Hartmut 97cfd0ed90 fix(security): raise password minimum to 12 chars, hide raw error messages, add audit script ...

- Password validation: min(8) → min(12) across auth.ts, user-procedure-support.ts,
  and invite.ts (aligns with NIST SP 800-63B modern recommendations)
- Error boundary: stop rendering raw error.message which could leak internal
  details; always show the generic fallback text
- Add `pnpm audit` script (--audit-level=high) for dependency vulnerability scanning

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-09 21:48:51 +02:00

..

api

fix(security): raise password minimum to 12 chars, hide raw error messages, add audit script

2026-04-09 21:48:51 +02:00

application

Merge branch 'worktree-agent-a8de1898' - Phase 2A entitlement use-cases

2026-04-09 20:16:38 +02:00

db

fix(security): prevent TOTP replay attacks and fix user enumeration in verifyTotp

2026-04-09 21:41:09 +02:00

engine

feat(timeline): add pulse animation for in-flight drag mutations

2026-04-09 13:28:46 +02:00

shared

feat(api): add audit helpers, tool registry, shared tool manifest types, and UI primitives

2026-04-09 21:14:26 +02:00

staffing

fix(merge): resolve post-merge type errors from batch-1 agents

2026-04-09 14:38:32 +02:00

ui

fix(infra): apply missing migrations, fix Dockerfile.dev ui package reference

2026-04-09 20:29:21 +02:00