{
  "schema_version": "2026-07-09",
  "example": true,
  "live_api": false,
  "name": "Client Portal Backend Example",
  "slug": "client-portal",
  "description": "A public example of the backend contract Spala can help create for a client portal: users, cases, messages, documents, invoices, auth, API docs, and frontend handoff.",
  "audience": "agencies, law firms, consultants, service businesses",
  "boundary": "Illustrative backend contract only. This is not a live customer API, not Spala source code, and not private platform architecture.",
  "suggested_tables": [
    {
      "name": "users",
      "purpose": "Example users resource for the client-portal backend contract.",
      "fields": [
        "id",
        "created_at",
        "updated_at"
      ],
      "note": "Exact fields should be generated, reviewed, and validated in the Spala project."
    },
    {
      "name": "clients",
      "purpose": "Example clients resource for the client-portal backend contract.",
      "fields": [
        "id",
        "created_at",
        "updated_at"
      ],
      "note": "Exact fields should be generated, reviewed, and validated in the Spala project."
    },
    {
      "name": "cases",
      "purpose": "Example cases resource for the client-portal backend contract.",
      "fields": [
        "id",
        "created_at",
        "updated_at"
      ],
      "note": "Exact fields should be generated, reviewed, and validated in the Spala project."
    },
    {
      "name": "case_messages",
      "purpose": "Example case_messages resource for the client-portal backend contract.",
      "fields": [
        "id",
        "created_at",
        "updated_at"
      ],
      "note": "Exact fields should be generated, reviewed, and validated in the Spala project."
    },
    {
      "name": "document_metadata",
      "purpose": "Example document_metadata resource for the client-portal backend contract.",
      "fields": [
        "id",
        "created_at",
        "updated_at"
      ],
      "note": "Exact fields should be generated, reviewed, and validated in the Spala project."
    },
    {
      "name": "invoices",
      "purpose": "Example invoices resource for the client-portal backend contract.",
      "fields": [
        "id",
        "created_at",
        "updated_at"
      ],
      "note": "Exact fields should be generated, reviewed, and validated in the Spala project."
    },
    {
      "name": "audit_events",
      "purpose": "Example audit_events resource for the client-portal backend contract.",
      "fields": [
        "id",
        "created_at",
        "updated_at"
      ],
      "note": "Exact fields should be generated, reviewed, and validated in the Spala project."
    }
  ],
  "suggested_endpoints": [
    {
      "method": "POST",
      "path": "/api/signup",
      "operationId": "post_signup",
      "auth": "bearer_user_or_project_token",
      "note": "Example route shape only. Validate request, response, ownership, and error behavior in the generated Spala project."
    },
    {
      "method": "POST",
      "path": "/api/login",
      "operationId": "post_login",
      "auth": "bearer_user_or_project_token",
      "note": "Example route shape only. Validate request, response, ownership, and error behavior in the generated Spala project."
    },
    {
      "method": "GET",
      "path": "/api/me",
      "operationId": "get_me",
      "auth": "bearer_user_or_project_token",
      "note": "Example route shape only. Validate request, response, ownership, and error behavior in the generated Spala project."
    },
    {
      "method": "GET",
      "path": "/api/cases",
      "operationId": "get_cases",
      "auth": "depends_on_route",
      "note": "Example route shape only. Validate request, response, ownership, and error behavior in the generated Spala project."
    },
    {
      "method": "POST",
      "path": "/api/cases",
      "operationId": "post_cases",
      "auth": "bearer_user_or_project_token",
      "note": "Example route shape only. Validate request, response, ownership, and error behavior in the generated Spala project."
    },
    {
      "method": "GET",
      "path": "/api/cases/{id}/messages",
      "operationId": "get_cases_id_messages",
      "auth": "bearer_user_or_project_token",
      "note": "Example route shape only. Validate request, response, ownership, and error behavior in the generated Spala project."
    },
    {
      "method": "POST",
      "path": "/api/cases/{id}/messages",
      "operationId": "post_cases_id_messages",
      "auth": "bearer_user_or_project_token",
      "note": "Example route shape only. Validate request, response, ownership, and error behavior in the generated Spala project."
    },
    {
      "method": "POST",
      "path": "/api/documents",
      "operationId": "post_documents",
      "auth": "bearer_user_or_project_token",
      "note": "Example route shape only. Validate request, response, ownership, and error behavior in the generated Spala project."
    },
    {
      "method": "GET",
      "path": "/api/invoices",
      "operationId": "get_invoices",
      "auth": "depends_on_route",
      "note": "Example route shape only. Validate request, response, ownership, and error behavior in the generated Spala project."
    }
  ],
  "auth_boundary": "User auth with roles for owner, staff, and client. Case and message access should be scoped by ownership and role.",
  "frontend_handoff": {
    "summary": "Frontend receives base API URL, OpenAPI/Markdown docs, auth routes, token handling, CORS origin, upload route, and publish state.",
    "include": [
      "published API base URL",
      "OpenAPI or generated Markdown API docs",
      "auth routes and token behavior",
      "protected route rules",
      "CORS origin",
      "upload/realtime rules when relevant",
      "error format",
      "publish state",
      "exact project MCP URL after auth and project selection"
    ]
  },
  "proof_of_concept_steps": [
    "Create a low-risk Spala project.",
    "Ask AI Copilot to generate this backend contract.",
    "Review tables, endpoints, auth rules, backend logic, and generated docs.",
    "Test public, protected, success, failure, validation, and ownership paths.",
    "Publish only after validation and review."
  ]
}