White Povar Project Rules

Guidelines for developing the White Povar application, a Flutter frontend with Supabase backend and Firebase integration.

Credentials & Configuration

Backend Environment

**Location**: `backend/.env`

**Contains**: Real Supabase URL, anon key, service key, OpenAI key, Firebase project ID

**Settings**: Managed via `backend/app/core/settings.py` with pydantic-settings loading `.env`

**Production**: Replace `SECRET_KEY` placeholder before deploying

Frontend Environment

**Config file**: `frontend/lib/core/config/app_config.dart`

**Required variables**: `SUPABASE_URL`, `SUPABASE_ANON_KEY`, `API_BASE_URL`

**Access method**: `String.fromEnvironment` in Dart

**Local development**: Pass values using `--dart-define` flags when running Flutter

**Defaults**: Updated to match current Supabase project for development

Recent Changes (2025-08-11)

When working with this codebase, be aware of these recent updates:

1. **Dependencies**: Added `supabase_flutter` and enabled `firebase_core`, `firebase_auth` in `frontend/pubspec.yaml`

2. **Config updates**: `frontend/lib/core/config/app_config.dart` defaults aligned with current Supabase project

3. **Upload fix**: Corrected `Uint8List` upload implementation in `frontend/lib/core/services/supabase_service.dart`

4. **Build verification**: `flutter build web` confirmed working

Development Workflow

Security Best Practices

1. **Never commit secrets** to source control

2. **Local builds**: Use `--dart-define` flags to inject environment variables

3. **CI/CD**: Configure secrets injection for web/mobile builds

4. **Production deployments**: Use CI secrets for credential injection

Firebase Configuration

Regenerate Firebase configs using `flutterfire configure` when project/app IDs change

Keep `google-services.json` (Android) and `GoogleService-Info.plist` (iOS) updated

Supabase Setup

Ensure RLS (Row Level Security) policies are applied as documented

Verify service key permissions match security requirements

Pending Tasks & Watchouts

When making changes, keep these items in mind:

1. **Backend security**: Replace `SECRET_KEY` placeholder in `backend/.env` for production deployments

2. **Database security**: Verify all RLS policies in Supabase are properly applied

3. **Build pipeline**: Update CI/CD to inject dart-defines for web/mobile builds

4. **Environment consistency**: Ensure all environments (dev/staging/prod) have complete credential sets

File Structure Reference

Key files to be aware of:

`backend/.env` — Backend secrets and configuration

`backend/app/core/settings.py` — Backend settings loader

`frontend/lib/core/config/app_config.dart` — Frontend configuration

`frontend/lib/core/services/supabase_service.dart` — Supabase client service

`frontend/pubspec.yaml` — Flutter dependencies

Build Commands

Local Development

```bash

flutter run --dart-define=SUPABASE_URL=<url> --dart-define=SUPABASE_ANON_KEY=<key> --dart-define=API_BASE_URL=<url>

```

Web Build

```bash

flutter build web --dart-define=SUPABASE_URL=<url> --dart-define=SUPABASE_ANON_KEY=<key> --dart-define=API_BASE_URL=<url>

```

Constraints

Always verify `flutter build web` succeeds after dependency changes

Test Supabase service integration after updating `supabase_flutter` package

Regenerate platform-specific Firebase configs after changing Firebase project settings

Keep `pubspec.yaml` dependencies synchronized across team members

White Povar Project Rules

White Povar Project Rules

Credentials & Configuration

Backend Environment

Frontend Environment

Recent Changes (2025-08-11)

Development Workflow

Security Best Practices

Firebase Configuration

Supabase Setup

Pending Tasks & Watchouts

File Structure Reference

Build Commands

Local Development

Web Build

Constraints

Reviews (0)