Add dev/prod environment separation with collection prefixes

- Environment auto-detection (localhost=dev, deployed=prod)
- Dev collections prefixed with 'dev_' (e.g., dev_items, dev_purchases)
- Users collection shared between dev/prod (same auth roles)
- Visual 'DEVELOPMENT' banner in dev mode
- Updated Firestore rules for dev_* collections
- Fixed modal HTML: changed <p> to <div> for complex content
- Added ENVIRONMENT_SETUP.md documentation

Author: hiteshkrmsft

ENVIRONMENT_SETUP.md

@@ -0,0 +1,105 @@
+# Environment Separation Guide
+
+## Overview
+
+This app uses **collection prefixes** to separate development and production data within the **same Firebase project** (no extra project needed!):
+
+| Environment | Collection Names | Example |
+|-------------|------------------|---------|
+| `production` | `items`, `purchases`, etc. | Normal collections |
+| `development` | `dev_items`, `dev_purchases`, etc. | Prefixed collections |
+
+## How It Works
+
+### Automatic Detection
+
+The app automatically detects the environment:
+
+1. **URL Parameter** (highest priority): `?env=development`
+2. **localStorage**: `localStorage.setItem('appEnv', 'development')`
+3. **Hostname**: `localhost` → development, otherwise → production
+
+### Visual Indicator
+
+When running in development mode, you'll see an orange banner at the top of the screen showing "🔧 DEVELOPMENT".
+
+## Usage
+
+### For Development (testing locally)
+
+```bash
+# Just run locally - automatically uses dev_ prefix (localhost = development)
+npx serve www
+```
+
+All data will be stored in `dev_items`, `dev_purchases`, `dev_retailSales`, etc.
+
+### For Production (deployed app)
+
+The deployed app at `aadhat-management.web.app` automatically uses production (no prefix).
+
+### Force Development on Production URL (for testing)
+
+```bash
+# One-time: only affects this page load
+https://aadhat-management.web.app/?env=development
+
+# Persistent: set in browser console, persists across sessions
+localStorage.setItem('appEnv', 'development');
+```
+
+### Switch Environments Manually
+
+```javascript
+// In browser console:
+
+// Switch to development
+localStorage.setItem('appEnv', 'development');
+location.reload();
+
+// Switch to production  
+localStorage.setItem('appEnv', 'production');
+location.reload();
+
+// Clear override (use automatic detection)
+localStorage.removeItem('appEnv');
+location.reload();
+
+// Check current environment
+console.log(window.APP_ENV);  // 'development' or 'production'
+console.log(window.COLLECTION_PREFIX);  // 'dev_' or ''
+```
+
+## Benefits of This Approach
+
+✅ **No extra Firebase project needed** - Uses same project, different collections  
+✅ **Free** - No additional costs  
+✅ **Same auth** - Login works in both environments  
+✅ **Easy cleanup** - Just delete `dev_*` collections when done testing  
+✅ **Clear separation** - Production data is never touched during development  
+
+## Viewing Dev Data in Firebase Console
+
+In Firebase Console, you'll see both sets of collections:
+- `items` (production)
+- `dev_items` (development)
+- `purchases` (production)
+- `dev_purchases` (development)
+- etc.
+
+## Cleanup Dev Data
+
+To delete all development data, go to Firebase Console and delete all collections starting with `dev_`.
+
+Or use the app's "Clear All Data" feature while in development mode.
+
+## Quick Reference
+
+| Command | Effect |
+|---------|--------|
+| `?env=development` | Force dev environment |
+| `?env=production` | Force prod environment |
+| `localStorage.setItem('appEnv', 'development')` | Persist dev mode |
+| `window.APP_ENV` | Check current environment |
+| `window.COLLECTION_PREFIX` | Check current prefix (`dev_` or ``) |
+| `window.getCollection('items')` | Get prefixed collection name |

firestore.rules

@@ -108,5 +108,59 @@ service cloud.firestore {
       allow read: if isSignedIn() && isAdmin();
       allow update, delete: if false; // Never allow modification or deletion
     }
+    
+    // ============================================
+    // DEVELOPMENT ENVIRONMENT COLLECTIONS (dev_ prefix)
+    // Mirror all production rules for dev collections
+    // ============================================
+    
+    match /dev_purchases/{docId} {
+      allow read, write: if isSignedIn();
+    }
+    match /dev_retailSales/{docId} {
+      allow read, write: if isSignedIn();
+    }
+    match /dev_wholesaleSales/{docId} {
+      allow read, write: if isSignedIn();
+    }
+    match /dev_items/{docId} {
+      allow read, write: if isSignedIn();
+    }
+    match /dev_expenses/{docId} {
+      allow read, write: if isSignedIn();
+    }
+    match /dev_stockAdjustments/{docId} {
+      allow read, write: if isSignedIn();
+    }
+    match /dev_withdrawals/{docId} {
+      allow read, write: if isSignedIn();
+    }
+    match /dev_cashManagement/{docId} {
+      allow read, write: if isSignedIn();
+    }
+    match /dev_cashSessions/{docId} {
+      allow read, write: if isSignedIn();
+    }
+    match /dev_users/{docId} {
+      allow read, write: if isSignedIn();
+    }
+    match /dev_itemFrequency/{docId} {
+      allow read, write: if isSignedIn();
+    }
+    match /dev_notifications/{docId} {
+      allow read, write: if isSignedIn();
+    }
+    match /dev_autoSaves/{docId} {
+      allow read, write: if isSignedIn();
+    }
+    match /dev_drafts/{docId} {
+      allow read, write: if isSignedIn();
+    }
+    match /dev_auditLogs/{docId} {
+      allow read, write: if isSignedIn();
+    }
+    match /dev_settings/{docId} {
+      allow read, write: if isSignedIn();
+    }
   }
 }

www/css/charts.css

@@ -192,7 +192,7 @@ body:has(.tab.sale-theme.active) .modal-overlay .modal-header {
   flex: 1;
 }
 
-.modal-body p {
+#modalMessage {
   margin: 0;
   white-space: pre-line;
 }

www/firebaseConfig.js

@@ -6,6 +6,49 @@
 // 2. Setting up HTTP referrer restrictions
 // 3. Using Firebase App Check for additional security
 
+// =============================================================================
+// ENVIRONMENT CONFIGURATION
+// =============================================================================
+// Set to 'development' for local testing with dummy data
+// Set to 'production' for live app with real data
+// 
+// Option 1: Use URL parameter: ?env=development
+// Option 2: Use localStorage: localStorage.setItem('appEnv', 'development')
+// Option 3: Automatic: localhost = development, otherwise = production
+// =============================================================================
+
+// Check environment from multiple sources
+const getEnvironment = () => {
+  // 1. Check URL parameter (highest priority for quick testing)
+  const urlParams = new URLSearchParams(window.location.search);
+  if (urlParams.get('env')) return urlParams.get('env');
+  
+  // 2. Check localStorage (persists across sessions)
+  if (localStorage.getItem('appEnv')) return localStorage.getItem('appEnv');
+  
+  // 3. Check if running on localhost
+  if (window.location.hostname === 'localhost' || window.location.hostname === '127.0.0.1') {
+    return 'development';
+  }
+  
+  // 4. Default to production
+  return 'production';
+};
+
+const APP_ENV = getEnvironment();
+
+// Collection prefix based on environment
+// Production: 'items', 'purchases', etc.
+// Development: 'dev_items', 'dev_purchases', etc.
+const COLLECTION_PREFIX = APP_ENV === 'production' ? '' : 'dev_';
+
+// Collections that should NOT be prefixed (shared between dev and prod)
+// - users: Keep same user roles/permissions in dev
+const SHARED_COLLECTIONS = ['users'];
+
+console.log(`🔧 App Environment: ${APP_ENV} | Collection Prefix: "${COLLECTION_PREFIX}"`);
+
+// Single Firebase Config (same project for both environments)
 const firebaseConfig = {
   apiKey: "AIzaSyD0ib9JkKbqaNE2i_TZlXYJqEtXI_i2Fj8",
   authDomain: "aadhat-management.firebaseapp.com",
@@ -16,6 +59,43 @@ const firebaseConfig = {
   measurementId: "G-01155M3XPL"
 };
 
+// Expose environment globally
+window.APP_ENV = APP_ENV;
+window.COLLECTION_PREFIX = COLLECTION_PREFIX;
+
+// Helper function to get prefixed collection name
+// Some collections are shared (not prefixed) between dev and prod
+window.getCollection = (name) => {
+  if (SHARED_COLLECTIONS.includes(name)) {
+    return name; // No prefix for shared collections
+  }
+  return COLLECTION_PREFIX + name;
+};
+
+// Show environment indicator in UI (for development only)
+if (APP_ENV !== 'production') {
+  document.addEventListener('DOMContentLoaded', () => {
+    const indicator = document.createElement('div');
+    indicator.id = 'env-indicator';
+    indicator.innerHTML = `🔧 ${APP_ENV.toUpperCase()}`;
+    indicator.style.cssText = `
+      position: fixed;
+      top: 0;
+      left: 50%;
+      transform: translateX(-50%);
+      background: #ff6b35;
+      color: white;
+      padding: 2px 12px;
+      font-size: 10px;
+      font-weight: bold;
+      z-index: 99999;
+      border-radius: 0 0 4px 4px;
+      text-transform: uppercase;
+    `;
+    document.body.appendChild(indicator);
+  });
+}
+
 // Initialize Firebase
 let app;
 try {

www/js/auth/authentication.js

@@ -88,7 +88,7 @@ const AuthManager = {
             const userCredential = await firebase.auth().signInWithEmailAndPassword(email, password);
 
             const userId = userCredential.user.uid;
-            const userDoc = await firebase.firestore().collection('users').doc(userId).get();
+            const userDoc = await firebase.firestore().collection(window.getCollection ? window.getCollection('users') : 'users').doc(userId).get();
 
             if (!userDoc.exists) {
                 await firebase.auth().signOut();
@@ -191,7 +191,7 @@ const AuthManager = {
             const userCredential = await firebase.auth().createUserWithEmailAndPassword(email, password);
             const userId = userCredential.user.uid;
 
-            await firebase.firestore().collection('users').doc(userId).set({
+            await firebase.firestore().collection(window.getCollection ? window.getCollection('users') : 'users').doc(userId).set({
                 name: name,
                 email: email,
                 role: role,