# WebDev Pipeline

Persoenlicher Akquise-Agent fuer lokale Webdesign-Leads auf `audit.matthias-meister-webdesign.de`. Das MVP startet mit Next.js App Router, TypeScript, Tailwind CSS, shadcn/ui und Platzhalter-Routen fuer Dashboard, Login und oeffentliche Audit-Seiten.

Der aktuelle Scope ist bewusst persoenlich: Google, PageSpeed, OpenRouter, ScreenshotOne und optional Jina laufen ueber serverseitig verwaltete Keys. BYO-Keys, Billing und Teamrollen gehoeren zur spaeteren SaaS-Readiness, aber nicht zu dieser Welle.

## Getting Started

```bash
pnpm dev
```

Open [http://localhost:3000](http://localhost:3000) with your browser to see the result.

## Scripts

- `pnpm dev` starts the local development server.
- `pnpm lint` runs ESLint.
- `pnpm build` creates a production build.
- `pnpm start` starts the production server after a build.

## Environment Variables

Copy `.env.example` to `.env.local` for local development. Keep real secrets out of the repository and configure production values in Coolify and provider dashboards.

- **App / Coolify:** `APP_ENV`, `NEXT_PUBLIC_APP_URL`
- **Convex:** `NEXT_PUBLIC_CONVEX_URL`, `NEXT_PUBLIC_CONVEX_SITE_URL`, `CONVEX_DEPLOYMENT`
- **Google / PageSpeed:** `GOOGLE_GEOCODING_API_KEY`, `GOOGLE_PLACES_API_KEY`, `PAGESPEED_API_KEY`, `PAGESPEED_TIMEOUT_MS`
- **OpenRouter:** `OPENROUTER_API_KEY`, `OPENROUTER_MODEL_CLASSIFICATION`, `OPENROUTER_MODEL_MULTIMODAL_AUDIT`, `OPENROUTER_MODEL_GERMAN_COPY`, `OPENROUTER_MODEL_QUALITY_REVIEW`, optional: `OPENROUTER_APP_NAME`, `OPENROUTER_APP_URL`
- **ScreenshotOne:** `SCREENSHOTONE_API_KEY`
- **Jina:** optional `JINA_API_KEY` for future authenticated fallback usage; not required for current readiness.
- **SMTP / Stalwart:** `SMTP_HOST`, `SMTP_PORT`, `SMTP_USER`, `SMTP_PASSWORD`, `SMTP_FROM`
- **Rybbit:** `RYBBIT_API_URL`, `RYBBIT_API_KEY`, `NEXT_PUBLIC_RYBBIT_SITE_ID`
- **Auth:** `BETTER_AUTH_SECRET`

Only variables prefixed with `NEXT_PUBLIC_` are intended for browser exposure. All API keys, SMTP credentials, and server-only URLs must stay server-side.

### Admin Auth Flow

- `/login` handles Anmeldung mit dem bestehenden Admin-Account. Registrierung ist nach der Ersteinrichtung serverseitig deaktiviert.
- Nach erfolgreicher Anmeldung wird auf `/dashboard` gewechselt.
- Die Session wird im Layout/Middleware geprüft (`/dashboard` bleibt geschützt), öffentliche Audit-Routen bleiben weiterhin frei.
- Für Passwortänderungen ist aktuell kein separater Endpunkt in der UI, daher für MVP bitte über administrativen Wartungsweg vorgehen.

## Routes

- `/` MVP entry page.
- `/dashboard` internal dashboard placeholder.
- `/login` admin login placeholder.
- `/audit/[slug]` public audit placeholder.

## Deployment Notes

Coolify should run `pnpm install`, `pnpm build`, and `pnpm start`. The current font setup uses `next/font/google`, so production builds need outbound access to Google Fonts unless fonts are later self-hosted.

The new audit pipeline expects managed server-side provider configuration for Google, PageSpeed, OpenRouter, ScreenshotOne, and optional Jina. Do not expose provider secrets in browser-prefixed variables.

Playwright/TASK-8 is legacy enrichment context, not a required integration for the new external audit pipeline. Local `npx playwright install` remains a browser-testing helper only and does not affect the managed external-service readiness check.

For Convex deployment updates, run restart/deploy after code changes:

- Local: `pnpm exec convex dev`
- Remote: `pnpm exec convex deploy`