Define your success criteria - How will you know when your application is good enough to publish?
The application should fulfill the requirements which we have outlined. All the features must be implemented. The UI should be similar to the images I have uploaded.

The application should be secure. The data is the most important, it should be consistent, we don't want to lose the data.

Our application should fulfill the features we have outlined, based on salesforce crm.

Privacy preservation Data stored is sensitive. Only the application's users should be able to see and use the data.

# Phase 1: Planning & Design**
1.Define Clear Requirements & Scope
1.1Understand the "Why": Clearly articulate the problem the application solves and the business goals.:

The Problem:

### Final, Refined Problem Statement (Version 3)

https://www.atlassian.com/team-playbook/plays/problem-framing#instructions
**For:** The web agency's project, sales, and support teams.

**Who are trying to:** Seamlessly manage the entire client lifecycle—from initial lead generation and project execution to recurring payments and ongoing support.

**But are struggling because:** They rely on a patchwork of disconnected systems and manual processes. Critical information is fragmented across spreadsheets, email threads, generic project management tools, and personal notes, with no single, reliable source of truth.

**This fundamental lack of a central system leads to severe negative impacts across the business:**

*   **Operational Inefficiency:** Team members waste significant time searching multiple locations for client information, leading to duplicated effort and reduced productivity.
*   **Lost Revenue Opportunities:** Without a clear, unified view of the sales pipeline, promising leads are not followed up on in a timely manner, resulting in lost deals.
*   **Data Integrity Issues:** Information quickly becomes outdated or contradictory across different systems, leading to embarrassing errors and poor decision-making.
*   **Poor Strategic Visibility:** It is nearly impossible to get an accurate, real-time overview of the sales pipeline, project status, or client support load, making forecasting and resource planning difficult.
*   **Revenue Leakage & Poor Cash Flow:** Tracking recurring retainer payments is difficult and prone to error, leading to missed or delayed invoices and unpredictable cash flow.
*   **Inconsistent Client Service:** With no standard process for logging and handling requests, the client experience can be inconsistent, potentially damaging the agency's reputation and client satisfaction.

**Ultimately, this operational chaos places a hard cap on the agency's ability to grow. As the number of clients increases, these problems compound, making it impossible to scale the business effectively.**

---

*   **Business Goals the CRM Solves:**
    *   **Increase Efficiency:** Reduce time spent searching for information and managing administrative tasks by centralizing all client, project, support, and payment data.
    *   **Improve Client Management:** Gain a 360-degree view of each client (contact info, project history, support tickets, payment status) to provide more informed and consistent service.
    *   **Streamline Sales Process:** Effectively track leads from initial contact through to becoming a client (Account/Contact) and starting a project (Opportunity). Ensure timely follow-ups.
    *   **Enhance Project/Task Tracking:** Manage the sales pipeline (Opportunities) and track non-project client work like support requests and maintenance tasks (Cases) systematically.
    *   **Stabilize Revenue Tracking:** Easily log and monitor monthly retainer payments, quickly identifying overdue accounts.
    *   **Provide Foundational Scalability:** Implement a system that can support the agency's current needs and grow with it, ensuring consistent processes even with more clients or team members.
    *   **Enable Basic Reporting:** Gain insights into the sales pipeline, common support issues, and client payment statuses to make better business decisions.

**In essence, the "Why" is to move from scattered, inefficient, and potentially error-prone manual processes to a centralized, streamlined, and reliable system that improves efficiency, client service, and revenue management for the web agency.**

### 1.3Functional Requirements: Detail what the system must do (e.g., user registration, data display, calculations).

We will refine them after we decide what fields we need/will use for each core concept.

1. Source/Method: User Story Expansion
This is your primary tool. Take each high-level user story you wrote and break it down into the specific functions needed to make it happen.

    Resource: Your own list of user stories.

    How to use it: For a story like, "As a salesperson, I want to convert a Lead...", ask yourself:

        What button do I click?

        What information must I fill out?

        What happens in the background? (An Account is created, a Contact is created, etc.)

        What feedback do I get when it's done?

2. Source/Method: CRUD Analysis
This is a systematic, developer-focused way to ensure you cover the basics for every single data entity in your system (Lead, Account, Contact, etc.). CRUD stands for Create, Read, Update, Delete.

    Resource: Your Entity-Relationship Diagram (ERD).

    How to use it: Go through each entity on your ERD and list the requirements for each CRUD operation.
    
   

3. Source/Method: UI/UX Deconstruction (Reverse-Engineering)
* Resource: The Salesforce screenshots you uploaded.

Feature: Lead Management


CREATE


READ


UPDATE


DELETE


BUSINESS LOGIC


    

### Core User Stories for Account Management

#### For the Salesperson (or anyone bringing in new clients):

**Story 1: Creating a New Client Record**
> **As a** salesperson, **I want to** create a new Account record with key company details..., **so that** I can establish a single source of truth...

**Expansion Breakdown:**

*   **What button do I click?**
    *   On the main "Accounts" list page, there must be a primary button labeled "**New Account**".
    *   Potentially, a global "Add New" button in the main navigation could also have an "Account" option.

*   **What information must I fill out?**
    *   Clicking "New Account" should open a **modal dialog** or a dedicated "New Account" page containing a form.
    *   The form must contain fields for: `Account Name`, `Website`, `Phone`, `Billing Address`, etc.
    *   The `Account Name` field must be **required**. The form cannot be submitted without it. The other fields can be optional.

*   **What happens in the background?**
    *   The frontend application packages the form data into a JSON object.
    *   It sends a `POST` request to the backend API endpoint, e.g., `/api/accounts`.
    *   The backend API receives the request and **validates** the data (e.g., confirms `Account Name` is present).
    *   If valid, the backend creates a new record in the `accounts` database table.
    *   It sets the `owner_id` to the ID of the currently logged-in user.
    *   It sets the `is_active` field to `true` by default (our soft-delete rule).
    *   The backend returns a `201 Created` success response, including the newly created account's data (with its new ID).

*   **What feedback do I get?**
    *   Upon successful creation, the user is automatically **redirected** to the detail page for the newly created account (e.g., `/accounts/123`).
    *   A temporary success message (a "toast" notification) should appear at the top of the screen, saying "Account 'New Client Inc.' was created successfully."
    *   If the form submission fails due to invalid data, the modal/page should remain, displaying clear error messages next to the problematic fields (e.g., "Account Name cannot be empty.").




### The Correct, Final Blueprint Format

This version retains all the critical detail from the expansion while organizing it logically under the CRUD headings. This is the document you would hand to a developer (or use yourself) to build the feature.

## Feature Specification: Account Management

### 1. User Stories (The "Why")

*   **Story 1: Creating a New Client Record**
*   **Story 2: Finding a Specific Client Quickly**
*   **Story 3: Getting a Complete Client Overview**
*   **Story 4: Keeping Client Information Accurate**
*   **Story 5: Archiving Past Clients**

### 2. Technical Specification (The "How")

This section details the implementation required to satisfy all the user stories above.

#### **CREATE**
*   **User Action:** User clicks the primary "**New Account**" button on the main "Accounts" list page.
*   **UI Flow:**
    *   A **modal dialog** opens, presenting a form.
    *   The form must contain fields for `Account Name`, `Website`, `Phone`, `Billing Address`.
    *   The `Account Name` field is **required**.
*   **Backend Interaction:**
    *   **Endpoint:** `POST /api/accounts`
    *   **Request Body:** A JSON object containing the form data.
    *   **Logic:**
        1.  Validate that `Account Name` is present.
        2.  Create a new record in the `accounts` table.
        3.  Set `owner_id` to the ID of the currently logged-in user.
        4.  Set `is_active` to `true` by default.
*   **User Feedback:**
    *   **On Success:** The user is automatically redirected to the detail page for the newly created account (e.g., `/accounts/123`). A success toast appears: "Account '[New Client Name]' was created."
    *   **On Failure:** The modal remains open, displaying inline validation errors next to the problematic fields.

#### **READ**
*   **List View:**
    *   **User Action:** User navigates to the "/accounts" URL.
    *   **UI Flow:** A page displays a table of all accounts where `is_active = true`.
    *   **Backend Interaction:**
        *   **Endpoint:** `GET /api/accounts`
        *   **Logic:** The endpoint must support query parameters for filtering (`?filter=...`), sorting (`?sort=...`), and pagination.
    *   **Functionality:**
        *   The table must have sortable columns for `Account Name`, `Phone Number`, and `Account Owner`.
        *   A search bar must be present to filter the list by `Account Name` in real-time.
        *   The `Account Name` in each row is a hyperlink to its detail page.
*   **Detail View (360° View):**
    *   **User Action:** User clicks on an account's name in the list view.
    *   **UI Flow:** The application navigates to `/accounts/{id}` and displays the full detail page. The page is visually divided into a main panel for account fields and related lists for associated records (Contacts, Opportunities, etc.).
    *   **Backend Interaction:**
        *   **Endpoint:** `GET /api/accounts/{id}`
        *   **Logic:** The API must fetch the Account's primary data *and* execute efficient queries to fetch all its related records.
    *   **User Feedback:** If the Account ID is invalid, a "404 Not Found" page is displayed.

#### **UPDATE**
*   **User Action:** User clicks an "Edit" button on the detail page.
*   **UI Flow:** The detail fields become editable form inputs. A "Save" and "Cancel" button appear.
*   **Backend Interaction:**
    *   **Endpoint:** `PUT /api/accounts/{id}`
    *   **Request Body:** A JSON object with only the fields that were changed.
    *   **Logic:** The backend validates the incoming data and updates the record in the database.
*   **User Feedback:** On success, the fields become read-only again, and a "Save successful" toast is displayed.

#### **BUSINESS LOGIC: Deactivation (Soft Delete)**
*   **User Action:** User clicks a "Deactivate" button on the Account detail page.
*   **UI Flow:** A confirmation modal appears: "Are you sure you want to deactivate this account? All historical data will be preserved."
*   **Backend Interaction:**
    *   **Endpoint:** `PUT /api/accounts/{id}`
    *   **Request Body:** `{ "is_active": false }`
    *   **Logic:** The `is_active` flag for the specified account is updated to `false`.
*   **User Feedback:** After confirmation, the user is redirected to the main Account list, and the deactivated account is no longer visible.

---

### Conclusion

**This is the definitive format.**

It successfully combines:
1.  **The "Why"**: The user stories at the top provide context.
2.  **The "How"**: The detailed, step-by-step breakdown of every user action, UI change, backend interaction, and feedback loop.
3.  **The Organization**: The CRUD + Business Logic headings provide a clean, logical structure that is incredibly efficient for a developer to follow.


*   **User Registration:** 
     Only an Administrator can create new user accounts. There will be no public-facing registration page. This is a key security and control measure.

## Feature Specification: User Authentication & Management

### 1. User Stories (The "Why")

#### For the System Administrator:

*   **Story 1: Onboarding New Employees**
    > **As an** administrator,
    > **I want to** create new user accounts with their name, email, and role (Admin/User),
    > **so that** I can securely grant new employees access to the CRM.

#### For the Standard User (Salesperson, Account Manager, etc.):

*   **Story 2: Accessing the System**
    > **As a** user,
    > **I want to** log in with my email and password,
    > **so that** I can securely access the CRM to perform my daily tasks.

*   **Story 3: Maintaining a Session**
    > **As a** user,
    > **I want to** remain logged in as I navigate the application and even if I close the browser tab,
    > **so that** I don't have to waste time re-entering my credentials repeatedly during my workday.

*   **Story 4: Securely Exiting the System**
    > **As a** user,
    > **I want to** explicitly log out of the application,
    > **so that** I can ensure my session is securely terminated, especially when using a shared computer.

### 2. Technical Specification (The "How")

This section details the implementation required to satisfy all the user stories above.

#### **Data Model: `users` Table**
*   **Fields:**
    *   `id` (Primary Key)
    *   `name` (String)
    *   `email` (String, must be unique)
    *   `password_hash` (String) - **CRITICAL:** Never store plain-text passwords. Use a strong, one-way hashing algorithm like **bcrypt**.
    *   `role` (Enum: 'user', 'admin')
    *   `is_active` (Boolean, default true)

#### **User Creation (Admin-Only)**
*   **User Action:** An authenticated Admin navigates to a "User Management" section in the application settings.
*   **UI Flow:**
    *   Admin clicks a "New User" button.
    *   A form appears to enter the new user's `Name`, `Email`, and select their `Role`.
*   **Backend Interaction:**
    *   **Endpoint:** `POST /api/admin/users` (This route must be protected and only accessible by users with the 'admin' role).
    *   **Logic:**
        1.  Validate the request data (e.g., is the email format valid? Is the email already in use?).
        2.  Generate a secure, temporary password.
        3.  **Hash the temporary password** using bcrypt.
        4.  Save the new user record to the `users` table.
        5.  **Best Practice:** Trigger an email to the new user's address containing their login details and a link to a page where they must set their own permanent password.
*   **User Feedback:** A success message is shown to the Admin: "User '[New User Name]' created and welcome email sent."

#### **Login Process**
*   **User Action:** A non-authenticated user accesses the application and is presented with the login page. They enter their email and password and click "Login".
*   **UI Flow:** A simple form with "Email" and "Password" fields and a "Login" button.
*   **Backend Interaction:**
    *   **Endpoint:** `POST /api/auth/login`
    *   **Logic:**
        1.  Find the user in the database by their email address.
        2.  If no user is found, return a generic error. **Do not** reveal that the email address doesn't exist.
        3.  If a user is found, use the bcrypt library to compare the submitted password with the `password_hash` stored in the database.
        4.  If the passwords match, generate a session token (**JWT - JSON Web Token** is the recommended standard).
        5.  Return the JWT to the client.
*   **User Feedback:**
    *   **On Success:** The user is redirected to the application's Home Page (`/home`). The JWT is stored securely on the client (e.g., in an `httpOnly` cookie).
    *   **On Failure:** The login page displays a single, generic error message: "Invalid email or password."

#### **Session Management (Authenticated Requests)**
*   **Frontend Logic:** For every subsequent API request to a protected endpoint (e.g., `GET /api/accounts`), the browser must automatically send the stored JWT (in the cookie) with the request.
*   **Backend Logic:** A **middleware** layer must be applied to all protected API routes. This middleware will:
    1.  Inspect the request for the JWT.
    2.  Validate the JWT's signature and expiration date.
    3.  If the token is valid, allow the request to proceed to the intended controller.
    4.  If the token is invalid, expired, or missing, reject the request with a `401 Unauthorized` status code.

#### **Logout Process**
*   **User Action:** An authenticated user clicks the "Logout" button, typically in a user profile dropdown menu.
*   **UI Flow:** The application immediately invalidates the user's session on the client side.
*   **Backend Interaction:**
    *   **Endpoint:** `POST /api/auth/logout`
    *   **Logic:** The client-side application should simply delete the stored JWT. The backend can optionally implement a token "blacklist" for higher security, but for an internal tool, client-side deletion is often sufficient.
*   **User Feedback:** The user is immediately redirected to the login page.


Contacts are the individuals associated with Accounts. The key business rule is that a Contact cannot exist without being linked to an Account. This relationship will be central to our design.

---

## Feature Specification: Contact Management

### 1. User Stories (The "Why")

#### For the Account Manager / Salesperson:

*   **Story 1: Building a Client Roster**
    > **As an** account manager,
    > **I want to** add a new Contact record directly to an existing Account,
    > **so that** I can build a complete roster of all the key people associated with a client.

*   **Story 2: Finding a Person's Details**
    > **As a** salesperson,
    > **I want to** view a list of all contacts in the system and be able to search for them by name or company,
    > **so that** I can quickly find a person's phone number or email, even if I forget which company they work for.

*   **Story 3: Keeping Contact Information Current**
    > **As an** account manager,
    > **I want to** easily update a Contact's information, such as their title or phone number,
    > **so that** our client records remain accurate when people change roles.

*   **Story 4: Archiving Former Contacts**
    > **As an** administrator,
    > **I want to** deactivate a Contact record when an individual leaves a client company,
    > **so that** they no longer appear in active lists, but their historical involvement in past deals and support cases is preserved.

### 2. Technical Specification (The "How")

This section details the implementation required to satisfy all the user stories above.

#### **Data Model: `contacts` Table**
*   **Fields:**
    *   `id` (Primary Key)
    *   `first_name` (String, required)
    *   `last_name` (String, required)
    *   `email` (String, unique, optional)
    *   `phone` (String, optional)
    *   `title` (String, optional)
    *   `account_id` (Foreign Key to `accounts.id`, **required**). A Contact must always belong to an Account.
    *   `owner_id` (Foreign Key to `users.id`, required)
    *   `is_active` (Boolean, default true)

#### **CREATE**
*   **User Action:** User clicks the "**New Contact**" button within the "Contacts" related list on an **Account Detail Page**.
*   **UI Flow:**
    *   A **modal dialog** opens with a form.
    *   The `Account Name` is pre-filled and read-only, confirming the association.
    *   The form must contain fields for `First Name`, `Last Name`, `Email`, `Phone`, and `Title`.
    *   `First Name` and `Last Name` are **required**.
*   **Backend Interaction:**
    *   **Endpoint:** `POST /api/contacts`
    *   **Request Body:** A JSON object containing the form data, including the `account_id`.
    *   **Logic:**
        1.  Validate that `first_name`, `last_name`, and a valid `account_id` are present.
        2.  Create a new record in the `contacts` table.
        3.  Set `owner_id` to the ID of the currently logged-in user.
*   **User Feedback:**
    *   **On Success:** The modal closes, and the new contact immediately appears in the "Contacts" related list on the Account page. A success toast appears: "Contact '[First Name] [Last Name]' was created."
    *   **On Failure:** The modal remains open, displaying inline validation errors.

#### **READ**
*   **List View:**
    *   **User Action:** User navigates to the "/contacts" URL.
    *   **UI Flow:** A page displays a table of all active contacts.
    *   **Backend Interaction:**
        *   **Endpoint:** `GET /api/contacts`
        *   **Logic:** The API query must **join** with the `accounts` table to include the `Account Name` in the response.
    *   **Functionality:**
        *   The table must have sortable columns for `Contact Name`, `Account Name`, `Email`, and `Phone`.
        *   A search bar must filter the list by `Contact Name` or `Account Name`.
        *   The `Contact Name` is a hyperlink to its detail page.
*   **Detail View:**
    *   **User Action:** User clicks on a contact's name from any list.
    *   **UI Flow:** The application navigates to `/contacts/{id}` and displays the full detail page for the contact, including their association with their Account.
    *   **Backend Interaction:** `GET /api/contacts/{id}`
    *   **User Feedback:** If the Contact ID is invalid, a "404 Not Found" page is displayed.

#### **UPDATE**
*   **User Action:** User clicks an "Edit" button on the Contact detail page.
*   **UI Flow:** The detail fields become editable form inputs. A "Save" and "Cancel" button appear.
*   **Backend Interaction:**
    *   **Endpoint:** `PUT /api/contacts/{id}`
    *   **Logic:** The backend validates and updates the record.
*   **User Feedback:** On success, the fields become read-only again, and a "Save successful" toast is displayed.

#### **BUSINESS LOGIC: Deactivation (Soft Delete)**
*   **User Action:** User clicks a "Deactivate" button on the Contact detail page.
*   **UI Flow:** A confirmation modal appears: "Are you sure you want to deactivate this contact?"
*   **Backend Interaction:**
    *   **Endpoint:** `PUT /api/contacts/{id}`
    *   **Request Body:** `{ "is_active": false }`
*   **User Feedback:** After confirmation, the user is returned to the previous page (e.g., the Account detail page or the main Contact list), and the contact is no longer visible in active lists.