docs(handover): add architecture map and takeover playbook

docs/.vitepress/config.mts

@@ -25,6 +25,10 @@ export default defineConfig({
           { text: "i18n Baseline", link: "/product-engineering/i18n-baseline" },
           { text: "i18n Conventions", link: "/product-engineering/i18n-conventions" },
           { text: "RBAC And Permissions", link: "/product-engineering/rbac-permission-model" },
+          { text: "Code Architecture Map", link: "/product-engineering/code-architecture-map" },
+          { text: "Critical Invariants", link: "/product-engineering/critical-invariants" },
+          { text: "Request Lifecycle Flows", link: "/product-engineering/request-lifecycle-flows" },
+          { text: "Code Handover Playbook", link: "/product-engineering/code-handover-playbook" },
           { text: "Domain Glossary", link: "/product-engineering/domain-glossary" },
           { text: "Environment Runbook", link: "/product-engineering/environment-runbook" },
           { text: "Delivery Pipeline", link: "/product-engineering/delivery-pipeline" },

docs/product-engineering/code-architecture-map.md

@@ -0,0 +1,53 @@
+# Code Architecture Map
+
+This page is the fast handover map for engineers taking over the codebase.
+
+## Repository Structure
+
+- `apps/admin`:
+  Next.js admin panel. Owns auth UI, CMS management screens, and protected workflows.
+- `apps/web`:
+  Next.js public site. Renders CMS-managed content and public-facing routes.
+- `packages/db`:
+  Prisma schema, generated client usage, and data access services.
+- `packages/content`:
+  Domain-level Zod schemas and shared contracts.
+- `packages/crud`:
+  Shared CRUD service pattern (validation, not-found behavior, audit hook contracts).
+- `packages/ui`:
+  Shared UI primitives used by admin/public apps.
+- `packages/i18n`:
+  Shared locale helpers.
+
+## Runtime Boundaries
+
+- Admin app:
+  writes content and settings, enforces RBAC, runs Better Auth route handlers.
+- Public app:
+  reads published content and settings; no public auth coupling.
+- DB package:
+  only data access and business-persistence rules.
+- Content package:
+  only validation and domain typing; no DB or framework runtime coupling.
+
+## Core Feature Modules
+
+- Auth and user guards:
+  `apps/admin/src/lib/auth/server.ts`, `apps/admin/src/app/api/auth/[...all]/route.ts`
+- Access and route permissions:
+  `apps/admin/src/lib/access.ts`, `apps/admin/src/lib/route-guards.ts`
+- Media domain + storage:
+  `packages/db/src/media-foundation.ts`, `apps/admin/src/lib/media/storage.ts`
+- Pages and navigation:
+  `packages/db/src/pages-navigation.ts`, `apps/admin/src/app/pages/*`, `apps/admin/src/app/navigation/*`
+- Commissions and customers:
+  `packages/db/src/commissions.ts`, `apps/admin/src/app/commissions/page.tsx`
+- Announcements and news:
+  `packages/db/src/announcements.ts`, `apps/admin/src/app/announcements/page.tsx`, `apps/admin/src/app/news/page.tsx`
+
+## Extension Rules
+
+- Add/adjust schema first in `packages/content`.
+- Implement persistence in `packages/db`.
+- Wire usage in app route/actions after schema/service are in place.
+- Add tests at service and app-boundary levels before marking TODO items done.

docs/product-engineering/code-handover-playbook.md

@@ -0,0 +1,62 @@
+# Code Handover Playbook
+
+This is the minimum runbook for a new engineer to continue delivery safely.
+
+## Local Setup
+
+1. Install Bun matching repo policy.
+2. Copy `.env.example` to `.env` and fill required values.
+3. Generate Prisma client:
+   `bun run db:generate`
+4. Apply migrations:
+   `bun run db:migrate:deploy` (or local named migration flow)
+5. Seed data:
+   `bun run db:seed`
+6. Start apps:
+   `bun run dev`
+
+## Daily Development Loop
+
+1. Create branch by task type:
+   `todo/*`, `refactor/*`, `code/*`.
+2. Implement smallest vertical slice for one TODO item.
+3. Run quality gates:
+   `bun run check`
+   `bun run typecheck`
+   `bun run test`
+4. Update `TODO.md` status and discovery log.
+5. Commit with Conventional Commit message and GPG signing.
+
+## Database Workflow
+
+- Schema source is:
+  `packages/db/prisma/schema.prisma`
+- Use named dev migrations for schema changes.
+- Avoid manual SQL unless migration tooling is blocked.
+- Always regenerate client after schema change.
+
+## Testing Strategy
+
+- Unit/service tests:
+  `packages/*` and logic helpers.
+- App-boundary integration tests:
+  auth flow and route-level behavior.
+- E2E tests:
+  full admin/public happy paths through Playwright.
+
+## Common Failure Recovery
+
+- `DATABASE_URL not set`:
+  ensure root `.env` is loaded for Bun/Prisma scripts.
+- Prisma client import errors:
+  run `bun run db:generate`.
+- Migration drift:
+  run deploy/reset flow in dev and reseed.
+- Playwright host deps missing:
+  install browser dependencies on host before running e2e.
+
+## Ownership Expectations
+
+- Keep invariants explicit and tested before changing auth/media pipelines.
+- Treat `TODO.md` as delivery source of truth.
+- If changing branch/release workflow, update docs in same branch.

docs/product-engineering/critical-invariants.md

@@ -0,0 +1,57 @@
+# Critical Invariants
+
+These rules must stay true across refactors and feature work.
+
+## Auth and User Invariants
+
+- Exactly one owner user must exist.
+- The canonical owner must remain protected and not banned.
+- Support user is system-owned and protected.
+- Protected users cannot be deleted through auth endpoints.
+- First owner bootstrap closes open owner-registration window.
+
+Primary implementation:
+- `apps/admin/src/lib/auth/server.ts`
+- `apps/admin/src/app/api/auth/[...all]/route.ts`
+
+Primary tests:
+- `apps/admin/src/lib/auth/server.test.ts`
+- `apps/admin/src/app/register/page.test.tsx`
+- `apps/admin/src/app/welcome/page.test.tsx`
+- `apps/admin/src/app/login/page.test.tsx`
+
+## Registration Policy Invariants
+
+- If no owner exists:
+  `welcome` flow is open for first owner bootstrap.
+- If owner exists:
+  self-registration depends on persisted policy in `system_setting`.
+- Register route must never silently create users when policy is disabled.
+
+Primary implementation:
+- `packages/db/src/settings.ts`
+- `apps/admin/src/app/settings/page.tsx`
+- `apps/admin/src/app/register/page.tsx`
+
+## Media Storage Contract
+
+- Storage provider is selected by `CMS_MEDIA_STORAGE_PROVIDER`.
+- S3 is primary; local is explicit fallback.
+- Each media asset stores a stable `storageKey`.
+- Deleting a media asset must also attempt storage object deletion.
+
+Primary implementation:
+- `apps/admin/src/lib/media/storage.ts`
+- `apps/admin/src/lib/media/storage-key.ts`
+- `apps/admin/src/app/media/[id]/page.tsx`
+
+## Public Rendering Contract
+
+- Public pages must render only published CMS pages.
+- Public navigation must be built from managed menu items.
+- Header banner and announcements must be optional and fail-safe.
+
+Primary implementation:
+- `apps/web/src/app/[locale]/layout.tsx`
+- `apps/web/src/app/[locale]/page.tsx`
+- `apps/web/src/app/[locale]/[slug]/page.tsx`

docs/product-engineering/index.md

@@ -11,6 +11,10 @@ This section covers platform and implementation documentation for engineers and
 - [i18n Conventions](/product-engineering/i18n-conventions)
 - [CRUD Examples](/product-engineering/crud-examples)
 - [Package Catalog And Decision Notes](/product-engineering/package-catalog)
+- [Code Architecture Map](/product-engineering/code-architecture-map)
+- [Critical Invariants](/product-engineering/critical-invariants)
+- [Request Lifecycle Flows](/product-engineering/request-lifecycle-flows)
+- [Code Handover Playbook](/product-engineering/code-handover-playbook)
 - [User Personas And Use-Case Topics](/product-engineering/user-personas-and-use-cases)
 - [CMS Feature Topics (Domain-Centric)](/product-engineering/cms-feature-topics)
 - [Domain Glossary](/product-engineering/domain-glossary)

docs/product-engineering/request-lifecycle-flows.md

@@ -0,0 +1,61 @@
+# Request Lifecycle Flows
+
+## 1. Auth Sign-In (Admin)
+
+1. Browser posts to `/api/auth/sign-in/email`.
+2. Route resolves `identifier` (email or username) to canonical email.
+3. Better Auth credential sign-in executes.
+4. Session cookie is set and user is redirected.
+
+Key files:
+- `apps/admin/src/app/login/login-form.tsx`
+- `apps/admin/src/app/api/auth/[...all]/route.ts`
+- `apps/admin/src/lib/auth/server.ts`
+
+## 2. Initial Owner Registration
+
+1. If no owner exists, `/welcome` renders owner sign-up mode.
+2. Sign-up request goes through auth route handler.
+3. New user is promoted to owner in transactional guard.
+4. Owner invariant is re-validated to enforce single owner.
+
+Key files:
+- `apps/admin/src/app/welcome/page.tsx`
+- `apps/admin/src/app/api/auth/[...all]/route.ts`
+- `apps/admin/src/lib/auth/server.ts`
+
+## 3. Media Upload
+
+1. Admin form posts multipart data to `/api/media/upload`.
+2. Metadata is validated and file is stored through selected provider.
+3. Media asset record is persisted with storage metadata.
+4. UI redirects back to media list with flash status query.
+
+Key files:
+- `apps/admin/src/components/media/media-upload-form.tsx`
+- `apps/admin/src/app/api/media/upload/route.ts`
+- `apps/admin/src/lib/media/storage.ts`
+- `packages/db/src/media-foundation.ts`
+
+## 4. Page Publish
+
+1. Admin submit on `/pages` calls server action.
+2. Page schema validates payload and persists.
+3. `published` status sets publication fields.
+4. Public app resolves slug and renders page if published.
+
+Key files:
+- `apps/admin/src/app/pages/page.tsx`
+- `packages/db/src/pages-navigation.ts`
+- `apps/web/src/app/[locale]/[slug]/page.tsx`
+
+## 5. Commission Status Transition
+
+1. Admin updates status from commission card form.
+2. Server action validates transition payload.
+3. DB update persists new status.
+4. Kanban view re-renders with updated column placement.
+
+Key files:
+- `apps/admin/src/app/commissions/page.tsx`
+- `packages/db/src/commissions.ts`