# KYN POS — Install / Rebuild Guide

## Never commit credentials

Real credentials belong only in:

```text
inc/config.local.php
```

This file is ignored by Git and should not be shared.

## First install

1. Copy `inc/config.local.example.php` to `inc/config.local.php`.
2. Fill in database host, port, database name, user, and password.
3. Temporarily enable install in `config.local.php`.
4. Run `/public/install.php` in the browser or `php install/install.php` from CLI.
5. Disable install immediately after success.

## What the installer does

- Loads private config without printing credentials.
- Checks that the DB name is safe.
- Connects to MySQL/MariaDB without selecting the app DB.
- Creates the configured DB if missing.
- Selects the app DB.
- Applies all migration SQL files in sorted order.
- Applies all seed SQL files in sorted order.
- Creates demo location, demo staff, hashed PINs, tables, items, modifiers, stations, printers, and sync foundation data.
- Verifies required tables exist.

## Rebuild behavior

The current migrations are designed with `CREATE TABLE IF NOT EXISTS` and safe insert/update patterns where possible. Re-running the installer should not require deleting the database during early development.

During serious production usage, we should later add a formal migration tracking table, for example:

```text
pos_schema_migrations
```

That will let us track applied migrations by filename/checksum.

## cPanel note

On shared cPanel, keep the app root outside public webroot when possible and point the subdomain/document root to `/public`. If cPanel makes that difficult, use `.htaccess` and folder permissions carefully, but the safer architecture is still `/public` only.