# SharePoint Toolbox v2

## What This Is

A C#/WPF desktop application for IT administrators and MSPs to audit and manage SharePoint Online permissions, storage, files, and sites across multiple client tenants. Replaces a 6,400-line monolithic PowerShell script with a structured 10,071-line MVVM application shipping as a single self-contained EXE.

## Core Value

Administrators can audit and manage SharePoint/Teams permissions and storage across multiple client tenants from a single, reliable desktop application.

## Current Milestone: v2.2 Report Branding & User Directory

**Goal:** Add customizable logos to HTML reports and a full user directory browse mode in the user access audit tab.

**Target features:**
- HTML report branding with MSP logo (global) and client logo (per tenant — pull from tenant or import)
- User directory browse mode as alternative to search in user access audit tab

## Current State

**Shipped:** v1.1 Enhanced Reports (2026-04-08)
**Status:** Active milestone v2.2

**v1.1 shipped features:**
- Global multi-site selection in toolbar (pick sites once, all tabs use them)
- User access audit tab with Graph API people-picker, direct/group/inherited access distinction
- Simplified permissions with plain-language labels, color-coded risk levels, detail-level toggle
- Storage visualization with LiveCharts2 pie/donut and bar charts by file type

Tech stack: C# / WPF / .NET 10 / PnP Framework / Microsoft Graph SDK / MSAL / Serilog / CommunityToolkit.Mvvm / LiveCharts2
Tests: 205 automated (xUnit), 22 skipped (require live SharePoint tenant)
Distribution: 200 MB self-contained EXE (win-x64)

## Requirements

### Validated

- Full C#/WPF rewrite of all existing PowerShell features — v1.0
- Multi-tenant authentication with cached sessions — v1.0
- Thorough error handling (per-item reporting, no silent failures) — v1.0
- Modular architecture (separate files per feature area, DI, MVVM) — v1.0
- Self-contained single EXE distribution — v1.0

### Shipped in v1.1

- [x] Global multi-site selection in toolbar (SITE-01/02) — v1.1
- [x] Export all SharePoint/Teams accesses a specific user has across selected sites (UACC-01/02) — v1.1
- [x] Simplified permissions reports (plain language, summary views) (SIMP-01/02/03) — v1.1
- [x] Storage metrics graph by file type (pie/donut and bar chart, toggleable) (VIZZ-01/02/03) — v1.1

### Active

- [ ] HTML report branding with MSP logo (global) and client logo (per tenant)
- [ ] User directory browse mode in user access audit tab

### Out of Scope

- Cross-platform support (Mac/Linux) — WPF is Windows-only; not justified for current user base
- SQLite or database storage — JSON sufficient for config, profiles, and templates
- Web-based UI — must remain a local desktop application
- Cloud/SaaS deployment — local tool by design
- Mobile support — desktop admin tool
- Real-time monitoring / alerts — requires background service, beyond scope
- Automated remediation (auto-revoke) — liability risk
- Content migration between tenants — separate product category

## Context

- **v1.0 shipped** with full feature parity: permissions, storage, search, duplicates, bulk operations, templates, folder provisioning
- **v1.1 shipped** with enhanced reports: user access audit, simplified permissions, storage charts, global site selection
- **Localization:** 220+ EN/FR keys, full parity verified
- **Architecture:** 120+ C# files + 17 XAML files across Core/Infrastructure/Services/ViewModels/Views layers

## Constraints

- **Platform:** Windows desktop only — WPF requires Windows
- **Distribution:** Self-contained EXE (~200 MB) — no .NET runtime dependency
- **Auth method:** Interactive browser-based Azure AD login (no client secrets stored)
- **Data storage:** JSON files for profiles, settings, templates
- **SharePoint API:** PnP Framework / Microsoft Graph SDK
- **Local only:** No telemetry, no cloud services, no external dependencies at runtime

## Key Decisions

| Decision | Rationale | Outcome |
|----------|-----------|---------|
| Rewrite to C#/WPF instead of improving PowerShell | Better async/await, proper OOP, richer UI, better tooling | ✓ Good — 10k LOC structured app vs 6.4k monolithic script |
| WPF over WinForms | Modern data binding, MVVM pattern, richer styling | ✓ Good — clean separation of concerns |
| Self-contained EXE | Users shouldn't need to install .NET runtime | ✓ Good — 200 MB single file, zero dependencies |
| Keep JSON storage | Simple, human-readable, sufficient for config/profiles | ✓ Good — atomic write-then-replace pattern works well |
| Multi-tenant session caching | MSP workflow requires fast switching between tenants | ✓ Good — per-clientId MSAL PCA with MsalCacheHelper |
| BulkOperationRunner pattern | Continue-on-error with per-item results for all bulk ops | ✓ Good — consistent error handling across 4 bulk features |
| Wave 0 scaffold pattern | Models + interfaces + test stubs before implementation | ✓ Good — all phases had test targets from day 1 |

---
*Last updated: 2026-04-08 after v2.2 milestone started*