# Copilot Instructions — Fiddy (External DB)

## Authority
- **Source of truth:** `PROJECT_INSTRUCTIONS.md` (repo root). If conflict, follow it.
- **Bugfix work:** follow `DEBUGGING_INSTRUCTIONS.md` (repo root).
- Keep this file short: it’s a guide for Copilot behavior, not the full spec.

## High-level behavior
- Make the **smallest change** that resolves the bug or request.
- **Scan the repo first** for existing patterns (don’t invent files/endpoints unless necessary).
- Respect layering: **route → server service → client wrapper → hook → UI**.
- Keep diffs tight; avoid large refactors unless required.

## Hard rules (do not violate)
- External DB: `DATABASE_URL` points to on-prem Postgres (NOT a container).
- No cron/worker jobs.
- Server-side RBAC only; client checks are UX only.
- Never log secrets, receipt bytes, or full invite codes (invite codes = **last4 only**).
- Entries list endpoints must never return receipt bytes.

## Architecture quick map (follow existing patterns)
- API routes: `app/api/**/route.ts` (thin parse/validate + call service)
- Server services: `lib/server/*` (DB + authz, must include `import "server-only";`)
- Client wrappers: `lib/client/*` (typed fetch + error normalization, credentials included)
- Hooks: `hooks/use-*.ts` (UI-facing API layer; components avoid raw `fetch()`)

## API conventions
- Prefer error shape: `{ error: { code, message }, request_id? }`
- Validate input at the route boundary; authorize in services.

## Next.js dynamic route params (required)
- In `app/api/**/[param]/route.ts`, treat `context.params` as async:
  - `const { id } = await context.params;`

## Tests
- When changing API behavior, add/update tests.
- Prefer including negative cases: unauthorized / not-a-member / invalid input.

## UI expectations
- Dark mode, minimal, mobile-first.
- Navbar layout: left nav dropdown, middle group selector, right user menu.