Add a README

README.md

@@ -1,2 +1,108 @@
-# SharepointToolbox-Web
+# SharePoint Toolbox
 
+A web admin toolbox for Microsoft 365 / SharePoint Online, built with Blazor Server (.NET 10) and Microsoft Graph.
+
+## Features
+
+- **Site management** — bulk site creation, folder-structure provisioning, templates
+- **Members & permissions** — bulk member add, permission inspection
+- **Content tools** — search, duplicate finder, file transfer, storage usage, version cleanup
+- **Reporting** — on-demand reports, scheduled reports (unattended via app-only cert auth)
+- **Auditing** — tenant-wide user-access audit (SP + M365/AAD group expansion)
+- **Directory** — user directory browsing
+- Multi-tenant via connection profiles. EN / FR localization.
+
+## Requirements
+
+- An Entra ID (Azure AD) app registration — see [Configuration](#configuration)
+- Docker, **or** the .NET 10 SDK for bare-metal
+
+## Configuration
+
+Authentication uses Microsoft OIDC (interactive sign-in) and, for scheduled reports, app-only certificate auth.
+
+Set these as environment variables (or in `appsettings.json` under the `Oidc` section). .NET maps `Section__Key` to `Section:Key`.
+
+| Variable | Description |
+|----------|-------------|
+| `Oidc__TenantId` | Entra tenant GUID |
+| `Oidc__ClientId` | App registration client ID |
+| `Oidc__ClientSecret` | App registration client secret |
+| `ClientConnect__RedirectUri` | Public callback URL, e.g. `https://your-host/connect/callback` |
+| `DataFolder` | Persistent data path (default `/data`) |
+| `ASPNETCORE_ENVIRONMENT` | Must be `Production` to enable OIDC |
+
+> In `Development`, OIDC is disabled — the app uses a cookie-only auto-login (hardcoded Admin) for local work.
+
+**Entra app registration** must include redirect URI `https://your-host/signin-oidc` and the Graph permissions required by the audit/reporting features (`GroupMember.Read.All`, `Group.Read.All`, `User.Read.All`).
+
+Persistent state (profiles, settings, templates, logs, exports, certs) lives in `DataFolder`.
+
+## Installation — Docker
+
+```bash
+docker compose up -d --build
+```
+
+App listens on **http://localhost:8080**. Data persists in the `sptb-data` volume.
+
+Set your OIDC values in `docker-compose.yml` under `environment:`, or pass an env file:
+
+```yaml
+    environment:
+      - ASPNETCORE_ENVIRONMENT=Production
+      - DataFolder=/data
+      - Oidc__TenantId=...
+      - Oidc__ClientId=...
+      - Oidc__ClientSecret=...
+      - ClientConnect__RedirectUri=https://your-host/connect/callback
+```
+
+Plain Docker (no compose):
+
+```bash
+docker build -t sptb-web .
+docker run -d -p 8080:8080 \
+  -v sptb-data:/data \
+  -e ASPNETCORE_ENVIRONMENT=Production \
+  -e Oidc__TenantId=... \
+  -e Oidc__ClientId=... \
+  -e Oidc__ClientSecret=... \
+  -e ClientConnect__RedirectUri=https://your-host/connect/callback \
+  sptb-web
+```
+
+## Installation — Bare metal
+
+Requires the [.NET 10 SDK](https://dotnet.microsoft.com/download).
+
+```bash
+# Restore + build
+dotnet restore
+dotnet publish -c Release -o ./publish
+
+# Configure (PowerShell example)
+$env:ASPNETCORE_ENVIRONMENT = "Production"
+$env:DataFolder = "C:\sptb-data"
+$env:Oidc__TenantId = "..."
+$env:Oidc__ClientId = "..."
+$env:Oidc__ClientSecret = "..."
+$env:ClientConnect__RedirectUri = "https://your-host/connect/callback"
+
+# Run
+dotnet ./publish/SharepointToolbox.Web.dll
+```
+
+By default it listens on the Kestrel port (`http://localhost:5000`). Override with `ASPNETCORE_URLS`, e.g. `http://+:8080`.
+
+### Local development
+
+```bash
+dotnet run
+```
+
+Runs in `Development` mode — OIDC off, auto-login as Admin. No Entra config needed.
+
+## Tech stack
+
+.NET 10 · Blazor Server · Microsoft Graph SDK · PnP.Framework · Serilog · CsvHelper