feat: Foundation — auth system, 9 migrations, React frontend

Backend: - Express server with JWT httpOnly cookie auth - POST /api/auth/register, /api/auth/login, /api/auth/logout, GET /api/auth/me - bcrypt 12 rounds, generic 401 errors (no email/password field disclosure) - Auth middleware protects all /api/* routes except register/login - pg Pool database connection Frontend (React + Vite + TailwindCSS + shadcn/ui): - AuthContext with session restore on page load via /api/auth/me - ProtectedRoute redirects unauthenticated users to /login - LoginPage, RegisterPage — Hebrew RTL layout (dir=rtl), inline validation - DashboardPage placeholder - shadcn/ui components: Button, Input, Label, Card Database: - 9 migrations (001-009): extensions, users, events, vendors, guests, bookings, invitations, vendor_ratings, organizer_preferences - pg_trgm for fuzzy Hebrew search, GIN indexes on style_tags - Phase 2+3 fields included: source, payment_status, contract_value, vendor ratings 6-dimension, organizer preferences - Idempotent migration runner with schema_migrations tracking table Infrastructure: - Dockerfile (multi-stage: build React → production node:20-alpine) - docker-compose.yml with PostgreSQL healthcheck, expose not ports - Migrations run automatically on container start Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-21 18:22:42 +00:00
parent 0f1882e9ae
commit c8909befb1
45 changed files with 5669 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,5 @@
+# Copy to .env and fill in values
+NODE_ENV=development
+PORT=3000
+DATABASE_URL=postgresql://postgres:postgres@localhost:5432/airewit
+JWT_SECRET=change_this_to_a_long_random_secret_min_32_chars
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,5 @@
+node_modules/
+client/node_modules/
+client/dist/
+.env
+*.log
--- a/32
+++ b/32
@@ -0,0 +1,32 @@
+FROM node:20-alpine AS builder
+
+WORKDIR /app
+
+# Build React frontend
+COPY client/package*.json ./client/
+RUN cd client && npm ci
+
+COPY client/ ./client/
+RUN cd client && npm run build
+
+# ─── Production stage ─────────────────────────────────────────────────────────
+FROM node:20-alpine
+
+WORKDIR /app
+
+COPY package*.json ./
+RUN npm ci --omit=dev
+
+COPY --from=builder /app/client/dist ./client/dist
+COPY server.js ./
+COPY routes/ ./routes/
+COPY middleware/ ./middleware/
+COPY db/ ./db/
+COPY migrations/ ./migrations/
+COPY seeds/ ./seeds/
+COPY scripts/ ./scripts/
+
+EXPOSE 3000
+
+# Run migrations then start server
+CMD node scripts/migrate.js && node server.js
--- a/client/index.html
+++ b/client/index.html
@@ -0,0 +1,13 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>client</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>
--- a/client/package-lock.json
+++ b/client/package-lock.json
--- a/client/package.json
+++ b/client/package.json
@@ -0,0 +1,39 @@
+{
+  "name": "client",
+  "private": true,
+  "version": "0.0.0",
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "build": "tsc -b && vite build",
+    "lint": "eslint .",
+    "preview": "vite preview"
+  },
+  "dependencies": {
+    "react": "^19.2.0",
+    "react-dom": "^19.2.0",
+    "react-router-dom": "^7.13.0",
+    "zustand": "^5.0.11"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.39.1",
+    "@types/node": "^24.10.13",
+    "@types/react": "^19.2.7",
+    "@types/react-dom": "^19.2.3",
+    "@vitejs/plugin-react": "^5.1.1",
+    "autoprefixer": "^10.4.24",
+    "class-variance-authority": "^0.7.1",
+    "clsx": "^2.1.1",
+    "eslint": "^9.39.1",
+    "eslint-plugin-react-hooks": "^7.0.1",
+    "eslint-plugin-react-refresh": "^0.4.24",
+    "globals": "^16.5.0",
+    "lucide-react": "^0.575.0",
+    "postcss": "^8.5.6",
+    "tailwind-merge": "^3.5.0",
+    "tailwindcss": "^3.4.19",
+    "typescript": "~5.9.3",
+    "typescript-eslint": "^8.48.0",
+    "vite": "^7.3.1"
+  }
+}
--- a/client/postcss.config.js
+++ b/client/postcss.config.js
@@ -0,0 +1,6 @@
+export default {
+  plugins: {
+    tailwindcss: {},
+    autoprefixer: {},
+  },
+}
--- a/client/src/App.css
+++ b/client/src/App.css
@@ -0,0 +1,42 @@
+#root {
+  max-width: 1280px;
+  margin: 0 auto;
+  padding: 2rem;
+  text-align: center;
+}
+
+.logo {
+  height: 6em;
+  padding: 1.5em;
+  will-change: filter;
+  transition: filter 300ms;
+}
+.logo:hover {
+  filter: drop-shadow(0 0 2em #646cffaa);
+}
+.logo.react:hover {
+  filter: drop-shadow(0 0 2em #61dafbaa);
+}
+
+@keyframes logo-spin {
+  from {
+    transform: rotate(0deg);
+  }
+  to {
+    transform: rotate(360deg);
+  }
+}
+
+@media (prefers-reduced-motion: no-preference) {
+  a:nth-of-type(2) .logo {
+    animation: logo-spin infinite 20s linear;
+  }
+}
+
+.card {
+  padding: 2em;
+}
+
+.read-the-docs {
+  color: #888;
+}
--- a/client/src/App.tsx
+++ b/client/src/App.tsx
@@ -0,0 +1,30 @@
+import { BrowserRouter, Routes, Route, Navigate } from 'react-router-dom';
+import { AuthProvider } from '@/contexts/AuthContext';
+import { ProtectedRoute } from '@/components/ProtectedRoute';
+import { LoginPage } from '@/pages/LoginPage';
+import { RegisterPage } from '@/pages/RegisterPage';
+import { DashboardPage } from '@/pages/DashboardPage';
+
+export default function App() {
+  return (
+    <BrowserRouter>
+      <AuthProvider>
+        <Routes>
+          <Route path="/login" element={<LoginPage />} />
+          <Route path="/register" element={<RegisterPage />} />
+          <Route
+            path="/dashboard"
+            element={
+              <ProtectedRoute>
+                <DashboardPage />
+              </ProtectedRoute>
+            }
+          />
+          {/* Default: redirect root to dashboard (ProtectedRoute will redirect to /login if unauthed) */}
+          <Route path="/" element={<Navigate to="/dashboard" replace />} />
+          <Route path="*" element={<Navigate to="/dashboard" replace />} />
+        </Routes>
+      </AuthProvider>
+    </BrowserRouter>
+  );
+}
--- a/client/src/assets/react.svg
+++ b/client/src/assets/react.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="35.93" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 228"><path fill="#00D8FF" d="M210.483 73.824a171.49 171.49 0 0 0-8.24-2.597c.465-1.9.893-3.777 1.273-5.621c6.238-30.281 2.16-54.676-11.769-62.708c-13.355-7.7-35.196.329-57.254 19.526a171.23 171.23 0 0 0-6.375 5.848a155.866 155.866 0 0 0-4.241-3.917C100.759 3.829 77.587-4.822 63.673 3.233C50.33 10.957 46.379 33.89 51.995 62.588a170.974 170.974 0 0 0 1.892 8.48c-3.28.932-6.445 1.924-9.474 2.98C17.309 83.498 0 98.307 0 113.668c0 15.865 18.582 31.778 46.812 41.427a145.52 145.52 0 0 0 6.921 2.165a167.467 167.467 0 0 0-2.01 9.138c-5.354 28.2-1.173 50.591 12.134 58.266c13.744 7.926 36.812-.22 59.273-19.855a145.567 145.567 0 0 0 5.342-4.923a168.064 168.064 0 0 0 6.92 6.314c21.758 18.722 43.246 26.282 56.54 18.586c13.731-7.949 18.194-32.003 12.4-61.268a145.016 145.016 0 0 0-1.535-6.842c1.62-.48 3.21-.974 4.76-1.488c29.348-9.723 48.443-25.443 48.443-41.52c0-15.417-17.868-30.326-45.517-39.844Zm-6.365 70.984c-1.4.463-2.836.91-4.3 1.345c-3.24-10.257-7.612-21.163-12.963-32.432c5.106-11 9.31-21.767 12.459-31.957c2.619.758 5.16 1.557 7.61 2.4c23.69 8.156 38.14 20.213 38.14 29.504c0 9.896-15.606 22.743-40.946 31.14Zm-10.514 20.834c2.562 12.94 2.927 24.64 1.23 33.787c-1.524 8.219-4.59 13.698-8.382 15.893c-8.067 4.67-25.32-1.4-43.927-17.412a156.726 156.726 0 0 1-6.437-5.87c7.214-7.889 14.423-17.06 21.459-27.246c12.376-1.098 24.068-2.894 34.671-5.345a134.17 134.17 0 0 1 1.386 6.193ZM87.276 214.515c-7.882 2.783-14.16 2.863-17.955.675c-8.075-4.657-11.432-22.636-6.853-46.752a156.923 156.923 0 0 1 1.869-8.499c10.486 2.32 22.093 3.988 34.498 4.994c7.084 9.967 14.501 19.128 21.976 27.15a134.668 134.668 0 0 1-4.877 4.492c-9.933 8.682-19.886 14.842-28.658 17.94ZM50.35 144.747c-12.483-4.267-22.792-9.812-29.858-15.863c-6.35-5.437-9.555-10.836-9.555-15.216c0-9.322 13.897-21.212 37.076-29.293c2.813-.98 5.757-1.905 8.812-2.773c3.204 10.42 7.406 21.315 12.477 32.332c-5.137 11.18-9.399 22.249-12.634 32.792a134.718 134.718 0 0 1-6.318-1.979Zm12.378-84.26c-4.811-24.587-1.616-43.134 6.425-47.789c8.564-4.958 27.502 2.111 47.463 19.835a144.318 144.318 0 0 1 3.841 3.545c-7.438 7.987-14.787 17.08-21.808 26.988c-12.04 1.116-23.565 2.908-34.161 5.309a160.342 160.342 0 0 1-1.76-7.887Zm110.427 27.268a347.8 347.8 0 0 0-7.785-12.803c8.168 1.033 15.994 2.404 23.343 4.08c-2.206 7.072-4.956 14.465-8.193 22.045a381.151 381.151 0 0 0-7.365-13.322Zm-45.032-43.861c5.044 5.465 10.096 11.566 15.065 18.186a322.04 322.04 0 0 0-30.257-.006c4.974-6.559 10.069-12.652 15.192-18.18ZM82.802 87.83a323.167 323.167 0 0 0-7.227 13.238c-3.184-7.553-5.909-14.98-8.134-22.152c7.304-1.634 15.093-2.97 23.209-3.984a321.524 321.524 0 0 0-7.848 12.897Zm8.081 65.352c-8.385-.936-16.291-2.203-23.593-3.793c2.26-7.3 5.045-14.885 8.298-22.6a321.187 321.187 0 0 0 7.257 13.246c2.594 4.48 5.28 8.868 8.038 13.147Zm37.542 31.03c-5.184-5.592-10.354-11.779-15.403-18.433c4.902.192 9.899.29 14.978.29c5.218 0 10.376-.117 15.453-.343c-4.985 6.774-10.018 12.97-15.028 18.486Zm52.198-57.817c3.422 7.8 6.306 15.345 8.596 22.52c-7.422 1.694-15.436 3.058-23.88 4.071a382.417 382.417 0 0 0 7.859-13.026a347.403 347.403 0 0 0 7.425-13.565Zm-16.898 8.101a358.557 358.557 0 0 1-12.281 19.815a329.4 329.4 0 0 1-23.444.823c-7.967 0-15.716-.248-23.178-.732a310.202 310.202 0 0 1-12.513-19.846h.001a307.41 307.41 0 0 1-10.923-20.627a310.278 310.278 0 0 1 10.89-20.637l-.001.001a307.318 307.318 0 0 1 12.413-19.761c7.613-.576 15.42-.876 23.31-.876H128c7.926 0 15.743.303 23.354.883a329.357 329.357 0 0 1 12.335 19.695a358.489 358.489 0 0 1 11.036 20.54a329.472 329.472 0 0 1-11 20.722Zm22.56-122.124c8.572 4.944 11.906 24.881 6.52 51.026c-.344 1.668-.73 3.367-1.15 5.09c-10.622-2.452-22.155-4.275-34.23-5.408c-7.034-10.017-14.323-19.124-21.64-27.008a160.789 160.789 0 0 1 5.888-5.4c18.9-16.447 36.564-22.941 44.612-18.3ZM128 90.808c12.625 0 22.86 10.235 22.86 22.86s-10.235 22.86-22.86 22.86s-22.86-10.235-22.86-22.86s10.235-22.86 22.86-22.86Z"></path></svg>
--- a/client/src/components/ProtectedRoute.tsx
+++ b/client/src/components/ProtectedRoute.tsx
@@ -0,0 +1,24 @@
+import { Navigate } from 'react-router-dom';
+import { useAuth } from '@/contexts/AuthContext';
+
+interface ProtectedRouteProps {
+  children: React.ReactNode;
+}
+
+export function ProtectedRoute({ children }: ProtectedRouteProps) {
+  const { user, loading } = useAuth();
+
+  if (loading) {
+    return (
+      <div className="min-h-screen flex items-center justify-center">
+        <p className="text-muted-foreground">טוען...</p>
+      </div>
+    );
+  }
+
+  if (!user) {
+    return <Navigate to="/login" replace />;
+  }
+
+  return <>{children}</>;
+}
--- a/client/src/components/ui/button.tsx
+++ b/client/src/components/ui/button.tsx
@@ -0,0 +1,47 @@
+import * as React from 'react';
+import { cva, type VariantProps } from 'class-variance-authority';
+import { cn } from '@/lib/utils';
+
+const buttonVariants = cva(
+  'inline-flex items-center justify-center rounded-md text-sm font-medium ring-offset-background transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:pointer-events-none disabled:opacity-50',
+  {
+    variants: {
+      variant: {
+        default: 'bg-primary text-primary-foreground hover:bg-primary/90',
+        destructive: 'bg-destructive text-destructive-foreground hover:bg-destructive/90',
+        outline: 'border border-input bg-background hover:bg-accent hover:text-accent-foreground',
+        ghost: 'hover:bg-accent hover:text-accent-foreground',
+        link: 'text-primary underline-offset-4 hover:underline',
+      },
+      size: {
+        default: 'h-10 px-4 py-2',
+        sm: 'h-9 rounded-md px-3',
+        lg: 'h-11 rounded-md px-8',
+        icon: 'h-10 w-10',
+      },
+    },
+    defaultVariants: {
+      variant: 'default',
+      size: 'default',
+    },
+  }
+);
+
+export interface ButtonProps
+  extends React.ButtonHTMLAttributes<HTMLButtonElement>,
+    VariantProps<typeof buttonVariants> {}
+
+const Button = React.forwardRef<HTMLButtonElement, ButtonProps>(
+  ({ className, variant, size, ...props }, ref) => {
+    return (
+      <button
+        className={cn(buttonVariants({ variant, size, className }))}
+        ref={ref}
+        {...props}
+      />
+    );
+  }
+);
+Button.displayName = 'Button';
+
+export { Button, buttonVariants };
--- a/client/src/components/ui/card.tsx
+++ b/client/src/components/ui/card.tsx
@@ -0,0 +1,50 @@
+import * as React from 'react';
+import { cn } from '@/lib/utils';
+
+const Card = React.forwardRef<HTMLDivElement, React.HTMLAttributes<HTMLDivElement>>(
+  ({ className, ...props }, ref) => (
+    <div
+      ref={ref}
+      className={cn('rounded-lg border bg-card text-card-foreground shadow-sm', className)}
+      {...props}
+    />
+  )
+);
+Card.displayName = 'Card';
+
+const CardHeader = React.forwardRef<HTMLDivElement, React.HTMLAttributes<HTMLDivElement>>(
+  ({ className, ...props }, ref) => (
+    <div ref={ref} className={cn('flex flex-col space-y-1.5 p-6', className)} {...props} />
+  )
+);
+CardHeader.displayName = 'CardHeader';
+
+const CardTitle = React.forwardRef<HTMLParagraphElement, React.HTMLAttributes<HTMLHeadingElement>>(
+  ({ className, ...props }, ref) => (
+    <h3 ref={ref} className={cn('text-2xl font-semibold leading-none tracking-tight', className)} {...props} />
+  )
+);
+CardTitle.displayName = 'CardTitle';
+
+const CardDescription = React.forwardRef<HTMLParagraphElement, React.HTMLAttributes<HTMLParagraphElement>>(
+  ({ className, ...props }, ref) => (
+    <p ref={ref} className={cn('text-sm text-muted-foreground', className)} {...props} />
+  )
+);
+CardDescription.displayName = 'CardDescription';
+
+const CardContent = React.forwardRef<HTMLDivElement, React.HTMLAttributes<HTMLDivElement>>(
+  ({ className, ...props }, ref) => (
+    <div ref={ref} className={cn('p-6 pt-0', className)} {...props} />
+  )
+);
+CardContent.displayName = 'CardContent';
+
+const CardFooter = React.forwardRef<HTMLDivElement, React.HTMLAttributes<HTMLDivElement>>(
+  ({ className, ...props }, ref) => (
+    <div ref={ref} className={cn('flex items-center p-6 pt-0', className)} {...props} />
+  )
+);
+CardFooter.displayName = 'CardFooter';
+
+export { Card, CardHeader, CardFooter, CardTitle, CardDescription, CardContent };
--- a/client/src/components/ui/input.tsx
+++ b/client/src/components/ui/input.tsx
@@ -0,0 +1,23 @@
+import * as React from 'react';
+import { cn } from '@/lib/utils';
+
+export interface InputProps extends React.InputHTMLAttributes<HTMLInputElement> {}
+
+const Input = React.forwardRef<HTMLInputElement, InputProps>(
+  ({ className, type, ...props }, ref) => {
+    return (
+      <input
+        type={type}
+        className={cn(
+          'flex h-10 w-full rounded-md border border-input bg-background px-3 py-2 text-sm ring-offset-background file:border-0 file:bg-transparent file:text-sm file:font-medium placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50',
+          className
+        )}
+        ref={ref}
+        {...props}
+      />
+    );
+  }
+);
+Input.displayName = 'Input';
+
+export { Input };
--- a/client/src/components/ui/label.tsx
+++ b/client/src/components/ui/label.tsx
@@ -0,0 +1,19 @@
+import * as React from 'react';
+import { cn } from '@/lib/utils';
+
+const Label = React.forwardRef<
+  HTMLLabelElement,
+  React.LabelHTMLAttributes<HTMLLabelElement>
+>(({ className, ...props }, ref) => (
+  <label
+    ref={ref}
+    className={cn(
+      'text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70',
+      className
+    )}
+    {...props}
+  />
+));
+Label.displayName = 'Label';
+
+export { Label };
--- a/client/src/contexts/AuthContext.tsx
+++ b/client/src/contexts/AuthContext.tsx
@@ -0,0 +1,75 @@
+import React, { createContext, useContext, useEffect, useState } from 'react';
+
+interface User {
+  id: string;
+  email: string;
+  display_name: string;
+  role: 'organizer' | 'vendor';
+}
+
+interface AuthContextValue {
+  user: User | null;
+  loading: boolean;
+  login: (email: string, password: string) => Promise<void>;
+  register: (email: string, password: string, displayName: string, role?: string) => Promise<void>;
+  logout: () => Promise<void>;
+}
+
+const AuthContext = createContext<AuthContextValue | null>(null);
+
+export function AuthProvider({ children }: { children: React.ReactNode }) {
+  const [user, setUser] = useState<User | null>(null);
+  const [loading, setLoading] = useState(true);
+
+  // Restore session on mount
+  useEffect(() => {
+    fetch('/api/auth/me', { credentials: 'include' })
+      .then(res => res.ok ? res.json() : null)
+      .then(data => {
+        if (data?.user) setUser(data.user);
+      })
+      .catch(() => {})
+      .finally(() => setLoading(false));
+  }, []);
+
+  async function login(email: string, password: string) {
+    const res = await fetch('/api/auth/login', {
+      method: 'POST',
+      credentials: 'include',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ email, password }),
+    });
+    const data = await res.json();
+    if (!res.ok) throw new Error(data.error || 'התחברות נכשלה');
+    setUser(data.user);
+  }
+
+  async function register(email: string, password: string, displayName: string, role = 'organizer') {
+    const res = await fetch('/api/auth/register', {
+      method: 'POST',
+      credentials: 'include',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ email, password, display_name: displayName, role }),
+    });
+    const data = await res.json();
+    if (!res.ok) throw new Error(data.error || 'הרשמה נכשלה');
+    setUser(data.user);
+  }
+
+  async function logout() {
+    await fetch('/api/auth/logout', { method: 'POST', credentials: 'include' });
+    setUser(null);
+  }
+
+  return (
+    <AuthContext.Provider value={{ user, loading, login, register, logout }}>
+      {children}
+    </AuthContext.Provider>
+  );
+}
+
+export function useAuth() {
+  const ctx = useContext(AuthContext);
+  if (!ctx) throw new Error('useAuth must be used within AuthProvider');
+  return ctx;
+}
--- a/client/src/index.css
+++ b/client/src/index.css
@@ -0,0 +1,33 @@
+@tailwind base;
+@tailwind components;
+@tailwind utilities;
+
+@layer base {
+  :root {
+    --background: 0 0% 100%;
+    --foreground: 222.2 84% 4.9%;
+    --card: 0 0% 100%;
+    --card-foreground: 222.2 84% 4.9%;
+    --primary: 222.2 47.4% 11.2%;
+    --primary-foreground: 210 40% 98%;
+    --muted: 210 40% 96.1%;
+    --muted-foreground: 215.4 16.3% 46.9%;
+    --destructive: 0 84.2% 60.2%;
+    --destructive-foreground: 210 40% 98%;
+    --border: 214.3 31.8% 91.4%;
+    --input: 214.3 31.8% 91.4%;
+    --ring: 222.2 84% 4.9%;
+    --radius: 0.5rem;
+  }
+
+  * {
+    @apply border-border;
+  }
+
+  body {
+    @apply bg-background text-foreground;
+    font-family: 'Segoe UI', system-ui, -apple-system, sans-serif;
+    margin: 0;
+    min-height: 100vh;
+  }
+}
--- a/client/src/lib/utils.ts
+++ b/client/src/lib/utils.ts
@@ -0,0 +1,6 @@
+import { type ClassValue, clsx } from 'clsx';
+import { twMerge } from 'tailwind-merge';
+
+export function cn(...inputs: ClassValue[]) {
+  return twMerge(clsx(inputs));
+}
--- a/client/src/main.tsx
+++ b/client/src/main.tsx
@@ -0,0 +1,10 @@
+import { StrictMode } from 'react'
+import { createRoot } from 'react-dom/client'
+import './index.css'
+import App from './App.tsx'
+
+createRoot(document.getElementById('root')!).render(
+  <StrictMode>
+    <App />
+  </StrictMode>,
+)
--- a/client/src/pages/DashboardPage.tsx
+++ b/client/src/pages/DashboardPage.tsx
@@ -0,0 +1,38 @@
+import { useAuth } from '@/contexts/AuthContext';
+import { Button } from '@/components/ui/button';
+import { Card, CardContent, CardHeader, CardTitle } from '@/components/ui/card';
+
+export function DashboardPage() {
+  const { user, logout } = useAuth();
+
+  async function handleLogout() {
+    await logout();
+  }
+
+  return (
+    <div className="min-h-screen bg-muted/40 p-6" dir="rtl">
+      <div className="max-w-4xl mx-auto space-y-6">
+        <div className="flex items-center justify-between">
+          <h1 className="text-3xl font-bold">אירועית</h1>
+          <Button variant="outline" onClick={handleLogout}>
+            התנתקות
+          </Button>
+        </div>
+
+        <Card>
+          <CardHeader>
+            <CardTitle>ברוך הבא, {user?.display_name}</CardTitle>
+          </CardHeader>
+          <CardContent>
+            <p className="text-muted-foreground">
+              {user?.role === 'organizer' ? 'מארגן אירועים' : 'ספק שירותים'} • {user?.email}
+            </p>
+            <p className="mt-4 text-sm text-muted-foreground">
+              הלוח הראשי של {user?.role === 'organizer' ? 'האירועים' : 'הפרופיל'} שלך יוצג כאן בקרוב.
+            </p>
+          </CardContent>
+        </Card>
+      </div>
+    </div>
+  );
+}
--- a/client/src/pages/LoginPage.tsx
+++ b/client/src/pages/LoginPage.tsx
@@ -0,0 +1,105 @@
+import { useState, type FormEvent } from 'react';
+import { useNavigate, Link } from 'react-router-dom';
+import { useAuth } from '@/contexts/AuthContext';
+import { Button } from '@/components/ui/button';
+import { Input } from '@/components/ui/input';
+import { Label } from '@/components/ui/label';
+import { Card, CardContent, CardDescription, CardFooter, CardHeader, CardTitle } from '@/components/ui/card';
+
+export function LoginPage() {
+  const { login } = useAuth();
+  const navigate = useNavigate();
+
+  const [email, setEmail] = useState('');
+  const [password, setPassword] = useState('');
+  const [error, setError] = useState('');
+  const [loading, setLoading] = useState(false);
+
+  // Inline validation
+  const emailError = email && !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email) ? 'כתובת אימייל לא תקינה' : '';
+  const passwordError = password && password.length < 8 ? 'הסיסמה חייבת להכיל לפחות 8 תווים' : '';
+
+  async function handleSubmit(e: FormEvent) {
+    e.preventDefault();
+    if (emailError || passwordError) return;
+    setError('');
+    setLoading(true);
+    try {
+      await login(email, password);
+      navigate('/dashboard');
+    } catch (err: unknown) {
+      setError(err instanceof Error ? err.message : 'שגיאה בהתחברות');
+    } finally {
+      setLoading(false);
+    }
+  }
+
+  return (
+    <div className="min-h-screen flex items-center justify-center bg-muted/40 p-4">
+      <Card className="w-full max-w-md">
+        <CardHeader className="text-center">
+          <CardTitle className="text-2xl">אירועית</CardTitle>
+          <CardDescription>התחבר לחשבון שלך</CardDescription>
+        </CardHeader>
+
+        <CardContent>
+          {/* RTL form for Hebrew UI */}
+          <form onSubmit={handleSubmit} dir="rtl" className="space-y-4">
+            <div className="space-y-1">
+              <Label htmlFor="email">אימייל</Label>
+              <Input
+                id="email"
+                type="email"
+                placeholder="your@email.com"
+                value={email}
+                onChange={e => setEmail(e.target.value)}
+                required
+                autoComplete="email"
+                dir="ltr"
+              />
+              {emailError && <p className="text-sm text-destructive">{emailError}</p>}
+            </div>
+
+            <div className="space-y-1">
+              <Label htmlFor="password">סיסמה</Label>
+              <Input
+                id="password"
+                type="password"
+                placeholder="••••••••"
+                value={password}
+                onChange={e => setPassword(e.target.value)}
+                required
+                autoComplete="current-password"
+                dir="ltr"
+              />
+              {passwordError && <p className="text-sm text-destructive">{passwordError}</p>}
+            </div>
+
+            {error && (
+              <div className="rounded-md bg-destructive/10 p-3">
+                <p className="text-sm text-destructive text-center">{error}</p>
+              </div>
+            )}
+
+            <Button
+              type="submit"
+              className="w-full"
+              disabled={loading || !!emailError || !!passwordError}
+            >
+              {loading ? 'מתחבר...' : 'כניסה'}
+            </Button>
+          </form>
+        </CardContent>
+
+        <CardFooter className="justify-center">
+          <p className="text-sm text-muted-foreground" dir="rtl">
+            אין לך חשבון?{' '}
+            <Link to="/register" className="text-primary underline underline-offset-4 hover:opacity-80">
+              הרשמה
+            </Link>
+          </p>
+        </CardFooter>
+      </Card>
+    </div>
+  );
+}
--- a/client/src/pages/RegisterPage.tsx
+++ b/client/src/pages/RegisterPage.tsx
@@ -0,0 +1,156 @@
+import { useState, type FormEvent } from 'react';
+import { useNavigate, Link } from 'react-router-dom';
+import { useAuth } from '@/contexts/AuthContext';
+import { Button } from '@/components/ui/button';
+import { Input } from '@/components/ui/input';
+import { Label } from '@/components/ui/label';
+import { Card, CardContent, CardDescription, CardFooter, CardHeader, CardTitle } from '@/components/ui/card';
+
+export function RegisterPage() {
+  const { register } = useAuth();
+  const navigate = useNavigate();
+
+  const [email, setEmail] = useState('');
+  const [password, setPassword] = useState('');
+  const [displayName, setDisplayName] = useState('');
+  const [role, setRole] = useState<'organizer' | 'vendor'>('organizer');
+  const [error, setError] = useState('');
+  const [loading, setLoading] = useState(false);
+
+  // Inline validation
+  const emailError = email && !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email) ? 'כתובת אימייל לא תקינה' : '';
+  const passwordError = password && password.length < 8 ? 'הסיסמה חייבת להכיל לפחות 8 תווים' : '';
+  const nameError = displayName && displayName.trim().length === 0 ? 'שם תצוגה הוא שדה חובה' : '';
+
+  async function handleSubmit(e: FormEvent) {
+    e.preventDefault();
+    if (emailError || passwordError || nameError) return;
+    setError('');
+    setLoading(true);
+    try {
+      await register(email, password, displayName, role);
+      navigate('/dashboard');
+    } catch (err: unknown) {
+      setError(err instanceof Error ? err.message : 'שגיאה בהרשמה');
+    } finally {
+      setLoading(false);
+    }
+  }
+
+  return (
+    <div className="min-h-screen flex items-center justify-center bg-muted/40 p-4">
+      <Card className="w-full max-w-md">
+        <CardHeader className="text-center">
+          <CardTitle className="text-2xl">אירועית</CardTitle>
+          <CardDescription>יצירת חשבון חדש</CardDescription>
+        </CardHeader>
+
+        <CardContent>
+          {/* RTL form for Hebrew UI */}
+          <form onSubmit={handleSubmit} dir="rtl" className="space-y-4">
+            <div className="space-y-1">
+              <Label htmlFor="displayName">שם תצוגה</Label>
+              <Input
+                id="displayName"
+                type="text"
+                placeholder="ישראל ישראלי"
+                value={displayName}
+                onChange={e => setDisplayName(e.target.value)}
+                required
+                autoComplete="name"
+              />
+              {nameError && <p className="text-sm text-destructive">{nameError}</p>}
+            </div>
+
+            <div className="space-y-1">
+              <Label htmlFor="email">אימייל</Label>
+              <Input
+                id="email"
+                type="email"
+                placeholder="your@email.com"
+                value={email}
+                onChange={e => setEmail(e.target.value)}
+                required
+                autoComplete="email"
+                dir="ltr"
+              />
+              {emailError && <p className="text-sm text-destructive">{emailError}</p>}
+            </div>
+
+            <div className="space-y-1">
+              <Label htmlFor="password">סיסמה</Label>
+              <Input
+                id="password"
+                type="password"
+                placeholder="מינימום 8 תווים"
+                value={password}
+                onChange={e => setPassword(e.target.value)}
+                required
+                autoComplete="new-password"
+                dir="ltr"
+              />
+              {passwordError && <p className="text-sm text-destructive">{passwordError}</p>}
+            </div>
+
+            <div className="space-y-1">
+              <Label>סוג חשבון</Label>
+              <div className="grid grid-cols-2 gap-2 pt-1">
+                <button
+                  type="button"
+                  onClick={() => setRole('organizer')}
+                  className={`rounded-md border px-3 py-2 text-sm transition-colors ${
+                    role === 'organizer'
+                      ? 'border-primary bg-primary text-primary-foreground'
+                      : 'border-input bg-background hover:bg-muted'
+                  }`}
+                >
+                  מארגן אירוע
+                </button>
+                <button
+                  type="button"
+                  onClick={() => setRole('vendor')}
+                  className={`rounded-md border px-3 py-2 text-sm transition-colors ${
+                    role === 'vendor'
+                      ? 'border-primary bg-primary text-primary-foreground'
+                      : 'border-input bg-background hover:bg-muted'
+                  }`}
+                >
+                  ספק שירותים
+                </button>
+              </div>
+            </div>
+
+            {/* Israeli Privacy Law disclosure */}
+            <p className="text-xs text-muted-foreground leading-relaxed">
+              בהרשמה אתה מסכים לאיסוף ועיבוד הנתונים שלך בהתאם לחוק הגנת הפרטיות הישראלי 2023.
+              המידע שנאסף: שם, אימייל, וסיסמה מוצפנת.
+            </p>
+
+            {error && (
+              <div className="rounded-md bg-destructive/10 p-3">
+                <p className="text-sm text-destructive text-center">{error}</p>
+              </div>
+            )}
+
+            <Button
+              type="submit"
+              className="w-full"
+              disabled={loading || !!emailError || !!passwordError || !!nameError}
+            >
+              {loading ? 'נרשם...' : 'הרשמה'}
+            </Button>
+          </form>
+        </CardContent>
+
+        <CardFooter className="justify-center">
+          <p className="text-sm text-muted-foreground" dir="rtl">
+            יש לך כבר חשבון?{' '}
+            <Link to="/login" className="text-primary underline underline-offset-4 hover:opacity-80">
+              כניסה
+            </Link>
+          </p>
+        </CardFooter>
+      </Card>
+    </div>
+  );
+}
--- a/client/tailwind.config.js
+++ b/client/tailwind.config.js
@@ -0,0 +1,42 @@
+/** @type {import('tailwindcss').Config} */
+export default {
+  darkMode: ['class'],
+  content: [
+    './index.html',
+    './src/**/*.{js,ts,jsx,tsx}',
+  ],
+  theme: {
+    extend: {
+      borderRadius: {
+        lg: 'var(--radius)',
+        md: 'calc(var(--radius) - 2px)',
+        sm: 'calc(var(--radius) - 4px)',
+      },
+      colors: {
+        background: 'hsl(var(--background))',
+        foreground: 'hsl(var(--foreground))',
+        card: {
+          DEFAULT: 'hsl(var(--card))',
+          foreground: 'hsl(var(--card-foreground))',
+        },
+        primary: {
+          DEFAULT: 'hsl(var(--primary))',
+          foreground: 'hsl(var(--primary-foreground))',
+        },
+        muted: {
+          DEFAULT: 'hsl(var(--muted))',
+          foreground: 'hsl(var(--muted-foreground))',
+        },
+        destructive: {
+          DEFAULT: 'hsl(var(--destructive))',
+          foreground: 'hsl(var(--destructive-foreground))',
+        },
+        border: 'hsl(var(--border))',
+        input: 'hsl(var(--input))',
+        ring: 'hsl(var(--ring))',
+      },
+    },
+  },
+  plugins: [],
+}
+
--- a/client/tsconfig.app.json
+++ b/client/tsconfig.app.json
@@ -0,0 +1,32 @@
+{
+  "compilerOptions": {
+    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.app.tsbuildinfo",
+    "target": "ES2022",
+    "useDefineForClassFields": true,
+    "lib": ["ES2022", "DOM", "DOM.Iterable"],
+    "module": "ESNext",
+    "types": ["vite/client"],
+    "skipLibCheck": true,
+
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "moduleDetection": "force",
+    "noEmit": true,
+    "jsx": "react-jsx",
+
+    /* Linting */
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "erasableSyntaxOnly": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedSideEffectImports": true,
+    "baseUrl": ".",
+    "paths": {
+      "@/*": ["./src/*"]
+    }
+  },
+  "include": ["src"]
+}
--- a/client/tsconfig.json
+++ b/client/tsconfig.json
@@ -0,0 +1,7 @@
+{
+  "files": [],
+  "references": [
+    { "path": "./tsconfig.app.json" },
+    { "path": "./tsconfig.node.json" }
+  ]
+}
--- a/client/tsconfig.node.json
+++ b/client/tsconfig.node.json
@@ -0,0 +1,26 @@
+{
+  "compilerOptions": {
+    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.node.tsbuildinfo",
+    "target": "ES2023",
+    "lib": ["ES2023"],
+    "module": "ESNext",
+    "types": ["node"],
+    "skipLibCheck": true,
+
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "moduleDetection": "force",
+    "noEmit": true,
+
+    /* Linting */
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "erasableSyntaxOnly": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedSideEffectImports": true
+  },
+  "include": ["vite.config.ts"]
+}
--- a/client/vite.config.ts
+++ b/client/vite.config.ts
@@ -0,0 +1,18 @@
+import { defineConfig } from 'vite'
+import react from '@vitejs/plugin-react'
+import path from 'path'
+
+// https://vite.dev/config/
+export default defineConfig({
+  plugins: [react()],
+  resolve: {
+    alias: {
+      '@': path.resolve(__dirname, './src'),
+    },
+  },
+  server: {
+    proxy: {
+      '/api': 'http://localhost:3000',
+    },
+  },
+})
--- a/db/pool.js
+++ b/db/pool.js
@@ -0,0 +1,11 @@
+const { Pool } = require('pg');
+
+const pool = new Pool({
+  connectionString: process.env.DATABASE_URL,
+});
+
+pool.on('error', (err) => {
+  console.error('Unexpected PostgreSQL client error', err);
+});
+
+module.exports = pool;
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,36 @@
+version: '3.8'
+
+services:
+  app:
+    build: .
+    expose:
+      - "3000"
+    environment:
+      NODE_ENV: production
+      PORT: 3000
+      DATABASE_URL: postgresql://postgres:postgres@postgres:5432/airewit
+      JWT_SECRET: ${JWT_SECRET}
+    depends_on:
+      postgres:
+        condition: service_healthy
+    restart: unless-stopped
+
+  postgres:
+    image: postgres:16-alpine
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_DB: airewit
+    expose:
+      - "5432"
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres -d airewit"]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+    restart: unless-stopped
+
+volumes:
+  postgres_data:
--- a/middleware/auth.js
+++ b/middleware/auth.js
@@ -0,0 +1,33 @@
+const jwt = require('jsonwebtoken');
+
+const JWT_SECRET = process.env.JWT_SECRET;
+
+/**
+ * Express middleware: validates JWT from httpOnly cookie or Authorization Bearer header.
+ * Attaches decoded user payload to req.user on success.
+ * Returns 401 for missing or invalid tokens.
+ */
+function authMiddleware(req, res, next) {
+  let token = null;
+
+  // Prefer httpOnly cookie
+  if (req.cookies && req.cookies.token) {
+    token = req.cookies.token;
+  } else if (req.headers.authorization && req.headers.authorization.startsWith('Bearer ')) {
+    token = req.headers.authorization.slice(7);
+  }
+
+  if (!token) {
+    return res.status(401).json({ error: 'Authentication required' });
+  }
+
+  try {
+    const payload = jwt.verify(token, JWT_SECRET);
+    req.user = payload;
+    next();
+  } catch {
+    return res.status(401).json({ error: 'Invalid or expired session' });
+  }
+}
+
+module.exports = { authMiddleware };
--- a/migrations/001_create_extensions.sql
+++ b/migrations/001_create_extensions.sql
@@ -0,0 +1,12 @@
+-- Migration 001: Enable required PostgreSQL extensions
+-- UP
+BEGIN;
+CREATE EXTENSION IF NOT EXISTS "pgcrypto";
+CREATE EXTENSION IF NOT EXISTS "pg_trgm";  -- required for Phase 2 fuzzy Hebrew name search
+COMMIT;
+
+-- DOWN
+-- BEGIN;
+-- DROP EXTENSION IF EXISTS "pg_trgm";
+-- DROP EXTENSION IF EXISTS "pgcrypto";
+-- COMMIT;
--- a/migrations/002_create_users.sql
+++ b/migrations/002_create_users.sql
@@ -0,0 +1,25 @@
+-- Migration 002: Create users table
+-- UP
+BEGIN;
+
+CREATE TYPE user_role AS ENUM ('organizer', 'vendor', 'admin');
+
+CREATE TABLE users (
+  id              UUID        PRIMARY KEY DEFAULT gen_random_uuid(),
+  email           VARCHAR(255) UNIQUE NOT NULL,
+  password_hash   VARCHAR(255) NOT NULL,
+  display_name    VARCHAR(255) NOT NULL,
+  role            user_role   NOT NULL DEFAULT 'organizer',
+  created_at      TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  updated_at      TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX idx_users_email ON users(email);
+
+COMMIT;
+
+-- DOWN
+-- BEGIN;
+-- DROP TABLE IF EXISTS users;
+-- DROP TYPE IF EXISTS user_role;
+-- COMMIT;
--- a/migrations/003_create_events.sql
+++ b/migrations/003_create_events.sql
@@ -0,0 +1,43 @@
+-- Migration 003: Create events table
+-- UP
+BEGIN;
+
+CREATE TYPE event_status   AS ENUM ('draft', 'published', 'cancelled', 'completed');
+CREATE TYPE kashrut_level  AS ENUM ('none', 'regular', 'mehadrin', 'chalav_yisrael');
+CREATE TYPE event_language AS ENUM ('hebrew', 'arabic', 'english');
+
+CREATE TABLE events (
+  id                   UUID         PRIMARY KEY DEFAULT gen_random_uuid(),
+  organizer_id         UUID         NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  title                VARCHAR(255) NOT NULL,
+  description          TEXT,
+  event_date           TIMESTAMPTZ,
+  venue_name           VARCHAR(255),
+  venue_address        TEXT,
+  max_guests           INTEGER,
+  venue_capacity       INTEGER,                          -- fire-safety hard limit
+  max_plus_ones_buffer INTEGER      NOT NULL DEFAULT 30, -- % buffer for walk-ins
+  status               event_status NOT NULL DEFAULT 'draft',
+  kashrut_level        kashrut_level NOT NULL DEFAULT 'none',
+  noise_curfew_time    TIME         NOT NULL DEFAULT '23:00',  -- Israeli law default
+  language_pref        event_language NOT NULL DEFAULT 'hebrew',
+  budget               DECIMAL(12, 2),
+  retention_policy_days INTEGER     NOT NULL DEFAULT 365, -- Israeli Privacy Law 2023
+  deleted_at           TIMESTAMPTZ,                       -- soft delete for organizer use
+  created_at           TIMESTAMPTZ  NOT NULL DEFAULT NOW(),
+  updated_at           TIMESTAMPTZ  NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX idx_events_organizer_id ON events(organizer_id);
+CREATE INDEX idx_events_status       ON events(status);
+CREATE INDEX idx_events_event_date   ON events(event_date);
+
+COMMIT;
+
+-- DOWN
+-- BEGIN;
+-- DROP TABLE IF EXISTS events;
+-- DROP TYPE IF EXISTS event_language;
+-- DROP TYPE IF EXISTS kashrut_level;
+-- DROP TYPE IF EXISTS event_status;
+-- COMMIT;
--- a/migrations/004_create_vendors.sql
+++ b/migrations/004_create_vendors.sql
@@ -0,0 +1,50 @@
+-- Migration 004: Create vendors table
+-- UP
+BEGIN;
+
+CREATE TYPE vendor_category AS ENUM (
+  'catering', 'photography', 'videographer', 'music', 'decoration',
+  'venue', 'officiant', 'staffing', 'transportation', 'printing',
+  'entertainment', 'other'
+);
+
+CREATE TABLE vendors (
+  id                        UUID         PRIMARY KEY DEFAULT gen_random_uuid(),
+  user_id                   UUID         NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  business_name             VARCHAR(255) NOT NULL,
+  category                  vendor_category NOT NULL,
+  description               TEXT,
+  base_price                DECIMAL(12, 2),
+  city                      VARCHAR(100),
+  is_verified               BOOLEAN      NOT NULL DEFAULT FALSE,
+  -- Israeli compliance & certification fields
+  kashrut_cert_number       VARCHAR(100),
+  kashrut_issuing_authority VARCHAR(255),
+  business_license_number   VARCHAR(100),
+  license_expiry_date       DATE,                  -- alert when within 30 days of expiry
+  insurance_ref             VARCHAR(255),
+  -- Phase 3: AI recommendation fields
+  geographic_area           VARCHAR(255),          -- broader area (e.g. "North", "Tel Aviv District")
+  price_range_min           DECIMAL(12, 2),        -- NIS
+  price_range_max           DECIMAL(12, 2),        -- NIS
+  capacity_min              INTEGER,
+  capacity_max              INTEGER,
+  style_tags                TEXT[],                -- e.g. {"rustic","modern","religious"}
+  deleted_at                TIMESTAMPTZ,           -- soft delete
+  created_at                TIMESTAMPTZ  NOT NULL DEFAULT NOW(),
+  updated_at                TIMESTAMPTZ  NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX idx_vendors_user_id       ON vendors(user_id);
+CREATE INDEX idx_vendors_category      ON vendors(category);
+CREATE INDEX idx_vendors_city          ON vendors(city);
+CREATE INDEX idx_vendors_geographic    ON vendors(geographic_area);
+CREATE INDEX idx_vendors_style_tags    ON vendors USING GIN(style_tags);
+
+COMMIT;
+
+-- DOWN
+-- BEGIN;
+-- DROP TABLE IF EXISTS vendors;
+-- DROP TYPE IF EXISTS vendor_category;
+-- COMMIT;
--- a/migrations/005_create_guests.sql
+++ b/migrations/005_create_guests.sql
@@ -0,0 +1,56 @@
+-- Migration 005: Create guests table
+-- UP
+BEGIN;
+
+CREATE TYPE rsvp_status        AS ENUM ('pending', 'confirmed', 'declined');
+CREATE TYPE relationship_group AS ENUM ('family_bride', 'family_groom', 'friends', 'work', 'community', 'other');
+CREATE TYPE dietary_preference AS ENUM ('none', 'vegetarian', 'vegan', 'kosher_regular', 'kosher_mehadrin');
+CREATE TYPE guest_source       AS ENUM ('registered', 'walkin');  -- Phase 2: analytics
+
+CREATE TABLE guests (
+  id                   UUID         PRIMARY KEY DEFAULT gen_random_uuid(),
+  event_id             UUID         NOT NULL REFERENCES events(id) ON DELETE CASCADE,
+  -- Name (Hebrew required; Latin transliteration for non-Hebrew speakers)
+  name_hebrew          VARCHAR(255) NOT NULL,
+  name_transliteration VARCHAR(255),
+  -- Contact (Israeli E.164 phone format: +972XXXXXXXXX)
+  email                VARCHAR(255),
+  phone                VARCHAR(20),
+  -- RSVP
+  rsvp_status          rsvp_status  NOT NULL DEFAULT 'pending',
+  -- Seating
+  table_number         INTEGER,
+  seat_number          VARCHAR(10),
+  -- Social grouping
+  relationship_group   relationship_group,
+  plus_one_of          UUID         REFERENCES guests(id) ON DELETE SET NULL,  -- self-ref FK
+  plus_one_allowance   INTEGER      NOT NULL DEFAULT 0,
+  -- Preferences
+  dietary_preference   dietary_preference NOT NULL DEFAULT 'none',
+  dietary_notes        TEXT,                     -- free-text override/additions
+  accessibility_needs  TEXT,
+  -- Phase 2: Day-of check-in
+  source               guest_source NOT NULL DEFAULT 'registered',  -- analytics (walk-ins vs pre-registered)
+  -- Israeli Privacy Law 2023 compliance
+  privacy_accepted_at  TIMESTAMPTZ,
+  -- NO deleted_at: guests support hard delete only (data subject right per Israeli Privacy Law)
+  created_at           TIMESTAMPTZ  NOT NULL DEFAULT NOW(),
+  updated_at           TIMESTAMPTZ  NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX idx_guests_event_id      ON guests(event_id);
+CREATE INDEX idx_guests_rsvp_status   ON guests(rsvp_status);
+CREATE INDEX idx_guests_plus_one_of   ON guests(plus_one_of);
+-- pg_trgm GIN index for Phase 2 fuzzy Hebrew name search (requires pg_trgm from migration 001)
+CREATE INDEX idx_guests_name_trgm     ON guests USING GIN(name_hebrew gin_trgm_ops);
+
+COMMIT;
+
+-- DOWN
+-- BEGIN;
+-- DROP TABLE IF EXISTS guests;
+-- DROP TYPE IF EXISTS guest_source;
+-- DROP TYPE IF EXISTS dietary_preference;
+-- DROP TYPE IF EXISTS relationship_group;
+-- DROP TYPE IF EXISTS rsvp_status;
+-- COMMIT;
--- a/migrations/006_create_bookings.sql
+++ b/migrations/006_create_bookings.sql
@@ -0,0 +1,35 @@
+-- Migration 006: Create bookings table
+-- UP
+BEGIN;
+
+CREATE TYPE booking_status  AS ENUM ('pending', 'confirmed', 'cancelled');
+CREATE TYPE payment_status  AS ENUM ('unpaid', 'deposit_paid', 'fully_paid');  -- Phase 3: AI/financial
+
+CREATE TABLE bookings (
+  id              UUID           PRIMARY KEY DEFAULT gen_random_uuid(),
+  event_id        UUID           NOT NULL REFERENCES events(id) ON DELETE CASCADE,
+  vendor_id       UUID           NOT NULL REFERENCES vendors(id) ON DELETE CASCADE,
+  status          booking_status NOT NULL DEFAULT 'pending',
+  agreed_price    DECIMAL(12, 2),
+  notes           TEXT,
+  -- Phase 3: AI recommendation & financial tracking
+  contract_value  DECIMAL(12, 2),                -- actual signed contract value in NIS
+  payment_status  payment_status NOT NULL DEFAULT 'unpaid',
+  deleted_at      TIMESTAMPTZ,                   -- soft delete
+  created_at      TIMESTAMPTZ    NOT NULL DEFAULT NOW(),
+  updated_at      TIMESTAMPTZ    NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX idx_bookings_event_id       ON bookings(event_id);
+CREATE INDEX idx_bookings_vendor_id      ON bookings(vendor_id);
+CREATE INDEX idx_bookings_status         ON bookings(status);
+CREATE INDEX idx_bookings_payment_status ON bookings(payment_status);
+
+COMMIT;
+
+-- DOWN
+-- BEGIN;
+-- DROP TABLE IF EXISTS bookings;
+-- DROP TYPE IF EXISTS payment_status;
+-- DROP TYPE IF EXISTS booking_status;
+-- COMMIT;
--- a/migrations/007_create_invitations.sql
+++ b/migrations/007_create_invitations.sql
@@ -0,0 +1,31 @@
+-- Migration 007: Create invitations table
+-- UP
+BEGIN;
+
+CREATE TYPE invitation_channel AS ENUM ('sms', 'whatsapp', 'email');
+
+CREATE TABLE invitations (
+  id          UUID         PRIMARY KEY DEFAULT gen_random_uuid(),
+  event_id    UUID         NOT NULL REFERENCES events(id) ON DELETE CASCADE,
+  guest_id    UUID         NOT NULL REFERENCES guests(id) ON DELETE CASCADE,
+  token       VARCHAR(128) UNIQUE NOT NULL DEFAULT encode(gen_random_bytes(64), 'hex'),
+  channel     invitation_channel NOT NULL DEFAULT 'whatsapp',
+  -- MVP: wa.me deep-link (no Twilio/API required)
+  -- Format: https://wa.me/+972XXXXXXXXX?text=ENCODED_MESSAGE
+  whatsapp_link TEXT,                -- pre-generated deep-link for organizer to click
+  sent_at     TIMESTAMPTZ,           -- when organizer clicked Send
+  opened_at   TIMESTAMPTZ,           -- when guest opened the RSVP link
+  created_at  TIMESTAMPTZ  NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX idx_invitations_event_id ON invitations(event_id);
+CREATE INDEX idx_invitations_guest_id ON invitations(guest_id);
+CREATE INDEX idx_invitations_token    ON invitations(token);
+
+COMMIT;
+
+-- DOWN
+-- BEGIN;
+-- DROP TABLE IF EXISTS invitations;
+-- DROP TYPE IF EXISTS invitation_channel;
+-- COMMIT;
--- a/migrations/008_create_vendor_ratings.sql
+++ b/migrations/008_create_vendor_ratings.sql
@@ -0,0 +1,35 @@
+-- Migration 008: Create vendor_ratings table (Phase 3: AI recommendation engine)
+-- UP
+BEGIN;
+
+CREATE TABLE vendor_ratings (
+  id                    UUID        PRIMARY KEY DEFAULT gen_random_uuid(),
+  event_id              UUID        NOT NULL REFERENCES events(id) ON DELETE CASCADE,
+  vendor_id             UUID        NOT NULL REFERENCES vendors(id) ON DELETE CASCADE,
+  organizer_id          UUID        NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  -- 6-dimension rating system (1-5 scale)
+  quality_score         SMALLINT    NOT NULL CHECK (quality_score BETWEEN 1 AND 5),
+  professionalism_score SMALLINT    NOT NULL CHECK (professionalism_score BETWEEN 1 AND 5),
+  flexibility_score     SMALLINT    NOT NULL CHECK (flexibility_score BETWEEN 1 AND 5),
+  value_score           SMALLINT    NOT NULL CHECK (value_score BETWEEN 1 AND 5),
+  -- Boolean recommendation signals
+  would_use_again       BOOLEAN     NOT NULL,
+  would_recommend       BOOLEAN     NOT NULL,
+  -- Optional review text
+  review_text           TEXT,
+  rated_at              TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  created_at            TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  -- One rating per (event, vendor, organizer) tuple
+  CONSTRAINT uq_vendor_rating UNIQUE (event_id, vendor_id, organizer_id)
+);
+
+CREATE INDEX idx_vendor_ratings_vendor_id    ON vendor_ratings(vendor_id);
+CREATE INDEX idx_vendor_ratings_organizer_id ON vendor_ratings(organizer_id);
+CREATE INDEX idx_vendor_ratings_event_id     ON vendor_ratings(event_id);
+
+COMMIT;
+
+-- DOWN
+-- BEGIN;
+-- DROP TABLE IF EXISTS vendor_ratings;
+-- COMMIT;
--- a/migrations/009_create_organizer_preferences.sql
+++ b/migrations/009_create_organizer_preferences.sql
@@ -0,0 +1,30 @@
+-- Migration 009: Create organizer_preferences table (Phase 3: AI recommendation engine)
+-- UP
+BEGIN;
+
+CREATE TABLE organizer_preferences (
+  id                      UUID        PRIMARY KEY DEFAULT gen_random_uuid(),
+  user_id                 UUID        NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  -- Style preferences (matches vendors.style_tags for AI matching)
+  style_tags              TEXT[],                  -- e.g. {"rustic","modern","religious"}
+  -- Typical event scale
+  typical_guest_count_min INTEGER,
+  typical_guest_count_max INTEGER,
+  -- Typical budget range in NIS
+  typical_budget_min      DECIMAL(12, 2),
+  typical_budget_max      DECIMAL(12, 2),
+  created_at              TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  updated_at              TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  -- One preference record per user
+  CONSTRAINT uq_organizer_preferences_user UNIQUE (user_id)
+);
+
+CREATE INDEX idx_organizer_prefs_user_id    ON organizer_preferences(user_id);
+CREATE INDEX idx_organizer_prefs_style_tags ON organizer_preferences USING GIN(style_tags);
+
+COMMIT;
+
+-- DOWN
+-- BEGIN;
+-- DROP TABLE IF EXISTS organizer_preferences;
+-- COMMIT;
--- a/package.json
+++ b/package.json
@@ -0,0 +1,24 @@
+{
+  "name": "airewit-server",
+  "version": "1.0.0",
+  "description": "אירועית - Event Management Platform API",
+  "main": "server.js",
+  "scripts": {
+    "start": "node server.js",
+    "dev": "nodemon server.js",
+    "migrate": "node scripts/migrate.js",
+    "seed": "node scripts/seed.js"
+  },
+  "dependencies": {
+    "bcrypt": "^5.1.1",
+    "cookie-parser": "^1.4.6",
+    "cors": "^2.8.5",
+    "dotenv": "^16.4.5",
+    "express": "^4.18.3",
+    "jsonwebtoken": "^9.0.2",
+    "pg": "^8.11.3"
+  },
+  "devDependencies": {
+    "nodemon": "^3.1.0"
+  }
+}
--- a/routes/auth.js
+++ b/routes/auth.js
@@ -0,0 +1,154 @@
+const express = require('express');
+const bcrypt = require('bcrypt');
+const jwt = require('jsonwebtoken');
+const pool = require('../db/pool');
+
+const router = express.Router();
+
+const BCRYPT_ROUNDS = 12; // min 10 per spec; 12 for extra safety
+const JWT_SECRET = process.env.JWT_SECRET;
+const JWT_EXPIRES_IN = '24h';
+const COOKIE_MAX_AGE = 24 * 60 * 60 * 1000; // 24h in ms
+
+// ─── Helpers ─────────────────────────────────────────────────────────────────
+
+function isValidEmail(email) {
+  return typeof email === 'string' && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
+}
+
+function setAuthCookie(res, token) {
+  res.cookie('token', token, {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === 'production',
+    sameSite: 'lax',
+    maxAge: COOKIE_MAX_AGE,
+  });
+}
+
+// ─── POST /api/auth/register ──────────────────────────────────────────────────
+
+router.post('/register', async (req, res) => {
+  const { email, password, display_name, role } = req.body;
+
+  // 400 — validation
+  const errors = [];
+  if (!email || !isValidEmail(email)) errors.push('Valid email is required');
+  if (!password || password.length < 8) errors.push('Password must be at least 8 characters');
+  if (!display_name || display_name.trim().length === 0) errors.push('Display name is required');
+  if (role && !['organizer', 'vendor'].includes(role)) errors.push('Role must be organizer or vendor');
+
+  if (errors.length > 0) {
+    return res.status(400).json({ error: errors.join('; ') });
+  }
+
+  const userRole = role || 'organizer';
+
+  try {
+    // 409 — duplicate email
+    const existing = await pool.query('SELECT id FROM users WHERE email = $1', [email.toLowerCase()]);
+    if (existing.rows.length > 0) {
+      return res.status(409).json({ error: 'An account with this email already exists' });
+    }
+
+    const password_hash = await bcrypt.hash(password, BCRYPT_ROUNDS);
+
+    const result = await pool.query(
+      `INSERT INTO users (email, password_hash, display_name, role)
+       VALUES ($1, $2, $3, $4)
+       RETURNING id, email, display_name, role, created_at`,
+      [email.toLowerCase(), password_hash, display_name.trim(), userRole]
+    );
+
+    const user = result.rows[0];
+    const token = jwt.sign(
+      { id: user.id, email: user.email, role: user.role },
+      JWT_SECRET,
+      { expiresIn: JWT_EXPIRES_IN }
+    );
+
+    setAuthCookie(res, token);
+
+    return res.status(201).json({
+      user: { id: user.id, email: user.email, display_name: user.display_name, role: user.role },
+    });
+  } catch (err) {
+    console.error('Registration error:', err.message);
+    return res.status(500).json({ error: 'Registration failed. Please try again.' });
+  }
+});
+
+// ─── POST /api/auth/login ─────────────────────────────────────────────────────
+
+router.post('/login', async (req, res) => {
+  const { email, password } = req.body;
+
+  // 400 — validation
+  if (!email || !password) {
+    return res.status(400).json({ error: 'Email and password are required' });
+  }
+
+  try {
+    const result = await pool.query(
+      'SELECT id, email, password_hash, display_name, role FROM users WHERE email = $1',
+      [email.toLowerCase()]
+    );
+
+    // Generic 401 — do not reveal whether email or password was wrong
+    if (result.rows.length === 0) {
+      await bcrypt.compare(password, '$2b$12$fakehashtopreventtimingattacks00000000000000000000000'); // timing safe
+      return res.status(401).json({ error: 'Invalid email or password' });
+    }
+
+    const user = result.rows[0];
+    const valid = await bcrypt.compare(password, user.password_hash);
+
+    if (!valid) {
+      return res.status(401).json({ error: 'Invalid email or password' });
+    }
+
+    const token = jwt.sign(
+      { id: user.id, email: user.email, role: user.role },
+      JWT_SECRET,
+      { expiresIn: JWT_EXPIRES_IN }
+    );
+
+    setAuthCookie(res, token);
+
+    return res.json({
+      user: { id: user.id, email: user.email, display_name: user.display_name, role: user.role },
+    });
+  } catch (err) {
+    console.error('Login error:', err.message);
+    return res.status(500).json({ error: 'Login failed. Please try again.' });
+  }
+});
+
+// ─── POST /api/auth/logout ────────────────────────────────────────────────────
+
+router.post('/logout', (req, res) => {
+  res.clearCookie('token', { httpOnly: true, sameSite: 'lax' });
+  return res.json({ message: 'Logged out successfully' });
+});
+
+// ─── GET /api/auth/me ─────────────────────────────────────────────────────────
+// Returns current user from cookie — useful for session restore on page refresh
+
+const { authMiddleware } = require('../middleware/auth');
+
+router.get('/me', authMiddleware, async (req, res) => {
+  try {
+    const result = await pool.query(
+      'SELECT id, email, display_name, role FROM users WHERE id = $1',
+      [req.user.id]
+    );
+    if (result.rows.length === 0) {
+      return res.status(401).json({ error: 'User not found' });
+    }
+    return res.json({ user: result.rows[0] });
+  } catch (err) {
+    console.error('Me endpoint error:', err.message);
+    return res.status(500).json({ error: 'Failed to retrieve user' });
+  }
+});
+
+module.exports = router;
--- a/scripts/migrate.js
+++ b/scripts/migrate.js
@@ -0,0 +1,51 @@
+require('dotenv').config();
+const fs = require('fs');
+const path = require('path');
+const { Pool } = require('pg');
+
+const pool = new Pool({ connectionString: process.env.DATABASE_URL });
+
+async function migrate() {
+  const migrationsDir = path.join(__dirname, '..', 'migrations');
+  const files = fs.readdirSync(migrationsDir).filter(f => f.endsWith('.sql')).sort();
+
+  // Ensure migrations tracking table exists
+  await pool.query(`
+    CREATE TABLE IF NOT EXISTS schema_migrations (
+      filename VARCHAR(255) PRIMARY KEY,
+      applied_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+    )
+  `);
+
+  for (const file of files) {
+    const { rows } = await pool.query(
+      'SELECT filename FROM schema_migrations WHERE filename = $1',
+      [file]
+    );
+    if (rows.length > 0) {
+      console.log(`  ✓ already applied: ${file}`);
+      continue;
+    }
+
+    const sql = fs.readFileSync(path.join(migrationsDir, file), 'utf8');
+    // Extract and run only the UP section (before the -- DOWN comment)
+    const upSection = sql.split('-- DOWN')[0].trim();
+
+    try {
+      await pool.query(upSection);
+      await pool.query('INSERT INTO schema_migrations (filename) VALUES ($1)', [file]);
+      console.log(`  ✅ applied: ${file}`);
+    } catch (err) {
+      console.error(`  ❌ failed: ${file}`, err.message);
+      process.exit(1);
+    }
+  }
+
+  console.log('Migrations complete.');
+  await pool.end();
+}
+
+migrate().catch(err => {
+  console.error('Migration error:', err);
+  process.exit(1);
+});
--- a/scripts/seed.js
+++ b/scripts/seed.js
@@ -0,0 +1,39 @@
+require('dotenv').config();
+const fs = require('fs');
+const path = require('path');
+const bcrypt = require('bcrypt');
+const { Pool } = require('pg');
+
+const pool = new Pool({ connectionString: process.env.DATABASE_URL });
+
+async function seed() {
+  const hash = await bcrypt.hash('Password123!', 12);
+
+  let sql = fs.readFileSync(
+    path.join(__dirname, '..', 'seeds', '001_seed_test_data.sql'),
+    'utf8'
+  );
+
+  // Replace placeholder hash with real bcrypt hash
+  sql = sql.replace(/\$2b\$10\$REPLACE_WITH_REAL_HASH/g, hash);
+
+  try {
+    await pool.query(sql);
+    console.log('✅ Seed data inserted');
+  } catch (err) {
+    // Ignore duplicate key errors (idempotent re-run)
+    if (err.code === '23505') {
+      console.log('ℹ️  Seed data already present, skipping');
+    } else {
+      console.error('❌ Seed error:', err.message);
+      process.exit(1);
+    }
+  }
+
+  await pool.end();
+}
+
+seed().catch(err => {
+  console.error('Seed error:', err);
+  process.exit(1);
+});
--- a/seeds/001_seed_test_data.sql
+++ b/seeds/001_seed_test_data.sql
@@ -0,0 +1,92 @@
+-- Seed 001: Test data for development
+-- Passwords are bcrypt hashes of 'Password123!' — replace at runtime with actual hash
+
+BEGIN;
+
+-- ─── Users ───────────────────────────────────────────────────────────────────
+
+-- Test organizer
+INSERT INTO users (id, email, password_hash, display_name, role) VALUES
+  ('11111111-1111-1111-1111-111111111111',
+   'organizer@test.com',
+   '$2b$10$REPLACE_WITH_REAL_HASH',
+   'מארגן בדיקה',
+   'organizer');
+
+-- Vendor users (one per vendor profile below)
+INSERT INTO users (id, email, password_hash, display_name, role) VALUES
+  ('22222222-2222-2222-2222-222222222222', 'catering@test.com',      '$2b$10$REPLACE_WITH_REAL_HASH', 'קייטרינג לדוגמה',    'vendor'),
+  ('22222222-2222-2222-2222-222222222223', 'photography@test.com',   '$2b$10$REPLACE_WITH_REAL_HASH', 'צלם לדוגמה',         'vendor'),
+  ('22222222-2222-2222-2222-222222222224', 'music@test.com',         '$2b$10$REPLACE_WITH_REAL_HASH', 'מוזיקה לדוגמה',      'vendor'),
+  ('22222222-2222-2222-2222-222222222225', 'decoration@test.com',    '$2b$10$REPLACE_WITH_REAL_HASH', 'עיצוב לדוגמה',       'vendor'),
+  ('22222222-2222-2222-2222-222222222226', 'venue@test.com',         '$2b$10$REPLACE_WITH_REAL_HASH', 'אולם לדוגמה',        'vendor');
+
+-- ─── Vendors (5 profiles across different categories) ────────────────────────
+
+INSERT INTO vendors (id, user_id, business_name, category, city, geographic_area,
+                     base_price, price_range_min, price_range_max,
+                     capacity_min, capacity_max,
+                     style_tags, is_verified) VALUES
+  ('33333333-3333-3333-3333-333333333331',
+   '22222222-2222-2222-2222-222222222222',
+   'קייטרינג שף אורי', 'catering', 'תל אביב', 'מרכז',
+   5000.00, 4000.00, 12000.00, 50, 500,
+   ARRAY['kosher_mehadrin', 'modern'], TRUE),
+
+  ('33333333-3333-3333-3333-333333333332',
+   '22222222-2222-2222-2222-222222222223',
+   'סטודיו לכידת רגעים', 'photography', 'ירושלים', 'ירושלים וסביבותיה',
+   3000.00, 2500.00, 8000.00, 30, 600,
+   ARRAY['traditional', 'religious'], TRUE),
+
+  ('33333333-3333-3333-3333-333333333333',
+   '22222222-2222-2222-2222-222222222224',
+   'להקת הכוכבים', 'music', 'חיפה', 'צפון',
+   4000.00, 3000.00, 10000.00, 100, 800,
+   ARRAY['modern', 'mizrahi'], FALSE),
+
+  ('33333333-3333-3333-3333-333333333334',
+   '22222222-2222-2222-2222-222222222225',
+   'עיצוב ואווירה', 'decoration', 'ראשון לציון', 'מרכז',
+   2000.00, 1500.00, 6000.00, 20, 400,
+   ARRAY['rustic', 'romantic', 'modern'], TRUE),
+
+  ('33333333-3333-3333-3333-333333333335',
+   '22222222-2222-2222-2222-222222222226',
+   'אולם הנשיאים', 'venue', 'נתניה', 'שרון',
+   15000.00, 10000.00, 35000.00, 80, 700,
+   ARRAY['elegant', 'modern'], TRUE);
+
+-- ─── Sample Event ─────────────────────────────────────────────────────────────
+
+INSERT INTO events (id, organizer_id, title, description, event_date,
+                    venue_name, max_guests, venue_capacity,
+                    status, kashrut_level, noise_curfew_time,
+                    max_plus_ones_buffer, retention_policy_days, language_pref) VALUES
+  ('44444444-4444-4444-4444-444444444444',
+   '11111111-1111-1111-1111-111111111111',
+   'חתונת בדיקה',
+   'אירוע לדוגמה לפיתוח',
+   NOW() + INTERVAL '30 days',
+   'אולם הנשיאים', 150, 200,
+   'draft', 'mehadrin', '23:00',
+   30, 365, 'hebrew');
+
+-- ─── Sample Guests ────────────────────────────────────────────────────────────
+
+INSERT INTO guests (event_id, name_hebrew, name_transliteration, email, phone,
+                    rsvp_status, relationship_group, dietary_preference,
+                    plus_one_allowance, source, privacy_accepted_at) VALUES
+  ('44444444-4444-4444-4444-444444444444',
+   'יוסי כהן', 'Yossi Cohen', 'yossi@test.com', '+972501234567',
+   'pending', 'family_groom', 'kosher_mehadrin', 1, 'registered', NOW()),
+
+  ('44444444-4444-4444-4444-444444444444',
+   'מיכל לוי', 'Michal Levi', 'michal@test.com', '+972521234567',
+   'confirmed', 'friends', 'vegetarian', 0, 'registered', NOW()),
+
+  ('44444444-4444-4444-4444-444444444444',
+   'דוד ישראלי', 'David Israeli', 'david@test.com', '+972541234567',
+   'declined', 'work', 'none', 0, 'registered', NOW());
+
+COMMIT;
--- a/server.js
+++ b/server.js
@@ -0,0 +1,37 @@
+require('dotenv').config();
+const express = require('express');
+const cookieParser = require('cookie-parser');
+const cors = require('cors');
+const path = require('path');
+
+const authRoutes = require('./routes/auth');
+const { authMiddleware } = require('./middleware/auth');
+
+const app = express();
+const PORT = process.env.PORT || 3000;
+
+app.use(cors({
+  origin: process.env.CLIENT_ORIGIN || true,
+  credentials: true,
+}));
+app.use(express.json());
+app.use(cookieParser());
+
+// Health check — no auth required
+app.get('/health', (req, res) => res.json({ status: 'ok' }));
+
+// Auth routes — no middleware (register/login are public)
+app.use('/api/auth', authRoutes);
+
+// All routes below require valid JWT
+app.use('/api', authMiddleware);
+
+// Serve React frontend in production
+app.use(express.static(path.join(__dirname, 'client', 'dist')));
+app.get('*', (req, res) => {
+  res.sendFile(path.join(__dirname, 'client', 'dist', 'index.html'));
+});
+
+app.listen(PORT, () => {
+  console.log(`אירועית server running on port ${PORT}`);
+});
				`@@ -0,0 +1 @@`
				<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="35.93" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 228"><path fill="#00D8FF" d="M210.483 73.824a171.49 171.49 0 0 0-8.24-2.597c.465-1.9.893-3.777 1.273-5.621c6.238-30.281 2.16-54.676-11.769-62.708c-13.355-7.7-35.196.329-57.254 19.526a171.23 171.23 0 0 0-6.375 5.848a155.866 155.866 0 0 0-4.241-3.917C100.759 3.829 77.587-4.822 63.673 3.233C50.33 10.957 46.379 33.89 51.995 62.588a170.974 170.974 0 0 0 1.892 8.48c-3.28.932-6.445 1.924-9.474 2.98C17.309 83.498 0 98.307 0 113.668c0 15.865 18.582 31.778 46.812 41.427a145.52 145.52 0 0 0 6.921 2.165a167.467 167.467 0 0 0-2.01 9.138c-5.354 28.2-1.173 50.591 12.134 58.266c13.744 7.926 36.812-.22 59.273-19.855a145.567 145.567 0 0 0 5.342-4.923a168.064 168.064 0 0 0 6.92 6.314c21.758 18.722 43.246 26.282 56.54 18.586c13.731-7.949 18.194-32.003 12.4-61.268a145.016 145.016 0 0 0-1.535-6.842c1.62-.48 3.21-.974 4.76-1.488c29.348-9.723 48.443-25.443 48.443-41.52c0-15.417-17.868-30.326-45.517-39.844Zm-6.365 70.984c-1.4.463-2.836.91-4.3 1.345c-3.24-10.257-7.612-21.163-12.963-32.432c5.106-11 9.31-21.767 12.459-31.957c2.619.758 5.16 1.557 7.61 2.4c23.69 8.156 38.14 20.213 38.14 29.504c0 9.896-15.606 22.743-40.946 31.14Zm-10.514 20.834c2.562 12.94 2.927 24.64 1.23 33.787c-1.524 8.219-4.59 13.698-8.382 15.893c-8.067 4.67-25.32-1.4-43.927-17.412a156.726 156.726 0 0 1-6.437-5.87c7.214-7.889 14.423-17.06 21.459-27.246c12.376-1.098 24.068-2.894 34.671-5.345a134.17 134.17 0 0 1 1.386 6.193ZM87.276 214.515c-7.882 2.783-14.16 2.863-17.955.675c-8.075-4.657-11.432-22.636-6.853-46.752a156.923 156.923 0 0 1 1.869-8.499c10.486 2.32 22.093 3.988 34.498 4.994c7.084 9.967 14.501 19.128 21.976 27.15a134.668 134.668 0 0 1-4.877 4.492c-9.933 8.682-19.886 14.842-28.658 17.94ZM50.35 144.747c-12.483-4.267-22.792-9.812-29.858-15.863c-6.35-5.437-9.555-10.836-9.555-15.216c0-9.322 13.897-21.212 37.076-29.293c2.813-.98 5.757-1.905 8.812-2.773c3.204 10.42 7.406 21.315 12.477 32.332c-5.137 11.18-9.399 22.249-12.634 32.792a134.718 134.718 0 0 1-6.318-1.979Zm12.378-84.26c-4.811-24.587-1.616-43.134 6.425-47.789c8.564-4.958 27.502 2.111 47.463 19.835a144.318 144.318 0 0 1 3.841 3.545c-7.438 7.987-14.787 17.08-21.808 26.988c-12.04 1.116-23.565 2.908-34.161 5.309a160.342 160.342 0 0 1-1.76-7.887Zm110.427 27.268a347.8 347.8 0 0 0-7.785-12.803c8.168 1.033 15.994 2.404 23.343 4.08c-2.206 7.072-4.956 14.465-8.193 22.045a381.151 381.151 0 0 0-7.365-13.322Zm-45.032-43.861c5.044 5.465 10.096 11.566 15.065 18.186a322.04 322.04 0 0 0-30.257-.006c4.974-6.559 10.069-12.652 15.192-18.18ZM82.802 87.83a323.167 323.167 0 0 0-7.227 13.238c-3.184-7.553-5.909-14.98-8.134-22.152c7.304-1.634 15.093-2.97 23.209-3.984a321.524 321.524 0 0 0-7.848 12.897Zm8.081 65.352c-8.385-.936-16.291-2.203-23.593-3.793c2.26-7.3 5.045-14.885 8.298-22.6a321.187 321.187 0 0 0 7.257 13.246c2.594 4.48 5.28 8.868 8.038 13.147Zm37.542 31.03c-5.184-5.592-10.354-11.779-15.403-18.433c4.902.192 9.899.29 14.978.29c5.218 0 10.376-.117 15.453-.343c-4.985 6.774-10.018 12.97-15.028 18.486Zm52.198-57.817c3.422 7.8 6.306 15.345 8.596 22.52c-7.422 1.694-15.436 3.058-23.88 4.071a382.417 382.417 0 0 0 7.859-13.026a347.403 347.403 0 0 0 7.425-13.565Zm-16.898 8.101a358.557 358.557 0 0 1-12.281 19.815a329.4 329.4 0 0 1-23.444.823c-7.967 0-15.716-.248-23.178-.732a310.202 310.202 0 0 1-12.513-19.846h.001a307.41 307.41 0 0 1-10.923-20.627a310.278 310.278 0 0 1 10.89-20.637l-.001.001a307.318 307.318 0 0 1 12.413-19.761c7.613-.576 15.42-.876 23.31-.876H128c7.926 0 15.743.303 23.354.883a329.357 329.357 0 0 1 12.335 19.695a358.489 358.489 0 0 1 11.036 20.54a329.472 329.472 0 0 1-11 20.722Zm22.56-122.124c8.572 4.944 11.906 24.881 6.52 51.026c-.344 1.668-.73 3.367-1.15 5.09c-10.622-2.452-22.155-4.275-34.23-5.408c-7.034-10.017-14.323-19.124-21.64-27.008a160.789 160.789 0 0 1 5.888-5.4c18.9-16.447 36.564-22.941 44.612-18.3ZM128 90.808c12.625 0 22.86 10.235 22.86 22.86s-10.235 22.86-22.86 22.86s-22.86-10.235-22.86-22.86s10.235-22.86 22.86-22.86Z"></path></svg>