- Fix template literal expressions: wrap Date.now() in String()
- Add missing afterAll import in admin.test.ts
- Fix countOwners to use countAll() without misleading <number> type
- Add ast-grep rule to prevent countAll<number>() usage
- Fix formatting issues from merge conflict resolution
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create @reviq/test-helpers package with shared test utilities
- Add describeE2E helper that auto-prefixes test names with [e2e]
- Support SKIP_DB_TESTS=1 to skip database-dependent tests
- Add unix socket support for TEST_DATABASE_URL
- Add root commands: test:unit, test:all, test:cov, test:unit:cov
- Configure bunfig.toml to exclude dist/ from coverage reports
- Clean up tsconfig.json files to remove redundant settings
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update API contract to use nested router structure for sessions and devices
(me.sessions.list, me.devices.getInfo, etc.)
- Update frontend Svelte components to use new nested API paths
- Fix test assertion patterns for consistency (remove async () => wrappers)
- Fix test-db.ts findRepoRoot to use existsSync for directory checking
(Bun.file().exists() returns false for directories)
- Add ESLint config override for test files to handle expect().rejects patterns
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add test:e2e:coverage script with Bun's built-in coverage support
- Create bunfig.toml with coverage configuration (text + lcov reporters)
- Fix webauthn tests to create real database sessions/login requests
instead of mock context objects that bypass auth middleware
- Add createUserAPIContext helper for cleaner test code
- Update security tests to expect NOT_FOUND when accessing other
user's passkeys
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create @reviq/utils package with PBKDF2-SHA256 password hashing
compatible with Cloudflare Workers (uses crypto.subtle)
- Update api-server and CLI to use new utils package for consistent
password hashing format across the codebase
- Add pino logging to api-server for better request debugging
- Make login request tokens cryptographically secure base58 strings
instead of database IDs
- Add migration to make login_requests.token non-nullable with unique
constraint
- Fix RPCLink URL construction for client-side API calls
- Add db:codegen script to root package.json
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create @reviq/virtual-authenticator package with cryptographically valid
WebAuthn credential generation for testing
- Add e2e tests for WebAuthn registration, authentication, passkey management
- Add unit tests for passkey-helpers and VirtualAuthenticator
- Add security tests for counter replay and tampered responses
- Configure test database environment in devenv.nix
- Add turbo.json test tasks and workspace configuration
Test results: 98 tests passing (54 virtual-authenticator, 25 e2e, 19 unit)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
ESLint:
- Add @macalinao/eslint-config and eslint to all packages/apps
- Add lint scripts to all package.json files
- Create eslint.config.js for all apps
- Add lint task to turbo.json
- Add @macalinao/eslint-config and @types/bun to catalog
Biome:
- Exclude docs/ from biome checks
CLI Reorganization:
- Restructure CLI to use route maps with one command per file
- Move commands to routes/ directory structure
- Use func property instead of async loaders
- Route maps in _command.ts files for each directory
Environment:
- Use Bun.env instead of process.env for env vars
- Add DATABASE_URL and PORT to turbo.json globalEnv
Lint Fixes:
- Fix nullish coalescing operator usage
- Update deprecated Zod API (z.email() instead of .string().email())
- Fix import sorting
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
