PostgreSQL 17.6+ adds random \restrict/\unrestrict tokens to pg_dump
output (CVE-2025-8714 security fix), causing schema.sql to appear
changed on every dump even when the schema hasn't changed.
These wrapper scripts run dbmate and strip the \restrict lines from
the output to keep schema.sql stable.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update API contract to use nested router structure for sessions and devices
(me.sessions.list, me.devices.getInfo, etc.)
- Update frontend Svelte components to use new nested API paths
- Fix test assertion patterns for consistency (remove async () => wrappers)
- Fix test-db.ts findRepoRoot to use existsSync for directory checking
(Bun.file().exists() returns false for directories)
- Add ESLint config override for test files to handle expect().rejects patterns
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add test:e2e:coverage script with Bun's built-in coverage support
- Create bunfig.toml with coverage configuration (text + lcov reporters)
- Fix webauthn tests to create real database sessions/login requests
instead of mock context objects that bypass auth middleware
- Add createUserAPIContext helper for cleaner test code
- Update security tests to expect NOT_FOUND when accessing other
user's passkeys
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create @reviq/utils package with PBKDF2-SHA256 password hashing
compatible with Cloudflare Workers (uses crypto.subtle)
- Update api-server and CLI to use new utils package for consistent
password hashing format across the codebase
- Add pino logging to api-server for better request debugging
- Make login request tokens cryptographically secure base58 strings
instead of database IDs
- Add migration to make login_requests.token non-nullable with unique
constraint
- Fix RPCLink URL construction for client-side API calls
- Add db:codegen script to root package.json
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create @reviq/virtual-authenticator package with cryptographically valid
WebAuthn credential generation for testing
- Add e2e tests for WebAuthn registration, authentication, passkey management
- Add unit tests for passkey-helpers and VirtualAuthenticator
- Add security tests for counter replay and tampered responses
- Configure test database environment in devenv.nix
- Add turbo.json test tasks and workspace configuration
Test results: 98 tests passing (54 virtual-authenticator, 25 e2e, 19 unit)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
ESLint:
- Add @macalinao/eslint-config and eslint to all packages/apps
- Add lint scripts to all package.json files
- Create eslint.config.js for all apps
- Add lint task to turbo.json
- Add @macalinao/eslint-config and @types/bun to catalog
Biome:
- Exclude docs/ from biome checks
CLI Reorganization:
- Restructure CLI to use route maps with one command per file
- Move commands to routes/ directory structure
- Use func property instead of async loaders
- Route maps in _command.ts files for each directory
Environment:
- Use Bun.env instead of process.env for env vars
- Add DATABASE_URL and PORT to turbo.json globalEnv
Lint Fixes:
- Fix nullish coalescing operator usage
- Update deprecated Zod API (z.email() instead of .string().email())
- Fix import sorting
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
