222 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Benjamin Admin	6626d2a8f9	fix(pitch-deck): fix ReferenceError in ChatFAB breaking 2nd message ... faqMatch (undefined) → faqMatches[0]. The undefined variable caused a ReferenceError after streaming completed, which the catch block turned into "Verbindung fehlgeschlagen" for every subsequent message. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-15 00:53:42 +02:00
Benjamin Admin	3dbc470158	feat: DSFA Generator — FISA 702 Risiken bei US-Cloud-Providern ... Erkennt automatisch US-Provider (AWS, Azure, Google, Microsoft, OpenAI, Anthropic, Oracle, Amazon) und fuegt 3 Drittland-Risiken hinzu: - FISA 702 Zugriff nicht ausschliessbar - EU-Serverstandort schuetzt nicht gegen US-Rechtszugriff - Fehlende Rechtsbehelfe fuer EU-Betroffene Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-15 00:47:21 +02:00
Benjamin Admin	e5d0386cfb	feat(pitch-deck): add FISA 702 FAQ entries for investor agent ... 5 new FAQ entries covering: - FISA 702 basics (PRISM, Upstream, Schrems II) - EU cloud region myth (extraterritorial US law) - DSFA contradiction (risk acceptance vs risk elimination) - Market opportunity (structural independence) - BreakPilot architecture (BSI, SysEleven, Hetzner) Also: middleware fix to allow admin sessions on investor routes (enables chat in preview mode) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-15 00:27:47 +02:00
Benjamin Admin	ff071af2a0	fix(pitch-deck): allow admin sessions to access investor routes ... Admins in preview mode can now use /api/chat and other investor endpoints without needing a separate investor login. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-15 00:13:13 +02:00
Benjamin Admin	fcdcbc51e3	fix(pitch-deck): regulatory matrix header positioning ... - Regulatorien + Branche moved to top header row - Branche: white/70 instead of white/30 for readability - Regulatorien: indigo color instead of grey Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-14 23:59:53 +02:00
Benjamin Admin	7b8f8d4b5a	fix(pitch-deck): regulatory matrix — remove legend, stagger headers ... - Remove colored dot legend row (redundant with column headers) - Stagger column headers on 2 rows (odd/even) to save space - Last column: Reg. → Regulatorien Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-14 23:54:59 +02:00
Benjamin Admin	f385c612f5	fix(pitch-deck): regulatory matrix header alignment + labels ... - Column headers: centered text labels instead of icons - Remove colored dots from headers - Last column: # → Reg. (Regulierungen) - Consistent column width for last column Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-14 23:45:24 +02:00
Benjamin Admin	9166d9dade	fix(pitch-deck): resolve merge conflict in AIPipelineSlide — keep updated version ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-14 17:42:13 +02:00
Benjamin Admin	7ae5bc0fd5	feat(pitch-deck): overhaul AI Pipeline slide with real data ... - Hero stats: 75+ sources, 70k+ controls, 47k+ obligations - RAG tab: source categories with investor-friendly explanations (why court rulings matter, why frameworks define state of art) - Remove inflated numbers (was 110+ regulations, now accurate 75+) - Quality tab: continuous expansion, cross-regulation mapping - Remove NiBiS/education references (irrelevant for compliance) - All numbers verified against production database Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-14 17:40:27 +02:00
Sharang Parnerkar	242ed1101e	style(team): tighter card layout — equal height, equity pill, GitHub/LinkedIn detection ... - grid items-stretch so cards match height - Smaller avatar (16->64px) to free vertical space - Equity moved to a top-right pill (compact); decimals collapsed via equityDisplay() - Profile link icon auto-detects GitHub vs LinkedIn vs generic - Expertise tags get their own divider strip at card bottom — cleaner hierarchy - Card background lightened from 0.08 to 0.04 with subtle hover border Bio text itself shortened on the data side (both draft versions via admin API).	2026-04-14 16:25:37 +02:00
Sharang Parnerkar	8b2e9ac328	content(pitch-deck): tidy slide text — remove OVH, generalize issue tracker, add live support, Mac Studio option ... Solution slide: - Continuous Code Security: "Jira tickets" -> "tickets in the issue tracker of your choice" - German Cloud / Full Integration: removed OVH (now "BSI cloud DE or FR"), removed "AI task creation from audio", added "Live support via Jitsi (video) and Matrix (chat)", "Mac Mini" -> "Mac Mini/Studio" Products / Modular toolkit slide: - Regional bubble: "OVH FR" -> "FR" How It Works: - Cloud step: removed OVH and "pre-configured Mac Mini" mentions Engineering deep dive: - "Docker Containers" stat -> "Services"; "Coolify -> Hetzner" -> "orca -> Hetzner" - "Dockerfiles / Fully containerized" stat -> "Infra Components / orca (Rust) + infisical + pg + qdrant" - devopsStack: Coolify -> orca (Rust), Docker Compose -> Private Registry (registry.meghsakha.com), HashiCorp Vault -> Infisical, EU-Cloud list drops OVH - Service Architecture Infrastructure section: add orca (Rust), Infisical, Private Registry - Footer note drops OVH Chat / Presenter (consistency): - chat/route.ts system prompt: OVH removed, Jira-Integration -> Issue-Tracker-Integration - presenter-faq.ts + presenter-script.ts: OVH references removed across all answers, Jira mentioned alongside GitLab/Linear/Gitea as examples, Mac Mini -> Mac Mini/Studio Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-14 16:14:40 +02:00
Benjamin Admin	084d09e9bd	fix(pitch-deck): revert banner test text back to Draft ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-14 15:32:46 +02:00
Benjamin Admin	646143ce5a	Merge branch 'main' of ssh://gitea.meghsakha.com:22222/Benjamin_Boenisch/breakpilot-core	2026-04-14 15:20:56 +02:00
Benjamin Admin	00d802f965	test(pitch-deck): banner text Draft → Draft V1 — deployment test ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-14 15:20:41 +02:00
Sharang Parnerkar	ebb7575f2c	test: retrigger with http:// webhook URL	2026-04-14 09:32:36 +02:00
Sharang Parnerkar	d0539d0f2f	ci: use http:// for orca webhook (port 6880 serves plain HTTP)	2026-04-14 09:32:08 +02:00
Sharang Parnerkar	8e92a93aa8	test: verify full CI pipeline with registry auth + orca webhook	2026-04-14 09:27:05 +02:00
Sharang Parnerkar	f794347827	ci: add docker login step for registry.meghsakha.com ... Requires Gitea Actions secrets: REGISTRY_USERNAME, REGISTRY_PASSWORD	2026-04-14 09:26:12 +02:00
Sharang Parnerkar	1af160eed0	test: trigger orca webhook via CI	2026-04-14 09:22:10 +02:00
Sharang Parnerkar	eb118ebf92	ci: re-add HMAC-SHA256 signing on orca webhook (ORCA_WEBHOOK_SECRET)	2026-04-14 08:31:29 +02:00
Sharang Parnerkar	dbb476cc3b	ci: drop HMAC signing (orca webhooks have no secret by default)	2026-04-14 08:27:22 +02:00
Sharang Parnerkar	9345efc3f0	ci(pipeline): trigger orca redeploy after image push, remove coolify ... build-pitch-deck workflow now posts an HMAC-signed push event to orca's webhook endpoint after the image is built + pushed. This avoids the race where orca would otherwise redeploy with the old :latest image before CI finishes pushing the new one. Removed the obsolete deploy-coolify.yml (wrong branch, wrong system) and stripped the deploy-coolify job from ci.yaml. Requires Gitea Actions secret: ORCA_WEBHOOK_SECRET_PITCH_DECK	2026-04-14 08:20:05 +02:00
Benjamin Admin	c4e993e3f8	fix: Leere Controls (title/objective=None) filtern vor Store ... - Batch-Postprocessing: Controls mit title/objective = None/null/"" werden gefiltert und nicht gespeichert. Title wird aus Objective abgeleitet falls nur Title fehlt. - _store_control: Pre-store Quality Guard lehnt leere Controls ab - Verhindert "None"-Controls die durch LLM-Parsing-Fehler entstehen Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-14 06:59:47 +02:00
Benjamin Admin	a58d1aa403	fix: KRITISCH — 12 Pipeline-Bugs gefixt, 36.000 verlorene Controls retten ... Root Cause: _generate_control_id erzeugte ID-Kollisionen (String-Sort statt numeric), ON CONFLICT DO NOTHING verwarf Controls stillschweigend, Chunks wurden als "processed" markiert obwohl Store fehlschlug → permanent verloren. Fixes: 1. _generate_control_id: Numeric MAX statt String-Sort, Collision Guard mit UUID-Suffix Fallback, Exception wird geloggt statt verschluckt 2. _store_control: ON CONFLICT DO UPDATE statt DO NOTHING → ID immer returned 3. Store-Logik: Chunk wird bei store_failed NICHT mehr als processed markiert → Retry beim naechsten Lauf moeglich 4. Counter: controls_generated nur bei erfolgreichem Store inkrementiert Neue Counter: controls_stored + controls_store_failed 5. Anthropic API: HTTP 429/500/502/503/504 werden jetzt retried (2 Versuche) 6. Monitoring: Progress-Log zeigt Store-Rate (%), ALARM bei <80% 7. Post-Job Validierung: Vergleicht Generated vs Stored vs DB-Realitaet WARNUNG wenn store_failed > 0, KRITISCH wenn Rate < 90% Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-14 00:39:12 +02:00
Benjamin Admin	d7ed5ce8c5	fix(pitch-deck): add 8 missing slides to renderSlide switch ... ExecutiveSummary, RegulatoryLandscape, CapTable, Savings, SDKDemo, Strategy, Finanzplan, Glossary Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 22:36:14 +02:00
Benjamin Admin	512088ab93	feat(pitch-deck): HTTPS via Nginx reverse proxy on port 3012 ... - Add Nginx SSL server block for pitch-deck on port 3012 - Route through Nginx instead of direct container port - Restore secure cookie flag (requires HTTPS) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 17:13:52 +02:00
Benjamin Admin	32b5e0223d	fix(pitch-deck): use explicit PITCH_SECURE_COOKIE flag for cookie security ... HTTP access on local network was blocked by secure cookie flag when NODE_ENV=production. Now requires explicit opt-in via env var. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 17:11:36 +02:00
Benjamin Admin	9354cbf775	fix(pitch-deck): add PITCH_JWT_SECRET + PITCH_ADMIN_SECRET env vars ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 17:00:57 +02:00
Benjamin Admin	756d068b4f	fix: skip_web_search Default auf True — 5x schnellere Pipeline ... Anchor-Search (DuckDuckGo + RAG via SDK) verlangsamt Pipeline von ~50 Chunks/min auf ~10 Chunks/min. Anchors (OWASP/NIST-Referenzen) koennen nachtraeglich in einem Batch-Job befuellt werden. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 12:26:01 +02:00
Benjamin Admin	c02a7bd8a6	feat(pitch-deck): show version name + status in preview banner ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 12:21:59 +02:00
Benjamin Admin	b6d3fad6ab	Merge branch 'main' of ssh://gitea.meghsakha.com:22222/Benjamin_Boenisch/breakpilot-core into feature/payment-compliance-module	2026-04-13 11:49:25 +02:00
Sharang Parnerkar	27479ee553	docs(mcp-server): add README + gitignore .mcp.json ... Setup instructions for the pitch version MCP server. .mcp.json contains the admin secret and is gitignored. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 10:36:54 +02:00
Sharang Parnerkar	82a5d62f44	feat(pitch-deck): MCP server for pitch version management via Claude Code ... Stdio MCP server that wraps the pitch-deck admin API, exposing 11 tools: list_versions, create_version, get_version, get_table_data, update_table_data, commit_version, fork_version, diff_versions, list_investors, assign_version, invite_investor. Authenticates via PITCH_ADMIN_SECRET bearer token against the deployed pitch-deck API. All existing auth, validation, and audit logging is reused — the MCP server is a thin adapter. Usage: add to ~/.claude/settings.json mcpServers, set PITCH_API_URL and PITCH_ADMIN_SECRET env vars. See mcp-server/README.md (to be added). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 10:32:45 +02:00
Benjamin Admin	bc23c6815a	docs: README aktualisiert — BV + FRIA Templates + Domain-Risiken ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 07:05:05 +02:00
Benjamin Admin	7dd2dc89a9	test: FRIA + DSFA Domain-Risiken Tests — 15/15 bestanden ... FRIA: Minimal-Context, Domain-Rights (HR/Edu/HC), Universal Rights, Massnahmen, Public Entity, Risikomatrix, Betroffene. DSFA: Domain-spezifische Risiken (AGG, Chancenungleichheit, Fehldiagnose, Kredit-Scoring), keine Extra-Risiken ohne Domain. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 06:58:36 +02:00
Benjamin Admin	57462899f6	fix: DSFA Generator — Domain-spezifische Risiken (HR/Edu/HC/Finance) ... Risikoanalyse erkennt jetzt den Domain-Kontext und fuegt automatisch domain-spezifische Risiken hinzu: - HR: AGG-Verstoss, Beweislastumkehr, Art. 22, Proxy-Diskriminierung - Education: Chancenungleichheit, Minderjaehrige, Fehlbewertung - Healthcare: Fehldiagnose, Triage, Patientenautonomie - Finance: Kredit-Scoring Diskriminierung, Dienstverweigerung Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 22:36:11 +02:00
Benjamin Admin	f23b872c54	feat: FRIA Template (Art. 27 AI Act) — 7. Document Template ... Grundrechte-Folgenabschaetzung mit 8 Sektionen, ~26 Placeholders, Conditional Blocks fuer Bildung/HR/oeffentliche Stellen. Python-Generator mit Domain→Grundrechte-Mapping (Education, HR, Healthcare, Finance). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 16:38:59 +02:00
Benjamin Admin	55f7195edd	test: BV-Generator Tests — 9 Tests (alle bestanden) ... Testet: minimaler/voller Kontext, verbotene Nutzungen (KI/Standard), Datenarten-Mapping, TOM bei hohem Konflikt-Score, Speicherfristen. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 11:02:32 +02:00
Benjamin Admin	b14be8583d	feat: Betriebsrats-Compliance — BAG-Ingestion Script + BV-Template ... 1. BAG-Urteile Ingestion Script (21 kuratierte Urteile zu §87 BetrVG) - Microsoft 365, SAP ERP, E-Mail, Standardsoftware, Video, SaaS/Cloud - 14 erfolgreich ingestiert (4.726 Chunks in bp_compliance_datenschutz) 2. Betriebsvereinbarung Template (6. Document Template) - SQL-Migration mit 13 Sektionen (A-M), ~30 Placeholders - Conditional Blocks fuer KI-Systeme, Video, HR - Python-Generator mit automatischer TOM-Befuellung Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 10:49:01 +02:00
Benjamin Admin	67ad7c236b	Merge remote-tracking branch 'gitea/main'	2026-04-12 09:08:04 +02:00
Benjamin Admin	f89ce46631	fix: Pipeline-Skalierung — 6 Optimierungen für 80k+ Controls ... 1. control_generator: GeneratorResult.status Default "completed" → "running" (Bug) 2. control_generator: Anthropic API mit Phase-Timeouts + Retry bei Disconnect 3. control_generator: regulation_exclude Filter + Harmonization via Qdrant statt In-Memory 4. decomposition_pass: Enrich Pass Batch-UPDATEs (400k → ~400 DB-Calls) 5. decomposition_pass: Merge Pass single Query statt N+1 6. batch_dedup_runner: Cross-Group Dedup parallelisiert (asyncio.gather) 7. canonical_control_routes: Framework Controls API Pagination (limit/offset) 8. DB-Indizes: idx_oc_parent_release, idx_oc_trigger_null, idx_cc_framework Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-11 14:09:32 +02:00
Benjamin Admin	fc71117bf2	feat: Document Templates V2 — DSFA, TOM, VVT, AVV, Verpflichtung, Art.13/14 ... Erweiterte Compliance-Vorlagen fuer den Document Generator: - DSFA V2: Schwellwertanalyse (9 WP248-Kriterien), SDM-basierte TOM, strukturierte Risikobewertung, KI-Modul (AI Act), Art.36-Pruefung - TOM V2: 7 SDM-Gewaehrleistungsziele, Sektor-Erweiterungen, NIS2/ISO27001/AI Act Varianten - VVT V2: 6 Branchen-Muster (IT/SaaS, Gesundheit, Handel, Handwerk, Bildung, Beratung) + allgemeine Art.30-Vorlage - AVV V2: Vollstaendiger Art.28-Vertrag mit TOM-Anlage - Verpflichtungserklaerung: Mitarbeiter-Vertraulichkeit - Art.13/14 Informationspflichten-Muster Enthalt SQL-Migrations (compliance_legal_templates), Python-Generatoren und Qdrant-Cleanup-Skript. Feature-Branch fuer spaetere Integration in breakpilot-compliance. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 11:39:39 +02:00
Sharang Parnerkar	ea752088f6	feat(pitch-admin): structured form editors, bilingual fields, version preview ... Replaces raw JSON textarea in version editor with proper form UIs: - Company: single-record form with side-by-side DE/EN tagline + mission - Team: expandable card list with bilingual role/bio, expertise tags - Financials: year-by-year table with numeric inputs - Market: TAM/SAM/SOM row table - Competitors: card list with strengths/weaknesses tag arrays - Features: card list with DE/EN names + checkbox matrix - Milestones: card list with DE/EN title/description + status dropdown - Metrics: card list with DE/EN labels - Funding: form + nested use_of_funds table - Products: card list with DE/EN capabilities + feature tag arrays - FM Scenarios: card list with color picker - FM Assumptions: row table Shared editor primitives (components/pitch-admin/editors/): BilingualField, FormField, ArrayField, RowTable, CardList "Edit as JSON" toggle preserved as escape hatch on every tab. Preview: admin clicks "Preview" on version editor → opens /pitch-preview/[versionId] in new tab showing the full pitch deck with that version's data. Admin-cookie gated (no investor auth). Yellow "PREVIEW MODE" banner at top. Also fixes the [object Object] inline table type cast in FM editor. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 10:34:42 +02:00
Sharang Parnerkar	edadf39445	fix(pitch-admin): render JSONB arrays as inline table editors ... Arrays of objects (funding_schedule, founder_salary_schedule, etc.) now render as editable tables with per-field inputs, add/remove row buttons, instead of a raw JSON string in a single text input. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 10:09:26 +02:00
Sharang Parnerkar	1c3cec2c06	feat(pitch-deck): full pitch versioning with git-style history (#4) ... Full pitch versioning: 12 data tables versioned as JSONB snapshots, git-style parent chain (draft→commit→fork), per-investor assignment, side-by-side diff engine, version-aware /api/data + /api/financial-model. Bug fixes: FM editor [object Object] for JSONB arrays, admin scroll. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 07:37:33 +00:00
Sharang Parnerkar	746daaef6d	ci: add Gitea Actions workflow to build + push pitch-deck image ... Builds and pushes to registry.meghsakha.com/breakpilot/pitch-deck on every push to main that touches pitch-deck/ files. Tags with :latest and :SHORT_SHA. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 08:36:23 +02:00
Benjamin Admin	441d5740bd	feat: Applicability Engine + API-Filter + DB-Sync + Cleanup ... - Applicability Engine (deterministisch, kein LLM): filtert Controls nach Branche, Unternehmensgroesse, Scope-Signalen - API-Filter auf GET /controls, /controls-count, /controls-meta - POST /controls/applicable Endpoint fuer Company-Profile-Matching - 35 Unit-Tests fuer Engine - Port-8098-Konflikt mit Nginx gefixt (nur expose, kein Host-Port) - CLAUDE.md: control-pipeline Dokumentation ergaenzt - 6 internationale Gesetze geloescht (ES/FR/HU/NL/SE/CZ — nur DACH) - DB-Backup-Import-Script (import_backup.py) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 21:58:17 +02:00
Benjamin Admin	ee5241a7bc	merge: gitea/main — resolve pitch-deck conflicts (accept theirs) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 14:43:32 +02:00
Benjamin Admin	e3ab428b91	feat: control-pipeline Service aus Compliance-Repo migriert ... Control-Pipeline (Pass 0a/0b, BatchDedup, Generator) als eigenstaendiger Service in Core, damit Compliance-Repo unabhaengig refakturiert werden kann. Schreibt weiterhin ins compliance-Schema der shared PostgreSQL. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 14:40:47 +02:00
Sharang Parnerkar	c7ab569b2b	feat(pitch-deck): admin UI for investor + financial-model management (#3) ... Adds /pitch-admin dashboard with real bcrypt admin accounts and full audit attribution for every state-changing action. - pitch_admins + pitch_admin_sessions tables (migration 002) - pitch_audit_logs.admin_id + target_investor_id columns - lib/admin-auth.ts: bcryptjs, single-session, jose JWT with audience claim - middleware.ts: two-cookie gating with bearer-secret CLI fallback - 14 new API routes (admin-auth, dashboard, investor detail/edit/resend, admins CRUD, fm scenarios + assumptions PATCH) - 9 admin pages: login, dashboard, investors list/new/[id], audit, financial-model list/[id], admins - Bootstrap CLI: npm run admin:create - 36 vitest tests covering auth, admin-auth, rate-limit primitives Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 10:36:16 +00:00