- Rate limiting middleware: 100/min global, 5/min auth, 10/min AI endpoints
- Tags CRUD API: list with counts, rename, delete, merge across all clients
- Onboarding: added onboardingComplete field to userProfiles schema
- Profile routes: GET /onboarding-status, POST /complete-onboarding
- Clients pagination: page/limit query params with backwards-compatible response
- New audit_logs table for compliance tracking
- Audit logging service with helper functions
- GET /api/audit-logs endpoint (admin only, with filters)
- Communication style JSONB field on userProfiles
- GET/PATCH /api/profile/communication-style endpoints
- AI meeting prep: GET /api/clients/:id/meeting-prep
- AI email generation now incorporates communication style
- Password change audit logging
- 56 passing tests (21 new)
- Email templates: CRUD API with categories, placeholders ({{firstName}}, etc.), usage tracking, default per category
- Client segments: save filtered views with multi-criteria filters (stage, tags, industry, city, state, contact dates, email/phone presence)
- Segment preview: test filters before saving, returns matching client list
- Filter options: GET /api/segments/filter-options returns unique values for all filterable fields
- New tables: email_templates, client_segments (auto-created via db:push)
- Added 'stage' column to clients (lead/prospect/onboarding/active/inactive)
- New client_notes table with CRUD API at /clients/:id/notes
- Notes support pinning, editing, and deletion
- Stage field in create/update client endpoints
- Fixed flaky email test (env var interference)
- POST /api/clients/import/preview - CSV preview with auto column mapping
- POST /api/clients/import - Import clients from CSV with custom mapping
- GET /api/clients/:id/activity - Activity timeline for client
- GET /api/insights - Dashboard AI insights (stale clients, birthdays, follow-ups)
- /api/network/matches: find all client matches with scoring
- /api/network/matches/:clientId: matches for a specific client
- /api/network/intro: AI-generated introduction suggestions
- /api/network/stats: network analytics (industries, locations, connectors)
- Rule-based scoring: industry, interests, location, tags, complementary roles
- Smart filtering: same company detection, related industry groups
signUpEmail throws when disableSignUp is true. Now catches that error
and creates the user directly via Better Auth's internal adapter:
createUser + linkAccount with hashed password.
- Add bearer plugin to BetterAuth for mobile auth
- Auto-sync birthday/anniversary events on client create/update
- Add /api/events/sync-all endpoint for bulk sync
- Add test user seed (test@test.com / test)
- Expose set-auth-token header in CORS
