Add websitebuilder app
This commit is contained in:
Kunthawat Greethong
273
.tmp/sessions/phase1-foundation/context.md
Normal file
273
.tmp/sessions/phase1-foundation/context.md
Normal file
@@ -0,0 +1,273 @@
|
||||
# Phase 1: Foundation - Context Bundle
|
||||
|
||||
## Task Description
|
||||
|
||||
Implement Phase 1 Foundation for MoreMinimore SAAS platform. This phase establishes the core infrastructure including project setup, database configuration, authentication system, user management, and CI/CD pipeline.
|
||||
|
||||
## Scope Boundaries
|
||||
|
||||
### In Scope
|
||||
|
||||
- Next.js 15 project initialization with TypeScript
|
||||
- PostgreSQL database setup with Drizzle ORM
|
||||
- Complete database schema (20+ tables from SPECIFICATION.md)
|
||||
- Redis caching setup
|
||||
- JWT-based authentication system
|
||||
- User management APIs and UI
|
||||
- CI/CD pipeline with GitHub Actions
|
||||
- Automated testing setup (Vitest, Playwright)
|
||||
|
||||
### Out of Scope
|
||||
|
||||
- Organization management (Phase 2)
|
||||
- Project management (Phase 2)
|
||||
- AI integration (Phase 2)
|
||||
- Easypanel integration (Phase 4)
|
||||
- Gitea integration (Phase 5)
|
||||
- Billing system (Phase 6)
|
||||
|
||||
## Technical Requirements
|
||||
|
||||
### Technology Stack
|
||||
|
||||
- **Frontend**: Next.js 15 (App Router), React 19, Tailwind CSS 4, shadcn/ui
|
||||
- **Backend**: Next.js API Routes, Node.js 20+
|
||||
- **Database**: PostgreSQL 16+, Drizzle ORM
|
||||
- **Cache**: Redis 7+
|
||||
- **State**: Zustand (global), React Query (server state)
|
||||
- **Testing**: Vitest (unit), Playwright (E2E)
|
||||
- **CI/CD**: GitHub Actions
|
||||
|
||||
### Database Schema
|
||||
|
||||
All tables from SPECIFICATION.md lines 141-397:
|
||||
|
||||
- users, organizations, organization_members
|
||||
- projects, project_versions
|
||||
- chats, messages, prompts
|
||||
- ai_providers, ai_models, user_api_keys
|
||||
- design_systems, deployment_logs
|
||||
- invoices, subscription_events
|
||||
- audit_logs, sessions
|
||||
- email_verification_tokens, password_reset_tokens
|
||||
|
||||
### Authentication Requirements
|
||||
|
||||
- JWT access tokens (15 min expiration)
|
||||
- JWT refresh tokens (7 days expiration)
|
||||
- HTTP-only cookies for token storage
|
||||
- Email verification required
|
||||
- Password reset flow
|
||||
- Role-based authorization (admin, co_admin, owner, user)
|
||||
|
||||
## Constraints
|
||||
|
||||
### Code Quality Standards
|
||||
|
||||
- Pure functions (no side effects)
|
||||
- Immutability (create new data, don't modify)
|
||||
- Small functions (< 50 lines)
|
||||
- Explicit dependencies (dependency injection)
|
||||
- Modular design (< 100 lines per component)
|
||||
|
||||
### Testing Requirements
|
||||
|
||||
- AAA pattern (Arrange → Act → Assert)
|
||||
- Critical code: 100% coverage
|
||||
- High priority: 90%+ coverage
|
||||
- Medium priority: 80%+ coverage
|
||||
|
||||
### Security Requirements
|
||||
|
||||
- Never expose sensitive data in logs
|
||||
- Use environment variables for secrets
|
||||
- Validate all input data
|
||||
- Use parameterized queries
|
||||
- Implement rate limiting
|
||||
- CSRF protection
|
||||
|
||||
## Expected Deliverables
|
||||
|
||||
### 1. Project Structure
|
||||
|
||||
```
|
||||
src/
|
||||
├── app/ # Next.js App Router
|
||||
│ ├── api/ # API routes
|
||||
│ ├── auth/ # Auth pages
|
||||
│ ├── dashboard/ # Dashboard pages
|
||||
│ └── layout.tsx
|
||||
├── components/ # React components
|
||||
│ ├── ui/ # shadcn/ui components
|
||||
│ ├── auth/ # Auth components
|
||||
│ └── dashboard/ # Dashboard components
|
||||
├── lib/ # Utilities
|
||||
│ ├── db/ # Database utilities
|
||||
│ ├── auth/ # Auth utilities
|
||||
│ └── utils.ts
|
||||
├── services/ # Business logic
|
||||
│ ├── auth.service.ts
|
||||
│ ├── user.service.ts
|
||||
│ └── email.service.ts
|
||||
├── types/ # TypeScript types
|
||||
│ └── index.ts
|
||||
└── middleware.ts # Next.js middleware
|
||||
```
|
||||
|
||||
### 2. Database
|
||||
|
||||
- PostgreSQL database `moreminimore`
|
||||
- Drizzle ORM configured
|
||||
- All tables created with proper indexes
|
||||
- Initial migration generated and applied
|
||||
- Redis connection configured
|
||||
|
||||
### 3. Authentication
|
||||
|
||||
- Password hashing utility (bcrypt)
|
||||
- JWT generation/verification utilities
|
||||
- Auth APIs: register, login, refresh, logout, verify-email, forgot-password, reset-password
|
||||
- Auth middleware: requireAuth, requireRole, requireOrgMembership
|
||||
- Session management in database
|
||||
|
||||
### 4. User Management
|
||||
|
||||
- User profile APIs (GET/PATCH /api/users/me)
|
||||
- Admin user management APIs (GET/PATCH/DELETE /api/users)
|
||||
- User profile page
|
||||
- Settings page
|
||||
- Admin user management page
|
||||
|
||||
### 5. CI/CD
|
||||
|
||||
- GitHub Actions workflow file
|
||||
- Automated testing on push/PR
|
||||
- Test coverage reporting
|
||||
- Build validation
|
||||
|
||||
## Acceptance Criteria
|
||||
|
||||
### Project Setup
|
||||
|
||||
- [ ] Next.js 15 project created with TypeScript
|
||||
- [ ] Tailwind CSS 4 configured
|
||||
- [ ] shadcn/ui components installed
|
||||
- [ ] ESLint and Prettier configured
|
||||
- [ ] Path aliases configured (@/components, @/lib, etc.)
|
||||
- [ ] Environment variables template created
|
||||
|
||||
### Database
|
||||
|
||||
- [ ] PostgreSQL database created
|
||||
- [ ] Drizzle ORM configured
|
||||
- [ ] All 20+ tables defined in schema
|
||||
- [ ] Indexes created for performance
|
||||
- [ ] Initial migration generated
|
||||
- [ ] Migration applied successfully
|
||||
- [ ] Redis connection tested
|
||||
|
||||
### Authentication
|
||||
|
||||
- [ ] Password hashing/verification working
|
||||
- [ ] JWT tokens generated with correct expiration
|
||||
- [ ] Register API creates user and sends verification email
|
||||
- [ ] Login API generates tokens and sets cookies
|
||||
- [ ] Refresh API rotates tokens correctly
|
||||
- [ ] Logout API clears cookies and invalidates session
|
||||
- [ ] Email verification API works
|
||||
- [ ] Password reset flow works end-to-end
|
||||
- [ ] Auth middleware protects routes correctly
|
||||
- [ ] Role-based authorization works
|
||||
|
||||
### User Management
|
||||
|
||||
- [ ] User profile API returns correct data
|
||||
- [ ] User profile update works
|
||||
- [ ] Password change works
|
||||
- [ ] Admin can list all users
|
||||
- [ ] Admin can update user details
|
||||
- [ ] Admin can ban/unban users
|
||||
- [ ] User profile page displays correctly
|
||||
- [ ] Settings page works
|
||||
- [ ] Admin user management page works
|
||||
|
||||
### CI/CD
|
||||
|
||||
- [ ] GitHub Actions workflow runs on push
|
||||
- [ ] Tests execute automatically
|
||||
- [ ] Coverage report generated
|
||||
- [ ] Build validation passes
|
||||
- [ ] PR checks work
|
||||
|
||||
## Context Files
|
||||
|
||||
### Code Quality Standards
|
||||
|
||||
- Location: /Users/kunthawatgreethong/.config/opencode/context/core/standards/code-quality.md
|
||||
- Key principles: Modular, Functional, Maintainable
|
||||
- Critical patterns: Pure functions, immutability, composition, dependency injection
|
||||
- Anti-patterns: Mutation, side effects, deep nesting, god modules
|
||||
|
||||
### Documentation Standards
|
||||
|
||||
- Location: /Users/kunthawatgreethong/.config/opencode/context/core/standards/documentation.md
|
||||
- Golden Rule: If users ask the same question twice, document it
|
||||
- Document WHY decisions were made, not just WHAT code does
|
||||
|
||||
### Testing Standards
|
||||
|
||||
- Location: /Users/kunthawatgreethong/.config/opencode/context/core/standards/test-coverage.md
|
||||
- Golden Rule: If you can't test it easily, refactor it
|
||||
- AAA pattern: Arrange → Act → Assert
|
||||
- Coverage goals: Critical 100%, High 90%+, Medium 80%+
|
||||
|
||||
### Essential Patterns
|
||||
|
||||
- Location: /Users/kunthawatgreethong/.config/opencode/context/core/essential-patterns.md
|
||||
- Core patterns: Error handling, validation, security, logging, pure functions
|
||||
- ALWAYS: Handle errors gracefully, validate input, use env vars for secrets
|
||||
- NEVER: Expose sensitive info, hardcode credentials, skip validation
|
||||
|
||||
### Specification
|
||||
|
||||
- Location: /Users/kunthawatgreethong/Gitea/moreminimore-vibe/Websitebuilder/SPECIFICATION.md
|
||||
- Complete technical specification with database schema, API design, authentication flow
|
||||
|
||||
### Task Breakdown
|
||||
|
||||
- Location: /Users/kunthawatgreethong/Gitea/moreminimore-vibe/Websitebuilder/TASKS.md
|
||||
- Detailed task breakdown for all phases
|
||||
|
||||
## Risks & Considerations
|
||||
|
||||
### Technical Risks
|
||||
|
||||
- PostgreSQL setup complexity on local development
|
||||
- Redis configuration and connection pooling
|
||||
- JWT token security and rotation
|
||||
- Email service integration (Resend/SendGrid)
|
||||
- Database migration conflicts
|
||||
|
||||
### Mitigation Strategies
|
||||
|
||||
- Use Docker for local PostgreSQL/Redis if needed
|
||||
- Implement comprehensive error handling
|
||||
- Add extensive logging for debugging
|
||||
- Create rollback procedures for migrations
|
||||
- Test authentication flow thoroughly
|
||||
|
||||
## Next Steps
|
||||
|
||||
After Phase 1 completion:
|
||||
|
||||
1. Validate all acceptance criteria
|
||||
2. Run full test suite
|
||||
3. Document any deviations
|
||||
4. Prepare for Phase 2: Core Features
|
||||
|
||||
---
|
||||
|
||||
**Session ID**: ses_phase1_foundation
|
||||
**Created**: January 19, 2026
|
||||
**Priority**: High
|
||||
**Estimated Duration**: 4 weeks
|
||||
Reference in New Issue
Block a user