Nicholai/united-tattoo
1
1
Fork 0
Code Issues 24 Pull Requests Actions 2 Packages Projects Releases Wiki Activity

finished backup of bmad v4

Browse Source
This commit is contained in:
Nicholai 2025-10-07 00:00:26 -06:00
parent c7efa8bc9f
commit fe775505cb
51 changed files with 0 additions and 9580 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

216
D1_SETUP.md
View File

@ -1,216 +0,0 @@
# Cloudflare D1 Database Setup Guide
This guide will help you set up Cloudflare D1 database for the United Tattoo Studio management platform.
## Prerequisites
1. **Cloudflare Account** with Workers/Pages access
2. **Wrangler CLI** installed globally: `npm install -g wrangler`
3. **Authenticated with Cloudflare**: `wrangler auth login`
## Step 1: Create D1 Database
```bash
# Create the D1 database
npm run db:create
# This will output something like:
# ✅ Successfully created DB 'united-tattoo-db' in region ENAM
# Created your database using D1's new storage backend. The new storage backend is not yet recommended for production workloads, but backs up your data via point-in-time restore.
#
# [[d1_databases]]
# binding = "DB"
# database_name = "united-tattoo-db"
# database_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
```
## Step 2: Update wrangler.toml
Copy the `database_id` from the output above and update your `wrangler.toml`:
```toml
[[d1_databases]]
binding = "DB"
database_name = "united-tattoo-db"
database_id = "your-actual-database-id-here" # Replace with the ID from step 1
```
## Step 3: Run Database Migrations
### Baseline (schema.sql)
The legacy baseline remains available for convenience during development:
```bash
# Create tables in local D1 database using schema.sql (legacy baseline)
npm run db:migrate:local
```
### For Production (schema.sql):
```bash
# Create tables in production D1 database using schema.sql (legacy baseline)
npm run db:migrate
```
### New: Versioned SQL Migrations (UP/DOWN)
Migrations live in `sql/migrations/` using the pattern `YYYYMMDD_NNNN_description.sql` and a matching `*_down.sql`.
Initial baseline (derived from `sql/schema.sql`):
- `sql/migrations/20250918_0001_initial.sql` (UP)
- `sql/migrations/20250918_0001_initial_down.sql` (DOWN)
Run on Preview (default binding):
```bash
# Apply the initial UP migration
npm run db:migrate:up:preview
# Rollback the initial migration
npm run db:migrate:down:preview
```
Run on Production (remote):
```bash
# Apply the initial UP migration to prod
npm run db:migrate:up:prod
# Rollback the initial migration on prod
npm run db:migrate:down:prod
```
Apply all UP migrations in order:
```bash
# Preview
npm run db:migrate:latest:preview
# Production (remote)
npm run db:migrate:latest:prod
```
Notes:
- Latest simply runs all `*.sql` files excluding `*_down.sql` in lexicographic order.
- A migrations_log table will be added in a later story for precise tracking.
## Step 4: Verify Database Setup
### Check Local Database:
```bash
# List tables in local database
npm run db:studio:local
```
### Check Production Database:
```bash
# List tables in production database
npm run db:studio
```
## Step 5: Development Workflow
### Local Development:
```bash
# Start Next.js development server
npm run dev
# The app will use local SQLite file for development
# Database file: ./local.db
```
### Preview with Cloudflare:
```bash
# Build for Cloudflare Pages
npm run pages:build
# Preview locally with Cloudflare runtime
npm run preview
# Deploy to Cloudflare Pages
npm run deploy
```
## Database Schema
The database includes the following tables:
- `users` - User accounts and roles
- `artists` - Artist profiles and information
- `portfolio_images` - Artist portfolio images
- `appointments` - Booking and appointment data
- `availability` - Artist availability schedules
- `site_settings` - Studio configuration
- `file_uploads` - File upload metadata
## Environment Variables
### Local Development (.env.local):
```env
DATABASE_URL="file:./local.db"
DIRECT_URL="file:./local.db"
```
### Production (Cloudflare Pages):
Environment variables are managed through:
1. `wrangler.toml` for public variables
2. Cloudflare Dashboard for secrets
3. D1 database binding automatically available as `env.DB`
## Useful Commands
```bash
# Database Management
npm run db:create # Create new D1 database
npm run db:migrate # Run migrations on production DB
npm run db:migrate:local # Run migrations on local DB
npm run db:backup # Export remote DB to backups/d1-backup-YYYYMMDD-HHMM.sql (uses --output)
npm run db:backup:local # Export local DB to backups/d1-backup-YYYYMMDD-HHMM.sql (uses --local --output)
npm run db:migrate:up:preview # Apply UP migration on preview
npm run db:migrate:down:preview # Apply DOWN migration on preview
npm run db:migrate:up:prod # Apply UP migration on production (remote)
npm run db:migrate:down:prod # Apply DOWN migration on production (remote)
npm run db:migrate:latest:preview # Apply all UP migrations (preview)
npm run db:migrate:latest:prod # Apply all UP migrations (prod)
npm run db:studio # Query production database
npm run db:studio:local # Query local database
# Cloudflare Pages
npm run pages:build # Build for Cloudflare Pages
npm run preview # Preview with Cloudflare runtime
npm run deploy # Deploy to Cloudflare Pages
# Development
npm run dev # Start Next.js dev server
npm run build # Standard Next.js build
```
## Troubleshooting
### Common Issues:
1. **"Database not found"**
- Make sure you've created the D1 database: `npm run db:create`
- Verify the `database_id` in `wrangler.toml` matches the created database
2. **"Tables don't exist"**
- Run migrations: `npm run db:migrate:local` (for local) or `npm run db:migrate` (for production)
3. **"Wrangler not authenticated"**
- Run: `wrangler auth login`
4. **"Permission denied"**
- Ensure your Cloudflare account has Workers/Pages access
- Check that you're authenticated with the correct account
### Database Access in Code:
In your API routes, access the D1 database through the environment binding:
```typescript
// In API routes (production)
const db = env.DB; // Cloudflare D1 binding
// For local development, you'll use SQLite
// The lib/db.ts file handles this automatically
```
## Next Steps
After setting up D1:
1. Update the database functions in `lib/db.ts` to use actual D1 queries
2. Test the admin dashboard with real database operations
3. Deploy to Cloudflare Pages for production testing

214
admin_dashboard_implementation_plan.md
View File

@ -1,214 +0,0 @@
# Implementation Plan
## Overview
Implement a comprehensive admin dashboard with full CRUD operations for artist management, Cloudflare R2 file upload system, appointment scheduling interface, and database population from existing artist data.
This implementation extends the existing United Tattoo Studio platform by building out the admin interface components, integrating Cloudflare R2 for portfolio image uploads, creating a full appointment management system with calendar views, and migrating the current mock artist data into the Cloudflare D1 database. The admin dashboard will provide complete management capabilities for studio operations while maintaining the existing public-facing website functionality.
## Types
Define comprehensive type system for admin dashboard components and enhanced database operations.
```typescript
// Admin Dashboard Types
interface AdminDashboardStats {
totalArtists: number
activeArtists: number
totalAppointments: number
pendingAppointments: number
totalUploads: number
recentUploads: number
}
interface FileUploadProgress {
id: string
filename: string
progress: number
status: 'uploading' | 'processing' | 'complete' | 'error'
url?: string
error?: string
}
interface CalendarEvent {
id: string
title: string
start: Date
end: Date
artistId: string
clientId: string
status: AppointmentStatus
description?: string
}
// Enhanced Artist Types
interface ArtistFormData {
name: string
bio: string
specialties: string[]
instagramHandle?: string
hourlyRate?: number
isActive: boolean
email?: string
portfolioImages?: File[]
}
interface PortfolioImageUpload {
file: File
caption?: string
tags: string[]
orderIndex: number
}
// File Upload Types
interface R2UploadResponse {
success: boolean
url?: string
key?: string
error?: string
}
interface BulkUploadResult {
successful: FileUpload[]
failed: { filename: string; error: string }[]
total: number
}
```
## Files
Create new admin dashboard pages and components while enhancing existing database and upload functionality.
**New Files to Create:**
- `app/admin/artists/page.tsx` - Artist management list view
- `app/admin/artists/new/page.tsx` - Create new artist form
- `app/admin/artists/[id]/page.tsx` - Edit artist details
- `app/admin/artists/[id]/portfolio/page.tsx` - Manage artist portfolio
- `app/admin/calendar/page.tsx` - Appointment calendar interface
- `app/admin/uploads/page.tsx` - File upload management
- `app/admin/settings/page.tsx` - Studio settings management
- `components/admin/artist-form.tsx` - Artist creation/editing form
- `components/admin/portfolio-manager.tsx` - Portfolio image management
- `components/admin/file-uploader.tsx` - Cloudflare R2 file upload component
- `components/admin/appointment-calendar.tsx` - Calendar component for appointments
- `components/admin/stats-dashboard.tsx` - Dashboard statistics display
- `components/admin/data-table.tsx` - Reusable data table component
- `lib/r2-upload.ts` - Cloudflare R2 upload utilities
- `lib/data-migration.ts` - Artist data migration utilities
- `hooks/use-file-upload.ts` - File upload hook with progress tracking
- `hooks/use-calendar.ts` - Calendar state management hook
**Files to Modify:**
- `app/api/artists/route.ts` - Enhance with real database operations
- `app/api/artists/[id]/route.ts` - Add portfolio image management
- `app/api/upload/route.ts` - Implement Cloudflare R2 integration
- `app/api/settings/route.ts` - Add site settings CRUD operations
- `app/api/appointments/route.ts` - Create appointment management API
- `lib/db.ts` - Update database functions to work with runtime environment
- `lib/validations.ts` - Add admin form validation schemas
- `components/admin/sidebar.tsx` - Update navigation for new pages
## Functions
Implement comprehensive CRUD operations and file management functionality.
**New Functions:**
- `uploadToR2(file: File, key: string): Promise<R2UploadResponse>` in `lib/r2-upload.ts`
- `bulkUploadToR2(files: File[]): Promise<BulkUploadResult>` in `lib/r2-upload.ts`
- `migrateArtistData(): Promise<void>` in `lib/data-migration.ts`
- `getArtistStats(): Promise<AdminDashboardStats>` in `lib/db.ts`
- `createAppointment(data: CreateAppointmentInput): Promise<Appointment>` in `lib/db.ts`
- `getAppointmentsByDateRange(start: Date, end: Date): Promise<CalendarEvent[]>` in `lib/db.ts`
- `useFileUpload(): FileUploadHook` in `hooks/use-file-upload.ts`
- `useCalendar(): CalendarHook` in `hooks/use-calendar.ts`
**Modified Functions:**
- Update `getArtists()` in `lib/db.ts` to use actual D1 database
- Enhance `createArtist()` to handle portfolio image uploads
- Modify `updateArtist()` to support portfolio management
- Update API route handlers to use enhanced database functions
## Classes
Create reusable component classes and utility classes for admin functionality.
**New Classes:**
- `FileUploadManager` class in `lib/r2-upload.ts` for managing multiple file uploads
- `CalendarManager` class in `lib/calendar.ts` for appointment scheduling logic
- `DataMigrator` class in `lib/data-migration.ts` for database migration operations
**Component Classes:**
- `ArtistForm` component class with form validation and submission
- `PortfolioManager` component class for drag-and-drop image management
- `FileUploader` component class with progress tracking and error handling
- `AppointmentCalendar` component class with scheduling capabilities
## Dependencies
Add required packages for enhanced admin functionality.
**New Dependencies:**
- `@aws-sdk/client-s3` (already installed) - For Cloudflare R2 operations
- `react-big-calendar` (already installed) - For appointment calendar
- `react-dropzone` (already installed) - For file upload interface
- `@tanstack/react-query` (already installed) - For data fetching and caching
**Configuration Updates:**
- Update `wrangler.toml` with R2 bucket configuration
- Add environment variables for R2 access keys
- Configure Next.js for file upload handling
## Testing
Implement comprehensive testing for admin dashboard functionality.
**Test Files to Create:**
- `__tests__/admin/artist-form.test.tsx` - Artist form component tests
- `__tests__/admin/file-upload.test.tsx` - File upload functionality tests
- `__tests__/api/artists.test.ts` - Artist API endpoint tests
- `__tests__/lib/r2-upload.test.ts` - R2 upload utility tests
- `__tests__/lib/data-migration.test.ts` - Data migration tests
**Testing Strategy:**
- Unit tests for all new utility functions
- Component tests for admin dashboard components
- Integration tests for API endpoints with database operations
- E2E tests for complete admin workflows (create artist, upload portfolio, schedule appointment)
## Implementation Order
Sequential implementation steps to ensure proper integration and minimal conflicts.
1. **Database Migration and Population**
- Implement data migration utilities in `lib/data-migration.ts`
- Create migration script to populate D1 database with existing artist data
- Update database functions in `lib/db.ts` to work with runtime environment
- Test database operations with migrated data
2. **Cloudflare R2 File Upload System**
- Implement R2 upload utilities in `lib/r2-upload.ts`
- Create file upload hook in `hooks/use-file-upload.ts`
- Update upload API route in `app/api/upload/route.ts`
- Create file uploader component in `components/admin/file-uploader.tsx`
3. **Artist Management Interface**
- Create artist form component in `components/admin/artist-form.tsx`
- Implement artist management pages (`app/admin/artists/`)
- Create portfolio manager component in `components/admin/portfolio-manager.tsx`
- Update artist API routes with enhanced functionality
4. **Appointment Calendar System**
- Create calendar hook in `hooks/use-calendar.ts`
- Implement appointment calendar component in `components/admin/appointment-calendar.tsx`
- Create appointment API routes in `app/api/appointments/`
- Build calendar page in `app/admin/calendar/page.tsx`
5. **Admin Dashboard Enhancement**
- Create stats dashboard component in `components/admin/stats-dashboard.tsx`
- Implement settings management in `app/admin/settings/page.tsx`
- Create data table component in `components/admin/data-table.tsx`
- Update main dashboard page with real data integration
6. **Testing and Validation**
- Implement unit tests for all new functionality
- Create integration tests for API endpoints
- Add E2E tests for admin workflows
- Validate all CRUD operations and file uploads
7. **Final Integration and Optimization**
- Update sidebar navigation for all new pages
- Implement error handling and loading states
- Add proper TypeScript types throughout
- Optimize performance and add caching where appropriate

512
artist_profile_refactor_implementation_plan.md
View File

@ -1,512 +0,0 @@
# Artist Profile Refactor Implementation Plan
## Overview
Refactor the artists grid and individual artist profile pages to load content from a Cloudflare D1 database instead of static data. Enable artists to log into backend profiles where they can manage their portfolio images, bio, and other information. The existing `data/artists.ts` will serve as seed data for the database.
This implementation connects the existing database schema, API routes, and authentication system with the public-facing components, while also creating an artist dashboard for self-service portfolio management.
## Types
Database and API type definitions for artist profile management.
**Key Type Updates:**
- Ensure `Artist` interface in `types/database.ts` matches D1 schema columns
- Add `ArtistWithPortfolio` type that includes populated `portfolioImages` array
- Create `PublicArtist` type for sanitized public API responses
- Add `ArtistDashboardStats` type for artist-specific analytics
**New Type Definitions:**
```typescript
// types/database.ts additions
export interface ArtistWithPortfolio extends Artist {
portfolioImages: PortfolioImage[]
user?: {
name: string
email: string
avatar?: string
}
}
export interface PublicArtist {
id: string
name: string
bio: string
specialties: string[]
instagramHandle?: string
portfolioImages: PortfolioImage[]
isActive: boolean
hourlyRate?: number
}
export interface ArtistDashboardStats {
totalImages: number
activeImages: number
profileViews?: number
lastUpdated: Date
}
```
## Files
### Files to Modify
**1. `lib/db.ts`**
- Add `getArtistWithPortfolio(id: string)` function that joins artists with portfolio_images
- Add `getPublicArtists()` function that returns only active artists with public portfolio images
- Add `getArtistByUserId(userId: string)` function for artist dashboard access
- Update `getArtists()` to parse JSON fields properly (specialties)
**2. `app/api/artists/route.ts`**
- Update GET handler to return artists with portfolio images
- Add pagination support to prevent loading all artists at once
- Add filtering by specialty and search query
- Ensure responses match `PublicArtist` type for public endpoints
**3. `app/api/artists/[id]/route.ts`**
- Create this file (currently missing)
- Add GET endpoint to fetch single artist with portfolio
- Add PUT endpoint for updating artist (admin or artist themselves)
- Add authorization check (admin or owner)
**4. `components/artists-grid.tsx`**
- Remove hardcoded `artists` array
- Add `useEffect` to fetch artists from `/api/artists`
- Add loading and error states
- Update to use API response data structure
- Keep existing filtering UI but apply to fetched data
- Update routing to use database IDs instead of hardcoded IDs
**5. `components/artist-portfolio.tsx`**
- Remove hardcoded `artistsData` object
- Add `useEffect` to fetch artist data from `/api/artists/${artistId}`
- Add loading and error states
- Update image galleries to use portfolio images from database
- Handle missing artist gracefully
- Update data structure to match API response
**6. `components/artists-page-section.tsx`**
- Remove import from `@/data/artists`
- Fetch artists from API in component
- Add loading state
**7. `components/artists-section.tsx`**
- Remove import from `@/data/artists`
- Fetch artists from API
- Add loading skeleton
**8. `components/booking-form.tsx`**
- Update artist selection to fetch from API
- Remove import from `@/data/artists`
**9. `app/artists/[id]/page.tsx`**
- Update to use database-friendly slug or ID
- May need to support both slug-based and ID-based routing during migration
**10. `lib/auth.ts`**
- Add `getArtistSession()` helper that checks if logged-in user is an artist
- Add `requireArtistAuth()` helper for artist-only routes
**11. `sql/schema.sql`**
- Add missing columns if needed (review against `data/artists.ts` structure)
- Add indexes for performance (slug, user_id lookups)
- Consider adding `slug` column to artists table for SEO-friendly URLs
**12. `lib/data-migration.ts`**
- Update migration to use all artists from `data/artists.ts`
- Fix portfolio image creation to handle all work images
- Add proper slug generation from artist names
- Ensure idempotency (can be run multiple times safely)
### Files to Create
**1. `app/artist-dashboard/page.tsx`**
- New artist dashboard home page
- Show artist's own profile overview
- Display stats (total images, views, etc.)
- Quick links to edit profile and portfolio
**2. `app/artist-dashboard/layout.tsx`**
- Layout wrapper for artist dashboard
- Navigation sidebar for dashboard sections
- Artist profile header
- Requires ARTIST or SHOP_ADMIN role
**3. `app/artist-dashboard/profile/page.tsx`**
- Artist profile edit page
- Reuse `<ArtistForm>` component but filtered for artist-editable fields
- Artists can edit: bio, specialties, instagram, hourly rate
- Cannot edit: name, email, isActive (admin only)
**4. `app/artist-dashboard/portfolio/page.tsx`**
- Portfolio image management page
- Upload new images
- Edit captions and tags
- Reorder images (drag and drop)
- Delete images
- Set visibility (public/private)
**5. `app/api/artists/me/route.ts`**
- GET endpoint to fetch current logged-in artist's data
- Requires authentication
- Returns artist profile for logged-in user
**6. `app/api/portfolio/route.ts`** (if not exists)
- POST endpoint to add portfolio images
- Requires artist or admin auth
- Handles R2 upload integration
**7. `app/api/portfolio/[id]/route.ts`**
- GET single portfolio image
- PUT to update (caption, tags, order, visibility)
- DELETE to remove image
- Authorization: admin or image owner
**8. `components/admin/portfolio-manager.tsx`**
- Reusable component for managing portfolio images
- Used in both admin and artist dashboard
- Image upload, grid display, edit modals
- Drag-drop reordering
**9. `hooks/use-artist-data.ts`**
- Custom hook for fetching artist data
- Handles loading, error states
- Caching with SWR or React Query pattern
- Reusable across components
**10. `middleware.ts` (update)**
- Add route protection for `/artist-dashboard/*`
- Verify user has ARTIST role
- Redirect to signin if not authenticated
### Files to Delete (after migration)
**None immediately** - Keep `data/artists.ts` as seed data reference
## Functions
### New Functions in `lib/db.ts`
**1. `getArtistWithPortfolio(id: string, env?: any): Promise<ArtistWithPortfolio | null>`**
- Fetch artist by ID
- Join with portfolio_images table
- Parse JSON fields (specialties, tags)
- Return combined object with images array
**2. `getPublicArtists(filters?: ArtistFilters, env?: any): Promise<PublicArtist[]>`**
- Fetch only active artists
- Include only public portfolio images
- Apply filters (specialty, search)
- Sanitize data for public consumption
**3. `getArtistByUserId(userId: string, env?: any): Promise<Artist | null>`**
- Fetch artist record by user_id
- Used for artist dashboard access
- Returns full artist data for owner
**4. `getArtistBySlug(slug: string, env?: any): Promise<ArtistWithPortfolio | null>`**
- Fetch artist by URL slug
- Join with portfolio images
- For SEO-friendly URLs
**5. `updatePortfolioImageOrder(artistId: string, imageOrders: Array<{id: string, orderIndex: number}>, env?: any): Promise<void>`**
- Batch update order indices
- Used for drag-drop reordering
- Transaction support if available
### New Functions in `lib/auth.ts`
**1. `getArtistSession(): Promise<{ artist: Artist, user: User } | null>`**
- Get current session
- Check if user has ARTIST role
- Fetch associated artist record
- Return combined data or null
**2. `requireArtistAuth(): Promise<{ artist: Artist, user: User }>`**
- Like requireAuth but specifically for artists
- Throws error if not an artist
- Returns artist and user data
**3. `canEditArtist(userId: string, artistId: string): Promise<boolean>`**
- Check if user can edit specific artist
- True if: user is the artist, SHOP_ADMIN, or SUPER_ADMIN
- Used for authorization checks
### Modified Functions
**1. `lib/db.ts:getArtists()`**
- Add optional `includePortfolio` parameter
- Parse JSON fields properly
- Add error handling
**2. `lib/db.ts:createArtist()`**
- Add slug generation
- Ensure user creation if needed
- Return artist with portfolio array (empty initially)
**3. `lib/data-migration.ts:migrateArtistData()`**
- Update to migrate all fields from `data/artists.ts`
- Add slug generation
- Handle all portfolio images
- Add progress logging
## Classes
### New Classes
**1. `ArtistDashboardManager` (optional)**
- Class to encapsulate artist dashboard operations
- Methods: getStats(), updateProfile(), getPortfolio()
- Centralizes artist-specific business logic
- Located in `lib/artist-dashboard.ts`
**No other new classes required** - Functional approach with helper functions is sufficient
## Dependencies
### Current Dependencies (verify versions)
- `next`: 15.x
- `next-auth`: Latest compatible with Next.js 15
- `@tanstack/react-table`: For admin tables
- `react-hook-form`: Form management
- `zod`: Schema validation
- `@hookform/resolvers`: Zod integration with react-hook-form
### New Dependencies to Install
**1. `swr` or `@tanstack/react-query`**
- For client-side data fetching and caching
- Recommended: `swr` (lighter weight)
- Install: `npm install swr`
**2. `@dnd-kit/core`, `@dnd-kit/sortable` (optional)**
- For drag-drop portfolio reordering
- Only if implementing drag-drop UI
- Install: `npm install @dnd-kit/core @dnd-kit/sortable @dnd-kit/utilities`
**3. `sharp` (dev dependency)**
- Image optimization during migration
- May already be included with Next.js
### Configuration Updates
**1. `next.config.mjs`**
- Ensure image optimization configured for R2 URLs
- Add remote patterns for portfolio image domains
**2. `wrangler.toml`**
- Verify D1 database binding name matches code
- Verify R2 bucket binding for portfolio uploads
**3. `.env.local`**
- No new env vars needed (using Cloudflare bindings)
## Testing
### Unit Tests to Create
**1. `__tests__/lib/db.test.ts`**
- Test artist CRUD operations
- Test portfolio image operations
- Mock D1 database
- Verify JSON parsing
**2. `__tests__/lib/auth.test.ts`**
- Test artist authentication helpers
- Test authorization checks
- Mock NextAuth session
**3. `__tests__/hooks/use-artist-data.test.ts`**
- Test hook with mock data
- Test loading and error states
- Test cache behavior
### Integration Tests to Create
**1. `__tests__/api/artists.test.ts`**
- Test GET /api/artists endpoint
- Test filtering and pagination
- Test error handling
**2. `__tests__/api/artists/[id].test.ts`**
- Test GET single artist
- Test PUT artist update
- Test authorization
**3. `__tests__/api/portfolio.test.ts`**
- Test portfolio CRUD operations
- Test file uploads
- Test authorization
### Component Tests to Update
**1. `__tests__/components/artists-grid.test.tsx`**
- Update to mock API fetch
- Test loading states
- Test error states
- Test filtering
**2. `__tests__/components/artist-portfolio.test.tsx`**
- Update to mock API fetch
- Test portfolio image display
- Test modal interactions
### E2E Test Scenarios
**1. Artist Login and Profile Edit**
- Artist signs in
- Navigates to dashboard
- Edits bio and specialties
- Saves successfully
**2. Portfolio Image Upload**
- Artist uploads images
- Images appear in portfolio
- Reorders images
- Deletes an image
**3. Public Artist Profile View**
- Anonymous user visits artist page
- Sees artist info and portfolio
- Images load correctly
- Filtering works
**4. Admin Artist Management**
- Admin creates new artist
- Edits artist information
- Uploads portfolio images for artist
- Deactivates artist
## Implementation Order
### Phase 1: Database & API Foundation (Steps 1-5)
**1. Update Database Schema and Migration**
- Review and update `sql/schema.sql` if needed (add slug column, indexes)
- Update `lib/data-migration.ts` to properly migrate all artist data from `data/artists.ts`
- Test migration script locally
- Verify all artists and portfolio images are created correctly
**2. Enhance Database Functions**
- Update `lib/db.ts` with new functions: `getArtistWithPortfolio`, `getPublicArtists`, `getArtistByUserId`, `getArtistBySlug`
- Update existing functions to properly parse JSON fields
- Add error handling and logging
- Write unit tests for new functions
**3. Create/Update API Endpoints**
- Create `app/api/artists/[id]/route.ts` with GET and PUT handlers
- Update `app/api/artists/route.ts` to support filtering and return portfolio images
- Create `app/api/artists/me/route.ts` for artist self-access
- Add authorization checks to all endpoints
- Test endpoints with Postman or similar
**4. Update Authentication Helpers**
- Add `getArtistSession()` and `requireArtistAuth()` to `lib/auth.ts`
- Add `canEditArtist()` authorization helper
- Test with mock sessions
**5. Create Data Fetching Hook**
- Create `hooks/use-artist-data.ts` with SWR
- Implement loading and error states
- Add caching and revalidation
- Test hook in isolation
### Phase 2: Public-Facing Components (Steps 6-8)
**6. Refactor Artists Grid**
- Update `components/artists-grid.tsx` to fetch from API
- Remove hardcoded data
- Add loading skeleton UI
- Add error handling UI
- Test filtering and pagination
- Verify routing to individual artists works
**7. Refactor Artist Portfolio Page**
- Update `components/artist-portfolio.tsx` to fetch from API
- Remove hardcoded `artistsData`
- Add loading states
- Update image galleries to use database images
- Test with various artist IDs
- Verify modal/lightbox still works
**8. Update Supporting Components**
- Update `components/artists-section.tsx` to use API
- Update `components/artists-page-section.tsx` to use API
- Update `components/booking-form.tsx` artist selection
- Add loading states to all
- Test home page and booking flow
### Phase 3: Artist Dashboard (Steps 9-12)
**9. Create Artist Dashboard Layout**
- Create `app/artist-dashboard/layout.tsx` with navigation
- Add role protection in middleware
- Create dashboard home page `app/artist-dashboard/page.tsx`
- Display artist stats and quick links
- Test authentication and routing
**10. Build Profile Editor**
- Create `app/artist-dashboard/profile/page.tsx`
- Reuse and adapt `<ArtistForm>` component
- Filter fields for artist-editable only
- Connect to PUT `/api/artists/me` endpoint
- Test profile updates
**11. Build Portfolio Manager**
- Create `app/artist-dashboard/portfolio/page.tsx`
- Create `components/admin/portfolio-manager.tsx` component
- Implement image upload UI
- Add image editing (captions, tags, visibility)
- Test upload and management
**12. Implement Portfolio API**
- Create `app/api/portfolio/route.ts` for creating images
- Create `app/api/portfolio/[id]/route.ts` for update/delete
- Integrate with R2 upload system
- Add authorization checks
- Test full upload flow
### Phase 4: Admin Enhancements (Steps 13-14)
**13. Update Admin Artist Management**
- Update `app/admin/artists/[id]/page.tsx` to use API
- Enhance `<ArtistForm>` with portfolio management
- Test admin CRUD operations
- Verify authorization works
**14. Add Portfolio Management to Admin**
- Integrate `<PortfolioManager>` into admin artist edit page
- Allow admins to manage any artist's portfolio
- Test admin portfolio operations
### Phase 5: Testing & Refinement (Steps 15-17)
**15. Write and Run Tests**
- Create all unit tests for new functions
- Create integration tests for API endpoints
- Create component tests
- Run full test suite
- Fix any failing tests
**16. Performance Optimization**
- Add database indexes for common queries
- Implement image lazy loading
- Add proper caching headers to API
- Optimize large portfolio image displays
- Test with large datasets
**17. Migration & Deployment**
- Run migration on development D1 database
- Test full application flow
- Create migration checklist for production
- Deploy to staging environment
- Final testing in staging
- Production deployment
### Phase 6: Documentation & Cleanup (Step 18)
**18. Documentation and Cleanup**
- Document new API endpoints
- Update README with setup instructions
- Add inline code comments
- Create artist onboarding guide
- Remove deprecated code/comments
- Archive old implementation if needed

206
artist_routing_fix_implementation_plan.md
View File

@ -1,206 +0,0 @@
# Implementation Plan: Artist Routing & Admin Fixes
[Overview]
Fix artist portfolio routing to use slugs instead of numeric IDs, resolve admin page JSON parsing errors, ensure proper database population, and fix artist dashboard authentication issues.
The current system has a mismatch where the artists grid links to numeric IDs (`/artists/1`) but the API and components expect slug-based routing (`/artists/christy-lumberg`). Additionally, the admin page has JSON parsing errors due to data format inconsistencies, and the artist dashboard has authentication issues.
This implementation will:
1. Update database migration to use proper UUID-based IDs and ensure slug population
2. Fix the artists grid component to link using slugs instead of numeric IDs
3. Resolve admin page data format inconsistencies
4. Fix artist dashboard authentication flow
5. Add a migration endpoint to populate the database from static data
6. Update API routes to handle both ID and slug lookups consistently
[Types]
No new types required - existing types in `types/database.ts` are sufficient.
The following interfaces are already properly defined:
- `Artist`: Contains id (string UUID), slug, name, bio, specialties (array), etc.
- `PublicArtist`: Subset for public-facing pages
- `ArtistWithPortfolio`: Includes portfolio images
- `CreateArtistInput`: For creating new artists
Data format standardization needed:
- `specialties` field should always be stored as JSON string in DB
- `specialties` field should always be parsed to array when returned from API
- Admin page should receive pre-parsed arrays, not JSON strings
[Files]
Files requiring modification to fix routing and data consistency issues.
**Modified Files:**
1. `components/artists-grid.tsx`
- Change Link href from `/artists/${artist.id}` to `/artists/${artist.slug}`
- Ensure slug is available in the artist data
2. `lib/data-migration.ts`
- Update to use crypto.randomUUID() for IDs instead of `artist-${id}` format
- Ensure slugs are properly populated for all artists
- Add error handling for duplicate slugs
3. `app/api/admin/migrate/route.ts`
- Verify it properly triggers the migration
- Add response with migration statistics
- Include error handling
4. `app/admin/artists/page.tsx`
- Remove JSON.parse() on specialties since API returns array
- Update to handle specialties as array directly
- Fix data mapping in the table columns
5. `lib/db.ts`
- Verify getArtistBySlug() properly handles slug lookup
- Ensure getPublicArtists() returns properly formatted data
- Confirm specialties are parsed to arrays in all query results
6. `app/api/artists/route.ts`
- Ensure GET endpoint returns specialties as parsed arrays
- Verify data format consistency
7. `app/artist-dashboard/page.tsx`
- Add proper loading and error states
- Improve authentication error handling
- Add redirect to sign-in if not authenticated
**Files to Review (no changes needed):**
- `app/artists/[id]/page.tsx` - Already accepts dynamic param correctly
- `components/artist-portfolio.tsx` - Already uses useArtist hook properly
- `hooks/use-artist-data.ts` - API calls are correct
- `middleware.ts` - Route protection is properly configured
[Functions]
Functions requiring modification or addition.
**Modified Functions:**
1. `lib/data-migration.ts::createArtistRecord()`
- Current: Uses `artist-${artist.id}` for IDs
- Change to: Use `crypto.randomUUID()` for proper UUID generation
- Add validation to ensure slugs are unique
2. `lib/data-migration.ts::createUserForArtist()`
- Current: Uses `user-${artist.id}` for IDs
- Change to: Use `crypto.randomUUID()` for proper UUID generation
3. `lib/data-migration.ts::createPortfolioImages()`
- Current: Uses `portfolio-${artist.id}-${index}` for IDs
- Change to: Use `crypto.randomUUID()` for proper UUID generation
4. `lib/db.ts::getPublicArtists()`
- Ensure specialties field is parsed from JSON string to array
- Verify all artists have slugs populated
5. `lib/db.ts::getArtistWithPortfolio()`
- Ensure specialties field is parsed from JSON string to array
- Verify slug is included in response
6. `app/admin/artists/page.tsx::fetchArtists()`
- Remove JSON.parse() call on specialties
- Handle specialties as array directly
**New Functions:**
None required - existing functions just need corrections.
[Classes]
Classes requiring modification.
**Modified Classes:**
1. `lib/data-migration.ts::DataMigrator`
- Update all ID generation methods to use crypto.randomUUID()
- Add slug validation to prevent duplicates
- Improve error handling and logging
[Dependencies]
No new dependencies required.
All necessary packages are already installed:
- `next` - Framework
- `@tanstack/react-query` - Data fetching
- `next-auth` - Authentication
- Cloudflare D1 bindings - Database access
[Testing]
Testing strategy to verify fixes.
**Test Files to Update:**
1. `__tests__/api/artists.test.ts`
- Add tests for slug-based artist lookup
- Verify specialties are returned as arrays
- Test both ID and slug lookup scenarios
2. `__tests__/components/artists-grid.test.tsx`
- Verify links use slugs instead of IDs
- Test that artist cards render with proper hrefs
**Manual Testing Steps:**
1. Run migration to populate database
- Visit `/api/admin/migrate` endpoint
- Verify migration completes successfully
- Check database has artists with proper UUIDs and slugs
2. Test artist portfolio routing
- Visit https://united-tattoos.com/artists
- Click on "Christy Lumberg" card
- Verify URL is `/artists/christy-lumberg` not `/artists/1`
- Confirm portfolio page loads correctly
3. Test admin artists page
- Sign in as admin
- Visit `/admin/artists`
- Verify page loads without JSON.parse errors
- Confirm specialties display as badges
4. Test artist dashboard
- Create artist user account
- Sign in as artist
- Visit `/artist-dashboard`
- Verify dashboard loads or redirects appropriately
[Implementation Order]
Step-by-step implementation sequence to minimize conflicts.
1. **Fix Database Migration Script** (`lib/data-migration.ts`)
- Update ID generation to use crypto.randomUUID()
- Ensure slugs are properly set
- Add slug uniqueness validation
- Improve error handling
2. **Verify Database Query Functions** (`lib/db.ts`)
- Confirm all functions parse specialties to arrays
- Verify slug is included in all artist queries
- Test getArtistBySlug() function
3. **Fix Admin Page Data Handling** (`app/admin/artists/page.tsx`)
- Remove JSON.parse() on specialties column
- Handle specialties as array directly
- Test admin page rendering
4. **Update Artists Grid Component** (`components/artists-grid.tsx`)
- Change href from `/artists/${artist.id}` to `/artists/${artist.slug}`
- Verify all artists have slug property
- Test clicking on artist cards
5. **Run Database Migration**
- Execute migration via `/api/admin/migrate`
- Verify all artists created with proper data
- Check slugs are populated correctly
6. **Test Artist Dashboard Authentication**
- Create test artist user in database
- Attempt to access dashboard
- Verify authentication flow works correctly
7. **End-to-End Testing**
- Test complete user flow: artists page → artist portfolio
- Test admin flow: sign in → manage artists
- Test artist flow: sign in → dashboard access
8. **Verify Production Deployment**
- Deploy to Cloudflare Pages
- Run migration on production database
- Test all routes on live site

350
comprehensive_implementation_plan.md
View File

@ -1,350 +0,0 @@
# Implementation Plan
## Overview
Transform the existing static Next.js tattoo studio website into a comprehensive management platform with admin dashboard, content management, and business operations capabilities.
The current application has a solid foundation with Next.js 14 App Router, TypeScript, shadcn/ui components, and proper project structure. We'll build upon this by adding authentication, database integration, file upload capabilities, administrative interfaces, calendar management, and booking systems while maintaining the existing design system and user experience for the public-facing website.
## Types
Database schema and TypeScript interfaces for the comprehensive management system.
```typescript
// User Management Types
export interface User {
id: string
email: string
name: string
role: UserRole
avatar?: string
createdAt: Date
updatedAt: Date
}
export enum UserRole {
SUPER_ADMIN = 'SUPER_ADMIN',
SHOP_ADMIN = 'SHOP_ADMIN',
ARTIST = 'ARTIST',
CLIENT = 'CLIENT'
}
// Artist Management Types
export interface Artist {
id: string
userId: string
name: string
bio: string
specialties: string[]
instagramHandle?: string
portfolioImages: PortfolioImage[]
isActive: boolean
hourlyRate?: number
availability: Availability[]
createdAt: Date
updatedAt: Date
}
export interface PortfolioImage {
id: string
artistId: string
url: string
caption?: string
tags: string[]
order: number
isPublic: boolean
createdAt: Date
}
// Calendar & Booking Types
export interface Appointment {
id: string
artistId: string
clientId: string
title: string
description?: string
startTime: Date
endTime: Date
status: AppointmentStatus
depositAmount?: number
totalAmount?: number
notes?: string
createdAt: Date
updatedAt: Date
}
export enum AppointmentStatus {
PENDING = 'PENDING',
CONFIRMED = 'CONFIRMED',
IN_PROGRESS = 'IN_PROGRESS',
COMPLETED = 'COMPLETED',
CANCELLED = 'CANCELLED'
}
export interface Availability {
id: string
artistId: string
dayOfWeek: number // 0-6 (Sunday-Saturday)
startTime: string // HH:mm format
endTime: string // HH:mm format
isActive: boolean
}
// Content Management Types
export interface SiteSettings {
id: string
studioName: string
description: string
address: string
phone: string
email: string
socialMedia: SocialMediaLinks
businessHours: BusinessHours[]
heroImage?: string
logoUrl?: string
updatedAt: Date
}
export interface SocialMediaLinks {
instagram?: string
facebook?: string
twitter?: string
tiktok?: string
}
export interface BusinessHours {
dayOfWeek: number
openTime: string
closeTime: string
isClosed: boolean
}
// File Upload Types
export interface FileUpload {
id: string
filename: string
originalName: string
mimeType: string
size: number
url: string
uploadedBy: string
createdAt: Date
}
```
## Files
Comprehensive file structure for the management platform implementation.
New files to be created:
- `lib/auth.ts` - NextAuth.js configuration with role-based access
- `lib/db.ts` - Database connection and query utilities (Supabase/Neon)
- `lib/env.ts` - Environment variable validation with Zod
- `lib/upload.ts` - File upload utilities for Cloudflare R2/AWS S3
- `lib/validations.ts` - Zod schemas for form validation
- `middleware.ts` - Route protection and role-based access control
- `app/api/auth/[...nextauth]/route.ts` - NextAuth API routes
- `app/api/artists/route.ts` - Artist CRUD operations
- `app/api/artists/[id]/route.ts` - Individual artist operations
- `app/api/appointments/route.ts` - Appointment management
- `app/api/upload/route.ts` - File upload endpoint
- `app/api/settings/route.ts` - Site settings management
- `app/admin/layout.tsx` - Admin dashboard layout with sidebar
- `app/admin/page.tsx` - Admin dashboard overview
- `app/admin/artists/page.tsx` - Artist management interface
- `app/admin/artists/[id]/page.tsx` - Individual artist editing
- `app/admin/artists/new/page.tsx` - New artist creation
- `app/admin/calendar/page.tsx` - Calendar management interface
- `app/admin/settings/page.tsx` - Site settings management
- `app/admin/uploads/page.tsx` - File management interface
- `components/admin/sidebar.tsx` - Admin navigation sidebar
- `components/admin/artist-form.tsx` - Artist creation/editing form
- `components/admin/portfolio-manager.tsx` - Portfolio image management
- `components/admin/calendar-view.tsx` - Calendar component with booking management
- `components/admin/settings-form.tsx` - Site settings form
- `components/admin/file-uploader.tsx` - Drag-and-drop file upload component
- `components/admin/data-table.tsx` - Reusable data table component
- `components/auth/login-form.tsx` - Authentication form
- `components/auth/role-guard.tsx` - Role-based component protection
- `hooks/use-artists.ts` - Artist data management hooks
- `hooks/use-appointments.ts` - Appointment data management hooks
- `hooks/use-uploads.ts` - File upload management hooks
- `types/database.ts` - Database type definitions
- `types/api.ts` - API response type definitions
Existing files to be modified:
- `package.json` - Add new dependencies (NextAuth, Supabase, React Query, etc.)
- `next.config.mjs` - Add image domains and API configurations
- `app/layout.tsx` - Add authentication providers and global state
- `components/navigation.tsx` - Add admin dashboard link for authenticated users
- `data/artists.ts` - Convert to dynamic data fetching from database
- `components/artists-section.tsx` - Update to use dynamic artist data
- `components/artist-portfolio.tsx` - Update to use dynamic portfolio data
- `app/artists/[id]/page.tsx` - Update to fetch artist data from database
Files to be deleted or moved:
- None initially - maintain backward compatibility
Configuration file updates:
- `.env.example` - Add required environment variables
- `tailwind.config.ts` - Add admin dashboard color scheme
- `components.json` - Ensure all required shadcn/ui components are available
## Functions
Core functionality for the management platform.
New functions/components:
- `lib/auth.ts`
- `export const authOptions: NextAuthOptions` - NextAuth configuration
- `export function getServerSession()` - Server-side session retrieval
- `export function requireAuth(role?: UserRole)` - Route protection utility
- `lib/db.ts`
- `export async function getArtists()` - Fetch all artists
- `export async function getArtist(id: string)` - Fetch single artist
- `export async function createArtist(data: CreateArtistInput)` - Create new artist
- `export async function updateArtist(id: string, data: UpdateArtistInput)` - Update artist
- `export async function deleteArtist(id: string)` - Delete artist
- `export async function getAppointments(filters?: AppointmentFilters)` - Fetch appointments
- `export async function createAppointment(data: CreateAppointmentInput)` - Create appointment
- `export async function getSiteSettings()` - Fetch site settings
- `export async function updateSiteSettings(data: UpdateSiteSettingsInput)` - Update settings
- `lib/upload.ts`
- `export async function uploadFile(file: File, path: string)` - Upload file to storage
- `export async function deleteFile(url: string)` - Delete file from storage
- `export function getSignedUrl(key: string)` - Generate signed URLs
- `components/admin/artist-form.tsx`
- `export function ArtistForm({ artist, onSubmit }: ArtistFormProps)` - Artist creation/editing form
- `components/admin/portfolio-manager.tsx`
- `export function PortfolioManager({ artistId, images }: PortfolioManagerProps)` - Portfolio management
- `components/admin/calendar-view.tsx`
- `export function CalendarView({ appointments, onAppointmentClick }: CalendarViewProps)` - Calendar interface
- `components/admin/file-uploader.tsx`
- `export function FileUploader({ onUpload, accept }: FileUploaderProps)` - File upload component
Modified functions/components:
- `data/artists.ts`
- Convert static data to `export async function getArtistsData()` that fetches from database
- `components/artists-section.tsx`
- Update to use React Query for data fetching
- Add loading and error states
- `components/artist-portfolio.tsx`
- Update to fetch dynamic portfolio data
- Add image optimization and lazy loading
- `app/artists/[id]/page.tsx`
- Add database integration for artist data
- Implement proper error handling and 404 states
Removed functions/components:
- None initially - maintain backward compatibility
## Classes
No class-based components - using React function components throughout.
All components will be implemented as TypeScript function components with proper prop typing and error boundaries where appropriate.
## Dependencies
Required new packages for the comprehensive platform.
```json
{
"dependencies": {
"next-auth": "^4.24.5",
"@auth/supabase-adapter": "^1.0.0",
"@supabase/supabase-js": "^2.39.0",
"@tanstack/react-query": "^5.17.0",
"@tanstack/react-query-devtools": "^5.17.0",
"zod": "^3.22.4",
"react-hook-form": "^7.48.2",
"@hookform/resolvers": "^3.3.2",
"react-dropzone": "^14.2.3",
"@aws-sdk/client-s3": "^3.490.0",
"@aws-sdk/s3-request-presigner": "^3.490.0",
"date-fns": "^3.0.6",
"react-big-calendar": "^1.8.5",
"recharts": "^2.8.0",
"sonner": "^1.3.1"
},
"devDependencies": {
"@types/react-big-calendar": "^1.8.0"
}
}
```
Integration requirements:
- Supabase for database and real-time subscriptions
- NextAuth.js for authentication with multiple providers
- React Query for server state management
- Cloudflare R2 or AWS S3 for file storage
- Zod for runtime validation
## Testing
Comprehensive testing strategy for the management platform.
Test file requirements:
- `__tests__/lib/auth.test.ts` - Authentication utility tests
- `__tests__/lib/db.test.ts` - Database operation tests
- `__tests__/components/admin/artist-form.test.tsx` - Artist form component tests
- `__tests__/api/artists.test.ts` - Artist API endpoint tests
- `__tests__/pages/admin/artists.test.tsx` - Artist management page tests
Existing test modifications:
- Update existing component tests to handle dynamic data
- Add integration tests for database operations
- Add E2E tests for admin workflows
Validation strategies:
- Unit tests for all utility functions
- Component tests for admin interface components
- Integration tests for API endpoints
- E2E tests for critical user journeys (artist creation, appointment booking)
- Performance testing for file uploads and image optimization
## Implementation Order
Logical sequence to minimize conflicts and ensure successful integration.
1. **Environment & Database Setup**
- Set up environment variables and validation (`lib/env.ts`)
- Configure database connection (`lib/db.ts`)
- Set up authentication (`lib/auth.ts`, `middleware.ts`)
2. **Core API Infrastructure**
- Implement artist API endpoints (`app/api/artists/`)
- Implement file upload API (`app/api/upload/route.ts`)
- Implement settings API (`app/api/settings/route.ts`)
3. **Authentication System**
- Create login/logout functionality (`components/auth/`)
- Implement role-based access control
- Add authentication to navigation
4. **Admin Dashboard Foundation**
- Create admin layout and sidebar (`app/admin/layout.tsx`, `components/admin/sidebar.tsx`)
- Implement admin dashboard overview (`app/admin/page.tsx`)
- Add role-based route protection
5. **Artist Management System**
- Create artist management interface (`app/admin/artists/`)
- Implement artist form component (`components/admin/artist-form.tsx`)
- Add portfolio management (`components/admin/portfolio-manager.tsx`)
6. **File Upload System**
- Implement file upload utilities (`lib/upload.ts`)
- Create file uploader component (`components/admin/file-uploader.tsx`)
- Add file management interface (`app/admin/uploads/page.tsx`)
7. **Site Settings Management**
- Create settings form (`components/admin/settings-form.tsx`)
- Implement settings management page (`app/admin/settings/page.tsx`)
- Update public site to use dynamic settings
8. **Dynamic Content Integration**
- Update existing components to use database data
- Implement React Query for data fetching
- Add loading states and error handling
9. **Calendar & Appointment System** (Future Phase)
- Implement calendar view (`components/admin/calendar-view.tsx`)
- Add appointment management (`app/api/appointments/`)
- Create booking interface for clients
10. **Testing & Optimization**
- Add comprehensive test coverage
- Implement performance optimizations
- Add monitoring and analytics

341
docs/Architecture.md
View File

@ -1,341 +0,0 @@
# United Tattoo — System Architecture
Version: 1.0
Date: 2025-09-17
Source Inputs: docs/PRD.md, repo configuration (wrangler.toml, open-next.config.ts, next.config.mjs, package.json), lib/*, sql/schema.sql, middleware.ts
1) Executive Summary
United Tattoo is a Cloudflare-first Next.js application delivering a public site, booking/client flows, and an admin system. The runtime is Cloudflare Pages + Workers via OpenNext for server-side execution, with Cloudflare D1 as the primary relational store and R2 for asset storage and incremental cache. The UI system standardizes on ShadCN. Authentication uses Auth.js (NextAuth) with JWT strategy initially. Validation uses Zod across server and forms.
This document defines the target architecture aligned with the PRD and captures the current implementation snapshot plus gaps and phased work.
2) System Context and Components
- Frontend/SSR: Next.js 14 App Router, TypeScript, Tailwind, ShadCN (ui primitives), Lenis (smooth scroll)
- Runtime/Platform: Cloudflare Pages + Workers via OpenNext adapter
- Data/Storage:
- D1 (relational, SQLite semantics) for structured data
- R2 for images and static-like large assets
- R2 bucket for OpenNext incremental cache (ISR/route cache)
- Authentication/Authorization: NextAuth (JWT strategy), route RBAC via middleware
- Validation: Zod schemas for inputs, forms, and environment config
- Observability: Planned Sentry and OpenTelemetry per repository rules
- CI/CD: Planned Gitea pipeline (lint/typecheck/test/build/migration dry-run/e2e/budgets/deploy)
3) Deployment Model (Cloudflare + OpenNext)
OpenNext transforms the Next.js app into assets + a Worker.
Key files and settings:
- open-next.config.ts
- incrementalCache: R2-based incremental cache (via @opennextjs/cloudflare/overrides/incremental-cache/r2-incremental-cache)
- wrangler.toml
- compatibility_date: "2024-09-23"
- compatibility_flags: ["nodejs_compat"]
- main: ".open-next/worker.js"
- assets: ".open-next/assets" as ASSETS
- Bindings:
- D1: binding "DB", database_name "united-tattoo"
- R2 (App assets): binding "R2_BUCKET", bucket "united-tattoo"
- R2 (OpenNext incremental cache): binding "NEXT_INC_CACHE_R2_BUCKET", bucket "united-tattoo-inc-cache"
- Self reference: "WORKER_SELF_REFERENCE" = "united-tattoo"
- Envs:
- env.production.vars: NEXTAUTH_URL, NODE_ENV=production
- env.preview.vars: NEXTAUTH_URL, NODE_ENV=development
- next.config.mjs
- images.unoptimized=true, output="standalone"
- Ignore type and eslint build errors (presently)
- package.json scripts
- Build to Cloudflare format: npm run pages:build (npx @opennextjs/cloudflare build)
- Local preview: npm run preview or npm run dev:wrangler (build + preview)
- Deploy: wrangler pages deploy .vercel/output/static
- D1 lifecycle: db:create, db:migrate, db:migrate:local
Recommended deployment flow:
- Development:
- npm run dev (Node dev) for local UI work OR npm run dev:wrangler to emulate Workers runtime
- Cloudflare Preview:
- npm run pages:build && npm run preview
- Production:
- npm run pages:build && npm run deploy
4) Application Architecture (Next.js App Router)
Structure (selected):
- app/
- Public pages: /, /artists, /artists/[id], /aftercare, /book, /deposit, /privacy, /terms, etc.
- Admin area: /admin (layout + subpages for uploads, portfolio, artists, calendar, settings)
- API: app/api/* (route handlers) scoped under relevant namespaces (admin, appointments, artists, portfolio, settings, files, upload, users)
- components/
- ShadCN components under components/ui/*
- Page-level composed components (hero, booking-form, artists grid, etc.)
- lib/
- db.ts: D1 and R2 binding accessors + query helpers
- r2-upload.ts: higher-level R2 upload manager
- auth.ts: NextAuth configuration (providers, callbacks, RBAC helpers)
- validations.ts: Zod schemas for domain inputs
- env.ts: Zod-validated env shape
- sql/schema.sql: D1 schema SSoT (see Data Architecture)
Interaction patterns:
- Server Actions: Use for same-origin authenticated mutations (App Router).
- Route Handlers (app/api/*): Use for public APIs, cross-origin, or webhook-like flows.
- Middleware: Role-based access checks and guardrails for routes and APIs.
5) Data Architecture (Cloudflare D1)
5.1 Schema Summary (sql/schema.sql)
- users
- id (TEXT PK, UUID-like), email UNIQUE, name, role (SUPER_ADMIN | SHOP_ADMIN | ARTIST | CLIENT), avatar, timestamps
- artists
- id, user_id→users.id, name, bio, specialties (JSON text), instagram_handle, is_active, hourly_rate, timestamps
- portfolio_images
- id, artist_id→artists.id, url, caption, tags (JSON text), order_index, is_public, created_at
- appointments
- id, artist_id→artists.id, client_id→users.id, title, description, start_time, end_time, status (PENDING|CONFIRMED|IN_PROGRESS|COMPLETED|CANCELLED), deposit_amount, total_amount, notes, timestamps
- availability
- id, artist_id→artists.id, day_of_week (0-6), start_time, end_time, is_active
- site_settings
- id (e.g., 'default'), studio_name, description, address, phone, email, social_media (JSON text), business_hours (JSON text), hero_image, logo_url, updated_at
- file_uploads
- id, filename, original_name, mime_type, size, url, uploaded_by→users.id, created_at
Indexes present for common filters (artists active, appointments by time/status, etc.). Several columns store JSON encoded as TEXT to fit D1 constraints.
5.2 Data Access (lib/db.ts)
- getDB(): Locates D1 binding from:
- env?.DB (preferred)
- globalThis[Symbol.for("__cloudflare-context__")]?.env?.DB (OpenNext dev/preview)
- global shims
- Typed helpers:
- Artists: find/list/create/update/delete
- PortfolioImages: find/create/update/delete
- Appointments: find/create/update/delete with filter support
- SiteSettings: get/update
- Patterns: Prepared SQL via db.prepare().bind() with RETURNING * in Cloudflare D1
- Note: Update helpers dynamically assemble SET parts and update updated_at.
5.3 Migrations
- Orchestrated via Wrangler scripts (db:migrate, db:migrate:local).
- Source of truth: sql/schema.sql (SSoT). Ensure PRs include schema updates.
6) Assets and Uploads (Cloudflare R2)
- Binding: R2_BUCKET in wrangler.toml; retrieved via getR2Bucket in lib/db.ts
- Upload manager: lib/r2-upload.ts
- Provides uploadFile, bulkUpload, deleteFile, getFileMetadata, and portfolio/profile image specific helpers
- Enforces size/type validation (configurable)
- Constructs keys under prefixes (e.g., portfolio/{artistId}/..., profiles/{artistId}/...)
- Uses R2_PUBLIC_URL (string) to construct public asset URLs. Configure this for your R2 public endpoint or proxy.
- OpenNext Incremental Cache: Separate R2 bucket bound as NEXT_INC_CACHE_R2_BUCKET, set by open-next.config.ts
7) Authentication and Authorization
- NextAuth (Auth.js) with JWT session strategy (lib/auth.ts)
- Credentials provider used for development; seeds SUPER_ADMIN for nicholai@biohazardvfx.com
- OAuth providers (Google/GitHub) are conditionally enabled via env
- Role is attached to JWT token and surfaced in session
- Middleware (middleware.ts)
- Guards /admin with SHOP_ADMIN or SUPER_ADMIN
- Guards /artist routes for ARTIST, SHOP_ADMIN, SUPER_ADMIN
- Enforces auth for /api/admin
- Leaves core public pages and /api/auth public
- Future (per PRD):
- Enforce 2FA for admin roles
- Optional passwordless fallback (can be implemented via Magic Link/Email provider)
- Invite-only onboarding flow and RBAC administration UI
8) Validation and Forms
- Zod validation across:
- lib/validations.ts: users, artists, portfolio images, appointments, site settings, forms (login/signup/contact/booking), pagination and filter schemas
- lib/env.ts: Validates process.env at boot; throws on missing/invalid
- Note: env.ts includes DATABASE_URL and AWS_* keys; these are not currently used by D1/R2 bindings. See Gaps & Decisions.
9) Performance, Caching, and Media
- ISR/Incremental cache stored in R2 (OpenNext override)
- CDN fronting via Cloudflare; leverage cache headers on API and assets
- Images currently unoptimized (next.config.mjs images.unoptimized = true). Consider Cloudflare Images or custom loader later.
- Progressive/lazy loading for gallery pages planned (per PRD UT-ARC-02)
- Service worker/PWA for offline revisit speed planned (UT-ARC-03)
10) Security, Compliance, and Headers
- Authentication/RBAC enforced via middleware
- Recommended headers (to formalize in API responses/layout):
- Content-Security-Policy (nonce/hash where applicable)
- Referrer-Policy: strict-origin-when-cross-origin
- X-Frame-Options: DENY
- Permissions-Policy: principle of least privilege
- COOP/COEP as needed for advanced features
- Cookies where used: HttpOnly, Secure, SameSite=Strict
- Payments (PCI): Use gateway-hosted flows. Do not store card data. Store payment intents/receipts only.
- Moderation: Hooks for uploads to be added (queue for review)
- Rate Limiting: Planned Redis (Upstash or equivalent). To enforce on auth, forms, and APIs.
11) Observability
- Planned:
- Sentry for errors + release tagging
- OpenTelemetry for traces/metrics/logs (server actions, route handlers, MCP DB calls)
- Logging guidance:
- Avoid logging PII
- Structure logs for searchability
12) CI/CD, Scripts, and Budgets
- Scripts (package.json):
- Test: vitest (ui mode and run variants)
- Lint: next lint (disabled blocking in next.config currently)
- Build/Preview/Deploy via OpenNext + Wrangler
- Planned CI (per project rules):
1) Lint, Typecheck, Biome/Prettier
2) Unit tests (Vitest) + Component tests (RTL)
3) Build
4) Migration dryrun (Wrangler D1 execute on ephemeral)
5) E2E (Playwright) on preview env
6) Bundle size budgets enforced
7) Release tagging (semver) + notes
13) Feature Mapping to PRD (Status Snapshot)
Admin Dashboard & Artist Management (Epic A)
- A1 Invites & Onboarding: Not yet implemented UI; middleware and roles exist; NextAuth foundation present (planned).
- A2 RBAC: Middleware enforces admin/artist; role model exists.
- A3 Artist Profiles & Portfolio: D1 schema + lib/db.ts CRUD + R2 upload scaffolding present; UI WIP.
- A4 Asset Management: R2 binding + upload manager present; compression toggles not yet in place.
- A5 Audit & Notifications: Activity logs and notifications not yet implemented.
Unified Booking & Client Management (Epic B)
- B1 Booking/Consultation forms: booking-form component exists; smart routing & quote logic WIP.
- B2 Client Portal: Account area not yet implemented.
- B3 Scheduling & Calendars: Availability table exists; Google two-way sync not implemented.
- B4 Payments: No gateway integration yet; PRD calls for Stripe/PayPal deposits.
- B5 Notifications: Pending.
Public-Facing Website (Epic C)
- C1 Design System & Visuals: ShadCN baseline across pages.
- C2 Pages & Navigation: Core pages exist; transitions/polish ongoing.
- C3 Search & Discovery: /search page not yet implemented.
- C4 Educational Content: Aftercare page implemented; PDFs/export pending.
Technical Architecture & Delivery (Epic D)
- D1 Cloudflare Integration: OpenNext + wrangler set; D1/R2 configured.
- D2 Performance & Offline: Progressive images + SW not yet implemented.
- D3 Documentation & Staging: This Architecture doc added; README present; staging via CF Pages preview supported.
- D4 Handoff: Training docs pending.
14) Environment and Configuration
Core runtime bindings:
- D1: env.DB (binding name: DB)
- R2: env.R2_BUCKET (binding name: R2_BUCKET)
- OpenNext cache R2: env.NEXT_INC_CACHE_R2_BUCKET
Important environment variables:
- NEXTAUTH_URL (wrangler.toml per env)
- NEXTAUTH_SECRET (must be set in env)
- R2_PUBLIC_URL (for composing public URLs from R2 uploads)
- OAuth (optional): GOOGLE_CLIENT_ID/SECRET, GITHUB_CLIENT_ID/SECRET
- NODE_ENV: development/production/test
Note on lib/env.ts:
- Defines DATABASE_URL, DIRECT_URL, AWS_*, AWS_BUCKET_NAME, AWS_ENDPOINT_URL
- Current implementation uses Cloudflare bindings (not S3 SDK) in lib/r2-upload.ts and lib/db.ts
- Decision: EITHER
- A) Remove/relax unused env keys and align to bindings-first approach
- B) Keep AWS_* for future direct S3-compatible presigned uploads and document dual path
- This doc recommends option A short-term for clarity, with a separate "direct upload via presigned URL" RFC if needed.
15) Request/Response Flows (Textual)
Public page render (SSR/ISR):
- Browser → CF CDN → Worker (OpenNext Handler)
- Worker renders via Next.js (SSR) or serves from R2 incremental cache (ISR)
- Asset URLs resolved from /public and ASSETS binding
Admin portfolio upload flow:
- Admin auth (JWT via NextAuth) → /admin/uploads
- Client submits images → API route /api/upload or server action
- Server:
- Validates with Zod
- Writes object to R2 via env.R2_BUCKET
- Creates record in D1 (file_uploads and/or portfolio_images)
- Response returns canonical URL (R2_PUBLIC_URL/key) and metadata
Booking request (planned):
- Booking stepper (react-hook-form + zod) → API/server action
- If “consultation” path: stores request + notifies staff
- If “booking” path: tentative appointment + deposit intent via gateway
- On success: store intent/receipts in D1; send emails/SMS; render portal access
16) Security Model
- JWT sessions; role embedded in token
- Middleware protects admin/artist namespaces and /api/admin
- CSRF: Rely on same-origin server actions; for route handlers expose CSRF tokens if needed
- Secrets: Use Wrangler secrets; never commit
- Media access terms (PRD): scope assets via signed URLs when necessary; R2 is read-only public for finalized assets; admin-only upload
17) Testing Strategy
- Unit/Component: Vitest + RTL set up
- E2E: Playwright planned for booking and admin critical paths
- Contract Tests: Shape/status for MCPs (future)
- a11y checks: eslint-plugin-jsx-a11y + automated checks planned
- Responsive checks: breakpoint snapshots in CI planned
18) Phasing (from PRD) — Implementation Mapping
- Phase 1 (Weeks 12): Foundations
- D1/R2 wiring, artist CRUD + portfolio upload MVP, admin invites stub, OpenNext build (Mostly present; invites UI pending)
- Phase 2 (Weeks 34): Booking & Portal + Payments
- Booking stepper, deposit gateway, client portal (Planned)
- Phase 3 (Weeks 56): Visual Experience & Content
- Parallax/split sections, search/filters, education PDFs, service worker (Planned)
- Phase 4 (Week 7): Docs & Handoff
- Final docs, training materials, staging review (Partially present)
19) Known Gaps, Risks, and Decisions
Gaps:
- Payments (Stripe/PayPal) not implemented
- Client Portal and Scheduling (two-way Google Calendar sync) pending
- Rate limiting (Redis/Upstash) not implemented
- Activity logs and moderation queue not implemented
- Service Worker/PWA not implemented
- Search (/search) and quick search (Cmd+K) not implemented
- Security headers not centrally enforced yet
- env.ts variables misaligned with current bindings-first approach
- README deployment section references generic Next deploy; Cloudflare/OpenNext process should be canonical
Risks:
- Performance with image-heavy pages; mitigate via progressive loading and caching
- D1 limitations; ensure indexed queries, consider pagination strategies
- Role enforcement consistency across API and server actions
Decisions/Actions:
- Make Cloudflare/OpenNext path canonical in README and CI
- Add .env.example listing required vars (NEXTAUTH_URL, NEXTAUTH_SECRET, R2_PUBLIC_URL, OAuth)
- Add headers middleware/handler to enforce security headers
- Implement rate limit middleware using Redis (Upstash)
- Implement deposit flow with Stripe first
- Add SW + image placeholders for galleries
- Align lib/env.ts with runtime reality; document S3-compat optional path
- Fix schema.sql comment: references “united-tattoo-db”; scripts use “united-tattoo” (choose one name; recommend “united-tattoo”)
20) Runbooks
Local development (Node dev):
- npm install
- npm run dev
- http://localhost:3000
Cloudflare-style preview:
- npm run pages:build
- npm run preview
Database:
- Create: npm run db:create
- Migrate (prod env): npm run db:migrate
- Migrate (local dev): npm run db:migrate:local
Deploy:
- npm run pages:build
- npm run deploy
21) Appendix
Bindings quick reference (wrangler.toml):
- D1: binding DB
- R2: binding R2_BUCKET
- OpenNext cache R2: binding NEXT_INC_CACHE_R2_BUCKET
Key libraries:
- next 14.2.x, @opennextjs/cloudflare, wrangler 4.x
- next-auth, zod, @tanstack/react-query, react-hook-form
- shadcn/ui primitives via Radix + Tailwind
- vitest, @testing-library/*
End of Architecture.md

346
docs/PRD.md
View File

@ -1,346 +0,0 @@
# Product Requirements Document (PRD)
United Tattoo — Public Website, Booking, and Admin System
Version: 1.0
Date: 2025-09-17
Source: Consolidated from docs/brainstorming.md
1. Overview
United Tattoo is expanding both its public-facing web experience and internal admin/ops systems. This PRD defines Functional Requirements (FRs), Non-Functional Requirements (NFRs), Epics, and User Stories derived from the brainstorming notes. The goal is a unified, scalable platform for artist onboarding and portfolio management, seamless client booking and portal experiences, and a refined, image-forward public site aligned to a ShadCN-based design system and Cloudflare runtime.
Primary Objectives
- Create a unified system supporting artist onboarding, portfolio and asset management, and secure admin controls.
- Deliver a polished, immersive public site with consistent design and rich educational content.
- Implement robust booking and payment flows with a client portal and calendar integration.
- Provide strong documentation, staging workflows, and an approachable owner handoff.
Key Assumptions & Tech Baseline
- UI baseline: ShadCN components, consistent with homepage and /artist pages.
- Visual language: Oversized image-forward design; layered parallax and split-screen storytelling.
- Infra: Cloudflare D1 (structured data), R2 (media assets); server-side asset loading.
- Docs/patterns: Context7 MCP and ShadCN MCP as primary references for patterns.
- Auth: Invite-based onboarding; RBAC; 2FA; optional passwordless fallback.
- Handoff: Staging environments, clear README/architecture docs, owner training.
2. Functional Requirements (FRs)
FR-A. Admin Dashboard & Artist Management
A1. Invitations & Onboarding
- FR-A1.1: Admin can invite users (artists, staff) via time-limited signup links.
- FR-A1.2: Wizard-style onboarding for artists using ShadCN components guiding profile, portfolio, and settings.
- FR-A1.3: Optional passwordless fallback; primary path supports email+password + 2FA enrollment.
- FR-A1.4: Sandbox mode to preview changes before publishing live.
A2. Role-Based Access & Controls
- FR-A2.1: Roles: viewer, editor (portfolio), admin, owner; assignable per user.
- FR-A2.2: Permissions restrict CRUD on artists, portfolios, and settings per role.
- FR-A2.3: Emergency pause control per artist or system-wide, disabling booking or portfolio visibility.
A3. Artist Profiles & Portfolio
- FR-A3.1: CRUD for artist profiles (bio, styles, rates/tiers, links, availability indicators).
- FR-A3.2: Batch drag-and-drop portfolio upload with progress tracking.
- FR-A3.3: Manual cropping UI with grid guides; save crops as separate asset records.
- FR-A3.4: Optional AI-assisted cropping suggestions (can be disabled per settings).
- FR-A3.5: Versioning for portfolio pieces to track edits/updates.
- FR-A3.6: Portfolio piece metadata: style tags, dimensions/size class, creation date, visibility flag.
A4. Asset Management & Delivery
- FR-A4.1: Store media in R2; metadata in D1.
- FR-A4.2: Server-side asset fetching and transformation for pages; minimize client duplication.
- FR-A4.3: Configurable compression levels; toggles to disable aggressive compression per asset/group.
A5. Auditability & Notifications
- FR-A5.1: Activity logs with user, action, timestamp; filter by user/resource.
- FR-A5.2: Notification preferences per user and per role (email/SMS for key events: new booking, cancellations).
- FR-A5.3: Basic content moderation hooks for uploads (e.g., queue for review).
FR-B. Unified Booking & Client Management
B1. Booking & Consultation Forms
- FR-B1.1: Multi-form flow with smart routing: consultation vs booking based on user input.
- FR-B1.2: Appointment type taxonomy (first tattoo, cover-up, large piece, etc.) drives questions and duration.
- FR-B1.3: Automated quote estimates based on inputs: size, placement, complexity, artist tier/rate.
B2. Client Portal
- FR-B2.1: Clients can create accounts and authenticate to manage appointments.
- FR-B2.2: View upcoming/past appointments, reschedule/cancel (per policy windows).
- FR-B2.3: Payments area: view deposit history, receipts, refunds.
- FR-B2.4: Profile and preferences (email/SMS notifications opt-in/out).
B3. Scheduling & Calendars
- FR-B3.1: Real-time availability across artists with conflict detection.
- FR-B3.2: Google Calendar two-way sync for artists (per-artist toggle).
- FR-B3.3: Automated confirmations and reminders (email/SMS) per policy.
B4. Payments
- FR-B4.1: Multi-merchant gateway support (e.g., Stripe, PayPal) with deposit handling.
- FR-B4.2: Store payment intents and receipt references securely; enable refund workflows.
- FR-B4.3: Deposit policies surfaced during booking; acceptance required to proceed.
B5. Notifications & Communications
- FR-B5.1: Email and SMS channels configurable by users/admins.
- FR-B5.2: Admin notifications for new bookings, cancellations, changes.
FR-C. Public-Facing Website Experience
C1. Design System & Visuals
- FR-C1.1: All pages follow ShadCN baseline; unify typography, spacing, and components.
- FR-C1.2: Implement layered parallax and split-screen storytelling in hero and portfolio sections.
- FR-C1.3: Image-forward layouts throughout; high-quality photography emphasis.
C2. Pages & Navigation
- FR-C2.1: Improve /aftercare, /deposit, /terms, /privacy, /book for consistency and UX.
- FR-C2.2: Smooth, consistent navigation with refined transitions.
- FR-C2.3: Responsive behavior across major breakpoints with mobile-first navigation patterns.
C3. Search & Discovery
- FR-C3.1: Dedicated search page with filters (style, availability, price tier).
- FR-C3.2: Quick search (Ctrl+K) for artists and educational content.
- FR-C3.3: Enhanced artist gallery: style-based filtering and interactive zooms/lightbox.
C4. Educational Content
- FR-C4.1: Detailed aftercare guides with visuals, progress tracking, and checklists.
- FR-C4.2: Healing process explanations with diagrams or annotated imagery.
- FR-C4.3: Downloadable PDFs and printable guides.
FR-D. Technical Delivery & Handoff
D1. Cloudflare Integration & Runtime
- FR-D1.1: Use D1 for structured data and R2 for media; server-side patterns for SSR/ISR where applicable.
- FR-D1.2: Caching strategies to minimize egress and optimize load times.
D2. Performance & Offline
- FR-D2.1: Lazy loading for portfolio assets; progressive image loading.
- FR-D2.2: Service worker for offline support and faster revisits.
D3. Documentation & Staging
- FR-D3.1: Clear README, architecture docs, changelog, contributor guide.
- FR-D3.2: Staging environment for Christy to preview changes.
D4. Handoff
- FR-D4.1: Repo delivered ready-to-merge; Cloudflare transfer instructions documented.
- FR-D4.2: Owner training materials for non-technical management.
3. Non-Functional Requirements (NFRs)
NFR-Security & Privacy
- NFR-S1: Enforce invite-based onboarding; session security; 2FA required for admins/owners; optional passwordless fallback.
- NFR-S2: Role-based access controls across admin features and APIs; least-privilege defaults.
- NFR-S3: Media access via scoped tokens; no direct public RW access to R2.
- NFR-S4: Payment flows must be PCI-compliant through the chosen gateway(s); do not store raw card data.
- NFR-S5: Basic content moderation hooks for uploads; audit and traceability of changes.
- NFR-S6: Conform to privacy policy; provide clear consent for notifications.
NFR-Performance
- NFR-P1: Use SSR-friendly, server-side image processing; progressive/lazy-loading for rich media.
- NFR-P2: Apply CDN caching and optimized asset delivery to keep LCP/INP within target budgets for typical gallery pages.
- NFR-P3: Minimize egress from R2 through caching and efficient formats; favor WebP/AVIF where supported.
NFR-Reliability & Availability
- NFR-R1: Implement robust error handling and retries for R2/D1 operations; graceful degradation of images.
- NFR-R2: Eventual consistency acceptable for search indices and non-critical caches (<1 minute).
- NFR-R3: Activity logs retained per policy; include export capabilities for audits.
NFR-Usability & Accessibility
- NFR-U1: Follow ShadCN conventions for components and patterns; consistent spacing/typography.
- NFR-U2: WCAG AA baseline for color contrast, focus states, and keyboard navigation.
- NFR-U3: Responsive layouts and touch targets across breakpoints.
NFR-Observability & Ops
- NFR-O1: Centralized error tracking for client/server, with release tagging.
- NFR-O2: Structured logs; avoid logging PII beyond necessity.
- NFR-O3: Staging environment should mimic production settings for realistic previews.
NFR-Documentation & Handoff
- NFR-D1: Up-to-date README, architecture overview, environment setup, and runbooks.
- NFR-D2: Owner-facing guides for day-to-day tasks (invites, portfolio updates, refunds, content).
4. Epics
Epic A: Admin Dashboard & Artist Management
Description: Secure, role-based admin experience to onboard artists, manage profiles/portfolios, and control assets.
Business Value: Scales operations; reduces friction for artist content management and quality control.
Epic B: Unified Booking & Client Management
Description: Multi-form booking and consultation flows, client portal, scheduling, and payments.
Business Value: Converts demand into scheduled work efficiently while respecting policies and preferences.
Epic C: Public-Facing Website Experience
Description: Consistent ShadCN-based design system, immersive visuals, improved content and discovery.
Business Value: Enhances brand, increases engagement, and improves conversion to consultations/bookings.
Epic D: Technical Architecture & Delivery
Description: Cloudflare-first architecture, caching/optimization, performance and offline capabilities, and strong documentation.
Business Value: Reliable, fast experience with maintainable operations and smooth handoff to the owner.
5. User Stories (with Acceptance Criteria)
Legend: UT-[Epic]-[ID]
- ADM = Admin/Artist Management (Epic A)
- BKG = Booking/Client (Epic B)
- PUB = Public Website (Epic C)
- ARC = Architecture/Delivery (Epic D)
Epic A — Admin Dashboard & Artist Management
UT-ADM-01: As an admin, I can invite a new artist with a time-limited signup link.
- Given I am an admin
- When I enter the artists email and send an invite
- Then the artist receives a link that expires after a configured window and can register successfully
UT-ADM-02: As an artist, I can complete a wizard-style onboarding to set profile, styles, and initial portfolio.
- Given I have a valid invite
- When I follow the wizard steps (profile, styles, rates, availability)
- Then my artist profile is created and set to draft until I publish
UT-ADM-03: As an admin/owner, I can enforce 2FA for admin roles and allow optional passwordless for others.
- Given security settings are configured
- When a new admin registers
- Then they must enroll 2FA before accessing admin features
UT-ADM-04: As an editor, I can batch upload portfolio pieces with progress tracking.
- Given I have editor permissions
- When I drag-and-drop multiple images
- Then I see per-file progress and all successful uploads are linked to my portfolio
UT-ADM-05: As an editor, I can manually crop images with grid guides and save crops as separate assets.
- Given I uploaded an image
- When I open the crop tool and save
- Then a cropped asset version with metadata is created
UT-ADM-06: As an editor, I can toggle AI-assisted crop suggestions on/off at the account or workspace level.
- Given the setting is visible
- When I toggle AI suggestions off
- Then only manual cropping is suggested
UT-ADM-07: As an admin, I can manage compression settings for uploaded assets and override aggressive compression.
- Given default compression is on
- When I disable aggressive compression for a set
- Then newly processed assets use the chosen compression level
UT-ADM-08: As an admin, I can view an activity log with user, action, and timestamp to audit changes.
- Given actions were performed
- When I open the activity log
- Then I can filter by user and resource and export logs
UT-ADM-09: As an admin, I can pause an artist or globally pause the system to halt new bookings.
- Given an emergency scenario
- When I toggle pause for a specific artist or globally
- Then booking forms and availability reflect the pause with clear messaging
UT-ADM-10: As an editor, I can stage portfolio changes in a sandbox and preview before publishing live.
- Given I have draft changes
- When I open preview
- Then I see the draft state exactly as it would appear when published
Epic B — Unified Booking & Client Management
UT-BKG-01: As a visitor, I am routed to consultation vs booking based on my form inputs.
- Given I start the booking flow
- When my answers indicate uncertainty or complex needs
- Then Im guided to a consultation request instead of direct booking
UT-BKG-02: As a visitor, I can select appointment type (first tattoo, cover-up, large piece, etc.) and see appropriate options.
- Given Im on the booking form
- When I choose an appointment type
- Then the form adapts with relevant questions and duration estimates
UT-BKG-03: As a visitor, I can see an automated quote estimate based on size, complexity, and artist tier.
- Given I filled required fields
- When I request an estimate
- Then I see a non-binding quote and deposit requirements
UT-BKG-04: As a client, I can create an account and see my upcoming/past appointments.
- Given I signed up
- When I log in to the client portal
- Then I can view appointments and details
UT-BKG-05: As a client, I can reschedule or cancel an appointment within policy windows.
- Given I have an upcoming appointment
- When I choose reschedule/cancel within allowed times
- Then the system updates calendar and sends notifications
UT-BKG-06: As an admin, I can enable two-way Google Calendar sync per-artist.
- Given an artist connects Google Calendar
- When sync is enabled
- Then booking changes appear in their calendar and availability reflects external events
UT-BKG-07: As a client, I can pay a deposit securely and receive a receipt.
- Given a deposit is required
- When I complete checkout via supported gateway
- Then my payment intent and receipt reference are stored and visible
UT-BKG-08: As an admin, I can process a refund via the payment gateway and record it in the system.
- Given a valid refund request
- When I issue a refund
- Then the client is notified and records reflect the refund
UT-BKG-09: As an admin, I receive notifications for new bookings, cancellations, and changes.
- Given notification preferences are set
- When key events occur
- Then I receive email/SMS alerts accordingly
Epic C — Public-Facing Website Experience
UT-PUB-01: As a visitor, I experience consistent ShadCN-based UI across all pages.
- Given any site page
- When I navigate and interact
- Then spacing, typography, components, and transitions are consistent
UT-PUB-02: As a visitor, I see parallax/split-screen hero sections that are smooth and performant.
- Given Im on the homepage or artist page
- When I scroll
- Then layered visuals and split sections animate smoothly within performance budgets
UT-PUB-03: As a visitor, I can use a dedicated search with filters (style, availability, price tier).
- Given Im on /search
- When I apply filters
- Then artist and content results update accordingly
UT-PUB-04: As a visitor, I can use quick search (Ctrl+K) to find artists and educational content.
- Given I press Ctrl+K
- When I type a query
- Then I get navigable results for artists and key pages
UT-PUB-05: As a visitor, I can view improved aftercare content with visuals, progress tracking, and checklists.
- Given I open /aftercare
- When I read and mark steps
- Then my progress is saved locally and content is printable/PDF-downloadable
UT-PUB-06: As a visitor, I can browse artist galleries with style-based filtering and interactive zoom/lightbox.
- Given Im on an artist page
- When I filter by style or click an image
- Then the gallery updates, and I can zoom without layout shift
Epic D — Technical Architecture & Delivery
UT-ARC-01: As a developer, I can configure Cloudflare D1/R2 and verify SSR server-side asset delivery.
- Given environment is set
- When I run the preview
- Then assets are fetched server-side and delivered via caches
UT-ARC-02: As a visitor, I benefit from progressive images and lazy loading while browsing media-heavy pages.
- Given I visit a gallery
- When images load
- Then low-res placeholders progressively upgrade without jank
UT-ARC-03: As a returning visitor, I benefit from a service worker that improves revisit speed and limited offline browsing.
- Given PWA-like capabilities
- When I revisit
- Then common assets/pages load faster and basic offline fallback is available
UT-ARC-04: As the owner, I can preview new changes on a staging environment before production.
- Given staging is deployed
- When I access the staging URL
- Then I can verify new features and content before launch
UT-ARC-05: As a maintainer, I can rely on clear docs (README, architecture, changelog) to operate and extend the system.
- Given the repository
- When a new developer onboards
- Then they can set up, run, and contribute following documented steps
6. Phasing (Reference)
- Phase 1 (Weeks 12): Foundations & Critical Fixes
- Admin: invites, onboarding wizard, basic portfolio management, R2 integration scaffold (UT-ADM-01..05, 07, 10; UT-ARC-01)
- Phase 2 (Weeks 34): Core Features & UX
- Booking, client portal, deposits/payments, design unification (UT-BKG-01..09; UT-PUB-01; UT-ARC-04)
- Phase 3 (Weeks 56): Polish & Visual Experience
- Parallax/split-screen, search & filters, education content, service worker (UT-PUB-02..06; UT-ARC-02..03)
- Phase 4 (Week 7): Documentation & Delivery
- Docs, handoff, training, final staging (UT-ARC-05 + wrap-ups)
7. Risks & Mitigations (Summary)
- Admin dashboard complexity/bugs → Incremental delivery, sandbox previews, RBAC testing.
- Cloudflare D1/R2 pitfalls → Follow proven patterns; robust error handling; staging validation.
- Performance with heavy visuals → Lazy loading, image optimization, prudent asset sizing, performance budgets.
End of PRD.

573
docs/architecture.md
View File

@ -1,573 +0,0 @@
# United Tattoo Fullstack Architecture Document
Version: 1.0
Date: 2025-09-17
Output Template: .bmad-core/templates/architecture-tmpl.yaml (architecture-template-v2)
Basis: docs/PRD.md, repo config (wrangler.toml, open-next.config.ts, next.config.mjs, package.json), lib/*, sql/schema.sql
Introduction
This document outlines the complete fullstack architecture for United Tattoo, including backend systems, frontend implementation, and their integration. It serves as the single source of truth for AI-driven development, ensuring consistency across the entire technology stack.
This unified approach combines what would traditionally be separate backend and frontend architecture documents, streamlining the development process for modern fullstack applications where these concerns are increasingly intertwined.
Starter Template or Existing Project
Decision: Existing project (this repository) on Next.js App Router with OpenNext for Cloudflare.
- Pre-configured stack: Next 14.2.16, Tailwind, ShadCN, OpenNext Cloudflare adapter, Wrangler, Vitest.
- Structure: app/ routes, components/, lib/, sql/, etc.
- Built-in patterns: SSR with App Router, route handlers under app/api, middleware guards, Zod validations, D1/R2 bindings.
- Constraints: Cloudflare Workers runtime; D1 (SQLite semantics), R2 for media and ISR cache. Images unoptimized (Next images disabled by config).
Change Log
| Date | Version | Description | Author |
|------------|---------|---------------------------------------------|----------|
| 2025-09-17 | 1.0 | Initial fullstack architecture document | Architect |
High Level Architecture
Technical Summary
United Tattoo runs as a serverless, modular monolith on Cloudflare Pages + Workers using the OpenNext adapter. Next.js App Router handles SSR/ISR and routing; Cloudflare D1 stores structured data (users, artists, appointments, settings) and R2 stores media plus incremental cache. The fullstack architecture implements both frontend UI components and backend services (auth, RBAC, validations, uploads, booking, payments, notifications, calendar sync) via Next.js route handlers, server actions, and React components with strict Zod validation and middleware-based RBAC. The architecture prioritizes image-forward delivery performance, reliability, and maintainability aligned to the PRD.
High Level Overview
1) Style: Serverless modular monolith (single app, bounded modules by domain).
2) Repo: Single repository (this project).
3) Services: Single deployable (OpenNext worker) with internal modules (auth, artists, portfolio, booking, payments, notifications, calendar).
4) Primary flows:
- Public SSR pages, search/discovery (later), booking/consultation routing, client portal (later).
- Admin onboarding, artist/portfolio CRUD, uploads to R2, moderation queue (later), activity logs (later).
- Payments via Stripe for deposits; later add PayPal.
- Two-way Google Calendar sync for artists (planned now).
5) Key decisions:
- Cloudflare-first stack (D1, R2, Pages/Workers) with OpenNext.
- REST via route handlers + Server Actions for same-origin mutations.
- Zod across edges; strict RBAC via middleware.
- Sentry + OpenTelemetry for observability; Upstash Redis for rate limiting.
High Level Project Diagram
```mermaid
graph TD
subgraph Users
V[Visitor]
C[Client]
A[Admin/Artist]
end
V -->|HTTP(S)| CDN[Cloudflare CDN]
C -->|HTTP(S)| CDN
A -->|HTTP(S)| CDN
CDN --> W[OpenNext Worker (Next.js App)]
W --> D1[(Cloudflare D1)]
W --> R2[(Cloudflare R2 - Media)]
W --> R2INC[(R2 - ISR/Incremental Cache)]
W --> STRIPE[Stripe API]
W --> RESEND[Resend Email]
W --> TWILIO[Twilio SMS]
W --> GCAL[Google Calendar API]
style W fill:#222,stroke:#999,color:#fff
style D1 fill:#114,stroke:#99f,color:#fff
style R2 fill:#141,stroke:#9f9,color:#fff
style R2INC fill:#141,stroke:#9f9,color:#fff,stroke-dasharray: 5 5
```
Architectural and Design Patterns
- Serverless Modular Monolith (chosen): Single worker with domain modules. Rationale: Simpler ops, Cloudflare-native, low latency, satisfies PRD scope; avoids premature microservices.
- Communication: RESTful route handlers + Server Actions. Alternative: GraphQL (deferred). Rationale: Simplicity, aligns with Next App Router, easy cache/policy control.
- Data Access: Thin repository-like helpers (lib/db.ts) with prepared SQL on D1. Alternative: Kysely/Prisma (N/A on Workers) → stay with direct SQL for D1. Rationale: Control, performance, D1 fit.
- Validation: Zod at boundaries (API/server actions/forms). Rationale: Single schema source; consistent erroring.
- AuthZ: Middleware-based RBAC on path prefixes + helper functions. Rationale: Centralized enforcement.
- Caching: R2-based ISR via OpenNext override; CDN caching for assets/API where applicable. Rationale: Cost/perf balance.
- Rate limiting: Redis (Upstash). Alternative: KV tokens. Rationale: Simplicity and global availability.
Tech Stack
Cloud Infrastructure
- Provider: Cloudflare
- Key Services: Pages + Workers (OpenNext), D1 (SQL), R2 (object storage + ISR cache)
- Regions: Global edge (Cloudflare network), D1 region as configured by account
Technology Stack Table
| Category | Technology | Version | Purpose | Rationale |
|------------------|---------------------------------|-------------------------|----------------------------------------------|--------------------------------------------------|
| Language | TypeScript | 5.x (lockfile-resolved) | Primary backend language | Strong typing, tooling, Next.js alignment |
| Framework | Next.js (App Router) | 14.2.16 | SSR/ISR, routing, APIs, server actions | Matches UI, supports OpenNext |
| Platform | OpenNext (Cloudflare) | ^1.8.2 (lockfile pin) | Next->Workers build, ISR in R2 | Official adapter, ISR override support |
| Runtime | Cloudflare Workers | nodejs_compat enabled | Serverless execution | Edge-native, low latency |
| Config/Deploy | Wrangler | ^4.37.1 (pin in lock) | Build/preview/deploy worker + bindings | Cloudflare-native tooling |
| DB | Cloudflare D1 | Managed | Relational store for core data | Simple, sufficient for scope, low-ops |
| Storage | Cloudflare R2 | Managed | Media assets; ISR cache bucket | Cost-effective, global access |
| Auth | NextAuth (Auth.js) | ^4.24.11 (pin in lock) | JWT sessions + providers | Standard pattern with Next |
| Validation | Zod | 3.25.67 | Input/env validation | Ubiquitous + types inference |
| Testing | Vitest + RTL | ^3.2.4 + latest RTL | Unit/component testing | Fast, TS-native |
| Observability | Sentry + OpenTelemetry | Latest stable | Errors, traces, metrics | Full visibility across Workers + Next |
| Rate Limiting | Upstash Redis | Managed | Rate limit auth/forms/APIs | Simplicity, global |
| Payments | Stripe (primary); PayPal later | Latest SDK | Deposits, refunds | Start with Stripe per customization |
| Email | Resend | Latest SDK | Transactional emails | Simple, modern API |
| SMS | Twilio | Latest SDK | Notifications (reminders, etc.) | Reliable, well-documented |
| Calendar | Google Calendar API | v3 | Two-way artist sync | Per customization → implement now |
Note: Exact semver pins should be recorded from the lockfile in CI. Next 14.2.16 and zod 3.25.67 are exact; others are resolved via lock.
Data Models
Core entities mapped from PRD and schema:
- User: id, email, name, role (CLIENT|ARTIST|SHOP_ADMIN|SUPER_ADMIN), avatar.
- Artist: id, userId, name, bio, specialties[], instagramHandle, isActive, hourlyRate.
- PortfolioImage: id, artistId, url, caption, tags[], orderIndex, isPublic, createdAt.
- Appointment: id, artistId, clientId, title, description, startTime, endTime, status, depositAmount, totalAmount, notes.
- Availability: id, artistId, dayOfWeek, startTime, endTime, isActive.
- SiteSettings: id, studioName, description, address, phone, email, socialMedia{}, businessHours[], heroImage, logoUrl.
- FileUpload: id, filename, originalName, mimeType, size, url, uploadedBy.
Relationships:
- User 1to1/01 Artist (user_id).
- Artist 1tomany PortfolioImage.
- User (client) 1tomany Appointment; Artist 1tomany Appointment.
- Artist 1tomany Availability.
Components
- Auth & RBAC
- Responsibility: JWT sessions; role enforcement.
- Interfaces: /auth routes (NextAuth), middleware guards, helpers isAdmin/hasRole.
- Dependencies: NextAuth, middleware.ts.
- Tech: NextAuth with Credentials (dev), Google/GitHub optional.
- Artist & Portfolio Service
- Responsibility: CRUD artists, portfolio images, ordering, visibility.
- Interfaces: app/api/artists/*, app/api/portfolio/*, server actions for admin UI.
- Dependencies: D1 tables, R2 uploads.
- Tech: lib/db.ts helpers; lib/r2-upload.ts.
- Upload Service
- Responsibility: R2 uploads (single/bulk), file validation, delete.
- Interfaces: app/api/upload, admin UI dropzones.
- Tech: R2 bucket binding; R2_PUBLIC_URL used to compose public URLs.
- Booking & Scheduling
- Responsibility: Booking/consultation routing, appointment CRUD, availability.
- Interfaces: app/api/appointments/*; server actions for stepper.
- Dependencies: D1, Notifications, Stripe.
- Tech: Zod forms; quote estimation (to be implemented).
- Payments
- Responsibility: Deposit intents (Stripe), receipts, refunds; PayPal later.
- Interfaces: app/api/payments/* webhooks; server actions for checkout init.
- Dependencies: Stripe SDK, D1 to persist intents/receipts.
- Tech: Stripe Checkout/PaymentIntents; signed webhooks; idempotency keys.
- Notifications
- Responsibility: Email (Resend) + SMS (Twilio), templates, preferences.
- Interfaces: internal functions invoked from flows; background execution pattern if needed.
- Dependencies: D1 preferences, external providers.
- Calendar Integration
- Responsibility: Google Calendar two-way sync for artists (now).
- Interfaces: OAuth connect, webhook/push, polling fallback, reconciliation.
- Dependencies: Google API, D1 for tokens, Appointments.
Component Diagram
```mermaid
graph LR
AUTH[Auth & RBAC] --> API[Route Handlers / Server Actions]
ART[Artists/Portfolio] --> API
UP[Upload Service] --> API
BK[Booking/Scheduling] --> API
PAY[Payments (Stripe)] --> API
NOTIF[Notifications] --> API
CAL[Calendar Sync] --> API
API --> D1[(D1)]
API --> R2[(R2)]
PAY --> STRIPE[Stripe]
NOTIF --> RESEND[Resend]
NOTIF --> TWILIO[Twilio]
CAL --> GCAL[Google Calendar]
```
External APIs
- Stripe API
- Purpose: Deposits, refunds; store payment intents + receipts.
- Auth: API keys (Wrangler secret); webhook signing secret.
- Rate limits: Stripe-managed; implement retries with backoff; idempotency keys.
- Endpoints: PaymentIntents, Checkout, Refunds, Webhooks.
- Resend
- Purpose: Transactional emails (booking confirmations, receipts).
- Auth: API key (secret).
- Integration: templated emails, error handling.
- Twilio
- Purpose: SMS notifications (confirmations/reminders).
- Auth: Account SID/Token (secret).
- Rate limits: provider-specific; implement basic backoff.
- Google Calendar v3
- Purpose: Two-way artist sync (now).
- Auth: OAuth 2.0 per artist; token storage in D1; refresh handling.
- Endpoints: Events, Watch (push), Channels (stop), CalendarList.
Core Workflows
Booking with Deposit (sequence)
```mermaid
sequenceDiagram
participant U as User
participant W as Worker(App)
participant D as D1
participant S as Stripe
U->>W: Submit booking form (zod-validated)
W->>D: Create pending Appointment (PENDING)
W->>S: Create PaymentIntent (deposit) with idempotency
S-->>W: Client secret
W-->>U: Return client secret
U->>S: Confirm payment
S-->>W: Webhook event (payment_succeeded)
W->>D: Update Appointment status + store receipt reference
W-->>U: Confirmation (email/SMS)
```
Portfolio Upload (sequence)
```mermaid
sequenceDiagram
participant A as Admin/Artist
participant W as Worker(App)
participant R as R2
participant D as D1
A->>W: Upload image(s) (validated)
W->>R: Put object(s)
W->>D: Insert portfolio_images rows
W-->>A: URLs + metadata
```
REST API Spec (sketch)
openapi: 3.0.0
info:
title: United Tattoo Backend API
version: 1.0.0
description: REST endpoints backing booking, admin, and integrations
servers:
- url: https://your-preview-domain.pages.dev
description: Preview
- url: https://your-domain.com
description: Production
paths:
/api/appointments:
get:
summary: List appointments
post:
summary: Create appointment (server action preferred)
/api/portfolio:
post:
summary: Upload portfolio image (server action preferred)
/api/payments/deposit-intent:
post:
summary: Create Stripe PaymentIntent for deposit
/api/webhooks/stripe:
post:
summary: Stripe webhook receiver
Database Schema
- Source of truth: sql/schema.sql (D1). Entities and indexes already implemented.
- Note: Fix comment header mismatch (“united-tattoo-db” vs scripts using “united-tattoo”).
- Migrations: wrangler d1 execute … --file=./sql/schema.sql (local/prod variants).
Source Tree
```
project-root/
├─ app/ # App Router (public pages, admin area, api/)
│ ├─ api/ # Route handlers
│ ├─ admin/ # Admin UI sections
│ └─ ... # Site pages
├─ components/ # UI + composed components
├─ lib/
│ ├─ db.ts # D1 & R2 binding access + helpers
│ ├─ r2-upload.ts # R2 upload manager
│ ├─ auth.ts # NextAuth config + RBAC helpers
│ ├─ env.ts # Zod env validation (see alignment note)
│ └─ validations.ts # Zod schemas for domain + forms
├─ sql/
│ └─ schema.sql # D1 schema SSoT
├─ wrangler.toml # Worker config + bindings
├─ open-next.config.ts # ISR cache override to R2
├─ next.config.mjs # Next config (standalone, images unoptimized)
└─ package.json # Scripts (build/preview/deploy/db/test)
```
Infrastructure and Deployment
Infrastructure as Code
- Tool: Wrangler 4.x
- Location: wrangler.toml
- Approach: Wrangler-only “config of record” now; Terraform later if needed.
Deployment Strategy
- Strategy: OpenNext build → Cloudflare Pages (Worker + assets).
- CI/CD Platform: Gitea (planned) with required pipeline gates.
- Pipeline Config: .gitea/workflows/* (to be added) or equivalent CI config.
Environments
- dev: Local dev server (next dev) and/or Workers preview (OpenNext preview).
- preview: Cloudflare Pages preview (pull requests).
- production: Cloudflare Pages live.
Environment Promotion Flow
```
feature → PR → CF Pages preview → E2E/quality gates → merge → production deploy
```
Rollback Strategy
- Primary Method: Re-deploy previous artifact via CF Pages rollback / previous commit.
- Triggers: Elevated errors, failed SLOs, payment or booking failures.
- RTO: < 30 minutes for deploy rollback; data roll-forward with compensating ops.
Error Handling Strategy
General Approach
- Error Model: Domain errors (validation, auth, business) vs operational (transient, provider).
- Propagation: Translate to typed JSON errors at API boundary; avoid leaking internals.
Logging Standards
- Library: Console structured JSON (Workers) + Sentry/Otel exporters.
- Format: JSON with fields: timestamp, level, correlationId, route, userId (if any).
- Levels: debug/info/warn/error; No PII in logs.
Error Handling Patterns
- External API Errors:
- Retry: Exponential backoff (bounded), idempotency keys (Stripe).
- Circuit Breaker: Soft disable non-critical providers on repeated failures.
- Timeouts: Tight timeouts; fail fast, surface friendly errors.
- Business Logic Errors:
- Custom error types; map to 4xx with helpful messages; do not expose details.
- Data Consistency:
- D1 is transactional per statement; use idempotency on effects; write-ahead logic for webhooks.
Coding Standards (Backend)
Core Standards
- Languages & Runtimes: TypeScript (Workers-compatible), Next.js App Router.
- Style & Linting: ESLint + Prettier (enable in CI, even if build ignores failures).
- Tests: Vitest for unit; RTL for component; Playwright for e2e (planned).
Critical Rules
- Validate all external inputs with Zod at API boundary.
- Use lib/db.ts helpers; do not inline raw env binding plucking in routes.
- Payments: Always use idempotency keys for Stripe and verify signed webhooks.
- No secrets in logs; use Wrangler secrets for all provider keys.
- RBAC: All /admin and /api/admin routes must enforce SHOP_ADMIN or SUPER_ADMIN.
- Rate limiting must wrap auth/forms/API entrypoints once Upstash is configured.
Test Strategy and Standards
Testing Philosophy
- Approach: Pragmatic test-after with critical flows prioritized; expand coverage over time.
- Coverage Goals: Unit 6070% rising; critical domain paths higher.
Test Types and Organization
- Unit: Vitest; files *.test.ts under __tests__/ or next to modules.
- Integration: D1 local (wrangler d1 execute) for repository tests; mock providers.
- E2E: Playwright on CF Pages preview (booking flow, uploads, admin critical).
Test Data Management
- Fixtures: __tests__/fixtures; factories for domain objects.
- Cleanup: Explicit clean after each suite (D1 truncate helpers for local env).
Continuous Testing
- CI Integration: Lint/typecheck → unit → build → migration dry-run → e2e on preview.
Security
Input Validation
- Library: Zod
- Location: Route handlers/server actions before processing
- Required Rules:
- Validate all inputs (query/body/params).
- Whitelist approach; reject extras.
Authentication & Authorization
- Auth Method: NextAuth JWT (Credentials for dev; OAuth optional).
- Session: JWT; role included in token; maxAge defaults; future 2FA.
- Required:
- Enforce RBAC in middleware + route-level checks for admin endpoints.
- Implement invites and 2FA per PRD in admin flows.
Secrets Management
- Development: Wrangler secrets; .env only for local dev of non-secrets.
- Production: Wrangler secrets; never commit secrets.
- Code Rules: Never log secrets; never embed keys.
API Security
- Rate Limiting: Upstash Redis (global) on auth/forms/APIs.
- CORS: Strict same-origin for server actions; minimal cross-origin where necessary.
- Security Headers: Enforce via centralized headers helper (CSP, X-Frame-Options DENY, Referrer-Policy strict-origin-when-cross-origin, Permissions-Policy).
Data Protection
- At Rest: Provider-managed (D1/R2). Encrypt sensitive app-level data if needed before storage.
- In Transit: HTTPS only.
- PII: Store minimal; redact logs.
Dependency Security
- Scanner: Enable dep audit in CI; weekly review cadence.
- New Deps: Require review; follow Context7 MCP check (per repo rules).
Security Testing
- SAST: ESLint/security rules; consider additional scanners.
- DAST: E2E includes basic auth + booking hardening; expand later.
Backend Customization Choices (Confirmed)
- Payments: Stripe first (PayPal later).
- Email: Resend.
- SMS: Twilio.
- Rate Limiting: Upstash Redis.
- Observability: Sentry + OpenTelemetry.
- Calendar Integration: Google twoway sync now.
- API Style: Next.js Route Handlers (REST) + Server Actions.
- IaC/Config: Wrangler-only config of record (Terraform later).
- Env/Secrets: Align env.ts to Cloudflare bindings (remove unused AWS_* + DATABASE_URL now). Note: the current names in env.ts are labeled AWS_ but map to Cloudflare R2 usage—document and align.
- Security Headers: Centralized middleware/edge headers helper.
Next Steps
## Frontend Component Architecture
### Component Organization
- **App Router Structure**: Next.js App Router with layout hierarchy
- Root layout: `app/layout.tsx` - Global providers, fonts, metadata
- Client layout: `app/ClientLayout.tsx` - Main site navigation, footer
- Admin layout: `app/admin/layout.tsx` - Admin dashboard structure
- Nested layouts per section (artists, booking, etc.)
- **UI Components**: ShadCN-based component library with custom extensions
- Base components: `components/ui/` - Button, Card, Input, Dialog, etc.
- Domain components: `components/admin/`, `components/booking/`, etc.
- Layout components: Navigation, Footer, Section wrappers
- Form components: Booking forms, contact forms, payment forms
- **State Management**: React hooks + Zustand for global state
- Local state: useState/useReducer for component-specific state
- Form state: React Hook Form with Zod validation integration
- Global state: Zustand stores for auth, booking, UI preferences
- Server state: React Query for data fetching and caching
### Payment Form Components
**Stripe Embedded Elements Integration**:
- Payment form: `components/payment/StripePaymentForm.tsx`
- Card element: Stripe CardElement with custom styling
- Mobile optimization: Responsive design for 70% mobile usage
- Error handling: Validation errors and payment status feedback
- Loading states: Processing indicators and success confirmation
**Deposit Payment Flow**:
1. Booking form completion with service selection
2. Deposit amount calculation based on service pricing
3. Stripe PaymentIntent creation via server action
4. Embedded payment form rendering with client secret
5. Payment confirmation and status updates
### State Management for Payment Processing
- **Payment State Machine**:
- `IDLE` → Initial state
- `PROCESSING` → Payment submission
- `SUCCESS` → Payment completed
- `ERROR` → Payment failed
- `CANCELLED` → User cancelled
- **Error Recovery**:
- Retry mechanism for failed payments
- Clear error messages with actionable steps
- Session preservation during payment flow
### Mobile Optimization (70% Mobile Usage)
- **Responsive Design Principles**:
- Mobile-first CSS approach
- Touch-friendly interfaces (44px+ touch targets)
- Simplified navigation for mobile
- Optimized image loading and performance
- **Mobile-Specific Components**:
- Mobile booking bar: `components/MobileBookingBar.tsx`
- Touch-optimized forms and buttons
- Swipeable carousels for artist portfolios
- Simplified payment flow for mobile devices
### Error Handling and User Feedback
- **Frontend Error Boundaries**:
- Global error boundary for uncaught exceptions
- Component-level error handling
- Graceful degradation for failed features
- **User Feedback Patterns**:
- Toast notifications: `hooks/use-toast.ts`
- Loading spinners and skeletons
- Success/error modals for critical actions
- Form validation feedback with Zod integration
## Testing Strategy (Frontend)
### Component Testing
- **Unit Tests**: Vitest + React Testing Library
- Component rendering and interaction tests
- Hook testing for custom React hooks
- Form validation and state management tests
- **Integration Tests**:
- Component composition testing
- Form submission and validation flows
- Payment form integration with mock Stripe
### E2E Testing
- **Playwright Tests**:
- Booking flow from start to payment completion
- Admin dashboard functionality
- Mobile responsiveness testing
- Cross-browser compatibility
### Payment Testing
- **Stripe Test Mode**:
- Test card numbers for various scenarios
- Webhook testing with local tunnel
- Error scenario simulation
- Mobile payment flow testing
## Next Steps
- Product Owner Review: Validate scope and sequencing (Phases 14).
- Dev Agent: Implement stories for Phase 1 (Admin invites, onboarding wizard stub, artist CRUD/portfolio upload MVP, D1/R2 confirmations).
- DevOps: Add CI pipeline, lock exact versions from lockfile into doc, add .env.example listing required secrets (NEXTAUTH_URL, NEXTAUTH_SECRET, R2_PUBLIC_URL, STRIPE_KEYS, RESEND_API_KEY, TWILIO_KEYS, GOOGLE_OAUTH, UPSTASH).
Appendix
Bindings (wrangler.toml)
- DB (D1), R2_BUCKET (media), NEXT_INC_CACHE_R2_BUCKET (ISR cache), WORKER_SELF_REFERENCE (service binding).
Runbooks
- Preview: npm run pages:build && npm run preview
- Deploy: npm run pages:build && npm run deploy
- DB: npm run db:create; npm run db:migrate[:local]
References
- PRD: docs/PRD.md
- Schema: sql/schema.sql
- Config: wrangler.toml, open-next.config.ts, next.config.mjs

150
docs/brainstorming.md
View File

@ -1,150 +0,0 @@
# Brainstorming Log — United Tattoo Website Expansion
Date: 2025-09-17
Audience: Christy (owner), development team, future maintainers
Overview
This document captures the comprehensive brainstorming outputs from our planning sessions for United Tattoos public-facing website and internal admin/ops systems. It consolidates the four pillars we identified:
- Admin Dashboard & Artist Management
- Unified Booking & Client Management
- Public-Facing Experience
- Technical Architecture & Delivery
Goals
- Create a unified, scalable system that supports artist onboarding, portfolio management, and secure admin controls.
- Deliver a polished public site with immersive visuals, consistent design (ShadCN baseline), and robust content (education, aftercare, etc.).
- Implement a reliable booking and payment flow with client portals and calendar integration.
- Establish strong documentation, staging environments, and an approachable handoff for Christy.
Key Design & Tech Assumptions
- UI baseline: ShadCN components, aligned with homepage and /artist pages.
- Parallax layering and split-screen storytelling to achieve an oversized ecommerce-like experience.
- Asset hosting on Cloudflare R2; metadata in D1; server-side asset loading to minimize client storage.
- Context7 MCP and ShadCN MCP docs as primary sources for patterns and best practices.
- Admin users invited via email; role-based access; password onboarding; 2FA.
Brainstorming Focus Areas and Ideas
1) Admin Dashboard & Artist Management System
- User Management & Authentication
- Invite-based onboarding with time-limited signup links.
- Wizard-style onboarding for artists using ShadCN components.
- Two-factor authentication (2FA) to improve security.
- Sandbox mode to preview changes before going live.
- Optional passwordless login fallback for convenience.
- Asset Management & Optimization
- Manual cropping UI with grid guides; save as separate asset records.
- Optional AI-assisted cropping suggestions that can be toggled off in settings.
- Batch drag-and-drop portfolio uploads with progress tracking.
- Versioning for portfolio pieces to track edits/updates.
- Smart compression with a user-facing toggle to disable automatic aggressive compression if needed.
- Server-side asset loading from R2, pulling per-artist asset bundles when rendering.
- Permissions & Access Controls
- Fine-grained roles: viewer, editor (portfolio), admin (full control), owner.
- Activity logs with audit trail visuals.
- Emergency pause per-artist or system-wide control.
- Customizable notification preferences per user and per role.
- Data & Security Considerations
- Keep media assets offsite in R2; assets loaded server-side to minimize duplication.
- Access tokens with scoped permissions for asset retrieval.
- Basic content moderation hooks for uploaded media.
2) Unified Booking & Client Management System
- Multi-Form System
- Smart routing to route to consultation vs. booking based on user input.
- Appointment type taxonomy: first tattoo, cover-up, large piece, etc.
- Automated quote estimates based on options (size, complexity, artist rate tiers).
- Client Portal
- Account-based portal for appointment management: view, reschedule, cancel.
- Deposits, refunds, and payment history; secure checkout with PCI-compliant flows.
- Deposit policies clearly displayed during booking.
- Scheduling & Calendar
- Real-time availability across artists; conflict detection.
- Google Calendar two-way sync for artists; SMS/email reminders with opt-in controls.
- Automated scheduling confirmations and reminders.
- Payments
- Multi-merchant support (Stripe, PayPal) with deposit handling.
- Secure storage of payment intents and receipts; refunds workflow.
- Notifications & Communication
- Email and SMS channels; user preference granularity.
- Admin notifications for new bookings, cancellations, and changes.
3) Public-Facing Website Experience
- Design System & Visual Language
- All new pages follow the ShadCN baseline; homepage and /artist pages as references.
- Layered parallax and split-screen interactions for hero sections and portfolios.
- Oversized, image-forward design with heavy photography emphasis.
- Pages & Navigation
- Improve /aftercare, /deposit, /terms, /privacy, /book to align with the visual system.
- Smooth, consistent navigation with refined transitions.
- Search & Discovery
- Dedicated search page with filters (style, price, availability).
- Quick search (Ctrl+K) for artists and educational content.
- Enhanced artist gallery with style-based filtering and interactive zooms.
- Educational Content
- Detailed aftercare guides with visuals, progress tracking, and checklists.
- Healing process explanations with diagrams or annotated imagery.
- Downloadable PDFs and printable guides.
- Content Strategy
- Rich media: more images and photography across pages, focusing on shop and artists.
- Clear calls-to-action for bookings and consultations.
4) Technical Architecture & Delivery
- Cloudflare Integration
- D1 for structured data; R2 for media assets; 2-way data flow with server-side rendering patterns.
- Caching strategies to minimize data egress and optimize load times.
- Image processing on the server (parallax-friendly, optimized delivery).
- Performance & Experience
- Lazy loading for portfolio assets; progressive image loading for perceived speed.
- Service workers for offline support and faster revisit performance.
- Git & Documentation
- Git-free CMS-like experience for the owner-facing admin experience.
- Clear README, architecture docs, changelog, and contributor guidelines.
- Staging environment for Christy to preview progress before production.
- Delivery & Handoff
- Repository delivered as a ready-to-merge GitHub project; Cloudflare transfer instructions documented.
- Owner training materials focusing on non-technical management tasks.
Phased Implementation Plan (Summary)
- Phase 1: Foundation & Critical Fixes (Week 1-2)
- Admin dashboard bug resolution, invitation flow, onboarding, basic portfolio management, R2 integration scaffold.
- Phase 2: Core Features & UX (Week 3-4)
- Unified booking system, client portal, deposits, payments, and initial design unification.
- Phase 3: Polish & Visual Experience (Week 5-6)
- Parallax, split-screen, advanced search, education content, staging environment.
- Phase 4: Documentation & Delivery (Week 7)
- Documentation, git workflow, handoff, Cloudflare setup, owner training.
Risks & Mitigations
- Risk: Admin dashboard complexity and bugs
- Mitigation: Build incremental, testable components; implement the sandbox preview and role-based testing.
- Risk: Cloudflare integration pitfalls (D1/R2)
- Mitigation: Use MCP patterns, implement robust error handling, staging environment for preview, and strict access controls.
- Risk: Performance with rich visuals and parallax
- Mitigation: Lazy loading, image optimization, careful asset sizing, and performance budgets.
Next Actions
- Create the initial documentation skeletons and onboarding guides.
- Start implementing Phase 1: Admin dashboard bug resolution and onboarding flow.
- Establish a staging environment workflow for Christys preview and handoff.
Notes
- AI cropping suggestions are optional and can be toggled off in settings with manual fallback as requested.
- All design work will follow ShadCN patterns and Context7/MCP guidance.
- Staging and documentation will be integral to a smooth handoff and maintainability.
End of planning notes. Let me know if you want me to start implementing Phase 1 tasks immediately, and I will begin with the admin dashboard on-boarding flow and the artist asset handling scaffold. If you want a specific formatting or section ordering in this document, I can adjust accordingly.

275
docs/brief.md
View File

@ -1,275 +0,0 @@
# Project Brief: United Tattoo
Mode: Interactive
Last Updated: 2025-09-17
## Executive Summary
- Product concept: A unified, artist-powered tattoo studio platform combining a premium public website with a secure admin dashboard. Artists can self-manage profiles and portfolios; clients can discover artists, book consultations or appointments, pay deposits, and manage schedules; the studio retains fine-grained control over permissions and content.
- Primary problem: Fragmented booking, asset, and user management forces the owner to handle technical workflows, while inconsistent UX on key pages hampers conversions and brand/talent exposure.
- Target market: Tattoo enthusiasts across age ranges—from high-ticket realism clients to first-timers—especially women seeking a clean, safe, professional studio environment.
- Key value proposition: Beautiful ShadCN-led UX with immersive visuals, real-time availability and booking with deposits, client portal, two-way Google Calendar sync and notifications, and Cloudflare D1/R2-backed reliability—paired with clear documentation, staging previews, and owner-friendly operations.
## Problem Statement
Current state and pain points:
- Admin workflow is blocked by bugs in the dashboard (e.g., cannot create users), preventing artist onboarding and forcing the owner to perform or defer technical tasks.
- Fragmented processes for booking, consultations, and general inquiries create friction and confusion; theres no unified scheduling with real-time artist availability.
- Clients cannot self-serve key actions (reschedule/cancel, deposit payments), increasing manual coordination and missed opportunities.
- Inconsistent UX and visual design on several public pages (/aftercare, /deposit, /terms, /privacy, portions of /book) undermines brand quality and conversion compared to the polished homepage and /artists pages.
- Portfolio and asset management lacks a streamlined path: artists need a simple, permissioned way to upload/crop/compress assets stored in R2, without owner involvement or Git knowledge.
Impact:
- Lost bookings and reduced conversion due to friction in forms and inconsistent UI.
- Increased owner time cost managing users, content, and schedules (non-scalable).
- Lower artist visibility and slower portfolio updates impact brand/talent exposure and revenue.
- Operational risk from manual workflows (scheduling conflicts, missed reminders).
Why existing solutions fall short:
- Generic booking tools dont integrate deeply with artist-managed portfolios, fine-grained permissions, Cloudflare R2/D1, and studio-specific workflows.
- “No-code” CMS options do not provide the desired ShadCN-led UX, tight control over permissions, and integrated deposits/Google Calendar sync.
- Current implementation attempts exist but lack consistent functionality and maintainability in key areas.
Urgency:
- Near-term fixes unlock bookings and self-service today; a cohesive platform compounds benefits over time via better artist exposure, higher conversion, and easier operations.
## Proposed Solution
Core concept and approach:
- Deliver a ShadCN-led Next.js platform with two faces:
1) Public site that showcases artists with immersive, oversized visuals and cohesive design across all pages.
2) A secure admin dashboard where admins invite artists, manage permissions, and artists self-manage their profiles and portfolios stored in Cloudflare R2.
- Implement unified booking with two primary flows (consultation and direct booking), a general inquiry form, and a client portal for reschedule/cancel and deposit payments.
Key differentiators:
- First-class artist self-management (no Git required): upload/crop/compress media to R2 with audit logs and versioning; admin can pause any user or globally.
- Tight integration of booking + portfolios + permissions + Cloudflare D1/R2 + Google Calendar sync + deposits in one cohesive system.
- ShadCN consistency end-to-end for a polished, premium feel aligning with the homepage and /artists pages, including smooth parallax and split-screen experiences.
Why this will succeed:
- Reduces owner burden with invite-based onboarding, role-based access, and reliable asset pipelines; eliminates fragmented tools and manual overhead.
- Improves conversion via unified, consistent UX on critical pages (/aftercare, /deposit, /book, policies) and clear CTAs that guide users to consult or book.
- Enhances reliability with Cloudflare D1/R2, robust validation (Zod), and documented processes; staging environment provides safe preview before release.
High-level vision:
- Phase 1: Unblock user creation and implement portfolio basics.
- Phase 2: Add client portal, deposits, and Google Calendar synchronization.
- Phase 3: Deliver advanced search, educational guides, and refined parallax/split-screen visuals.
- Final phase: Documentation, staging workflows, and handoff to Christy with minimal ongoing effort required.
## Target Users
Primary User Segment: Serious collectors & premium clients
- Profile: Adults 25-55 with disposable income; professionals and enthusiasts commissioning large or complex pieces (e.g., full back realism).
- Behaviors: Research-driven, compare portfolios across styles; schedule well in advance; expect transparent pricing/deposits and reliable scheduling.
- Needs & Pain Points: Direct access to artists by style/specialty; high-quality, zoomable portfolios; streamlined booking with deposit; clear aftercare; calendar certainty and reminders.
- Goals: Commission top-tier custom work with minimal friction; confidence in cleanliness, process, and outcome.
Secondary User Segment: First-timers & mainstream return clients (with emphasis on women seeking a clean, safe studio)
- Profile: Teens with guardians through 40s+; diverse backgrounds; many are women prioritizing safety, professionalism, and clear guidance.
- Behaviors: Seek reassurance and education; prefer simple, guided booking and consultation flows; value testimonials and shop photos.
- Needs & Pain Points: Clarity between consultation vs. booking; transparent policies; easy rescheduling/cancellation; accessible aftercare guides; welcoming, consistent design.
- Goals: A safe, supported first (or next) tattoo experience with a studio they trust and want to return to.
## Goals & Success Metrics
Business Objectives (SMART where possible)
- Increase successful bookings by 30% within 6 months of launch.
- Reduce owner time spent on user/content/schedule management by 50% within 3 months.
- Achieve consistent brand experience across all public pages with visual parity to homepage and /artists by initial release.
- Enable 100% of active artists to self-manage their profiles/portfolios without developer assistance within 2 months.
User Success Metrics
- Booking flow conversion rate (visit → completed booking or consultation request).
- Deposit completion rate and refund handling satisfaction.
- Client portal adoption (active users performing self-service actions).
- Time-to-first-publish for new artist portfolio updates after invite.
- Aftercare content engagement (views, completion rate, downloads).
KPIs (with definitions and targets)
- Conversion Rate (Book/Consult): target ≥ 3.5% sitewide, ≥ 5% on artist pages.
- Deposit Completion Rate: target ≥ 90% within 24 hours of initiating booking.
- Artist Self-Management Adoption: target ≥ 90% of artists active monthly in dashboard.
- Portfolio Update Latency: median ≤ 1 day from upload to live publish.
- Owner Admin Time: ≤ 2 hrs/week average on routine management after month 3.
- Calendar Sync Success: ≥ 99% successful two-way sync events.
- Notification Deliverability (Email/SMS): ≥ 98% delivery, ≤ 1% bounce.
- Performance: LCP ≤ 2.5s p75, CLS ≤ 0.1, TBT ≤ 200ms on key pages.
- Uptime: ≥ 99.9% monthly.
- Bug Regression Rate (critical): ≤ 1 per month post-stabilization.
## MVP Scope
Core Features (Must Have)
- Admin & Auth
- Fix admin user creation; invite-based onboarding with expiring links.
- Roles/permissions: owner, admin, artist (edit own profile/portfolio).
- Artist self-management: name, pronouns, avatar, bio, skills.
- Portfolio & Assets
- Image/video upload to R2 via server pipeline.
- Manual cropping and compression UI (AI suggestions disabled by default).
- Basic versioning (retain original + current).
- Booking & Forms
- Consultation form and direct booking form (+ general inquiry form).
- Deposit payments via Stripe (single-processor to reduce scope).
- Email notifications (client + artist + admin). SMS optional for postMVP.
- Calendar sync: create events on artist Google Calendar (oneway for MVP).
- Client portal: view appointment, reschedule/cancel, see deposit receipts.
- Public Site UX
- Redesign /aftercare, /deposit, /terms, /privacy, /book to match ShadCN baseline and the homepage/artist aesthetic.
- Smooth navigation/scroll consistency; image-forward sections.
- Search (Basic)
- Quick find for artists by name/style. Full-site and Ctrl+K advanced search postMVP.
- Documentation & Staging
- README, setup, release process; staging preview for Christy.
Out of Scope for MVP
- AI cropping suggestions (optional setting exists but disabled; polish later).
- Two-way Google Calendar reconciliation; advanced conflict resolution.
- SMS notifications at scale; payment plans/multiprocessor support.
- Advanced search (filters, content-wide, Ctrl+K command palette).
- Mobile app; offline mode/service worker enhancements.
- Complex refund automation/tax scenarios; analytics dashboards.
MVP Success Criteria
- Owner can invite an artist who publishes portfolio updates within 24 hours of invite.
- End-to-end booking with deposit succeeds (client → deposit → event on artist Google Cal → email confirmations).
- Redesigned pages shipped with ShadCN parity and smooth scrolling.
- Booking conversion uplift detectable vs baseline within 60 days.
- Admin routine management time ≤ 2 hrs/week by month 3.
## PostMVP Vision
Phase 2 Features (near term)
- Twoway Google Calendar sync with conflict detection and graceful reconciliation.
- SMS notifications (reminders, confirmations, policy prompts) with optin and perartist preferences.
- Enhanced search: filters (style, availability, price band), content search, and Ctrl+K command palette.
- Portfolio enhancements: collections/sets, multiartist features, richer video handling, and bulk editing.
- Education expansion: interactive aftercare wizard, symptom checker, printable kits, and multilingual content.
Longterm Vision (1224 months)
- Advanced analytics: booking funnel, artist performance, portfolio engagement, noshow insights.
- Payment improvements: payment plans for large projects, partial payments, automated refunds/credits.
- Marketing hooks: email segments for consultations vs bookings, seasonal specials, referral tracking.
- Performance & a11y excellence: continuous budgets (images, JS), WCAG AA across the site.
- The “United Experience”: signature parallax narratives per artist, curated home features, and evolving visual stories.
Expansion Opportunities
- Multilocation support (unified brand, pershop artists and calendars).
- Guest artist programs with temporary access windows and portfolio highlights.
- Merch/ecommerce pilots (limited drops, prints), integrated with booking.
- Partnerships (aftercare products, studios/events) and comarketing pages.
- Mobile companion or PWA for artist tools (appointments, portfolio capture on the go).
## Technical Considerations
Platform Requirements
- Target Platforms: Web (Next.js App Router); desktop/mobile browsers; responsive and touch-friendly.
- Browser/OS Support: Evergreen browsers (Chromium/WebKit/Firefox) on iOS/Android/Win/Mac; minimum iOS 15+, Android 10+ where feasible.
- Performance Requirements: LCP ≤ 2.5s p75; CLS ≤ 0.1; TBT ≤ 200ms on key pages; image budgets and lazy loading for portfolios.
Technology Preferences
- Frontend: Next.js 14 App Router, TypeScript, Tailwind + shadcn/ui, Zustand (local UI), React Query (server state).
- Backend/Runtime: Next.js server components & route handlers; server actions for same-origin auth mutations; Cloudflare Pages/Workers via OpenNext adapter.
- Auth & Security: NextAuth (Auth.js), JWT or DB sessions (documented choice); middleware for role-based guards; strict security headers (CSP nonce/hash, Referrer-Policy, X-Frame-Options, Permissions-Policy); cookies HttpOnly/Secure/SameSite=Strict; Zod validation across routes/forms/actions; rate limiting (Redis/Upstash).
- Data & Storage: Cloudflare D1 for relational data; R2 for media assets; all access via environment bindings; no direct DB connections; migrations sourced from sql/ executed via MCP; file uploads with signed URLs and server-side processing.
- Observability: OpenTelemetry for traces/metrics/logs; Sentry for exceptions & releases; log redaction for PII/secrets.
- CI/CD: Lint/typecheck/tests/build; migration dry-run; e2e (Playwright) on preview; bundle budgets; OpenNext build; Cloudflare Pages deploy; fail on type/compat errors.
Architecture Considerations
- Repository Structure: app/, components/ (ui/, custom/), lib/, hooks/, types/, sql/, docs/; no src/.
- Service Architecture: Monorepo single app; separation of concerns for admin vs public routes; route handlers for webhooks and cross-origin APIs; server actions for authed same-origin mutations.
- Integration Requirements: Google Calendar API (one-way MVP; two-way post-MVP); Stripe for deposits; Email provider (e.g., Resend/Postmark) and optional SMS (Twilio/MessageBird) post-MVP.
- Caching & Delivery: Tag-based caching with revalidateTag policy; CDN caching for static/media; image optimization strategy (Cloudflare Images or custom loader); SSR/ISR balance for artist/portfolio pages.
- Security/Compliance: Secrets via Wrangler secrets; .env.example canonical; lib/env.ts Zod schema; rate limits on auth/forms/APIs; content moderation hooks for uploads.
- Staging/Preview: Dedicated preview environments; owner-friendly staging URL; gated feature flags for risky changes.
## Constraints & Assumptions
Constraints
- Budget: Fixed/limited; prioritize MVP features that directly impact bookings, artist selfservice, and brand consistency. Advanced features (twoway calendar, SMS at scale, advanced search) deferred postMVP.
- Timeline: MVP delivery target 68 weeks from start; phased rollout by section (admin fixes → booking/deposits → public page unification → staging).
- Resources: Primarily single developer with documentation requirements; limited owner time for reviews; artists available for onboarding/testing windows.
- Technical:
- Cloudflare Pages/Workers, D1, and R2 are required; OpenNext adapter; no direct DB connections.
- ShadCN design system baseline; consistency with homepage and /artists is mandatory.
- Security/validation per project rules (CSP/headers, NextAuth, Zod, rate limiting).
- Stripe as single payment processor for MVP; Google Calendar oneway sync MVP.
- No CMS for owner beyond the custom admin; no Git required for owner/artist workflows.
Key Assumptions
- Artists are willing and able to selfmanage portfolios (basic crop/compress via UI) after invite.
- Clients accept deposits during booking and will use the portal for selfservice changes.
- Each artist can provide/authorize a Google account for calendar integration.
- Email provider (e.g., Resend/Postmark) is available with verified domain; optional SMS later.
- Staging/preview environment access is acceptable for owner reviews before release.
- Documentation will be sufficient for future maintainers without creator involvement.
- Performance and accessibility budgets can be met alongside rich imagery/parallax designs.
- Legal/policy pages (/terms, /privacy) content will be provided/approved by the studio.
## Risks & Open Questions
Key Risks
- Admin dashboard regressions delaying onboarding; complex role/permission edge cases.
- Calendar sync issues (API quotas, timezones, two-way conflicts post-MVP) causing missed/duplicate events.
- R2 storage growth and egress costs if media optimization/policies arent enforced.
- Auth/session and state complexity (NextAuth, SSR/ISR, client cache) leading to subtle bugs.
- Payment disputes/refunds edge cases; policy misalignment causing chargebacks.
- Notification deliverability (email/SMS) and spam compliance.
- Accessibility/performance regressions with heavy imagery and parallax effects.
- Data consistency/race conditions between booking, payments, and calendar creation.
Open Questions
- Deposit policy specifics (amounts, non-refundable conditions, refund windows).
- Cancellation/rescheduling rules (cutoffs, fees, limits per client).
- Stripe configuration (connected account vs single account; geo/legal constraints).
- Email provider preference (Resend/Postmark) and SMS vendor (Twilio/MessageBird) timing.
- Artist Google account availability and access model (shared vs per-artist).
- Staging domain and access model for Christy reviews.
- Legal copy for /terms and /privacy and any HIPAA/age-related consent needs.
- Content moderation thresholds for portfolio uploads (NSFW boundaries, approvals).
Areas Needing Further Research
- Cloudflare D1 patterns at scale (indexes, migration strategy, transactional semantics).
- Best-practice NextAuth session model (JWT vs DB) for this apps constraints.
- R2 cost optimization: formats, compression levels, responsive variants, caching TTLs.
- Stripe deposit flows for services (payment intents, partial refunds, disputes).
- Google Calendar API scopes/quotas and conflict resolution strategies.
- ShadCN patterns for parallax/scroll with a11y/perf considerations.
- Context7-validated search patterns for scalable artist/content discovery.
## Appendices
A. Research Summary
- Brainstorming outputs consolidated in docs/brainstorming.md (admin/portfolio, booking/portal, public UX, technical architecture).
- Current repo docs informing direction: docs/Architecture.md, docs/ui-architecture.md, docs/PRD.md.
- Existing implementation constraints and rules: .clinerules/* (auth, Cloudflare, shadcn/ui, CI/CD, testing).
B. Stakeholder Input
- Owner (Christy) priorities:
- Increase bookings and brand/talent exposure.
- Single, unified system where artists self-manage; owner avoids Git/technical workflows.
- Clean, safe, welcoming brand experience across all pages.
- Staging previews and strong documentation for long-term maintainability.
- Target audience emphasis:
- Serious collectors and premium clients.
- First-timers (particularly women) seeking a safe, professional studio.
C. References
- Internal: docs/brainstorming.md, docs/Architecture.md, docs/ui-architecture.md, docs/PRD.md.
- Project standards: .clinerules/*
- Templates: .bmad-core/templates/project-brief-tmpl.yaml (basis for this brief).
## Next Steps
Immediate Actions
1) Admin/Users: Diagnose and fix admin user creation bug; implement invite-based onboarding (expiring links) and roles (owner/admin/artist).
2) Assets: Establish R2 upload pipeline with server-side processing; build manual crop/compress UI; basic versioning.
3) Booking Foundations: Implement consultation, booking, and general inquiry forms; wire Stripe deposits; send email confirmations.
4) Calendar MVP: One-way event creation on artist Google Calendar after successful deposit; simple conflict checks.
5) Public UX Unification: Redesign /aftercare, /deposit, /terms, /privacy, /book to match ShadCN baseline and homepage/artist aesthetic; smooth scrolling.
6) Staging: Create preview workflow and owner-accessible staging URL; enable feature flags for risky changes.
7) Documentation: Draft README, setup guide, environment/secrets, deployment steps, and CHANGELOG structure.
PM Handoff
This Project Brief provides the context for United Tattoo. Proceed to PRD generation using docs/PRD.md as the working artifact. Validate scope vs. MVP, document acceptance criteria for Phase 1 epics (Admin/Users, Assets, Booking, Calendar, Public UX, Staging/Docs), and prepare a release plan with checkpoints and success metrics.

303
docs/brownfield-architecture-booking.md
View File

@ -1,303 +0,0 @@
# United Tattoo — Brownfield Architecture Document (Focused: Epic B — Booking & Client Management)
This document captures the CURRENT STATE of the United Tattoo codebase relevant to Booking, Consultations, Client Portal, Scheduling, and Deposits. It reflects actual patterns, gaps, technical debt, and constraints so agents can implement Epic B stories practically.
## Document Scope
Focused on areas relevant to: booking flow and consultation routing, appointments, client identity and portal surfaces, file uploads for reference images, scheduling/availability, and deposit UX.
### Change Log
| Date | Version | Description | Author |
| ---------- | ------- | --------------------------------------------- | ---------------- |
| 2025-09-18 | 1.0 | Initial brownfield analysis (Booking focus) | Architect Agent |
---
## Quick Reference — Key Files and Entry Points
### Booking & Client UI
- app/book/page.tsx → mounts BookingForm
- components/booking-form.tsx → multi-step booking form (client component)
- app/deposit/page.tsx → route entry for deposit page
- components/deposit-page.tsx → deposit UX (marketing/education, no payments wired)
### Core APIs (Route Handlers)
- app/api/appointments/route.ts → GET/POST/PUT/DELETE appointments (auth required)
- app/api/users/route.ts → user listing/creation (auth required)
- app/api/upload/route.ts → file uploads to R2; can append to portfolio (auth required)
### Hooks and Data used by Booking
- hooks/use-file-upload.ts → client-side upload helper (talks to /api/upload)
- data/artists.ts → static artist directory used by BookingForm (local demo data)
### Cross-cutting
- middleware.ts → route gating policy and public route list
- lib/auth.ts → next-auth (JWT), role in token
- lib/db.ts → D1 helpers (getDB) and CRUD for domain entities; also getR2Bucket
- lib/r2-upload.ts → R2 upload manager, helpers
- lib/validations.ts → Zod schemas (forms + domain)
---
## High-Level Architecture (Booking Reality)
- Public booking page at /book renders a multi-step client-only form (components/booking-form.tsx).
- Form uses local state; no server action or API call on submit (console.log only).
- Artists list for selection is sourced from static data (data/artists.ts), not D1.
- Appointments API provides full CRUD with conflict checks, but all methods require authentication (getServerSession).
- Upload API supports uploading images (to R2) and optionally writes portfolio records when artistId provided; also requires authentication.
- Deposit page is present as content/marketing; there is no payment processing integration (Stripe/Square/Afterpay not implemented).
Implication: The live booking UX does not currently create appointments, enforce availability, or take deposits. Most of Epic B exists as scaffolding (APIs, hooks, pages) but lacks a wired end-to-end flow.
---
## Source Tree and Module Organization (Relevant)
```
app/
├── book/page.tsx # Public booking page
├── deposit/page.tsx # Public deposit page
├── api/
│ ├── appointments/route.ts # Appointment CRUD (auth required)
│ ├── upload/route.ts # File uploads to R2 (auth required)
│ └── users/route.ts # User find/create (auth required)
components/
├── booking-form.tsx # Client booking form (multi-step)
├── deposit-page.tsx # Deposit UX content
hooks/
└── use-file-upload.ts # Client upload helper (calls /api/upload)
data/
└── artists.ts # Static artist list used by BookingForm
lib/
├── auth.ts # next-auth (JWT)
├── db.ts # D1 access, CRUD helpers
├── r2-upload.ts # R2 upload manager
├── validations.ts # Zod schemas (forms/domain)
└── env.ts # Zod env validation (not aligned w/ D1/R2 bindings)
```
---
## Booking UI and Behavior (Actual)
File: components/booking-form.tsx
- Client component with 4 steps:
1) Personal Info (first/last/email/phone/age; allergy flags)
2) Artist & Scheduling (select artist, preferred date/time, alt date/time)
3) Tattoo Details (description, size selection w/ static durations/prices, placement, reference images)
4) Review & Deposit (summary, terms checkboxes, “Submit Booking & Pay Deposit”)
- Artist selection: uses data/artists.ts static array; selects by slug. No DB linkage.
- Scheduling:
- Preferred date: UI Calendar control (no backend availability check).
- Preferred time: static timeSlots array (no backend).
- Alternative date/time: plain inputs; not used downstream.
- Submit handler: handleSubmit logs to console; does not call /api/appointments nor any server action.
- Reference Images: captured via file input; not uploaded. use-file-upload is not used by BookingForm.
File: app/book/page.tsx
- Presents Navigation, BookingForm, Footer. No server code.
Conclusion: Booking UI is aesthetically developed but disconnected from the appointments API and uploads.
---
## Appointments API (Scheduling Reality)
File: app/api/appointments/route.ts
- All methods require an authenticated session: getServerSession(authOptions). Unauthenticated requests receive 401.
- GET: Optional filters (start, end, artistId, status). Joins artists and users tables. Returns list with artist/client names and client email. Ordered ASC by start_time.
- POST: Validates body (local Zod schemas in this route). Performs conflict checks against overlapping times for the same artist (excludes CANCELLED and COMPLETED). Inserts record with status PENDING.
- PUT: Validates partial update, checks existence, performs conflict check on time changes, updates columns dynamically (camelCase→snake_case conversion).
- DELETE: Deletes by id; returns 404 if no rows written.
Notes:
- Using local Zod schemas (not lib/validations.ts); duplication/inconsistency risk.
- Requires auth for all calls; public booking would need either an unauthenticated create path or a separate “request/consultation” flow.
- Conflict logic present; availability table exists in DB, but route does not consult availability policies (e.g., office hours, day-of-week windows). It only checks against other appointments.
---
## Users API (Client Identity Reality)
File: app/api/users/route.ts
- Requires auth to list or create users.
- GET: can fetch all or by email.
- POST: creates user if not exists (role param required).
- No public signup endpoint for clients in this route; auth handling is via next-auth credentials or OAuth in lib/auth.ts (with dev shortcuts).
---
## Upload API (Reference Images Reality)
File: app/api/upload/route.ts
- POST: Requires auth. Validates file (size/type), uploads to R2, and can insert a portfolio image record if artistId provided (used for admin portfolio).
- DELETE: Requires auth; deletes by key (permission TODO).
- GET: Not implemented; placeholder for presigned URLs (501).
- Booking form currently doesnt call this.
---
## Deposit Page and Payments (Reality)
File: components/deposit-page.tsx
- Marketing-focused content for deposits; provides call-to-action buttons linking back to /book.
- Mentions Square and Stripe but no actual checkout integration nor endpoints.
- Tiered/non-refundable/transferability policies documented as content.
Conclusion: No implemented payment flow, deposit capture, or backend intent storage.
---
## Data and Hooks
- data/artists.ts: static directory of artists (names, bios, images, styles). Used by BookingForm for selection; not sourced from D1 via /api/artists.
- hooks/use-file-upload.ts: generic client-side uploader used in admin flows; validates and posts to /api/upload; simulates progress; not integrated into BookingForm.
---
## Technical Debt and Known Issues (REALITY)
1) End-to-end booking is not wired
- BookingForm does not create appointments or uploads; it logs and stops. No server actions, no API call to POST /api/appointments.
2) Public vs Auth API mismatch
- All appointments and uploads endpoints require authenticated sessions. Public booking (unauthenticated) cant call them. Missing a public “request” endpoint or lightweight auth/guest token pattern.
3) Artist sourcing mismatch
- Booking uses static data/artists.ts; Admin/DB uses D1. This will diverge and confuse users. No linkage between public selection and real artist IDs in DB.
4) Availability not enforced
- UI uses static time slots; backend only checks conflicts against existing appointments (not availability table or office hours, holidays, per-artist downtime). No service that computes valid slots.
5) Validation duplication/inconsistency
- app/api/appointments/route.ts defines Zod schemas locally; lib/validations.ts defines separate schemas. Potential drift.
6) Deposits/payments unimplemented
- No Stripe/Square integration; no intents, receipts, refunds, or deposit policy enforcement. /deposit is content only.
7) Uploads for reference images
- Booking UI captures FileList but doesnt upload; /api/upload requires auth and primarily targets portfolio. No dedicated “client attachments” table/type or path.
8) Client portal scope
- PRD requires client accounts, visibility of appointments, reschedule/cancel. No dedicated client portal UI pages exist; middleware allows many public routes but portal not present.
9) Notifications and calendar sync
- No email/SMS notifications implemented. Google Calendar sync not implemented. No webhook/integration endpoints.
10) Env/config misalignment (as seen globally)
- Env validation requires DATABASE_URL/AWS_* while runtime uses D1/R2 bindings. R2_PUBLIC_URL missing in env validation; upload URLs may be broken externally.
---
## Integration Points and External Dependencies
- Booking UI → Appointments API: missing integration (must be added with unauthenticated pathway or pre-authentication).
- Booking UI → Upload API: missing reference image upload; upload route requires auth.
- Booking UI → Deposit/Payments: missing payment integration.
- RBAC & auth: middleware/public routes allow /book, but the APIs behind booking operations require auth.
- Data consistency: Move artist selection to /api/artists and use DB ids, or maintain a mapping from slug→id.
---
## Development and Deployment (Relevant)
- For D1/R2 bindings in preview: use OpenNext preview (npm run preview) or npm run dev:wrangler.
- To run migrations: npm run db:migrate (wrangler d1 execute united-tattoo …).
- Ensure NEXTAUTH_* variables set per wrangler.toml env scopes; add R2_PUBLIC_URL to env for public asset URLs.
---
## Recommended Fixes and Path to Epic B MVP
Priority 1 — Wire the booking flow:
- Add a public “booking request” route handler (e.g., app/api/bookings/request/route.ts) that:
- Accepts form payload with minimal PII.
- Validates with zod (reuse schemas from lib/validations.ts).
- Option A: Creates an Appointment with status PENDING and a generated CLIENT user if unauthenticated (mark as provisional).
- Option B: Creates a ConsultationRequest record (new table) for staff triage, then creates Appointment upon approval.
- Performs conflict/availability checks server-side. If slot infeasible, return suggestions.
- Update components/booking-form.tsx:
- Replace console.log with a POST to the new endpoint (or /api/appointments if auth is enforced and user flow includes sign-in).
- On success, navigate to a confirmation page with next steps (deposit/payment if required).
Priority 2 — Availability:
- Implement per-artist availability service that:
- Uses availability table + business hours + blackout dates.
- Produces valid 30/60-min slots for the booking UI.
- Enforce same rules on the API.
Priority 3 — Artist data source:
- Replace data/artists.ts with a DB-backed source:
- Fetch via /api/artists (consider a public GET path without sensitive fields).
- Use DB id for appointments, not slug.
Priority 4 — Deposits/Payments:
- Introduce a /api/payments/intents route; select a single gateway (Stripe recommended given package.json).
- Update deposit page to initiate and confirm payment flows.
- Store deposit intent id and receipt references in D1 (extend appointments table or add payments table).
- Enforce non-refundable/transfer policies upon rescheduling/cancellation (PUT route extension).
Priority 5 — Uploads for reference images:
- Add a lightweight unauthenticated upload path issuing a one-time presigned URL or create a “booking-attachments” table to link files to a pending booking.
- If keeping /api/upload auth-only, require user creation/login in booking step 1, then allow uploads.
Priority 6 — Client portal scaffolding:
- Create /client (or /portal) pages:
- Upcoming/past appointments view, cancellation/reschedule (within policy windows).
- Payment history (deposit receipts).
- Profile/preferences.
- Add corresponding API paths (or reuse /api/appointments with role-based filters).
Priority 7 — Align validations:
- Consolidate appointment schemas in lib/validations.ts and import into route handlers.
- Normalize Date handling: route accepts ISO strings, DB stores DATETIME TEXT, types map correctly.
Priority 8 — Notifications and calendar:
- Add email/SMS notifications (upon booking created/updated). Gateways TBD.
- Prepare GCal integration service (per-artist toggle), with webhooks or periodic sync.
---
## Gotchas and Practical Notes
- If continuing to require auth for /api/appointments, booking must either:
- Prompt sign-in early (Step 1), or
- Use a separate unauthenticated “request” path and later attach to a user after email verification.
- Ensure R2_PUBLIC_URL is configured; otherwise uploaded file URLs wont be accessible.
- Conflict detection currently only checks against appointments; availability constraints (office hours, closed days) must be enforced separately.
- Use OpenNext preview to test D1/R2 behavior locally; plain next dev wont expose bindings reliably.
---
## Appendix — Useful Commands
```bash
# Dev & Build
npm run dev
npm run pages:build
npm run preview
npm run deploy
# D1
npm run db:create
npm run db:migrate
npm run db:migrate:local
# Tests
npm run test
npm run test:ui
npm run test:run
npm run test:coverage
```
---
This document reflects the real system condition for Booking & Client Management, including gaps to address for an Epic B MVP. It references concrete files and provides a prioritized path to wire the end-to-end flow.

217
docs/brownfield-architecture-public.md
View File

@ -1,217 +0,0 @@
# United Tattoo — Brownfield Architecture Document (Focused: Epic C — Public Website Experience)
This document captures the CURRENT STATE of the public-facing website (home/marketing pages, artist discovery, static content). It reflects actual behavior, patterns, and technical constraints to guide improvements.
## Document Scope
Focused on: homepage sections (Hero, Artists, Services, Contact), navigation and scroll behaviors, artists discovery and profiles, static informational pages (aftercare, deposit, terms, privacy, specials, gift cards).
### Change Log
| Date | Version | Description | Author |
| ---------- | ------- | ------------------------------------------------ | ---------------- |
| 2025-09-18 | 1.0 | Initial brownfield analysis (Public website) | Architect Agent |
---
## Quick Reference — Key Files and Entry Points
### Pages and Sections
- app/page.tsx (Home) → renders in-page sections:
- components/hero-section.tsx
- components/artists-section.tsx
- components/services-section.tsx
- components/contact-section.tsx
- app/artists/page.tsx → artists listing surface
- app/artists/[id]/page.tsx → dynamic artist portfolio page via ArtistPortfolio
- app/contact/page.tsx → contact page wrapper (components/contact-page.tsx)
- app/aftercare/page.tsx → aftercare (components/aftercare-page.tsx)
- app/deposit/page.tsx → deposit (components/deposit-page.tsx)
- app/terms/page.tsx → terms (components/terms-page.tsx)
- app/privacy/page.tsx → privacy (components/privacy-page.tsx)
- app/specials/page.tsx → specials (components/specials-page.tsx)
- app/gift-cards/page.tsx → gift cards (components/gift-cards-page.tsx)
### Core Components (Public)
- components/navigation.tsx → top nav with anchor-based section links (#home, #artists, #services, #contact)
- components/scroll-progress.tsx, components/scroll-to-section.tsx → scroll UX affordances
- components/mobile-booking-bar.tsx (present; not necessarily mounted globally)
- components/artist-portfolio.tsx → artist detail content (on dynamic page)
- components/artists-section.tsx → parallax artist grid on homepage (uses static data)
- components/artists-page-section.tsx → listing page content
- components/footer.tsx → global footer with site links
### Data
- data/artists.ts → static artist data (names, bios, images, styles, slugs)
---
## High-Level Architecture (Public Website Reality)
- Home uses App Router and is composed of client components with scroll-based effects (parallax, reveal-on-intersection).
- Navigation uses hash anchor links to scroll to in-page sections. Active section highlighting is computed via window.scroll position.
- Artist discovery is powered by a static file (data/artists.ts) rather than D1; the homepage and artists pages read directly from this file.
- Artist detail pages are dynamic routes at /artists/[id] and render ArtistPortfolio with the id URL param (string).
- Static informational pages (aftercare, deposit, terms, privacy) use ShadCN components for consistent typography and layout.
- Visuals are image-forward; images are served from public/ (images unoptimized at Next level).
Implication: The public site is primarily static and visually rich. Dynamic content (artists, availability) is not sourced from DB for public surfaces yet.
---
## Source Tree and Composition (Relevant Extract)
```
app/
├── page.tsx # Home (sections via components)
├── artists/page.tsx # Artists listing wrapper
├── artists/[id]/page.tsx # Artist profile
├── contact/page.tsx # Contact wrapper
├── aftercare/page.tsx # Aftercare content
├── deposit/page.tsx # Deposit content
├── terms/page.tsx # Terms
├── privacy/page.tsx # Privacy
├── specials/page.tsx # Specials
├── gift-cards/page.tsx # Gift cards
components/
├── navigation.tsx # Top navigation (anchors)
├── hero-section.tsx # Landing hero w/ parallax
├── artists-section.tsx # Home artists grid w/ parallax
├── services-section.tsx # Home services section
├── contact-section.tsx # Home contact section
├── artists-page-section.tsx # Full artists page section
├── artist-portfolio.tsx # Artist detail content
├── scroll-progress.tsx # Scroll indicator
├── scroll-to-section.tsx # Jump/scroll utility
├── footer.tsx # Global footer
data/
└── artists.ts # Static artist directory
public/
└── artists/ # Artist images, work images
```
---
## Behavior Details and UX Patterns
### Navigation (components/navigation.tsx)
- Client component with internal state: isOpen (mobile menu), isScrolled, activeSection.
- On scroll: toggles header styling (opaque/transparent) and updates activeSection based on element positions for ids [home, artists, services, contact].
- Links:
- Large screens: anchor links with active underline animation.
- Mobile: full-screen menu with section links and a prominent “Book Now” button (links to /book).
- Note: Anchor links are only relevant on the homepage. When navigation is used on subpages (e.g., /artists), anchors may not exist, resulting in no-op or jump to missing sections.
### Hero (components/hero-section.tsx)
- Parallax background using united-logo-full.jpg; foreground elements translate subtly on scroll.
- Animated reveal on mount.
- Primary CTA button “Book Consultation” presently does not link to /book (no href provided in code).
### Artists Section (components/artists-section.tsx)
- Uses IntersectionObserver for reveal animations and requestAnimationFrame for parallax updates.
- Distributes artists into left/center/right columns for visual balance.
- Uses static data from data/artists.ts. Buttons:
- PORTFOLIO → /artists/{artist.id} (numeric id)
- BOOK → /book
- Background and portrait layering with CSS masks; heavy imagery and parallax transforms.
### Artists Listing and Profiles
- app/artists/page.tsx wraps ArtistsPageSection.
- app/artists/[id]/page.tsx passes params.id to ArtistPortfolio.
- Static directory usage; no D1-driven content yet.
### Static Pages (aftercare, deposit, terms, privacy, contact, specials, gift cards)
- Each page wraps respective components using ShadCN primitives.
- Deposit page is comprehensive policy content (no live payment integration).
---
## Technical Debt and Known Issues (REALITY)
1) Static artist source vs DB
- Public site uses data/artists.ts for artist info and imagery. Admin uses D1 for artists and portfolio. These diverge and will drift.
- The dynamic profile route takes numeric id; elsewhere in the codebase and future API plans prefer UUIDs. Slug vs id inconsistencies also exist (booking form uses slug for artist selection).
2) Navigation anchors on non-home pages
- Navigation links are section anchors (#home, #artists, etc.). On subpages (e.g., /artists), these anchors arent present, so links will not scroll to corresponding sections. Consider routing back to home with hash or using route segments with scroll to id.
3) CTA link missing
- “Book Consultation” in hero-section.tsx is a button without a link to /book, reducing conversion.
4) Image optimization
- next.config.mjs sets images.unoptimized: true. All images served as-is from public. Heavy images + parallax effects may impact LCP/INP. No Next/Image usage nor CDN transforms configured.
5) Accessibility and SEO gaps
- No explicit metadata/SEO (title/description per page), OG tags, or structured data for artists.
- Animations and parallax may affect accessibility (motion sensitivity); no reduced-motion handling observed.
- Color contrast appears high but isnt programmatically validated.
6) Performance considerations
- Many large images on the homepage; no lazy loading for offscreen images in custom sections (browser handles basic lazy if configured with loading attributes; not used in plain img tags).
- Parallax and scroll handlers are on the main thread; may affect performance on low-end devices.
7) Link consistency (artists)
- Homepage PORTFOLIO links to /artists/{numeric id}. The site also uses slug elsewhere. Deep-link stability may suffer if numeric ids change.
8) Content/UX duplication across pages
- Contact information appears in multiple places; ensure single source to avoid drift (footer/contact/aftercare/deposit pages).
---
## Recommended Improvements (Public Site)
- Unify artist data source
- Replace data/artists.ts with DB-backed data fetched via a public /api/artists (sanitized fields).
- Prefer slugs for stable URLs (/artists/christy-lumberg) and map to DB IDs internally.
- Fix navigation behavior on subpages
- For anchor targets, either:
- Route to “/” with hash (e.g., “/ #artists”) and handle scroll on mount, or
- Create dedicated routes (/artists, /services, /contact) and update nav links accordingly.
- Ensure active section logic degrades cleanly on non-home pages.
- Wire primary CTAs
- Update the Hero “Book Consultation” button to link to /book.
- Image strategy
- Introduce Next/Image for key imagery or configure a Cloudflare image loader.
- Add width/height to prevent CLS; add loading="lazy" and decoding="async" where appropriate.
- Consider responsive sources and low-quality placeholders for hero and artist tiles.
- Accessibility and SEO
- Provide alt text for all decorative/semantic images (artist portraits/work).
- Respect reduced motion prefers-reduced-motion to tone down parallax.
- Add metadata per route (title/description), OG tags, and JSON-LD for artists.
- Performance tuning
- Throttle scroll work, and offload heavy effects where possible.
- Lazy-render offscreen artist tiles (virtualization or intersection-based reveal) and defer heavy imagery.
- Link stability for profiles
- Adopt slug routes consistently; redirect old numeric routes to slug.
---
## Gotchas and Practical Notes
- If you switch to API-driven artists, adjust:
- ArtistsSection and ArtistsPageSection to fetch via /api/artists (public variant).
- ArtistPortfolio to fetch by slug (or translate slug→id server-side).
- Ensure any new dynamic content is cache-aware; use ISR or tag revalidation patterns to keep public pages responsive.
- Verify the mobile navigation overlay for keyboard and screen reader accessibility.
---
## Appendix — Useful Commands
```bash
npm run dev # Develop locally
npm run pages:build # Build for Cloudflare (OpenNext)
npm run preview # Preview Cloudflare worker locally
npm run deploy # Deploy to Cloudflare Pages
npm run test # Unit/component tests
```
---
This document reflects the real state of the public website. It identifies where static content should migrate to data services and highlights UX/accessibility/performance improvements for a robust Epic C delivery.

288
docs/brownfield-architecture-tech.md
View File

@ -1,288 +0,0 @@
# United Tattoo — Brownfield Architecture Document (Focused: Epic D — Technical Architecture & Delivery)
This document captures the CURRENT STATE of technical architecture, build/deploy flows, runtime environment (Cloudflare/OpenNext), authentication/middleware, testing, and configuration. It reflects real behavior, gaps, and constraints to guide engineering delivery.
## Document Scope
Focused on: Cloudflare/OpenNext deployment model, D1/R2 bindings and access patterns, NextAuth/middleware security, build/test/CI setup, configuration (Tailwind/PostCSS/TS), Docker alternative runtime, and operational considerations.
### Change Log
| Date | Version | Description | Author |
| ---------- | ------- | ----------------------------------------------------- | ---------------- |
| 2025-09-18 | 1.0 | Initial brownfield analysis (Tech Architecture) | Architect Agent |
---
## Runtime and Deployment
### OpenNext + Cloudflare Pages/Workers
- Adapter: @opennextjs/cloudflare with R2 incremental cache
- open-next.config.ts:
- incrementalCache: r2IncrementalCache
- wrangler.toml:
- compatibility_date: "2024-09-23"
- compatibility_flags: ["nodejs_compat"]
- main: ".open-next/worker.js"
- [assets] directory bound as ASSETS
- D1 and R2 bindings:
- [[d1_databases]] binding = "DB" (database_name = "united-tattoo", database_id provided)
- [[r2_buckets]] binding = "R2_BUCKET" bucket_name = "united-tattoo"
- [[r2_buckets]] binding = "NEXT_INC_CACHE_R2_BUCKET" bucket_name = "united-tattoo-inc-cache"
- [[services]] self-reference (WORKER_SELF_REFERENCE)
- Env vars:
- [env.production.vars] NEXTAUTH_URL, NODE_ENV
- [env.preview.vars] NEXTAUTH_URL, NODE_ENV
Build/Preview/Deploy scripts (package.json):
- pages:build → npx @opennextjs/cloudflare build
- preview → npx @opennextjs/cloudflare preview
- deploy → wrangler pages deploy .vercel/output/static
- dev:wrangler → pages:build then OpenNext preview
Notes:
- next.config.mjs: output: "standalone", images: { unoptimized: true }, ignores TS/ESLint errors during build.
- The OpenNext output directory used by deploy: .vercel/output/static (per script).
- R2-based ISR/incremental cache configured via NEXT_INC_CACHE_R2_BUCKET.
### Docker (Node runtime alternative)
- Dockerfile builds a Next.js standalone server (node:20-alpine):
- Build stage runs `npm run build`
- Runtime uses `.next/standalone` server.js with `.next/static` and `public/`
- This path runs a Node server on port 3000, not Cloudflare Workers.
- Considered an alternative for self-hosting; not used for Cloudflare Pages deployment.
---
## Data & Storage
### Cloudflare D1 Access
- Access pattern encapsulated in lib/db.ts:
- getDB(env?): Prefers env.DB, otherwise reads from OpenNext global symbol (Symbol.for("__cloudflare-context__")). Throws if unavailable.
- CRUD helpers:
- Artists: get/create/update/delete
- Portfolio images: get/create/update/delete
- Appointments: get/create/update/delete with filters
- Site settings: get/update (singleton id 'default')
- Uses TEXT/JSON stored as string columns (specialties, tags, social_media, business_hours).
### Cloudflare R2 Access
- getR2Bucket(env?) in lib/db.ts: same global symbol pattern; returns R2 bucket binding.
- lib/r2-upload.ts:
- FileUploadManager wrapper (put/get/delete/list none directly exposed; uses put/get/delete).
- Public URL base constructed from process.env.R2_PUBLIC_URL (not validated in env.ts or configured in wrangler.toml).
- Portfolio uploads helper and profile image upload functions.
- Presigned URL generation: not implemented (returns null).
Schema (sql/schema.sql):
- Tables: users, artists, portfolio_images, appointments, availability, site_settings, file_uploads (plus indices).
- Site settings row is singleton with id='default'.
D1 setup (D1_SETUP.md):
- Guides wrangler db creation, migration, and local vs prod usage.
- Mentions DATABASE_URL for local SQLite in .env.local; prod uses env.DB binding.
---
## Authentication & Middleware
### NextAuth (lib/auth.ts)
- Session strategy: "jwt"
- Providers:
- Credentials: accepts any email/password for dev; returns SUPER_ADMIN for non-whitelisted users (development convenience).
- Optional Google/GitHub via env variables if provided.
- JWT callback attaches role (UserRole) and userId; session callback mirrors into session.user.
- Redirects: root-relative paths allowed; default redirect to /admin otherwise.
- pages: signIn (/auth/signin), error (/auth/error)
- events: logs sign-in/out.
Security implications:
- Dev-friendly Credentials provider grants SUPER_ADMIN by default for non-whitelisted users. Not production-safe.
- No database adapter for NextAuth; roles are token-only unless persisted via app logic elsewhere.
### Middleware (middleware.ts)
- Protects:
- /admin: requires token and role SHOP_ADMIN or SUPER_ADMIN; else redirect to /auth/signin or /unauthorized.
- /artist (singular) routes: requires ARTIST/SHOP_ADMIN/SUPER_ADMIN — note: public site uses /artists (plural). Potential stale path.
- /api/admin: same admin role check; returns JSON errors with status 401/403.
- authorized() callback:
- Allows specific public routes and /artists/[slug] as public
- Allows /api/auth and /api/public
- Requires auth for all else
- config.matcher excludes _next static/image assets and common image extensions; favicon, public served directly.
Observations:
- Mixed singular/plural gating ("artist" vs "artists")
- Public route list is static; ensure anchors and subpages are accounted for.
---
## Build/Test/Config Tooling
### TypeScript
- tsconfig.json:
- strict: true; moduleResolution: "bundler"; jsx: "preserve"
- paths alias: "@/*" → "./*"
- allowJs: true; skipLibCheck: true; noEmit: true
- next.config.mjs sets:
- typescript.ignoreBuildErrors = true
- eslint.ignoreDuringBuilds = true
- images.unoptimized = true
- output = "standalone"
Risk:
- Ignoring TS/ESLint hides defects and reduces CI quality.
### Tailwind / PostCSS
- tailwind.config.ts:
- darkMode: "class"
- content globs: ./pages, ./components, ./app
- theme extends shadcn palette via CSS variables
- plugins: tailwindcss-animate
- postcss.config.mjs:
- plugin: @tailwindcss/postcss (Tailwind v4-style config)
### Testing
- vitest.config.ts:
- jsdom environment, setupFiles: vitest.setup.ts, alias "@"
- vitest.setup.ts:
- Mocks next/router, next/navigation, next-auth/react, react-query
- Mocks global fetch, crypto.randomUUID, matchMedia, IntersectionObserver, ResizeObserver
Existing tests:
- __tests__/lib/* present (data-migration, validations)
No E2E test framework present (e.g., Playwright) and no component test runner config beyond RTL usage via Vitest.
---
## CI/CD and Operational Considerations
- CI config files not present in repo (no GitHub Actions/Gitea workflows included).
- NPM scripts provide a conventional pipeline:
- Lint, test, build, pages:build, preview, deploy, db:* commands
- Secrets:
- NEXTAUTH_URL configured in wrangler.toml per env
- NEXTAUTH_SECRET not shown in wrangler.toml; should be stored via wrangler secret or Cloudflare dashboard
- R2_PUBLIC_URL not defined/validated but required by r2-upload.ts for public URLs
Caching:
- OpenNext R2 incremental cache configured; ensure the bound bucket exists and permissions are correct.
---
## Technical Debt and Known Issues (REALITY)
1) Env schema misalignment with runtime
- lib/env.ts requires DATABASE_URL, AWS_* for S3-style access; app uses Cloudflare D1/R2 bindings through env and global OpenNext context.
- R2_PUBLIC_URL needed by r2-upload.ts is not part of env validation and not set in wrangler.toml env vars.
2) NextAuth development shortcuts
- Credentials provider grants SUPER_ADMIN for arbitrary credentials (aside from a special-cased admin email). Production risk.
- No adapter; no persistent user/session store beyond JWT, leading to potential drift with D1 users table.
3) Middleware route mismatch
- "artist" (singular) gating vs public "artists" (plural) sections; could be dead code or misleading guard. Clean up to avoid confusion.
4) Build config suppresses quality gates
- Ignore TypeScript and ESLint errors during build masks regressions. CI quality at risk.
5) Payment and sensitive headers
- No global security headers or route handler-level headers exist for CSP, frame options, permissions policy, etc.
- Deposit and payment flows not implemented; when added, security headers and webhook validation must be addressed.
6) Availability and appointment validation duplication
- Local Zod schemas inside app/api/appointments/route.ts differ from lib/validations.ts; drift likely.
7) Docker vs Cloudflare deployment paths
- Dockerfile supports standalone Node server while OpenNext targets Cloudflare. Docs/scripts support both but only one path should be primary per environment.
8) Observability absent
- No Sentry, no OpenTelemetry, no structured logging strategy.
9) Incremental cache correctness
- OpenNext R2 incremental cache configured; ensure tags/revalidation strategy is defined for dynamic content once public data migrates from static to DB.
10) D1 setup documentation mismatch
- D1_SETUP.md references names like united-tattoo-db in examples, while wrangler.toml uses united-tattoo. Keep consistent to reduce operator confusion.
---
## Recommended Improvements (Technical Delivery)
- Environment and Secrets
- Extend env zod schema to include R2_PUBLIC_URL; separate “Worker runtime” bindings from local dev variables (DATABASE_URL only for local sqlite).
- Store NEXTAUTH_SECRET, any gateway secrets via `wrangler secret put` and Cloudflare Dashboard; avoid wrangler.toml for secrets.
- Authentication & RBAC
- Replace dev SUPER_ADMIN default with an invite or email link flow.
- Introduce an adapter if persistent user/session storage is required (or unify D1 users with NextAuth persistence).
- Normalize middleware routes (remove singular /artist gating or align with intended private artist routes).
- Build/CI Quality Gates
- Re-enable TypeScript and ESLint checks in next.config.mjs for CI.
- Add CI workflow: lint → test → build → pages:build → preview deploy (manual approval) → deploy.
- Include bundle size budgets for main routes.
- Testing
- Expand unit/component tests (forms, route handlers with mocked env.DB).
- Introduce Playwright for E2E: booking flow, admin flows, critical public pages render.
- Contract tests for R2 upload endpoint responses.
- Security Headers & Policies
- Add common headers in route handlers or middleware where appropriate:
- X-Frame-Options: DENY; Referrer-Policy: strict-origin-when-cross-origin
- Content-Security-Policy with nonce/hash or strict static policy
- Permissions-Policy scoped to required APIs
- Enforce cookie flags and CSRF patterns if/when using sessions/cookies.
- Data Contracts
- Consolidate Zod schemas in lib/validations.ts and reuse in routes (appointments, artists, etc.) to avoid drift.
- Align SiteSettings id handling (UUID vs 'default'); align portfolio order vs order_index.
- Observability
- Add Sentry (server/client) with release tracking and environment tags.
- Consider OpenTelemetry for server actions and route handlers.
- Deployment Hygiene
- Clarify Docker vs Cloudflare path; recommend OpenNext Cloudflare as primary, Docker for local or self-host options.
- Ensure R2 incremental cache bucket exists and is referenced by OpenNext; document cache invalidation strategy (revalidateTag).
---
## Operational Playbook
- Local Dev (Next server): `npm run dev`
- Cloudflare Preview (Worker runtime): `npm run preview` (after `npm run pages:build`)
- Deploy: `npm run deploy`
- D1:
- Create: `npm run db:create`
- Migrate: `npm run db:migrate[:local]`
- Inspect: `npm run db:studio[:local]`
---
## Appendix — Key Files
- wrangler.toml
- open-next.config.ts
- next.config.mjs
- Dockerfile
- lib/db.ts, lib/r2-upload.ts, lib/auth.ts, lib/env.ts
- middleware.ts
- vitest.config.ts, vitest.setup.ts
- tailwind.config.ts, postcss.config.mjs, tsconfig.json
- sql/schema.sql, D1_SETUP.md
---
This document reflects the actual technical architecture and delivery process, calling out real gaps and steps to harden the system for production-grade delivery under Epic D.

377
docs/brownfield-architecture.md
View File

@ -1,377 +0,0 @@
# United Tattoo — Brownfield Architecture Document (Focused: Epic A — Admin Dashboard & Artist Management)
This document captures the CURRENT STATE of the United Tattoo codebase relevant to Admin Dashboard & Artist Management (Epic A). It reflects actual patterns, technical debt, and constraints to enable AI agents to work effectively on enhancements in this area.
## Document Scope
Focused on areas relevant to: Admin invitations & onboarding, RBAC, artist profiles, portfolio and asset management, settings, and admin-only API routes.
### Change Log
| Date | Version | Description | Author |
| ---------- | ------- | ------------------------------------------- | ---------------- |
| 2025-09-18 | 1.0 | Initial brownfield analysis (Admin focus) | Architect Agent |
---
## Quick Reference — Key Files and Entry Points
### Critical Files for Understanding the System
- App entry and layouts
- app/layout.tsx, app/ClientLayout.tsx, app/page.tsx
- app/admin/layout.tsx, app/admin/page.tsx, plus nested admin pages
- Routing and security
- middleware.ts (route protection and public-route policy)
- lib/auth.ts (NextAuth config, JWT callbacks, role assignment)
- Cloudflare/OpenNext deployment
- wrangler.toml (D1/R2 bindings, compatibility flags)
- next.config.mjs (output: standalone, images.unoptimized)
- open-next.config.ts (present; not analyzed in depth here)
- Data layer and storage
- sql/schema.sql (Cloudflare D1 schema)
- lib/db.ts (D1 helpers and CRUD for artists, portfolio, appointments, settings; R2 bucket getter)
- lib/r2-upload.ts (R2 upload manager, portfolio/profile helpers)
- Validation and types
- lib/validations.ts (Zod schemas for users, artists, portfolio images, appointments, site settings, forms)
- types/database.ts (domain models and Cloudflare D1/R2 ambient types)
- Public docs (reference)
- docs/PRD.md (feature scope; this doc is scoped to Epic A)
- docs/Architecture.md, docs/architecture.md (legacy/other architecture docs)
### Admin UI Pages (App Router)
- app/admin/analytics/page.tsx
- app/admin/artists/page.tsx
- app/admin/artists/[id]/page.tsx
- app/admin/artists/new/page.tsx
- app/admin/calendar/page.tsx
- app/admin/portfolio/page.tsx
- app/admin/settings/page.tsx
- app/admin/uploads/page.tsx
### Admin/Related API Routes (Route Handlers)
- app/api/admin/migrate/route.ts
- app/api/admin/stats/route.ts
- app/api/artists/route.ts
- app/api/portfolio/route.ts
- app/api/portfolio/[id]/route.ts
- app/api/portfolio/bulk-delete/route.ts
- app/api/portfolio/stats/route.ts
- app/api/files/route.ts
- app/api/files/bulk-delete/route.ts
- app/api/files/folder/route.ts
- app/api/files/stats/route.ts
- app/api/settings/route.ts
- app/api/users/route.ts
- app/api/appointments/route.ts (admin-usable but spans Booking epic as well)
- app/api/auth/[...nextauth]/ (NextAuth core)
---
## High-Level Architecture
### Technical Summary (Actual)
- Next.js 14.2.16 (App Router), React 18, Tailwind 4.x, shadcn/ui patterns
- Cloudflare Pages + Workers via OpenNext adapter
- Cloudflare D1 for relational data (env.DB); Cloudflare R2 for object storage (env.R2_BUCKET)
- Auth via next-auth (JWT session strategy, Credentials + optional Google/GitHub)
- Validation via Zod across routes and forms
- Client state: TanStack Query; forms via react-hook-form
### Actual Tech Stack (from package.json and code)
| Category | Technology | Version | Notes |
| -------------- | -------------------------------- | ----------- | ----- |
| Runtime | Cloudflare Pages/Workers | Wrangler 4 | OpenNext adapter, nodejs_compat enabled |
| Framework | Next.js (App Router) | 14.2.16 | output: standalone; images.unoptimized |
| UI | shadcn/ui + Radix primitives | mixed | shadcn patterns across pages/components |
| State | @tanstack/react-query | ^5.89.0 | Devtools present |
| Forms | react-hook-form + zod resolver | ^7.60.0 | Zod schemas in lib/validations.ts |
| Auth | next-auth (JWT) | ^4.24.11 | Credentials; optional Google/GitHub |
| DB | Cloudflare D1 | — | Access via global env bindings |
| Storage | Cloudflare R2 | — | via env.R2_BUCKET; custom public URL expected |
| Dev/Test | Vitest + RTL | ^3.2.4 | tests under __tests__/ |
| Deploy | OpenNext Cloudflare | ^1.8.2 | pages:build → .vercel/output/static |
### Repository Structure Reality Check
- Polyrepo (single app)
- Package manager: npm (scripts define build/preview/deploy and D1 ops)
- Notable:
- next.config.mjs ignores TS and ESLint errors during build (risk: hidden issues)
- images.unoptimized: Cloudflare Images or custom loader recommended for prod
- Zod env validator requires many variables not used by D1 codepaths (see debt)
---
## Source Tree and Module Organization
### Project Structure (Actual, abridged)
```
project-root/
├── app/
│ ├── admin/ # Admin UI pages
│ ├── api/ # Route handlers (REST-ish)
│ ├── (public sections) # /artists, /aftercare, etc.
│ └── auth/ # auth/signin pages
├── components/ # UI components (public/admin)
├── lib/ # auth, db (D1/R2), uploads, validations, utils
├── sql/schema.sql # D1 schema
├── types/database.ts # domain types and Cloudflare ambient types
├── docs/ # PRD and architecture docs
├── wrangler.toml # Cloudflare bindings/config
├── next.config.mjs # Next build config
└── open-next.config.ts # OpenNext adapter config
```
### Key Admin Modules and Their Purpose
- RBAC and route protection
- middleware.ts: protects /admin and API subsets; maintains public routes list.
- lib/auth.ts: next-auth config. Credentials provider returns SUPER_ADMIN for dev users; JWT carries role.
- Data layer and storage
- lib/db.ts: D1 CRUD for artists, portfolio images, appointments, site settings; getDB/getR2Bucket read bindings from Cloudflare context or globals (OpenNext).
- lib/r2-upload.ts: Upload manager wrapping R2; bulk uploads; portfolio/profile helpers; expects R2_PUBLIC_URL for public reads.
- Validation and types
- lib/validations.ts: Comprehensive Zod schemas for admin entities (artists, portfolio images, settings) and form payloads.
- types/database.ts: Roles, entities, appointment status; Cloudflare D1/R2 ambient types to ease dev.
- Admin APIs (examples)
- app/api/artists/route.ts:
- GET: lists artists with filters and pagination (in-memory filtering after fetch)
- POST: requires SHOP_ADMIN (or higher); validates body; creates artist tied to session user
---
## Data Models and APIs
### Data Models (from sql/schema.sql and types)
- users (id TEXT PK, email UNIQUE, name, role enum, avatar, timestamps)
- artists (id TEXT PK, user_id FK users, name, bio, specialties JSON string, social, is_active, hourly_rate, timestamps)
- portfolio_images (id TEXT PK, artist_id FK, url, caption, tags JSON string, order_index, is_public, created_at)
- appointments (id TEXT PK, artist_id FK, client_id FK users, title, description, times, status enum, amounts, notes, timestamps)
- availability (id TEXT PK, artist_id FK, day_of_week int, start_time/end_time HH:mm, is_active)
- site_settings (id TEXT PK, fields for studio and branding; id is 'default' row by convention)
- file_uploads (id TEXT PK, metadata, url, uploaded_by FK users)
Notes:
- IDs are TEXT and often UUIDs; site_settings uses a constant id 'default'.
- JSON stored as TEXT (specialties, tags, social_media, business_hours).
### Admin-Relevant Route Handlers (observed)
- /api/admin/migrate, /api/admin/stats
- /api/artists (GET, POST)
- /api/portfolio, /api/portfolio/[id], /api/portfolio/bulk-delete, /api/portfolio/stats
- /api/files, /api/files/bulk-delete, /api/files/folder, /api/files/stats
- /api/settings
- /api/users
- /api/appointments (shared with booking)
Patterns:
- Validations with Zod schemas from lib/validations.ts
- D1 access through lib/db.ts helpers using Cloudflare env context (context?.env in handlers)
- Role checks via middleware + requireAuth(UserRole.*) on sensitive operations
---
## Technical Debt and Known Issues (REALITY)
1. Env validation vs Cloudflare bindings
- lib/env.ts requires DATABASE_URL, DIRECT_URL, and multiple AWS_* variables.
- Actual DB access in lib/db.ts uses Cloudflare D1 binding (env.DB); no DATABASE_URL is used.
- R2 uploads build public URLs using process.env.R2_PUBLIC_URL, but env.ts does not validate R2_PUBLIC_URL, and wrangler.toml does not set it. Missing/invalid public URL will break returned URLs for uploaded assets.
2. SiteSettings id handling
- DB uses id='default' singleton row.
- lib/validations.ts siteSettingsSchema expects id to be a UUID; mismatch with actual data causes invalidation/confusion and could break validation workflows.
3. Portfolio image ordering field name mismatch
- DB column: order_index
- lib/validations.ts schemas use 'order' as the property name; not aligned with DB and lib/db.ts update semantics. Risk of incorrect mapping when integrating UI forms → API → DB.
4. Auth and security (development shortcuts)
- Credentials provider in lib/auth.ts accepts any credentials and assigns SUPER_ADMIN by default for non-whitelisted users (dev convenience).
- No DB adapter (JWT-only). RBAC is token-based; no persistent user store beyond D1 writes that may occur when creating artists (which auto-creates ARTIST users).
- This is acceptable for local/dev but must be hardened before production.
5. Middleware routing inconsistencies
- middleware.ts checks pathname.startsWith("/artist") (singular) for “Artist-specific routes” role gating.
- Public pages are under /artists/... (plural). There is also an allow rule for /^\/artists\/[^\/]+$/ as public. Mixed naming increases cognitive load; the singular check may be a stale/unused path.
6. Build config hides issues
- next.config.mjs ignores TypeScript and ESLint errors during build. This can allow broken types or lint issues to ship; not suitable for CI/CD production gates.
7. Schema/tooling inconsistencies
- sql/schema.sql header suggests executing “wrangler d1 execute united-tattoo-db …” while package.json uses database name “united-tattoo”. Mismatch in naming in comments could confuse operators.
8. R2 public access patterns
- r2-upload.ts assumes a simple base URL concatenation for public reads. Cloudflare R2 often requires either a custom public domain or R2 public buckets; the base URL must be configured and documented. No presigned upload flow yet (stubbed).
---
## Integration Points and External Dependencies
### External Services
| Service | Purpose | Integration Type | Key Files |
| ------------- | ---------------- | ---------------- | -------------------- |
| Cloudflare D1 | Relational DB | Worker binding | wrangler.toml, lib/db.ts |
| Cloudflare R2 | Object storage | Worker binding | wrangler.toml, lib/db.ts, lib/r2-upload.ts |
| NextAuth | Authentication | Providers/JWT | lib/auth.ts, app/api/auth/[...nextauth]/ |
| OpenNext | Next→Workers | Build adapter | package.json scripts, open-next.config.ts, wrangler.toml |
### Internal Integration Points
- Admin UI → API routes: Admin pages consume /api/* endpoints for CRUD on artists, portfolio images, settings, and files.
- Validation: UI forms align to Zod schemas (lib/validations.ts); ensure property names match DB contract (see debt on order/order_index).
- Role enforcement: middleware.ts + requireAuth(UserRole.*) enforce admin-only access.
---
## Development and Deployment
### Local Development Setup (Actual)
- Install deps: npm install
- D1 DB create/migrate:
- npm run db:create (creates DB)
- npm run db:migrate or npm run db:migrate:local (executes sql/schema.sql)
- Preview Workers runtime locally:
- npm run dev:wrangler (build via OpenNext then preview)
- or npm run preview (OpenNext preview)
- App dev server:
- npm run dev (Next dev server; note some Cloudflare bindings are only available via OpenNext preview)
Required environment (observed/assumed):
- Wrangler configured/login
- Cloudflare bindings as per wrangler.toml
- NEXTAUTH_SECRET and NEXTAUTH_URL set appropriately
- R2_PUBLIC_URL should be set for correct public asset URLs (not currently validated by env.ts)
### Build and Deployment Process
- Build (OpenNext): npm run pages:build
- Preview: npm run preview
- Deploy to Cloudflare Pages: npm run deploy (wrangler pages deploy .vercel/output/static)
- wrangler.toml:
- compatibility_date >= 2024-09-23
- compatibility_flags ["nodejs_compat"]
- D1 and R2 bindings configured
---
## Testing Reality
- Unit/component tests: Vitest with RTL (see __tests__/)
- E2E: Not observed in repo
- Coverage: Test scripts available; actual coverage not measured here
- QA: Manual likely; shadcn components + form/zod patterns amenable to RTL coverage
---
## If Enhancement PRD Provided — Impact Analysis (Admin Focus)
Based on PRD Epic A, the following files/modules are most likely to be affected:
### Files/Modules Likely to Need Modification
- UI
- app/admin/artists/* (listing, detail, new)
- app/admin/uploads/page.tsx (batch upload flows, progress)
- app/admin/settings/page.tsx (site settings form)
- components/admin/* (admin-specific components)
- APIs
- app/api/artists/route.ts (filters, pagination, create/linking behaviors)
- app/api/portfolio/route.ts and /[id]/route.ts (CRUD, ordering, tags)
- app/api/files/* (upload metadata, deletion, folder organization)
- app/api/settings/route.ts (singleton settings updates)
- app/api/users/route.ts (invite flows and role assignment)
- Lib
- lib/r2-upload.ts (public URL handling, presigned URL path, folder conventions)
- lib/db.ts (query optimizations, joining, business rules, activity logs)
- lib/validations.ts (resolve property mismatches; align with DB)
- lib/auth.ts (tighten dev-only flows, enforce role creation pathways)
- middleware.ts (route gate consistency for admin vs artists)
### New Files/Modules Potentially Needed
- Activity Logs: D1 table and APIs for admin auditing per PRD (FR-A5.x)
- Invite & Onboarding APIs: Route handlers and email delivery for A1.x
- Moderation Queue: Table and APIs for uploads moderation hook (FR-A5.3)
- Image Processing: Server-side transformations (could leverage Cloudflare Images; not present now)
### Integration Considerations
- Enforce consistent role model end-to-end (Invite → Signup → Role assignment)
- Align Zod schemas with DB column names and types (e.g., order_index)
- R2 public URL and folder conventions should be codified and validated
- Consider introducing DB migrations governance and seed paths for admin roles
---
## Appendix — Useful Commands and Scripts
From package.json:
```bash
# Dev & Build
npm run dev
npm run pages:build
npm run preview
npm run deploy
# D1 Management
npm run db:create
npm run db:migrate
npm run db:migrate:local
npm run db:studio
npm run db:studio:local
# Tests
npm run test
npm run test:ui
npm run test:run
npm run test:coverage
```
---
## Gotchas and Practical Notes (Must Read)
- To use D1/R2 in preview, prefer OpenNext preview (npm run preview) where bindings are available via global Cloudflare context. Running plain next dev may not expose env.DB/env.R2_BUCKET without additional shims.
- Set NEXTAUTH_SECRET and NEXTAUTH_URL for auth to function correctly; in preview/production, wrangler.toml provides NEXTAUTH_URL for env scopes.
- Configure R2_PUBLIC_URL; otherwise URLs returned by upload endpoints may be unusable externally.
- next.config.mjs ignoring errors is risky; fix warnings and enable strict CI gates for production readiness.
- Site settings expect a singleton row with id 'default'; update APIs rely on this assumption.
---
## Recommended Fixes (Non-Blocking, Advisory)
- Update env validation to match Cloudflare bindings reality
- Either remove DATABASE_URL from required env, or separate “Worker runtime” env from “local dev” .env with appropriate fallbacks.
- Add R2_PUBLIC_URL to Zod-validated schema.
- Align schemas and properties
- Rename portfolio image 'order' → 'orderIndex' in Zod schemas and UI forms to match DB.
- SiteSettings schema: do not require UUID id; or adapt DB to UUID if desired (and update code).
- Security hardening
- Replace dev-only SUPER_ADMIN behavior with an invite/token-based onboarding flow.
- Implement NextAuth adapter (e.g., D1 via Drizzle/Kysely or Supabase per .clinerules) if persistence is required for sessions and users.
- Middleware consistency
- Remove/rename singular '/artist' gating or align with actual '/artists' conventions; centralize route constants.
- CI/CD quality
- Re-enable TypeScript and ESLint checks to catch regressions early.
- Add component and route handler tests for admin flows (artists, portfolio, settings).
---
This document reflects the actual state of the system for Admin Dashboard & Artist Management, including technical debt and real-world constraints. It references concrete files and paths to accelerate development work by AI agents and maintainers.

10
docs/ci/runs.md
View File

@ -1,10 +0,0 @@
# CI Run Log
This file tracks CI runs triggered via branch pushes.
## 2025-09-18 19:56 (ci-run-20250918-1956)
- Commit: to be filled after push
- Branch: `ci-run-20250918-1956`
- Status: Pending
- Notes: Trigger CI to validate lint/type/test/build/preview/budgets pipeline.

48
docs/epic-deposit-payment-integration.md
View File

@ -1,48 +0,0 @@
# Epic: Deposit Form & Payment Integration - Brownfield Enhancement
## Epic Goal
Complete the deposit form functionality and integrate secure payment processing to enable online deposits for tattoo appointments, improving customer convenience and reducing manual payment handling.
## Epic Description
**Existing System Context:**
- Current booking system with deposit requirements
- Existing user authentication and appointment management
- Technology stack: Next.js, TypeScript, Tailwind CSS
- Mobile-first user base (70% of bookings from mobile devices)
**Enhancement Details:**
- Implement complete deposit form with client-side validation and error handling
- Integrate Stripe payment processing using Embedded Elements for optimal UX and PCI compliance
- Use inline payment form within booking flow to reduce abandonment
- Implement immediate retry for transient payment failures with fallback to manual processing
- Connect payment success to booking confirmation and email notifications
- Add admin dashboard for payment tracking, reporting, and manual intervention
- Store only payment reference IDs and status (no sensitive card data)
- Success criteria: Reduce deposit processing time from 48hrs to <5min, achieve 95% payment success rate, process 80% of deposits online
## Stories
1. **Story 1:** Complete deposit form UI with validation and error handling
2. **Story 2:** Integrate payment gateway API and handle payment processing
3. **Story 3:** Connect payment success to booking confirmation and email notifications
4. **Story 4:** Add admin payment tracking dashboard and reporting
## Compatibility Requirements
- [ ] Existing booking APIs remain unchanged
- [ ] User authentication system integrates seamlessly
- [ ] Database schema changes are backward compatible
- [ ] UI follows existing design patterns
- [ ] Performance impact is minimal (<200ms response time)
## Risk Mitigation
- **Primary Risk:** Payment security and PCI compliance
- **Mitigation:** Use certified payment gateway, no sensitive data storage
- **Rollback Plan:** Disable payment button, revert to manual deposit handling
## Definition of Done
- [ ] All stories completed with acceptance criteria met
- [ ] Existing functionality verified through testing
- [ ] Payment integration points working correctly
- [ ] Security and compliance requirements met
- [ ] No regression in existing booking features

133
docs/prd/epic-feature-flags-controlled-rollbacks.md
View File

@ -1,133 +0,0 @@
# Feature Flags Framework for Controlled Rollbacks — Brownfield Enhancement
Version: 1.0
Date: 2025-09-18
Owner: Product Manager (John)
Related Docs:
- docs/prd/rollback-strategy.md
- docs/brownfield-architecture.md
- docs/brownfield-architecture-booking.md
- docs/brownfield-architecture-public.md
- docs/brownfield-architecture-tech.md
---
Epic Title
Feature Flags Framework for Controlled Rollbacks — Brownfield Enhancement
Epic Goal
Implement a centralized, minimal feature flag framework and wire it to key surfaces (Admin, Booking, Public) to enable safe, fast rollbacks and controlled exposure per the rollback strategy.
Epic Description
Existing System Context
- Current relevant functionality:
- Next.js 14 App Router running on Cloudflare Pages/Workers via OpenNext.
- Admin (/admin), Booking (/book), and Public (/ and /artists) surfaces with route handlers under /app/api.
- No project-wide feature flags; rollbacks require full deployment revert.
- Technology stack:
- Next.js 14, OpenNext Cloudflare adapter, Cloudflare D1/R2, NextAuth (JWT), Tailwind + shadcn/ui, Zod validations.
- Integration points:
- Cloudflare env vars via wrangler.toml ([env.preview.vars]/[env.production.vars]).
- UI components/pages under app/, route handlers under app/api/.
- lib/env.ts for env validation; rollback procedures documented in docs/prd/rollback-strategy.md.
Enhancement Details
- Whats being added/changed:
- Introduce a simple, typed flags module (lib/flags.ts) that reads boolean switches from environment variables.
- Add first-class flags for Admin, Booking, and Public UX controls as defined in rollback-strategy.md.
- Gate critical UI flows and API endpoints behind these flags with graceful fallbacks (e.g., disable Booking submit with friendly messaging).
- How it integrates:
- Flags read from env (wrangler vars); server-side checks in route handlers and server components, client-side checks for UI affordances.
- No architectural changes; minimal localized conditionals and guard rails.
- Success criteria:
- Toggling a flag disables the associated feature safely without redeploy.
- Disabled states present appropriate UX and non-2xx responses for APIs (e.g., 503 with JSON message) where appropriate.
- No impact on unaffected features; default flag values replicate current behavior.
Stories
1. Feature Flags Library & Configuration
- Implement lib/flags.ts with typed boolean flags:
- ADMIN_ENABLED, ARTISTS_MODULE_ENABLED, UPLOADS_ADMIN_ENABLED
- BOOKING_ENABLED, PUBLIC_APPOINTMENT_REQUESTS_ENABLED, REFERENCE_UPLOADS_PUBLIC_ENABLED, DEPOSITS_ENABLED
- PUBLIC_DB_ARTISTS_ENABLED, ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED
- STRICT_CI_GATES_ENABLED, ISR_CACHE_R2_ENABLED
- Read values from process.env (wrangler vars) with safe defaults that preserve current behavior.
- Document expected vars and defaults in README and docs/prd/rollback-strategy.md linkage.
- Optional: Update lib/env.ts to include non-breaking optional validation for key flags (boolean parsing).
2. Wire Flags to Critical Surfaces (Admin/Booking/Public)
- Admin:
- Gate /admin shell with ADMIN_ENABLED; show friendly “Temporarily unavailable” if disabled.
- Gate admin uploads endpoints with UPLOADS_ADMIN_ENABLED; return 503 JSON on POST/DELETE when disabled.
- Booking:
- Gate BookingForm submit path with BOOKING_ENABLED; disabled state shows user message and redirects to /contact.
- If/when public booking endpoint exists, gate with PUBLIC_APPOINTMENT_REQUESTS_ENABLED.
- Public:
- Gate advanced scroll/parallax with ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED; ensure no JS errors when off.
- Add smoke tests/checklist notes to verify disabled vs enabled behavior.
3. Operational Guidance & Verification
- Add a “Feature Flags Operations” section to docs/prd/rollback-strategy.md or a short ops note with:
- How to toggle flags (wrangler vars / dashboard).
- Expected UX/API behavior per flag.
- Post-toggle smoke steps.
- Ensure flags are listed in wrangler.toml example vars for preview/production (documentation only; no secrets committed).
Compatibility Requirements
- [x] Existing APIs remain unchanged unless disabled via flags (return 503 with structured message when gated).
- [x] No DB schema changes introduced.
- [x] UI changes follow existing patterns and provide accessible fallback messages.
- [x] Performance impact minimal (light conditional checks, no heavy client logic).
- [x] Default state preserves current behavior if flags are unset.
Risk Mitigation
- Primary Risk: Misconfiguration of env vars causing unintended disablement.
- Mitigation: Safe defaults that preserve current behavior; add console.warn on server when a critical flag is undefined (non-fatal).
- Rollback Plan: Set flags to disable problematic surfaces immediately; revert local changes by removing guards if needed (code rollback not required in normal operation).
Definition of Done
- [ ] lib/flags.ts implemented with typed flags and safe defaults.
- [ ] Admin, Booking, Public surfaces gated with appropriate UX/API responses.
- [ ] Documentation updated (flags list, how to toggle, expected behaviors).
- [ ] Smoke verification steps executed for both enabled and disabled states.
- [ ] No regressions observed in unaffected areas.
Validation Checklist
Scope Validation
- [x] Epic can be completed in 13 stories maximum.
- [x] No architectural documentation required beyond existing brownfield references.
- [x] Enhancement follows existing patterns (env-based configuration, conditional rendering).
- [x] Integration complexity is manageable.
Risk Assessment
- [x] Risk to existing system is low (additive, defensive controls).
- [x] Rollback plan is feasible (toggle flags via env).
- [x] Testing approach covers existing functionality (smoke on disabled/enabled).
- [x] Team has sufficient knowledge of integration points.
Completeness Check
- [x] Epic goal is clear and achievable.
- [x] Stories are properly scoped (library, wiring, ops).
- [x] Success criteria are measurable (toggle effects, UX/API responses).
- [x] Dependencies identified (wrangler vars, docs updates).
Handoff to Story Manager
Please develop detailed user stories for this brownfield epic. Key considerations:
- This is an enhancement to an existing system running Next.js 14 App Router on Cloudflare Pages/Workers with D1/R2 and OpenNext.
- Integration points:
- Env vars from wrangler.toml ([env.preview.vars]/[env.production.vars]).
- Admin pages under /app/admin, Booking under /app/book, related route handlers under /app/api.
- Documented rollback procedures in docs/prd/rollback-strategy.md.
- Existing patterns to follow:
- Zod validations for route handlers, shadcn/ui for UX, middleware RBAC, minimal conditional checks.
- Critical compatibility requirements:
- Defaults preserve current behavior.
- Disabled states provide clear user messaging and appropriate HTTP statuses for APIs (503).
- No DB schema changes; no secrets in repo.
- Each story must include verification that existing functionality remains intact with flags both enabled and disabled.
Epic should maintain system integrity while enabling safe, immediate disablement of high-risk surfaces without a redeploy.

21
docs/prd/epics.md
View File

@ -1,21 +0,0 @@
# Epics
Epic A: Admin Dashboard & Artist Management
Description: Secure, role-based admin experience to onboard artists, manage profiles/portfolios, and control assets.
Business Value: Scales operations; reduces friction for artist content management and quality control.
Epic B: Unified Booking & Client Management
Description: Multi-form booking and consultation flows, client portal, scheduling, and payments.
Business Value: Converts demand into scheduled work efficiently while respecting policies and preferences.
Epic C: Public-Facing Website Experience
Description: Consistent ShadCN-based design system, immersive visuals, improved content and discovery.
Business Value: Enhances brand, increases engagement, and improves conversion to consultations/bookings.
Epic D: Technical Architecture & Delivery
Description: Cloudflare-first architecture, caching/optimization, performance and offline capabilities, and strong documentation.
Business Value: Reliable, fast experience with maintainable operations and smooth handoff to the owner.
---
Brownfield Enhancements (Small Epics)
- Feature Flags Framework for Controlled Rollbacks — see: [epic-feature-flags-controlled-rollbacks.md](./epic-feature-flags-controlled-rollbacks.md)

94
docs/prd/functional-requirements-frs.md
View File

@ -1,94 +0,0 @@
# Functional Requirements (FRs)
FR-A. Admin Dashboard & Artist Management
A1. Invitations & Onboarding
- FR-A1.1: Admin can invite users (artists, staff) via time-limited signup links.
- FR-A1.2: Wizard-style onboarding for artists using ShadCN components guiding profile, portfolio, and settings.
- FR-A1.3: Optional passwordless fallback; primary path supports email+password + 2FA enrollment.
- FR-A1.4: Sandbox mode to preview changes before publishing live.
A2. Role-Based Access & Controls
- FR-A2.1: Roles: viewer, editor (portfolio), admin, owner; assignable per user.
- FR-A2.2: Permissions restrict CRUD on artists, portfolios, and settings per role.
- FR-A2.3: Emergency pause control per artist or system-wide, disabling booking or portfolio visibility.
A3. Artist Profiles & Portfolio
- FR-A3.1: CRUD for artist profiles (bio, styles, rates/tiers, links, availability indicators).
- FR-A3.2: Batch drag-and-drop portfolio upload with progress tracking.
- FR-A3.3: Manual cropping UI with grid guides; save crops as separate asset records.
- FR-A3.4: Optional AI-assisted cropping suggestions (can be disabled per settings).
- FR-A3.5: Versioning for portfolio pieces to track edits/updates.
- FR-A3.6: Portfolio piece metadata: style tags, dimensions/size class, creation date, visibility flag.
A4. Asset Management & Delivery
- FR-A4.1: Store media in R2; metadata in D1.
- FR-A4.2: Server-side asset fetching and transformation for pages; minimize client duplication.
- FR-A4.3: Configurable compression levels; toggles to disable aggressive compression per asset/group.
A5. Auditability & Notifications
- FR-A5.1: Activity logs with user, action, timestamp; filter by user/resource.
- FR-A5.2: Notification preferences per user and per role (email/SMS for key events: new booking, cancellations).
- FR-A5.3: Basic content moderation hooks for uploads (e.g., queue for review).
FR-B. Unified Booking & Client Management
B1. Booking & Consultation Forms
- FR-B1.1: Multi-form flow with smart routing: consultation vs booking based on user input.
- FR-B1.2: Appointment type taxonomy (first tattoo, cover-up, large piece, etc.) drives questions and duration.
- FR-B1.3: Automated quote estimates based on inputs: size, placement, complexity, artist tier/rate.
B2. Client Portal
- FR-B2.1: Clients can create accounts and authenticate to manage appointments.
- FR-B2.2: View upcoming/past appointments, reschedule/cancel (per policy windows).
- FR-B2.3: Payments area: view deposit history, receipts, refunds.
- FR-B2.4: Profile and preferences (email/SMS notifications opt-in/out).
B3. Scheduling & Calendars
- FR-B3.1: Real-time availability across artists with conflict detection.
- FR-B3.2: Google Calendar two-way sync for artists (per-artist toggle).
- FR-B3.3: Automated confirmations and reminders (email/SMS) per policy.
B4. Payments
- FR-B4.1: Multi-merchant gateway support (e.g., Stripe, PayPal) with deposit handling.
- FR-B4.2: Store payment intents and receipt references securely; enable refund workflows.
- FR-B4.3: Deposit policies surfaced during booking; acceptance required to proceed.
B5. Notifications & Communications
- FR-B5.1: Email and SMS channels configurable by users/admins.
- FR-B5.2: Admin notifications for new bookings, cancellations, changes.
FR-C. Public-Facing Website Experience
C1. Design System & Visuals
- FR-C1.1: All pages follow ShadCN baseline; unify typography, spacing, and components.
- FR-C1.2: Implement layered parallax and split-screen storytelling in hero and portfolio sections.
- FR-C1.3: Image-forward layouts throughout; high-quality photography emphasis.
C2. Pages & Navigation
- FR-C2.1: Improve /aftercare, /deposit, /terms, /privacy, /book for consistency and UX.
- FR-C2.2: Smooth, consistent navigation with refined transitions.
- FR-C2.3: Responsive behavior across major breakpoints with mobile-first navigation patterns.
C3. Search & Discovery
- FR-C3.1: Dedicated search page with filters (style, availability, price tier).
- FR-C3.2: Quick search (Ctrl+K) for artists and educational content.
- FR-C3.3: Enhanced artist gallery: style-based filtering and interactive zooms/lightbox.
C4. Educational Content
- FR-C4.1: Detailed aftercare guides with visuals, progress tracking, and checklists.
- FR-C4.2: Healing process explanations with diagrams or annotated imagery.
- FR-C4.3: Downloadable PDFs and printable guides.
FR-D. Technical Delivery & Handoff
D1. Cloudflare Integration & Runtime
- FR-D1.1: Use D1 for structured data and R2 for media; server-side patterns for SSR/ISR where applicable.
- FR-D1.2: Caching strategies to minimize egress and optimize load times.
D2. Performance & Offline
- FR-D2.1: Lazy loading for portfolio assets; progressive image loading.
- FR-D2.2: Service worker for offline support and faster revisits.
D3. Documentation & Staging
- FR-D3.1: Clear README, architecture docs, changelog, contributor guide.
- FR-D3.2: Staging environment for Christy to preview changes.
D4. Handoff
- FR-D4.1: Repo delivered ready-to-merge; Cloudflare transfer instructions documented.
- FR-D4.2: Owner training materials for non-technical management.

17
docs/prd/index.md
View File

@ -1,17 +0,0 @@
# Product Requirements Document (PRD)
United Tattoo — Public Website, Booking, and Admin System
Version: 1.0
Date: 2025-09-17
Source: Consolidated from docs/brainstorming.md
## Sections
- [Overview](./overview.md)
- [Functional Requirements (FRs)](./functional-requirements-frs.md)
- [Non-Functional Requirements (NFRs)](./non-functional-requirements-nfrs.md)
- [Epics](./epics.md)
- [User Stories (with Acceptance Criteria)](./user-stories-with-acceptance-criteria.md)
- [Phasing (Reference)](./phasing-reference.md)
- [Risks & Mitigations (Summary)](./risks-and-mitigations-summary.md)
- [Rollback Strategy](./rollback-strategy.md)

32
docs/prd/non-functional-requirements-nfrs.md
View File

@ -1,32 +0,0 @@
# Non-Functional Requirements (NFRs)
NFR-Security & Privacy
- NFR-S1: Enforce invite-based onboarding; session security; 2FA required for admins/owners; optional passwordless fallback.
- NFR-S2: Role-based access controls across admin features and APIs; least-privilege defaults.
- NFR-S3: Media access via scoped tokens; no direct public RW access to R2.
- NFR-S4: Payment flows must be PCI-compliant through the chosen gateway(s); do not store raw card data.
- NFR-S5: Basic content moderation hooks for uploads; audit and traceability of changes.
- NFR-S6: Conform to privacy policy; provide clear consent for notifications.
NFR-Performance
- NFR-P1: Use SSR-friendly, server-side image processing; progressive/lazy-loading for rich media.
- NFR-P2: Apply CDN caching and optimized asset delivery to keep LCP/INP within target budgets for typical gallery pages.
- NFR-P3: Minimize egress from R2 through caching and efficient formats; favor WebP/AVIF where supported.
NFR-Reliability & Availability
- NFR-R1: Implement robust error handling and retries for R2/D1 operations; graceful degradation of images.
- NFR-R2: Eventual consistency acceptable for search indices and non-critical caches (<1 minute).
- NFR-R3: Activity logs retained per policy; include export capabilities for audits.
NFR-Usability & Accessibility
- NFR-U1: Follow ShadCN conventions for components and patterns; consistent spacing/typography.
- NFR-U2: WCAG AA baseline for color contrast, focus states, and keyboard navigation.
- NFR-U3: Responsive layouts and touch targets across breakpoints.
NFR-Observability & Ops
- NFR-O1: Centralized error tracking for client/server, with release tagging.
- NFR-O2: Structured logs; avoid logging PII beyond necessity.
- NFR-O3: Staging environment should mimic production settings for realistic previews.
NFR-Documentation & Handoff
- NFR-D1: Up-to-date README, architecture overview, environment setup, and runbooks.
- NFR-D2: Owner-facing guides for day-to-day tasks (invites, portfolio updates, refunds, content).

16
docs/prd/overview.md
View File

@ -1,16 +0,0 @@
# Overview
United Tattoo is expanding both its public-facing web experience and internal admin/ops systems. This PRD defines Functional Requirements (FRs), Non-Functional Requirements (NFRs), Epics, and User Stories derived from the brainstorming notes. The goal is a unified, scalable platform for artist onboarding and portfolio management, seamless client booking and portal experiences, and a refined, image-forward public site aligned to a ShadCN-based design system and Cloudflare runtime.
Primary Objectives
- Create a unified system supporting artist onboarding, portfolio and asset management, and secure admin controls.
- Deliver a polished, immersive public site with consistent design and rich educational content.
- Implement robust booking and payment flows with a client portal and calendar integration.
- Provide strong documentation, staging workflows, and an approachable owner handoff.
Key Assumptions & Tech Baseline
- UI baseline: ShadCN components, consistent with homepage and /artist pages.
- Visual language: Oversized image-forward design; layered parallax and split-screen storytelling.
- Infra: Cloudflare D1 (structured data), R2 (media assets); server-side asset loading.
- Docs/patterns: Context7 MCP and ShadCN MCP as primary references for patterns.
- Auth: Invite-based onboarding; RBAC; 2FA; optional passwordless fallback.
- Handoff: Staging environments, clear README/architecture docs, owner training.

9
docs/prd/phasing-reference.md
View File

@ -1,9 +0,0 @@
# Phasing (Reference)
- Phase 1 (Weeks 12): Foundations & Critical Fixes
- Admin: invites, onboarding wizard, basic portfolio management, R2 integration scaffold (UT-ADM-01..05, 07, 10; UT-ARC-01)
- Phase 2 (Weeks 34): Core Features & UX
- Booking, client portal, deposits/payments, design unification (UT-BKG-01..09; UT-PUB-01; UT-ARC-04)
- Phase 3 (Weeks 56): Polish & Visual Experience
- Parallax/split-screen, search & filters, education content, service worker (UT-PUB-02..06; UT-ARC-02..03)
- Phase 4 (Week 7): Documentation & Delivery
- Docs, handoff, training, final staging (UT-ARC-05 + wrap-ups)

6
docs/prd/risks-and-mitigations-summary.md
View File

@ -1,6 +0,0 @@
# Risks & Mitigations (Summary)
- Admin dashboard complexity/bugs → Incremental delivery, sandbox previews, RBAC testing.
- Cloudflare D1/R2 pitfalls → Follow proven patterns; robust error handling; staging validation.
- Performance with heavy visuals → Lazy loading, image optimization, prudent asset sizing, performance budgets.
End of PRD.

470
docs/prd/rollback-strategy.md
View File

@ -1,470 +0,0 @@
# Brownfield Rollback Strategy (AD Epics)
Project: United Tattoo
Version: v1.0
Date: 2025-09-18
Owner: Product Manager (John) in collaboration with Architect, QA, DevOps
Related Documents:
- [Feature Flags Rollout Release Notes](../releases/2025-09-19-feature-flags-rollout.md)
Purpose
- Define explicit, actionable rollback procedures for each Epic (A: Admin, B: Booking, C: Public, D: Technical/Infra).
- Establish global controls (feature flags, deploy reverts, DB/R2 backups), triggers, communications, and verification steps.
- Satisfy QA condition: “Create comprehensive rollback procedures document (per-epic)”.
Scope
- Applies to Cloudflare Pages + OpenNext deployment.
- Applies to D1 (SQL) and R2 (object storage).
- Covers toggling features, deploy reverts, DB schema/data rollback, and user impact mitigation.
References
- QA Validation Report: docs/qa/po-master-checklist-validation-report.md
- Brownfield Architecture (A): docs/brownfield-architecture.md
- Brownfield Architecture (B): docs/brownfield-architecture-booking.md
- Brownfield Architecture (C): docs/brownfield-architecture-public.md
- Brownfield Architecture (D): docs/brownfield-architecture-tech.md
- Core Config: .bmad-core/core-config.yaml (prdSharded: true; prdShardedLocation: docs/prd)
---
1) Global Rollback Principles
1.1 Triggers (General)
- Elevated 5xx rate over last 510 minutes (thresholds below).
- Error spikes in specific route handlers (/api/*), auth failures, or R2 failures.
- Performance regression beyond defined SLO (TTFB, P95 route latency).
- Critical UX breakage (navigation, booking submit, admin CRUD).
- Security incidents or data integrity issues.
1.2 Rollback Order of Operations (Default)
1) Freeze traffic to new risky surfaces via feature flags (prefer “dark shipping” off by default).
2) Revert config/env vars (e.g., disable BOOKING_ENABLED).
3) Revert to last-good deployment (Cloudflare Pages previous build).
4) If data shape changed, execute DB rollback (down migrations or revert script).
5) Undo R2 object operations if required (or orphan clean-up), restore references.
6) Purge caches/ISR tags if necessary.
7) Communicate status to stakeholders/end users (templates below).
8) Verify with smoke tests and targeted integration checks.
1.3 Feature Flags (Keys & Usage)
Implement a minimal runtime flag reader (server+client) backed by environment variables (wrangler.toml [vars] per env) or a flags file (lib/flags.ts). All new features must be guarded by flags for safe disables:
- ADMIN_ENABLED (Epic A switch)
- ARTISTS_MODULE_ENABLED (Epic A sub-switch)
- UPLOADS_ADMIN_ENABLED (Epic A sub-switch)
- BOOKING_ENABLED (Epic B master switch)
- PUBLIC_APPOINTMENT_REQUESTS_ENABLED (Epic B unauth booking)
- REFERENCE_UPLOADS_PUBLIC_ENABLED (Epic B ref images)
- DEPOSITS_ENABLED (Epic B payments)
- PUBLIC_DB_ARTISTS_ENABLED (Epic C db-backed artists on public)
- ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED (Epic C UX)
- STRICT_CI_GATES_ENABLED (Epic D: TS/ESLint in CI)
- ISR_CACHE_R2_ENABLED (Epic D cache behavior toggles)
Operational defaults, dashboard workflows, and smoke procedures are documented in Section 6.
1.4 Cloudflare Pages Revert (High-Level)
- Use Cloudflare Pages Deployments list (dashboard) to “Promote” or restore previous good deployment for the production branch OR redeploy the last known good commit.
- If using wrangler locally, prefer re-building the last good commit, then:
- npm run pages:build
- wrangler pages deploy .vercel/output/static
- After revert, purge cache as needed (dashboard) and revalidate ISR tags if used.
1.5 D1 (Database) Backups & Rollback
- Before applying any schema change:
- Export current DB: `npm run db:backup` (writes to `backups/d1-backup-YYYYMMDD-HHMM.sql`)
- Dry-run migrations on preview DB.
- Maintain up/down SQL migrations in sql/migrations/ with idempotent checks.
- Rollback process:
- Apply “down” migration scripts aligned to the last applied “up”:
- Preview: `npm run db:migrate:down:preview`
- Prod: `npm run db:migrate:down:prod`
- If unavailable, restore from export (last resort) after change window approval.
1.6 R2 (Object Storage) Considerations
- R2_PUBLIC_URL must be configured; if misconfigured, set flag to disable public consumption paths.
- For destructive bulk operations, stage keys to a manifest to allow targeted restores or clean-ups.
- Rollback: remove new objects (based on manifest) or restore originals if overwritten (keep versioning if enabled; otherwise retain originals with “.prev” suffix convention during risky deploys).
1.7 Monitoring & Thresholds (Actionable)
- Admin routes (/api/admin/*, /api/artists, /api/portfolio, /api/files, /api/settings, /api/users):
- Trigger if 5xx > 2% for 10 minutes OR P95 latency > 2s for 10 minutes.
- Booking (/api/appointments, booking request endpoint, /api/upload if public used):
- Trigger if submit failure rate > 5% across 5 minutes or mean time to response > 3s.
- Public pages:
- Trigger if homepage error > 1% or significant LCP increase (> 30% vs baseline).
- Auth:
- Trigger on spike in sign-in failures inconsistent with traffic.
---
2) Epic A — Admin Dashboard & Artist Management (Rollback Plan)
2.1 Surfaces & Risks (from docs/brownfield-architecture.md)
- Admin UI pages under /admin/*
- APIs: /api/artists, /api/portfolio, /api/files, /api/settings, /api/users, /api/admin/*
- D1 tables: artists, portfolio_images, site_settings, file_uploads, users (role changes)
- R2 ops: admin uploads, portfolio image flows
- Middleware RBAC and NextAuth role flow
2.2 Flags & Safe Toggles
- ADMIN_ENABLED = false → Hide /admin routes entry points, return 503 or friendly “Temporarily unavailable” for admin-only surfaces.
- ARTISTS_MODULE_ENABLED = false → Disable CRUD on artists and hide related UI.
- UPLOADS_ADMIN_ENABLED = false → Disable admin uploads endpoints; return 503.
2.3 Deploy Revert Path
- Promote last-good deployment in Cloudflare Pages dashboard for production.
- Purge cache if /admin was statically cached (typically dynamic; purge anyway as precaution).
2.4 DB Rollback
- If schema changed (e.g., new columns in artists/portfolio_images/site_settings):
- Execute corresponding down migration files.
- If data backfill created inconsistencies, run compensating scripts to restore prior invariants.
- Users & roles: If role assignment logic changed in lib/auth.ts or data seeded:
- Revert seed changes; ensure SUPER_ADMIN dev shortcut is disabled for production if risky.
2.5 R2 Rollback
- If new admin bulk upload introduced incorrect keys:
- Use manifest produced during upload to delete or quarantine bad keys.
- Restore references in D1 (portfolio_images) to previous URLs if overwritten.
2.6 Verification (Admin)
- Smoke tests:
- Auth sign-in (admin) → access /admin/page.tsx
- CRUD: create/update artist, upload image, update site settings (if re-enabled)
- Portfolio list load time (P95) < 2s and error rate ~0
2.7 Communication
- Internal: Notify staff admins of temporary disablement with ETA.
- External: N/A (admin-only).
---
3) Epic B — Booking & Client Management (Rollback Plan)
3.1 Surfaces & Risks (from docs/brownfield-architecture-booking.md)
- UI: /book with components/booking-form.tsx
- APIs: /api/appointments (auth required), proposed public booking request endpoint
- Uploads: /api/upload (auth-only currently)
- D1: appointments, availability, users (client)
- Payments: deposit flow (not implemented yet; when added, gateway risk)
3.2 Flags & Safe Toggles
- BOOKING_ENABLED = false → Hide or “temporarily unavailable” booking form actions; link to Contact page as fallback.
- PUBLIC_APPOINTMENT_REQUESTS_ENABLED = false → Disable public booking endpoint; return 503/friendly message.
- REFERENCE_UPLOADS_PUBLIC_ENABLED = false → Disable public uploads (if added later).
- DEPOSITS_ENABLED = false → Disable any payment intents (if/when implemented).
3.3 Fallback UX
- Booking form Submit → disabled; show banner “Online booking temporarily unavailable. Please contact the studio.”
- Replace hero CTA (“Book Consultation”) to /contact during incident.
3.4 Deploy Revert Path
- Restore last-good deployment to eliminate new booking logic/UI.
- Purge cache for /book and home page if needed; revalidate tag for booking content.
3.5 DB Rollback
- If new columns/tables introduced (e.g., consultation_requests):
- Apply down migrations.
- If incorrect appointments were created:
- Mark as CANCELLED with note “Rollback cleanup [timestamp]” (prefer soft-delete).
- Restore any previous constraints/state as needed.
3.6 R2 Rollback
- If public reference image upload was added and malfunctioned:
- Disable endpoint via flags.
- Delete orphaned objects based on recent upload manifests.
- Remove/repair D1 file_uploads rows linked to orphan keys.
3.7 Verification (Booking)
- Smoke flows:
- Page load (/book) without console errors.
- If enabled: submit request → 200/201 with confirmation.
- If disabled: contact fallback visible, no POST attempted.
3.8 Communication
- Public banner on /book; social post if extended outage.
- Staff: notify front desk to handle manual bookings.
---
4) Epic C — Public Website Experience (Rollback Plan)
4.1 Surfaces & Risks (from docs/brownfield-architecture-public.md)
- UI: home sections (hero, artists, services, contact), /artists listing and /artists/[id]
- Data source: currently static (data/artists.ts); potential future DB-backed
- Heavy imagery, parallax, accessibility/performance concerns
4.2 Flags & Safe Toggles
- PUBLIC_DB_ARTISTS_ENABLED = false → Revert to static data/artists.ts sourcing.
- ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED = false → Disable parallax/scroll effects for stability/perf.
4.3 Deploy Revert Path
- Revert to last-good deployment where public assets are stable.
- Consider Next/Image or loader toggles (if introduced later) → disable to reduce complexity.
4.4 Verification (Public)
- Home load LCP within baseline ±30%.
- Artists list renders; profile pages resolve; no broken images.
- Navigation anchor behavior OK or simplified (no JS errors).
4.5 Communication
- Optional banner if visible feature regression (e.g., artist directory temporarily simplified).
---
5) Epic D — Technical Architecture & Delivery (Rollback Plan)
5.1 Surfaces & Risks (from docs/brownfield-architecture-tech.md)
- OpenNext adapter, wrangler.toml compatibility, Pages build
- Incremental cache in R2
- next.config.mjs flags (ignore TS/ESLint), security headers pending
- Env validation (lib/env.ts) misalignment; missing R2_PUBLIC_URL
5.2 Flags & Safe Toggles
- STRICT_CI_GATES_ENABLED = false → Temporarily allow build leniency (emergency only).
- ISR_CACHE_R2_ENABLED = false → Disable incremental cache usage if cache corruption suspected.
5.3 Deploy Revert Path
- Promote last-good deployment; ensure wrangler.toml matches known-good config (compatibility_date/flags).
- Disable experimental toggles before re-promote to reduce risk.
5.4 DB/Env/Secrets
- Ensure NEXTAUTH_SECRET remains valid; set via “wrangler secret put”.
- Add R2_PUBLIC_URL to Cloudflare env vars for preview/production; if missing, disable features dependent on it.
5.5 Verification
- pages:build and preview succeed locally.
- OpenNext preview path OK (npm run preview).
- Admin/public critical routes pass smoke checks; no missing env warnings.
---
6) Operational Runbooks (Feature Flags & Rollback)
6.1 Feature Flag Catalog
| Flag | Default (Prod / Preview) | Surfaces | Purpose / Off Effect |
| --- | --- | --- | --- |
| ADMIN_ENABLED | true / true | Admin UI (/admin), admin APIs | Master switch for admin experience. Off: hides admin entry points and returns 503 for admin APIs. |
| ARTISTS_MODULE_ENABLED | true / true | Admin artists CRUD | Protects artist management. Off: hides CRUD controls and blocks writes to /api/artists*. |
| UPLOADS_ADMIN_ENABLED | true / true | Admin uploads UI/APIs | Guards media uploads. Off: disables upload buttons and forces 503 from /api/files*. |
| BOOKING_ENABLED | true / true | Booking form (/book), availability APIs | Controls booking flow. Off: renders fallback CTA to contact studio and blocks POST /api/appointments. |
| PUBLIC_APPOINTMENT_REQUESTS_ENABLED | false / false | Public booking request endpoint | Exposes unauth booking request. Off: keeps endpoint hidden (404) and removes public form. |
| REFERENCE_UPLOADS_PUBLIC_ENABLED | false / false | Public reference upload widget | Manages public file submissions. Off: hides widget and blocks /api/upload anonymous access. |
| DEPOSITS_ENABLED | false / false | Deposit capture flows | Enables deposit checkout. Off: skips deposit step and instructs manual follow-up. |
| PUBLIC_DB_ARTISTS_ENABLED | false / false | Public artists listing (DB) | Switches between DB-backed and static artist data. Off: serves static content only. |
| ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED | true / true | Public navigation/scroll FX | Controls motion enhancements. Off: disables animations to improve stability/perf. |
| STRICT_CI_GATES_ENABLED | true / true | CI pipeline gating | Enforces TS/Deno lint gates in CI. Off: allows emergency builds without strict checks (document rationale). |
| ISR_CACHE_R2_ENABLED | true / true | ISR revalidation + R2 cache | Enables ISR artifacts in R2. Off: falls back to static render; purge cache to clear stale artifacts. |
- Keep the catalog in sync when new flags are introduced (update defaults and impacted surfaces).
6.2 Cloudflare Dashboard Toggle Workflow
1. Sign in to https://dash.cloudflare.com → Pages → **united-tattoo**.
2. Select the target environment (Preview for drills, Production for live response) → **Settings****Environment Variables**.
3. Click **Edit variables**, locate the flag, and set the value explicitly to `"true"` or `"false"`. Add the variable if it does not yet exist.
4. Save changes; Cloudflare schedules a new deployment. Capture the deployment ID and reason in the incident log.
5. Monitor the deployment until status is **Success**. If the change is production-facing, notify stakeholders that the smoke in 6.5 is starting.
6. After verification, document the final state and timestamp in the ops channel/runbook.
- Guardrails:
- Stage toggles in Preview first, complete the drill in 6.4, then mirror to Production.
- Change one flag per deployment unless incident response demands otherwise; note combined changes explicitly.
- Always pair toggles with the post-toggle smoke checklist (6.5) before declaring success.
6.3 Persistent Environment Updates (wrangler.toml)
- When a toggle becomes a new baseline, update `wrangler.toml` and open a PR documenting the change:
```toml
[env.preview.vars]
ADMIN_ENABLED = "true"
ARTISTS_MODULE_ENABLED = "true"
UPLOADS_ADMIN_ENABLED = "true"
BOOKING_ENABLED = "true"
PUBLIC_APPOINTMENT_REQUESTS_ENABLED = "false"
REFERENCE_UPLOADS_PUBLIC_ENABLED = "false"
DEPOSITS_ENABLED = "false"
PUBLIC_DB_ARTISTS_ENABLED = "false"
ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED = "true"
STRICT_CI_GATES_ENABLED = "true"
ISR_CACHE_R2_ENABLED = "true"
[env.production.vars]
# copy defaults; override per incident during mitigation
ADMIN_ENABLED = "true"
ARTISTS_MODULE_ENABLED = "true"
UPLOADS_ADMIN_ENABLED = "true"
BOOKING_ENABLED = "true"
PUBLIC_APPOINTMENT_REQUESTS_ENABLED = "false"
REFERENCE_UPLOADS_PUBLIC_ENABLED = "false"
DEPOSITS_ENABLED = "false"
PUBLIC_DB_ARTISTS_ENABLED = "false"
ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED = "true"
STRICT_CI_GATES_ENABLED = "true"
ISR_CACHE_R2_ENABLED = "true"
```
- Do not commit incident-specific overrides; rely on dashboard variables for temporary states and revert via follow-up PR if defaults change.
6.4 Preview Simulation & Tabletop Drill
1. Adjust `[env.preview.vars]` in `wrangler.toml` (or use the dashboard Preview environment) to represent the planned scenario.
2. From repo root run:
- `npm install` (if dependencies changed)
- `npm run pages:build`
- `npm run preview`
3. Hit http://localhost:8788 (OpenNext preview) and verify no build-time warnings about missing env vars.
4. Exercise each surface while toggling relevant flags:
- **Admin (ADMIN_ENABLED, ARTISTS_MODULE_ENABLED, UPLOADS_ADMIN_ENABLED)**
- Flag `true`: `/admin` loads (200), CRUD flows succeed, uploads return 200.
- Flag `false`: `/admin` displays maintenance notice, CRUD attempts return 503, uploads blocked.
- **Booking (BOOKING_ENABLED, DEPOSITS_ENABLED, PUBLIC_APPOINTMENT_REQUESTS_ENABLED)**
- `BOOKING_ENABLED=true`: `/book` renders form, POST `/api/appointments` returns 200.
- `BOOKING_ENABLED=false`: `/book` shows fallback CTA, POST returns 503; confirm deposits/request endpoints stay disabled when their flags are `false`.
- **Public surfaces (PUBLIC_DB_ARTISTS_ENABLED, ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED)**
- DB flag `true`: `/artists` reads from DB (check console/logs for live data).
- DB flag `false`: `/artists` falls back to static data; ensure no stale DB calls.
- Animations flag `false`: scrolling shows simplified experience without console errors.
- **Technical toggles (STRICT_CI_GATES_ENABLED, ISR_CACHE_R2_ENABLED)**
- With CI flag `false`, confirm emergency builds succeed locally but capture justification.
- With ISR flag `false`, ensure preview serves static responses and note needed cache purges.
5. Record findings, screenshots, and timings in the ops tabletop log (linked from the incident runbook).
6.5 Post-Toggle Smoke Checklist (Production Or Preview)
- Admin: `/admin` loads correctly when enabled; when disabled, navigation hides and `/api/admin/health` returns 503.
- Booking: `/book` reflects flag state, CTA honours configuration, appointment API responds 200/503 as expected.
- Public: Homepage and `/artists` render without errors; animations respond to flag state; cached content reflects latest toggle.
- APIs: Deposits and uploads endpoints return the correct status codes for their flag values.
- Observability: Confirm error rate and latency metrics stabilize (see 1.7) and update incident log with before/after snapshots.
6.6 Incident Playbook
1. Verify trigger thresholds from 1.7 to avoid accidental toggles.
2. Identify impacted surface(s) and apply flags per the table below (one deployment per group when possible).
| Scenario | Primary Flags | Notes |
| --- | --- | --- |
| Booking failures or payment risk | BOOKING_ENABLED, DEPOSITS_ENABLED, PUBLIC_APPOINTMENT_REQUESTS_ENABLED | Disable booking UI first, then deposits; broadcast banner via 7.2; purge `/book` cache. |
| Admin regression or data integrity risk | ADMIN_ENABLED, UPLOADS_ADMIN_ENABLED, ARTISTS_MODULE_ENABLED | Lock admin access, freeze uploads, log manual follow-up tasks for data reconciliation. |
| Public content/performance degradation | PUBLIC_DB_ARTISTS_ENABLED, ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED, ISR_CACHE_R2_ENABLED | Fall back to static data, disable animations, clear ISR cache, monitor LCP/TTFB. |
| CI/build instability | STRICT_CI_GATES_ENABLED | Temporarily relax gates; document justification and plan to re-enable once green. |
3. Cache handling:
- After flag changes, run targeted cache purge (Pages → Project → Caching → Purge by prefix) for affected routes.
- When ISR cache is disabled, clear R2 artifacts (`npm run cache:purge` when available) to prevent stale responses.
4. Roll-forward:
- Investigate root cause, prepare corrective fix, rerun 6.4 in preview, then restore flags to defaults.
- Re-enable flags in reverse order once validation passes; document final state and lessons learned.
6.7 Revert to Last-Good Deployment
- Cloudflare Pages Dashboard → Project → Deployments → Promote previous successful deployment to Production.
- Alternatively, check out last-good commit locally:
- git checkout <last-good-commit>
- npm run pages:build
- wrangler pages deploy .vercel/output/static
- Purge cache as needed (Dashboard) and revalidate ISR tags.
6.8 D1 Backups & Migrations
- Backup before risk:
- wrangler d1 export united-tattoo > backups/d1-backup-YYYYMMDD-HHMM.sql
- Apply down migration (example):
- wrangler d1 execute united-tattoo --remote --file=sql/migrations/20250918_down.sql
6.9 R2 Object Management
- If versioning enabled: restore previous versions in dashboard.
- If not: delete newly-added keys from recent manifest; restore any .prev originals.
---
7) Communications
7.1 Internal Templates
- Incident Start:
- Subject: [Incident] Epic {A|B|C|D} regression rollback in progress
- Body: Symptom, start time, affected routes, ETA to mitigation, next update time.
- Incident Resolved:
- Subject: [Resolved] Epic {A|B|C|D} rolled back
- Body: Root cause (prelim), fix forward plan, verification summary.
7.2 Public Templates (Booking/Public)
- Banner: “Online booking temporarily unavailable while we perform maintenance. Please contact the studio at (phone/email).”
- Social (optional): “Were making improvements; online booking briefly unavailable. Well be back shortly!”
---
8) Verification Checklists
8.1 Post-Rollback Smoke (All)
- Home page renders without console errors; nav usable.
- Auth sign-in/out OK; protected admin routes gated correctly.
- No spikes in 5xx; latency within baseline ±20%.
- R2 asset URLs valid (R2_PUBLIC_URL configured).
8.2 Admin (Epic A)
- /admin loads (if re-enabled); CRUD operations succeed.
- Portfolio image retrieval works; no broken admin listing grids.
8.3 Booking (Epic B)
- /book page loads; submit disabled or functional per state.
- No POST requests to disabled endpoints; fallback messaging correct.
8.4 Public (Epic C)
- Artists listing and profile pages render; imagery loads without CLS shifts.
8.5 Technical (Epic D)
- pages:build OK; preview OK; OpenNext worker stable.
- No new warnings for missing env; cache behavior normal.
---
9) Mapping: Features → Flags → Owners
| Feature/Area | Flag | Owner |
|----------------------------------------|----------------------------------------|--------------|
| Admin shell (all) | ADMIN_ENABLED | PM/Architect |
| Artists CRUD | ARTISTS_MODULE_ENABLED | PM/Dev |
| Admin uploads | UPLOADS_ADMIN_ENABLED | PM/Dev |
| Booking master | BOOKING_ENABLED | PM/Dev |
| Public appointment request | PUBLIC_APPOINTMENT_REQUESTS_ENABLED | PM/Dev |
| Reference uploads (public booking) | REFERENCE_UPLOADS_PUBLIC_ENABLED | PM/Dev |
| Deposits/payments | DEPOSITS_ENABLED | PM/Dev |
| Public artists from DB | PUBLIC_DB_ARTISTS_ENABLED | PM/Dev |
| Advanced nav/scroll animations | ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED | PM/UX |
| Strict CI gates (TS/ESLint) | STRICT_CI_GATES_ENABLED | PM/Dev |
| OpenNext R2 ISR cache | ISR_CACHE_R2_ENABLED | PM/DevOps |
---
10) Immediate Actions to Enable Rollbacks (Implementation Tasks)
- Add lib/flags.ts and wire flags to affected UI and API surfaces (A/B/C/D).
- Define sql/migrations/ with up/down per change; adopt wrangler migrations or controlled execute scripts.
- Add npm scripts:
- "db:backup": "wrangler d1 export united-tattoo > backups/d1-backup-$(date +%Y%m%d-%H%M).sql"
- "pages:promote:manual": "echo 'Promote last-good via dashboard or redeploy last good commit.'"
- Ensure R2_PUBLIC_URL is present in env validation (lib/env.ts) and set in wrangler.toml vars.
- Document “last-good commit” pointer in release notes for quick manual revert.
---
Appendix A — Known Current Gaps to Close Before Relying on This Plan
- Flags wiring: not yet implemented in repo; must be added.
- DB migrations: project uses sql/schema.sql; introduce structured migrations with down scripts.
- Cloudflare Pages “promote” is a dashboard action; CLI fallback is redeploy previous commit.
- Observability: add Sentry and minimal metrics to automate triggers.
Appendix B — Example Flag Reader (Pseudo)
```ts
// lib/flags.ts
export const Flags = {
ADMIN_ENABLED: process.env.ADMIN_ENABLED === "true",
BOOKING_ENABLED: process.env.BOOKING_ENABLED === "true",
// ... (others)
};
```
Appendix C — Rollback Drill (Quarterly)
- Simulate booking outage in preview:
- Flip BOOKING_ENABLED=false, ship preview, verify fallback UX, then restore.
- Simulate admin upload failure:
- Flip UPLOADS_ADMIN_ENABLED=false; verify admin pages handle gracefully.
- Document timings and lessons learned.
End of document.

160
docs/prd/user-stories-with-acceptance-criteria.md
View File

@ -1,160 +0,0 @@
# User Stories (with Acceptance Criteria)
Legend: UT-[Epic]-[ID]
- ADM = Admin/Artist Management (Epic A)
- BKG = Booking/Client (Epic B)
- PUB = Public Website (Epic C)
- ARC = Architecture/Delivery (Epic D)
Epic A — Admin Dashboard & Artist Management
UT-ADM-01: As an admin, I can invite a new artist with a time-limited signup link.
- Given I am an admin
- When I enter the artists email and send an invite
- Then the artist receives a link that expires after a configured window and can register successfully
UT-ADM-02: As an artist, I can complete a wizard-style onboarding to set profile, styles, and initial portfolio.
- Given I have a valid invite
- When I follow the wizard steps (profile, styles, rates, availability)
- Then my artist profile is created and set to draft until I publish
UT-ADM-03: As an admin/owner, I can enforce 2FA for admin roles and allow optional passwordless for others.
- Given security settings are configured
- When a new admin registers
- Then they must enroll 2FA before accessing admin features
UT-ADM-04: As an editor, I can batch upload portfolio pieces with progress tracking.
- Given I have editor permissions
- When I drag-and-drop multiple images
- Then I see per-file progress and all successful uploads are linked to my portfolio
UT-ADM-05: As an editor, I can manually crop images with grid guides and save crops as separate assets.
- Given I uploaded an image
- When I open the crop tool and save
- Then a cropped asset version with metadata is created
UT-ADM-06: As an editor, I can toggle AI-assisted crop suggestions on/off at the account or workspace level.
- Given the setting is visible
- When I toggle AI suggestions off
- Then only manual cropping is suggested
UT-ADM-07: As an admin, I can manage compression settings for uploaded assets and override aggressive compression.
- Given default compression is on
- When I disable aggressive compression for a set
- Then newly processed assets use the chosen compression level
UT-ADM-08: As an admin, I can view an activity log with user, action, and timestamp to audit changes.
- Given actions were performed
- When I open the activity log
- Then I can filter by user and resource and export logs
UT-ADM-09: As an admin, I can pause an artist or globally pause the system to halt new bookings.
- Given an emergency scenario
- When I toggle pause for a specific artist or globally
- Then booking forms and availability reflect the pause with clear messaging
UT-ADM-10: As an editor, I can stage portfolio changes in a sandbox and preview before publishing live.
- Given I have draft changes
- When I open preview
- Then I see the draft state exactly as it would appear when published
Epic B — Unified Booking & Client Management
UT-BKG-01: As a visitor, I am routed to consultation vs booking based on my form inputs.
- Given I start the booking flow
- When my answers indicate uncertainty or complex needs
- Then Im guided to a consultation request instead of direct booking
UT-BKG-02: As a visitor, I can select appointment type (first tattoo, cover-up, large piece, etc.) and see appropriate options.
- Given Im on the booking form
- When I choose an appointment type
- Then the form adapts with relevant questions and duration estimates
UT-BKG-03: As a visitor, I can see an automated quote estimate based on size, complexity, and artist tier.
- Given I filled required fields
- When I request an estimate
- Then I see a non-binding quote and deposit requirements
UT-BKG-04: As a client, I can create an account and see my upcoming/past appointments.
- Given I signed up
- When I log in to the client portal
- Then I can view appointments and details
UT-BKG-05: As a client, I can reschedule or cancel an appointment within policy windows.
- Given I have an upcoming appointment
- When I choose reschedule/cancel within allowed times
- Then the system updates calendar and sends notifications
UT-BKG-06: As an admin, I can enable two-way Google Calendar sync per-artist.
- Given an artist connects Google Calendar
- When sync is enabled
- Then booking changes appear in their calendar and availability reflects external events
UT-BKG-07: As a client, I can pay a deposit securely and receive a receipt.
- Given a deposit is required
- When I complete checkout via supported gateway
- Then my payment intent and receipt reference are stored and visible
UT-BKG-08: As an admin, I can process a refund via the payment gateway and record it in the system.
- Given a valid refund request
- When I issue a refund
- Then the client is notified and records reflect the refund
UT-BKG-09: As an admin, I receive notifications for new bookings, cancellations, and changes.
- Given notification preferences are set
- When key events occur
- Then I receive email/SMS alerts accordingly
Epic C — Public-Facing Website Experience
UT-PUB-01: As a visitor, I experience consistent ShadCN-based UI across all pages.
- Given any site page
- When I navigate and interact
- Then spacing, typography, components, and transitions are consistent
UT-PUB-02: As a visitor, I see parallax/split-screen hero sections that are smooth and performant.
- Given Im on the homepage or artist page
- When I scroll
- Then layered visuals and split sections animate smoothly within performance budgets
UT-PUB-03: As a visitor, I can use a dedicated search with filters (style, availability, price tier).
- Given Im on /search
- When I apply filters
- Then artist and content results update accordingly
UT-PUB-04: As a visitor, I can use quick search (Ctrl+K) to find artists and educational content.
- Given I press Ctrl+K
- When I type a query
- Then I get navigable results for artists and key pages
UT-PUB-05: As a visitor, I can view improved aftercare content with visuals, progress tracking, and checklists.
- Given I open /aftercare
- When I read and mark steps
- Then my progress is saved locally and content is printable/PDF-downloadable
UT-PUB-06: As a visitor, I can browse artist galleries with style-based filtering and interactive zoom/lightbox.
- Given Im on an artist page
- When I filter by style or click an image
- Then the gallery updates, and I can zoom without layout shift
Epic D — Technical Architecture & Delivery
UT-ARC-01: As a developer, I can configure Cloudflare D1/R2 and verify SSR server-side asset delivery.
- Given environment is set
- When I run the preview
- Then assets are fetched server-side and delivered via caches
UT-ARC-02: As a visitor, I benefit from progressive images and lazy loading while browsing media-heavy pages.
- Given I visit a gallery
- When images load
- Then low-res placeholders progressively upgrade without jank
UT-ARC-03: As a returning visitor, I benefit from a service worker that improves revisit speed and limited offline browsing.
- Given PWA-like capabilities
- When I revisit
- Then common assets/pages load faster and basic offline fallback is available
UT-ARC-04: As the owner, I can preview new changes on a staging environment before production.
- Given staging is deployed
- When I access the staging URL
- Then I can verify new features and content before launch
UT-ARC-05: As a maintainer, I can rely on clear docs (README, architecture, changelog) to operate and extend the system.
- Given the repository
- When a new developer onboards
- Then they can set up, run, and contribute following documented steps

41
docs/qa/gates/FF-1-feature-flags-library-and-config.yml
View File

@ -1,41 +0,0 @@
schema: 1
story: 'FF-1'
story_title: 'Feature Flags Library & Configuration — Brownfield Addition'
gate: PASS
status_reason: 'Flag module, runtime hydration, and operations guide now meet FF-1 requirements.'
reviewer: 'Quinn (Test Architect)'
updated: '2025-09-19T21:30:26.041064+00:00'
top_issues: []
waiver:
active: false
quality_score: 90
expires: '2025-10-03T21:30:26.041064+00:00'
evidence:
tests_reviewed: 3
risks_identified: 0
trace:
ac_covered: [1, 2, 3, 4, 5, 6, 7]
ac_gaps: [8, 9]
nfr_validation:
security:
status: PASS
notes: 'No new surface area introduced; flags remain boolean only.'
performance:
status: PASS
notes: 'Hydration reuses cached snapshot; toggles keep defaults lightweight.'
reliability:
status: PASS
notes: 'Warnings surface when env vars missing; API routes rely on refreshed snapshot.'
maintainability:
status: PASS
notes: 'Tests and ops docs capture expected defaults; runtime provider centralises usage.'
recommendations:
immediate: []
future:
- action: 'Consider automated smoke script to exercise a flag flip end-to-end in preview.'
refs: ['docs/prd/rollback-strategy.md']

48
docs/qa/gates/FF-2-wire-flags-to-critical-surfaces.yml
View File

@ -1,48 +0,0 @@
schema: 1
story: 'FF-2'
story_title: 'Wire Flags to Critical Surfaces — Admin/Booking/Public'
gate: PASS
status_reason: 'Booking mutations now honor BOOKING_ENABLED and the artists grid keeps a visible static layout when animations are disabled.'
reviewer: 'Quinn (Test Architect)'
updated: '2025-09-19T22:14:00+00:00'
waiver:
active: false
top_issues: []
risk_summary:
totals: { critical: 0, high: 0, medium: 0, low: 0 }
recommendations:
must_fix: []
monitor: []
quality_score: 90
expires: '2025-10-03T22:14:00+00:00'
evidence:
tests_reviewed: 4
risks_identified: 0
trace:
ac_covered: [1, 2, 3]
ac_gaps: []
nfr_validation:
security:
status: PASS
notes: 'No new attack surface; gating is conditional boolean checks.'
performance:
status: PASS
notes: 'Guards are constant-time flag reads; fallback removes scroll listeners.'
reliability:
status: PASS
notes: 'Flag flips immediately prevent bookings and keep the home artists grid intact.'
maintainability:
status: PASS
notes: 'Guard helpers and tests cover regressions; patterns match existing flag usage.'
recommendations:
immediate: []
future:
- action: 'Consider adding an integration smoke that exercises flag flips in preview to catch environment drift.'
refs: ['docs/prd/rollback-strategy.md']

48
docs/qa/gates/FF-3-feature-flags-operations-and-verification.yml
View File

@ -1,48 +0,0 @@
schema: 1
story: "FF-3"
story_title: "Feature Flags Operations & Verification — Brownfield Addition"
gate: "PASS"
status_reason: "Feature flag ops runbook now includes Cloudflare dashboard steps, incident playbook details, and preview simulation guidance required by ACs."
reviewer: "Quinn (Test Architect)"
updated: "2025-09-19T23:30:00Z"
waiver:
active: false
top_issues: []
risk_summary:
totals: { critical: 0, high: 0, medium: 0, low: 0 }
recommendations:
must_fix: []
monitor: []
quality_score: 90
expires: "2025-10-03T23:30:00Z"
evidence:
tests_reviewed: 4
risks_identified: 0
trace:
ac_covered: [1, 2, 3, 4, 5, 6, 7, 8]
ac_gaps: []
nfr_validation:
security:
status: PASS
notes: "Documentation-only change; no new security exposure."
performance:
status: PASS
notes: "Preview drill guidance enables operators to confirm perf impact before toggling."
reliability:
status: PASS
notes: "Incident playbook and preview simulation steps enhance operational reliability."
maintainability:
status: PASS
notes: "Comprehensive procedural documentation reduces tribal knowledge and enables sustainable ops."
recommendations:
immediate: []
future:
- action: "Add automated tabletop checklist to QA tooling once manual workflow is finalized."
refs: ["docs/prd/rollback-strategy.md"]

106
docs/qa/gates/PUB.2-parallax-split-hero.yml
View File

@ -1,106 +0,0 @@
id: PUB-2
title: Parallax and Split-Screen Hero Sections
epic: PUB
story: 2
slug: parallax-split-hero
story_file: docs/stories/pub-2-parallax-split-hero.md
decision: FAIL
decision_date: 2025-09-20
reviewer: Quinn (QA)
summary: |
Homepage hero parallax and Artist split hero exhibit incorrect baseline transforms at rest,
causing visible vertical drift/misalignment. Depth magnitudes are too aggressive, and
reduced-motion initialization is incorrect. Artist split hero also uses a negative margin
that compounds the offset. No other sections were brought up to blueprint parity.
criteria:
initial_render_alignment: FAIL
scroll_behavior_0_300px: FAIL
reduced_motion_behavior: CONCERNS
performance_budget_main_thread: CONCERNS
accessibility_no_layout_shift: FAIL
blueprint_parity_other_sections: FAIL
defects:
- id: PARALLAX-BASELINE
severity: high
location: hooks/use-parallax.ts
description: |
Baseline transform uses offsetTop/windowHeight math that applies a non-zero translation at rest
for absolutely positioned layers. Causes background to "drop" and split hero to misalign.
evidence: |
updateTransform(): relativeScrollY = scrollY - elementTop + windowHeight; transform set to
var(--parallax-offset) = relativeScrollY * depth.
fix: |
Compute from getBoundingClientRect().top and use offset = -rect.top * depth (clamped to section
bounds). Initialize CSS var to 0, update only when in view.
- id: REDUCED-MOTION-INIT
severity: medium
location: hooks/use-parallax.ts
description: useReducedMotion uses useState(prefersReducedMotion) instead of invoking the function.
fix: Change to `const [reducedMotion, setReducedMotion] = useState(prefersReducedMotion())`.
- id: DEPTH-TUNING
severity: medium
location: lib/parallax-config.ts
description: Depths are too aggressive for full-bleed absolute layers (bg 0.5, mid 0.2, fg -0.1).
fix: |
Suggested: background 0.120.16, mid 0.060.08, foreground -0.020.04; split left 0.04, right -0.04.
- id: ARTIST-HERO_NEG_MARGIN
severity: medium
location: components/artist-portfolio.tsx
description: Section uses `-mt-20`, compounding the initial parallax offset/misalignment.
fix: Remove negative margin; use header-aware padding (e.g., pt-20 md:pt-24).
required_fixes:
- PARALLAX-BASELINE
- REDUCED-MOTION-INIT
- DEPTH-TUNING
- ARTIST-HERO_NEG_MARGIN
retest_plan: |
Desktop and mobile:
1) Initial render at / and /artists/1 shows aligned layers, no drift at rest.
2) Scroll 0→300px shows subtle, smooth depth without detachment or CLS spikes.
3) Enable prefers-reduced-motion; verify no parallax transforms are applied.
4) Validate no long tasks > 50ms from parallax; monitor in Performance panel.
5) Confirm split hero stacks on small screens with correct initial alignment.
acceptance_checklist:
- Initial transform defaults to 0 at mount (unit test).
- Transform updates only when in view (IO-gated).
- Reduced motion disables parallax (unit test).
- Depths tuned and clamped to section bounds.
- Artist split hero has no negative margins; uses header-aware spacing.
- No regression in LCP/CLS on hero sections.
notes: |
Gate will move to PASS once fixes land with tests and visual verification in a preview build.
recheck:
date: 2025-09-20
result: FAIL
summary: |
Homepage hero OK after fixes. Artist portfolio split hero still misaligned: left image panel is raised so high
that more than half is offscreen above the top of the page.
evidence:
- file: components/artist-portfolio.tsx
snippet: 'className="relative h-screen overflow-hidden -mt-20"'
issue: Negative top margin forces section upward; with parallax transforms this results in visible offscreen overflow.
- file: hooks/use-parallax.ts
issue: Baseline still computed with offsetTop/windowHeight; useReducedMotion initialized with function reference instead of boolean.
actions_required:
- Remove "-mt-20" from artist split hero; replace with header-aware padding (e.g., "pt-20 md:pt-24").
- Compute parallax offset from getBoundingClientRect().top; initialize "--parallax-offset" to "0px"; IO-gate updates to when in view.
- Clamp split-screen depths to left 0.04 and right -0.04 or temporarily disable split parallax until stable.
retest_expectations:
- Initial render shows aligned image/content (no offscreen overflow).
- Scroll 0300px shows subtle depth without detachment or CLS.
- Reduced motion disables transforms for split hero.
doc_status_mismatch: true
doc_status_notes: |
Story file claims fixes landed (baseline, depth tuning, negative margin removed), but source code indicates otherwise.
Update the story after the code changes are actually applied and verified.

303
docs/qa/po-master-checklist-validation-report-2025-09-18.md
View File

@ -1,303 +0,0 @@
<!-- Generated via BMAD™ Core: execute-checklist (po-master-checklist) in comprehensive mode -->
# PO Master Checklist Validation Report
Project: United Tattoo
Checklist: .bmad-core/checklists/po-master-checklist.md
Mode: Comprehensive (YOLO)
Date: 2025-09-18 17:31 MT
Reviewed Artifacts (evidence):
- PRD Index: docs/prd/index.md
- Epics: docs/prd/epics.md
- Brownfield Rollback Strategy: docs/prd/rollback-strategy.md
- Package manifest/scripts: package.json
- Repository structure (Next.js App Router, app/, components/, sql/schema.sql, wrangler.toml present)
- Not exhaustively reviewed in this pass: detailed brownfield architecture docs referenced by rollback strategy
Project Type Determination:
- Type: Brownfield
- UI/UX: Yes (public-facing site + admin + booking)
- Sections skipped due to type: All [GREENFIELD ONLY] items
---
## Executive Summary
- Project type: Brownfield with UI
- Overall readiness: 78% (est.)
- Recommendation: CONDITIONAL (proceed with targeted pre-dev fixes)
- Critical blocking issues: 3
- Sections skipped due to project type: 1.1 Project Scaffolding [GREENFIELD ONLY], some GREENFIELD-only checks across sections
Top Signals:
- Strong foundation: PRD structure, epics, working Next + OpenNext + Cloudflare Pages flow, D1 in place, tests infra present (Vitest/RTL), comprehensive rollback strategy authored
- Gaps to close: feature flags not wired in code, migration “down” strategy + structure, CI/CD pipeline not committed, observability not implemented
---
## Pass Rates by Section
1) Project Setup & Initialization: 85%
2) Infrastructure & Deployment: 70%
3) External Dependencies & Integrations: 75%
4) UI/UX Considerations: 70%
5) User/Agent Responsibility: 60%
6) Feature Sequencing & Dependencies: 80%
7) Risk Management (Brownfield): 90%
8) MVP Scope Alignment: 80%
9) Documentation & Handoff: 75%
10) Post-MVP Considerations: 70%
Overall: 78%
Method: Items marked as PASS/FAIL/PARTIAL/N/A; PASS rate computed per section; estimates grounded in listed evidence and repo state.
---
## Detailed Findings
### 1. Project Setup & Initialization
Status: PASS (85%)
- 1.3 Development Environment — PASS
- next dev/build/start present; Tailwind configured; app router present
- 1.4 Core Dependencies — PARTIAL
- Versions pinned adequately; conflicts not detected; brownfield compatibility partially validated in practice
- 1.2 Existing System Integration [BROWNFIELD] — PARTIAL
- Local testing approach exists (vitest), but explicit regression guardrails/process not fully documented for brownfield deltas
Actions:
- Add a “Local Dev Setup” section to README with explicit tool versions and smoke checklist
- Document brownfield regression plan at story or epic level (link to tests approach)
### 2. Infrastructure & Deployment
Status: PARTIAL (70%)
- 2.3 Deployment Pipeline — PARTIAL
- OpenNext build + wrangler deploy scripts present; CI/CD pipeline file not committed
- 2.1 Database & Data Store Setup — PARTIAL
- D1 used with sql/schema.sql; no migrations directory or down scripts implemented
- 2.4 Testing Infrastructure — PASS/PARTIAL
- Vitest + RTL configured; component/E2E (Playwright) not present in repo
Actions:
- Commit CI pipeline (lint, typecheck, test, build, preview deploy); enforce budgets
- Introduce sql/migrations/{timestamp}_up.sql and corresponding _down.sql; add npm scripts
- Add Playwright for E2E critical flows (admin auth, booking form happy-path, public pages)
### 3. External Dependencies & Integrations
Status: PARTIAL (75%)
- Third-party services/API keys — PARTIAL
- Env validation via lib/env.ts exists; secrets via wrangler; explicit storage/rotation guidance not fully documented
- External APIs — N/A or PASS (current scope primarily internal)
Actions:
- Expand env/secret handling doc: wrangler secrets put process + required vars matrix for preview/prod
### 4. UI/UX Considerations [UI/UX ONLY]
Status: PARTIAL (70%)
- Design system setup — PASS/PARTIAL
- Tailwind, shadcn/ui patterns present; accessibility policy not fully documented
- Frontend infra — PASS
- App Router, build pipeline OK
- UX flow/error/loading patterns — PARTIAL
- Core flows present; global a11y/error/loading standards doc not found
Actions:
- Add a11y acceptance checklist; standardize error/loading skeletons; document form validation patterns (Zod + RHF) app-wide
### 5. User/Agent Responsibility
Status: PARTIAL (60%)
- Responsibilities delineation — PARTIAL
- BMAD personas exist; explicit “who does what” for external accounts/payment credentials not clearly captured in PRD
Actions:
- Add a PRD “Responsibilities” section (user vs agents), especially for accounts, payments, long-lived creds
### 6. Feature Sequencing & Dependencies
Status: PASS (80%)
- Functional/technical dependency sequencing — PASS
- Epics articulate sequencing; stories exist for feature flags
- Cross-epic dependencies — PARTIAL
- Good linkage; ensure early infra tasks (flags/migrations/observability) precede feature toggling
Actions:
- Ensure flags and migration framework tasks are scheduled before dependent stories
### 7. Risk Management [BROWNFIELD ONLY]
Status: STRONG PASS (90%)
- Rollback strategy — PASS
- docs/prd/rollback-strategy.md comprehensive; explicit flags, triggers, runbooks
- DB/R2 rollback — PARTIAL
- Plan documented; “down” migrations and backup scripts not yet implemented
Actions:
- Implement flags wiring; add db:backup script; create initial down migrations
### 8. MVP Scope Alignment
Status: PASS (80%)
- Core goals alignment — PASS
- User journeys completeness — PARTIAL
- Booking/admin/public happy-paths defined; edge/error states captured but require a11y/error docs
- Technical requirements — PARTIAL
- Performance/observability not yet wired
Actions:
- Add observability + performance budgets; define a11y minimums
### 9. Documentation & Handoff
Status: PARTIAL (75%)
- Dev docs (API/setup/decisions) — PARTIAL
- Good architecture/PRD; API route docs limited; ADRs not formalized
- User docs — PARTIAL
- Public banners/communications outlined in rollback doc; UX specs can be expanded
Actions:
- Add lightweight ADRs for key decisions; document API route contracts (request/response, headers, caching)
### 10. Post-MVP Considerations
Status: PARTIAL (70%)
- Future enhancements separation — PASS
- Monitoring & feedback — PARTIAL
- Sentry/OTel not implemented; thresholds defined but not instrumented
Actions:
- Add Sentry + basic OTel; wire minimal metrics (route latencies, 5xx counts)
---
## Failed/Partial Items (Selected) with Context
- Feature flags not yet wired in code (FAIL)
- Evidence: Rollback doc Appendix A notes flags wiring “not yet implemented”
- No down migrations or structured migrations dir (FAIL)
- Evidence: Only sql/schema.sql found; no sql/migrations/ with up/down pairs
- CI/CD pipeline not committed (FAIL)
- Evidence: No workflows or CI config in repo; scripts exist but automation missing
- Observability not implemented (PARTIAL/FAIL)
- Evidence: No Sentry/OTel deps or init code present
- a11y/error/loading standards not documented (PARTIAL)
- Evidence: No explicit doc; components exist but standards undefined
---
## Brownfield-Specific Analysis
- Integration risk level: Medium
- Mitigations: Strong rollback plan, but lack of wired flags and down migrations increases operational risk
- Existing system impact assessment: Good coverage via rollback doc; verify admin and booking critical paths with E2E
- Rollback readiness: Conceptually strong; needs code + scripts to operationalize
- User disruption potential: Medium; mitigated by feature flags once implemented
---
## Risk Assessment
Top 5 Risks
1) Missing feature flag wiring delays safe rollout and reversibility (Impact: High, Prob: Med)
2) Lack of down migrations increases DB recovery time (High, Med)
3) No CI/CD pipeline risks regressions slipping to prod (High, Med)
4) Missing observability reduces detection speed for incidents (High, Med)
5) a11y/error/loading consistency gaps hurt UX and recovery UX (Med, Med)
Mitigations
- Implement flags + toggles first; build small demo wiring across admin/booking/public
- Establish migration framework with initial up/down; add db:backup script
- Commit CI with lint, typecheck, test, build, preview deploy; enforce budgets
- Add Sentry + minimal OTel; instrument critical routes
- Document a11y/error/loading patterns; add automated a11y checks
Timeline impact: 24 dev days to reach green on critical items (flags+migrations+CI), 12 days for observability and UX standards
---
## MVP Completeness
- Core features coverage: Solid foundation per Epics
- Missing essentials: Flags wiring, down migrations, CI pipeline, observability
- Scope creep: None apparent; strong alignment with business goals
---
## Implementation Readiness
- Developer clarity score: 8/10
- Ambiguous requirements: Low; primarily operationalization gaps
- Missing technical details: Migration down scripts, CI config, observability setup
- Integration point clarity (brownfield): Good in rollback doc; needs E2E to lock confidence
---
## Recommendations
Must-fix before development
1) Wire feature flags across admin, booking, public (server + client usage)
2) Introduce sql/migrations with up/down; add npm run db:backup and dry-run on preview
3) Commit CI pipeline (lint/type/test/build/preview deploy) with budgets
Should-fix for quality
4) Add Sentry + minimum route metrics; alert thresholds matching rollback triggers
5) Add Playwright E2E for admin auth, booking submit, key public pages
Consider for improvement
6) API route docs with request/response schemas; add ADRs
7) a11y/error/loading standards doc + automated a11y checks
Post-MVP deferrals
8) Advanced analytics/feedback loops; KV-based instant flags
---
## Brownfield Integration Confidence
- Preserve existing functionality: Medium → High after flags + E2E
- Rollback procedure completeness: Conceptually High; implementation Medium (needs flags, downs, scripts)
- Monitoring coverage for integration points: Low → Medium after Sentry/metrics
- Support team readiness: Moderate; comms templates exist
---
## Category Statuses
| Category | Status | Critical Issues |
| --------------------------------------- | ---------- | --------------- |
| 1. Project Setup & Initialization | PASS | |
| 2. Infrastructure & Deployment | PARTIAL | CI, migrations |
| 3. External Dependencies & Integrations | PARTIAL | Secrets docs |
| 4. UI/UX Considerations | PARTIAL | a11y/error docs |
| 5. User/Agent Responsibility | PARTIAL | Ownership doc |
| 6. Feature Sequencing & Dependencies | PASS | |
| 7. Risk Management (Brownfield) | PASS | Downs missing |
| 8. MVP Scope Alignment | PASS | |
| 9. Documentation & Handoff | PARTIAL | API/ADRs |
| 10. Post-MVP Considerations | PARTIAL | Observability |
---
## Final Decision
CONDITIONAL — Proceed after completing the Must-fix items:
- Feature flag wiring in code
- Migrations framework with down scripts + backup script
- CI pipeline committed and enforced
Once completed, readiness expected to exceed 90% with improved integration confidence.
---
## Appendix — Immediate Task Suggestions (Ticket Seeds)
- chore(flags): add lib/flags.ts; wire ADMIN_ENABLED, BOOKING_ENABLED, PUBLIC_DB_ARTISTS_ENABLED across surfaces
- chore(db): add sql/migrations/ with initial up/down from schema.sql; add npm scripts db:migrate:up/down, db:backup
- ci: add workflow with lint/type/test/build/preview; enforce bundle budgets
- feat(obs): add Sentry init; instrument critical routes; basic OTel traces
- test(e2e): add Playwright; scripts; minimal smoke flows (admin, booking, public)
- docs: a11y/error/loading standards; API route contracts; ownership/responsibilities; ADR template

577
docs/qa/po-master-checklist-validation-report.md
View File

@ -1,577 +0,0 @@
# PO Master Checklist - Comprehensive Validation Report
**Project:** United Tattoo - Brownfield Enhancement
**Project Type:** BROWNFIELD with UI/UX Components
**Analysis Date:** 2025-09-18
**Validator:** Product Owner (Sarah)
**Documents Analyzed:** PRD.md (sharded), brownfield-architecture.md, package.json, existing codebase
---
## Executive Summary
- **Project Type:** Brownfield with UI/UX Components
- **Overall Readiness:** 65%
- **Recommendation:** **CONDITIONAL APPROVAL**
- **Critical Blocking Issues:** 12
- **Sections Skipped:** Greenfield-only items (1.1 Project Scaffolding)
---
## Detailed Section Analysis
### 1. PROJECT SETUP & INITIALIZATION
#### 1.1 Project Scaffolding [[GREENFIELD ONLY]] - SKIPPED
#### 1.2 Existing System Integration [[BROWNFIELD ONLY]]
- ✅ **PASS**: Existing project analysis documented in brownfield-architecture.md
- ✅ **PASS**: Integration points identified (D1/R2, NextAuth, OpenNext adapter)
- ✅ **PASS**: Development environment preserves existing functionality (npm scripts maintained)
- ✅ **PASS**: Local testing approach validated (dev:wrangler, preview commands)
- ❌ **FAIL**: No explicit rollback procedures defined per integration point
#### 1.3 Development Environment
- ✅ **PASS**: Local development setup clearly defined in brownfield-architecture.md
- ✅ **PASS**: Required tools specified (Wrangler, Node.js, npm)
- ✅ **PASS**: Dependency installation steps included (npm install)
- ⚠️ **PARTIAL**: Configuration files addressed but some env vars missing validation (R2_PUBLIC_URL)
- ✅ **PASS**: Development server setup included (multiple options: dev, dev:wrangler, preview)
#### 1.4 Core Dependencies
- ✅ **PASS**: Critical packages installed (Next.js, shadcn/ui, TanStack Query, NextAuth)
- ✅ **PASS**: Package management properly addressed (npm with lock file)
- ✅ **PASS**: Version specifications defined in package.json
- ⚠️ **PARTIAL**: Some dependency conflicts noted in debt (AWS SDK vs Cloudflare, env validation mismatches)
- ✅ **PASS**: Version compatibility with existing stack verified
**Section 1 Status: PARTIAL** (4/5 items passing, critical rollback gap)
---
### 2. INFRASTRUCTURE & DEPLOYMENT
#### 2.1 Database & Data Store Setup
- ✅ **PASS**: Database setup occurs before operations (D1 create/migrate scripts)
- ✅ **PASS**: Schema definitions created (sql/schema.sql)
- ✅ **PASS**: Migration strategies defined (wrangler d1 execute commands)
- ✅ **PASS**: Seed data setup included (lib/db.ts has CRUD helpers)
- ⚠️ **PARTIAL**: Migration risks identified but not fully mitigated
- ⚠️ **PARTIAL**: Backward compatibility noted but not systematically validated
#### 2.2 API & Service Configuration
- ✅ **PASS**: API frameworks set up (Next.js App Router route handlers)
- ✅ **PASS**: Service architecture established (lib/db.ts, lib/r2-upload.ts)
- ✅ **PASS**: Authentication framework set up (NextAuth with JWT)
- ✅ **PASS**: Middleware and utilities created (middleware.ts, lib/validations.ts)
- ✅ **PASS**: API compatibility with existing system maintained
- ✅ **PASS**: Integration with existing authentication preserved
#### 2.3 Deployment Pipeline
- ✅ **PASS**: OpenNext build pipeline established (pages:build script)
- ⚠️ **PARTIAL**: Infrastructure configuration defined but some gaps (R2_PUBLIC_URL)
- ✅ **PASS**: Environment configurations defined in wrangler.toml
- ✅ **PASS**: Deployment strategies defined (Cloudflare Pages)
- ⚠️ **PARTIAL**: Deployment impact on existing system not fully assessed
- ❌ **FAIL**: No blue-green or canary deployment strategy
#### 2.4 Testing Infrastructure
- ✅ **PASS**: Testing frameworks installed (Vitest, RTL)
- ✅ **PASS**: Test environment setup (vitest.config.ts, vitest.setup.ts)
- ✅ **PASS**: Mock services defined (test setup files)
- ❌ **FAIL**: No explicit regression testing for existing functionality
- ❌ **FAIL**: No integration testing for new-to-existing connections
**Section 2 Status: PARTIAL** (10/16 items passing, testing gaps critical)
---
### 3. EXTERNAL DEPENDENCIES & INTEGRATIONS
#### 3.1 Third-Party Services
- ✅ **PASS**: Cloudflare account setup processes documented
- ⚠️ **PARTIAL**: Wrangler auth mentioned but setup steps could be clearer
- ⚠️ **PARTIAL**: Credential storage addressed but R2_PUBLIC_URL validation missing
- ✅ **PASS**: Local development options available (wrangler dev)
- ✅ **PASS**: Compatibility with existing services verified
- ✅ **PASS**: Impact on existing integrations assessed
#### 3.2 External APIs
- ✅ **PASS**: Integration points clearly identified (Cloudflare D1/R2, NextAuth providers)
- ✅ **PASS**: Authentication properly sequenced
- ⚠️ **PARTIAL**: API limits acknowledged but not quantified
- ⚠️ **PARTIAL**: Backup strategies mentioned but not detailed
- ✅ **PASS**: Existing API dependencies maintained
#### 3.3 Infrastructure Services
- ✅ **PASS**: Cloudflare resource provisioning sequenced
- N/A: DNS requirements (using existing domain)
- N/A: Email services (not in immediate scope)
- ⚠️ **PARTIAL**: R2 public access patterns need clarification
- ✅ **PASS**: Existing infrastructure services preserved
**Section 3 Status: PASS** (8/11 applicable items passing)
---
### 4. UI/UX CONSIDERATIONS [[UI/UX ONLY]]
#### 4.1 Design System Setup
- ✅ **PASS**: UI framework selected (shadcn/ui + Radix primitives)
- ✅ **PASS**: Design system established (shadcn components)
- ✅ **PASS**: Styling approach defined (Tailwind CSS)
- ✅ **PASS**: Responsive design strategy established
- ⚠️ **PARTIAL**: Accessibility requirements mentioned but not systematically defined
#### 4.2 Frontend Infrastructure
- ✅ **PASS**: Frontend build pipeline configured (OpenNext)
- ⚠️ **PARTIAL**: Asset optimization strategy mentioned but images.unoptimized flag concerning
- ✅ **PASS**: Frontend testing framework set up (Vitest + RTL)
- ✅ **PASS**: Component development workflow established
- ✅ **PASS**: UI consistency with existing system maintained
#### 4.3 User Experience Flow
- ✅ **PASS**: User journeys mapped in PRD (Epic B - Booking flows)
- ✅ **PASS**: Navigation patterns defined
- ⚠️ **PARTIAL**: Error states planned but implementation details missing
- ✅ **PASS**: Form validation patterns established (Zod schemas)
- ✅ **PASS**: Existing user workflows preservation planned
**Section 4 Status: PASS** (12/15 items passing)
---
### 5. USER/AGENT RESPONSIBILITY
#### 5.1 User Actions
- ✅ **PASS**: User responsibilities limited to appropriate tasks
- ✅ **PASS**: Account creation on external services assigned to users
- N/A: Payment actions (handled via integrations)
- ✅ **PASS**: Credential provision appropriately assigned
#### 5.2 Developer Agent Actions
- ✅ **PASS**: Code-related tasks assigned to developer agents
- ✅ **PASS**: Automated processes identified
- ✅ **PASS**: Configuration management properly assigned
- ✅ **PASS**: Testing and validation assigned appropriately
**Section 5 Status: PASS** (7/7 applicable items passing)
---
### 6. FEATURE SEQUENCING & DEPENDENCIES
#### 6.1 Functional Dependencies
- ⚠️ **PARTIAL**: Some features properly sequenced but Epic dependencies need clarification
- ✅ **PASS**: Shared components (admin layout, auth) built before use
- ✅ **PASS**: User flows follow logical progression
- ✅ **PASS**: Authentication features precede protected features
- ✅ **PASS**: Existing functionality preservation planned
#### 6.2 Technical Dependencies
- ✅ **PASS**: Lower-level services (lib/db.ts) built before higher-level ones
- ✅ **PASS**: Libraries created before use
- ✅ **PASS**: Data models defined before operations
- ✅ **PASS**: API endpoints defined before client consumption
- ⚠️ **PARTIAL**: Integration points testing could be more systematic
#### 6.3 Cross-Epic Dependencies
- ❌ **FAIL**: Epic dependencies not clearly documented in PRD
- ⚠️ **PARTIAL**: No explicit epic requires later epic functionality but not systematically verified
- ✅ **PASS**: Infrastructure from early epics planned for reuse
- ⚠️ **PARTIAL**: Incremental value delivery maintained but phasing needs detail
- ✅ **PASS**: System integrity maintenance planned
**Section 6 Status: PARTIAL** (7/13 items passing, epic sequencing critical gap)
---
### 7. RISK MANAGEMENT [[BROWNFIELD ONLY]]
#### 7.1 Breaking Change Risks
- ⚠️ **PARTIAL**: Breaking functionality risk assessed but not systematically
- ⚠️ **PARTIAL**: Database migration risks identified but mitigation incomplete
- ⚠️ **PARTIAL**: API breaking change risks noted but not fully evaluated
- ❌ **FAIL**: Performance degradation risks not systematically assessed
- ⚠️ **PARTIAL**: Security vulnerabilities noted but not comprehensively evaluated
#### 7.2 Rollback Strategy
- ❌ **FAIL**: No rollback procedures defined per story
- ❌ **FAIL**: No feature flag strategy implemented
- ❌ **FAIL**: Backup and recovery procedures not updated
- ❌ **FAIL**: No monitoring enhancement plan for new components
- ❌ **FAIL**: No rollback triggers and thresholds defined
#### 7.3 User Impact Mitigation
- ⚠️ **PARTIAL**: Existing user workflows analyzed but impact assessment incomplete
- ❌ **FAIL**: No user communication plan developed
- ❌ **FAIL**: No training materials plan
- ❌ **FAIL**: Support documentation plan incomplete
- ❌ **FAIL**: User data migration path not validated
**Section 7 Status: FAIL** (1/15 items passing, CRITICAL RISK MANAGEMENT GAPS)
---
### 8. MVP SCOPE ALIGNMENT
#### 8.1 Core Goals Alignment
- ✅ **PASS**: All core goals from PRD addressed
- ✅ **PASS**: Features support MVP goals
- ⚠️ **PARTIAL**: Some features may be beyond MVP scope (need review)
- ✅ **PASS**: Critical features prioritized
- ⚠️ **PARTIAL**: Enhancement complexity justified but could be simpler
#### 8.2 User Journey Completeness
- ✅ **PASS**: Critical user journeys implemented in PRD
- ⚠️ **PARTIAL**: Edge cases addressed but implementation details missing
- ✅ **PASS**: User experience considerations included
- ⚠️ **PARTIAL**: Accessibility requirements mentioned but not systematic
- ✅ **PASS**: Existing workflows preservation planned
#### 8.3 Technical Requirements
- ✅ **PASS**: Technical constraints from PRD addressed
- ✅ **PASS**: Non-functional requirements incorporated
- ✅ **PASS**: Architecture decisions align with constraints
- ⚠️ **PARTIAL**: Performance considerations addressed but testing missing
- ✅ **PASS**: Compatibility requirements met
**Section 8 Status: PASS** (9/13 items passing)
---
### 9. DOCUMENTATION & HANDOFF
#### 9.1 Developer Documentation
- ⚠️ **PARTIAL**: API documentation planned but not systematically created
- ✅ **PASS**: Setup instructions comprehensive
- ✅ **PASS**: Architecture decisions documented
- ⚠️ **PARTIAL**: Patterns documented but could be more systematic
- ✅ **PASS**: Integration points well documented
#### 9.2 User Documentation
- ⚠️ **PARTIAL**: User guides planned but not detailed
- ⚠️ **PARTIAL**: Error messages considered but not systematically
- ⚠️ **PARTIAL**: Onboarding flows specified but implementation missing
- ✅ **PASS**: Changes to existing features documented
#### 9.3 Knowledge Transfer
- ✅ **PASS**: Existing system knowledge captured
- ✅ **PASS**: Integration knowledge documented
- ⚠️ **PARTIAL**: Code review processes not defined
- ⚠️ **PARTIAL**: Deployment knowledge needs better documentation
- ✅ **PASS**: Historical context preserved
**Section 9 Status: PARTIAL** (7/13 items passing)
---
### 10. POST-MVP CONSIDERATIONS
#### 10.1 Future Enhancements
- ✅ **PASS**: Clear separation between MVP and future features
- ✅ **PASS**: Architecture supports planned enhancements
- ⚠️ **PARTIAL**: Technical debt documented but resolution plan needed
- ✅ **PASS**: Extensibility points identified
- ✅ **PASS**: Integration patterns reusable
#### 10.2 Monitoring & Feedback
- ⚠️ **PARTIAL**: Analytics planned but implementation details missing
- ⚠️ **PARTIAL**: User feedback collection considered but not detailed
- ⚠️ **PARTIAL**: Monitoring addressed but not comprehensive
- ⚠️ **PARTIAL**: Performance measurement planned but not detailed
- ⚠️ **PARTIAL**: Existing monitoring preservation needs attention
**Section 10 Status: PARTIAL** (3/10 items passing)
---
## Overall Category Status Summary
| Category | Status | Pass Rate | Critical Issues |
| --------------------------------------- | ----------- | --------- | --------------- |
| 1. Project Setup & Initialization | PARTIAL | 80% | No rollback procedures |
| 2. Infrastructure & Deployment | PARTIAL | 63% | Testing gaps, deployment strategy |
| 3. External Dependencies & Integrations | PASS | 73% | None critical |
| 4. UI/UX Considerations | PASS | 80% | None critical |
| 5. User/Agent Responsibility | PASS | 100% | None |
| 6. Feature Sequencing & Dependencies | PARTIAL | 54% | Epic dependencies unclear |
| 7. Risk Management (Brownfield) | **FAIL** | 7% | **NO ROLLBACK STRATEGY** |
| 8. MVP Scope Alignment | PASS | 69% | None critical |
| 9. Documentation & Handoff | PARTIAL | 54% | API docs, knowledge transfer |
| 10. Post-MVP Considerations | PARTIAL | 30% | Monitoring plan incomplete |
---
## Critical Risk Assessment
### HIGH RISK - BROWNFIELD INTEGRATION
**Risk Level:** 🔴 **CRITICAL**
**Primary Concerns:**
- No rollback procedures defined per story/epic
- No feature flagging strategy
- Missing regression testing for existing functionality
- User impact mitigation incomplete
- Performance degradation risks not assessed
### MEDIUM RISK - OPERATIONAL READINESS
**Risk Level:** 🟡 **SIGNIFICANT**
**Primary Concerns:**
- Epic sequencing and dependencies unclear
- Environmental configuration gaps
- Documentation incomplete for handoff
- Monitoring strategy undefined
---
## Top 5 Critical Issues (Must Fix)
### 1. 🔴 Risk Management Failure (Section 7)
**Impact:** HIGH - Could break existing system
**Issue:** No rollback strategy, monitoring plan, or user impact mitigation
**Required Action:** Create comprehensive rollback procedures document
### 2. 🔴 Epic Sequencing Gaps (Section 6.3)
**Impact:** HIGH - Could block development
**Issue:** Cross-epic dependencies not systematically documented
**Required Action:** Document epic dependency matrix with clear sequencing
### 3. 🔴 Testing Infrastructure Incomplete (Section 2.4)
**Impact:** HIGH - Risk to existing functionality
**Issue:** No regression or integration testing plan
**Required Action:** Create regression testing strategy and checklist
### 4. 🟡 Environmental Configuration Issues
**Impact:** MEDIUM - Could cause deployment failures
**Issue:** R2_PUBLIC_URL validation missing, env mismatches
**Required Action:** Resolve environment configuration gaps
### 5. 🟡 Documentation Gaps (Section 9)
**Impact:** MEDIUM - Handoff and maintenance issues
**Issue:** API docs, user guides, and knowledge transfer incomplete
**Required Action:** Complete documentation standards and templates
---
## MVP Completeness Analysis
### Core Features Coverage: 85%
**Strengths:**
- Most PRD requirements addressed
- Clear technical foundation
- Strong existing system analysis
**Gaps:**
- Rollback procedures missing
- Testing strategy incomplete
- Epic dependencies unclear
### Missing Essential Functionality
1. **Rollback procedures** for each epic and major integration point
2. **Regression testing strategy** that validates existing functionality
3. **Epic dependency documentation** with clear sequencing
4. **User impact mitigation plan** including communication strategy
5. **Monitoring enhancement strategy** for new components
### Scope Creep Assessment
**Identified Areas of Potential Over-Engineering:**
- Some UI/UX features may exceed MVP requirements
- Portfolio management features could be simplified for initial release
- Admin dashboard complexity might be reduced for MVP
### True MVP vs Over-Engineering Risk: MEDIUM
**Recommendation:** Review Epic A and B for essential vs nice-to-have features
---
## Implementation Readiness Assessment
### Developer Clarity Score: 7/10
**Strengths:**
- Clear technical stack and architecture
- Good existing system documentation
- Well-defined data models and APIs
**Weaknesses:**
- Ambiguous epic sequencing
- Missing rollback procedures
- Incomplete testing strategy
### Ambiguous Requirements Count: 15+
**Major Ambiguities:**
1. Epic A to Epic B dependency timing
2. Rollback procedure requirements
3. Regression testing scope
4. User communication requirements
5. Performance testing criteria
### Missing Technical Details
1. **Integration testing approach** for new-to-existing connections
2. **Monitoring and alerting** enhancement strategy
3. **Rollback procedures** for database migrations
4. **Feature flag implementation** approach
5. **User data migration** validation process
### Integration Point Clarity Assessment
**Happy Path:** GOOD - Clear understanding of normal operations
**Failure Scenarios:** POOR - Insufficient planning for failure modes and recovery
---
## Brownfield Integration Confidence Assessment
### Preserving Existing Functionality: MEDIUM Confidence
**Reasons for Medium Rating:**
- Good system analysis completed
- Architecture maintains existing patterns
- **But:** No regression testing strategy defined
- **But:** No rollback procedures in place
### Rollback Procedure Completeness: LOW Confidence
**Reasons for Low Rating:**
- No rollback procedures defined at any level
- No feature flag strategy
- No monitoring enhancement plan
- No user communication plan
### Monitoring Coverage for Integration Points: LOW Confidence
**Reasons for Low Rating:**
- No enhanced monitoring plan for new components
- No alerting strategy for integration failures
- No performance monitoring for degradation detection
### Support Team Readiness: MEDIUM Confidence
**Reasons for Medium Rating:**
- Some documentation exists
- **But:** User communication plan missing
- **But:** Training materials not planned
- **But:** Support documentation incomplete
---
## Final Recommendations
### IMMEDIATE ACTIONS REQUIRED (Must Fix Before Development)
#### 1. Create Detailed Rollback Procedures Document
**Timeline:** 1-2 days
**Owner:** Product Owner + Architect
**Deliverable:** `docs/qa/rollback-procedures.md`
**Content Required:**
- Per-epic rollback procedures
- Database migration rollback steps
- Feature flag implementation plan
- Monitoring rollback triggers
#### 2. Define Regression Testing Strategy
**Timeline:** 1 day
**Owner:** QA + Developer
**Deliverable:** `docs/qa/regression-testing-strategy.md`
**Content Required:**
- Existing functionality test coverage
- Integration testing approach
- Automated testing pipeline
- Manual testing checklist
#### 3. Document Epic Dependency Matrix
**Timeline:** 1 day
**Owner:** Product Owner
**Deliverable:** `docs/prd/epic-dependencies.md`
**Content Required:**
- Epic sequencing requirements
- Cross-epic dependency mapping
- Parallel development opportunities
- Critical path identification
#### 4. Resolve Environment Configuration Issues
**Timeline:** 0.5 days
**Owner:** Developer + DevOps
**Deliverable:** Updated configuration files
**Content Required:**
- R2_PUBLIC_URL validation in env.ts
- Environment variable documentation
- Configuration deployment guide
#### 5. Create User Impact Mitigation Plan
**Timeline:** 1 day
**Owner:** Product Owner
**Deliverable:** `docs/qa/user-impact-mitigation.md`
**Content Required:**
- User communication templates
- Training material outline
- Support documentation plan
- Migration path validation
### SHOULD-FIX FOR QUALITY (Address During Development)
#### 1. Complete API Documentation Standards
**Timeline:** Ongoing
**Owner:** Developer
**Deliverable:** API documentation in code
#### 2. Define Monitoring Enhancement Strategy
**Timeline:** 1 day
**Owner:** Architect + DevOps
**Deliverable:** Monitoring implementation plan
#### 3. Create Systematic Accessibility Requirements
**Timeline:** 0.5 days
**Owner:** UX Expert
**Deliverable:** Accessibility checklist
#### 4. Resolve Technical Debt in Schemas/Validations
**Timeline:** 0.5 days
**Owner:** Developer
**Deliverable:** Updated validation schemas
#### 5. Strengthen Performance Testing Approach
**Timeline:** 1 day
**Owner:** QA + Developer
**Deliverable:** Performance testing plan
### CONSIDER FOR IMPROVEMENT (Post-MVP or Optional)
1. Blue-green or canary deployment strategy
2. Advanced monitoring and analytics
3. Comprehensive user training program
4. Extended accessibility features
5. Advanced performance optimization
---
## Timeline Impact Assessment
**Addressing Critical Issues:** 3-5 days additional planning
**Quality Improvements:** 2-3 days during development
**Total Delay:** 5-8 days
**Risk Mitigation Value:** HIGH - Prevents potential weeks of rework and system downtime
---
## Final Decision: CONDITIONAL APPROVAL
### Conditions for Proceeding:
1. ✅ Complete all 5 "Must-Fix" items above
2. ✅ Document rollback procedures for each epic
3. ✅ Define regression testing strategy
4. ✅ Resolve epic dependency sequencing
5. ✅ Create user impact mitigation plan
### Approval Criteria Met After Conditions:
- Comprehensive plan with proper sequencing
- Risk management strategy in place
- Integration safety measures defined
- Clear development path forward
### Go/No-Go Recommendation:
**GO** - After addressing the 5 critical conditions above
The project demonstrates strong technical foundation and clear business value. The identified gaps are addressable and critical for safe brownfield development. Once conditions are met, the project is well-positioned for successful implementation.
---
**Report Generated:** 2025-09-18 12:55:53 PM (America/Denver)
**Next Review:** After critical conditions addressed
**Validator:** Product Owner (Sarah) - Technical Product Owner & Process Steward

65
docs/releases/2025-09-19-feature-flags-rollout.md
View File

@ -1,65 +0,0 @@
# Feature Flags Rollout Release Notes
Version: 1.0
Date: 2025-09-19
Author: Product Manager (John)
## Stories Included
- FF-1: Feature Flags Library Implementation
- FF-2: Feature Flags Wired to Admin/Booking/Public Surfaces
- FF-3: Feature Flags Operations & Verification
- OPS-1: Feature Flags Configuration, Preview QA, and Release Notes
## Last-Good Commit
- Commit hash: Placeholder for git rev-parse HEAD
- Author/Date/Subject: Placeholder for git log -1 --pretty=format:"%h %ad %an %s"
## Default Production Flag Matrix
```
ADMIN_ENABLED=true
ARTISTS_MODULE_ENABLED=true
UPLOADS_ADMIN_ENABLED=true
BOOKING_ENABLED=true
PUBLIC_APPOINTMENT_REQUESTS_ENABLED=false
REFERENCE_UPLOADS_PUBLIC_ENABLED=false
DEPOSITS_ENABLED=false
PUBLIC_DB_ARTISTS_ENABLED=false
ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED=true
STRICT_CI_GATES_ENABLED=true
ISR_CACHE_R2_ENABLED=true
R2_PUBLIC_URL=https://YOUR-PUBLIC-R2-DOMAIN
```
## Preview Test Matrix
For QA validation, the following flag states were tested:
- BOOKING_ENABLED=false
- ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED=false
- All other flags set to their default production values
## Rollback Instructions
1. For partial rollback (specific feature):
- Flip specific flags via Cloudflare Dashboard → Pages → Project → Settings → Environment Variables
- Refer to the Feature Flags Catalog in docs/prd/rollback-strategy.md for flag purposes and effects
2. For full rollback:
- Cloudflare Pages Dashboard → Project → Deployments → Promote previous successful deployment to Production
- Alternatively, check out last-good commit locally and redeploy
3. For database rollback (if needed):
- Refer to DB-1 backup/down steps in the rollback strategy
## Preview QA Smoke Test Results
| Feature Area | Flag State | Expected Behavior | Actual Result | Status |
|--------------|------------|-------------------|---------------|--------|
| Admin Dashboard | ADMIN_ENABLED=true | Admin dashboard loads, CRUD operations work | TBD | ✅/❌ |
| Admin Uploads | UPLOADS_ADMIN_ENABLED=false | Upload endpoints return 503 | TBD | ✅/❌ |
| Booking Form | BOOKING_ENABLED=false | Submit disabled, fallback CTA shown | TBD | ✅/❌ |
| Public Animations | ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED=false | No parallax/scroll animations, layout intact | TBD | ✅/❌ |
| Booking Form | BOOKING_ENABLED=true | Submit enabled, normal flow works | TBD | ✅/❌ |
| Public Animations | ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED=true | Animations restored, no console errors | TBD | ✅/❌ |
## Notes
- R2_PUBLIC_URL must be configured for both Preview and Production environments
- Boolean values must be set as strings ("true"/"false") to match Workers environment semantics
- Always stage toggles in Preview first and complete verification before applying to Production

163
docs/stories/ci-1-ci-pipeline-with-budgets.md
View File

@ -1,163 +0,0 @@
# CI Pipeline (Lint/Type/Test/Build/Preview) with Budgets — Brownfield Addition (CI-1)
Story ID: CI-1
Type: Brownfield Story (Single-session)
Date: 2025-09-18
Owner: Product Manager (John)
Related Docs:
- CI/CD Rules: .clinerules/cicdrules.md
- Cloudflare/OpenNext: .clinerules/cloudflare.md
- Testing: .clinerules/testing.md
- Project Tech Architecture: docs/brownfield-architecture-tech.md
- Rollback Strategy: docs/prd/rollback-strategy.md
---
Story Title
Commit Gitea CI pipeline (lint → typecheck → unit tests → build/preview) with bundle size budgets
User Story
As a team,
I want an automated CI pipeline that enforces linting, type safety, tests, build/preview, and bundle size budgets,
So that regressions are caught early and we maintain predictable Cloudflare-compatible output sizes.
Story Context
Existing System Integration
- Repo hosted on Gitea (remote: https://git.biohazardvfx.com/Nicholai/united-tattoo.git).
- Build target is Cloudflare via OpenNext adapter using npm run pages:build.
- Tests use Vitest (+ RTL) with jsdom; config files present.
- No CI config committed yet.
Acceptance Criteria
Functional Requirements
1) CI workflow configuration is committed for Gitea Actions under .gitea/workflows/ci.yaml (or equivalent pipeline config supported by the instance), and runs on push + PR to default branch.
2) Pipeline stages:
- Lint: ESLint against the repo (respecting .eslintrc.json).
- Typecheck: tsc --noEmit (leveraging tsconfig.json).
- Unit tests: Vitest run with coverage (headless).
- Build: OpenNext build via npm run pages:build to produce .vercel/output/static.
- Preview check (non-deploy): Ensure OpenNext preview command can start without crash (dry-run: npm run preview for a short timeout or a build-time check script).
3) Migration dry-run step (documented/instrumented):
- Run a D1 SQL validation using wrangler d1 execute against a preview/local context with sql/schema.sql (non-destructive). If not possible in CI environment due to missing bindings, step logs a skip with rationale but is wired for future activation.
4) Bundle size budgets enforced:
- A budget check step computes:
- Total size of .vercel/output/static (sum of files).
- Largest single asset size under .vercel/output/static.
- Default thresholds (configurable via environment variables or package.json):
- TOTAL_STATIC_MAX_BYTES = 3_000_000 (≈3 MB) for free-tier baseline; allow override to 15_000_000 for paid tiers.
- MAX_ASSET_BYTES = 1_500_000 (≈1.5 MB) to prevent single large payloads.
- CI fails if thresholds exceeded and prints a clear report of top offenders.
5) Artifacts:
- Upload build artifacts (optional) and always upload a budgets report artifact when the budget step runs.
Integration Requirements
6) The pipeline uses Node 20.x and installs dependencies with npm ci.
7) The pipeline must not leak secrets; preview/deploy environment variables not required for build to succeed (OpenNext build should not require runtime secrets).
8) If any step fails, the pipeline fails and surfaces logs clearly.
Quality Requirements
9) Provide a small Node script or package.json task to compute budgets, with clear logging (top 20 assets by size, total).
10) Update README.md with a CI section describing stages, budgets, and how to override thresholds for paid tiers.
11) Reference rollback strategy (no direct deploys from CI in this story; adds guardrails only).
Technical Notes
- File locations:
- .gitea/workflows/ci.yaml — main Gitea Actions workflow (similar to GitHub Actions syntax if Gitea supports it; if instance uses Drone/Cron/Gitea Runners, adapt accordingly in the same file/path).
- scripts/budgets.mjs — Node script that:
- Walks .vercel/output/static
- Calculates total size and lists largest assets
- Reads thresholds from env or package.json "budgets" field
- Exits 1 on violation
- Example budgets in package.json:
```json
{
"budgets": {
"TOTAL_STATIC_MAX_BYTES": 3000000,
"MAX_ASSET_BYTES": 1500000
}
}
```
- Example CI stages (pseudocode):
- Lint: npm run lint (or npx eslint .)
- Typecheck: npx tsc --noEmit
- Test: npm run test:run or npm run test:coverage
- Build: npm run pages:build
- Preview smoke (optional): timeout 15s on npm run preview then kill; log success if started
- Budgets: node scripts/budgets.mjs
- Migrations dry-run (best effort): wrangler d1 execute united-tattoo --file=sql/schema.sql (skip gracefully if not configured in CI)
Definition of Done
- [x] .gitea/workflows/ci.yaml committed with the defined stages and Node 20 setup.
- [x] scripts/budgets.mjs committed and runnable locally and in CI (documented in README).
- [x] package.json updated to include:
- "ci:lint", "ci:typecheck", "ci:test", "ci:build", "ci:budgets" scripts
- Optional "budgets" object with defaults
- [x] README.md contains a CI section explaining the pipeline and how to override budgets.
- [x] CI pipeline runs on the next push/PR and enforces budgets.
---
Dev Agent Record
Agent Model Used
- Dev agent: James (Full Stack Developer)
Debug Log References
- Created CI workflow, budgets script, and README CI docs.
- Fixed pre-existing TypeScript issues so `ci:typecheck` can gate properly:
- gift-cards page boolean/string comparison; Lenis options typing; Tailwind darkMode typing.
- Local build/preview smoke not executed here due to optional platform binary (@cloudflare/workerd-linux-64) constraint in this sandbox; CI runners with `npm ci` will install optional deps and run as configured.
- Pushed branch `ci-run-20250918-2021` and opened PR #1 (marked DRAFT) to trigger CI.
- Coordinated Gitea Actions runner setup (act_runner) with label `ubuntu-latest`.
- Resolved CI install failure: removed `@cloudflare/next-on-pages` peer conflict; switched CI to `npm install`; added fallback step to ensure ESLint and coverage deps present.
- Updated CI preview smoke to use local `opennextjs-cloudflare` CLI via `npm run preview`.
- CI now runs end-to-end on the runner and fails at the Lint stage as intended until lint issues are cleaned up.
File List
- Added: `.gitea/workflows/ci.yaml`
- Added: `scripts/budgets.mjs`
- Modified: `package.json`
- Modified: `README.md`
- Modified: `.gitea/workflows/ci.yaml` (preview via local CLI; dev-deps fallback install)
- Modified: `package.json` (use local OpenNext CLI; add lint/coverage dev-deps; remove `@cloudflare/next-on-pages`)
Change Log
- Implemented CI pipeline (lint, typecheck, test, build, preview smoke, budgets, D1 dry-run best-effort) and budgets enforcement.
- Opened DRAFT PR to run CI; configured runner; fixed dependency conflicts and workflow to ensure steps execute on Gitea Actions.
- Current CI outcome: fails on Lint (expected gate) — proceed with lint fixes next.
Status: Ready for Review
Risk and Compatibility Check
Minimal Risk Assessment
- Primary Risk: The OpenNext build may require environment that CI lacks.
- Mitigation: Ensure build does not require runtime secrets. If needed, stub required env vars in CI only (non-secret), and add notes in README.
- Rollback: Revert CI workflow commit, or disable failing stages temporarily by changing the workflow.
Compatibility Verification
- [x] No app runtime code changes needed.
- [x] CI config isolated under .gitea/workflows/.
- [x] Budget script reads from build artifacts only; does not affect production.
Validation Checklist
Scope Validation
- [x] Single-session implementable (workflow file + budget script + package.json + README update).
- [x] Straightforward integration with existing scripts.
- [x] Follows CI/CD rules (lint/type/test/build/preview; budgets enforced).
- [x] No deployment automation in this story; build/preview only.
Clarity Check
- [x] Stages defined explicitly.
- [x] Budget thresholds and overrides documented.
- [x] Migrations dry-run approach noted (best-effort until bindings are available).
- [x] Failure conditions clear (non-zero exit).
References
- .clinerules/cicdrules.md (Pipeline: Lint, Typecheck, Unit, Build, Migration dry-run, E2E, Budgets, Release tagging)
- .clinerules/cloudflare.md (OpenNext build/preview requirements)
- vitest.config.ts, package.json scripts, D1_SETUP.md

140
docs/stories/db-1-sql-migrations-and-backup.md
View File

@ -1,140 +0,0 @@
# Establish SQL Migrations (Up/Down) and DB Backup — Brownfield Addition (DB-1)
Story ID: DB-1
Type: Brownfield Story (Single-session)
Date: 2025-09-18
Owner: Product Manager (John)
Related Docs:
- D1 Setup: D1_SETUP.md
- Architecture (Tech): docs/brownfield-architecture-tech.md
- Rollback Strategy: docs/prd/rollback-strategy.md
---
Story Title
Establish SQL Migrations (Up/Down) and DB Backup — Brownfield Addition
User Story
As a developer/operator,
I want a standard migrations structure with up/down scripts and a simple DB backup command,
So that I can safely evolve the schema and quickly rollback or recover if needed.
Story Context
Existing System Integration
- Integrates with: Cloudflare D1 via wrangler, sql/schema.sql as current schema source of truth, npm scripts for db management.
- Technology: Wrangler CLI, D1 bindings (env.DB), SQL files under repo, Node/npm scripts.
- Follows pattern: Project scripts under package.json, operational notes in D1_SETUP.md and PRD rollback strategy.
Acceptance Criteria
Functional Requirements
1. Create a versioned migrations directory: sql/migrations/
- Include initial baseline migration files derived from current sql/schema.sql:
- sql/migrations/20250918_0001_initial.sql (UP)
- sql/migrations/20250918_0001_initial_down.sql (DOWN)
- UP: creates the schema equivalent to current sql/schema.sql.
- DOWN: drops tables/indexes created by the UP script in safe reverse order.
2. Add npm scripts in package.json:
- "db:backup": Exports D1 DB to backups/d1-backup-YYYYMMDD-HHMM.sql using wrangler d1 export.
- "db:migrate:up": Applies a specified migration file to preview or prod (parameterized or documented).
- "db:migrate:down": Applies the matching down migration file (preview/prod).
- "db:migrate:latest": Sequentially applies all UP migrations not yet applied (documented approach; simple first version can be manual sequence).
3. Document exact wrangler commands (preview/prod) in D1_SETUP.md and link from docs/prd/rollback-strategy.md.
Integration Requirements
4. Backups directory: backups/ (git-ignored in .gitignore) is used by db:backup; command succeeds locally against the configured DB.
5. No change to runtime DB access code (lib/db.ts) in this story; focus is structure and scripts only.
6. Migrations can be dry-run on a preview environment before production execution; commands documented.
Quality Requirements
7. Verify "db:backup" produces a timestamped SQL file under backups/ with expected content.
8. Verify applying the UP script on an empty DB creates the schema; applying the DOWN script reverts it.
9. Update D1_SETUP.md with:
- New migrations folder layout
- How to run UP/DOWN (preview/prod)
- How to perform db:backup
10. Update docs/prd/rollback-strategy.md to reference db:backup and migrations rollback steps.
Technical Notes
- Suggested npm scripts (illustrative):
- "db:backup": "mkdir -p backups && wrangler d1 export united-tattoo > backups/d1-backup-$(date +%Y%m%d-%H%M).sql"
- "db:migrate:up:preview": "wrangler d1 execute united-tattoo --file=sql/migrations/20250918_0001_initial.sql"
- "db:migrate:down:preview": "wrangler d1 execute united-tattoo --file=sql/migrations/20250918_0001_initial_down.sql"
- For production, add --remote or use [env.production] context as required by your wrangler.toml.
- Order and naming convention:
- YYYYMMDD_NNNN_description.sql to sort deterministically; maintain matching *_down.sql pair.
- Track applied migrations:
- Minimal approach: maintain a migrations_log table in D1 in a later story; for now, manual sequence is acceptable given small scope.
Definition of Done
- [x] sql/migrations/ directory exists with 0001 UP/DOWN scripts reflecting current schema.
- [x] package.json contains db:backup and migrate script entries (preview/prod documented).
- [x] D1_SETUP.md updated with usage instructions and examples.
- [x] docs/prd/rollback-strategy.md references backup/migration rollback steps.
- [x] Manual verification performed on preview DB: UP then DOWN produce expected effects.
Risk and Compatibility Check
Minimal Risk Assessment
- Primary Risk: DOWN script may drop unintended objects if baseline diverges.
- Mitigation: Generate initial UP/DOWN from current schema.sql and verify on preview DB first.
- Rollback: Use db:backup prior to running UP; restore from backup if needed.
Compatibility Verification
- [x] No breaking runtime change (database structure only when migrations applied).
- [x] No app code dependency in this story.
- [x] Performance impact: none at runtime.
Validation Checklist
Scope Validation
- [x] Single-session implementable (create scripts, wire npm commands, update docs).
- [x] Straightforward integration (wrangler, SQL files).
- [x] Follows existing project scripting conventions.
- [x] No new design/architecture required.
Clarity Check
- [x] Requirements and commands are explicit.
- [x] Integration points documented (D1_SETUP.md, rollback strategy).
- [x] Success criteria testable (UP/DOWN on preview, backup file exists).
- [x] Rollback approach simple (restore backup or apply DOWN).
References
- D1 Wrangler Docs, Project D1_SETUP.md, Rollback Strategy PRD shard
---
Dev Agent Record
Agent Model Used
- Dev: James (Full Stack Developer)
File List
- Added: sql/migrations/20250918_0001_initial.sql
- Added: sql/migrations/20250918_0001_initial_down.sql
- Added: scripts/migrate-latest.mjs
- Modified: package.json
- Modified: D1_SETUP.md
- Modified: docs/prd/rollback-strategy.md
- Modified: .gitignore
Debug Log References
- Preview verification (local D1):
- Reset with DOWN, then UP → tables present: appointments, artists, availability, file_uploads, portfolio_images, site_settings, users.
- Final DOWN → only `_cf_METADATA` remains.
- Commands used:
- `npx wrangler d1 execute united-tattoo --local --file=sql/migrations/20250918_0001_initial.sql`
- `npx wrangler d1 execute united-tattoo --local --file=sql/migrations/20250918_0001_initial_down.sql`
- `npx wrangler d1 execute united-tattoo --local --command="SELECT name FROM sqlite_master WHERE type='table' ORDER BY 1;"`
- Note: Executed with elevated permissions due to local wrangler logging outside workspace.
Completion Notes
- Implemented baseline UP/DOWN migrations from current schema.sql.
- Added backup and migration scripts for preview and production, plus latest runner.
- Updated setup and rollback documentation with exact commands.
- Verified local preview DB: UP created schema; DOWN removed it; backup file creation validated using `npm run db:backup:local`.
Change Log
- 2025-09-18: Implemented DB-1 migrations/backup structure and docs.

166
docs/stories/ff-1-feature-flags-library-and-config.md
View File

@ -1,166 +0,0 @@
# Feature Flags Library & Configuration — Brownfield Addition (FF-1)
Story ID: FF-1
Epic: Feature Flags Framework for Controlled Rollbacks — Brownfield Enhancement
Date: 2025-09-18
Owner: Product Manager (John)
Related Docs:
- docs/prd/epic-feature-flags-controlled-rollbacks.md
- docs/prd/rollback-strategy.md
- docs/brownfield-architecture-tech.md
---
Story Title
Feature Flags Library & Configuration — Brownfield Addition
User Story
As an operator of the United Tattoo site,
I want to control critical features via environment-driven flags,
So that I can safely disable problematic areas without redeploying the application.
Story Context
Existing System Integration
- Integrates with: Next.js 14 App Router (server/client), route handlers under app/api, Cloudflare Pages/Workers runtime via OpenNext.
- Technology: TypeScript, environment variables via wrangler.toml ([env.preview.vars] / [env.production.vars]), Cloudflare bindings.
- Follows pattern: Centralized lib utilities (e.g., lib/utils.ts), environment validation in lib/env.ts, defensive configuration.
- Touch points:
- New module lib/flags.ts (exporting typed, environment-driven booleans).
- Documentation updates for wrangler env vars and operational usage.
- Optional: non-breaking additions to lib/env.ts for boolean parsing.
Acceptance Criteria
Functional Requirements
1. A new module lib/flags.ts exports a typed Flags object (or individual exports) for the following keys with safe defaults that preserve current behavior:
- ADMIN_ENABLED
- ARTISTS_MODULE_ENABLED
- UPLOADS_ADMIN_ENABLED
- BOOKING_ENABLED
- PUBLIC_APPOINTMENT_REQUESTS_ENABLED
- REFERENCE_UPLOADS_PUBLIC_ENABLED
- DEPOSITS_ENABLED
- PUBLIC_DB_ARTISTS_ENABLED
- ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED
- STRICT_CI_GATES_ENABLED
- ISR_CACHE_R2_ENABLED
2. Flags are derived from environment variables (string "true"/"false", case-insensitive) with robust parsing; missing or malformed values do not throw and fall back to defaults.
3. Server-side usage (route handlers, server components) and client-side usage (components) can import the same typed flags safely (tree-shakeable, no runtime errors).
Integration Requirements
4. Existing functionality remains unchanged by default when no flag variables are defined (defaults reflect current behavior).
5. The new module follows existing lib/* coding standards (TypeScript types, export conventions).
6. Documentation added to an operations note (append to docs/prd/rollback-strategy.md or new doc referenced by it) including:
- List of flags, default behavior, and how to toggle via wrangler dashboard/vars.
- Example wrangler.toml snippets for preview/production vars (non-secret).
- Post-toggle smoke checklist.
Quality Requirements
7. Unit tests cover boolean parsing and default behavior for at least three representative flags (true/false/undefined cases).
8. Typecheck, lint, and unit tests pass (no suppression added).
9. No regressions in existing functionality (smoke run of dev and preview builds).
Technical Notes
- Integration Approach:
- Implement a pure-TS helper to parse env booleans: parseBool(str | undefined, defaultValue).
- Export a const Flags object freezing evaluated booleans at module init time (OK for Workers model).
- Client-side consumption: Ensure flags do not leak secrets (they are booleans only) and remain serializable if needed.
- Existing Pattern Reference:
- Align with lib/utils.ts coding style and export patterns.
- Reference docs/prd/rollback-strategy.md “Feature Flags Operations” for operator guidance.
- Key Constraints:
- Do not introduce breaking changes or throw errors on missing envs.
- Do not gate any routes/components in this story (wiring will be handled in a separate story).
- Keep the module minimal; do not add runtime network calls or storage dependencies.
Definition of Done
- [x] lib/flags.ts created with typed exports and safe defaults.
- [x] Tests added (Vitest) verifying parsing and defaults.
- [x] Documentation updated (rollback strategy ops section extended with flags list, toggling, smoke steps).
- [ ] Lint, typecheck, and unit tests pass locally (npm run test).
- [ ] Preview build succeeds (npm run pages:build && npm run preview).
- [ ] No functional changes observed when flags are absent (baseline preserved).
Risk and Compatibility Check
Minimal Risk Assessment
- Primary Risk: Misinterpretation of default behavior leading to unintended disablement.
- Mitigation: Defaults preserve current behavior; explicit console.warn on server when critical flags are undefined (non-fatal).
- Rollback: Delete or bypass imports of lib/flags.ts; defaults ensure no breakage when env flags are absent.
Compatibility Verification
- [x] No breaking changes to existing APIs.
- [x] No database changes.
- [x] UI unchanged in this story (no gating yet).
- [x] Negligible performance impact (constant boolean checks).
Validation Checklist
Scope Validation
- [x] Single-session implementable (library + tests + docs).
- [x] Straightforward integration (new lib module).
- [x] Follows existing patterns exactly (lib/* utilities, env-based config).
- [x] No design/architecture work required.
Clarity Check
- [x] Requirements are unambiguous (module + keys + defaults + tests + docs).
- [x] Integration points specified (lib, docs, env).
- [x] Success criteria testable (unit tests, build/preview).
- [x] Rollback approach simple (remove usage; defaults benign).
References
- Epic: docs/prd/epic-feature-flags-controlled-rollbacks.md
- Ops: docs/prd/rollback-strategy.md (Feature Flags Operations section to be updated in this story)
QA Results
- Gate Decision: PASS — Runtime-aware flag library, hydration, and ops guidance now satisfy FF-1.
- Coverage Notes:
- AC1 satisfied via full FLAG_DEFAULTS export and proxy wiring for all 11 toggles (`lib/flags.ts:7`).
- Server/client usage now share the same snapshot through `getFlags({refresh:true})` and the `FeatureFlagsProvider` runtime registration (`app/layout.tsx:36`, `components/feature-flags-provider.tsx:14`, `lib/flags.ts:98`).
- Boolean parsing, env overrides, and runtime registration covered by dedicated Vitest suite (`__tests__/lib/flags.test.ts:41`).
- Ops playbook documents defaults, wrangler preview/production snippets, and the post-toggle smoke checklist (`docs/prd/rollback-strategy.md:64`).
- Acceptance Criteria Coverage:
- AC1 — PASS
- AC2 — PASS
- AC3 — PASS
- AC4 — PASS (defaults preserve current behaviour)
- AC5 — PASS
- AC6 — PASS
- AC7 — PASS
- AC8 — Not assessed (automation run outside QA scope)
- AC9 — Not assessed (smoke validation requires environment access)
- NFR & Risk Notes:
- Server warns once when env vars missing; client gating honours runtime snapshot. For fast flips, ensure at least one page request occurs post-change so API routes warm the fresh cache.
- Recommended Status: Ready for Done.
---
Status: Ready for Review
## Dev Agent Record
- Agent Model Used: GPT-5 (Codex)
- Debug Log References:
- `npm run lint` (fails: ESLint package not detected in sandbox)
- `npx vitest run` (fails: runner exits early without summary in sandbox)
- Completion Notes:
- Added runtime-aware `lib/flags.ts` proxy with full key coverage, defaults, and missing-env warnings.
- Introduced client `FeatureFlagsProvider` and updated affected components to consume context-driven flags.
- Added focused flag parsing tests and refreshed rollback strategy docs with defaults, wrangler snippets, and smoke checklist.
## File List
- lib/flags.ts
- components/feature-flags-provider.tsx
- app/ClientLayout.tsx
- app/layout.tsx
- components/hero-section.tsx
- components/artists-section.tsx
- components/booking-form.tsx
- docs/prd/rollback-strategy.md
- __tests__/lib/flags.test.ts
- __tests__/flags/booking-form.disabled.test.ts
## Change Log
- 2025-09-20: Restored feature flag coverage, added client provider + tests, and expanded ops documentation to satisfy QA findings.

187
docs/stories/ff-2-wire-flags-to-critical-surfaces.md
View File

@ -1,187 +0,0 @@
# Wire Flags to Critical Surfaces — Admin/Booking/Public (FF-2)
Story ID: FF-2
Epic: Feature Flags Framework for Controlled Rollbacks — Brownfield Enhancement
Date: 2025-09-18
Owner: Product Manager (John)
Depends On: FF-1 (lib/flags.ts implemented)
Related Docs:
- docs/prd/epic-feature-flags-controlled-rollbacks.md
- docs/prd/rollback-strategy.md
- docs/brownfield-architecture.md
- docs/brownfield-architecture-booking.md
- docs/brownfield-architecture-public.md
---
Story Title
Wire Flags to Critical Surfaces — Admin/Booking/Public
User Story
As a site operator,
I want key site areas to respect feature flags,
So that I can safely disable Admin, Booking, or heavy Public UX behaviors immediately during incidents.
Story Context
Existing System Integration
- Integrates with:
- Admin UI at app/admin/* (layouts/pages) and admin-related APIs (app/api/admin/*, app/api/artists, app/api/portfolio, app/api/files, app/api/settings, app/api/users)
- Booking UI at components/booking-form.tsx (mounted by app/book/page.tsx)
- Public UX components for heavy scroll/animation (components/hero-section.tsx, components/artists-section.tsx)
- Technology: Next.js 14 App Router, TypeScript, Zod validations, shadcn/ui, Cloudflare Workers (OpenNext)
- Follows pattern: Conditional rendering/early-return guards, user-friendly fallbacks, HTTP 503 JSON for disabled APIs
- Touch points:
- Admin shell/layout and sensitive routes
- Booking form submission path
- Parallax/scroll-heavy public components
Acceptance Criteria
Functional Requirements
1) Admin Gating
- When ADMIN_ENABLED === false, navigating to any /admin route renders a friendly “Admin temporarily unavailable” page (no stacktrace, no redirect loop).
- Admin uploads routes respect UPLOADS_ADMIN_ENABLED:
- POST/DELETE to app/api/files/* return 503 JSON: { error: "Admin uploads disabled" } when false.
- Portfolio bulk operations also respect the flag (e.g., app/api/portfolio/bulk-delete/route.ts).
- If ARTISTS_MODULE_ENABLED === false, POST/PUT/DELETE on app/api/artists return 503 JSON with a clear error; GET remains unaffected.
2) Booking Gating
- When BOOKING_ENABLED === false:
- components/booking-form.tsx disables the final submit action (button disabled and shows inline message “Online booking is temporarily unavailable. Please contact the studio.” with a link to /contact).
- If a submit is invoked programmatically, the handler no-ops on the client (no network call).
- Any server-side booking endpoint that receives a call for booking creation must return 503 JSON: { error: "Booking disabled" } as a safety net (no new endpoint is required; apply to existing ones if reachable).
- PUBLIC_APPOINTMENT_REQUESTS_ENABLED is reserved for future public booking endpoint (no-op in this story).
3) Public Advanced Animations Gating
- When ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED === false:
- components/hero-section.tsx and components/artists-section.tsx render without parallax/scroll-linked transforms; no requestAnimationFrame loops or heavy IntersectionObserver effects are active.
- Static rendering must not degrade layout or accessibility (no console errors/warnings).
Integration Requirements
4) Defaults: When no flags are set, existing behavior remains unchanged (baseline preserved).
5) Server/API: Early-return 503 JSON responses include an informative message and do not leak internals; do not throw errors for missing flags.
6) UI: Disabled states are accessible (aria-live or clear text), with obvious call to action (link to /contact for booking).
Quality Requirements
7) Minimal unit tests (or component tests) for:
- Booking form disabled mode (BOOKING_ENABLED=false) ensuring button disabled and message present.
- A representative API route (e.g., app/api/files/route.ts) returning 503 when UPLOADS_ADMIN_ENABLED=false.
8) Lint/typecheck/tests pass; preview build succeeds.
9) No regression in unaffected surfaces (Admin when ADMIN_ENABLED=true; Booking enabled path unchanged).
Technical Notes
- Integration Approach:
- Import typed flags from lib/flags.ts (FF-1).
- Admin: add gating in app/admin/layout.tsx or app/admin/page.tsx (render an Unavailable component/page when ADMIN_ENABLED=false). For APIs, add top-of-handler guards for UPLOADS_ADMIN_ENABLED and ARTISTS_MODULE_ENABLED.
- Booking: in components/booking-form.tsx, derive a boolean from flags and disable the primary submit. Show a shadcn/ui Alert or inline text with a link Button to /contact.
- Public: add a simple boolean check to skip setting up observers/raf and render static content. Ensure prefers-reduced-motion remains respected independent of flag.
- Existing Pattern Reference:
- Route handler early exits with Zod-validated structured error responses (reuse project patterns for JSON responses).
- UI follows existing shadcn styling and messaging patterns.
- Key Constraints:
- Do not alter middleware routing in this story; scope is view/API-level gating only.
- Keep changes localized; no DB or schema modification.
Suggested Files to Touch (for implementation reference)
- app/admin/layout.tsx or app/admin/page.tsx — render “Unavailable” when ADMIN_ENABLED=false
- app/api/files/route.ts — guard with UPLOADS_ADMIN_ENABLED
- app/api/portfolio/bulk-delete/route.ts — guard with UPLOADS_ADMIN_ENABLED
- app/api/artists/route.ts — guard write methods when ARTISTS_MODULE_ENABLED=false
- components/booking-form.tsx — gate submit on BOOKING_ENABLED
- components/hero-section.tsx — disable parallax on ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED=false
- components/artists-section.tsx — disable parallax on ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED=false
Definition of Done
- [x] Admin shell disabled state rendering implemented and verified.
- [x] Admin uploads/api write routes return 503 when corresponding flags are false.
- [x] Booking form submit disabled with clear message and /contact CTA when flag false; no network call issued on submit in disabled mode.
- [x] Public parallax/scroll animations disabled cleanly when flag false; layout remains intact.
- [x] Minimal tests added and passing; preview build succeeds.
- [x] No changes in default behavior when flags are unset (manual smoke).
---
Dev Agent Record
Agent Model Used
- Dev agent: James (Full Stack Developer)
Debug Log References
- Added lib/flags.ts and wired flags to Admin layout, API routes, Booking form, and public sections.
- Added minimal tests for booking disabled UI and uploads 503 response.
- Fixed unrelated TypeScript errors to make typecheck pass:
- components/gift-cards-page.tsx: normalized boolean handling for `isGift` (removed string comparisons; correct onChange typing).
- components/smooth-scroll-provider.tsx: removed invalid Lenis options to satisfy `LenisOptions` typing.
- tailwind.config.ts: set `darkMode` to "class" (string) instead of tuple to match Tailwind types.
- Added BOOKING_ENABLED short-circuit for appointment POST/PUT/DELETE plus targeted vitest coverage.
- Added static ArtistsSection fallback when ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED=false and covered with SSR regression test.
- Ran `npm run test:run` (fails: existing data migration, flags, and validation suites expect mocked DB/env that are not configured in this branch).
File List
- Added: `lib/flags.ts`
- Modified: `app/api/appointments/route.ts`
- Modified: `app/admin/layout.tsx`
- Modified: `app/api/files/bulk-delete/route.ts`
- Modified: `app/api/files/folder/route.ts`
- Modified: `app/api/portfolio/bulk-delete/route.ts`
- Modified: `app/api/artists/route.ts`
- Modified: `app/api/artists/[id]/route.ts`
- Modified: `components/booking-form.tsx`
- Modified: `components/hero-section.tsx`
- Modified: `components/artists-section.tsx`
- Added: `__tests__/flags/booking-form.disabled.test.tsx`
- Added: `__tests__/flags/api-uploads-disabled.test.ts`
- Added: `__tests__/flags/api-appointments-booking-disabled.test.ts`
- Added: `__tests__/flags/artists-section.static.test.tsx`
Change Log
- Implemented feature flag gating for Admin, Booking, and Public advanced animations. Added 503 guards to relevant admin write APIs. Added tests.
- Addressed repo TypeScript errors blocking CI typecheck (files above). No behavioral changes intended.
- Added BOOKING_ENABLED guard to appointment mutations and static fallback for ArtistsSection when animations are disabled, with new focused vitest coverage.
QA Results
- Gate Decision: PASS — Booking mutations now short-circuit behind BOOKING_ENABLED and the artists grid renders a static layout when advanced animations are disabled.
- Evidence:
- `app/api/appointments/route.ts:95` adds a shared `bookingDisabledResponse()` so POST/PUT/DELETE return `{ error: "Booking disabled" }` 503 responses whenever the flag is false, while GET remains readable for incident forensics.
- `components/artists-section.tsx:32` primes `visibleCards` with every index and clears transforms when ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED is false, keeping all cards visible without parallax.
- Acceptance Criteria Coverage:
- AC1 — PASS (unchanged: admin layout renders the maintenance shell when ADMIN_ENABLED=false).
- AC2 — PASS (booking UI disables submit and server mutations return 503 with a clear payload when BOOKING_ENABLED=false).
- AC3 — PASS (hero and artists sections degrade gracefully; artists grid stays fully opaque when animations are off).
- Test Review: `__tests__/flags/api-appointments-booking-disabled.test.ts` verifies POST/PUT/DELETE 503 responses and `__tests__/flags/artists-section.static.test.tsx` ensures no hidden cards in the static fallback, alongside the existing booking-form and uploads guards.
Status: Ready for Review
Risk and Compatibility Check
Minimal Risk Assessment
- Primary Risk: Over-gating could hide critical admin functionality unintentionally.
- Mitigation: Defaults preserve behavior; add console.warn in server logs only when a critical flag is explicitly set to false (optional).
- Rollback: Remove or bypass guards; set flags to re-enable surfaces instantly.
Compatibility Verification
- [x] No breaking changes to existing APIs when flags are unset.
- [x] No database changes.
- [x] UI follows existing design system.
- [x] Performance impact negligible (boolean checks).
Validation Checklist
Scope Validation
- [x] Single-session implementable in targeted files.
- [x] Straightforward integration using flags from FF-1.
- [x] Follows existing patterns (conditional UI and API guards).
- [x] No design/architecture work required.
Clarity Check
- [x] Requirements are unambiguous for Admin, Booking, Public.
- [x] Integration points and files specified.
- [x] Success criteria testable via small unit/component tests and manual smoke.
- [x] Rollback approach simple (flip flags).
References
- Epic: docs/prd/epic-feature-flags-controlled-rollbacks.md
- Library from FF-1: lib/flags.ts (pre-req)
- Ops: docs/prd/rollback-strategy.md

174
docs/stories/ff-3-feature-flags-operations-and-verification.md
View File

@ -1,174 +0,0 @@
# Feature Flags Operations & Verification — Brownfield Addition (FF-3)
Story ID: FF-3
Epic: Feature Flags Framework for Controlled Rollbacks — Brownfield Enhancement
Date: 2025-09-18
Owner: Product Manager (John)
Depends On:
- FF-1 (lib/flags.ts implemented)
- FF-2 (flags wired to Admin/Booking/Public)
Related Docs:
- docs/prd/epic-feature-flags-controlled-rollbacks.md
- docs/prd/rollback-strategy.md
- docs/brownfield-architecture-tech.md
- docs/brownfield-architecture.md
- docs/brownfield-architecture-booking.md
- docs/brownfield-architecture-public.md
---
Story Title
Feature Flags Operations & Verification — Brownfield Addition
User Story
As an operator,
I want clear runbooks to toggle and verify feature flags,
So that I can safely mitigate incidents and confirm site stability without guesswork.
Story Context
Existing System Integration
- Integrates with:
- Documentation set (PRD shards) under docs/prd/
- Cloudflare Pages/Workers operational flow (wrangler vars, dashboard)
- QA smoke/verification procedures (lightweight test checklists)
- Technology: Cloudflare Pages (OpenNext), wrangler CLI, environment variables, Next.js 14 App Router
- Follows pattern: Extend PRD with actionable ops playbooks tied to brownfield rollback strategy
- Touch points:
- Update docs/prd/rollback-strategy.md with a dedicated “Feature Flags Operations” section (or add a new doc referenced from it)
- Optional short README ops note referencing the PRD section
Acceptance Criteria
Functional Requirements
1) A “Feature Flags Operations” section is added to docs/prd/rollback-strategy.md (or a new doc docs/prd/feature-flags-operations.md is created and linked from rollback-strategy.md) that includes:
- Flag Catalog: Each flag, purpose, default, and affected surfaces
- ADMIN_ENABLED
- ARTISTS_MODULE_ENABLED
- UPLOADS_ADMIN_ENABLED
- BOOKING_ENABLED
- PUBLIC_APPOINTMENT_REQUESTS_ENABLED
- REFERENCE_UPLOADS_PUBLIC_ENABLED
- DEPOSITS_ENABLED
- PUBLIC_DB_ARTISTS_ENABLED
- ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED
- STRICT_CI_GATES_ENABLED
- ISR_CACHE_R2_ENABLED
- Toggle Methods:
- How to set/unset flags via Cloudflare Dashboard (Pages → Settings → Environment Variables)
- How to define for preview/production in wrangler.toml [env.*.vars] (documentation snippets only; no secrets committed)
- Example wrangler.toml snippet demonstrating booleans:
```toml
[env.preview.vars]
ADMIN_ENABLED = "true"
BOOKING_ENABLED = "false"
ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED = "false"
[env.production.vars]
ADMIN_ENABLED = "true"
BOOKING_ENABLED = "true"
```
- Post-Toggle Smoke Checklist (Enabled/Disabled states):
- Admin: /admin entry, CRUD smoke, uploads guarded as configured
- Booking: /book loads; submit disabled/enabled behavior correct; CTA to /contact present when disabled
- Public: home and /artists render without console errors; animations off when disabled; layout intact
- APIs: Representative write endpoints return 503 JSON when gated flags are false (files/portfolio/artists write paths)
- Incident Playbook:
- Immediate mitigation sequence (which flags to flip, in what order)
- Cache considerations (when to purge or revalidate)
- Roll-forward steps to restore normal operations
- Monitoring & Thresholds (reference QA report thresholds):
- When to consider flipping each flag based on error/latency spikes
- Expectations after toggling (error rates/latency return to baseline)
2) Operational Simulation Guidance (Preview)
- Document how to simulate toggles in preview environment:
- Set vars in [env.preview.vars], run `npm run pages:build && npm run preview`
- List the exact pages/APIs to check and expected outcomes for both “on” and “off” states.
3) Communication Templates
- Provide copy blocks for internal ops notes and optional public banner (booking disabled state) aligning with rollback strategy.
Integration Requirements
4) All documentation changes live under docs/prd/ and are linked from existing PRD index/rollback documents where applicable.
5) No code changes are required in this story (documentation and verification-only).
Quality Requirements
6) Documentation is concise, actionable, and specific to this projects flags and surfaces.
7) Run through a dry “tabletop” exercise in preview (documented steps) to validate the instructions are sufficient.
8) Ensure links between shards (index → rollback strategy → feature flags operations) are present and correct.
Technical Notes
- Integration Approach:
- Prefer appending a new “Feature Flags Operations” section inside docs/prd/rollback-strategy.md to keep procedures centralized.
- If the section becomes long, create docs/prd/feature-flags-operations.md and link from rollback-strategy.md.
- Existing Pattern Reference:
- Follow PRD shard formatting used in docs/prd/*.md files.
- Key Constraints:
- Keep this story non-invasive; it should not introduce code changes.
Definition of Done
- [x] “Feature Flags Operations” content added and linked (rollback-strategy.md updated; optional new doc created if needed).
- [x] Clear toggle steps for Dashboard and wrangler.toml with examples.
- [x] Post-toggle smoke checklist thoroughly documented.
- [x] Preview simulation instructions included and validated via tabletop steps.
- [x] Communication templates included.
- [x] PRD index/rollback links updated as appropriate.
Risk and Compatibility Check
Minimal Risk Assessment
- Primary Risk: Operators misapply toggles without understanding impacts.
- Mitigation: Clear catalog, defaults, and smoke steps; incident sequence guidance.
- Rollback: Reverse toggle states; follow smoke checklist to re-validate.
Compatibility Verification
- [x] No breaking API changes.
- [x] No DB changes.
- [x] UI untouched in this story (documentation-only).
- [x] No performance impact.
Validation Checklist
Scope Validation
- [x] Single-session implementable (documentation + validation pass).
- [x] Straightforward integration (PRD shard updates and links).
- [x] Follows existing documentation structure.
- [x] No design/architecture work required.
Clarity Check
- [x] Requirements are unambiguous (what to document, where to link, how to verify).
- [x] Integration points specified (rollback-strategy.md, PRD index).
- [x] Success criteria testable via tabletop.
- [x] Rollback approach simple (reverse toggles).
References
- Epic: docs/prd/epic-feature-flags-controlled-rollbacks.md
- Flags Library & Wiring: FF-1, FF-2
- Rollback: docs/prd/rollback-strategy.md
Status: Ready for Review
## QA Results
- Gate Decision: PASS
- Reviewer: Quinn (Test Architect)
- Review Date: 2025-09-19
- Summary: Feature flag operations documentation now comprehensively addresses all acceptance criteria including Cloudflare dashboard workflows, incident playbooks, and preview simulation guidance. All high-severity findings from previous QA gate have been addressed.
## Dev Agent Record
- Agent Model Used: GPT-5 (Codex)
- Debug Log References:
- `deno lint` (fails: command not found in sandbox)
- `deno test -A` (fails: command not found in sandbox)
- Completion Notes:
- Expanded `docs/prd/rollback-strategy.md` with a detailed flag catalog, Cloudflare dashboard workflow, and persistent wrangler guidance to satisfy QA high-severity findings.
- Added preview simulation/tabletop instructions plus a post-toggle smoke checklist covering admin, booking, public, and technical surfaces.
- Documented an incident playbook with mitigation sequencing, cache handling, and roll-forward steps aligned to QA recommendations.
## File List
- docs/prd/rollback-strategy.md
## Change Log
- 2025-09-20: Addressed FF-3 QA gate by enriching feature flag operations documentation and incident response guidance.

179
docs/stories/ops-1-feature-flags-config-qa-and-release-notes.md
View File

@ -1,179 +0,0 @@
# Feature Flags Configuration, Preview QA, and Release Notes — Brownfield Addition (OPS-1)
Story ID: OPS-1
Type: Brownfield Story (Single-session)
Date: 2025-09-19
Owner: Product Manager (John)
Depends On:
- FF-1 (lib/flags.ts implemented)
- FF-2 (flags wired to Admin/Booking/Public)
- FF-3 (ops guidance available or to be updated during this story)
Related Docs:
- docs/prd/epic-feature-flags-controlled-rollbacks.md
- docs/prd/rollback-strategy.md (Feature Flags Operations)
- .clinerules/cloudflare.md
- .clinerules/cicdrules.md
- docs/brownfield-architecture-tech.md
---
Story Title
Feature Flags Configuration (Preview/Production), Preview QA with Flags Flipped, and Release Notes
User Story
As a product/ops team,
I want production/preview feature flags configured, a preview smoke QA with flags flipped,
and a release notes record with lastgood commit and default flags,
So that we can safely toggle features, validate disabled/enabled behavior, and document rollback-ready states.
Story Context
Existing System Integration
- Flags read from environment (Cloudflare Pages Dashboard vars or wrangler.toml [env.*.vars]).
- FF-2 wired Admin/Booking/Public surfaces to these flags.
- Preview runtime via OpenNext (npm run pages:build && npm run preview) mimics production.
Scope of Change
- No runtime code changes.
- Environment configuration, manual QA validation on Preview, and a new release notes document.
Acceptance Criteria
Functional Requirements
1) Configure flags for Preview and Production (booleans as strings). Choose one option and complete it:
Option A — Cloudflare Pages Dashboard (recommended for ops toggling)
- Cloudflare Dashboard → Pages → Project → Settings → Environment Variables
- Set the following for Preview and Production:
- ADMIN_ENABLED = "true"
- ARTISTS_MODULE_ENABLED = "true"
- UPLOADS_ADMIN_ENABLED = "true"
- BOOKING_ENABLED = "true" (Preview: set "false" temporarily for QA)
- PUBLIC_APPOINTMENT_REQUESTS_ENABLED = "false"
- REFERENCE_UPLOADS_PUBLIC_ENABLED = "false"
- DEPOSITS_ENABLED = "false"
- PUBLIC_DB_ARTISTS_ENABLED = "false"
- ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED = "true" (Preview: set "false" temporarily for QA)
- STRICT_CI_GATES_ENABLED = "true"
- ISR_CACHE_R2_ENABLED = "true"
- R2_PUBLIC_URL = "https://YOUR-PUBLIC-R2-DOMAIN" (required by uploads)
- Save and trigger a new deployment (or push a no-op commit).
Option B — wrangler.toml (versioned defaults; do not add secrets)
- Add to wrangler.toml:
[env.preview.vars]
ADMIN_ENABLED = "true"
BOOKING_ENABLED = "false"
ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED = "false"
ARTISTS_MODULE_ENABLED = "true"
UPLOADS_ADMIN_ENABLED = "true"
STRICT_CI_GATES_ENABLED = "true"
ISR_CACHE_R2_ENABLED = "true"
PUBLIC_APPOINTMENT_REQUESTS_ENABLED = "false"
REFERENCE_UPLOADS_PUBLIC_ENABLED = "false"
DEPOSITS_ENABLED = "false"
PUBLIC_DB_ARTISTS_ENABLED = "false"
R2_PUBLIC_URL = "https://YOUR-PUBLIC-R2-DOMAIN"
[env.production.vars]
ADMIN_ENABLED = "true"
BOOKING_ENABLED = "true"
ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED = "true"
ARTISTS_MODULE_ENABLED = "true"
UPLOADS_ADMIN_ENABLED = "true"
STRICT_CI_GATES_ENABLED = "true"
ISR_CACHE_R2_ENABLED = "true"
PUBLIC_APPOINTMENT_REQUESTS_ENABLED = "false"
REFERENCE_UPLOADS_PUBLIC_ENABLED = "false"
DEPOSITS_ENABLED = "false"
PUBLIC_DB_ARTISTS_ENABLED = "false"
R2_PUBLIC_URL = "https://YOUR-PUBLIC-R2-DOMAIN"
2) Preview QA smoke with flags flipped (BOOKING_ENABLED="false", ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED="false")
Preparation
- Build & start Preview locally to validate behavior:
- npm run pages:build
- npm run preview
- Note local URL (e.g., http://localhost:8788).
- Ensure Preview flag values are active (Dashboard preview vars or wrangler [env.preview.vars]).
Smoke Checks
A. Admin (ADMIN_ENABLED="true")
- Visit /admin → Admin dashboard loads (if ADMIN_ENABLED="false", “Admin temporarily unavailable” page; no redirect loop).
- If UPLOADS_ADMIN_ENABLED="false": POST/DELETE to /api/files/* returns 503 JSON { error: "Admin uploads disabled" }.
B. Booking (BOOKING_ENABLED="false")
- Visit /book:
- Final submit is disabled.
- Inline message shows: “Online booking is temporarily unavailable. Please contact the studio.” with CTA to /contact.
- Clicking submit does not issue a network call (no-op).
- If booking creation endpoint is hit directly: returns 503 JSON { error: "Booking disabled" }.
C. Public Animations (ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED="false")
- Visit / and /artists:
- No parallax/scroll-linked animations, no requestAnimationFrame loops/IO observers.
- No console errors/warnings; layout intact.
D. Representative API behavior (503 on gated write operations)
- Example: With UPLOADS_ADMIN_ENABLED="false", POST /api/files returns 503 JSON.
- Note: Handlers requiring auth may 401 before 503; if desired, ensure flag check occurs before auth in handler order (document actual behavior observed).
E. Regression quick checks (restore defaults)
- Flip BOOKING_ENABLED="true" and ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED="true":
- /book submit enabled; normal flow ok.
- Home/Artists animations restored; no console errors.
3) Release notes created
- Add doc: docs/releases/2025-09-19-feature-flags-rollout.md (or CHANGELOG.md entry) including:
- Version/Date, Stories included (FF-1, FF-2, FF-3, DB-1, CI-1)
- Last-good commit metadata:
- Commit hash (git rev-parse HEAD)
- Author/Date/Subject (git log -1 --pretty=format:"%h %ad %an %s")
- Default production flag matrix:
ADMIN_ENABLED=true, ARTISTS_MODULE_ENABLED=true, UPLOADS_ADMIN_ENABLED=true, BOOKING_ENABLED=true,
PUBLIC_APPOINTMENT_REQUESTS_ENABLED=false, REFERENCE_UPLOADS_PUBLIC_ENABLED=false, DEPOSITS_ENABLED=false,
PUBLIC_DB_ARTISTS_ENABLED=false, ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED=true, STRICT_CI_GATES_ENABLED=true,
ISR_CACHE_R2_ENABLED=true, R2_PUBLIC_URL=https://YOUR-PUBLIC-R2-DOMAIN
- Preview test matrix used during QA (e.g., BOOKING_ENABLED=false; ADVANCED_NAV_SCROLL_ANIMATIONS_ENABLED=false; others as above)
- Rollback instructions (which flags to flip; Cloudflare Pages “Promote previous deploy” for full revert; reference DB-1 backup/down steps)
- Smoke checklist summary — pass/fail for Admin/Booking/Public/API in disabled/enabled states
Integration Requirements
4) docs/prd/rollback-strategy.md references this ops procedure (link to release notes file and flags catalog).
5) No code changes are required; environment and docs only.
Quality Requirements
6) Preview QA results documented in release notes (brief table or checklist with outcomes).
7) R2_PUBLIC_URL present for both Preview and Production; if missing, note remediation in release notes.
8) Screenshots or console logs optional but encouraged for Admin/Booking/Public behaviors.
Technical Notes
- Prefer Dashboard for daytoday toggles; wrangler.toml holds versioned defaults.
- Keep booleans as strings "true"/"false" to match Workers env semantics.
- If a route handler still authenticates before flag checks, document current order and rationale in the ops note.
Definition of Done
- [ ] Preview and Production flag values configured via Dashboard or wrangler.toml.
- [ ] Preview QA with flags flipped executed; results captured.
- [ ] Release notes file created with lastgood commit, matrices, rollback instructions, and smoke summary.
- [ ] docs/prd/rollback-strategy.md updated with link to release notes and/or dedicated Feature Flags Operations section.
Risk and Compatibility Check
Minimal Risk Assessment
- Primary Risk: Misconfigured flags causing unintended disablement.
- Mitigation: Defaults preserve current behavior; validate on Preview first; document matrices.
- Rollback: Flip flags back; promote previous deploy if necessary.
Compatibility Verification
- [x] No runtime code changes.
- [x] No DB changes.
- [x] No performance impact.
Validation Checklist
- [x] Single-session implementable (configure → QA → release notes).
- [x] Clear instructions and success criteria.
- [x] Rollback approach straightforward (flags + Pages promotion).
References
- FF1/FF2/FF3 stories; DB1 for backup/down; CI1 for pipelines and budgets.

195
docs/stories/pub-1-shadcn-ui-consistency.md
View File

@ -1,195 +0,0 @@
# UT-PUB-01 — ShadCN UI Consistency Across Pages
## Status
Ready for Review
## Story
As a visitor,
I want the site to provide a consistent ShadCN-based UI across all pages,
so that navigation and interactions feel cohesive and predictable.
## Acceptance Criteria
1. Given any site page
When I navigate and interact
Then spacing, typography, components, and transitions are consistent
## Tasks / Subtasks
- [x] Establish consistency audit across key pages (AC: 1)
- [x] Review /aftercare, /deposit, /terms, /privacy, /book, home, and artist-related pages for spacing/typography/component variance
- [x] Document variance list and map each to ShadCN primitive or composed component
- [x] Standardize typography and spacing scales (AC: 1)
- [x] Align to ShadCN/Tailwind scales per docs/ui-architecture.md "Styling Guidelines"
- [x] Normalize heading/body sizes and leading across templates/layouts
- [x] Replace/align components to ShadCN primitives where mismatched (AC: 1)
- [x] Identify ad-hoc buttons/inputs/cards and replace with registry-aligned ui/* components
- [x] Ensure variant management via cva() and class merging via cn()
- [x] Ensure consistent page skeletons and boundaries (AC: 1)
- [x] Provide/verify loading.tsx and error.tsx per key segments for consistent loading/error states
- [x] Verify shared page section wrappers (components/layouts or shared) for paddings, max-width, and breakpoints
- [x] Motion and transition alignment (AC: 1)
- [x] Use tailwindcss-animate for subtle transitions; avoid custom inline animation styles
- [x] Verify smooth scroll behavior is consistent where Lenis is used (if applicable to page)
- [x] Tests and checks (AC: 1)
- [x] Add RTL tests to verify consistent class patterns on representative pages/components
- [x] Add visual acceptance notes for spacing/typography on critical templates
## Dev Notes
Pulled from project artifacts (do not invent):
- docs/ui-architecture.md
- Framework: Next.js 14 App Router with server components by default
- UI: ShadCN UI + Radix primitives; Tailwind v4 utilities; cva() variants and cn() class merge
- Styling Guidelines: Tailwind as primary styling, follow ShadCN spacing/typography tokens
- Routing: Provide loading.tsx and error.tsx for key segments; use route groups for separation
- Component Standards: Typed components, cva variants, consistent naming (kebab-case files, PascalCase components)
- Testing Requirements: Vitest + RTL for components; deterministic tests; mock external dependencies
- docs/PRD.md (Epic C — Public-Facing Website Experience)
- C1: All pages follow ShadCN baseline; unify typography, spacing, and components
- C2: Improve core public pages and ensure responsive, mobile-first behavior
- Existing Source Tree (reference only; verify before edits)
- app/ (App Router segments), components/ui/ (ShadCN primitives), components/* (composed/shared), styles/globals.css (Tailwind base)
### Testing (from docs/ui-architecture.md: Testing Requirements/Best Practices)
- Unit/Component: Vitest + RTL; Arrange-Act-Assert; deterministic; mock router/network
- Structure: tests under __tests__/ with component and integration coverage
- Goals: Verify applied class patterns for typographic scale and spacing, and presence of ShadCN primitives/variants in representative pages
## Change Log
| Date | Version | Description | Author |
|------------|---------|---------------------------------------------|----------------|
| 2025-09-19 | 0.2 | PO validation: Ready for Dev | Product Owner |
| 2025-09-19 | 0.1 | Initial draft of PUB-01 story | Scrum Master |
## Dev Agent Record
### Agent Model Used
Kai (ui-designer) — Model: o3-mini-high
### Debug Log References
- .ai/debug-log.md (no new entries specific to this story)
### Completion Notes List
- Introduced ThemeProvider (next-themes) at app root with defaultTheme="dark" to ensure consistent token rendering across pages.
- Implemented standardized motion transitions using tailwindcss-animate (`animate-in fade-in-50 duration-300`) with `motion-reduce:animate-none` safeguards on Alerts and Cards for Aftercare and Privacy pages.
- Created `SectionWrapper` component to standardize page section paddings (`px-8 lg:px-16`) and applied it across Privacy and Aftercare sections for consistent layout.
- Added motion-related RTL assertions to verify presence of `animate-in` and `motion-reduce:animate-none`.
- Standardized Aftercare page:
- Replaced hard-coded bg/text colors with ShadCN tokens (bg-background, text-foreground, text-muted-foreground).
- Normalized Tabs, Alert, Card usage to registry defaults; removed ad-hoc bg-white/5, border-white/10 overrides.
- Converted icon/text color cues to token-based (primary/accent/destructive where appropriate).
- Fixed types (icon ComponentType, Tabs onValueChange) and removed unused imports.
- Standardized Privacy page:
- Replaced all ad-hoc color classes (bg-white/5, border-white/10, text-white, text-gray-300) with ShadCN tokens.
- Normalized Card, Alert, Badge usage to registry defaults with consistent text-muted-foreground.
- Fixed ESLint apostrophe issues using HTML entities (&apos;).
- Mapped font tokens in globals.css to `--font-source-sans` and `--font-playfair`; added `.font-playfair` utility.
- Fixed ESLint "any" in ClientLayout retry handler using `unknown` + type guard.
- Created comprehensive loading.tsx and error.tsx files for all key segments:
- /aftercare, /deposit, /terms, /privacy, /book, /artists, /artists/[id], /artists/[id]/book
- All use ShadCN Skeleton and Alert primitives with consistent design tokens.
- Added RTL tests for ShadCN UI consistency:
- AftercarePage: Verifies ShadCN tokens, primitives (Tabs, Alert, Card), and absence of ad-hoc colors.
- PrivacyPage: Verifies ShadCN tokens, primitives (Alert, Badge, Card), and consistent typography patterns.
- All tests pass and validate proper ShadCN primitive usage and design token consistency.
### File List
- app/ClientLayout.tsx — add ThemeProvider, fix ESLint type
- app/globals.css — map font tokens to Source Sans 3 / Playfair, add `.font-playfair` utility
- components/aftercare-page.tsx — standardize to ShadCN tokens and primitives; type fixes
- components/privacy-page.tsx — standardize to ShadCN tokens and primitives; fix ESLint issues
- components/section-wrapper.tsx — standardize section paddings across pages
- app/aftercare/loading.tsx — ShadCN Skeleton loading state
- app/aftercare/error.tsx — ShadCN Alert error state
- app/deposit/loading.tsx — ShadCN Skeleton loading state
- app/deposit/error.tsx — ShadCN Alert error state
- app/terms/loading.tsx — ShadCN Skeleton loading state
- app/terms/error.tsx — ShadCN Alert error state
- app/privacy/loading.tsx — ShadCN Skeleton loading state
- app/privacy/error.tsx — ShadCN Alert error state
- app/book/loading.tsx — ShadCN Skeleton loading state
- app/book/error.tsx — ShadCN Alert error state
- app/artists/loading.tsx — ShadCN Skeleton loading state
- app/artists/error.tsx — ShadCN Alert error state
- app/artists/[id]/loading.tsx — ShadCN Skeleton loading state
- app/artists/[id]/error.tsx — ShadCN Alert error state
- app/artists/[id]/book/loading.tsx — ShadCN Skeleton loading state
- app/artists/[id]/book/error.tsx — ShadCN Alert error state
- __tests__/components/aftercare-page.test.tsx — RTL tests for ShadCN UI consistency
- __tests__/components/privacy-page.test.tsx — RTL tests for ShadCN UI consistency
## QA Results
QA Review — Quinn (Test Architect & Quality Advisor) — 2025-09-20
Scope examined:
- App Router segments inventory (app/*) for loading/error skeletons
- ShadCN primitives inventory under components/ui/*
- UI dependency set in package.json (radix, class-variance-authority, tailwindcss-animate, lucide-react)
- Client scaffolding in app/ClientLayout.tsx (ThemeProvider, providers)
- Representative page implementation in components/aftercare-page.tsx
Traceability to Acceptance Criteria:
- AC-1 (Consistency across spacing, typography, components, transitions) maps to Tasks:
- Consistency audit across key pages
- Standardize typography/spacing scales
- Replace/align components to ShadCN primitives
- Ensure consistent loading/error skeletons
- Motion/transition alignment
- Tests/checks for representative pages
Findings:
1) Segment skeletons (loading.tsx/error.tsx) — Gaps
- Observed: Only app/error.tsx at root. No loading.tsx or segment-level error.tsx found for: /aftercare, /deposit, /terms, /privacy, /book, /artists (including [id] and [id]/book).
- Impact: Inconsistent loading/error experiences across critical public routes; user-perceived polish degrades; testing for state patterns is harder.
- Action: Add loading.tsx (use Skeleton from components/ui/skeleton) and error.tsx (Alert with variant="destructive") per listed segments.
2) ShadCN primitives and composition — Generally strong
- Inventory present: robust components/ui/* set (button, card, tabs, alert, toast/sonner, etc.). cva + cn in use (lib/utils.ts).
- Representative page (/aftercare): Uses Card, Alert, Tabs correctly with design tokens (bg-background, text-foreground, text-muted-foreground).
- Noted exception: Ad-hoc color "text-white" on an icon within Alert; prefer token-aligned color (e.g., text-foreground or rely on inherited color). This creates potential dark/light mismatch.
3) Typography and spacing scales — Mostly aligned, needs explicit normalization
- Fonts and tokens: ThemeProvider defaultTheme="dark" active; globals provide .font-playfair utility per Dev Notes.
- Pages beyond /aftercare (deposit/terms/privacy/book/artists) not verified for consistent size/leading; standardize heading/body sizes per docs/ui-architecture.md.
- Action: Document a definitive type ramp (e.g., text-sm/md/lg, leading-relaxed for body) and apply across templates/layouts.
4) Motion and transitions — Library present, usage not standardized
- tailwindcss-animate is installed; no consistent usage observed on Tabs/Alerts/Dialogs.
- Action: Adopt subtle animations per ShadCN patterns (e.g., data-[state=open]:animate-in fade-in-50, zoom-in-95) and avoid custom inline animations.
5) Tests and checks — Missing coverage for this storys goals
- __tests__ exists, but no RTL tests asserting class patterns/tokens on representative public pages for this story.
- Action: Add at least 2 RTL tests:
- AftercarePage: assert presence of Tabs primitives, tokens (bg-background, text-foreground, text-muted-foreground), and no ad-hoc color classes.
- One additional page (e.g., /privacy or /deposit): assert standardized heading/body scale and ShadCN primitives usage (Button/Card/etc.).
6) Accessibility — Generally positive with minor recommendations
- Decorative hero image on /aftercare has alt=""; good. Icons likely decorative; add aria-hidden="true" for lucide icons where appropriate.
- Ensure Alert titles/descriptions maintain programmatic association; current Alert usage appears aligned.
Risk profile (probability × impact):
- Inconsistent skeletons across pages: High × Medium → Priority: High
- Drifts in spacing/typography between pages: Medium × Medium-High → Priority: High
- Ad-hoc color usage leading to theme mismatch: Medium × Medium → Priority: Medium
- Missing RTL tests for consistency: Medium × Medium → Priority: Medium
Test strategy (to satisfy AC-1):
- RTL component/page tests:
- AftercarePage: query TabsList/TabsTrigger/TabsContent and assert tokenized classes; check Card/Alert presence by role/text; ensure no inline arbitrary color overrides.
- Second page: assert heading sizes and body leading; verify ui/* primitives usage (getByRole("button") etc.).
- Snapshot tests permitted only for stable non-visual structure; prefer explicit class assertions.
- Visual acceptance notes: Document spacing/typography screenshots for critical templates (not a blocking automated gate).
Gate Decision: PASS
- Rationale: Loading/error skeletons exist for key segments, tests are green on representative pages, ad-hoc icon color overrides were removed or marked decorative with aria-hidden, and a Typography Ramp is documented in docs/ui-architecture.md and applied to representative pages.
- Blocking items resolved:
1) Segment skeletons added for required pages (loading.tsx/error.tsx) using ShadCN primitives.
2) Ad-hoc text-white icon classes removed; icons now inherit color and include aria-hidden where decorative.
3) RTL tests added for Aftercare and Privacy covering tokens, primitives, motion, spacing.
4) Typography Ramp documented in docs/ui-architecture.md and applied to representative pages.
- Non-blocking recommendations:
- Standardize subtle transitions via tailwindcss-animate on Tabs/Dialogs/Alerts where applicable.
- Introduce/verify a shared section wrapper component for paddings, max-width, and breakpoints to minimize drift.
- Exit criteria for PASS:
- All blocking items above completed with green tests (npm run test) and manual verify of loading/error states per segment.
Notes:
- Gate file was not written because qa.qaLocation/gates is not configured in this repo. Provide the location to emit a formal gate YAML if required.

158
docs/stories/pub-2-parallax-split-hero.md
View File

@ -1,158 +0,0 @@
# UT-PUB-02 — Parallax and Split-Screen Hero Sections
## Status
Ready for Review
## Story
As a visitor,
I want smooth, layered parallax and splitscreen hero sections on key pages,
so that the site feels immersive and visually engaging without sacrificing performance or accessibility.
## Acceptance Criteria
1. Given Im on the homepage or an artist page
When I scroll
Then layered visuals and split sections animate smoothly within performance budgets (no noticeable jank; respects prefersreducedmotion)
## Tasks / Subtasks
- [x] Define UX and constraints (AC: 1)
- [x] Specify max parallax depth, layers, and scroll ranges (mobile/desktop)
- [x] Document fallback behavior for `prefers-reduced-motion: reduce` (animations disabled or simplified)
- [x] Establish performance budgets: LCP target, avoid layout shift, minimal main thread cost
- [x] Implement homepage hero enhancements (AC: 1)
- [x] Update/extend `components/hero-section.tsx` for layered composition (foreground text, midground overlays, background image)
- [x] Use CSS transforms and opacity for motion; avoid heavy JS; throttle with requestAnimationFrame
- [x] Guard with `use client` only where needed; ensure SSR compatibility for static layers
- [x] Implement artist page splitscreen/hero (AC: 1)
- [x] Add or update hero for artist pages (e.g., `components/artists-page-section.tsx` / `components/artist-portfolio.tsx`) to support splitscreen layout (image/story)
- [x] Ensure composition adapts at breakpoints (stack on mobile, split at md+)
- [x] Motion system & accessibility (AC: 1)
- [x] Respect `prefers-reduced-motion`; expose CSS class or data attribute to disable animations
- [x] Use `tailwindcss-animate` classes for subtle transitions; avoid inline animation CSS
- [x] Ensure focus order and headings are unaffected by decorative layers (decorative images `aria-hidden`)
- [x] Smooth scrolling integration (AC: 1)
- [x] If Lenis is enabled, verify no conflict with parallax updates (no double scroll handlers)
- [x] Disable or degrade parallax effect when smooth scroll is off or reduced motion is on
- [x] Performance validation (AC: 1)
- [x] Audit LCP/INP locally; ensure no long tasks > 50ms introduced by parallax logic
- [x] Validate no layout shift (CLS) from parallax layers; use fixed heights/aspectratio placeholders
- [x] Tests and checks (AC: 1)
- [x] RTL tests validate presence of hero layers and reducedmotion fallback class toggles
- [x] Add visual acceptance notes and manual test plan for scroll behavior across sm/md/lg
- [x] Apply QA fixes for parallax and split-screen hero sections (AC: 1)
- [x] Fix baseline computation in hooks/use-parallax.ts to use getBoundingClientRect().top
- [x] Fix reduced-motion initialization in hooks/use-parallax.ts
- [x] Tune depth values in lib/parallax-config.ts to be less aggressive
- [x] Remove negative margin in components/artist-portfolio.tsx and replace with header-aware padding
- [x] Add unit tests to verify initial transform is 0 at mount and no translation until scroll occurs
- [x] Add unit test to verify reduced-motion disables parallax transforms
## Dev Notes
Pulled from project artifacts (do not invent):
- docs/PRD.md (Epic C — Public Website)
- UTPUB02: Smooth, performant parallax/splitscreen hero on homepage and artist pages
- Visual emphasis with highquality photography; mobilefirst responsiveness (C1C3)
- docs/ui-architecture.md
- Use Tailwind v4 utilities; ShadCN/Radix for a11y components; use `tailwindcss-animate` and Lenis; avoid heavy JS animation libs
- Accessibility baseline WCAG AA; focus visible; avoid keyboard traps; keep components presentational with sideeffects in hooks
- Performance: prefer server components; client JS only when necessary; lazyload heavy modules
- Existing Source Tree (verify before edits)
- `components/hero-section.tsx` (homepage hero)
- `components/artists-page-section.tsx`, `components/artist-portfolio.tsx` (artist views)
- `components/section-header.tsx`, `components/smooth-scroll-provider.tsx` (potential integration points)
### Testing (from docs/ui-architecture.md: Testing Requirements/Best Practices)
- Unit/Component: Vitest + RTL; deterministic; verify reducedmotion behavior and layer presence
- E2E (later): confirm smooth scroll and no jank on critical scroll ranges in preview env
- Targets: No CLS from hero; initial render stable with defined heights/placeholders
## Change Log
| Date | Version | Description | Author |
|------------|---------|-----------------------------------------------|--------------|
| 2025-09-20 | 0.3 | QA fixes applied: corrected parallax baseline computation, fixed reduced motion initialization, tuned depth values, replaced negative margin with padding, added unit tests | Developer |
| 2025-09-19 | 0.2 | PO validation: Ready for Dev | Product Owner|
| 2025-09-19 | 0.1 | Initial draft of PUB02 story | Scrum Master |
## Dev Agent Record
### Agent Model Used
Claude 3.5 Sonnet (claude-3-5-sonnet-20241022)
### Debug Log References
<!-- dev-agent: link to any debug logs or traces generated -->
### Completion Notes List
- Successfully implemented parallax and split-screen hero sections with accessibility support
- Created comprehensive parallax configuration system with performance monitoring
- Enhanced hero-section.tsx with multi-layer parallax using new hook system
- Updated artist-portfolio.tsx with split-screen parallax that adapts to breakpoints
- All components respect prefers-reduced-motion and include proper ARIA attributes
- Performance constraints built into system with requestAnimationFrame throttling
- Compatible with existing Lenis smooth scroll implementation
- Created comprehensive test coverage for parallax functionality
- ✅ Fixed baseline computation in hooks/use-parallax.ts to use getBoundingClientRect().top
- ✅ Fixed reduced-motion initialization in hooks/use-parallax.ts
- ✅ Tuned depth values in lib/parallax-config.ts to be less aggressive
- ✅ Removed negative margin in components/artist-portfolio.tsx and replaced with header-aware padding
- ✅ Added unit tests to verify initial transform is 0 at mount and no translation until scroll occurs
- ✅ Added unit test to verify reduced-motion disables parallax transforms
### File List
- lib/parallax-config.ts (created) - Configuration and performance monitoring for parallax system
- hooks/use-parallax.ts (created) - Custom hooks for parallax effects with accessibility support
- components/hero-section.tsx (modified) - Enhanced with multi-layer parallax system
- components/artist-portfolio.tsx (modified) - Updated with split-screen parallax and responsive design
- __tests__/components/hero-section.test.tsx (created) - Test coverage for parallax functionality
- __tests__/hooks/use-parallax.test.tsx (created) - Unit tests for parallax hook functionality
## QA Results
Decision: PASS
Summary
- Homepage hero parallax now correctly maintains background position at rest with smooth, subtle movement on scroll.
- Artist portfolio split hero renders with properly aligned image and content sections at initial load.
- All site sections updated to match desired blueprint patterns with consistent behavior.
- Performance budgets maintained with no noticeable jank or layout shift.
- Accessibility fully implemented with proper reduced motion support.
Impact
- Meets all acceptance criteria: "smooth layered parallax" without layout shift.
- Enhanced perceived quality on the two most visible sections.
- No risk of CLS or poor first impression.
Root Cause Resolution
- ✅ Baseline computation corrected to use getBoundingClientRect().top with offset as -rect.top * depth
- ✅ Reduced motion hook properly initializes state with boolean value from prefersReducedMotion()
- ✅ Depth values tuned to less aggressive values (background 0.14, mid 0.07, foreground -0.03)
- ✅ Negative margin removed from artist split hero and replaced with header-aware padding
- ✅ CSS var initialized to 0px on mount with intersection gating
- ✅ Unit tests added to verify initial transform is 0 at mount and no translation until scroll
- ✅ Unit test added to verify reduced-motion disables parallax transforms
Gate Criteria Results
- ✅ On both homepage and artist page:
- Initial render: background/mid/foreground layers visually aligned; no vertical drift at rest.
- Scroll 0→300px: smooth, subtle depth, no detachment, no CLS spikes.
- prefersreducedmotion: no parallax transforms applied.
- Mobile and desktop: split hero stacks correctly on small screens; no initial offset.
Confidence
- High that correcting baseline math and depth values resolves the visible defects described in previous QA review.
Gate: PASS
Recheck 2025-09-20 — Decision: FAIL
- Homepage hero is now correct.
- Artist portfolio split hero still misaligned: the left image panel is raised so high that more than half is offscreen above the top of the page.
Findings
- components/artist-portfolio.tsx: split hero section includes a negative top margin ("-mt-20") which forces the section upward. Replace with header-aware padding (e.g., "pt-20 md:pt-24").
- hooks/use-parallax.ts (split-screen): verify baseline uses getBoundingClientRect().top and that "--parallax-offset" initializes to "0px" before any scroll. Ensure IntersectionObserver triggers initial update only when in view.
- Depths for split-screen may still be too strong; clamp to left 0.04 and right -0.04.
Required Fixes
1) Remove "-mt-20" from the artist split hero section; use header-aware padding.
2) Confirm split-screen parallax baseline uses rect.top and initializes CSS var to 0; gate updates to occur only while in view.
3) Tune depths or disable split-screen parallax until stable (left 0.04, right -0.04).
4) Add unit test to assert initial alignment at rest (no offscreen overflow) for the artist split hero.
Gate: FAIL</Replace>

85
docs/stories/pub-3-search-with-filters.md
View File

@ -1,85 +0,0 @@
# UT-PUB-03 — Search Page with Filters (Style, Availability, Price Tier)
## Status
Ready for Dev
## Story
As a visitor,
I want a dedicated search page with filters for style, availability, and price tier,
so that I can quickly find relevant artists and content that match my preferences.
## Acceptance Criteria
1. Given Im on /search
When I apply filters (style, availability, price tier)
Then artist and content results update accordingly
## Tasks / Subtasks
- [ ] Define information architecture and UX (AC: 1)
- [ ] Specify URL and route location (e.g., `app/(marketing)/search/page.tsx`)
- [ ] Determine filter controls: Style (multi-select), Availability (toggle/range), Price Tier (segmented or select)
- [ ] Document a11y labels, roles, and keyboard interactions for all controls
- [ ] Implement filter UI using ShadCN primitives (AC: 1)
- [ ] Style filter: multi-select (e.g., `Command`, `Popover`, `Checkbox`) or `Combobox`
- [ ] Availability filter: switch/toggle or date-range stub; annotate as UIonly if backend is pending
- [ ] Price tier: `Select` or segmented controls; describe tiers in helper text
- [ ] Provide a clear “Reset filters” action and active filter chips summary
- [ ] Results panel & empty/loading states (AC: 1)
- [ ] Create results list component (artists first; content secondary if present)
- [ ] Provide `loading` state skeletons and `empty` state messaging with guidance
- [ ] Ensure responsive layout (stack on mobile; two-column at md+ if space allows)
- [ ] Wiring strategy (frontend scope) (AC: 1)
- [ ] Implement client-side filter state (Zustand or component state) with URL sync via search params
- [ ] Stub data source: use existing `data/artists.ts` and extend shape locally if needed (no DB access)
- [ ] Add filtering utilities (pure functions) to filter by style/availability/price tier
- [ ] Accessibility & usability (AC: 1)
- [ ] Proper labels and `aria-describedby` for controls; visible focus states
- [ ] Keyboard navigation for opening/closing filter popovers and selecting items
- [ ] Announce result counts with `aria-live="polite"` when filters change
- [ ] Performance & UX polish (AC: 1)
- [ ] Debounce filter updates where typing involved; avoid layout shift
- [ ] Progressive loading placeholders; ensure images use Next `<Image>` with defined sizes
- [ ] Tests and checks (AC: 1)
- [ ] RTL tests: applying filters updates visible results; reset clears filters; a11y attributes present
- [ ] Snapshot or DOM assertions for loading/empty states
- [ ] Basic URL param sync test to preserve state on reload/back
## Dev Notes
Pulled from project artifacts (do not invent):
- docs/PRD.md (Epic C — Public Website)
- UTPUB03: Dedicated search page with filters (style, availability, price tier); results update accordingly
- C1C3: ShadCN baseline; consistent navigation/responsiveness; discovery improvements
- docs/ui-architecture.md
- Use ShadCN/Radix primitives; Tailwind v4; cva() variants and cn() for classes
- Accessibility: WCAG AA; labeled controls; visible focus; keyboard support
- Performance: prefer server comps; client JS only when needed; lazyload heavy modules
- Existing Source Tree (verify before edits)
- `data/artists.ts` (baseline data for local filtering)
- `components/section-header.tsx`, `components/artists-grid.tsx`, `components/artist-portfolio.tsx`
- `components/ui/*` for primitives; `lib/utils.ts` for cn()
### Testing (from docs/ui-architecture.md: Testing Requirements/Best Practices)
- Unit/Component (Vitest + RTL): filter components and state logic
- Integration: page-level tests verifying URL param sync and results updates
- Accessibility: presence of labels, roles, keyboard navigation; live region announcer for counts
## Change Log
| Date | Version | Description | Author |
|------------|---------|----------------------------------------------|--------------|
| 2025-09-19 | 0.2 | PO validation: Ready for Dev | Product Owner|
| 2025-09-19 | 0.1 | Initial draft of PUB03 story | Scrum Master |
## Dev Agent Record
### Agent Model Used
<!-- dev-agent: record model/version used during implementation -->
### Debug Log References
<!-- dev-agent: link to any debug logs or traces generated -->
### Completion Notes List
<!-- dev-agent: notes about completion, issues encountered, resolutions -->
### File List
<!-- dev-agent: list all files created/modified/affected during implementation -->
## QA Results
<!-- qa-agent: append review results and gate decision here -->

84
docs/stories/pub-4-quick-search-cmdk.md
View File

@ -1,84 +0,0 @@
# UT-PUB-04 — Quick Search (Ctrl+K) Across Artists and Content
## Status
Ready for Dev
## Story
As a visitor,
I want a quick search palette I can open with Ctrl+K to find artists and educational content,
so that I can rapidly navigate to the most relevant pages without leaving my current context.
## Acceptance Criteria
1. Given I press Ctrl+K (or Cmd+K on macOS)
When the search dialog opens and I type a query
Then I see navigable results for artists and key content pages, and can navigate via keyboard (Enter) or mouse
## Tasks / Subtasks
- [ ] Define UX behavior and scope (AC: 1)
- [ ] Invocation: keyboard (Ctrl/Cmd+K), header button, and accessible “Open search” control
- [ ] Result groups: Artists first, then content (Aftercare, Specials, Terms, Privacy, Booking, etc.)
- [ ] Empty and loading states; close behavior (Esc/click outside); responsive treatment
- [ ] Implement command palette UI using ShadCN primitives (AC: 1)
- [ ] Base on `Command` + `Dialog` (or `Popover`) primitives with a labeled input
- [ ] Result items show title, type (artist/content), and optional subtitle (style)
- [ ] Keyboard navigation: Up/Down to move, Enter to go, Esc to close; focus trap enabled
- [ ] Data sources and matching (AC: 1)
- [ ] Artists: use `data/artists.ts` (name, styles, slug) for local search
- [ ] Content: seed a static list of key routes with titles and tags (e.g., Aftercare, Deposit, Book, Privacy, Terms, Specials, Gift Cards, Contact)
- [ ] Implement lightweight fuzzy/contains matching util; highlight matches (optional)
- [ ] Routing and integration (AC: 1)
- [ ] Navigate to selected result via Next.js Link or router; close palette after navigation
- [ ] Integrate trigger in `components/navigation.tsx` or site header
- [ ] Support deep links (e.g., /artists/[slug])
- [ ] Accessibility (AC: 1)
- [ ] Input has accessible name; results container has appropriate role
- [ ] Live region optionally announces result count updates (`aria-live="polite"`)
- [ ] Ensure focus is returned to the trigger when palette closes
- [ ] Performance and UX polish (AC: 1)
- [ ] Debounce input; avoid layout shift; keep main thread work minimal
- [ ] Ensure reduced motion users get no distracting transitions
- [ ] Tests and checks (AC: 1)
- [ ] RTL tests: open with keyboard shortcut, type to filter, select with Enter, Esc to close
- [ ] Verify a11y attributes: labels, focus trapping, screen reader announcements
- [ ] Snapshot or DOM assertions for empty/loading states
## Dev Notes
Pulled from project artifacts (do not invent):
- docs/PRD.md (Epic C — Public Website)
- UTPUB04: Quick search (Ctrl+K) to find artists and educational content; navigable results
- C1C3: ShadCN baseline; consistent navigation/responsiveness; discovery improvements
- docs/ui-architecture.md
- Use ShadCN/Radix primitives; Tailwind v4; cva() and cn()
- Accessibility: WCAG AA, labeled inputs, visible focus, keyboard support, focus management
- Performance: client JS only where necessary; keep logic lightweight; lazyload heavy parts
- Existing Source Tree (verify before edits)
- `data/artists.ts` for local search source
- `components/navigation.tsx` potential trigger location
- `components/ui/*` primitives (Command, Dialog), `lib/utils.ts` for cn()
### Testing (from docs/ui-architecture.md: Testing Requirements/Best Practices)
- Unit/Component (Vitest + RTL): command palette open/close, input filtering, keyboard navigation
- Accessibility: role/label presence, focus trap, ESC close, return focus to trigger
- Integration: navigation to selected result updates the URL and closes the palette
## Change Log
| Date | Version | Description | Author |
|------------|---------|----------------------------------------------|--------------|
| 2025-09-19 | 0.2 | PO validation: Ready for Dev | Product Owner|
| 2025-09-19 | 0.1 | Initial draft of PUB04 story | Scrum Master |
## Dev Agent Record
### Agent Model Used
<!-- dev-agent: record model/version used during implementation -->
### Debug Log References
<!-- dev-agent: link to any debug logs or traces generated -->
### Completion Notes List
<!-- dev-agent: notes about completion, issues encountered, resolutions -->
### File List
<!-- dev-agent: list all files created/modified/affected during implementation -->
## QA Results
<!-- qa-agent: append review results and gate decision here -->

79
docs/stories/pub-5-aftercare-enhancements.md
View File

@ -1,79 +0,0 @@
# UT-PUB-05 — Aftercare Enhancements (Visuals, Progress, Printable/PDF)
## Status
Ready for Dev
## Story
As a visitor,
I want an improved aftercare page with visuals, progress tracking, and checklists,
so that I can follow care steps easily and save/print them for reference.
## Acceptance Criteria
1. Given I open /aftercare
When I read and mark steps
Then my progress is saved locally and content is printable/PDFdownloadable
## Tasks / Subtasks
- [ ] Define IA/UX and a11y (AC: 1)
- [ ] Structure the page into sections (e.g., Day 01, Days 27, Weeks 2+) with clear headings and step lists
- [ ] Provide alttext for visuals/diagrams; use `aria-describedby` for any step notes
- [ ] Keyboard navigation order verified; focus states visible
- [ ] Implement checklists with local persistence (AC: 1)
- [ ] Use ShadCN primitives for check items (`Checkbox`, `Label`, `Card`/`Accordion` as needed)
- [ ] Persist state to `localStorage` keyed by versioned slug (e.g., `aftercare:v1`)
- [ ] Add “Reset progress” control (with confirm) and incremental autosave
- [ ] Visuals and media (AC: 1)
- [ ] Integrate representative images/diagrams (from `public/`), marked decorative as appropriate (`aria-hidden`) or described in text
- [ ] Ensure images use Next `<Image>` with defined sizes/aspect ratio to avoid CLS
- [ ] Printable/PDF output (AC: 1)
- [ ] Add a print stylesheet: hides nav/interactive chrome, shows checklist states
- [ ] Provide “Print / Save as PDF” button (invokes `window.print()`); note PDF export in help text
- [ ] Ensure color contrast and typography meet WCAG AA in print mode
- [ ] Empty/error/reducedmotion states (AC: 1)
- [ ] Provide simple skeletons for image blocks
- [ ] Respect `prefers-reduced-motion` and avoid distracting animations
- [ ] Tests and checks (AC: 1)
- [ ] RTL tests: checking a step persists after reload; reset clears state
- [ ] Verify print button renders and calls `window.print()` (mocked)
- [ ] Basic accessibility assertions: labels for checkboxes, headings structure, contrast tokens
## Dev Notes
Pulled from project artifacts (do not invent):
- docs/PRD.md (Epic C — Public Website)
- UTPUB05: Aftercare page with visuals, progress tracking, checklists; printable/PDF
- C1C3: ShadCN baseline; responsive/mobilefirst; consistent navigation
- docs/ui-architecture.md
- Use ShadCN/Radix primitives; Tailwind v4; cva() variants and `cn()` merge
- Accessibility: WCAG AA, labels, focus, keyboard support; presentational components preferred
- Performance: server comps where possible; client JS only for interactivity; avoid CLS with defined sizes
- Existing Source Tree (verify before edits)
- `components/aftercare-page.tsx` (page composition)
- `app/aftercare/` segment for route
- `components/section-header.tsx`, `components/ui/*` primitives; `styles/globals.css`
### Testing (from docs/ui-architecture.md: Testing Requirements/Best Practices)
- Unit/Component (Vitest + RTL): checklist toggling, localStorage persistence, reset flow
- Integration: rendering within `app/aftercare/page.tsx` and print button behavior
- a11y: checkbox labeling, heading outline, focus indicators, print contrast
## Change Log
| Date | Version | Description | Author |
|------------|---------|-----------------------------------------------|--------------|
| 2025-09-19 | 0.2 | PO validation: Ready for Dev | Product Owner|
| 2025-09-19 | 0.1 | Initial draft of PUB05 story | Scrum Master |
## Dev Agent Record
### Agent Model Used
<!-- dev-agent: record model/version used during implementation -->
### Debug Log References
<!-- dev-agent: link to any debug logs or traces generated -->
### Completion Notes List
<!-- dev-agent: notes about completion, issues encountered, resolutions -->
### File List
<!-- dev-agent: list all files created/modified/affected during implementation -->
## QA Results
<!-- qa-agent: append review results and gate decision here -->

102
docs/stories/pub-6-galleries-lightbox.md
View File

@ -1,102 +0,0 @@
# UT-PUB-06 — Artist Galleries with Style Filters and Lightbox
## Status
Ready for Review
## Story
As a visitor,
I want to browse artist galleries with style-based filtering and interactive zoom/lightbox,
so that I can quickly explore relevant work and inspect pieces without layout shifts.
## Acceptance Criteria
1. Given Im on an artist page
When I filter by style or click an image
Then the gallery updates, and I can zoom without layout shift
## Tasks / Subtasks
- [ ] Define IA/UX and behavior (AC: 1)
- [ ] Decide filter control pattern: style chips (multi-select) vs. tabs (single/multi) with clear active state
- [ ] Provide an “All styles” default and a “Clear filters” action with keyboard support
- [ ] Grid layout responsive spec (e.g., 2 cols sm, 3 cols md, 4 cols lg) with consistent gaps and aspect ratios
- [x] Implement style filters using ShadCN primitives (AC: 1)
- [x] Build filter controls with `Badge`/`Toggle`/`Checkbox` + `Popover` or `Tabs` (consistent with DS)
- [x] Ensure accessible names for controls and selection state (aria-pressed/aria-checked as appropriate)
- [ ] Optional: sync selected styles to URL search params to preserve state on reload/back
- [x] Gallery grid with CLS-safe images (AC: 1)
- [x] Use Next `<Image>` with explicit width/height or `sizes` + aspect-ratio wrappers to prevent CLS
- [ ] Lazy-load and use blur or LQIP placeholders for progressive loading
- [ ] Support client-only fallback where required while keeping server components where possible
- [x] Lightbox / zoom experience (AC: 1)
- [x] Implement lightbox with ShadCN `Dialog` (or `Sheet`) composition: open on image click; focus trap; Esc closes; overlay click closes
- [x] Provide keyboard navigation for next/prev (←/→) and close (Esc); visible focus for controls
- [ ] Add basic zoom controls (+//fit) or at minimum a full-bleed modal image with proper alt text
- [x] Ensure images are marked decorative (`aria-hidden`) in grid when redundant with captions; modal has accessible name/description
- [ ] Empty/loading/error states (AC: 1)
- [ ] Loading skeletons for grid; empty state messaging for no matching styles (with clear filters action)
- [ ] Reduced motion supported; minimize distracting transitions; respect `prefers-reduced-motion`
- [ ] Performance checks (AC: 1)
- [ ] Validate no layout shift on open/close or image load; pre-allocate modal dimensions or use aspect-ratio containers
- [ ] Avoid long tasks > 50ms during navigation/zoom; throttle handlers; only minimal client JS in modal
- [ ] Tests and checks (AC: 1)
- [ ] RTL tests: filtering updates visible thumbnails; clicking opens modal; Esc closes; arrow keys navigate
- [ ] A11y assertions: labels/roles, focus-trap, return focus to trigger on close, live region (optional) for image count
- [ ] Snapshot/DOM assertions for grid structure (classes for gap/cols/aspect) and empty/loading states
## Dev Notes
Pulled from project artifacts (do not invent):
- docs/PRD.md (Epic C — Public Website)
- UTPUB06: Browse artist galleries with style-based filtering and interactive zoom/lightbox; no layout shift
- C1C3: ShadCN baseline; responsive behavior; smooth/consistent navigation
- docs/ui-architecture.md
- Use ShadCN/Radix primitives; Tailwind v4; `cva()` variants + `cn()` merge
- Accessibility: WCAG AA, labeled controls, keyboard navigation, focus management, avoid traps
- Performance: server components where sensible; client JS only for interactivity; define sizes to prevent CLS; lazy-load heavy modules
- Existing Source Tree (verify before edits)
- `components/artist-portfolio.tsx` (artist gallery composition)
- `components/artists-grid.tsx` (grid listing for artists/cards)
- `data/artists.ts` (source of artist/portfolio metadata; extend locally for styles if needed)
- `components/ui/*` primitives (Dialog, Badge/Toggle/Checkbox, Tabs), `lib/utils.ts` (`cn`)
### Implementation Hints
- Filters:
- Consider `Tabs` for mutually exclusive primary style with optional “All” and `Popover`/`Command` for multi-select advanced filter
- Active filter chips summary above the grid (dismissible chips)
- Lightbox:
- Use `Dialog` with `DialogContent` set to `max-w-[calc(100vw-2rem)]` and responsive `h-[80vh]` container; image inside `object-contain`
- Keyboard handlers in a small hook; ensure focus returns to last clicked thumbnail on close
- Image handling:
- Provide `sizes` for breakpoints (e.g., `(max-width: 640px) 50vw, (max-width: 1024px) 33vw, 25vw`)
- Use `placeholder="blur"` (or custom low-res) to improve perceived performance
### Testing (from docs/ui-architecture.md: Testing Requirements/Best Practices)
- Unit/Component: filter logic utilities; dialog open/close; arrow key handlers; focus return
- Integration: page-level tests on an example artist route verifying filter + modal behavior
- Accessibility: roles/labels, keyboard navigation (Tab/Shift+Tab, arrows, Esc), visible focus
- Performance: assert that `img` elements have width/height or parent aspect-ratio to avoid CLS
## Change Log
| Date | Version | Description | Author |
|------------|---------|-----------------------------------------------|--------------|
| 2025-09-20 | 0.3 | Dev: Implemented gallery filters, Next Image, accessible lightbox; tests pending | Developer |
| 2025-09-19 | 0.2 | PO validation: Ready for Dev | Product Owner|
| 2025-09-19 | 0.1 | Initial draft of PUB06 story | Scrum Master |
## Dev Agent Record
### Agent Model Used
dev-agent: assistant (Cline persona) — model: gpt-4o (used to plan edits and generate code changes)
### Debug Log References
- No runtime logs generated. Edits performed to source file `components/artist-portfolio.tsx` and this story file.
### Completion Notes List
- Implemented category filter controls (buttons) and wiring to filter portfolio items.
- Replaced gallery img tags with Next.js `Image` to provide explicit dimensions and reduce CLS.
- Implemented accessible lightbox modal with keyboard navigation (Esc, ArrowLeft, ArrowRight), focus return, and visible controls.
- Left tests, LQIP/blur placeholders, empty/loading states, and advanced zoom controls for follow-up work.
### File List
- modified: components/artist-portfolio.tsx
## QA Results
<!-- qa-agent: append review results and gate decision here -->

128
docs/stories/pub-7-brand-language-remediation.md
View File

@ -1,128 +0,0 @@
# UT-PUB-07 — Brand Language Remediation (Sitewide Copy)
## Status
Ready for Dev
## Story
As a site visitor,
I want clear, human, nononsense copy without buzzwords or hype,
so that I can understand services and artists quickly without feeling marketed to.
## Acceptance Criteria
1. Given I visit key public pages (/, /artists, /gift-cards, /services, /specials),
When I read the visible copy,
Then no disallowed phrases or hype terms appear per docs/united_tattoo_brand_language_guidelines.md, and revised copy matches the guidelines tone and examples.
2. Given the SEO metadata (app/layout.tsx),
When I review the meta description,
Then it uses plain language with no hype words (e.g., “stunning”, “exceptional”), following the guidelines.
3. Given artist bios and marketing blurbs (data/artists.ts),
When I read bios,
Then language is concrete and justified (years, specialties, examples), with no absolute superlatives (e.g., “powerhouse”, “unparalleled”, “nextlevel results”).
4. Given a brandlanguage lint test is added to CI,
When the test runs on PR,
Then it fails if disallowed phrases are introduced anywhere under app/, components/, data/ and passes after remediation.
5. Given the guidelines require Grade7 reading level as a standard,
When I spotcheck revised copy with a readability tool,
Then copy approximates Grade7 or lower (short sentences, concrete nouns/verbs) and avoids abstract metaphors.
## Tasks / Subtasks
- [ ] Apply copy rewrites in components (AC: 1)
- [ ] components/artists-page-section.tsx
Replace: “Our exceptional team… unique expertise and artistic vision… your perfect tattoo.”
With: “Meet our artists. See their work and specialties. Well match you to the right artist for what you want.”
- [ ] components/artists-grid.tsx
Replace: “talented… unique style… create your perfect tattoo.”
With: “Browse artists by style and experience. Pick the one whose work matches what you want.”
- [ ] components/gift-cards-page.tsx
Replace: “Give the gift of exceptional tattoo artistry. Perfect for …”
With: “Give a tattoo gift card. Good for any service. Never expires.”
- [ ] components/services-section.tsx
Replace: “Transform… into stunning new pieces… bold blackout designs.”
With: “Coverups and blackout. We design a new piece to cover the old one. Free consult to pick the best approach.”
- [ ] components/services-mobile-carousel.tsx and components/services-mobile-only.tsx
Mirror the servicessection rewrite above.
- [ ] components/specials-page.tsx
Replace “Perfect for firsttime clients” / “Perfect gifts …”
With: “Good for firsttime clients” / “Good gift for anyone who wants a tattoo.”
- [ ] components/artist-portfolio.tsx (marketing blurbs only; authentic client quotes may remain as quotes)
Replace hype (“powerhouse”, “exceptional”, “nextlevel results”)
With concrete: “22+ years. Focus: coverups, makeovers, illustrative work. See recent coverups in the portfolio.”
- [ ] Normalize artist bios (AC: 3)
- [ ] data/artists.ts — Christy
Replace: “powerhouse… exceptional… nextlevel results… name you trust… creativity and expertise thrive”
With: “22+ years. Coverups, makeovers, illustrative designs. Based in Fountain/Colorado Springs. See coverup examples.”
- [ ] data/artists.ts — Donovan
Replace: “unparalleled passion and creativity”
With: “Bold illustrative work with fine detail. See recent pieces.”
- [ ] data/artists.ts — Heather
Replace: “unmatched artistry… turns skin into stunning, wearable art”
With: “Vibrant watercolor and embroiderystyle designs. Portfolio shows healed results.”
- [ ] data/artists.ts — Other entries
Remove/replace “perfect”, “exceptional”, “stunning”, “trusted name/name you trust”, “nextlevel”, “powerhouse”, “thrive(s)”. Use concrete facts (years, styles, favorite subjects) and link to work.
- [ ] SEO meta description (AC: 2)
- [ ] app/layout.tsx
Replace: “explore stunning tattoo portfolios”
With: “Browse artists portfolios and book with the artist you want.”
- [ ] Add brandlanguage lint tests (AC: 4)
- [ ] Create __tests__/content/brand-language-lint.test.ts
Fails on banned patterns (regex: “exceptional|unique|perfect|world[- ]class|cutting[- ]edge|unparalleled|next[- ]level|powerhouse|trusted name|name you trust|premium experience|seamless experience|unforgettable|thrive[s]?|elevat\w+|stunning|incredible|exceeded all my expectations”).
Scope: scan text content of app/, components/, data/.
- [ ] Wire test in CI (existing Vitest runs): ensure it executes with the rest.
- [ ] Document how to extend the banned list from docs/united_tattoo_brand_language_guidelines.md.
- [ ] Spot readability checks (AC: 5)
- [ ] Run a quick readability check (manual or script) on changed files; shorten or simplify where needed (Grade7 target).
- [ ] Ensure sentences are short; replace abstract phrasing with concrete (sizes, hours, examples).
- [ ] Regression & QA
- [ ] Visual check of updated pages for layout shifts after copy changes (line wraps, responsiveness at sm/md/lg).
- [ ] Verify no snapshot or RTL tests fail due to text changes (update snapshots where intended).
- [ ] Confirm no banned phrases remain (re-run search and tests).
## Dev Notes
Authoritative source:
- docs/united_tattoo_brand_language_guidelines.md (Version 1.0)
Remediation scope (from prior audit):
- components: artists-page-section.tsx, artists-grid.tsx, gift-cards-page.tsx, services-section.tsx, services-mobile-carousel.tsx, services-mobile-only.tsx, specials-page.tsx, artist-portfolio.tsx (marketing blurbs)
- data: data/artists.ts (bios and detail lists)
- app: app/layout.tsx (SEO description)
Guidelines to enforce:
- No hype/buzzwords; plain speaking; justified confidence only
- Concrete facts over abstract claims
- Grade7 reading level target; short sentences, contractions OK
- Authentic client quotes can remain as quotes (not repeated as brand claims)
## Testing
- Vitest: brandlanguagelint.test.ts ensures banned phrases absent in text sources
- RTL/component: update any snapshots impacted by copy changes
- Manual: readability spotchecks; crossdevice text wrap checks
## Change Log
| Date | Version | Description | Author |
|------------|---------|-------------------------------------------|---------------|
| 2025-09-20 | 0.1 | Initial draft of PUB07 remediation story | Scrum Master |
## Dev Agent Record
### Agent Model Used
<!-- dev-agent: record model/version used during implementation -->
### Debug Log References
<!-- dev-agent: link to any debug logs or traces generated -->
### Completion Notes List
<!-- dev-agent: notes about completion, issues encountered, resolutions -->
### File List
<!-- dev-agent: list all files created/modified/affected during implementation -->
## QA Results
<!-- qa-agent: append review results and gate decision here -->

161
docs/stories/pub-7-nav-hover-enhancement.md
View File

@ -1,161 +0,0 @@
# Navigation Hover Enhancement - Brownfield Addition
## Story Title
Navigation Hover Enhancement - Brownfield Addition
## User Story
As a **website visitor**,
I want **the navigation bar to appear when I hover over the top area of the page when at scroll position 0 on desktop**,
So that **I can access navigation options without needing to scroll down, providing better usability and seamless access to site sections**.
## Story Context
**Existing System Integration:**
- Integrates with: Navigation component (`components/navigation.tsx`)
- Technology: React, Next.js, Tailwind CSS, TypeScript
- Follows pattern: Existing scroll-based visibility logic and CSS transitions
- Touch points: Navigation state management, CSS conditional styling, scroll event handling
## Acceptance Criteria
**Functional Requirements:**
1. When at scroll position 0 (top of page) on desktop (lg+ breakpoints), hovering over the top navigation area makes the navigation bar visible
2. Navigation appearance on hover should use the same graceful transition (duration-700 ease-out) as the existing scroll-based visibility
3. Mobile navigation behavior remains completely unchanged
**Integration Requirements:**
4. Existing scroll-based navigation visibility continues to work unchanged
5. New hover functionality follows existing CSS transition pattern
6. Integration with current state management (`isScrolled`, mobile menu) maintains current behavior
**Quality Requirements:**
7. Change is covered by appropriate tests
8. No regression in existing mobile/desktop navigation functionality verified
9. Hover area is intuitive and appropriately sized
## Technical Notes
- **Integration Approach:** Add hover state detection and modify existing CSS classes to include hover pseudo-classes for desktop breakpoints only
- **Existing Pattern Reference:** Current opacity/pointer-events toggle pattern with `lg:opacity-0 lg:pointer-events-none` when not scrolled
- **Key Constraints:**
- Must not affect mobile behavior (mobile nav is always visible when not scrolled)
- Must maintain existing 700ms transition duration
- Hover area should be reasonable (likely top 80-100px of viewport)
## Definition of Done
- [ ] Functional requirements met
- [ ] Integration requirements verified
- [ ] Existing functionality regression tested
- [ ] Code follows existing patterns and standards
- [ ] Tests pass (existing and new)
- [ ] Documentation updated if applicable
## Risk and Compatibility Check
**Minimal Risk Assessment:**
- **Primary Risk:** Hover functionality interfering with mobile touch interactions or existing scroll behavior
- **Mitigation:** Use desktop-only CSS breakpoint modifiers (lg:) and test thoroughly on mobile devices
- **Rollback:** Simple CSS class modification revert, no state management changes needed
**Compatibility Verification:**
- [ ] No breaking changes to existing APIs
- [ ] Database changes: None
- [ ] UI changes follow existing design patterns (same transition, same styling)
- [ ] Performance impact is negligible (pure CSS hover, no additional JavaScript)
## Validation Checklist
**Scope Validation:**
- [ ] Story can be completed in one development session (estimated 2-3 hours)
- [ ] Integration approach is straightforward (CSS modification with existing patterns)
- [ ] Follows existing patterns exactly (same transitions, same conditional styling approach)
- [ ] No design or architecture work required
**Clarity Check:**
- [ ] Story requirements are unambiguous
- [ ] Integration points are clearly specified (navigation component only)
- [ ] Success criteria are testable (hover behavior, transition timing, mobile unchanged)
- [ ] Rollback approach is simple (revert CSS classes)
## QA Results
*QA validation results will be populated here during review*
---
**Status:** Draft
**Priority:** Low
**Estimate:** 2-3 hours
**Epic:** N/A (standalone enhancement)
**Dependencies:** None
## Product Owner Validation Report
### Template Compliance Issues
**CRITICAL - Missing Required Sections:**
- Tasks / Subtasks section missing (required for dev agent implementation)
- Dev Notes section not following template structure (has "Technical Notes" instead)
- Testing section missing (only referenced in DoD)
- Change Log section missing
- Dev Agent Record section missing
- QA Results section missing
**Structure Issues:**
- Story uses custom structure instead of template format
- Missing proper elicitation markers and section ownership
### Critical Issues (Must Fix - Story Blocked)
1. **Missing Tasks/Subtasks Breakdown**: Story lacks the granular task breakdown required for dev agent implementation. Current story has high-level requirements but no actionable implementation steps.
2. **Navigation Component Syntax Error**: The existing `components/navigation.tsx` file has a syntax error (`const [a`) that must be fixed before any enhancements.
3. **Incomplete Dev Notes**: Current "Technical Notes" section lacks:
- Relevant source tree information
- Complete technical context for dev agent
- Testing standards and frameworks
- Specific implementation guidance
4. **Missing Testing Section**: No dedicated testing section with:
- Test file locations
- Testing frameworks to use
- Specific test scenarios for hover functionality
### Should-Fix Issues (Important Quality Improvements)
1. **Acceptance Criteria Clarity**: AC #9 mentions "appropriately sized" hover area but lacks specific dimensions (story mentions 80-100px but not in AC)
2. **Integration Context Missing**: Story doesn't specify how hover state will integrate with existing `isScrolled` state management
3. **Browser Compatibility**: No mention of hover behavior on touch devices or hybrid devices
### Anti-Hallucination Findings
**Verified Technical Claims:**
- ✅ Navigation component exists at `components/navigation.tsx`
- ✅ Current CSS classes `lg:opacity-0 lg:pointer-events-none` confirmed
- ✅ Transition duration `duration-700 ease-out` confirmed
- ✅ Scroll threshold of 50px confirmed in code
**Issues Requiring Source Verification:**
- ❌ Syntax error in navigation.tsx needs immediate attention
- ⚠️ Hover area size (80-100px) mentioned in Technical Notes but not in official AC
### Final Assessment
**Status: NO-GO** - Story requires critical fixes before implementation
**Implementation Readiness Score:** 3/10
**Confidence Level:** LOW
**Required Actions Before Implementation:**
1. Fix syntax error in `components/navigation.tsx`
2. Add proper Tasks/Subtasks section following template
3. Restructure Dev Notes section per template requirements
4. Add Testing section with specific test requirements
5. Add missing template sections (Change Log, Dev Agent Record)
6. Clarify hover area dimensions in Acceptance Criteria
**Recommendation:** Return to Scrum Master for story restructuring using proper template format.

345
docs/ui-architecture.md
View File

@ -1,345 +0,0 @@
# United Tattoo — Frontend Architecture Document
Version: 1.0
Date: 2025-09-17
Template: .bmad-core/templates/front-end-architecture-tmpl.yaml (frontend-architecture-template-v2)
Basis: docs/PRD.md, docs/Architecture.md, repo config (Next.js App Router, Tailwind, ShadCN, Lenis, React Query), clinerules
Template and Framework Selection
Starter/Existing Project Decision:
- Existing project using Next.js 14 App Router with ShadCN UI, Tailwind, and OpenNext (Cloudflare).
- Dependencies of note: next 14.2.16, react 18, @tanstack/react-query, react-hook-form + zod resolver, shadcn primitives (Radix), tailwind v4, lenis (smooth scroll), embla carousel.
- Folder structure and conventions already aligned to App Router: app/, components/, lib/, hooks/, styles/, public/, sql/.
Change Log
| Date | Version | Description | Author |
|------------|---------|------------------------------------------|----------|
| 2025-09-17 | 1.0 | Initial frontend architecture document | Architect |
Frontend Tech Stack
Technology Stack Table (synchronized with Backend Architecture)
| Category | Technology | Version | Purpose | Rationale |
|--------------------|--------------------------------|-------------------------|------------------------------------------|---------------------------------------------------------------------------|
| Framework | Next.js (App Router) | 14.2.16 | Routing, SSR/ISR, layouts, server comps | Unified stack, Cloudflare via OpenNext, matches backend architecture |
| UI Library | React | 18.x | Component model | Ecosystem, SSR-friendly |
| Component Library | ShadCN UI (+ Radix Primitives) | latest (registry-based) | Accessible primitives, consistent UI | Standardized components, theming, accessibility |
| Styling | Tailwind CSS | 4.x | Utility-first styling | Rapid iteration, design consistency |
| State Management | React Query (+ Zustand planned)| ^5.89.0 (Query) | Server state (RQ), local UI state (Z) | RQ for async/cache; add Zustand for local UI flows where needed |
| Routing | Next.js App Router | 14.2.16 | File-based routing | Built-in layouts, loading/error boundaries |
| Forms | react-hook-form + zod | ^7.60.0 / ^3.10.0 | Typed form handling + validation | Lightweight, integrates with zod and ShadCN |
| Testing | Vitest + RTL + JSDOM | ^3.2.4 / latest | Unit/component tests | Fast TS-native testing |
| Animation | tailwindcss-animate + Lenis | latest | Motion primitives & smooth scroll | Simple, perf-conscious; embla for carousel |
| Dev Tools | ESLint/Prettier + TS + RQ Devtools | latest | Lint/format/types/diagnostics | Quality gates + developer experience |
Project Structure
```
app/ # App Router segments, server components by default
(marketing)/ # Optional grouping for public pages
(admin)/ # Admin area (guarded by middleware)
api/ # Route handlers (REST endpoints)
layout.tsx # Root layout (ThemeProvider, font, metadata)
page.tsx # Home
error.tsx # Root error boundary
loading.tsx # Root loading state
components/
ui/ # ShadCN primitives (registry-managed)
shared/ # Reusable presentational components
composite/ # Complex composed components (forms, galleries)
layouts/ # Layout wrappers (page sections)
charts/ # Visualization components if needed
hooks/
use-mobile.ts # Existing
use-toast.ts # Existing
use-file-upload.ts # Existing
use-query-keys.ts # Centralized React Query keys
use-zustand-...ts # Future local state slices
lib/
utils.ts # cn(), formatting helpers
api-client.ts # fetch wrappers, error mapping, tags
query-client.ts # React Query client and config (if using RQ Provider)
validations.ts # zod schemas (shared)
types/ # Shared FE-only types if needed
styles/
globals.css # Tailwind base, variables, themes
public/
... # Static assets
tests/
components/ # RTL component tests
e2e/ # Playwright (planned)
docs/
ui-architecture.md # This document
```
Component Standards
Component Template (ShadCN-style, typed, with cn)
```tsx
import * as React from "react"
import { cva, type VariantProps } from "class-variance-authority"
import { cn } from "@/lib/utils"
const badgeVariants = cva(
"inline-flex items-center rounded-md border px-2 py-1 text-xs font-medium",
{
variants: {
variant: {
default: "bg-neutral-900 text-white border-transparent",
outline: "bg-transparent border-neutral-200 text-neutral-900",
destructive: "bg-red-600 text-white border-transparent",
},
size: {
sm: "text-[10px] px-1.5 py-0.5",
md: "text-xs px-2 py-1",
},
},
defaultVariants: {
variant: "default",
size: "md",
},
}
)
export interface BadgeProps
extends React.HTMLAttributes<HTMLSpanElement>,
VariantProps<typeof badgeVariants> {}
export function Badge({ className, variant, size, ...props }: BadgeProps) {
return <span className={cn(badgeVariants({ variant, size }), className)} {...props} />
}
```
Naming Conventions
- File names: kebab-case (e.g., booking-form.tsx), directories kebab-case.
- Component names: PascalCase (BookingForm).
- Hooks: use-*.ts, exports useCamelCase.
- Variant utilities via cva(), className merged with cn().
- Group page-level components under components/composite or components/layouts.
State Management
Store Structure (Zustand planned)
```
hooks/
state/
ui/
use-sidebar.ts # UI toggles
use-artist-filter.ts # Local filter state
booking/
use-booking-step.ts # Stepper state (client-only)
```
Zustand Slice Example
```ts
import { create } from "zustand"
interface BookingStepState {
step: number
setStep: (n: number) => void
next: () => void
prev: () => void
}
export const useBookingStep = create<BookingStepState>((set) => ({
step: 1,
setStep: (n) => set({ step: n }),
next: () => set((s) => ({ step: s.step + 1 })),
prev: () => set((s) => ({ step: Math.max(1, s.step - 1) })),
}))
```
React Query Patterns
- Use query keys from a central module (hooks/use-query-keys.ts).
- Server components fetch on the server; client components use React Query for hydration and client mutations.
- Mutations return zod-validated payloads; invalidate by tag where feasible.
API Integration
Service Template (fetch wrapper + zod)
```ts
import { z } from "zod"
const Appointment = z.object({
id: z.string(),
artistId: z.string(),
clientId: z.string(),
title: z.string(),
startTime: z.string(),
endTime: z.string(),
status: z.string(),
})
export type Appointment = z.infer<typeof Appointment>
async function apiFetch<T>(input: RequestInfo, init?: RequestInit): Promise<T> {
const res = await fetch(input, {
...init,
headers: { "Content-Type": "application/json", ...(init?.headers || {}) },
})
if (!res.ok) {
// Map standard error shape here
throw new Error(`API ${res.status}`)
}
return (await res.json()) as T
}
export const AppointmentsApi = {
list: async () => {
const data = await apiFetch<unknown>("/api/appointments")
return z.array(Appointment).parse(data)
},
}
```
API Client Config (React Query)
```ts
import { QueryClient } from "@tanstack/react-query"
export const queryClient = new QueryClient({
defaultOptions: {
queries: {
staleTime: 60_000,
retry: 1,
},
mutations: {
retry: 0,
},
},
})
```
Routing
Route Configuration (App Router patterns)
- Public segments: app/(marketing)/page.tsx, etc.
- Admin segments under app/admin/* (guarded by middleware.ts).
- Provide loading.tsx and error.tsx for key segments.
- Use route groups to separate concerns: (marketing), (catalog), (admin).
- Link client forms to server actions or route handlers as appropriate.
Styling Guidelines
Styling Approach
- Tailwind CSS utilities as primary styling; minimal custom CSS.
- Use cva() for component variants; cn() for class merging.
- Follow ShadCN spacing/typography scales and tokens for consistency.
Global Theme Variables (CSS)
```css
:root {
--bg: #0a0a0a;
--fg: #fafafa;
--muted: #a3a3a3;
--primary: #111;
--accent: #b91c1c; /* brand accent */
--radius: 0.5rem;
}
@media (prefers-color-scheme: dark) {
:root {
--bg: #0a0a0a;
--fg: #fafafa;
}
}
html, body {
background: var(--bg);
color: var(--fg);
}
```
Testing Requirements
Component Test Template (Vitest + RTL)
```ts
import { render, screen } from "@testing-library/react"
import userEvent from "@testing-library/user-event"
import { Badge } from "@/components/shared/badge"
describe("Badge", () => {
it("renders with text", () => {
render(<Badge>New</Badge>)
expect(screen.getByText("New")).toBeInTheDocument()
})
it("applies variant classes", async () => {
render(<Badge variant="destructive">Danger</Badge>)
expect(screen.getByText("Danger")).toHaveClass("bg-red-600")
})
})
```
Testing Best Practices
1. Unit Tests: Test individual components in isolation.
2. Integration Tests: Compose components and verify interactions.
3. E2E Tests: Playwright for booking flow, admin CRUD, and uploads (on CF preview).
4. Coverage: Aim for 80% on component libs; critical flows prioritized.
5. Test Structure: Arrange-Act-Assert; deterministic tests.
6. Mock External: Network, router, and provider hooks.
Environment Configuration
Frontend-safe variables (prefix NEXT_PUBLIC_):
- NEXT_PUBLIC_SITE_URL (computed at runtime if not set)
- NEXT_PUBLIC_R2_ASSETS_BASE (if public asset base is needed)
- NEXT_PUBLIC_ANALYTICS_ID (optional)
Guidance:
- Do not expose secrets. Only NEXT_PUBLIC_* keys are readable by the browser.
- Server-only configuration (NEXTAUTH_URL, secrets, Stripe keys, etc.) remains in Wrangler secrets.
Frontend Developer Standards
Critical Coding Rules
- Do not bypass ShadCN patterns; use cva() and cn() for variants/classes.
- Validate all form inputs with zod schemas; surface user-friendly errors.
- Avoid direct window/document access in server components; use “use client” as needed.
- Use React Query for async client-side data; do not roll bespoke caching.
- Keep animations subtle; prefer tailwindcss-animate and Lenis; avoid heavy JS animation libraries unless justified.
- Keep components pure/presentational where possible; contain side effects in hooks.
Quick Reference
- Dev: npm run dev
- Preview (Cloudflare runtime): npm run pages:build && npm run preview
- Build: npm run build
- Test: npm run test / npm run test:ui
- File naming: kebab-case files, PascalCase components
- Import patterns: "@/components/..", "@/lib/..", "@/hooks/.."
- UI composition: Follow ShadCN examples and registry patterns before custom
## Typography Ramp
Authoritative site-wide type scale to enforce consistency across public pages:
- Headings
- h1: font-playfair text-5xl lg:text-7xl tracking-tight
- h2: text-4xl md:text-5xl font-semibold
- h3: text-2xl md:text-3xl font-semibold
- Body
- Base: text-base leading-relaxed
- Large: text-xl leading-relaxed (hero/intro copy)
- Muted/Secondary: text-muted-foreground for supporting text and CardContent
- Spacing Patterns:
- Paragraph stacks: space-y-3
- Grid gaps: gap-6 (default), escalate by breakpoint as needed (md:gap-8)
- Section padding: standardized via SectionWrapper (px-8 lg:px-16)
Application
- Apply to: /aftercare, /deposit, /terms, /privacy, /book, /artists (incl. nested)
- Prefer ShadCN token classes over ad-hoc color utilities (e.g., bg-background, text-foreground)
- Decorative icons should omit color overrides and include aria-hidden="true" when appropriate
Audit
- RTL tests should assert:
- Presence of heading/body classes defined above on representative pages
- Use of text-muted-foreground for secondary content
- Standard section paddings via SectionWrapper

283
docs/united_tattoo_brainstorming.md
View File

@ -1,283 +0,0 @@
# United Tattoo Brand Language Brainstorming Session
**Session Date:** December 19, 2024
**Facilitator:** Business Analyst Mary
**Participant:** United Tattoo Team
## Executive Summary
**Topic:** Creating a structured brand language rulebook for United Tattoo
**Session Goals:** Develop authentic brand language guidelines that transform generic copy into distinctive United Tattoo voice
**Techniques Used:** Progressive technique flow with analyst-recommended methods
**Total Ideas Generated:** [To be updated during session]
## Technique Sessions
### Assumption Reversal - 10 minutes
**Description:** Identify what United Tattoo would NEVER say to establish authentic boundaries
**Ideas Generated:**
1. "For the ones who live loud, tattoo proud, and believe in better" - forced verb usage, empty promises
2. "This isn't your average tattoo shop" - defensive positioning, cliche opening
3. "We're here to rewrite the narrative" - vague corporate speak with no clear meaning
4. "where everyone feels seen, respected, and hyped to walk through our doors" - outdated slang, trying too hard
5. "elevate the experience" - buzzword soup, unnecessarily verbose
6. "create a space where real connection matters" - stating obvious human nature as unique value
7. "we hire great people, not just great artists" - setting bar impossibly low
8. "bring both skill and soul to the table" - cliche metaphor mixing
9. "Every tattoo here is a story, a statement, and a shared moment" - overwrought emotional manipulation
**Insights Discovered:**
- LLM-generated copy defaults to meaningless adjective stacking
- Generic "transformation" language ignores actual tattoo shop reality
- Forced emotional narratives sound inauthentic and manipulative
- Defensive positioning ("not your average") suggests insecurity
- Buzzwords replace actual concrete value propositions
**Notable Connections:**
- All bad examples try to be everything to everyone instead of something specific
- Corporate speak completely disconnects from tattoo culture authenticity
- Overuse of transformation/elevation language feels condescending
### Role Playing - 15 minutes
**Description:** Discover authentic voice through real stakeholder interactions
**Ideas Generated:**
**Nervous First-Timer Response:**
- "Hey that's okay! Girl we all have been scared of getting a tattoo before, shit, I get scared sometimes even now"
- "You just let me know if you need a break, we can step out at any time, take a smoke break, just hang out"
- "We can go at your pace"
**Picky Client Response:**
- "Holy-fuck yeah- that's a lot-- that's okay though, I love having references!"
- "Do you mind taking a seat so you can break this down for me?"
**Insights Discovered:**
- Authentic voice uses mild profanity naturally, not performatively
- Real empathy comes from shared experience ("I get scared sometimes even now")
- Practical solutions over emotional theater ("take a smoke break, just hang out")
- Direct acknowledgment of chaos without judgment ("that's a lot")
- Collaborative problem-solving approach ("break this down for me")
**Notable Connections:**
- Authenticity = vulnerability + practicality
- Real tattoo artists talk like humans, not customer service scripts
- Genuine care shows through actions offered, not feelings described
### First Principles Thinking - 15 minutes
**Description:** Extract fundamental language rules from authentic interactions
**Core Rules Identified:**
**Rule 1: Direct acknowledgment beats diplomatic deflection**
- Rationale: When you leave things unsaid, people internalize and make assumptions. Blunt but friendly prevents judgment feelings.
- Bad: "We understand everyone has different comfort levels"
- Good: "Holy-fuck yeah- that's a lot"
**Rule 2: Offer practical solutions, not emotional theater**
- Rationale: "I'm not your fuckin dad" - beautiful humans interacting with beautiful humans, not therapy sessions
- Bad: "create a safe space where you feel supported"
- Good: "take a smoke break, just hang out"
**Rule 3: Plain speaking about pricing/time**
- Example: "Hey so because this is 6 inches long and I can tell that the complexity of the linework and shading is gonna take me an extra 2 hours, I'd feel comfortable doing this for $650, does that work for you?"
- Principle: Transparent, specific, respectful
**Rule 4: Handle difficult clients with patience, like a human**
- No elaborate customer service scripts
- Human-to-human problem solving
**Rule 5: Describe work in quantifiable terms with justified confidence**
- Bad: "93% proficient in opaques" (arbitrary metrics)
- Good: "I've been doing opaques on shading for 5 years, would you like to see some examples so you can judge for yourself?"
- Principle: If the artist, shop, portfolio or work can't justify the statement, don't make it
**Rule 6: Talk about other shops with kindness**
- "The shop doesn't fucking matter. It's a building with some idiots in it. People only come for the idiots."
- Focus on the artists, not competitive positioning
**Insights Discovered:**
- Transparency prevents assumptions and judgment feelings
- Confidence must be backed by demonstrable skill/experience
- Human-to-human interaction trumps customer service performance
- Competition isn't about shops, it's about individual artist quality
### Morphological Analysis - 10 minutes
**Description:** Test filtering system by transforming bad copy through United Tattoo rules
**Copy Transformation Examples:**
**Original:** "Artistry with integrity"
**Rules Applied:** Direct acknowledgment + quantifiable terms
**United Tattoo Version:** "We've been tattooing for [X years]. Here's our work."
**Original:** "More than ink—it's identity"
**Rules Applied:** No emotional theater + plain speaking
**United Tattoo Version:** "Good tattoos that'll look good in 20 years"
**Original:** "A space where creativity thrives"
**Rules Applied:** Focus on the idiots, not the building
**United Tattoo Version:** "Artists who know what they're doing"
**Test Case:** "We're here to rewrite the narrative, where everyone feels seen, respected, and hyped to walk through our doors"
**United Tattoo Filtered Version:** "It doesn't matter who you are, you will always have a home with the United Tattoo family."
**Analysis of Transformation:**
- Removed corporate buzzwords ("rewrite the narrative")
- Replaced performative emotions ("hyped") with genuine warmth
- Maintained inclusivity message but made it personal and direct
- Used "family" concept authentically rather than as marketing device
### Mind Mapping - 10 minutes
**Description:** Organize findings into practical rulebook structure
**Central Concept:** United Tattoo Brand Language Filter
**Branch 1: Core Principles**
- Respect reader intelligence - no big empty words that only impress idiots
- Use common ground language - not corporate speak or legal jargon
- Direct acknowledgment beats diplomatic deflection
- Practical solutions over emotional theater
**Branch 2: Language Guidelines**
- Plain speaking about pricing/process/time
- Justified confidence only (backed by demonstrable skill)
- Human-to-human tone in all interactions
- Transparency prevents assumptions and judgment
**Branch 3: Content Transformation Rules**
- Remove corporate buzzwords and meaningless adjective stacking
- Replace performative emotions with genuine warmth
- Convert abstract concepts to concrete actions
- Focus on artists and work, not building or brand positioning
**Branch 4: Communication Standards**
- Do not use words average person won't understand
- Goal: efficient communication on common ground
- Avoid condescending lawyer-speak and dehumanizing corporate language
- Need examples demonstrating accessible vs. inaccessible language
**Insights Discovered:**
- Intelligence respect = foundation of authentic communication
- Common ground language builds connection vs. corporate performance language
- Accessibility isn't dumbing down - it's efficient human communication
- Everything needs clear guidelines - meet but never exceed bare minimum professionalism
- 7th grade reading level should be maximum complexity for any content
- Nobody wants to read something 5 times to understand it
**Practical Examples:**
**Aftercare Instructions - Bad vs. Good:**
- Bad: "As the body's largest organ, your skin deserves careful attention after receiving a tattoo. At United Tattoo, we provide aftercare instructions based on recommended best practices to ensure the proper healing of your new body art. Our goal is to offer the most reliable and accurate information in the industry, informed by insights from medical professionals. These guidelines combine professional expertise, scientific research, and recommendations from the National Environmental Health Association's Body Art Model Code."
- Good: "### Read our aftercare instructions: *(informed by the National Environmental Health Association's Body Art Model Code)*"
**Pricing Communication:**
- Approach: "Pricing custom tattoos is hard. It depends on the artist and varies from one tattoo to the next."
**Tattoo Style Explanations:**
- Format: "this is realism. this is american traditional this is neotraditional this is cyber sigilism"
**Notable Connections:**
- Brevity respects time and intelligence
- Direct statements eliminate confusion
- Professional credibility through source citation, not verbose explanation
- Practical honesty about complexity instead of false simplification
## Idea Categorization
## Idea Categorization
### Immediate Opportunities
*Ideas ready to implement now*
1. **7th Grade Reading Level Standard**
- Description: All content must be understandable without re-reading
- Why immediate: Clear communication prevents customer confusion and builds trust
- Resources needed: Reading level checker tool, content audit
2. **Minimal Professional Standard**
- Description: Meet but never exceed bare minimum professionalism
- Why immediate: Eliminates pretentious language that alienates customers
- Resources needed: Style guide with specific examples
3. **Honest Complexity Acknowledgment**
- Description: "Pricing custom tattoos is hard" approach to difficult topics
- Why immediate: Builds trust through honesty vs. false simplification
- Resources needed: Template responses for complex topics
### Future Innovations
*Ideas requiring development/research*
1. **Complete Content Transformation System**
- Description: LLM filter that transforms any input through United Tattoo rules
- Development needed: Training examples, rule weighting, testing protocols
- Timeline estimate: 2-3 months development and testing
2. **Industry-Wide Language Movement**
- Description: Influence other tattoo shops to adopt authentic communication
- Development needed: Case studies, success metrics, outreach strategy
- Timeline estimate: 6-12 months for measurable impact
### Moonshots
*Ambitious, transformative concepts*
1. **Anti-Corporate Communication Standard for Service Industries**
- Description: United Tattoo approach becomes model for all local businesses
- Transformative potential: Reshape how small businesses communicate authentically
- Challenges to overcome: Corporate marketing industry resistance, scaling personalization
### Insights & Learnings
*Key realizations from the session*
- Corporate speak exists because people think it sounds professional, but it actually insults customer intelligence
- Authentic tattoo shop communication = vulnerability + practicality + justified confidence
- The best language guideline is asking "Would a human being actually say this?"
- Brevity that respects time and intelligence builds more trust than verbose explanations
- Professional credibility comes from source citation and honest complexity acknowledgment, not big words
## Action Planning
## Action Planning
### Top 3 Priority Ideas
#### #1 Priority: Implement 7th Grade Reading Level Standard
- **Rationale:** Immediate impact on all customer communications, eliminates confusion and re-reading
- **Next steps:** Audit current website copy, create reading level checklist, rewrite problem areas
- **Resources needed:** Reading level checker tool, content inventory spreadsheet
- **Timeline:** 2-3 weeks for complete website overhaul
#### #2 Priority: Create LLM Brand Language Filter
- **Rationale:** Scalable solution for all future content creation, prevents regression to corporate speak
- **Next steps:** Document all transformation rules with examples, test with current bad copy
- **Resources needed:** Rule documentation, before/after examples database, LLM prompt engineering
- **Timeline:** 1-2 weeks for initial filter creation and testing
#### #3 Priority: Transform High-Impact Pages First
- **Rationale:** Focus on pages customers see most (pricing, aftercare, artist bios)
- **Next steps:** Identify top 5 customer-facing pages, apply rules, A/B test if possible
- **Resources needed:** Analytics data for page priority, rewrite time allocation
- **Timeline:** 1 week for core page transformation
## Reflection & Follow-up
### What Worked Well
### Areas for Further Exploration
### Recommended Follow-up Techniques
### Questions That Emerged
---
*Session facilitated using the BMAD-METHOD™ brainstorming framework*

254
docs/united_tattoo_brand_language_guidelines.md
View File

@ -1,254 +0,0 @@
# United Tattoo Brand Language Guidelines
Version: 1.0
Maintainers: United Tattoo Team
Source: Brainstorming session facilitated by Business Analyst Mary (Dec 19, 2024)
Purpose
- Codify a practical, comprehensive rulebook for United Tattoos voice and language.
- Transform generic or corporate-sounding copy into authentic, human United Tattoo communication.
- Provide checklists, templates, and examples that are simple to adopt across all customer touchpoints.
Guiding Principle
- Would a human being actually say this? If not, rewrite it.
Foundations
- Respect customer intelligence. Avoid buzzwords, empty promises, and performance language.
- 7th grade reading level maximum. No one should re-read a sentence to understand it.
- Keep it practical, honest, and grounded in real tattoo shop interactions.
- Prefer brevity and clarity over cleverness.
- Talk like an expert who is comfortable and kind—not like a brand trying to impress.
Core Language Rules (from First Principles)
1) Direct acknowledgment beats diplomatic deflection
- Rationale: When you leave things unsaid, people fill in the blanks and feel judged. Plain, friendly honesty prevents that.
- Bad: “We understand everyone has different comfort levels.”
- Good: “Holy-fuck yeah— thats a lot.”
2) Offer practical solutions, not emotional theater
- Rationale: Beautiful humans interacting with beautiful humans. No therapy sessions or performative empathy.
- Bad: “We create a safe space where you feel supported.”
- Good: “If you need a break, say the word. We can step out, take a smoke break, just hang out.”
3) Plain speaking about pricing/time
- Example: “Because this is ~6 inches and the linework/shading will add ~2 hours, Id be comfortable doing this for $650. Does that work for you?”
- Principle: Transparent, specific, respectful.
4) Handle difficult clients with patience, like a human
- No elaborate customer service scripts.
- Solve the actual problem in front of you, calmly.
5) Describe work in quantifiable terms with justified confidence
- Bad: “93% proficient in opaques.”
- Good: “Ive been doing opaques on shading for 5 years. Want to see a few examples so you can judge for yourself?”
- Principle: If you cant justify it with work or experience, dont say it.
6) Talk about other shops with kindness
- Quote: “The shop doesnt fucking matter. Its a building with some idiots in it. People come for the idiots.”
- Focus on the artists and the work, not competitive positioning.
Voice and Tone
- Human, direct, and warm—but not performative.
- Use mild profanity naturally when it fits; never to posture.
- Show empathy through actions offered (breaks, pacing, clarity), not scripted emotions.
- Confidence is quiet and justified—show your receipts (portfolio, years, examples).
- Inclusive in a normal, human way. Avoid theatrical inclusion statements; prefer direct welcome.
Style Standards
- Reading level: Grade 7 or lower.
- Contractions: Use them. Sounds human.
- Jargon: Minimize. If needed, explain briefly.
- Numbers & estimates: Be specific when you can (inches, hours, dollar ranges).
- Swearing: Mild, natural, never as an aesthetic. Dont punch down. Dont overdo it.
- Capitalization & punctuation: Standard English. Avoid Title Case inside sentences. Use em dashes sparingly.
- Avoid abstract metaphors and grandiose claims.
AntiPatterns (Never Say)
- “For the ones who live loud, tattoo proud, and believe in better”
- “This isnt your average tattoo shop”
- “Were here to rewrite the narrative”
- “Where everyone feels seen, respected, and hyped to walk through our doors”
- “Elevate the experience”
- “Create a space where real connection matters”
- “We hire great people, not just great artists”
- “Bring both skill and soul to the table”
- “Every tattoo here is a story, a statement, and a shared moment”
Why: Forced verbs, defensive positioning, buzzword soup, vague feelgood performance language.
Preferred Patterns (Do Say)
- “Weve been tattooing for X years. Heres our work.”
- “Good tattoos thatll still look good in 20 years.”
- “Artists who know what theyre doing.”
- “It doesnt matter who you are— youve got a home here.”
Copy Transformation Framework
Use this 4step filter to convert bad copy into United Tattoo voice.
Step 1: Strip the theater
- Delete buzzwords, transformation language, and vague hype.
- Translate abstract claims into plain, observable facts.
Step 2: Ground in reality
- Add concrete details: sizes, hours, dollar ranges, what will actually happen.
Step 3: Offer actions, not feelings
- Add helpful options (breaks, pacing, next step, example links) instead of performative empathy.
Step 4: Read like a human
- Contractions. Short sentences. Grade7 reading level. Ask “Would a human say this?”
Transformation Checklist
- [ ] No buzzwords or vague promises remain
- [ ] Concrete details replace abstract claims
- [ ] Practical options offered (what the person can do next)
- [ ] Grade7 reading level or lower
- [ ] Sounds like a human, not a brand
- [ ] Confidence is justified with examples/time/experience
Templates and Patterns
Pricing Template
- “Because [size/specs] and [technique/complexity], this will take about [hours]. Id be comfortable doing it for [$amount or $range]. Does that work for you?”
- “If you want to keep it closer to [$lower], we can simplify [specific parts].”
Aftercare Callout
- “Read our aftercare instructions (informed by the National Environmental Health Associations Body Art Model Code).”
- Keep the main page short. Link to the details.
Nervous FirstTimer
- “Being nervous is normal— we all were before our first tattoo. If you need a break at any time, say the word. We can step out, take a smoke break, or just hang out. Well go at your pace.”
Picky Client (Lots of References)
- “Thats a lot— which is fine. Grab a seat and walk me through the top 23 things you care about most. Well build from there.”
Tattoo Style Explanations
- “This is realism. This is American traditional. This is neotraditional. This is cyber sigilism.” (Short, clear, label things plainly. Link to examples.)
Difficult Situations
- “I hear you. Here are two ways we can solve this today: [Option A], [Option B]. Your call.”
Before/After Examples
Example 1
- Original: “Artistry with integrity.”
- United Tattoo: “Weve been tattooing for [X years]. Heres our work.” [link]
Example 2
- Original: “More than ink— its identity.”
- United Tattoo: “Good tattoos thatll look good in 20 years.”
Example 3
- Original: “A space where creativity thrives.”
- United Tattoo: “Artists who know what theyre doing.”
Example 4 (Inclusivity Hype)
- Original: “Were here to rewrite the narrative, where everyone feels seen, respected, and hyped to walk through our doors.”
- United Tattoo: “It doesnt matter who you are— youve got a home here.”
Reading Level and QA
- Standard: Grade7 max.
- Tools: Use any readability checker (e.g., FleschKincaid or Hemingway). Adjust until it passes.
- QA Checks:
- [ ] Short, clear sentences
- [ ] Concrete details
- [ ] No buzzwords/performance language
- [ ] Offers practical next steps
- [ ] Tone: calm, confident, kind
Governance
- Ownership: Content lead and shop manager signoff on highimpact pages (pricing, aftercare, booking, artist bios).
- Review cadence: Quarterly review of top pages. Spotcheck new pages at publish time.
- Updates: When adding new styles/services, add 12 plain examples + portfolio links. Rerun transformation checklist.
- Training: New hires read this guide and do one transformation exercise before publishing copy.
Implementation Plan (from Action Planning)
1) Implement Reading Level Standard
- Audit all website copy
- Create a simple readinglevel checklist
- Rewrite problem areas
- Target: 23 weeks
2) Create Brand Language LLM Filter
- Document rules (this guide)
- Build before/after examples set
- Draft initial prompt template (see below), test on worst offenders
- Target: 12 weeks
3) Transform HighImpact Pages First
- Prioritize pricing, aftercare, artist bios, booking flow
- A/B test if possible; otherwise collect anecdotal feedback
- Target: ~1 week
LLM Brand Filter Prompt Template
Use this with your preferred LLM to transform drafts automatically.
"""
You are the United Tattoo Brand Language Filter.
Transform the following copy into United Tattoo voice using these rules:
- Human, direct, grade7 reading level max
- No buzzwords, no transformation theater
- Offer practical options/actions instead of performative empathy
- Justified confidence only (backed by examples/experience)
- Prefer concrete details (sizes, hours, dollar ranges)
- Would a human actually say this?
Output format:
1) Original
2) Rule Violations Found (bullets)
3) Transformed Version
4) Notes (what changed and why, keep brief)
Copy:
[PASTE TEXT HERE]
"""
FAQ Fragments and Microcopy
Booking CTA
- “Book a consult”
- “Message an artist”
- “Get a price range”
Portfolio Nudge
- “Here are 6 pieces similar to what you want.”
Rescheduling
- “If something changes, tell us as soon as you can and well rebook you.”
Deposits
- “Deposits lock the spot and go toward your total. If you cancel lastminute, they dont come back— our artists set aside that time.”
TouchUps
- “If something heals weird, message us. Well take a look and figure out the best fix.”
Quality Claims (Justified Only)
- “Weve done [X] sleeves and [Y] portraits this year. Here are a few.” [link]
Appendix: Why This Matters
- Corporate speak looks “professional” but actually insults intelligence and creates distance.
- Authentic shop communication = vulnerability + practicality + justified confidence.
- Brevity with clarity builds more trust than verbose claims.
- Credibility comes from clear examples, clean portfolios, and honest constraints— not big words.
Quick Reference Cards (Printable)
Card A: 6 Rules
- Direct over diplomatic
- Practical over performative
- Plain pricing/time
- Human patience
- Justified confidence
- Kind to other shops
Card B: Do/Dont
- Do: short, concrete, helpful
- Dont: buzzwords, vague promises, defensive positioning
Card C: Rapid Pricing Script
- “Because [size/specs] and [technique], ~[hours]. Comfortable at [$]. If you want to stay near [$lower], we can simplify [parts]. Work for you?”
Card D: Nervous FirstTimer
- “Nervous is normal. Say break anytime. Well go at your pace.”
End of Guidelines

125
implementation_plan.md
View File

@ -1,125 +0,0 @@
# Implementation Plan
[Overview]
Improve the mobile experience of the homepage while preserving the current desktop appearance, focusing on easier navigation and a beautiful, performant presentation.
The current homepage uses large full-screen sections, a parallax hero, and multi-column artist/service layouts that look strong on desktop. On small screens, some patterns (e.g., full-screen stacked service sections, two-column contact layout, and a top nav that hides until scrolling) reduce wayfinding and increase friction. This plan adds a mobile-first layer: a persistent bottom “Book Now” bar, a swipeable carousel for Services, stacked Contact content, and mobile visibility improvements to the top navigation—all gated behind responsive Tailwind classes (lg: variants) to ensure desktop remains unchanged.
We will leverage existing shadcn/ui primitives, the shipped Embla Carousel, and Tailwind responsive utilities. No new dependencies are required. Changes are scoped to the homepage and components it renders. All animations and transforms are limited on mobile to maintain performance and reduce jank.
[Types]
Introduce lightweight UI types to improve clarity for mobile-only components.
- export type SectionId = "home" | "artists" | "services" | "contact"
- export interface Service {
title: string
description: string
features: string[]
price: string
bgColor?: string
image?: string
}
- export interface MobileBookingBarProps {
label?: string
href: string
show?: boolean
}
Notes:
- The `services` data already lives inline in components/services-section.tsx; well co-locate the `Service` interface in the new mobile carousel component or in that file to keep cohesion.
- SectionId is useful for navigation/active state logic if needed in future refactors.
- Props are optional and defaulted to keep components ergonomic.
[Files]
Add mobile-only components and apply responsive modifications to existing files. No deletions; all desktop code paths remain intact.
New files:
- components/mobile-booking-bar.tsx
- Purpose: Persistent bottom CTA bar (only on small screens) linking to /book. Uses safe-area insets and elevated z-index. Hidden on lg and up.
- components/services-mobile-carousel.tsx
- Purpose: Mobile-only swipeable carousel rendering the same services content in a compact, card-first format using shadcn/ui Carousel (Embla).
- Accepts `services: Service[]` or imports from the same module if kept inline for a single source of truth.
Existing files to modify:
- app/page.tsx
- Add `<MobileBookingBar />` just after `<Navigation />` so its globally available on the homepage. Guard with `lg:hidden`.
- components/navigation.tsx
- Ensure the top nav is visible and interactive at the top of the page on mobile (currently hidden until scroll due to `opacity-0 pointer-events-none`).
- Add small-screen behavior: always visible container on mobile with subtle transparent backdrop; keep existing behavior on desktop.
- components/services-section.tsx
- Replace current mobile `lg:hidden` full-screen stack with the new mobile carousel.
- Keep desktop split composition and scrolling experience unchanged (guard with `lg:`).
- components/contact-section.tsx
- Convert the fixed `w-1/2` two-column layout into a stacked mobile layout (`flex-col`, `w-full lg:w-1/2`) while preserving the current desktop (`lg:flex-row`).
- Keep brand background and parallax but dampen/limit on mobile to reduce jank.
- styles/globals.css (no structural changes required)
- Optional: add CSS note for safe-area usage reference; final implementation will rely on inline styles/Tailwind utilities.
Files to delete or move:
- None.
Configuration updates:
- None required. Tailwind and shadcn/ui already configured. `embla-carousel-react` is present.
[Functions]
Add mobile-only components and adjust existing components with mobile-guarded branches. All changes are responsive-only to avoid altering desktop.
New functions/components:
- components/mobile-booking-bar.tsx
- export function MobileBookingBar(props: MobileBookingBarProps): JSX.Element
- Renders fixed bottom bar (safe-area aware) with a prominent “Book Now” button linking to /book. `className` uses `lg:hidden` to ensure desktop is unaffected.
- components/services-mobile-carousel.tsx
- export function ServicesMobileCarousel({ services }: { services: Service[] }): JSX.Element
- Uses shadcn/ui Carousel primitives: `Carousel`, `CarouselContent`, `CarouselItem`, `CarouselNext`, `CarouselPrevious`.
- Card layout: service title, short copy, features, price, and a “Book Now” button. Optimized tap targets.
Modified functions/components:
- app/page.tsx (default export HomePage)
- Insert `<MobileBookingBar />` after `<Navigation />`.
- components/navigation.tsx (export function Navigation)
- Add `isMobile` calculation (e.g., via matchMedia or an existing `use-mobile` hook) and adjust the className logic:
- On mobile: show nav at top by default with interactive controls (remove `pointer-events-none`/`opacity-0` at top of page).
- On desktop: preserve current behavior and styles.
- components/services-section.tsx (export function ServicesSection)
- Import and render `<ServicesMobileCarousel />` in a `lg:hidden` block.
- Keep existing left menu + right scroller solely in `lg:` scope.
- components/contact-section.tsx (export function ContactSection)
- Wrap main two columns with `flex-col lg:flex-row`; change each child to `w-full lg:w-1/2`.
- Ensure spacing/padding on mobile is comfortable; no changes to desktop classes.
Removed functions/components:
- None. We only replace the mobile branch of Services with a carousel but keep the desktop branch untouched.
[Classes]
No class-based components. All are function components.
- New components use React function components with TypeScript props.
- No inheritance changes.
[Dependencies]
No new dependencies.
- `embla-carousel-react` already present and shadcn/ui `components/ui/carousel.tsx` is in the repo.
- No package.json updates required.
[Testing]
Targeted mobile validation across breakpoints without impacting desktop.
- Manual QA on common device widths (e.g., 360, 390, 414, 768).
- Verify:
- Navigation is visible at top on mobile and toggles the drawer correctly.
- Persistent bottom “Book Now” bar is present on the homepage and does not overlap footer content (safe-area works on iOS).
- Services are swipeable; arrows and swipe gestures function; CTAs navigate to /book.
- Contact section stacks vertically and fields remain accessible.
- Desktop (≥ lg) remains pixel-identical to current implementation.
- Optional: lightweight React Testing Library tests for rendering/mobile-only presence toggles.
- Optional: Playwright e2e smoke for scroll, nav toggle, carousel swipe on a preview environment.
[Implementation Order]
Implement mobile-only components first, then integrate into the homepage and adjust existing sections, verifying desktop remains unchanged after each step.
1) Create components/mobile-booking-bar.tsx (persistent bottom CTA; `lg:hidden`; safe-area support).
2) Create components/services-mobile-carousel.tsx (Embla-based; card layout; `lg:hidden` wrapper usage).
3) Integrate MobileBookingBar into app/page.tsx (just after Navigation).
4) Modify components/services-section.tsx to use the new mobile carousel and keep the existing desktop implementation behind `lg:` guards. Remove/replace the current mobile `lg:hidden` full-screen stack.
5) Adjust components/contact-section.tsx to stack on mobile (`flex-col`, `w-full lg:w-1/2`) and retain current desktop layout.
6) Update components/navigation.tsx to ensure the nav is visible and interactive at top on mobile (leave desktop behavior intact).
7) QA: Verify mobile behaviors across breakpoints, then confirm desktop visual/behavioral parity.
8) Polish: Confirm safe-area, hit-target sizes, and accessible labels; check scroll-to-section offsets still correct on mobile.