6.3 KiB
6.3 KiB
# Casa Benell - Dev Plan 1
Goal
Stabilize UI quality (responsive + proportional typography), adopt final brand assets, and start backend foundations for users/roles/invitations with PostgreSQL and SMTP.
Current pain points (from first pass)
- Typography scale is too large in several views.
- Numeric values overflow cards and break layout.
- Desktop-first layout is not fully adaptive on mobile.
- Sidebar needs a true mobile hamburger/sheet pattern.
- Brand assets in use are placeholders, not final logo/character files.
- No DB/auth/invite flow yet (all role switching is local UI state).
Inputs confirmed
- Final logo source:
/home/mdares03/benell/example_ui_img/benell_logo.webp - Theme character source:
/home/mdares03/benell/example_ui_img/Logo Benito.png
Implementation strategy (phased)
Phase 1 - Responsive UI hardening
Scope:
- Normalize type scale and spacing so content always fits card boundaries.
- Prevent number overflow in KPI cards, tables, and right panels.
- Add mobile nav with hamburger + slide-out menu.
- Improve responsive behavior for top bar filters/search/role selector.
Tasks:
- Define responsive typography tokens with
clamp(...)and semantic utility classes. - Replace oversized heading/body classes with tokenized scale:
- H1/H2/H3/body/label/caption.
- Apply overflow-safe text rules:
min-w-0in flex/grid children.truncate/break-wordswhere needed.tabular-numsfor KPI numeric alignment.
- Refactor cards/tables to use adaptive grids:
- desktop: 4 columns where available
- tablet: 2 columns
- mobile: 1 column
- Build mobile sidebar pattern:
- top-left hamburger button
- drawer/sheet navigation
- keyboard and focus support
- Make Sankey containers responsive with controlled heights by breakpoint.
- Validate at widths: 360, 390, 768, 1024, 1280, 1536.
Acceptance criteria:
- No text or numbers overflow containers at target breakpoints.
- Dashboard, Financial Flow, Meetings, People remain usable on mobile.
- Navigation works via sidebar (desktop) and hamburger drawer (mobile).
Phase 2 - Final brand asset integration
Scope:
- Replace placeholder brand files with provided official assets.
Tasks:
- Copy and normalize assets into
/public/brand/:logo.webpfrombenell_logo.webpmascot.pngfromLogo Benito.png
- Update components to use final files in:
- sidebar/header brand block
- login page
- empty states
- Verify object-fit/crop so assets render clean on desktop + mobile.
Acceptance criteria:
- Only final brand assets are used in app shell and empty states.
- No stretching, clipping, or quality loss in common viewport sizes.
Phase 3 - PostgreSQL foundation + RBAC data model
Scope:
- Start real user data layer with psql.
- Keep mock business metrics for now, but migrate auth/user/role from local store to DB-backed model.
Tech decisions (proposed):
- ORM: Prisma
- DB: PostgreSQL
- Auth/session: NextAuth/Auth.js with DB adapter
- Password hashing: bcrypt
- Email: Nodemailer SMTP transport
Core schema (initial):
usersid,name,email(unique),password_hash,status,created_at,updated_at
rolesid,key(owner|leader|employee),name
user_rolesuser_id,role_id(many-to-many)
invitationsid,email,role_key,token_hash,expires_at,accepted_at,invited_by,created_at
user_locations(optional in this phase, recommended)user_id,location_id
Tasks:
- Add Prisma and configure
DATABASE_URL. - Create schema + first migration.
- Add seed script for default roles and bootstrap owner account.
- Add auth route handlers and session callback to include role.
- Add middleware route protection for authenticated app routes.
- Replace UI-only role switcher with role from session (keep optional dev override flag).
Acceptance criteria:
- App can connect to PostgreSQL locally.
- At least one owner user can login from DB.
- Protected routes reject anonymous requests.
- Role can be read from DB session payload.
Phase 4 - Invitation flow via SMTP
Scope:
- Admin/owner can invite users by email and assign role.
Tasks:
- Add env variables for SMTP and app URLs.
- Create server actions or API routes:
POST /api/invitationsPOST /api/invitations/accept
- Generate secure random invitation tokens; store hash only.
- Send email with invitation link (token + expiry).
- Create acceptance page:
- set password
- confirm profile basics
- finalize user + role assignment
- Add invitation status UI in admin/settings page.
Acceptance criteria:
- Owner can send invite with selected role.
- Recipient can accept invite and create account before expiry.
- Used/expired tokens are rejected.
Phase 5 - Operational readiness and migration cleanup
Scope:
- Make deployment process stable under existing systemd flow.
Tasks:
- Add
.env.examplewith required vars only (no secrets). - Add startup checks for missing env values.
- Document production sequence:
npm run buildsudo systemctl restart benell.service
- Add backup/rollback notes for DB migrations.
Acceptance criteria:
- Clear runbook for local/prod env setup.
- No manual guessing for env keys or migration order.
Environment variables to add (planned)
DATABASE_URL=postgresql://...NEXTAUTH_URL=https://benell.maliountech.com.mxNEXTAUTH_SECRET=...SMTP_HOST=...SMTP_PORT=587SMTP_USER=...SMTP_PASS=...SMTP_FROM="Casa Benell <noreply@...>"INVITE_TTL_HOURS=72
Risks and mitigations
- Risk: auth migration blocks UI progress.
- Mitigation: complete UI responsive fixes first, then backend integration.
- Risk: role logic duplicated in client and server.
- Mitigation: single source of truth from session role, with temporary dev override only.
- Risk: invite token leakage.
- Mitigation: store hashed tokens, set short expiry, single-use tokens.
Execution order
- Phase 1 (UI hardening)
- Phase 2 (brand assets)
- Phase 3 (DB + auth + RBAC)
- Phase 4 (SMTP invites)
- Phase 5 (runbook + stability)
Deliverables for this plan
- Responsive and proportional UI baseline.
- Mobile hamburger navigation.
- Final branding applied.
- PostgreSQL user/role foundation.
- SMTP invitation workflow.
- Updated docs for env and deployment.