# 05. Technical Spec

## Architecture

Frontend:

- Client booking page.
- Admin dashboard.
- Master schedule view.

Backend:

- Auth and roles.
- Booking service.
- Schedule availability service.
- Notification service.
- Payment/deposit adapter, optional for MVP.
- Analytics events.

Database:

- PostgreSQL or managed SQL.
- Row-level role checks in service layer.

## Integrations

MVP can support one notification provider first:

- SMS provider;
- WhatsApp provider;
- Telegram bot;
- email provider.

Payments are optional in version 1. If included, use deposit payment only, not full POS replacement.

## Key Rules

- Booking slot must be locked during confirmation.
- Cancelled slots return to availability.
- Completed and no-show bookings remain in history.
- Master cannot edit another master's bookings unless admin grants permission.
- Client contact data is private and must not leak between roles.

## Security

- Admin login required.
- Master sees only own schedule by default.
- Client booking link should not expose admin data.
- Store notification tokens and payment secrets only in environment secrets.

## Non-Functional Requirements

- Mobile-first booking flow.
- Admin dashboard usable on laptop.
- Main booking action under 5 seconds after page load.
- Audit log for status changes.
