Phases 0–3: the spine is real
The engine before the chrome. Everything a reservation platform must never get wrong — tenancy, conflicts, audit, roles — now exists, is enforced in the database, and is verified against real Postgres in CI.
- Monorepo foundation: workspace layout, CI battery, and row-level tenant isolation with defense-in-depth (Postgres RLS plus cross-tenant guards).
- Append-only audit log from the very first migration — every state change is an attributed, immutable event.
- The booking engine: assets (people, places, and things — exclusive or with capacity), weekly availability with seasons, blackouts, buffers, lead times, and slot granularity.
- Double-booking made impossible by construction: conflicts are resolved by a database exclusion constraint, not application code. Multi-asset bookings are all-or-nothing.
- Offerings with asset requirements and pools — “any stylist”, “two kayaks and a guide” — with automatic asset assignment at confirmation.
- Roles and permissions: platform-defined permission keys, per-business role composition, per-assignment scoping, and last-admin protection.
- Business provisioning with vertical templates (outfitters, salon) that seed assets, offerings, and hours — fully editable after.