# CLAUDE.md

This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.

## Application Overview

This is a PHP-based web application called "CHEWEBAPP" - a business management system for insurance/financial services with modules for quotes/estimates ("preventivi"), criteria management ("criteri"), and statistical analysis. The application uses a classic MVC-like PHP architecture with session management, AS400 integration, and PDF generation capabilities.

## Development Commands

### Configuration
- Configuration files are in `com/conf/const.inc.php` (main constants) and `com/conf/init.inc.php` (initialization)
- Database configuration is defined in const.inc.php with MySQL/MariaDB support
- No build system detected - this is a traditional PHP application served directly

### Testing
- No formal test framework detected
- Manual testing through web interface

### RSS Feed Management
- Use `com/res/feed.sh` to update RSS feeds: `bash com/res/feed.sh`
- Feed configuration in `com/res/feed.xml`

## Architecture Overview

### Directory Structure
- `com/` - Core framework components
  - `class/` - Business logic classes (*.class.php)
  - `conf/` - Configuration files
  - `css/`, `js/`, `html/`, `img/` - Frontend assets
  - `funz/` - Utility functions
- `apps/` - **Independent application modules** (major subsystems)
  - `preventivi/` - **Quotes/estimates application** - Complete MVC with own config/classes
  - `criteri/` - **Risk criteria management application** - Separate admin interface
  - Each app has own: `com/`, `config/`, `batch/`, `ws/` subdirectories
- `analisiStat/` - Statistical analysis module
- Root level - Main web application files

### Key Components

#### Session Management
- Custom session handling via `SessionManager.class.php`
- XSN (session identifier) based security model
- Session validation on every request via `init.inc.php`

#### Database Layer
- MySQL/MariaDB integration via `DB2Adapter.class.php`
- Custom field mapping with `FieldAS400.class.php`
- Connection defined in `const.inc.php` (DBMS_* constants)

#### AS400 Integration
- Legacy system integration via `as400Request.class.php` and `as400Response.class.php`
- Web service communication for mainframe data

#### PDF Generation
- Custom PDF generation using `fpdf.class.php`
- Document templates in `doc_pdf.class.php`
- Zend PDF framework integration

#### Template System
- Custom templating via `template.class.php` and `thema.class.php`
- HTML templates in `com/html/`
- Theme support with `APP_DEFAULT_THEMA` constant

### Security Features
- Input sanitization via `stripInput()` functions in `init.inc.php`
- Session-based authentication with XSN tokens
- Request validation and SQL injection protection
- HTML entity encoding for output

## Development Guidelines

### File Organization
- PHP classes follow `ClassName.class.php` naming convention
- Place business logic in `com/class/` for main app
- **Apps have independent structure:**
  - `apps/[app_name]/com/inc/` for app-specific classes
  - `apps/[app_name]/config/` for app configuration
  - Each app manages its own MVC pattern
- Frontend assets organized by type in `com/` (shared) or `apps/[app]/` (app-specific)

### Configuration Management
- **Main app configuration:** `com/conf/const.inc.php`
- **App-specific configuration:** Each app in `/apps/` has own config
  - `apps/preventivi/config/` - Preventivi application settings
  - `apps/criteri/com/inc/` - Criteri application initialization
- Database credentials and paths defined as PHP constants
- **Multi-database support:** Apps can define additional database connections
- Environment-specific settings via `APP_DEBUG` constant
- SMTP configuration for email functionality

### Database Access
- Use existing database abstraction layer
- Connection parameters in `const.inc.php` (DBMS_HOST, DBMS_USER, etc.)
- Schema defined by `DBMS_SCHEMA` constant

#### Database Schemas
The application uses two main database schemas:

**CHEREPORT Database** - Document and report management system
- `documento` - Main document storage with metadata (client, template, file size, etc.)
- `template` - Report templates configuration linked to aggregati
- `aggregato` - Report data aggregation definitions
- `campo_aggregato` - Field definitions for aggregated reports
- `set_dati` - Data source configuration for report generation
- `admin` - Administrative users for report system

**CHEWEB Database** - Main web application database  
- `utente` - User accounts with theme preferences and permissions
- `thema` - Theme configuration (toolbar type, dimensions, paths)
- `toolbar_item` - Configurable toolbar buttons with permissions
- `sisinfo` - System information and client configurations
- `profilo` - User profile definitions with role-based access
- `azione` - AS400 program actions integration
- `accesscounter` - Login tracking and audit trail
- `session` - Active user session management
- `lookup tables` (LKUP_*) - Code/description mappings for various entities
- `mail` - Email sending history and status tracking

**Additional Module-Specific Databases:**
- **CRITERI** - Risk criteria database (per sisinfo: `criteri`, `criteri_cfip`, etc.)
- **PREVENTIVI** - Financial/insurance data for quotes (`preventivi`)
- **PREVENTIVI_LOC** - Local data for preventivi application (`preventivi_loc`)
- **Configuration databases** - Per-sisinfo configuration data

### Session Handling
- Always use the SessionManager class for session operations
- XSN parameter required for authenticated pages
- Session validation occurs in `init.inc.php`

### Error Handling
- Custom error handlers defined in `init.inc.php`
- Debug mode controlled by `APP_DEBUG` constant
- Logging via `MyLog` class to `tmp/app.log`

## Module Structure

### Apps Directory - Independent Applications
The `/apps/` directory contains **complete sub-applications** with their own architecture:

#### Preventivi (Quotes/Estimates) Application
- **Location:** `apps/preventivi/`
- **Architecture:** Complete MVC application with own framework
- **Structure:**
  - `config/` - Application-specific configuration and setup
  - `com/inc/` - Own framework classes and utilities
  - `batch/` - Background processing scripts
  - `ws/` - Web services for integration
  - `preventivi/` - Main application logic
  - `documenti/` - Document management
- **Functionality:** Financial calculations, quote generation, template management
- **Database:** Uses multiple databases (preventivi, preventivi_loc, criteri)
- **Integration:** AS400 mainframe integration, CheReport document generation

#### Criteri (Risk Criteria) Application  
- **Location:** `apps/criteri/`
- **Architecture:** Administrative application for risk management
- **Structure:**
  - `admin/` - Administrative interface
  - `com/inc/` - Own initialization and utilities  
  - `criterio/` - Criteria definition and management
  - `attributo/` - Attribute management
  - `tiporischio/` - Risk type definitions
  - `batch/` - Background processing
  - `test/` - Testing utilities
- **Functionality:** Risk assessment criteria, version control, import/export
- **Database:** Uses dedicated criteri database per sisinfo
- **Features:** Multi-version criteria sets, validation scripts, consolidation

### Statistical Analysis Module
- **Location:** `analisiStat/`
- **Functionality:** Data analysis and reporting, chart generation
- **Integration:** Uses main framework classes and database connections

## Integration Points

### AS400 Mainframe
- **Architecture:** 3 specialized SOAP services for complete mainframe integration
- **Services:**
  - **WebBridge:** `http://as400.cheleo.it:89/webBridge/ws/webBridge.ws.php` (11 operations)
    - Program execution, spool management, authentication, audit
  - **Statistics:** `http://as400.cheleo.it:89/webBridgeProd/ws/stat.ws.php` (6 operations) 
    - Business intelligence, charts, contracts analytics, cash flow analysis
  - **IFS Manager:** `http://as400.cheleo.it:89/webBridgeProd/ws/ifsManager.ws.php` (3 operations)
    - File system access, upload/download, directory navigation
- **Business Domain:** Financial services/leasing with contracts, practices, collections
- **Classes:** `as400Request.class.php`, `as400Response.class.php`
- **WSDL Files:** Available in `docs/ws_docs/` and `docs/webBridge.auto.wsdl`
- **Complete Analysis:** See `docs/ws_complete_analysis.md` for full service documentation

### External Services
- SMTP email integration
- RSS feed consumption
- PDF document generation

### File System
- Document storage in configurable directories
- Temporary file handling for reports
- Image and asset management

## Common Maintenance Tasks

- Monitor session logs in `tmp/app.log`
- Update RSS feeds via `feed.sh` script
- Database maintenance through admin interfaces
- Theme and template customization
- User management and access control