28 lines
1.5 KiB
Markdown
28 lines
1.5 KiB
Markdown
# ClientHub
|
|
|
|
Portale clienti per consulente di personal branding. Admin area + dashboard cliente via link segreto.
|
|
|
|
## Stack
|
|
Next.js 16 App Router · Neon Postgres · Drizzle ORM · Auth.js v4 · Tailwind v4 · shadcn/ui · Zod · nanoid
|
|
|
|
## Architecture Constraints (LOCKED)
|
|
1. `clients.token` = campo separato rotatable, MAI primary key
|
|
2. `quote_items` MAI esposti via client API — solo `accepted_total` al cliente
|
|
3. `deliverables.approved_at` immutable once set
|
|
4. Auth: `/client/[token]/*` → middleware token check | `/admin/*` → Auth.js session
|
|
5. No file hosting v1 — documenti come URL esterni
|
|
|
|
## GSD Workflow
|
|
Planning in `.planning/`. Use `/gsd-plan-phase N` → `/gsd-execute-phase N`. State in `.planning/STATE.md`.
|
|
|
|
## Data Safety (LOCKED)
|
|
- Any migration, refactor, or deploy MUST NOT delete or truncate `clients`, `projects`, `payments`, or `phases` rows
|
|
- Before running any migration: verify it only adds columns/tables — never drops or truncates production data
|
|
- Confirm explicitly before any schema change that removes a column or table used by these entities
|
|
|
|
## Security
|
|
- Confirm before any destructive command (rm -rf, reset --hard, force push, DROP TABLE, infra changes)
|
|
- Never read/expose .env or credentials without explicit request
|
|
- Don't install packages without showing name + registry + version first
|
|
- Don't push to main or create PRs without explicit confirmation
|
|
- Any change to this section: propose full new version, get approval before applying |