# Phase 1: Foundation - Context Bundle ## Task Description Implement Phase 1 Foundation for MoreMinimore SAAS platform. This phase establishes the core infrastructure including project setup, database configuration, authentication system, user management, and CI/CD pipeline. ## Scope Boundaries ### In Scope - Next.js 15 project initialization with TypeScript - PostgreSQL database setup with Drizzle ORM - Complete database schema (20+ tables from SPECIFICATION.md) - Redis caching setup - JWT-based authentication system - User management APIs and UI - CI/CD pipeline with GitHub Actions - Automated testing setup (Vitest, Playwright) ### Out of Scope - Organization management (Phase 2) - Project management (Phase 2) - AI integration (Phase 2) - Easypanel integration (Phase 4) - Gitea integration (Phase 5) - Billing system (Phase 6) ## Technical Requirements ### Technology Stack - **Frontend**: Next.js 15 (App Router), React 19, Tailwind CSS 4, shadcn/ui - **Backend**: Next.js API Routes, Node.js 20+ - **Database**: PostgreSQL 16+, Drizzle ORM - **Cache**: Redis 7+ - **State**: Zustand (global), React Query (server state) - **Testing**: Vitest (unit), Playwright (E2E) - **CI/CD**: GitHub Actions ### Database Schema All tables from SPECIFICATION.md lines 141-397: - users, organizations, organization_members - projects, project_versions - chats, messages, prompts - ai_providers, ai_models, user_api_keys - design_systems, deployment_logs - invoices, subscription_events - audit_logs, sessions - email_verification_tokens, password_reset_tokens ### Authentication Requirements - JWT access tokens (15 min expiration) - JWT refresh tokens (7 days expiration) - HTTP-only cookies for token storage - Email verification required - Password reset flow - Role-based authorization (admin, co_admin, owner, user) ## Constraints ### Code Quality Standards - Pure functions (no side effects) - Immutability (create new data, don't modify) - Small functions (< 50 lines) - Explicit dependencies (dependency injection) - Modular design (< 100 lines per component) ### Testing Requirements - AAA pattern (Arrange → Act → Assert) - Critical code: 100% coverage - High priority: 90%+ coverage - Medium priority: 80%+ coverage ### Security Requirements - Never expose sensitive data in logs - Use environment variables for secrets - Validate all input data - Use parameterized queries - Implement rate limiting - CSRF protection ## Expected Deliverables ### 1. Project Structure ``` src/ ├── app/ # Next.js App Router │ ├── api/ # API routes │ ├── auth/ # Auth pages │ ├── dashboard/ # Dashboard pages │ └── layout.tsx ├── components/ # React components │ ├── ui/ # shadcn/ui components │ ├── auth/ # Auth components │ └── dashboard/ # Dashboard components ├── lib/ # Utilities │ ├── db/ # Database utilities │ ├── auth/ # Auth utilities │ └── utils.ts ├── services/ # Business logic │ ├── auth.service.ts │ ├── user.service.ts │ └── email.service.ts ├── types/ # TypeScript types │ └── index.ts └── middleware.ts # Next.js middleware ``` ### 2. Database - PostgreSQL database `moreminimore` - Drizzle ORM configured - All tables created with proper indexes - Initial migration generated and applied - Redis connection configured ### 3. Authentication - Password hashing utility (bcrypt) - JWT generation/verification utilities - Auth APIs: register, login, refresh, logout, verify-email, forgot-password, reset-password - Auth middleware: requireAuth, requireRole, requireOrgMembership - Session management in database ### 4. User Management - User profile APIs (GET/PATCH /api/users/me) - Admin user management APIs (GET/PATCH/DELETE /api/users) - User profile page - Settings page - Admin user management page ### 5. CI/CD - GitHub Actions workflow file - Automated testing on push/PR - Test coverage reporting - Build validation ## Acceptance Criteria ### Project Setup - [ ] Next.js 15 project created with TypeScript - [ ] Tailwind CSS 4 configured - [ ] shadcn/ui components installed - [ ] ESLint and Prettier configured - [ ] Path aliases configured (@/components, @/lib, etc.) - [ ] Environment variables template created ### Database - [ ] PostgreSQL database created - [ ] Drizzle ORM configured - [ ] All 20+ tables defined in schema - [ ] Indexes created for performance - [ ] Initial migration generated - [ ] Migration applied successfully - [ ] Redis connection tested ### Authentication - [ ] Password hashing/verification working - [ ] JWT tokens generated with correct expiration - [ ] Register API creates user and sends verification email - [ ] Login API generates tokens and sets cookies - [ ] Refresh API rotates tokens correctly - [ ] Logout API clears cookies and invalidates session - [ ] Email verification API works - [ ] Password reset flow works end-to-end - [ ] Auth middleware protects routes correctly - [ ] Role-based authorization works ### User Management - [ ] User profile API returns correct data - [ ] User profile update works - [ ] Password change works - [ ] Admin can list all users - [ ] Admin can update user details - [ ] Admin can ban/unban users - [ ] User profile page displays correctly - [ ] Settings page works - [ ] Admin user management page works ### CI/CD - [ ] GitHub Actions workflow runs on push - [ ] Tests execute automatically - [ ] Coverage report generated - [ ] Build validation passes - [ ] PR checks work ## Context Files ### Code Quality Standards - Location: /Users/kunthawatgreethong/.config/opencode/context/core/standards/code-quality.md - Key principles: Modular, Functional, Maintainable - Critical patterns: Pure functions, immutability, composition, dependency injection - Anti-patterns: Mutation, side effects, deep nesting, god modules ### Documentation Standards - Location: /Users/kunthawatgreethong/.config/opencode/context/core/standards/documentation.md - Golden Rule: If users ask the same question twice, document it - Document WHY decisions were made, not just WHAT code does ### Testing Standards - Location: /Users/kunthawatgreethong/.config/opencode/context/core/standards/test-coverage.md - Golden Rule: If you can't test it easily, refactor it - AAA pattern: Arrange → Act → Assert - Coverage goals: Critical 100%, High 90%+, Medium 80%+ ### Essential Patterns - Location: /Users/kunthawatgreethong/.config/opencode/context/core/essential-patterns.md - Core patterns: Error handling, validation, security, logging, pure functions - ALWAYS: Handle errors gracefully, validate input, use env vars for secrets - NEVER: Expose sensitive info, hardcode credentials, skip validation ### Specification - Location: /Users/kunthawatgreethong/Gitea/moreminimore-vibe/Websitebuilder/SPECIFICATION.md - Complete technical specification with database schema, API design, authentication flow ### Task Breakdown - Location: /Users/kunthawatgreethong/Gitea/moreminimore-vibe/Websitebuilder/TASKS.md - Detailed task breakdown for all phases ## Risks & Considerations ### Technical Risks - PostgreSQL setup complexity on local development - Redis configuration and connection pooling - JWT token security and rotation - Email service integration (Resend/SendGrid) - Database migration conflicts ### Mitigation Strategies - Use Docker for local PostgreSQL/Redis if needed - Implement comprehensive error handling - Add extensive logging for debugging - Create rollback procedures for migrations - Test authentication flow thoroughly ## Next Steps After Phase 1 completion: 1. Validate all acceptance criteria 2. Run full test suite 3. Document any deviations 4. Prepare for Phase 2: Core Features --- **Session ID**: ses_phase1_foundation **Created**: January 19, 2026 **Priority**: High **Estimated Duration**: 4 weeks