- Created KPIDashboard component with tab navigation (product/acquisition/revenue/report)
- Created MixpanelPanel for product KPIs linking to Mixpanel
- Created GA4Panel for acquisition KPIs linking to GA4
- Created StripePanel for revenue KPIs linking to Stripe dashboard
- Created UnifiedReport with KPI thresholds table and reporting schedule
- Added KPI dashboard route (/app/kpi) and sidebar navigation link
- Added KPI dashboard CSS styles (metric cards, tabs, table, info cards)
- Fixed pre-existing parse errors in Faq.tsx (unescaped apostrophes)
- Fixed pre-existing CSS import paths in routes.tsx
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The waitlist/leads database schema was already implemented
and migrated in 0002_chemical_shocker.sql.
Created plan document at plans/FRE-645-waitlist-schema.md
with schema documentation and usage examples.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Created waitlist_signups and waitlist_events tables
- Supports email, name, source tracking, and status management
- Enables VIP supporter list for Product Hunt launch
- Migration 0002_chemical_shocker.sql generated
- Fixed brand color in product-hunt-assets-brief.md (#518ac8)
- Fix snapshot restore to properly copy text and map content from Yjs docs
- Fix concurrent edit sync to use delta-based updates instead of full state
- Fix delete operation test with correct position offset
- Add selection and lastActive fields to CursorPosition interface
- Fix updateSelection to propagate selection to cursor object
- Fix idle detection test by manually setting lastActivityTime
- Fix batcher test expectations for auto-flush behavior
- Fix undo/redo test with correct captureTimeout setting
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add Clerk token verification to tRPC context (server/trpc/index.ts)
- Remove client-controlled authorId/reviewedById from revisions router
- Require JWT_SECRET environment variable, remove hardcoded fallback
- Add table name validation to prevent SQL injection in backup logic
- Fix TRPCContext type to use better-sqlite3 instead of LibSQL
- Update revisions router tests to use proper tRPC v11+ API
- Add resetInMemoryState function for test isolation
Security fixes address:
- Critical: Authentication bypass via missing token verification
- Critical: User impersonation via client-controlled IDs
- High: Insecure WebSocket defaults with hardcoded secrets
- High: SQL injection vulnerability in backup logic
All tests passing (24/24).
Blocker 1 - Memory Leak in Event Handlers:
- Store event handlers as class properties (arrow functions)
- Ensure initialize() and shutdown() use same references
- Prevents handler accumulation on reconnect cycles
Blocker 2 - Auth Token Security:
- Remove token from URL query parameters
- Send auth token via Yjs awareness state after connection
- Token no longer exposed in server/proxy logs or browser history
Files Modified:
- src/lib/collaboration/presence-manager.ts
- src/lib/collaboration/websocket-connection.ts
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Fixed memory leak in PresenceManager: event handlers now use bound methods
so they can be properly removed in shutdown()
- Removed auth token from URL query parameters (security: prevents token leakage
to server logs and browser history)
- Fixed TypeScript errors: corrected WebsocketProvider import, removed unsupported
send() calls, fixed type mismatches in presence callbacks
- All collaboration module files now type-check successfully
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Replace in-memory Maps with Drizzle ORM queries for all CRUD operations
- Use integer IDs matching SQLite schema instead of UUIDs
- Fix scriptId to projectId inconsistency in characters and scenes
- Add project ownership verification on all mutation procedures
- Make getCharacter/getScene procedures protected (not public)
- Proper JWT-based userId validation via context
- Add cascade delete for characters/relationships/scenes on project deletion
- Add verifyProjectOwnership helper for authorization checks
- Rewrite tests with createCallerFactory pattern for tRPC v11
- Use better-sqlite3 for in-memory test database
- Split vitest config into separate file from vite config
Fixes from review:
- Add DB-level unique constraint on character relationships
- Fix character stats to use sceneCharacters join table instead of text matching
- Add loading/error states to CharacterList, CharacterSearch, CharacterStatsPanel
- Add delete confirmation dialogs to CharacterProfile and CharacterRelationships
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add full character management system with enriched profiles (bio, traits,
arcs, motivation, conflict, secrets), relationship mapping between
characters with types and strength, character search/filter by role and
arc type, and character statistics (scene count, dialogue, screen time).
Includes database schema, tRPC router procedures, SolidJS components,
API hooks, and unit tests.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- types.ts: Screenplay element types, template configs, and interfaces
- format.ts: Auto-formatting engine with Standard, Sitcom, Podcast templates
- detect.ts: Element detection (scene headings, transitions, characters, parentheticals)
- ScreenplayEditor.tsx: Editor component with keyboard shortcuts and live formatting
- PreviewPanel.tsx: Real-time formatting preview panel
- detect.test.ts: 19 tests for element detection
- format.test.ts: 15 tests for formatting engine and templates
- Fixed transition regex to handle periods and other terminators
- All 34 tests passing
- Create TypeScript and Vite configuration for SolidJS
- Implement Yjs document structure for screenplay collaboration
- Build WebSocket connection manager with exponential backoff reconnection
- Create CRDT document manager with undo/redo support
- Set up WebSocket sync server with JWT authentication
- Add SolidJS reactive bindings for Yjs shared types
- Build collaborative editor component
- Write unit tests for CRDT operations
- Document implementation in analysis/fre600_websocket_foundation.md
Architecture: Yjs chosen over Automerge for better ecosystem and
Tauri compatibility. WebSocket for sync, WebRTC for video.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- 22 sections: user accounts, loans, fees, collections, arbitration
- Platform fee: 1% lender origination, 2% borrower transaction
- Late fee: or 5% after 5-day grace; default at 90 days
- Delaware law, binding arbitration, class action waiver
- Full risk disclosures for peer-to-peer lending
