- Protect `/webhook` endpoint using the `Authorization` header
- Update `README.md` with setup instructions and examples for authentication
- Warn when `WEBHOOK_SECRET` is not configured
- Add tests for valid, missing, and invalid token scenarios
- Update `docker-compose.yml` to support `WEBHOOK_SECRET` configuration
- Reflect addition of React SPA, SQLite persistence, and tag management
- Update quick start guide for backend and frontend setup
- Document full API routes and database schema
- Revise project structure for recent refactor
- Improve production and testing notes for clarity
- **fix(sql):** wrap `rows.Close` in a `defer` function to safely handle potential close errors
- **fix(api):** handle JSON encoding errors in API responses to prevent unhandled edge cases
- **docs:** correct typos and improve phrasing in `.claude/CLAUDE.md`
- **test:** add error handling for `UpdateEvent` in test cases
