# TimeTracker Project Rules (v2)
0. GENERAL
DONT OVERENGINEER.
USE IN LINE REPLACEMENTS IF POSSIBLE.
SOLVE TASKS AS FAST AS POSSIBLE. EACH REQUEST COSTS THE USER MONEY.
1. ARCHITECTURE
- Multi-tenancy enforced via company_id in all DB queries
2. CODING PRACTICES
- Type safety enforced (Go 1.21+ generics, TypeScript strict mode)
- Domain types must match across backend (Go) and frontend (TypeScript)
- All database access through repository interfaces
- API handlers must use DTOs for input/output
- Use tygo to generate TypeScript types after modifying Go types
3. SECURITY
- JWT authentication required for all API endpoints
- RBAC implemented in middleware/auth.go
- Input validation using github.com/go-playground/validator
- No raw SQL - use GORM query builder
4. DOCUMENTATION
- Architecture decisions recorded in docu/ARCHITECTURE.md
- Type relationships documented in docu/domain_types.md
5. TESTING
- 80%+ test coverage for domain logic
- Integration tests for API endpoints
- Model tests in backend/cmd/modeltest
6. FRONTEND
- Next.js App Router pattern required
8. DEVELOPMENT WORKFLOW
- Makefile commands are only available in the backend folder
- Common make commands:
  - make generate: Run code generation (tygo, swagger, etc.)
  - make test: Run all tests
  - make build: Build the application
  - make run: Start the development server
9. CUSTOM RULES
- Add custom rules to .clinerules if:
  - Unexpected behavior is encountered
  - Specific conditions require warnings
  - New patterns emerge that need documentation