- Added React Query hooks for user-related actions: `useCreateUser`, `useUpdateUser`, `useDeleteUser`, `useActivateUser`, `useDeactivateUser`, and `useBulkUserAction`.
- Implemented primary user management components: `UserFormDialog`, `UserManagementContent`, `UserListTable`, `BulkActionToolbar`, and `UserActionMenu`.
- Replaced placeholder content on the Users page with full user management capabilities.
- Included role-based validation, search, pagination, filtering, and bulk operations.
- Enhanced form validation with `zod` schema for robust user input handling.
- Added feedback mechanisms (toasts and alert dialogs) for user actions.
- Improved UI accessibility and usability across the admin user management feature.
- Introduced constants for admin hooks: `STATS_FETCH_LIMIT`, `DEFAULT_PAGE_LIMIT`, and `STATS_REFETCH_INTERVAL` to enhance readability and maintainability.
- Updated query guards to ensure data fetching is restricted to superusers.
- Enhanced accessibility across admin components by adding `aria-hidden` attributes and improving focus-visible styles.
- Simplified `useAdminStats`, `useAdminUsers`, and `useAdminOrganizations` with shared constants.
- Added 403 Forbidden page with proper structure, styling, and tests.
- Implemented new tests for admin hooks, DashboardStats, AdminLayout, and ForbiddenPage for better coverage.
- Introduced `useAdminStats`, `useAdminUsers`, and `useAdminOrganizations` hooks for admin data fetching with React Query.
- Added `AdminSidebar`, `Breadcrumbs`, and related navigation components for the admin section.
- Implemented comprehensive unit and integration tests for admin components.
- Created E2E tests for admin access control, navigation, and dashboard functionality.
- Updated exports to include new admin components.
- Introduced `__PLAYWRIGHT_TEST__` flag in `storage.ts` to bypass token encryption for improved E2E test stability.
- Rebuilt Profile Settings E2E tests to verify user data display with mock API responses.
- Refactored `setupAuthenticatedMocks` and `loginViaUI` to support new test requirements and streamline session setup.
- Removed outdated debug selectors test `test-selectors.spec.ts`.
- Removed `window.__TEST_AUTH_STORE__` logic for E2E test store injection in `AuthProvider` and related comments.
- Updated `AuthInitializer` to clarify E2E test behavior with mocked API responses.
- Streamlined `AuthContext` handling by prioritizing explicit `store` prop or production singleton.
- Replaced `useAuthStore` with `useAuth` from `AuthContext` across frontend components and tests to ensure dependency injection compliance.
- Enhanced E2E test stability by delaying navigation until the auth context is fully initialized.
- Updated Playwright configuration to use a single worker to prevent mock conflicts.
- Refactored test setup to consistently inject `AuthProvider` for improved isolation and mocking.
- Adjusted comments and documentation to clarify dependency injection and testability patterns.
- Replaced `useAuthStore` imports with `useAuth` from `AuthContext` in `AuthGuard` and `Header` for consistency.
- Enhanced `getAuthStore` to prioritize E2E test store injection for improved testability.
- Updated comments to reflect changes and clarify usage patterns.
- Refactored `useIsAuthenticated` and `useCurrentUser` to use `useAuth` from `AuthContext` instead of `useAuthStore`.
- Updated test setups to inject `AuthProvider` with mocked store hooks for improved test isolation and consistency.
- Replaced legacy `useAuthStore` mocks with `AuthContext`-compatible implementations in affected tests.
- Consolidated `useAuthStore` into the unified `useAuth` hook for cleaner imports and consistency across frontend components.
- Enhanced database management in Alembic migrations by introducing `ensure_database_exists` to automatically create the database if missing.
- Added `AuthContext` as a dependency injection wrapper over the Zustand auth store to support test isolation, E2E testability, and clean architecture patterns.
- Updated `layout.tsx` to utilize `AuthProvider` and initialize authentication context.
- Removed redundant `AuthInitializer` from `providers.tsx`.
- Enhanced modularity and testability by decoupling authentication context from direct store dependency.
- Remove unused icons (`Smartphone`, `Tablet`) from `SessionCard` component.
- Add `/* istanbul ignore next */` comment for untestable `isDirty`-dependent Reset button in `ProfileSettingsForm`.
- Remove redundant unit tests for `PasswordChangeForm` that rely on `isDirty` state handling, as this functionality is now covered by E2E Playwright tests.
- Add `/* istanbul ignore next */` comments to exclude untestable code paths related to form submission and `isDirty` state.
- Implement comprehensive tests for `ProfileSettingsForm`, `PasswordChangeForm`, and `SessionCard` components to validate rendering, interactions, and state handling.
- Add tests for session management hooks (`useSession`, `useRevokeSession`, and `useRevokeAllOtherSessions`) to verify logic and API integration.
- Ensure coverage of edge cases, error handling, and success callbacks across all new tests.
- Implement `ProfileSettingsForm` and `PasswordChangeForm` components to manage user profile and password updates.
- Add `SessionCard` for session management and related API hooks (`useSession`).
- Update settings page tests to include user state mock and React Query provider for better test reliability.
- Enhance `PasswordSettingsPage` and `ProfileSettingsPage` tests to verify component rendering and user interaction.
- Improve API hook structure with dedicated hooks for session and user profile management.
- Update `LoginForm` to use `onBlur` mode and `onChange` revalidation for better UX.
- Enhance e2e tests to verify field interactivity, ensure visibility of submit button, and improve error validation reliability across browsers.
- Wrap `console.log` calls in `if (process.env.NODE_ENV === 'development')` to prevent production logs in `forms/page.tsx`.
- Refactor token refresh logic by relying solely on the `refreshPromise` to avoid race conditions.
- Remove outdated `isRefreshing` flag, utilizing `refreshPromise` as the primary lock.
- Update comments in `IMPLEMENTATION_PLAN.md` to reflect the current progress and eliminate redundant sections.
- Introduced smoke tests for Login, Register, Password Reset, Password Reset Confirm, and Settings pages.
- Enhanced test coverage for all dynamic imports using mocks and added Jest exclusions for non-testable Next.js files.
- Added component-specific test files for better structure and maintainability.
- Improved test isolation by mocking navigation, providers, and rendering contexts.
- Added tests to validate `ThemeProvider` updates resolved theme on system preference changes and ignores changes for non-system themes.
- Introduced tests to ensure `authStore` gracefully handles invalid tokens, storage errors, and logs errors appropriately during authentication state transitions.
- Improved test coverage by adding defensive error handling cases and refining token validation logic.
- **Design System Hub:** Introduce `/dev` as a central hub for interactive design system showcases (components, layouts, spacing, etc.). Includes live demos, highlights, and documentation links.
- **Forms Demo:** Add `/dev/forms` for reactive forms with `react-hook-form` and `Zod`. Demonstrate validation patterns, error handling, loading states, and accessibility best practices.
- **Features:** Showcase reusable `Example`, `ExampleSection`, and `BeforeAfter` components for better UI demonstration and code previews.
- **ThemeToggle:** Introduce comprehensive tests to validate button functionality, dropdown options, and active theme indicators.
- **ThemeProvider:** Add tests for theme management, localStorage persistence, system preferences, and DOM updates.
- **Header & Footer:** Verify header rendering, user menu functionality, and footer content consistency.
- **AuthInitializer:** Ensure authentication state is correctly loaded from storage on mount.
- Introduce `ComponentShowcase` to display all design system components (buttons, cards, alerts, etc.) for development and testing purposes.
- Create a dedicated `/dev/components` route for accessing the showcase.
- Ensure reuse of existing `shadcn/ui` components with appropriate styling.
- Update `PasswordResetConfirmForm` to use `bg-muted` for the password strength indicator background.
- Refactor `text-*` and `bg-*` classes to use semantic color tokens such as `foreground`, `muted-foreground`, `card`, and `accent`.
- Adjust `Header`, `Footer`, and settings pages to align with the OKLCH-based design system.
- Ensure visual consistency and accessibility for both light and dark themes.
- **Header:** Integrate `ThemeToggle` component into the user menu area.
- **Theme Provider:** Introduce `ThemeProvider` context for managing and persisting theme preferences.
- **New Components:** Add `ThemeToggle` for switching themes and `ThemeProvider` to handle state and system preferences.
- Ensure responsive updates and localStorage persistence for user-selected themes.
- **Tailwind Config:** Clear custom config path and update base color to `zinc`.
- **Design System:** Replace existing CSS with OKLCH color model for improved accessibility and uniformity.
- **Typography & Themes:** Use Geist fonts, define light/dark themes with enhanced semantic variables.
- **Global Styles:** Add consistent border colors, smooth transitions, and reusable variables for Tailwind integration.
Introduce tabbed navigation for the settings page, including Profile, Password, Sessions, and Preferences sections. Add placeholders for each section with metadata and routes. Redirect `/settings` to `/settings/profile`. Integrate `AuthGuard` for settings and authenticated layouts while incorporating reusable `Header` and `Footer` components.
Updated the `Token` schema to include `user` data and `expires_in` field. Adjusted backend `auth_service.py` to populate these fields while generating tokens. Replaced `getCurrentUserInfo` with `getCurrentUserProfile` in the frontend and disabled ESLint for generated files to suppress warnings.
- Extracted password reset logic into `PasswordResetConfirmContent` wrapped in `Suspense` for cleaner and more modular component structure.
- Updated ESLint config to ignore generated files and added rules for stricter code quality (`eslint-comments`, `@typescript-eslint` adjustments).
- Automated insertion of `eslint-disable` in auto-generated TypeScript files through `generate-api-client.sh`.
- Replaced unsafe `any` type casts with safer `Record<string, unknown>` type assertions for TypeScript compliance.
- Added `lint:tests` script for pre-commit test coverage checks.
- Improved `useAuth` hooks and related type guards for better runtime safety and maintainability.
- Introduced comprehensive tests for `RegisterForm`, `PasswordResetRequestForm`, and `PasswordResetConfirmForm` covering successful submissions, validation errors, and API error handling.
- Refactored forms to handle unexpected errors gracefully and improve test coverage for edge cases.
- Updated `crypto` and `storage` modules with robust error handling for storage issues and encryption key management.
- Removed unused `axios-mock-adapter` dependency for cleaner dependency management.
- Migrated `useAuth` hooks to use functions from auto-generated API client for improved maintainability and OpenAPI compliance.
- Replaced manual API calls with SDK functions (`login`, `register`, `logout`, etc.) and added error type guards for runtime safety (`isTokenWithUser`, `isSuccessResponse`).
- Enhanced hooks with better error logging, optional success callbacks, and stricter type annotations.
- Refactored `Logout` and `LogoutAll` mutations to handle missing tokens gracefully and clear local state on server failure.
- Added tests for API type guards and updated functionality of hooks to validate proper behaviors.
- Removed legacy `client-config.ts` to align with new API client utilization.
- Improved inline documentation for hooks with detailed descriptions and usage guidance.
- Deleted `authStore` in favor of updated state management and authentication handling.
- Updated `IMPLEMENTATION_PLAN.md` with revised checklist and Phase 2 completion details.
- Introduced `isAPIErrorArray` type guard to improve error handling in authentication forms, replacing type assertions for better runtime safety.
- Refactored error handling logic across `RegisterForm`, `LoginForm`, `PasswordResetRequestForm`, and `PasswordResetConfirmForm` for unexpected error fallbacks.
- Updated `next.config.ts` and `.eslintrc.json` to exclude generated API client files from linting and align configuration with latest project structure.
- Added comprehensive documentation on Phase 2 completion in `IMPLEMENTATION_PLAN.md`.
- Added `useEffect` for proper timeout cleanup in `PasswordResetConfirmForm` to prevent memory leaks during unmount.
- Enhanced form accessibility by adding `aria-required` attributes to all required fields for better screen reader compatibility.
- Updated `IMPLEMENTATION_PLAN.md` to reflect completion of Password Reset Flow and associated quality metrics.
- Implemented `PasswordResetRequestForm` and `PasswordResetConfirmForm` components with email and password validation, strength indicators, and error handling.
- Added dedicated pages for requesting and confirming password resets, integrated with React Query hooks and Next.js API routes.
- Included tests for validation rules, UI states, and token handling to ensure proper functionality and coverage.
- Updated ESLint and configuration files for new components and pages.
- Enhanced `IMPLEMENTATION_PLAN.md` with updated task details and documentation for password reset workflows.
