# CLAUDE.md This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. ## Project Vision ERP — a CodeIgniter 4 application (PHP ^8.1) running on a local WAMP stack at `http://localhost:8081/`. Modules cover tickets, invoices, estimates, avoirs (credit notes), projects, planning, employees (RH/paie), leave management (congés), clients, and v_companies. UI strings and column names are in **French and intentional** (e.g. `État`, `avoir`, `conges`, `planification`) — preserve them. ## Common commands ```bash composer install # install PHP deps php spark serve # dev server (alternative to WAMP) php spark routes # list registered routes php spark migrate # run migrations vendor/bin/phpunit # run full test suite (alias: composer test) vendor/bin/phpunit tests/path/SomeTest.php # run a single test file vendor/bin/phpunit --filter testMethodName # run a single test method vendor/bin/phpstan analyse --memory-limit=1G # static analysis (level 5, app/ only) ``` The web entry point is `public/index.php`; configure your vhost / WAMP alias to point at `public/`, never the project root. ## Database access Claude **cannot connect to MySQL directly** from the shell in this environment. For schema changes or data inserts, output the SQL statements and ask the user to run them manually. Always verify column names against the actual schema before referencing them in queries — wrong column names (e.g. `id_vcompanies` vs the real column) have caused regressions. The active database is set in `.env` (`database.default.database`, currently `test`). The full app schema is `elplatsvisionci4`. Migrations under `app/Database/Migrations/` are excluded from the autoload classmap (see `composer.json`). ## Architecture ### Request lifecycle 1. Routes in `app/Config/Routes.php` (mostly explicit, not auto-routed). Most routes apply `['filter' => 'auth']`. 2. **Two filters gate every authenticated request**: - `auth` (`app/Filters/Auth.php`) — checks `session()->get('user_id')`, redirects to `/login` if missing. - `module_access` (`app/Filters/ModuleFilter.php`) — global `before` filter. Compares URI segments against the user's allowed sub-module links (cached in session as `all_sous_links` / `user_sous_links`). Admin (`session('user_is_admin')`) bypasses. AJAX denials return JSON 403; HTML denials return `errors/html/error_403`. 3. All controllers extend `BaseController`, whose `initController()` is the load-bearing setup step — it instantiates ~10 shared models, loads the user + company context, builds the sidebar menu from `modules` + `modules_sous` joined with `user_module_access` / `user_sous_access`, computes `notification_list`, and seeds `$this->view_data` with `core_settings`, `current_language`, `dateformat`, `nom_licence`, etc. **Never bypass `BaseController` — views expect those keys.** 4. Controllers populate `$this->view_data` and render via `view('blueline//', ['view_data' => $this->view_data])`. Views render through `app/Views/layouts/main.php` (header / sidebar / subHeader / footer partials). ### Multi-tenancy / company switching `session('current_company')` scopes most queries. When it is unset, the menu falls back to aggregating across all companies the user has access to. Be aware of this when adding new module-access logic. ### Referentials (lookup table) The `referentials` table (`App\Models\ReferentialModel`) is a generic lookup keyed by `category`. Used for `ticket_category`, `ticket_status`, `equipe`, `fonction`, etc. When adding dropdowns for status / priority / category-style fields, **store the referential `id` on the parent row** (e.g. `tickets.type_id`, `tickets.status` → `referentials.id`) and join with an alias filtered by category, e.g.: ```php $this->join('referentials ref_etat', 'tickets.status = ref_etat.id AND ref_etat.category = "ticket_status"', 'left'); ``` Use `ReferentialModel::getByCategory($cat)` for active rows ordered by `sort_order`. The field for display is `label` (not `name`). UI de gestion : `settings/referentiels`. **Ne pas confondre avec `ref_type_occurences`** (`App\Models\RefTypeOccurencesModel`) — table legacy keyed by `id_type` (int). Encore utilisée pour les référentiels RH : genre (`id_type=13`), situation (`id_type=12`), contrat (`id_type=18`), typecontrat (`id_type=30`). `fonction` (`id_type=19`) a été migré vers `referentials` (`category='fonction'`). **Ne pas ajouter de nouvelles listes dans `ref_type_occurences`** — toujours utiliser `referentials`. ### Helpers `app/Helpers/autoload_helpers.php` is required from `app/Common.php` and pulls in: `calcul_helper`, `format_helper`, `my_functions_helper`, `mydbhelper_helper`, `notification_helper`, `suivi_helper`, `theme_helper`, `timeago_helper`, `date_helper`, `EmailHelper`. Their functions are globally available — search there before writing new utility functions. **`app_log()` n'est pas dans la liste d'autoload.** Il est chargé par `BaseController::__construct()` via `helper('app')`. Les contrôleurs qui définissent leur propre `__construct()` sans appeler `parent::__construct()` (ex : `SettingsController`, `ForgotPassController`) n'ont pas `app_log()` disponible — il faut y ajouter `helper('app')` explicitement. ### Application tracing `app_log($context, $message, $data)` (`app/Helpers/app_helper.php` → `App\Libraries\AppLogger`) writes to `writable/logs/trace-YYYY-MM-DD.log` when `app.trace = true` in `.env`. Use it for business-event tracing (separate from CI4's framework `log_message()`). ### Frontend conventions - Views live in `app/Views/blueline//`; the global layout is `app/Views/layouts/main.php`. - **Global delete confirmation**: any element with `data-delete-url="..."` (optionally `data-reload="true"` and `data-delete-msg="..."`) triggers the modal in `layouts/main.php` and issues a GET. Don't reinvent per-page delete dialogs. - **Item selector pattern**: invoices/estimates use a `#items-data` hidden table + `itemSelector()` JS helper. When adding similar item-line features (avoirs, bons de commande, etc.), reuse this pattern from the invoices view rather than inventing a parallel one. - AJAX requests denied by `ModuleFilter` return JSON `{error, code: 403}` — handle that on the client side. ### CSS conventions — pas de style inline **Ne jamais utiliser** de blocs `