v6.0.0 - Refactor project structure and update configurations

.dockerignore

@@ -0,0 +1,12 @@
+node_modules
+dist
+.vite
+.git
+.gitignore
+coverage
+test-results
+playwright-report
+*.log
+.env
+.env.*
+!.env.example

.env.example

@@ -1,16 +1,16 @@
-# Monynha Softwares - Environment Variables
-# Copy this file to .env.local and fill in your actual values
+# Public environment variables (accessible in client-side code)
+VITE_SUPABASE_URL=https://your-project.supabase.co
+VITE_SUPABASE_ANON_KEY=your_supabase_anon_key_here
 
-# Resend API Key for email delivery
-# Get your API key from: https://resend.com/api-keys
-RESEND_API_KEY=re_your_api_key_here
-
-# Site URL (used for sitemap generation)
-SITE_URL=https://monynha.com
-VITE_SITE_URL=https://monynha.com
-
-# Server Port (optional, defaults to 8080)
-# PORT=8080
-
-# Node Environment (set to 'production' in Docker)
-# NODE_ENV=production
+# ⚠️ IMPORTANT: API keys are now stored in Supabase Edge Function secrets, NOT here!
+# 
+# Configure these secrets in Supabase Dashboard:
+# Dashboard → Project Settings → Edge Functions → Secrets
+#
+# Required secrets:
+# - GEMINI_API_KEY: Get from https://aistudio.google.com/apikey
+# - RESEND_API_KEY: Get from https://resend.com/api-keys
+# - RESEND_FROM_EMAIL: Verified sender email (e.g., hello@monynha.com)
+# - MONYNHA_INTERNAL_EMAIL: Internal team notification email
+#
+# DO NOT add these keys to this .env file - they belong in Supabase backend!

.github/workflows/ci.yml

@@ -0,0 +1,103 @@
+name: CI Pipeline
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+
+env:
+  PNPM_VERSION: "10.23.0"
+
+jobs:
+  ci:
+    name: CI - Lint, Test & Build
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v2
+        with:
+          version: ${{ env.PNPM_VERSION }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20.x
+          cache: 'pnpm'
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run type checking & linting
+        run: pnpm lint
+
+      - name: Run unit tests
+        run: pnpm test:run
+        env:
+          VITE_SUPABASE_URL: ${{ vars.VITE_SUPABASE_URL }}
+          VITE_SUPABASE_ANON_KEY: ${{ vars.VITE_SUPABASE_ANON_KEY }}
+
+      - name: Build application
+        run: pnpm build
+        env:
+          VITE_SUPABASE_URL: ${{ vars.VITE_SUPABASE_URL }}
+          VITE_SUPABASE_ANON_KEY: ${{ vars.VITE_SUPABASE_ANON_KEY }}
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+          retention-days: 7
+
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+    continue-on-error: true
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.32.0
+        continue-on-error: true
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+          exit-code: '0'
+          ignore-unfixed: true
+
+      - name: Check if SARIF file exists
+        id: check_sarif
+        run: |
+          if [ -f "trivy-results.sarif" ]; then
+            echo "sarif_exists=true" >> $GITHUB_OUTPUT
+            echo "✅ Trivy scan completed"
+          else
+            echo "sarif_exists=false" >> $GITHUB_OUTPUT
+            echo "⚠️  Trivy scan did not produce results"
+          fi
+
+      - name: Upload Trivy results to GitHub Security
+        uses: github/codeql-action/upload-sarif@v4
+        if: steps.check_sarif.outputs.sarif_exists == 'true'
+        continue-on-error: true
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+      - name: Display scan summary
+        if: always()
+        run: |
+          echo "🔒 Security scan completed"
+          echo "Note: GitHub Advanced Security must be enabled to view detailed results"

.gitignore

@@ -1,7 +1,30 @@
-.env
-.env.local
-node_modules/
-dist/
-build/
-coverage/
-.playwright-mcp/
+# Outros
+.cache/
+.next/
+.playwright-test/
+.playwright-mcp/
+*.png
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?

AI_RULES.md

@@ -1,26 +1,67 @@
-# AI Editor Rules and Project Guidelines
-
-This document outlines the core technical stack and specific rules for development and modification within the Monynha Softwares codebase. These guidelines ensure consistency, maintainability, and adherence to the project's aesthetic and performance standards.
-
-## Core Tech Stack
-
-1.  **Frontend:** React (v19) with TypeScript.
-2.  **Build Tool:** Vite.
-3.  **Styling:** Tailwind CSS, utilizing the custom brand color palette defined in `index.html` (`brand-black`, `brand-violet`, `brand-blue`, `brand-teal`).
-4.  **Animation:** Framer Motion is used for all component transitions, gestures, and complex visual effects.
-5.  **Routing:** Custom state-based routing managed in `App.tsx` (using the `Page` type and `setPage` handler). **Do not introduce React Router.**
-6.  **Icons:** Lucide React is the preferred library for all vector icons.
-7.  **UI Components:** Components should be built using Tailwind CSS, prioritizing the use of available shadcn/ui components as a foundation when applicable.
-8.  **API/Serverless:** Simple Node.js handlers in the `api/` directory are used for server-side logic (e.g., contact form submission).
-9.  **Code Structure:** Components reside in `src/components/` and views/pages in `src/views/`.
-
-## Library Usage Rules
-
-| Feature | Recommended Library / Tool | Specific Rule |
-| :--- | :--- | :--- |
-| **Animations** | `framer-motion` | Mandatory for all non-trivial animations and page transitions. |
-| **Styling** | Tailwind CSS | Use utility classes exclusively. Maintain the "brutalist-futuristic" aesthetic (e.g., thick borders, high contrast, custom fonts). |
-| **Icons** | `lucide-react` | Use this library for all vector icons. |
-| **Standard UI** | shadcn/ui | Use pre-built components as a foundation, customizing them with Tailwind classes to match the brand aesthetic. |
-| **API Calls** | Native `fetch` | Use native `fetch` for all asynchronous data operations. |
-| **Contact Forms** | `api/contact.js` pattern | All contact/email submissions must route through the existing API handler structure, respecting the `RESEND_API_KEY` environment variable. |
+# Regras de IA e Desenvolvimento
+
+Este arquivo documenta as convenções atuais do projeto baseadas no código deste repositório.
+
+## Stack principal
+
+- React 19
+- TypeScript
+- Vite 6
+- Tailwind CSS v4 via `src/styles/index.css`
+- Supabase client + Supabase Edge Functions
+
+## Convenções de UI
+
+- A navegação é baseada em estado via `AppState` em `src/App.tsx`.
+- Não há router; evite introduzir um sem decisão de produto intencional.
+- Estilos globais e tokens de design estão em `src/styles/index.css` sob `@theme`.
+- Mantenha componentes de marca (`IntroScene`, `FairyCursor`, transições do wizard) a menos que haja decisão de produto para removê-los.
+
+## Dados e serviços
+
+- Os tipos `LeadData` e `DiagnosisResult` em `src/types/index.ts` são a fonte da verdade para payloads do app.
+- O frontend não chama Gemini ou Resend diretamente.
+- Operações sensíveis passam pelas Edge Functions:
+  - `generate-diagnosis`
+  - `send-diagnostic-email`
+  - `send-contact-confirmation`
+  - `company-search`
+
+## Ambiente e secrets
+
+- Variáveis de ambiente do frontend:
+  - `VITE_SUPABASE_URL`
+  - `VITE_SUPABASE_ANON_KEY`
+- Secrets do backend (Supabase Edge Function secrets):
+  - `GEMINI_API_KEY`
+  - `RESEND_API_KEY`
+  - `RESEND_FROM_EMAIL`
+  - `MONYNHA_INTERNAL_EMAIL`
+
+## Regras de qualidade de código
+
+- Use tipos TypeScript estritos.
+- Prefira funções da camada de serviço em vez de chamar Supabase diretamente nos componentes.
+- Mantenha o tratamento de erros assíncronos explícito (`try/catch`) em serviços e fluxos assíncronos.
+- Mantenha o comportamento de validação do wizard estável a menos que os requisitos mudem.
+- Mensagens de erro voltadas ao usuário devem seguir a voz da marca: português do Brasil, direta, com personalidade.
+
+## Regras de testes
+
+- Testes unitários ficam em `tests/unit/`.
+- Specs E2E ficam em `tests/e2e/`.
+- `pnpm ci` é o equivalente local das verificações principais de CI (`lint`, `test:run`, `build`).
+
+## Regra de documentação
+
+Quando a implementação mudar, atualize os docs na mesma mudança:
+
+- `README.md`
+- `ARCHITECTURE.md`
+- `docs/EDGE_FUNCTIONS.md`
+- `docs/ENVIRONMENT_SETUP.md`
+- `docs/SUPABASE_SETUP.md`
+- `docs/SUPABASE_IMPLEMENTATION.md`
+- `docs/TESTING.md`
+- `CI_CD_SUMMARY.md`
+