Celebrity Crush PH

The Operating Thesis

Distribution friction destroys more Filipino beauty businesses than bad products. The catalog is fine. The demand is fine. What is broken is the connective tissue — the pricing logic, the order routing, the commission ledger, the role separation. Every existing tool fixes one side and breaks two others. Celebrity Crush PH is built on the inverse premise: if the system architecture handles role-aware pricing, order forwarding, and commission integrity from the schema up, the human work collapses from forty hours a week of chat threads down to a dashboard click.

What We Deploy

• Role-aware multi-tier pricing: Every product variation carries four prices — retail, wholesale, dropship, cost — and the user's authenticated role determines which one renders. A consumer never sees the dropship tier. A dropshipper never sees the cost. Enforced at the data layer, not the view layer.
• Order-forwarding fulfillment spine: Dropshippers place orders with their customer's shipping address attached. The order is tagged order_type = 'dropship' and routes to Celebrity Crush PH fulfillment automatically. Dropshippers never hold inventory — by architectural contract, forever.
• Two-level affiliate engine: 3-tier commission system (Bronze 3 percent, Silver 5 percent, Gold 7 percent), automatic tier progression based on accumulated personal sales, 1 percent fixed commission on Level 2 referrals. 30-day settlement window before a commission clears. Monthly payouts on the 15th. ₱500 minimum payout threshold.
• Anti-fraud at the schema layer: Self-referral prevention checks payment method, IP, and device fingerprint before a commission is even written. The platform refuses to record the row, not just to display it.
• Six-role RBAC under Row-Level Security: admin, manager, customer, dropshipper, wholesaler, affiliate. Each role sees only the data its policy admits. A wholesaler bypassing the UI to query the orders table still gets nothing — the database refuses.
• Approval-gated B2B onboarding: Dropshipper and wholesaler registration creates a pending account. Admin approval is required before role activation, before catalog visibility, before any order can be placed. Authenticity discipline starts at the gate.
• Real-time inventory with audit trail: Stock changes (sale, return, adjustment, restock) are logged as inventory movements with reference IDs. Low-stock thresholds trigger admin alerts. Every quantity change is reconstructible.

The Architecture

Production-grade infrastructure, deployed across two runtimes. The client is a Next.js 15 PWA running React 19 on Vercel Edge with Tailwind, Radix UI primitives, Zustand for client state, and React Hook Form plus Zod 4 for typed form validation. The API is a TypeScript Express server destined for Railway, with JWT authentication (jsonwebtoken + bcryptjs), Helmet and CORS hardening, and rate limiting on every public endpoint. Data lives in Supabase PostgreSQL with Row-Level Security on every user-data table — six roles, distinct policies, no cross-tenant reads, period. Stripe powers payments end to end (server SDK 19.1, client SDK 8.0). Nodemailer handles transactional email; Semaphore handles SMS for order status. Sharp runs image optimization. The whole stack ships under PWA contracts so the same codebase serves Android-first Filipino consumers without a separate mobile build.

What's Built (Verified 2026-05-07)

• 68 pages across the Next.js App Router — public consumer surfaces (home, catalog, product detail, cart, checkout, blog, knowledge expert, comparison, legal pages) and four authenticated dashboards (consumer, dropshipper, wholesaler, affiliate, plus admin CMS).
• 30 API route modules in the Express server covering auth, products, orders, payments (Stripe + general), dropshippers, affiliates, admin, dashboard, inventory, media, CMS, semantic search, social publishing, content blocks, design system, collaborative editing, and headless API access.
• 15 PostgreSQL migrations shipped, defining 88 cumulative CREATE TABLE operations across initial schema, CMS, affiliate program, payments and notifications, image management, dashboard real-time, and conversion-optimization layers. Row-Level Security policies on every user-data table.
• Six user roles wired end-to-end: admin, manager, customer, dropshipper, wholesaler, affiliate — each with its own dashboard surface, route guards, and pricing visibility rules.
• Investor-grade documentation: PRD authored under prd-framework v7.0 (Investor-Grade level, currently in Review). Architecture spec across 22 sections including problem translation, data architecture, security architecture, abuse modeling, and 22 architecture decision records.
• Test scaffolding deployed: Jest with Testing Library for the client, Jest plus Supertest for the server, Playwright 1.51 for end-to-end. Build verifier script (scripts/build-verifier.sh) wired for CI gates.

Regulatory Posture

• Data Privacy Act of 2012 (PH) compliant by design: PII encrypted at rest, RLS on every user-data table, deletion endpoints planned pre-launch, masked logging, 7-year retention for financial records.
• PCI-DSS handled by Stripe: The platform never sees card numbers. Payment intents are created server-side; tokenization happens in Stripe's iframe.
• FDA cosmetics compliance discipline: Every product on the catalog must have traceable sourcing — admin-curated only, no user-submitted products, no marketplace seller model in Phase 1.
• Anti-fraud as code, not policy: Affiliate self-referral blocked at the database write layer. Same payment method, IP, or device cannot be both buyer and affiliate on the same transaction.

Out of scope — by design, forever

• Dropshipper-held inventory: Dropshippers will never hold stock on this platform. Every dropship order forwards to Celebrity Crush PH fulfillment. The order-forwarding model is the moat.
• General marketplace expansion: Beauty vertical only. No fashion, no electronics, no home goods. Vertical depth before horizontal breadth — depth is what defends the authenticity guarantee.
• Unverified product listings: No user-submitted products. No marketplace seller model. Admin-curated catalog with traceable sourcing on every SKU.
• Affiliate self-referral: Same payment method, IP, or device as both buyer and affiliate is rejected at the schema layer, not flagged in a dashboard for human review.
• Consumer pricing compromise for affiliate metrics: Retail prices are not raised to fund affiliate commissions. Consumer trust is the platform's moat — funding acquisition by taxing the consumer is a one-quarter strategy.

Roadmap

• Phase 1 — MVP (current): 68 pages, 30 API route modules, 15 migrations under Row-Level Security, six user roles, Stripe payments, JWT auth, affiliate engine with 30-day settlement, dropshipper order forwarding, admin CMS. Currently in PRD Review and active build under HavenWizards 88's eight-phase governance pipeline.
• Phase 2 — Launch consolidation (Months 3–6 post-launch): AI-powered product recommendations, white-label dropshipper storefronts, social login, web push notifications, custom marketplace sync (Shopee, Lazada — no n8n), automated fraud scoring, loyalty program for consumers.
• Phase 3 — Platform expansion (Months 7–12): Native iOS and Android via React Native or Expo, multi-currency for international expansion, third-party seller marketplace model, subscription replenishment for consumable beauty SKUs, collaborative CMS editing.

Why Now

Philippine beauty e-commerce penetration is still under 15 percent versus 30 percent in regional leaders, which means the runway is the addressable market itself, not a slice of it. GCash and Maya cleared 67 percent adult adoption in 2025 — COD dependency is finally falling. DTI's enforcement of RA 11952 against counterfeit cosmetics gives a verified-channel platform a regulatory tailwind. And the Filipino beauty influencer economy is the number-one product discovery channel — ahead of search and ads — which means a structurally clean affiliate engine is not a bolt-on, it is the acquisition system. The category window is open and undefended. We are deploying into it.