Add ACMCC app source, Supabase backend, and project config

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

supabase/migrations/20260410205052_d8d97818-6d03-4dd2-af56-2eb0815f1a9f.sql

@@ -0,0 +1,25 @@
+
+-- Fix SELECT: staff see all, others see only their associations
+DROP POLICY IF EXISTS "Authenticated users can read active announcements" ON public.announcements;
+CREATE POLICY "Authenticated users can read scoped announcements" ON public.announcements
+  FOR SELECT TO authenticated
+  USING (
+    status = 'active' AND (
+      public.has_role(auth.uid(), 'admin') OR
+      public.has_role(auth.uid(), 'manager') OR
+      public.has_role(auth.uid(), 'employee') OR
+      association_id IN (SELECT public.get_user_association_ids())
+    )
+  );
+
+-- Fix UPDATE: restrict to staff
+DROP POLICY IF EXISTS "Authors can update their announcements" ON public.announcements;
+CREATE POLICY "Staff can update announcements" ON public.announcements
+  FOR UPDATE TO authenticated
+  USING (public.has_role(auth.uid(), 'admin') OR public.has_role(auth.uid(), 'manager'));
+
+-- Fix DELETE: restrict to staff
+DROP POLICY IF EXISTS "Authors can delete their announcements" ON public.announcements;
+CREATE POLICY "Staff can delete announcements" ON public.announcements
+  FOR DELETE TO authenticated
+  USING (public.has_role(auth.uid(), 'admin') OR public.has_role(auth.uid(), 'manager'));