chore(ci): Align GH Workflows with Docker SSoT, new paths; minimal SSoT guard; staticAnalysis (#23)

* chore(MP-21): snapshot pre-refactor state (Epic 1) * chore(MP-22): scaffold new repo structure, relocate Docker Compose, move frontend/backend modules, update Makefile; add docs mapping and env template * MP-22 Epic 2: Erfolgreich umgesetzt und verifiziert * MP-23 Epic 3: Gradle/Build Governance zentralisieren * MP-23 Epic 3: Gradle/Build Governance zentralisieren * chore(devops)!: Docker-SSoT (.env) konsolidiert, Compose-Mounts ergänzt, Makefile entfernt - ENV Single Source of Truth - docker/.env.example neu (inkl. REDIS_PASSWORD, Ports, Build-Overrides) - config/.env(.example) als DEPRECATED markiert (Verweis auf docker/.env[.example]) - Docker Compose vereinheitlicht (docker/docker-compose.yaml) - Postgres: zentralen postgresql.conf mounten (../config/postgres/postgresql.conf) und Start mit -c config_file=/etc/postgresql/postgresql.conf - Redis: zentralen redis.conf mounten (../config/redis/redis.conf) und Start via "redis-server … ${REDIS_PASSWORD:+--requirepass $REDIS_PASSWORD}" - Web-Nginx: ../config/nginx/nginx.prod.conf → /etc/nginx/nginx.conf (ro) - Monitoring: Prometheus/Grafana nutzen ../config/monitoring/* als SSoT - Frontend/DI/Network (MP-23 Grundlage) - :frontend:core:network Modul mit Koin `apiClient` (Ktor + JSON/Retry/Timeout/Logging) - Plattform-Basis-URL-Auflösung (JVM: ENV API_BASE_URL; JS: globalThis.API_BASE_URL / Same-Origin) - Web index.html setzt API_BASE_URL (Query `?apiBaseUrl=…` > Same-Origin > Fallback) - Build/Gradle & Module-Refs - settings.gradle.kts: neue Frontend-/Backend-Pfade bereits inkludiert - Features/Shell: Abhängigkeiten auf :frontend:shared / :frontend:core:* angepasst - Ping-API-Refs auf :backend:services:ping:ping-api vereinheitlicht - Dockerfiles angepasst - backend/infrastructure/gateway/Dockerfile → Tasks/Pfade auf :backend:gateway - backend/services/ping/Dockerfile → Tasks/Pfade auf :backend:services:ping:ping-service - Static Analysis / Guards - config/detekt/detekt.yml hinzugefügt - Leichter Arch-Guard (Frontend) gegen manuelle Authorization-Header vorbereitet - Doku - docs/ARCHITECTURE.md (Struktur, Mapping, Next Steps) ergänzt - docs/adr/README.md angelegt BREAKING CHANGES: - Makefile komplett entfernt (bitte direkt `docker compose` verwenden) - ENV-Quelle ist jetzt docker/.env (statt config/.env oder Root) - Compose-Datei unter docker/docker-compose.yaml (nicht mehr compose.yaml im Repo-Root) Verifikation (lokal): - ENV anlegen: `cp docker/.env.example docker/.env` (Werte anpassen) - Compose prüfen: `docker compose --env-file docker/.env -f docker/docker-compose.yaml config` - Infrastruktur: `docker compose --env-file docker/.env -f docker/docker-compose.yaml -p meldestelle up -d postgres redis keycloak web-app` - Services bauen: `docker compose --env-file docker/.env -f docker/docker-compose.yaml -p meldestelle build api-gateway ping-service --no-cache --progress=plain` Refs: MP-22 (Epic 2), MP-23 (Epic 3) * chore(devops)!: Docker-SSoT (.env) konsolidiert, Compose-Mounts ergänzt, Makefile entfernt - ENV Single Source of Truth - docker/.env.example neu (inkl. REDIS_PASSWORD, Ports, Build-Overrides) - config/.env(.example) als DEPRECATED markiert (Verweis auf docker/.env[.example]) - Docker Compose vereinheitlicht (docker/docker-compose.yaml) - Postgres: zentralen postgresql.conf mounten (../config/postgres/postgresql.conf) und Start mit -c config_file=/etc/postgresql/postgresql.conf - Redis: zentralen redis.conf mounten (../config/redis/redis.conf) und Start via "redis-server … ${REDIS_PASSWORD:+--requirepass $REDIS_PASSWORD}" - Web-Nginx: ../config/nginx/nginx.prod.conf → /etc/nginx/nginx.conf (ro) - Monitoring: Prometheus/Grafana nutzen ../config/monitoring/* als SSoT - Frontend/DI/Network (MP-23 Grundlage) - :frontend:core:network Modul mit Koin `apiClient` (Ktor + JSON/Retry/Timeout/Logging) - Plattform-Basis-URL-Auflösung (JVM: ENV API_BASE_URL; JS: globalThis.API_BASE_URL / Same-Origin) - Web index.html setzt API_BASE_URL (Query `?apiBaseUrl=…` > Same-Origin > Fallback) - Build/Gradle & Module-Refs - settings.gradle.kts: neue Frontend-/Backend-Pfade bereits inkludiert - Features/Shell: Abhängigkeiten auf :frontend:shared / :frontend:core:* angepasst - Ping-API-Refs auf :backend:services:ping:ping-api vereinheitlicht - Dockerfiles angepasst - backend/infrastructure/gateway/Dockerfile → Tasks/Pfade auf :backend:gateway - backend/services/ping/Dockerfile → Tasks/Pfade auf :backend:services:ping:ping-service - Static Analysis / Guards - config/detekt/detekt.yml hinzugefügt - Leichter Arch-Guard (Frontend) gegen manuelle Authorization-Header vorbereitet - Doku - docs/ARCHITECTURE.md (Struktur, Mapping, Next Steps) ergänzt - docs/adr/README.md angelegt BREAKING CHANGES: - Makefile komplett entfernt (bitte direkt `docker compose` verwenden) - ENV-Quelle ist jetzt docker/.env (statt config/.env oder Root) - Compose-Datei unter docker/docker-compose.yaml (nicht mehr compose.yaml im Repo-Root) Verifikation (lokal): - ENV anlegen: `cp docker/.env.example docker/.env` (Werte anpassen) - Compose prüfen: `docker compose --env-file docker/.env -f docker/docker-compose.yaml config` - Infrastruktur: `docker compose --env-file docker/.env -f docker/docker-compose.yaml -p meldestelle up -d postgres redis keycloak web-app` - Services bauen: `docker compose --env-file docker/.env -f docker/docker-compose.yaml -p meldestelle build api-gateway ping-service --no-cache --progress=plain` Refs: MP-22 (Epic 2), MP-23 (Epic 3) * chore(devops)!: Docker-SSoT (.env) konsolidiert, Compose-Mounts ergänzt, Makefile entfernt - ENV Single Source of Truth - docker/.env.example neu (inkl. REDIS_PASSWORD, Ports, Build-Overrides) - config/.env(.example) als DEPRECATED markiert (Verweis auf docker/.env[.example]) - Docker Compose vereinheitlicht (docker/docker-compose.yaml) - Postgres: zentralen postgresql.conf mounten (../config/postgres/postgresql.conf) und Start mit -c config_file=/etc/postgresql/postgresql.conf - Redis: zentralen redis.conf mounten (../config/redis/redis.conf) und Start via "redis-server … ${REDIS_PASSWORD:+--requirepass $REDIS_PASSWORD}" - Web-Nginx: ../config/nginx/nginx.prod.conf → /etc/nginx/nginx.conf (ro) - Monitoring: Prometheus/Grafana nutzen ../config/monitoring/* als SSoT - Frontend/DI/Network (MP-23 Grundlage) - :frontend:core:network Modul mit Koin `apiClient` (Ktor + JSON/Retry/Timeout/Logging) - Plattform-Basis-URL-Auflösung (JVM: ENV API_BASE_URL; JS: globalThis.API_BASE_URL / Same-Origin) - Web index.html setzt API_BASE_URL (Query `?apiBaseUrl=…` > Same-Origin > Fallback) - Build/Gradle & Module-Refs - settings.gradle.kts: neue Frontend-/Backend-Pfade bereits inkludiert - Features/Shell: Abhängigkeiten auf :frontend:shared / :frontend:core:* angepasst - Ping-API-Refs auf :backend:services:ping:ping-api vereinheitlicht - Dockerfiles angepasst - backend/infrastructure/gateway/Dockerfile → Tasks/Pfade auf :backend:gateway - backend/services/ping/Dockerfile → Tasks/Pfade auf :backend:services:ping:ping-service - Static Analysis / Guards - config/detekt/detekt.yml hinzugefügt - Leichter Arch-Guard (Frontend) gegen manuelle Authorization-Header vorbereitet - Doku - docs/ARCHITECTURE.md (Struktur, Mapping, Next Steps) ergänzt - docs/adr/README.md angelegt BREAKING CHANGES: - Makefile komplett entfernt (bitte direkt `docker compose` verwenden) - ENV-Quelle ist jetzt docker/.env (statt config/.env oder Root) - Compose-Datei unter docker/docker-compose.yaml (nicht mehr compose.yaml im Repo-Root) Verifikation (lokal): - ENV anlegen: `cp docker/.env.example docker/.env` (Werte anpassen) - Compose prüfen: `docker compose --env-file docker/.env -f docker/docker-compose.yaml config` - Infrastruktur: `docker compose --env-file docker/.env -f docker/docker-compose.yaml -p meldestelle up -d postgres redis keycloak web-app` - Services bauen: `docker compose --env-file docker/.env -f docker/docker-compose.yaml -p meldestelle build api-gateway ping-service --no-cache --progress=plain` Refs: MP-22 (Epic 2), MP-23 (Epic 3) * chore(ci): Workflows an Docker-SSoT & neue Struktur angepasst, minimaler SSoT-Guard - ssot-guard.yml: Option B (minimal) → `docker compose -f docker/docker-compose.yaml config` als Lint - integration-tests.yml: `./gradlew staticAnalysis` vor Integrationstests - docs-kdoc-sync.yml: Dokka-Task Fallback (dokkaGfmAll || dokkaGfm), YouTrack-Sync nur wenn Script vorhanden - deploy-proxmox.yml: Compose-Pfade auf docker/docker-compose.yaml + `--env-file docker/.env`; Build/Test Schritte vereinheitlicht - ci-main.yml: SSoT-Skripte per `if: hashFiles(...)` guarded, Compose-Lint Fallback; OpenAPI‑Pfad → backend/gateway; ADR‑Pfade → docs/adr/**; `staticAnalysis` in Build integriert - youtrack-sync.yml: unverändert (funktional) Refs: MP-22, MP-23 * chore(ci): Workflows an Docker-SSoT & neue Struktur angepasst, minimaler SSoT-Guard - ssot-guard.yml: Option B (minimal) → `docker compose -f docker/docker-compose.yaml config` als Lint - integration-tests.yml: `./gradlew staticAnalysis` vor Integrationstests - docs-kdoc-sync.yml: Dokka-Task Fallback (dokkaGfmAll || dokkaGfm), YouTrack-Sync nur wenn Script vorhanden - deploy-proxmox.yml: Compose-Pfade auf docker/docker-compose.yaml + `--env-file docker/.env`; Build/Test Schritte vereinheitlicht - ci-main.yml: SSoT-Skripte per `if: hashFiles(...)` guarded, Compose-Lint Fallback; OpenAPI‑Pfad → backend/gateway; ADR‑Pfade → docs/adr/**; `staticAnalysis` in Build integriert - youtrack-sync.yml: unverändert (funktional) Refs: MP-22, MP-23 * fix(ci): create .env from example before validating compose config * fix(ci): update ssot-guard filename (.yaml) and sync workflow state * fixing * fix(webpack): correct sql.js fallback configuration for webpack 5
2025-12-03 12:03:40 +01:00
parent 034892e890
commit 95fe3e0573
365 changed files with 2283 additions and 15142 deletions
@@ -0,0 +1,114 @@
+@file:OptIn(ExperimentalKotlinGradlePluginApi::class, ExperimentalWasmDsl::class)
+
+import org.jetbrains.kotlin.gradle.ExperimentalKotlinGradlePluginApi
+import org.jetbrains.kotlin.gradle.ExperimentalWasmDsl
+import org.jetbrains.kotlin.gradle.dsl.JvmTarget
+import org.jetbrains.kotlin.gradle.dsl.KotlinJsCompile
+import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
+
+/**
+ * Shared Module: Gemeinsame Libraries und Utilities für alle Client-Features
+ * KEINE EXECUTABLE - ist eine Library für andere Module
+ */
+plugins {
+  alias(libs.plugins.kotlinMultiplatform)
+  alias(libs.plugins.kotlinSerialization)
+  alias(libs.plugins.composeMultiplatform)
+  alias(libs.plugins.composeCompiler)
+}
+
+kotlin {
+  val enableWasm = providers.gradleProperty("enableWasm").orNull == "true"
+
+  jvmToolchain(21)
+
+  // JVM Target für Desktop
+  jvm()
+
+  // JavaScript Target für Web
+  js {
+    browser {
+      testTask {
+        enabled = false
+      }
+    }
+    // ...
+  }
+
+  // WASM, nur wenn explizit aktiviert
+  if (enableWasm) {
+    @OptIn(ExperimentalWasmDsl::class)
+    wasmJs { browser() }
+  }
+
+  sourceSets {
+    commonMain.dependencies {
+
+      api(projects.core.coreUtils)
+      api(projects.core.coreDomain)
+
+      // Kotlinx core dependencies (coroutines, serialization, datetime)
+      implementation(libs.bundles.kotlinx.core)
+
+      // HTTP Client
+      implementation(libs.ktor.client.core)
+      implementation(libs.ktor.client.contentNegotiation)
+      implementation(libs.ktor.client.serialization.kotlinx.json)
+      implementation(libs.ktor.client.logging)
+      implementation(libs.ktor.client.auth)
+
+      // Dependency Injection (Koin)
+      implementation(libs.koin.core)
+      implementation(libs.koin.compose)
+      implementation(libs.koin.compose.viewmodel)
+
+      // Network module (provides DI `apiClient`)
+      implementation(projects.frontend.core.network)
+
+      // Compose für shared UI components (common)
+      implementation(compose.runtime)
+      implementation(compose.foundation)
+      implementation(compose.material3)
+    }
+
+    commonTest.dependencies {
+      implementation(libs.kotlin.test)
+      implementation(libs.kotlinx.coroutines.test)
+    }
+
+    jvmMain.dependencies {
+      implementation(libs.ktor.client.cio)
+    }
+
+    jsMain.dependencies {
+      implementation(libs.ktor.client.js)
+    }
+
+    // WASM SourceSet, nur wenn aktiviert
+    if (enableWasm) {
+      val wasmJsMain = getByName("wasmJsMain")
+      wasmJsMain.dependencies {
+        implementation(libs.ktor.client.js) // WASM verwendet JS-Client
+        implementation(compose.runtime)
+        implementation(compose.foundation)
+        implementation(compose.material3)
+      }
+    }
+  }
+}
+
+// KMP Compile-Optionen
+tasks.withType<KotlinCompile> {
+  compilerOptions {
+    jvmTarget.set(JvmTarget.JVM_21)
+    freeCompilerArgs.addAll(
+      "-opt-in=kotlin.RequiresOptIn"
+    )
+  }
+}
+
+tasks.withType<KotlinJsCompile>().configureEach {
+  compilerOptions {
+    target = "es2015"
+  }
+}
@@ -0,0 +1,12 @@
+package at.mocode.shared.core
+
+data class AppConfig(
+  val gatewayUrl: String,
+  val isDebug: Boolean
+)
+
+// Standard-Config für Local Development
+val devConfig = AppConfig(
+  gatewayUrl = "http://localhost:8081",
+  isDebug = true
+)
@@ -0,0 +1,47 @@
+package at.mocode.shared.core
+
+/**
+ * Shared application configuration constants for clients.
+ * These defaults target local development environments.
+ */
+object AppConstants {
+  // Gateway base URL (reverse proxy / API gateway)
+  const val GATEWAY_URL: String = "http://localhost:8081"
+
+  // Keycloak configuration
+  const val KEYCLOAK_URL: String = "http://localhost:8180"
+  const val KEYCLOAK_REALM: String = "meldestelle"
+
+  // Use public client configured in realm import: `web-app`
+  const val KEYCLOAK_CLIENT_ID: String = "web-app"
+
+  // Default redirect URI for web PKCE flow (served by Nginx in web image)
+  // We use the root path so Keycloak can redirect back to /?code=...
+  fun webRedirectUri(): String = "http://localhost:4000/"
+
+  fun registerUrl(): String =
+    "$KEYCLOAK_URL/realms/$KEYCLOAK_REALM/protocol/openid-connect/registrations?client_id=$KEYCLOAK_CLIENT_ID&response_type=code&redirect_uri=${
+      encode(
+        webRedirectUri()
+      )
+    }"
+
+  fun loginUrl(): String =
+    "$KEYCLOAK_URL/realms/$KEYCLOAK_REALM/protocol/openid-connect/auth?client_id=$KEYCLOAK_CLIENT_ID&response_type=code&redirect_uri=${
+      encode(
+        webRedirectUri()
+      )
+    }"
+
+  fun authorizeEndpoint(): String =
+    "$KEYCLOAK_URL/realms/$KEYCLOAK_REALM/protocol/openid-connect/auth"
+
+  fun tokenEndpoint(): String =
+    "$KEYCLOAK_URL/realms/$KEYCLOAK_REALM/protocol/openid-connect/token"
+
+  fun desktopDownloadUrl(): String = "http://localhost:4000/downloads/"
+
+  // Helper to URL-encode values (very small percent-encoding sufficient for URIs here)
+  private fun encode(value: String): String =
+    value.replace("://", ":%2F%2F").replace("/", "%2F").replace(":", "%3A")
+}
@@ -0,0 +1,27 @@
+package at.mocode.shared.data.repository
+
+import at.mocode.shared.domain.model.PingData
+import at.mocode.shared.domain.model.Resource
+import at.mocode.shared.domain.repository.PingRepository
+import io.ktor.client.*
+import io.ktor.client.call.*
+import io.ktor.client.request.*
+
+class PingRepositoryImpl(
+  private val httpClient: HttpClient
+) : PingRepository {
+
+  override suspend fun checkSystemStatus(): Resource<PingData> {
+    return try {
+      // Der HttpClient hat die BaseURL schon konfiguriert (siehe NetworkModule)
+      val response = httpClient.get("/api/ping/simple").body<PingData>()
+      Resource.Success(response)
+    } catch (e: Exception) {
+      // Hier fangen wir Netzwerkfehler ab und machen sie "hübsch" für die UI
+      Resource.Error(
+        message = "Verbindung fehlgeschlagen: ${e.message ?: "Unbekannter Fehler"}",
+        code = "NETWORK_ERROR"
+      )
+    }
+  }
+}
@@ -0,0 +1,50 @@
+package at.mocode.shared.di
+
+import at.mocode.shared.core.AppConfig
+import io.ktor.client.*
+import io.ktor.client.plugins.*
+import io.ktor.client.plugins.contentnegotiation.*
+import io.ktor.client.plugins.logging.*
+import io.ktor.http.*
+import io.ktor.serialization.kotlinx.json.*
+import kotlinx.serialization.json.Json
+import org.koin.dsl.module
+
+val networkModule = module {
+  // 1. JSON Konfiguration (Global verfügbar)
+  single {
+    Json {
+      ignoreUnknownKeys = true
+      prettyPrint = true
+      isLenient = true
+    }
+  }
+
+  // 2. HttpClient (Singleton)
+  single {
+    val config = get<AppConfig>()
+    val jsonConfig = get<Json>()
+
+    HttpClient {
+      // Standard-URL setzen
+      defaultRequest {
+        url(config.gatewayUrl)
+        contentType(ContentType.Application.Json)
+      }
+
+      install(ContentNegotiation) {
+        json(jsonConfig)
+      }
+
+      install(Logging) {
+        level = if (config.isDebug) LogLevel.INFO else LogLevel.NONE
+        logger = Logger.DEFAULT
+      }
+
+      install(HttpTimeout) {
+        requestTimeoutMillis = 10000
+        connectTimeoutMillis = 10000
+      }
+    }
+  }
+}
@@ -0,0 +1,26 @@
+package at.mocode.shared.di
+
+import at.mocode.shared.core.devConfig
+import at.mocode.frontend.core.network.networkModule
+import org.koin.core.context.startKoin
+import org.koin.dsl.KoinAppDeclaration
+import org.koin.dsl.module
+
+// Das Modul für die Config
+val configModule = module {
+  single { devConfig } // Später können wir hier PROD/DEV umschalten
+}
+
+// Basismodule, die immer geladen werden sollen (ohne Feature/Core-Cross-Imports)
+val baseSharedModules = listOf(
+  configModule,
+  // Network module provides DI-only HttpClient (safe to be shared across features)
+  networkModule
+)
+
+// Helper zum Starten von Koin (wird von der App aufgerufen)
+// Weitere Module (z. B. networkModule) können über appDeclaration hinzugefügt werden.
+fun initKoin(appDeclaration: KoinAppDeclaration = {}) = startKoin {
+  modules(baseSharedModules)
+  appDeclaration()
+}
@@ -0,0 +1,59 @@
+package at.mocode.shared.domain.model
+
+import kotlinx.serialization.Serializable
+
+/**
+ * Generischer Wrapper für API-Antworten.
+ */
+@Serializable
+data class ApiResponse<T>(
+  val success: Boolean,
+  val data: T? = null,
+  val error: ApiError? = null
+)
+
+@Serializable
+data class ApiError(
+  val code: String,
+  val message: String,
+  val details: Map<String, String> = emptyMap()
+)
+
+/**
+ * Das Ergebnis eines Repository-Aufrufs.
+ * Die UI kennt nur das hier, keine HTTP-Exceptions!
+ */
+sealed class Resource<out T> {
+  data class Success<T>(val data: T) : Resource<T>()
+  data class Error(val message: String, val code: String? = null) : Resource<Nothing>()
+  data object Loading : Resource<Nothing>()
+}
+
+/**
+ * Datenmodell für den Ping.
+ */
+@Serializable
+data class PingData(
+  val status: String,
+  val timestamp: String,
+  val service: String
+)
+
+/**
+ * Minimale User- und Auth-Models für Shared-Kernel (Quick-Fix für Build).
+ * Hinweis: Für MP-25 können diese in :frontend:core:domain verschoben/ausgebaut werden.
+ */
+@Serializable
+data class AuthToken(
+  val accessToken: String,
+  val tokenType: String = "Bearer",
+  val expiresAtEpochMillis: Long? = null
+)
+
+@Serializable
+data class User(
+  val id: String,
+  val username: String,
+  val displayName: String? = null,
+  val roles: List<String> = emptyList()
+)
@@ -0,0 +1,8 @@
+package at.mocode.shared.domain.repository
+
+import at.mocode.shared.domain.model.PingData
+import at.mocode.shared.domain.model.Resource
+
+interface PingRepository {
+  suspend fun checkSystemStatus(): Resource<PingData>
+}
@@ -0,0 +1,194 @@
+package at.mocode.shared.navigation
+
+import at.mocode.shared.presentation.store.AppStore
+
+/**
+ * Deep link handling for the application
+ */
+class DeepLinkHandler(
+  private val navigationManager: NavigationManager,
+  private val store: AppStore
+) {
+
+  /**
+   * Deep link configuration
+   */
+  data class DeepLinkConfig(
+    val scheme: String = "meldestelle",
+    val host: String = "app",
+    val allowedDomains: Set<String> = setOf("meldestelle.com", "localhost")
+  )
+
+  private val config = DeepLinkConfig()
+
+  /**
+   * Handle a deep link URL
+   */
+  fun handleDeepLink(url: String): Boolean {
+    return try {
+      val parsedLink = parseDeepLink(url)
+      if (parsedLink != null) {
+        processDeepLink(parsedLink)
+        true
+      } else {
+        false
+      }
+    } catch (e: Exception) {
+      // Log error in real implementation
+      false
+    }
+  }
+
+  /**
+   * Parse deep link URL into components
+   */
+  private fun parseDeepLink(url: String): DeepLink? {
+    return when {
+      url.startsWith("${config.scheme}://") -> parseCustomSchemeLink(url)
+      url.startsWith("https://") || url.startsWith("http://") -> parseWebLink(url)
+      else -> null
+    }
+  }
+
+  /**
+   * Parse custom scheme deep links (e.g., meldestelle://app/dashboard)
+   */
+  private fun parseCustomSchemeLink(url: String): DeepLink? {
+    val withoutScheme = url.removePrefix("${config.scheme}://")
+    val parts = withoutScheme.split("/")
+
+    if (parts.isEmpty() || parts[0] != config.host) {
+      return null
+    }
+
+    val path = "/" + parts.drop(1).joinToString("/")
+    val route = if (path == "/") Routes.HOME else path
+
+    return DeepLink(
+      type = DeepLinkType.CUSTOM_SCHEME,
+      route = route,
+      params = RouteUtils.parseRouteParams(route),
+      originalUrl = url
+    )
+  }
+
+  /**
+   * Parse web deep links (e.g., https://meldestelle.com/dashboard)
+   */
+  private fun parseWebLink(url: String): DeepLink? {
+    // Simple URL parsing - in real implementation use proper URL parser
+    val urlParts = url.split("/")
+    if (urlParts.size < 3) return null
+
+    val domain = urlParts[2]
+    if (!config.allowedDomains.contains(domain)) {
+      return null
+    }
+
+    val path = "/" + urlParts.drop(3).joinToString("/")
+    val route = if (path == "/" || path.isEmpty()) Routes.HOME else path
+
+    return DeepLink(
+      type = DeepLinkType.WEB_LINK,
+      route = route,
+      params = RouteUtils.parseRouteParams(route),
+      originalUrl = url
+    )
+  }
+
+  /**
+   * Process a parsed deep link
+   */
+  private fun processDeepLink(deepLink: DeepLink) {
+    val authState = store.state.value.auth
+    val cleanRoute = RouteUtils.getCleanRoute(deepLink.route)
+
+    // Check if route requires authentication
+    if (RouteUtils.requiresAuth(cleanRoute)) {
+      if (!authState.isAuthenticated) {
+        // Save the intended route and redirect to log in
+        saveIntendedRoute(deepLink.route)
+        navigationManager.navigateTo(Routes.Auth.LOGIN)
+        return
+      }
+    }
+
+    // Check if route requires admin privileges
+    if (RouteUtils.requiresAdmin(cleanRoute)) {
+      val hasAdminRole = authState.user?.roles?.contains("admin") ?: false
+      if (!hasAdminRole) {
+        // Redirect to unauthorized or home
+        navigationManager.navigateTo(Routes.HOME)
+        return
+      }
+    }
+
+    // Navigate to the route
+    navigationManager.navigateTo(deepLink.route)
+  }
+
+  /**
+   * Save the intended route for after authentication
+   */
+  private fun saveIntendedRoute(route: String) {
+    // In real implementation, save to persistent storage
+    // For now; we'll store it in a simple variable
+    intendedRoute = route
+  }
+
+  /**
+   * Get and clear the intended route
+   */
+  fun getAndClearIntendedRoute(): String? {
+    val route = intendedRoute
+    intendedRoute = null
+    return route
+  }
+
+  /**
+   * Check if there's a pending intended route
+   */
+  fun hasIntendedRoute(): Boolean = intendedRoute != null
+
+  /**
+   * Generate a deep link for a route
+   */
+  fun generateDeepLink(route: String, useCustomScheme: Boolean = true): String {
+    return if (useCustomScheme) {
+      "${config.scheme}://${config.host}$route"
+    } else {
+      "https://${config.allowedDomains.first()}$route"
+    }
+  }
+
+  /**
+   * Validate if a route is valid for deep linking
+   */
+  fun isValidDeepLinkRoute(route: String): Boolean {
+    return RouteUtils.isValidRoute(route) &&
+      !route.startsWith("/auth/") && // Auth routes shouldn't be deep linked
+      route != Routes.Auth.LOGIN
+  }
+
+  companion object {
+    private var intendedRoute: String? = null
+  }
+}
+
+/**
+ * Deep link data class
+ */
+data class DeepLink(
+  val type: DeepLinkType,
+  val route: String,
+  val params: Map<String, String>,
+  val originalUrl: String
+)
+
+/**
+ * Types of deep links
+ */
+enum class DeepLinkType {
+  CUSTOM_SCHEME,  // meldestelle://app/route
+  WEB_LINK        // https://meldestelle.com/route
+}
@@ -0,0 +1,178 @@
+package at.mocode.shared.navigation
+
+import at.mocode.shared.presentation.actions.AppAction
+import at.mocode.shared.presentation.store.AppStore
+import kotlinx.coroutines.flow.Flow
+import kotlinx.coroutines.flow.map
+
+/**
+ * Navigation manager for handling routing and navigation logic
+ */
+class NavigationManager(
+  private val store: AppStore
+) {
+
+  /**
+   * Current route as a flow
+   */
+  val currentRoute: Flow<String> = store.state.map { it.navigation.currentRoute }
+
+  /**
+   * Navigation history as a flow
+   */
+  val navigationHistory: Flow<List<String>> = store.state.map { it.navigation.history }
+
+  /**
+   * Can go back flag as a flow
+   */
+  val canGoBack: Flow<Boolean> = store.state.map { it.navigation.canGoBack }
+
+  /**
+   * Navigate to a specific route
+   */
+  fun navigateTo(route: String) {
+    store.dispatch(AppAction.Navigation.NavigateTo(route))
+  }
+
+  /**
+   * Navigate back to the previous route
+   */
+  fun navigateBack() {
+    store.dispatch(AppAction.Navigation.NavigateBack)
+  }
+
+  /**
+   * Replace current route without adding to history
+   */
+  fun replaceRoute(route: String) {
+    store.dispatch(AppAction.Navigation.UpdateHistory(route))
+  }
+
+  /**
+   * Clear navigation history and navigate to the route
+   */
+  fun navigateAndClearHistory(route: String) {
+    // First clear by replacing with the new route
+    store.dispatch(AppAction.Navigation.UpdateHistory(route))
+  }
+
+  /**
+   * Get current route value (non-reactive)
+   */
+  fun getCurrentRoute(): String = store.state.value.navigation.currentRoute
+
+  /**
+   * Check if we can navigate back
+   */
+  fun canNavigateBack(): Boolean = store.state.value.navigation.canGoBack
+}
+
+/**
+ * Route definitions for the application
+ */
+object Routes {
+  const val HOME = "/"
+  const val LOGIN = "/login"
+  const val DASHBOARD = "/dashboard"
+  const val PROFILE = "/profile"
+  const val SETTINGS = "/settings"
+  const val PING = "/ping"
+
+  // Auth-related routes
+  object Auth {
+    const val LOGIN = "/auth/login"
+    const val LOGOUT = "/auth/logout"
+    const val REGISTER = "/auth/register"
+    const val FORGOT_PASSWORD = "/auth/forgot-password"
+  }
+
+  // Admin routes
+  object Admin {
+    const val DASHBOARD = "/admin/dashboard"
+    const val USERS = "/admin/users"
+    const val SETTINGS = "/admin/settings"
+  }
+
+  // Feature routes
+  object Features {
+    const val PING = "/features/ping"
+    const val REPORTS = "/features/reports"
+    const val NOTIFICATIONS = "/features/notifications"
+  }
+}
+
+/**
+ * Route validation and utilities
+ */
+object RouteUtils {
+
+  /**
+   * Check if a route requires authentication
+   */
+  fun requiresAuth(route: String): Boolean {
+    return when {
+      route.startsWith("/auth/") && route != Routes.Auth.LOGIN -> false
+      route == Routes.HOME -> false
+      route == Routes.LOGIN -> false
+      else -> true
+    }
+  }
+
+  /**
+   * Check if a route is for admin only
+   */
+  fun requiresAdmin(route: String): Boolean {
+    return route.startsWith("/admin/")
+  }
+
+  /**
+   * Get the default route for authenticated users
+   */
+  fun getDefaultAuthenticatedRoute(): String = Routes.DASHBOARD
+
+  /**
+   * Get the default route for unauthenticated users
+   */
+  fun getDefaultUnauthenticatedRoute(): String = Routes.LOGIN
+
+  /**
+   * Validate route format
+   */
+  fun isValidRoute(route: String): Boolean {
+    return route.startsWith("/") && route.isNotBlank()
+  }
+
+  /**
+   * Parse route parameters (simple implementation)
+   */
+  fun parseRouteParams(route: String): Map<String, String> {
+    val params = mutableMapOf<String, String>()
+
+    // Simple query parameter parsing
+    if (route.contains("?")) {
+      val parts = route.split("?")
+      if (parts.size == 2) {
+        val queryParams = parts[1].split("&")
+        queryParams.forEach { param ->
+          val keyValue = param.split("=")
+          if (keyValue.size == 2) {
+            params[keyValue[0]] = keyValue[1]
+          }
+        }
+      }
+    }
+
+    return params
+  }
+
+  /**
+   * Get clean route without parameters
+   */
+  fun getCleanRoute(route: String): String {
+    return if (route.contains("?")) {
+      route.split("?")[0]
+    } else {
+      route
+    }
+  }
+}
@@ -0,0 +1,75 @@
+package at.mocode.shared.navigation
+
+import at.mocode.shared.presentation.state.NavigationState
+import kotlinx.coroutines.flow.Flow
+import kotlinx.coroutines.flow.flowOf
+
+/**
+ * Interface für das Persistieren von Navigation State
+ */
+interface NavigationPersistence {
+  suspend fun saveNavigationState(state: NavigationState)
+  fun getNavigationState(): Flow<NavigationState?>
+  suspend fun clearNavigationState()
+}
+
+/**
+ * Default implementation ohne echte Persistierung (In-Memory)
+ * Platform-spezifische Implementierungen können echte Persistierung bereitstellen
+ */
+class DefaultNavigationPersistence : NavigationPersistence {
+  private var currentState: NavigationState? = null
+
+  override suspend fun saveNavigationState(state: NavigationState) {
+    currentState = state
+  }
+
+  override fun getNavigationState(): Flow<NavigationState?> {
+    return flowOf(currentState)
+  }
+
+  override suspend fun clearNavigationState() {
+    currentState = null
+  }
+}
+
+/**
+ * Navigation History Manager mit Persistierung
+ */
+class NavigationHistoryManager(
+  private val persistence: NavigationPersistence
+) {
+  companion object {
+    private const val MAX_HISTORY_SIZE = 50
+  }
+
+  suspend fun saveRoute(route: String, history: List<String>) {
+    val state = NavigationState(
+      currentRoute = route,
+      history = history.takeLast(MAX_HISTORY_SIZE),
+      canGoBack = history.isNotEmpty()
+    )
+    persistence.saveNavigationState(state)
+  }
+
+  fun getPersistedState() = persistence.getNavigationState()
+
+  suspend fun clear() = persistence.clearNavigationState()
+
+  /**
+   * Optimiert die History für bessere Performance
+   */
+  private fun optimizeHistory(history: List<String>): List<String> {
+    // Entfernt Duplikate in Folge und behält nur die letzten N Einträge
+    return history
+      .fold(emptyList<String>()) { acc, route ->
+        if (acc.lastOrNull() != route) acc + route else acc
+      }
+      .takeLast(MAX_HISTORY_SIZE)
+  }
+
+  suspend fun addToHistory(newRoute: String, currentHistory: List<String>) {
+    val optimizedHistory = optimizeHistory(currentHistory + newRoute)
+    saveRoute(newRoute, optimizedHistory.dropLast(1))
+  }
+}
@@ -0,0 +1,27 @@
+package at.mocode.shared.network
+
+import io.ktor.client.*
+import io.ktor.client.plugins.contentnegotiation.*
+import io.ktor.serialization.kotlinx.json.*
+import kotlinx.serialization.json.Json
+
+object HttpClientConfig {
+
+  fun createClient(
+    baseUrl: String = "http://localhost:8080"
+  ): HttpClient = HttpClient {
+
+    // Content negotiation with JSON (based on PingApiClient pattern)
+    install(ContentNegotiation) {
+      json(Json {
+        prettyPrint = true
+        isLenient = true
+        ignoreUnknownKeys = true
+      })
+    }
+  }
+
+  fun createClientWithBaseUrl(baseUrl: String): HttpClient {
+    return createClient(baseUrl)
+  }
+}
@@ -0,0 +1,172 @@
+package at.mocode.shared.network
+
+import at.mocode.shared.domain.model.ApiError
+import io.ktor.client.network.sockets.*
+import io.ktor.client.plugins.*
+import kotlinx.io.IOException
+
+/**
+ * Custom exceptions for network operations
+ */
+sealed class NetworkException(
+  message: String,
+  cause: Throwable? = null,
+  val apiError: ApiError
+) : Exception(message, cause) {
+
+  class ConnectionException(
+    message: String = "Connection failed",
+    cause: Throwable? = null
+  ) : NetworkException(
+    message = message,
+    cause = cause,
+    apiError = ApiError(
+      code = "CONNECTION_ERROR",
+      message = message,
+      details = mapOf("type" to "network_connectivity")
+    )
+  )
+
+  class TimeoutException(
+    message: String = "Request timed out",
+    cause: Throwable? = null
+  ) : NetworkException(
+    message = message,
+    cause = cause,
+    apiError = ApiError(
+      code = "TIMEOUT_ERROR",
+      message = message,
+      details = mapOf("type" to "request_timeout")
+    )
+  )
+
+  class ServerException(
+    statusCode: Int,
+    message: String = "Server error",
+    cause: Throwable? = null
+  ) : NetworkException(
+    message = message,
+    cause = cause,
+    apiError = ApiError(
+      code = "SERVER_ERROR",
+      message = message,
+      details = mapOf(
+        "type" to "server_error",
+        "status_code" to statusCode.toString()
+      )
+    )
+  )
+
+  class ClientException(
+    statusCode: Int,
+    message: String = "Client error",
+    cause: Throwable? = null
+  ) : NetworkException(
+    message = message,
+    cause = cause,
+    apiError = ApiError(
+      code = "CLIENT_ERROR",
+      message = message,
+      details = mapOf(
+        "type" to "client_error",
+        "status_code" to statusCode.toString()
+      )
+    )
+  )
+
+  class AuthenticationException(
+    message: String = "Authentication failed",
+    cause: Throwable? = null
+  ) : NetworkException(
+    message = message,
+    cause = cause,
+    apiError = ApiError(
+      code = "AUTHENTICATION_ERROR",
+      message = message,
+      details = mapOf("type" to "authentication_failure")
+    )
+  )
+
+  class AuthorizationException(
+    message: String = "Authorization failed",
+    cause: Throwable? = null
+  ) : NetworkException(
+    message = message,
+    cause = cause,
+    apiError = ApiError(
+      code = "AUTHORIZATION_ERROR",
+      message = message,
+      details = mapOf("type" to "authorization_failure")
+    )
+  )
+
+  class UnknownException(
+    message: String = "Unknown error occurred",
+    cause: Throwable? = null
+  ) : NetworkException(
+    message = message,
+    cause = cause,
+    apiError = ApiError(
+      code = "UNKNOWN_ERROR",
+      message = message,
+      details = mapOf("type" to "unknown_error")
+    )
+  )
+}
+
+/**
+ * Extension function to convert various exceptions to NetworkException
+ */
+fun Throwable.toNetworkException(): NetworkException {
+  return when (this) {
+    is ConnectTimeoutException -> NetworkException.TimeoutException(
+      message = "Connection timeout: ${this.message}",
+      cause = this
+    )
+
+    is SocketTimeoutException -> NetworkException.TimeoutException(
+      message = "Socket timeout: ${this.message}",
+      cause = this
+    )
+
+    is ResponseException -> when (this.response.status.value) {
+      401 -> NetworkException.AuthenticationException(
+        message = "Authentication required",
+        cause = this
+      )
+
+      403 -> NetworkException.AuthorizationException(
+        message = "Access forbidden",
+        cause = this
+      )
+
+      in 400..499 -> NetworkException.ClientException(
+        statusCode = this.response.status.value,
+        message = "Client error: ${this.message}",
+        cause = this
+      )
+
+      in 500..599 -> NetworkException.ServerException(
+        statusCode = this.response.status.value,
+        message = "Server error: ${this.message}",
+        cause = this
+      )
+
+      else -> NetworkException.UnknownException(
+        message = "HTTP error: ${this.message}",
+        cause = this
+      )
+    }
+
+    is IOException -> NetworkException.ConnectionException(
+      message = "Network connection failed: ${this.message}",
+      cause = this
+    )
+
+    is NetworkException -> this
+    else -> NetworkException.UnknownException(
+      message = "Unexpected error: ${this.message}",
+      cause = this
+    )
+  }
+}
@@ -0,0 +1,221 @@
+package at.mocode.shared.network
+
+
+import at.mocode.shared.domain.model.ApiError
+import kotlinx.coroutines.delay
+
+// Using platform-agnostic timestamp handling
+
+/**
+ * Simple timestamp provider for multiplatform compatibility
+ */
+expect fun currentTimeMillis(): Long
+
+/**
+ * Network utilities for handling retry logic and resilience
+ */
+object NetworkUtils {
+
+  /**
+   * Retry configuration for network operations
+   */
+  data class RetryConfig(
+    val maxAttempts: Int = 3,
+    val initialDelayMs: Long = 1000L,
+    val maxDelayMs: Long = 10000L,
+    val backoffMultiplier: Double = 2.0,
+    val retryableExceptions: Set<String> = setOf(
+      "CONNECTION_ERROR",
+      "TIMEOUT_ERROR",
+      "SERVER_ERROR"
+    )
+  )
+
+  /**
+   * Execute operation with retry logic
+   */
+  suspend fun <T> withRetry(
+    config: RetryConfig = RetryConfig(),
+    operation: suspend () -> RepositoryResult<T>
+  ): RepositoryResult<T> {
+    var lastError: ApiError? = null
+    var currentDelay = config.initialDelayMs
+
+    repeat(config.maxAttempts) { attempt ->
+      try {
+        val result = operation()
+
+        // Return success immediately
+        if (result.isSuccess()) {
+          return result
+        }
+
+        // Check if the error is retryable
+        val error = result.getErrorOrNull()
+        if (error != null && shouldRetry(error, config)) {
+          lastError = error
+
+          // Don't delay on the last attempt
+          if (attempt < config.maxAttempts - 1) {
+            delay(currentDelay)
+            currentDelay = minOf(
+              (currentDelay * config.backoffMultiplier).toLong(),
+              config.maxDelayMs
+            )
+          }
+        } else {
+          // Non-retryable error, return immediately
+          return result
+        }
+      } catch (e: Exception) {
+        val networkException = e.toNetworkException()
+        lastError = networkException.apiError
+
+        if (shouldRetry(networkException.apiError, config)) {
+          if (attempt < config.maxAttempts - 1) {
+            delay(currentDelay)
+            currentDelay = minOf(
+              (currentDelay * config.backoffMultiplier).toLong(),
+              config.maxDelayMs
+            )
+          }
+        } else {
+          return RepositoryResult.Error(networkException.apiError)
+        }
+      }
+    }
+
+    // All attempts exhausted, return last error
+    return RepositoryResult.Error(
+      lastError ?: ApiError(
+        code = "MAX_RETRIES_EXCEEDED",
+        message = "Maximum retry attempts exceeded"
+      )
+    )
+  }
+
+  /**
+   * Check if an error should trigger a retry
+   */
+  private fun shouldRetry(error: ApiError, config: RetryConfig): Boolean {
+    return config.retryableExceptions.contains(error.code)
+  }
+
+  /**
+   * Network connectivity checker (simplified for shared module)
+   */
+  object ConnectivityChecker {
+    private var isOnline: Boolean = true
+    private var lastCheckMillis: Long = 0L
+
+    fun setOnlineStatus(online: Boolean) {
+      isOnline = online
+      lastCheckMillis = currentTimeMillis()
+    }
+
+    fun isOnline(): Boolean = isOnline
+
+    fun getLastCheckMillis(): Long = lastCheckMillis
+
+    /**
+     * Simple connectivity test by attempting a lightweight operation
+     */
+    suspend fun checkConnectivity(testOperation: suspend () -> Boolean): Boolean {
+      return try {
+        val result = testOperation()
+        setOnlineStatus(result)
+        result
+      } catch (_: Exception) {
+        setOnlineStatus(false)
+        false
+      }
+    }
+  }
+
+  /**
+   * Circuit breaker pattern for network operations
+   */
+  class CircuitBreaker(
+    private val failureThreshold: Int = 5,
+    private val recoveryTimeoutMs: Long = 60000L,
+    private val successThreshold: Int = 3
+  ) {
+    private enum class State { CLOSED, OPEN, HALF_OPEN }
+
+    private var state = State.CLOSED
+    private var failureCount = 0
+    private var successCount = 0
+    private var lastFailureTime = 0L
+
+    suspend fun <T> execute(operation: suspend () -> RepositoryResult<T>): RepositoryResult<T> {
+      when (state) {
+        State.OPEN -> {
+          if (currentTimeMillis() - lastFailureTime >= recoveryTimeoutMs) {
+            state = State.HALF_OPEN
+            successCount = 0
+          } else {
+            return RepositoryResult.Error(
+              ApiError(
+                code = "CIRCUIT_BREAKER_OPEN",
+                message = "Circuit breaker is open, requests blocked"
+              )
+            )
+          }
+        }
+
+        State.HALF_OPEN -> {
+          // Allow limited requests to test recovery
+        }
+
+        State.CLOSED -> {
+          // Normal operation
+        }
+      }
+
+      return try {
+        val result = operation()
+
+        if (result.isSuccess()) {
+          onSuccess()
+        } else {
+          onFailure()
+        }
+
+        result
+      } catch (e: Exception) {
+        onFailure()
+        val networkException = e.toNetworkException()
+        RepositoryResult.Error(networkException.apiError)
+      }
+    }
+
+    private fun onSuccess() {
+      failureCount = 0
+
+      when (state) {
+        State.HALF_OPEN -> {
+          successCount++
+          if (successCount >= successThreshold) {
+            state = State.CLOSED
+          }
+        }
+
+        else -> {
+          state = State.CLOSED
+        }
+      }
+    }
+
+    private fun onFailure() {
+      failureCount++
+      lastFailureTime = currentTimeMillis()
+
+      if (failureCount >= failureThreshold) {
+        state = State.OPEN
+      }
+    }
+
+    fun getState(): String = state.name
+    fun getFailureCount(): Int = failureCount
+  }
+}
@@ -0,0 +1,18 @@
+package at.mocode.shared.network
+
+import at.mocode.shared.domain.model.ApiError
+
+/**
+ * Einheitlicher Ergebnis-Typ für Repository-/Netzwerkoperationen.
+ */
+sealed class RepositoryResult<out T> {
+  data class Success<T>(val value: T) : RepositoryResult<T>()
+  data class Error(val apiError: ApiError) : RepositoryResult<Nothing>()
+}
+
+fun <T> RepositoryResult<T>.isSuccess(): Boolean = this is RepositoryResult.Success
+
+fun <T> RepositoryResult<T>.getErrorOrNull(): ApiError? = when (this) {
+  is RepositoryResult.Success -> null
+  is RepositoryResult.Error -> this.apiError
+}
@@ -0,0 +1,37 @@
+package at.mocode.shared.presentation.actions
+
+import at.mocode.shared.presentation.state.Notification
+import at.mocode.shared.domain.model.User
+import at.mocode.shared.domain.model.AuthToken
+
+sealed class AppAction {
+  // Auth Actions
+  sealed class Auth : AppAction() {
+    data class LoginStart(val username: String, val password: String) : Auth()
+    data class LoginSuccess(val user: User, val token: AuthToken) : Auth()
+    data class LoginFailure(val error: String) : Auth()
+    object Logout : Auth()
+    data class RefreshToken(val newToken: AuthToken) : Auth()
+  }
+
+  // Navigation Actions
+  sealed class Navigation : AppAction() {
+    data class NavigateTo(val route: String) : Navigation()
+    object NavigateBack : Navigation()
+    data class UpdateHistory(val route: String) : Navigation()
+  }
+
+  // UI Actions
+  sealed class UI : AppAction() {
+    object ToggleDarkMode : UI()
+    data class SetLoading(val isLoading: Boolean) : UI()
+    data class ShowNotification(val notification: Notification) : UI()
+    data class DismissNotification(val id: String) : UI()
+  }
+
+  // Network Actions
+  sealed class Network : AppAction() {
+    data class SetOnlineStatus(val isOnline: Boolean) : Network()
+    data class UpdateLastSync(val timestamp: String) : Network()
+  }
+}
@@ -0,0 +1,55 @@
+package at.mocode.shared.presentation.state
+
+import kotlinx.serialization.Serializable
+import at.mocode.shared.domain.model.User
+import at.mocode.shared.domain.model.AuthToken
+
+@Serializable
+data class AppState(
+  val auth: AuthState = AuthState(),
+  val navigation: NavigationState = NavigationState(),
+  val ui: UiState = UiState(),
+  val network: NetworkState = NetworkState()
+)
+
+@Serializable
+data class AuthState(
+  val isAuthenticated: Boolean = false,
+  val user: User? = null,
+  val token: AuthToken? = null,
+  val isLoading: Boolean = false,
+  val error: String? = null
+)
+
+@Serializable
+data class NavigationState(
+  val currentRoute: String = "/",
+  val history: List<String> = emptyList(),
+  val canGoBack: Boolean = false
+)
+
+@Serializable
+data class UiState(
+  val isDarkMode: Boolean = false,
+  val isLoading: Boolean = false,
+  val notifications: List<Notification> = emptyList()
+)
+
+@Serializable
+data class NetworkState(
+  val isOnline: Boolean = true,
+  val lastSync: String? = null
+)
+
+@Serializable
+data class Notification(
+  val id: String,
+  val title: String,
+  val message: String,
+  val type: NotificationType = NotificationType.INFO,
+  val timestamp: String
+)
+
+enum class NotificationType {
+  INFO, SUCCESS, WARNING, ERROR
+}
@@ -0,0 +1,156 @@
+package at.mocode.shared.presentation.store
+
+import at.mocode.shared.presentation.state.AppState
+import at.mocode.shared.presentation.actions.AppAction
+import at.mocode.shared.presentation.state.AuthState
+import at.mocode.shared.presentation.state.NavigationState
+import at.mocode.shared.presentation.state.NetworkState
+import at.mocode.shared.presentation.state.UiState
+import kotlinx.coroutines.*
+import kotlinx.coroutines.flow.*
+
+class AppStore(
+  private val dispatcher: CoroutineDispatcher = Dispatchers.Main
+) {
+  private val scope = CoroutineScope(SupervisorJob() + dispatcher)
+  private val _state = MutableStateFlow(AppState())
+
+  val state: StateFlow<AppState> = _state.asStateFlow()
+
+  fun dispatch(action: AppAction) {
+    scope.launch {
+      val currentState = _state.value
+      val newState = reduce(currentState, action)
+      _state.value = newState
+
+      // Handle side effects
+      handleSideEffect(action, newState)
+    }
+  }
+
+  private fun reduce(currentState: AppState, action: AppAction): AppState {
+    return when (action) {
+      is AppAction.Auth -> currentState.copy(
+        auth = reduceAuth(currentState.auth, action)
+      )
+
+      is AppAction.Navigation -> currentState.copy(
+        navigation = reduceNavigation(currentState.navigation, action)
+      )
+
+      is AppAction.UI -> currentState.copy(
+        ui = reduceUI(currentState.ui, action)
+      )
+
+      is AppAction.Network -> currentState.copy(
+        network = reduceNetwork(currentState.network, action)
+      )
+    }
+  }
+
+  private fun reduceAuth(currentAuth: AuthState, action: AppAction.Auth): AuthState {
+    return when (action) {
+      is AppAction.Auth.LoginStart -> currentAuth.copy(
+        isLoading = true,
+        error = null
+      )
+
+      is AppAction.Auth.LoginSuccess -> currentAuth.copy(
+        isAuthenticated = true,
+        user = action.user,
+        token = action.token,
+        isLoading = false,
+        error = null
+      )
+
+      is AppAction.Auth.LoginFailure -> currentAuth.copy(
+        isAuthenticated = false,
+        user = null,
+        token = null,
+        isLoading = false,
+        error = action.error
+      )
+
+      is AppAction.Auth.Logout -> AuthState()
+      is AppAction.Auth.RefreshToken -> currentAuth.copy(
+        token = action.newToken
+      )
+    }
+  }
+
+  private fun reduceNavigation(currentNav: NavigationState, action: AppAction.Navigation): NavigationState {
+    return when (action) {
+      is AppAction.Navigation.NavigateTo -> currentNav.copy(
+        currentRoute = action.route,
+        history = currentNav.history + currentNav.currentRoute,
+        canGoBack = true
+      )
+
+      is AppAction.Navigation.NavigateBack -> {
+        val newHistory = currentNav.history.dropLast(1)
+        currentNav.copy(
+          currentRoute = newHistory.lastOrNull() ?: "/",
+          history = newHistory,
+          canGoBack = newHistory.isNotEmpty()
+        )
+      }
+
+      is AppAction.Navigation.UpdateHistory -> currentNav.copy(
+        currentRoute = action.route
+      )
+    }
+  }
+
+  private fun reduceUI(currentUI: UiState, action: AppAction.UI): UiState {
+    return when (action) {
+      is AppAction.UI.ToggleDarkMode -> currentUI.copy(
+        isDarkMode = !currentUI.isDarkMode
+      )
+
+      is AppAction.UI.SetLoading -> currentUI.copy(
+        isLoading = action.isLoading
+      )
+
+      is AppAction.UI.ShowNotification -> currentUI.copy(
+        notifications = currentUI.notifications + action.notification
+      )
+
+      is AppAction.UI.DismissNotification -> currentUI.copy(
+        notifications = currentUI.notifications.filter { it.id != action.id }
+      )
+    }
+  }
+
+  private fun reduceNetwork(currentNetwork: NetworkState, action: AppAction.Network): NetworkState {
+    return when (action) {
+      is AppAction.Network.SetOnlineStatus -> currentNetwork.copy(
+        isOnline = action.isOnline
+      )
+
+      is AppAction.Network.UpdateLastSync -> currentNetwork.copy(
+        lastSync = action.timestamp
+      )
+    }
+  }
+
+  private suspend fun handleSideEffect(action: AppAction, newState: AppState) {
+    when (action) {
+      is AppAction.Auth.LoginSuccess -> {
+        // Auto-save token to local storage
+        // TODO: Implement storage
+      }
+
+      is AppAction.Auth.Logout -> {
+        // Clear local storage
+        // TODO: Implement storage cleanup
+      }
+
+      else -> { /* No side effects */
+      }
+    }
+  }
+
+  fun cleanup() {
+    scope.cancel()
+  }
+}
@@ -0,0 +1,5 @@
+package at.mocode.shared.network
+
+import kotlin.js.Date
+
+actual fun currentTimeMillis(): Long = Date().getTime().toLong()
@@ -0,0 +1,3 @@
+package at.mocode.shared.network
+
+actual fun currentTimeMillis(): Long = System.currentTimeMillis()