- Fix auth verify handler to read token_hash (GoTrue param name) instead
of token, and verify OTP server-side before redirecting
- Fix reset-password page to handle both token_hash and pre-existing
session from verify handler
- Fix intermittent dashboard 500 by adding error handling and retry to
members_with_dues query in safeGetSession
- Fix RLS policies using members.user_id (nonexistent) → members.id for
cron_execution_logs and bulk_emails tables
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All new migrations are now embedded in post-deploy.sql (idempotent),
so they run automatically on `docker compose up` via the migrate container.
Both deploy/ and docker/migrate/ copies are kept in sync.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Custom Docker images embed all config so production servers no longer
need SQL files, kong.yml, or shell scripts. Kong generates config from
env vars at startup. Migrate container auto-detects fresh vs existing
DB and runs appropriate scripts.
New images: monacousa-db, monacousa-kong, monacousa-migrate
New commands: deploy.sh build-images, deploy.sh push-images
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
