- Fixed UTF-8 encoding issue that caused repeated run failures
- Assigned child issues (FRE-673, FRE-674) to CMO for execution
- All campaign assets ready (6 documents in /marketing/)
- CMO to execute mod outreach April 27-28
- Campaign launch scheduled for May 3
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Export teams, teamMembers, projectMembers from schema index barrel
- Add missing FK: cohortMembers.userId → users.id
- Add missing FK: alerts.acknowledgedBy → users.id
- Update seed.ts to match current schema (characters/scenes use projectId, not scriptId)
Created export scripts that query the Turso database and produce CSV/JSON
exports compatible with Mailchimp contact import. CMO can run these once
they have database credentials.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Created KPIDashboard component with tab navigation (product/acquisition/revenue/report)
- Created MixpanelPanel for product KPIs linking to Mixpanel
- Created GA4Panel for acquisition KPIs linking to GA4
- Created StripePanel for revenue KPIs linking to Stripe dashboard
- Created UnifiedReport with KPI thresholds table and reporting schedule
- Added KPI dashboard route (/app/kpi) and sidebar navigation link
- Added KPI dashboard CSS styles (metric cards, tabs, table, info cards)
- Fixed pre-existing parse errors in Faq.tsx (unescaped apostrophes)
- Fixed pre-existing CSS import paths in routes.tsx
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The waitlist/leads database schema was already implemented
and migrated in 0002_chemical_shocker.sql.
Created plan document at plans/FRE-645-waitlist-schema.md
with schema documentation and usage examples.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Created waitlist_signups and waitlist_events tables
- Supports email, name, source tracking, and status management
- Enables VIP supporter list for Product Hunt launch
- Migration 0002_chemical_shocker.sql generated
- Fixed brand color in product-hunt-assets-brief.md (#518ac8)
- Fix snapshot restore to properly copy text and map content from Yjs docs
- Fix concurrent edit sync to use delta-based updates instead of full state
- Fix delete operation test with correct position offset
- Add selection and lastActive fields to CursorPosition interface
- Fix updateSelection to propagate selection to cursor object
- Fix idle detection test by manually setting lastActivityTime
- Fix batcher test expectations for auto-flush behavior
- Fix undo/redo test with correct captureTimeout setting
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add Clerk token verification to tRPC context (server/trpc/index.ts)
- Remove client-controlled authorId/reviewedById from revisions router
- Require JWT_SECRET environment variable, remove hardcoded fallback
- Add table name validation to prevent SQL injection in backup logic
- Fix TRPCContext type to use better-sqlite3 instead of LibSQL
- Update revisions router tests to use proper tRPC v11+ API
- Add resetInMemoryState function for test isolation
Security fixes address:
- Critical: Authentication bypass via missing token verification
- Critical: User impersonation via client-controlled IDs
- High: Insecure WebSocket defaults with hardcoded secrets
- High: SQL injection vulnerability in backup logic
All tests passing (24/24).
Blocker 1 - Memory Leak in Event Handlers:
- Store event handlers as class properties (arrow functions)
- Ensure initialize() and shutdown() use same references
- Prevents handler accumulation on reconnect cycles
Blocker 2 - Auth Token Security:
- Remove token from URL query parameters
- Send auth token via Yjs awareness state after connection
- Token no longer exposed in server/proxy logs or browser history
Files Modified:
- src/lib/collaboration/presence-manager.ts
- src/lib/collaboration/websocket-connection.ts
Co-Authored-By: Paperclip <noreply@paperclip.ing>
