churchcred 0.1.0

data/config/environments/test.rb

@@ -0,0 +1,67 @@
+require "active_support/core_ext/integer/time"
+
+# The test environment is used exclusively to run your application's
+# test suite. You never need to work with it otherwise. Remember that
+# your test database is "scratch space" for the test suite and is wiped
+# and recreated between test runs. Don't rely on the data there!
+
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # While tests run files are not watched, reloading is not necessary.
+  config.enable_reloading = false
+
+  # Eager loading loads your entire application. When running a single test locally,
+  # this is usually not necessary, and can slow down your test suite. However, it's
+  # recommended that you enable it in continuous integration systems to ensure eager
+  # loading is working properly before deploying your code.
+  config.eager_load = ENV["CI"].present?
+
+  # Configure public file server for tests with Cache-Control for performance.
+  config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{1.hour.to_i}" }
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local = true
+  config.action_controller.perform_caching = false
+  config.cache_store = :null_store
+
+  # Render exception templates for rescuable exceptions and raise for other exceptions.
+  config.action_dispatch.show_exceptions = :rescuable
+
+  # Disable request forgery protection in test environment.
+  config.action_controller.allow_forgery_protection = false
+
+  # Store uploaded files on the local file system in a temporary directory.
+  config.active_storage.service = :test
+
+  # Disable caching for Action Mailer templates even if Action Controller
+  # caching is enabled.
+  config.action_mailer.perform_caching = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Unlike controllers, the mailer instance doesn't have any context about the
+  # incoming request so you'll need to provide the :host parameter yourself.
+  config.action_mailer.default_url_options = { host: "www.example.com" }
+
+  # Print deprecation notices to the stderr.
+  config.active_support.deprecation = :stderr
+
+  # Raise exceptions for disallowed deprecations.
+  config.active_support.disallowed_deprecation = :raise
+
+  # Tell Active Support which deprecation messages to disallow.
+  config.active_support.disallowed_deprecation_warnings = []
+
+  # Raises error for missing translations.
+  # config.i18n.raise_on_missing_translations = true
+
+  # Annotate rendered view with file names.
+  # config.action_view.annotate_rendered_view_with_filenames = true
+
+  # Raise error when a before_action's only/except options reference missing actions.
+  config.action_controller.raise_on_missing_callback_actions = true
+end

data/config/initializers/cors.rb

@@ -0,0 +1,11 @@
+Rails.application.config.middleware.insert_before 0, Rack::Cors do
+  allow do
+    origins ENV.fetch("ALLOWED_ORIGINS", "http://localhost:8080,http://localhost:3000,http://127.0.0.1:3000,http://127.0.0.1:8080").split(",")
+
+    resource "/api/*",
+      headers: :any,
+      methods: %i[get post put patch delete options head],
+      credentials: true,
+      expose: ["Authorization"]
+  end
+end

data/config/initializers/filter_parameter_logging.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+# Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file.
+# Use this to limit dissemination of sensitive information.
+# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
+Rails.application.config.filter_parameters += [
+  :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
+]

data/config/initializers/inflections.rb

@@ -0,0 +1,16 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format. Inflections
+# are locale specific, and you may define rules for as many different
+# locales as you wish. All of these examples are active by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.plural /^(ox)$/i, "\\1en"
+#   inflect.singular /^(ox)en/i, "\\1"
+#   inflect.irregular "person", "people"
+#   inflect.uncountable %w( fish sheep )
+# end
+
+# These inflection rules are supported but not enabled by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.acronym "RESTful"
+# end

data/config/initializers/rack_attack.rb

@@ -0,0 +1,22 @@
+Rack::Attack.cache.store = ActiveSupport::Cache::RedisCacheStore.new(
+  url: ENV.fetch("REDIS_URL", "redis://localhost:6379/1")
+)
+
+# Throttle login attempts: 5 per minute per IP
+Rack::Attack.throttle("logins/ip", limit: 5, period: 60) do |req|
+  req.ip if req.path == "/api/v1/sessions" && req.post?
+end
+
+# Throttle by email: 10 per hour per email address
+Rack::Attack.throttle("logins/email", limit: 10, period: 3600) do |req|
+  if req.path == "/api/v1/sessions" && req.post?
+    body = JSON.parse(req.body.read) rescue {}
+    req.body.rewind
+    body["email"]&.downcase
+  end
+end
+
+Rack::Attack.throttled_responder = lambda do |_req|
+  [429, { "Content-Type" => "application/json" },
+   ['{"error":"Too many login attempts. Please try again later."}']]
+end

data/config/initializers/sidekiq.rb

@@ -0,0 +1,7 @@
+Sidekiq.configure_server do |config|
+  config.redis = { url: ENV.fetch("REDIS_URL", "redis://localhost:6379/0") }
+end
+
+Sidekiq.configure_client do |config|
+  config.redis = { url: ENV.fetch("REDIS_URL", "redis://localhost:6379/0") }
+end

data/config/initializers/watch_dirs.rb

@@ -0,0 +1,6 @@
+# Prevent Rails from reloading when Vite rebuilds frontend files
+Rails.application.configure do
+  config.watchable_dirs["app"]    = [:rb]
+  config.watchable_dirs["config"] = [:rb, :yml]
+  config.watchable_dirs["lib"]    = [:rb]
+end

data/config/locales/en.yml

@@ -0,0 +1,31 @@
+# Files in the config/locales directory are used for internationalization and
+# are automatically loaded by Rails. If you want to use locales other than
+# English, add the necessary files in this directory.
+#
+# To use the locales, use `I18n.t`:
+#
+#     I18n.t "hello"
+#
+# In views, this is aliased to just `t`:
+#
+#     <%= t("hello") %>
+#
+# To use a different locale, set it with `I18n.locale`:
+#
+#     I18n.locale = :es
+#
+# This would use the information in config/locales/es.yml.
+#
+# To learn more about the API, please read the Rails Internationalization guide
+# at https://guides.rubyonrails.org/i18n.html.
+#
+# Be aware that YAML interprets the following case-insensitive strings as
+# booleans: `true`, `false`, `on`, `off`, `yes`, `no`. Therefore, these strings
+# must be quoted to be interpreted as strings. For example:
+#
+#     en:
+#       "yes": yup
+#       enabled: "ON"
+
+en:
+  hello: "Hello world"

data/config/master.key

@@ -0,0 +1 @@
+56c8d0bb14ec111a4bf435d4f653ab49

data/config/puma.rb

@@ -0,0 +1,34 @@
+# This configuration file will be evaluated by Puma. The top-level methods that
+# are invoked here are part of Puma's configuration DSL. For more information
+# about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html.
+
+# Puma starts a configurable number of processes (workers) and each process
+# serves each request in a thread from an internal thread pool.
+#
+# The ideal number of threads per worker depends both on how much time the
+# application spends waiting for IO operations and on how much you wish to
+# to prioritize throughput over latency.
+#
+# As a rule of thumb, increasing the number of threads will increase how much
+# traffic a given process can handle (throughput), but due to CRuby's
+# Global VM Lock (GVL) it has diminishing returns and will degrade the
+# response time (latency) of the application.
+#
+# The default is set to 3 threads as it's deemed a decent compromise between
+# throughput and latency for the average Rails application.
+#
+# Any libraries that use a connection pool or another resource pool should
+# be configured to provide at least as many connections as the number of
+# threads. This includes Active Record's `pool` parameter in `database.yml`.
+threads_count = ENV.fetch("RAILS_MAX_THREADS", 3)
+threads threads_count, threads_count
+
+# Specifies the `port` that Puma will listen on to receive requests; default is 3000.
+port ENV.fetch("PORT", 3000)
+
+# Allow puma to be restarted by `bin/rails restart` command.
+plugin :tmp_restart
+
+# Specify the PID file. Defaults to tmp/pids/server.pid in development.
+# In other environments, only set the PID file if requested.
+pidfile ENV["PIDFILE"] if ENV["PIDFILE"]

data/config/routes.rb

@@ -0,0 +1,42 @@
+Rails.application.routes.draw do
+  namespace :api do
+    namespace :v1 do
+      # Auth
+      post   "sessions",  to: "sessions#create"
+      delete "sessions",  to: "sessions#destroy"
+
+      # Current user
+      get  "me",                 to: "me#show"
+      get  "me/badges",          to: "me#badges"
+      get  "me/points_ledger",   to: "me#points_ledger"
+
+      # Badges
+      resources :badges, only: %i[index create update destroy]
+
+      # Merchandise
+      resources :merch_items, only: %i[index create update destroy]
+      resources :redemptions, only: %i[create]
+
+      # Organization
+      resource :organization, only: %i[show update]
+
+      # PCO sync
+      resources :sync_logs, only: %i[index]
+      post "sync", to: "sync#create"
+
+      # Admin
+      namespace :admin do
+        get "stats", to: "stats#show"
+        resources :members, only: %i[index]
+      end
+    end
+  end
+
+  # PCO OAuth
+  get  "auth/pco",          to: "auth/pco#authorize"
+  get  "auth/pco/callback", to: "auth/pco#callback"
+
+  # Catch-all: let Vite / React Router handle everything else
+  get "*path", to: "application#frontend", constraints: ->(req) { !req.xhr? && req.format.html? }
+  root to: "application#frontend"
+end

data/config/storage.yml

@@ -0,0 +1,34 @@
+test:
+  service: Disk
+  root: <%= Rails.root.join("tmp/storage") %>
+
+local:
+  service: Disk
+  root: <%= Rails.root.join("storage") %>
+
+# Use bin/rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
+# amazon:
+#   service: S3
+#   access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
+#   secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
+#   region: us-east-1
+#   bucket: your_own_bucket-<%= Rails.env %>
+
+# Remember not to checkin your GCS keyfile to a repository
+# google:
+#   service: GCS
+#   project: your_project
+#   credentials: <%= Rails.root.join("path/to/gcs.keyfile") %>
+#   bucket: your_own_bucket-<%= Rails.env %>
+
+# Use bin/rails credentials:edit to set the Azure Storage secret (as azure_storage:storage_access_key)
+# microsoft:
+#   service: AzureStorage
+#   storage_account_name: your_account_name
+#   storage_access_key: <%= Rails.application.credentials.dig(:azure_storage, :storage_access_key) %>
+#   container: your_container_name-<%= Rails.env %>
+
+# mirror:
+#   service: Mirror
+#   primary: local
+#   mirrors: [ amazon, google, microsoft ]

data/config/vite.json

@@ -0,0 +1,16 @@
+{
+  "all": {
+    "sourceCodeDir": "app/frontend",
+    "watchAdditionalPaths": []
+  },
+  "development": {
+    "autoBuild": true,
+    "publicOutputDir": "vite-dev",
+    "port": 3036
+  },
+  "test": {
+    "autoBuild": true,
+    "publicOutputDir": "vite-test",
+    "port": 3037
+  }
+}

data/db/migrate/20260327000001_create_initial_schema.rb

@@ -0,0 +1,92 @@
+class CreateInitialSchema < ActiveRecord::Migration[7.2]
+  def change
+    create_table :organizations do |t|
+      t.string  :name,                      null: false
+      t.string  :subdomain,                 null: false, index: { unique: true }
+      t.integer :points_per_sunday,         default: 25,  null: false
+      t.integer :points_per_wednesday,      default: 15,  null: false
+      t.integer :points_per_volunteer_hour, default: 50,  null: false
+      t.integer :points_per_special_event,  default: 100, null: false
+      # PCO OAuth — stored encrypted via ActiveRecord::Encryption
+      t.string  :pco_client_id
+      t.string  :pco_client_secret
+      t.string  :pco_access_token
+      t.string  :pco_refresh_token
+      t.timestamps
+    end
+
+    create_table :users do |t|
+      t.references :organization, null: false, foreign_key: true
+      t.string  :name,            null: false
+      t.string  :email,           null: false
+      t.string  :password_digest
+      t.string  :role,            default: "member", null: false
+      t.string  :avatar_url
+      t.string  :pco_person_id,   index: true
+      t.timestamps
+    end
+    add_index :users, %i[organization_id email], unique: true
+
+    create_table :badges do |t|
+      t.references :organization, null: false, foreign_key: true
+      t.string  :name,          null: false
+      t.text    :description
+      t.string  :category,      null: false
+      t.string  :criteria
+      t.string  :criteria_type, null: false
+      t.integer :threshold,     default: 1, null: false
+      t.string  :color
+      t.string  :icon
+      t.boolean :active,        default: true, null: false
+      t.integer :total_awarded, default: 0,    null: false
+      t.timestamps
+    end
+
+    create_table :badge_awards do |t|
+      t.references :user,  null: false, foreign_key: true
+      t.references :badge, null: false, foreign_key: true
+      t.date :earned_date, null: false
+      t.timestamps
+    end
+    add_index :badge_awards, %i[user_id badge_id], unique: true
+
+    create_table :merch_items do |t|
+      t.references :organization, null: false, foreign_key: true
+      t.string  :name,            null: false
+      t.text    :description
+      t.integer :point_cost,      null: false
+      t.integer :inventory_count, default: 0, null: false
+      t.string  :image_url
+      t.string  :status,          default: "available", null: false
+      t.timestamps
+    end
+
+    create_table :redemptions do |t|
+      t.references :user,       null: false, foreign_key: true
+      t.references :merch_item, null: false, foreign_key: true
+      t.string :status,         default: "pending", null: false
+      t.timestamps
+    end
+
+    create_table :points_ledger_entries do |t|
+      t.references :user,    null: false, foreign_key: true
+      t.date    :date,       null: false
+      t.string  :source,     null: false
+      t.string  :transaction_type, null: false
+      t.integer :points,     null: false
+      t.string  :pco_event_id
+      t.timestamps
+    end
+    add_index :points_ledger_entries, %i[user_id pco_event_id], unique: true, where: "pco_event_id IS NOT NULL"
+
+    create_table :sync_logs do |t|
+      t.references :organization, null: false, foreign_key: true
+      t.datetime :timestamp,        null: false
+      t.string   :event_type,       null: false
+      t.integer  :members_affected, default: 0
+      t.string   :status,           null: false
+      t.text     :details
+      t.timestamps
+    end
+  end
+end

data/db/schema.rb

@@ -0,0 +1,133 @@
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# This file is the source Rails uses to define your schema when running `bin/rails
+# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema[7.2].define(version: 2026_03_27_000001) do
+  # These are extensions that must be enabled in order to support this database
+  enable_extension "plpgsql"
+
+  create_table "badge_awards", force: :cascade do |t|
+    t.bigint "user_id", null: false
+    t.bigint "badge_id", null: false
+    t.date "earned_date", null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["badge_id"], name: "index_badge_awards_on_badge_id"
+    t.index ["user_id", "badge_id"], name: "index_badge_awards_on_user_id_and_badge_id", unique: true
+    t.index ["user_id"], name: "index_badge_awards_on_user_id"
+  end
+
+  create_table "badges", force: :cascade do |t|
+    t.bigint "organization_id", null: false
+    t.string "name", null: false
+    t.text "description"
+    t.string "category", null: false
+    t.string "criteria"
+    t.string "criteria_type", null: false
+    t.integer "threshold", default: 1, null: false
+    t.string "color"
+    t.string "icon"
+    t.boolean "active", default: true, null: false
+    t.integer "total_awarded", default: 0, null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["organization_id"], name: "index_badges_on_organization_id"
+  end
+
+  create_table "merch_items", force: :cascade do |t|
+    t.bigint "organization_id", null: false
+    t.string "name", null: false
+    t.text "description"
+    t.integer "point_cost", null: false
+    t.integer "inventory_count", default: 0, null: false
+    t.string "image_url"
+    t.string "status", default: "available", null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["organization_id"], name: "index_merch_items_on_organization_id"
+  end
+
+  create_table "organizations", force: :cascade do |t|
+    t.string "name", null: false
+    t.string "subdomain", null: false
+    t.integer "points_per_sunday", default: 25, null: false
+    t.integer "points_per_wednesday", default: 15, null: false
+    t.integer "points_per_volunteer_hour", default: 50, null: false
+    t.integer "points_per_special_event", default: 100, null: false
+    t.string "pco_client_id"
+    t.string "pco_client_secret"
+    t.string "pco_access_token"
+    t.string "pco_refresh_token"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["subdomain"], name: "index_organizations_on_subdomain", unique: true
+  end
+
+  create_table "points_ledger_entries", force: :cascade do |t|
+    t.bigint "user_id", null: false
+    t.date "date", null: false
+    t.string "source", null: false
+    t.string "transaction_type", null: false
+    t.integer "points", null: false
+    t.string "pco_event_id"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["user_id", "pco_event_id"], name: "index_points_ledger_entries_on_user_id_and_pco_event_id", unique: true, where: "(pco_event_id IS NOT NULL)"
+    t.index ["user_id"], name: "index_points_ledger_entries_on_user_id"
+  end
+
+  create_table "redemptions", force: :cascade do |t|
+    t.bigint "user_id", null: false
+    t.bigint "merch_item_id", null: false
+    t.string "status", default: "pending", null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["merch_item_id"], name: "index_redemptions_on_merch_item_id"
+    t.index ["user_id"], name: "index_redemptions_on_user_id"
+  end
+
+  create_table "sync_logs", force: :cascade do |t|
+    t.bigint "organization_id", null: false
+    t.datetime "timestamp", null: false
+    t.string "event_type", null: false
+    t.integer "members_affected", default: 0
+    t.string "status", null: false
+    t.text "details"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["organization_id"], name: "index_sync_logs_on_organization_id"
+  end
+
+  create_table "users", force: :cascade do |t|
+    t.bigint "organization_id", null: false
+    t.string "name", null: false
+    t.string "email", null: false
+    t.string "password_digest"
+    t.string "role", default: "member", null: false
+    t.string "avatar_url"
+    t.string "pco_person_id"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["organization_id", "email"], name: "index_users_on_organization_id_and_email", unique: true
+    t.index ["organization_id"], name: "index_users_on_organization_id"
+    t.index ["pco_person_id"], name: "index_users_on_pco_person_id"
+  end
+
+  add_foreign_key "badge_awards", "badges"
+  add_foreign_key "badge_awards", "users"
+  add_foreign_key "badges", "organizations"
+  add_foreign_key "merch_items", "organizations"
+  add_foreign_key "points_ledger_entries", "users"
+  add_foreign_key "redemptions", "merch_items"
+  add_foreign_key "redemptions", "users"
+  add_foreign_key "sync_logs", "organizations"
+  add_foreign_key "users", "organizations"
+end

data/db/seeds.rb

@@ -0,0 +1,70 @@
+org = Organization.find_or_create_by!(subdomain: "jubilee") do |o|
+  o.name                      = "Jubilee Christian Center"
+  o.points_per_sunday         = 25
+  o.points_per_wednesday      = 15
+  o.points_per_volunteer_hour = 50
+  o.points_per_special_event  = 100
+end
+
+admin = User.find_or_create_by!(email: ENV.fetch("SEED_ADMIN_EMAIL", "admin@jubileechurch.com"), organization: org) do |u|
+  u.name     = "Chad Smith"
+  u.password = ENV.fetch("SEED_ADMIN_PASSWORD") { raise "Set SEED_ADMIN_PASSWORD env var before seeding" }
+  u.role     = "admin"
+end
+
+# Badges
+badge_data = [
+  { name: "First Timer",        category: "Attendance",   criteria: "Attend 1 service",              criteria_type: "attendance_count",  threshold: 1,  color: "#4CAF50", icon: "Sparkles", total_awarded: 342 },
+  { name: "Faithful Five",      category: "Attendance",   criteria: "Attend 5 services",             criteria_type: "attendance_count",  threshold: 5,  color: "#2196F3", icon: "Star",     total_awarded: 218 },
+  { name: "Decade of Devotion", category: "Attendance",   criteria: "Attend 10 services",            criteria_type: "attendance_count",  threshold: 10, color: "#FF9800", icon: "Crown",    total_awarded: 156 },
+  { name: "Volunteer Hero",     category: "Volunteering", criteria: "Volunteer 5 times",             criteria_type: "volunteer_hours",   threshold: 5,  color: "#E91E63", icon: "Heart",    total_awarded: 89  },
+  { name: "Easter Champion",    category: "Special",      criteria: "Attend Easter service",         criteria_type: "manual",            threshold: 1,  color: "#FFEB3B", icon: "Sun",      total_awarded: 278 },
+  { name: "New Member",         category: "Milestone",    criteria: "Complete membership class",     criteria_type: "manual",            threshold: 1,  color: "#607D8B", icon: "GraduationCap", total_awarded: 198 },
+  { name: "Community Builder",  category: "Milestone",    criteria: "Join a small group",            criteria_type: "manual",            threshold: 1,  color: "#3F51B5", icon: "Users",    total_awarded: 167 },
+  { name: "Gold Standard",      category: "Attendance",   criteria: "Attend 52 services in a year",  criteria_type: "attendance_count",  threshold: 52, color: "#FFC107", icon: "Trophy",   total_awarded: 8   },
+]
+
+badges = badge_data.map do |attrs|
+  org.badges.find_or_create_by!(name: attrs[:name]) do |b|
+    b.assign_attributes(attrs.merge(active: true))
+  end
+end
+
+# Award a few badges to the admin user so the dashboard isn't empty
+[badges[0], badges[1], badges[5]].each do |badge|
+  admin.badge_awards.find_or_create_by!(badge: badge) do |a|
+    a.earned_date = rand(60).days.ago.to_date
+  end
+end
+
+# Points ledger entries
+[
+  { date: 7.days.ago.to_date,  source: "Sunday Service Attendance",  transaction_type: "attendance",   points: 25 },
+  { date: 14.days.ago.to_date, source: "Wednesday Bible Study",       transaction_type: "attendance",   points: 15 },
+  { date: 21.days.ago.to_date, source: "Sunday Service Attendance",  transaction_type: "attendance",   points: 25 },
+  { date: 22.days.ago.to_date, source: "Volunteer: Greeting Team",   transaction_type: "volunteering", points: 50 },
+  { date: 28.days.ago.to_date, source: "Sunday Service Attendance",  transaction_type: "attendance",   points: 25 },
+  { date: 35.days.ago.to_date, source: "Special Event: Church Picnic", transaction_type: "special",    points: 100 },
+].each do |attrs|
+  admin.points_ledger_entries.find_or_create_by!(
+    date: attrs[:date], source: attrs[:source]
+  ) { |e| e.assign_attributes(attrs) }
+end
+
+# Merch items
+[
+  { name: "Church Hoodie",       description: "Cozy branded hoodie in navy blue. Available in S-XXL.", point_cost: 500, inventory_count: 24, status: "available" },
+  { name: "Coffee Mug",          description: "Ceramic mug with the Jubilee logo. 12oz capacity.",     point_cost: 150, inventory_count: 50, status: "available" },
+  { name: "Branded Tote Bag",    description: "Sturdy canvas tote bag with church branding.",           point_cost: 200, inventory_count: 35, status: "available" },
+  { name: "Kids Ministry T-Shirt", description: "Fun colorful t-shirt for kids ministry volunteers.",  point_cost: 175, inventory_count: 5,  status: "low_stock" },
+  { name: "Devotional Journal",  description: "Leather-bound journal with daily devotional prompts.",  point_cost: 125, inventory_count: 42, status: "available" },
+  { name: "Premium Parking Pass", description: "Reserved parking spot for 3 months.",                 point_cost: 300, inventory_count: 0,  status: "out_of_stock" },
+].each do |attrs|
+  org.merch_items.find_or_create_by!(name: attrs[:name]) { |i| i.assign_attributes(attrs) }
+end
+
+puts "Seeded org: #{org.name}"
+puts "Admin: #{admin.email}"
+puts "Badges: #{org.badges.count}"
+puts "Merch items: #{org.merch_items.count}"
+puts "Points entries: #{admin.points_ledger_entries.count}"

data/lib/churchcred/engine.rb

@@ -0,0 +1,16 @@
+require "rails/engine"
+
+module Churchcred
+  class Engine < ::Rails::Engine
+    isolate_namespace Churchcred
+
+    config.generators do |g|
+      g.test_framework :rspec
+    end
+
+    # Make engine models, controllers, jobs etc. available to host app
+    initializer "churchcred.assets" do |app|
+      app.config.assets.paths << root.join("app/assets") if app.config.respond_to?(:assets)
+    end
+  end
+end

data/lib/churchcred/version.rb

@@ -0,0 +1,3 @@
+module Churchcred
+  VERSION = "0.1.0"
+end

data/lib/churchcred.rb

@@ -0,0 +1,6 @@
+require "churchcred/engine"
+
+module Churchcred
+  # Host apps can override these configuration values
+  mattr_accessor :saas_mode, default: false
+end