refactor: migrate from Bootstrap to Tailwind CSS

Complete rewrite of all UI components from Bootstrap 5 to Tailwind CSS.
This modernizes the frontend stack and removes ~600KB of dependencies.

Changes:
- Replace Bootstrap CDN with Tailwind Play CDN in base templates
- Remove django-bootstrap5 dependency from pyproject.toml
- Delete Bootstrap vendor files (CSS, JS, and Bootstrap Icons)
- Convert all 21 templates to Tailwind utility classes
- Replace Bootstrap JavaScript with vanilla JS for navigation/dropdowns
- Implement Tailwind dark mode with class strategy
- Add Heroicons SVG icons replacing Bootstrap Icons
- Update site.js for Tailwind-compatible dark mode toggle
- Update CLAUDE.md documentation

Templates converted:
- Core: base.html, _header.html, _footer.html, _alerts.html, home.html
- Auth: allauth layouts and all element components (buttons, forms, fields, etc.)
- Data room: upload_page.html with Uppy integration, status pages

Technical details:
- Using Tailwind Play CDN (no build process required)
- Dark mode configured with 'class' strategy
- All navigation/dropdown functionality preserved without Bootstrap JS
- Responsive design maintained across all breakpoints
- Form validation states and error handling converted

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

Author: heysamtexas

CLAUDE.md

@@ -4,20 +4,43 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
 
 ## Project Overview
 
-This is a Django Reference Implementation - a production-ready Django SaaS template with organizations, invitations, and authentication. It follows a pragmatic approach to building multi-tenant applications with minimal dependencies.
+This is a **Data Room Application** - a secure file upload and management system for collecting customer data files for proof-of-concept development. Built on Django with django-allauth (2FA + SSO support), it enables internal teams to provision UUID-based upload endpoints for customers while maintaining complete privacy and audit trails.
 
 ## Architecture
 
 ### Core Apps Structure
 - **config/**: Django project configuration (settings, URLs, WSGI/ASGI)
-- **myapp/**: Base application with site configuration models, templates, and management commands
-- **organizations/**: Complete multi-tenant organization system with invitations and user management
+- **myapp/**: Base application with site configuration models and templates
+- **dataroom/**: File upload system with customers, endpoints, and audit logging
+- **require2fa/**: Two-factor authentication enforcement middleware
 
 ### Key Components
-- **Authentication**: Uses django-allauth with 2FA support
-- **Async Processing**: Custom worker pattern using Django management commands with PostgreSQL as task queue
-- **Multi-tenancy**: Organization-based tenancy with invitation system
-- **Templates**: Bootstrap 5 UI with dark mode support
+- **Authentication**: Uses django-allauth with 2FA support and SSO-ready (Okta)
+- **File Management**: Local filesystem storage with UUID-based endpoint privacy
+- **Admin Interface**: Django admin for internal team management of customers and endpoints
+- **Audit Logging**: Complete tracking of file uploads, deletions, and staff downloads
+- **UI Framework**: Tailwind CSS via Play CDN with dark mode support and Heroicons
+- **Templates**: Minimal, professional upload interface with responsive design
+
+## Data Room Features
+
+### Customer & Endpoint Management
+- **Customers**: Internal tracking of companies/projects receiving upload endpoints
+- **Data Endpoints**: UUID-based upload URLs that don't expose customer information
+- **Multiple Endpoints**: Each customer can have multiple endpoints for different POCs
+- **Status Control**: Endpoints can be active, disabled, or archived
+
+### File Upload System
+- **Anonymous Upload**: Customers upload via UUID URL (no authentication required)
+- **Security**: Filename sanitization, path traversal prevention, duplicate handling
+- **Soft Delete**: Customers can request deletion (immediate with audit trail)
+- **File Listing**: Customers can view all files uploaded to their endpoint
+
+### Staff Features (Django Admin)
+- **Customer Management**: Create customers with freeform notes
+- **Endpoint Creation**: Generate new upload endpoints with one-click URL copying
+- **File Downloads**: Secure download with automatic audit logging
+- **Audit Dashboard**: View all file downloads and deletion activity
 
 ## Git Workflow for Claude Code
 
@@ -87,9 +110,7 @@ uv run src/manage.py <command>
 # Key management commands:
 uv run src/manage.py migrate
 uv run src/manage.py createsuperuser
-uv run src/manage.py simple_async_worker
-uv run src/manage.py send_email_confirmation
-uv run src/manage.py send_email_invite
+uv run src/manage.py test
 ```
 
 ### Code Quality
@@ -116,43 +137,48 @@ uv run vulture src/ --min-confidence 80  # Find unused code (high confidence)
 uv run vulture src/ --min-confidence 60  # Find unused code (medium confidence)
 
 # Type checking
-cd src && DJANGO_SETTINGS_MODULE=config.settings uv run mypy organizations/ myapp/ config/ --ignore-missing-imports --disable-error-code=var-annotated
+cd src && DJANGO_SETTINGS_MODULE=config.settings uv run mypy dataroom/ myapp/ config/ --ignore-missing-imports --disable-error-code=var-annotated
 ```
 
 ## Development Workflow
 
 ### Local Development
-- Uses Docker Compose for services (PostgreSQL, Mailpit, S3Proxy)
-- Django can run locally or in Docker
+- Uses Docker Compose for PostgreSQL and Mailpit
+- Django runs locally or in Docker
 - Environment variables configured in `env` file (copy from `env.sample`)
+- File uploads stored in `src/media/uploads/{endpoint-uuid}/`
 
 ### Testing
-- Tests located in `*/tests/` directories
+- Tests located in `*/tests.py` or `*/tests/` directories
 - Run with `uv run src/manage.py test`
-- Covers models, views, and forms
+- Covers models, views, upload/download functionality, and security
 
-### Worker System
-- Custom async worker pattern using Django management commands
-- Workers defined in `*/management/commands/`
-- Uses PostgreSQL for task queue (no Redis/Celery required)
-- Configure workers in `docker-compose.yml`
+### URL Structure
+- **Public (No Auth)**: `/upload/{uuid}/` - Customer upload page
+- **Admin Only**: `/admin/` - Django admin interface
+- **Staff Downloads**: Via Django admin actions (with audit logging)
 
 ## Important Files
 
 ### Configuration
 - `src/config/settings.py`: Main Django settings
 - `pyproject.toml`: Project metadata and tool configuration (ruff, bandit)
-- `docker-compose.yml`: Development services
+- `docker-compose.yml`: Development services (PostgreSQL, Mailpit)
 - `Makefile`: Development automation commands
+- `env`: Environment variables (copy from `env.sample`)
 
 ### Models
-- `myapp/models/`: Site configuration and worker models
-- `organizations/models.py`: Organization and invitation models
+- `dataroom/models.py`: Customer, DataEndpoint, UploadedFile, FileDownload
+- `myapp/models/`: Site configuration model
+- `require2fa/models.py`: Two-factor configuration model
+
+### Views & Templates
+- `dataroom/views.py`: Upload page, file upload handler, delete handler
+- `dataroom/templates/dataroom/`: Upload page, disabled/archived templates
+- `dataroom/admin.py`: Complete admin configuration with download actions
 
-### Templates
-- `templates/`: Global templates (base, auth, pages)
-- `myapp/templates/`: App-specific templates
-- `organizations/templates/`: Organization management templates
+### Tests
+- `dataroom/tests.py`: Comprehensive model and view tests
 
 ## Code Standards
 
@@ -163,10 +189,17 @@ cd src && DJANGO_SETTINGS_MODULE=config.settings uv run mypy organizations/ myap
 
 ### File Organization
 - Apps follow Django conventions
-- Models in `models/` directory (may be split into multiple files)
-- Views in `views/` directory
-- Management commands in `management/commands/`
+- Models in `models.py` or `models/` directory
+- Views in `views.py` or `views/` directory
 - Templates in `templates/` with app namespacing
+- Admin configurations in `admin.py`
+
+### Security
+- **Filename Sanitization**: `sanitize_filename()` prevents path traversal
+- **UUID Endpoints**: No customer information exposed in URLs
+- **IP Tracking**: All uploads, deletes, and downloads log IP addresses
+- **Soft Deletes**: Files marked deleted but retained for audit
+- **Staff-Only Downloads**: File downloads only via authenticated admin
 
 ## Dependencies
 
@@ -177,30 +210,63 @@ cd src && DJANGO_SETTINGS_MODULE=config.settings uv run mypy organizations/ myap
 - Install with `uv sync` or `uv sync --extra dev`
 
 ### Core Dependencies
-- Django 5.2.3
+- Django 5.2.5
 - Python 3.12
 - PostgreSQL 16
-- django-allauth (authentication)
-- django-bootstrap5 (UI)
-- django-storages (S3 support)
+- django-allauth (authentication with MFA and SSO support)
+- django-allauth-require2fa (2FA enforcement)
+- django-solo (singleton models)
+- Tailwind CSS (via Play CDN - no build process required)
+- Heroicons (SVG icon library)
 
 ### Development Dependencies
 - ruff (linting/formatting)
 - pre-commit (hooks)
+- mypy + django-stubs (type checking)
+- bandit (security scanning)
+- radon (complexity analysis)
+- vulture (dead code detection)
 
 ## Environment Variables
 
 Key environment variables (defined in `env` file):
 - `DEBUG`: Development mode flag
 - `SECRET_KEY`: Django secret key
-- `BASE_URL`: Application base URL
-- `DATABASE_URL`: PostgreSQL connection
-- `AWS_*`: S3 configuration
-- Email settings for django-allauth
+- `BASE_URL`: Application base URL (used for upload URL generation)
+- `DATABASE_URL`: PostgreSQL connection string
+- `EMAIL_URL`: Email backend configuration (console, SMTP, etc.)
+
+## File Storage
+
+### Structure
+```
+src/media/
+  uploads/
+    {endpoint-uuid}/
+      filename.ext
+      filename-20250117143022-1.ext  # Duplicate with timestamp
+```
+
+### Handling
+- Files stored in MEDIA_ROOT (`src/media/`)
+- Organized by endpoint UUID for isolation
+- Duplicate filenames auto-renamed with timestamp
+- Soft deletes keep files on disk for audit/recovery
 
 ## Deployment
 
-- Docker-based deployment
-- Heroku/Dokku ready with `Procfile`
-- Static files served by Django or S3
-- Uses environment variables for configuration
+- Docker-based deployment ready
+- Heroku/Dokku compatible with `Procfile`
+- Static files served via WhiteNoise
+- File uploads served securely via Django (for staff only)
+- Uses environment variables for all configuration
+- Database migrations handled via release phase
+
+## Future Enhancements
+
+- SSO integration with Okta (django-allauth is already SSO-ready)
+- File size limits and validation
+- Virus scanning integration
+- Automated file expiration/archival
+- Email notifications for uploads
+- Download links for customers (with expiration)

pyproject.toml

@@ -17,7 +17,6 @@ dependencies = [
     "charset-normalizer==3.4.3",
     "django-environ==0.12.0",
     "Django==5.2.5",
-    "django-bootstrap5==25.2",
     "django-solo==2.4.0",
     "gunicorn==23.0.0",
     "idna==3.10",

src/config/settings.py

@@ -25,14 +25,6 @@
 
 CSRF_TRUSTED_ORIGINS = [BASE_URL]
 
-# CONFIGURATION for django-storages
-AWS_ACCESS_KEY_ID = env("AWS_ACCESS_KEY_ID")
-AWS_SECRET_ACCESS_KEY = env("AWS_SECRET_ACCESS_KEY")
-AWS_STORAGE_BUCKET_NAME = env("AWS_STORAGE_BUCKET_NAME")
-AWS_S3_REGION_NAME = env("AWS_S3_REGION_NAME")
-AWS_S3_ENDPOINT_URL = env("AWS_S3_ENDPOINT_URL")
-AWS_S3_USE_SSL = env("AWS_S3_USE_SSL")
-
 ALLOWED_HOSTS = ["*"]
 
 INSTALLED_APPS = [
@@ -43,8 +35,7 @@
     "django.contrib.messages",
     "django.contrib.staticfiles",
     "django.contrib.sites",
-    "django_bootstrap5",
-    "organizations",
+    "dataroom",
     "myapp",
     "require2fa",
     "allauth",

src/dataroom/templates/dataroom/upload_archived.html

@@ -4,31 +4,15 @@
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Upload Archived</title>
-    <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet">
-    <style>
-        body {
-            background-color: #f8f9fa;
-            display: flex;
-            align-items: center;
-            justify-content: center;
-            min-height: 100vh;
-        }
-        .message-box {
-            max-width: 600px;
-            background: white;
-            border-radius: 8px;
-            padding: 40px;
-            text-align: center;
-        }
-    </style>
+    <script src="https://cdn.tailwindcss.com"></script>
 </head>
-<body>
-    <div class="message-box">
-        <svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" fill="currentColor" class="bi bi-archive text-secondary mb-3" viewBox="0 0 16 16">
-            <path d="M0 2a1 1 0 0 1 1-1h14a1 1 0 0 1 1 1v2a1 1 0 0 1-1 1v7.5a2.5 2.5 0 0 1-2.5 2.5h-9A2.5 2.5 0 0 1 1 12.5V5a1 1 0 0 1-1-1zm2 3v7.5A1.5 1.5 0 0 0 3.5 14h9a1.5 1.5 0 0 0 1.5-1.5V5zm13-3H1v2h14zM5 7.5a.5.5 0 0 1 .5-.5h5a.5.5 0 0 1 0 1h-5a.5.5 0 0 1-.5-.5"/>
+<body class="bg-gray-100 dark:bg-gray-900 flex items-center justify-center min-h-screen">
+    <div class="max-w-2xl bg-white dark:bg-gray-800 rounded-lg shadow-lg p-12 text-center">
+        <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="w-16 h-16 mx-auto text-gray-500 dark:text-gray-400 mb-6">
+            <path stroke-linecap="round" stroke-linejoin="round" d="M20.25 7.5l-.625 10.632a2.25 2.25 0 01-2.247 2.118H6.622a2.25 2.25 0 01-2.247-2.118L3.75 7.5M10 11.25h4M3.375 7.5h17.25c.621 0 1.125-.504 1.125-1.125v-1.5c0-.621-.504-1.125-1.125-1.125H3.375c-.621 0-1.125.504-1.125 1.125v1.5c0 .621.504 1.125 1.125 1.125z" />
         </svg>
-        <h2 class="mb-3">Upload Archived</h2>
-        <p class="text-muted">This upload endpoint has been archived and is no longer accepting files. Please contact your administrator if you need assistance.</p>
+        <h2 class="text-3xl font-bold text-gray-900 dark:text-white mb-4">Upload Archived</h2>
+        <p class="text-gray-600 dark:text-gray-300">This upload endpoint has been archived and is no longer accepting files. Please contact your administrator if you need assistance.</p>
     </div>
 </body>
 </html>

src/dataroom/templates/dataroom/upload_disabled.html

@@ -4,32 +4,15 @@
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Upload Disabled</title>
-    <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet">
-    <style>
-        body {
-            background-color: #f8f9fa;
-            display: flex;
-            align-items: center;
-            justify-content: center;
-            min-height: 100vh;
-        }
-        .message-box {
-            max-width: 600px;
-            background: white;
-            border-radius: 8px;
-            padding: 40px;
-            text-align: center;
-        }
-    </style>
+    <script src="https://cdn.tailwindcss.com"></script>
 </head>
-<body>
-    <div class="message-box">
-        <svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" fill="currentColor" class="bi bi-x-circle text-warning mb-3" viewBox="0 0 16 16">
-            <path d="M8 15A7 7 0 1 1 8 1a7 7 0 0 1 0 14m0 1A8 8 0 1 0 8 0a8 8 0 0 0 0 16"/>
-            <path d="M4.646 4.646a.5.5 0 0 1 .708 0L8 7.293l2.646-2.647a.5.5 0 0 1 .708.708L8.707 8l2.647 2.646a.5.5 0 0 1-.708.708L8 8.707l-2.646 2.647a.5.5 0 0 1-.708-.708L7.293 8 4.646 5.354a.5.5 0 0 1 0-.708"/>
+<body class="bg-gray-100 dark:bg-gray-900 flex items-center justify-center min-h-screen">
+    <div class="max-w-2xl bg-white dark:bg-gray-800 rounded-lg shadow-lg p-12 text-center">
+        <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="w-16 h-16 mx-auto text-yellow-500 mb-6">
+            <path stroke-linecap="round" stroke-linejoin="round" d="M9.75 9.75l4.5 4.5m0-4.5l-4.5 4.5M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
         </svg>
-        <h2 class="mb-3">Upload Disabled</h2>
-        <p class="text-muted">This upload endpoint has been temporarily disabled. Please contact your administrator for more information.</p>
+        <h2 class="text-3xl font-bold text-gray-900 dark:text-white mb-4">Upload Disabled</h2>
+        <p class="text-gray-600 dark:text-gray-300">This upload endpoint has been temporarily disabled. Please contact your administrator for more information.</p>
     </div>
 </body>
 </html>