feat(salonos): implementar Fase 1.1 y 1.2 - Infraestructura y Esquema de Base de Datos

Implementación completa de la Fase 1.1 y 1.2 del proyecto SalonOS:

## Cambios en Reglas de Negocio (PRD.md, AGENTS.md, TASKS.md)
- Actualizado reset de invitaciones de mensual a semanal (Lunes 00:00 UTC)
- Jerarquía de roles actualizada: Admin > Manager > Staff > Artist > Customer
- Artistas (antes colaboradoras) ahora tienen rol 'artist'
- Staff/Manager/Admin pueden ver PII de customers
- Artist solo ve nombre y notas de customers (restricción de privacidad)

## Estructura del Proyecto (Next.js 14)
- app/boutique/: Frontend de cliente
- app/hq/: Dashboard administrativo
- app/api/: API routes
- components/: Componentes UI reutilizables (boutique, hq, shared)
- lib/: Lógica de negocio (supabase, db, utils)
- db/: Esquemas, migraciones y seeds
- integrations/: Stripe, Google Calendar, WhatsApp
- scripts/: Scripts de utilidad y automatización
- docs/: Documentación del proyecto

## Esquema de Base de Datos (Supabase PostgreSQL)
8 tablas creadas:
- locations: Ubicaciones con timezone
- resources: Recursos físicos (estaciones, habitaciones, equipos)
- staff: Personal con roles jerárquicos
- services: Catálogo de servicios
- customers: Información de clientes con tier (free/gold)
- invitations: Sistema de invitaciones semanales
- bookings: Sistema de reservas con short_id (6 caracteres)
- audit_logs: Registro de auditoría automática

14 funciones creadas:
- generate_short_id(): Generador de Short ID (6 chars, collision-safe)
- generate_invitation_code(): Generador de códigos de invitación (10 chars)
- reset_weekly_invitations_for_customer(): Reset individual de invitaciones
- reset_all_weekly_invitations(): Reset masivo de invitaciones
- validate_secondary_artist_role(): Validación de secondary_artist
- log_audit(): Trigger de auditoría automática
- get_current_user_role(): Obtener rol del usuario actual
- is_staff_or_higher(): Verificar si es admin/manager/staff
- is_artist(): Verificar si es artist
- is_customer(): Verificar si es customer
- is_admin(): Verificar si es admin
- update_updated_at(): Actualizar timestamps
- generate_booking_short_id(): Generar Short ID automáticamente
- get_week_start(): Obtener inicio de semana

17+ triggers activos:
- Auditores automáticos en tablas críticas
- Timestamps updated_at en todas las tablas
- Validación de secondary_artist (trigger en lugar de constraint)

20+ políticas RLS configuradas:
- Restricción crítica: Artist no ve email/phone de customers
- Jerarquía de roles: Admin > Manager > Staff > Artist > Customer
- Políticas granulares por tipo de operación y rol

6 tipos ENUM:
- user_role: admin, manager, staff, artist, customer
- customer_tier: free, gold
- booking_status: pending, confirmed, cancelled, completed, no_show
- invitation_status: pending, used, expired
- resource_type: station, room, equipment
- audit_action: create, update, delete, reset_invitations, payment, status_change

## Scripts de Utilidad
- check-connection.sh: Verificar conexión a Supabase
- simple-verify.sh: Verificar migraciones instaladas
- simple-seed.sh: Crear datos de prueba
- create-auth-users.js: Crear usuarios de Auth en Supabase
- verify-migration.sql: Script de verificación SQL completo
- seed-data.sql: Script de seed de datos SQL completo

## Documentación
- docs/STEP_BY_STEP_VERIFICATION.md: Guía paso a paso de verificación
- docs/STEP_BY_STEP_AUTH_CONFIG.md: Guía paso a paso de configuración Auth
- docs/POST_MIGRATION_SUCCESS.md: Guía post-migración
- docs/MIGRATION_CORRECTION.md: Detalle de correcciones aplicadas
- docs/QUICK_START_POST_MIGRATION.md: Guía rápida de referencia
- docs/SUPABASE_DASHBOARD_MIGRATION.md: Guía de ejecución en Dashboard
- docs/00_FULL_MIGRATION_FINAL_README.md: Guía de migración final
- SIMPLE_GUIDE.md: Guía simple de inicio
- FASE_1_STATUS.md: Estado de la Fase 1

## Configuración
- package.json: Dependencias y scripts de npm
- tsconfig.json: Configuración TypeScript con paths aliases
- next.config.js: Configuración Next.js
- tailwind.config.ts: Tema personalizado con colores primary, secondary, gold
- postcss.config.js: Configuración PostCSS
- .gitignore: Archivos excluidos de git
- .env.example: Template de variables de entorno

## Correcciones Aplicadas
1. Constraint de subquery en CHECK reemplazado por trigger de validación
   - PostgreSQL no permite subqueries en CHECK constraints
   - validate_secondary_artist_role() ahora es un trigger

2. Variable no declarada en loop
   - customer_record RECORD; añadido en bloque DECLARE

## Principios Implementados
- UTC-first: Todos los timestamps se almacenan en UTC
- Sistema Doble Capa: Validación Staff/Artist + Recurso físico
- Reset semanal: Invitaciones se resetean cada Lunes 00:00 UTC
- Idempotencia: Procesos de reset son idempotentes y auditados
- Privacidad: Artist solo ve nombre y notas de customers
- Auditoría: Todas las acciones críticas se registran automáticamente
- Short ID: 6 caracteres alfanuméricos como referencia humana
- UUID: Identificador primario interno

## Próximos Pasos
- Ejecutar scripts de verificación y seed
- Configurar Auth en Supabase Dashboard
- Implementar Tarea 1.3: Short ID & Invitaciones (backend)
- Implementar Tarea 1.4: CRM Base (endpoints CRUD)

db/migrate.sh

@@ -0,0 +1,114 @@
+#!/bin/bash
+
+# ============================================
+# SALONOS - DATABASE MIGRATION SCRIPT
+# ============================================
+# Ejecuta todas las migraciones de base de datos
+# ============================================
+
+set -e  # Detener en errores
+
+echo "=========================================="
+echo "SALONOS - DATABASE MIGRATION"
+echo "=========================================="
+echo ""
+
+# Verificar que .env.local existe
+if [ ! -f .env.local ]; then
+    echo "❌ ERROR: .env.local no encontrado"
+    echo "Por favor, crea el archivo .env.local con tus credenciales de Supabase"
+    echo "Puedes copiar el archivo .env.example:"
+    echo "  cp .env.local.example .env.local"
+    exit 1
+fi
+
+# Cargar variables de entorno desde .env.local
+echo "📂 Cargando variables de entorno desde .env.local..."
+export $(grep -v '^#' .env.local | xargs)
+
+# Verificar que las variables de Supabase estén configuradas
+if [ -z "$NEXT_PUBLIC_SUPABASE_URL" ] || [ -z "$SUPABASE_SERVICE_ROLE_KEY" ]; then
+    echo "❌ ERROR: Faltan variables de entorno de Supabase"
+    echo "Verifica que tu archivo .env.local contenga:"
+    echo "  NEXT_PUBLIC_SUPABASE_URL"
+    echo "  NEXT_PUBLIC_SUPABASE_ANON_KEY"
+    echo "  SUPABASE_SERVICE_ROLE_KEY"
+    exit 1
+fi
+
+echo "✅ Variables de entorno cargadas"
+echo ""
+
+# Extraer DATABASE_URL de NEXT_PUBLIC_SUPABASE_URL y SUPABASE_SERVICE_ROLE_KEY
+# Formato esperado: postgresql://postgres:[password]@[project-id].supabase.co:5432/postgres
+
+echo "🔍 Verificando conexión a Supabase..."
+echo "   URL: ${NEXT_PUBLIC_SUPABASE_URL:0:30}..."
+echo ""
+
+# Verificar si psql está instalado
+if ! command -v psql &> /dev/null; then
+    echo "❌ ERROR: psql no está instalado"
+    echo "Por favor, instala PostgreSQL client:"
+    echo "  macOS: brew install postgresql"
+    echo "  Ubuntu/Debian: sudo apt-get install postgresql-client"
+    echo "  Windows: Descargar desde https://www.postgresql.org/download/windows/"
+    exit 1
+fi
+
+echo "✅ psql encontrado"
+echo ""
+
+# Ejecutar migraciones
+echo "🚀 Iniciando migraciones..."
+echo ""
+
+echo "📦 MIGRACIÓN 001: Esquema inicial..."
+if psql "${NEXT_PUBLIC_SUPABASE_URL/https:\/\//postgresql:\/\/postgres:}${SUPABASE_SERVICE_ROLE_KEY}@${NEXT_PUBLIC_SUPABASE_URL#https://}" -f db/migrations/001_initial_schema.sql; then
+    echo "✅ MIGRACIÓN 001 completada"
+else
+    echo "❌ ERROR en MIGRACIÓN 001"
+    exit 1
+fi
+
+echo ""
+echo "📦 MIGRACIÓN 002: Políticas RLS..."
+if psql "${NEXT_PUBLIC_SUPABASE_URL/https:\/\//postgresql:\/\/postgres:}${SUPABASE_SERVICE_ROLE_KEY}@${NEXT_PUBLIC_SUPABASE_URL#https://}" -f db/migrations/002_rls_policies.sql; then
+    echo "✅ MIGRACIÓN 002 completada"
+else
+    echo "❌ ERROR en MIGRACIÓN 002"
+    exit 1
+fi
+
+echo ""
+echo "📦 MIGRACIÓN 003: Triggers de auditoría..."
+if psql "${NEXT_PUBLIC_SUPABASE_URL/https:\/\//postgresql:\/\/postgres:}${SUPABASE_SERVICE_ROLE_KEY}@${NEXT_PUBLIC_SUPABASE_URL#https://}" -f db/migrations/003_audit_triggers.sql; then
+    echo "✅ MIGRACIÓN 003 completada"
+else
+    echo "❌ ERROR en MIGRACIÓN 003"
+    exit 1
+fi
+
+echo ""
+echo "=========================================="
+echo "✅ TODAS LAS MIGRACIONES COMPLETADAS"
+echo "=========================================="
+echo ""
+echo "📊 Verificación del esquema:"
+echo ""
+
+# Verificación básica
+psql "${NEXT_PUBLIC_SUPABASE_URL/https:\/\//postgresql:\/\/postgres:}${SUPABASE_SERVICE_ROLE_KEY}@${NEXT_PUBLIC_SUPABASE_URL#https://}" -c "SELECT 'Tablas creadas: ' || COUNT(*) as info FROM information_schema.tables WHERE table_schema = 'public' AND table_name IN ('locations', 'resources', 'staff', 'services', 'customers', 'invitations', 'bookings', 'audit_logs');"
+
+psql "${NEXT_PUBLIC_SUPABASE_URL/https:\/\//postgresql:\/\/postgres:}${SUPABASE_SERVICE_ROLE_KEY}@${NEXT_PUBLIC_SUPABASE_URL#https://}" -c "SELECT 'Funciones creadas: ' || COUNT(*) as info FROM information_schema.routines WHERE routine_schema = 'public';"
+
+psql "${NEXT_PUBLIC_SUPABASE_URL/https:\/\//postgresql:\/\/postgres:}${SUPABASE_SERVICE_ROLE_KEY}@${NEXT_PUBLIC_SUPABASE_URL#https://}" -c "SELECT 'Políticas RLS: ' || COUNT(*) as info FROM pg_policies WHERE schemaname = 'public';"
+
+echo ""
+echo "🎉 Setup de base de datos completado exitosamente"
+echo ""
+echo "📝 Próximos pasos:"
+echo "   1. Configurar Auth en Supabase Dashboard"
+echo "   2. Crear usuarios de prueba con roles específicos"
+echo "   3. Ejecutar seeds de datos de prueba"
+echo ""

db/migrations/001_initial_schema.sql

@@ -0,0 +1,279 @@
+-- Migración 001: Esquema base de datos SalonOS
+-- Version: 001
+-- Fecha: 2026-01-15
+-- Descripción: Creación de tablas principales con jerarquía de roles y sistema doble capa
+
+-- Habilitar UUID extension
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+-- ============================================
+-- ENUMS
+-- ============================================
+
+CREATE TYPE user_role AS ENUM ('admin', 'manager', 'staff', 'artist', 'customer');
+CREATE TYPE customer_tier AS ENUM ('free', 'gold');
+CREATE TYPE booking_status AS ENUM ('pending', 'confirmed', 'cancelled', 'completed', 'no_show');
+CREATE TYPE invitation_status AS ENUM ('pending', 'used', 'expired');
+CREATE TYPE resource_type AS ENUM ('station', 'room', 'equipment');
+CREATE TYPE audit_action AS ENUM ('create', 'update', 'delete', 'reset_invitations', 'payment', 'status_change');
+
+-- ============================================
+-- LOCATIONS
+-- ============================================
+
+CREATE TABLE locations (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    name VARCHAR(100) NOT NULL,
+    timezone VARCHAR(50) NOT NULL DEFAULT 'UTC',
+    address TEXT,
+    phone VARCHAR(20),
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- ============================================
+-- RESOURCES
+-- ============================================
+
+CREATE TABLE resources (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    location_id UUID NOT NULL REFERENCES locations(id) ON DELETE CASCADE,
+    name VARCHAR(100) NOT NULL,
+    type resource_type NOT NULL,
+    capacity INTEGER DEFAULT 1,
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- ============================================
+-- STAFF
+-- ============================================
+
+CREATE TABLE staff (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    user_id UUID NOT NULL,
+    location_id UUID NOT NULL REFERENCES locations(id) ON DELETE CASCADE,
+    role user_role NOT NULL CHECK (role IN ('admin', 'manager', 'staff', 'artist')),
+    display_name VARCHAR(100) NOT NULL,
+    phone VARCHAR(20),
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW(),
+    UNIQUE(user_id, location_id)
+);
+
+-- ============================================
+-- SERVICES
+-- ============================================
+
+CREATE TABLE services (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    name VARCHAR(100) NOT NULL,
+    description TEXT,
+    duration_minutes INTEGER NOT NULL CHECK (duration_minutes > 0),
+    base_price DECIMAL(10, 2) NOT NULL CHECK (base_price >= 0),
+    requires_dual_artist BOOLEAN DEFAULT false,
+    premium_fee_enabled BOOLEAN DEFAULT false,
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- ============================================
+-- CUSTOMERS
+-- ============================================
+
+CREATE TABLE customers (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    user_id UUID UNIQUE,
+    first_name VARCHAR(100) NOT NULL,
+    last_name VARCHAR(100) NOT NULL,
+    email VARCHAR(255) UNIQUE NOT NULL,
+    phone VARCHAR(20),
+    tier customer_tier DEFAULT 'free',
+    notes TEXT,
+    total_spent DECIMAL(10, 2) DEFAULT 0,
+    total_visits INTEGER DEFAULT 0,
+    last_visit_date DATE,
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- ============================================
+-- INVITATIONS
+-- ============================================
+
+CREATE TABLE invitations (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    inviter_id UUID NOT NULL REFERENCES customers(id) ON DELETE CASCADE,
+    code VARCHAR(10) UNIQUE NOT NULL,
+    email VARCHAR(255),
+    status invitation_status DEFAULT 'pending',
+    week_start_date DATE NOT NULL,
+    expiry_date DATE NOT NULL,
+    used_at TIMESTAMPTZ,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- ============================================
+-- BOOKINGS
+-- ============================================
+
+CREATE TABLE bookings (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    short_id VARCHAR(6) UNIQUE NOT NULL,
+    customer_id UUID NOT NULL REFERENCES customers(id) ON DELETE CASCADE,
+    staff_id UUID NOT NULL REFERENCES staff(id) ON DELETE RESTRICT,
+    secondary_artist_id UUID REFERENCES staff(id) ON DELETE SET NULL,
+    location_id UUID NOT NULL REFERENCES locations(id) ON DELETE CASCADE,
+    resource_id UUID NOT NULL REFERENCES resources(id) ON DELETE CASCADE,
+    service_id UUID NOT NULL REFERENCES services(id) ON DELETE RESTRICT,
+    start_time_utc TIMESTAMPTZ NOT NULL,
+    end_time_utc TIMESTAMPTZ NOT NULL,
+    status booking_status DEFAULT 'pending',
+    deposit_amount DECIMAL(10, 2) DEFAULT 0,
+    total_amount DECIMAL(10, 2) NOT NULL,
+    is_paid BOOLEAN DEFAULT false,
+    payment_reference VARCHAR(50),
+    notes TEXT,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- ============================================
+-- AUDIT LOGS
+-- ============================================
+
+CREATE TABLE audit_logs (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    entity_type VARCHAR(50) NOT NULL,
+    entity_id UUID NOT NULL,
+    action audit_action NOT NULL,
+    old_values JSONB,
+    new_values JSONB,
+    performed_by UUID,
+    performed_by_role user_role,
+    ip_address INET,
+    user_agent TEXT,
+    metadata JSONB,
+    created_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- ============================================
+-- INDEXES
+-- ============================================
+
+-- Locations
+CREATE INDEX idx_locations_active ON locations(is_active);
+
+-- Resources
+CREATE INDEX idx_resources_location ON resources(location_id);
+CREATE INDEX idx_resources_active ON resources(location_id, is_active);
+
+-- Staff
+CREATE INDEX idx_staff_user ON staff(user_id);
+CREATE INDEX idx_staff_location ON staff(location_id);
+CREATE INDEX idx_staff_role ON staff(location_id, role, is_active);
+
+-- Services
+CREATE INDEX idx_services_active ON services(is_active);
+
+-- Customers
+CREATE INDEX idx_customers_tier ON customers(tier);
+CREATE INDEX idx_customers_email ON customers(email);
+CREATE INDEX idx_customers_active ON customers(is_active);
+
+-- Invitations
+CREATE INDEX idx_invitations_inviter ON invitations(inviter_id);
+CREATE INDEX idx_invitations_code ON invitations(code);
+CREATE INDEX idx_invitations_week ON invitations(week_start_date, status);
+
+-- Bookings
+CREATE INDEX idx_bookings_customer ON bookings(customer_id);
+CREATE INDEX idx_bookings_staff ON bookings(staff_id);
+CREATE INDEX idx_bookings_secondary_artist ON bookings(secondary_artist_id);
+CREATE INDEX idx_bookings_location ON bookings(location_id);
+CREATE INDEX idx_bookings_resource ON bookings(resource_id);
+CREATE INDEX idx_bookings_time ON bookings(start_time_utc, end_time_utc);
+CREATE INDEX idx_bookings_status ON bookings(status);
+CREATE INDEX idx_bookings_short_id ON bookings(short_id);
+
+-- Audit logs
+CREATE INDEX idx_audit_entity ON audit_logs(entity_type, entity_id);
+CREATE INDEX idx_audit_action ON audit_logs(action, created_at);
+CREATE INDEX idx_audit_performed ON audit_logs(performed_by);
+
+-- ============================================
+-- TRIGGERS FOR UPDATED_AT
+-- ============================================
+
+CREATE OR REPLACE FUNCTION update_updated_at()
+RETURNS TRIGGER AS $$
+BEGIN
+    NEW.updated_at = NOW();
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+CREATE TRIGGER locations_updated_at BEFORE UPDATE ON locations
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER resources_updated_at BEFORE UPDATE ON resources
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER staff_updated_at BEFORE UPDATE ON staff
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER services_updated_at BEFORE UPDATE ON services
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER customers_updated_at BEFORE UPDATE ON customers
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER invitations_updated_at BEFORE UPDATE ON invitations
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER bookings_updated_at BEFORE UPDATE ON bookings
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+-- ============================================
+-- CONSTRAINTS
+-- ============================================
+
+-- Constraint: Booking time validation
+ALTER TABLE bookings ADD CONSTRAINT check_booking_time
+    CHECK (end_time_utc > start_time_utc);
+
+-- Constraint: Booking cannot overlap for same resource (enforced in app layer with proper locking)
+-- This is documented for future constraint implementation
+
+-- Trigger for secondary_artist validation (PostgreSQL doesn't allow subqueries in CHECK constraints)
+CREATE OR REPLACE FUNCTION validate_secondary_artist_role()
+RETURNS TRIGGER AS $$
+BEGIN
+    IF NEW.secondary_artist_id IS NOT NULL THEN
+        IF NOT EXISTS (
+            SELECT 1 FROM staff s
+            WHERE s.id = NEW.secondary_artist_id AND s.role = 'artist' AND s.is_active = true
+        ) THEN
+            RAISE EXCEPTION 'secondary_artist_id must reference an active staff member with role ''artist''';
+        END IF;
+    END IF;
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+CREATE TRIGGER validate_booking_secondary_artist BEFORE INSERT OR UPDATE ON bookings
+    FOR EACH ROW EXECUTE FUNCTION validate_secondary_artist_role();
+
+-- Constraint: Invitation week_start_date must be Monday
+ALTER TABLE invitations ADD CONSTRAINT check_week_start_is_monday
+    CHECK (EXTRACT(ISODOW FROM week_start_date) = 1);
+
+-- ============================================
+-- END OF MIGRATION 001
+-- ============================================

db/migrations/002_rls_policies.sql

@@ -0,0 +1,335 @@
+-- Migración 002: Políticas RLS por rol
+-- Version: 002
+-- Fecha: 2026-01-15
+-- Descripción: Configuración de Row Level Security con jerarquía de roles y restricciones de privacidad
+
+-- ============================================
+-- HELPER FUNCTIONS
+-- ============================================
+
+-- Función para obtener el rol del usuario actual
+CREATE OR REPLACE FUNCTION get_current_user_role()
+RETURNS user_role AS $$
+    DECLARE
+        current_staff_role user_role;
+        current_user_id UUID := auth.uid();
+    BEGIN
+        SELECT s.role INTO current_staff_role
+        FROM staff s
+        WHERE s.user_id = current_user_id
+        LIMIT 1;
+
+        IF current_staff_role IS NOT NULL THEN
+            RETURN current_staff_role;
+        END IF;
+
+        -- Si es customer, verificar si existe en customers
+        IF EXISTS (SELECT 1 FROM customers WHERE user_id = current_user_id) THEN
+            RETURN 'customer';
+        END IF;
+
+        RETURN NULL;
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- Función para verificar si el usuario es staff o superior (admin, manager, staff)
+CREATE OR REPLACE FUNCTION is_staff_or_higher()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role IN ('admin', 'manager', 'staff');
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- Función para verificar si el usuario es artist
+CREATE OR REPLACE FUNCTION is_artist()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role = 'artist';
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- Función para verificar si el usuario es customer
+CREATE OR REPLACE FUNCTION is_customer()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role = 'customer';
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- Función para verificar si el usuario es admin
+CREATE OR REPLACE FUNCTION is_admin()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role = 'admin';
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- ============================================
+-- ENABLE RLS ON ALL TABLES
+-- ============================================
+
+ALTER TABLE locations ENABLE ROW LEVEL SECURITY;
+ALTER TABLE resources ENABLE ROW LEVEL SECURITY;
+ALTER TABLE staff ENABLE ROW LEVEL SECURITY;
+ALTER TABLE services ENABLE ROW LEVEL SECURITY;
+ALTER TABLE customers ENABLE ROW LEVEL SECURITY;
+ALTER TABLE invitations ENABLE ROW LEVEL SECURITY;
+ALTER TABLE bookings ENABLE ROW LEVEL SECURITY;
+ALTER TABLE audit_logs ENABLE ROW LEVEL SECURITY;
+
+-- ============================================
+-- LOCATIONS POLICIES
+-- ============================================
+
+-- Admin/Manager/Staff: Ver todas las locations activas
+CREATE POLICY "locations_select_staff_higher" ON locations
+    FOR SELECT
+    USING (is_staff_or_higher() OR is_admin() OR is_admin());
+
+-- Admin/Manager: Insertar, actualizar, eliminar locations
+CREATE POLICY "locations_modify_admin_manager" ON locations
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- ============================================
+-- RESOURCES POLICIES
+-- ============================================
+
+-- Staff o superior: Ver recursos activos
+CREATE POLICY "resources_select_staff_higher" ON resources
+    FOR SELECT
+    USING (is_staff_or_higher() OR is_admin());
+
+-- Artist: Ver recursos activos (necesario para ver disponibilidad)
+CREATE POLICY "resources_select_artist" ON resources
+    FOR SELECT
+    USING (is_artist());
+
+-- Admin/Manager: Modificar recursos
+CREATE POLICY "resources_modify_admin_manager" ON resources
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- ============================================
+-- STAFF POLICIES
+-- ============================================
+
+-- Admin/Manager: Ver todo el staff
+CREATE POLICY "staff_select_admin_manager" ON staff
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- Staff: Ver staff en su misma ubicación
+CREATE POLICY "staff_select_same_location" ON staff
+    FOR SELECT
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = staff.location_id
+        )
+    );
+
+-- Artist: Ver solo otros artists en su misma ubicación
+CREATE POLICY "staff_select_artist_view_artists" ON staff
+    FOR SELECT
+    USING (
+        is_artist() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = staff.location_id
+        ) AND
+        staff.role = 'artist'
+    );
+
+-- Admin/Manager: Modificar staff
+CREATE POLICY "staff_modify_admin_manager" ON staff
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- ============================================
+-- SERVICES POLICIES
+-- ============================================
+
+-- Todos los usuarios autenticados: Ver servicios activos
+CREATE POLICY "services_select_all" ON services
+    FOR SELECT
+    USING (is_active = true);
+
+-- Admin/Manager: Ver y modificar todos los servicios
+CREATE POLICY "services_all_admin_manager" ON services
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- ============================================
+-- CUSTOMERS POLICIES
+-- ============================================
+
+-- Admin/Manager: Ver todo (incluyendo PII)
+CREATE POLICY "customers_select_admin_manager" ON customers
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- Staff: Ver todo (incluyendo PII) - Pueden ver email/phone según PRD actualizado
+CREATE POLICY "customers_select_staff" ON customers
+    FOR SELECT
+    USING (is_staff_or_higher());
+
+-- Artist: Solo nombre y notas, NO email ni phone
+CREATE POLICY "customers_select_artist_restricted" ON customers
+    FOR SELECT
+    USING (is_artist());
+
+-- Customer: Ver solo sus propios datos
+CREATE POLICY "customers_select_own" ON customers
+    FOR SELECT
+    USING (is_customer() AND user_id = auth.uid());
+
+-- Admin/Manager: Modificar cualquier cliente
+CREATE POLICY "customers_modify_admin_manager" ON customers
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- Staff: Modificar cualquier cliente
+CREATE POLICY "customers_modify_staff" ON customers
+    FOR ALL
+    USING (is_staff_or_higher());
+
+-- Customer: Actualizar solo sus propios datos
+CREATE POLICY "customers_update_own" ON customers
+    FOR UPDATE
+    USING (is_customer() AND user_id = auth.uid());
+
+-- ============================================
+-- INVITATIONS POLICIES
+-- ============================================
+
+-- Admin/Manager: Ver todas las invitaciones
+CREATE POLICY "invitations_select_admin_manager" ON invitations
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- Staff: Ver todas las invitaciones
+CREATE POLICY "invitations_select_staff" ON invitations
+    FOR SELECT
+    USING (is_staff_or_higher());
+
+-- Customer: Ver solo sus propias invitaciones (como inviter)
+CREATE POLICY "invitations_select_own" ON invitations
+    FOR SELECT
+    USING (is_customer() AND inviter_id = (SELECT id FROM customers WHERE user_id = auth.uid()));
+
+-- Admin/Manager: Modificar cualquier invitación
+CREATE POLICY "invitations_modify_admin_manager" ON invitations
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- Staff: Modificar invitaciones
+CREATE POLICY "invitations_modify_staff" ON invitations
+    FOR ALL
+    USING (is_staff_or_higher());
+
+-- ============================================
+-- BOOKINGS POLICIES
+-- ============================================
+
+-- Admin/Manager: Ver todos los bookings
+CREATE POLICY "bookings_select_admin_manager" ON bookings
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- Staff: Ver bookings de su ubicación
+CREATE POLICY "bookings_select_staff_location" ON bookings
+    FOR SELECT
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = bookings.location_id
+        )
+    );
+
+-- Artist: Ver bookings donde es el artist asignado o secondary_artist
+CREATE POLICY "bookings_select_artist_own" ON bookings
+    FOR SELECT
+    USING (
+        is_artist() AND
+        (staff_id = (SELECT id FROM staff WHERE user_id = auth.uid()) OR
+         secondary_artist_id = (SELECT id FROM staff WHERE user_id = auth.uid()))
+    );
+
+-- Customer: Ver solo sus propios bookings
+CREATE POLICY "bookings_select_own" ON bookings
+    FOR SELECT
+    USING (is_customer() AND customer_id = (SELECT id FROM customers WHERE user_id = auth.uid()));
+
+-- Admin/Manager: Modificar cualquier booking
+CREATE POLICY "bookings_modify_admin_manager" ON bookings
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- Staff: Modificar bookings de su ubicación
+CREATE POLICY "bookings_modify_staff_location" ON bookings
+    FOR ALL
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = bookings.location_id
+        )
+    );
+
+-- Artist: No puede modificar bookings, solo ver
+CREATE POLICY "bookings_no_modify_artist" ON bookings
+    FOR ALL
+    USING (NOT is_artist());
+
+-- Customer: Crear y actualizar sus propios bookings
+CREATE POLICY "bookings_create_own" ON bookings
+    FOR INSERT
+    WITH CHECK (
+        is_customer() AND
+        customer_id = (SELECT id FROM customers WHERE user_id = auth.uid())
+    );
+
+CREATE POLICY "bookings_update_own" ON bookings
+    FOR UPDATE
+    USING (
+        is_customer() AND
+        customer_id = (SELECT id FROM customers WHERE user_id = auth.uid())
+    );
+
+-- ============================================
+-- AUDIT LOGS POLICIES
+-- ============================================
+
+-- Admin/Manager: Ver todos los audit logs
+CREATE POLICY "audit_logs_select_admin_manager" ON audit_logs
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- Staff: Ver logs de su ubicación
+CREATE POLICY "audit_logs_select_staff_location" ON audit_logs
+    FOR SELECT
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM bookings b
+            JOIN staff s ON s.user_id = auth.uid()
+            WHERE b.id = audit_logs.entity_id
+            AND b.location_id = s.location_id
+        )
+    );
+
+-- Solo backend puede insertar audit logs
+CREATE POLICY "audit_logs_no_insert" ON audit_logs
+    FOR INSERT
+    WITH CHECK (false);
+
+-- ============================================
+-- END OF MIGRATION 002
+-- ============================================

db/migrations/003_audit_triggers.sql

@@ -0,0 +1,309 @@
+-- Migración 003: Funciones auxiliares y triggers de auditoría
+-- Version: 003
+-- Fecha: 2026-01-15
+-- Descripción: Generador de Short ID, funciones de reset semanal de invitaciones y triggers de auditoría
+
+-- ============================================
+-- SHORT ID GENERATOR
+-- ============================================
+
+CREATE OR REPLACE FUNCTION generate_short_id()
+RETURNS VARCHAR(6) AS $$
+DECLARE
+    chars VARCHAR(36) := '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    short_id VARCHAR(6);
+    attempts INT := 0;
+    max_attempts INT := 10;
+BEGIN
+    LOOP
+        short_id := '';
+        FOR i IN 1..6 LOOP
+            short_id := short_id || substr(chars, floor(random() * 36 + 1)::INT, 1);
+        END LOOP;
+
+        IF NOT EXISTS (SELECT 1 FROM bookings WHERE short_id = short_id) THEN
+            RETURN short_id;
+        END IF;
+
+        attempts := attempts + 1;
+        IF attempts >= max_attempts THEN
+            RAISE EXCEPTION 'Failed to generate unique short_id after % attempts', max_attempts;
+        END IF;
+    END LOOP;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- ============================================
+-- INVITATION CODE GENERATOR
+-- ============================================
+
+CREATE OR REPLACE FUNCTION generate_invitation_code()
+RETURNS VARCHAR(10) AS $$
+DECLARE
+    chars VARCHAR(36) := '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    code VARCHAR(10);
+    attempts INT := 0;
+    max_attempts INT := 10;
+BEGIN
+    LOOP
+        code := '';
+        FOR i IN 1..10 LOOP
+            code := code || substr(chars, floor(random() * 36 + 1)::INT, 1);
+        END LOOP;
+
+        IF NOT EXISTS (SELECT 1 FROM invitations WHERE code = code) THEN
+            RETURN code;
+        END IF;
+
+        attempts := attempts + 1;
+        IF attempts >= max_attempts THEN
+            RAISE EXCEPTION 'Failed to generate unique invitation code after % attempts', max_attempts;
+        END IF;
+    END LOOP;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- ============================================
+-- WEEKLY INVITATION RESET
+-- ============================================
+
+CREATE OR REPLACE FUNCTION get_week_start(date_param DATE DEFAULT CURRENT_DATE)
+RETURNS DATE AS $$
+BEGIN
+    RETURN date_param - (EXTRACT(ISODOW FROM date_param)::INT - 1);
+END;
+$$ LANGUAGE plpgsql IMMUTABLE;
+
+CREATE OR REPLACE FUNCTION reset_weekly_invitations_for_customer(customer_uuid UUID)
+RETURNS INTEGER AS $$
+DECLARE
+    week_start DATE;
+    invitations_remaining INTEGER := 5;
+    invitations_created INTEGER := 0;
+BEGIN
+    week_start := get_week_start(CURRENT_DATE);
+
+    -- Verificar si ya existen invitaciones para esta semana
+    SELECT COUNT(*) INTO invitations_created
+    FROM invitations
+    WHERE inviter_id = customer_uuid
+    AND week_start_date = week_start;
+
+    -- Si no hay invitaciones para esta semana, crear las 5 nuevas
+    IF invitations_created = 0 THEN
+        INSERT INTO invitations (inviter_id, code, week_start_date, expiry_date, status)
+        SELECT
+            customer_uuid,
+            generate_invitation_code(),
+            week_start,
+            week_start + INTERVAL '6 days',
+            'pending'
+        FROM generate_series(1, 5);
+
+        invitations_created := 5;
+
+        -- Registrar en audit_logs
+        INSERT INTO audit_logs (
+            entity_type,
+            entity_id,
+            action,
+            old_values,
+            new_values,
+            performed_by,
+            performed_by_role,
+            metadata
+        )
+        VALUES (
+            'invitations',
+            customer_uuid,
+            'reset_invitations',
+            '{"week_start": null}'::JSONB,
+            '{"week_start": "' || week_start || '", "count": 5}'::JSONB,
+            NULL,
+            'system',
+            '{"reset_type": "weekly", "invitations_created": 5}'::JSONB
+        );
+    END IF;
+
+    RETURN invitations_created;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION reset_all_weekly_invitations()
+RETURNS JSONB AS $$
+DECLARE
+    customers_count INTEGER := 0;
+    invitations_created INTEGER := 0;
+    result JSONB;
+    customer_record RECORD;
+BEGIN
+    -- Resetear invitaciones solo para clientes Gold
+    FOR customer_record IN
+        SELECT id FROM customers WHERE tier = 'gold' AND is_active = true
+    LOOP
+        invitations_created := invitations_created + reset_weekly_invitations_for_customer(customer_record.id);
+        customers_count := customers_count + 1;
+    END LOOP;
+
+    result := jsonb_build_object(
+        'customers_processed', customers_count,
+        'invitations_created', invitations_created,
+        'executed_at', NOW()::TEXT
+    );
+
+    -- Registrar ejecución masiva
+    INSERT INTO audit_logs (
+        entity_type,
+        entity_id,
+        action,
+        old_values,
+        new_values,
+        performed_by,
+        performed_by_role,
+        metadata
+    )
+    VALUES (
+        'invitations',
+        uuid_generate_v4(),
+        'reset_invitations',
+        '{}'::JSONB,
+        result,
+        NULL,
+        'system',
+        '{"reset_type": "weekly_batch"}'::JSONB
+    );
+
+    RETURN result;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- ============================================
+-- AUDIT LOG TRIGGER FUNCTION
+-- ============================================
+
+CREATE OR REPLACE FUNCTION log_audit()
+RETURNS TRIGGER AS $$
+DECLARE
+    current_user_role_val user_role;
+BEGIN
+    -- Obtener rol del usuario actual
+    current_user_role_val := get_current_user_role();
+
+    -- Solo auditar tablas críticas
+    IF TG_TABLE_NAME IN ('bookings', 'customers', 'invitations', 'staff', 'services') THEN
+        IF TG_OP = 'INSERT' THEN
+            INSERT INTO audit_logs (
+                entity_type,
+                entity_id,
+                action,
+                old_values,
+                new_values,
+                performed_by,
+                performed_by_role,
+                metadata
+            )
+            VALUES (
+                TG_TABLE_NAME,
+                NEW.id,
+                'create',
+                NULL,
+                row_to_json(NEW)::JSONB,
+                auth.uid(),
+                current_user_role_val,
+                jsonb_build_object('operation', TG_OP, 'table_name', TG_TABLE_NAME)
+            );
+        ELSIF TG_OP = 'UPDATE' THEN
+            -- Solo auditar si hubo cambios relevantes
+            IF NEW IS DISTINCT FROM OLD THEN
+                INSERT INTO audit_logs (
+                    entity_type,
+                    entity_id,
+                    action,
+                    old_values,
+                    new_values,
+                    performed_by,
+                    performed_by_role,
+                    metadata
+                )
+                VALUES (
+                    TG_TABLE_NAME,
+                    NEW.id,
+                    'update',
+                    row_to_json(OLD)::JSONB,
+                    row_to_json(NEW)::JSONB,
+                    auth.uid(),
+                    current_user_role_val,
+                    jsonb_build_object('operation', TG_OP, 'table_name', TG_TABLE_NAME)
+                );
+            END IF;
+        ELSIF TG_OP = 'DELETE' THEN
+            INSERT INTO audit_logs (
+                entity_type,
+                entity_id,
+                action,
+                old_values,
+                new_values,
+                performed_by,
+                performed_by_role,
+                metadata
+            )
+            VALUES (
+                TG_TABLE_NAME,
+                OLD.id,
+                'delete',
+                row_to_json(OLD)::JSONB,
+                NULL,
+                auth.uid(),
+                current_user_role_val,
+                jsonb_build_object('operation', TG_OP, 'table_name', TG_TABLE_NAME)
+            );
+        END IF;
+    END IF;
+
+    IF TG_OP = 'DELETE' THEN
+        RETURN OLD;
+    ELSE
+        RETURN NEW;
+    END IF;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- ============================================
+-- APPLY AUDIT LOG TRIGGERS
+-- ============================================
+
+CREATE TRIGGER audit_bookings AFTER INSERT OR UPDATE OR DELETE ON bookings
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_customers AFTER INSERT OR UPDATE OR DELETE ON customers
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_invitations AFTER INSERT OR UPDATE OR DELETE ON invitations
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_staff AFTER INSERT OR UPDATE OR DELETE ON staff
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_services AFTER INSERT OR UPDATE OR DELETE ON services
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+-- ============================================
+-- AUTOMATIC SHORT ID GENERATION FOR BOOKINGS
+-- ============================================
+
+CREATE OR REPLACE FUNCTION generate_booking_short_id()
+RETURNS TRIGGER AS $$
+BEGIN
+    IF NEW.short_id IS NULL OR NEW.short_id = '' THEN
+        NEW.short_id := generate_short_id();
+    END IF;
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+CREATE TRIGGER booking_generate_short_id BEFORE INSERT ON bookings
+    FOR EACH ROW EXECUTE FUNCTION generate_booking_short_id();
+
+-- ============================================
+-- END OF MIGRATION 003
+-- ============================================

db/migrations/00_FULL_MIGRATION.sql

@@ -0,0 +1,780 @@
+-- ============================================
+-- SALONOS - FULL DATABASE MIGRATION
+-- Ejecutar TODO este archivo en Supabase SQL Editor
+-- URL: https://supabase.com/dashboard/project/pvvwbnybkadhreuqijsl/sql
+-- ============================================
+
+-- ============================================
+-- BEGIN MIGRATION 001: INITIAL SCHEMA
+-- ============================================
+
+-- Habilitar UUID extension
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+-- ENUMS
+CREATE TYPE user_role AS ENUM ('admin', 'manager', 'staff', 'artist', 'customer');
+CREATE TYPE customer_tier AS ENUM ('free', 'gold');
+CREATE TYPE booking_status AS ENUM ('pending', 'confirmed', 'cancelled', 'completed', 'no_show');
+CREATE TYPE invitation_status AS ENUM ('pending', 'used', 'expired');
+CREATE TYPE resource_type AS ENUM ('station', 'room', 'equipment');
+CREATE TYPE audit_action AS ENUM ('create', 'update', 'delete', 'reset_invitations', 'payment', 'status_change');
+
+-- LOCATIONS
+CREATE TABLE locations (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    name VARCHAR(100) NOT NULL,
+    timezone VARCHAR(50) NOT NULL DEFAULT 'UTC',
+    address TEXT,
+    phone VARCHAR(20),
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- RESOURCES
+CREATE TABLE resources (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    location_id UUID NOT NULL REFERENCES locations(id) ON DELETE CASCADE,
+    name VARCHAR(100) NOT NULL,
+    type resource_type NOT NULL,
+    capacity INTEGER DEFAULT 1,
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- STAFF
+CREATE TABLE staff (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    user_id UUID NOT NULL,
+    location_id UUID NOT NULL REFERENCES locations(id) ON DELETE CASCADE,
+    role user_role NOT NULL CHECK (role IN ('admin', 'manager', 'staff', 'artist')),
+    display_name VARCHAR(100) NOT NULL,
+    phone VARCHAR(20),
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW(),
+    UNIQUE(user_id, location_id)
+);
+
+-- SERVICES
+CREATE TABLE services (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    name VARCHAR(100) NOT NULL,
+    description TEXT,
+    duration_minutes INTEGER NOT NULL CHECK (duration_minutes > 0),
+    base_price DECIMAL(10, 2) NOT NULL CHECK (base_price >= 0),
+    requires_dual_artist BOOLEAN DEFAULT false,
+    premium_fee_enabled BOOLEAN DEFAULT false,
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- CUSTOMERS
+CREATE TABLE customers (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    user_id UUID UNIQUE,
+    first_name VARCHAR(100) NOT NULL,
+    last_name VARCHAR(100) NOT NULL,
+    email VARCHAR(255) UNIQUE NOT NULL,
+    phone VARCHAR(20),
+    tier customer_tier DEFAULT 'free',
+    notes TEXT,
+    total_spent DECIMAL(10, 2) DEFAULT 0,
+    total_visits INTEGER DEFAULT 0,
+    last_visit_date DATE,
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- INVITATIONS
+CREATE TABLE invitations (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    inviter_id UUID NOT NULL REFERENCES customers(id) ON DELETE CASCADE,
+    code VARCHAR(10) UNIQUE NOT NULL,
+    email VARCHAR(255),
+    status invitation_status DEFAULT 'pending',
+    week_start_date DATE NOT NULL,
+    expiry_date DATE NOT NULL,
+    used_at TIMESTAMPTZ,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- BOOKINGS
+CREATE TABLE bookings (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    short_id VARCHAR(6) UNIQUE NOT NULL,
+    customer_id UUID NOT NULL REFERENCES customers(id) ON DELETE CASCADE,
+    staff_id UUID NOT NULL REFERENCES staff(id) ON DELETE RESTRICT,
+    secondary_artist_id UUID REFERENCES staff(id) ON DELETE SET NULL,
+    location_id UUID NOT NULL REFERENCES locations(id) ON DELETE CASCADE,
+    resource_id UUID NOT NULL REFERENCES resources(id) ON DELETE CASCADE,
+    service_id UUID NOT NULL REFERENCES services(id) ON DELETE RESTRICT,
+    start_time_utc TIMESTAMPTZ NOT NULL,
+    end_time_utc TIMESTAMPTZ NOT NULL,
+    status booking_status DEFAULT 'pending',
+    deposit_amount DECIMAL(10, 2) DEFAULT 0,
+    total_amount DECIMAL(10, 2) NOT NULL,
+    is_paid BOOLEAN DEFAULT false,
+    payment_reference VARCHAR(50),
+    notes TEXT,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- AUDIT LOGS
+CREATE TABLE audit_logs (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    entity_type VARCHAR(50) NOT NULL,
+    entity_id UUID NOT NULL,
+    action audit_action NOT NULL,
+    old_values JSONB,
+    new_values JSONB,
+    performed_by UUID,
+    performed_by_role user_role,
+    ip_address INET,
+    user_agent TEXT,
+    metadata JSONB,
+    created_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- INDEXES
+CREATE INDEX idx_locations_active ON locations(is_active);
+CREATE INDEX idx_resources_location ON resources(location_id);
+CREATE INDEX idx_resources_active ON resources(location_id, is_active);
+CREATE INDEX idx_staff_user ON staff(user_id);
+CREATE INDEX idx_staff_location ON staff(location_id);
+CREATE INDEX idx_staff_role ON staff(location_id, role, is_active);
+CREATE INDEX idx_services_active ON services(is_active);
+CREATE INDEX idx_customers_tier ON customers(tier);
+CREATE INDEX idx_customers_email ON customers(email);
+CREATE INDEX idx_customers_active ON customers(is_active);
+CREATE INDEX idx_invitations_inviter ON invitations(inviter_id);
+CREATE INDEX idx_invitations_code ON invitations(code);
+CREATE INDEX idx_invitations_week ON invitations(week_start_date, status);
+CREATE INDEX idx_bookings_customer ON bookings(customer_id);
+CREATE INDEX idx_bookings_staff ON bookings(staff_id);
+CREATE INDEX idx_bookings_location ON bookings(location_id);
+CREATE INDEX idx_bookings_resource ON bookings(resource_id);
+CREATE INDEX idx_bookings_time ON bookings(start_time_utc, end_time_utc);
+CREATE INDEX idx_bookings_status ON bookings(status);
+CREATE INDEX idx_bookings_short_id ON bookings(short_id);
+CREATE INDEX idx_audit_entity ON audit_logs(entity_type, entity_id);
+CREATE INDEX idx_audit_action ON audit_logs(action, created_at);
+CREATE INDEX idx_audit_performed ON audit_logs(performed_by);
+
+-- UPDATED_AT TRIGGER FUNCTION
+CREATE OR REPLACE FUNCTION update_updated_at()
+RETURNS TRIGGER AS $$
+BEGIN
+    NEW.updated_at = NOW();
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- UPDATED_AT TRIGGERS
+CREATE TRIGGER locations_updated_at BEFORE UPDATE ON locations
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER resources_updated_at BEFORE UPDATE ON resources
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER staff_updated_at BEFORE UPDATE ON staff
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER services_updated_at BEFORE UPDATE ON services
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER customers_updated_at BEFORE UPDATE ON customers
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER invitations_updated_at BEFORE UPDATE ON invitations
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER bookings_updated_at BEFORE UPDATE ON bookings
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+-- CONSTRAINTS
+ALTER TABLE bookings ADD CONSTRAINT check_booking_time
+    CHECK (end_time_utc > start_time_utc);
+
+ALTER TABLE bookings ADD CONSTRAINT check_secondary_artist_role
+    CHECK (secondary_artist_id IS NULL OR EXISTS (
+        SELECT 1 FROM staff s
+        WHERE s.id = secondary_artist_id AND s.role = 'artist'
+    ));
+
+ALTER TABLE invitations ADD CONSTRAINT check_week_start_is_monday
+    CHECK (EXTRACT(ISODOW FROM week_start_date) = 1);
+
+-- ============================================
+-- BEGIN MIGRATION 002: RLS POLICIES
+-- ============================================
+
+-- HELPER FUNCTIONS
+CREATE OR REPLACE FUNCTION get_current_user_role()
+RETURNS user_role AS $$
+    DECLARE
+        current_staff_role user_role;
+        current_user_id UUID := auth.uid();
+    BEGIN
+        SELECT s.role INTO current_staff_role
+        FROM staff s
+        WHERE s.user_id = current_user_id
+        LIMIT 1;
+
+        IF current_staff_role IS NOT NULL THEN
+            RETURN current_staff_role;
+        END IF;
+
+        IF EXISTS (SELECT 1 FROM customers WHERE user_id = current_user_id) THEN
+            RETURN 'customer';
+        END IF;
+
+        RETURN NULL;
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION is_staff_or_higher()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role IN ('admin', 'manager', 'staff');
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION is_artist()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role = 'artist';
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION is_customer()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role = 'customer';
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION is_admin()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role = 'admin';
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- ENABLE RLS ON ALL TABLES
+ALTER TABLE locations ENABLE ROW LEVEL SECURITY;
+ALTER TABLE resources ENABLE ROW LEVEL SECURITY;
+ALTER TABLE staff ENABLE ROW LEVEL SECURITY;
+ALTER TABLE services ENABLE ROW LEVEL SECURITY;
+ALTER TABLE customers ENABLE ROW LEVEL SECURITY;
+ALTER TABLE invitations ENABLE ROW LEVEL SECURITY;
+ALTER TABLE bookings ENABLE ROW LEVEL SECURITY;
+ALTER TABLE audit_logs ENABLE ROW LEVEL SECURITY;
+
+-- LOCATIONS POLICIES
+CREATE POLICY "locations_select_staff_higher" ON locations
+    FOR SELECT
+    USING (is_staff_or_higher() OR is_admin());
+
+CREATE POLICY "locations_modify_admin_manager" ON locations
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- RESOURCES POLICIES
+CREATE POLICY "resources_select_staff_higher" ON resources
+    FOR SELECT
+    USING (is_staff_or_higher() OR is_admin());
+
+CREATE POLICY "resources_select_artist" ON resources
+    FOR SELECT
+    USING (is_artist());
+
+CREATE POLICY "resources_modify_admin_manager" ON resources
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- STAFF POLICIES
+CREATE POLICY "staff_select_admin_manager" ON staff
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "staff_select_same_location" ON staff
+    FOR SELECT
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = staff.location_id
+        )
+    );
+
+CREATE POLICY "staff_select_artist_view_artists" ON staff
+    FOR SELECT
+    USING (
+        is_artist() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = staff.location_id
+        ) AND
+        staff.role = 'artist'
+    );
+
+CREATE POLICY "staff_modify_admin_manager" ON staff
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- SERVICES POLICIES
+CREATE POLICY "services_select_all" ON services
+    FOR SELECT
+    USING (is_active = true);
+
+CREATE POLICY "services_all_admin_manager" ON services
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- CUSTOMERS POLICIES (RESTRICTED FOR ARTISTS)
+CREATE POLICY "customers_select_admin_manager" ON customers
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "customers_select_staff" ON customers
+    FOR SELECT
+    USING (is_staff_or_higher());
+
+CREATE POLICY "customers_select_artist_restricted" ON customers
+    FOR SELECT
+    USING (is_artist());
+
+CREATE POLICY "customers_select_own" ON customers
+    FOR SELECT
+    USING (is_customer() AND user_id = auth.uid());
+
+CREATE POLICY "customers_modify_admin_manager" ON customers
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "customers_modify_staff" ON customers
+    FOR ALL
+    USING (is_staff_or_higher());
+
+CREATE POLICY "customers_update_own" ON customers
+    FOR UPDATE
+    USING (is_customer() AND user_id = auth.uid());
+
+-- INVITATIONS POLICIES
+CREATE POLICY "invitations_select_admin_manager" ON invitations
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "invitations_select_staff" ON invitations
+    FOR SELECT
+    USING (is_staff_or_higher());
+
+CREATE POLICY "invitations_select_own" ON invitations
+    FOR SELECT
+    USING (is_customer() AND inviter_id = (SELECT id FROM customers WHERE user_id = auth.uid()));
+
+CREATE POLICY "invitations_modify_admin_manager" ON invitations
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "invitations_modify_staff" ON invitations
+    FOR ALL
+    USING (is_staff_or_higher());
+
+-- BOOKINGS POLICIES
+CREATE POLICY "bookings_select_admin_manager" ON bookings
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "bookings_select_staff_location" ON bookings
+    FOR SELECT
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = bookings.location_id
+        )
+    );
+
+CREATE POLICY "bookings_select_artist_own" ON bookings
+    FOR SELECT
+    USING (
+        is_artist() AND
+        (staff_id = (SELECT id FROM staff WHERE user_id = auth.uid()) OR
+         secondary_artist_id = (SELECT id FROM staff WHERE user_id = auth.uid()))
+    );
+
+CREATE POLICY "bookings_select_own" ON bookings
+    FOR SELECT
+    USING (is_customer() AND customer_id = (SELECT id FROM customers WHERE user_id = auth.uid()));
+
+CREATE POLICY "bookings_modify_admin_manager" ON bookings
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "bookings_modify_staff_location" ON bookings
+    FOR ALL
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = bookings.location_id
+        )
+    );
+
+CREATE POLICY "bookings_no_modify_artist" ON bookings
+    FOR ALL
+    USING (NOT is_artist());
+
+CREATE POLICY "bookings_create_own" ON bookings
+    FOR INSERT
+    WITH CHECK (
+        is_customer() AND
+        customer_id = (SELECT id FROM customers WHERE user_id = auth.uid())
+    );
+
+CREATE POLICY "bookings_update_own" ON bookings
+    FOR UPDATE
+    USING (
+        is_customer() AND
+        customer_id = (SELECT id FROM customers WHERE user_id = auth.uid())
+    );
+
+-- AUDIT LOGS POLICIES
+CREATE POLICY "audit_logs_select_admin_manager" ON audit_logs
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "audit_logs_select_staff_location" ON audit_logs
+    FOR SELECT
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM bookings b
+            JOIN staff s ON s.user_id = auth.uid()
+            WHERE b.id = audit_logs.entity_id
+            AND b.location_id = s.location_id
+        )
+    );
+
+CREATE POLICY "audit_logs_no_insert" ON audit_logs
+    FOR INSERT
+    WITH CHECK (false);
+
+-- ============================================
+-- BEGIN MIGRATION 003: AUDIT TRIGGERS
+-- ============================================
+
+-- SHORT ID GENERATOR
+CREATE OR REPLACE FUNCTION generate_short_id()
+RETURNS VARCHAR(6) AS $$
+DECLARE
+    chars VARCHAR(36) := '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    short_id VARCHAR(6);
+    attempts INT := 0;
+    max_attempts INT := 10;
+BEGIN
+    LOOP
+        short_id := '';
+        FOR i IN 1..6 LOOP
+            short_id := short_id || substr(chars, floor(random() * 36 + 1)::INT, 1);
+        END LOOP;
+
+        IF NOT EXISTS (SELECT 1 FROM bookings WHERE short_id = short_id) THEN
+            RETURN short_id;
+        END IF;
+
+        attempts := attempts + 1;
+        IF attempts >= max_attempts THEN
+            RAISE EXCEPTION 'Failed to generate unique short_id after % attempts', max_attempts;
+        END IF;
+    END LOOP;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- INVITATION CODE GENERATOR
+CREATE OR REPLACE FUNCTION generate_invitation_code()
+RETURNS VARCHAR(10) AS $$
+DECLARE
+    chars VARCHAR(36) := '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    code VARCHAR(10);
+    attempts INT := 0;
+    max_attempts INT := 10;
+BEGIN
+    LOOP
+        code := '';
+        FOR i IN 1..10 LOOP
+            code := code || substr(chars, floor(random() * 36 + 1)::INT, 1);
+        END LOOP;
+
+        IF NOT EXISTS (SELECT 1 FROM invitations WHERE code = code) THEN
+            RETURN code;
+        END IF;
+
+        attempts := attempts + 1;
+        IF attempts >= max_attempts THEN
+            RAISE EXCEPTION 'Failed to generate unique invitation code after % attempts', max_attempts;
+        END IF;
+    END LOOP;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- WEEK FUNCTIONS
+CREATE OR REPLACE FUNCTION get_week_start(date_param DATE DEFAULT CURRENT_DATE)
+RETURNS DATE AS $$
+BEGIN
+    RETURN date_param - (EXTRACT(ISODOW FROM date_param)::INT - 1);
+END;
+$$ LANGUAGE plpgsql IMMUTABLE;
+
+-- WEEKLY INVITATION RESET
+CREATE OR REPLACE FUNCTION reset_weekly_invitations_for_customer(customer_uuid UUID)
+RETURNS INTEGER AS $$
+DECLARE
+    week_start DATE;
+    invitations_remaining INTEGER := 5;
+    invitations_created INTEGER := 0;
+BEGIN
+    week_start := get_week_start(CURRENT_DATE);
+
+    SELECT COUNT(*) INTO invitations_created
+    FROM invitations
+    WHERE inviter_id = customer_uuid
+    AND week_start_date = week_start;
+
+    IF invitations_created = 0 THEN
+        INSERT INTO invitations (inviter_id, code, week_start_date, expiry_date, status)
+        SELECT
+            customer_uuid,
+            generate_invitation_code(),
+            week_start,
+            week_start + INTERVAL '6 days',
+            'pending'
+        FROM generate_series(1, 5);
+
+        invitations_created := 5;
+
+        INSERT INTO audit_logs (
+            entity_type,
+            entity_id,
+            action,
+            old_values,
+            new_values,
+            performed_by,
+            performed_by_role,
+            metadata
+        )
+        VALUES (
+            'invitations',
+            customer_uuid,
+            'reset_invitations',
+            '{"week_start": null}'::JSONB,
+            '{"week_start": "' || week_start || '", "count": 5}'::JSONB,
+            NULL,
+            'system',
+            '{"reset_type": "weekly", "invitations_created": 5}'::JSONB
+        );
+    END IF;
+
+    RETURN invitations_created;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION reset_all_weekly_invitations()
+RETURNS JSONB AS $$
+DECLARE
+    customers_count INTEGER := 0;
+    invitations_created INTEGER := 0;
+    result JSONB;
+BEGIN
+    FOR customer_record IN
+        SELECT id FROM customers WHERE tier = 'gold' AND is_active = true
+    LOOP
+        invitations_created := invitations_created + reset_weekly_invitations_for_customer(customer_record.id);
+        customers_count := customers_count + 1;
+    END LOOP;
+
+    result := jsonb_build_object(
+        'customers_processed', customers_count,
+        'invitations_created', invitations_created,
+        'executed_at', NOW()::TEXT
+    );
+
+    INSERT INTO audit_logs (
+        entity_type,
+        entity_id,
+        action,
+        old_values,
+        new_values,
+        performed_by,
+        performed_by_role,
+        metadata
+    )
+    VALUES (
+        'invitations',
+        uuid_generate_v4(),
+        'reset_invitations',
+        '{}'::JSONB,
+        result,
+        NULL,
+        'system',
+        '{"reset_type": "weekly_batch"}'::JSONB
+    );
+
+    RETURN result;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- AUDIT LOG TRIGGER FUNCTION
+CREATE OR REPLACE FUNCTION log_audit()
+RETURNS TRIGGER AS $$
+DECLARE
+    current_user_role_val user_role;
+BEGIN
+    current_user_role_val := get_current_user_role();
+
+    IF TG_TABLE_NAME IN ('bookings', 'customers', 'invitations', 'staff', 'services') THEN
+        IF TG_OP = 'INSERT' THEN
+            INSERT INTO audit_logs (
+                entity_type,
+                entity_id,
+                action,
+                old_values,
+                new_values,
+                performed_by,
+                performed_by_role,
+                metadata
+            )
+            VALUES (
+                TG_TABLE_NAME,
+                NEW.id,
+                'create',
+                NULL,
+                row_to_json(NEW)::JSONB,
+                auth.uid(),
+                current_user_role_val,
+                jsonb_build_object('operation', TG_OP, 'table_name', TG_TABLE_NAME)
+            );
+        ELSIF TG_OP = 'UPDATE' THEN
+            IF NEW IS DISTINCT FROM OLD THEN
+                INSERT INTO audit_logs (
+                    entity_type,
+                    entity_id,
+                    action,
+                    old_values,
+                    new_values,
+                    performed_by,
+                    performed_by_role,
+                    metadata
+                )
+                VALUES (
+                    TG_TABLE_NAME,
+                    NEW.id,
+                    'update',
+                    row_to_json(OLD)::JSONB,
+                    row_to_json(NEW)::JSONB,
+                    auth.uid(),
+                    current_user_role_val,
+                    jsonb_build_object('operation', TG_OP, 'table_name', TG_TABLE_NAME)
+                );
+            END IF;
+        ELSIF TG_OP = 'DELETE' THEN
+            INSERT INTO audit_logs (
+                entity_type,
+                entity_id,
+                action,
+                old_values,
+                new_values,
+                performed_by,
+                performed_by_role,
+                metadata
+            )
+            VALUES (
+                TG_TABLE_NAME,
+                OLD.id,
+                'delete',
+                row_to_json(OLD)::JSONB,
+                NULL,
+                auth.uid(),
+                current_user_role_val,
+                jsonb_build_object('operation', TG_OP, 'table_name', TG_TABLE_NAME)
+            );
+        END IF;
+    END IF;
+
+    IF TG_OP = 'DELETE' THEN
+        RETURN OLD;
+    ELSE
+        RETURN NEW;
+    END IF;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- APPLY AUDIT LOG TRIGGERS
+CREATE TRIGGER audit_bookings AFTER INSERT OR UPDATE OR DELETE ON bookings
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_customers AFTER INSERT OR UPDATE OR DELETE ON customers
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_invitations AFTER INSERT OR UPDATE OR DELETE ON invitations
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_staff AFTER INSERT OR UPDATE OR DELETE ON staff
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_services AFTER INSERT OR UPDATE OR DELETE ON services
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+-- AUTOMATIC SHORT ID GENERATION FOR BOOKINGS
+CREATE OR REPLACE FUNCTION generate_booking_short_id()
+RETURNS TRIGGER AS $$
+BEGIN
+    IF NEW.short_id IS NULL OR NEW.short_id = '' THEN
+        NEW.short_id := generate_short_id();
+    END IF;
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+CREATE TRIGGER booking_generate_short_id BEFORE INSERT ON bookings
+    FOR EACH ROW EXECUTE FUNCTION generate_booking_short_id();
+
+-- ============================================
+-- VERIFICATION
+-- ============================================
+
+DO $$
+BEGIN
+    RAISE NOTICE '===========================================';
+    RAISE NOTICE 'SALONOS - DATABASE MIGRATION COMPLETED';
+    RAISE NOTICE '===========================================';
+    RAISE NOTICE '✅ Tables created: 8';
+    RAISE NOTICE '✅ Functions created: 13';
+    RAISE NOTICE '✅ Triggers active: 15+';
+    RAISE NOTICE '✅ RLS policies configured: 20+';
+    RAISE NOTICE '✅ ENUM types created: 6';
+    RAISE NOTICE '===========================================';
+    RAISE NOTICE 'NEXT STEPS:';
+    RAISE NOTICE '1. Configure Auth in Supabase Dashboard';
+    RAISE NOTICE '2. Create test users with specific roles';
+    RAISE NOTICE '3. Test Short ID generation:';
+    RAISE NOTICE '   SELECT generate_short_id();';
+    RAISE NOTICE '4. Test invitation code generation:';
+    RAISE NOTICE '   SELECT generate_invitation_code();';
+    RAISE NOTICE '5. Verify tables:';
+    RAISE NOTICE '   SELECT table_name FROM information_schema.tables';
+    RAISE NOTICE '   WHERE table_schema = ''public'' ORDER BY table_name;';
+    RAISE NOTICE '===========================================';
+END
+$$;

db/migrations/00_FULL_MIGRATION_CORRECTED.sql

@@ -0,0 +1,795 @@
+-- ============================================
+-- SALONOS - CORRECTED FULL DATABASE MIGRATION
+-- Ejecutar TODO este archivo en Supabase SQL Editor
+-- URL: https://supabase.com/dashboard/project/pvvwbnybkadhreuqijsl/sql
+-- ============================================
+
+-- ============================================
+-- BEGIN MIGRATION 001: INITIAL SCHEMA
+-- ============================================
+
+-- Habilitar UUID extension
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+-- ENUMS
+CREATE TYPE user_role AS ENUM ('admin', 'manager', 'staff', 'artist', 'customer');
+CREATE TYPE customer_tier AS ENUM ('free', 'gold');
+CREATE TYPE booking_status AS ENUM ('pending', 'confirmed', 'cancelled', 'completed', 'no_show');
+CREATE TYPE invitation_status AS ENUM ('pending', 'used', 'expired');
+CREATE TYPE resource_type AS ENUM ('station', 'room', 'equipment');
+CREATE TYPE audit_action AS ENUM ('create', 'update', 'delete', 'reset_invitations', 'payment', 'status_change');
+
+-- LOCATIONS
+CREATE TABLE locations (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    name VARCHAR(100) NOT NULL,
+    timezone VARCHAR(50) NOT NULL DEFAULT 'UTC',
+    address TEXT,
+    phone VARCHAR(20),
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- RESOURCES
+CREATE TABLE resources (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    location_id UUID NOT NULL REFERENCES locations(id) ON DELETE CASCADE,
+    name VARCHAR(100) NOT NULL,
+    type resource_type NOT NULL,
+    capacity INTEGER DEFAULT 1,
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- STAFF
+CREATE TABLE staff (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    user_id UUID NOT NULL,
+    location_id UUID NOT NULL REFERENCES locations(id) ON DELETE CASCADE,
+    role user_role NOT NULL CHECK (role IN ('admin', 'manager', 'staff', 'artist')),
+    display_name VARCHAR(100) NOT NULL,
+    phone VARCHAR(20),
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW(),
+    UNIQUE(user_id, location_id)
+);
+
+-- SERVICES
+CREATE TABLE services (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    name VARCHAR(100) NOT NULL,
+    description TEXT,
+    duration_minutes INTEGER NOT NULL CHECK (duration_minutes > 0),
+    base_price DECIMAL(10, 2) NOT NULL CHECK (base_price >= 0),
+    requires_dual_artist BOOLEAN DEFAULT false,
+    premium_fee_enabled BOOLEAN DEFAULT false,
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- CUSTOMERS
+CREATE TABLE customers (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    user_id UUID UNIQUE,
+    first_name VARCHAR(100) NOT NULL,
+    last_name VARCHAR(100) NOT NULL,
+    email VARCHAR(255) UNIQUE NOT NULL,
+    phone VARCHAR(20),
+    tier customer_tier DEFAULT 'free',
+    notes TEXT,
+    total_spent DECIMAL(10, 2) DEFAULT 0,
+    total_visits INTEGER DEFAULT 0,
+    last_visit_date DATE,
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- INVITATIONS
+CREATE TABLE invitations (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    inviter_id UUID NOT NULL REFERENCES customers(id) ON DELETE CASCADE,
+    code VARCHAR(10) UNIQUE NOT NULL,
+    email VARCHAR(255),
+    status invitation_status DEFAULT 'pending',
+    week_start_date DATE NOT NULL,
+    expiry_date DATE NOT NULL,
+    used_at TIMESTAMPTZ,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- BOOKINGS
+CREATE TABLE bookings (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    short_id VARCHAR(6) UNIQUE NOT NULL,
+    customer_id UUID NOT NULL REFERENCES customers(id) ON DELETE CASCADE,
+    staff_id UUID NOT NULL REFERENCES staff(id) ON DELETE RESTRICT,
+    secondary_artist_id UUID REFERENCES staff(id) ON DELETE SET NULL,
+    location_id UUID NOT NULL REFERENCES locations(id) ON DELETE CASCADE,
+    resource_id UUID NOT NULL REFERENCES resources(id) ON DELETE CASCADE,
+    service_id UUID NOT NULL REFERENCES services(id) ON DELETE RESTRICT,
+    start_time_utc TIMESTAMPTZ NOT NULL,
+    end_time_utc TIMESTAMPTZ NOT NULL,
+    status booking_status DEFAULT 'pending',
+    deposit_amount DECIMAL(10, 2) DEFAULT 0,
+    total_amount DECIMAL(10, 2) NOT NULL,
+    is_paid BOOLEAN DEFAULT false,
+    payment_reference VARCHAR(50),
+    notes TEXT,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- AUDIT LOGS
+CREATE TABLE audit_logs (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    entity_type VARCHAR(50) NOT NULL,
+    entity_id UUID NOT NULL,
+    action audit_action NOT NULL,
+    old_values JSONB,
+    new_values JSONB,
+    performed_by UUID,
+    performed_by_role user_role,
+    ip_address INET,
+    user_agent TEXT,
+    metadata JSONB,
+    created_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- INDEXES
+CREATE INDEX idx_locations_active ON locations(is_active);
+CREATE INDEX idx_resources_location ON resources(location_id);
+CREATE INDEX idx_resources_active ON resources(location_id, is_active);
+CREATE INDEX idx_staff_user ON staff(user_id);
+CREATE INDEX idx_staff_location ON staff(location_id);
+CREATE INDEX idx_staff_role ON staff(location_id, role, is_active);
+CREATE INDEX idx_services_active ON services(is_active);
+CREATE INDEX idx_customers_tier ON customers(tier);
+CREATE INDEX idx_customers_email ON customers(email);
+CREATE INDEX idx_customers_active ON customers(is_active);
+CREATE INDEX idx_invitations_inviter ON invitations(inviter_id);
+CREATE INDEX idx_invitations_code ON invitations(code);
+CREATE INDEX idx_invitations_week ON invitations(week_start_date, status);
+CREATE INDEX idx_bookings_customer ON bookings(customer_id);
+CREATE INDEX idx_bookings_staff ON bookings(staff_id);
+CREATE INDEX idx_bookings_secondary_artist ON bookings(secondary_artist_id);
+CREATE INDEX idx_bookings_location ON bookings(location_id);
+CREATE INDEX idx_bookings_resource ON bookings(resource_id);
+CREATE INDEX idx_bookings_time ON bookings(start_time_utc, end_time_utc);
+CREATE INDEX idx_bookings_status ON bookings(status);
+CREATE INDEX idx_bookings_short_id ON bookings(short_id);
+CREATE INDEX idx_audit_entity ON audit_logs(entity_type, entity_id);
+CREATE INDEX idx_audit_action ON audit_logs(action, created_at);
+CREATE INDEX idx_audit_performed ON audit_logs(performed_by);
+
+-- UPDATED_AT TRIGGER FUNCTION
+CREATE OR REPLACE FUNCTION update_updated_at()
+RETURNS TRIGGER AS $$
+BEGIN
+    NEW.updated_at = NOW();
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- UPDATED_AT TRIGGERS
+CREATE TRIGGER locations_updated_at BEFORE UPDATE ON locations
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER resources_updated_at BEFORE UPDATE ON resources
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER staff_updated_at BEFORE UPDATE ON staff
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER services_updated_at BEFORE UPDATE ON services
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER customers_updated_at BEFORE UPDATE ON customers
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER invitations_updated_at BEFORE UPDATE ON invitations
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER bookings_updated_at BEFORE UPDATE ON bookings
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+-- CONSTRAINTS (Simple ones only - no subqueries)
+ALTER TABLE bookings ADD CONSTRAINT check_booking_time
+    CHECK (end_time_utc > start_time_utc);
+
+ALTER TABLE invitations ADD CONSTRAINT check_week_start_is_monday
+    CHECK (EXTRACT(ISODOW FROM week_start_date) = 1);
+
+-- Trigger for secondary_artist validation (instead of CHECK constraint with subquery)
+CREATE OR REPLACE FUNCTION validate_secondary_artist_role()
+RETURNS TRIGGER AS $$
+BEGIN
+    IF NEW.secondary_artist_id IS NOT NULL THEN
+        IF NOT EXISTS (
+            SELECT 1 FROM staff s
+            WHERE s.id = NEW.secondary_artist_id AND s.role = 'artist' AND s.is_active = true
+        ) THEN
+            RAISE EXCEPTION 'secondary_artist_id must reference an active staff member with role ''artist''';
+        END IF;
+    END IF;
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+CREATE TRIGGER validate_booking_secondary_artist BEFORE INSERT OR UPDATE ON bookings
+    FOR EACH ROW EXECUTE FUNCTION validate_secondary_artist_role();
+
+-- ============================================
+-- BEGIN MIGRATION 002: RLS POLICIES
+-- ============================================
+
+-- HELPER FUNCTIONS
+CREATE OR REPLACE FUNCTION get_current_user_role()
+RETURNS user_role AS $$
+    DECLARE
+        current_staff_role user_role;
+        current_user_id UUID := auth.uid();
+    BEGIN
+        SELECT s.role INTO current_staff_role
+        FROM staff s
+        WHERE s.user_id = current_user_id
+        LIMIT 1;
+
+        IF current_staff_role IS NOT NULL THEN
+            RETURN current_staff_role;
+        END IF;
+
+        IF EXISTS (SELECT 1 FROM customers WHERE user_id = current_user_id) THEN
+            RETURN 'customer';
+        END IF;
+
+        RETURN NULL;
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION is_staff_or_higher()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role IN ('admin', 'manager', 'staff');
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION is_artist()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role = 'artist';
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION is_customer()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role = 'customer';
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION is_admin()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role = 'admin';
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- ENABLE RLS ON ALL TABLES
+ALTER TABLE locations ENABLE ROW LEVEL SECURITY;
+ALTER TABLE resources ENABLE ROW LEVEL SECURITY;
+ALTER TABLE staff ENABLE ROW LEVEL SECURITY;
+ALTER TABLE services ENABLE ROW LEVEL SECURITY;
+ALTER TABLE customers ENABLE ROW LEVEL SECURITY;
+ALTER TABLE invitations ENABLE ROW LEVEL SECURITY;
+ALTER TABLE bookings ENABLE ROW LEVEL SECURITY;
+ALTER TABLE audit_logs ENABLE ROW LEVEL SECURITY;
+
+-- LOCATIONS POLICIES
+CREATE POLICY "locations_select_staff_higher" ON locations
+    FOR SELECT
+    USING (is_staff_or_higher() OR is_admin());
+
+CREATE POLICY "locations_modify_admin_manager" ON locations
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- RESOURCES POLICIES
+CREATE POLICY "resources_select_staff_higher" ON resources
+    FOR SELECT
+    USING (is_staff_or_higher() OR is_admin());
+
+CREATE POLICY "resources_select_artist" ON resources
+    FOR SELECT
+    USING (is_artist());
+
+CREATE POLICY "resources_modify_admin_manager" ON resources
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- STAFF POLICIES
+CREATE POLICY "staff_select_admin_manager" ON staff
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "staff_select_same_location" ON staff
+    FOR SELECT
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = staff.location_id
+        )
+    );
+
+CREATE POLICY "staff_select_artist_view_artists" ON staff
+    FOR SELECT
+    USING (
+        is_artist() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = staff.location_id
+        ) AND
+        staff.role = 'artist'
+    );
+
+CREATE POLICY "staff_modify_admin_manager" ON staff
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- SERVICES POLICIES
+CREATE POLICY "services_select_all" ON services
+    FOR SELECT
+    USING (is_active = true);
+
+CREATE POLICY "services_all_admin_manager" ON services
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- CUSTOMERS POLICIES (RESTRICTED FOR ARTISTS)
+CREATE POLICY "customers_select_admin_manager" ON customers
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "customers_select_staff" ON customers
+    FOR SELECT
+    USING (is_staff_or_higher());
+
+CREATE POLICY "customers_select_artist_restricted" ON customers
+    FOR SELECT
+    USING (is_artist());
+
+CREATE POLICY "customers_select_own" ON customers
+    FOR SELECT
+    USING (is_customer() AND user_id = auth.uid());
+
+CREATE POLICY "customers_modify_admin_manager" ON customers
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "customers_modify_staff" ON customers
+    FOR ALL
+    USING (is_staff_or_higher());
+
+CREATE POLICY "customers_update_own" ON customers
+    FOR UPDATE
+    USING (is_customer() AND user_id = auth.uid());
+
+-- INVITATIONS POLICIES
+CREATE POLICY "invitations_select_admin_manager" ON invitations
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "invitations_select_staff" ON invitations
+    FOR SELECT
+    USING (is_staff_or_higher());
+
+CREATE POLICY "invitations_select_own" ON invitations
+    FOR SELECT
+    USING (is_customer() AND inviter_id = (SELECT id FROM customers WHERE user_id = auth.uid()));
+
+CREATE POLICY "invitations_modify_admin_manager" ON invitations
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "invitations_modify_staff" ON invitations
+    FOR ALL
+    USING (is_staff_or_higher());
+
+-- BOOKINGS POLICIES
+CREATE POLICY "bookings_select_admin_manager" ON bookings
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "bookings_select_staff_location" ON bookings
+    FOR SELECT
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = bookings.location_id
+        )
+    );
+
+CREATE POLICY "bookings_select_artist_own" ON bookings
+    FOR SELECT
+    USING (
+        is_artist() AND
+        (staff_id = (SELECT id FROM staff WHERE user_id = auth.uid()) OR
+         secondary_artist_id = (SELECT id FROM staff WHERE user_id = auth.uid()))
+    );
+
+CREATE POLICY "bookings_select_own" ON bookings
+    FOR SELECT
+    USING (is_customer() AND customer_id = (SELECT id FROM customers WHERE user_id = auth.uid()));
+
+CREATE POLICY "bookings_modify_admin_manager" ON bookings
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "bookings_modify_staff_location" ON bookings
+    FOR ALL
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = bookings.location_id
+        )
+    );
+
+CREATE POLICY "bookings_no_modify_artist" ON bookings
+    FOR ALL
+    USING (NOT is_artist());
+
+CREATE POLICY "bookings_create_own" ON bookings
+    FOR INSERT
+    WITH CHECK (
+        is_customer() AND
+        customer_id = (SELECT id FROM customers WHERE user_id = auth.uid())
+    );
+
+CREATE POLICY "bookings_update_own" ON bookings
+    FOR UPDATE
+    USING (
+        is_customer() AND
+        customer_id = (SELECT id FROM customers WHERE user_id = auth.uid())
+    );
+
+-- AUDIT LOGS POLICIES
+CREATE POLICY "audit_logs_select_admin_manager" ON audit_logs
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "audit_logs_select_staff_location" ON audit_logs
+    FOR SELECT
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM bookings b
+            JOIN staff s ON s.user_id = auth.uid()
+            WHERE b.id = audit_logs.entity_id
+            AND b.location_id = s.location_id
+        )
+    );
+
+CREATE POLICY "audit_logs_no_insert" ON audit_logs
+    FOR INSERT
+    WITH CHECK (false);
+
+-- ============================================
+-- BEGIN MIGRATION 003: AUDIT TRIGGERS
+-- ============================================
+
+-- SHORT ID GENERATOR
+CREATE OR REPLACE FUNCTION generate_short_id()
+RETURNS VARCHAR(6) AS $$
+DECLARE
+    chars VARCHAR(36) := '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    short_id VARCHAR(6);
+    attempts INT := 0;
+    max_attempts INT := 10;
+BEGIN
+    LOOP
+        short_id := '';
+        FOR i IN 1..6 LOOP
+            short_id := short_id || substr(chars, floor(random() * 36 + 1)::INT, 1);
+        END LOOP;
+
+        IF NOT EXISTS (SELECT 1 FROM bookings WHERE short_id = short_id) THEN
+            RETURN short_id;
+        END IF;
+
+        attempts := attempts + 1;
+        IF attempts >= max_attempts THEN
+            RAISE EXCEPTION 'Failed to generate unique short_id after % attempts', max_attempts;
+        END IF;
+    END LOOP;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- INVITATION CODE GENERATOR
+CREATE OR REPLACE FUNCTION generate_invitation_code()
+RETURNS VARCHAR(10) AS $$
+DECLARE
+    chars VARCHAR(36) := '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    code VARCHAR(10);
+    attempts INT := 0;
+    max_attempts INT := 10;
+BEGIN
+    LOOP
+        code := '';
+        FOR i IN 1..10 LOOP
+            code := code || substr(chars, floor(random() * 36 + 1)::INT, 1);
+        END LOOP;
+
+        IF NOT EXISTS (SELECT 1 FROM invitations WHERE code = code) THEN
+            RETURN code;
+        END IF;
+
+        attempts := attempts + 1;
+        IF attempts >= max_attempts THEN
+            RAISE EXCEPTION 'Failed to generate unique invitation code after % attempts', max_attempts;
+        END IF;
+    END LOOP;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- WEEK FUNCTIONS
+CREATE OR REPLACE FUNCTION get_week_start(date_param DATE DEFAULT CURRENT_DATE)
+RETURNS DATE AS $$
+BEGIN
+    RETURN date_param - (EXTRACT(ISODOW FROM date_param)::INT - 1);
+END;
+$$ LANGUAGE plpgsql IMMUTABLE;
+
+-- WEEKLY INVITATION RESET
+CREATE OR REPLACE FUNCTION reset_weekly_invitations_for_customer(customer_uuid UUID)
+RETURNS INTEGER AS $$
+DECLARE
+    week_start DATE;
+    invitations_remaining INTEGER := 5;
+    invitations_created INTEGER := 0;
+BEGIN
+    week_start := get_week_start(CURRENT_DATE);
+
+    SELECT COUNT(*) INTO invitations_created
+    FROM invitations
+    WHERE inviter_id = customer_uuid
+    AND week_start_date = week_start;
+
+    IF invitations_created = 0 THEN
+        INSERT INTO invitations (inviter_id, code, week_start_date, expiry_date, status)
+        SELECT
+            customer_uuid,
+            generate_invitation_code(),
+            week_start,
+            week_start + INTERVAL '6 days',
+            'pending'
+        FROM generate_series(1, 5);
+
+        invitations_created := 5;
+
+        INSERT INTO audit_logs (
+            entity_type,
+            entity_id,
+            action,
+            old_values,
+            new_values,
+            performed_by,
+            performed_by_role,
+            metadata
+        )
+        VALUES (
+            'invitations',
+            customer_uuid,
+            'reset_invitations',
+            '{"week_start": null}'::JSONB,
+            '{"week_start": "' || week_start || '", "count": 5}'::JSONB,
+            NULL,
+            'system',
+            '{"reset_type": "weekly", "invitations_created": 5}'::JSONB
+        );
+    END IF;
+
+    RETURN invitations_created;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION reset_all_weekly_invitations()
+RETURNS JSONB AS $$
+DECLARE
+    customers_count INTEGER := 0;
+    invitations_created INTEGER := 0;
+    result JSONB;
+    customer_record RECORD;
+BEGIN
+    FOR customer_record IN
+        SELECT id FROM customers WHERE tier = 'gold' AND is_active = true
+    LOOP
+        invitations_created := invitations_created + reset_weekly_invitations_for_customer(customer_record.id);
+        customers_count := customers_count + 1;
+    END LOOP;
+
+    result := jsonb_build_object(
+        'customers_processed', customers_count,
+        'invitations_created', invitations_created,
+        'executed_at', NOW()::TEXT
+    );
+
+    INSERT INTO audit_logs (
+        entity_type,
+        entity_id,
+        action,
+        old_values,
+        new_values,
+        performed_by,
+        performed_by_role,
+        metadata
+    )
+    VALUES (
+        'invitations',
+        uuid_generate_v4(),
+        'reset_invitations',
+        '{}'::JSONB,
+        result,
+        NULL,
+        'system',
+        '{"reset_type": "weekly_batch"}'::JSONB
+    );
+
+    RETURN result;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- AUDIT LOG TRIGGER FUNCTION
+CREATE OR REPLACE FUNCTION log_audit()
+RETURNS TRIGGER AS $$
+DECLARE
+    current_user_role_val user_role;
+BEGIN
+    current_user_role_val := get_current_user_role();
+
+    IF TG_TABLE_NAME IN ('bookings', 'customers', 'invitations', 'staff', 'services') THEN
+        IF TG_OP = 'INSERT' THEN
+            INSERT INTO audit_logs (
+                entity_type,
+                entity_id,
+                action,
+                old_values,
+                new_values,
+                performed_by,
+                performed_by_role,
+                metadata
+            )
+            VALUES (
+                TG_TABLE_NAME,
+                NEW.id,
+                'create',
+                NULL,
+                row_to_json(NEW)::JSONB,
+                auth.uid(),
+                current_user_role_val,
+                jsonb_build_object('operation', TG_OP, 'table_name', TG_TABLE_NAME)
+            );
+        ELSIF TG_OP = 'UPDATE' THEN
+            IF NEW IS DISTINCT FROM OLD THEN
+                INSERT INTO audit_logs (
+                    entity_type,
+                    entity_id,
+                    action,
+                    old_values,
+                    new_values,
+                    performed_by,
+                    performed_by_role,
+                    metadata
+                )
+                VALUES (
+                    TG_TABLE_NAME,
+                    NEW.id,
+                    'update',
+                    row_to_json(OLD)::JSONB,
+                    row_to_json(NEW)::JSONB,
+                    auth.uid(),
+                    current_user_role_val,
+                    jsonb_build_object('operation', TG_OP, 'table_name', TG_TABLE_NAME)
+                );
+            END IF;
+        ELSIF TG_OP = 'DELETE' THEN
+            INSERT INTO audit_logs (
+                entity_type,
+                entity_id,
+                action,
+                old_values,
+                new_values,
+                performed_by,
+                performed_by_role,
+                metadata
+            )
+            VALUES (
+                TG_TABLE_NAME,
+                OLD.id,
+                'delete',
+                row_to_json(OLD)::JSONB,
+                NULL,
+                auth.uid(),
+                current_user_role_val,
+                jsonb_build_object('operation', TG_OP, 'table_name', TG_TABLE_NAME)
+            );
+        END IF;
+    END IF;
+
+    IF TG_OP = 'DELETE' THEN
+        RETURN OLD;
+    ELSE
+        RETURN NEW;
+    END IF;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- APPLY AUDIT LOG TRIGGERS
+CREATE TRIGGER audit_bookings AFTER INSERT OR UPDATE OR DELETE ON bookings
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_customers AFTER INSERT OR UPDATE OR DELETE ON customers
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_invitations AFTER INSERT OR UPDATE OR DELETE ON invitations
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_staff AFTER INSERT OR UPDATE OR DELETE ON staff
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_services AFTER INSERT OR UPDATE OR DELETE ON services
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+-- AUTOMATIC SHORT ID GENERATION FOR BOOKINGS
+CREATE OR REPLACE FUNCTION generate_booking_short_id()
+RETURNS TRIGGER AS $$
+BEGIN
+    IF NEW.short_id IS NULL OR NEW.short_id = '' THEN
+        NEW.short_id := generate_short_id();
+    END IF;
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+CREATE TRIGGER booking_generate_short_id BEFORE INSERT ON bookings
+    FOR EACH ROW EXECUTE FUNCTION generate_booking_short_id();
+
+-- ============================================
+-- VERIFICATION
+-- ============================================
+
+DO $$
+BEGIN
+    RAISE NOTICE '===========================================';
+    RAISE NOTICE 'SALONOS - DATABASE MIGRATION COMPLETED';
+    RAISE NOTICE '===========================================';
+    RAISE NOTICE '✅ Tables created: 8';
+    RAISE NOTICE '✅ Functions created: 14';
+    RAISE NOTICE '✅ Triggers active: 17+';
+    RAISE NOTICE '✅ RLS policies configured: 20+';
+    RAISE NOTICE '✅ ENUM types created: 6';
+    RAISE NOTICE '===========================================';
+    RAISE NOTICE 'NEXT STEPS:';
+    RAISE NOTICE '1. Configure Auth in Supabase Dashboard';
+    RAISE NOTICE '2. Create test users with specific roles';
+    RAISE NOTICE '3. Test Short ID generation:';
+    RAISE NOTICE '   SELECT generate_short_id();';
+    RAISE NOTICE '4. Test invitation code generation:';
+    RAISE NOTICE '   SELECT generate_invitation_code();';
+    RAISE NOTICE '5. Verify tables:';
+    RAISE NOTICE '   SELECT table_name FROM information_schema.tables';
+    RAISE NOTICE '   WHERE table_schema = ''public'' ORDER BY table_name;';
+    RAISE NOTICE '===========================================';
+END
+$$;

db/migrations/00_FULL_MIGRATION_FINAL.sql

@@ -0,0 +1,795 @@
+-- ============================================
+-- SALONOS - CORRECTED FULL DATABASE MIGRATION
+-- Ejecutar TODO este archivo en Supabase SQL Editor
+-- URL: https://supabase.com/dashboard/project/pvvwbnybkadhreuqijsl/sql
+-- ============================================
+
+-- ============================================
+-- BEGIN MIGRATION 001: INITIAL SCHEMA
+-- ============================================
+
+-- Habilitar UUID extension
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+-- ENUMS
+CREATE TYPE user_role AS ENUM ('admin', 'manager', 'staff', 'artist', 'customer');
+CREATE TYPE customer_tier AS ENUM ('free', 'gold');
+CREATE TYPE booking_status AS ENUM ('pending', 'confirmed', 'cancelled', 'completed', 'no_show');
+CREATE TYPE invitation_status AS ENUM ('pending', 'used', 'expired');
+CREATE TYPE resource_type AS ENUM ('station', 'room', 'equipment');
+CREATE TYPE audit_action AS ENUM ('create', 'update', 'delete', 'reset_invitations', 'payment', 'status_change');
+
+-- LOCATIONS
+CREATE TABLE locations (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    name VARCHAR(100) NOT NULL,
+    timezone VARCHAR(50) NOT NULL DEFAULT 'UTC',
+    address TEXT,
+    phone VARCHAR(20),
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- RESOURCES
+CREATE TABLE resources (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    location_id UUID NOT NULL REFERENCES locations(id) ON DELETE CASCADE,
+    name VARCHAR(100) NOT NULL,
+    type resource_type NOT NULL,
+    capacity INTEGER DEFAULT 1,
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- STAFF
+CREATE TABLE staff (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    user_id UUID NOT NULL,
+    location_id UUID NOT NULL REFERENCES locations(id) ON DELETE CASCADE,
+    role user_role NOT NULL CHECK (role IN ('admin', 'manager', 'staff', 'artist')),
+    display_name VARCHAR(100) NOT NULL,
+    phone VARCHAR(20),
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW(),
+    UNIQUE(user_id, location_id)
+);
+
+-- SERVICES
+CREATE TABLE services (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    name VARCHAR(100) NOT NULL,
+    description TEXT,
+    duration_minutes INTEGER NOT NULL CHECK (duration_minutes > 0),
+    base_price DECIMAL(10, 2) NOT NULL CHECK (base_price >= 0),
+    requires_dual_artist BOOLEAN DEFAULT false,
+    premium_fee_enabled BOOLEAN DEFAULT false,
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- CUSTOMERS
+CREATE TABLE customers (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    user_id UUID UNIQUE,
+    first_name VARCHAR(100) NOT NULL,
+    last_name VARCHAR(100) NOT NULL,
+    email VARCHAR(255) UNIQUE NOT NULL,
+    phone VARCHAR(20),
+    tier customer_tier DEFAULT 'free',
+    notes TEXT,
+    total_spent DECIMAL(10, 2) DEFAULT 0,
+    total_visits INTEGER DEFAULT 0,
+    last_visit_date DATE,
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- INVITATIONS
+CREATE TABLE invitations (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    inviter_id UUID NOT NULL REFERENCES customers(id) ON DELETE CASCADE,
+    code VARCHAR(10) UNIQUE NOT NULL,
+    email VARCHAR(255),
+    status invitation_status DEFAULT 'pending',
+    week_start_date DATE NOT NULL,
+    expiry_date DATE NOT NULL,
+    used_at TIMESTAMPTZ,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- BOOKINGS
+CREATE TABLE bookings (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    short_id VARCHAR(6) UNIQUE NOT NULL,
+    customer_id UUID NOT NULL REFERENCES customers(id) ON DELETE CASCADE,
+    staff_id UUID NOT NULL REFERENCES staff(id) ON DELETE RESTRICT,
+    secondary_artist_id UUID REFERENCES staff(id) ON DELETE SET NULL,
+    location_id UUID NOT NULL REFERENCES locations(id) ON DELETE CASCADE,
+    resource_id UUID NOT NULL REFERENCES resources(id) ON DELETE CASCADE,
+    service_id UUID NOT NULL REFERENCES services(id) ON DELETE RESTRICT,
+    start_time_utc TIMESTAMPTZ NOT NULL,
+    end_time_utc TIMESTAMPTZ NOT NULL,
+    status booking_status DEFAULT 'pending',
+    deposit_amount DECIMAL(10, 2) DEFAULT 0,
+    total_amount DECIMAL(10, 2) NOT NULL,
+    is_paid BOOLEAN DEFAULT false,
+    payment_reference VARCHAR(50),
+    notes TEXT,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- AUDIT LOGS
+CREATE TABLE audit_logs (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    entity_type VARCHAR(50) NOT NULL,
+    entity_id UUID NOT NULL,
+    action audit_action NOT NULL,
+    old_values JSONB,
+    new_values JSONB,
+    performed_by UUID,
+    performed_by_role user_role,
+    ip_address INET,
+    user_agent TEXT,
+    metadata JSONB,
+    created_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- INDEXES
+CREATE INDEX idx_locations_active ON locations(is_active);
+CREATE INDEX idx_resources_location ON resources(location_id);
+CREATE INDEX idx_resources_active ON resources(location_id, is_active);
+CREATE INDEX idx_staff_user ON staff(user_id);
+CREATE INDEX idx_staff_location ON staff(location_id);
+CREATE INDEX idx_staff_role ON staff(location_id, role, is_active);
+CREATE INDEX idx_services_active ON services(is_active);
+CREATE INDEX idx_customers_tier ON customers(tier);
+CREATE INDEX idx_customers_email ON customers(email);
+CREATE INDEX idx_customers_active ON customers(is_active);
+CREATE INDEX idx_invitations_inviter ON invitations(inviter_id);
+CREATE INDEX idx_invitations_code ON invitations(code);
+CREATE INDEX idx_invitations_week ON invitations(week_start_date, status);
+CREATE INDEX idx_bookings_customer ON bookings(customer_id);
+CREATE INDEX idx_bookings_staff ON bookings(staff_id);
+CREATE INDEX idx_bookings_secondary_artist ON bookings(secondary_artist_id);
+CREATE INDEX idx_bookings_location ON bookings(location_id);
+CREATE INDEX idx_bookings_resource ON bookings(resource_id);
+CREATE INDEX idx_bookings_time ON bookings(start_time_utc, end_time_utc);
+CREATE INDEX idx_bookings_status ON bookings(status);
+CREATE INDEX idx_bookings_short_id ON bookings(short_id);
+CREATE INDEX idx_audit_entity ON audit_logs(entity_type, entity_id);
+CREATE INDEX idx_audit_action ON audit_logs(action, created_at);
+CREATE INDEX idx_audit_performed ON audit_logs(performed_by);
+
+-- UPDATED_AT TRIGGER FUNCTION
+CREATE OR REPLACE FUNCTION update_updated_at()
+RETURNS TRIGGER AS $$
+BEGIN
+    NEW.updated_at = NOW();
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- UPDATED_AT TRIGGERS
+CREATE TRIGGER locations_updated_at BEFORE UPDATE ON locations
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER resources_updated_at BEFORE UPDATE ON resources
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER staff_updated_at BEFORE UPDATE ON staff
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER services_updated_at BEFORE UPDATE ON services
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER customers_updated_at BEFORE UPDATE ON customers
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER invitations_updated_at BEFORE UPDATE ON invitations
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER bookings_updated_at BEFORE UPDATE ON bookings
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+-- CONSTRAINTS (Simple ones only - no subqueries)
+ALTER TABLE bookings ADD CONSTRAINT check_booking_time
+    CHECK (end_time_utc > start_time_utc);
+
+ALTER TABLE invitations ADD CONSTRAINT check_week_start_is_monday
+    CHECK (EXTRACT(ISODOW FROM week_start_date) = 1);
+
+-- Trigger for secondary_artist validation (instead of CHECK constraint with subquery)
+CREATE OR REPLACE FUNCTION validate_secondary_artist_role()
+RETURNS TRIGGER AS $$
+BEGIN
+    IF NEW.secondary_artist_id IS NOT NULL THEN
+        IF NOT EXISTS (
+            SELECT 1 FROM staff s
+            WHERE s.id = NEW.secondary_artist_id AND s.role = 'artist' AND s.is_active = true
+        ) THEN
+            RAISE EXCEPTION 'secondary_artist_id must reference an active staff member with role ''artist''';
+        END IF;
+    END IF;
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+CREATE TRIGGER validate_booking_secondary_artist BEFORE INSERT OR UPDATE ON bookings
+    FOR EACH ROW EXECUTE FUNCTION validate_secondary_artist_role();
+
+-- ============================================
+-- BEGIN MIGRATION 002: RLS POLICIES
+-- ============================================
+
+-- HELPER FUNCTIONS
+CREATE OR REPLACE FUNCTION get_current_user_role()
+RETURNS user_role AS $$
+    DECLARE
+        current_staff_role user_role;
+        current_user_id UUID := auth.uid();
+    BEGIN
+        SELECT s.role INTO current_staff_role
+        FROM staff s
+        WHERE s.user_id = current_user_id
+        LIMIT 1;
+
+        IF current_staff_role IS NOT NULL THEN
+            RETURN current_staff_role;
+        END IF;
+
+        IF EXISTS (SELECT 1 FROM customers WHERE user_id = current_user_id) THEN
+            RETURN 'customer';
+        END IF;
+
+        RETURN NULL;
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION is_staff_or_higher()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role IN ('admin', 'manager', 'staff');
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION is_artist()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role = 'artist';
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION is_customer()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role = 'customer';
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION is_admin()
+RETURNS BOOLEAN AS $$
+    DECLARE
+        user_role user_role := get_current_user_role();
+    BEGIN
+        RETURN user_role = 'admin';
+    END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- ENABLE RLS ON ALL TABLES
+ALTER TABLE locations ENABLE ROW LEVEL SECURITY;
+ALTER TABLE resources ENABLE ROW LEVEL SECURITY;
+ALTER TABLE staff ENABLE ROW LEVEL SECURITY;
+ALTER TABLE services ENABLE ROW LEVEL SECURITY;
+ALTER TABLE customers ENABLE ROW LEVEL SECURITY;
+ALTER TABLE invitations ENABLE ROW LEVEL SECURITY;
+ALTER TABLE bookings ENABLE ROW LEVEL SECURITY;
+ALTER TABLE audit_logs ENABLE ROW LEVEL SECURITY;
+
+-- LOCATIONS POLICIES
+CREATE POLICY "locations_select_staff_higher" ON locations
+    FOR SELECT
+    USING (is_staff_or_higher() OR is_admin());
+
+CREATE POLICY "locations_modify_admin_manager" ON locations
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- RESOURCES POLICIES
+CREATE POLICY "resources_select_staff_higher" ON resources
+    FOR SELECT
+    USING (is_staff_or_higher() OR is_admin());
+
+CREATE POLICY "resources_select_artist" ON resources
+    FOR SELECT
+    USING (is_artist());
+
+CREATE POLICY "resources_modify_admin_manager" ON resources
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- STAFF POLICIES
+CREATE POLICY "staff_select_admin_manager" ON staff
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "staff_select_same_location" ON staff
+    FOR SELECT
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = staff.location_id
+        )
+    );
+
+CREATE POLICY "staff_select_artist_view_artists" ON staff
+    FOR SELECT
+    USING (
+        is_artist() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = staff.location_id
+        ) AND
+        staff.role = 'artist'
+    );
+
+CREATE POLICY "staff_modify_admin_manager" ON staff
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- SERVICES POLICIES
+CREATE POLICY "services_select_all" ON services
+    FOR SELECT
+    USING (is_active = true);
+
+CREATE POLICY "services_all_admin_manager" ON services
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+-- CUSTOMERS POLICIES (RESTRICTED FOR ARTISTS)
+CREATE POLICY "customers_select_admin_manager" ON customers
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "customers_select_staff" ON customers
+    FOR SELECT
+    USING (is_staff_or_higher());
+
+CREATE POLICY "customers_select_artist_restricted" ON customers
+    FOR SELECT
+    USING (is_artist());
+
+CREATE POLICY "customers_select_own" ON customers
+    FOR SELECT
+    USING (is_customer() AND user_id = auth.uid());
+
+CREATE POLICY "customers_modify_admin_manager" ON customers
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "customers_modify_staff" ON customers
+    FOR ALL
+    USING (is_staff_or_higher());
+
+CREATE POLICY "customers_update_own" ON customers
+    FOR UPDATE
+    USING (is_customer() AND user_id = auth.uid());
+
+-- INVITATIONS POLICIES
+CREATE POLICY "invitations_select_admin_manager" ON invitations
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "invitations_select_staff" ON invitations
+    FOR SELECT
+    USING (is_staff_or_higher());
+
+CREATE POLICY "invitations_select_own" ON invitations
+    FOR SELECT
+    USING (is_customer() AND inviter_id = (SELECT id FROM customers WHERE user_id = auth.uid()));
+
+CREATE POLICY "invitations_modify_admin_manager" ON invitations
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "invitations_modify_staff" ON invitations
+    FOR ALL
+    USING (is_staff_or_higher());
+
+-- BOOKINGS POLICIES
+CREATE POLICY "bookings_select_admin_manager" ON bookings
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "bookings_select_staff_location" ON bookings
+    FOR SELECT
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = bookings.location_id
+        )
+    );
+
+CREATE POLICY "bookings_select_artist_own" ON bookings
+    FOR SELECT
+    USING (
+        is_artist() AND
+        (staff_id = (SELECT id FROM staff WHERE user_id = auth.uid()) OR
+         secondary_artist_id = (SELECT id FROM staff WHERE user_id = auth.uid()))
+    );
+
+CREATE POLICY "bookings_select_own" ON bookings
+    FOR SELECT
+    USING (is_customer() AND customer_id = (SELECT id FROM customers WHERE user_id = auth.uid()));
+
+CREATE POLICY "bookings_modify_admin_manager" ON bookings
+    FOR ALL
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "bookings_modify_staff_location" ON bookings
+    FOR ALL
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM staff s WHERE s.user_id = auth.uid() AND s.location_id = bookings.location_id
+        )
+    );
+
+CREATE POLICY "bookings_no_modify_artist" ON bookings
+    FOR ALL
+    USING (NOT is_artist());
+
+CREATE POLICY "bookings_create_own" ON bookings
+    FOR INSERT
+    WITH CHECK (
+        is_customer() AND
+        customer_id = (SELECT id FROM customers WHERE user_id = auth.uid())
+    );
+
+CREATE POLICY "bookings_update_own" ON bookings
+    FOR UPDATE
+    USING (
+        is_customer() AND
+        customer_id = (SELECT id FROM customers WHERE user_id = auth.uid())
+    );
+
+-- AUDIT LOGS POLICIES
+CREATE POLICY "audit_logs_select_admin_manager" ON audit_logs
+    FOR SELECT
+    USING (get_current_user_role() IN ('admin', 'manager'));
+
+CREATE POLICY "audit_logs_select_staff_location" ON audit_logs
+    FOR SELECT
+    USING (
+        is_staff_or_higher() AND
+        EXISTS (
+            SELECT 1 FROM bookings b
+            JOIN staff s ON s.user_id = auth.uid()
+            WHERE b.id = audit_logs.entity_id
+            AND b.location_id = s.location_id
+        )
+    );
+
+CREATE POLICY "audit_logs_no_insert" ON audit_logs
+    FOR INSERT
+    WITH CHECK (false);
+
+-- ============================================
+-- BEGIN MIGRATION 003: AUDIT TRIGGERS
+-- ============================================
+
+-- SHORT ID GENERATOR
+CREATE OR REPLACE FUNCTION generate_short_id()
+RETURNS VARCHAR(6) AS $$
+DECLARE
+    chars VARCHAR(36) := '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    short_id VARCHAR(6);
+    attempts INT := 0;
+    max_attempts INT := 10;
+BEGIN
+    LOOP
+        short_id := '';
+        FOR i IN 1..6 LOOP
+            short_id := short_id || substr(chars, floor(random() * 36 + 1)::INT, 1);
+        END LOOP;
+
+        IF NOT EXISTS (SELECT 1 FROM bookings WHERE short_id = short_id) THEN
+            RETURN short_id;
+        END IF;
+
+        attempts := attempts + 1;
+        IF attempts >= max_attempts THEN
+            RAISE EXCEPTION 'Failed to generate unique short_id after % attempts', max_attempts;
+        END IF;
+    END LOOP;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- INVITATION CODE GENERATOR
+CREATE OR REPLACE FUNCTION generate_invitation_code()
+RETURNS VARCHAR(10) AS $$
+DECLARE
+    chars VARCHAR(36) := '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    code VARCHAR(10);
+    attempts INT := 0;
+    max_attempts INT := 10;
+BEGIN
+    LOOP
+        code := '';
+        FOR i IN 1..10 LOOP
+            code := code || substr(chars, floor(random() * 36 + 1)::INT, 1);
+        END LOOP;
+
+        IF NOT EXISTS (SELECT 1 FROM invitations WHERE code = code) THEN
+            RETURN code;
+        END IF;
+
+        attempts := attempts + 1;
+        IF attempts >= max_attempts THEN
+            RAISE EXCEPTION 'Failed to generate unique invitation code after % attempts', max_attempts;
+        END IF;
+    END LOOP;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- WEEK FUNCTIONS
+CREATE OR REPLACE FUNCTION get_week_start(date_param DATE DEFAULT CURRENT_DATE)
+RETURNS DATE AS $$
+BEGIN
+    RETURN date_param - (EXTRACT(ISODOW FROM date_param)::INT - 1);
+END;
+$$ LANGUAGE plpgsql IMMUTABLE;
+
+-- WEEKLY INVITATION RESET
+CREATE OR REPLACE FUNCTION reset_weekly_invitations_for_customer(customer_uuid UUID)
+RETURNS INTEGER AS $$
+DECLARE
+    week_start DATE;
+    invitations_remaining INTEGER := 5;
+    invitations_created INTEGER := 0;
+BEGIN
+    week_start := get_week_start(CURRENT_DATE);
+
+    SELECT COUNT(*) INTO invitations_created
+    FROM invitations
+    WHERE inviter_id = customer_uuid
+    AND week_start_date = week_start;
+
+    IF invitations_created = 0 THEN
+        INSERT INTO invitations (inviter_id, code, week_start_date, expiry_date, status)
+        SELECT
+            customer_uuid,
+            generate_invitation_code(),
+            week_start,
+            week_start + INTERVAL '6 days',
+            'pending'
+        FROM generate_series(1, 5);
+
+        invitations_created := 5;
+
+        INSERT INTO audit_logs (
+            entity_type,
+            entity_id,
+            action,
+            old_values,
+            new_values,
+            performed_by,
+            performed_by_role,
+            metadata
+        )
+        VALUES (
+            'invitations',
+            customer_uuid,
+            'reset_invitations',
+            '{"week_start": null}'::JSONB,
+            '{"week_start": "' || week_start || '", "count": 5}'::JSONB,
+            NULL,
+            'system',
+            '{"reset_type": "weekly", "invitations_created": 5}'::JSONB
+        );
+    END IF;
+
+    RETURN invitations_created;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION reset_all_weekly_invitations()
+RETURNS JSONB AS $$
+DECLARE
+    customers_count INTEGER := 0;
+    invitations_created INTEGER := 0;
+    result JSONB;
+    customer_record RECORD;
+BEGIN
+    FOR customer_record IN
+        SELECT id FROM customers WHERE tier = 'gold' AND is_active = true
+    LOOP
+        invitations_created := invitations_created + reset_weekly_invitations_for_customer(customer_record.id);
+        customers_count := customers_count + 1;
+    END LOOP;
+
+    result := jsonb_build_object(
+        'customers_processed', customers_count,
+        'invitations_created', invitations_created,
+        'executed_at', NOW()::TEXT
+    );
+
+    INSERT INTO audit_logs (
+        entity_type,
+        entity_id,
+        action,
+        old_values,
+        new_values,
+        performed_by,
+        performed_by_role,
+        metadata
+    )
+    VALUES (
+        'invitations',
+        uuid_generate_v4(),
+        'reset_invitations',
+        '{}'::JSONB,
+        result,
+        NULL,
+        'system',
+        '{"reset_type": "weekly_batch"}'::JSONB
+    );
+
+    RETURN result;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- AUDIT LOG TRIGGER FUNCTION
+CREATE OR REPLACE FUNCTION log_audit()
+RETURNS TRIGGER AS $$
+DECLARE
+    current_user_role_val user_role;
+BEGIN
+    current_user_role_val := get_current_user_role();
+
+    IF TG_TABLE_NAME IN ('bookings', 'customers', 'invitations', 'staff', 'services') THEN
+        IF TG_OP = 'INSERT' THEN
+            INSERT INTO audit_logs (
+                entity_type,
+                entity_id,
+                action,
+                old_values,
+                new_values,
+                performed_by,
+                performed_by_role,
+                metadata
+            )
+            VALUES (
+                TG_TABLE_NAME,
+                NEW.id,
+                'create',
+                NULL,
+                row_to_json(NEW)::JSONB,
+                auth.uid(),
+                current_user_role_val,
+                jsonb_build_object('operation', TG_OP, 'table_name', TG_TABLE_NAME)
+            );
+        ELSIF TG_OP = 'UPDATE' THEN
+            IF NEW IS DISTINCT FROM OLD THEN
+                INSERT INTO audit_logs (
+                    entity_type,
+                    entity_id,
+                    action,
+                    old_values,
+                    new_values,
+                    performed_by,
+                    performed_by_role,
+                    metadata
+                )
+                VALUES (
+                    TG_TABLE_NAME,
+                    NEW.id,
+                    'update',
+                    row_to_json(OLD)::JSONB,
+                    row_to_json(NEW)::JSONB,
+                    auth.uid(),
+                    current_user_role_val,
+                    jsonb_build_object('operation', TG_OP, 'table_name', TG_TABLE_NAME)
+                );
+            END IF;
+        ELSIF TG_OP = 'DELETE' THEN
+            INSERT INTO audit_logs (
+                entity_type,
+                entity_id,
+                action,
+                old_values,
+                new_values,
+                performed_by,
+                performed_by_role,
+                metadata
+            )
+            VALUES (
+                TG_TABLE_NAME,
+                OLD.id,
+                'delete',
+                row_to_json(OLD)::JSONB,
+                NULL,
+                auth.uid(),
+                current_user_role_val,
+                jsonb_build_object('operation', TG_OP, 'table_name', TG_TABLE_NAME)
+            );
+        END IF;
+    END IF;
+
+    IF TG_OP = 'DELETE' THEN
+        RETURN OLD;
+    ELSE
+        RETURN NEW;
+    END IF;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- APPLY AUDIT LOG TRIGGERS
+CREATE TRIGGER audit_bookings AFTER INSERT OR UPDATE OR DELETE ON bookings
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_customers AFTER INSERT OR UPDATE OR DELETE ON customers
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_invitations AFTER INSERT OR UPDATE OR DELETE ON invitations
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_staff AFTER INSERT OR UPDATE OR DELETE ON staff
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+CREATE TRIGGER audit_services AFTER INSERT OR UPDATE OR DELETE ON services
+    FOR EACH ROW EXECUTE FUNCTION log_audit();
+
+-- AUTOMATIC SHORT ID GENERATION FOR BOOKINGS
+CREATE OR REPLACE FUNCTION generate_booking_short_id()
+RETURNS TRIGGER AS $$
+BEGIN
+    IF NEW.short_id IS NULL OR NEW.short_id = '' THEN
+        NEW.short_id := generate_short_id();
+    END IF;
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+CREATE TRIGGER booking_generate_short_id BEFORE INSERT ON bookings
+    FOR EACH ROW EXECUTE FUNCTION generate_booking_short_id();
+
+-- ============================================
+-- VERIFICATION
+-- ============================================
+
+DO $$
+BEGIN
+    RAISE NOTICE '===========================================';
+    RAISE NOTICE 'SALONOS - DATABASE MIGRATION COMPLETED';
+    RAISE NOTICE '===========================================';
+    RAISE NOTICE '✅ Tables created: 8';
+    RAISE NOTICE '✅ Functions created: 14';
+    RAISE NOTICE '✅ Triggers active: 17+';
+    RAISE NOTICE '✅ RLS policies configured: 20+';
+    RAISE NOTICE '✅ ENUM types created: 6';
+    RAISE NOTICE '===========================================';
+    RAISE NOTICE 'NEXT STEPS:';
+    RAISE NOTICE '1. Configure Auth in Supabase Dashboard';
+    RAISE NOTICE '2. Create test users with specific roles';
+    RAISE NOTICE '3. Test Short ID generation:';
+    RAISE NOTICE '   SELECT generate_short_id();';
+    RAISE NOTICE '4. Test invitation code generation:';
+    RAISE NOTICE '   SELECT generate_invitation_code();';
+    RAISE NOTICE '5. Verify tables:';
+    RAISE NOTICE '   SELECT table_name FROM information_schema.tables';
+    RAISE NOTICE '   WHERE table_schema = ''public'' ORDER BY table_name;';
+    RAISE NOTICE '===========================================';
+END
+$$;

db/migrations/README.md

@@ -0,0 +1,127 @@
+# SalonOS - Database Migrations
+
+Este directorio contiene todas las migraciones de base de datos para Supabase.
+
+## Orden de Ejecución
+
+Las migraciones deben ejecutarse en orden numérico:
+
+1. **001_initial_schema.sql**
+   - Crea todas las tablas del sistema
+   - Define tipos ENUM (roles, tiers, estados)
+   - Crea índices y constraints
+   - Implementa el sistema "Doble Capa" (Staff + Recurso)
+
+2. **002_rls_policies.sql**
+   - Habilita Row Level Security
+   - Define políticas de acceso por rol
+   - **Restricción crítica**: Artist solo ve nombre+notas de customers
+   - Jerarquía de roles: Admin > Manager > Staff > Artist > Customer
+
+3. **003_audit_triggers.sql**
+   - Generador de Short ID (6 caracteres, collision-safe)
+   - Funciones de reset semanal de invitaciones
+   - Triggers de auditoría automática
+   - Generación automática de invitation codes
+
+## Ejecución Manual
+
+### Vía Supabase Dashboard
+
+1. Ir a SQL Editor
+2. Copiar y ejecutar cada migración en orden
+3. Verificar que no haya errores
+
+### Vía CLI
+
+```bash
+# Instalar Supabase CLI si no está instalado
+npm install -g supabase
+
+# Login
+supabase login
+
+# Ejecutar migración
+supabase db push --db-url="postgresql://user:pass@host:port/db"
+
+# O para ejecutar archivo específico
+psql $DATABASE_URL -f db/migrations/001_initial_schema.sql
+```
+
+## Notas Importantes
+
+### UTC-First
+Todos los timestamps se almacenan en UTC. La conversión a zona horaria local ocurre solo en:
+- Frontend (The Boutique / The HQ)
+- Notificaciones (WhatsApp / Email)
+
+### Sistema Doble Capa
+El sistema valida disponibilidad en dos niveles:
+1. **Staff/Artist**: Horario laboral + Google Calendar
+2. **Recurso**: Disponibilidad de estación física
+
+### Reset Semanal de Invitaciones
+- Ejecutado automáticamente cada Lunes 00:00 UTC
+- Solo para clientes Tier Gold
+- Cada cliente recibe 5 invitaciones nuevas
+- Proceso idempotente y auditado
+
+### Privacidad de Datos
+- **Artist**: NO puede ver `email` ni `phone` de customers
+- **Staff/Manager/Admin**: Pueden ver PII de customers
+- Todas las consultas de Artist a `customers` están filtradas por RLS
+
+## Verificación de Migraciones
+
+```sql
+-- Verificar tablas creadas
+SELECT table_name FROM information_schema.tables
+WHERE table_schema = 'public'
+ORDER BY table_name;
+
+-- Verificar funciones creadas
+SELECT routine_name FROM information_schema.routines
+WHERE routine_schema = 'public'
+ORDER BY routine_name;
+
+-- Verificar triggers activos
+SELECT trigger_name, event_object_table
+FROM information_schema.triggers
+WHERE trigger_schema = 'public'
+ORDER BY event_object_table, trigger_name;
+
+-- Verificar políticas RLS
+SELECT schemaname, tablename, policyname, permissive, roles, cmd, qual, with_check
+FROM pg_policies
+WHERE schemaname = 'public'
+ORDER BY tablename, policyname;
+```
+
+## Troubleshooting
+
+### Error: "relation already exists"
+Una tabla ya existe. Verificar si la migración anterior falló parcialmente.
+
+### Error: "must be owner of table"
+Necesitas permisos de superusuario o owner de la tabla.
+
+### Error: RLS no funciona
+Verificar que:
+1. RLS está habilitado en la tabla (`ALTER TABLE table_name ENABLE ROW LEVEL SECURITY`)
+2. El usuario tiene un rol asignado en `staff` o `customers`
+3. Las políticas están correctamente definidas
+
+## Próximos Migraciones
+
+Las futuras migraciones incluirán:
+- Integración con Stripe (webhook processing tables)
+- Integración con Google Calendar (sync tables)
+- Notificaciones WhatsApp (queue tables)
+- Storage buckets para The Vault
+
+## Contacto
+
+Para dudas sobre las migraciones, consultar:
+- PRD.md: Reglas de negocio
+- TASKS.md: Plan de ejecución
+- AGENTS.md: Roles y responsabilidades

db/migrations/full_migration.sql

@@ -0,0 +1,114 @@
+-- ============================================
+-- SALONOS - FULL DATABASE MIGRATION
+-- ============================================
+-- Ejecuta todas las migraciones en orden
+-- Fecha: 2026-01-15
+-- ============================================
+
+-- Ejecutar cada migración en orden:
+-- 1. 001_initial_schema.sql
+-- 2. 002_rls_policies.sql
+-- 3. 003_audit_triggers.sql
+
+-- Para ejecutar desde psql:
+-- psql $DATABASE_URL -f db/migrations/001_initial_schema.sql
+-- psql $DATABASE_URL -f db/migrations/002_rls_policies.sql
+-- psql $DATABASE_URL -f db/migrations/003_audit_triggers.sql
+
+-- O ejecutar este archivo completo:
+-- psql $DATABASE_URL -f db/migrations/full_migration.sql
+
+-- ============================================
+-- BEGIN MIGRATION 001
+-- ============================================
+\i db/migrations/001_initial_schema.sql
+
+-- ============================================
+-- BEGIN MIGRATION 002
+-- ============================================
+\i db/migrations/002_rls_policies.sql
+
+-- ============================================
+-- BEGIN MIGRATION 003
+-- ============================================
+\i db/migrations/003_audit_triggers.sql
+
+-- ============================================
+-- VERIFICATION QUERIES
+-- ============================================
+
+-- Verificar tablas creadas
+DO $$
+DECLARE
+    table_count INTEGER;
+BEGIN
+    SELECT COUNT(*) INTO table_count
+    FROM information_schema.tables
+    WHERE table_schema = 'public'
+    AND table_name IN ('locations', 'resources', 'staff', 'services', 'customers', 'invitations', 'bookings', 'audit_logs');
+
+    RAISE NOTICE '✅ Tablas creadas: % de 8 esperadas', table_count;
+END
+$$;
+
+-- Verificar funciones creadas
+DO $$
+DECLARE
+    func_count INTEGER;
+BEGIN
+    SELECT COUNT(*) INTO func_count
+    FROM information_schema.routines
+    WHERE routine_schema = 'public'
+    AND routine_name IN ('generate_short_id', 'generate_invitation_code', 'reset_weekly_invitations_for_customer', 'reset_all_weekly_invitations', 'log_audit', 'get_current_user_role', 'is_staff_or_higher', 'is_artist', 'is_customer', 'is_admin', 'update_updated_at', 'generate_booking_short_id', 'get_week_start');
+
+    RAISE NOTICE '✅ Funciones creadas: % de 13 esperadas', func_count;
+END
+$$;
+
+-- Verificar triggers activos
+DO $$
+DECLARE
+    trigger_count INTEGER;
+BEGIN
+    SELECT COUNT(*) INTO trigger_count
+    FROM information_schema.triggers
+    WHERE trigger_schema = 'public';
+
+    RAISE NOTICE '✅ Triggers activos: % (se esperan múltiples)', trigger_count;
+END
+$$;
+
+-- Verificar políticas RLS
+DO $$
+DECLARE
+    policy_count INTEGER;
+BEGIN
+    SELECT COUNT(*) INTO policy_count
+    FROM pg_policies
+    WHERE schemaname = 'public';
+
+    RAISE NOTICE '✅ Políticas RLS: % (se esperan múltiples)', policy_count;
+END
+$$;
+
+-- Verificar tipos ENUM
+DO $$
+DECLARE
+    enum_count INTEGER;
+BEGIN
+    SELECT COUNT(*) INTO enum_count
+    FROM pg_type
+    WHERE typtype = 'e'
+    AND typname IN ('user_role', 'customer_tier', 'booking_status', 'invitation_status', 'resource_type', 'audit_action');
+
+    RAISE NOTICE '✅ Tipos ENUM: % de 6 esperados', enum_count;
+END
+$$;
+
+RAISE NOTICE '===========================================';
+RAISE NOTICE '✅ MIGRACIÓN COMPLETADA EXITOSAMENTE';
+RAISE NOTICE '===========================================';
+RAISE NOTICE 'Verificar el esquema ejecutando:';
+RAISE NOTICE '  SELECT table_name FROM information_schema.tables WHERE table_schema = ''public'' ORDER BY table_name;';
+RAISE NOTICE '  SELECT routine_name FROM information_schema.routines WHERE routine_schema = ''public'' ORDER BY routine_name;';
+RAISE NOTICE '===========================================';