Files
app/README.md
BOHA b4f859ea6e docs: codify audit rules in CLAUDE.md + README + audit records
CLAUDE.md: new "2026-06-09 audit" enforced-rules section (mandatory coercion
helpers, deterministic id-tiebreak ordering, $queryRaw FOR-UPDATE locking
discipline, uniqueness-in-transaction, guard reads, Rules-of-Hooks, seed prod
guard), lint/typecheck/format commands, and the app_test/.env.test testing
section with the hard-throw guard.

README rewritten from the placeholder stub (setup/run/build/test/gates/migrations).

REVIEW.md / REVIEW_FINDINGS.md / REVIEW_FIXES.md: the full audit record — 277
files reviewed, ~362 findings, every one fixed and verified.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-09 06:45:37 +02:00

2.1 KiB

boha-app-ts

Internal business-management system for a Czech company (attendance, invoicing, leave/trips, projects, vehicles, warehouse, HR) — a TypeScript/Node.js rewrite of the legacy PHP app. User-facing text is Czech by design.

For full architecture, conventions, and gotchas, see CLAUDE.md.

Stack

  • Backend: Fastify 5 · Prisma 6 → MySQL · Zod 4 · JWT (HS256) + TOTP 2FA
  • Frontend: React 18 · Vite · Material UI v7 (Emotion) · TanStack Query — an SPA in src/admin/, served by the same Fastify process (Vite middleware in dev, static files in prod)
  • Other: Puppeteer (PDF) · nodemailer · node-cron · @anthropic-ai/sdk (the admins-only "Odin" assistant)

Prerequisites

  • Node.js (LTS) and a MySQL database
  • Copy .env.example.env and fill in the required vars (DATABASE_URL, JWT_SECRET, TOTP_ENCRYPTION_KEY — generate the keys with openssl rand -hex 32)

Setup

npm install
npx prisma generate
npx prisma migrate dev      # apply migrations to your dev DB
npx prisma db seed          # optional: dev-only sample data (NEVER on prod)

Develop

npm run dev:server   # API (tsx watch) on http://127.0.0.1:3050
npm run dev:client   # Vite dev server (manage separately)

Build & run

npm run build        # tsc server → dist/  +  vite client → dist-client/
npm start            # node dist/server.js

Test

npm test             # vitest run — hits a real test DB (.env.test); no Prisma mocks

Quality gates

Before committing, all of these must pass:

npx tsc -b --noEmit  # typecheck (NOT `tsc -p tsconfig.json`)
npm run build
npx vitest run
npm run lint         # ESLint (incl. react-hooks) — see eslint.config.js

Database migrations

Every schema/data change is a tracked Prisma migration — never prisma db push or raw SQL on production. Stop the dev server before running prisma migrate dev. See CLAUDE.md → Database Migrations for the full workflow and the production deploy/hotfix process.

License

ISC