claude-meta/memory/projects/ISMS-DB/MEMORY.md

# ISMS-DB Project Memory

## Feature-Session Workflow
- `zum Feature [topic]` / `Feature [topic]` / `wir arbeiten an [topic]` → immediately read `docs/feature-[topic].md` (case-insensitive), summarize, confirm context
- If not found: inform user, suggest creating it
- Session end `aktualisiere deine Feature-Beschreibung` → update the doc with decisions/findings
- Filename always: `docs/feature-[camelCase].md` (never without `feature-` prefix)
- See: [feedback_feature_session_workflow.md](feedback_feature_session_workflow.md)

## Skill Triggers
- "aktualisiere unser ISMS", "ISMS aktualisieren", "ISMS updaten" → ALWAYS invoke Skill `isms-update`
- This skill runs: Fetch-Data.ps1 → edit JSON → Upload-Data.ps1
- NEVER edit tenant data (Data/default/*.json) without running fetch first
- NEVER skip upload after editing

## Auth Stack
- Microsoft.Identity.Web 3.x (resolved 3.14.1)
- Use `AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme).AddMicrosoftIdentityWebApp(...)` — NOT `services.AddMicrosoftIdentityWebApp(...)` (IServiceCollection overload removed in 3.x)
- `using Microsoft.Identity.Web.UI;` required in Program.cs for `AddMicrosoftIdentityUI()`
- Use `PostConfigure<OpenIdConnectOptions>` to hook `OnTokenValidated` without clobbering MSIW's own handler

## SecurePageModel Pattern
- Inherits `PageModel`, uses `override` on `OnPageHandlerSelectionAsync` / `OnPageHandlerExecutionAsync`
- Do NOT declare `IAsyncPageFilter` explicitly — `PageModel` already has virtual methods
- Resolves `IUserService` + `TenantService` via `ctx.HttpContext.RequestServices`

## Audit Result Writing
- NEVER delegate JSON creation to a Task subagent — too slow (33 calls, 17 min)
- Build the JSON object in main context, then pipe to `append-audit-result.py`:
  `python3 append-audit-result.py src/IsmsApp/Data/default/ <<'JSONEOF' ... JSONEOF`
- Script validates: .lock, control exists, Id unique, Iteration unique
- For the JSON heredoc: use python3 inline to generate UUIDs + timestamps, then echo

## Dark Mode
- Project DOES use `data-bs-theme="dark"` — always add dark-mode overrides for 3rd-party CSS (Toast UI, diff2html, etc.)
- Pattern: `[data-bs-theme="dark"] .class { ... }` in `site.css`
- Use `var(--bs-body-bg)`, `var(--bs-body-color)`, `var(--bs-tertiary-bg)`, `var(--bs-border-color)`

## Razor Gotcha
- `RZ1031`: cannot put free-standing `@(expr)` in `<option>` attribute area
- Fix: use `@if (cond) { <option selected> } else { <option> }` pattern instead

## tenant_data_context.md
- **MUST be kept up-to-date** when adding/changing entities, enums, storage patterns, or inheritance behavior
- Located at repo root: `tenant_data_context.md`
- Audience: AI agents working on tenant JSON data locally (after Fetch-Data.ps1 download)
- Covers: entity schemas, enums, FK constraints, computed fields, agent rules, split storage, tenant inheritance
- When adding a new entity/enum/file: update File Map, Entity Schema, Enum Reference, Folder Structure sections

## viFlow HTML Import Pipeline
- Scripts: `parse_viflow.py` → `vorlage/parsed_processes.json` → `generate_workflows.py`
- Source: viFlow HTML export (e.g. `vorlage/chrka.html`, ~1.3MB)
- `parse_viflow.py`: regex-based, splits by "Unterprozess:" sections, extracts 5-column step tables (Nr|Input|Title+Details|Output|Swimlane)
- `generate_workflows.py`: creates Process entries, ProcessWorkflow+Actions, Resistec inherited items (English translations), idempotent (dedup by name)
- HTML structure: `<p class="titleheading">Unterprozess:</p>` → `<p class="titlebig">Name</p>`, Stammdaten table, step rows with `processnumber`/`subprocesstitle`/`swimlane`/`remarksdetails`
- Decision steps: name contains "?", need ≥2 transitions with labels (ja/nein)
- Run with `PYTHONIOENCODING=utf-8` on Windows (Slovenian chars etc.)
- Keep both scripts in repo root for re-use with future viFlow exports

## Workflow Split Storage
- Index: `process_workflows.json` (Actions=[], use ActionCount)
- Individual: `workflows/{id}.json` (full object with Actions)
- Auto-migration on first access if old single-file format detected
- Pages use `wf.ActionCount` not `wf.Actions.Count` when reading from index