refactor: Clean Architecture mit Repository Pattern, Controllern und DTOs

- 15 Controller-Klassen ersetzen Minimal APIs in Program.cs
- Repository Pattern mit Interfaces + Implementierungen (Project, Task, Activity, User)
- AuthService verwendet jetzt IUserRepository statt direktem DbContext-Zugriff
- SecurityHeadersMiddleware als eigenständige Middleware-Klasse
- PathSecurityHelper als gemeinsamer Helper für Pfadvalidierung
- DTOs in eigenem Namespace Nexus.Api.DTOs
- EF-Entities in Nexus.Api.Data (vorher Nexus.Api.Domain)
- Program.cs auf DI-Registrierung + Middleware reduziert
- Alle 43 Endpoints unverändert erhalten
- Build + 3/3 Tests erfolgreich

backend/Repositories/ActivityRepository.cs

@@ -0,0 +1,43 @@
+using Microsoft.EntityFrameworkCore;
+using Nexus.Api.Data;
+
+namespace Nexus.Api.Repositories;
+
+public sealed class ActivityRepository(NexusDbContext db) : IActivityRepository
+{
+    public Task<List<ActivityEvent>> GetRecentAsync(int take, CancellationToken ct = default)
+        => db.Activity.AsNoTracking().OrderByDescending(x => x.CreatedAt).Take(take).ToListAsync(ct);
+
+    public async Task<(List<ActivityEvent> Items, int TotalCount)> GetPagedAsync(
+        string? type, string? sort, int page, int pageSize, CancellationToken ct = default)
+    {
+        var query = db.Activity.AsNoTracking();
+
+        if (!string.IsNullOrWhiteSpace(type))
+            query = query.Where(x => x.Type == type);
+
+        query = (sort?.ToLowerInvariant()) switch
+        {
+            "oldest" => query.OrderBy(x => x.CreatedAt),
+            _ => query.OrderByDescending(x => x.CreatedAt)
+        };
+
+        var totalCount = await query.CountAsync(ct);
+        var items = await query.Skip((page - 1) * pageSize).Take(pageSize).ToListAsync(ct);
+        return (items, totalCount);
+    }
+
+    public Task<List<ActivityEvent>> GetByAgentAsync(string agentId, int take, CancellationToken ct = default)
+        => db.Activity.AsNoTracking()
+            .Where(x => x.Message.Contains(agentId, StringComparison.OrdinalIgnoreCase) || x.Type == "agent")
+            .OrderByDescending(x => x.CreatedAt)
+            .Take(take)
+            .ToListAsync(ct);
+
+    public async Task<ActivityEvent> AddAsync(ActivityEvent activity, CancellationToken ct = default)
+    {
+        db.Activity.Add(activity);
+        await db.SaveChangesAsync(ct);
+        return activity;
+    }
+}

backend/Repositories/IActivityRepository.cs

@@ -0,0 +1,12 @@
+using Nexus.Api.Data;
+
+namespace Nexus.Api.Repositories;
+
+public interface IActivityRepository
+{
+    Task<List<ActivityEvent>> GetRecentAsync(int take, CancellationToken ct = default);
+    Task<(List<ActivityEvent> Items, int TotalCount)> GetPagedAsync(
+        string? type, string? sort, int page, int pageSize, CancellationToken ct = default);
+    Task<List<ActivityEvent>> GetByAgentAsync(string agentId, int take, CancellationToken ct = default);
+    Task<ActivityEvent> AddAsync(ActivityEvent activity, CancellationToken ct = default);
+}

backend/Repositories/IProjectRepository.cs

@@ -0,0 +1,13 @@
+using Nexus.Api.Data;
+
+namespace Nexus.Api.Repositories;
+
+public interface IProjectRepository
+{
+    Task<List<Project>> GetAllAsync(CancellationToken ct = default);
+    ValueTask<Project?> GetByIdAsync(Guid id, CancellationToken ct = default);
+    Task<Project> AddAsync(Project project, CancellationToken ct = default);
+    Task UpdateAsync(Project project, CancellationToken ct = default);
+    Task DeleteAsync(Project project, CancellationToken ct = default);
+    Task<bool> HasTasksAsync(Guid projectId, CancellationToken ct = default);
+}

backend/Repositories/ITaskRepository.cs

@@ -0,0 +1,16 @@
+using Nexus.Api.Data;
+
+namespace Nexus.Api.Repositories;
+
+public interface ITaskRepository
+{
+    Task<List<WorkTask>> GetAllAsync(CancellationToken ct = default);
+    ValueTask<WorkTask?> GetByIdAsync(Guid id, CancellationToken ct = default);
+    Task<List<WorkTask>> GetPendingApprovalAsync(CancellationToken ct = default);
+    Task<WorkTask> AddAsync(WorkTask task, CancellationToken ct = default);
+    Task UpdateAsync(WorkTask task, CancellationToken ct = default);
+    Task DeleteAsync(WorkTask task, CancellationToken ct = default);
+    Task<int> CountAsync(CancellationToken ct = default);
+    Task<int> CountByStateAsync(string state, CancellationToken ct = default);
+    Task<WorkTask?> GetLastBlockedAsync(CancellationToken ct = default);
+}

backend/Repositories/IUserRepository.cs

@@ -0,0 +1,21 @@
+using Nexus.Api.Data;
+
+namespace Nexus.Api.Repositories;
+
+public interface IUserRepository
+{
+    ValueTask<NexusUser?> GetByIdAsync(Guid userId, CancellationToken ct = default);
+    Task<NexusUser?> GetByEmailAsync(string normalizedEmail, CancellationToken ct = default);
+    Task<bool> AnyUsersAsync(CancellationToken ct = default);
+    Task<NexusUser> AddAsync(NexusUser user, CancellationToken ct = default);
+    Task UpdateAsync(NexusUser user, CancellationToken ct = default);
+
+    // Refresh token operations
+    Task<RefreshToken?> GetRefreshTokenByHashAsync(string tokenHash, CancellationToken ct = default);
+    Task<List<RefreshToken>> GetActiveTokensByFamilyAsync(Guid familyId, CancellationToken ct = default);
+    Task AddRefreshTokenAsync(RefreshToken token, CancellationToken ct = default);
+    Task UpdateRefreshTokenAsync(RefreshToken token, CancellationToken ct = default);
+    Task RemoveExpiredTokensAsync(Guid userId, CancellationToken ct = default);
+
+    Task SaveChangesAsync(CancellationToken ct = default);
+}

backend/Repositories/ProjectRepository.cs

@@ -0,0 +1,35 @@
+using Microsoft.EntityFrameworkCore;
+using Nexus.Api.Data;
+
+namespace Nexus.Api.Repositories;
+
+public sealed class ProjectRepository(NexusDbContext db) : IProjectRepository
+{
+    public Task<List<Project>> GetAllAsync(CancellationToken ct = default)
+        => db.Projects.AsNoTracking().OrderByDescending(x => x.UpdatedAt).ToListAsync(ct);
+
+    public ValueTask<Project?> GetByIdAsync(Guid id, CancellationToken ct = default)
+        => db.Projects.FindAsync([id], ct);
+
+    public async Task<Project> AddAsync(Project project, CancellationToken ct = default)
+    {
+        db.Projects.Add(project);
+        await db.SaveChangesAsync(ct);
+        return project;
+    }
+
+    public async Task UpdateAsync(Project project, CancellationToken ct = default)
+    {
+        project.UpdatedAt = DateTimeOffset.UtcNow;
+        await db.SaveChangesAsync(ct);
+    }
+
+    public async Task DeleteAsync(Project project, CancellationToken ct = default)
+    {
+        db.Projects.Remove(project);
+        await db.SaveChangesAsync(ct);
+    }
+
+    public Task<bool> HasTasksAsync(Guid projectId, CancellationToken ct = default)
+        => db.Tasks.AnyAsync(t => t.ProjectId == projectId, ct);
+}

backend/Repositories/TaskRepository.cs

@@ -0,0 +1,53 @@
+using Microsoft.EntityFrameworkCore;
+using Nexus.Api.Data;
+
+namespace Nexus.Api.Repositories;
+
+public sealed class TaskRepository(NexusDbContext db) : ITaskRepository
+{
+    public Task<List<WorkTask>> GetAllAsync(CancellationToken ct = default)
+        => db.Tasks.AsNoTracking().OrderByDescending(x => x.UpdatedAt).ToListAsync(ct);
+
+    public ValueTask<WorkTask?> GetByIdAsync(Guid id, CancellationToken ct = default)
+        => db.Tasks.FindAsync([id], ct);
+
+    public Task<List<WorkTask>> GetPendingApprovalAsync(CancellationToken ct = default)
+    {
+        var threshold = DateTimeOffset.UtcNow.AddHours(-1);
+        return db.Tasks.AsNoTracking()
+            .Where(x => x.State == TaskStateHelper.ToStateString(TaskState.InProgress) && x.UpdatedAt <= threshold)
+            .OrderByDescending(x => x.UpdatedAt)
+            .ToListAsync(ct);
+    }
+
+    public async Task<WorkTask> AddAsync(WorkTask task, CancellationToken ct = default)
+    {
+        db.Tasks.Add(task);
+        await db.SaveChangesAsync(ct);
+        return task;
+    }
+
+    public async Task UpdateAsync(WorkTask task, CancellationToken ct = default)
+    {
+        task.UpdatedAt = DateTimeOffset.UtcNow;
+        await db.SaveChangesAsync(ct);
+    }
+
+    public async Task DeleteAsync(WorkTask task, CancellationToken ct = default)
+    {
+        db.Tasks.Remove(task);
+        await db.SaveChangesAsync(ct);
+    }
+
+    public Task<int> CountAsync(CancellationToken ct = default)
+        => db.Tasks.CountAsync(ct);
+
+    public Task<int> CountByStateAsync(string state, CancellationToken ct = default)
+        => db.Tasks.CountAsync(x => x.State == state, ct);
+
+    public Task<WorkTask?> GetLastBlockedAsync(CancellationToken ct = default)
+        => db.Tasks.AsNoTracking()
+            .Where(x => x.State == TaskStateHelper.ToStateString(TaskState.Blocked))
+            .OrderByDescending(x => x.UpdatedAt)
+            .FirstOrDefaultAsync(ct);
+}

backend/Repositories/UserRepository.cs

@@ -0,0 +1,59 @@
+using Microsoft.EntityFrameworkCore;
+using Nexus.Api.Data;
+
+namespace Nexus.Api.Repositories;
+
+public sealed class UserRepository(NexusDbContext db) : IUserRepository
+{
+    public ValueTask<NexusUser?> GetByIdAsync(Guid userId, CancellationToken ct = default)
+        => db.Users.FindAsync([userId], ct);
+
+    public Task<NexusUser?> GetByEmailAsync(string normalizedEmail, CancellationToken ct = default)
+        => db.Users.FirstOrDefaultAsync(u => u.NormalizedEmail == normalizedEmail, ct);
+
+    public Task<bool> AnyUsersAsync(CancellationToken ct = default)
+        => db.Users.AnyAsync(ct);
+
+    public async Task<NexusUser> AddAsync(NexusUser user, CancellationToken ct = default)
+    {
+        db.Users.Add(user);
+        await db.SaveChangesAsync(ct);
+        return user;
+    }
+
+    public Task UpdateAsync(NexusUser user, CancellationToken ct = default)
+        => db.SaveChangesAsync(ct);
+
+    public Task<RefreshToken?> GetRefreshTokenByHashAsync(string tokenHash, CancellationToken ct = default)
+        => db.RefreshTokens
+            .Include(r => r.User)
+            .FirstOrDefaultAsync(r => r.TokenHash == tokenHash, ct);
+
+    public Task<List<RefreshToken>> GetActiveTokensByFamilyAsync(Guid familyId, CancellationToken ct = default)
+        => db.RefreshTokens
+            .Where(r => r.FamilyId == familyId && r.RevokedAt == null)
+            .ToListAsync(ct);
+
+    public async Task AddRefreshTokenAsync(RefreshToken token, CancellationToken ct = default)
+    {
+        db.RefreshTokens.Add(token);
+        await db.SaveChangesAsync(ct);
+    }
+
+    public Task UpdateRefreshTokenAsync(RefreshToken token, CancellationToken ct = default)
+        => db.SaveChangesAsync(ct);
+
+    public async Task RemoveExpiredTokensAsync(Guid userId, CancellationToken ct = default)
+    {
+        var cutoff = DateTimeOffset.UtcNow.AddDays(-30);
+        var oldTokens = await db.RefreshTokens
+            .Where(r => r.UserId == userId && (r.ExpiresAt < DateTimeOffset.UtcNow || r.RevokedAt < cutoff))
+            .ToListAsync(ct);
+
+        if (oldTokens.Count > 0)
+            db.RefreshTokens.RemoveRange(oldTokens);
+    }
+
+    public Task SaveChangesAsync(CancellationToken ct = default)
+        => db.SaveChangesAsync(ct);
+}