_card_layouts / user_views — personal working
+-- state, not auditable infrastructure. global_admin gets no override.
+
+CREATE TABLE paliad.user_dashboard_layouts (
+    user_id     uuid        PRIMARY KEY REFERENCES paliad.users(id) ON DELETE CASCADE,
+    layout_json jsonb       NOT NULL,
+    created_at  timestamptz NOT NULL DEFAULT now(),
+    updated_at  timestamptz NOT NULL DEFAULT now()
+);
+
+ALTER TABLE paliad.user_dashboard_layouts ENABLE ROW LEVEL SECURITY;
+
+CREATE POLICY user_dashboard_layouts_owner_all
+    ON paliad.user_dashboard_layouts FOR ALL
+    USING (user_id = auth.uid())
+    WITH CHECK (user_id = auth.uid());

internal/db/migrations/110_project_type_other.down.sql

@@ -0,0 +1,22 @@
+-- mig 110 (down) — revert 'other' addition to paliad.projects.type
+--
+-- Coerces any 'other' rows back to 'project' (the historical catch-all)
+-- so the narrower CHECK constraint can re-attach. This is a lossy
+-- rollback: rows that were genuinely 'other' lose that distinction.
+
+SELECT set_config(
+    'paliad.audit_reason',
+    'mig 110 (down): revert ''other'' from projects.type CHECK; coerce rows to ''project''',
+    true);
+
+UPDATE paliad.projects
+   SET type = 'project'
+ WHERE type = 'other';
+
+ALTER TABLE paliad.projects
+    DROP CONSTRAINT IF EXISTS projects_type_check;
+ALTER TABLE paliad.projects
+    ADD CONSTRAINT projects_type_check
+    CHECK (type IN (
+        'client', 'litigation', 'patent', 'case', 'project'
+    ));

internal/db/migrations/110_project_type_other.up.sql

@@ -0,0 +1,33 @@
+-- mig 110 — add 'other' as a sixth paliad.projects.type value
+--
+-- m/paliad#51 (t-paliad-221): the type chip filter on /projects used to
+-- treat unclassified projects as a synthetic "Empty" bucket. We replace
+-- that with a real 'other' type so every row carries a meaningful label
+-- and the filter UI stops needing a NULL/Empty shim.
+--
+-- Defensive backfill: NOT NULL + the original IN-list CHECK already
+-- forbid NULL rows, but we coerce any stray rows just in case a future
+-- migration ever relaxed the constraint. As of 2026-05-20 production
+-- carries zero rows that would change here (live query confirmed).
+--
+-- The Go-side source of truth lives in
+-- internal/services/project_service.go (ProjectType constants +
+-- isValidProjectType); this migration keeps the DB in sync.
+
+SELECT set_config(
+    'paliad.audit_reason',
+    'mig 110: add ''other'' to projects.type CHECK + backfill NULLs (m/paliad#51)',
+    true);
+
+-- Backfill first so the new CHECK never rejects a pre-existing row.
+UPDATE paliad.projects
+   SET type = 'other'
+ WHERE type IS NULL;
+
+ALTER TABLE paliad.projects
+    DROP CONSTRAINT IF EXISTS projects_type_check;
+ALTER TABLE paliad.projects
+    ADD CONSTRAINT projects_type_check
+    CHECK (type IN (
+        'client', 'litigation', 'patent', 'case', 'project', 'other'
+    ));

internal/db/migrations/111_project_admin_and_select.down.sql

@@ -0,0 +1,65 @@
+-- Reverse of 111_project_admin_and_select.up.sql.
+--
+-- Drops effective_project_admin, restores the original RLS policies,
+-- and shrinks the responsibility CHECK back to four values. Any rows
+-- still carrying responsibility='admin' would violate the restored
+-- CHECK; the down-migration backfills them to 'lead' (the closest
+-- existing role) before re-adding the constraint.
+
+-- ============================================================================
+-- 1. Backfill any responsibility='admin' rows to 'lead'.
+-- ============================================================================
+
+UPDATE paliad.project_teams
+   SET responsibility = 'lead'
+ WHERE responsibility = 'admin';
+
+-- ============================================================================
+-- 2. Restore the original CHECK (lead/member/observer/external).
+-- ============================================================================
+
+ALTER TABLE paliad.project_teams
+    DROP CONSTRAINT IF EXISTS project_teams_responsibility_check;
+
+ALTER TABLE paliad.project_teams
+    ADD CONSTRAINT project_teams_responsibility_check
+    CHECK (responsibility IN ('lead', 'member', 'observer', 'external'));
+
+-- ============================================================================
+-- 3. Restore the pre-110 RLS policies.
+-- ============================================================================
+
+DROP POLICY IF EXISTS project_teams_update ON paliad.project_teams;
+CREATE POLICY project_teams_update
+    ON paliad.project_teams FOR UPDATE
+    USING (paliad.can_see_project(project_id))
+    WITH CHECK (paliad.can_see_project(project_id));
+
+DROP POLICY IF EXISTS project_teams_insert ON paliad.project_teams;
+CREATE POLICY project_teams_insert
+    ON paliad.project_teams FOR INSERT
+    WITH CHECK (
+        user_id = auth.uid()
+        OR paliad.can_see_project(project_id)
+    );
+
+DROP POLICY IF EXISTS project_teams_delete ON paliad.project_teams;
+CREATE POLICY project_teams_delete
+    ON paliad.project_teams FOR DELETE
+    USING (
+        paliad.can_see_project(project_id)
+        AND (
+            user_id = auth.uid()
+            OR EXISTS (
+                SELECT 1 FROM paliad.users u
+                 WHERE u.id = auth.uid()
+                   AND u.global_role = 'global_admin'
+            )
+        )
+    );
+
+-- ============================================================================
+-- 4. Drop the predicate function.
+-- ============================================================================
+
+DROP FUNCTION IF EXISTS paliad.effective_project_admin(uuid, uuid);

internal/db/migrations/111_project_admin_and_select.up.sql

@@ -0,0 +1,152 @@
+-- t-paliad-223 Slice A: Project Admin role on project_teams.responsibility +
+-- inheritable role-edit gate.
+--
+-- Design: docs/design-team-admin-rework-2026-05-20.md (gauss, m-locked
+-- 2026-05-20 via head's "all R approved").
+--
+-- Adds a fifth 'admin' value to the project_teams.responsibility enum
+-- (orthogonal to the profession-driven approval ladder — admin does NOT
+-- open the 4-Augen gate by itself). Introduces paliad.effective_project_admin
+-- which mirrors paliad.can_see_project's shape and walks the ltree path
+-- to compute inheritance. Replaces the three write-side RLS policies on
+-- paliad.project_teams so role edits are gated on the new predicate
+-- instead of "anyone with visibility".
+--
+-- Day-1 deploy = no behaviour change for callers who never use the admin
+-- value: existing lead/member/observer/external rows keep their meaning,
+-- and the global_admin shortcut + self-join INSERT / self-DELETE remain
+-- intact.
+--
+-- Sections:
+--   1. ALTER project_teams.responsibility CHECK to include 'admin'.
+--   2. CREATE paliad.effective_project_admin(uuid, uuid).
+--   3. Replace project_teams_update policy: gated on effective_project_admin.
+--   4. Replace project_teams_insert policy: self-join OR effective_project_admin.
+--   5. Replace project_teams_delete policy: self / global_admin / effective_project_admin.
+
+-- ============================================================================
+-- 1. Extend responsibility CHECK to include 'admin'.
+--
+-- 'admin' inherits down the project tree (see effective_project_admin in §2).
+-- A user marked admin on a Mandant-level project is implicitly admin on
+-- every Litigation / Patent / Case descendant — same shape as how 'lead'
+-- already inherits.
+-- ============================================================================
+
+ALTER TABLE paliad.project_teams
+    DROP CONSTRAINT IF EXISTS project_teams_responsibility_check;
+
+ALTER TABLE paliad.project_teams
+    ADD CONSTRAINT project_teams_responsibility_check
+    CHECK (responsibility IN ('admin', 'lead', 'member', 'observer', 'external'));
+
+COMMENT ON COLUMN paliad.project_teams.responsibility IS
+    'Per-project responsibility. admin = can manage team + roles on this '
+    'project and descendants (inherited via paliad.effective_project_admin). '
+    'lead/member open the 4-Augen approval gate; observer/external close it. '
+    'admin is orthogonal to the approval gate — it does NOT open it by itself.';
+
+-- ============================================================================
+-- 2. paliad.effective_project_admin(_user_id, _project_id)
+--
+-- Mirrors paliad.can_see_project: STABLE SECURITY DEFINER, ltree path-walk
+-- against projects.path. Two branches:
+--   (a) global_admin short-circuit — firm-wide admins are always admin.
+--   (b) ancestor-or-self project_teams row with responsibility='admin'.
+--
+-- Used by the project_teams_update / _insert / _delete policies below
+-- and by ProjectService for the effective_admin payload field.
+--
+-- The ltree-array cast is the same pattern can_see_project uses; the
+-- existing GiST index on projects.path is the load-bearing index. No new
+-- index needed.
+-- ============================================================================
+
+CREATE OR REPLACE FUNCTION paliad.effective_project_admin(_user_id uuid, _project_id uuid)
+RETURNS boolean
+LANGUAGE sql STABLE SECURITY DEFINER
+SET search_path TO 'paliad', 'public'
+AS $$
+    SELECT EXISTS (
+        SELECT 1 FROM paliad.users u
+         WHERE u.id = _user_id
+           AND u.global_role = 'global_admin'
+    )
+    OR EXISTS (
+        SELECT 1
+          FROM paliad.projects      target
+          JOIN paliad.project_teams pt
+            ON pt.user_id = _user_id
+           AND pt.responsibility = 'admin'
+           AND pt.project_id = ANY(string_to_array(target.path, '.')::uuid[])
+         WHERE target.id = _project_id
+    );
+$$;
+
+COMMENT ON FUNCTION paliad.effective_project_admin(uuid, uuid) IS
+    'True iff the user is global_admin OR has responsibility=admin on the '
+    'project itself or any ancestor in the materialised ltree path. '
+    'Drives the role-edit gate on project_teams (UPDATE/INSERT/DELETE RLS).';
+
+-- ============================================================================
+-- 3. project_teams_update policy: gated on effective_project_admin.
+--
+-- Before: USING + CHECK = can_see_project (anyone with visibility could
+-- edit anyone's responsibility — the load-bearing gap that t-paliad-223
+-- closes).
+-- After: USING + CHECK = effective_project_admin (only project-admins
+-- and global_admins can change roles).
+-- ============================================================================
+
+DROP POLICY IF EXISTS project_teams_update ON paliad.project_teams;
+
+CREATE POLICY project_teams_update
+    ON paliad.project_teams FOR UPDATE
+    USING (paliad.effective_project_admin(auth.uid(), project_id))
+    WITH CHECK (paliad.effective_project_admin(auth.uid(), project_id));
+
+-- ============================================================================
+-- 4. project_teams_insert policy: self-join OR effective_project_admin.
+--
+-- The self-join branch (user_id = auth.uid()) preserves the legacy
+-- creator-as-lead INSERT in ProjectService.Create: the project creator
+-- auto-joins their own project with responsibility='lead' before any
+-- admin exists. Without this branch, the first-ever team row on a new
+-- project would fail because no admin has been granted yet.
+--
+-- For all other inserts (adding other users), the caller must be an
+-- effective_project_admin on the target project.
+-- ============================================================================
+
+DROP POLICY IF EXISTS project_teams_insert ON paliad.project_teams;
+
+CREATE POLICY project_teams_insert
+    ON paliad.project_teams FOR INSERT
+    WITH CHECK (
+        user_id = auth.uid()
+        OR paliad.effective_project_admin(auth.uid(), project_id)
+    );
+
+-- ============================================================================
+-- 5. project_teams_delete policy: self / global_admin / effective_project_admin.
+--
+-- Additive: self-remove + global_admin still work; project-admin can now
+-- also remove members.
+-- ============================================================================
+
+DROP POLICY IF EXISTS project_teams_delete ON paliad.project_teams;
+
+CREATE POLICY project_teams_delete
+    ON paliad.project_teams FOR DELETE
+    USING (
+        paliad.can_see_project(project_id)
+        AND (
+            user_id = auth.uid()
+            OR EXISTS (
+                SELECT 1 FROM paliad.users u
+                 WHERE u.id = auth.uid()
+                   AND u.global_role = 'global_admin'
+            )
+            OR paliad.effective_project_admin(auth.uid(), project_id)
+        )
+    );

internal/db/migrations/112_client_role_rework.down.sql

@@ -0,0 +1,30 @@
+-- Down migration for 112_client_role_rework.
+--
+-- Restores the original 4-value CHECK ('claimant','defendant',
+-- 'court','both', NULL) and backfills any rows that landed on a new
+-- sub-role value (applicant / appellant / respondent / third_party /
+-- other) to NULL so the schema is internally consistent after the
+-- step-down.
+
+BEGIN;
+
+-- Backfill new sub-role values to NULL so the old CHECK doesn't reject.
+UPDATE paliad.projects
+   SET our_side = NULL
+ WHERE our_side IN ('applicant', 'appellant', 'respondent', 'third_party', 'other');
+
+ALTER TABLE paliad.projects
+    DROP CONSTRAINT IF EXISTS projects_our_side_check;
+
+ALTER TABLE paliad.projects
+    ADD CONSTRAINT projects_our_side_check
+    CHECK (our_side IS NULL
+        OR our_side IN ('claimant', 'defendant', 'court', 'both'));
+
+COMMENT ON COLUMN paliad.projects.our_side IS
+    'Which side the firm represents on this project. Used by the '
+    'Fristenrechner Determinator (Slice 3c) to predefine the '
+    'perspective chip from the project context. Allowed: claimant, '
+    'defendant, court, both.';
+
+COMMIT;

internal/db/migrations/112_client_role_rework.up.sql

@@ -0,0 +1,51 @@
+-- mig 112 — t-paliad-222 / m/paliad#47 — Client Role rework.
+--
+-- Widens paliad.projects.our_side CHECK to seven sub-role values and
+-- drops the legacy 'court' / 'both' entries. The DB column name stays
+-- as 'our_side' (UI label changes only — see design doc §2.2 Q1).
+--
+-- New allowed sub-roles, grouped at display time:
+--   Active (we initiate)  : claimant, applicant, appellant
+--   Reactive (we defend)  : defendant, respondent
+--   Third Party / Other   : third_party, other
+--   NULL                  : unknown / not set
+--
+-- Backfill: any rows still on 'court' / 'both' fall back to NULL.
+-- Verified 2026-05-20: all 12 production rows are NULL, so this is
+-- a no-op on prod; the UPDATE runs defensively for staging / test
+-- fixtures that may carry the legacy values.
+--
+-- Idempotent so re-runs against a partially-applied state stay safe.
+
+BEGIN;
+
+-- 1. Backfill any 'court' / 'both' rows to NULL.
+UPDATE paliad.projects
+   SET our_side = NULL
+ WHERE our_side IN ('court', 'both');
+
+-- 2. Swap the CHECK constraint for the widened sub-role set.
+ALTER TABLE paliad.projects
+    DROP CONSTRAINT IF EXISTS projects_our_side_check;
+
+ALTER TABLE paliad.projects
+    ADD CONSTRAINT projects_our_side_check
+    CHECK (our_side IS NULL OR our_side IN (
+        'claimant', 'defendant',
+        'applicant', 'appellant',
+        'respondent',
+        'third_party', 'other'
+    ));
+
+COMMENT ON COLUMN paliad.projects.our_side IS
+    'Which side the firm represents on this case project (renamed in '
+    'the UI to "Client Role" / "Mandantenrolle" — t-paliad-222 / '
+    'm/paliad#47). Allowed sub-roles, grouped at display time: Active '
+    '(claimant, applicant, appellant); Reactive (defendant, '
+    'respondent); Third Party / Other (third_party, other). NULL = '
+    'unknown. The form hides the field on non-case project types. '
+    'Drives the Fristenrechner Determinator perspective chip — Active '
+    'group → claimant-perspective, Reactive → defendant-perspective, '
+    'Third Party / Other → null (chip free-pick).';
+
+COMMIT;

internal/db/migrations/113_projects_opponent_code.down.sql

@@ -0,0 +1,11 @@
+-- Down migration for 113_projects_opponent_code.
+
+BEGIN;
+
+ALTER TABLE paliad.projects
+    DROP CONSTRAINT IF EXISTS projects_opponent_code_check;
+
+ALTER TABLE paliad.projects
+    DROP COLUMN IF EXISTS opponent_code;
+
+COMMIT;

internal/db/migrations/113_projects_opponent_code.up.sql

@@ -0,0 +1,50 @@
+-- mig 113 — t-paliad-222 / m/paliad#50 — auto-derived project codes.
+--
+-- Adds an opponent-code slug field on litigation projects. Used as
+-- the middle segment when BuildProjectCode assembles an auto-derived
+-- project code from the ancestor tree (e.g. EXMPL.OPNT.567.INF.CFI).
+--
+-- NULL = segment skipped silently. Existing litigation rows yield
+-- codes without an opponent segment until the user fills the field.
+-- No backfill from `title` — the litigation title is free-text
+-- ("Siemens AG ./. Huawei", "Mandant vs Gegner") and any regex would
+-- be brittle; the user enters the slug once at project creation /
+-- next edit.
+--
+-- Slug shape: uppercase letters / digits / dashes, max 16 chars.
+-- Constraint also gates on type='litigation' so a stray value on a
+-- non-litigation row is rejected at the DB level (defence in depth;
+-- the form already hides the field on other types).
+--
+-- Idempotent.
+
+BEGIN;
+
+ALTER TABLE paliad.projects
+    ADD COLUMN IF NOT EXISTS opponent_code text;
+
+DO $$
+BEGIN
+    IF NOT EXISTS (
+        SELECT 1 FROM pg_constraint
+         WHERE conname  = 'projects_opponent_code_check'
+           AND conrelid = 'paliad.projects'::regclass
+    ) THEN
+        ALTER TABLE paliad.projects
+            ADD CONSTRAINT projects_opponent_code_check
+            CHECK (opponent_code IS NULL
+                OR (opponent_code ~ '^[A-Z0-9-]{1,16}$'
+                    AND type = 'litigation'));
+    END IF;
+END $$;
+
+COMMENT ON COLUMN paliad.projects.opponent_code IS
+    'Short slug for the opposing party on a litigation project '
+    '(uppercase letters, digits, dashes, max 16 chars). Used as the '
+    'middle segment when BuildProjectCode walks the ancestor tree to '
+    'assemble a dotted project code — e.g. EXMPL.OPNT.567.INF.CFI '
+    '(t-paliad-222 / m/paliad#50). NULL = segment skipped silently. '
+    'Only meaningful on type=''litigation'' rows; the CHECK enforces '
+    'that pairing.';
+
+COMMIT;

internal/handlers/dashboard.go

@@ -4,6 +4,7 @@ import (
 	"net/http"
 
 	"mgit.msbls.de/m/paliad/internal/auth"
+	"mgit.msbls.de/m/paliad/internal/services"
 )
 
 // GET /api/dashboard — returns the DashboardData JSON for the logged-in user.
@@ -24,21 +25,29 @@ func handleDashboardAPI(w http.ResponseWriter, r *http.Request) {
 	writeJSON(w, http.StatusOK, data)
 }
 
-// GET /dashboard — protected shell page. The client boots, reads the initial
-// payload inlined by the server into window.__PALIAD_DASHBOARD__, and renders
-// without a second round-trip (audit §2.3: no skeleton→fetch waterfall).
+// GET /dashboard — protected shell page. The client boots, reads three
+// initial payloads inlined by the server (data, layout, catalog), and
+// renders without a second round-trip (audit §2.3: no skeleton→fetch
+// waterfall). Each inline is best-effort: if any read fails the
+// corresponding blob is left null and the client falls back to fetch.
 func handleDashboardPage(w http.ResponseWriter, r *http.Request) {
 	uid, hasUser := auth.UserIDFromContext(r.Context())
-	var payload []byte
+	var payload, layout []byte
 	if hasUser && dbSvc != nil {
-		// Best-effort server-render. If the DB read fails we still serve the
-		// shell; the client will show the inline error state instead of the
-		// zero-count cards.
 		if data, err := dbSvc.dashboard.Get(r.Context(), uid); err == nil {
 			payload = mustJSON(data)
 		}
+		if dbSvc.dashboardLayout != nil {
+			if spec, err := dbSvc.dashboardLayout.GetOrSeed(r.Context(), uid); err == nil {
+				layout = mustJSON(spec)
+			}
+		}
 	}
-	serveDashboardShell(w, r, payload)
+	// Catalog is code-resident — always inline it so the widget picker
+	// and dispatch logic can boot without an extra fetch even on
+	// knowledge-platform-only deployments without DATABASE_URL.
+	catalog := mustJSON(services.WidgetCatalog())
+	serveDashboardShell(w, r, payload, layout, catalog)
 }
 
 // handleRootPage is the public `/` route. Unauthenticated visitors get the

internal/handlers/dashboard_layout.go

@@ -0,0 +1,109 @@
+package handlers
+
+// HTTP handlers for the per-user dashboard layout (t-paliad-219 Slice A2).
+//
+// Design: docs/design-dashboard-configurable-2026-05-20.md §9.
+//
+// Four endpoints:
+//   GET  /api/me/dashboard-layout         → read (auto-seeds factory default)
+//   PUT  /api/me/dashboard-layout         → replace (validates against catalog)
+//   POST /api/me/dashboard-layout/reset   → overwrite with factory default
+//   GET  /api/dashboard-widget-catalog    → catalog metadata for the picker
+
+import (
+	"encoding/json"
+	"errors"
+	"net/http"
+
+	"mgit.msbls.de/m/paliad/internal/services"
+)
+
+// GET /api/me/dashboard-layout — returns the caller's layout, seeding the
+// factory default on first call. Always returns 200 with a valid
+// DashboardLayoutSpec.
+func handleGetDashboardLayout(w http.ResponseWriter, r *http.Request) {
+	if !requireDB(w) {
+		return
+	}
+	uid, ok := requireUser(w, r)
+	if !ok {
+		return
+	}
+	if dbSvc.dashboardLayout == nil {
+		writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "dashboard-layout service not configured"})
+		return
+	}
+	spec, err := dbSvc.dashboardLayout.GetOrSeed(r.Context(), uid)
+	if err != nil {
+		writeServiceError(w, err)
+		return
+	}
+	writeJSON(w, http.StatusOK, spec)
+}
+
+// PUT /api/me/dashboard-layout — replaces the caller's layout. Body must
+// be a complete DashboardLayoutSpec; the service validates against the
+// catalog and 400s on a bad spec.
+func handlePutDashboardLayout(w http.ResponseWriter, r *http.Request) {
+	if !requireDB(w) {
+		return
+	}
+	uid, ok := requireUser(w, r)
+	if !ok {
+		return
+	}
+	if dbSvc.dashboardLayout == nil {
+		writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "dashboard-layout service not configured"})
+		return
+	}
+	var spec services.DashboardLayoutSpec
+	if err := json.NewDecoder(r.Body).Decode(&spec); err != nil {
+		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid JSON body"})
+		return
+	}
+	out, err := dbSvc.dashboardLayout.Update(r.Context(), uid, spec)
+	if err != nil {
+		if errors.Is(err, services.ErrInvalidInput) {
+			writeJSON(w, http.StatusBadRequest, map[string]string{"error": err.Error()})
+			return
+		}
+		writeServiceError(w, err)
+		return
+	}
+	writeJSON(w, http.StatusOK, out)
+}
+
+// POST /api/me/dashboard-layout/reset — overwrites the caller's layout
+// with the factory default. The previous layout is discarded.
+func handleResetDashboardLayout(w http.ResponseWriter, r *http.Request) {
+	if !requireDB(w) {
+		return
+	}
+	uid, ok := requireUser(w, r)
+	if !ok {
+		return
+	}
+	if dbSvc.dashboardLayout == nil {
+		writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "dashboard-layout service not configured"})
+		return
+	}
+	spec, err := dbSvc.dashboardLayout.ResetToDefault(r.Context(), uid)
+	if err != nil {
+		writeServiceError(w, err)
+		return
+	}
+	writeJSON(w, http.StatusOK, spec)
+}
+
+// GET /api/dashboard-widget-catalog — returns the widget catalog. Auth-
+// gated only because the catalog includes user-facing copy; nothing
+// security-sensitive is exposed. The handler is DB-independent (the
+// catalog is code-resident) so the requireDB gate is intentionally
+// skipped — knowledge-platform-only deployments can still surface the
+// catalog and we never want this endpoint to 503.
+func handleGetWidgetCatalog(w http.ResponseWriter, r *http.Request) {
+	if _, ok := requireUser(w, r); !ok {
+		return
+	}
+	writeJSON(w, http.StatusOK, services.WidgetCatalog())
+}

internal/handlers/dashboard_shell.go

@@ -11,10 +11,15 @@ import (
 )
 
 // The dashboard shell is pre-rendered by bun (`renderDashboard()` → dist/dashboard.html)
-// and contains the placeholder token below. On each request we splice in a
-// JSON blob as `window.__PALIAD_DASHBOARD__` so the client can paint the real
-// data on first frame — no skeleton + /api/dashboard waterfall.
-const dashboardDataPlaceholder = "/*__PALIAD_DASHBOARD_DATA__*/"
+// and contains three placeholder tokens (data, layout, catalog). On each
+// request we splice in JSON blobs as window.__PALIAD_DASHBOARD__ /
+// __PALIAD_DASHBOARD_LAYOUT__ / __PALIAD_DASHBOARD_CATALOG__ so the client
+// can paint the real data on first frame — no skeleton + /api/* waterfall.
+const (
+	dashboardDataPlaceholder    = "/*__PALIAD_DASHBOARD_DATA__*/"
+	dashboardLayoutPlaceholder  = "/*__PALIAD_DASHBOARD_LAYOUT__*/"
+	dashboardCatalogPlaceholder = "/*__PALIAD_DASHBOARD_CATALOG__*/"
+)
 
 var (
 	dashboardShellOnce  sync.Once
@@ -38,28 +43,19 @@ func loadDashboardShell() ([]byte, error) {
 	return dashboardShellBytes, dashboardShellErr
 }
 
-// serveDashboardShell writes dist/dashboard.html with the JSON payload spliced
-// into the placeholder. A nil payload disables server-side hydration; the
-// client then falls back to fetching /api/dashboard on mount.
-func serveDashboardShell(w http.ResponseWriter, _ *http.Request, payload []byte) {
+// serveDashboardShell writes dist/dashboard.html with three JSON blobs
+// spliced in (data, layout, catalog). A nil payload disables server-side
+// hydration of that slot; the client falls back to fetching the
+// corresponding /api/* endpoint on mount.
+func serveDashboardShell(w http.ResponseWriter, _ *http.Request, payload, layout, catalog []byte) {
 	shell, err := loadDashboardShell()
 	if err != nil {
 		http.Error(w, "dashboard shell unavailable", http.StatusInternalServerError)
 		return
 	}
-	var body []byte
-	if len(payload) > 0 {
-		// JSON is wrapped so the script block is self-contained even when the
-		// payload contains `</script>` sequences (defensive: our data is
-		// server-owned, but future event.description fields could contain
-		// arbitrary text).
-		inline := append([]byte("window.__PALIAD_DASHBOARD__="), escapeForScript(payload)...)
-		inline = append(inline, ';')
-		body = bytes.Replace(shell, []byte(dashboardDataPlaceholder), inline, 1)
-	} else {
-		body = bytes.Replace(shell, []byte(dashboardDataPlaceholder),
-			[]byte("window.__PALIAD_DASHBOARD__=null;"), 1)
-	}
+	body := splicePlaceholder(shell, dashboardDataPlaceholder, "window.__PALIAD_DASHBOARD__=", payload)
+	body = splicePlaceholder(body, dashboardLayoutPlaceholder, "window.__PALIAD_DASHBOARD_LAYOUT__=", layout)
+	body = splicePlaceholder(body, dashboardCatalogPlaceholder, "window.__PALIAD_DASHBOARD_CATALOG__=", catalog)
 
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	w.Header().Set("Cache-Control", "no-store")
@@ -67,6 +63,22 @@ func serveDashboardShell(w http.ResponseWriter, _ *http.Request, payload []byte)
 	_, _ = w.Write(body)
 }
 
+// splicePlaceholder replaces a single placeholder token with a JS
+// assignment of the given JSON payload to a window.X global. A nil
+// payload assigns `null` so the client can detect "no server-side
+// hydration" and fall back to fetch.
+func splicePlaceholder(shell []byte, placeholder, prefix string, payload []byte) []byte {
+	var inline []byte
+	if len(payload) > 0 {
+		inline = append(inline, []byte(prefix)...)
+		inline = append(inline, escapeForScript(payload)...)
+		inline = append(inline, ';')
+	} else {
+		inline = append(inline, []byte(prefix+"null;")...)
+	}
+	return bytes.Replace(shell, []byte(placeholder), inline, 1)
+}
+
 // escapeForScript makes a JSON blob safe to embed directly in an inline
 // <script>. JSON strings may contain `</script>` or U+2028/U+2029, both of
 // which terminate script blocks in some parsers.

internal/handlers/handlers.go

@@ -84,9 +84,10 @@ type Services struct {
 	UserView       *services.UserViewService
 	Broadcast      *services.BroadcastService
 	Pin            *services.PinService
-	CardLayout     *services.CardLayoutService
-	Projection     *services.ProjectionService
-	Export         *services.ExportService
+	CardLayout      *services.CardLayoutService
+	DashboardLayout *services.DashboardLayoutService
+	Projection      *services.ProjectionService
+	Export          *services.ExportService
 
 	// Submission generator (t-paliad-215) — Klageerwiderung &
 	// friends. Three coordinated services: registry fetches templates
@@ -157,9 +158,10 @@ func Register(mux *http.ServeMux, client *auth.Client, giteaAPIToken string, svc
 			userView:       svc.UserView,
 			broadcast:      svc.Broadcast,
 			pin:            svc.Pin,
-			cardLayout:     svc.CardLayout,
-			projection:     svc.Projection,
-			export:         svc.Export,
+			cardLayout:      svc.CardLayout,
+			dashboardLayout: svc.DashboardLayout,
+			projection:      svc.Projection,
+			export:          svc.Export,
 		}
 	}
 
@@ -312,12 +314,18 @@ func Register(mux *http.ServeMux, client *auth.Client, giteaAPIToken string, svc
 	protected.HandleFunc("PATCH /api/user-card-layouts/{id}", handleUpdateCardLayout)
 	protected.HandleFunc("DELETE /api/user-card-layouts/{id}", handleDeleteCardLayout)
 	protected.HandleFunc("POST /api/user-card-layouts/{id}/set-default", handleSetDefaultCardLayout)
+	// t-paliad-219 — per-user configurable dashboard layout.
+	protected.HandleFunc("GET /api/me/dashboard-layout", handleGetDashboardLayout)
+	protected.HandleFunc("PUT /api/me/dashboard-layout", handlePutDashboardLayout)
+	protected.HandleFunc("POST /api/me/dashboard-layout/reset", handleResetDashboardLayout)
+	protected.HandleFunc("GET /api/dashboard-widget-catalog", handleGetWidgetCatalog)
 	protected.HandleFunc("GET /api/projects/{id}/ancestors", handleListProjectAncestors)
 	protected.HandleFunc("GET /api/projects/{id}/parties", handleListParties)
 	protected.HandleFunc("POST /api/projects/{id}/parties", handleCreateParty)
 	// Team membership endpoints for Project detail "Team" tab.
 	protected.HandleFunc("GET /api/projects/{id}/team", handleListProjectTeam)
 	protected.HandleFunc("POST /api/projects/{id}/team", handleAddProjectTeamMember)
+	protected.HandleFunc("PATCH /api/projects/{id}/team/{user_id}", handleChangeProjectTeamMemberResponsibility)
 	protected.HandleFunc("DELETE /api/projects/{id}/team/{user_id}", handleRemoveProjectTeamMember)
 	// t-paliad-139 — sub-team aggregation surfaces for the Team tab.
 	protected.HandleFunc("GET /api/projects/{id}/team/derived", handleListDerivedTeam)

internal/handlers/projects.go

@@ -11,6 +11,7 @@ import (
 	"github.com/google/uuid"
 
 	"mgit.msbls.de/m/paliad/internal/auth"
+	"mgit.msbls.de/m/paliad/internal/models"
 	"mgit.msbls.de/m/paliad/internal/services"
 )
 
@@ -52,6 +53,7 @@ type dbServices struct {
 	broadcast      *services.BroadcastService
 	pin            *services.PinService
 	cardLayout     *services.CardLayoutService
+	dashboardLayout *services.DashboardLayoutService
 	projection     *services.ProjectionService
 	export         *services.ExportService
 }
@@ -103,6 +105,8 @@ func writeServiceError(w http.ResponseWriter, err error) {
 		})
 	case errors.Is(err, services.ErrEventTypeSlugTaken):
 		writeJSON(w, http.StatusConflict, map[string]string{"error": err.Error()})
+	case errors.Is(err, services.ErrLastProjectAdmin):
+		writeJSON(w, http.StatusConflict, map[string]string{"error": err.Error()})
 	default:
 		log.Printf("ERROR service: %v", err)
 		writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "internal error"})
@@ -318,7 +322,24 @@ func handleGetProject(w http.ResponseWriter, r *http.Request) {
 		writeServiceError(w, err)
 		return
 	}
-	writeJSON(w, http.StatusOK, p)
+	// t-paliad-223: piggyback effective_project_admin onto the project
+	// payload so the frontend can drive the inline role-edit affordance
+	// without a second round-trip. JSON-merge via a small wrapper that
+	// embeds the existing Project shape — every existing caller keeps
+	// reading the same fields and gains effective_admin as additive.
+	effAdmin, err := dbSvc.team.IsEffectiveProjectAdmin(r.Context(), uid, id)
+	if err != nil {
+		writeServiceError(w, err)
+		return
+	}
+	type projectWithPermissions struct {
+		*models.Project
+		EffectiveAdmin bool `json:"effective_admin"`
+	}
+	writeJSON(w, http.StatusOK, projectWithPermissions{
+		Project:        p,
+		EffectiveAdmin: effAdmin,
+	})
 }
 
 // GET /api/projects/{id}/children — direct children.
@@ -350,7 +371,7 @@ func handleListProjectChildren(w http.ResponseWriter, r *http.Request) {
 // Query parameters (all optional, additive):
 //   ?scope=all|mine|pinned             — chip-driven scope (default "all")
 //   ?status=active,archived,closed     — status whitelist (CSV; default = no narrowing)
-//   ?type=client,litigation,patent,case,project — type whitelist
+//   ?type=client,litigation,patent,case,project,other — type whitelist
 //   ?has_open_deadlines=true|false     — narrow by deadline activity
 //   ?q=<term>                          — search title / reference / clientmatter
 //   ?subtree_counts=true|false         — populate *_subtree fields (default true)

internal/handlers/search.go

@@ -473,6 +473,8 @@ func humanProjectType(t string) string {
 		return "Verfahren"
 	case services.ProjectTypeProject:
 		return "Projekt"
+	case services.ProjectTypeOther:
+		return "Sonstiges"
 	}
 	return t
 }

internal/handlers/teams.go

@@ -93,6 +93,53 @@ func handleListMembershipsIndex(w http.ResponseWriter, r *http.Request) {
 	writeJSON(w, http.StatusOK, rows)
 }
 
+// PATCH /api/projects/{id}/team/{user_id} — change a direct member's
+// responsibility. Body: {"responsibility": "<admin|lead|member|observer|external>"}.
+//
+// Authorisation is RLS-enforced (project_teams_update gated on
+// effective_project_admin in mig 111). Non-admins get a pq permission
+// error from the UPDATE; we surface that as 404 to avoid leaking that
+// the row exists. The last-admin guard runs inside the service tx and
+// returns ErrLastProjectAdmin (mapped to 409 by writeServiceError).
+func handleChangeProjectTeamMemberResponsibility(w http.ResponseWriter, r *http.Request) {
+	if !requireDB(w) {
+		return
+	}
+	uid, ok := requireUser(w, r)
+	if !ok {
+		return
+	}
+	projectID, err := uuid.Parse(r.PathValue("id"))
+	if err != nil {
+		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid project id"})
+		return
+	}
+	userID, err := uuid.Parse(r.PathValue("user_id"))
+	if err != nil {
+		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid user id"})
+		return
+	}
+	var body struct {
+		Responsibility string `json:"responsibility"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid JSON"})
+		return
+	}
+	m, err := dbSvc.team.ChangeResponsibility(r.Context(), uid, projectID, userID, body.Responsibility)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			writeJSON(w, http.StatusNotFound, map[string]string{
+				"error": "no direct membership found",
+			})
+			return
+		}
+		writeServiceError(w, err)
+		return
+	}
+	writeJSON(w, http.StatusOK, m)
+}
+
 // DELETE /api/projects/{id}/team/{user_id} — remove a direct member.
 // Inherited memberships can't be removed at the child level.
 func handleRemoveProjectTeamMember(w http.ResponseWriter, r *http.Request) {

internal/models/models.go

@@ -159,10 +159,35 @@ type Project struct {
 	// OurSide is which side the firm represents on this project. Used
 	// by the Fristenrechner Determinator to predefine the perspective
 	// chip from the project context (t-paliad-164). NULL = unknown /
-	// not set; Determinator falls back to free-pick. Allowed values:
-	// claimant, defendant, court, both.
+	// not set; Determinator falls back to free-pick.
+	//
+	// Allowed sub-roles (mig 112, t-paliad-222):
+	//   Active   : claimant, applicant, appellant
+	//   Reactive : defendant, respondent
+	//   Other    : third_party, other
+	//
+	// The DB column name stays as `our_side`; the UI label has moved
+	// to "Client Role" / "Mandantenrolle" on case projects and is
+	// hidden on every other project type.
 	OurSide *string `db:"our_side" json:"our_side,omitempty"`
 
+	// OpponentCode is the short slug for the opposing party on a
+	// litigation project (uppercase letters / digits / dashes, max 16
+	// chars). Used as the middle segment when services.BuildProjectCode
+	// assembles an auto-derived project code from the ancestor tree —
+	// e.g. EXMPL.OPNT.567.INF.CFI (t-paliad-222 / m/paliad#50). NULL
+	// → segment skipped silently. Only meaningful on type='litigation'
+	// rows; CHECK constraint (mig 113) enforces the pairing.
+	OpponentCode *string `db:"opponent_code" json:"opponent_code,omitempty"`
+
+	// Code is the auto-derived (or override) project code, computed at
+	// projection time by services.BuildProjectCode. Not a DB column —
+	// no `db:` tag — populated by service-layer projection helpers
+	// after the row is loaded. Empty on rows for which the helper has
+	// not run (e.g. raw fixtures in tests, internal projection paths
+	// that don't call the helper).
+	Code string `db:"-" json:"code,omitempty"`
+
 	// CounterclaimOf is the parent project this row is a counterclaim
 	// (CCR) against (t-paliad-174 SmartTimeline Slice 3). NULL on
 	// regular projects; non-NULL rows are CCR sub-projects rendered as

internal/services/approval_levels.go

@@ -25,7 +25,14 @@ const (
 
 // Project-level responsibility values on paliad.project_teams.responsibility.
 // Open the ladder gate (lead/member) or close it (observer/external).
+//
+// ResponsibilityAdmin (t-paliad-223) is orthogonal to the approval gate —
+// it grants role-edit authority on the project + descendants via the
+// paliad.effective_project_admin predicate, but does NOT by itself open
+// the 4-Augen approval gate. An Admin who has no profession set is still
+// not an approver. Use responsibilityOpensGate to test the approval axis.
 const (
+	ResponsibilityAdmin    = "admin"
 	ResponsibilityLead     = "lead"
 	ResponsibilityMember   = "member"
 	ResponsibilityObserver = "observer"
@@ -143,7 +150,7 @@ func IsValidProfession(p string) bool {
 // recognised project-responsibility enum values. Used by TeamService.
 func IsValidResponsibility(r string) bool {
 	switch r {
-	case ResponsibilityLead, ResponsibilityMember,
+	case ResponsibilityAdmin, ResponsibilityLead, ResponsibilityMember,
 		ResponsibilityObserver, ResponsibilityExternal:
 		return true
 	}

internal/services/approval_service_test.go

@@ -190,7 +190,8 @@ func TestIsValidProfession(t *testing.T) {
 }
 
 func TestIsValidResponsibility(t *testing.T) {
-	for _, r := range []string{"lead", "member", "observer", "external"} {
+	// t-paliad-223 added 'admin'; the four legacy values stay valid.
+	for _, r := range []string{"admin", "lead", "member", "observer", "external"} {
 		t.Run(r, func(t *testing.T) {
 			if !IsValidResponsibility(r) {
 				t.Errorf("IsValidResponsibility(%q) must be true", r)
@@ -206,6 +207,30 @@ func TestIsValidResponsibility(t *testing.T) {
 	}
 }
 
+// t-paliad-223: admin maps to legacy 'lead' for the deprecated shadow
+// column. The other mappings are unchanged from t-paliad-148. Pin them
+// so a future refactor doesn't silently flip them.
+func TestLegacyRoleFromResponsibility(t *testing.T) {
+	cases := []struct {
+		in, want string
+	}{
+		{ResponsibilityAdmin, "lead"},
+		{ResponsibilityLead, "lead"},
+		{ResponsibilityObserver, "observer"},
+		{ResponsibilityExternal, "local_counsel"},
+		{ResponsibilityMember, "associate"},
+		{"", "associate"}, // unknown / empty falls through to associate
+	}
+	for _, c := range cases {
+		t.Run(c.in, func(t *testing.T) {
+			got := legacyRoleFromResponsibility(c.in)
+			if got != c.want {
+				t.Errorf("legacyRoleFromResponsibility(%q) = %q, want %q", c.in, got, c.want)
+			}
+		})
+	}
+}
+
 func TestApprovalEventType(t *testing.T) {
 	cases := []struct {
 		entity, step, want string

internal/services/dashboard_layout_service.go

@@ -0,0 +1,157 @@
+package services
+
+// DashboardLayoutService is the CRUD layer for paliad.user_dashboard_layouts —
+// per-user configurable dashboard layout for /dashboard.
+//
+// Design: docs/design-dashboard-configurable-2026-05-20.md §5.4.
+//
+// Visibility: every read and write is scoped to the calling user via the
+// RLS policy `user_dashboard_layouts_owner_all` on auth.uid() = user_id.
+// The service also AND-joins user_id in SQL for defense-in-depth.
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	"github.com/google/uuid"
+	"github.com/jmoiron/sqlx"
+)
+
+// DashboardLayoutService manages paliad.user_dashboard_layouts.
+type DashboardLayoutService struct {
+	db *sqlx.DB
+}
+
+// NewDashboardLayoutService wires the service.
+func NewDashboardLayoutService(db *sqlx.DB) *DashboardLayoutService {
+	return &DashboardLayoutService{db: db}
+}
+
+// GetOrSeed returns the caller's saved layout. On first call for a user
+// (no row), it inserts and returns the factory default. The seed is
+// idempotent — concurrent first-loads converge to the same row via the
+// ON CONFLICT DO NOTHING clause.
+//
+// The returned spec has SanitizeForRead applied; if any entries were
+// dropped (catalog shrank) the cleaned spec is also persisted back so the
+// next write doesn't trip on stale entries.
+func (s *DashboardLayoutService) GetOrSeed(ctx context.Context, userID uuid.UUID) (DashboardLayoutSpec, error) {
+	spec, found, err := s.fetch(ctx, userID)
+	if err != nil {
+		return DashboardLayoutSpec{}, err
+	}
+	if !found {
+		return s.seedFactoryDefault(ctx, userID)
+	}
+	if spec.SanitizeForRead() {
+		// Best-effort cleanup; on failure we still return the in-memory
+		// sanitized spec — the user sees a clean dashboard either way.
+		_ = s.upsert(ctx, userID, spec)
+	}
+	return spec, nil
+}
+
+// Update validates the spec and UPSERTs it. Returns the persisted spec
+// (round-tripped through the DB to confirm storage).
+func (s *DashboardLayoutService) Update(ctx context.Context, userID uuid.UUID, spec DashboardLayoutSpec) (DashboardLayoutSpec, error) {
+	if err := spec.Validate(); err != nil {
+		return DashboardLayoutSpec{}, err
+	}
+	if err := s.upsert(ctx, userID, spec); err != nil {
+		return DashboardLayoutSpec{}, err
+	}
+	out, found, err := s.fetch(ctx, userID)
+	if err != nil {
+		return DashboardLayoutSpec{}, err
+	}
+	if !found {
+		return DashboardLayoutSpec{}, fmt.Errorf("dashboard layout vanished after upsert for user %s", userID)
+	}
+	return out, nil
+}
+
+// ResetToDefault overwrites the user's layout with the factory default.
+func (s *DashboardLayoutService) ResetToDefault(ctx context.Context, userID uuid.UUID) (DashboardLayoutSpec, error) {
+	def := FactoryDefaultLayout()
+	if err := s.upsert(ctx, userID, def); err != nil {
+		return DashboardLayoutSpec{}, err
+	}
+	return def, nil
+}
+
+// fetch returns (spec, found, err). found=false means the user has no row
+// yet — the seed path takes over.
+func (s *DashboardLayoutService) fetch(ctx context.Context, userID uuid.UUID) (DashboardLayoutSpec, bool, error) {
+	var raw json.RawMessage
+	err := s.db.GetContext(ctx, &raw, `
+		SELECT layout_json
+		  FROM paliad.user_dashboard_layouts
+		 WHERE user_id = $1
+	`, userID)
+	if errors.Is(err, sql.ErrNoRows) {
+		return DashboardLayoutSpec{}, false, nil
+	}
+	if err != nil {
+		return DashboardLayoutSpec{}, false, fmt.Errorf("fetch dashboard layout: %w", err)
+	}
+	var spec DashboardLayoutSpec
+	if err := json.Unmarshal(raw, &spec); err != nil {
+		// Stored row is unparseable — treat as a missing row, the seed
+		// path will overwrite it. Log via the returned error wrapper.
+		return DashboardLayoutSpec{}, false, fmt.Errorf("dashboard layout JSON decode for user %s: %w", userID, err)
+	}
+	return spec, true, nil
+}
+
+// seedFactoryDefault inserts the factory layout for a brand-new user.
+// ON CONFLICT DO NOTHING handles the race where two concurrent first
+// loads both miss the SELECT and both try to insert.
+func (s *DashboardLayoutService) seedFactoryDefault(ctx context.Context, userID uuid.UUID) (DashboardLayoutSpec, error) {
+	def := FactoryDefaultLayout()
+	bytes, err := json.Marshal(def)
+	if err != nil {
+		return DashboardLayoutSpec{}, fmt.Errorf("seed dashboard layout marshal: %w", err)
+	}
+	if _, err := s.db.ExecContext(ctx, `
+		INSERT INTO paliad.user_dashboard_layouts (user_id, layout_json)
+		VALUES ($1, $2)
+		ON CONFLICT (user_id) DO NOTHING
+	`, userID, json.RawMessage(bytes)); err != nil {
+		return DashboardLayoutSpec{}, fmt.Errorf("seed dashboard layout insert: %w", err)
+	}
+	// Re-fetch in case ON CONFLICT DO NOTHING let another writer's row win;
+	// either way the user now has a row.
+	out, found, err := s.fetch(ctx, userID)
+	if err != nil {
+		return DashboardLayoutSpec{}, err
+	}
+	if !found {
+		// Extremely unlikely — would mean the row vanished between
+		// INSERT and SELECT. Return the factory default in-memory.
+		return def, nil
+	}
+	return out, nil
+}
+
+// upsert overwrites the layout. updated_at gets bumped on conflict so
+// callers can observe write recency.
+func (s *DashboardLayoutService) upsert(ctx context.Context, userID uuid.UUID, spec DashboardLayoutSpec) error {
+	bytes, err := json.Marshal(spec)
+	if err != nil {
+		return fmt.Errorf("dashboard layout marshal: %w", err)
+	}
+	_, err = s.db.ExecContext(ctx, `
+		INSERT INTO paliad.user_dashboard_layouts (user_id, layout_json)
+		VALUES ($1, $2)
+		ON CONFLICT (user_id) DO UPDATE
+		   SET layout_json = EXCLUDED.layout_json,
+		       updated_at  = now()
+	`, userID, json.RawMessage(bytes))
+	if err != nil {
+		return fmt.Errorf("dashboard layout upsert: %w", err)
+	}
+	return nil
+}

internal/services/dashboard_layout_service_test.go

@@ -0,0 +1,181 @@
+package services
+
+// Live-DB tests for DashboardLayoutService. Skipped when TEST_DATABASE_URL
+// is unset.
+
+import (
+	"context"
+	"encoding/json"
+	"os"
+	"testing"
+
+	"github.com/google/uuid"
+	"github.com/jmoiron/sqlx"
+	_ "github.com/lib/pq"
+
+	"mgit.msbls.de/m/paliad/internal/db"
+)
+
+type dashboardLayoutTestEnv struct {
+	t       *testing.T
+	pool    *sqlx.DB
+	svc     *DashboardLayoutService
+	userID  uuid.UUID
+	cleanup func()
+}
+
+func setupDashboardLayoutTest(t *testing.T) *dashboardLayoutTestEnv {
+	t.Helper()
+	url := os.Getenv("TEST_DATABASE_URL")
+	if url == "" {
+		t.Skip("TEST_DATABASE_URL not set — skipping live DB test")
+	}
+	if err := db.ApplyMigrations(url); err != nil {
+		t.Fatalf("apply migrations: %v", err)
+	}
+	pool, err := sqlx.Connect("postgres", url)
+	if err != nil {
+		t.Fatalf("connect: %v", err)
+	}
+	ctx := context.Background()
+
+	userID := uuid.New()
+	if _, err := pool.ExecContext(ctx,
+		`INSERT INTO auth.users (id, email) VALUES ($1, $1::text || '@test.local')
+		 ON CONFLICT (id) DO NOTHING`, userID); err != nil {
+		t.Logf("skip auth.users seed: %v", err)
+	}
+	if _, err := pool.ExecContext(ctx,
+		`INSERT INTO paliad.users (id, email, display_name, office, global_role)
+		 VALUES ($1, $1::text || '@test.local', 'Dashboard Layout Test', 'munich', 'standard')
+		 ON CONFLICT (id) DO NOTHING`, userID); err != nil {
+		t.Fatalf("seed paliad.users: %v", err)
+	}
+
+	cleanup := func() {
+		c := context.Background()
+		pool.ExecContext(c, `DELETE FROM paliad.user_dashboard_layouts WHERE user_id = $1`, userID)
+		pool.ExecContext(c, `DELETE FROM paliad.users WHERE id = $1`, userID)
+		pool.ExecContext(c, `DELETE FROM auth.users  WHERE id = $1`, userID)
+		pool.Close()
+	}
+
+	return &dashboardLayoutTestEnv{
+		t:       t,
+		pool:    pool,
+		svc:     NewDashboardLayoutService(pool),
+		userID:  userID,
+		cleanup: cleanup,
+	}
+}
+
+func TestDashboardLayoutService_GetOrSeedAutoSeeds(t *testing.T) {
+	env := setupDashboardLayoutTest(t)
+	defer env.cleanup()
+	ctx := context.Background()
+
+	spec, err := env.svc.GetOrSeed(ctx, env.userID)
+	if err != nil {
+		t.Fatalf("GetOrSeed: %v", err)
+	}
+	if spec.Version != LayoutSpecVersion {
+		t.Errorf("seeded version=%d; want %d", spec.Version, LayoutSpecVersion)
+	}
+	if len(spec.Widgets) != len(KnownWidgetKeys) {
+		t.Errorf("seeded widget count=%d; want %d", len(spec.Widgets), len(KnownWidgetKeys))
+	}
+
+	// Second call returns the same row, not a second seed.
+	spec2, err := env.svc.GetOrSeed(ctx, env.userID)
+	if err != nil {
+		t.Fatalf("GetOrSeed second: %v", err)
+	}
+	if len(spec2.Widgets) != len(spec.Widgets) {
+		t.Errorf("second call widget count drifted: %d vs %d", len(spec2.Widgets), len(spec.Widgets))
+	}
+}
+
+func TestDashboardLayoutService_UpdateRoundTrips(t *testing.T) {
+	env := setupDashboardLayoutTest(t)
+	defer env.cleanup()
+	ctx := context.Background()
+
+	// Seed first so the row exists.
+	if _, err := env.svc.GetOrSeed(ctx, env.userID); err != nil {
+		t.Fatalf("GetOrSeed: %v", err)
+	}
+
+	// Custom layout: hide matter-summary, reorder.
+	custom := DashboardLayoutSpec{
+		Version: LayoutSpecVersion,
+		Widgets: []DashboardWidgetRef{
+			{Key: WidgetUpcomingDeadlines, Visible: true, Settings: json.RawMessage(`{"count": 5, "horizon_days": 14}`)},
+			{Key: WidgetMatterSummary, Visible: false},
+			{Key: WidgetDeadlineSummary, Visible: true},
+		},
+	}
+	out, err := env.svc.Update(ctx, env.userID, custom)
+	if err != nil {
+		t.Fatalf("Update: %v", err)
+	}
+	if len(out.Widgets) != 3 {
+		t.Fatalf("Update returned %d widgets; want 3", len(out.Widgets))
+	}
+	if out.Widgets[0].Key != WidgetUpcomingDeadlines {
+		t.Errorf("Update returned widgets[0]=%q; want %q", out.Widgets[0].Key, WidgetUpcomingDeadlines)
+	}
+	if out.Widgets[1].Visible {
+		t.Errorf("Update returned widgets[1].Visible=true; want false")
+	}
+
+	// Re-read confirms persistence.
+	got, err := env.svc.GetOrSeed(ctx, env.userID)
+	if err != nil {
+		t.Fatalf("GetOrSeed after update: %v", err)
+	}
+	if len(got.Widgets) != 3 {
+		t.Errorf("GetOrSeed after update: %d widgets; want 3", len(got.Widgets))
+	}
+}
+
+func TestDashboardLayoutService_UpdateRejectsInvalid(t *testing.T) {
+	env := setupDashboardLayoutTest(t)
+	defer env.cleanup()
+	ctx := context.Background()
+
+	bad := DashboardLayoutSpec{
+		Version: LayoutSpecVersion,
+		Widgets: []DashboardWidgetRef{
+			{Key: "fake-widget-key", Visible: true},
+		},
+	}
+	if _, err := env.svc.Update(ctx, env.userID, bad); err == nil {
+		t.Fatalf("Update accepted invalid layout")
+	}
+}
+
+func TestDashboardLayoutService_ResetToDefault(t *testing.T) {
+	env := setupDashboardLayoutTest(t)
+	defer env.cleanup()
+	ctx := context.Background()
+
+	// Custom layout first.
+	custom := DashboardLayoutSpec{
+		Version: LayoutSpecVersion,
+		Widgets: []DashboardWidgetRef{
+			{Key: WidgetDeadlineSummary, Visible: true},
+		},
+	}
+	if _, err := env.svc.Update(ctx, env.userID, custom); err != nil {
+		t.Fatalf("Update: %v", err)
+	}
+
+	// Reset.
+	reset, err := env.svc.ResetToDefault(ctx, env.userID)
+	if err != nil {
+		t.Fatalf("ResetToDefault: %v", err)
+	}
+	if len(reset.Widgets) != len(KnownWidgetKeys) {
+		t.Errorf("reset widget count=%d; want %d", len(reset.Widgets), len(KnownWidgetKeys))
+	}
+}

internal/services/dashboard_layout_spec.go

@@ -0,0 +1,176 @@
+package services
+
+// DashboardLayoutSpec — JSON shape for paliad.user_dashboard_layouts.layout_json.
+//
+// Design: docs/design-dashboard-configurable-2026-05-20.md §5.2.
+//
+// Validation surface:
+//   - version must be 1 (v0 / unknown versions seed the factory default at
+//     read time; the validator only ever sees writes from a current client).
+//   - widgets is at most 32 entries (sanity cap; catalog can grow but a
+//     single user's layout shouldn't).
+//   - each widget.key must be in KnownWidgetKeys on WRITE.
+//   - no duplicate keys.
+//   - each widget.settings (if present) is validated against its catalog
+//     entry's WidgetSettingsSchema.
+//
+// On READ, unknown keys are dropped silently — see SanitizeForRead.
+
+import (
+	"encoding/json"
+	"fmt"
+	"slices"
+)
+
+// LayoutSpecVersion is the only supported version for v1.
+const LayoutSpecVersion = 1
+
+// LayoutWidgetCap is the sanity cap on widgets per layout. The v1 catalog
+// has 7 entries; 32 leaves room for catalog growth without unbounded JSON
+// blobs.
+const LayoutWidgetCap = 32
+
+// DashboardWidgetRef is a single widget entry in the ordered widgets[] array.
+// Visible=false entries are kept in the array so the picker can show them as
+// "hidden" and re-adding restores their position.
+type DashboardWidgetRef struct {
+	Key      WidgetKey       `json:"key"`
+	Visible  bool            `json:"visible"`
+	Settings json.RawMessage `json:"settings,omitempty"`
+}
+
+// DashboardLayoutSpec is the persisted layout shape.
+type DashboardLayoutSpec struct {
+	Version int                  `json:"v"`
+	Widgets []DashboardWidgetRef `json:"widgets"`
+}
+
+// FactoryDefaultLayout returns the Slice A1 baseline layout — every
+// widget in KnownWidgetKeys, visible, in canonical order, with per-widget
+// default settings drawn from the catalog. A user with no row sees this
+// on first load and is byte-identical to today's dashboard plus the new
+// inbox-approvals widget.
+func FactoryDefaultLayout() DashboardLayoutSpec {
+	catalog := WidgetCatalog()
+	byKey := make(map[WidgetKey]WidgetDef, len(catalog))
+	for _, def := range catalog {
+		byKey[def.Key] = def
+	}
+
+	widgets := make([]DashboardWidgetRef, 0, len(KnownWidgetKeys))
+	for _, k := range KnownWidgetKeys {
+		def, ok := byKey[k]
+		if !ok {
+			continue
+		}
+		ref := DashboardWidgetRef{Key: k, Visible: def.DefaultVisible}
+		if settings := defaultSettingsJSON(def); settings != nil {
+			ref.Settings = settings
+		}
+		widgets = append(widgets, ref)
+	}
+
+	return DashboardLayoutSpec{
+		Version: LayoutSpecVersion,
+		Widgets: widgets,
+	}
+}
+
+// defaultSettingsJSON encodes the per-widget defaults declared on the
+// catalog entry. Returns nil when the widget has no settings.
+func defaultSettingsJSON(def WidgetDef) json.RawMessage {
+	if def.DefaultCount == nil && def.DefaultHorizon == nil {
+		return nil
+	}
+	out := map[string]int{}
+	if def.DefaultCount != nil {
+		out["count"] = *def.DefaultCount
+	}
+	if def.DefaultHorizon != nil {
+		out["horizon_days"] = *def.DefaultHorizon
+	}
+	b, err := json.Marshal(out)
+	if err != nil {
+		return nil
+	}
+	return b
+}
+
+// Validate enforces the structural invariants on write. Returns
+// ErrInvalidInput wrapped with a precise message on the first violation.
+func (s DashboardLayoutSpec) Validate() error {
+	if s.Version != LayoutSpecVersion {
+		return fmt.Errorf("%w: layout version %d not supported (want %d)",
+			ErrInvalidInput, s.Version, LayoutSpecVersion)
+	}
+	if len(s.Widgets) > LayoutWidgetCap {
+		return fmt.Errorf("%w: layout has %d widgets (cap %d)",
+			ErrInvalidInput, len(s.Widgets), LayoutWidgetCap)
+	}
+
+	seen := make(map[WidgetKey]bool, len(s.Widgets))
+	for i, w := range s.Widgets {
+		if !slices.Contains(KnownWidgetKeys, w.Key) {
+			return fmt.Errorf("%w: widgets[%d].key %q is not a known widget",
+				ErrInvalidInput, i, w.Key)
+		}
+		if seen[w.Key] {
+			return fmt.Errorf("%w: widgets has duplicate key %q",
+				ErrInvalidInput, w.Key)
+		}
+		seen[w.Key] = true
+
+		def, ok := LookupWidgetDef(w.Key)
+		if !ok {
+			// Defense in depth — KnownWidgetKeys was checked above.
+			return fmt.Errorf("%w: widgets[%d].key %q has no catalog entry",
+				ErrInvalidInput, i, w.Key)
+		}
+		if err := def.Settings.Validate(w.Settings); err != nil {
+			return fmt.Errorf("widgets[%d]: %w", i, err)
+		}
+	}
+	return nil
+}
+
+// SanitizeForRead applies the forgiving read-path rules: drop entries whose
+// keys are not in the catalog (catalog has shrunk) and bump the version to
+// the current one if missing. Settings on surviving entries pass through
+// unchanged — invalid settings on read are not worth aborting over and the
+// next write will reject them anyway.
+//
+// Returns true if anything was changed; callers can use that to decide
+// whether to PUT the cleaned spec back.
+func (s *DashboardLayoutSpec) SanitizeForRead() bool {
+	changed := false
+	if s.Version != LayoutSpecVersion {
+		s.Version = LayoutSpecVersion
+		changed = true
+	}
+	if len(s.Widgets) == 0 {
+		return changed
+	}
+	out := make([]DashboardWidgetRef, 0, len(s.Widgets))
+	for _, w := range s.Widgets {
+		if _, ok := LookupWidgetDef(w.Key); !ok {
+			changed = true
+			continue
+		}
+		out = append(out, w)
+	}
+	s.Widgets = out
+	return changed
+}
+
+// ParseDashboardLayoutSpec decodes JSON bytes and validates. Used by the
+// HTTP handler on incoming request bodies.
+func ParseDashboardLayoutSpec(b []byte) (DashboardLayoutSpec, error) {
+	var s DashboardLayoutSpec
+	if err := json.Unmarshal(b, &s); err != nil {
+		return DashboardLayoutSpec{}, fmt.Errorf("%w: layout JSON decode: %v", ErrInvalidInput, err)
+	}
+	if err := s.Validate(); err != nil {
+		return DashboardLayoutSpec{}, err
+	}
+	return s, nil
+}

internal/services/dashboard_layout_spec_test.go

@@ -0,0 +1,241 @@
+package services
+
+// Pure-function tests for DashboardLayoutSpec + WidgetCatalog.
+// No DB; safe to run in any environment.
+
+import (
+	"encoding/json"
+	"errors"
+	"strings"
+	"testing"
+)
+
+func TestFactoryDefaultLayout_AllKnownWidgetsPresent(t *testing.T) {
+	def := FactoryDefaultLayout()
+	if def.Version != LayoutSpecVersion {
+		t.Errorf("FactoryDefaultLayout version=%d; want %d", def.Version, LayoutSpecVersion)
+	}
+	if len(def.Widgets) != len(KnownWidgetKeys) {
+		t.Fatalf("FactoryDefaultLayout has %d widgets; want %d", len(def.Widgets), len(KnownWidgetKeys))
+	}
+	for i, k := range KnownWidgetKeys {
+		if def.Widgets[i].Key != k {
+			t.Errorf("widgets[%d].Key = %q; want %q", i, def.Widgets[i].Key, k)
+		}
+		if !def.Widgets[i].Visible {
+			t.Errorf("widgets[%d].Visible = false; factory default should be all-visible", i)
+		}
+	}
+}
+
+func TestFactoryDefaultLayout_SettingsDefaultsPresent(t *testing.T) {
+	def := FactoryDefaultLayout()
+	for _, w := range def.Widgets {
+		catalogDef, ok := LookupWidgetDef(w.Key)
+		if !ok {
+			t.Errorf("factory widget %q is not in catalog", w.Key)
+			continue
+		}
+		hasDefaults := catalogDef.DefaultCount != nil || catalogDef.DefaultHorizon != nil
+		if hasDefaults && len(w.Settings) == 0 {
+			t.Errorf("widget %q has catalog defaults but factory layout has empty settings", w.Key)
+		}
+		if !hasDefaults && len(w.Settings) > 0 {
+			t.Errorf("widget %q has no catalog defaults but factory layout has settings %s", w.Key, string(w.Settings))
+		}
+	}
+}
+
+func TestFactoryDefaultLayout_PassesValidation(t *testing.T) {
+	def := FactoryDefaultLayout()
+	if err := def.Validate(); err != nil {
+		t.Fatalf("factory default failed Validate(): %v", err)
+	}
+}
+
+func TestDashboardLayoutSpec_Validate_WrongVersion(t *testing.T) {
+	s := DashboardLayoutSpec{Version: 99, Widgets: []DashboardWidgetRef{{Key: WidgetDeadlineSummary, Visible: true}}}
+	err := s.Validate()
+	if !errors.Is(err, ErrInvalidInput) {
+		t.Fatalf("Validate returned %v; want ErrInvalidInput", err)
+	}
+	if !strings.Contains(err.Error(), "version") {
+		t.Errorf("error %q should mention 'version'", err.Error())
+	}
+}
+
+func TestDashboardLayoutSpec_Validate_TooManyWidgets(t *testing.T) {
+	widgets := make([]DashboardWidgetRef, LayoutWidgetCap+1)
+	for i := range widgets {
+		widgets[i] = DashboardWidgetRef{Key: WidgetDeadlineSummary, Visible: true}
+	}
+	s := DashboardLayoutSpec{Version: 1, Widgets: widgets}
+	err := s.Validate()
+	if !errors.Is(err, ErrInvalidInput) {
+		t.Fatalf("Validate returned %v; want ErrInvalidInput", err)
+	}
+}
+
+func TestDashboardLayoutSpec_Validate_UnknownKey(t *testing.T) {
+	s := DashboardLayoutSpec{Version: 1, Widgets: []DashboardWidgetRef{
+		{Key: "not-a-real-widget", Visible: true},
+	}}
+	err := s.Validate()
+	if !errors.Is(err, ErrInvalidInput) {
+		t.Fatalf("Validate returned %v; want ErrInvalidInput", err)
+	}
+}
+
+func TestDashboardLayoutSpec_Validate_DuplicateKey(t *testing.T) {
+	s := DashboardLayoutSpec{Version: 1, Widgets: []DashboardWidgetRef{
+		{Key: WidgetDeadlineSummary, Visible: true},
+		{Key: WidgetDeadlineSummary, Visible: false},
+	}}
+	err := s.Validate()
+	if !errors.Is(err, ErrInvalidInput) {
+		t.Fatalf("Validate returned %v; want ErrInvalidInput", err)
+	}
+	if !strings.Contains(err.Error(), "duplicate") {
+		t.Errorf("error %q should mention 'duplicate'", err.Error())
+	}
+}
+
+func TestDashboardLayoutSpec_Validate_BadSettings(t *testing.T) {
+	// count not in CountOptions for upcoming-deadlines (legal: 1,3,5,10,20)
+	s := DashboardLayoutSpec{Version: 1, Widgets: []DashboardWidgetRef{
+		{Key: WidgetUpcomingDeadlines, Visible: true, Settings: json.RawMessage(`{"count": 7}`)},
+	}}
+	err := s.Validate()
+	if !errors.Is(err, ErrInvalidInput) {
+		t.Fatalf("Validate returned %v; want ErrInvalidInput", err)
+	}
+}
+
+func TestDashboardLayoutSpec_Validate_AcceptsValidSettings(t *testing.T) {
+	s := DashboardLayoutSpec{Version: 1, Widgets: []DashboardWidgetRef{
+		{Key: WidgetUpcomingDeadlines, Visible: true, Settings: json.RawMessage(`{"count": 5, "horizon_days": 14}`)},
+		{Key: WidgetInlineAgenda, Visible: true, Settings: json.RawMessage(`{"horizon_days": 60}`)},
+		{Key: WidgetRecentActivity, Visible: false},
+	}}
+	if err := s.Validate(); err != nil {
+		t.Fatalf("Validate returned %v; want nil", err)
+	}
+}
+
+func TestDashboardLayoutSpec_Validate_SettingsOnNoSettingsWidget(t *testing.T) {
+	// deadline-summary has no Settings schema.
+	s := DashboardLayoutSpec{Version: 1, Widgets: []DashboardWidgetRef{
+		{Key: WidgetDeadlineSummary, Visible: true, Settings: json.RawMessage(`{"count": 5}`)},
+	}}
+	err := s.Validate()
+	if !errors.Is(err, ErrInvalidInput) {
+		t.Fatalf("Validate returned %v; want ErrInvalidInput", err)
+	}
+}
+
+func TestDashboardLayoutSpec_SanitizeForRead_DropsUnknownKeys(t *testing.T) {
+	s := DashboardLayoutSpec{Version: 1, Widgets: []DashboardWidgetRef{
+		{Key: WidgetDeadlineSummary, Visible: true},
+		{Key: "deprecated-widget", Visible: true},
+		{Key: WidgetInlineAgenda, Visible: true},
+	}}
+	changed := s.SanitizeForRead()
+	if !changed {
+		t.Errorf("SanitizeForRead returned false; expected true (one entry dropped)")
+	}
+	if len(s.Widgets) != 2 {
+		t.Errorf("after sanitize: %d widgets; want 2", len(s.Widgets))
+	}
+	if s.Widgets[0].Key != WidgetDeadlineSummary || s.Widgets[1].Key != WidgetInlineAgenda {
+		t.Errorf("after sanitize: keys = %v %v; want %v %v",
+			s.Widgets[0].Key, s.Widgets[1].Key, WidgetDeadlineSummary, WidgetInlineAgenda)
+	}
+}
+
+func TestDashboardLayoutSpec_SanitizeForRead_NoopOnClean(t *testing.T) {
+	s := FactoryDefaultLayout()
+	if s.SanitizeForRead() {
+		t.Errorf("SanitizeForRead on factory default returned true; want false (already clean)")
+	}
+}
+
+func TestDashboardLayoutSpec_SanitizeForRead_BumpsVersion(t *testing.T) {
+	s := DashboardLayoutSpec{Version: 0, Widgets: []DashboardWidgetRef{{Key: WidgetDeadlineSummary, Visible: true}}}
+	if !s.SanitizeForRead() {
+		t.Errorf("SanitizeForRead returned false; expected version bump")
+	}
+	if s.Version != LayoutSpecVersion {
+		t.Errorf("after sanitize: Version=%d; want %d", s.Version, LayoutSpecVersion)
+	}
+}
+
+func TestParseDashboardLayoutSpec_RoundTrip(t *testing.T) {
+	def := FactoryDefaultLayout()
+	bytes, err := json.Marshal(def)
+	if err != nil {
+		t.Fatalf("marshal: %v", err)
+	}
+	parsed, err := ParseDashboardLayoutSpec(bytes)
+	if err != nil {
+		t.Fatalf("parse: %v", err)
+	}
+	if parsed.Version != def.Version {
+		t.Errorf("version mismatch: %d vs %d", parsed.Version, def.Version)
+	}
+	if len(parsed.Widgets) != len(def.Widgets) {
+		t.Errorf("widget count mismatch: %d vs %d", len(parsed.Widgets), len(def.Widgets))
+	}
+}
+
+func TestParseDashboardLayoutSpec_InvalidJSON(t *testing.T) {
+	_, err := ParseDashboardLayoutSpec([]byte(`{not-json}`))
+	if !errors.Is(err, ErrInvalidInput) {
+		t.Fatalf("ParseDashboardLayoutSpec returned %v; want ErrInvalidInput", err)
+	}
+}
+
+func TestWidgetCatalog_AllKnownKeysHaveDef(t *testing.T) {
+	for _, k := range KnownWidgetKeys {
+		def, ok := LookupWidgetDef(k)
+		if !ok {
+			t.Errorf("KnownWidgetKeys entry %q has no WidgetDef", k)
+			continue
+		}
+		if def.TitleDE == "" || def.TitleEN == "" {
+			t.Errorf("widget %q missing title (de=%q en=%q)", k, def.TitleDE, def.TitleEN)
+		}
+		if def.DescriptionDE == "" || def.DescriptionEN == "" {
+			t.Errorf("widget %q missing description", k)
+		}
+	}
+}
+
+func TestWidgetCatalog_NoOrphanDefs(t *testing.T) {
+	known := make(map[WidgetKey]bool, len(KnownWidgetKeys))
+	for _, k := range KnownWidgetKeys {
+		known[k] = true
+	}
+	for _, def := range WidgetCatalog() {
+		if !known[def.Key] {
+			// Orphans are allowed (forward-compat: pinned-projects const
+			// exists in widget_catalog.go before its widget module ships).
+			// But verify the catalog entry is internally coherent.
+			if def.TitleDE == "" || def.TitleEN == "" {
+				t.Errorf("orphan catalog entry %q must still have titles", def.Key)
+			}
+		}
+	}
+}
+
+func TestWidgetSettingsSchema_NilRejectsNonEmpty(t *testing.T) {
+	var sch *WidgetSettingsSchema
+	if err := sch.Validate(json.RawMessage(`{"count": 5}`)); !errors.Is(err, ErrInvalidInput) {
+		t.Fatalf("nil schema accepted settings; got %v", err)
+	}
+	if err := sch.Validate(nil); err != nil {
+		t.Errorf("nil schema rejected empty settings: %v", err)
+	}
+	if err := sch.Validate(json.RawMessage(`null`)); err != nil {
+		t.Errorf("nil schema rejected 'null' settings: %v", err)
+	}
+}

internal/services/dashboard_service.go

@@ -21,14 +21,24 @@ import (
 // DashboardService reads paliad.projects/deadlines/appointments/project_events for
 // the Dashboard page.
 type DashboardService struct {
-	db    *sqlx.DB
-	users *UserService
+	db        *sqlx.DB
+	users     *UserService
+	approvals *ApprovalService
 }
 
 func NewDashboardService(db *sqlx.DB, users *UserService) *DashboardService {
 	return &DashboardService{db: db, users: users}
 }
 
+// SetApprovalService wires the inbox-approvals widget data source. Called
+// post-construction so that DashboardService and ApprovalService can be
+// stitched together at boot without a circular constructor dependency.
+// Safe to leave nil — InboxSummary will then carry pending_count=0 and an
+// empty entries list, and the widget renders its empty state.
+func (s *DashboardService) SetApprovalService(a *ApprovalService) {
+	s.approvals = a
+}
+
 // DashboardData is the full payload returned to the frontend.
 type DashboardData struct {
 	User                 *DashboardUser        `json:"user"`
@@ -38,8 +48,42 @@ type DashboardData struct {
 	UpcomingDeadlines    []UpcomingDeadline    `json:"upcoming_deadlines"`
 	UpcomingAppointments []UpcomingAppointment `json:"upcoming_appointments"`
 	RecentActivity       []ActivityEntry       `json:"recent_activity"`
+	InboxSummary         InboxSummary          `json:"inbox_summary"`
 }
 
+// InboxSummary feeds the inbox-approvals widget on the configurable
+// dashboard (t-paliad-219). PendingCount is the precise number of
+// approval requests that await this user's approval; Top is a small
+// preview list (up to InboxTopCap entries) ordered oldest-pending-first
+// so the most urgent appears first.
+//
+// When the ApprovalService dependency is unwired (knowledge-platform-only
+// deployments, tests), PendingCount=0 and Top=[] so the widget renders
+// its empty state. The data path is read-only — no writes go through
+// the dashboard payload.
+type InboxSummary struct {
+	PendingCount int          `json:"pending_count"`
+	Top          []InboxEntry `json:"top"`
+}
+
+// InboxEntry is a single row in InboxSummary.Top — the minimum needed
+// to render a clickable preview ("Frist X auf Akte Y, vorgeschlagen am Z").
+type InboxEntry struct {
+	RequestID    uuid.UUID `json:"id"`
+	EntityType   string    `json:"entity_type"`
+	EntityTitle  *string   `json:"entity_title,omitempty"`
+	ProjectID    uuid.UUID `json:"project_id"`
+	ProjectTitle string    `json:"project_title"`
+	RequestedAt  time.Time `json:"requested_at"`
+	RequesterID  uuid.UUID `json:"requester_id"`
+	RequesterName string   `json:"requester_name"`
+}
+
+// InboxTopCap caps the preview list. The widget's count setting tops out
+// at 10 (see WidgetCatalog inboxCounts); we fetch the cap once and let
+// the client trim further per the user's setting.
+const InboxTopCap = 10
+
 type DashboardUser struct {
 	ID          uuid.UUID `json:"id"`
 	Email       string    `json:"email"`
@@ -146,7 +190,12 @@ func (s *DashboardService) Get(ctx context.Context, userID uuid.UUID) (*Dashboar
 
 	now := time.Now()
 	today := now.Format("2006-01-02")
-	endOfWindow := now.AddDate(0, 0, 7).Format("2006-01-02")
+	// t-paliad-219 §18 Note B: widen the upcoming windows from 7d → 60d
+	// so the per-widget horizon dropdown (7/14/30/60) can filter client-
+	// side without re-querying. LIMIT bumps from 10 to 40 for the same
+	// reason — the widget's count setting tops out at 20 plus headroom
+	// for the agenda widget which can read from the same payload.
+	endOfWindow := now.AddDate(0, 0, 60).Format("2006-01-02")
 	bounds := computeDeadlineBucketBounds(now.UTC())
 
 	if err := s.loadSummary(ctx, data, user, bounds); err != nil {
@@ -161,6 +210,9 @@ func (s *DashboardService) Get(ctx context.Context, userID uuid.UUID) (*Dashboar
 	if err := s.loadRecentActivity(ctx, data, user); err != nil {
 		return nil, err
 	}
+	if err := s.loadInboxSummary(ctx, data, user); err != nil {
+		return nil, err
+	}
 
 	annotateUrgency(data.UpcomingDeadlines, now)
 	return data, nil
@@ -261,7 +313,7 @@ SELECT f.id,
    AND f.due_date <= $3::date
    AND ` + visibilityPredicatePositional("p", 1) + `
  ORDER BY f.due_date ASC
- LIMIT 10`
+ LIMIT 40`
 	if err := s.db.SelectContext(ctx, &data.UpcomingDeadlines, query,
 		user.ID, today, endOfWeek); err != nil {
 		return fmt.Errorf("dashboard upcoming deadlines: %w", err)
@@ -269,6 +321,45 @@ SELECT f.id,
 	return nil
 }
 
+// loadInboxSummary populates DashboardData.InboxSummary — the open-
+// approval count + top InboxTopCap entries for the inbox-approvals
+// widget (t-paliad-219). When ApprovalService is unwired (knowledge-
+// platform-only deployments, tests), the function is a no-op and the
+// widget renders its empty state.
+func (s *DashboardService) loadInboxSummary(ctx context.Context, data *DashboardData, user *models.User) error {
+	data.InboxSummary = InboxSummary{Top: []InboxEntry{}}
+	if s.approvals == nil {
+		return nil
+	}
+	cnt, err := s.approvals.PendingCountForUser(ctx, user.ID)
+	if err != nil {
+		return fmt.Errorf("dashboard inbox count: %w", err)
+	}
+	data.InboxSummary.PendingCount = cnt
+	if cnt == 0 {
+		return nil
+	}
+	rows, err := s.approvals.ListPendingForApprover(ctx, user.ID, InboxFilter{Limit: InboxTopCap})
+	if err != nil {
+		return fmt.Errorf("dashboard inbox top: %w", err)
+	}
+	top := make([]InboxEntry, 0, len(rows))
+	for _, r := range rows {
+		top = append(top, InboxEntry{
+			RequestID:     r.ID,
+			EntityType:    r.EntityType,
+			EntityTitle:   r.EntityTitle,
+			ProjectID:     r.ProjectID,
+			ProjectTitle:  r.ProjectTitle,
+			RequestedAt:   r.RequestedAt,
+			RequesterID:   r.RequestedBy,
+			RequesterName: r.RequesterName,
+		})
+	}
+	data.InboxSummary.Top = top
+	return nil
+}
+
 func (s *DashboardService) loadUpcomingAppointments(ctx context.Context, data *DashboardData, user *models.User, now time.Time) error {
 	query := `
 SELECT t.id,
@@ -282,13 +373,13 @@ SELECT t.id,
   FROM paliad.appointments t
   LEFT JOIN paliad.projects p ON p.id = t.project_id
  WHERE t.start_at >= $2
-   AND t.start_at <  ($2 + interval '7 days')
+   AND t.start_at <  ($2 + interval '60 days')
    AND (
         (t.project_id IS NULL AND t.created_by = $1)
         OR (t.project_id IS NOT NULL AND ` + visibilityPredicatePositional("p", 1) + `)
        )
  ORDER BY t.start_at ASC
- LIMIT 10`
+ LIMIT 40`
 	if err := s.db.SelectContext(ctx, &data.UpcomingAppointments, query,
 		user.ID, now); err != nil {
 		return fmt.Errorf("dashboard upcoming appointments: %w", err)

internal/services/dashboard_service_test.go

@@ -0,0 +1,51 @@
+package services
+
+// Pure-function tests for DashboardService extensions in Slice A3.
+
+import (
+	"context"
+	"testing"
+
+	"github.com/google/uuid"
+
+	"mgit.msbls.de/m/paliad/internal/models"
+)
+
+func TestDashboardService_InboxSummary_NilApprovalsIsNoop(t *testing.T) {
+	s := &DashboardService{} // approvals nil
+	data := &DashboardData{}
+	user := &models.User{ID: uuid.New()}
+	if err := s.loadInboxSummary(context.Background(), data, user); err != nil {
+		t.Fatalf("loadInboxSummary with nil approvals returned %v; want nil", err)
+	}
+	if data.InboxSummary.PendingCount != 0 {
+		t.Errorf("PendingCount=%d; want 0", data.InboxSummary.PendingCount)
+	}
+	if data.InboxSummary.Top == nil {
+		t.Errorf("Top is nil; want empty slice")
+	}
+	if len(data.InboxSummary.Top) != 0 {
+		t.Errorf("Top has %d entries; want 0", len(data.InboxSummary.Top))
+	}
+}
+
+func TestDashboardService_SetApprovalService_WiringWorks(t *testing.T) {
+	s := &DashboardService{}
+	if s.approvals != nil {
+		t.Fatalf("freshly-constructed DashboardService has non-nil approvals")
+	}
+	a := &ApprovalService{} // empty shell; we only check the pointer wiring
+	s.SetApprovalService(a)
+	if s.approvals != a {
+		t.Errorf("SetApprovalService did not wire the pointer")
+	}
+}
+
+func TestInboxTopCap_NonZero(t *testing.T) {
+	// Sanity guard: if someone zeros this const, the inbox-approvals
+	// widget falls back to an empty top-N silently. Pin it ≥ the
+	// largest catalog count option for the inbox widget (10).
+	if InboxTopCap < 10 {
+		t.Errorf("InboxTopCap=%d; must be ≥ 10 to satisfy widget catalog max count", InboxTopCap)
+	}
+}

internal/services/event_service.go

@@ -279,7 +279,12 @@ func shouldExcludeAppointmentsForStatus(status DeadlineStatusFilter) bool {
 // matches a bucket-style deadline status — used to filter the
 // appointment side when the user clicks a card on the unified events
 // page. Returns (nil, nil) for non-bucket statuses (pending / all /
-// upcoming / "" / overdue / completed — those are handled separately).
+// "" / overdue / completed — those are handled separately).
+//
+// DeadlineFilterUpcoming maps to "start_at >= today" so legacy
+// `?status=upcoming` URLs hide past appointments instead of falling
+// through to the unfiltered query (m/paliad#54 — the UI option that
+// surfaced this status has been removed, but bookmarks may persist).
 func bucketAppointmentWindow(status DeadlineStatusFilter, b deadlineBucketBounds) (*time.Time, *time.Time) {
 	switch status {
 	case DeadlineFilterToday:
@@ -293,6 +298,8 @@ func bucketAppointmentWindow(status DeadlineStatusFilter, b deadlineBucketBounds
 		return &b.nextMonday, &t
 	case DeadlineFilterLater:
 		return &b.weekAfter, nil
+	case DeadlineFilterUpcoming:
+		return &b.today, nil
 	}
 	return nil, nil
 }

internal/services/project_code.go

@@ -0,0 +1,312 @@
+package services
+
+import (
+	"context"
+	"fmt"
+	"regexp"
+	"strings"
+	"unicode"
+
+	"github.com/google/uuid"
+	"github.com/jmoiron/sqlx"
+	"github.com/lib/pq"
+	"golang.org/x/text/runes"
+	"golang.org/x/text/transform"
+	"golang.org/x/text/unicode/norm"
+
+	"mgit.msbls.de/m/paliad/internal/models"
+)
+
+// Project codes — t-paliad-222 / m/paliad#50.
+//
+// BuildProjectCode assembles a dotted code from the ancestor chain of
+// a project. Each ancestor contributes one segment derived from its
+// type-specific metadata. Missing segments (NULL ancestor field,
+// unfilled opponent_code, etc.) are skipped silently — there is no
+// placeholder.
+//
+//   client     → reference if set, else slug(title), capped at 8 chars
+//   litigation → opponent_code (the slug the user typed at litigation
+//                creation), empty → skipped
+//   patent     → last 3 digits of patent_number (full digit-stream when
+//                shorter), empty → skipped
+//   case       → uppercase tail of proceeding_types.code (jurisdiction
+//                segment dropped), empty → skipped
+//   project    → "" (generic projects don't contribute a segment)
+//
+// Custom override: if the target row's `reference` column is non-empty,
+// it wins outright — the helper returns the literal `reference` string
+// without walking the ancestor chain.
+//
+// Example: Client EXMPL → Litigation OPNT → Patent EP3456789 → Case
+// `upc.inf.cfi` → "EXMPL.OPNT.789.INF.CFI".
+//
+// Collision handling: codes are display-only (no uniqueness
+// constraint). Two cases that derive to the same code both return the
+// same string. v1 contract — users disambiguate via `reference` when it
+// matters.
+
+// projectChainRow is one row of the ancestor walk. Includes only the
+// columns BuildProjectCode needs; trimmed for cheap projection.
+type projectChainRow struct {
+	ID               uuid.UUID `db:"id"`
+	Type             string    `db:"type"`
+	Title            string    `db:"title"`
+	Reference        *string   `db:"reference"`
+	OpponentCode     *string   `db:"opponent_code"`
+	PatentNumber     *string   `db:"patent_number"`
+	ProceedingTypeID *int      `db:"proceeding_type_id"`
+	ProceedingCode   *string   `db:"proceeding_code"`
+}
+
+// BuildProjectCode walks the ancestor chain via the existing
+// paliad.projects.path ltree and returns the assembled code. One DB
+// round-trip per call; suitable for per-row use in single-project
+// projection paths.
+//
+// For list endpoints with many rows, the call still scales fine for
+// firm-scale datasets (order-of-100s); if profiling later flags it as
+// a hotspot, introduce a materialised view per the design doc §3.2 Q8.
+func BuildProjectCode(ctx context.Context, db sqlx.QueryerContext, projectID uuid.UUID) (string, error) {
+	const query = `
+		SELECT p.id, p.type, p.title, p.reference, p.opponent_code,
+		       p.patent_number, p.proceeding_type_id,
+		       pt.code AS proceeding_code
+		  FROM paliad.projects p
+		  LEFT JOIN paliad.proceeding_types pt ON pt.id = p.proceeding_type_id
+		 WHERE p.path @> (SELECT path FROM paliad.projects WHERE id = $1)
+		 ORDER BY nlevel(p.path)
+	`
+	rows := []projectChainRow{}
+	if err := sqlx.SelectContext(ctx, db, &rows, query, projectID); err != nil {
+		return "", fmt.Errorf("build project code: load chain: %w", err)
+	}
+	if len(rows) == 0 {
+		return "", nil
+	}
+	return assembleProjectCode(rows), nil
+}
+
+// PopulateProjectCodes assigns .Code on every project in `targets` via
+// a single bulk round-trip. Used by List / ListChildren / ListAncestors
+// projection paths to avoid N+1 BuildProjectCode calls.
+//
+// Empty slice → no-op. Rows that can't be matched (orphaned) get an
+// empty code rather than an error.
+func PopulateProjectCodes(ctx context.Context, db sqlx.QueryerContext, targets []models.Project) error {
+	if len(targets) == 0 {
+		return nil
+	}
+	ids := make([]string, len(targets))
+	for i, t := range targets {
+		ids[i] = t.ID.String()
+	}
+
+	// One CTE-based query: for each target id, fetch the full ancestor
+	// chain joined to proceeding_types, ordered so we can group in Go.
+	const query = `
+		WITH targets AS (
+		    SELECT id, path
+		      FROM paliad.projects
+		     WHERE id = ANY($1::uuid[])
+		)
+		SELECT t.id AS target_id,
+		       p.id, p.type, p.title, p.reference, p.opponent_code,
+		       p.patent_number, p.proceeding_type_id,
+		       pt.code AS proceeding_code,
+		       nlevel(p.path) AS chain_level
+		  FROM targets t
+		  JOIN paliad.projects p ON p.path @> t.path
+		  LEFT JOIN paliad.proceeding_types pt ON pt.id = p.proceeding_type_id
+		 ORDER BY t.id, chain_level
+	`
+	type bulkRow struct {
+		TargetID uuid.UUID `db:"target_id"`
+		projectChainRow
+		ChainLevel int `db:"chain_level"`
+	}
+
+	rows := []bulkRow{}
+	if err := sqlx.SelectContext(ctx, db, &rows, query, pq.StringArray(ids)); err != nil {
+		return fmt.Errorf("populate project codes: bulk fetch: %w", err)
+	}
+
+	chains := make(map[uuid.UUID][]projectChainRow, len(targets))
+	for _, r := range rows {
+		chains[r.TargetID] = append(chains[r.TargetID], r.projectChainRow)
+	}
+	for i := range targets {
+		targets[i].Code = assembleProjectCode(chains[targets[i].ID])
+	}
+	return nil
+}
+
+// assembleProjectCode is the pure code-assembly step, split out from
+// the DB hop so it can be table-tested without fixtures.
+//
+// Custom override: non-empty `reference` on the target row (last in
+// chain) wins; the function returns it verbatim without computing the
+// other segments.
+func assembleProjectCode(chain []projectChainRow) string {
+	if len(chain) == 0 {
+		return ""
+	}
+	target := chain[len(chain)-1]
+	if target.Reference != nil {
+		if v := strings.TrimSpace(*target.Reference); v != "" {
+			return v
+		}
+	}
+	segments := make([]string, 0, len(chain))
+	for _, p := range chain {
+		seg := projectCodeSegment(p)
+		if seg == "" {
+			continue
+		}
+		segments = append(segments, seg)
+	}
+	return strings.Join(segments, ".")
+}
+
+// projectCodeSegment returns the per-row segment string for the dotted
+// project code. Empty string → row contributes no segment (skipped by
+// the assembler). Pure; never touches the DB. Table-tested.
+func projectCodeSegment(p projectChainRow) string {
+	switch p.Type {
+	case "client":
+		if p.Reference != nil {
+			if v := sanitizeClientShort(*p.Reference); v != "" {
+				return v
+			}
+		}
+		return sanitizeClientShort(p.Title)
+	case "litigation":
+		if p.OpponentCode != nil {
+			return strings.TrimSpace(*p.OpponentCode)
+		}
+		return ""
+	case "patent":
+		if p.PatentNumber != nil {
+			return patentLast3(*p.PatentNumber)
+		}
+		return ""
+	case "case":
+		if p.ProceedingCode != nil {
+			return proceedingTail(*p.ProceedingCode)
+		}
+		return ""
+	default:
+		// 'project' (generic) and any future types contribute nothing.
+		return ""
+	}
+}
+
+// sanitizeClientShort produces an 8-char uppercase slug from a client
+// reference / title. Strips diacritics, replaces non-alphanumerics
+// with nothing, trims, caps at 8 chars. Empty input → "".
+//
+// Examples (verified by table test):
+//   "EXMPL"        → "EXMPL"
+//   "Example Co."  → "EXAMPLEC"
+//   "Müller GmbH"  → "MULLERGM"
+//   "  "           → ""
+func sanitizeClientShort(s string) string {
+	s = strings.TrimSpace(s)
+	if s == "" {
+		return ""
+	}
+	// Strip diacritics: NFD-decompose, drop combining marks, NFC-recompose.
+	t := transform.Chain(norm.NFD, runes.Remove(runes.In(unicode.Mn)), norm.NFC)
+	stripped, _, err := transform.String(t, s)
+	if err != nil {
+		stripped = s
+	}
+	var b strings.Builder
+	b.Grow(len(stripped))
+	for _, r := range stripped {
+		if unicode.IsLetter(r) || unicode.IsDigit(r) {
+			b.WriteRune(unicode.ToUpper(r))
+		}
+	}
+	out := b.String()
+	if len(out) > 8 {
+		out = out[:8]
+	}
+	return out
+}
+
+// patentDigitsPattern matches a run of digits inside a patent number.
+// Pre-compiled once to avoid per-call regex compilation cost.
+var patentDigitsPattern = regexp.MustCompile(`\d+`)
+
+// patentKindCodeSuffix matches the trailing kind code on a patent
+// publication number (A1, A2, B1, B2, C, T3, etc.). Stripped before
+// digit extraction so the kind-code's optional digit doesn't sneak
+// into the patent number proper.
+//
+// EP / WO conventions allow A, B, C, T, U as the letter; the digit is
+// optional. The regex anchors at end-of-string and tolerates trailing
+// whitespace.
+var patentKindCodeSuffix = regexp.MustCompile(`[A-Z][0-9]?\s*$`)
+
+// patentLast3 extracts the last 3 digits of a patent number, returning
+// the full digit-stream if the patent has fewer than 3 digits total.
+//
+// Strips a trailing kind-code suffix (A1, B2, C, T3 …) first so its
+// optional digit doesn't pollute the result, then collapses all digit
+// runs in the remainder to handle spaced / slashed formats. Examples:
+//
+//   "EP1234567"        → "567"
+//   "EP 1 234 567"     → "567"
+//   "EP3456789A1"      → "789"
+//   "EP1234567 B1"     → "567"
+//   "WO2020/123456A1"  → "456"
+//   "DE12"             → "12"
+//   "EP"               → ""
+//   ""                 → ""
+func patentLast3(s string) string {
+	s = strings.ToUpper(strings.TrimSpace(s))
+	if s == "" {
+		return ""
+	}
+	// Strip the trailing kind code (one or two chars at end).
+	s = patentKindCodeSuffix.ReplaceAllString(s, "")
+	matches := patentDigitsPattern.FindAllString(s, -1)
+	if len(matches) == 0 {
+		return ""
+	}
+	digits := strings.Join(matches, "")
+	if len(digits) >= 3 {
+		return digits[len(digits)-3:]
+	}
+	return digits
+}
+
+// proceedingTail takes a proceeding_types.code (e.g. "upc.inf.cfi") and
+// returns the uppercase tail with the leading jurisdiction segment
+// dropped. The jurisdiction is implied by the ancestor client / patent
+// context, so it's redundant in the code.
+//
+//   "upc.inf.cfi"     → "INF.CFI"
+//   "upc.rev.cfi"     → "REV.CFI"
+//   "upc.apl.merits"  → "APL.MERITS"
+//   "de.inf.lg"       → "INF.LG"
+//   "de.inf.olg"      → "INF.OLG"
+//   "single"          → ""        (no tail after dropping the only segment)
+//   ""                → ""
+func proceedingTail(code string) string {
+	code = strings.TrimSpace(code)
+	if code == "" {
+		return ""
+	}
+	parts := strings.Split(code, ".")
+	if len(parts) < 2 {
+		return ""
+	}
+	tail := parts[1:]
+	out := make([]string, len(tail))
+	for i, p := range tail {
+		out[i] = strings.ToUpper(p)
+	}
+	return strings.Join(out, ".")
+}

internal/services/project_code_test.go

@@ -0,0 +1,376 @@
+package services
+
+import (
+	"testing"
+
+	"github.com/google/uuid"
+)
+
+// TestProjectCodeSegment pins the per-type segment derivation rules
+// from t-paliad-222 design §3.2:
+//
+//   client     → reference if set, else sanitized title (cap 8 chars)
+//   litigation → opponent_code verbatim (empty → skipped)
+//   patent     → last 3 digits of patent_number
+//   case       → uppercase tail of proceeding_types.code
+//   project    → ""
+func TestProjectCodeSegment(t *testing.T) {
+	str := func(s string) *string { return &s }
+	intp := func(i int) *int { return &i }
+
+	cases := []struct {
+		name string
+		row  projectChainRow
+		want string
+	}{
+		// Client rows.
+		{
+			"client with reference",
+			projectChainRow{Type: "client", Title: "Example Co.", Reference: str("EXMPL")},
+			"EXMPL",
+		},
+		{
+			"client without reference falls back to slug(title)",
+			projectChainRow{Type: "client", Title: "Example Co.", Reference: nil},
+			"EXAMPLEC",
+		},
+		{
+			"client without reference, diacritics stripped",
+			projectChainRow{Type: "client", Title: "Müller GmbH"},
+			"MULLERGM",
+		},
+		{
+			"client with empty reference falls back to title",
+			projectChainRow{Type: "client", Title: "ACME", Reference: str("  ")},
+			"ACME",
+		},
+		{
+			"client with empty title and no reference → empty",
+			projectChainRow{Type: "client", Title: ""},
+			"",
+		},
+
+		// Litigation rows.
+		{
+			"litigation with opponent_code",
+			projectChainRow{Type: "litigation", Title: "X v Y", OpponentCode: str("OPNT")},
+			"OPNT",
+		},
+		{
+			"litigation without opponent_code → empty",
+			projectChainRow{Type: "litigation", Title: "X v Y", OpponentCode: nil},
+			"",
+		},
+
+		// Patent rows.
+		{
+			"patent EP1234567 → 567",
+			projectChainRow{Type: "patent", PatentNumber: str("EP1234567")},
+			"567",
+		},
+		{
+			"patent with spaces EP 3 456 789 → 789",
+			projectChainRow{Type: "patent", PatentNumber: str("EP 3 456 789")},
+			"789",
+		},
+		{
+			"patent with kind code EP3456789A1 → 789",
+			projectChainRow{Type: "patent", PatentNumber: str("EP3456789A1")},
+			"789",
+		},
+		{
+			"patent WO2020/123456 → 456",
+			projectChainRow{Type: "patent", PatentNumber: str("WO2020/123456")},
+			"456",
+		},
+		{
+			"patent shorter than 3 digits → full",
+			projectChainRow{Type: "patent", PatentNumber: str("DE12")},
+			"12",
+		},
+		{
+			"patent nil → empty",
+			projectChainRow{Type: "patent", PatentNumber: nil},
+			"",
+		},
+		{
+			"patent empty digit-stream → empty",
+			projectChainRow{Type: "patent", PatentNumber: str("EP")},
+			"",
+		},
+
+		// Case rows.
+		{
+			"case upc.inf.cfi → INF.CFI",
+			projectChainRow{Type: "case", ProceedingTypeID: intp(8), ProceedingCode: str("upc.inf.cfi")},
+			"INF.CFI",
+		},
+		{
+			"case upc.apl.merits → APL.MERITS",
+			projectChainRow{Type: "case", ProceedingTypeID: intp(11), ProceedingCode: str("upc.apl.merits")},
+			"APL.MERITS",
+		},
+		{
+			"case de.inf.lg → INF.LG",
+			projectChainRow{Type: "case", ProceedingTypeID: intp(12), ProceedingCode: str("de.inf.lg")},
+			"INF.LG",
+		},
+		{
+			"case without proceeding_code → empty",
+			projectChainRow{Type: "case", ProceedingTypeID: nil, ProceedingCode: nil},
+			"",
+		},
+		{
+			"case with single-segment code → empty (no tail)",
+			projectChainRow{Type: "case", ProceedingCode: str("single")},
+			"",
+		},
+
+		// Generic project rows contribute nothing.
+		{
+			"generic project → empty",
+			projectChainRow{Type: "project", Title: "Whatever"},
+			"",
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			got := projectCodeSegment(c.row)
+			if got != c.want {
+				t.Errorf("projectCodeSegment() = %q, want %q", got, c.want)
+			}
+		})
+	}
+}
+
+// TestAssembleProjectCode covers the chain assembler, including the
+// custom-override fast-path on the target row's `reference`.
+func TestAssembleProjectCode(t *testing.T) {
+	str := func(s string) *string { return &s }
+	intp := func(i int) *int { return &i }
+
+	// The reference tree from the issue body: EXMPL → OPNT → EP3456789 → upc.inf.cfi.
+	fullChain := []projectChainRow{
+		{ID: uuid.New(), Type: "client", Title: "Example Co.", Reference: str("EXMPL")},
+		{ID: uuid.New(), Type: "litigation", Title: "Ex v Op", OpponentCode: str("OPNT")},
+		{ID: uuid.New(), Type: "patent", PatentNumber: str("EP3456789")},
+		{ID: uuid.New(), Type: "case", ProceedingTypeID: intp(8), ProceedingCode: str("upc.inf.cfi")},
+	}
+
+	cases := []struct {
+		name  string
+		chain []projectChainRow
+		want  string
+	}{
+		{
+			"reference tree → EXMPL.OPNT.789.INF.CFI",
+			fullChain,
+			"EXMPL.OPNT.789.INF.CFI",
+		},
+		{
+			"empty chain → empty",
+			nil,
+			"",
+		},
+		{
+			"override on target wins outright",
+			append(append([]projectChainRow{}, fullChain[:3]...), projectChainRow{
+				ID: uuid.New(), Type: "case", Reference: str("CUSTOM-CODE"),
+				ProceedingTypeID: intp(8), ProceedingCode: str("upc.inf.cfi"),
+			}),
+			"CUSTOM-CODE",
+		},
+		{
+			"override with surrounding whitespace is trimmed",
+			append(append([]projectChainRow{}, fullChain[:3]...), projectChainRow{
+				ID: uuid.New(), Type: "case", Reference: str("  TRIMMED  "),
+			}),
+			"TRIMMED",
+		},
+		{
+			"override empty string falls through to derivation",
+			append(append([]projectChainRow{}, fullChain[:3]...), projectChainRow{
+				ID: uuid.New(), Type: "case", Reference: str(""),
+				ProceedingTypeID: intp(8), ProceedingCode: str("upc.inf.cfi"),
+			}),
+			"EXMPL.OPNT.789.INF.CFI",
+		},
+		{
+			"missing ancestors are skipped silently — case directly under client",
+			[]projectChainRow{
+				{Type: "client", Reference: str("EXMPL")},
+				{Type: "case", ProceedingCode: str("upc.inf.cfi")},
+			},
+			"EXMPL.INF.CFI",
+		},
+		{
+			"missing patent contributes nothing; client+litigation+case",
+			[]projectChainRow{
+				{Type: "client", Reference: str("EXMPL")},
+				{Type: "litigation", OpponentCode: str("OPNT")},
+				{Type: "case", ProceedingCode: str("upc.inf.cfi")},
+			},
+			"EXMPL.OPNT.INF.CFI",
+		},
+		{
+			"target itself is a litigation row (no case below) → up to opponent code",
+			[]projectChainRow{
+				{Type: "client", Reference: str("EXMPL")},
+				{Type: "litigation", OpponentCode: str("OPNT")},
+			},
+			"EXMPL.OPNT",
+		},
+		{
+			"litigation without opponent_code is skipped silently",
+			[]projectChainRow{
+				{Type: "client", Reference: str("EXMPL")},
+				{Type: "litigation", OpponentCode: nil},
+				{Type: "patent", PatentNumber: str("EP3456789")},
+				{Type: "case", ProceedingCode: str("upc.inf.cfi")},
+			},
+			"EXMPL.789.INF.CFI",
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			got := assembleProjectCode(c.chain)
+			if got != c.want {
+				t.Errorf("assembleProjectCode() = %q, want %q", got, c.want)
+			}
+		})
+	}
+}
+
+// TestPatentLast3 pins the digit-extraction rule across the common
+// patent-number formats users type.
+func TestPatentLast3(t *testing.T) {
+	cases := []struct {
+		in, want string
+	}{
+		{"EP1234567", "567"},
+		{"EP 1 234 567", "567"},
+		{"EP3456789A1", "789"},
+		{"WO2020/123456A1", "456"},
+		{"DE12", "12"},
+		{"EP", ""},
+		{"", ""},
+		{"NoDigitsAtAll", ""},
+		{"1", "1"},
+		{"12", "12"},
+		{"123", "123"},
+		{"1234", "234"},
+	}
+	for _, c := range cases {
+		t.Run(c.in, func(t *testing.T) {
+			if got := patentLast3(c.in); got != c.want {
+				t.Errorf("patentLast3(%q) = %q, want %q", c.in, got, c.want)
+			}
+		})
+	}
+}
+
+// TestSanitizeClientShort pins the client-short slug rule (uppercase,
+// strip diacritics, drop non-alnum, cap 8).
+func TestSanitizeClientShort(t *testing.T) {
+	cases := []struct {
+		in, want string
+	}{
+		{"EXMPL", "EXMPL"},
+		{"Example Co.", "EXAMPLEC"},
+		{"Müller GmbH", "MULLERGM"},
+		{"  ACME  ", "ACME"},
+		{"", ""},
+		{"   ", ""},
+		{"Hogan Lovells International LLP", "HOGANLOV"},
+		{"A&B (Patents) Ltd.", "ABPATENT"},
+		{"Société Générale", "SOCIETEG"},
+	}
+	for _, c := range cases {
+		t.Run(c.in, func(t *testing.T) {
+			if got := sanitizeClientShort(c.in); got != c.want {
+				t.Errorf("sanitizeClientShort(%q) = %q, want %q", c.in, got, c.want)
+			}
+		})
+	}
+}
+
+// TestProceedingTail pins the jurisdiction-strip rule.
+func TestProceedingTail(t *testing.T) {
+	cases := []struct {
+		in, want string
+	}{
+		{"upc.inf.cfi", "INF.CFI"},
+		{"upc.rev.cfi", "REV.CFI"},
+		{"upc.pi.cfi", "PI.CFI"},
+		{"upc.apl.merits", "APL.MERITS"},
+		{"de.inf.lg", "INF.LG"},
+		{"de.inf.olg", "INF.OLG"},
+		{"single", ""},
+		{"", ""},
+		{"a.b", "B"},
+		{"  upc.inf.cfi  ", "INF.CFI"},
+	}
+	for _, c := range cases {
+		t.Run(c.in, func(t *testing.T) {
+			if got := proceedingTail(c.in); got != c.want {
+				t.Errorf("proceedingTail(%q) = %q, want %q", c.in, got, c.want)
+			}
+		})
+	}
+}
+
+// TestValidateOpponentCode pins the slug-validation rule + the
+// type='litigation' pairing. Empty string is the explicit clear
+// sentinel and always passes.
+func TestValidateOpponentCode(t *testing.T) {
+	cases := []struct {
+		name  string
+		code  string
+		ptype string
+		wantE bool
+	}{
+		{"empty clears, any type", "", "case", false},
+		{"empty clears, litigation", "", "litigation", false},
+		{"valid slug on litigation", "OPNT", "litigation", false},
+		{"valid slug with digits on litigation", "OPNT-2026", "litigation", false},
+		{"valid slug projectType empty (Update path)", "OPNT", "", false},
+		{"lowercase rejected", "opnt", "litigation", true},
+		{"underscore rejected", "OPNT_1", "litigation", true},
+		{"too long rejected", "OPNT-AND-A-VERY-LONG-NAME", "litigation", true},
+		{"non-litigation type rejected", "OPNT", "case", true},
+		{"non-litigation type rejected (patent)", "OPNT", "patent", true},
+	}
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			err := validateOpponentCode(c.code, c.ptype)
+			if (err != nil) != c.wantE {
+				t.Errorf("validateOpponentCode(%q, %q) error = %v, wantErr=%v",
+					c.code, c.ptype, err, c.wantE)
+			}
+		})
+	}
+}
+
+// TestValidateOurSideSubRoles pins the widened allowlist (mig 112).
+func TestValidateOurSideSubRoles(t *testing.T) {
+	valid := []string{
+		"", "claimant", "defendant", "applicant", "appellant",
+		"respondent", "third_party", "other",
+	}
+	invalid := []string{"court", "both", "unknown", "CLAIMANT", "Defendant"}
+
+	for _, v := range valid {
+		t.Run("valid_"+v, func(t *testing.T) {
+			if err := validateOurSide(v); err != nil {
+				t.Errorf("validateOurSide(%q) unexpected error: %v", v, err)
+			}
+		})
+	}
+	for _, v := range invalid {
+		t.Run("invalid_"+v, func(t *testing.T) {
+			if err := validateOurSide(v); err == nil {
+				t.Errorf("validateOurSide(%q) expected error, got nil", v)
+			}
+		})
+	}
+}

internal/services/project_service.go

@@ -23,6 +23,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"regexp"
 	"slices"
 	"strings"
 	"time"
@@ -44,6 +45,12 @@ var (
 	ErrForbidden = errors.New("forbidden")
 	// ErrInvalidInput signals a bad request (empty required field etc.).
 	ErrInvalidInput = errors.New("invalid input")
+	// ErrLastProjectAdmin guards demoting / removing the last remaining
+	// effective_project_admin from a project + its ancestor chain. t-paliad-223
+	// invariant: every project should keep at least one admin somewhere in
+	// its ancestor chain so a non-global-admin can still manage the team.
+	// Handlers map to 409 Conflict.
+	ErrLastProjectAdmin = errors.New("cannot remove last project admin from project + ancestors")
 	// ErrInvalidProceedingTypeCategory signals that the caller supplied
 	// a proceeding_type_id pointing at a non-fristenrechner-category row.
 	// Phase 3 Slice 5 soft-merge (t-paliad-186, design §3.F): only
@@ -54,12 +61,16 @@ var (
 )
 
 // ProjectType values enumerated on the projects.type CHECK constraint.
+// 'other' (mig 110, m/paliad#51) is the explicit "unclassified" bucket —
+// previously this appeared as a synthetic "Empty" option in the type
+// filter; the chip now offers it as a real selectable type.
 const (
 	ProjectTypeClient     = "client"
 	ProjectTypeLitigation = "litigation"
 	ProjectTypePatent     = "patent"
 	ProjectTypeCase       = "case"
 	ProjectTypeProject    = "project"
+	ProjectTypeOther      = "other"
 )
 
 // Legacy ProjectRole values that used to live on paliad.project_teams.role.
@@ -104,7 +115,7 @@ func (s *ProjectService) DB() *sqlx.DB { return s.db }
 const projectColumns = `id, type, parent_id, path, title, reference, description, status,
 	created_by, industry, country, billing_reference, client_number, matter_number,
 	netdocuments_url, patent_number, filing_date, grant_date, court, case_number,
-	proceeding_type_id, our_side, counterclaim_of, instance_level, metadata, ai_summary,
+	proceeding_type_id, our_side, opponent_code, counterclaim_of, instance_level, metadata, ai_summary,
 	created_at, updated_at`
 
 // CreateProjectInput is the payload for Create.
@@ -130,6 +141,12 @@ type CreateProjectInput struct {
 	CaseNumber       *string    `json:"case_number,omitempty"`
 	ProceedingTypeID *int       `json:"proceeding_type_id,omitempty"`
 	OurSide          *string    `json:"our_side,omitempty"`
+	// OpponentCode is the litigation-only short slug used as the middle
+	// segment when BuildProjectCode assembles a project code from the
+	// ancestor tree (t-paliad-222 / m/paliad#50). Empty / nil → segment
+	// skipped. Only meaningful on type='litigation' rows; the form
+	// hides the field elsewhere and the DB CHECK rejects it.
+	OpponentCode *string `json:"opponent_code,omitempty"`
 	// InstanceLevel is the procedural instance the project sits at:
 	// 'first' (default once the picker UI lands) | 'appeal' | 'cassation'.
 	// NULL = unset. Phase 3 Slice 8 (t-paliad-189, design §7) — the
@@ -169,6 +186,10 @@ type UpdateProjectInput struct {
 	CaseNumber       *string    `json:"case_number,omitempty"`
 	ProceedingTypeID *int       `json:"proceeding_type_id,omitempty"`
 	OurSide          *string    `json:"our_side,omitempty"`
+	// OpponentCode — see CreateProjectInput.OpponentCode. UPDATE path:
+	// pointer to "" clears the column (NULL); pointer to a non-empty
+	// slug sets it.
+	OpponentCode *string `json:"opponent_code,omitempty"`
 	// InstanceLevel — see CreateProjectInput.InstanceLevel. UPDATE
 	// path: caller passes a pointer to the new value to swap; pass
 	// a pointer to "" to clear (NULL the column).
@@ -239,6 +260,9 @@ func (s *ProjectService) List(ctx context.Context, userID uuid.UUID, f ProjectFi
 	if err := stmt.SelectContext(ctx, &rows, args); err != nil {
 		return nil, fmt.Errorf("list projects: %w", err)
 	}
+	if err := PopulateProjectCodes(ctx, s.db, rows); err != nil {
+		return nil, err
+	}
 	return rows, nil
 }
 
@@ -277,6 +301,11 @@ func (s *ProjectService) GetByID(ctx context.Context, userID, id uuid.UUID) (*mo
 	if err != nil {
 		return nil, fmt.Errorf("get project: %w", err)
 	}
+	code, err := BuildProjectCode(ctx, s.db, p.ID)
+	if err != nil {
+		return nil, err
+	}
+	p.Code = code
 	return &p, nil
 }
 
@@ -337,6 +366,9 @@ func (s *ProjectService) ListAncestors(ctx context.Context, userID, id uuid.UUID
 		order[id] = i
 	}
 	sortByOrder(rows, order)
+	if err := PopulateProjectCodes(ctx, s.db, rows); err != nil {
+		return nil, err
+	}
 	return rows, nil
 }
 
@@ -458,6 +490,9 @@ func (s *ProjectService) BuildTreeWithOptions(ctx context.Context, userID uuid.U
 	if err := s.db.SelectContext(ctx, &rows, query, userID); err != nil {
 		return nil, fmt.Errorf("build tree list: %w", err)
 	}
+	if err := PopulateProjectCodes(ctx, s.db, rows); err != nil {
+		return nil, err
+	}
 
 	// Step 2 — per-node deadline counts (always; cheap one-shot query).
 	type deadlineCount struct {
@@ -804,6 +839,9 @@ func (s *ProjectService) GetTree(ctx context.Context, userID, id uuid.UUID) ([]m
 	if err := s.db.SelectContext(ctx, &rows, query, root.Path, prefix, userID); err != nil {
 		return nil, fmt.Errorf("get tree: %w", err)
 	}
+	if err := PopulateProjectCodes(ctx, s.db, rows); err != nil {
+		return nil, err
+	}
 	return rows, nil
 }
 
@@ -863,6 +901,11 @@ func (s *ProjectService) Create(ctx context.Context, userID uuid.UUID, input Cre
 			return nil, err
 		}
 	}
+	if input.OpponentCode != nil {
+		if err := validateOpponentCode(*input.OpponentCode, input.Type); err != nil {
+			return nil, err
+		}
+	}
 	if input.InstanceLevel != nil {
 		if err := validateInstanceLevel(*input.InstanceLevel); err != nil {
 			return nil, err
@@ -873,10 +916,10 @@ func (s *ProjectService) Create(ctx context.Context, userID uuid.UUID, input Cre
 		    (id, type, parent_id, path, title, reference, description, status,
 		     created_by, industry, country, billing_reference, client_number,
 		     matter_number, netdocuments_url, patent_number, filing_date, grant_date,
-		     court, case_number, proceeding_type_id, our_side, counterclaim_of,
-		     instance_level, metadata, created_at, updated_at)
+		     court, case_number, proceeding_type_id, our_side, opponent_code,
+		     counterclaim_of, instance_level, metadata, created_at, updated_at)
 		 VALUES ($1, $2, $3, '', $4, $5, $6, $7, $8, $9, $10, $11, $12, $13,
-		         $14, $15, $16, $17, $18, $19, $20, $21, $22, $23, '{}'::jsonb, $24, $24)`,
+		         $14, $15, $16, $17, $18, $19, $20, $21, $22, $23, $24, '{}'::jsonb, $25, $25)`,
 		id, input.Type, input.ParentID,
 		input.Title, input.Reference, input.Description, status,
 		userID,
@@ -885,6 +928,7 @@ func (s *ProjectService) Create(ctx context.Context, userID uuid.UUID, input Cre
 		input.PatentNumber, input.FilingDate, input.GrantDate,
 		input.Court, input.CaseNumber, input.ProceedingTypeID,
 		nullableOurSide(input.OurSide),
+		nullableOpponentCode(input.OpponentCode),
 		input.CounterclaimOf,
 		nullableInstanceLevel(input.InstanceLevel),
 		now,
@@ -1029,6 +1073,12 @@ func (s *ProjectService) Update(ctx context.Context, userID, id uuid.UUID, input
 		}
 		appendSet("our_side", nullableOurSide(input.OurSide))
 	}
+	if input.OpponentCode != nil {
+		if err := validateOpponentCode(*input.OpponentCode, current.Type); err != nil {
+			return nil, err
+		}
+		appendSet("opponent_code", nullableOpponentCode(input.OpponentCode))
+	}
 	if input.InstanceLevel != nil {
 		if err := validateInstanceLevel(*input.InstanceLevel); err != nil {
 			return nil, err
@@ -1213,6 +1263,9 @@ func (s *ProjectService) LoadCounterclaimChildrenVisible(ctx context.Context, us
 	if err := s.db.SelectContext(ctx, &rows, query, parentID, userID); err != nil {
 		return nil, fmt.Errorf("load counterclaim children: %w", err)
 	}
+	if err := PopulateProjectCodes(ctx, s.db, rows); err != nil {
+		return nil, err
+	}
 	return rows, nil
 }
 
@@ -1372,9 +1425,21 @@ func insertCounterclaimEvent(ctx context.Context, tx *sqlx.Tx, projectID, userID
 // derivedCounterclaimOurSide computes the child's our_side from the
 // parent's our_side and the opts.FlipOurSide override.
 //
-// Default (override nil OR override=true):  claimant ↔ defendant, court
-// and both pass through unchanged. NULL parent yields NULL child — the
-// flip is meaningless without a known starting side.
+// Default (override nil OR override=true): flip across the active /
+// reactive axis using the t-paliad-222 sub-role table —
+//
+//   claimant   ↔ defendant
+//   applicant  ↔ respondent
+//   appellant  → respondent   (the CCR-against-appellant is the
+//                              defending position; appellant has no
+//                              symmetric counter-role in the new set)
+//
+// Third Party / Other (third_party, other) and NULL pass through
+// unchanged — the flip is meaningless without a clear active / reactive
+// posture. Legacy 'court' / 'both' no longer exist in the column
+// (mig 112) so they have no case arm; if a stale value sneaks in via a
+// pre-migration in-memory row it falls through to the default branch
+// and passes through unchanged, preserving previous behaviour.
 //
 // Override=false: keep parent's side as-is. R.49.2.b CCI is the named
 // edge case where the CCR sub-project shares the parent's perspective.
@@ -1395,6 +1460,12 @@ func derivedCounterclaimOurSide(parentSide *string, override *bool) string {
 		return "defendant"
 	case "defendant":
 		return "claimant"
+	case "applicant":
+		return "respondent"
+	case "respondent":
+		return "applicant"
+	case "appellant":
+		return "respondent"
 	default:
 		return side
 	}
@@ -1890,7 +1961,7 @@ func typeSpecificColumns(t string) []string {
 func isValidProjectType(t string) bool {
 	switch t {
 	case ProjectTypeClient, ProjectTypeLitigation, ProjectTypePatent,
-		ProjectTypeCase, ProjectTypeProject:
+		ProjectTypeCase, ProjectTypeProject, ProjectTypeOther:
 		return true
 	}
 	return false
@@ -1904,15 +1975,29 @@ func validateProjectStatus(s string) error {
 	return fmt.Errorf("%w: invalid status %q", ErrInvalidInput, s)
 }
 
-// validateOurSide checks the project-level "represented side" enum
-// (t-paliad-164). Empty string is the explicit "clear" sentinel —
-// callers pass the value as-is from the form payload, and the helper
-// accepts it so an Update can null the column. The DB-level CHECK
-// constraint enforces the same set; this validation gives a clearer
-// error than relying on the constraint to fire.
+// validateOurSide checks the project-level "Client Role" enum
+// (t-paliad-164, widened in t-paliad-222 / m/paliad#47). Empty string
+// is the explicit "clear" sentinel — callers pass the value as-is
+// from the form payload, and the helper accepts it so an Update can
+// null the column. The DB-level CHECK constraint (mig 112) enforces
+// the same set; this validation gives a clearer error than relying
+// on the constraint to fire.
+//
+// Allowed sub-roles, grouped at display time:
+//   Active (we initiate)  : claimant, applicant, appellant
+//   Reactive (we defend)  : defendant, respondent
+//   Third Party / Other   : third_party, other
+//
+// Legacy 'court' / 'both' are no longer accepted (mig 112 backfills
+// existing rows to NULL); callers that still send them get a clear
+// validation error rather than a constraint violation.
 func validateOurSide(s string) error {
 	switch strings.TrimSpace(s) {
-	case "", "claimant", "defendant", "court", "both":
+	case "",
+		"claimant", "defendant",
+		"applicant", "appellant",
+		"respondent",
+		"third_party", "other":
 		return nil
 	}
 	return fmt.Errorf("%w: invalid our_side %q", ErrInvalidInput, s)
@@ -1963,6 +2048,49 @@ func nullableOurSide(p *string) any {
 	return v
 }
 
+// opponentCodePattern matches the slug shape enforced by the
+// projects_opponent_code_check constraint (mig 113): uppercase letters,
+// digits, dashes, 1-16 chars. The DB CHECK is the source of truth; this
+// helper surfaces a friendlier ErrInvalidInput error before the write.
+var opponentCodePattern = regexp.MustCompile(`^[A-Z0-9-]{1,16}$`)
+
+// validateOpponentCode checks the litigation-only opponent_code slug
+// (t-paliad-222 / m/paliad#50). Empty string clears the column; a
+// non-empty value must match opponentCodePattern AND the row must be
+// type='litigation' (the DB CHECK enforces this pairing).
+//
+// projectType may be empty when the caller is doing a partial Update
+// against the current row's type — in that case we skip the type gate
+// (the Update layer passes current.Type instead, which always has it).
+func validateOpponentCode(s, projectType string) error {
+	v := strings.TrimSpace(s)
+	if v == "" {
+		return nil
+	}
+	if projectType != "" && projectType != "litigation" {
+		return fmt.Errorf("%w: opponent_code only valid on type=litigation (got %q)",
+			ErrInvalidInput, projectType)
+	}
+	if !opponentCodePattern.MatchString(v) {
+		return fmt.Errorf("%w: invalid opponent_code %q (allowed: %s)",
+			ErrInvalidInput, s, "[A-Z0-9-]{1,16}")
+	}
+	return nil
+}
+
+// nullableOpponentCode mirrors nullableOurSide for opponent_code: nil
+// or empty/whitespace → SQL NULL; otherwise the trimmed slug.
+func nullableOpponentCode(p *string) any {
+	if p == nil {
+		return nil
+	}
+	v := strings.TrimSpace(*p)
+	if v == "" {
+		return nil
+	}
+	return v
+}
+
 func sortByOrder(xs []models.Project, order map[uuid.UUID]int) {
 	// Insertion sort — ancestor lists are short (<20).
 	for i := 1; i < len(xs); i++ {

internal/services/projection_service_unit_test.go

@@ -317,8 +317,10 @@ func TestChildTypeForAxis(t *testing.T) {
 }
 
 // TestDerivedCounterclaimOurSide pins the our_side flip semantics
-// (t-paliad-174 §11 Q2):
-//   - Default (override nil): claimant ↔ defendant; court / both pass through.
+// (t-paliad-174 §11 Q2, widened in t-paliad-222 / m/paliad#47):
+//   - Default (override nil): flip across the active / reactive axis —
+//     claimant ↔ defendant, applicant ↔ respondent, appellant →
+//     respondent. third_party / other / NULL pass through.
 //   - Override true: same default-flip semantics.
 //   - Override false (R.49.2.b CCI edge case): keep parent's side.
 //   - NULL parent_side yields empty string (no flip without a starting side).
@@ -337,11 +339,15 @@ func TestDerivedCounterclaimOurSide(t *testing.T) {
 		{"nil parent + override → empty", nil, &tru, ""},
 		{"claimant → defendant (default)", str("claimant"), nil, "defendant"},
 		{"defendant → claimant (default)", str("defendant"), nil, "claimant"},
-		{"court passes through", str("court"), nil, "court"},
-		{"both passes through", str("both"), nil, "both"},
+		{"applicant → respondent (default)", str("applicant"), nil, "respondent"},
+		{"respondent → applicant (default)", str("respondent"), nil, "applicant"},
+		{"appellant → respondent (default)", str("appellant"), nil, "respondent"},
+		{"third_party passes through", str("third_party"), nil, "third_party"},
+		{"other passes through", str("other"), nil, "other"},
 		{"explicit flip=true", str("claimant"), &tru, "defendant"},
 		{"explicit flip=false keeps parent's side", str("claimant"), &fal, "claimant"},
 		{"flip=false on defendant keeps defendant", str("defendant"), &fal, "defendant"},
+		{"flip=false on applicant keeps applicant", str("applicant"), &fal, "applicant"},
 	}
 	for _, c := range cases {
 		t.Run(c.name, func(t *testing.T) {

internal/services/submission_render_test.go

@@ -273,15 +273,24 @@ func TestLegalSourcePretty(t *testing.T) {
 }
 
 // TestOurSideTranslations pins the our_side enum → DE/EN prose
-// mapping used by addProjectVars.
+// mapping used by addProjectVars. Post t-paliad-222: seven sub-role
+// values + the gender-neutral "-Seite" / "-Partei" suffix shape on
+// DE. Legacy 'court' / 'both' yield "" (the column no longer accepts
+// them after mig 112, but the function defensively handles stale
+// in-memory values from older callers).
 func TestOurSideTranslations(t *testing.T) {
 	cases := []struct {
 		in, wantDE, wantEN string
 	}{
-		{"claimant", "Klägerin", "Claimant"},
-		{"defendant", "Beklagte", "Defendant"},
-		{"court", "Gericht", "Court"},
-		{"both", "Klägerin und Beklagte", "Claimant and Defendant"},
+		{"claimant", "Klägerseite", "Claimant"},
+		{"defendant", "Beklagtenseite", "Defendant"},
+		{"applicant", "Antragstellerseite", "Applicant"},
+		{"appellant", "Berufungsklägerseite", "Appellant"},
+		{"respondent", "Antragsgegnerseite", "Respondent"},
+		{"third_party", "Drittpartei", "Third Party"},
+		{"other", "sonstige Verfahrensbeteiligte", "other party"},
+		{"court", "", ""},
+		{"both", "", ""},
 		{"", "", ""},
 		{"unknown", "", ""},
 	}

internal/services/submission_vars.go

@@ -262,6 +262,11 @@ func addUserVars(bag PlaceholderMap, u *models.User) {
 func addProjectVars(bag PlaceholderMap, p *models.Project, pt *models.ProceedingType, lang string) {
 	bag["project.title"] = p.Title
 	bag["project.reference"] = derefString(p.Reference)
+	// project.code is the auto-derived (or override) dotted project
+	// code computed by services.BuildProjectCode. Populated upstream
+	// by the service projection; templates that want the explicit
+	// override should read project.reference instead.
+	bag["project.code"] = p.Code
 	bag["project.case_number"] = derefString(p.CaseNumber)
 	bag["project.court"] = derefString(p.Court)
 	bag["project.patent_number"] = derefString(p.PatentNumber)
@@ -388,16 +393,29 @@ func formatDatePtr(t *time.Time, layout string) string {
 }
 
 // ourSideDE returns the German legal-prose form of an our_side value.
+//
+// t-paliad-222: unified on the gender-neutral "-Seite" / "-Partei"
+// suffix shape to match the form labels and to avoid implying the
+// firm represents a single (female) natural person — a B2B patent
+// practice almost always represents companies. The seven sub-roles
+// map onto the post-mig-110 schema; legacy 'court' / 'both' no
+// longer exist in the column.
 func ourSideDE(side string) string {
 	switch strings.ToLower(side) {
 	case "claimant":
-		return "Klägerin"
+		return "Klägerseite"
 	case "defendant":
-		return "Beklagte"
-	case "court":
-		return "Gericht"
-	case "both":
-		return "Klägerin und Beklagte"
+		return "Beklagtenseite"
+	case "applicant":
+		return "Antragstellerseite"
+	case "appellant":
+		return "Berufungsklägerseite"
+	case "respondent":
+		return "Antragsgegnerseite"
+	case "third_party":
+		return "Drittpartei"
+	case "other":
+		return "sonstige Verfahrensbeteiligte"
 	}
 	return ""
 }
@@ -409,10 +427,16 @@ func ourSideEN(side string) string {
 		return "Claimant"
 	case "defendant":
 		return "Defendant"
-	case "court":
-		return "Court"
-	case "both":
-		return "Claimant and Defendant"
+	case "applicant":
+		return "Applicant"
+	case "appellant":
+		return "Appellant"
+	case "respondent":
+		return "Respondent"
+	case "third_party":
+		return "Third Party"
+	case "other":
+		return "other party"
 	}
 	return ""
 }

internal/services/team_service.go

@@ -13,6 +13,7 @@ package services
 import (
 	"context"
 	"database/sql"
+	"errors"
 	"fmt"
 	"strings"
 
@@ -80,9 +81,13 @@ func (s *TeamService) AddMember(ctx context.Context, callerID, projectID, userID
 // column. external → 'local_counsel' is intentionally narrower than the
 // new enum (loses the expert distinction); we accept that for the short
 // transition window.
+//
+// ResponsibilityAdmin (t-paliad-223) maps to legacy 'lead' — the closest
+// legacy match. The legacy column is dead either way; the mapping is
+// purely cosmetic until the column is dropped.
 func legacyRoleFromResponsibility(r string) string {
 	switch r {
-	case ResponsibilityLead:
+	case ResponsibilityAdmin, ResponsibilityLead:
 		return "lead"
 	case ResponsibilityObserver:
 		return "observer"
@@ -99,11 +104,43 @@ func legacyRoleFromResponsibility(r string) string {
 // RemoveMember deletes a direct team membership. Inherited memberships (from
 // ancestors) can't be removed at the child level — the caller must remove
 // the ancestor row to break the inheritance.
+//
+// t-paliad-223 last-admin guard: if the row being removed carries
+// responsibility='admin', refuse when it would leave the project + its
+// ancestor chain with zero admins. Wrapped in a tx so the count + delete
+// are atomic; ErrLastProjectAdmin bubbles up unchanged for the handler
+// to map to 409.
 func (s *TeamService) RemoveMember(ctx context.Context, callerID, projectID, userID uuid.UUID) error {
 	if _, err := s.projects.GetByID(ctx, callerID, projectID); err != nil {
 		return err
 	}
-	res, err := s.db.ExecContext(ctx,
+
+	tx, err := s.db.BeginTxx(ctx, nil)
+	if err != nil {
+		return fmt.Errorf("begin tx: %w", err)
+	}
+	defer tx.Rollback()
+
+	// Look up the row first so we know whether to run the guard.
+	var existing models.ProjectTeamMember
+	if err := tx.GetContext(ctx, &existing,
+		`SELECT id, project_id, user_id, role, responsibility, inherited, added_by, created_at
+		   FROM paliad.project_teams
+		  WHERE project_id = $1 AND user_id = $2 AND inherited = false`,
+		projectID, userID); err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return sql.ErrNoRows
+		}
+		return fmt.Errorf("lookup team member: %w", err)
+	}
+
+	if existing.Responsibility == ResponsibilityAdmin {
+		if err := assertProjectKeepsAdmin(ctx, tx, projectID, userID); err != nil {
+			return err
+		}
+	}
+
+	res, err := tx.ExecContext(ctx,
 		`DELETE FROM paliad.project_teams
 		  WHERE project_id = $1 AND user_id = $2 AND inherited = false`,
 		projectID, userID)
@@ -113,6 +150,104 @@ func (s *TeamService) RemoveMember(ctx context.Context, callerID, projectID, use
 	if rows, _ := res.RowsAffected(); rows == 0 {
 		return sql.ErrNoRows
 	}
+	if err := tx.Commit(); err != nil {
+		return fmt.Errorf("commit remove team member: %w", err)
+	}
+	return nil
+}
+
+// ChangeResponsibility updates a direct team member's responsibility.
+// RLS enforces the authorisation (only effective_project_admin can pass
+// the project_teams_update WITH CHECK); this method handles validation
+// + the last-admin guard when the change is AWAY from admin.
+//
+// Inherited rows can't be edited here — the caller must change the
+// ancestor row. Trying to update an inherited row returns sql.ErrNoRows.
+func (s *TeamService) ChangeResponsibility(ctx context.Context, callerID, projectID, userID uuid.UUID, newResponsibility string) (*models.ProjectTeamMember, error) {
+	if !IsValidResponsibility(newResponsibility) {
+		return nil, fmt.Errorf("%w: invalid responsibility %q", ErrInvalidInput, newResponsibility)
+	}
+	if _, err := s.projects.GetByID(ctx, callerID, projectID); err != nil {
+		return nil, err
+	}
+
+	tx, err := s.db.BeginTxx(ctx, nil)
+	if err != nil {
+		return nil, fmt.Errorf("begin tx: %w", err)
+	}
+	defer tx.Rollback()
+
+	// Read current row so we know whether the guard needs to fire and so
+	// we can short-circuit no-op writes.
+	var current models.ProjectTeamMember
+	if err := tx.GetContext(ctx, &current,
+		`SELECT id, project_id, user_id, role, responsibility, inherited, added_by, created_at
+		   FROM paliad.project_teams
+		  WHERE project_id = $1 AND user_id = $2 AND inherited = false`,
+		projectID, userID); err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, sql.ErrNoRows
+		}
+		return nil, fmt.Errorf("lookup team member: %w", err)
+	}
+	if current.Responsibility == newResponsibility {
+		// No-op; commit the empty tx so caller still gets a typed result.
+		_ = tx.Commit()
+		return &current, nil
+	}
+
+	if current.Responsibility == ResponsibilityAdmin && newResponsibility != ResponsibilityAdmin {
+		if err := assertProjectKeepsAdmin(ctx, tx, projectID, userID); err != nil {
+			return nil, err
+		}
+	}
+
+	legacyRole := legacyRoleFromResponsibility(newResponsibility)
+
+	var updated models.ProjectTeamMember
+	if err := tx.GetContext(ctx, &updated,
+		`UPDATE paliad.project_teams
+		    SET responsibility = $3, role = $4
+		  WHERE project_id = $1 AND user_id = $2 AND inherited = false
+		RETURNING id, project_id, user_id, role, responsibility, inherited, added_by, created_at`,
+		projectID, userID, newResponsibility, legacyRole); err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, sql.ErrNoRows
+		}
+		return nil, fmt.Errorf("change responsibility: %w", err)
+	}
+	if err := tx.Commit(); err != nil {
+		return nil, fmt.Errorf("commit change responsibility: %w", err)
+	}
+	return &updated, nil
+}
+
+// assertProjectKeepsAdmin returns ErrLastProjectAdmin iff removing the
+// (projectID, excludeUserID) admin row would leave the project's ancestor
+// chain (project + every ancestor up to the root) with zero admins.
+//
+// Counts admin rows on every row in the ancestor chain, excluding the row
+// being changed. Uses the same ltree path-walk as paliad.can_see_project.
+//
+// This is a service-layer guard; we don't put it in an RLS WITH CHECK
+// because the count happens post-mutation in a typical WITH CHECK, and
+// the natural place to express it is here where we already hold the tx.
+func assertProjectKeepsAdmin(ctx context.Context, tx *sqlx.Tx, projectID, excludeUserID uuid.UUID) error {
+	var remaining int
+	if err := tx.GetContext(ctx, &remaining, `
+		SELECT count(*)
+		  FROM paliad.projects p
+		  JOIN paliad.project_teams pt
+		    ON pt.project_id = ANY(string_to_array(p.path, '.')::uuid[])
+		   AND pt.responsibility = 'admin'
+		 WHERE p.id = $1
+		   AND NOT (pt.project_id = $1 AND pt.user_id = $2)
+	`, projectID, excludeUserID); err != nil {
+		return fmt.Errorf("count remaining admins: %w", err)
+	}
+	if remaining == 0 {
+		return ErrLastProjectAdmin
+	}
 	return nil
 }
 
@@ -259,6 +394,27 @@ func (s *TeamService) ListMembershipsIndex(ctx context.Context, callerID uuid.UU
 	return out, nil
 }
 
+// IsEffectiveProjectAdmin reports whether the user is global_admin OR has
+// responsibility='admin' on the project itself or any ancestor in the
+// materialised ltree path.
+//
+// Delegates to paliad.effective_project_admin SQL (t-paliad-223 mig 111).
+// The function is STABLE SECURITY DEFINER so it sees rows regardless of
+// the caller's RLS context — the boolean answer doesn't leak data.
+//
+// Used by the project-detail handler to drive the inline-select affordance
+// in the team panel: only effective_project_admins see the editable
+// <select>; everyone else sees a read-only <span>.
+func (s *TeamService) IsEffectiveProjectAdmin(ctx context.Context, userID, projectID uuid.UUID) (bool, error) {
+	var b bool
+	if err := s.db.GetContext(ctx, &b,
+		`SELECT paliad.effective_project_admin($1, $2)`,
+		userID, projectID); err != nil {
+		return false, fmt.Errorf("effective_project_admin: %w", err)
+	}
+	return b, nil
+}
+
 // ---------------------------------------------------------------------------
 
 // pathToIDStrings splits a materialised path into its UUID labels as strings,

internal/services/widget_catalog.go

@@ -0,0 +1,219 @@
+package services
+
+// Widget catalog for the configurable dashboard (t-paliad-219).
+//
+// Design: docs/design-dashboard-configurable-2026-05-20.md §4 (catalog) and
+// §18 Note B (settings schema).
+//
+// The catalog is the source of truth for which widgets a user can pick.
+// Adding a new widget = add a WidgetKey const + append a WidgetDef in
+// WidgetCatalog. Frontend has its own mirror in
+// frontend/src/client/widgets/registry.ts; the two must stay in sync.
+//
+// Versioning rule (design §10): unknown keys in a user's saved layout are
+// dropped silently at read time; write paths validate against the catalog.
+
+import (
+	"encoding/json"
+	"fmt"
+	"slices"
+)
+
+// WidgetKey is the catalog identifier for a single widget.
+type WidgetKey string
+
+const (
+	WidgetDeadlineSummary       WidgetKey = "deadline-summary"
+	WidgetMatterSummary         WidgetKey = "matter-summary"
+	WidgetUpcomingDeadlines     WidgetKey = "upcoming-deadlines"
+	WidgetUpcomingAppointments  WidgetKey = "upcoming-appointments"
+	WidgetInlineAgenda          WidgetKey = "inline-agenda"
+	WidgetRecentActivity        WidgetKey = "recent-activity"
+	WidgetInboxApprovals        WidgetKey = "inbox-approvals"
+	WidgetPinnedProjects        WidgetKey = "pinned-projects"
+)
+
+// KnownWidgetKeys is the canonical order used when seeding the factory
+// default layout. New entries land at the bottom by default.
+var KnownWidgetKeys = []WidgetKey{
+	WidgetDeadlineSummary,
+	WidgetMatterSummary,
+	WidgetUpcomingDeadlines,
+	WidgetUpcomingAppointments,
+	WidgetInlineAgenda,
+	WidgetRecentActivity,
+	WidgetInboxApprovals,
+	// WidgetPinnedProjects ships in Slice C (catalog expansion) — not in
+	// the Slice A1 baseline. Keep the const above for forward-compat;
+	// omit from KnownWidgetKeys until the widget module lands.
+}
+
+// WidgetSettingsSchema declares which knobs a widget exposes. nil = no
+// per-widget settings (the gear icon is hidden in edit mode).
+type WidgetSettingsSchema struct {
+	// CountOptions lists permitted "count" values. Empty = no count knob.
+	CountOptions []int
+	// HorizonOptions lists permitted "horizon_days" values. Empty = no
+	// horizon knob.
+	HorizonOptions []int
+	// CountAllowsAll is true when "all" is a legal value for count
+	// (rendered as the literal -1 in the JSON). pinned-projects uses this.
+	CountAllowsAll bool
+}
+
+// Validate enforces the schema against a raw settings blob. nil schema
+// rejects any non-empty settings; empty settings always pass.
+func (sch *WidgetSettingsSchema) Validate(raw json.RawMessage) error {
+	if len(raw) == 0 || string(raw) == "null" {
+		return nil
+	}
+	if sch == nil {
+		return fmt.Errorf("%w: widget has no settings; got %s", ErrInvalidInput, string(raw))
+	}
+
+	var parsed struct {
+		Count       *int `json:"count,omitempty"`
+		HorizonDays *int `json:"horizon_days,omitempty"`
+	}
+	if err := json.Unmarshal(raw, &parsed); err != nil {
+		return fmt.Errorf("%w: widget settings decode: %v", ErrInvalidInput, err)
+	}
+
+	if parsed.Count != nil {
+		if len(sch.CountOptions) == 0 {
+			return fmt.Errorf("%w: widget has no count knob", ErrInvalidInput)
+		}
+		if !(sch.CountAllowsAll && *parsed.Count == -1) && !slices.Contains(sch.CountOptions, *parsed.Count) {
+			return fmt.Errorf("%w: count %d not in %v", ErrInvalidInput, *parsed.Count, sch.CountOptions)
+		}
+	}
+	if parsed.HorizonDays != nil {
+		if len(sch.HorizonOptions) == 0 {
+			return fmt.Errorf("%w: widget has no horizon knob", ErrInvalidInput)
+		}
+		if !slices.Contains(sch.HorizonOptions, *parsed.HorizonDays) {
+			return fmt.Errorf("%w: horizon_days %d not in %v", ErrInvalidInput, *parsed.HorizonDays, sch.HorizonOptions)
+		}
+	}
+	return nil
+}
+
+// WidgetDef is one entry in the catalog. Title/description fields are the
+// translation-key seeds; frontend resolves them via the i18n registry.
+type WidgetDef struct {
+	Key            WidgetKey            `json:"key"`
+	TitleDE        string               `json:"title_de"`
+	TitleEN        string               `json:"title_en"`
+	DescriptionDE  string               `json:"description_de"`
+	DescriptionEN  string               `json:"description_en"`
+	DefaultVisible bool                 `json:"default_visible"`
+	DefaultCount   *int                 `json:"default_count,omitempty"`
+	DefaultHorizon *int                 `json:"default_horizon_days,omitempty"`
+	Settings       *WidgetSettingsSchema `json:"settings,omitempty"`
+}
+
+// WidgetCatalog returns the v1 catalog. Returned by value (small struct
+// slice) so callers can freely append i18n overrides for the wire format.
+func WidgetCatalog() []WidgetDef {
+	listCounts := []int{1, 3, 5, 10, 20}
+	listHorizon := []int{7, 14, 30, 60}
+	inboxCounts := []int{1, 3, 5, 10}
+	agendaHorizon := []int{14, 30, 60}
+
+	tenDefault := 10
+	threeDefault := 3
+	thirtyDefault := 30
+
+	return []WidgetDef{
+		{
+			Key:            WidgetDeadlineSummary,
+			TitleDE:        "Fristen auf einen Blick",
+			TitleEN:        "Deadlines at a glance",
+			DescriptionDE:  "Ampel-Karten für überfällige, heutige und kommende Fristen.",
+			DescriptionEN:  "Traffic-light cards for overdue, today, and upcoming deadlines.",
+			DefaultVisible: true,
+		},
+		{
+			Key:            WidgetMatterSummary,
+			TitleDE:        "Meine Akten",
+			TitleEN:        "My Matters",
+			DescriptionDE:  "Aktiv-, archiviert- und Gesamtzahl deiner sichtbaren Akten.",
+			DescriptionEN:  "Active, archived and total counts of your visible matters.",
+			DefaultVisible: true,
+		},
+		{
+			Key:            WidgetUpcomingDeadlines,
+			TitleDE:        "Kommende Fristen",
+			TitleEN:        "Upcoming deadlines",
+			DescriptionDE:  "Liste der nächsten Fristen — Anzahl und Zeitraum konfigurierbar.",
+			DescriptionEN:  "List of upcoming deadlines — count and horizon configurable.",
+			DefaultVisible: true,
+			DefaultCount:   &tenDefault,
+			DefaultHorizon: &thirtyDefault,
+			Settings: &WidgetSettingsSchema{
+				CountOptions:   listCounts,
+				HorizonOptions: listHorizon,
+			},
+		},
+		{
+			Key:            WidgetUpcomingAppointments,
+			TitleDE:        "Kommende Termine",
+			TitleEN:        "Upcoming appointments",
+			DescriptionDE:  "Liste der nächsten Termine — Anzahl und Zeitraum konfigurierbar.",
+			DescriptionEN:  "List of upcoming appointments — count and horizon configurable.",
+			DefaultVisible: true,
+			DefaultCount:   &tenDefault,
+			DefaultHorizon: &thirtyDefault,
+			Settings: &WidgetSettingsSchema{
+				CountOptions:   listCounts,
+				HorizonOptions: listHorizon,
+			},
+		},
+		{
+			Key:            WidgetInlineAgenda,
+			TitleDE:        "Agenda",
+			TitleEN:        "Agenda",
+			DescriptionDE:  "30-Tage-Agenda mit Fristen und Terminen kombiniert.",
+			DescriptionEN:  "30-day agenda combining deadlines and appointments.",
+			DefaultVisible: true,
+			DefaultHorizon: &thirtyDefault,
+			Settings: &WidgetSettingsSchema{
+				HorizonOptions: agendaHorizon,
+			},
+		},
+		{
+			Key:            WidgetRecentActivity,
+			TitleDE:        "Letzte Aktivität",
+			TitleEN:        "Recent activity",
+			DescriptionDE:  "Verlauf der letzten Ereignisse in deinen sichtbaren Akten.",
+			DescriptionEN:  "Recent events across your visible matters.",
+			DefaultVisible: true,
+			DefaultCount:   &tenDefault,
+			Settings: &WidgetSettingsSchema{
+				CountOptions: listCounts,
+			},
+		},
+		{
+			Key:            WidgetInboxApprovals,
+			TitleDE:        "Offene Freigaben",
+			TitleEN:        "Open approvals",
+			DescriptionDE:  "Deine offenen Freigaben mit Anzahl und einer kurzen Liste.",
+			DescriptionEN:  "Your open approval requests with count and a short list.",
+			DefaultVisible: true,
+			DefaultCount:   &threeDefault,
+			Settings: &WidgetSettingsSchema{
+				CountOptions: inboxCounts,
+			},
+		},
+	}
+}
+
+// LookupWidgetDef returns the catalog entry for a key, or false if unknown.
+func LookupWidgetDef(key WidgetKey) (WidgetDef, bool) {
+	for _, def := range WidgetCatalog() {
+		if def.Key == key {
+			return def, true
+		}
+	}
+	return WidgetDef{}, false
+}