Project Workflows
Official project procedures. See CONTRIBUTING.md for full details.
0. Context & Architecture (CRITICAL)
Before starting complex tasks, read: docs/architecture/ai_context.md
It explains:
- •Split Brain Logic (SQL vs Dart).
- •Directory Structure (Where features live).
- •Key Patterns (Permissions, Navigation).
1. Security Workflow (RPCs)
When writing PostgreSQL functions (database/functions/):
- •Search Path: ALWAYS use
SET search_path = public, eshop, extensions. - •Permissions: ALWAYS check permissions (e.g.
check_is_admin...). - •References: Do not assume RLS protects
SECURITY DEFINERfunctions.
2. Testing Workflow
Run All Tests (Recommended)
Runs both Web Client and Database tests.
./automation/test_all.sh
Run Database Tests Only
Use when modifying SQL functions or migrations.
# All DB tests node web_client/scripts/run_db_tests.js # Specific file node web_client/scripts/run_db_tests.js database/tests/path/to/test.sql
Run Integration Tests
System-level tests (requires Supabase connection).
node tests/integration/bank_import.js --existing-token "..."
2.5 Database Deployment via MCP
To deploy/update SQL functions remotely:
- •Identify:
mcp_supabase-mcp-server_list_projectsto get theproject_id. - •Read:
view_filethe local SQL file. - •Execute:
mcp_supabase-mcp-server_execute_sqlwith theproject_idandquery(file content).
2.6 Deno Edge Function Deployment via MCP
To deploy/update Edge Functions:
- •Upload:
mcp_supabase-mcp-server_deploy_edge_function.- •
files: Read content ofindex.ts,deno.jsonetc. first.
- •
- •Note: Always
list_dirandview_fileto get the latest content.
3. Flutter Workflow
Code Generation (Build Runner)
Run this after modifying Models, Routes, or Services (Refit):
fvm dart run build_runner build --delete-conflicting-outputs
4. Commit Workflow
Before committing, run this checklist:
- •Configuration Check:
./automation/apply_config.sh(Ensures version/theme sync). - •Cleanup: Remove
analysis.txt,test_results.txt,temp_*.sql. - •Verify:
- •Run
./automation/test_all.sh(Web + DB + Integration). - •Run
fvm flutter analyze.
- •Run
- •Sync Translations:
- •
node web_client/scripts/unify_translations.js(Flutter <-> Web) - •
node web_client/scripts/reorder_cs_like_en.js(CS Structure)
- •
- •Security Check:
- •Scan for Secrets: Ensure no API keys, tokens, or passwords are in the staged files.
- •Check .env: Confirm
.envfiles are ignored and not being committed.
- •Stage Only (NEVER COMMIT):
- •
git add . - •STOP. Do not run
git commit. The user will perform the commit.
- •
5. Codebase Cleanup Workflow
Run this checklist when performing a codebase-wide cleanup (e.g. comments, logs).
Checklist Structure
Ensure you sweep these areas:
- •Documentation & Config:
.gitignore,README.md,project.conf. - •Database: Functions, Tables, Tests, Migrations.
- •Flutter: Components, Services, Models.
- •Web Client: Components, Scripts, Tests.
- •Automation: Scripts (TS/JS).
What to Look For
- •Conversational Comments: Remove "I think", "maybe", "check this", "TODO".
- •Redundant Comments: Remove comments that blindly state the code (e.g.
// returns trueabovereturn true;). - •Debugging Artifacts: Remove
console.log,print(), commented-out code blocks.
Systematic Audit Strategy
For complex cross-cutting concerns (leaks, API changes):
- •Identify: Run a search (e.g.,
grep) to find all candidate files. - •List: Create a comprehensive checklist in your
task.mdartifact. - •Iterate: Go through the list one by one. Do not skip.
- •Verify: Check off items only after verification.
6. Secret Management
- •Local: Keys in
.env.local(NOT committed). - •Web Client: Public keys in
web_client/src/app_config.js. - •Database:
DATABASE_URLrequired for test runner.
Rule: Never commit changes automatically. Always leave them staged for the user.