Add ACMCC app source, Supabase backend, and project config

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

supabase/migrations/20260317165103_11e49667-c87c-4763-86ed-7f3cb566f5c8.sql

@@ -0,0 +1,45 @@
+
+-- Table to store shared links for folders and documents
+CREATE TABLE public.shared_links (
+  id UUID NOT NULL DEFAULT gen_random_uuid() PRIMARY KEY,
+  share_type TEXT NOT NULL DEFAULT 'folder', -- 'folder' or 'document'
+  folder_name TEXT, -- for folder shares
+  document_id UUID REFERENCES public.documents(id) ON DELETE CASCADE, -- for document shares
+  is_public BOOLEAN NOT NULL DEFAULT false,
+  access_code TEXT NOT NULL,
+  share_token TEXT NOT NULL UNIQUE DEFAULT encode(gen_random_bytes(16), 'hex'),
+  created_by UUID REFERENCES auth.users(id) ON DELETE SET NULL,
+  created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
+  updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
+  expires_at TIMESTAMP WITH TIME ZONE -- optional expiry
+);
+
+ALTER TABLE public.shared_links ENABLE ROW LEVEL SECURITY;
+
+-- Staff can manage shared links
+CREATE POLICY "Staff full access on shared_links"
+ON public.shared_links
+FOR ALL
+TO authenticated
+USING (has_role(auth.uid(), 'admin'::app_role) OR has_role(auth.uid(), 'manager'::app_role))
+WITH CHECK (has_role(auth.uid(), 'admin'::app_role) OR has_role(auth.uid(), 'manager'::app_role));
+
+-- Public read for validating access codes (anon users need this)
+CREATE POLICY "Anyone can validate shared links"
+ON public.shared_links
+FOR SELECT
+TO anon
+USING (is_public = true);
+
+-- Also allow authenticated users to read
+CREATE POLICY "Authenticated can read shared links"
+ON public.shared_links
+FOR SELECT
+TO authenticated
+USING (true);
+
+-- Trigger for updated_at
+CREATE TRIGGER update_shared_links_updated_at
+BEFORE UPDATE ON public.shared_links
+FOR EACH ROW
+EXECUTE FUNCTION public.update_updated_at_column();