Files
app/README.md
BOHA b4f859ea6e docs: codify audit rules in CLAUDE.md + README + audit records
CLAUDE.md: new "2026-06-09 audit" enforced-rules section (mandatory coercion
helpers, deterministic id-tiebreak ordering, $queryRaw FOR-UPDATE locking
discipline, uniqueness-in-transaction, guard reads, Rules-of-Hooks, seed prod
guard), lint/typecheck/format commands, and the app_test/.env.test testing
section with the hard-throw guard.

README rewritten from the placeholder stub (setup/run/build/test/gates/migrations).

REVIEW.md / REVIEW_FINDINGS.md / REVIEW_FIXES.md: the full audit record — 277
files reviewed, ~362 findings, every one fixed and verified.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-09 06:45:37 +02:00

74 lines
2.1 KiB
Markdown

# boha-app-ts
Internal business-management system for a Czech company (attendance, invoicing,
leave/trips, projects, vehicles, warehouse, HR) — a TypeScript/Node.js rewrite
of the legacy PHP app. User-facing text is Czech by design.
> For full architecture, conventions, and gotchas, see **[CLAUDE.md](./CLAUDE.md)**.
## Stack
- **Backend:** Fastify 5 · Prisma 6 → MySQL · Zod 4 · JWT (HS256) + TOTP 2FA
- **Frontend:** React 18 · Vite · Material UI v7 (Emotion) · TanStack Query — an
SPA in `src/admin/`, served by the same Fastify process (Vite middleware in
dev, static files in prod)
- **Other:** Puppeteer (PDF) · nodemailer · node-cron · `@anthropic-ai/sdk` (the
admins-only "Odin" assistant)
## Prerequisites
- Node.js (LTS) and a MySQL database
- Copy `.env.example``.env` and fill in the **required** vars (`DATABASE_URL`,
`JWT_SECRET`, `TOTP_ENCRYPTION_KEY` — generate the keys with `openssl rand -hex 32`)
## Setup
```bash
npm install
npx prisma generate
npx prisma migrate dev # apply migrations to your dev DB
npx prisma db seed # optional: dev-only sample data (NEVER on prod)
```
## Develop
```bash
npm run dev:server # API (tsx watch) on http://127.0.0.1:3050
npm run dev:client # Vite dev server (manage separately)
```
## Build & run
```bash
npm run build # tsc server → dist/ + vite client → dist-client/
npm start # node dist/server.js
```
## Test
```bash
npm test # vitest run — hits a real test DB (.env.test); no Prisma mocks
```
## Quality gates
Before committing, all of these must pass:
```bash
npx tsc -b --noEmit # typecheck (NOT `tsc -p tsconfig.json`)
npm run build
npx vitest run
npm run lint # ESLint (incl. react-hooks) — see eslint.config.js
```
## Database migrations
Every schema/data change is a tracked Prisma migration — **never** `prisma db push`
or raw SQL on production. Stop the dev server before running `prisma migrate dev`.
See CLAUDE.md → _Database Migrations_ for the full workflow and the production
deploy/hotfix process.
## License
ISC