- Enhanced createRegistrationOptions to look up existing users
- Added virtual-authenticator testing package
- Added WebAuthn e2e and unit tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Mark all H1-H10 auth page tasks as complete
- Add missing frontend libraries: ua-parser-js, svelte-sonner
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create @reviq/virtual-authenticator package with cryptographically valid
WebAuthn credential generation for testing
- Add e2e tests for WebAuthn registration, authentication, passkey management
- Add unit tests for passkey-helpers and VirtualAuthenticator
- Add security tests for counter replay and tampered responses
- Configure test database environment in devenv.nix
- Add turbo.json test tasks and workspace configuration
Test results: 98 tests passing (54 virtual-authenticator, 25 e2e, 19 unit)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Resolve conflicts in router.ts by adopting master's modular architecture
for me.* procedures while keeping meGet and setupProfile inline.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add me.get procedure returning user profile with needsSetup flag
- Add me.setupProfile procedure for initial profile setup after signup
- Add nonEmptyString/optionalString schema helpers with tests
- Use Web Crypto API (SubtleCrypto) for Cloudflare Workers compatibility
- Use @formatjs/intl-durationformat for duration formatting
- Remove node:crypto dependency from crypto utilities
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix silent failures: add 404 NOT_FOUND for invalid resources in
passkeysRename, revokeSession, trustDevice, untrustDevice
- Fix race condition in passkeysDelete using transaction
- Extract helper functions: requireDeviceFingerprint, defaultDeviceName
- Improve type safety in updateProfile with Kysely's Updateable<Users>
- Extract me.* procedures to separate files under procedures/me/
- Standardize naming to verb-first: listPasskeys, renamePasskey, deletePasskey
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change Session.id from number to string to match DB bigint type
- Restore me.passkeys.{list,rename,delete} nested route structure
- Remove unnecessary String() conversion in logout procedure
- Auto-formatted procedure files
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add postmark dependency and email configuration constants
- Implement sendVerificationEmail, sendPasswordResetEmail,
sendLoginConfirmationEmail, and sendOrgInviteEmail helpers
- Add HTML + text email templates with inline CSS
- Support dev mode (EMAIL_DEV_MODE=true) for console logging
- Use URL constructor for proper URL building
- Add XSS protection with HTML escaping in templates
- Create .env file with email environment variables
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add procedures/base.ts with typed os implementer and middlewares
- Refactor router to use authMiddleware and loginRequestMiddleware
- Flatten passkey routes to me.listPasskeys/createPasskey/renamePasskey/deletePasskey
- Stub admin procedures with NOT_IMPLEMENTED (to be reimplemented with superuser middleware)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Use implement(contract).$context<APIContext>() for proper type safety
in all procedure handlers. Create authMiddleware and loginRequestMiddleware
using os.middleware() and apply with .use() on routes requiring auth.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Use proper TypeScript types from @simplewebauthn/types instead of
z.any() for WebAuthn-related schemas:
- PublicKeyCredentialCreationOptionsJSON
- PublicKeyCredentialRequestOptionsJSON
- RegistrationResponseJSON
- AuthenticationResponseJSON
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Applied ast-grep rule to convert named zod imports to namespace imports
across the api-contract package for consistency.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Vite proxy to forward /api/v1/rpc to API server (port 9861)
- Create oRPC client in src/lib/api/client.ts
- Add @orpc/client and @orpc/contract dependencies
- Add @reviq/api-contract workspace dependency
- Extract DEFAULT_PORT constant to api-server/src/constants.ts
- Change API server default port from 3001 to 9861
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add biome override to allow `any` in conditional types used for
Svelte component utility types (WithoutChild, WithoutChildren).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
ESLint:
- Add @macalinao/eslint-config and eslint to all packages/apps
- Add lint scripts to all package.json files
- Create eslint.config.js for all apps
- Add lint task to turbo.json
- Add @macalinao/eslint-config and @types/bun to catalog
Biome:
- Exclude docs/ from biome checks
CLI Reorganization:
- Restructure CLI to use route maps with one command per file
- Move commands to routes/ directory structure
- Use func property instead of async loaders
- Route maps in _command.ts files for each directory
Environment:
- Use Bun.env instead of process.env for env vars
- Add DATABASE_URL and PORT to turbo.json globalEnv
Lint Fixes:
- Fix nullish coalescing operator usage
- Update deprecated Zod API (z.email() instead of .string().email())
- Fix import sorting
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add explicit type annotations for isolatedDeclarations
- Export Database type alias from db-schema
- Fix import paths and add proper type exports
- Update common schemas with better exports
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add api-server process to devenv.nix
- Add dbmate and kysely-codegen scripts
- Configure PostgreSQL with localhost listener
- Update publisher-dashboard package to @apps/publisher-dashboard
- Fix deprecated asChild prop in mobile-nav component
- Remove unused publisher-utils package
- Update bun.lock with new dependencies
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create api-server with Bun.serve:
- oRPC router with stub handlers for all procedures
- Auth middleware placeholder
- CORS configuration
- Create CLI tool with stricli:
- bootstrap command for initial superuser creation
- Placeholder commands for auth, user, org management
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Set up @tanstack/svelte-query and devtools in root layout
- Configure QueryClient with 5-minute stale time
- Update dashboard card to match Figma: regular font weight, no border
- Add .playwright-mcp to gitignore
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Overlay bars instead of positioning side by side, with transparent
hatched "Last month" bars on top of solid "This month" bars. Update
legend icons to circular. Add CLAUDE.md with dev server notes.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create reusable DashboardCard component with title and content slot
- Redesign PeakTrafficChart to match Figma design:
- Vertical bar chart showing peak hours by day of week
- Y-axis: hours (0:00 to 21:00)
- X-axis: days (Mon-Sun)
- Two data series: "This month" (solid) and "Last month" (hatched)
- Diagonal stripe pattern for last month bars using SVG
- Legend at bottom
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add build:watch script to package.json (turbo build --watch)
- Configure devenv processes:
- dev: runs turbo dev server
- build-watch: runs turbo build in watch mode
- Run with `devenv up` to start all processes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Based on Figma design, updated sidebar to feature:
- Frosted glass background with backdrop blur
- Dark gradient app icon (from-[#303035] to-[#26262c])
- Filled icons when active, stroked when inactive
- Smaller, more compact nav items (32x32px)
- Updated sidebar CSS variables for translucent colors
- Added glass utility classes for backdrop blur effects
- User avatar at bottom with gradient background
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Two-column layout: dark branding panel (left) and login form (right)
- Responsive design with mobile logo visible on small screens
- Social login buttons (Google, GitHub)
- Loading state with spinner animation
- Uses shadcn-svelte Input and Label components
- Separate layout to bypass dashboard wrapper
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Keep sidebar full-height at left edge while constraining the main
content area to max-w-7xl centered.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The root +layout.svelte had max-w-7xl and mx-auto which constrained
the entire app to 1280px centered. Removed to allow full-width layout
where sidebar extends to the left edge of the viewport.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
