Migrate to Svelte 5: Update runes, state management, and modern syntax

.env.example

@@ -0,0 +1,18 @@
+GOOGLE_CLIENT_ID="your-google-client-id-here"
+GOOGLE_CLIENT_SECRET="your-google-client-secret-here"
+GOOGLE_LOGIN_DOMAIN="http://localhost:5173"
+DATABASE_URL="postgresql://username:password@localhost:5432/bottlecrm?schema=public"
+
+# API Configuration
+API_PORT=3001
+JWT_SECRET=your-super-secure-jwt-secret-key-change-this-in-production
+JWT_EXPIRES_IN=24h
+FRONTEND_URL=http://localhost:5173
+
+# Logging Configuration
+ENABLE_REQUEST_LOGGING=true
+LOG_REQUEST_BODY=false
+LOG_RESPONSE_BODY=false
+
+# Environment
+NODE_ENV=development

.github/copilot-instructions.md

@@ -0,0 +1,27 @@
+Dear Copilot,
+
+## Project Overview
+
+BottleCRM is a dynamic, SaaS CRM platform designed to streamline the entire CRM needs of startups and enterprises. Built with modern web technologies, it offers a seamless experience for users through robust role-based access control (RBAC). Each user role is equipped with tailored functionalities to enhance efficiency, engagement, and management, ensuring a streamlined and secure business process.
+
+user types we have
+
+-   Org
+    -   user(s)
+    -   Admin
+-   super admin - anyone with @micropyramid.com email to manage whole platform
+
+## Project Context
+
+BottleCRM is a modern CRM application built with:
+- **Framework**: SvelteKit 2.21.x, Svelte 5.1, Prisma
+- **Styling**: tailwind 4.1.x css
+- **Database**: postgresql
+- **Icons**: lucide icons
+- **Form Validation**: zod
+
+## Important Notes
+- We need to ensure access control is strictly enforced based on user roles.
+- No record should be accessible unless the user or the org has the appropriate permissions.
+- When implementing forms in sveltekit A form label must be associated with a control
+- svelte 5+ style coding standards should be followed

.github/workflows/build-deploy.yml

@@ -0,0 +1,56 @@
+name: Build and Deploy (Docker)
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: ghcr.io/${{ github.repository }}:latest
+
+      - name: Setup SSH
+        uses: webfactory/[email protected]
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: Add host key to known_hosts
+        run: |
+          mkdir -p ~/.ssh
+          ssh-keyscan -H ${{ secrets.SERVER_IP }} >> ~/.ssh/known_hosts
+
+      - name: Deploy on server (pull and restart container)
+        run: |
+          ssh ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_IP }} "docker login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} && \
+          docker pull ghcr.io/${{ github.repository }}:latest && \
+          docker stop svelte-crm || true && docker rm svelte-crm || true && \
+          docker run -d --name svelte-crm --restart always -p 3000:3000 \
+            -e NODE_ENV=production \
+            -e DATABASE_URL=\"${{ secrets.DATABASE_URL }}\" \
+            --env-file ${{ secrets.ENV_FILE_PATH:-/home/${{ secrets.SERVER_USER }}/.env }} \
+            ghcr.io/${{ github.repository }}:latest"

.gitignore

@@ -24,3 +24,4 @@ vite.config.ts.timestamp-*
 
 generated/*
 src/generated/*
+.github/prompts/*

.vscode/settings.json

@@ -0,0 +1,23 @@
+{
+  "editor.tabSize": 2,
+  "editor.insertSpaces": true,
+  "[javascript]": {
+    "editor.tabSize": 2,
+    "editor.insertSpaces": true
+  },
+  "[svelte]": {
+    "editor.tabSize": 2,
+    "editor.insertSpaces": true
+  },
+  "github.copilot.chat.codeGeneration.instructions": [
+    {
+      "file": "prisma/schema.prisma",
+    },
+    {
+      "file": "src/hooks.server.js",
+    },
+    {
+      "file": "src/lib/prisma.js",
+    },
+  ]
+}

CLAUDE.md

@@ -0,0 +1,135 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+BottleCRM is a SaaS CRM platform built with SvelteKit, designed for startups and enterprises with role-based access control (RBAC). The application features multi-tenancy through organizations, with strict data isolation enforced at the database level.
+
+## Technology Stack
+
+- **Frontend**: SvelteKit 2.x with Svelte 5.x
+- **Styling**: TailwindCSS 4.x
+- **Database**: PostgreSQL with Prisma ORM
+- **Icons**: Lucide Svelte
+- **Validation**: Zod
+- **Package Manager**: pnpm
+- **Type Checking**: JSDoc style type annotations (no TypeScript)
+
+## Development Commands
+
+```bash
+# Development server
+pnpm run dev
+
+# Build for production
+pnpm run build
+
+# Preview production build
+pnpm run preview
+
+# Type checking
+pnpm run check
+
+# Type checking with watch mode
+pnpm run check:watch
+
+# Linting and formatting (both required to pass)
+pnpm run lint
+
+# Format code
+pnpm run format
+
+# Database operations
+npx prisma migrate dev
+npx prisma generate
+npx prisma studio
+```
+
+## Architecture Overview
+
+### Multi-Tenant Structure
+- **Organizations**: Top-level tenant containers with strict data isolation
+- **Users**: Can belong to multiple organizations with different roles (ADMIN/USER)
+- **Super Admin**: Users with @micropyramid.com email domain have platform-wide access
+
+### Core CRM Entities
+- **Leads**: Initial prospects that can be converted to Accounts/Contacts/Opportunities
+- **Accounts**: Company/organization records
+- **Contacts**: Individual people associated with accounts
+- **Opportunities**: Sales deals with pipeline stages
+- **Tasks/Events**: Activity management
+- **Cases**: Customer support tickets
+- **Products/Quotes**: Sales catalog and quotation system
+
+### Authentication & Authorization
+- Session-based authentication using cookies (`session`, `org`, `org_name`)
+- Organization selection required after login via `/org` route
+- Route protection in `src/hooks.server.js`:
+  - `/app/*` routes require authentication and organization membership
+  - `/admin/*` routes restricted to @micropyramid.com domain users
+  - `/org` route for organization selection
+
+### Data Access Control
+- All database queries must include organization filtering
+- User can only access data from organizations they belong to
+- Prisma schema enforces relationships with `organizationId` foreign keys
+
+### Route Structure
+- `(site)`: Public marketing pages
+- `(no-layout)`: Auth pages (login, org selection)
+- `(app)`: Main CRM application (requires auth + org membership)
+- `(admin)`: Platform administration (requires @micropyramid.com email)
+
+### Key Files
+- `src/hooks.server.js`: Authentication, org membership validation, route protection
+- `src/lib/prisma.js`: Database client configuration
+- `src/lib/stores/auth.js`: Authentication state management
+- `prisma/schema.prisma`: Complete database schema with RBAC models
+
+## Form Development
+- All form labels must be properly associated with form controls for accessibility
+- Use Zod for form validation
+- Follow existing patterns in `/contacts`, `/leads`, `/accounts` for consistency
+
+## Coding Standards
+
+### Type Safety
+- **NO TypeScript**: This project uses JavaScript with JSDoc style type annotations only
+- **JSDoc Comments**: Use JSDoc syntax for type information and documentation
+- **Type Checking**: Use `pnpm run check` to validate types via JSDoc annotations
+- **Function Parameters**: Document parameter types using JSDoc `@param` tags
+- **Return Types**: Document return types using JSDoc `@returns` tags
+
+### JSDoc Examples
+```javascript
+/**
+ * Updates a contact in the database
+ * @param {string} contactId - The contact identifier
+ * @param {Object} updateData - The data to update
+ * @param {string} updateData.name - Contact name
+ * @param {string} updateData.email - Contact email
+ * @param {string} organizationId - Organization ID for data isolation
+ * @returns {Promise<Object>} The updated contact object
+ */
+async function updateContact(contactId, updateData, organizationId) {
+  // Implementation
+}
+
+/**
+ * @typedef {Object} User
+ * @property {string} id - User ID
+ * @property {string} email - User email
+ * @property {string} name - User name
+ * @property {string[]} organizationIds - Array of organization IDs
+ */
+
+/** @type {User|null} */
+let currentUser = null;
+```
+
+## Security Requirements
+- Never expose cross-organization data
+- Always filter queries by user's organization membership
+- Validate user permissions before any data operations
+- Use parameterized queries via Prisma to prevent SQL injection