diff --git a/VEZA_COMPLETE_MVP_TODOLIST.json b/VEZA_COMPLETE_MVP_TODOLIST.json
index 1e6518eb3..d3035f7f8 100644
--- a/VEZA_COMPLETE_MVP_TODOLIST.json
+++ b/VEZA_COMPLETE_MVP_TODOLIST.json
@@ -852,7 +852,7 @@
       "completion": {
         "completed_at": "2025-12-23T00:43:45Z",
         "actual_hours": 1.0,
-        "commits": [],
+        "commits": ["b9b4e9c"],
         "files_changed": [
           "apps/web/src/features/streaming/services/hlsService.ts",
           "apps/web/src/features/tracks/services/trackService.ts",
@@ -927,7 +927,17 @@
       "description": "Frontend expects { user, token } in login response but backend may return different structure. Ensure login response matches frontend expectations.",
       "owner": "fullstack",
       "estimated_hours": 2,
-      "status": "todo",
+      "status": "completed",
+      "completion": {
+        "completed_at": "2025-12-23T00:44:30Z",
+        "actual_hours": 0.5,
+        "commits": [],
+        "files_changed": [
+          "veza-backend-api/internal/handlers/auth.go"
+        ],
+        "notes": "Fixed login response format. Added username field to UserResponse in Login handler. Backend now returns { user: { id, email, username }, token: { access_token, refresh_token, expires_in } } which matches frontend AuthResponse type. Frontend client API already handles unwrapping of { success, data } format correctly. DTOs already use correct JSON tags (snake_case). Format now matches frontend expectations.",
+        "issues_encountered": []
+      },
       "files_involved": [
         {
           "path": "veza-backend-api/internal/handlers/auth.go",
diff --git a/veza-backend-api/internal/handlers/auth.go b/veza-backend-api/internal/handlers/auth.go
index 376c0c86c..b560ebef1 100644
--- a/veza-backend-api/internal/handlers/auth.go
+++ b/veza-backend-api/internal/handlers/auth.go
@@ -74,8 +74,9 @@ func Login(authService *auth.AuthService, sessionService *services.SessionServic
 		if requires2FA {
 			RespondSuccess(c, http.StatusOK, dto.LoginResponse{
 				User: dto.UserResponse{
-					ID:    user.ID,
-					Email: user.Email,
+					ID:       user.ID,
+					Email:    user.Email,
+					Username: user.Username,
 				},
 				Requires2FA: true,
 			})
@@ -118,8 +119,9 @@ func Login(authService *auth.AuthService, sessionService *services.SessionServic
 
 		RespondSuccess(c, http.StatusOK, dto.LoginResponse{
 			User: dto.UserResponse{
-				ID:    user.ID,
-				Email: user.Email,
+				ID:       user.ID,
+				Email:    user.Email,
+				Username: user.Username,
 			},
 			Token: dto.TokenResponse{
 				AccessToken:  tokens.AccessToken,