feat: L'Ami Fiduciaire V1.0.0 — full codebase with Story 0.1 complete

Initial commit of the L'Ami Fiduciaire SaaS platform built on Laravel 12,
Vue 3, Inertia.js 2, and Tailwind CSS 4.

Story 0.1 (rename folders to declarations in database) is implemented and
code-reviewed: migration, rollback, and 6 Pest tests all passing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/Http/Controllers/Client/ConfirmController.php

@@ -0,0 +1,57 @@
+<?php
+
+namespace App\Http\Controllers\Client;
+
+use App\Enums\ActorType;
+use App\Http\Controllers\Controller;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Inertia\Inertia;
+use Inertia\Response;
+
+class ConfirmController extends Controller
+{
+    /**
+     * Show the confirmation page.
+     */
+    public function show(Request $request, string $token): Response
+    {
+        $invitation = $request->attributes->get('folder_invitation');
+        $folder = $invitation->folder;
+
+        $folder->load(['client']);
+
+        return Inertia::render('client/Confirm', [
+            'folder' => [
+                'id' => $folder->id,
+                'title' => $folder->title,
+                'client_name' => $folder->client->company_name,
+            ],
+            'token' => $token,
+            'submitUrl' => route('client.confirm.store', ['token' => $token]),
+        ]);
+    }
+
+    /**
+     * Store the confirmation (client confirms).
+     */
+    public function store(Request $request, string $token): RedirectResponse
+    {
+        $invitation = $request->attributes->get('folder_invitation');
+        $folder = $invitation->folder;
+
+        $request->validate([
+            'signature' => ['required', 'string', 'max:255'],
+        ]);
+
+        $folder->update([
+            'validated_at' => now(),
+            'confirmed_by_type' => ActorType::Client,
+            'confirmed_by_id' => $folder->client_id,
+            'confirmation_signature' => $request->input('signature'),
+            'status' => \App\Enums\FolderStatus::Validated,
+        ]);
+
+        return back()->with('flash', ['type' => 'success', 'message' => 'Validation enregistrée. Merci.']);
+    }
+}

app/Http/Controllers/Client/RefuseController.php

@@ -0,0 +1,53 @@
+<?php
+
+namespace App\Http\Controllers\Client;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Inertia\Inertia;
+use Inertia\Response;
+
+class RefuseController extends Controller
+{
+    /**
+     * Show the refusal page.
+     */
+    public function show(Request $request, string $token): Response
+    {
+        $invitation = $request->attributes->get('folder_invitation');
+        $folder = $invitation->folder;
+
+        $folder->load(['client']);
+
+        return Inertia::render('client/Refuse', [
+            'folder' => [
+                'id' => $folder->id,
+                'title' => $folder->title,
+                'client_name' => $folder->client->company_name,
+            ],
+            'token' => $token,
+            'submitUrl' => route('client.refuse.store', ['token' => $token]),
+        ]);
+    }
+
+    /**
+     * Store the refusal.
+     */
+    public function store(Request $request, string $token): RedirectResponse
+    {
+        $invitation = $request->attributes->get('folder_invitation');
+        $folder = $invitation->folder;
+
+        $request->validate([
+            'reason' => ['nullable', 'string', 'max:65535'],
+        ]);
+
+        $folder->update([
+            'refused_at' => now(),
+            'refusal_reason' => $request->input('reason'),
+        ]);
+
+        return back()->with('flash', ['type' => 'success', 'message' => 'Refus enregistré.']);
+    }
+}

app/Http/Controllers/Client/UploadController.php

@@ -0,0 +1,90 @@
+<?php
+
+namespace App\Http\Controllers\Client;
+
+use App\Enums\ActorType;
+use App\Enums\FolderStatus;
+use App\Enums\MessageType;
+use App\Http\Controllers\Controller;
+use App\Mail\FolderTextMessageMail;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Mail;
+use Inertia\Inertia;
+use Inertia\Response;
+
+class UploadController extends Controller
+{
+    /**
+     * Show the client upload page.
+     */
+    public function show(Request $request, string $token): Response
+    {
+        $invitation = $request->attributes->get('folder_invitation');
+        $folder = $invitation->folder;
+
+        $folder->load(['client']);
+        $documents = $folder->getMedia('documents')->map(fn ($m) => [
+            'id' => $m->id,
+            'name' => $m->name,
+            'file_name' => $m->file_name,
+            'size' => $m->human_readable_size,
+            'created_at' => $m->created_at->format('d/m/Y H:i'),
+        ])->values()->all();
+
+        return Inertia::render('client/Upload', [
+            'folder' => [
+                'id' => $folder->id,
+                'title' => $folder->title,
+                'client_name' => $folder->client->company_name,
+            ],
+            'token' => $token,
+            'documents' => $documents,
+            'uploadUrl' => route('client.upload.store', ['token' => $token]),
+            'csrfToken' => csrf_token(),
+        ]);
+    }
+
+    /**
+     * Store uploaded files.
+     */
+    public function store(Request $request, string $token): RedirectResponse
+    {
+        $invitation = $request->attributes->get('folder_invitation');
+        $folder = $invitation->folder;
+
+        $request->validate([
+            'files' => ['required', 'array', 'min:1'],
+            'files.*' => ['file', 'max:10240'],
+        ]);
+
+        $message = $folder->messages()->create([
+            'type' => MessageType::Text,
+            'body' => 'Documents déposés par le client.',
+            'sent_by_type' => ActorType::Client,
+            'sent_by_id' => $folder->client_id,
+            'metadata' => ['invitation_id' => $invitation->id],
+        ]);
+
+        foreach ($request->file('files') as $file) {
+            $folder->addMedia($file)
+                ->withCustomProperties([
+                    'message_id' => $message->id,
+                    'uploaded_by_type' => ActorType::Client,
+                    'uploaded_by_id' => $folder->client_id,
+                ])
+                ->toMediaCollection('documents');
+        }
+
+        $folder->update(['status' => FolderStatus::DocumentsReceived]);
+
+        $recipient = $folder->assignee ?? $folder->creator;
+        if ($recipient?->email) {
+            Mail::to($recipient->email)->send(
+                new FolderTextMessageMail($folder, 'Le client a déposé des documents.', null)
+            );
+        }
+
+        return back()->with('flash', ['type' => 'success', 'message' => 'Documents envoyés avec succès.']);
+    }
+}

app/Http/Controllers/ClientController.php

@@ -0,0 +1,293 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Enums\ClientStatus;
+use App\Enums\LegalForm;
+use App\Http\Requests\StoreClientRequest;
+use App\Http\Requests\UpdateClientRequest;
+use App\Models\Client;
+use App\Models\Workspace;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
+use Inertia\Inertia;
+use Inertia\Response;
+
+class ClientController extends Controller
+{
+    protected function legalFormLabels(): array
+    {
+        $labels = [
+            'sarl' => 'SARL',
+            'sa' => 'SA',
+            'snc' => 'SNC',
+            'scs' => 'SCS',
+            'eurl' => 'EURL',
+            'sel' => 'SEL',
+            'auto_entrepreneur' => 'Auto-entrepreneur',
+            'entreprise_individuelle' => 'Entreprise individuelle',
+            'other' => 'Autre',
+        ];
+
+        return array_intersect_key($labels, array_flip(LegalForm::getValues()));
+    }
+
+    protected function clientStatusLabels(): array
+    {
+        return [
+            ClientStatus::Active => 'Actif',
+            ClientStatus::Inactive => 'Inactif',
+            ClientStatus::Suspended => 'Suspendu',
+        ];
+    }
+
+    protected function currentWorkspace(Request $request): Workspace
+    {
+        $workspaceId = $request->session()->get('current_workspace_id');
+
+        return Workspace::query()->findOrFail($workspaceId);
+    }
+
+    protected function serializeContacts(Client $client): array
+    {
+        return $client->contacts->map(fn ($c) => [
+            'id' => $c->id,
+            'full_name' => $c->full_name,
+            'job_title' => $c->job_title,
+            'email' => $c->email,
+            'phone' => $c->phone,
+            'is_principal' => $c->is_principal,
+        ])->all();
+    }
+
+    /**
+     * Display a listing of the clients.
+     */
+    public function index(Request $request): Response
+    {
+        $workspace = $this->currentWorkspace($request);
+
+        $perPage = min(max((int) $request->input('per_page', 10), 10), 100);
+
+        $clients = $workspace->clients()
+            ->latest()
+            ->paginate($perPage)
+            ->through(fn (Client $client) => [
+                'id' => $client->id,
+                'company_name' => $client->company_name,
+                'legal_form' => $client->legal_form->value,
+                'ice' => $client->ice,
+                'status' => $client->status?->value,
+                'showUrl' => route('clients.show', $client),
+                'editUrl' => route('clients.edit', $client),
+                'destroyUrl' => route('clients.destroy', $client),
+            ]);
+
+        return Inertia::render('clients/Index', [
+            'clients' => $clients,
+            'createUrl' => route('clients.create'),
+            'workspaceName' => $workspace->name,
+        ]);
+    }
+
+    /**
+     * Show the form for creating a new client.
+     */
+    public function create(Request $request): Response
+    {
+        $workspace = $this->currentWorkspace($request);
+
+        return Inertia::render('clients/Create', [
+            'indexUrl' => route('clients.index'),
+            'storeUrl' => route('clients.store'),
+            'legalForms' => $this->legalFormLabels(),
+            'clientStatusLabels' => $this->clientStatusLabels(),
+            'workspaceUsers' => $workspace->users()->orderBy('users.name')->select('users.id', 'users.name', 'users.email')->get()->map(fn ($u) => [
+                'id' => $u->id,
+                'name' => $u->name,
+                'email' => $u->email,
+            ])->values()->all(),
+        ]);
+    }
+
+    /**
+     * Store a newly created client in storage.
+     */
+    public function store(StoreClientRequest $request): RedirectResponse
+    {
+        $workspace = $this->currentWorkspace($request);
+        $data = $request->validated();
+        $contacts = $data['contacts'];
+        unset($data['contacts']);
+        $data['workspace_id'] = $workspace->id;
+
+        $client = Client::query()->create($data);
+
+        foreach ($contacts as $contact) {
+            $client->contacts()->create($contact);
+        }
+
+        return to_route('clients.index');
+    }
+
+    /**
+     * Display the specified client.
+     */
+    public function show(Request $request, Client $client): Response
+    {
+        $workspace = $this->currentWorkspace($request);
+        $this->authorizeClient($workspace, $client);
+
+        $client->load(['internalResponsible', 'contacts']);
+
+        $folders = $client->folders()
+            ->with(['assignee'])
+            ->latest()
+            ->limit(50)
+            ->get()
+            ->map(fn ($f) => [
+                'id' => $f->id,
+                'title' => $f->title,
+                'type' => $f->type->value,
+                'status' => $f->status->value,
+                'due_date' => $f->due_date?->format('Y-m-d'),
+                'created_at' => $f->created_at->format('Y-m-d'),
+                'showUrl' => route('folders.show', $f),
+            ])
+            ->values()
+            ->all();
+
+        $allFolders = $client->folders()->get();
+        $stats = [
+            'total' => $allFolders->count(),
+            'by_status' => $allFolders->groupBy(fn ($f) => $f->status->value)
+                ->map->count()
+                ->all(),
+            'by_type' => $allFolders->groupBy(fn ($f) => $f->type->value)
+                ->map->count()
+                ->all(),
+        ];
+
+        return Inertia::render('clients/Show', [
+            'client' => [
+                'id' => $client->id,
+                'company_name' => $client->company_name,
+                'legal_form' => $client->legal_form->value,
+                'ice' => $client->ice,
+                'fiscal_id' => $client->fiscal_id,
+                'rc' => $client->rc,
+                'cnss' => $client->cnss,
+                'patente' => $client->patente,
+                'contacts' => $this->serializeContacts($client),
+                'internal_responsible_id' => $client->internal_responsible_id,
+                'internal_responsible_name' => $client->internalResponsible?->name,
+                'status' => $client->status?->value,
+                'internal_notes' => $client->internal_notes,
+            ],
+            'folders' => $folders,
+            'stats' => $stats,
+            'indexUrl' => route('clients.index'),
+            'editUrl' => route('clients.edit', $client),
+            'createFolderUrl' => route('folders.create', ['client_id' => $client->id]),
+        ]);
+    }
+
+    /**
+     * Show the form for editing the specified client.
+     */
+    public function edit(Request $request, Client $client): Response
+    {
+        $workspace = $this->currentWorkspace($request);
+        $this->authorizeClient($workspace, $client);
+
+        $client->load('contacts');
+
+        return Inertia::render('clients/Edit', [
+            'client' => [
+                'id' => $client->id,
+                'company_name' => $client->company_name,
+                'legal_form' => $client->legal_form->value,
+                'ice' => $client->ice,
+                'fiscal_id' => $client->fiscal_id,
+                'rc' => $client->rc,
+                'cnss' => $client->cnss,
+                'patente' => $client->patente,
+                'contacts' => $this->serializeContacts($client),
+                'internal_responsible_id' => $client->internal_responsible_id,
+                'status' => $client->status?->value,
+                'internal_notes' => $client->internal_notes,
+            ],
+            'indexUrl' => route('clients.index'),
+            'updateUrl' => route('clients.update', $client),
+            'legalForms' => $this->legalFormLabels(),
+            'clientStatusLabels' => $this->clientStatusLabels(),
+            'workspaceUsers' => $workspace->users()->orderBy('users.name')->select('users.id', 'users.name', 'users.email')->get()->map(fn ($u) => [
+                'id' => $u->id,
+                'name' => $u->name,
+                'email' => $u->email,
+            ])->values()->all(),
+        ]);
+    }
+
+    /**
+     * Update the specified client in storage.
+     */
+    public function update(UpdateClientRequest $request, Client $client): RedirectResponse
+    {
+        $workspace = $this->currentWorkspace($request);
+        $this->authorizeClient($workspace, $client);
+
+        $data = $request->validated();
+        $contacts = $data['contacts'];
+        unset($data['contacts']);
+
+        DB::transaction(function () use ($client, $data, $contacts) {
+            $client->update($data);
+
+            $submittedIds = collect($contacts)
+                ->pluck('id')
+                ->filter()
+                ->all();
+
+            $client->contacts()
+                ->whereNotIn('id', $submittedIds)
+                ->get()
+                ->each
+                ->delete();
+
+            foreach ($contacts as $contactData) {
+                if (! empty($contactData['id'])) {
+                    $client->contacts()
+                        ->where('id', $contactData['id'])
+                        ->first()
+                        ?->update($contactData);
+                } else {
+                    $client->contacts()->create($contactData);
+                }
+            }
+        });
+
+        return to_route('clients.index');
+    }
+
+    /**
+     * Remove the specified client from storage.
+     */
+    public function destroy(Request $request, Client $client): RedirectResponse
+    {
+        $workspace = $this->currentWorkspace($request);
+        $this->authorizeClient($workspace, $client);
+
+        $client->delete();
+
+        return to_route('clients.index');
+    }
+
+    protected function authorizeClient(Workspace $workspace, Client $client): void
+    {
+        if ($client->workspace_id !== $workspace->id) {
+            abort(404);
+        }
+    }
+}

app/Http/Controllers/Controller.php

@@ -0,0 +1,8 @@
+<?php
+
+namespace App\Http\Controllers;
+
+abstract class Controller
+{
+    //
+}

app/Http/Controllers/DashboardController.php

@@ -0,0 +1,126 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Enums\FolderStatus;
+use App\Models\Folder;
+use App\Models\Workspace;
+use Illuminate\Http\Request;
+use Inertia\Inertia;
+use Inertia\Response;
+
+class DashboardController extends Controller
+{
+    /**
+     * Display the dashboard with assigned folders and notifications.
+     */
+    public function __invoke(Request $request): Response
+    {
+        $user = $request->user();
+        $workspaceId = $request->session()->get('current_workspace_id');
+        $workspace = $workspaceId ? Workspace::query()->find($workspaceId) : null;
+
+        $assignedFolders = [];
+        $notifications = [];
+
+        if ($workspace && $user) {
+            $assignedFolders = $workspace->folders()
+                ->where('assigned_to', $user->id)
+                ->whereNotIn('status', [FolderStatus::Closed, FolderStatus::Cancelled])
+                ->with('client:id,company_name')
+                ->orderByRaw('CASE WHEN due_date IS NULL THEN 1 ELSE 0 END, due_date ASC')
+                ->limit(50)
+                ->get()
+                ->map(fn (Folder $f) => [
+                    'id' => $f->id,
+                    'title' => $f->title,
+                    'type' => $f->type->value,
+                    'client_name' => $f->client->company_name,
+                    'status' => $f->status->value,
+                    'due_date' => $f->due_date?->format('Y-m-d'),
+                    'priority' => $f->priority?->value,
+                    'showUrl' => route('folders.show', $f),
+                ])
+                ->all();
+
+            $overdue = $workspace->folders()
+                ->where('assigned_to', $user->id)
+                ->where('due_date', '<', now()->startOfDay())
+                ->whereNotIn('status', [FolderStatus::Closed, FolderStatus::Cancelled])
+                ->with('client:id,company_name')
+                ->orderBy('due_date')
+                ->limit(10)
+                ->get()
+                ->map(fn (Folder $f) => [
+                    'id' => $f->id,
+                    'title' => $f->title,
+                    'client_name' => $f->client->company_name,
+                    'due_date' => $f->due_date?->format('Y-m-d'),
+                    'showUrl' => route('folders.show', $f),
+                ])
+                ->all();
+
+            $dueSoon = $workspace->folders()
+                ->where('assigned_to', $user->id)
+                ->whereBetween('due_date', [now()->startOfDay(), now()->addDays(7)->endOfDay()])
+                ->whereNotIn('status', [FolderStatus::Closed, FolderStatus::Cancelled])
+                ->with('client:id,company_name')
+                ->orderBy('due_date')
+                ->limit(10)
+                ->get()
+                ->map(fn (Folder $f) => [
+                    'id' => $f->id,
+                    'title' => $f->title,
+                    'client_name' => $f->client->company_name,
+                    'due_date' => $f->due_date?->format('Y-m-d'),
+                    'showUrl' => route('folders.show', $f),
+                ])
+                ->all();
+
+            $documentsReceived = $workspace->folders()
+                ->where('assigned_to', $user->id)
+                ->where('status', FolderStatus::DocumentsReceived)
+                ->with('client:id,company_name')
+                ->orderBy('updated_at', 'desc')
+                ->limit(10)
+                ->get()
+                ->map(fn (Folder $f) => [
+                    'id' => $f->id,
+                    'title' => $f->title,
+                    'client_name' => $f->client->company_name,
+                    'showUrl' => route('folders.show', $f),
+                ])
+                ->all();
+
+            $awaitingValidation = $workspace->folders()
+                ->where('assigned_to', $user->id)
+                ->where('status', FolderStatus::WaitingClientValidation)
+                ->with('client:id,company_name')
+                ->orderBy('confirmation_requested_at', 'desc')
+                ->limit(10)
+                ->get()
+                ->map(fn (Folder $f) => [
+                    'id' => $f->id,
+                    'title' => $f->title,
+                    'client_name' => $f->client->company_name,
+                    'showUrl' => route('folders.show', $f),
+                ])
+                ->all();
+
+            $notifications = [
+                'overdue' => $overdue,
+                'due_soon' => $dueSoon,
+                'documents_received' => $documentsReceived,
+                'awaiting_validation' => $awaitingValidation,
+            ];
+        }
+
+        return Inertia::render('Dashboard', [
+            'assignedFolders' => $assignedFolders,
+            'notifications' => $notifications,
+            'workspaceName' => $workspace?->name ?? null,
+            'foldersUrl' => $workspace ? route('folders.index') : null,
+            'clientsUrl' => $workspace ? route('clients.index') : null,
+        ]);
+    }
+}

app/Http/Controllers/FolderController.php

@@ -0,0 +1,328 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Enums\FolderPriority;
+use App\Enums\FolderStatus;
+use App\Enums\FolderType;
+use App\Http\Requests\StoreFolderRequest;
+use App\Http\Requests\UpdateFolderRequest;
+use App\Models\Client;
+use App\Models\Folder;
+use App\Models\MediaDownload;
+use App\Models\Workspace;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Inertia\Inertia;
+use Inertia\Response;
+
+class FolderController extends Controller
+{
+    protected function folderTypeLabels(): array
+    {
+        return [
+            FolderType::VAT => 'TVA',
+            FolderType::VatMonthly => 'TVA mensuelle',
+            FolderType::VatQuarterly => 'TVA trimestrielle',
+            FolderType::CorporateTax => 'IS',
+            FolderType::IncomeTax => 'IR',
+            FolderType::CNSS => 'CNSS',
+            FolderType::AnnualBalance => 'Bilan',
+            FolderType::Other => 'Autre',
+        ];
+    }
+
+    protected function folderStatusLabels(): array
+    {
+        return [
+            FolderStatus::Draft => 'Brouillon',
+            FolderStatus::WaitingDocuments => 'En attente documents',
+            FolderStatus::DocumentsReceived => 'Documents reçus',
+            FolderStatus::Processing => 'En cours de traitement',
+            FolderStatus::AdditionalDocumentsRequested => 'Pièces complémentaires demandées',
+            FolderStatus::WaitingClientValidation => 'En attente validation client',
+            FolderStatus::Validated => 'Validé',
+            FolderStatus::Closed => 'Clôturé',
+            FolderStatus::Cancelled => 'Annulé',
+        ];
+    }
+
+    protected function folderPriorityLabels(): array
+    {
+        return [
+            FolderPriority::Low => 'Basse',
+            FolderPriority::Medium => 'Normale',
+            FolderPriority::High => 'Haute',
+        ];
+    }
+
+    protected function currentWorkspace(Request $request): Workspace
+    {
+        $workspaceId = $request->session()->get('current_workspace_id');
+
+        return Workspace::query()->findOrFail($workspaceId);
+    }
+
+    /**
+     * Display a listing of the folders.
+     */
+    public function index(Request $request): Response
+    {
+        $workspace = $this->currentWorkspace($request);
+
+        $perPage = min(max((int) $request->input('per_page', 10), 10), 100);
+
+        $folders = $workspace->folders()
+            ->with(['client', 'assignee'])
+            ->latest()
+            ->paginate($perPage)
+            ->through(fn (Folder $folder) => [
+                'id' => $folder->id,
+                'title' => $folder->title,
+                'type' => $folder->type->value,
+                'client_name' => $folder->client->company_name,
+                'status' => $folder->status->value,
+                'due_date' => $folder->due_date?->format('Y-m-d'),
+                'showUrl' => route('folders.show', $folder),
+                'editUrl' => route('folders.edit', $folder),
+                'destroyUrl' => route('folders.destroy', $folder),
+            ]);
+
+        return Inertia::render('folders/Index', [
+            'folders' => $folders,
+            'createUrl' => route('folders.create'),
+            'workspaceName' => $workspace->name,
+        ]);
+    }
+
+    /**
+     * Show the form for creating a new folder.
+     */
+    public function create(Request $request): Response
+    {
+        $workspace = $this->currentWorkspace($request);
+        $initialClientId = $request->integer('client_id', 0) ?: null;
+
+        return Inertia::render('folders/Create', [
+            'indexUrl' => route('folders.index'),
+            'storeUrl' => route('folders.store'),
+            'initialClientId' => $initialClientId,
+            'folderTypeLabels' => $this->folderTypeLabels(),
+            'folderStatusLabels' => $this->folderStatusLabels(),
+            'folderPriorityLabels' => $this->folderPriorityLabels(),
+            'clients' => $workspace->clients()->orderBy('company_name')->get(['id', 'company_name'])->map(fn (Client $c) => [
+                'id' => $c->id,
+                'company_name' => $c->company_name,
+            ])->values()->all(),
+            'workspaceUsers' => $workspace->users()
+                ->orderBy('users.name')
+                ->select('users.id', 'users.name', 'users.email')
+                ->get()
+                ->map(fn ($u) => [
+                    'id' => $u->id,
+                    'name' => $u->name,
+                    'email' => $u->email,
+                ])->values()->all(),
+        ]);
+    }
+
+    /**
+     * Store a newly created folder in storage.
+     */
+    public function store(StoreFolderRequest $request): RedirectResponse
+    {
+        $workspace = $this->currentWorkspace($request);
+        $data = $request->validated();
+        $data['workspace_id'] = $workspace->id;
+        $data['created_by'] = $request->user()?->id;
+        $data['status'] = $data['status'] ?? FolderStatus::Draft->value;
+
+        Folder::query()->create($data);
+
+        return to_route('folders.index');
+    }
+
+    /**
+     * Display the specified folder.
+     */
+    public function show(Request $request, Folder $folder): Response
+    {
+        $workspace = $this->currentWorkspace($request);
+        $this->authorizeFolder($workspace, $folder);
+
+        $folder->load(['client', 'creator', 'assignee', 'messages' => fn ($q) => $q->with(['senderUser', 'senderClient'])->latest()]);
+
+        $allMedia = $folder->getMedia('documents');
+        $downloadedMediaIds = MediaDownload::query()
+            ->where('user_id', $request->user()->id)
+            ->whereIn('media_id', $allMedia->pluck('id'))
+            ->pluck('media_id')
+            ->all();
+
+        $messages = $folder->messages->map(function ($m) use ($folder, $allMedia, $downloadedMediaIds) {
+            $attachments = $allMedia
+                ->filter(fn ($media) => $media->getCustomProperty('message_id') === $m->id)
+                ->map(fn ($media) => [
+                    'id' => $media->id,
+                    'file_name' => $media->file_name,
+                    'mime_type' => $media->mime_type,
+                    'size' => $media->human_readable_size,
+                    'downloadUrl' => route('folders.media.download', ['folder' => $folder, 'mediaId' => $media->id]),
+                    'is_downloaded' => in_array($media->id, $downloadedMediaIds),
+                ])
+                ->values()
+                ->all();
+
+            $confirmationStatus = null;
+            if ($m->type->value === 'confirmation') {
+                $confirmationStatus = $folder->refused_at ? 'refused' : ($folder->validated_at ? 'confirmed' : 'pending');
+            }
+
+            return [
+                'id' => $m->id,
+                'type' => $m->type->value,
+                'body' => $m->body,
+                'sent_by_type' => $m->sent_by_type->value,
+                'sender_name' => $m->sender_name,
+                'created_at' => $m->created_at->format('Y-m-d H:i'),
+                'attachments' => $attachments,
+                'confirmation_status' => $confirmationStatus,
+            ];
+        })->values()->all();
+
+        $documents = $allMedia->map(fn ($m) => [
+            'id' => $m->id,
+            'name' => $m->name,
+            'file_name' => $m->file_name,
+            'size' => $m->human_readable_size,
+            'created_at' => $m->created_at->format('d/m/Y H:i'),
+            'uploaded_by' => $m->getCustomProperty('uploaded_by_type') === 'user' ? 'Comptable' : 'Client',
+            'downloadUrl' => route('folders.media.download', ['folder' => $folder, 'mediaId' => $m->id]),
+            'is_downloaded' => in_array($m->id, $downloadedMediaIds),
+        ])->values()->all();
+
+        return Inertia::render('folders/Show', [
+            'folder' => [
+                'id' => $folder->id,
+                'title' => $folder->title,
+                'type' => $folder->type->value,
+                'client_id' => $folder->client_id,
+                'client_name' => $folder->client->company_name,
+                'period_year' => $folder->period_year,
+                'period_month' => $folder->period_month,
+                'period_quarter' => $folder->period_quarter,
+                'due_date' => $folder->due_date?->format('Y-m-d'),
+                'status' => $folder->status->value,
+                'priority' => $folder->priority?->value,
+                'assigned_to' => $folder->assigned_to,
+                'assignee_name' => $folder->assignee?->name,
+                'validated_at' => $folder->validated_at?->format('Y-m-d H:i'),
+                'closed_at' => $folder->closed_at?->format('Y-m-d H:i'),
+                'notes_internal' => $folder->notes_internal,
+                'notes_client' => $folder->notes_client,
+                'created_at' => $folder->created_at?->format('Y-m-d H:i'),
+            ],
+            'messages' => $messages,
+            'documents' => $documents,
+            'messagesStoreUrl' => route('folders.messages.store', $folder),
+            'mediaStoreUrl' => route('folders.media.store', $folder),
+            'messageTypeLabels' => [
+                'invite' => 'Invitation',
+                'situation' => 'Situation',
+                'file_request' => 'Demande de pièces',
+                'confirmation' => 'Demande de validation',
+                'text' => 'Message',
+            ],
+            'indexUrl' => route('folders.index'),
+            'editUrl' => route('folders.edit', $folder),
+            'workspaceUsers' => $workspace->users()->orderBy('users.name')
+                ->select('users.id', 'users.name', 'users.email')
+                ->get()->map(fn ($u) => ['id' => $u->id, 'name' => $u->name])
+                ->values()->all(),
+            'mentionStoreUrl' => route('folders.mentions.store', $folder),
+            'canMention' => in_array(
+                $workspace->users()->where('users.id', $request->user()->id)->first()?->pivot?->role?->value,
+                ['owner', 'manager']
+            ),
+        ]);
+    }
+
+    /**
+     * Show the form for editing the specified folder.
+     */
+    public function edit(Request $request, Folder $folder): Response
+    {
+        $workspace = $this->currentWorkspace($request);
+        $this->authorizeFolder($workspace, $folder);
+
+        return Inertia::render('folders/Edit', [
+            'folder' => [
+                'id' => $folder->id,
+                'title' => $folder->title,
+                'type' => $folder->type->value,
+                'client_id' => $folder->client_id,
+                'period_year' => $folder->period_year,
+                'period_month' => $folder->period_month,
+                'period_quarter' => $folder->period_quarter,
+                'due_date' => $folder->due_date?->format('Y-m-d'),
+                'status' => $folder->status->value,
+                'priority' => $folder->priority?->value,
+                'assigned_to' => $folder->assigned_to,
+                'notes_internal' => $folder->notes_internal,
+                'notes_client' => $folder->notes_client,
+                'created_at' => $folder->created_at?->format('Y-m-d H:i'),
+            ],
+            'indexUrl' => route('folders.index'),
+            'updateUrl' => route('folders.update', $folder),
+            'folderTypeLabels' => $this->folderTypeLabels(),
+            'folderStatusLabels' => $this->folderStatusLabels(),
+            'folderPriorityLabels' => $this->folderPriorityLabels(),
+            'clients' => $workspace->clients()->orderBy('company_name')->get(['id', 'company_name'])->map(fn (Client $c) => [
+                'id' => $c->id,
+                'company_name' => $c->company_name,
+            ])->values()->all(),
+            'workspaceUsers' => $workspace->users()
+                ->orderBy('users.name')
+                ->select('users.id', 'users.name', 'users.email')
+                ->get()
+                ->map(fn ($u) => [
+                    'id' => $u->id,
+                    'name' => $u->name,
+                    'email' => $u->email,
+                ])->values()->all(),
+        ]);
+    }
+
+    /**
+     * Update the specified folder in storage.
+     */
+    public function update(UpdateFolderRequest $request, Folder $folder): RedirectResponse
+    {
+        $workspace = $this->currentWorkspace($request);
+        $this->authorizeFolder($workspace, $folder);
+
+        $folder->update($request->validated());
+
+        return to_route('folders.index');
+    }
+
+    /**
+     * Remove the specified folder from storage.
+     */
+    public function destroy(Request $request, Folder $folder): RedirectResponse
+    {
+        $workspace = $this->currentWorkspace($request);
+        $this->authorizeFolder($workspace, $folder);
+
+        $folder->delete();
+
+        return to_route('folders.index');
+    }
+
+    protected function authorizeFolder(Workspace $workspace, Folder $folder): void
+    {
+        if ($folder->workspace_id !== $workspace->id) {
+            abort(404);
+        }
+    }
+}

app/Http/Controllers/FolderMediaController.php

@@ -0,0 +1,81 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Enums\ActorType;
+use App\Models\Folder;
+use App\Models\MediaDownload;
+use App\Models\Workspace;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Spatie\MediaLibrary\MediaCollections\Models\Media;
+use Symfony\Component\HttpFoundation\Response;
+
+class FolderMediaController extends Controller
+{
+    protected function currentWorkspace(Request $request): Workspace
+    {
+        $workspaceId = $request->session()->get('current_workspace_id');
+
+        return Workspace::query()->findOrFail($workspaceId);
+    }
+
+    /**
+     * Store a newly uploaded file.
+     */
+    public function store(Request $request, Folder $folder): RedirectResponse
+    {
+        $workspace = $this->currentWorkspace($request);
+
+        if ($folder->workspace_id !== $workspace->id) {
+            abort(404);
+        }
+
+        $request->validate([
+            'files' => ['required', 'array', 'min:1'],
+            'files.*' => ['file', 'max:10240'],
+        ]);
+
+        $user = $request->user();
+
+        foreach ($request->file('files') as $file) {
+            $folder->addMedia($file)
+                ->withCustomProperties([
+                    'uploaded_by_type' => ActorType::User,
+                    'uploaded_by_id' => $user->id,
+                ])
+                ->toMediaCollection('documents');
+        }
+
+        return back()->with('flash', ['type' => 'success', 'message' => 'Fichier(s) téléchargé(s).']);
+    }
+
+    /**
+     * Download a media file.
+     */
+    public function download(Request $request, Folder $folder, int $mediaId): Response
+    {
+        $workspace = $this->currentWorkspace($request);
+
+        if ($folder->workspace_id !== $workspace->id) {
+            abort(404);
+        }
+
+        $media = Media::query()
+            ->where('model_type', Folder::class)
+            ->where('model_id', $folder->id)
+            ->where('id', $mediaId)
+            ->firstOrFail();
+
+        try {
+            MediaDownload::query()->updateOrCreate(
+                ['media_id' => $media->id, 'user_id' => $request->user()->id],
+                ['downloaded_at' => now()],
+            );
+        } catch (\Throwable) {
+            // Tracking failure must never block the download
+        }
+
+        return $media->toResponse($request);
+    }
+}

app/Http/Controllers/FolderMentionController.php

@@ -0,0 +1,59 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Http\Requests\StoreFolderMentionRequest;
+use App\Models\Folder;
+use App\Models\User;
+use App\Models\Workspace;
+use App\Notifications\FolderMentionNotification;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Cache;
+
+class FolderMentionController extends Controller
+{
+    protected function currentWorkspace(Request $request): Workspace
+    {
+        $workspaceId = $request->session()->get('current_workspace_id');
+
+        return Workspace::query()->findOrFail($workspaceId);
+    }
+
+    protected function authorizeFolder(Workspace $workspace, Folder $folder): void
+    {
+        if ($folder->workspace_id !== $workspace->id) {
+            abort(404);
+        }
+    }
+
+    public function store(StoreFolderMentionRequest $request, Folder $folder): RedirectResponse
+    {
+        $workspace = $this->currentWorkspace($request);
+        $this->authorizeFolder($workspace, $folder);
+
+        $userRole = $workspace->users()
+            ->where('users.id', $request->user()->id)
+            ->first()
+            ?->pivot
+            ?->role
+            ?->value;
+
+        if (! in_array($userRole, ['owner', 'manager'])) {
+            abort(403);
+        }
+
+        $validated = $request->validated();
+        $targetUser = User::findOrFail($validated['user_id']);
+
+        $targetUser->notify(new FolderMentionNotification(
+            $folder,
+            $request->user(),
+            $validated['message'],
+        ));
+
+        Cache::forget("user:{$targetUser->id}:unread_notifications");
+
+        return back()->with('flash', ['type' => 'success', 'message' => 'Notification envoyée.']);
+    }
+}

app/Http/Controllers/FolderMessageController.php

@@ -0,0 +1,149 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Enums\ActorType;
+use App\Enums\FolderStatus;
+use App\Enums\MessageType;
+use App\Http\Requests\StoreFolderMessageRequest;
+use App\Mail\FolderConfirmationMail;
+use App\Mail\FolderFileRequestMail;
+use App\Mail\FolderInviteMail;
+use App\Mail\FolderSituationMail;
+use App\Mail\FolderTextMessageMail;
+use App\Models\Folder;
+use App\Models\FolderInvitation;
+use App\Models\Message;
+use App\Models\Workspace;
+use Carbon\Carbon;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Mail;
+
+class FolderMessageController extends Controller
+{
+    protected function currentWorkspace(Request $request): Workspace
+    {
+        $workspaceId = $request->session()->get('current_workspace_id');
+
+        return Workspace::query()->findOrFail($workspaceId);
+    }
+
+    /**
+     * Store a newly created message.
+     */
+    public function store(StoreFolderMessageRequest $request, Folder $folder): RedirectResponse
+    {
+        $workspace = $this->currentWorkspace($request);
+
+        if ($folder->workspace_id !== $workspace->id) {
+            abort(404);
+        }
+
+        $user = $request->user();
+        $type = MessageType::fromValue($request->input('type'));
+        $body = $request->input('body');
+
+        $invitation = $type->is(MessageType::Invite)
+            ? $this->createInvitation($folder)
+            : $this->getOrCreateInvitation($folder);
+
+        $metadata = ['invitation_id' => $invitation->id];
+        $message = $folder->messages()->create([
+            'type' => $type,
+            'body' => $body,
+            'sent_by_type' => ActorType::User,
+            'sent_by_id' => $user->id,
+            'metadata' => $metadata,
+        ]);
+
+        $mediaIds = [];
+
+        if ($request->hasFile('files')) {
+            foreach ($request->file('files') as $file) {
+                $media = $folder->addMedia($file)
+                    ->withCustomProperties([
+                        'message_id' => $message->id,
+                        'uploaded_by_type' => ActorType::User,
+                        'uploaded_by_id' => $user->id,
+                    ])
+                    ->toMediaCollection('documents');
+                $mediaIds[] = $media->id;
+            }
+            $message->update(['metadata' => array_merge($metadata, ['media_ids' => $mediaIds])]);
+        }
+
+        $this->updateFolderStatusAndConfirmation($folder, $type, $mediaIds);
+
+        $emailSent = $this->sendEmailForMessage($folder, $invitation, $message, $body, $type);
+        $flashMessage = $emailSent
+            ? 'Message envoyé.'
+            : 'Message enregistré, mais l\'email du client n\'est pas configuré.';
+
+        return back()->with('flash', ['type' => 'success', 'message' => $flashMessage]);
+    }
+
+    protected function createInvitation(Folder $folder): FolderInvitation
+    {
+        $folder->load('client.primaryContact');
+
+        return $folder->invitations()->create([
+            'email' => $folder->client->primary_contact_email,
+            'expires_at' => Carbon::now()->addDays(7),
+        ]);
+    }
+
+    protected function getOrCreateInvitation(Folder $folder): FolderInvitation
+    {
+        $invitation = $folder->invitations()
+            ->where('expires_at', '>', now())
+            ->latest()
+            ->first();
+
+        if ($invitation) {
+            return $invitation;
+        }
+
+        return $this->createInvitation($folder);
+    }
+
+    /**
+     * @param  array<int>  $mediaIds
+     */
+    protected function updateFolderStatusAndConfirmation(Folder $folder, MessageType $type, array $mediaIds): void
+    {
+        match ($type->value) {
+            'invite' => $folder->update(['status' => FolderStatus::WaitingDocuments]),
+            'situation', 'file_request' => $folder->update(['status' => FolderStatus::AdditionalDocumentsRequested]),
+            'confirmation' => $folder->update([
+                'status' => FolderStatus::WaitingClientValidation,
+                'confirmation_requested_at' => now(),
+                'confirmation_media_id' => $mediaIds[0] ?? null,
+            ]),
+            default => null,
+        };
+    }
+
+    protected function sendEmailForMessage(Folder $folder, FolderInvitation $invitation, Message $message, string $body, MessageType $type): bool
+    {
+        $folder->load('client.primaryContact');
+        $clientEmail = $folder->client->primary_contact_email;
+
+        if (empty($clientEmail)) {
+            \Illuminate\Support\Facades\Log::warning("No primary contact email for client #{$folder->client_id}, skipping email.");
+
+            return false;
+        }
+
+        match ($type->value) {
+            'invite' => Mail::to($clientEmail)->send(new FolderInviteMail($folder, $invitation)),
+            'situation' => Mail::to($clientEmail)->send(new FolderSituationMail($folder, $invitation, $body)),
+            'file_request' => Mail::to($clientEmail)->send(new FolderFileRequestMail($folder, $invitation, $body)),
+            'confirmation' => Mail::to($clientEmail)->send(new FolderConfirmationMail($folder, $invitation, $body)),
+            'text' => Mail::to($clientEmail)->send(new FolderTextMessageMail($folder, $body, $invitation->token)),
+            default => null,
+        };
+
+        return true;
+    }
+}

app/Http/Controllers/NotificationController.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Cache;
+
+class NotificationController extends Controller
+{
+    public function markAsRead(Request $request, string $id): RedirectResponse
+    {
+        $request->user()
+            ->notifications()
+            ->where('id', $id)
+            ->firstOrFail()
+            ->markAsRead();
+
+        Cache::forget("user:{$request->user()->id}:unread_notifications");
+
+        return back();
+    }
+
+    public function markAllAsRead(Request $request): RedirectResponse
+    {
+        $request->user()->unreadNotifications->markAsRead();
+
+        Cache::forget("user:{$request->user()->id}:unread_notifications");
+
+        return back();
+    }
+}

app/Http/Controllers/Settings/PasswordController.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Http\Controllers\Settings;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Settings\PasswordUpdateRequest;
+use Illuminate\Http\RedirectResponse;
+use Inertia\Inertia;
+use Inertia\Response;
+
+class PasswordController extends Controller
+{
+    /**
+     * Show the user's password settings page.
+     */
+    public function edit(): Response
+    {
+        return Inertia::render('settings/Password');
+    }
+
+    /**
+     * Update the user's password.
+     */
+    public function update(PasswordUpdateRequest $request): RedirectResponse
+    {
+        $request->user()->update([
+            'password' => $request->password,
+        ]);
+
+        return back();
+    }
+}

app/Http/Controllers/Settings/ProfileController.php

@@ -0,0 +1,60 @@
+<?php
+
+namespace App\Http\Controllers\Settings;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Settings\ProfileDeleteRequest;
+use App\Http\Requests\Settings\ProfileUpdateRequest;
+use Illuminate\Contracts\Auth\MustVerifyEmail;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Inertia\Inertia;
+use Inertia\Response;
+
+class ProfileController extends Controller
+{
+    /**
+     * Show the user's profile settings page.
+     */
+    public function edit(Request $request): Response
+    {
+        return Inertia::render('settings/Profile', [
+            'mustVerifyEmail' => $request->user() instanceof MustVerifyEmail,
+            'status' => $request->session()->get('status'),
+        ]);
+    }
+
+    /**
+     * Update the user's profile information.
+     */
+    public function update(ProfileUpdateRequest $request): RedirectResponse
+    {
+        $request->user()->fill($request->validated());
+
+        if ($request->user()->isDirty('email')) {
+            $request->user()->email_verified_at = null;
+        }
+
+        $request->user()->save();
+
+        return to_route('profile.edit');
+    }
+
+    /**
+     * Delete the user's profile.
+     */
+    public function destroy(ProfileDeleteRequest $request): RedirectResponse
+    {
+        $user = $request->user();
+
+        Auth::logout();
+
+        $user->delete();
+
+        $request->session()->invalidate();
+        $request->session()->regenerateToken();
+
+        return redirect('/');
+    }
+}

app/Http/Controllers/Settings/TwoFactorAuthenticationController.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace App\Http\Controllers\Settings;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Settings\TwoFactorAuthenticationRequest;
+use Illuminate\Routing\Controllers\HasMiddleware;
+use Illuminate\Routing\Controllers\Middleware;
+use Inertia\Inertia;
+use Inertia\Response;
+use Laravel\Fortify\Features;
+
+class TwoFactorAuthenticationController extends Controller implements HasMiddleware
+{
+    /**
+     * Get the middleware that should be assigned to the controller.
+     */
+    public static function middleware(): array
+    {
+        return Features::optionEnabled(Features::twoFactorAuthentication(), 'confirmPassword')
+            ? [new Middleware('password.confirm', only: ['show'])]
+            : [];
+    }
+
+    /**
+     * Show the user's two-factor authentication settings page.
+     */
+    public function show(TwoFactorAuthenticationRequest $request): Response
+    {
+        $request->ensureStateIsValid();
+
+        return Inertia::render('settings/TwoFactor', [
+            'twoFactorEnabled' => $request->user()->hasEnabledTwoFactorAuthentication(),
+            'requiresConfirmation' => Features::optionEnabled(Features::twoFactorAuthentication(), 'confirm'),
+        ]);
+    }
+}

app/Http/Controllers/UserController.php

@@ -0,0 +1,107 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Http\Requests\StoreUserRequest;
+use App\Http\Requests\UpdateUserRequest;
+use App\Models\User;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Inertia\Inertia;
+use Inertia\Response;
+
+class UserController extends Controller
+{
+    /**
+     * Display a listing of the users.
+     */
+    public function index(Request $request): Response
+    {
+        $perPage = min(max((int) $request->input('per_page', 10), 10), 100);
+
+        $users = User::query()
+            ->latest()
+            ->paginate($perPage)
+            ->through(fn (User $user) => [
+                'id' => $user->id,
+                'name' => $user->name,
+                'email' => $user->email,
+                'group' => $user->group->value,
+                'created_at' => $user->created_at?->toISOString(),
+                'editUrl' => route('users.edit', $user),
+                'destroyUrl' => route('users.destroy', $user),
+            ]);
+
+        return Inertia::render('users/Index', [
+            'users' => $users,
+            'createUrl' => route('users.create'),
+        ]);
+    }
+
+    /**
+     * Show the form for creating a new user.
+     */
+    public function create(): Response
+    {
+        return Inertia::render('users/Create', [
+            'indexUrl' => route('users.index'),
+            'storeUrl' => route('users.store'),
+            'userGroups' => \App\Enums\UserGroup::asSelectArray(),
+        ]);
+    }
+
+    /**
+     * Store a newly created user in storage.
+     */
+    public function store(StoreUserRequest $request): RedirectResponse
+    {
+        User::query()->create($request->validated());
+
+        return to_route('users.index');
+    }
+
+    /**
+     * Show the form for editing the specified user.
+     */
+    public function edit(User $user): Response
+    {
+        return Inertia::render('users/Edit', [
+            'user' => [
+                'id' => $user->id,
+                'name' => $user->name,
+                'email' => $user->email,
+                'group' => $user->group->value,
+            ],
+            'indexUrl' => route('users.index'),
+            'updateUrl' => route('users.update', $user),
+            'userGroups' => \App\Enums\UserGroup::asSelectArray(),
+        ]);
+    }
+
+    /**
+     * Update the specified user in storage.
+     */
+    public function update(UpdateUserRequest $request, User $user): RedirectResponse
+    {
+        $data = $request->validated();
+
+        if (empty($data['password'])) {
+            unset($data['password']);
+            unset($data['password_confirmation']);
+        }
+
+        $user->update($data);
+
+        return to_route('users.index');
+    }
+
+    /**
+     * Remove the specified user from storage.
+     */
+    public function destroy(User $user): RedirectResponse
+    {
+        $user->delete();
+
+        return to_route('users.index');
+    }
+}

app/Http/Controllers/WorkspaceController.php

@@ -0,0 +1,178 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Enums\WorkspaceUserRole;
+use App\Http\Requests\StoreWorkspaceRequest;
+use App\Http\Requests\UpdateWorkspaceRequest;
+use App\Models\User;
+use App\Models\Workspace;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Inertia\Inertia;
+use Inertia\Response;
+
+class WorkspaceController extends Controller
+{
+    /**
+     * Display a listing of the workspaces.
+     */
+    public function index(Request $request): Response
+    {
+        $perPage = min(max((int) $request->input('per_page', 10), 10), 100);
+
+        $workspaces = Workspace::query()
+            ->withCount('users')
+            ->latest()
+            ->paginate($perPage)
+            ->through(fn (Workspace $workspace) => [
+                'id' => $workspace->id,
+                'name' => $workspace->name,
+                'slug' => $workspace->slug,
+                'users_count' => $workspace->users_count,
+                'showUrl' => route('workspaces.show', $workspace),
+                'editUrl' => route('workspaces.edit', $workspace),
+                'destroyUrl' => route('workspaces.destroy', $workspace),
+            ]);
+
+        return Inertia::render('workspaces/Index', [
+            'workspaces' => $workspaces,
+            'createUrl' => route('workspaces.create'),
+        ]);
+    }
+
+    /**
+     * Show the form for creating a new workspace.
+     */
+    public function create(): Response
+    {
+        return Inertia::render('workspaces/Create', [
+            'indexUrl' => route('workspaces.index'),
+            'storeUrl' => route('workspaces.store'),
+            'users' => User::query()->orderBy('name')->get(['id', 'name', 'email']),
+            'workspaceUserRoles' => WorkspaceUserRole::asSelectArray(),
+        ]);
+    }
+
+    /**
+     * Store a newly created workspace in storage.
+     */
+    public function store(StoreWorkspaceRequest $request): RedirectResponse
+    {
+        $data = $request->validated();
+        $userIds = $data['user_ids'] ?? [];
+        $userRoles = $data['user_roles'] ?? [];
+        unset($data['user_ids'], $data['user_roles']);
+
+        $workspace = Workspace::query()->create($data);
+        $syncData = collect($userIds)->mapWithKeys(fn ($userId) => [
+            (int) $userId => ['role' => $userRoles[$userId] ?? WorkspaceUserRole::Member],
+        ])->all();
+        $workspace->users()->sync($syncData);
+
+        return to_route('workspaces.index');
+    }
+
+    /**
+     * Display the specified workspace.
+     */
+    public function show(Workspace $workspace): Response
+    {
+        $workspace->load('users');
+
+        $clientsCount = $workspace->clients()->count();
+        $foldersCount = $workspace->folders()->count();
+        $foldersByStatus = $workspace->folders()
+            ->selectRaw('status, count(*) as count')
+            ->groupBy('status')
+            ->pluck('count', 'status')
+            ->all();
+        $foldersThisMonth = $workspace->folders()
+            ->whereMonth('created_at', now()->month)
+            ->whereYear('created_at', now()->year)
+            ->count();
+        $foldersNeedingAttention = $workspace->folders()
+            ->whereIn('status', [
+                \App\Enums\FolderStatus::WaitingDocuments,
+                \App\Enums\FolderStatus::WaitingClientValidation,
+            ])
+            ->count();
+
+        return Inertia::render('workspaces/Show', [
+            'workspace' => [
+                'id' => $workspace->id,
+                'name' => $workspace->name,
+                'slug' => $workspace->slug,
+                'users' => $workspace->users->map(fn ($user) => [
+                    'id' => $user->id,
+                    'name' => $user->name,
+                    'email' => $user->email,
+                    'role' => $user->pivot->role->value,
+                ])->all(),
+            ],
+            'stats' => [
+                'clients' => $clientsCount,
+                'folders' => $foldersCount,
+                'folders_by_status' => $foldersByStatus,
+                'folders_this_month' => $foldersThisMonth,
+                'folders_needing_attention' => $foldersNeedingAttention,
+            ],
+            'indexUrl' => route('workspaces.index'),
+            'editUrl' => route('workspaces.edit', $workspace),
+        ]);
+    }
+
+    /**
+     * Show the form for editing the specified workspace.
+     */
+    public function edit(Workspace $workspace): Response
+    {
+        $workspace->load('users');
+        $userRoles = $workspace->users->mapWithKeys(
+            fn ($user) => [$user->id => $user->pivot->role->value],
+        )->all();
+
+        return Inertia::render('workspaces/Edit', [
+            'workspace' => [
+                'id' => $workspace->id,
+                'name' => $workspace->name,
+                'slug' => $workspace->slug,
+                'user_ids' => $workspace->users->pluck('id')->all(),
+                'user_roles' => $userRoles,
+            ],
+            'indexUrl' => route('workspaces.index'),
+            'updateUrl' => route('workspaces.update', $workspace),
+            'users' => User::query()->orderBy('name')->get(['id', 'name', 'email']),
+            'workspaceUserRoles' => WorkspaceUserRole::asSelectArray(),
+        ]);
+    }
+
+    /**
+     * Update the specified workspace in storage.
+     */
+    public function update(UpdateWorkspaceRequest $request, Workspace $workspace): RedirectResponse
+    {
+        $data = $request->validated();
+        $userIds = $data['user_ids'] ?? [];
+        $userRoles = $data['user_roles'] ?? [];
+        unset($data['user_ids'], $data['user_roles']);
+
+        $workspace->update($data);
+        $syncData = collect($userIds)->mapWithKeys(fn ($userId) => [
+            (int) $userId => ['role' => $userRoles[$userId] ?? WorkspaceUserRole::Member],
+        ])->all();
+        $workspace->users()->sync($syncData);
+
+        return to_route('workspaces.index');
+    }
+
+    /**
+     * Remove the specified workspace from storage.
+     */
+    public function destroy(Workspace $workspace): RedirectResponse
+    {
+        $workspace->delete();
+
+        return to_route('workspaces.index');
+    }
+}

app/Http/Controllers/WorkspaceSwitchController.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+
+class WorkspaceSwitchController extends Controller
+{
+    /**
+     * Switch the current workspace.
+     */
+    public function __invoke(Request $request): RedirectResponse
+    {
+        $workspaceId = $request->input('workspace_id');
+
+        $user = $request->user();
+        $hasAccess = $user->workspaces()->where('workspaces.id', $workspaceId)->exists();
+
+        if (! $hasAccess) {
+            return back();
+        }
+
+        $request->session()->put('current_workspace_id', (int) $workspaceId);
+
+        return back();
+    }
+}