letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

chore(autonomous-session): consolidate uncommitted work from prior session

Browse Source 
Bundles the prior autonomous-session output that was sitting unstaged:

- Em-dash sweep across src/ + tests/ (en-dash/em-dash to hyphen, ~2280 instances)
- country-flag-icons rollout (CountryFlag component, replaces emoji glyphs that
  never rendered on Windows; lazy-loads the 3x2 SVG index as a single chunk
  after the per-subpath dynamic-import approach silently failed in webpack)
- Admin IA Phase 1+2: 7-domain regroup, 41 to 38 pages, /admin/berths index,
  redirects (ocr to ai, reports to dashboard, invitations to users),
  docs/admin-ia-proposal.md
- Per-template email tester (registry + endpoint + UI on Email admin page)
- Cancel-document mode picker (delete-from-Documenso vs keep-for-audit)
- Dashboard PDF report: 25 widgets, SVG charts, date-range picker, 11 resolvers
- Customize-widgets per-region sortables at xl+ (charts/rails/feed); single
  flat sortable below xl when the layout stacks; per-viewport saved orders
- Audit doc updates capturing each shipped item
- Lint fixes: react-compiler immutability in DonutChart (reduce instead of
  let-reassign), set-state-in-effect disables in CountryFlag and
  UploadForSigning preview-bytes effect, unused 'confirm' destructures in
  interest contract + reservation tabs, unescaped apostrophe in test-template
  card copy
This commit is contained in:
Matt
2026-05-23 00:52:59 +02:00
parent 43719b49e9
commit 221ae5784e
749 changed files with 7440 additions and 3118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/lib/auth/index.ts
View File

@@ -44,7 +44,7 @@ const trustedOrigins: (request?: Request) => Promise<string[]> = async (request)
* is constructed on first property access (i.e. first request) rather than
* at module import. This is required so that Next.js's "collect page data"
* phase during `pnpm build` doesn't trigger better-auth's "default secret"
* check against the unset BETTER_AUTH_SECRET at build time the auth
* check against the unset BETTER_AUTH_SECRET - at build time the auth
* config is never accessed, and at runtime the env is fully populated.
*
* Call sites continue to use `auth.api.foo(...)` unchanged; the Proxy
@@ -93,7 +93,7 @@ function buildAuth() {
<p style="margin-bottom:16px;">You requested a password reset for your ${appName} account.</p>
<p style="margin-bottom:16px;">
<a href="${safeUrl(url)}" style="color:#2563eb;font-weight:600;">Click here to set a new password</a>
the link expires in 1 hour.
- the link expires in 1 hour.
</p>
<p style="color:#64748b;">If you didn't request this, you can safely ignore this email.</p>
`;
@@ -143,7 +143,7 @@ function buildAuth() {
},
},
// Rate limiting (post-audit F7) without this, brute-force is wide
// Rate limiting (post-audit F7) - without this, brute-force is wide
// open. Tight caps on the credential-eating endpoints; loose default
// for everything else so legitimate fan-out (multi-widget dashboards
// that hit /get-session repeatedly) isn't hampered.