From 1f8cf741886d1ed3be74712e0083cb78c4b93551 Mon Sep 17 00:00:00 2001
From: Mannu <manohar6839@gmail.com>
Date: Sun, 10 May 2026 23:42:16 +0530
Subject: [PATCH] Update CLAUDE.md with auth and admin info

---
 CLAUDE.md | 87 ++++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 60 insertions(+), 27 deletions(-)

diff --git a/CLAUDE.md b/CLAUDE.md
index 435a951..40e6b34 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -27,7 +27,7 @@ docker-compose -f docker-compose.dev.yml up -d    # Start local Postgres
 
 - **Framework:** Next.js 16 with App Router (src/app/)
 - **Database:** PostgreSQL 16 with pgvector + Drizzle ORM
-- **Auth:** NextAuth v5 (beta) with magic links
+- **Auth:** Database sessions with httpOnly cookies
 - **AI:** LiteLLM gateway → MiniMax model (minimax-2.7)
 - **Storage:** Cloudflare R2 for media uploads
 - **Styling:** Tailwind CSS v4
@@ -46,9 +46,11 @@ src/
 │   ├── menu/             # Navigation menu
 │   ├── onboarding/      # First-time setup
 │   ├── settings/          # Settings with theme picker
-│   └── login/            # Magic link login
+│   ├── login/            # User login (magic)
+│   ├── admin/            # Admin panel
+│   └── admin-login/       # Admin login (separate)
 ├── ThemeProvider.tsx       # Theme context (light/dark/system/time)
-├── ThemeProvider
+├── FamilyProvider.tsx      # Family/child context (resolves from session)
 drizzle/                  # Database migrations
 docs/                     # Design docs
 ```
@@ -62,8 +64,9 @@ docs/                     # Design docs
 ### Data Models
 
 - **Family:** Parent account container
-- **Members:** Adults in family (mom, dad, etc.)
+- **Members:** Adults in family (mom, dad, etc.) via `family_members`
 - **Children:** Baby profiles with birth date
+- **Sessions:** Login sessions with httpOnly cookies
 - **Logs:** Feed, sleep, diaper entries with timestamps
 - **Vaccinations:** IAP schedule tracking
 - **Growth:** Weight/height over time
@@ -80,6 +83,16 @@ const { theme, toggle, setMode } = useTheme();
 // mode: "light" | "dark" | "system" | "time"
 ```
 
+**FamilyProvider:** Resolves family from database session on login.
+
+```typescript
+import { useFamily } from "./FamilyProvider";
+const { familyId, child, children, tier } = useFamily();
+// familyId: string | null (from session)
+// child: Child | null
+// tier: "free" | "pro"
+```
+
 **Offline Queue:** Uses localStorage (`tia_offline_queue`) for failed API calls, retries when online.
 
 **Chat Sessions:** Stored in localStorage (`tia_chat_sessions`) - shared between home page AI card and /ai page.
@@ -92,6 +105,48 @@ const { theme, toggle, setMode } = useTheme();
 - Model: `minimax-2.7`
 - See `/docs/debugging.md` for troubleshooting
 
+## Authentication (Database Sessions)
+
+### Session Flow
+
+1. User logs in at `/login` with email
+2. API `/api/auth/signin` creates session in `sessions` table
+3. Session token stored in **httpOnly cookie** (NOT localStorage!)
+4. On each request, session resolved from database via cookie
+
+### Tables Used
+
+- **users:** User accounts (email, name)
+- **families:** Family accounts (name, tier, limits)
+- **family_members:** Links users to families (user_id, family_id, role)
+- **children:** Child profiles (name, birth_date, family_id)
+- **sessions:** Login sessions (session_token, user_id, expires)
+
+### NEVER use localStorage for:
+- authentication tokens
+- family_id after login
+- Any data that should persist across devices
+
+### localStorage Acceptable For:
+- Theme preference (user-specific display only)
+- Temporary cache (offline queue for retry)
+- Chat sessions (upcoming feature: move to database)
+
+## Admin Panel
+
+Access at: `/admin-login` (username: `admin`, password: `admin123`)
+
+### Pages
+
+- `/admin` - Dashboard with stats
+- `/admin/families` - Manage families
+- `/admin/users` - Manage users
+- `/admin/children` - Manage children
+- `/admin/revenue` - Revenue analytics
+- `/admin/analytics` - Feature usage
+- `/admin/support` - Support tickets
+- `/admin/settings` - Platform settings
+
 ## Data Storage Consistency
 
 ### RULE: All user data must persist to database, NOT localStorage
@@ -104,33 +159,11 @@ const { theme, toggle, setMode } = useTheme();
 | Growth Records | Database | `/api/growth` | ✅ Yes | ✅ Yes |
 | User Profile | Database | `/api/auth/profile` | ✅ Yes | ✅ Yes |
 | Memories/Photos | Database + R2 | `/api/upload` | ✅ Yes | ✅ Yes |
-| **Medicines** | Database | `/api/medicines` | ⚠️ TODO | ⚠️ TODO |
-| **Allergies** | Database | `/api/allergies` | ⚠️ TODO | ⚠️ TODO |
-| **Doctor Visits** | Database | `/api/visits` | ⚠️ TODO | ⚠️ TODO |
-| **Illness Log** | Database | `/api/illnesses` | ⚠️ TODO | ⚠️ TODO |
+| Auth Session | Database + Cookie | `/api/auth/signin` | ✅ Yes | ✅ No |
 | Theme | localStorage | `tia_theme` | ✅ Yes | ✅ Yes |
 | Chat Sessions | localStorage | `tia_chat_sessions` | ✅ Yes | ❌ No |
 | Offline Queue | localStorage | `tia_offline_queue` | ✅ Yes | ❌ No |
 
-### localStorage acceptable for:
-- Theme preference (user-specific display only)
-- Temporary cache (offline queue for retry)
-- Chat sessions (upcoming feature: move to database)
-
-### NEVER use localStorage for:
-- Medical/health data (medicines, allergies, visits, illnesses)
-- Any data that should persist across devices
-- Data important for pediatrician visits
-
-### Audit (2026-05-10)
-
-All data now consistently uses database:
-- ✅ Medicines → `/api/medicines`
-- ✅ Allergies → `/api/allergies`
-- ✅ Doctor Visits → `/api/visits`
-- ✅ Illness Log → `/api/illnesses`
-- ✅ Chat Sessions → `/api/chat`
-
 ## R2 Storage (Cloudflare)
 
 ### Setup