Merge pull request #64 from MicroPyramid/dev

Dev

Author: ashwin31

.env.example

@@ -0,0 +1,18 @@
+GOOGLE_CLIENT_ID="your-google-client-id-here"
+GOOGLE_CLIENT_SECRET="your-google-client-secret-here"
+GOOGLE_LOGIN_DOMAIN="http://localhost:5173"
+DATABASE_URL="postgresql://username:password@localhost:5432/bottlecrm?schema=public"
+
+# API Configuration
+API_PORT=3001
+JWT_SECRET=your-super-secure-jwt-secret-key-change-this-in-production
+JWT_EXPIRES_IN=24h
+FRONTEND_URL=http://localhost:5173
+
+# Logging Configuration
+ENABLE_REQUEST_LOGGING=true
+LOG_REQUEST_BODY=false
+LOG_RESPONSE_BODY=false
+
+# Environment
+NODE_ENV=development

CLAUDE.md

@@ -0,0 +1,98 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+BottleCRM is a SaaS CRM platform built with SvelteKit, designed for startups and enterprises with role-based access control (RBAC). The application features multi-tenancy through organizations, with strict data isolation enforced at the database level.
+
+## Technology Stack
+
+- **Frontend**: SvelteKit 2.x with Svelte 5.x
+- **Styling**: TailwindCSS 4.x
+- **Database**: PostgreSQL with Prisma ORM
+- **Icons**: Lucide Svelte
+- **Validation**: Zod
+- **Package Manager**: pnpm
+
+## Development Commands
+
+```bash
+# Development server
+pnpm run dev
+
+# Build for production
+pnpm run build
+
+# Preview production build
+pnpm run preview
+
+# Type checking
+pnpm run check
+
+# Type checking with watch mode
+pnpm run check:watch
+
+# Linting and formatting (both required to pass)
+pnpm run lint
+
+# Format code
+pnpm run format
+
+# Database operations
+npx prisma migrate dev
+npx prisma generate
+npx prisma studio
+```
+
+## Architecture Overview
+
+### Multi-Tenant Structure
+- **Organizations**: Top-level tenant containers with strict data isolation
+- **Users**: Can belong to multiple organizations with different roles (ADMIN/USER)
+- **Super Admin**: Users with @micropyramid.com email domain have platform-wide access
+
+### Core CRM Entities
+- **Leads**: Initial prospects that can be converted to Accounts/Contacts/Opportunities
+- **Accounts**: Company/organization records
+- **Contacts**: Individual people associated with accounts
+- **Opportunities**: Sales deals with pipeline stages
+- **Tasks/Events**: Activity management
+- **Cases**: Customer support tickets
+- **Products/Quotes**: Sales catalog and quotation system
+
+### Authentication & Authorization
+- Session-based authentication using cookies (`session`, `org`, `org_name`)
+- Organization selection required after login via `/org` route
+- Route protection in `src/hooks.server.js`:
+  - `/app/*` routes require authentication and organization membership
+  - `/admin/*` routes restricted to @micropyramid.com domain users
+  - `/org` route for organization selection
+
+### Data Access Control
+- All database queries must include organization filtering
+- User can only access data from organizations they belong to
+- Prisma schema enforces relationships with `organizationId` foreign keys
+
+### Route Structure
+- `(site)`: Public marketing pages
+- `(no-layout)`: Auth pages (login, org selection)
+- `(app)`: Main CRM application (requires auth + org membership)
+- `(admin)`: Platform administration (requires @micropyramid.com email)
+
+### Key Files
+- `src/hooks.server.js`: Authentication, org membership validation, route protection
+- `src/lib/prisma.js`: Database client configuration
+- `src/lib/stores/auth.js`: Authentication state management
+- `prisma/schema.prisma`: Complete database schema with RBAC models
+
+## Form Development
+- All form labels must be properly associated with form controls for accessibility
+- Use Zod for form validation
+- Follow existing patterns in `/contacts`, `/leads`, `/accounts` for consistency
+
+## Security Requirements
+- Never expose cross-organization data
+- Always filter queries by user's organization membership
+- Validate user permissions before any data operations
+- Use parameterized queries via Prisma to prevent SQL injection

ENV.md

@@ -1,79 +1,205 @@
 # BottleCRM: Free and Open Source Customer Relationship Management
 
 <div align="center">
-  <h3>Powerful, Modern CRM for Everyone</h3>
+  <h3>Powerful, Modern Multi-Tenant CRM for Everyone</h3>
 </div>
 
-BottleCRM is a free, open-source Customer Relationship Management solution designed to help small and medium businesses effectively manage their customer relationships. Built with modern technologies, it offers a comprehensive set of features without the enterprise price tag.
+BottleCRM is a free, open-source Customer Relationship Management solution designed to help small and medium businesses effectively manage their customer relationships. Built with modern technologies and enterprise-grade multi-tenancy, it offers a comprehensive set of features without the enterprise price tag.
 
-## 🚀 Features
+## ✨ Key Highlights
 
+- **Multi-Tenant Architecture**: Secure organization-based data isolation
+- **Role-Based Access Control**: Granular permissions for users and admins
+- **Modern Technology Stack**: Built with SvelteKit 2.x, Svelte 5.x, and PostgreSQL
+- **Mobile-First Design**: Responsive interface optimized for all devices
+
+## 🚀 Core Features
+
+### Sales & Lead Management
 - **Lead Management**: Track and nurture leads from initial contact to conversion
 - **Account Management**: Maintain detailed records of customer accounts and organizations
 - **Contact Management**: Store and organize all your customer contact information
+- **Opportunity Management**: Track deals through your sales pipeline with customizable stages
+
+### Customer Support
 - **Case Management**: Handle customer support cases and track resolution
+- **Solution Knowledge Base**: Maintain searchable solutions for common issues
+- **Multi-Channel Support**: Handle cases from various origins (email, web, phone)
+
+### Productivity & Collaboration
 - **Task Management**: Never miss a follow-up with built-in task tracking
-- **Opportunity Management**: Track deals through your sales pipeline
-- **Mobile Friendly**: Access your CRM data on any device
-- **Modern UI**: Clean, intuitive interface built with Svelte and TailwindCSS
+- **Event Management**: Schedule and manage meetings and activities
+- **Board Management**: Trello-like kanban boards for project tracking
+- **Comment System**: Collaborate with team members on records
+
+### Sales Tools
+- **Quote Management**: Generate professional quotes with line items
+- **Product Catalog**: Maintain product inventory with pricing
+- **Sales Pipeline**: Visual opportunity tracking with probability scoring
+
+### Administrative Features
+- **User Management**: Add team members with appropriate role assignments
+- **Organization Management**: Multi-tenant structure with data isolation
+- **Audit Logging**: Complete activity tracking for compliance
+- **Super Admin Panel**: Platform-wide management for system administrators
 
 ## 🔮 Coming Soon
 
 - **Invoice Management**: Create, send, and track invoices (in development)
 - **Email Integration**: Connect your email accounts for seamless communication
 - **Analytics Dashboard**: Make data-driven decisions with powerful reporting tools
+- **API Integration**: REST API for third-party integrations
 
-## 🖥️ Technologies
+## 🖥️ Technology Stack
 
-- **Frontend**: SvelteKit, Flowbite-Svelte, TailwindCSS
-- **Backend**: Prisma ORM with your choice of database
-- **Authentication**: Built-in authentication system
+- **Frontend**: SvelteKit 2.x, Svelte 5.x, TailwindCSS 4.x
+- **Backend**: Node.js with Prisma ORM
+- **Database**: PostgreSQL (recommended) with multi-tenant schema
+- **Authentication**: Session-based authentication with organization membership
+- **Icons**: Lucide Svelte icon library
+- **Validation**: Zod for type-safe form validation
 
 ## 🚀 Getting Started
 
 ### Prerequisites
 
-- Node.js (v20 or newer)
-- npm, pnpm, or yarn package manager
-- A database (PostgreSQL recommended)
+- **Node.js**: v22.13.0 (use nvm for version management)
+- **Package Manager**: pnpm (recommended)
+- **Database**: PostgreSQL (required for multi-tenancy features)
 
 ### Installation
 
-1. Clone the repository:
+1. **Clone the repository:**
 ```bash
 git clone https://github.com/micropyramid/svelte-crm.git
 cd svelte-crm
 ```
 
-2. Install dependencies:
+2. **Set up Node.js version:**
+```bash
+nvm use 22.13.0
+```
+
+3. **Install dependencies:**
 ```bash
 pnpm install
 ```
 
-3. Configure your environment variables (see `.env.example`)
+4. **Configure environment variables:**
+Create a `.env` file based on the following template:
+```env
+# Database Configuration
+DATABASE_URL="postgresql://postgres:password@localhost:5432/bottlecrm?schema=public"
 
-4. Run database migrations:
+# Google OAuth (Optional)
+GOOGLE_CLIENT_ID=""
+GOOGLE_CLIENT_SECRET=""
+GOOGLE_LOGIN_DOMAIN="http://localhost:5173"
+```
+
+5. **Set up the database:**
 ```bash
+# Generate Prisma client
+npx prisma generate
+
+# Run database migrations
 npx prisma migrate dev
+
+# (Optional) Open Prisma Studio to view data
+npx prisma studio
 ```
 
-5. Start the development server:
+6. **Start the development server:**
 ```bash
 pnpm run dev
 ```
 
+### Development Workflow
+
+Before committing code, ensure quality checks pass:
+
+```bash
+# Type checking
+pnpm run check
+
+# Linting and formatting
+pnpm run lint
+
+# Build verification
+pnpm run build
+```
+
+### Production Deployment
+
+```bash
+# Set Node.js version
+nvm use 22.13.0
+
+# Generate Prisma client
+npx prisma generate
+
+# Run production migrations
+npx prisma migrate deploy
+
+# Build application
+pnpm run build
+
+# Start production server
+pnpm run preview
+```
+
+## 🏗️ Architecture & Security
+
+### Multi-Tenant Design
+- **Organization Isolation**: Complete data separation between organizations
+- **Role-Based Access**: Users can have different roles across organizations
+- **Session Management**: Secure cookie-based authentication with organization context
+
+### User Roles
+- **User**: Standard access to organization data
+- **Admin**: Organization-level administrative privileges
+- **Super Admin**: Platform-wide access (requires @micropyramid.com email)
+
+### Data Security
+- All database queries are organization-scoped
+- Strict permission validation on all routes
+- Audit logging for compliance and tracking
+
+## 📁 Project Structure
+
+```
+src/
+├── routes/
+│   ├── (site)/          # Public marketing pages
+│   ├── (no-layout)/     # Authentication pages
+│   ├── (app)/           # Main CRM application
+│   └── (admin)/         # Super admin panel
+├── lib/
+│   ├── stores/          # Svelte stores for state management
+│   ├── data/            # Static data and configurations
+│   └── utils/           # Utility functions
+└── hooks.server.js      # Authentication and route protection
+```
+
 ## 💬 Community and Feedback
 
 We love to hear from our users! Please share your feedback, report bugs, or suggest new features:
 
-- Open an issue on GitHub
-- Join our community forum
-- Contribute code via pull requests
+- **Issues**: Open an issue on GitHub for bugs and feature requests
+- **Discussions**: Join community discussions for general questions
+- **Pull Requests**: Contribute code improvements and new features
 
 ## 🤝 Contributing
 
 We welcome contributions of all kinds! See our [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to get started.
 
+### Development Guidelines
+- Follow existing code patterns and conventions
+- Ensure all forms have proper accessibility (labels associated with controls)
+- Never use `$app` imports from SvelteKit (see packaging best practices)
+- Always filter database queries by organization membership
+- Add appropriate error handling and validation
+
 ## 📄 License
 
 BottleCRM is open source software [licensed as MIT](LICENSE).