Step-by-step guide — 15 minutes total

${[ { n:'1', title:'Create Supabase Account', body:'Go to supabase.com → Sign Up (free). Create a new project named dogracpa-pm. Choose a strong database password and save it.' }, { n:'2', title:'Get Your API Credentials', body:'In your Supabase project → Settings → API. Copy two values:
• Project URL (e.g. https://xyzabc.supabase.co)
• anon public key (long string starting with eyJ...)' }, { n:'3', title:'Paste Credentials Into the App', body:'Open this HTML file in a text editor. Find the two lines near the top:
const SUPABASE_URL = \'YOUR_SUPABASE_PROJECT_URL\';
const SUPABASE_ANON_KEY = \'YOUR_SUPABASE_ANON_KEY\';
Replace the placeholder values with your actual credentials.' }, { n:'4', title:'Run the Database Setup SQL', body:'In Supabase → SQL Editor → New Query. Paste the SQL schema below and click Run. This creates all tables.' }, { n:'5', title:'Create Staff Accounts', body:'In Supabase → Authentication → Users → Invite user. Create one account per staff member using their email. They will receive an invite email to set their password.' }, { n:'6', title:'Set Staff Roles', body:'After creating each user, go to Authentication → Users, click the user, and in User Metadata add:
{ "role": "partner", "name": "Chetan Dogra" }
Role options: partner, manager, staff, bookkeeper' }, { n:'7', title:'Deploy to Netlify', body:'Go to drop.netlify.com → drag the updated HTML file. Your app is live with real auth.' }, ].map(s=>``).join('')}

-- Enable RLS
alter table auth.users enable row level security;

-- Profiles table (extends Supabase auth)
create table public.profiles (
  id uuid references auth.users primary key,
  name text, role text, initials text,
  rate numeric, cap integer default 40, spec text,
  created_at timestamptz default now()
);

-- Core tables
create table public.clients (
  id uuid primary key default gen_random_uuid(),
  name text not null, entity text, contact text,
  email text, phone text, since date,
  services text[], rate numeric, manager uuid,
  notes text, created_at timestamptz default now()
);

create table public.projects (
  id uuid primary key default gen_random_uuid(),
  name text not null, client uuid references public.clients,
  sl text, assign uuid, reviewer uuid, due date,
  status text default 'Not Started',
  priority text default 'Normal',
  hours numeric, rate numeric, progress integer default 0,
  notes text, created_at timestamptz default now()
);

create table public.tasks (
  id uuid primary key default gen_random_uuid(),
  name text not null, project uuid references public.projects,
  assign uuid, due date, priority text default 'Normal',
  hours numeric, status text default 'Open',
  notes text, created_at timestamptz default now()
);

create table public.time_log (
  id uuid primary key default gen_random_uuid(),
  date date, staff uuid, project uuid,
  client uuid, duration integer, notes text,
  created_at timestamptz default now()
);

create table public.billing (
  id uuid primary key default gen_random_uuid(),
  client uuid, project uuid, sl text,
  hours numeric, rate numeric, amount numeric,
  inv text, inv_date date, status text default 'Unbilled',
  description text, created_at timestamptz default now()
);

-- Row Level Security policies

-- Profiles: users see all profiles
create policy "All can view profiles" on public.profiles for select using (true);
create policy "Own profile update" on public.profiles for update using (auth.uid() = id);

-- Projects: partners/managers see all; staff see assigned only
create policy "Partner/Manager view all projects" on public.projects
  for select using (
    (select role from public.profiles where id = auth.uid()) in ('partner','manager')
  );
create policy "Staff view assigned projects" on public.projects
  for select using (assign = auth.uid());

-- Staff can only update their own assigned projects
create policy "Staff update own projects" on public.projects
  for update using (assign = auth.uid());
create policy "Partner/Manager update all projects" on public.projects
  for update using (
    (select role from public.profiles where id = auth.uid()) in ('partner','manager')
  );
create policy "Partner/Manager insert projects" on public.projects
  for insert with check (
    (select role from public.profiles where id = auth.uid()) in ('partner','manager')
  );

-- Tasks: staff see only assigned tasks
create policy "View own tasks" on public.tasks
  for select using (
    assign = auth.uid() or
    (select role from public.profiles where id = auth.uid()) in ('partner','manager')
  );

-- Clients: all can view; only partner/manager can edit
create policy "All view clients" on public.clients for select using (true);
create policy "Partner/Manager manage clients" on public.clients
  for all using (
    (select role from public.profiles where id = auth.uid()) in ('partner','manager')
  );

-- Time log: staff see own; managers/partners see all
create policy "View own time" on public.time_log
  for select using (
    staff = auth.uid() or
    (select role from public.profiles where id = auth.uid()) in ('partner','manager')
  );
create policy "Insert own time" on public.time_log
  for insert with check (staff = auth.uid());

-- Billing: partners and managers only
create policy "Billing access" on public.billing
  for all using (
    (select role from public.profiles where id = auth.uid()) in ('partner','manager')
  );

-- Enable RLS on all tables
alter table public.profiles enable row level security;
alter table public.clients enable row level security;
alter table public.projects enable row level security;
alter table public.tasks enable row level security;
alter table public.time_log enable row level security;
alter table public.billing enable row level security;