Add ACMCC app source, Supabase backend, and project config

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

supabase/migrations/20260317184300_eadcfeaa-0eaf-46ac-8db7-69835da1c65c.sql

@@ -0,0 +1,96 @@
+
+-- Stripe account mappings per association
+CREATE TABLE public.stripe_account_mappings (
+  id UUID NOT NULL DEFAULT gen_random_uuid() PRIMARY KEY,
+  association_id UUID NOT NULL REFERENCES public.associations(id) ON DELETE CASCADE,
+  stripe_account_id TEXT NOT NULL,
+  stripe_public_key TEXT NOT NULL,
+  stripe_secret_key TEXT,
+  is_active BOOLEAN NOT NULL DEFAULT true,
+  pass_processing_fee BOOLEAN NOT NULL DEFAULT false,
+  processing_fee_percent NUMERIC(5,4) NOT NULL DEFAULT 0.029,
+  processing_fee_fixed_cents INTEGER NOT NULL DEFAULT 30,
+  created_by UUID,
+  created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
+  updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
+  UNIQUE(association_id),
+  UNIQUE(stripe_account_id)
+);
+
+-- Enable RLS
+ALTER TABLE public.stripe_account_mappings ENABLE ROW LEVEL SECURITY;
+
+-- Admin/manager full access
+CREATE POLICY "Staff can manage stripe mappings"
+  ON public.stripe_account_mappings
+  FOR ALL
+  TO authenticated
+  USING (has_role(auth.uid(), 'admin') OR has_role(auth.uid(), 'manager'))
+  WITH CHECK (has_role(auth.uid(), 'admin') OR has_role(auth.uid(), 'manager'));
+
+-- Homeowners can read active mappings (to get public key for their association)
+CREATE POLICY "Homeowners can read active stripe mappings"
+  ON public.stripe_account_mappings
+  FOR SELECT
+  TO authenticated
+  USING (is_active = true);
+
+-- Stripe payment records
+CREATE TABLE public.stripe_payments (
+  id UUID NOT NULL DEFAULT gen_random_uuid() PRIMARY KEY,
+  association_id UUID NOT NULL REFERENCES public.associations(id) ON DELETE CASCADE,
+  owner_id UUID REFERENCES public.owners(id) ON DELETE SET NULL,
+  unit_id UUID REFERENCES public.units(id) ON DELETE SET NULL,
+  stripe_payment_intent_id TEXT,
+  amount_cents INTEGER NOT NULL,
+  fee_cents INTEGER NOT NULL DEFAULT 0,
+  total_cents INTEGER NOT NULL,
+  payment_method_type TEXT NOT NULL DEFAULT 'card',
+  status TEXT NOT NULL DEFAULT 'pending',
+  description TEXT,
+  created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
+  updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now()
+);
+
+ALTER TABLE public.stripe_payments ENABLE ROW LEVEL SECURITY;
+
+-- Staff full access
+CREATE POLICY "Staff can manage stripe payments"
+  ON public.stripe_payments
+  FOR ALL
+  TO authenticated
+  USING (has_role(auth.uid(), 'admin') OR has_role(auth.uid(), 'manager') OR has_role(auth.uid(), 'employee') OR has_role(auth.uid(), 'staff'))
+  WITH CHECK (has_role(auth.uid(), 'admin') OR has_role(auth.uid(), 'manager') OR has_role(auth.uid(), 'employee') OR has_role(auth.uid(), 'staff'));
+
+-- Homeowners can see their own payments
+CREATE POLICY "Homeowners can view own stripe payments"
+  ON public.stripe_payments
+  FOR SELECT
+  TO authenticated
+  USING (
+    owner_id IN (
+      SELECT o.id FROM public.owners o WHERE o.user_id = auth.uid()
+    )
+  );
+
+-- Homeowners can insert their own payments
+CREATE POLICY "Homeowners can create own stripe payments"
+  ON public.stripe_payments
+  FOR INSERT
+  TO authenticated
+  WITH CHECK (
+    owner_id IN (
+      SELECT o.id FROM public.owners o WHERE o.user_id = auth.uid()
+    )
+  );
+
+-- Triggers
+CREATE TRIGGER update_stripe_account_mappings_updated_at
+  BEFORE UPDATE ON public.stripe_account_mappings
+  FOR EACH ROW
+  EXECUTE FUNCTION public.update_updated_at_column();
+
+CREATE TRIGGER update_stripe_payments_updated_at
+  BEFORE UPDATE ON public.stripe_payments
+  FOR EACH ROW
+  EXECUTE FUNCTION public.update_updated_at_column();