# CLAUDE.md This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. ## Project status The application described below is implemented (Faza 0–5 of `/home/andrej/.claude/plans/vast-exploring-sutherland.md`: DB schema, Filament import/export, customer login, the `CustomerForm` Livewire component). **Read `WALKTHROUGH.md` at the repo root first** — it documents exactly what was built, the decisions made where `specification.md` was ambiguous, the file map, and known gaps/gotchas, so you don't have to re-derive them. **`specification.md` at the repo root remains the authoritative design doc** for field names, validation rules, segmentation logic, and exact legal/consent text — it must still be checked before changing any of those. ### What the app is supposed to become A self-service portal for an insurance company (Zavarovalnica) where ~20,000 existing customers log in with a single unique code (`Geslo`, stored as `password`) — no name/email login, no Fortify/Breeze — to review and correct their personal data. An admin uses Filament to import the initial customer Excel and export a cleaned Excel where changed cells are highlighted yellow. Key design points from `specification.md` (do not deviate without checking the spec): - Single table `customers` with two JSON columns: `original_data` (as imported) and `current_data` (live/edited). No normalized per-field columns for the ~35 customer fields — diffing for the colored export is done key-by-key between these two JSON blobs. - `vloga_osebe` (person's role) drives a two-way form split: - `SKLEN` → long form "Modul ZL" (full regulatory fields: ID document, PEP/PPDFT declaration, CRS/FATCA self-certification). - `ZAVAR` or `PREJEMNIK RENTE` → short form "Modul ZN" (financial-instrument/ID-document fields hidden, different consent wording). - Form component lives at `app/Livewire/CustomerForm.php`, loads the customer based on the session (post-login), binds inputs directly to `current_data` fields via `wire:model`, and on save: strips tags (sanitization), validates (incl. custom `App\Rules\EmsoRule` for EMŠO), sets `is_updated = true`, writes free-text notes to `opombe`. - Three "accepted" consent checkboxes (wording differs slightly between ZL/ZN) gate the submit button — see spec §4 for exact required legal text per module. - Import (Filament, Phase 1): one Excel row → one `customers` row. `Kupec/Dobavitelj`, `Številka kup./do`, `Št. police/rent`, `Vloga osebe`, `Geslo` go to their dedicated columns; all other Excel columns become the associative array stored in both `original_data` and `current_data`. - Export (Filament, Phase 4): only rows with `is_updated = true`, built with `Maatwebsite\Excel` + PhpSpreadsheet `WithStyles`; any cell where `original_data[$key] !== current_data[$key]` is filled yellow (`#FFFF00`). Excel column order is fixed — see the field list in `specification.md` ("Excel polja") and reuse it for both import and export. When implementing, treat `specification.md` as the spec for field names, validation rules, and consent copy — don't invent field names or reorder columns. ## Tech stack - Laravel 13 (PHP ^8.3, target runtime per spec is PHP 8.5+), Livewire v4, Filament v5 (admin/import/export UI), MySQL/MariaDB (DDEV uses MariaDB 10.11; local default `.env` is sqlite). - Frontend: Vite + Tailwind v4, no SPA framework (Blade + Livewire). - Dev environment: DDEV (`ddev start`); production target is Windows Server/IIS. ## Commands Run via DDEV (`ddev ssh` or prefix with `ddev exec`) or directly with local PHP/Composer if not using DDEV. - Install: `composer install && npm install` - Dev server (PHP server + queue listener + log tailer + Vite, concurrently): `composer run dev` - Lint (Pint, auto-fix): `composer lint` - Lint check only (CI mode, no changes written): `composer lint:check` - Static analysis (PHPStan via Larastan, level 7, scans `app/`, `bootstrap/app.php`, `config/`, `database/`, `routes/`): `composer types:check` - Full test suite (clears config, then lint:check + types:check + `artisan test`): `composer test` - Run only PHPUnit tests: `php artisan test` - Run a single test file: `php artisan test tests/Feature/SomeTest.php` - Run a single test by name/filter: `php artisan test --filter=test_method_name` - Build frontend assets: `npm run build` (dev/watch: `npm run dev`) CI (`.github/workflows/tests.yml`, `.github/workflows/lint.yml`) runs the same `composer lint`, `composer types:check`, and `php artisan test` across PHP 8.3/8.4/8.5 — keep changes passing all three before considering work done. ## Architecture notes - Standard Laravel structure: `app/Http/Controllers`, `app/Models`, `app/Providers`. Livewire components belong under `app/Livewire/` (not yet created); custom validation rules under `app/Rules/` (e.g. the planned `EmsoRule`). - `app/Providers/AppServiceProvider.php` sets a few cross-cutting defaults: dates are `CarbonImmutable`, destructive DB commands (`DB::prohibitDestructiveCommands`) are blocked when running in production, and strong password rules (`Password::defaults`) apply in production only. - No authentication scaffolding (Fortify/Breeze/Jetstream) is installed or should be added for the customer portal — login is a single shared-secret-style field (`Geslo`/`password` on the `customers` row), matched directly rather than through Laravel's `Auth` guards, per spec §4. - Filament is for the admin/back-office side only (import/export, viewing customer records) — keep it separate from the public customer-facing Livewire form. === === foundation rules === # Laravel Boost Guidelines The Laravel Boost guidelines are specifically curated by Laravel maintainers for this application. These guidelines should be followed closely to ensure the best experience when building Laravel applications. ## Foundational Context This application is a Laravel application and its main Laravel ecosystems package & versions are below. You are an expert with them all. Ensure you abide by these specific packages & versions. - php - 8.5 - filament/filament (FILAMENT) - v5 - laravel/framework (LARAVEL) - v13 - laravel/prompts (PROMPTS) - v0 - livewire/livewire (LIVEWIRE) - v4 - larastan/larastan (LARASTAN) - v3 - laravel/boost (BOOST) - v2 - laravel/mcp (MCP) - v0 - laravel/pail (PAIL) - v1 - laravel/pint (PINT) - v1 - laravel/sail (SAIL) - v1 - phpunit/phpunit (PHPUNIT) - v12 - tailwindcss (TAILWINDCSS) - v4 ## Skills Activation This project has domain-specific skills available in `**/skills/**`. You MUST activate the relevant skill whenever you work in that domain—don't wait until you're stuck. ## Conventions - You must follow all existing code conventions used in this application. When creating or editing a file, check sibling files for the correct structure, approach, and naming. - Use descriptive names for variables and methods. For example, `isRegisteredForDiscounts`, not `discount()`. - Check for existing components to reuse before writing a new one. ## Verification Scripts - Do not create verification scripts or tinker when tests cover that functionality and prove they work. Unit and feature tests are more important. ## Application Structure & Architecture - Stick to existing directory structure; don't create new base folders without approval. - Do not change the application's dependencies without approval. ## Frontend Bundling - If the user doesn't see a frontend change reflected in the UI, it could mean they need to run `npm run build`, `npm run dev`, or `composer run dev`. Ask them. ## Documentation Files - You must only create documentation files if explicitly requested by the user. ## Replies - Be concise in your explanations - focus on what's important rather than explaining obvious details. === boost rules === # Laravel Boost ## Tools - Laravel Boost is an MCP server with tools designed specifically for this application. Prefer Boost tools over manual alternatives like shell commands or file reads. - Use `database-query` to run read-only queries against the database instead of writing raw SQL in tinker. - Use `database-schema` to inspect table structure before writing migrations or models. - Use `get-absolute-url` to resolve the correct scheme, domain, and port for project URLs. Always use this before sharing a URL with the user. - Use `browser-logs` to read browser logs, errors, and exceptions. Only recent logs are useful, ignore old entries. ## Searching Documentation (IMPORTANT) - Always use `search-docs` before making code changes. Do not skip this step. It returns version-specific docs based on installed packages automatically. - Pass a `packages` array to scope results when you know which packages are relevant. - Use multiple broad, topic-based queries: `['rate limiting', 'routing rate limiting', 'routing']`. Expect the most relevant results first. - Do not add package names to queries because package info is already shared. Use `test resource table`, not `filament 4 test resource table`. ### Search Syntax 1. Use words for auto-stemmed AND logic: `rate limit` matches both "rate" AND "limit". 2. Use `"quoted phrases"` for exact position matching: `"infinite scroll"` requires adjacent words in order. 3. Combine words and phrases for mixed queries: `middleware "rate limit"`. 4. Use multiple queries for OR logic: `queries=["authentication", "middleware"]`. ## Artisan - Run Artisan commands directly via the command line (e.g., `php artisan route:list`). Use `php artisan list` to discover available commands and `php artisan [command] --help` to check parameters. - Inspect routes with `php artisan route:list`. Filter with: `--method=GET`, `--name=users`, `--path=api`, `--except-vendor`, `--only-vendor`. - Read configuration values using dot notation: `php artisan config:show app.name`, `php artisan config:show database.default`. Or read config files directly from the `config/` directory. ## Tinker - Execute PHP in app context for debugging and testing code. Do not create models without user approval, prefer tests with factories instead. Prefer existing Artisan commands over custom tinker code. - Always use single quotes to prevent shell expansion: `php artisan tinker --execute 'Your::code();'` - Double quotes for PHP strings inside: `php artisan tinker --execute 'User::where("active", true)->count();'` === php rules === # PHP - Always use curly braces for control structures, even for single-line bodies. - Use PHP 8 constructor property promotion: `public function __construct(public GitHub $github) { }`. Do not leave empty zero-parameter `__construct()` methods unless the constructor is private. - Use explicit return type declarations and type hints for all method parameters: `function isAccessible(User $user, ?string $path = null): bool` - Use TitleCase for Enum keys: `FavoritePerson`, `BestLake`, `Monthly`. - Prefer PHPDoc blocks over inline comments. Only add inline comments for exceptionally complex logic. - Use array shape type definitions in PHPDoc blocks. === deployments rules === # Deployment - Laravel can be deployed using [Laravel Cloud](https://cloud.laravel.com/), which is the fastest way to deploy and scale production Laravel applications. === tests rules === # Test Enforcement - Every change must be programmatically tested. Write a new test or update an existing test, then run the affected tests to make sure they pass. - Run the minimum number of tests needed to ensure code quality and speed. Use `php artisan test --compact` with a specific filename or filter. === laravel/core rules === # Do Things the Laravel Way - Use `php artisan make:` commands to create new files (i.e. migrations, controllers, models, etc.). You can list available Artisan commands using `php artisan list` and check their parameters with `php artisan [command] --help`. - If you're creating a generic PHP class, use `php artisan make:class`. - Pass `--no-interaction` to all Artisan commands to ensure they work without user input. You should also pass the correct `--options` to ensure correct behavior. ### Model Creation - When creating new models, create useful factories and seeders for them too. Ask the user if they need any other things, using `php artisan make:model --help` to check the available options. ## APIs & Eloquent Resources - For APIs, default to using Eloquent API Resources and API versioning unless existing API routes do not, then you should follow existing application convention. ## URL Generation - When generating links to other pages, prefer named routes and the `route()` function. ## Testing - When creating models for tests, use the factories for the models. Check if the factory has custom states that can be used before manually setting up the model. - Faker: Use methods such as `$this->faker->word()` or `fake()->randomDigit()`. Follow existing conventions whether to use `$this->faker` or `fake()`. - When creating tests, make use of `php artisan make:test [options] {name}` to create a feature test, and pass `--unit` to create a unit test. Most tests should be feature tests. ## Vite Error - If you receive an "Illuminate\Foundation\ViteException: Unable to locate file in Vite manifest" error, you can run `npm run build` or ask the user to run `npm run dev` or `composer run dev`. === livewire/core rules === # Livewire - Livewire allow to build dynamic, reactive interfaces in PHP without writing JavaScript. - You can use Alpine.js for client-side interactions instead of JavaScript frameworks. - Keep state server-side so the UI reflects it. Validate and authorize in actions as you would in HTTP requests. === pint/core rules === # Laravel Pint Code Formatter - If you have modified any PHP files, you must run `vendor/bin/pint --dirty --format agent` before finalizing changes to ensure your code matches the project's expected style. - Do not run `vendor/bin/pint --test --format agent`, simply run `vendor/bin/pint --format agent` to fix any formatting issues. === phpunit/core rules === # PHPUnit - This application uses PHPUnit for testing. All tests must be written as PHPUnit classes. Use `php artisan make:test --phpunit {name}` to create a new test. - If you see a test using "Pest", convert it to PHPUnit. - Every time a test has been updated, run that singular test. - When the tests relating to your feature are passing, ask the user if they would like to also run the entire test suite to make sure everything is still passing. - Tests should cover all happy paths, failure paths, and edge cases. - You must not remove any tests or test files from the tests directory without approval. These are not temporary or helper files; these are core to the application. ## Running Tests - Run the minimal number of tests, using an appropriate filter, before finalizing. - To run all tests: `php artisan test --compact`. - To run all tests in a file: `php artisan test --compact tests/Feature/ExampleTest.php`. - To filter on a particular test name: `php artisan test --compact --filter=testName` (recommended after making a change to a related file).