care-book-block-ultimate/.specify/memory/constitution.md

# Constitution - Care Book Block Ultimate

## Project Identity
**Name**: Care Book Block Ultimate
**Type**: WordPress Plugin
**Domain**: Healthcare Appointment Management
**Integration**: KiviCare Plugin

## Core Principles

### 1. WordPress Integration First
- NEVER modify core WordPress or KiviCare files
- Use hooks, filters, and WordPress APIs exclusively
- Follow WordPress Coding Standards (WPCS)
- Maintain plugin isolation and compatibility

### 2. CSS-First Performance
- Inject CSS to hide elements immediately
- Use PHP hooks for data filtering as secondary layer
- Minimize JavaScript dependencies
- Target <5% performance overhead

### 3. Security-First Development
- Sanitize ALL input data
- Escape ALL output data
- Use WordPress nonces for AJAX
- Implement proper capability checks
- Follow OWASP security guidelines

### 4. Database Architecture
- Custom table: wp_care_booking_restrictions
- Proper indexing for scalability
- Use WordPress $wpdb with prepared statements
- Implement efficient caching with WordPress Transients

### 5. Testing Strategy
- RED-GREEN-Refactor methodology
- Contract tests before implementation
- Integration tests for WordPress/KiviCare compatibility
- Unit tests for individual components
- Performance benchmarking

## Technical Constraints

### Performance Requirements
- Appointment page loading: <5% overhead
- Admin AJAX responses: <200ms
- Restriction toggles: <300ms (including cache)
- Scalability: Support thousands of doctors/services

### Compatibility Requirements
- PHP: 7.4+ minimum
- WordPress: 5.0+ minimum
- KiviCare: 3.0.0+ minimum
- MySQL: 5.7+ minimum

### Code Standards
- PHP: WordPress Coding Standards + PSR-4 autoloading
- JavaScript: WordPress JS Standards
- CSS: WordPress Admin styling patterns
- Database: Prepared statements mandatory

## Architectural Decisions

### Data Layer
- Custom table for restrictions data
- WordPress Transients for caching
- Selective cache invalidation
- Proper database indexes

### Integration Layer
- WordPress hooks/filters exclusively
- AJAX for admin interactions
- REST API endpoints where appropriate
- Event-driven architecture

### Presentation Layer
- CSS-first element hiding
- WordPress Admin UI patterns
- Mobile-responsive design
- Accessibility compliance (WCAG 2.1)

### Security Layer
- Input validation and sanitization
- Output escaping
- Capability-based access control
- Nonce verification for state changes

## Development Workflow

### Testing Cycle
1. Write failing contract test
2. Write failing integration test
3. Write failing unit test
4. Implement minimal code to pass
5. Refactor while keeping tests green
6. Performance verification
7. Security audit

### Deployment Process
1. Code review and approval
2. Automated testing suite
3. Performance benchmarking
4. Security scanning
5. Staging environment validation
6. Production deployment
7. Post-deployment monitoring

## Quality Gates

### Code Quality
- All tests pass (unit, integration, contract)
- Code coverage >80%
- No security vulnerabilities
- Performance benchmarks met
- WordPress VIP compliance

### Documentation
- API documentation complete
- User guide updated
- Technical architecture documented
- Deployment instructions current

---

**Last Updated**: 2025-09-12
**Version**: 1.0
**Review Cycle**: Monthly or on major changes