Doc Review#8
Open
xizuo123 wants to merge 3 commits into
Open
Conversation
|
@xizuo123 is attempting to deploy a commit to the Michael's projects team on Vercel, but is not a member of this team. To resolve this issue, you can:
To read more about collaboration on Vercel, click here. |
There was a problem hiding this comment.
Pull request overview
This PR restructures the hackathon MVP documentation set so the top-level docs are the canonical source of truth (Next.js App Router + Supabase + unversioned /api/* Route Handlers), and demotes blueprint docs to future/reference material.
Changes:
- Rewrites the canonical MVP docs to align on Supabase (
profiles.role), shortlist-row–keyed portal feedback, and explicit route/API contracts. - Simplifies the implementation plan into lanes/gates/cut-lines tied to the core demo loop.
- Adds a docs index and annotates blueprint documents as non-canonical for the MVP.
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/TECH-SPEC.md | Establishes canonical MVP direction, stack, architecture, and API rules. |
| docs/ROUTE-MAP.md | Defines canonical route tree, middleware responsibilities, and protection matrix. |
| docs/README.md | Adds docs index and highlights canonical MVP documents vs blueprint reference. |
| docs/PRD.md | Aligns PRD language with structured feedback states and canonical MVP constraints. |
| docs/IMPLEMENTATION-PLAN.md | Replaces detailed hour-by-hour tasks with lanes, gates, risks, and cut lines. |
| docs/DATA-MODEL.md | Updates schema/RLS contract, separates share vs feedback lifecycle, and clarifies seed requirements. |
| docs/COMPONENT-TREE.md | Updates MVP UI/component plan and shared types to match the new API/data model. |
| docs/API-SPEC.md | Defines unversioned Route Handler API contract, portal-safe detail endpoints, and feedback semantics. |
| docs/blueprint/10-hackathon-mvp-spec.md | Collapses blueprint MVP spec into a non-canonical summary pointing to top-level docs. |
| docs/blueprint/09-ui-ux-and-user-flows.md | Marks as future/platform reference; points MVP to canonical docs. |
| docs/blueprint/08-feature-specifications.md | Marks as future/platform reference; points MVP to canonical docs. |
| docs/blueprint/07-api-design-and-database-schema.md | Marks as future/platform reference; de-scopes /api/v1/JWT/etc for MVP. |
| docs/blueprint/06-data-architecture-and-integration.md | Marks as future/platform reference; de-scopes live ingestion/maps/etc for MVP. |
| docs/blueprint/05-system-architecture.md | Marks as future/platform reference; de-scopes multi-service architecture for MVP. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+10
to
+13
| ## 1. API Rules | ||
|
|
||
| - All data endpoints return JSON. | ||
| - Auth endpoints are handled by Supabase Auth SDK from UI/server helpers, not custom `/api/auth/*` endpoints. |
Comment on lines
+99
to
+105
| `src/middleware.ts` handles: | ||
|
|
||
| 1. **Session refresh** via `@supabase/ssr` `updateSession()` on every request. | ||
| 2. **Role-based redirect** by querying the `profiles` table: | ||
| ```ts | ||
| const { data: profile } = await supabase | ||
| .from('profiles') | ||
| .select('role') | ||
| .eq('id', session.user.id) | ||
| .single(); | ||
| ``` | ||
| 3. For `(dashboard)` routes: if `profile.role !== 'agent'`, redirect to `/login`. | ||
| 4. For `(portal)` routes (excluding `/portal/login`): if not authenticated or `profile.role !== 'client'`, redirect to `/portal/login`. | ||
| 5. For `/login` and `/signup`: if already authenticated, redirect to `/dashboard` (agent) or `/portal` (client). | ||
| 6. For `/api/*` routes: return `401 JSON` if no valid session. | ||
| 1. Supabase session refresh. | ||
| 2. Public access to `/`, `/login`, `/signup`, and `/portal/login`. | ||
| 3. Agent-only access to dashboard routes. | ||
| 4. Client-only access to `/portal` and `/portal/*`. | ||
| 5. Session requirement for `/api/*`; role checks remain inside Route Handlers. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.