- **Tailwind Config:** Clear custom config path and update base color to `zinc`.
- **Design System:** Replace existing CSS with OKLCH color model for improved accessibility and uniformity.
- **Typography & Themes:** Use Geist fonts, define light/dark themes with enhanced semantic variables.
- **Global Styles:** Add consistent border colors, smooth transitions, and reusable variables for Tailwind integration.
Introduce tabbed navigation for the settings page, including Profile, Password, Sessions, and Preferences sections. Add placeholders for each section with metadata and routes. Redirect `/settings` to `/settings/profile`. Integrate `AuthGuard` for settings and authenticated layouts while incorporating reusable `Header` and `Footer` components.
Updated the `Token` schema to include `user` data and `expires_in` field. Adjusted backend `auth_service.py` to populate these fields while generating tokens. Replaced `getCurrentUserInfo` with `getCurrentUserProfile` in the frontend and disabled ESLint for generated files to suppress warnings.
- Extracted password reset logic into `PasswordResetConfirmContent` wrapped in `Suspense` for cleaner and more modular component structure.
- Updated ESLint config to ignore generated files and added rules for stricter code quality (`eslint-comments`, `@typescript-eslint` adjustments).
- Automated insertion of `eslint-disable` in auto-generated TypeScript files through `generate-api-client.sh`.
- Replaced unsafe `any` type casts with safer `Record<string, unknown>` type assertions for TypeScript compliance.
- Added `lint:tests` script for pre-commit test coverage checks.
- Improved `useAuth` hooks and related type guards for better runtime safety and maintainability.
- Introduced comprehensive tests for `RegisterForm`, `PasswordResetRequestForm`, and `PasswordResetConfirmForm` covering successful submissions, validation errors, and API error handling.
- Refactored forms to handle unexpected errors gracefully and improve test coverage for edge cases.
- Updated `crypto` and `storage` modules with robust error handling for storage issues and encryption key management.
- Removed unused `axios-mock-adapter` dependency for cleaner dependency management.
- Migrated `useAuth` hooks to use functions from auto-generated API client for improved maintainability and OpenAPI compliance.
- Replaced manual API calls with SDK functions (`login`, `register`, `logout`, etc.) and added error type guards for runtime safety (`isTokenWithUser`, `isSuccessResponse`).
- Enhanced hooks with better error logging, optional success callbacks, and stricter type annotations.
- Refactored `Logout` and `LogoutAll` mutations to handle missing tokens gracefully and clear local state on server failure.
- Added tests for API type guards and updated functionality of hooks to validate proper behaviors.
- Removed legacy `client-config.ts` to align with new API client utilization.
- Improved inline documentation for hooks with detailed descriptions and usage guidance.
- Deleted `authStore` in favor of updated state management and authentication handling.
- Updated `IMPLEMENTATION_PLAN.md` with revised checklist and Phase 2 completion details.
- Introduced `isAPIErrorArray` type guard to improve error handling in authentication forms, replacing type assertions for better runtime safety.
- Refactored error handling logic across `RegisterForm`, `LoginForm`, `PasswordResetRequestForm`, and `PasswordResetConfirmForm` for unexpected error fallbacks.
- Updated `next.config.ts` and `.eslintrc.json` to exclude generated API client files from linting and align configuration with latest project structure.
- Added comprehensive documentation on Phase 2 completion in `IMPLEMENTATION_PLAN.md`.
- Added `useEffect` for proper timeout cleanup in `PasswordResetConfirmForm` to prevent memory leaks during unmount.
- Enhanced form accessibility by adding `aria-required` attributes to all required fields for better screen reader compatibility.
- Updated `IMPLEMENTATION_PLAN.md` to reflect completion of Password Reset Flow and associated quality metrics.
- Implemented `PasswordResetRequestForm` and `PasswordResetConfirmForm` components with email and password validation, strength indicators, and error handling.
- Added dedicated pages for requesting and confirming password resets, integrated with React Query hooks and Next.js API routes.
- Included tests for validation rules, UI states, and token handling to ensure proper functionality and coverage.
- Updated ESLint and configuration files for new components and pages.
- Enhanced `IMPLEMENTATION_PLAN.md` with updated task details and documentation for password reset workflows.
- Integrated OpenAPI-generated TypeScript SDK (`sdk.gen.ts`, `types.gen.ts`, `client.gen.ts`) for API interactions.
- Refactored `authStore` tests to include storage mock reset logic with default implementations.
- Deleted legacy `config` module and replaced its usage with the new runtime-validated `app.config`.
- Removed old custom Axios `apiClient` with outdated token refresh logic.
- Cleaned up redundant crypto-related mocks in storage tests and replaced them with real encryption/decryption during testing.
- Updated Jest coverage exclusions to reflect the new file structure and generated client usage.
- Introduced Web Crypto API polyfills (`@peculiar/webcrypto`) for Node.js to enable SSR-safe cryptography utilities.
- Added Jest setup file for global mocks (e.g., `localStorage`, `sessionStorage`, and `TextEncoder/Decoder`).
- Enhanced token validation behavior in `storage` tests to reject incomplete tokens.
- Replaced runtime configuration validation with clamping using `parseIntSafe` constraints for improved reliability.
- Updated `package.json` and `package-lock.json` to include new dependencies (`@peculiar/webcrypto` and related libraries).
- Removed outdated `crypto` tests; added dedicated and structured tests for `authStore`, `storage`, and `app.config`.
- Enhanced test coverage for user and token validation, secure persistence, state management, and configuration parsing.
- Consolidated encryption and storage error handling with thorough validation to ensure SSR-safety and resilience.
- Improved runtime validations for tokens and configuration with stricter type checks and fallback mechanisms.
- Added robust validation for `user` object fields to ensure non-empty strings.
- Improved `calculateExpiry` with value range checks and warnings for invalid `expiresIn`.
- Incorporated try-catch in `initializeAuth` to log errors and prevent app crashes during auth initialization.
- Introduced SSR guards for browser APIs in `crypto` and `storage` modules.
- Enhanced resilience with improved error handling for encryption key management, token storage, and retrieval.
- Added validation for token structure and fallback mechanisms for corrupted data.
- Refactored localStorage handling with explicit availability checks for improved robustness.
- Centralized and refactored configuration management (`config`) with runtime validation for environment variables.
- Introduced utilities for secure token storage, including AES-GCM encryption and fallback handling.
- Enhanced `authStore` state management with token validation, secure persistence, and initialization from storage.
- Modularized authentication utilities and updated export structure for better maintainability.
- Improved error handling, input validation, and added detailed comments for enhanced clarity.
- Created `generate-api-client.sh` for OpenAPI-based TypeScript client generation.
- Added `src/lib/api` with Axios-based API client, error handling utilities, and placeholder for generated types.
- Implemented Zustand-based `authStore` for user authentication and token management.
- Integrated reusable UI components (e.g., `Dialog`, `Select`, `Textarea`, `Sheet`, `Separator`, `Checkbox`) using Radix UI and utility functions.
- Established groundwork for client-server integration, state management, and modular UI development.
Implemented a full-stack template combining Next.js (frontend), FastAPI (backend), and PostgreSQL. Included Docker configurations for development and production, environment file templates, Makefile commands, and initial setup for database migrations and builds. The stack is production-ready and supports hot-reloading for local development.
