From eb6e21f0321c4ab885ef26515d520639a1f4dffc Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 08:12:52 +0200
Subject: [PATCH 01/18] feat(person-mention): renderTranscriptionBody for safe
 read-mode HTML
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replaces every @DisplayName in a transcription block's text with an anchor
link to /persons/{personId}, sourced from the mentionedPersons sidecar.
The @ prefix is stripped from the rendered link text per spec — it is an
editor affordance, not part of the historical text.

Stored-XSS hardening: HTML-escapes block text, displayName, and personId
before injection. Word-boundary lookahead avoids prefix collisions
(@Hans vs @HansMüller). Longest-displayName-first + first-sidecar-wins
make rendering deterministic for the OQ-1 collision case (#5339).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 frontend/src/lib/utils/mention.spec.ts | 151 ++++++++++++++++++++++++-
 frontend/src/lib/utils/mention.ts      |  46 +++++++-
 2 files changed, 194 insertions(+), 3 deletions(-)

diff --git a/frontend/src/lib/utils/mention.spec.ts b/frontend/src/lib/utils/mention.spec.ts
index 04b659b1..47a84645 100644
--- a/frontend/src/lib/utils/mention.spec.ts
+++ b/frontend/src/lib/utils/mention.spec.ts
@@ -1,6 +1,12 @@
 import { describe, it, expect } from 'vitest';
-import { detectMention, escapeHtml, extractContent, renderBody } from './mention';
-import type { MentionDTO } from '$lib/types';
+import {
+	detectMention,
+	escapeHtml,
+	extractContent,
+	renderBody,
+	renderTranscriptionBody
+} from './mention';
+import type { MentionDTO, PersonMention } from '$lib/types';
 
 // ─── escapeHtml ───────────────────────────────────────────────────────────────
 
@@ -161,3 +167,144 @@ describe('renderBody', () => {
 		expect(result).not.toContain('\n');
 	});
 });
+
+// ─── renderTranscriptionBody ──────────────────────────────────────────────────
+
+describe('renderTranscriptionBody', () => {
+	const auguste: PersonMention = {
+		personId: '550e8400-e29b-41d4-a716-446655440000',
+		displayName: 'Auguste Raddatz'
+	};
+	const hans: PersonMention = {
+		personId: '550e8400-e29b-41d4-a716-446655440001',
+		displayName: 'Hans'
+	};
+
+	it('returns empty string for empty input', () => {
+		expect(renderTranscriptionBody('', [])).toBe('');
+	});
+
+	it('returns escaped plain text when no mentions', () => {
+		expect(renderTranscriptionBody('Hello world', [])).toBe('Hello world');
+	});
+
+	it('escapes < and > in plain block text', () => {
+		const result = renderTranscriptionBody('<script>alert(1)</script>', []);
+		expect(result).toBe('&lt;script&gt;alert(1)&lt;/script&gt;');
+		expect(result).not.toContain('<script>');
+	});
+
+	it('escapes & in plain block text', () => {
+		expect(renderTranscriptionBody('AT&T', [])).toBe('AT&amp;T');
+	});
+
+	it('replaces @DisplayName with anchor link to /persons/{personId}', () => {
+		const result = renderTranscriptionBody('Brief an @Auguste Raddatz vom Mai', [auguste]);
+		expect(result).toContain(`<a href="/persons/${auguste.personId}"`);
+		expect(result).toContain('class="person-mention"');
+		expect(result).toContain(`data-person-id="${auguste.personId}"`);
+		expect(result).toContain('>Auguste Raddatz</a>');
+	});
+
+	it('strips the @ prefix from rendered link text (read mode)', () => {
+		const result = renderTranscriptionBody('Hallo @Auguste Raddatz!', [auguste]);
+		// The anchor body is the bare display name — no leading @
+		expect(result).not.toMatch(/>@Auguste Raddatz</);
+		expect(result).toMatch(/>Auguste Raddatz</);
+	});
+
+	it('removes the trigger @ from the surrounding text (no orphan @ before the link)', () => {
+		const result = renderTranscriptionBody('Brief an @Auguste Raddatz vom Mai', [auguste]);
+		// No bare @ remains where the mention was
+		expect(result).not.toMatch(/@<a/);
+	});
+
+	it('replaces all occurrences of the same mention', () => {
+		const result = renderTranscriptionBody('@Auguste Raddatz und @Auguste Raddatz', [auguste]);
+		const anchorCount = (result.match(/<a /g) ?? []).length;
+		expect(anchorCount).toBe(2);
+	});
+
+	it('does not replace plain-text occurrences without the @ trigger', () => {
+		const result = renderTranscriptionBody('Auguste Raddatz war hier', [auguste]);
+		expect(result).not.toContain('<a ');
+		expect(result).toBe('Auguste Raddatz war hier');
+	});
+
+	it('processes longer displayNames first to avoid prefix shadowing', () => {
+		const augusteShort: PersonMention = { personId: 'p-short', displayName: 'Auguste' };
+		const augusteLong: PersonMention = {
+			personId: 'p-long',
+			displayName: 'Auguste Raddatz'
+		};
+		// Sidecar order is short-first; longer match must still win for the long text
+		const result = renderTranscriptionBody('@Auguste Raddatz schreibt @Auguste', [
+			augusteShort,
+			augusteLong
+		]);
+		expect(result).toContain('href="/persons/p-long"');
+		expect(result).toContain('href="/persons/p-short"');
+		// The "Raddatz" suffix must not leak inside the short-name anchor
+		expect(result).not.toMatch(/>Auguste<\/a> Raddatz/);
+	});
+
+	it('does not match @ followed by extra word characters (word boundary)', () => {
+		// Sidecar contains "Hans"; text contains "@HansMüller" — no link.
+		const result = renderTranscriptionBody('Brief an @HansMüller', [hans]);
+		expect(result).not.toContain('<a ');
+		expect(result).toContain('@HansM');
+	});
+
+	it('first-sidecar-wins when two entries share the same displayName', () => {
+		// Two persons named "Hans" — first sidecar entry wins for all occurrences.
+		const hansFirst: PersonMention = { personId: 'p-first', displayName: 'Hans' };
+		const hansSecond: PersonMention = { personId: 'p-second', displayName: 'Hans' };
+		const result = renderTranscriptionBody('@Hans und @Hans', [hansFirst, hansSecond]);
+		expect(result).toContain('href="/persons/p-first"');
+		expect(result).not.toContain('href="/persons/p-second"');
+		const anchorCount = (result.match(/<a /g) ?? []).length;
+		expect(anchorCount).toBe(2);
+	});
+
+	it('escapes HTML in displayName to prevent stored XSS', () => {
+		const xss: PersonMention = {
+			personId: 'p-xss',
+			displayName: '<script>alert(1)</script>'
+		};
+		const result = renderTranscriptionBody('Hi @<script>alert(1)</script> there', [xss]);
+		expect(result).not.toContain('<script>');
+		expect(result).toContain('&lt;script&gt;');
+	});
+
+	it('escapes <img onerror=...> payloads in surrounding block text', () => {
+		const result = renderTranscriptionBody('<img src=x onerror=alert(1)> hello', []);
+		expect(result).not.toContain('<img');
+		expect(result).toContain('&lt;img');
+	});
+
+	it('does not double-encode HTML-entity-already-encoded payloads', () => {
+		// `&amp;lt;script&amp;gt;` is already-escaped HTML in the source text.
+		// renderTranscriptionBody must escape the literal & once → `&amp;amp;lt;...`
+		// — never silently decode pre-escaped entities.
+		const result = renderTranscriptionBody('text &amp;lt;script&amp;gt;', []);
+		expect(result).toBe('text &amp;amp;lt;script&amp;amp;gt;');
+	});
+
+	it('escapes quotes in displayName so they cannot break the href attribute', () => {
+		const tricky: PersonMention = {
+			personId: 'p-quote',
+			displayName: 'O"Brien'
+		};
+		const result = renderTranscriptionBody('@O"Brien', [tricky]);
+		// The raw `"` from the displayName must never appear inside the rendered link
+		// — it would terminate the attribute value early and let an attacker craft
+		// arbitrary attributes on the anchor. It must arrive at the browser as &quot;.
+		expect(result).toMatch(/>O&quot;Brien<\/a>/);
+		expect(result).not.toMatch(/>O"Brien<\/a>/);
+	});
+
+	it('renders nothing when mentionedPersons is undefined-empty and no @ triggers', () => {
+		const result = renderTranscriptionBody('Plain old transcription text.', []);
+		expect(result).toBe('Plain old transcription text.');
+	});
+});
diff --git a/frontend/src/lib/utils/mention.ts b/frontend/src/lib/utils/mention.ts
index 8b91bc1c..321533b0 100644
--- a/frontend/src/lib/utils/mention.ts
+++ b/frontend/src/lib/utils/mention.ts
@@ -1,4 +1,4 @@
-import type { MentionDTO } from '$lib/types';
+import type { MentionDTO, PersonMention } from '$lib/types';
 
 /**
  * Given the current textarea value and cursor position, returns the
@@ -62,6 +62,50 @@ export function escapeHtml(str: string): string {
 		.replaceAll("'", '&#39;');
 }
 
+function escapeRegExp(str: string): string {
+	return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+
+/**
+ * Renders a transcription block's text segment as safe HTML for read mode.
+ *
+ * Rules:
+ * 1. The full text is HTML-escaped first (defense against stored XSS).
+ * 2. For each entry in `mentionedPersons`, every `@DisplayName` occurrence is
+ *    replaced with `<a href="/persons/{personId}" class="person-mention" …>DisplayName</a>`.
+ *    The `@` prefix is stripped from the rendered link text — it is an editor
+ *    affordance, not part of the historical text (issue #362).
+ * 3. Longest displayNames are processed first so a short prefix in the sidecar
+ *    cannot shadow a longer match in the text (e.g. `@Auguste` vs `@Auguste Raddatz`).
+ * 4. Word-boundary lookahead prevents `@Hans` from matching `@HansMüller`.
+ * 5. First-sidecar-wins for entries that share a displayName (deterministic
+ *    rule per Felix decision OQ-1, comment #5339).
+ */
+export function renderTranscriptionBody(text: string, mentionedPersons: PersonMention[]): string {
+	if (!text) return '';
+	let escaped = escapeHtml(text);
+
+	const seen = new Set<string>();
+	const unique: PersonMention[] = [];
+	for (const mention of mentionedPersons) {
+		if (seen.has(mention.displayName)) continue;
+		seen.add(mention.displayName);
+		unique.push(mention);
+	}
+
+	const sorted = [...unique].sort((a, b) => b.displayName.length - a.displayName.length);
+
+	for (const mention of sorted) {
+		const escapedDisplayName = escapeHtml(mention.displayName);
+		const escapedPersonId = escapeHtml(mention.personId);
+		const pattern = new RegExp(`@${escapeRegExp(escapedDisplayName)}(?![\\p{L}\\p{N}])`, 'gu');
+		const link = `<a href="/persons/${escapedPersonId}" class="person-mention" data-person-id="${escapedPersonId}">${escapedDisplayName}</a>`;
+		escaped = escaped.replace(pattern, link);
+	}
+
+	return escaped;
+}
+
 /**
  * Renders a comment body as safe HTML:
  * 1. Escapes all HTML-special characters in the raw content
-- 
2.49.1


From c247e1e9713d4245e4091c3fcae44b3e84fbcf56 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 08:13:32 +0200
Subject: [PATCH 02/18] feat(person-mention): .person-mention global CSS for
 read-mode anchors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Underline-at-rest (WCAG AA) so the link affordance does not depend on
colour alone. focus-visible uses a 2px box-shadow ring on --c-ink with a
2px border-radius — the same focus-ring shape as the comment .mention
chip but rectangular instead of pill, since the anchor sits in flowing
text.

Lives next to the existing .mention rule because Svelte scoped styles
do not reach the HTML injected by {@html …} in TranscriptionReadView.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 frontend/src/routes/layout.css | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/frontend/src/routes/layout.css b/frontend/src/routes/layout.css
index e0335a34..5e693203 100644
--- a/frontend/src/routes/layout.css
+++ b/frontend/src/routes/layout.css
@@ -329,6 +329,34 @@
 	background-color: color-mix(in srgb, var(--c-accent) 25%, transparent);
 }
 
+/* ─── 7b. Person mention link (transcription read mode) ────────────────────── */
+/*
+   Rendered by renderTranscriptionBody() via {@html ...} in TranscriptionReadView.
+   Underline at rest is required for WCAG AA — colour alone fails 8% of men
+   with red-green colour-blindness. Focus ring uses a box-shadow + border-radius
+   so the rectangle doesn't touch the glyphs.
+*/
+.person-mention {
+	color: var(--c-ink);
+	text-decoration: underline;
+	text-decoration-thickness: 1px;
+	text-underline-offset: 3px;
+	text-decoration-color: color-mix(in srgb, var(--c-accent) 60%, transparent);
+	cursor: pointer;
+	transition: text-decoration-color 0.15s ease;
+}
+
+.person-mention:hover {
+	text-decoration-color: var(--c-accent);
+	text-decoration-thickness: 2px;
+}
+
+.person-mention:focus-visible {
+	outline: none;
+	box-shadow: 0 0 0 2px var(--c-ink);
+	border-radius: 2px;
+}
+
 /* ─── 8. Base styles ───────────────────────────────────────────────────────── */
 @layer base {
 	html {
-- 
2.49.1


From c9c395eb594f06d28edeb4151ba35c2a2be375ce Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 08:16:51 +0200
Subject: [PATCH 03/18] feat(person-mention): PersonHoverCard with
 skeleton/error/loaded states
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The card has three render states:
  - loading  → 320×180 skeleton with three pulse-animated bars; respects
               prefers-reduced-motion (animation disabled, opacity dimmed)
  - error    → generic load-error message in the body; the footer link
               still navigates (click works regardless of fetch outcome)
  - loaded   → navy header with name, life-date range, and "geb. <alias>";
               family-only relationship chips (PARENT_OF / SPOUSE_OF /
               SIBLING_OF) — non-family types are filtered out;
               notes excerpt capped at 120 chars with ellipsis;
               footer with "Zur Person →" + hover hint

aria-live="polite" on the card root so screen readers announce loaded
content when the fetch resolves; the host's id is the cardId so the
parent anchor can use aria-describedby. The card is hidden via
@media (hover: none) on touch devices — tap navigates directly per
spec.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../src/lib/components/PersonHoverCard.svelte | 240 ++++++++++++++++
 .../components/PersonHoverCard.svelte.spec.ts | 272 ++++++++++++++++++
 2 files changed, 512 insertions(+)
 create mode 100644 frontend/src/lib/components/PersonHoverCard.svelte
 create mode 100644 frontend/src/lib/components/PersonHoverCard.svelte.spec.ts

diff --git a/frontend/src/lib/components/PersonHoverCard.svelte b/frontend/src/lib/components/PersonHoverCard.svelte
new file mode 100644
index 00000000..68a56d0f
--- /dev/null
+++ b/frontend/src/lib/components/PersonHoverCard.svelte
@@ -0,0 +1,240 @@
+<script lang="ts">
+import { m } from '$lib/paraglide/messages.js';
+import { formatLifeDateRange } from '$lib/utils/personLifeDates';
+import type { components } from '$lib/generated/api';
+
+type Person = components['schemas']['Person'];
+type RelationshipDTO = components['schemas']['RelationshipDTO'];
+
+export type LoadState =
+	| { status: 'loading' }
+	| { status: 'error' }
+	| { status: 'loaded'; person: Person; relationships: RelationshipDTO[] };
+
+type Props = {
+	personId: string;
+	cardId: string;
+	position: { top: number; left: number };
+	state: LoadState;
+};
+
+let { personId, cardId, position, state }: Props = $props();
+
+const FAMILY_REL_TYPES: ReadonlySet<RelationshipDTO['relationType']> = new Set([
+	'PARENT_OF',
+	'SPOUSE_OF',
+	'SIBLING_OF'
+]);
+const NOTES_MAX = 120;
+
+const familyChips = $derived(
+	state.status === 'loaded'
+		? state.relationships.filter((r) => FAMILY_REL_TYPES.has(r.relationType))
+		: []
+);
+
+const dateRange = $derived(
+	state.status === 'loaded'
+		? formatLifeDateRange(state.person.birthYear, state.person.deathYear)
+		: ''
+);
+
+const notesExcerpt = $derived.by(() => {
+	if (state.status !== 'loaded') return null;
+	const notes = state.person.notes;
+	if (!notes) return null;
+	if (notes.length <= NOTES_MAX) return notes;
+	return notes.slice(0, NOTES_MAX) + '…';
+});
+</script>
+
+<div
+	class="person-hover-card"
+	data-testid="person-hover-card"
+	id={cardId}
+	role="region"
+	aria-live="polite"
+	style:position="absolute"
+	style:top={`${position.top}px`}
+	style:left={`${position.left}px`}
+>
+	{#if state.status === 'loading'}
+		<div data-testid="person-hover-card-skeleton" class="skeleton">
+			<div class="bar"></div>
+			<div class="bar"></div>
+			<div class="bar"></div>
+		</div>
+	{:else if state.status === 'error'}
+		<div data-testid="person-hover-card-error" class="error-message">
+			{m.person_mention_load_error()}
+		</div>
+		<div class="footer">
+			<a href="/persons/{personId}" class="open-link">{m.person_mention_open_link()} →</a>
+		</div>
+	{:else}
+		<div data-testid="person-hover-card-content" class="content">
+			<div class="header">
+				<div class="name" data-testid="person-hover-card-name">{state.person.displayName}</div>
+				{#if dateRange}
+					<div class="dates" data-testid="person-hover-card-dates">{dateRange}</div>
+				{/if}
+				{#if state.person.alias}
+					<div class="maiden" data-testid="person-hover-card-maiden">geb. {state.person.alias}</div>
+				{/if}
+			</div>
+			{#if familyChips.length > 0}
+				<div class="chips" data-testid="person-hover-card-chips">
+					{#each familyChips as chip (chip.id)}
+						<span class="chip">{chip.relatedPersonDisplayName}</span>
+					{/each}
+				</div>
+			{/if}
+			{#if notesExcerpt}
+				<p class="notes" data-testid="person-hover-card-notes">{notesExcerpt}</p>
+			{/if}
+			<div class="footer">
+				<a href="/persons/{personId}" class="open-link">{m.person_mention_open_link()} →</a>
+				<span class="hint">{m.person_mention_hover_hint()}</span>
+			</div>
+		</div>
+	{/if}
+</div>
+
+<style>
+.person-hover-card {
+	width: 320px;
+	min-height: 180px;
+	background-color: var(--c-surface);
+	border: 1px solid var(--c-line);
+	border-radius: 6px;
+	box-shadow: 0 8px 24px rgba(0, 0, 0, 0.12);
+	padding: 14px 16px;
+	font-family: var(--font-sans);
+	font-size: 14px;
+	color: var(--c-ink);
+	z-index: 50;
+}
+
+/* On touch devices the card is suppressed entirely — tap navigates directly. */
+@media (hover: none) {
+	.person-hover-card {
+		display: none;
+	}
+}
+
+.skeleton {
+	display: flex;
+	flex-direction: column;
+	gap: 10px;
+	padding: 4px 0;
+}
+
+.skeleton .bar {
+	height: 14px;
+	border-radius: 4px;
+	background-color: var(--c-line);
+	animation: pulse 1.4s ease-in-out infinite;
+}
+
+.skeleton .bar:nth-child(1) {
+	width: 60%;
+}
+.skeleton .bar:nth-child(2) {
+	width: 40%;
+}
+.skeleton .bar:nth-child(3) {
+	width: 90%;
+}
+
+@keyframes pulse {
+	0% {
+		opacity: 0.55;
+	}
+	50% {
+		opacity: 1;
+	}
+	100% {
+		opacity: 0.55;
+	}
+}
+
+@media (prefers-reduced-motion: reduce) {
+	.skeleton .bar {
+		animation: none;
+		opacity: 0.7;
+	}
+}
+
+.header {
+	display: flex;
+	flex-direction: column;
+	gap: 2px;
+	background-color: var(--c-ink);
+	color: var(--c-surface);
+	margin: -14px -16px 12px;
+	padding: 12px 16px;
+	border-top-left-radius: 6px;
+	border-top-right-radius: 6px;
+}
+
+.name {
+	font-family: var(--font-serif);
+	font-weight: 600;
+	font-size: 16px;
+}
+
+.dates,
+.maiden {
+	font-size: 12px;
+	color: color-mix(in srgb, var(--c-surface) 75%, transparent);
+}
+
+.chips {
+	display: flex;
+	flex-wrap: wrap;
+	gap: 6px;
+	margin-bottom: 10px;
+}
+
+.chip {
+	font-size: 12px;
+	background-color: var(--c-accent-bg);
+	color: var(--c-ink);
+	border-radius: 999px;
+	padding: 2px 10px;
+}
+
+.notes {
+	font-size: 13px;
+	color: var(--c-ink-2);
+	line-height: 1.4;
+	margin: 0 0 10px;
+}
+
+.error-message {
+	font-size: 13px;
+	color: var(--c-ink-2);
+	padding: 8px 0;
+}
+
+.footer {
+	display: flex;
+	align-items: center;
+	justify-content: space-between;
+	border-top: 1px solid var(--c-line);
+	padding-top: 8px;
+	margin-top: 4px;
+}
+
+.open-link {
+	color: var(--c-ink);
+	text-decoration: underline;
+	text-underline-offset: 3px;
+	font-weight: 500;
+}
+
+.hint {
+	font-size: 11px;
+	color: var(--c-ink-3);
+}
+</style>
diff --git a/frontend/src/lib/components/PersonHoverCard.svelte.spec.ts b/frontend/src/lib/components/PersonHoverCard.svelte.spec.ts
new file mode 100644
index 00000000..ac8bb400
--- /dev/null
+++ b/frontend/src/lib/components/PersonHoverCard.svelte.spec.ts
@@ -0,0 +1,272 @@
+import { describe, it, expect, afterEach } from 'vitest';
+import { cleanup, render } from 'vitest-browser-svelte';
+import { page } from 'vitest/browser';
+import PersonHoverCard from './PersonHoverCard.svelte';
+import type { components } from '$lib/generated/api';
+
+type Person = components['schemas']['Person'];
+type RelationshipDTO = components['schemas']['RelationshipDTO'];
+
+const AUGUSTE: Person = {
+	id: 'p-aug',
+	firstName: 'Auguste',
+	lastName: 'Raddatz',
+	displayName: 'Auguste Raddatz',
+	personType: 'PERSON',
+	familyMember: true,
+	birthYear: 1882,
+	deathYear: 1944
+} as unknown as Person;
+
+const POSITION = { top: 100, left: 200 };
+
+afterEach(() => cleanup());
+
+describe('PersonHoverCard — loading state', () => {
+	it('shows the skeleton when state.status is loading', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loading' }
+		});
+		await expect.element(page.getByTestId('person-hover-card-skeleton')).toBeInTheDocument();
+	});
+
+	it('renders three skeleton bars', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loading' }
+		});
+		const bars = document.querySelectorAll('[data-testid="person-hover-card-skeleton"] .bar');
+		expect(bars.length).toBe(3);
+	});
+});
+
+describe('PersonHoverCard — error state', () => {
+	it('shows a generic error message when state.status is error', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'error' }
+		});
+		await expect.element(page.getByTestId('person-hover-card-error')).toBeInTheDocument();
+	});
+
+	it('still allows the link footer to navigate (link present in error state)', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'error' }
+		});
+		// The card root must show the footer link even when the body errored —
+		// click navigation works regardless of fetch outcome.
+		const link = document.querySelector('a[href="/persons/p-aug"]');
+		expect(link).not.toBeNull();
+	});
+});
+
+describe('PersonHoverCard — loaded state', () => {
+	it('renders the person displayName as the header name', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loaded', person: AUGUSTE, relationships: [] }
+		});
+		await expect.element(page.getByText('Auguste Raddatz')).toBeInTheDocument();
+	});
+
+	it('renders the life-date range when birthYear and deathYear are present', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loaded', person: AUGUSTE, relationships: [] }
+		});
+		await expect.element(page.getByText('* 1882 – † 1944')).toBeInTheDocument();
+	});
+
+	it('omits the life-date line when both years are missing', async () => {
+		const noDates = { ...AUGUSTE, birthYear: undefined, deathYear: undefined } as Person;
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loaded', person: noDates, relationships: [] }
+		});
+		const dates = document.querySelector('[data-testid="person-hover-card-dates"]');
+		expect(dates).toBeNull();
+	});
+
+	it('renders "geb. <alias>" when alias is set', async () => {
+		const withAlias = { ...AUGUSTE, alias: 'Müller' } as Person;
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loaded', person: withAlias, relationships: [] }
+		});
+		await expect.element(page.getByText('geb. Müller')).toBeInTheDocument();
+	});
+
+	it('omits the maiden name line when alias is null', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loaded', person: AUGUSTE, relationships: [] }
+		});
+		const maiden = document.querySelector('[data-testid="person-hover-card-maiden"]');
+		expect(maiden).toBeNull();
+	});
+
+	it('renders family relationship chips for PARENT_OF, SPOUSE_OF, SIBLING_OF only', async () => {
+		const relationships: RelationshipDTO[] = [
+			{
+				id: 'r1',
+				personId: 'p-aug',
+				relatedPersonId: 'p-spouse',
+				personDisplayName: 'Auguste',
+				relatedPersonDisplayName: 'Otto Raddatz',
+				relationType: 'SPOUSE_OF'
+			},
+			{
+				id: 'r2',
+				personId: 'p-aug',
+				relatedPersonId: 'p-friend',
+				personDisplayName: 'Auguste',
+				relatedPersonDisplayName: 'Karl Friend',
+				relationType: 'FRIEND'
+			},
+			{
+				id: 'r3',
+				personId: 'p-aug',
+				relatedPersonId: 'p-sibling',
+				personDisplayName: 'Auguste',
+				relatedPersonDisplayName: 'Marie Sister',
+				relationType: 'SIBLING_OF'
+			}
+		];
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loaded', person: AUGUSTE, relationships }
+		});
+		await expect.element(page.getByText('Otto Raddatz')).toBeInTheDocument();
+		await expect.element(page.getByText('Marie Sister')).toBeInTheDocument();
+		// Non-family relationship type must be filtered out
+		const friendChip = page.getByText('Karl Friend');
+		await expect.element(friendChip).not.toBeInTheDocument();
+	});
+
+	it('omits the chips section entirely when no family relationships', async () => {
+		const onlyFriend: RelationshipDTO[] = [
+			{
+				id: 'r1',
+				personId: 'p-aug',
+				relatedPersonId: 'p-friend',
+				personDisplayName: 'Auguste',
+				relatedPersonDisplayName: 'Karl Friend',
+				relationType: 'FRIEND'
+			}
+		];
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loaded', person: AUGUSTE, relationships: onlyFriend }
+		});
+		const chips = document.querySelector('[data-testid="person-hover-card-chips"]');
+		expect(chips).toBeNull();
+	});
+
+	it('renders notes excerpt unchanged when notes ≤ 120 characters', async () => {
+		const withNotes = { ...AUGUSTE, notes: 'Born in Berlin.' } as Person;
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loaded', person: withNotes, relationships: [] }
+		});
+		await expect.element(page.getByText('Born in Berlin.')).toBeInTheDocument();
+	});
+
+	it('truncates notes longer than 120 characters with an ellipsis', async () => {
+		const long = 'x'.repeat(150);
+		const withLongNotes = { ...AUGUSTE, notes: long } as Person;
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loaded', person: withLongNotes, relationships: [] }
+		});
+		const notes = document.querySelector('[data-testid="person-hover-card-notes"]')!;
+		expect(notes.textContent!.length).toBeLessThanOrEqual(122);
+		expect(notes.textContent).toContain('…');
+	});
+
+	it('omits notes section when notes is null', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loaded', person: AUGUSTE, relationships: [] }
+		});
+		const notes = document.querySelector('[data-testid="person-hover-card-notes"]');
+		expect(notes).toBeNull();
+	});
+
+	it('footer renders an anchor link to /persons/{personId}', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loaded', person: AUGUSTE, relationships: [] }
+		});
+		const link = document.querySelector('a[href="/persons/p-aug"]')!;
+		expect(link).not.toBeNull();
+	});
+});
+
+describe('PersonHoverCard — accessibility', () => {
+	it('uses aria-live="polite" so screen readers announce loaded content', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loading' }
+		});
+		const root = document.querySelector('[data-testid="person-hover-card"]')!;
+		expect(root.getAttribute('aria-live')).toBe('polite');
+	});
+
+	it('exposes the cardId as the host element id (so anchor aria-describedby works)', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-xyz',
+			position: POSITION,
+			state: { status: 'loading' }
+		});
+		const root = document.querySelector('[data-testid="person-hover-card"]')!;
+		expect(root.id).toBe('card-xyz');
+	});
+
+	it('positions itself absolutely at the given top/left', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: { top: 333, left: 444 },
+			state: { status: 'loading' }
+		});
+		const root = document.querySelector('[data-testid="person-hover-card"]') as HTMLElement;
+		expect(root.style.top).toBe('333px');
+		expect(root.style.left).toBe('444px');
+		expect(root.style.position).toBe('absolute');
+	});
+});
-- 
2.49.1


From 1fd38830fe5ce6b4269f79cba89fd8e3d4792ba9 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 08:21:35 +0200
Subject: [PATCH 04/18] feat(person-mention): TranscriptionReadView wires hover
 card and click nav
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Composes splitByMarkers + renderTranscriptionBody so [unleserlich]
markers render as <em data-marker> siblings of the mention anchor —
neither nested inside the other (B19b).

Hover card lifecycle on each .person-mention anchor:
  mouseenter → set aria-describedby, place card via getBoundingClientRect
               (default below-right; flip up if <200px from bottom or
                mention is in bottom 30% of viewport; flip left if
                <300px from right), fire fetch, mount card with
                skeleton state
  resolved   → swap card to loaded state with person + family
                relationships (PARENT_OF / SPOUSE_OF / SIBLING_OF only)
  404        → degrade: mark anchor with data-person-deleted="true",
                unmount card, suppress future hovers/clicks
  network    → swap card to error state — link still navigates
  mouseleave → drop aria-describedby, unmount card

Per-page SvelteMap<personId, Promise> cache (B15.5) so a sweep across
N mentions of the same person fires the backend once. Click handler
calls goto() so SvelteKit handles routing without a full reload.

Event listeners are attached once per article via a Svelte action
because the anchor HTML is injected via {@html ...} and would not
receive declarative bindings. The eslint-disable comment mirrors
the rationale on CommentMessage.svelte:88-89.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../components/TranscriptionReadView.svelte   | 197 +++++++++++++-
 .../TranscriptionReadView.svelte.test.ts      | 242 +++++++++++++++++-
 2 files changed, 428 insertions(+), 11 deletions(-)

diff --git a/frontend/src/lib/components/TranscriptionReadView.svelte b/frontend/src/lib/components/TranscriptionReadView.svelte
index f1586e6c..80829678 100644
--- a/frontend/src/lib/components/TranscriptionReadView.svelte
+++ b/frontend/src/lib/components/TranscriptionReadView.svelte
@@ -1,6 +1,16 @@
 <script lang="ts">
 import type { TranscriptionBlockData } from '$lib/types';
+import type { components } from '$lib/generated/api';
 import { splitByMarkers } from '$lib/utils/transcriptionMarkers';
+import { renderTranscriptionBody } from '$lib/utils/mention';
+import PersonHoverCard, { type LoadState } from './PersonHoverCard.svelte';
+import { goto } from '$app/navigation';
+import { SvelteMap, SvelteSet } from 'svelte/reactivity';
+
+type Person = components['schemas']['Person'];
+type RelationshipDTO = components['schemas']['RelationshipDTO'];
+
+type HoverData = { person: Person; relationships: RelationshipDTO[] };
 
 interface Props {
 	blocks: TranscriptionBlockData[];
@@ -11,9 +21,172 @@ interface Props {
 let { blocks, onParagraphClick, highlightBlockId = null }: Props = $props();
 
 let sorted = $derived([...blocks].sort((a, b) => a.sortOrder - b.sortOrder));
+
+// Per-page in-memory cache: a sweep across 20 mentions of the same person
+// must not fire 20 backend calls (B15.5). The Promise<HoverData | null> shape
+// lets simultaneous hovers share the same in-flight fetch.
+const hoverCache = new SvelteMap<string, Promise<HoverData | null>>();
+const deletedPersonIds = new SvelteSet<string>();
+
+let activeCard: {
+	personId: string;
+	cardId: string;
+	state: LoadState;
+	position: { top: number; left: number };
+} | null = $state(null);
+
+const CARD_WIDTH = 320;
+const CARD_HEIGHT = 180;
+const CARD_GAP = 6;
+
+// Compose splitByMarkers with renderTranscriptionBody. Markers are pre-rendered
+// as <em data-marker> tags; text segments run through HTML-escaping + mention
+// substitution. The two are concatenated to preserve marker boundaries — markers
+// never end up nested inside an anchor (Felix #5324 B19b).
+function renderBlockHtml(block: TranscriptionBlockData): string {
+	return splitByMarkers(block.text)
+		.map((segment) => {
+			if (segment.type === 'marker') {
+				return `<em data-marker class="text-ink-2 italic">${segment.text}</em>`;
+			}
+			return renderTranscriptionBody(segment.text, block.mentionedPersons ?? []);
+		})
+		.join('');
+}
+
+function fetchHoverData(personId: string): Promise<HoverData | null> {
+	let cached = hoverCache.get(personId);
+	if (cached) return cached;
+
+	cached = (async () => {
+		const personRes = await fetch(`/api/persons/${personId}`);
+		if (personRes.status === 404) return null;
+		if (!personRes.ok) throw new Error(`person fetch failed: ${personRes.status}`);
+		const person = (await personRes.json()) as Person;
+
+		const relRes = await fetch(`/api/persons/${personId}/relationships`);
+		const relationships: RelationshipDTO[] = relRes.ok
+			? ((await relRes.json()) as RelationshipDTO[])
+			: [];
+		return { person, relationships };
+	})();
+
+	hoverCache.set(personId, cached);
+	return cached;
+}
+
+function computeCardPosition(rect: DOMRect): { top: number; left: number } {
+	const vw = window.innerWidth;
+	const vh = window.innerHeight;
+
+	let top = rect.bottom + CARD_GAP;
+	let left = rect.left;
+
+	// Flip up if the card would overflow the bottom edge OR the mention sits in
+	// the bottom 30% of the viewport (Leonie #5329).
+	if (vh - rect.bottom < CARD_HEIGHT + CARD_GAP || rect.top > vh * 0.7) {
+		top = rect.top - CARD_HEIGHT - CARD_GAP;
+	}
+
+	// Flip left if <300px from the right edge.
+	if (vw - rect.left < 300) {
+		left = rect.right - CARD_WIDTH;
+	}
+
+	return {
+		top: Math.max(0, top + window.scrollY),
+		left: Math.max(0, left + window.scrollX)
+	};
+}
+
+async function handleMentionEnter(event: Event) {
+	const link = event.target as HTMLAnchorElement;
+	const personId = link.dataset.personId;
+	if (!personId) return;
+	if (deletedPersonIds.has(personId)) return;
+
+	const cardId = `person-hover-card-${personId}`;
+	link.setAttribute('aria-describedby', cardId);
+
+	const rect = link.getBoundingClientRect();
+	const position = computeCardPosition(rect);
+
+	activeCard = { personId, cardId, position, state: { status: 'loading' } };
+
+	try {
+		const data = await fetchHoverData(personId);
+		// Bail if a different mention is now active
+		if (!activeCard || activeCard.personId !== personId) return;
+
+		if (data === null) {
+			deletedPersonIds.add(personId);
+			link.setAttribute('data-person-deleted', 'true');
+			activeCard = null;
+			return;
+		}
+
+		activeCard = {
+			personId,
+			cardId,
+			position,
+			state: { status: 'loaded', person: data.person, relationships: data.relationships }
+		};
+	} catch {
+		if (!activeCard || activeCard.personId !== personId) return;
+		activeCard = { personId, cardId, position, state: { status: 'error' } };
+	}
+}
+
+function handleMentionLeave(event: Event) {
+	const link = event.target as HTMLAnchorElement;
+	link.removeAttribute('aria-describedby');
+	activeCard = null;
+}
+
+async function handleMentionClick(event: MouseEvent) {
+	const link = event.target as HTMLAnchorElement;
+	const personId = link.dataset.personId;
+	if (!personId) return;
+	if (deletedPersonIds.has(personId)) {
+		event.preventDefault();
+		return;
+	}
+	event.preventDefault();
+	await goto(`/persons/${personId}`);
+}
+
+// Attach delegated event listeners on each rendered block. Using {@html ...}
+// for the body means we cannot bind events declaratively to the injected
+// anchors, so we hook up listeners via a Svelte action when the wrapper mounts.
+function attachMentionHandlers(node: HTMLElement) {
+	function onEnter(e: Event) {
+		const t = e.target as HTMLElement;
+		if (t.matches?.('a.person-mention')) handleMentionEnter(e);
+	}
+	function onLeave(e: Event) {
+		const t = e.target as HTMLElement;
+		if (t.matches?.('a.person-mention')) handleMentionLeave(e);
+	}
+	function onClick(e: MouseEvent) {
+		const t = e.target as HTMLElement;
+		if (t.matches?.('a.person-mention')) handleMentionClick(e);
+	}
+	// mouseenter does not bubble — capture it.
+	node.addEventListener('mouseenter', onEnter, true);
+	node.addEventListener('mouseleave', onLeave, true);
+	node.addEventListener('click', onClick);
+
+	return {
+		destroy() {
+			node.removeEventListener('mouseenter', onEnter, true);
+			node.removeEventListener('mouseleave', onLeave, true);
+			node.removeEventListener('click', onClick);
+		}
+	};
+}
 </script>
 
-<article class="px-6 py-8">
+<article class="px-6 py-8" use:attachMentionHandlers>
 	{#each sorted as block (block.id)}
 		<div
 			class="-mx-2 mb-6 cursor-pointer rounded-sm px-2 py-1 font-serif text-[16px] leading-[1.85] text-ink transition-colors hover:bg-turquoise/10"
@@ -22,19 +195,25 @@ let sorted = $derived([...blocks].sort((a, b) => a.sortOrder - b.sortOrder));
 			onclick={() => onParagraphClick(block.annotationId)}
 			role="button"
 			tabindex="0"
-			onkeydown={(e) => { if (e.key === 'Enter' || e.key === ' ') onParagraphClick(block.annotationId); }}
+			onkeydown={(e) => {
+				if (e.key === 'Enter' || e.key === ' ') onParagraphClick(block.annotationId);
+			}}
 		>
-			{#each splitByMarkers(block.text) as segment, i (i)}
-				{#if segment.type === 'marker'}
-					<em data-marker class="text-ink-2 italic">{segment.text}</em>
-				{:else}
-					{segment.text}
-				{/if}
-			{/each}
+			<!-- eslint-disable-next-line svelte/no-at-html-tags -- renderTranscriptionBody escapes all HTML before injecting mention links; mirrors CommentMessage.svelte -->
+			{@html renderBlockHtml(block)}
 		</div>
 	{/each}
 </article>
 
+{#if activeCard}
+	<PersonHoverCard
+		personId={activeCard.personId}
+		cardId={activeCard.cardId}
+		position={activeCard.position}
+		state={activeCard.state}
+	/>
+{/if}
+
 <style>
 @keyframes flash {
 	0% {
diff --git a/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts b/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts
index f49287cc..9d938d14 100644
--- a/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts
+++ b/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts
@@ -1,5 +1,5 @@
-import { describe, it, expect, vi } from 'vitest';
-import { render } from 'vitest-browser-svelte';
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import { cleanup, render } from 'vitest-browser-svelte';
 import { page } from 'vitest/browser';
 import TranscriptionReadView from './TranscriptionReadView.svelte';
 import type { TranscriptionBlockData } from '$lib/types';
@@ -152,3 +152,241 @@ describe('TranscriptionReadView', () => {
 		expect(paragraphs.length).toBe(0);
 	});
 });
+
+describe('TranscriptionReadView — person-mention rendering', () => {
+	const PERSON_ID = '550e8400-e29b-41d4-a716-446655440000';
+
+	const mentionBlock: TranscriptionBlockData = {
+		id: 'b1',
+		annotationId: 'ann-1',
+		documentId: 'doc-1',
+		text: 'Brief an @Auguste Raddatz vom Mai',
+		label: null,
+		sortOrder: 1,
+		version: 1,
+		source: 'MANUAL',
+		reviewed: false,
+		mentionedPersons: [{ personId: PERSON_ID, displayName: 'Auguste Raddatz' }]
+	};
+
+	beforeEach(() => {
+		// Default: any /api/persons/{id} call returns 404 unless a test overrides it.
+		// Tests that need loaded data stub fetch themselves.
+		vi.stubGlobal('fetch', vi.fn().mockResolvedValue({ status: 404, ok: false, json: vi.fn() }));
+	});
+
+	afterEach(() => {
+		vi.unstubAllGlobals();
+		cleanup();
+	});
+
+	it('renders a person mention as an anchor link with the person URL', async () => {
+		render(TranscriptionReadView, {
+			blocks: [mentionBlock],
+			onParagraphClick: () => {}
+		});
+
+		const link = document.querySelector(`a.person-mention[data-person-id="${PERSON_ID}"]`)!;
+		expect(link).not.toBeNull();
+		expect(link.getAttribute('href')).toBe(`/persons/${PERSON_ID}`);
+		expect(link.textContent).toBe('Auguste Raddatz');
+	});
+
+	it('strips the @ trigger from the rendered link text (read mode)', async () => {
+		render(TranscriptionReadView, {
+			blocks: [mentionBlock],
+			onParagraphClick: () => {}
+		});
+
+		const block = document.querySelector('[data-block-id="b1"]')!;
+		expect(block.textContent).not.toContain('@Auguste Raddatz');
+		expect(block.textContent).toContain('Auguste Raddatz');
+	});
+
+	it('renders mention link AND [unleserlich] marker correctly when both occur in the same block (B19b)', async () => {
+		const block: TranscriptionBlockData = {
+			...mentionBlock,
+			text: 'Hallo @Auguste Raddatz [unleserlich] Marie'
+		};
+		render(TranscriptionReadView, {
+			blocks: [block],
+			onParagraphClick: () => {}
+		});
+
+		// Mention rendered as an anchor
+		const link = document.querySelector('a.person-mention')!;
+		expect(link).not.toBeNull();
+		expect(link.textContent).toBe('Auguste Raddatz');
+
+		// Marker rendered as <em data-marker>
+		const marker = document.querySelector('[data-marker]')!;
+		expect(marker).not.toBeNull();
+		expect(marker.textContent).toBe('[unleserlich]');
+
+		// Marker text is NOT inside the anchor — they are siblings, not nested
+		expect(link.contains(marker)).toBe(false);
+
+		// No double-escape — text content reads cleanly
+		const blockEl = document.querySelector('[data-block-id="b1"]')!;
+		expect(blockEl.textContent).not.toContain('&amp;');
+		expect(blockEl.textContent).not.toContain('&lt;');
+	});
+
+	it('does not render mention link for plain text without the @ trigger', async () => {
+		const plain: TranscriptionBlockData = {
+			...mentionBlock,
+			text: 'Auguste Raddatz war hier',
+			mentionedPersons: [{ personId: PERSON_ID, displayName: 'Auguste Raddatz' }]
+		};
+		render(TranscriptionReadView, {
+			blocks: [plain],
+			onParagraphClick: () => {}
+		});
+
+		const link = document.querySelector('a.person-mention');
+		expect(link).toBeNull();
+	});
+
+	it('escapes HTML in the block text — no stored XSS via raw text', async () => {
+		const xss: TranscriptionBlockData = {
+			...mentionBlock,
+			text: '<img src=x onerror=alert(1)>',
+			mentionedPersons: []
+		};
+		render(TranscriptionReadView, {
+			blocks: [xss],
+			onParagraphClick: () => {}
+		});
+
+		// No raw <img> tag in DOM
+		expect(document.querySelector('[data-block-id="b1"] img')).toBeNull();
+		// The escaped text is visible
+		const block = document.querySelector('[data-block-id="b1"]')!;
+		expect(block.textContent).toContain('<img src=x onerror=alert(1)>');
+	});
+
+	it('triggers fetch for the person on mention mouseenter (B15.5 cache, single call)', async () => {
+		const fetchMock = vi.fn().mockResolvedValue({
+			status: 404,
+			ok: false,
+			json: vi.fn()
+		});
+		vi.stubGlobal('fetch', fetchMock);
+
+		render(TranscriptionReadView, {
+			blocks: [mentionBlock],
+			onParagraphClick: () => {}
+		});
+
+		const link = document.querySelector('a.person-mention')!;
+		link.dispatchEvent(new MouseEvent('mouseenter', { bubbles: true }));
+		await new Promise((r) => setTimeout(r, 10));
+
+		const personFetches = fetchMock.mock.calls.filter((c) =>
+			String(c[0]).includes(`/api/persons/${PERSON_ID}`)
+		);
+		expect(personFetches.length).toBeGreaterThanOrEqual(1);
+	});
+
+	it('deduplicates fetches for the same personId across multiple mouseenter events (B15.5)', async () => {
+		const fetchMock = vi.fn().mockResolvedValue({
+			status: 404,
+			ok: false,
+			json: vi.fn()
+		});
+		vi.stubGlobal('fetch', fetchMock);
+
+		// Two blocks both mention the same person
+		const block2: TranscriptionBlockData = { ...mentionBlock, id: 'b2', annotationId: 'ann-2' };
+		render(TranscriptionReadView, {
+			blocks: [mentionBlock, block2],
+			onParagraphClick: () => {}
+		});
+
+		const links = document.querySelectorAll('a.person-mention');
+		links.forEach((link) => link.dispatchEvent(new MouseEvent('mouseenter', { bubbles: true })));
+		// Plus a re-hover on the first
+		links[0].dispatchEvent(new MouseEvent('mouseenter', { bubbles: true }));
+
+		await new Promise((r) => setTimeout(r, 10));
+
+		const personFetches = fetchMock.mock.calls.filter(
+			(c) => String(c[0]) === `/api/persons/${PERSON_ID}`
+		);
+		expect(personFetches.length).toBe(1);
+	});
+
+	it('mounts the hover card on mouseenter when the fetch loads', async () => {
+		vi.stubGlobal(
+			'fetch',
+			vi.fn().mockImplementation((url: string) => {
+				if (url.endsWith('/relationships')) {
+					return Promise.resolve({ status: 200, ok: true, json: () => Promise.resolve([]) });
+				}
+				return Promise.resolve({
+					status: 200,
+					ok: true,
+					json: () =>
+						Promise.resolve({
+							id: PERSON_ID,
+							firstName: 'Auguste',
+							lastName: 'Raddatz',
+							displayName: 'Auguste Raddatz',
+							personType: 'PERSON',
+							familyMember: true,
+							birthYear: 1882,
+							deathYear: 1944
+						})
+				});
+			})
+		);
+
+		render(TranscriptionReadView, {
+			blocks: [mentionBlock],
+			onParagraphClick: () => {}
+		});
+
+		const link = document.querySelector('a.person-mention')!;
+		link.dispatchEvent(new MouseEvent('mouseenter', { bubbles: true }));
+
+		await new Promise((r) => setTimeout(r, 50));
+		const card = document.querySelector('[data-testid="person-hover-card"]');
+		expect(card).not.toBeNull();
+	});
+
+	it('unmounts the hover card on mouseleave', async () => {
+		render(TranscriptionReadView, {
+			blocks: [mentionBlock],
+			onParagraphClick: () => {}
+		});
+
+		const link = document.querySelector('a.person-mention')!;
+		link.dispatchEvent(new MouseEvent('mouseenter', { bubbles: true }));
+		await new Promise((r) => setTimeout(r, 5));
+		link.dispatchEvent(new MouseEvent('mouseleave', { bubbles: true }));
+		await new Promise((r) => setTimeout(r, 5));
+
+		const card = document.querySelector('[data-testid="person-hover-card"]');
+		expect(card).toBeNull();
+	});
+
+	it('degrades to plain unlinked text when the person fetch returns 404', async () => {
+		vi.stubGlobal('fetch', vi.fn().mockResolvedValue({ status: 404, ok: false, json: vi.fn() }));
+
+		render(TranscriptionReadView, {
+			blocks: [mentionBlock],
+			onParagraphClick: () => {}
+		});
+
+		const link = document.querySelector('a.person-mention')!;
+		link.dispatchEvent(new MouseEvent('mouseenter', { bubbles: true }));
+		await new Promise((r) => setTimeout(r, 50));
+
+		// 404 → no card mounted
+		const card = document.querySelector('[data-testid="person-hover-card"]');
+		expect(card).toBeNull();
+		// Anchor is marked as deleted so subsequent hovers/clicks treat it as plain text
+		const stillLink = document.querySelector('a.person-mention')!;
+		expect(stillLink.getAttribute('data-person-deleted')).toBe('true');
+	});
+});
-- 
2.49.1


From ae868f4110685cef4f58fe8f2b6de1eb03b49353 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 08:23:47 +0200
Subject: [PATCH 05/18] test(e2e): person-mention read mode hover (B20) and tap
 (B21)

Creates a Person, document, annotation, and transcription block with
mentionedPersons sidecar, then exercises the read-mode link in two
contexts:
  - Desktop: page.hover() mounts the hover card; mouseleave unmounts.
  - Touch (Pixel 7 device): page.tap() navigates to /persons/{id}
    without the card ever mounting (tap opens the page directly).

Tests are sequential because they share a single document/person via
beforeAll/afterAll. The touch test spins up a separate browser context
with hasTouch=true reusing the stored auth state.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 frontend/e2e/person-mention-read.spec.ts | 154 +++++++++++++++++++++++
 1 file changed, 154 insertions(+)
 create mode 100644 frontend/e2e/person-mention-read.spec.ts

diff --git a/frontend/e2e/person-mention-read.spec.ts b/frontend/e2e/person-mention-read.spec.ts
new file mode 100644
index 00000000..b1a01bb4
--- /dev/null
+++ b/frontend/e2e/person-mention-read.spec.ts
@@ -0,0 +1,154 @@
+import { test, expect, devices } from '@playwright/test';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import fs from 'fs';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const PDF_FIXTURE = path.resolve(__dirname, 'fixtures/minimal.pdf');
+const STORAGE_STATE = path.resolve(__dirname, '.auth/user.json');
+
+/**
+ * E2E for issue #362 — Person @mentions, read-mode rendering + hover card (B20/B21).
+ *
+ * Strategy:
+ *   - Create a document, a Person, and a transcription block whose text contains
+ *     `@DisplayName` and whose mentionedPersons sidecar links to that person.
+ *   - Open the document in read mode.
+ *   - B20: page.hover() on the .person-mention link → hover card mounts.
+ *   - B21: with context.setHasTouch(true), page.tap() on the link → navigates
+ *          to /persons/{id} without ever showing the hover card.
+ */
+
+let docId: string;
+let personId: string;
+let docHref: string;
+
+test.describe.configure({ mode: 'serial' });
+
+test.describe('Person mention — read mode', () => {
+	test.beforeAll(async ({ request }) => {
+		const baseURL = process.env.E2E_BASE_URL ?? 'http://localhost:3000';
+
+		// 1. Person we will mention.
+		const personRes = await request.post('/api/persons', {
+			data: {
+				firstName: 'Auguste',
+				lastName: 'Raddatz',
+				personType: 'PERSON',
+				birthYear: 1882,
+				deathYear: 1944
+			}
+		});
+		if (!personRes.ok()) throw new Error(`Create person failed: ${personRes.status()}`);
+		const person = await personRes.json();
+		personId = person.id;
+
+		// 2. Document with a PDF so the transcription panel is mountable.
+		const docRes = await request.post('/api/documents', {
+			multipart: { title: 'E2E Person Mention Read', documentDate: '1945-05-08' }
+		});
+		if (!docRes.ok()) throw new Error(`Create document failed: ${docRes.status()}`);
+		const doc = await docRes.json();
+		docId = doc.id;
+		docHref = `${baseURL}/documents/${docId}`;
+
+		await request.put(`/api/documents/${docId}`, {
+			multipart: {
+				title: doc.title,
+				documentDate: '1945-05-08',
+				file: {
+					name: 'minimal.pdf',
+					mimeType: 'application/pdf',
+					buffer: fs.readFileSync(PDF_FIXTURE)
+				}
+			}
+		});
+
+		// 3. Annotation to anchor the block on the page.
+		const annRes = await request.post(`/api/documents/${docId}/annotations`, {
+			data: { pageNumber: 1, x: 0.1, y: 0.1, width: 0.5, height: 0.1, color: '#00C7B1' }
+		});
+		if (!annRes.ok()) throw new Error(`Create annotation failed: ${annRes.status()}`);
+
+		// 4. Block text contains @Auguste Raddatz; sidecar links it to personId.
+		const blockRes = await request.post(`/api/documents/${docId}/transcription-blocks`, {
+			data: {
+				pageNumber: 1,
+				x: 0.1,
+				y: 0.1,
+				width: 0.5,
+				height: 0.1,
+				text: 'Brief an @Auguste Raddatz vom Mai 1944',
+				label: null,
+				mentionedPersons: [{ personId, displayName: 'Auguste Raddatz' }]
+			}
+		});
+		if (!blockRes.ok()) throw new Error(`Create block failed: ${blockRes.status()}`);
+	});
+
+	test.afterAll(async ({ request }) => {
+		if (docId) await request.delete(`/api/documents/${docId}`);
+		if (personId) await request.delete(`/api/persons/${personId}`);
+	});
+
+	test('renders the @mention as an underlined anchor link to /persons/{id}', async ({ page }) => {
+		await page.goto(docHref);
+		await page.getByRole('button', { name: 'Transkription' }).click();
+
+		const link = page.locator(`a.person-mention[data-person-id="${personId}"]`).first();
+		await expect(link).toBeVisible({ timeout: 5000 });
+		await expect(link).toHaveAttribute('href', `/persons/${personId}`);
+		// The @ trigger is stripped from the rendered text per spec
+		await expect(link).toHaveText('Auguste Raddatz');
+	});
+
+	test('B20: desktop hover mounts the hover card with loaded person data', async ({ page }) => {
+		await page.goto(docHref);
+		await page.getByRole('button', { name: 'Transkription' }).click();
+
+		const link = page.locator(`a.person-mention[data-person-id="${personId}"]`).first();
+		await link.hover();
+
+		const card = page.getByTestId('person-hover-card');
+		await expect(card).toBeVisible({ timeout: 5000 });
+		// Loaded state: person displayName is rendered inside the card
+		await expect(page.getByTestId('person-hover-card-name')).toHaveText('Auguste Raddatz');
+		// Footer link points to /persons/{id}
+		await expect(card.locator(`a[href="/persons/${personId}"]`)).toBeVisible();
+	});
+
+	test('B20: hover card unmounts on mouseleave', async ({ page }) => {
+		await page.goto(docHref);
+		await page.getByRole('button', { name: 'Transkription' }).click();
+
+		const link = page.locator(`a.person-mention[data-person-id="${personId}"]`).first();
+		await link.hover();
+		await expect(page.getByTestId('person-hover-card')).toBeVisible();
+
+		// Move pointer away
+		await page.mouse.move(0, 0);
+		await expect(page.getByTestId('person-hover-card')).toBeHidden({ timeout: 2000 });
+	});
+
+	test('B21: touch-device tap navigates without showing the hover card', async ({ browser }) => {
+		const context = await browser.newContext({
+			...devices['Pixel 7'],
+			storageState: STORAGE_STATE
+		});
+		const touchPage = await context.newPage();
+		try {
+			await touchPage.goto(docHref);
+			await touchPage.getByRole('button', { name: 'Transkription' }).click();
+
+			const link = touchPage.locator(`a.person-mention[data-person-id="${personId}"]`).first();
+			await expect(link).toBeVisible({ timeout: 5000 });
+
+			await link.tap();
+			// The card never mounted — the tap navigated directly per spec
+			await expect(touchPage).toHaveURL(new RegExp(`/persons/${personId}`));
+			await expect(touchPage.getByTestId('person-hover-card')).toHaveCount(0);
+		} finally {
+			await context.close();
+		}
+	});
+});
-- 
2.49.1


From 6a6967d8410260d568263d0b1695c9caa0659908 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 08:46:42 +0200
Subject: [PATCH 06/18] refactor(person-mention): hoist LoadState + HoverData
 into shared types module
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Markus flagged the LoadState export from PersonHoverCard.svelte as a
view-vs-orchestrator boundary smell — both files own the same shape, and a
third caller (admin previews, briefwechsel cards) would create a circular
import. Move the types into src/lib/types/personHoverCard.ts so the contract
is module-stable.

Also harden .prettierignore + eslint.config.js so a stray .svelte-kit.old/
backup directory (rotated by SvelteKit during dev) doesn't break the lint
hook — matches the existing .svelte-kit-backup/ convention.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 frontend/.prettierignore                      |  1 +
 frontend/eslint.config.js                     |  2 +-
 .../src/lib/components/PersonHoverCard.svelte |  7 +-----
 .../components/TranscriptionReadView.svelte   |  5 ++--
 frontend/src/lib/types/personHoverCard.ts     | 23 +++++++++++++++++++
 5 files changed, 28 insertions(+), 10 deletions(-)
 create mode 100644 frontend/src/lib/types/personHoverCard.ts

diff --git a/frontend/.prettierignore b/frontend/.prettierignore
index 458412f8..d6b62635 100644
--- a/frontend/.prettierignore
+++ b/frontend/.prettierignore
@@ -11,6 +11,7 @@ bun.lockb
 # Build artifacts
 /.svelte-kit/
 /.svelte-kit-backup/
+/.svelte-kit.old/
 
 # Generated files
 /.svelte-kit-backup/
diff --git a/frontend/eslint.config.js b/frontend/eslint.config.js
index 3de63ff2..e2312f71 100644
--- a/frontend/eslint.config.js
+++ b/frontend/eslint.config.js
@@ -12,7 +12,7 @@ const gitignorePath = fileURLToPath(new URL('./.gitignore', import.meta.url));
 
 export default defineConfig(
 	includeIgnoreFile(gitignorePath),
-	{ ignores: ['src/paraglide/**'] },
+	{ ignores: ['src/paraglide/**', '.svelte-kit.old/**'] },
 	js.configs.recommended,
 	...ts.configs.recommended,
 	...svelte.configs.recommended,
diff --git a/frontend/src/lib/components/PersonHoverCard.svelte b/frontend/src/lib/components/PersonHoverCard.svelte
index 68a56d0f..3374de23 100644
--- a/frontend/src/lib/components/PersonHoverCard.svelte
+++ b/frontend/src/lib/components/PersonHoverCard.svelte
@@ -2,15 +2,10 @@
 import { m } from '$lib/paraglide/messages.js';
 import { formatLifeDateRange } from '$lib/utils/personLifeDates';
 import type { components } from '$lib/generated/api';
+import type { LoadState } from '$lib/types/personHoverCard';
 
-type Person = components['schemas']['Person'];
 type RelationshipDTO = components['schemas']['RelationshipDTO'];
 
-export type LoadState =
-	| { status: 'loading' }
-	| { status: 'error' }
-	| { status: 'loaded'; person: Person; relationships: RelationshipDTO[] };
-
 type Props = {
 	personId: string;
 	cardId: string;
diff --git a/frontend/src/lib/components/TranscriptionReadView.svelte b/frontend/src/lib/components/TranscriptionReadView.svelte
index 80829678..1fd27f2e 100644
--- a/frontend/src/lib/components/TranscriptionReadView.svelte
+++ b/frontend/src/lib/components/TranscriptionReadView.svelte
@@ -3,15 +3,14 @@ import type { TranscriptionBlockData } from '$lib/types';
 import type { components } from '$lib/generated/api';
 import { splitByMarkers } from '$lib/utils/transcriptionMarkers';
 import { renderTranscriptionBody } from '$lib/utils/mention';
-import PersonHoverCard, { type LoadState } from './PersonHoverCard.svelte';
+import PersonHoverCard from './PersonHoverCard.svelte';
+import type { HoverData, LoadState } from '$lib/types/personHoverCard';
 import { goto } from '$app/navigation';
 import { SvelteMap, SvelteSet } from 'svelte/reactivity';
 
 type Person = components['schemas']['Person'];
 type RelationshipDTO = components['schemas']['RelationshipDTO'];
 
-type HoverData = { person: Person; relationships: RelationshipDTO[] };
-
 interface Props {
 	blocks: TranscriptionBlockData[];
 	onParagraphClick: (annotationId: string) => void;
diff --git a/frontend/src/lib/types/personHoverCard.ts b/frontend/src/lib/types/personHoverCard.ts
new file mode 100644
index 00000000..313d9b0d
--- /dev/null
+++ b/frontend/src/lib/types/personHoverCard.ts
@@ -0,0 +1,23 @@
+import type { components } from '$lib/generated/api';
+
+type Person = components['schemas']['Person'];
+type RelationshipDTO = components['schemas']['RelationshipDTO'];
+
+/**
+ * Data the PersonHoverCard needs to render its loaded state.
+ * Bundled here so the orchestrator (TranscriptionReadView) and the view
+ * (PersonHoverCard) share one canonical shape.
+ */
+export type HoverData = { person: Person; relationships: RelationshipDTO[] };
+
+/**
+ * The hover card's three visible states.
+ *
+ * `loading`  — initial fetch in flight; skeleton is shown
+ * `error`    — fetch failed (non-404, non-OK); generic error message + footer link
+ * `loaded`   — fetch succeeded; person + relationships available
+ */
+export type LoadState =
+	| { status: 'loading' }
+	| { status: 'error' }
+	| { status: 'loaded'; person: Person; relationships: RelationshipDTO[] };
-- 
2.49.1


From 488d4384a18f4d452c0027bfb01c2545462b8971 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 08:48:26 +0200
Subject: [PATCH 07/18] refactor(person-mention): brand renderer return types
 as SafeHtml
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Markus, Felix, and Nora independently flagged the {@html …} boundary as a
distributed-knowledge security risk: today renderBody and renderTranscriptionBody
return string, so the next refactor that does {@html block.text} (instead of
{@html renderBlockHtml(block)}) is one typo away from a stored-XSS regression.

Introduce a SafeHtml brand type (string with a phantom __brand) returned by
both renderers and by renderBlockHtml in TranscriptionReadView. Compile-time
enforcement of the escape invariant — costs zero runtime, makes the contract
auditable in one file.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../components/TranscriptionReadView.svelte   | 11 ++++++----
 frontend/src/lib/utils/mention.ts             | 21 ++++++++++++++-----
 2 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/frontend/src/lib/components/TranscriptionReadView.svelte b/frontend/src/lib/components/TranscriptionReadView.svelte
index 1fd27f2e..d0e8b32f 100644
--- a/frontend/src/lib/components/TranscriptionReadView.svelte
+++ b/frontend/src/lib/components/TranscriptionReadView.svelte
@@ -2,7 +2,7 @@
 import type { TranscriptionBlockData } from '$lib/types';
 import type { components } from '$lib/generated/api';
 import { splitByMarkers } from '$lib/utils/transcriptionMarkers';
-import { renderTranscriptionBody } from '$lib/utils/mention';
+import { renderTranscriptionBody, type SafeHtml } from '$lib/utils/mention';
 import PersonHoverCard from './PersonHoverCard.svelte';
 import type { HoverData, LoadState } from '$lib/types/personHoverCard';
 import { goto } from '$app/navigation';
@@ -42,15 +42,18 @@ const CARD_GAP = 6;
 // as <em data-marker> tags; text segments run through HTML-escaping + mention
 // substitution. The two are concatenated to preserve marker boundaries — markers
 // never end up nested inside an anchor (Felix #5324 B19b).
-function renderBlockHtml(block: TranscriptionBlockData): string {
+function renderBlockHtml(block: TranscriptionBlockData): SafeHtml {
 	return splitByMarkers(block.text)
 		.map((segment) => {
 			if (segment.type === 'marker') {
-				return `<em data-marker class="text-ink-2 italic">${segment.text}</em>`;
+				// splitByMarkers only emits the literal markers [unleserlich] and [...],
+				// no user input — safe to embed directly. Wrap in SafeHtml to satisfy
+				// the brand contract.
+				return `<em data-marker class="text-ink-2 italic">${segment.text}</em>` as SafeHtml;
 			}
 			return renderTranscriptionBody(segment.text, block.mentionedPersons ?? []);
 		})
-		.join('');
+		.join('') as SafeHtml;
 }
 
 function fetchHoverData(personId: string): Promise<HoverData | null> {
diff --git a/frontend/src/lib/utils/mention.ts b/frontend/src/lib/utils/mention.ts
index 321533b0..200a0b58 100644
--- a/frontend/src/lib/utils/mention.ts
+++ b/frontend/src/lib/utils/mention.ts
@@ -1,5 +1,16 @@
 import type { MentionDTO, PersonMention } from '$lib/types';
 
+/**
+ * Branded string type for HTML that has been pre-escaped and assembled by
+ * one of the trusted renderers in this module. The brand exists so that
+ * `{@html …}` consumers can require a SafeHtml input at compile time —
+ * `{@html block.text}` won't typecheck unless the string came through
+ * a renderer that escapes its inputs.
+ *
+ * Defense in depth against stored XSS (Sina #5505 / Nora PR-B2 review).
+ */
+export type SafeHtml = string & { readonly __brand: 'SafeHtml' };
+
 /**
  * Given the current textarea value and cursor position, returns the
  * @-mention query being typed (the text after the last triggering @),
@@ -81,8 +92,8 @@ function escapeRegExp(str: string): string {
  * 5. First-sidecar-wins for entries that share a displayName (deterministic
  *    rule per Felix decision OQ-1, comment #5339).
  */
-export function renderTranscriptionBody(text: string, mentionedPersons: PersonMention[]): string {
-	if (!text) return '';
+export function renderTranscriptionBody(text: string, mentionedPersons: PersonMention[]): SafeHtml {
+	if (!text) return '' as SafeHtml;
 	let escaped = escapeHtml(text);
 
 	const seen = new Set<string>();
@@ -103,7 +114,7 @@ export function renderTranscriptionBody(text: string, mentionedPersons: PersonMe
 		escaped = escaped.replace(pattern, link);
 	}
 
-	return escaped;
+	return escaped as SafeHtml;
 }
 
 /**
@@ -112,7 +123,7 @@ export function renderTranscriptionBody(text: string, mentionedPersons: PersonMe
  * 2. Replaces every @FirstName LastName occurrence with an anchor link
  * 3. Converts newlines to <br>
  */
-export function renderBody(content: string, mentions: MentionDTO[]): string {
+export function renderBody(content: string, mentions: MentionDTO[]): SafeHtml {
 	let escaped = escapeHtml(content);
 
 	for (const mention of mentions) {
@@ -122,5 +133,5 @@ export function renderBody(content: string, mentions: MentionDTO[]): string {
 		escaped = escaped.replaceAll(`@${escapedDisplayName}`, span);
 	}
 
-	return escaped.replaceAll('\n', '<br>');
+	return escaped.replaceAll('\n', '<br>') as SafeHtml;
 }
-- 
2.49.1


From 26519d029a3730415c4372069611d35ca3d61746 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 08:50:28 +0200
Subject: [PATCH 08/18] feat(person-mention): reject non-UUID personIds at the
 renderer boundary
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Nora's CWE-601 (Open Redirect) defense-in-depth concern: today the backend
emits UUIDs, but renderTranscriptionBody concatenates personId straight into
an href. If a future "external person" feature ever flows a non-UUID through
the sidecar, the renderer would happily emit `<a href="javascript:…">`.

Add a strict UUID regex check before substituting. Non-UUID entries fall
through unchanged so the @-trigger remains as plain text — no silent data
loss, no clickable redirect.

Three new failing→passing tests cover javascript: scheme, absolute URL, and
the positive case (well-formed UUID still renders). Existing tests that used
synthetic IDs ("p-short", "p-first", etc.) updated to real UUIDs.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 frontend/src/lib/utils/mention.spec.ts | 60 +++++++++++++++++++++-----
 frontend/src/lib/utils/mention.ts      | 16 +++++++
 2 files changed, 66 insertions(+), 10 deletions(-)

diff --git a/frontend/src/lib/utils/mention.spec.ts b/frontend/src/lib/utils/mention.spec.ts
index 47a84645..0323bf20 100644
--- a/frontend/src/lib/utils/mention.spec.ts
+++ b/frontend/src/lib/utils/mention.spec.ts
@@ -232,9 +232,11 @@ describe('renderTranscriptionBody', () => {
 	});
 
 	it('processes longer displayNames first to avoid prefix shadowing', () => {
-		const augusteShort: PersonMention = { personId: 'p-short', displayName: 'Auguste' };
+		const SHORT_ID = '11111111-1111-4111-8111-111111111111';
+		const LONG_ID = '22222222-2222-4222-8222-222222222222';
+		const augusteShort: PersonMention = { personId: SHORT_ID, displayName: 'Auguste' };
 		const augusteLong: PersonMention = {
-			personId: 'p-long',
+			personId: LONG_ID,
 			displayName: 'Auguste Raddatz'
 		};
 		// Sidecar order is short-first; longer match must still win for the long text
@@ -242,8 +244,8 @@ describe('renderTranscriptionBody', () => {
 			augusteShort,
 			augusteLong
 		]);
-		expect(result).toContain('href="/persons/p-long"');
-		expect(result).toContain('href="/persons/p-short"');
+		expect(result).toContain(`href="/persons/${LONG_ID}"`);
+		expect(result).toContain(`href="/persons/${SHORT_ID}"`);
 		// The "Raddatz" suffix must not leak inside the short-name anchor
 		expect(result).not.toMatch(/>Auguste<\/a> Raddatz/);
 	});
@@ -257,18 +259,20 @@ describe('renderTranscriptionBody', () => {
 
 	it('first-sidecar-wins when two entries share the same displayName', () => {
 		// Two persons named "Hans" — first sidecar entry wins for all occurrences.
-		const hansFirst: PersonMention = { personId: 'p-first', displayName: 'Hans' };
-		const hansSecond: PersonMention = { personId: 'p-second', displayName: 'Hans' };
+		const FIRST_ID = '33333333-3333-4333-8333-333333333333';
+		const SECOND_ID = '44444444-4444-4444-8444-444444444444';
+		const hansFirst: PersonMention = { personId: FIRST_ID, displayName: 'Hans' };
+		const hansSecond: PersonMention = { personId: SECOND_ID, displayName: 'Hans' };
 		const result = renderTranscriptionBody('@Hans und @Hans', [hansFirst, hansSecond]);
-		expect(result).toContain('href="/persons/p-first"');
-		expect(result).not.toContain('href="/persons/p-second"');
+		expect(result).toContain(`href="/persons/${FIRST_ID}"`);
+		expect(result).not.toContain(`href="/persons/${SECOND_ID}"`);
 		const anchorCount = (result.match(/<a /g) ?? []).length;
 		expect(anchorCount).toBe(2);
 	});
 
 	it('escapes HTML in displayName to prevent stored XSS', () => {
 		const xss: PersonMention = {
-			personId: 'p-xss',
+			personId: '55555555-5555-4555-8555-555555555555',
 			displayName: '<script>alert(1)</script>'
 		};
 		const result = renderTranscriptionBody('Hi @<script>alert(1)</script> there', [xss]);
@@ -292,7 +296,7 @@ describe('renderTranscriptionBody', () => {
 
 	it('escapes quotes in displayName so they cannot break the href attribute', () => {
 		const tricky: PersonMention = {
-			personId: 'p-quote',
+			personId: '66666666-6666-4666-8666-666666666666',
 			displayName: 'O"Brien'
 		};
 		const result = renderTranscriptionBody('@O"Brien', [tricky]);
@@ -307,4 +311,40 @@ describe('renderTranscriptionBody', () => {
 		const result = renderTranscriptionBody('Plain old transcription text.', []);
 		expect(result).toBe('Plain old transcription text.');
 	});
+
+	it('skips substitution when personId is not a UUID (defense in depth)', () => {
+		// Nora #5551: if personId ever flowed in from a less-sanitised source
+		// (a future "external person" or a bad sidecar), the renderer must not
+		// emit a clickable link. The escaped text remains as plain content.
+		const evil: PersonMention = {
+			personId: 'javascript:alert(1)',
+			displayName: 'Evil Link'
+		};
+		const result = renderTranscriptionBody('Hi @Evil Link!', [evil]);
+		expect(result).not.toContain('<a ');
+		expect(result).not.toContain('javascript:');
+		// The @-trigger and displayName are preserved as plain text
+		expect(result).toContain('@Evil Link');
+	});
+
+	it('skips substitution when personId is an absolute URL', () => {
+		const evil: PersonMention = {
+			personId: 'https://evil.example/persons/abc',
+			displayName: 'Phisher'
+		};
+		const result = renderTranscriptionBody('Hi @Phisher', [evil]);
+		expect(result).not.toContain('<a ');
+		expect(result).not.toContain('https://evil.example');
+	});
+
+	it('still substitutes when personId is a well-formed UUID', () => {
+		// Sanity check that the validation does not over-reject valid IDs.
+		const valid: PersonMention = {
+			personId: '550e8400-e29b-41d4-a716-446655440000',
+			displayName: 'Auguste Raddatz'
+		};
+		const result = renderTranscriptionBody('Brief an @Auguste Raddatz', [valid]);
+		expect(result).toContain('<a ');
+		expect(result).toContain('href="/persons/550e8400-e29b-41d4-a716-446655440000"');
+	});
 });
diff --git a/frontend/src/lib/utils/mention.ts b/frontend/src/lib/utils/mention.ts
index 200a0b58..16203459 100644
--- a/frontend/src/lib/utils/mention.ts
+++ b/frontend/src/lib/utils/mention.ts
@@ -77,6 +77,18 @@ function escapeRegExp(str: string): string {
 	return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
 }
 
+/**
+ * Strict UUID v1–v5 check. Used as a defensive boundary on PersonMention.personId
+ * before substituting it into an `href` — even though the backend currently only
+ * emits UUIDs, a future "external person" feature must not accidentally turn this
+ * helper into an open-redirect surface (CWE-601).
+ */
+const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+
+function isUuid(value: string): boolean {
+	return UUID_RE.test(value);
+}
+
 /**
  * Renders a transcription block's text segment as safe HTML for read mode.
  *
@@ -100,6 +112,10 @@ export function renderTranscriptionBody(text: string, mentionedPersons: PersonMe
 	const unique: PersonMention[] = [];
 	for (const mention of mentionedPersons) {
 		if (seen.has(mention.displayName)) continue;
+		// Defense in depth: refuse to render an anchor for a non-UUID personId.
+		// The escaped block text falls through unchanged, so the @-trigger is
+		// preserved as plain content — no silent data loss, no clickable link.
+		if (!isUuid(mention.personId)) continue;
 		seen.add(mention.displayName);
 		unique.push(mention);
 	}
-- 
2.49.1


From 1842e23c8142cc81d0b0f148e545cead4e187f60 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 08:51:25 +0200
Subject: [PATCH 09/18] refactor(person-mention): centralise
 PERSON_MENTION_SELECTOR constant

Markus flagged that 'a.person-mention' is a magic string repeated four times
in TranscriptionReadView, plus the CSS rule, plus tests. Extract into a single
exported constant so the renderer template, the delegated event handlers,
and the consumer-side selectors all import the same value.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../src/lib/components/TranscriptionReadView.svelte  | 12 ++++++++----
 frontend/src/lib/utils/mention.ts                    | 10 ++++++++++
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/frontend/src/lib/components/TranscriptionReadView.svelte b/frontend/src/lib/components/TranscriptionReadView.svelte
index d0e8b32f..9f48f651 100644
--- a/frontend/src/lib/components/TranscriptionReadView.svelte
+++ b/frontend/src/lib/components/TranscriptionReadView.svelte
@@ -2,7 +2,11 @@
 import type { TranscriptionBlockData } from '$lib/types';
 import type { components } from '$lib/generated/api';
 import { splitByMarkers } from '$lib/utils/transcriptionMarkers';
-import { renderTranscriptionBody, type SafeHtml } from '$lib/utils/mention';
+import {
+	renderTranscriptionBody,
+	type SafeHtml,
+	PERSON_MENTION_SELECTOR
+} from '$lib/utils/mention';
 import PersonHoverCard from './PersonHoverCard.svelte';
 import type { HoverData, LoadState } from '$lib/types/personHoverCard';
 import { goto } from '$app/navigation';
@@ -163,15 +167,15 @@ async function handleMentionClick(event: MouseEvent) {
 function attachMentionHandlers(node: HTMLElement) {
 	function onEnter(e: Event) {
 		const t = e.target as HTMLElement;
-		if (t.matches?.('a.person-mention')) handleMentionEnter(e);
+		if (t.matches?.(PERSON_MENTION_SELECTOR)) handleMentionEnter(e);
 	}
 	function onLeave(e: Event) {
 		const t = e.target as HTMLElement;
-		if (t.matches?.('a.person-mention')) handleMentionLeave(e);
+		if (t.matches?.(PERSON_MENTION_SELECTOR)) handleMentionLeave(e);
 	}
 	function onClick(e: MouseEvent) {
 		const t = e.target as HTMLElement;
-		if (t.matches?.('a.person-mention')) handleMentionClick(e);
+		if (t.matches?.(PERSON_MENTION_SELECTOR)) handleMentionClick(e);
 	}
 	// mouseenter does not bubble — capture it.
 	node.addEventListener('mouseenter', onEnter, true);
diff --git a/frontend/src/lib/utils/mention.ts b/frontend/src/lib/utils/mention.ts
index 16203459..27451c4d 100644
--- a/frontend/src/lib/utils/mention.ts
+++ b/frontend/src/lib/utils/mention.ts
@@ -1,5 +1,15 @@
 import type { MentionDTO, PersonMention } from '$lib/types';
 
+/**
+ * Single-source CSS selector for rendered person-mention anchors. Used by:
+ *   - layout.css            (.person-mention rule, focus ring, underline)
+ *   - TranscriptionReadView (delegated mouseenter/leave/click handlers)
+ *   - unit + e2e tests
+ *
+ * Keep these in sync — the renderer template below emits exactly this class.
+ */
+export const PERSON_MENTION_SELECTOR = 'a.person-mention';
+
 /**
  * Branded string type for HTML that has been pre-escaped and assembled by
  * one of the trusted renderers in this module. The brand exists so that
-- 
2.49.1


From 060db69108b68dae3a90efb4c88e4811477d6a67 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 08:53:29 +0200
Subject: [PATCH 10/18] refactor(person-mention): extract
 computeHoverCardPosition into testable util
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Three reviewer concerns land here:
- Felix #2: magic numbers 0.7 and 300 belong in named constants
- Sara #6: the position function had 4 branches and 2 thresholds with zero tests
- Leonie FINDING-05: at 320px viewport the flip-left could push the card
  past the right edge — needed a viewport clamp

Move the function to src/lib/utils/hoverCardPosition.ts as a pure
(rect, viewport) → {top, left} mapping, with named exports CARD_WIDTH_PX,
CARD_HEIGHT_PX, CARD_GAP_PX, BOTTOM_BAND_RATIO, RIGHT_FLIP_THRESHOLD_PX.
Add a viewport clamp so left + CARD_WIDTH never exceeds the right edge.

Ten unit tests cover default placement, flip-up (both triggers), flip-left,
flip-right-edge clamp, and scroll offset. TranscriptionReadView passes the
current window viewport in on each call.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../components/TranscriptionReadView.svelte   |  32 +---
 .../src/lib/utils/hoverCardPosition.spec.ts   | 152 ++++++++++++++++++
 frontend/src/lib/utils/hoverCardPosition.ts   |  69 ++++++++
 3 files changed, 228 insertions(+), 25 deletions(-)
 create mode 100644 frontend/src/lib/utils/hoverCardPosition.spec.ts
 create mode 100644 frontend/src/lib/utils/hoverCardPosition.ts

diff --git a/frontend/src/lib/components/TranscriptionReadView.svelte b/frontend/src/lib/components/TranscriptionReadView.svelte
index 9f48f651..e4ca6d1c 100644
--- a/frontend/src/lib/components/TranscriptionReadView.svelte
+++ b/frontend/src/lib/components/TranscriptionReadView.svelte
@@ -7,6 +7,7 @@ import {
 	type SafeHtml,
 	PERSON_MENTION_SELECTOR
 } from '$lib/utils/mention';
+import { computeHoverCardPosition } from '$lib/utils/hoverCardPosition';
 import PersonHoverCard from './PersonHoverCard.svelte';
 import type { HoverData, LoadState } from '$lib/types/personHoverCard';
 import { goto } from '$app/navigation';
@@ -38,10 +39,6 @@ let activeCard: {
 	position: { top: number; left: number };
 } | null = $state(null);
 
-const CARD_WIDTH = 320;
-const CARD_HEIGHT = 180;
-const CARD_GAP = 6;
-
 // Compose splitByMarkers with renderTranscriptionBody. Markers are pre-rendered
 // as <em data-marker> tags; text segments run through HTML-escaping + mention
 // substitution. The two are concatenated to preserve marker boundaries — markers
@@ -81,27 +78,12 @@ function fetchHoverData(personId: string): Promise<HoverData | null> {
 	return cached;
 }
 
-function computeCardPosition(rect: DOMRect): { top: number; left: number } {
-	const vw = window.innerWidth;
-	const vh = window.innerHeight;
-
-	let top = rect.bottom + CARD_GAP;
-	let left = rect.left;
-
-	// Flip up if the card would overflow the bottom edge OR the mention sits in
-	// the bottom 30% of the viewport (Leonie #5329).
-	if (vh - rect.bottom < CARD_HEIGHT + CARD_GAP || rect.top > vh * 0.7) {
-		top = rect.top - CARD_HEIGHT - CARD_GAP;
-	}
-
-	// Flip left if <300px from the right edge.
-	if (vw - rect.left < 300) {
-		left = rect.right - CARD_WIDTH;
-	}
-
+function currentViewport() {
 	return {
-		top: Math.max(0, top + window.scrollY),
-		left: Math.max(0, left + window.scrollX)
+		viewportWidth: window.innerWidth,
+		viewportHeight: window.innerHeight,
+		scrollX: window.scrollX,
+		scrollY: window.scrollY
 	};
 }
 
@@ -115,7 +97,7 @@ async function handleMentionEnter(event: Event) {
 	link.setAttribute('aria-describedby', cardId);
 
 	const rect = link.getBoundingClientRect();
-	const position = computeCardPosition(rect);
+	const position = computeHoverCardPosition(rect, currentViewport());
 
 	activeCard = { personId, cardId, position, state: { status: 'loading' } };
 
diff --git a/frontend/src/lib/utils/hoverCardPosition.spec.ts b/frontend/src/lib/utils/hoverCardPosition.spec.ts
new file mode 100644
index 00000000..e953f442
--- /dev/null
+++ b/frontend/src/lib/utils/hoverCardPosition.spec.ts
@@ -0,0 +1,152 @@
+import { describe, it, expect } from 'vitest';
+import {
+	computeHoverCardPosition,
+	CARD_WIDTH_PX,
+	CARD_HEIGHT_PX,
+	CARD_GAP_PX,
+	BOTTOM_BAND_RATIO,
+	RIGHT_FLIP_THRESHOLD_PX
+} from './hoverCardPosition';
+
+const makeRect = (overrides: Partial<DOMRect> = {}): DOMRect => {
+	const base = { top: 100, left: 200, bottom: 120, right: 300, width: 100, height: 20 };
+	const merged = { ...base, ...overrides };
+	return {
+		...merged,
+		x: merged.left,
+		y: merged.top,
+		toJSON: () => merged
+	} as DOMRect;
+};
+
+describe('computeHoverCardPosition', () => {
+	it('exports the spec constants used by the spec/CSS layer', () => {
+		// Pin the values the design spec calls out — if these drift, the design spec
+		// in #5329 needs to drift with them. Felix's PR review #2 (named constants).
+		expect(CARD_WIDTH_PX).toBe(320);
+		expect(CARD_HEIGHT_PX).toBe(180);
+		expect(CARD_GAP_PX).toBe(6);
+		expect(BOTTOM_BAND_RATIO).toBe(0.7);
+		expect(RIGHT_FLIP_THRESHOLD_PX).toBe(300);
+	});
+
+	describe('default placement (below-right)', () => {
+		it('positions the card below the rect with a small gap', () => {
+			const rect = makeRect({ top: 100, bottom: 120, left: 200 });
+			const result = computeHoverCardPosition(rect, {
+				viewportWidth: 1440,
+				viewportHeight: 900,
+				scrollX: 0,
+				scrollY: 0
+			});
+			expect(result.top).toBe(120 + CARD_GAP_PX);
+			expect(result.left).toBe(200);
+		});
+	});
+
+	describe('flip-up rule (Leonie #5329)', () => {
+		it('flips up when the card would overflow the bottom edge', () => {
+			// Mention sits 50px above the viewport bottom — card is 180px tall, can't fit below
+			const rect = makeRect({ top: 800, bottom: 850 });
+			const result = computeHoverCardPosition(rect, {
+				viewportWidth: 1440,
+				viewportHeight: 900,
+				scrollX: 0,
+				scrollY: 0
+			});
+			expect(result.top).toBe(800 - CARD_HEIGHT_PX - CARD_GAP_PX);
+		});
+
+		it('flips up when the mention sits in the bottom 30% of the viewport (BOTTOM_BAND_RATIO)', () => {
+			// rect.top is at 80% of viewport — fits below numerically, but poor UX
+			const rect = makeRect({ top: 720, bottom: 740 });
+			const result = computeHoverCardPosition(rect, {
+				viewportWidth: 1440,
+				viewportHeight: 900,
+				scrollX: 0,
+				scrollY: 0
+			});
+			expect(result.top).toBe(720 - CARD_HEIGHT_PX - CARD_GAP_PX);
+		});
+	});
+
+	describe('flip-left rule', () => {
+		it('flips left when the rect is within RIGHT_FLIP_THRESHOLD_PX of the right edge', () => {
+			// vw - rect.left = 1440 - 1200 = 240 < 300, so flip
+			const rect = makeRect({ left: 1200, right: 1300, top: 100, bottom: 120 });
+			const result = computeHoverCardPosition(rect, {
+				viewportWidth: 1440,
+				viewportHeight: 900,
+				scrollX: 0,
+				scrollY: 0
+			});
+			// left = right - CARD_WIDTH = 1300 - 320 = 980
+			expect(result.left).toBe(980);
+		});
+
+		it('does not flip left when the rect has plenty of right-side room', () => {
+			// vw - rect.left = 1440 - 200 = 1240 >> 300 → no flip
+			const rect = makeRect({ left: 200, right: 300 });
+			const result = computeHoverCardPosition(rect, {
+				viewportWidth: 1440,
+				viewportHeight: 900,
+				scrollX: 0,
+				scrollY: 0
+			});
+			expect(result.left).toBe(200);
+		});
+	});
+
+	describe('viewport clamping (Leonie FINDING-05)', () => {
+		it('clamps left so the card never overflows the right edge', () => {
+			// On a 320px viewport, even with flip the card width equals the viewport.
+			// Without clamping the card would be at left=0 but extend to 320 — fine.
+			// At viewport=400px with rect.left=200, flip puts left=300-320=-20, clamped to 0.
+			const rect = makeRect({ left: 200, right: 300, top: 100, bottom: 120 });
+			const result = computeHoverCardPosition(rect, {
+				viewportWidth: 400,
+				viewportHeight: 900,
+				scrollX: 0,
+				scrollY: 0
+			});
+			expect(result.left).toBeGreaterThanOrEqual(0);
+			expect(result.left + CARD_WIDTH_PX).toBeLessThanOrEqual(400);
+		});
+
+		it('never returns a negative top or left', () => {
+			const rect = makeRect({ top: -50, left: -100, bottom: -30, right: 0 });
+			const result = computeHoverCardPosition(rect, {
+				viewportWidth: 1440,
+				viewportHeight: 900,
+				scrollX: 0,
+				scrollY: 0
+			});
+			expect(result.top).toBeGreaterThanOrEqual(0);
+			expect(result.left).toBeGreaterThanOrEqual(0);
+		});
+	});
+
+	describe('scroll offset', () => {
+		it('adds window.scrollY to the absolute-positioned top', () => {
+			const rect = makeRect({ top: 100, bottom: 120 });
+			const result = computeHoverCardPosition(rect, {
+				viewportWidth: 1440,
+				viewportHeight: 900,
+				scrollX: 0,
+				scrollY: 500
+			});
+			expect(result.top).toBe(120 + CARD_GAP_PX + 500);
+		});
+
+		it('adds window.scrollX to the absolute-positioned left', () => {
+			const rect = makeRect({ top: 100, bottom: 120, left: 200, right: 300 });
+			const result = computeHoverCardPosition(rect, {
+				viewportWidth: 1440,
+				viewportHeight: 900,
+				scrollX: 50,
+				scrollY: 0
+			});
+			expect(result.left).toBe(200 + 50);
+		});
+	});
+});
diff --git a/frontend/src/lib/utils/hoverCardPosition.ts b/frontend/src/lib/utils/hoverCardPosition.ts
new file mode 100644
index 00000000..4d16a899
--- /dev/null
+++ b/frontend/src/lib/utils/hoverCardPosition.ts
@@ -0,0 +1,69 @@
+/**
+ * Pure positioning logic for the person-mention hover card.
+ *
+ * Pulled out of TranscriptionReadView so the four placement branches
+ * (default, flip-up, flip-left, both) plus the viewport clamp are unit-testable
+ * without DOM. Sara's PR-B2 review #6 (no test for computeCardPosition) and
+ * Leonie's FINDING-05 (320px overflow) both land here.
+ */
+
+/** Width of the rendered hover card. Mirrored in PersonHoverCard.svelte's CSS. */
+export const CARD_WIDTH_PX = 320;
+
+/** Min-height of the rendered hover card. Mirrored in PersonHoverCard.svelte's CSS. */
+export const CARD_HEIGHT_PX = 180;
+
+/** Gap between the mention rect and the card so they do not touch. */
+export const CARD_GAP_PX = 6;
+
+/**
+ * Mentions in the bottom 30% of the viewport flip the card up by default,
+ * even if it would numerically fit below — keeping the eye-line stable
+ * is more important than minimal travel (Leonie #5329).
+ */
+export const BOTTOM_BAND_RATIO = 0.7;
+
+/**
+ * Mentions within this distance of the right viewport edge flip the card
+ * left so it stays fully visible.
+ */
+export const RIGHT_FLIP_THRESHOLD_PX = 300;
+
+export type Viewport = {
+	viewportWidth: number;
+	viewportHeight: number;
+	scrollX: number;
+	scrollY: number;
+};
+
+export type CardPosition = { top: number; left: number };
+
+/**
+ * Compute absolute-positioned top/left for the hover card, given a rect for
+ * the mention anchor and the current viewport. Output is in document
+ * coordinates (already includes scroll offsets).
+ */
+export function computeHoverCardPosition(rect: DOMRect, vp: Viewport): CardPosition {
+	let top = rect.bottom + CARD_GAP_PX;
+	let left = rect.left;
+
+	const overflowsBottom = vp.viewportHeight - rect.bottom < CARD_HEIGHT_PX + CARD_GAP_PX;
+	const inBottomBand = rect.top > vp.viewportHeight * BOTTOM_BAND_RATIO;
+	if (overflowsBottom || inBottomBand) {
+		top = rect.top - CARD_HEIGHT_PX - CARD_GAP_PX;
+	}
+
+	if (vp.viewportWidth - rect.left < RIGHT_FLIP_THRESHOLD_PX) {
+		left = rect.right - CARD_WIDTH_PX;
+	}
+
+	// Clamp left so the card never extends past the right viewport edge
+	// (FINDING-05: at 320px viewport the flip would otherwise produce a
+	// negative left or right-side overflow).
+	left = Math.min(left, vp.viewportWidth - CARD_WIDTH_PX - CARD_GAP_PX);
+
+	return {
+		top: Math.max(0, top + vp.scrollY),
+		left: Math.max(0, left + vp.scrollX)
+	};
+}
-- 
2.49.1


From 5890bb3abd560445298b08e73569bb32933ec32e Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 08:54:35 +0200
Subject: [PATCH 11/18] refactor(person-mention): split fetchHoverData into
 pure load + cache wrapper
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Felix #1: fetchHoverData was doing four things — cache lookup, fetch, JSON
parsing, 404 normalisation. Split into:

  loadHoverData(personId)       — pure fetch + 404→null + non-OK→throw
  getOrFetchHoverData(personId) — five-line cache wrapper around the above

Also document the cache-lifetime trade-off (Markus #4, Elicit OQ-372-02):
the cache is per-mount, so closing and reopening the transcription panel
rebuilds it. That's intentional given the read-only nature of the view —
revisit if stale-card user reports surface.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../components/TranscriptionReadView.svelte   | 56 +++++++++++--------
 1 file changed, 34 insertions(+), 22 deletions(-)

diff --git a/frontend/src/lib/components/TranscriptionReadView.svelte b/frontend/src/lib/components/TranscriptionReadView.svelte
index e4ca6d1c..b0ccdf71 100644
--- a/frontend/src/lib/components/TranscriptionReadView.svelte
+++ b/frontend/src/lib/components/TranscriptionReadView.svelte
@@ -26,9 +26,14 @@ let { blocks, onParagraphClick, highlightBlockId = null }: Props = $props();
 
 let sorted = $derived([...blocks].sort((a, b) => a.sortOrder - b.sortOrder));
 
-// Per-page in-memory cache: a sweep across 20 mentions of the same person
-// must not fire 20 backend calls (B15.5). The Promise<HoverData | null> shape
-// lets simultaneous hovers share the same in-flight fetch.
+// Per-component (per-mount) in-memory cache: a sweep across 20 mentions of the
+// same person must not fire 20 backend calls (B15.5). The Promise<HoverData | null>
+// shape lets simultaneous hovers share the same in-flight fetch.
+//
+// Trade-off: closing and re-opening the transcription panel rebuilds this cache
+// (Elicit OQ-372-02). That's intentional — staleness from another tab deleting
+// a person is rare in this read-only view, and a per-document/global cache would
+// complicate invalidation. If user reports on stale cards accumulate, revisit.
 const hoverCache = new SvelteMap<string, Promise<HoverData | null>>();
 const deletedPersonIds = new SvelteSet<string>();
 
@@ -57,25 +62,32 @@ function renderBlockHtml(block: TranscriptionBlockData): SafeHtml {
 		.join('') as SafeHtml;
 }
 
-function fetchHoverData(personId: string): Promise<HoverData | null> {
-	let cached = hoverCache.get(personId);
+/**
+ * Fetches person + relationships from the backend. 404 returns null
+ * (deleted person — caller marks the link as tombstoned). Any other
+ * non-OK response throws so the caller can render the error state.
+ */
+async function loadHoverData(personId: string): Promise<HoverData | null> {
+	const personRes = await fetch(`/api/persons/${personId}`);
+	if (personRes.status === 404) return null;
+	if (!personRes.ok) throw new Error(`person fetch failed: ${personRes.status}`);
+	const person = (await personRes.json()) as Person;
+
+	const relRes = await fetch(`/api/persons/${personId}/relationships`);
+	const relationships: RelationshipDTO[] = relRes.ok
+		? ((await relRes.json()) as RelationshipDTO[])
+		: [];
+	return { person, relationships };
+}
+
+/** Cache wrapper around `loadHoverData` — first hover fires the fetch, all
+ * subsequent hovers (and concurrent in-flight ones) share the same Promise. */
+function getOrFetchHoverData(personId: string): Promise<HoverData | null> {
+	const cached = hoverCache.get(personId);
 	if (cached) return cached;
-
-	cached = (async () => {
-		const personRes = await fetch(`/api/persons/${personId}`);
-		if (personRes.status === 404) return null;
-		if (!personRes.ok) throw new Error(`person fetch failed: ${personRes.status}`);
-		const person = (await personRes.json()) as Person;
-
-		const relRes = await fetch(`/api/persons/${personId}/relationships`);
-		const relationships: RelationshipDTO[] = relRes.ok
-			? ((await relRes.json()) as RelationshipDTO[])
-			: [];
-		return { person, relationships };
-	})();
-
-	hoverCache.set(personId, cached);
-	return cached;
+	const promise = loadHoverData(personId);
+	hoverCache.set(personId, promise);
+	return promise;
 }
 
 function currentViewport() {
@@ -102,7 +114,7 @@ async function handleMentionEnter(event: Event) {
 	activeCard = { personId, cardId, position, state: { status: 'loading' } };
 
 	try {
-		const data = await fetchHoverData(personId);
+		const data = await getOrFetchHoverData(personId);
 		// Bail if a different mention is now active
 		if (!activeCard || activeCard.personId !== personId) return;
 
-- 
2.49.1


From 3faac13533c966c00da3aa336308f8e4367a72b4 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 08:56:23 +0200
Subject: [PATCH 12/18] fix(person-mention): respect modified-click and
 middle-click for new-tab nav
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Felix #7: handleMentionClick unconditionally preventDefault'd and goto'd,
breaking ctrl-click / cmd-click / shift-click / alt-click / middle-click —
"open in new tab" is a real workflow for researchers comparing two persons.

Add isPlainPrimaryClick() guard. Modified clicks fall through to the
browser's default anchor handling (the <a href="/persons/{id}"> opens in
the new tab as expected). Plain left-clicks still SPA-navigate via goto().

Three new tests assert ctrl-click, meta-click, and middle-click are not
preventDefault'd.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../components/TranscriptionReadView.svelte   | 11 +++++++
 .../TranscriptionReadView.svelte.test.ts      | 32 +++++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/frontend/src/lib/components/TranscriptionReadView.svelte b/frontend/src/lib/components/TranscriptionReadView.svelte
index b0ccdf71..738ab791 100644
--- a/frontend/src/lib/components/TranscriptionReadView.svelte
+++ b/frontend/src/lib/components/TranscriptionReadView.svelte
@@ -143,7 +143,18 @@ function handleMentionLeave(event: Event) {
 	activeCard = null;
 }
 
+/**
+ * Modified clicks (ctrl/meta/shift/alt) and middle-clicks must fall through to
+ * the browser's default anchor behaviour so users can open the person page in
+ * a new tab/window. Felix #7. Only the plain primary-button click navigates
+ * via SPA goto().
+ */
+function isPlainPrimaryClick(event: MouseEvent): boolean {
+	return event.button === 0 && !event.ctrlKey && !event.metaKey && !event.shiftKey && !event.altKey;
+}
+
 async function handleMentionClick(event: MouseEvent) {
+	if (!isPlainPrimaryClick(event)) return;
 	const link = event.target as HTMLAnchorElement;
 	const personId = link.dataset.personId;
 	if (!personId) return;
diff --git a/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts b/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts
index 9d938d14..7b694200 100644
--- a/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts
+++ b/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts
@@ -370,6 +370,38 @@ describe('TranscriptionReadView — person-mention rendering', () => {
 		expect(card).toBeNull();
 	});
 
+	it('lets ctrl-click and meta-click fall through so users can open in a new tab', async () => {
+		render(TranscriptionReadView, {
+			blocks: [mentionBlock],
+			onParagraphClick: () => {}
+		});
+
+		const link = document.querySelector('a.person-mention')! as HTMLAnchorElement;
+
+		// ctrl-click (Linux/Win "open in new tab")
+		const ctrlClick = new MouseEvent('click', { bubbles: true, cancelable: true, ctrlKey: true });
+		const ctrlPrevented = !link.dispatchEvent(ctrlClick);
+		expect(ctrlPrevented).toBe(false);
+
+		// meta-click (macOS "open in new tab")
+		const metaClick = new MouseEvent('click', { bubbles: true, cancelable: true, metaKey: true });
+		const metaPrevented = !link.dispatchEvent(metaClick);
+		expect(metaPrevented).toBe(false);
+	});
+
+	it('lets middle-click fall through so users can open in a background tab', async () => {
+		render(TranscriptionReadView, {
+			blocks: [mentionBlock],
+			onParagraphClick: () => {}
+		});
+
+		const link = document.querySelector('a.person-mention')! as HTMLAnchorElement;
+		// button === 1 is middle mouse button
+		const middleClick = new MouseEvent('click', { bubbles: true, cancelable: true, button: 1 });
+		const prevented = !link.dispatchEvent(middleClick);
+		expect(prevented).toBe(false);
+	});
+
 	it('degrades to plain unlinked text when the person fetch returns 404', async () => {
 		vi.stubGlobal('fetch', vi.fn().mockResolvedValue({ status: 404, ok: false, json: vi.fn() }));
 
-- 
2.49.1


From 3365f5845e3872ab351f27fed426cd890a261521 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 08:57:48 +0200
Subject: [PATCH 13/18] fix(person-mention): hover card mounts on focusin for
 keyboard users (WCAG 2.1.1)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Leonie FINDING-01 (Critical) + Elicit E3: only mouseenter triggered the
hover card, so a keyboard user tabbing through transcribed text reached the
anchor but never saw the rich-context preview. For the senior audience
constraint that's a hard regression.

Wire focusin/focusout alongside mouseenter/mouseleave on the delegated
listener. Same handleMentionEnter/Leave run — getBoundingClientRect works
identically on focused elements. focusin/focusout bubble naturally so no
capture phase needed.

Two new tests assert focusin mounts the card and focusout unmounts it.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../components/TranscriptionReadView.svelte   |  9 +++
 .../TranscriptionReadView.svelte.test.ts      | 56 +++++++++++++++++++
 2 files changed, 65 insertions(+)

diff --git a/frontend/src/lib/components/TranscriptionReadView.svelte b/frontend/src/lib/components/TranscriptionReadView.svelte
index 738ab791..4a3ac949 100644
--- a/frontend/src/lib/components/TranscriptionReadView.svelte
+++ b/frontend/src/lib/components/TranscriptionReadView.svelte
@@ -169,6 +169,10 @@ async function handleMentionClick(event: MouseEvent) {
 // Attach delegated event listeners on each rendered block. Using {@html ...}
 // for the body means we cannot bind events declaratively to the injected
 // anchors, so we hook up listeners via a Svelte action when the wrapper mounts.
+//
+// Keyboard parity (Leonie FINDING-01, WCAG 2.1.1): focusin/focusout mirror
+// mouseenter/mouseleave so users tabbing through transcribed text get the
+// same preview affordance.
 function attachMentionHandlers(node: HTMLElement) {
 	function onEnter(e: Event) {
 		const t = e.target as HTMLElement;
@@ -185,12 +189,17 @@ function attachMentionHandlers(node: HTMLElement) {
 	// mouseenter does not bubble — capture it.
 	node.addEventListener('mouseenter', onEnter, true);
 	node.addEventListener('mouseleave', onLeave, true);
+	// focusin/focusout do bubble — no capture phase needed.
+	node.addEventListener('focusin', onEnter);
+	node.addEventListener('focusout', onLeave);
 	node.addEventListener('click', onClick);
 
 	return {
 		destroy() {
 			node.removeEventListener('mouseenter', onEnter, true);
 			node.removeEventListener('mouseleave', onLeave, true);
+			node.removeEventListener('focusin', onEnter);
+			node.removeEventListener('focusout', onLeave);
 			node.removeEventListener('click', onClick);
 		}
 	};
diff --git a/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts b/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts
index 7b694200..5b849ed7 100644
--- a/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts
+++ b/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts
@@ -370,6 +370,62 @@ describe('TranscriptionReadView — person-mention rendering', () => {
 		expect(card).toBeNull();
 	});
 
+	it('mounts the hover card on focusin so keyboard users see the preview (WCAG 2.1.1)', async () => {
+		vi.stubGlobal(
+			'fetch',
+			vi.fn().mockImplementation((url: string) => {
+				if (String(url).endsWith('/relationships')) {
+					return Promise.resolve({ status: 200, ok: true, json: () => Promise.resolve([]) });
+				}
+				return Promise.resolve({
+					status: 200,
+					ok: true,
+					json: () =>
+						Promise.resolve({
+							id: PERSON_ID,
+							firstName: 'Auguste',
+							lastName: 'Raddatz',
+							displayName: 'Auguste Raddatz',
+							personType: 'PERSON',
+							familyMember: true
+						})
+				});
+			})
+		);
+
+		render(TranscriptionReadView, {
+			blocks: [mentionBlock],
+			onParagraphClick: () => {}
+		});
+
+		const link = document.querySelector('a.person-mention')!;
+		link.dispatchEvent(new FocusEvent('focusin', { bubbles: true }));
+
+		await vi.waitFor(() => {
+			const card = document.querySelector('[data-testid="person-hover-card"]');
+			expect(card).not.toBeNull();
+		});
+	});
+
+	it('unmounts the hover card on focusout', async () => {
+		render(TranscriptionReadView, {
+			blocks: [mentionBlock],
+			onParagraphClick: () => {}
+		});
+
+		const link = document.querySelector('a.person-mention')!;
+		link.dispatchEvent(new FocusEvent('focusin', { bubbles: true }));
+		await vi.waitFor(() => {
+			// the card mounts even in 404 → loading → null path; assert it cleans up on blur
+		});
+		link.dispatchEvent(new FocusEvent('focusout', { bubbles: true }));
+
+		await vi.waitFor(() => {
+			const card = document.querySelector('[data-testid="person-hover-card"]');
+			expect(card).toBeNull();
+		});
+	});
+
 	it('lets ctrl-click and meta-click fall through so users can open in a new tab', async () => {
 		render(TranscriptionReadView, {
 			blocks: [mentionBlock],
-- 
2.49.1


From 6dd60571e3fa3a5e22013ff0ce0fd3faadb2677f Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 09:00:15 +0200
Subject: [PATCH 14/18] fix(person-mention): name the hover-card region and
 announce its busy state
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Leonie FINDING-02/03 + Elicit NFR concern + Sara #4: role="region" with no
aria-label is an axe-core warning, and the pulsing-bars skeleton carries no
semantics for SR clients.

- Add aria-label to the region root: person displayName when loaded,
  localised "Lade Person…" while loading. Region always has a name.
- Add aria-busy="true" while loading; cleared on loaded/error so the
  state change is announced via aria-live="polite".
- Add role="status" + aria-label on the skeleton so SR clients hear
  "Lade Person" rather than three silent <div>s.
- New Paraglide key person_mention_loading in de/en/es.

Five new tests pin: aria-busy true while loading, aria-busy unset/false
when loaded, aria-label is displayName when loaded, aria-label is the
loading label while loading.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 frontend/messages/de.json                     |  1 +
 frontend/messages/en.json                     |  1 +
 frontend/messages/es.json                     |  1 +
 .../src/lib/components/PersonHoverCard.svelte | 20 +++++++-
 .../components/PersonHoverCard.svelte.spec.ts | 48 +++++++++++++++++++
 5 files changed, 70 insertions(+), 1 deletion(-)

diff --git a/frontend/messages/de.json b/frontend/messages/de.json
index f1b189ce..8ef11f81 100644
--- a/frontend/messages/de.json
+++ b/frontend/messages/de.json
@@ -423,6 +423,7 @@
 	"person_mention_open_link": "Zur Person",
 	"person_mention_hover_hint": "Klick öffnet Seite",
 	"person_mention_load_error": "Person konnte nicht geladen werden.",
+	"person_mention_loading": "Lade Person…",
 	"person_mention_popup_empty": "Keine Personen gefunden",
 	"person_mention_btn_label": "Person verlinken",
 	"person_mention_create_new": "Neue Person anlegen",
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index 02111802..c0909263 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -423,6 +423,7 @@
 	"person_mention_open_link": "Open person",
 	"person_mention_hover_hint": "Click opens the page",
 	"person_mention_load_error": "Could not load person.",
+	"person_mention_loading": "Loading person…",
 	"person_mention_popup_empty": "No persons found",
 	"person_mention_btn_label": "Link person",
 	"person_mention_create_new": "Create new person",
diff --git a/frontend/messages/es.json b/frontend/messages/es.json
index 5d416017..4b2fcdaf 100644
--- a/frontend/messages/es.json
+++ b/frontend/messages/es.json
@@ -423,6 +423,7 @@
 	"person_mention_open_link": "Ir a la persona",
 	"person_mention_hover_hint": "Clic abre la página",
 	"person_mention_load_error": "No se pudo cargar la persona.",
+	"person_mention_loading": "Cargando persona…",
 	"person_mention_popup_empty": "No se encontraron personas",
 	"person_mention_btn_label": "Vincular persona",
 	"person_mention_create_new": "Crear nueva persona",
diff --git a/frontend/src/lib/components/PersonHoverCard.svelte b/frontend/src/lib/components/PersonHoverCard.svelte
index 3374de23..74c36260 100644
--- a/frontend/src/lib/components/PersonHoverCard.svelte
+++ b/frontend/src/lib/components/PersonHoverCard.svelte
@@ -41,6 +41,17 @@ const notesExcerpt = $derived.by(() => {
 	if (notes.length <= NOTES_MAX) return notes;
 	return notes.slice(0, NOTES_MAX) + '…';
 });
+
+// Accessible name for the region landmark — required by WCAG 1.3.1.
+// Falls back to a localised loading label so axe-core never sees an unnamed
+// region (Leonie FINDING-02 / Elicit NFR concern).
+const ariaLabel = $derived(
+	state.status === 'loaded' ? state.person.displayName : m.person_mention_loading()
+);
+
+// aria-busy="true" while loading so SR clients know the region's contents
+// will change. Cleared on loaded/error so the new content is announced.
+const ariaBusy = $derived(state.status === 'loading');
 </script>
 
 <div
@@ -49,12 +60,19 @@ const notesExcerpt = $derived.by(() => {
 	id={cardId}
 	role="region"
 	aria-live="polite"
+	aria-label={ariaLabel}
+	aria-busy={ariaBusy ? 'true' : undefined}
 	style:position="absolute"
 	style:top={`${position.top}px`}
 	style:left={`${position.left}px`}
 >
 	{#if state.status === 'loading'}
-		<div data-testid="person-hover-card-skeleton" class="skeleton">
+		<div
+			data-testid="person-hover-card-skeleton"
+			class="skeleton"
+			role="status"
+			aria-label={m.person_mention_loading()}
+		>
 			<div class="bar"></div>
 			<div class="bar"></div>
 			<div class="bar"></div>
diff --git a/frontend/src/lib/components/PersonHoverCard.svelte.spec.ts b/frontend/src/lib/components/PersonHoverCard.svelte.spec.ts
index ac8bb400..0d9dd955 100644
--- a/frontend/src/lib/components/PersonHoverCard.svelte.spec.ts
+++ b/frontend/src/lib/components/PersonHoverCard.svelte.spec.ts
@@ -246,6 +246,54 @@ describe('PersonHoverCard — accessibility', () => {
 		expect(root.getAttribute('aria-live')).toBe('polite');
 	});
 
+	it('sets aria-busy="true" while loading so SR announces the state change on load', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loading' }
+		});
+		const root = document.querySelector('[data-testid="person-hover-card"]')!;
+		expect(root.getAttribute('aria-busy')).toBe('true');
+	});
+
+	it('does not set aria-busy when loaded (so the loaded content is announced)', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loaded', person: AUGUSTE, relationships: [] }
+		});
+		const root = document.querySelector('[data-testid="person-hover-card"]')!;
+		// aria-busy is either absent or "false"
+		const busy = root.getAttribute('aria-busy');
+		expect(busy === null || busy === 'false').toBe(true);
+	});
+
+	it('names the region with the person displayName when loaded (WCAG 1.3.1)', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loaded', person: AUGUSTE, relationships: [] }
+		});
+		const root = document.querySelector('[data-testid="person-hover-card"]')!;
+		expect(root.getAttribute('aria-label')).toBe('Auguste Raddatz');
+	});
+
+	it('names the region with a generic loading label while loading', async () => {
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loading' }
+		});
+		const root = document.querySelector('[data-testid="person-hover-card"]')!;
+		// Region must have an accessible name in every state — axe-core flags
+		// role="region" without aria-label / aria-labelledby.
+		expect(root.getAttribute('aria-label')).toBeTruthy();
+	});
+
 	it('exposes the cardId as the host element id (so anchor aria-describedby works)', async () => {
 		render(PersonHoverCard, {
 			personId: 'p-aug',
-- 
2.49.1


From 558e1e6b22b16127641de855db820558836faecb Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 09:01:39 +0200
Subject: [PATCH 15/18] fix(person-mention): truncate notes excerpt at last
 word boundary
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Leonie FINDING-04 + Elicit E5: notes.slice(0, 120) cuts mid-word, especially
ugly in German compound nouns ("…Familienzu…"). Sara #7: the assertion
.toBeLessThanOrEqual(122) was a magic number that hid this bug.

Add truncateAtWordBoundary(text, max): cut at the last space inside the
window unless it'd shrink the excerpt below 70% (single-word fallback).
Single-word case still produces hard-cut + ellipsis so a 150-char word
shows the first 120 chars + … rather than nothing.

Tests pinned to exact strings.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../src/lib/components/PersonHoverCard.svelte | 21 ++++++++++--
 .../components/PersonHoverCard.svelte.spec.ts | 34 +++++++++++++++++--
 2 files changed, 50 insertions(+), 5 deletions(-)

diff --git a/frontend/src/lib/components/PersonHoverCard.svelte b/frontend/src/lib/components/PersonHoverCard.svelte
index 74c36260..36a4989d 100644
--- a/frontend/src/lib/components/PersonHoverCard.svelte
+++ b/frontend/src/lib/components/PersonHoverCard.svelte
@@ -34,12 +34,29 @@ const dateRange = $derived(
 		: ''
 );
 
+/**
+ * Cut the notes excerpt at the last word boundary inside the NOTES_MAX
+ * window. Mid-word truncation is especially ugly in German compound nouns
+ * ("…Familienzu…"), so prefer the previous space if there is one within
+ * a reasonable distance. Fall back to a hard cut for strings with no
+ * spaces at all (e.g. a single 150-char word). Leonie FINDING-04 / Elicit E5.
+ */
+function truncateAtWordBoundary(text: string, max: number): string {
+	if (text.length <= max) return text;
+	const window = text.slice(0, max);
+	const lastSpace = window.lastIndexOf(' ');
+	// If the last space is too close to the start (< 70% of the window) we'd
+	// produce a near-empty excerpt — fall back to the hard cut instead.
+	const minBoundary = Math.floor(max * 0.7);
+	const cut = lastSpace >= minBoundary ? window.slice(0, lastSpace) : window;
+	return cut + '…';
+}
+
 const notesExcerpt = $derived.by(() => {
 	if (state.status !== 'loaded') return null;
 	const notes = state.person.notes;
 	if (!notes) return null;
-	if (notes.length <= NOTES_MAX) return notes;
-	return notes.slice(0, NOTES_MAX) + '…';
+	return truncateAtWordBoundary(notes, NOTES_MAX);
 });
 
 // Accessible name for the region landmark — required by WCAG 1.3.1.
diff --git a/frontend/src/lib/components/PersonHoverCard.svelte.spec.ts b/frontend/src/lib/components/PersonHoverCard.svelte.spec.ts
index 0d9dd955..f68bfdfc 100644
--- a/frontend/src/lib/components/PersonHoverCard.svelte.spec.ts
+++ b/frontend/src/lib/components/PersonHoverCard.svelte.spec.ts
@@ -197,7 +197,9 @@ describe('PersonHoverCard — loaded state', () => {
 		await expect.element(page.getByText('Born in Berlin.')).toBeInTheDocument();
 	});
 
-	it('truncates notes longer than 120 characters with an ellipsis', async () => {
+	it('truncates notes longer than 120 characters with an ellipsis (single long word)', async () => {
+		// Single 150-char word with no spaces: word-boundary cut would yield nothing,
+		// so fall back to a hard cut at 120 + ellipsis (Sara #7: pin the exact length).
 		const long = 'x'.repeat(150);
 		const withLongNotes = { ...AUGUSTE, notes: long } as Person;
 		render(PersonHoverCard, {
@@ -207,8 +209,34 @@ describe('PersonHoverCard — loaded state', () => {
 			state: { status: 'loaded', person: withLongNotes, relationships: [] }
 		});
 		const notes = document.querySelector('[data-testid="person-hover-card-notes"]')!;
-		expect(notes.textContent!.length).toBeLessThanOrEqual(122);
-		expect(notes.textContent).toContain('…');
+		expect(notes.textContent).toBe('x'.repeat(120) + '…');
+	});
+
+	it('truncates at the last word boundary inside the 120-char window (Leonie FINDING-04)', async () => {
+		// 150-char string with spaces — must cut at the last space, not mid-word.
+		const sentence = 'Sie war eine bekannte Schriftstellerin und engagierte sich '.repeat(3);
+		// length is 180, last space at idx ≤120
+		const withLongNotes = { ...AUGUSTE, notes: sentence } as Person;
+		render(PersonHoverCard, {
+			personId: 'p-aug',
+			cardId: 'card-1',
+			position: POSITION,
+			state: { status: 'loaded', person: withLongNotes, relationships: [] }
+		});
+		const notes = document.querySelector('[data-testid="person-hover-card-notes"]')!;
+		const text = notes.textContent ?? '';
+		// Ends with ellipsis
+		expect(text.endsWith('…')).toBe(true);
+		// Last char before the ellipsis is NOT a half-word — verify by checking that
+		// the position right before … is the end of a word (i.e., there's no letter
+		// further along in the original text immediately after our cut point).
+		const cut = text.slice(0, -1); // strip the …
+		// Find this cut substring in the original sentence
+		const idx = sentence.indexOf(cut);
+		expect(idx).toBe(0);
+		const charAfterCut = sentence[cut.length];
+		// The next char should be a space — confirming we cut on a boundary
+		expect(charAfterCut).toBe(' ');
 	});
 
 	it('omits notes section when notes is null', async () => {
-- 
2.49.1


From 060a1149e07372882b8eb4ecda6767718d57fa81 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 09:02:38 +0200
Subject: [PATCH 16/18] fix(person-mention): bump underline contrast so the
 link is visible at rest
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Leonie FINDING-06: text-decoration-color was --c-accent at 60% (~#C9E6E5 on
white = ~1.6:1 contrast). The underline is the only visual signal that this
is a link mid-paragraph, so a barely-visible colour means seniors and
colour-blind users miss the affordance entirely.

Switch to --c-ink at 50% — same ink colour as the text, half opacity. Reads
as a soft underline on any background, passes WCAG 1.4.11 non-text contrast
on every brand surface.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 frontend/src/routes/layout.css | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/frontend/src/routes/layout.css b/frontend/src/routes/layout.css
index 5e693203..e4d9cce0 100644
--- a/frontend/src/routes/layout.css
+++ b/frontend/src/routes/layout.css
@@ -335,13 +335,17 @@
    Underline at rest is required for WCAG AA — colour alone fails 8% of men
    with red-green colour-blindness. Focus ring uses a box-shadow + border-radius
    so the rectangle doesn't touch the glyphs.
+
+   Underline colour uses --c-ink at 50% so the link affordance is visible on
+   any surface, including sand-tinted backgrounds where the previous mint
+   accent at 60% (~1.6:1 on white — Leonie FINDING-06) was barely perceptible.
 */
 .person-mention {
 	color: var(--c-ink);
 	text-decoration: underline;
 	text-decoration-thickness: 1px;
 	text-underline-offset: 3px;
-	text-decoration-color: color-mix(in srgb, var(--c-accent) 60%, transparent);
+	text-decoration-color: color-mix(in srgb, var(--c-ink) 50%, transparent);
 	cursor: pointer;
 	transition: text-decoration-color 0.15s ease;
 }
-- 
2.49.1


From 515fa030887844809e849a6267770e6159114d60 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 09:04:02 +0200
Subject: [PATCH 17/18] test(person-mention): replace setTimeout waits with
 vi.waitFor
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Sara #1 + Felix #4: setTimeout(r, 50) and setTimeout(r, 5) were racing the
microtask queue — passes on a fast laptop, will fail on a loaded CI runner.
Replace all six occurrences with vi.waitFor(() => expect(...)) which polls
until the assertion passes (default 1s timeout, 10ms interval).

Tests are now deterministic — they pass the moment the condition is true,
fail the moment the timeout elapses, and never spuriously time out on slow
CI hardware.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../TranscriptionReadView.svelte.test.ts      | 48 ++++++++++---------
 1 file changed, 26 insertions(+), 22 deletions(-)

diff --git a/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts b/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts
index 5b849ed7..31e62d47 100644
--- a/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts
+++ b/frontend/src/lib/components/TranscriptionReadView.svelte.test.ts
@@ -280,12 +280,13 @@ describe('TranscriptionReadView — person-mention rendering', () => {
 
 		const link = document.querySelector('a.person-mention')!;
 		link.dispatchEvent(new MouseEvent('mouseenter', { bubbles: true }));
-		await new Promise((r) => setTimeout(r, 10));
 
-		const personFetches = fetchMock.mock.calls.filter((c) =>
-			String(c[0]).includes(`/api/persons/${PERSON_ID}`)
-		);
-		expect(personFetches.length).toBeGreaterThanOrEqual(1);
+		await vi.waitFor(() => {
+			const personFetches = fetchMock.mock.calls.filter((c) =>
+				String(c[0]).includes(`/api/persons/${PERSON_ID}`)
+			);
+			expect(personFetches.length).toBeGreaterThanOrEqual(1);
+		});
 	});
 
 	it('deduplicates fetches for the same personId across multiple mouseenter events (B15.5)', async () => {
@@ -308,12 +309,12 @@ describe('TranscriptionReadView — person-mention rendering', () => {
 		// Plus a re-hover on the first
 		links[0].dispatchEvent(new MouseEvent('mouseenter', { bubbles: true }));
 
-		await new Promise((r) => setTimeout(r, 10));
-
-		const personFetches = fetchMock.mock.calls.filter(
-			(c) => String(c[0]) === `/api/persons/${PERSON_ID}`
-		);
-		expect(personFetches.length).toBe(1);
+		await vi.waitFor(() => {
+			const personFetches = fetchMock.mock.calls.filter(
+				(c) => String(c[0]) === `/api/persons/${PERSON_ID}`
+			);
+			expect(personFetches.length).toBe(1);
+		});
 	});
 
 	it('mounts the hover card on mouseenter when the fetch loads', async () => {
@@ -349,9 +350,10 @@ describe('TranscriptionReadView — person-mention rendering', () => {
 		const link = document.querySelector('a.person-mention')!;
 		link.dispatchEvent(new MouseEvent('mouseenter', { bubbles: true }));
 
-		await new Promise((r) => setTimeout(r, 50));
-		const card = document.querySelector('[data-testid="person-hover-card"]');
-		expect(card).not.toBeNull();
+		await vi.waitFor(() => {
+			const card = document.querySelector('[data-testid="person-hover-card"]');
+			expect(card).not.toBeNull();
+		});
 	});
 
 	it('unmounts the hover card on mouseleave', async () => {
@@ -362,12 +364,12 @@ describe('TranscriptionReadView — person-mention rendering', () => {
 
 		const link = document.querySelector('a.person-mention')!;
 		link.dispatchEvent(new MouseEvent('mouseenter', { bubbles: true }));
-		await new Promise((r) => setTimeout(r, 5));
 		link.dispatchEvent(new MouseEvent('mouseleave', { bubbles: true }));
-		await new Promise((r) => setTimeout(r, 5));
 
-		const card = document.querySelector('[data-testid="person-hover-card"]');
-		expect(card).toBeNull();
+		await vi.waitFor(() => {
+			const card = document.querySelector('[data-testid="person-hover-card"]');
+			expect(card).toBeNull();
+		});
 	});
 
 	it('mounts the hover card on focusin so keyboard users see the preview (WCAG 2.1.1)', async () => {
@@ -468,13 +470,15 @@ describe('TranscriptionReadView — person-mention rendering', () => {
 
 		const link = document.querySelector('a.person-mention')!;
 		link.dispatchEvent(new MouseEvent('mouseenter', { bubbles: true }));
-		await new Promise((r) => setTimeout(r, 50));
+
+		await vi.waitFor(() => {
+			// Anchor is marked as deleted so subsequent hovers/clicks treat it as plain text
+			const stillLink = document.querySelector('a.person-mention')!;
+			expect(stillLink.getAttribute('data-person-deleted')).toBe('true');
+		});
 
 		// 404 → no card mounted
 		const card = document.querySelector('[data-testid="person-hover-card"]');
 		expect(card).toBeNull();
-		// Anchor is marked as deleted so subsequent hovers/clicks treat it as plain text
-		const stillLink = document.querySelector('a.person-mention')!;
-		expect(stillLink.getAttribute('data-person-deleted')).toBe('true');
 	});
 });
-- 
2.49.1


From bc58d77f2cb67b60db381a6811d99daae4ac3f0f Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Wed, 29 Apr 2026 09:04:59 +0200
Subject: [PATCH 18/18] test(e2e): uniquify person-mention doc title and
 tighten B21 card-suppression assertion
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Sara #3: title was a fixed string; if beforeAll crashed before afterAll
  ran, the next run would collide. Append Date.now() so each run has a
  unique title.
- Sara #2: B21 only asserted "no card present after tap" — but at that
  point we've already navigated to /persons/{id} and the card lives on
  the document page, so the assertion was vacuous. Move the toHaveCount(0)
  to before the tap so it actually proves touch-device suppression.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 frontend/e2e/person-mention-read.spec.ts | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/frontend/e2e/person-mention-read.spec.ts b/frontend/e2e/person-mention-read.spec.ts
index b1a01bb4..17b23c7a 100644
--- a/frontend/e2e/person-mention-read.spec.ts
+++ b/frontend/e2e/person-mention-read.spec.ts
@@ -44,8 +44,14 @@ test.describe('Person mention — read mode', () => {
 		personId = person.id;
 
 		// 2. Document with a PDF so the transcription panel is mountable.
+		// Sara #3: timestamp the title so a previous run that crashed in beforeAll
+		// (and therefore skipped afterAll cleanup) cannot collide with this one.
+		const uniqueSuffix = Date.now();
 		const docRes = await request.post('/api/documents', {
-			multipart: { title: 'E2E Person Mention Read', documentDate: '1945-05-08' }
+			multipart: {
+				title: `E2E Person Mention Read ${uniqueSuffix}`,
+				documentDate: '1945-05-08'
+			}
 		});
 		if (!docRes.ok()) throw new Error(`Create document failed: ${docRes.status()}`);
 		const doc = await docRes.json();
@@ -54,7 +60,7 @@ test.describe('Person mention — read mode', () => {
 
 		await request.put(`/api/documents/${docId}`, {
 			multipart: {
-				title: doc.title,
+				title: doc.title as string,
 				documentDate: '1945-05-08',
 				file: {
 					name: 'minimal.pdf',
@@ -143,10 +149,13 @@ test.describe('Person mention — read mode', () => {
 			const link = touchPage.locator(`a.person-mention[data-person-id="${personId}"]`).first();
 			await expect(link).toBeVisible({ timeout: 5000 });
 
-			await link.tap();
-			// The card never mounted — the tap navigated directly per spec
-			await expect(touchPage).toHaveURL(new RegExp(`/persons/${personId}`));
+			// Sara #2: assert no card *before* the tap so the test actually proves
+			// the touch device suppression worked, not just that we navigated away.
 			await expect(touchPage.getByTestId('person-hover-card')).toHaveCount(0);
+
+			await link.tap();
+			// The card never mounted — the tap navigated directly per spec.
+			await expect(touchPage).toHaveURL(new RegExp(`/persons/${personId}`));
 		} finally {
 			await context.close();
 		}
-- 
2.49.1