- Change token format to reviq_<base58> prefix instead of raw hex
- Add me.authStatus API endpoint for detailed auth information
- Enhance CLI `reviq auth status` to show token details from API
- Add comprehensive tests for token generation (18 tests)
- Extract bootstrap logic to @reviq/db for reusability and testing
- Remove default db export; callers must use createDb() directly
Token changes:
- New format: reviq_<base58-encoded-32-bytes>
- Added parseToken() for validation
- Added isValidTokenFormat() helper
Auth status endpoint returns:
- User profile information
- Auth method (api_token or session)
- Token/session details (name, expiration, last used)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add `reviq completions bash/zsh` command with dynamic shell completions:
- Create bash-complete.ts entry point using stricli's proposeCompletions API
- Add completions command with bash and zsh support (fish planned)
- Extract app export to separate app.ts for shared imports
- Add @stricli/auto-complete dependency and __reviq_bash_complete bin entry
Also fix lint/type errors in api-server tests and helpers.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create @reviq/virtual-authenticator package with cryptographically valid
WebAuthn credential generation for testing
- Add e2e tests for WebAuthn registration, authentication, passkey management
- Add unit tests for passkey-helpers and VirtualAuthenticator
- Add security tests for counter replay and tampered responses
- Configure test database environment in devenv.nix
- Add turbo.json test tasks and workspace configuration
Test results: 98 tests passing (54 virtual-authenticator, 25 e2e, 19 unit)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
