← All Reports

Dev Sprint 1 Report

Supabase Schema + Auth + React Scaffold

Report 2026-03-19 6 Stories, 34 SP Complete

Stories Delivered

Story Points

174

Tests Passing

Database Tables

Overview

Dev Sprint 1 delivered the complete technical foundation for the Pantry App. The sprint goal was to establish the database schema, authentication flow, and React scaffold so that all subsequent feature sprints can build on a solid, tested base.

All six user stories were completed. The Supabase PostgreSQL schema covers households, members, inventory, receipts, and budgets. Row-Level Security policies enforce multi-tenant data isolation. The React 19 + Vite 8 scaffold includes protected routes, auth context, and a component library wired to OKLCH design tokens from the Design Sprint.

Deliverables

ID	Deliverable	Detail	Status
D-01	React/Vite Scaffold	React 19, Vite 8, ESLint, folder structure, routing	Complete
D-02	Supabase Schema (7 tables)	households, household_members, categories, inventory_items, baseline_stock, receipts, budget_periods	Complete
D-03	RLS Policies	Row-Level Security with helper functions for multi-tenant isolation	Complete
D-04	Auth Flow	Sign-up, sign-in, sign-out with Supabase Auth	Complete
D-05	Household Management	Household creation and member invite flow	Complete
D-06	Protected Routes	Auth-guarded pages with redirect to login	Complete
D-07	Test Suite (174 tests)	97 schema, 57 RLS, 11 auth flow, 9 component	Complete
D-08	Cloudflare Pages Deploy	CI pipeline, production build, live URL	Complete

Database Schema

Seven tables form the core data model. All tables include created_at and updated_at timestamps. Foreign keys enforce referential integrity across the household boundary.

Table Overview

Table	Purpose	Key Columns
`households`	Top-level tenant container	id, name, created_by, currency (ZAR)
`household_members`	User membership and roles	household_id, user_id, role (manager/member/viewer)
`categories`	Grocery categories	household_id, name, icon, sort_order
`inventory_items`	Current pantry stock	household_id, category_id, name, quantity, unit, expiry_date
`baseline_stock`	Ideal stock levels per item	household_id, item_name, target_quantity, unit
`receipts`	Scanned receipt records	household_id, store, total_zar, scanned_at, items (JSONB)
`budget_periods`	Monthly budget tracking	household_id, month, budget_zar, spent_zar

RLS Policy Design

Every table has Row-Level Security enabled. Two PostgreSQL helper functions simplify policy definitions:

get_user_household_ids() returns all household IDs the current user belongs to
get_user_role(household_id) returns the user's role within a specific household

Policies enforce that users can only read and write data within their own households. Manager-only operations (inviting members, deleting items) check the role function. This design ensures complete multi-tenant data isolation without application-level filtering.

Tech Decisions

React 19 + Vite 8

Latest stable React with Vite for fast HMR. Server components deferred to a later sprint; client-side rendering is sufficient for the current feature set.

Supabase (Auth + PostgreSQL)

Managed PostgreSQL with built-in auth, real-time subscriptions, and RLS. Eliminates the need for a custom backend in early sprints.

OKLCH Design Tokens

Warm cream (#FAF7F2) and forest green palette from the Design Sprint. Tokens are CSS custom properties, consumed by all components.

Vitest + Testing Library

Vitest for unit and integration tests. React Testing Library for component tests. Supabase test helpers for schema and RLS validation.

Test Suite Breakdown

Schema Tests

RLS Tests

Auth Flow Tests

Component Tests

All 174 tests pass in CI. Schema tests verify table structures, constraints, and foreign keys. RLS tests confirm that users in one household cannot access another household's data. Auth flow tests cover sign-up, sign-in, sign-out, and session refresh. Component tests validate the login form, household selector, and protected route wrapper.

South African Context

All monetary values stored and displayed in ZAR
Store references: Woolworths, Checkers, Pick n Pay, Makro
POPIA-compliant data handling: personal data stays within the household boundary, no cross-tenant data leakage
Designed for SA household dynamics: manager (Lerato), partner (Thabo), domestic worker (Grace) as role archetypes

Acceptance Criteria

All 13 acceptance criteria passed during sprint review.

✓ AC-1: React app bootstraps with Vite, loads in browser
✓ AC-2: All 7 Supabase tables created with correct columns and types
✓ AC-3: Foreign key constraints enforced across all tables
✓ AC-4: RLS enabled on every table, policies block cross-household access
✓ AC-5: Helper functions return correct household IDs and roles
✓ AC-6: User can sign up with email and password
✓ AC-7: User can sign in and receive a valid session
✓ AC-8: User can sign out and session is invalidated
✓ AC-9: New household can be created, creator assigned as manager
✓ AC-10: Member invite flow works, invited user joins household
✓ AC-11: Unauthenticated users redirected to login page
✓ AC-12: All 174 tests pass in CI
✓ AC-13: Production build deploys to Cloudflare Pages

Team

Role	Responsibility
Tech Lead	Architecture decisions, schema design, RLS policies, code review
Full-Stack Dev	React scaffold, auth integration, protected routes, component library
Backend Dev	Supabase migrations, helper functions, test suite (schema + RLS)
QA Engineer	Auth flow tests, component tests, CI pipeline, deploy verification

Next Sprint

Dev Sprint 2 will focus on building the dashboard and inventory screens using the prototypes from the Design Sprint. Key objectives:

Dashboard page with inventory summary, quick actions, and budget snapshot
Inventory list with category filtering, search, and stock status indicators
Add/edit item forms connected to Supabase
Real-time updates via Supabase subscriptions
Responsive layouts matching the Design Sprint prototypes