feat: initial project with Phase 1 complete

.cursorrules

@@ -0,0 +1,77 @@
+# PreRegister — Cursor Rules
+
+## Project Context
+PreRegister is a Laravel 11 application for festival ticket pre-registration. Visitors can sign up on branded landing pages to get early/discounted ticket access. Subscriber data is stored locally and optionally synced to Mailwizz (email marketing platform).
+
+## Tech Stack (strict — no alternatives)
+- **Backend:** PHP 8.2+ / Laravel 11 / MySQL 8
+- **Frontend:** Blade + Tailwind CSS 3 + Alpine.js 3
+- **Auth:** Laravel Breeze (Blade stack)
+- **No:** React, Vue, Livewire, Inertia, or any JS framework
+
+## PHP Coding Standards
+- Every file starts with `declare(strict_types=1);`
+- Type hints on all method parameters, return types, and properties
+- Follow PSR-12 coding standards
+- Use `$fillable` (never `$guarded = []`) on every model
+- Use Form Request classes for validation — never validate inline in controllers
+- Controllers are thin: business logic goes in Service classes or Jobs
+- Use Laravel's `encrypted` cast for sensitive data (API keys)
+- Use `DB::transaction()` for multi-step database operations
+- No `dd()` in committed code — use `Log::` facade instead
+- Comments explain *why*, not *what*
+
+## Laravel Conventions
+- Route model binding with explicit column: `Route::get('/r/{page:slug}', ...)`
+- Policies for authorization (not inline Gate checks)
+- Blade components (`<x-component>`) for reusable UI
+- Form Requests in `app/Http/Requests/`
+- Service classes in `app/Services/`
+- Queued Jobs for external API calls (Mailwizz)
+- Config values via `config()` helper, never `env()` outside config files
+
+## Database
+- Docker MySQL on localhost:3306 (db: preregister, user: preregister, pass: preregister)
+- Use `$table->id()` (unsigned big int) for all PKs
+- UUID slugs for public-facing URLs
+- Always run `php artisan migrate` after creating/changing migrations
+- Run `php artisan migrate:fresh --seed` to reset
+
+## Frontend Guidelines
+- Tailwind utility classes — no custom CSS unless absolutely necessary
+- Alpine.js for interactivity (countdown timers, form submissions, dynamic wizard steps)
+- AJAX form submissions on public pages (return JSON, no page reloads)
+- Mobile-first responsive design
+- Public pages: full-screen background image + dark overlay + centered content card
+
+## Mailwizz API
+- Base URL: https://www.mailwizz.nl/api
+- Auth: `X-Api-Key` header
+- Send data as form-data (`Http::asForm()`)
+- Checkboxlist fields: read as comma-separated string, send as array
+- Always use `app/Services/MailwizzService.php` for API calls
+- Sync subscribers via queued job `SyncSubscriberToMailwizz`
+
+## File Structure
+- Controllers in `app/Http/Controllers/Admin/` (backend) and `app/Http/Controllers/` (public)
+- Views in `resources/views/admin/` (backend) and `resources/views/public/` (frontend)
+- Shared form partials as `_form.blade.php`
+
+## Security
+- CSRF on all forms
+- Rate limiting on public endpoints (`throttle:10,1`)
+- Never expose API keys in frontend, logs, or responses
+- Validate and restrict file uploads (image types, max size)
+- UUID slugs prevent URL enumeration
+
+## Git Commits
+Use conventional commits:
+- `feat: description` for new features
+- `fix: description` for bug fixes
+- `refactor: description` for code improvements
+- Commit after each logical unit, not after entire features
+
+## When Unsure
+- Check `PreRegister-Development-Prompt.md` in the project root — it has the full specification
+- Ask for clarification rather than guessing
+- Prefer explicit over clever