# Lattice Sample Project Guide

This is a representative Project Builder output for a multi-tenant scheduling SaaS. Every paid build is generated from the customer's own product brief and selected stack.

## Product Goal

Launch a scheduling SaaS for mobile service teams. Customers should manage availability, accept online bookings, send reminders, retain recurring clients, and charge monthly subscriptions.

## Users

- Business owner: configures services, staff, availability, billing, and reporting.
- Staff member: views assigned bookings and updates appointment status.
- Customer: books, reschedules, and cancels appointments.

## Locked Stack

- Next.js 16 App Router with React 19 and TypeScript strict mode
- Supabase Auth and PostgreSQL with tenant-scoped Row Level Security
- Stripe Checkout, Billing Portal, and signed webhook reconciliation
- Resend for transactional email
- Jest and React Testing Library
- Vercel deployment with CI quality gates

## Non-Negotiable Guardrails

1. Never expose service-role credentials to browser code.
2. Verify Stripe webhook signatures before processing events.
3. Keep subscription state idempotent and recoverable from Stripe.
4. Enforce tenant ownership in database policies, not only UI checks.
5. Run lint, typecheck, tests, and the production build before release.

## Milestone 1: Trusted Foundation

- Create authentication and tenant membership boundaries.
- Add organization, staff, services, availability, and booking tables.
- Write and test Row Level Security policies.
- Add Stripe customer and subscription reconciliation.

## Milestone 2: Booking Workflow

- Build public availability search.
- Prevent overlapping bookings with a database constraint.
- Add confirmation, reminder, reschedule, and cancellation flows.
- Record an audit trail for appointment status changes.

## Milestone 3: Operations

- Add owner and staff dashboards.
- Add booking, utilization, and revenue reporting.
- Add error monitoring and structured analytics events.
- Verify mobile layouts and keyboard accessibility.

## Generated Agent Contract

The generated `AGENTS.md`, Cursor rules, Claude rules and skills, Copilot instructions, and Codex rules all reference this guide as the product source of truth. Agents must verify current dependency versions before adding APIs or packages and must preserve tenant and billing invariants.

## Release Contract

```bash
npm run lint
npm run typecheck
npm test
npm run build
npm run verify
```

The generated setup command applies the guide, assistant rules, CI workflow, environment template, and supported scaffold files to the new repository.
