H1: Add verifyScriptAccess/verifyRevisionAccess to all 14 revisions endpoints
H2: Add verifyProjectAccess to listScripts and searchScripts
M2: Add cascade delete for projectMembers on project deletion
M4: Replace plain Error throws with TRPCError for consistent error handling
M5: Use crypto.randomUUID for team ID generation (was Date.now + Math.random)
L1: Add 100KB content size limit on revision content
L2: Add unique constraint to script slug column
L3: Update hasProjectAccess middleware to check project membership
- clerk-provider.tsx: typed Clerk event listener with type guards
(isClerkUserEvent, isClerkSignOutEvent) instead of (event as any)
- service.ts: fixed signal propagation timing in updateProject,
addCollaborator, removeCollaborator — capture updated project inside
setProjects callback instead of reading stale signal after mutation
- TeamManagement.tsx: added useAuth import and getAuthToken helper to
replace raw localStorage reads; auth context now available in components
- ProjectForm.tsx: added explicit null check on auth().user before
accessing .id, replacing unsafe non-null assertion
- Updated router.ts middleware for Clerk authentication
- Modified test contexts to use clerkUserId
- Added team tables to test schema
- Updated WaitlistForm and waitlist page
- Created src/server/trpc/ parallel structure
All 258 tests pass. Ready for Security Reviewer.
- Register service worker for offline caching (app shell + API responses)
- Link manifest.json in index.html with updated theme colors
- Update manifest start_url to /app/dashboard for PWA experience
- Add comprehensive team management CSS with responsive breakpoints
- Add alert, loading, and danger button styles
- Mobile-first responsive layout for team list and detail views
- Replace mock data with tRPC API calls for team CRUD operations
- Add TeamList view with fetch, create, and delete teams
- Add TeamDetail view with member management (list, invite, update role, remove, leave)
- Use solid-js <For> for proper keyed list rendering
- Add loading/error states and confirmation dialogs
- Use @tanstack/react-query for data fetching and cache invalidation
Create analytics-router.ts with ~30 tRPC endpoints for KPI management, alert
rules, scheduled reports, cohort analysis, and NPS survey integration.
Register router in index.ts under 'analytics' namespace. Fix pre-existing
bugs in service files: snake_case to camelCase conversion, missing non-null
assertions, and incorrect DB access patterns.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Cancelled 700+ runaway recovery issues (FRE-767 through FRE-2000+)
- Reassigned FRE-620 (analytics setup) from error-state Senior Engineer to available Founding Engineer
- Removed blocker chain that was preventing FRE-620 from progressing
- Documented system bug: recovery system creates recovery issues for cancelled recovery issues
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Export teams, teamMembers, projectMembers from schema index barrel
- Add missing FK: cohortMembers.userId → users.id
- Add missing FK: alerts.acknowledgedBy → users.id
- Update seed.ts to match current schema (characters/scenes use projectId, not scriptId)
- Created KPIDashboard component with tab navigation (product/acquisition/revenue/report)
- Created MixpanelPanel for product KPIs linking to Mixpanel
- Created GA4Panel for acquisition KPIs linking to GA4
- Created StripePanel for revenue KPIs linking to Stripe dashboard
- Created UnifiedReport with KPI thresholds table and reporting schedule
- Added KPI dashboard route (/app/kpi) and sidebar navigation link
- Added KPI dashboard CSS styles (metric cards, tabs, table, info cards)
- Fixed pre-existing parse errors in Faq.tsx (unescaped apostrophes)
- Fixed pre-existing CSS import paths in routes.tsx
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Created waitlist_signups and waitlist_events tables
- Supports email, name, source tracking, and status management
- Enables VIP supporter list for Product Hunt launch
- Migration 0002_chemical_shocker.sql generated
- Fixed brand color in product-hunt-assets-brief.md (#518ac8)
- Fix snapshot restore to properly copy text and map content from Yjs docs
- Fix concurrent edit sync to use delta-based updates instead of full state
- Fix delete operation test with correct position offset
- Add selection and lastActive fields to CursorPosition interface
- Fix updateSelection to propagate selection to cursor object
- Fix idle detection test by manually setting lastActivityTime
- Fix batcher test expectations for auto-flush behavior
- Fix undo/redo test with correct captureTimeout setting
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add Clerk token verification to tRPC context (server/trpc/index.ts)
- Remove client-controlled authorId/reviewedById from revisions router
- Require JWT_SECRET environment variable, remove hardcoded fallback
- Add table name validation to prevent SQL injection in backup logic
- Fix TRPCContext type to use better-sqlite3 instead of LibSQL
- Update revisions router tests to use proper tRPC v11+ API
- Add resetInMemoryState function for test isolation
Security fixes address:
- Critical: Authentication bypass via missing token verification
- Critical: User impersonation via client-controlled IDs
- High: Insecure WebSocket defaults with hardcoded secrets
- High: SQL injection vulnerability in backup logic
All tests passing (24/24).
- Fixed memory leak in PresenceManager: event handlers now use bound methods
so they can be properly removed in shutdown()
- Removed auth token from URL query parameters (security: prevents token leakage
to server logs and browser history)
- Fixed TypeScript errors: corrected WebsocketProvider import, removed unsupported
send() calls, fixed type mismatches in presence callbacks
- All collaboration module files now type-check successfully
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Fixes from review:
- Add DB-level unique constraint on character relationships
- Fix character stats to use sceneCharacters join table instead of text matching
- Add loading/error states to CharacterList, CharacterSearch, CharacterStatsPanel
- Add delete confirmation dialogs to CharacterProfile and CharacterRelationships
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add full character management system with enriched profiles (bio, traits,
arcs, motivation, conflict, secrets), relationship mapping between
characters with types and strength, character search/filter by role and
arc type, and character statistics (scene count, dialogue, screen time).
Includes database schema, tRPC router procedures, SolidJS components,
API hooks, and unit tests.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- types.ts: Screenplay element types, template configs, and interfaces
- format.ts: Auto-formatting engine with Standard, Sitcom, Podcast templates
- detect.ts: Element detection (scene headings, transitions, characters, parentheticals)
- ScreenplayEditor.tsx: Editor component with keyboard shortcuts and live formatting
- PreviewPanel.tsx: Real-time formatting preview panel
- detect.test.ts: 19 tests for element detection
- format.test.ts: 15 tests for formatting engine and templates
- Fixed transition regex to handle periods and other terminators
- All 34 tests passing
- Create TypeScript and Vite configuration for SolidJS
- Implement Yjs document structure for screenplay collaboration
- Build WebSocket connection manager with exponential backoff reconnection
- Create CRDT document manager with undo/redo support
- Set up WebSocket sync server with JWT authentication
- Add SolidJS reactive bindings for Yjs shared types
- Build collaborative editor component
- Write unit tests for CRDT operations
- Document implementation in analysis/fre600_websocket_foundation.md
Architecture: Yjs chosen over Automerge for better ecosystem and
Tauri compatibility. WebSocket for sync, WebRTC for video.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
