Redesign doc service UX for scale + add group-based document sharing

- Three-column layout: Sidebar + SourcePanel (views + searchable category tree) + main
- DocumentSlideOver (480px right panel): inline editing, type picker, AI suggestion confirm/reject,
  categories combobox, tags editor, sharing section, raw text, re-analyse/delete actions
- ManageCategoriesDialog: inline rename, delete with confirm, search filter
- DocumentsPage rewrite: filter chip system, multi-file upload queue, drag-and-drop overlay,
  bulk actions bar (share/delete), smart TanStack Query polling, URL-driven view state
- Sidebar simplified: per-category NavLinks removed; Documents = single NavLink under Apps
- Backend: document_shares table (migration 0004), share CRUD endpoints, shared-with-me view,
  N+1-safe share_count via GROUP BY, recipient download access, X-User-Groups header enforcement
- Gateway proxy: injects X-User-Groups header into all document + category proxy requests
- Backend users: GET /api/users/me/groups endpoint for share picker combobox
- CLAUDE.md, STATUS.md files, and changelog updated

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/STATUS.md

@@ -27,6 +27,7 @@ JWT signing uses a 4096-bit RSA key pair (`RS256`). Keys are generated by `scrip
 | `GET` | `/api/users/me` | Current user info |
 | `GET` | `/api/users/me/preferences` | User's dashboard preferences (`app_ids` list) |
 | `PATCH` | `/api/users/me/preferences` | Update pinned app IDs (max 50; validated as safe slugs) |
+| `GET` | `/api/users/me/groups` | List groups the current user belongs to (for share picker) |
 
 ### Profile (`/api/profile`)
 

backend/app/routers/categories_proxy.py

@@ -9,8 +9,12 @@ import os
 import httpx
 from fastapi import APIRouter, Depends, HTTPException, Request
 from fastapi.responses import Response
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
 
+from app.database import get_db
 from app.deps import get_current_user
+from app.models.group import GroupMembership
 from app.models.user import User
 
 DOC_SERVICE_URL = os.environ.get("DOC_SERVICE_URL", "http://doc-service:8001")
@@ -35,13 +39,18 @@ _HOP_BY_HOP = frozenset([
 _STRIP_RESPONSE = frozenset([*_HOP_BY_HOP, "content-length", "content-type"])
 
 
-def _forward_headers(request: Request, user_id: str) -> dict:
+async def _forward_headers(request: Request, user_id: str, db: AsyncSession) -> dict:
     headers = {
         k: v
         for k, v in request.headers.items()
         if k.lower() not in _HOP_BY_HOP
     }
     headers["x-user-id"] = user_id
+    result = await db.execute(
+        select(GroupMembership.group_id).where(GroupMembership.user_id == user_id)
+    )
+    group_ids = [row[0] for row in result.all()]
+    headers["x-user-groups"] = ",".join(group_ids)
     return headers
 
 
@@ -50,10 +59,11 @@ def _forward_headers(request: Request, user_id: str) -> dict:
 async def proxy_categories(
     request: Request,
     current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
     path: str = "",
 ) -> Response:
     url = f"/categories/{path}" if path else "/categories"
-    headers = _forward_headers(request, str(current_user.id))
+    headers = await _forward_headers(request, str(current_user.id), db)
     body = await request.body()
 
     try:

backend/app/routers/documents_proxy.py

@@ -3,14 +3,21 @@ Proxy all /api/documents/* requests to doc-service:8001/documents/*.
 
 Uses a module-level AsyncClient for connection pooling.
 Strips hop-by-hop headers that must not be forwarded.
+Injects X-User-Id and X-User-Groups headers so the doc-service
+can enforce ownership and group-sharing access without querying the
+backend database directly.
 """
 import os
 
 import httpx
 from fastapi import APIRouter, Depends, HTTPException, Request
 from fastapi.responses import Response
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
 
+from app.database import get_db
 from app.deps import get_current_user
+from app.models.group import GroupMembership
 from app.models.user import User
 
 DOC_SERVICE_URL = os.environ.get("DOC_SERVICE_URL", "http://doc-service:8001")
@@ -43,13 +50,22 @@ _HOP_BY_HOP = frozenset([
 _STRIP_RESPONSE = frozenset([*_HOP_BY_HOP, "content-length", "content-type"])
 
 
-def _forward_headers(request: Request, user_id: str) -> dict:
+async def _forward_headers(request: Request, user_id: str, db: AsyncSession) -> dict:
     headers = {
         k: v
         for k, v in request.headers.items()
         if k.lower() not in _HOP_BY_HOP
     }
     headers["x-user-id"] = user_id
+
+    # Inject the user's group memberships so the doc-service can evaluate
+    # group-shared document access without querying the backend DB.
+    result = await db.execute(
+        select(GroupMembership.group_id).where(GroupMembership.user_id == user_id)
+    )
+    group_ids = [row[0] for row in result.all()]
+    headers["x-user-groups"] = ",".join(group_ids)
+
     return headers
 
 
@@ -58,10 +74,11 @@ def _forward_headers(request: Request, user_id: str) -> dict:
 async def proxy_documents(
     request: Request,
     current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
     path: str = "",
 ) -> Response:
     url = f"/documents/{path}" if path else "/documents"
-    headers = _forward_headers(request, str(current_user.id))
+    headers = await _forward_headers(request, str(current_user.id), db)
     body = await request.body()
 
     try:

backend/app/routers/users.py

@@ -1,10 +1,13 @@
 from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy.orm import selectinload
 
 from app.database import get_db
 from app.deps import get_current_user
+from app.models.group import Group, GroupMembership
 from app.models.user import User
-from app.schemas.user import ColorModeUpdate, DashboardPrefsOut, DashboardPrefsUpdate, UserOut
+from app.schemas.user import ColorModeUpdate, DashboardPrefsOut, DashboardPrefsUpdate, UserGroupOut, UserOut
 
 router = APIRouter()
 
@@ -31,6 +34,21 @@ async def update_preferences(
     return DashboardPrefsOut(app_ids=current_user.dashboard_app_ids or [])
 
 
+@router.get("/me/groups", response_model=list[UserGroupOut])
+async def get_my_groups(
+    current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+):
+    """Return all groups the current user belongs to."""
+    result = await db.execute(
+        select(Group)
+        .join(GroupMembership, GroupMembership.group_id == Group.id)
+        .where(GroupMembership.user_id == current_user.id)
+        .order_by(Group.name)
+    )
+    return result.scalars().all()
+
+
 @router.patch("/me/color-mode", response_model=UserOut)
 async def update_color_mode(
     body: ColorModeUpdate,

backend/app/schemas/user.py

@@ -1,4 +1,5 @@
 import re
+from datetime import datetime
 
 from pydantic import BaseModel, EmailStr, Field, field_validator
 
@@ -116,6 +117,15 @@ class ColorModeUpdate(BaseModel):
         return v
 
 
+class UserGroupOut(BaseModel):
+    """A group the current user belongs to — used for the share picker."""
+    id: str
+    name: str
+    description: str | None
+
+    model_config = {"from_attributes": True}
+
+
 class DashboardPrefsUpdate(BaseModel):
     app_ids: list[str] = Field(default_factory=list)