This file is primarily a historical cleanup and implementation roadmap.
It still provides useful context, but it should not be treated as the current source of truth for product behavior, auth flows, or schema authority.
For current reality, use:
README.mdPROJECT_ARCHITECTURE.mdCURRENT_STATE.mdSCHEMA_OR_DATA_MODEL.md
This file breaks the recommended cleanup work into small, low-risk phases.
The goal is to improve structure, consistency, and maintainability while keeping the codebase lightweight and avoiding unnecessary architecture.
- Prefer small batches of change.
- Keep the app lightweight.
- Avoid broad refactors until schema and data-flow risks are understood.
- Update docs when architecture assumptions change.
- Verify auth, RSVP, bookings, and recovery after meaningful changes.
Remove misleading project metadata and stale setup guidance.
- Update
README.mdso it describes the actual app, not AI Studio/Gemini scaffolding. - Update
index.htmltitle to match the real product. - Update
package.jsonmetadata so the project name is no longerreact-example. - Clarify
.env.exampleso required env vars are separated from legacy or unused ones. - Ensure
PROJECT_ARCHITECTURE.mdstays aligned with the codebase.
- Reduces confusion for future contributors and AI tools.
- Prevents incorrect setup assumptions.
- Makes deployment and onboarding simpler.
- README setup steps match actual runtime requirements.
- No docs claim Airtable is used.
- No docs imply Gemini is required for current app behavior.
Document and reconcile the difference between the checked-in SQL schema and the frontend expectations.
- Review
supabase_schema.sqlagainst:src/services/guestService.tssrc/pages/EventDetail.tsxsrc/types.ts
- Confirm whether these structures exist in the real database:
attendee_profilesattendee_sessionsevent_attendees.attendee_profile_id
- Decide whether to:
- update
supabase_schema.sql, or - add new migration files, or
- explicitly document that the checked-in SQL is incomplete
- update
- Document the real expected data model in repo docs.
- This is the highest-risk mismatch in the repo.
- Future refactors will be unsafe until schema assumptions are explicit.
- The schema docs match the fields and tables used in the app.
- Contributors can understand guest identity without reading the whole codebase.
Reduce page complexity without introducing heavy architecture.
- Keep
src/pages/for screens only. - Introduce or normalize a small shared structure such as:
src/services/src/lib/src/types/
- Move pure reusable logic out of page components:
- attendee grouping
- event count calculations
- waitlist display helpers
- share-link text generation
- date/format helpers
- Keep page components focused on:
- rendering
- local UI state
- event handlers that call shared helpers/services
src/pages/EventDetail.tsxsrc/pages/HostDashboard.tsxsrc/pages/Home.tsxsrc/pages/Bookings.tsx
- Reduces cognitive load.
- Makes future edits safer.
- Keeps the app simple while improving organization.
- Page files become shorter and easier to scan.
- Shared logic lives in obvious, reusable places.
- No new heavy abstractions are introduced.
Reduce the risk of inconsistent attendee state.
- Inventory all places that create, update, cancel, or promote RSVPs.
- Compare client-side behavior with:
handle_attendee_cancellation()handle_attendee_deletion()rsvp_to_event(...)
- Decide which layer should be the source of truth:
- client-side writes, or
- SQL/RPC-driven business logic
- Document the decision in
PROJECT_ARCHITECTURE.mdand/orAI_DEV_RULES.md. - Minimize duplicate business logic paths.
- This is the most fragile behavior in the app.
- Concurrency and ordering bugs are most likely here.
- RSVP behavior is defined in one clear way.
- Waitlist promotion logic is not duplicated unpredictably.
- Event capacity handling is consistent across flows.
Make event visibility behavior explicit and trustworthy.
- Review all event-listing and event-detail queries for
is_publicintent. - Confirm whether private events should ever appear in:
Calendar.tsx- public event browsing
- shared links
- Add documentation for public/private expectations.
- Align RLS assumptions with UI behavior.
- The UI implies a public/private distinction.
- Current public listing behavior appears incomplete.
- Public pages only show what should be public.
- Event visibility behavior is documented clearly.
Improve confidence in identity flows without building a full backend.
- Review how signed-in users and guest users are merged through attendee profiles.
- Document exact behavior of:
- login
- guest RSVP
- guest recovery
- post-login profile sync
- Review
Login.tsxredirect behavior for cleanliness and predictability. - Review guest recovery flow for production-readiness gaps.
- Decide whether recovery remains demo-only for now or should be upgraded later.
- Guest bookings are a key part of the product.
- Identity bugs are hard to notice and easy to create.
- Auth routes still behave correctly.
- Guest users can still recover and view bookings.
- Signed-in users still connect to prior attendee identity where expected.
Trim noise while keeping the project simple.
- Confirm whether these dependencies are truly unused:
expressdotenv@google/genaidate-fns
- Remove unused packages only after verification.
- Make
npm run cleancross-platform if needed. - Keep scripts minimal and accurate.
- Reduces install noise.
- Makes the repo easier to understand.
- Helps future AI/code tools infer the architecture correctly.
- Remaining dependencies are actually used or intentionally retained.
- Scripts work in the expected developer environment.
- Phase 0
- Phase 1
- Phase 2
- Phase 4
- Phase 5
- Phase 6
- Phase 3
Note:
Phase 3 is the highest-risk behavior area, but it is safer to do after docs, schema understanding, and small structural cleanup improve visibility.
If you want to keep each implementation pass tiny, use these batches:
- README cleanup
- package metadata cleanup
- title cleanup
- env docs cleanup
- schema/documentation alignment only
- extract pure helpers from one page only
- extract shared event/attendee query helpers
- public/private event visibility cleanup
- RSVP/waitlist consistency pass
After any substantial code changes, manually verify:
- App boots with valid Supabase env vars.
- Signed-out home page still loads.
- Login with email still works.
- Google login still works if configured.
- Event creation still works.
- Event editing still works.
- Public calendar still loads.
- Public event detail page still loads.
- RSVP works for signed-in users.
- RSVP works for guests.
- Waitlist behavior still works when event is full.
- Cancellation still updates attendee state.
- Host dashboard still updates attendee lists.
- Guest bookings still load from stored session.
- Recovery link flow still restores bookings access.
- Do not introduce a backend server just to tidy structure.
- Do not add a heavy state-management library unless real complexity demands it.
- Do not build a large component system before business logic is stabilized.
- Do not do a broad rename/reorg and logic rewrite in the same pass.
- Do not treat the current SQL file as unquestionably complete.
This cleanup effort is in a good place when:
- the docs describe the real app accurately
- schema expectations are explicit
- pages are easier to read
- reusable logic is not scattered
- public/private behavior is clear
- guest identity flow is understandable
- the app remains lightweight and easy to change
This is the current implementation status against Phases 0-6.
Status: DONE
README.mdnow reflects the real React/Supabase app.index.htmltitle is nowI'm In.package.jsonproject name isim-in..env.exampleis cleaned and aligned to current runtime needs.PROJECT_ARCHITECTURE.mdis maintained and updated.
Status: DONE (with explicit snapshot caveat)
SCHEMA_ALIGNMENT.mddocuments live-vs-snapshot differences.supabase_guest_identity_migration.sqlandsupabase_reconcile_live_schema.sqlwere added for bootstrap/reconciliation paths.- Core guest identity contract is documented (
attendee_profiles,attendee_sessions,event_attendees.attendee_profile_id). supabase_schema.sqlis intentionally treated as a stale snapshot and documented as such.
Status: DONE
- Shared logic extracted into
src/lib/:attendees.tsbookings.tsevents.tsrsvp.ts
- Pages now delegate reusable computation to shared helpers (Home, Calendar, Bookings, EventDetail, HostDashboard, CreateEvent).
- No heavy architecture/state-management additions were introduced.
Status: PARTIAL
Completed:
- RSVP/waitlist helpers were centralized for key client-side decisions.
- Critical actions now use DB RPCs in
EventDetail.tsx:cancel_attendee_with_promotion(...)add_proxy_attendee(...)
- Source-of-truth decision and risks are documented in
PROJECT_ARCHITECTURE.mdandAI_DEV_RULES.md.
Remaining:
- RSVP authority is still mixed (client + SQL/RPC), not yet fully unified under one path.
- Full de-duplication of business logic across all RSVP entry points is still pending by design.
Status: DONE
- Public calendar query now filters
is_public = true. - Public/private "unlisted private link" contract is documented in
README.md,PROJECT_ARCHITECTURE.md, andAI_DEV_RULES.md.
Status: PARTIAL
Completed:
- Auth/profile sync behavior is documented and stabilized.
Login.tsxredirect behavior was cleaned up.- Guest session handling was tightened in
guestService(getStoredGuestSession, typed flows). - Recovery and booking flows are clearer and more robust than baseline.
Remaining:
- Recovery delivery remains demo-grade (no production mailer integration yet).
- Production-grade token lifecycle/hardening is still a future upgrade.
Status: DONE
- Removed unused packages:
expressdotenv@google/genaidate-fns- plus related unused typing/runtime tooling (
@types/express,tsx)
- Made
npm run cleancross-platform. - Kept scripts minimal and valid.
- Type-check passes (
npm run lint).
- Decide whether to fully unify RSVP/write authority under SQL/RPC or keep mixed mode long-term.
- If desired, implement production-grade recovery email/token delivery.
- Run the
RELEASE_CHECKLIST.mdpass before next deployment.