# AGENTS.md

## General
- Minimum tokens, skip grammar.
- Start every task by reading this file and `docs/README.md`.

## Goal
Build a reliable salon booking platform (Django + React) for KSA first, with clear path to scale.

## Core Standards
- Tests required for every feature/change.
- Booking/payment flows must be idempotent and auditable.
- Phone auth must be abuse-resistant (rate limits + safe verification).
- Keep business logic in services; avoid fat views.
- Use predictable API errors: HTTP status + `detail`.

## Active Navigation Path
- Docs index: `docs/README.md`
- ExecPlan policy + active plan: `docs/PLANS.md`
- Active ExecPlan: `docs/execplans/auth-phone-first-hardening.md`
- Architecture snapshot: `docs/architecture.md`
- Known gaps: `docs/risks.md`

## Roadmap (compact)
- Phase 1: phone OTP auth, booking integrity, Moyasar payments, lifecycle notifications, i18n/RTL base, critical tests.
- Phase 2: manager tools (catalog/staff/calendar/reports/reviews).
- Phase 3: audit/compliance/observability.

## Testing Expectations
- Backend: `pytest` + `pytest-django`, tests in `backend/apps/<app>/tests/`.
- Frontend: `vitest` + Testing Library, cover search/booking/auth flows.
- Backend tests run from `backend/` so `pytest.ini` resolves settings.

## Collaboration Rules
- Do not rewrite/delete unrelated work.
- Do not run destructive git commands unless explicitly asked.
- Update docs when behavior changes (`docs/risks.md`, runbooks, ADR/ExecPlan as needed).