# TimeTracker Project Rules (v2)

1. ARCHITECTURE
- Multi-tenancy enforced via company_id in all DB queries
- FPGO/FPTS patterns required for service layer implementations

2. CODING PRACTICES
- Type safety enforced (Go 1.21+ generics, TypeScript strict mode)
- Domain types must match across backend (Go) and frontend (TypeScript)
- All database access through repository interfaces
- API handlers must use DTOs for input/output
- Use tygo to generate TypeScript types after modifying Go types

3. SECURITY
- JWT authentication required for all API endpoints
- RBAC implemented in middleware/auth.go
- Input validation using github.com/go-playground/validator
- No raw SQL - use GORM query builder

4. DOCUMENTATION
- Swagger docs updated with all API changes
- Architecture decisions recorded in docu/ARCHITECTURE.md
- Type relationships documented in docu/domain_types.md

5. TESTING
- 80%+ test coverage for domain logic
- Integration tests for API endpoints
- Model tests in backend/cmd/modeltest

6. FRONTEND
- Next.js App Router pattern required
- Server components for data fetching
- Client components must use TanStack Query
- UI state management via Zustand


8. DEVELOPMENT WORKFLOW
- Makefile commands are only available in the backend folder
- Common make commands:
  - make generate: Run code generation (tygo, swagger, etc.)
  - make test: Run all tests
  - make build: Build the application

9. CUSTOM RULES
- Add custom rules to .clinerules if:
  - Unexpected behavior is encountered
  - Specific conditions require warnings
  - New patterns emerge that need documentation
  - make run: Start the development server