From 096f66eb156fc441b60cfa3ca8658745bc89fa3f Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Thu, 23 Apr 2026 21:45:33 +0200
Subject: [PATCH 01/12] test(document): getThumbnailUrl returns null when
 thumbnailKey is null
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

First TDD step for centralising the thumbnail URL convention on the
Document entity (#309). Adds a stub getter returning null and a test
that locks the "no key → no URL" branch.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .../familienarchiv/model/Document.java        |  4 ++++
 .../familienarchiv/model/DocumentTest.java    | 23 +++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java

diff --git a/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java b/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java
index dc66fb5d..627a1c6b 100644
--- a/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java
+++ b/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java
@@ -131,4 +131,8 @@ public class Document {
     @Enumerated(EnumType.STRING)
     @Builder.Default
     private Set<TrainingLabel> trainingLabels = new HashSet<>();
+
+    public String getThumbnailUrl() {
+        return null;
+    }
 }
diff --git a/backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java b/backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java
new file mode 100644
index 00000000..c6e82fb3
--- /dev/null
+++ b/backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java
@@ -0,0 +1,23 @@
+package org.raddatz.familienarchiv.model;
+
+import org.junit.jupiter.api.Test;
+
+import java.util.UUID;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+class DocumentTest {
+
+    @Test
+    void getThumbnailUrl_returnsNull_whenThumbnailKeyNull() {
+        Document doc = Document.builder()
+                .id(UUID.randomUUID())
+                .title("Brief")
+                .originalFilename("brief.pdf")
+                .status(DocumentStatus.UPLOADED)
+                .thumbnailKey(null)
+                .build();
+
+        assertThat(doc.getThumbnailUrl()).isNull();
+    }
+}
-- 
2.49.1


From df260d5c644bec29b3419944233384bff6007207 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Thu, 23 Apr 2026 21:52:09 +0200
Subject: [PATCH 02/12] feat(document): getThumbnailUrl composes
 /api/documents/{id}/thumbnail when key present
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The no-cache-buster branch covers documents whose thumbnail key is set
but whose thumbnailGeneratedAt is still null — which only happens in
the narrow window between the key being persisted and the async worker
stamping the timestamp (#309).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .../raddatz/familienarchiv/model/Document.java   |  3 ++-
 .../familienarchiv/model/DocumentTest.java       | 16 ++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java b/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java
index 627a1c6b..432fd6b0 100644
--- a/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java
+++ b/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java
@@ -133,6 +133,7 @@ public class Document {
     private Set<TrainingLabel> trainingLabels = new HashSet<>();
 
     public String getThumbnailUrl() {
-        return null;
+        if (thumbnailKey == null) return null;
+        return "/api/documents/" + id + "/thumbnail";
     }
 }
diff --git a/backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java b/backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java
index c6e82fb3..29071779 100644
--- a/backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java
+++ b/backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java
@@ -20,4 +20,20 @@ class DocumentTest {
 
         assertThat(doc.getThumbnailUrl()).isNull();
     }
+
+    @Test
+    void getThumbnailUrl_omitsCacheBuster_whenThumbnailKeyPresentButGeneratedAtNull() {
+        UUID id = UUID.fromString("11111111-2222-3333-4444-555555555555");
+        Document doc = Document.builder()
+                .id(id)
+                .title("Brief")
+                .originalFilename("brief.pdf")
+                .status(DocumentStatus.UPLOADED)
+                .thumbnailKey("thumbnails/" + id + ".jpg")
+                .thumbnailGeneratedAt(null)
+                .build();
+
+        assertThat(doc.getThumbnailUrl())
+                .isEqualTo("/api/documents/" + id + "/thumbnail");
+    }
 }
-- 
2.49.1


From 9862a51ac7dfd7f4b31c386c21e1ed6c44499d7b Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Thu, 23 Apr 2026 21:55:55 +0200
Subject: [PATCH 03/12] feat(document): getThumbnailUrl appends URL-encoded
 timestamp as cache-buster

Matches the shape the frontend previously built via
encodeURIComponent(thumbnailGeneratedAt), so the backend is now the
single source of truth for the thumbnail URL convention (#309).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .../familienarchiv/model/Document.java        |  6 ++++-
 .../familienarchiv/model/DocumentTest.java    | 22 +++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java b/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java
index 432fd6b0..8f1690dc 100644
--- a/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java
+++ b/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java
@@ -8,6 +8,8 @@ import org.hibernate.annotations.UpdateTimestamp;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import io.swagger.v3.oas.annotations.media.Schema;
 
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.time.LocalDate;
 import java.time.LocalDateTime;
 import java.util.HashSet;
@@ -134,6 +136,8 @@ public class Document {
 
     public String getThumbnailUrl() {
         if (thumbnailKey == null) return null;
-        return "/api/documents/" + id + "/thumbnail";
+        String base = "/api/documents/" + id + "/thumbnail";
+        if (thumbnailGeneratedAt == null) return base;
+        return base + "?v=" + URLEncoder.encode(thumbnailGeneratedAt.toString(), StandardCharsets.UTF_8);
     }
 }
diff --git a/backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java b/backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java
index 29071779..8b1f9c59 100644
--- a/backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java
+++ b/backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java
@@ -2,6 +2,7 @@ package org.raddatz.familienarchiv.model;
 
 import org.junit.jupiter.api.Test;
 
+import java.time.LocalDateTime;
 import java.util.UUID;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -36,4 +37,25 @@ class DocumentTest {
         assertThat(doc.getThumbnailUrl())
                 .isEqualTo("/api/documents/" + id + "/thumbnail");
     }
+
+    @Test
+    void getThumbnailUrl_includesCacheBuster_whenBothKeyAndGeneratedAtPresent() {
+        UUID id = UUID.fromString("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee");
+        LocalDateTime generatedAt = LocalDateTime.of(2026, 4, 23, 14, 30, 45);
+        Document doc = Document.builder()
+                .id(id)
+                .title("Brief")
+                .originalFilename("brief.pdf")
+                .status(DocumentStatus.UPLOADED)
+                .thumbnailKey("thumbnails/" + id + ".jpg")
+                .thumbnailGeneratedAt(generatedAt)
+                .build();
+
+        // frontend equivalent: `?v=${encodeURIComponent(doc.thumbnailGeneratedAt)}`
+        // where thumbnailGeneratedAt is the ISO-8601 string Jackson serialises.
+        // LocalDateTime.toString() produces "2026-04-23T14:30:45"; encodeURIComponent
+        // turns ":" into "%3A" but leaves "T" and digits alone.
+        String expected = "/api/documents/" + id + "/thumbnail?v=2026-04-23T14%3A30%3A45";
+        assertThat(doc.getThumbnailUrl()).isEqualTo(expected);
+    }
 }
-- 
2.49.1


From ad999c47ea3502371eef962620d7cf352bce853e Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Thu, 23 Apr 2026 22:02:05 +0200
Subject: [PATCH 04/12] feat(document): expose thumbnailUrl to JSON
 serialisation

@JsonProperty makes the computed getter part of every Document response
Jackson produces, so any DTO returning a Document automatically carries
the thumbnail URL without per-controller plumbing. The accompanying
comment warns future readers that the cache-buster is load-bearing
for the endpoint's `immutable` cache header (CWE-525) (#309).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .../java/org/raddatz/familienarchiv/model/Document.java  | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java b/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java
index 8f1690dc..e5526294 100644
--- a/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java
+++ b/backend/src/main/java/org/raddatz/familienarchiv/model/Document.java
@@ -6,6 +6,7 @@ import org.hibernate.annotations.CreationTimestamp;
 import org.hibernate.annotations.UpdateTimestamp;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import io.swagger.v3.oas.annotations.media.Schema;
 
 import java.net.URLEncoder;
@@ -134,6 +135,14 @@ public class Document {
     @Builder.Default
     private Set<TrainingLabel> trainingLabels = new HashSet<>();
 
+    // The `?v={thumbnailGeneratedAt}` cache-buster is load-bearing: the thumbnail
+    // endpoint sends `Cache-Control: private, max-age=31536000, immutable`
+    // (DocumentController.getDocumentThumbnail). `immutable` is only safe because
+    // this URL changes whenever the underlying file does. Dropping the query param
+    // would let browsers serve a stale thumbnail for a year after the file is
+    // replaced, and shared caches could leak one user's thumbnail to another
+    // (CWE-525).
+    @JsonProperty("thumbnailUrl")
     public String getThumbnailUrl() {
         if (thumbnailKey == null) return null;
         String base = "/api/documents/" + id + "/thumbnail";
-- 
2.49.1


From 510ab1d2d5bfd01a09c8d4c0e93cf7ad03a24001 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Thu, 23 Apr 2026 22:07:58 +0200
Subject: [PATCH 05/12] feat(dashboard): populate resume thumbnailUrl from
 Document

DashboardService now reads the URL from the Document's computed getter
instead of passing null, so the resume strip can display the real
thumbnail of whatever the user was last working on (#309).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .../dashboard/DashboardService.java           |  2 +-
 .../dashboard/DashboardServiceTest.java       | 26 +++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/backend/src/main/java/org/raddatz/familienarchiv/dashboard/DashboardService.java b/backend/src/main/java/org/raddatz/familienarchiv/dashboard/DashboardService.java
index 054ea91b..0e5203b2 100644
--- a/backend/src/main/java/org/raddatz/familienarchiv/dashboard/DashboardService.java
+++ b/backend/src/main/java/org/raddatz/familienarchiv/dashboard/DashboardService.java
@@ -82,7 +82,7 @@ public class DashboardService {
                 .toList();
 
         return new DashboardResumeDTO(docId, doc.getTitle(), caption, excerpt,
-                totalBlocks, pct, null, collaborators);
+                totalBlocks, pct, doc.getThumbnailUrl(), collaborators);
     }
 
     public DashboardPulseDTO getPulse(UUID userId) {
diff --git a/backend/src/test/java/org/raddatz/familienarchiv/dashboard/DashboardServiceTest.java b/backend/src/test/java/org/raddatz/familienarchiv/dashboard/DashboardServiceTest.java
index 19a20e51..d9df35cc 100644
--- a/backend/src/test/java/org/raddatz/familienarchiv/dashboard/DashboardServiceTest.java
+++ b/backend/src/test/java/org/raddatz/familienarchiv/dashboard/DashboardServiceTest.java
@@ -18,6 +18,7 @@ import org.raddatz.familienarchiv.service.TranscriptionService;
 import org.raddatz.familienarchiv.service.UserService;
 
 import java.time.Instant;
+import java.time.LocalDateTime;
 import java.time.OffsetDateTime;
 import java.util.HashSet;
 import java.util.List;
@@ -45,6 +46,31 @@ class DashboardServiceTest {
 
     @InjectMocks DashboardService dashboardService;
 
+    // ─── getResume wires thumbnailUrl from Document ───────────────────────────
+
+    @Test
+    void getResume_populatesThumbnailUrl_fromDocument() {
+        UUID userId = UUID.randomUUID();
+        UUID docId = UUID.fromString("12345678-aaaa-bbbb-cccc-1234567890ab");
+
+        Document doc = Document.builder()
+                .id(docId).title("Brief").originalFilename("brief.pdf")
+                .thumbnailKey("thumbnails/" + docId + ".jpg")
+                .thumbnailGeneratedAt(LocalDateTime.of(2026, 4, 23, 9, 0, 0))
+                .receivers(new HashSet<>())
+                .build();
+
+        when(auditLogQueryService.findMostRecentDocumentForUser(userId)).thenReturn(Optional.of(docId));
+        when(documentService.getDocumentById(docId)).thenReturn(doc);
+        when(transcriptionService.listBlocks(docId)).thenReturn(List.of());
+
+        DashboardResumeDTO result = dashboardService.getResume(userId);
+
+        assertThat(result).isNotNull();
+        assertThat(result.thumbnailUrl()).isEqualTo(doc.getThumbnailUrl());
+        assertThat(result.thumbnailUrl()).startsWith("/api/documents/" + docId + "/thumbnail?v=");
+    }
+
     // ─── toActorDTO (via getResume collaborators) ─────────────────────────────
 
     @Test
-- 
2.49.1


From a8b9133b800a7ac7670dbe39cd63d222a8819e4a Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Thu, 23 Apr 2026 22:10:32 +0200
Subject: [PATCH 06/12] chore(api): regenerate Document type with thumbnailUrl
 field

Reflects the new @JsonProperty getter on Document. Kept as a minimal
manual edit rather than a full regen because the running dev backend
belongs to the main workspace and swapping JARs there would be a
side effect on a parallel worktree's state. `npm run generate:api`
will converge on the same shape.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 frontend/src/lib/generated/api.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/frontend/src/lib/generated/api.ts b/frontend/src/lib/generated/api.ts
index 351e1597..a72acd15 100644
--- a/frontend/src/lib/generated/api.ts
+++ b/frontend/src/lib/generated/api.ts
@@ -1390,6 +1390,7 @@ export interface components {
             thumbnailAspect?: "PORTRAIT" | "LANDSCAPE";
             /** Format: int32 */
             pageCount?: number;
+            thumbnailUrl?: string;
             originalFilename: string;
             /** @enum {string} */
             status: "PLACEHOLDER" | "UPLOADED" | "TRANSCRIBED" | "REVIEWED" | "ARCHIVED";
-- 
2.49.1


From 817749889a6d4345540c84568c7a5ad202332eec Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Thu, 23 Apr 2026 22:18:07 +0200
Subject: [PATCH 07/12] refactor(document-thumbnail): read doc.thumbnailUrl
 instead of composing locally

The backend now exposes thumbnailUrl as a serialised computed property
on Document, so the component drops its dependency on the frontend
URL-builder. PersonDocumentList's inline Doc prop type follows the
same shift (#309).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 frontend/src/lib/components/DocumentThumbnail.svelte      | 8 ++------
 .../src/routes/persons/[id]/PersonDocumentList.svelte     | 3 +--
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/frontend/src/lib/components/DocumentThumbnail.svelte b/frontend/src/lib/components/DocumentThumbnail.svelte
index ee6023e2..a77b1ce1 100644
--- a/frontend/src/lib/components/DocumentThumbnail.svelte
+++ b/frontend/src/lib/components/DocumentThumbnail.svelte
@@ -1,14 +1,10 @@
 <script lang="ts">
 import type { components } from '$lib/generated/api';
-import { thumbnailUrl } from '$lib/thumbnails';
 
-type Doc = Pick<
-	components['schemas']['Document'],
-	'id' | 'thumbnailKey' | 'thumbnailGeneratedAt' | 'contentType'
->;
+type Doc = Pick<components['schemas']['Document'], 'id' | 'thumbnailUrl' | 'contentType'>;
 
 let { doc, size = 'sm' }: { doc: Doc; size?: 'sm' | 'lg' } = $props();
-const url = $derived(thumbnailUrl(doc));
+const url = $derived(doc.thumbnailUrl ?? null);
 
 const containerClass = $derived(
 	size === 'lg'
diff --git a/frontend/src/routes/persons/[id]/PersonDocumentList.svelte b/frontend/src/routes/persons/[id]/PersonDocumentList.svelte
index 64b71cfb..228c8f12 100644
--- a/frontend/src/routes/persons/[id]/PersonDocumentList.svelte
+++ b/frontend/src/routes/persons/[id]/PersonDocumentList.svelte
@@ -20,8 +20,7 @@ let {
 		location?: string | null;
 		status: string;
 		contentType?: string;
-		thumbnailKey?: string;
-		thumbnailGeneratedAt?: string;
+		thumbnailUrl?: string;
 	}[];
 	heading: string;
 	emptyMessage: string;
-- 
2.49.1


From a02f6cdcd7ed1c038aa9afca915eea2518e1f1c9 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Thu, 23 Apr 2026 22:19:35 +0200
Subject: [PATCH 08/12] refactor(thumbnails): drop frontend URL-builder now
 that backend owns the convention
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The helper had a single consumer (DocumentThumbnail) and its only job
was to compose what the backend's Document.getThumbnailUrl() now
produces. Deleting it locks the single-source-of-truth invariant —
there is no longer a way to build a thumbnail URL on the client (#309).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 frontend/src/lib/thumbnails.test.ts | 37 -----------------------------
 frontend/src/lib/thumbnails.ts      | 18 --------------
 2 files changed, 55 deletions(-)
 delete mode 100644 frontend/src/lib/thumbnails.test.ts
 delete mode 100644 frontend/src/lib/thumbnails.ts

diff --git a/frontend/src/lib/thumbnails.test.ts b/frontend/src/lib/thumbnails.test.ts
deleted file mode 100644
index aad48268..00000000
--- a/frontend/src/lib/thumbnails.test.ts
+++ /dev/null
@@ -1,37 +0,0 @@
-import { describe, expect, it } from 'vitest';
-import { thumbnailUrl } from './thumbnails';
-
-describe('thumbnailUrl', () => {
-	it('returns null when thumbnailKey is undefined', () => {
-		expect(thumbnailUrl({ id: 'abc' })).toBeNull();
-	});
-
-	it('returns url without version param when thumbnailKey present but generatedAt missing', () => {
-		expect(thumbnailUrl({ id: 'abc', thumbnailKey: 'thumbnails/abc.jpg' })).toBe(
-			'/api/documents/abc/thumbnail'
-		);
-	});
-
-	it('appends encoded cache-bust param when generatedAt present', () => {
-		const url = thumbnailUrl({
-			id: 'abc',
-			thumbnailKey: 'thumbnails/abc.jpg',
-			thumbnailGeneratedAt: '2026-04-22T20:41:15.123456'
-		});
-		expect(url).toBe('/api/documents/abc/thumbnail?v=2026-04-22T20%3A41%3A15.123456');
-	});
-
-	it('different generatedAt produces different URL — enables cache-bust on file replace', () => {
-		const a = thumbnailUrl({
-			id: 'x',
-			thumbnailKey: 'thumbnails/x.jpg',
-			thumbnailGeneratedAt: '2026-01-01T10:00:00'
-		});
-		const b = thumbnailUrl({
-			id: 'x',
-			thumbnailKey: 'thumbnails/x.jpg',
-			thumbnailGeneratedAt: '2026-01-01T11:00:00'
-		});
-		expect(a).not.toBe(b);
-	});
-});
diff --git a/frontend/src/lib/thumbnails.ts b/frontend/src/lib/thumbnails.ts
deleted file mode 100644
index 47a0a606..00000000
--- a/frontend/src/lib/thumbnails.ts
+++ /dev/null
@@ -1,18 +0,0 @@
-type ThumbnailDoc = {
-	id: string;
-	thumbnailKey?: string;
-	thumbnailGeneratedAt?: string;
-};
-
-/**
- * Builds the URL for a document thumbnail image, or returns null when the document
- * has no thumbnail yet. When `thumbnailGeneratedAt` is present it is appended as a
- * `?v=…` query param so the browser / proxy cache is invalidated whenever the file
- * is replaced (the backend regenerates thumbnails at the same S3 key on replace).
- */
-export function thumbnailUrl(doc: ThumbnailDoc): string | null {
-	if (!doc.thumbnailKey) return null;
-	const base = `/api/documents/${doc.id}/thumbnail`;
-	if (!doc.thumbnailGeneratedAt) return base;
-	return `${base}?v=${encodeURIComponent(doc.thumbnailGeneratedAt)}`;
-}
-- 
2.49.1


From 1d44bbb1bd40c793f54c870d7f33655ca51a9f50 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Thu, 23 Apr 2026 22:22:19 +0200
Subject: [PATCH 09/12] feat(dashboard): render real document thumbnail in
 resume strip
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replaces the generic parchment SVG placeholder with an <img> pointing at
the backend's thumbnail endpoint when the document has one. The 180×252
container matches DocumentThumbnail's 5:7 A4 convention so the
dashboard tile sits visually next to the list/person-sublist tiles
instead of looking squatter than they do. dark:mix-blend-multiply keeps
paper scans from glaring on a dark page background (#309).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .../components/DashboardResumeStrip.svelte    | 33 ++++++++-----------
 .../DashboardResumeStrip.svelte.spec.ts       | 17 ++++++++++
 2 files changed, 30 insertions(+), 20 deletions(-)

diff --git a/frontend/src/lib/components/DashboardResumeStrip.svelte b/frontend/src/lib/components/DashboardResumeStrip.svelte
index 76eade81..fcf16812 100644
--- a/frontend/src/lib/components/DashboardResumeStrip.svelte
+++ b/frontend/src/lib/components/DashboardResumeStrip.svelte
@@ -44,27 +44,20 @@ function safeColor(color: string): string {
 	</div>
 {:else}
 	<div data-testid="resume-strip" class="flex gap-4 rounded-sm border border-line bg-surface p-5">
-		<svg
-			xmlns="http://www.w3.org/2000/svg"
-			width="180"
-			height="246"
-			viewBox="0 0 180 246"
-			aria-hidden="true"
-			class="shrink-0"
+		<div
+			class="relative h-[252px] w-[180px] flex-shrink-0 overflow-hidden rounded-sm border border-line bg-white"
 		>
-			<defs>
-				<linearGradient id="parchment" x1="0" y1="0" x2="0" y2="1">
-					<stop offset="0%" stop-color="#f5f0e8" />
-					<stop offset="100%" stop-color="#ede8d5" />
-				</linearGradient>
-			</defs>
-			<rect width="180" height="246" fill="url(#parchment)" />
-			<line x1="30" y1="40" x2="150" y2="40" stroke="#b0a898" stroke-width="1" />
-			<line x1="30" y1="70" x2="150" y2="70" stroke="#b0a898" stroke-width="1" />
-			<line x1="30" y1="100" x2="150" y2="100" stroke="#b0a898" stroke-width="1" />
-			<line x1="30" y1="130" x2="150" y2="130" stroke="#b0a898" stroke-width="1" />
-			<line x1="30" y1="160" x2="150" y2="160" stroke="#b0a898" stroke-width="1" />
-		</svg>
+			{#if resumeDoc.thumbnailUrl}
+				<img
+					data-testid="resume-thumbnail-img"
+					src={resumeDoc.thumbnailUrl}
+					alt=""
+					class="h-full w-full object-cover object-top dark:mix-blend-multiply"
+					loading="lazy"
+					decoding="async"
+				/>
+			{/if}
+		</div>
 
 		<div class="flex flex-1 flex-col gap-2">
 			<p class="flex items-center gap-1.5 font-sans text-xs text-ink-3">
diff --git a/frontend/src/lib/components/DashboardResumeStrip.svelte.spec.ts b/frontend/src/lib/components/DashboardResumeStrip.svelte.spec.ts
index 2250ff2e..a7b411c0 100644
--- a/frontend/src/lib/components/DashboardResumeStrip.svelte.spec.ts
+++ b/frontend/src/lib/components/DashboardResumeStrip.svelte.spec.ts
@@ -21,6 +21,11 @@ const mockResume: DashboardResumeDTO = {
 	collaborators: []
 };
 
+const mockResumeWithThumbnail: DashboardResumeDTO = {
+	...mockResume,
+	thumbnailUrl: '/api/documents/doc-123/thumbnail?v=2026-04-23T09%3A00'
+};
+
 describe('DashboardResumeStrip', () => {
 	it('renders empty state heading when resumeDoc is null', async () => {
 		render(DashboardResumeStrip, { resumeDoc: null });
@@ -52,4 +57,16 @@ describe('DashboardResumeStrip', () => {
 		const label = page.getByText(/4 Abschnitte/i);
 		await expect.element(label).toBeInTheDocument();
 	});
+
+	it('renders thumbnail img with expected attrs when thumbnailUrl is set', async () => {
+		render(DashboardResumeStrip, { resumeDoc: mockResumeWithThumbnail });
+		const img = page.getByTestId('resume-thumbnail-img');
+		await expect.element(img).toBeInTheDocument();
+		await expect
+			.element(img)
+			.toHaveAttribute('src', '/api/documents/doc-123/thumbnail?v=2026-04-23T09%3A00');
+		await expect.element(img).toHaveAttribute('alt', '');
+		await expect.element(img).toHaveAttribute('loading', 'lazy');
+		await expect.element(img).toHaveAttribute('decoding', 'async');
+	});
 });
-- 
2.49.1


From 72cd6f5bbc572eeee17a959349fc3c8f2b9d7156 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Thu, 23 Apr 2026 22:24:29 +0200
Subject: [PATCH 10/12] feat(dashboard): fall back to document-text heroicon
 when no thumbnail yet
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Uses the same heroicon as DocumentThumbnail so the "no thumbnail yet"
signal reads identically across the app: one shape, one meaning. The
parchment SVG still lives on in the fully-empty state (no resume doc
at all), where it represents a different thing — we removed it only
from the "document exists, thumbnail not generated yet" branch (#309).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .../components/DashboardResumeStrip.svelte    | 21 +++++++++++++++++++
 .../DashboardResumeStrip.svelte.spec.ts       |  7 +++++++
 2 files changed, 28 insertions(+)

diff --git a/frontend/src/lib/components/DashboardResumeStrip.svelte b/frontend/src/lib/components/DashboardResumeStrip.svelte
index fcf16812..1be18627 100644
--- a/frontend/src/lib/components/DashboardResumeStrip.svelte
+++ b/frontend/src/lib/components/DashboardResumeStrip.svelte
@@ -56,6 +56,27 @@ function safeColor(color: string): string {
 					loading="lazy"
 					decoding="async"
 				/>
+			{:else}
+				<div
+					data-testid="resume-thumbnail-fallback"
+					class="flex h-full w-full items-center justify-center text-ink-3"
+					aria-hidden="true"
+				>
+					<svg
+						xmlns="http://www.w3.org/2000/svg"
+						fill="none"
+						viewBox="0 0 24 24"
+						stroke-width="1.5"
+						stroke="currentColor"
+						class="h-16 w-16"
+					>
+						<path
+							stroke-linecap="round"
+							stroke-linejoin="round"
+							d="M19.5 14.25v-2.625a3.375 3.375 0 0 0-3.375-3.375h-1.5A1.125 1.125 0 0 1 13.5 7.125v-1.5a3.375 3.375 0 0 0-3.375-3.375H8.25m2.25 0H5.625c-.621 0-1.125.504-1.125 1.125v17.25c0 .621.504 1.125 1.125 1.125h12.75c.621 0 1.125-.504 1.125-1.125V11.25a9 9 0 0 0-9-9Z M9 12.75h6M9 15.75h6M9 18.75h3"
+						/>
+					</svg>
+				</div>
 			{/if}
 		</div>
 
diff --git a/frontend/src/lib/components/DashboardResumeStrip.svelte.spec.ts b/frontend/src/lib/components/DashboardResumeStrip.svelte.spec.ts
index a7b411c0..0c1f9b48 100644
--- a/frontend/src/lib/components/DashboardResumeStrip.svelte.spec.ts
+++ b/frontend/src/lib/components/DashboardResumeStrip.svelte.spec.ts
@@ -69,4 +69,11 @@ describe('DashboardResumeStrip', () => {
 		await expect.element(img).toHaveAttribute('loading', 'lazy');
 		await expect.element(img).toHaveAttribute('decoding', 'async');
 	});
+
+	it('renders fallback icon when thumbnailUrl is null', async () => {
+		render(DashboardResumeStrip, { resumeDoc: mockResume });
+		const fallback = page.getByTestId('resume-thumbnail-fallback');
+		await expect.element(fallback).toBeInTheDocument();
+		await expect.element(page.getByTestId('resume-thumbnail-img')).not.toBeInTheDocument();
+	});
 });
-- 
2.49.1


From 629f0183f71d20d76c13f93200be319b87edaddf Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Thu, 23 Apr 2026 22:39:14 +0200
Subject: [PATCH 11/12] =?UTF-8?q?test(document):=20address=20@saraholt=20?=
 =?UTF-8?q?=E2=80=94=20lock=20JSON=20wire=20contract=20for=20thumbnailUrl?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Prior coverage only exercised getThumbnailUrl() as a Java method call.
The new case serialises via ObjectMapper and asserts the resulting JSON
contains "thumbnailUrl":"..." so we catch silent breakages in the wire
contract (getter rename, @JsonIgnore, visibility drop) — not just
regressions in the method's return value (#309).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .../familienarchiv/model/DocumentTest.java    | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java b/backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java
index 8b1f9c59..fbf48954 100644
--- a/backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java
+++ b/backend/src/test/java/org/raddatz/familienarchiv/model/DocumentTest.java
@@ -1,5 +1,7 @@
 package org.raddatz.familienarchiv.model;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import org.junit.jupiter.api.Test;
 
 import java.time.LocalDateTime;
@@ -58,4 +60,26 @@ class DocumentTest {
         String expected = "/api/documents/" + id + "/thumbnail?v=2026-04-23T14%3A30%3A45";
         assertThat(doc.getThumbnailUrl()).isEqualTo(expected);
     }
+
+    @Test
+    void thumbnailUrl_isSerialisedToJson_soFrontendReceivesIt() throws Exception {
+        UUID id = UUID.fromString("99999999-aaaa-bbbb-cccc-111122223333");
+        Document doc = Document.builder()
+                .id(id)
+                .title("Brief")
+                .originalFilename("brief.pdf")
+                .status(DocumentStatus.UPLOADED)
+                .thumbnailKey("thumbnails/" + id + ".jpg")
+                .thumbnailGeneratedAt(LocalDateTime.of(2026, 4, 23, 9, 0, 0))
+                .build();
+
+        ObjectMapper mapper = new ObjectMapper().registerModule(new JavaTimeModule());
+        String json = mapper.writeValueAsString(doc);
+
+        // Locks the wire contract, not just the Java API: every Document JSON must carry
+        // `thumbnailUrl`. Protects against silent breakage if the getter gets renamed,
+        // hidden behind @JsonIgnore, or visibility-reduced — any of which would leave the
+        // frontend rendering the fallback icon on every surface.
+        assertThat(json).contains("\"thumbnailUrl\":\"" + doc.getThumbnailUrl() + "\"");
+    }
 }
-- 
2.49.1


From 7007491d8ceb46f0cd244c730a1fa42d62eeeeaa Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Thu, 23 Apr 2026 22:40:38 +0200
Subject: [PATCH 12/12] =?UTF-8?q?style(dashboard):=20address=20@leonievoss?=
 =?UTF-8?q?=20=E2=80=94=20scale=20fallback=20icon=20to=20match=20larger=20?=
 =?UTF-8?q?container?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

h-16 w-16 looked undersized in the 180×252 strip container (~25% of
the height). h-24 w-24 gives ~38% visual weight, matching the ratio
DocumentThumbnail uses for its lg (120×168) fallback (#309).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 frontend/src/lib/components/DashboardResumeStrip.svelte | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/src/lib/components/DashboardResumeStrip.svelte b/frontend/src/lib/components/DashboardResumeStrip.svelte
index 1be18627..ade60831 100644
--- a/frontend/src/lib/components/DashboardResumeStrip.svelte
+++ b/frontend/src/lib/components/DashboardResumeStrip.svelte
@@ -68,7 +68,7 @@ function safeColor(color: string): string {
 						viewBox="0 0 24 24"
 						stroke-width="1.5"
 						stroke="currentColor"
-						class="h-16 w-16"
+						class="h-24 w-24"
 					>
 						<path
 							stroke-linecap="round"
-- 
2.49.1