# ClientHub Portale clienti per consulente di personal branding. Admin area + dashboard cliente via link segreto. ## Stack Next.js 16 App Router · Neon Postgres · Drizzle ORM · Auth.js v4 · Tailwind v4 · shadcn/ui · Zod · nanoid ## Architecture Constraints (LOCKED) 1. `clients.token` = campo separato rotatable, MAI primary key 2. `quote_items` MAI esposti via client API — solo `accepted_total` al cliente 3. `deliverables.approved_at` immutable once set 4. Auth: `/client/[token]/*` → middleware token check | `/admin/*` → Auth.js session 5. No file hosting v1 — documenti come URL esterni ## GSD Workflow Planning in `.planning/`. Use `/gsd-plan-phase N` → `/gsd-execute-phase N`. State in `.planning/STATE.md`. ## Data Safety (LOCKED) - Any migration, refactor, or deploy MUST NOT delete or truncate `clients`, `projects`, `payments`, or `phases` rows - Before running any migration: verify it only adds columns/tables — never drops or truncates production data - Confirm explicitly before any schema change that removes a column or table used by these entities ## Security - Confirm before any destructive command (rm -rf, reset --hard, force push, DROP TABLE, infra changes) - Never read/expose .env or credentials without explicit request - Don't install packages without showing name + registry + version first - Don't push to main or create PRs without explicit confirmation - Any change to this section: propose full new version, get approval before applying