- Connect SocialViewFeedItem like to socialService.toggleLike(track.id, 'track')
- Connect SocialViewFeedItem comment to socialService.postComment (expandable form)
- Update socialService.postComment to use POST /social/comments (target_id, target_type, content)
- Add RoleBadge component and display on UserProfilePageHeader
- Fetch user roles via getUserRoles in useUserProfilePage
- Add MSW handlers for POST /social/like and POST /social/comments
- Add duplicatePlaylist() to playlistService (POST /playlists/:id/duplicate)
- Implement DuplicatePlaylistButton with navigation to new playlist on success
- Add DuplicatePlaylistButton and ExportPlaylistButton to PlaylistDetailPageActionsBar
- Add MSW handlers for duplicate and export endpoints
- SharePlaylistModal and PlaylistRecommendations already wired (flags enabled)
- developerApi: listKeys, createKey, deleteKey
- developerService: use real API instead of localStorage
- DeveloperDashboardView: list keys, Create API Key button, revoke with confirmation
- CreateAPIKeyModal: scopes read/write/admin
- MSW handlers for GET/POST/DELETE developer/api-keys
- HAProxy: route /hls to stream server
- Vite proxy: /ws, /stream, /hls for dev
- HLS_BASE_URL: empty when STREAM_URL relative (proxy)
- FEATURE_STATUS: HLS_STREAMING operational
- usePlaylistSearch: use useRef for toastError to avoid infinite loop in useEffect
- handlers-playlists: fix search response format (playlists/total/page/limit)
- handlers-playlists: fix list response (items -> playlists)
- handlers-playlists: add GET playlists/:id/analytics handler
- PlaylistSearch.stories: fix Empty story response format
- audit-storybook: add MSW, swagger, .mdx ignore patterns
- audit-storybook: cap errors per story (MAX_ERRORS_PER_STORY=100)
- Add status and delivered_at to ChatMessage
- Handle MessageDelivered WebSocket event
- Send Delivered when receiving NewMessage or loading history
- Display ✓ (sent) / ✓✓ (delivered) in ChatMessageComponent
- Add create_test_user step in CI e2e job (e2e@test.com)
- Add TEST_EMAIL and TEST_PASSWORD to Playwright env for consistency
- Add form visibility waits in smoke.spec.ts (align with auth.spec.ts)
- Ensures login form is visible before fillField to avoid flaky failures
- Remove @lhci/cli, newman, pa11y-ci (used only by obsolete Makefile.old)
- Redirect qa:postman, qa:lh, qa:a11y scripts to explanatory message
- npm audit fix for remaining lodash vulnerability
- Document Lot 6 (bypass flags verified) and Lot 8 in REMEDIATION_PROGRESS
- Add hls_auth_middleware in stream server (Bearer + ?token=)
- Apply auth to /hls/:track_id/* routes
- Update frontend hlsService to use stream server URL + pass JWT via xhrSetup
- Add getHLSXhrSetup() and getHLSURLWithToken() for hls.js integration
- Add VITE_HLS_BASE_URL config (derived from VITE_STREAM_URL when unset)
- Add unit tests for token extraction and HLS helpers
- Mark audit item 1.3 as done
- Fix misleading comment in TwoFactorVerify (authApi.verify2FA is for setup, not login)
- Add MSW handler for POST /auth/login/2fa
- Improve error display in AuthViewContent when 2FA verification fails
- Add integration test for 2FA login flow
- Update AUDIT_TECHNIQUE_INTEGRAL
Refs: AUDIT_TECHNIQUE_INTEGRAL_2026_02_15.md item 1.2 (P0)
- Add smoke-post-deploy.spec.ts for health checks
- Add playwright.config.smoke.ts (no webServer)
- Add smoke-post-deploy job to cd.yml (runs when STAGING_URL set)
- Document procedure in e2e/README.md
- Add VITE_CDN_URL, VITE_CDN_ENABLED to .env.example
- Create getAssetURL, getAudioURL in utils/cdn.ts
- Use getAudioURL in hlsService for HLS stream URLs
