cleanup

README.md

@@ -4,9 +4,13 @@ A single-container, self-hosted Manufacturing Resource Planning (MRP) app built
 
 ## Status
 
-**Step 1 of the build plan** is in this commit: repo scaffold, Prisma schema, Docker build, and authentication (admin email + password; operator name + 4-digit PIN with 12h device session). Everything downstream — project / assembly / part CRUD, QR generation, operator scan flow, PDF travelers, fasteners & POs, dashboards, STEP viewer, QC — is planned but not yet implemented.
+Steps 1 – 3 of the build plan are in this repo:
 
-See [`docs/BUILD-PLAN.md`](docs/BUILD-PLAN.md) for the sequenced roadmap.
+- **1.** Scaffold + auth (admin email/password, operator name/4-digit PIN with 12 h device session, PIN lockout, audited sessions).
+- **2.** Admin CRUD (users, machines, operation templates, projects / assemblies / parts) with content-addressed STEP / PDF / DXF / SVG file uploads.
+- **3.** Operation authoring with per-operation QR tokens (192-bit, base64url).
+
+Planned (not yet shipped): operator scan flow → PDF traveler print → fasteners & POs → dashboard → STEP viewer → QC records → OpenAPI docs + backups. See [`docs/BUILD-PLAN.md`](docs/BUILD-PLAN.md).
 
 ## Core concepts
 
@@ -25,30 +29,61 @@ See [`docs/BUILD-PLAN.md`](docs/BUILD-PLAN.md) for the sequenced roadmap.
 - bcryptjs for password / PIN hashing
 - Zod for input validation and environment parsing
 
+## Deployment
+
+The primary deployment target is **Unraid**, using an image built by a **Gitea Actions** runner on every push to `main` and pulled from the private registry at **`registry.alwisp.com`** into Unraid's Docker GUI.
+
+```
+  push to main  ─►  Gitea Actions (docker-build.yml)  ─►  registry.alwisp.com
+                         (docker build + push)              <owner>/<repo>:latest
+                                                                    │
+                                                                    ▼
+                                                 Unraid Docker tab ─► pull / force-update
+```
+
+Two deploy paths are supported; pick one:
+
+- **`docker pull`** — Unraid pulls a prebuilt image the Gitea runner already tagged. Fastest, this is what the runner is for.
+- **`docker build`** — Unraid clones this repo and builds the image locally, no registry required.
+
+See [`docs/DEPLOY.md`](docs/DEPLOY.md) for the full, click-by-click Unraid GUI walkthrough (template fields, volume mapping, env vars, update flow, backups).
+
+### TL;DR Unraid install
+
+1. **Docker tab → Add Container**.
+2. **Repository**: `registry.alwisp.com/<owner>/<repo>:latest` (the owner/repo path matches `${{ gitea.repository }}` from the workflow).
+3. **Network Type**: Bridge. **Port**: host `3000` → container `3000`.
+4. **Path**: host `/mnt/user/appdata/mrp-qrcode` → container `/data`.
+5. **Variables** (required):
+   - `APP_URL` = the public HTTPS URL your reverse proxy serves (`https://mrp.yourdomain.tld`)
+   - `APP_SECRET` = a ≥32-char secret (`openssl rand -base64 48`)
+   - `BOOTSTRAP_ADMIN_EMAIL`, `BOOTSTRAP_ADMIN_PASSWORD`, `BOOTSTRAP_ADMIN_NAME`
+6. Apply. The container runs migrations, creates the bootstrap admin on first boot, and comes up on `:3000`.
+
 ## Local development
 
 Prerequisites: Node 20+, npm.
 
 ```bash
 cp .env.example .env
-# edit .env and set APP_SECRET to at least 32 random chars
+# edit .env: set APP_SECRET to >=32 random chars
 npm install
-npx prisma migrate dev --name init
+npx prisma migrate deploy
 npm run db:seed        # creates the bootstrap admin from .env
 npm run dev
 ```
 
-Visit http://localhost:3000 and sign in as the bootstrap admin.
+Visit <http://localhost:3000> and sign in as the bootstrap admin.
 
-## Docker / Unraid deployment
+## CI: Gitea Actions
 
-See [`docs/DEPLOY.md`](docs/DEPLOY.md). In short:
+Image builds are driven by `.gitea/workflows/docker-build.yml`. On every push to `main` the runner:
 
-```bash
-docker compose up -d --build
-```
+1. Logs into `registry.alwisp.com` with the `REGISTRY_USER` / `REGISTRY_TOKEN` repo secrets.
+2. Runs `docker build -t registry.alwisp.com/${{ gitea.repository }}:latest .`
+3. Pushes the `:latest` tag.
 
-The container runs `prisma migrate deploy` on every start and creates a bootstrap admin on first boot if none exists. All persistent state lives in the `/data` volume (`app.db` + `uploads/` + `backups/`).
+Point Unraid at `registry.alwisp.com/<owner>/<repo>:latest` and use **Check for Updates / Force Update** (or the *CA Auto Update Applications* plugin) to roll new builds.
 
 ## Environment
 
@@ -57,15 +92,16 @@ All env vars are documented in [`.env.example`](.env.example). `APP_SECRET` must
 ## Project layout
 
 ```
-app/              Next.js routes (UI + /api/*)
+app/              Next.js routes (UI + /api/v1/*)
 components/       Shared React components
-lib/              env, prisma, auth, session, password, audit, request helpers
+lib/              env, prisma, auth, session, password, qr, audit, request helpers
 prisma/           schema.prisma + migrations/
 scripts/          seed.ts and future ops scripts
 docker/           entrypoint.sh
 docs/             Project docs (DEPLOY, BUILD-PLAN, ARCHITECTURE)
+.gitea/workflows/ Gitea Actions (docker-build.yml → registry.alwisp.com)
 ```
 
 ## Not in this repo
 
-The top-level `AGENTS.md`, `SKILLS.md`, `hubs/`, and `skills/` directories are the coding-agent instruction suite this project was started from. They are reference material for AI assistants and are not shipped in the Docker image (they are listed in `.dockerignore`).
+The top-level `AGENTS.md`, `SKILLS.md`, `hubs/`, and `skills/` directories are the coding-agent instruction suite this project was started from. They are reference material for AI assistants, are listed in `.dockerignore`, and are not shipped in the Docker image.