Adds a TanStack Router error boundary to the root route so rendering errors or uncaught React Query failures show a friendly error page instead of white-screening the app. The error boundary displays a professional error message with a "Try again" button that resets state and invalidates router data.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implement in-memory rate limiter with 5 attempts per 15-minute window per IP address. Protects brute-force attacks on credential endpoints.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds parseId helper in src/server/lib/params.ts and applies it across
all route files so non-positive-integer IDs return 400 instead of
silently passing NaN to services.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The @/ alias resolves via tsconfig but not in production where
Bun runs server files directly. Use relative paths instead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Was imported in collection/index.tsx but not in package.json,
causing build failures in CI.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use Bun.serve to create a local test server instead of hitting
external URLs. Fixes flaky test in CI environments without
network access.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Exclude drizzle/ and .planning/ from Biome (generated files with
incompatible formatting). Auto-fix import ordering and formatting
in existing source files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The wizard creates categories via POST which requires auth.
Gate the wizard on isAuthenticated so users create their
account first via Sign In, then the wizard appears.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- MCP auth middleware now rejects requests without API key when users exist
- Image /from-url route distinguishes validation errors (400) from server errors (500)
- Password change route returns 401 when no session cookie instead of crashing
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Wrap existing service layer with MCP-compatible tool handlers for items,
categories, threads/candidates, setups, and image fetching. Add collection
summary resource for overview data. All 14 MCP-specific tests passing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Three independent feature specs covering:
- API endpoint for fetching images from URLs with local storage
- Public-read/authenticated-write auth with sessions and API keys
- Built-in MCP server for Claude Code/Desktop integration
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds concurrently to start both the Vite frontend and Hono backend simultaneously in one terminal via the `bun run dev` command. Also updates documentation in README.md and CLAUDE.md to reflect the new development workflow.
- Extend uiStore candidateViewMode union to include "compare" value
- Add columns-3 compare toggle button, shown only when thread has 2+ candidates
- Hide "Add Candidate" button when in compare view (read-only intent)
- Import and render ComparisonTable when candidateViewMode === "compare"
- Pass displayItems so compare view reflects any pending reorder state
- Existing list/grid views unchanged; all 135 tests pass
onPointerUp was incorrectly placed on the resolved-thread div instead
of the active-thread Reorder.Group, causing drag reorder to not persist.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add useReorderCandidates mutation hook with apiPatch to /candidates/reorder endpoint
- Add candidateViewMode (list|grid) state and setCandidateViewMode to uiStore
- Create CandidateListItem component with drag handle, rank badge, horizontal layout
- Export RankBadge helper (gold/silver/bronze medal icons for top 3)
- Add style prop support to LucideIcon component
- Add pros/cons fields to CandidateWithCategory in useThreads.ts
