- Added seed-security.ts with comprehensive audit data for all 5 projects
- Real findings from actual code inspection: auth, CORS, rate limiting,
error handling, dependencies, TLS certs, infrastructure
- 35 audit entries across Hammer Dashboard, Network App, Todo App, nKode,
and Infrastructure
- Fixed unused deleteAudit import warning in SecurityPage
- Extract pure utility functions to lib/utils.ts for testability
- Add 28 unit tests covering: computeNextDueDate, resetSubtasks,
parseTaskIdentifier, validators, statusSortOrder
- Add Gitea Actions workflow (.gitea/workflows/ci.yml) that runs
tests and type checking on push/PR to main
- Refactor tasks.ts to use extracted utils
- Add better-auth to backend and frontend
- Create auth tables (users, sessions, accounts, verifications)
- Mount BetterAuth handler on /api/auth/*
- Protect GET /api/tasks with session auth
- Add login page with email/password
- Add invite route for creating users
- Add logout button to header
- Cross-subdomain cookies for .donovankelly.xyz
- Fix page title to 'Hammer Queue'
- Keep bearer token for admin mutations (separate from session auth)
- Update docker-compose with BETTER_AUTH_SECRET and COOKIE_DOMAIN
- Backend: Elysia + Bun + Drizzle ORM + PostgreSQL
- Frontend: React + Vite + TypeScript + Tailwind CSS
- Task CRUD API with bearer token auth for writes
- Public read-only dashboard with auto-refresh
- Task states: active, queued, blocked, completed, cancelled
- Reorder support for queue management
- Progress notes per task
- Docker Compose for local dev and Dokploy deployment
