- Add status and delivered_at to ChatMessage
- Handle MessageDelivered WebSocket event
- Send Delivered when receiving NewMessage or loading history
- Display ✓ (sent) / ✓✓ (delivered) in ChatMessageComponent
- Add create_test_user step in CI e2e job (e2e@test.com)
- Add TEST_EMAIL and TEST_PASSWORD to Playwright env for consistency
- Add form visibility waits in smoke.spec.ts (align with auth.spec.ts)
- Ensures login form is visible before fillField to avoid flaky failures
- Remove @lhci/cli, newman, pa11y-ci (used only by obsolete Makefile.old)
- Redirect qa:postman, qa:lh, qa:a11y scripts to explanatory message
- npm audit fix for remaining lodash vulnerability
- Document Lot 6 (bypass flags verified) and Lot 8 in REMEDIATION_PROGRESS
- Add hls_auth_middleware in stream server (Bearer + ?token=)
- Apply auth to /hls/:track_id/* routes
- Update frontend hlsService to use stream server URL + pass JWT via xhrSetup
- Add getHLSXhrSetup() and getHLSURLWithToken() for hls.js integration
- Add VITE_HLS_BASE_URL config (derived from VITE_STREAM_URL when unset)
- Add unit tests for token extraction and HLS helpers
- Mark audit item 1.3 as done
- Fix misleading comment in TwoFactorVerify (authApi.verify2FA is for setup, not login)
- Add MSW handler for POST /auth/login/2fa
- Improve error display in AuthViewContent when 2FA verification fails
- Add integration test for 2FA login flow
- Update AUDIT_TECHNIQUE_INTEGRAL
Refs: AUDIT_TECHNIQUE_INTEGRAL_2026_02_15.md item 1.2 (P0)
- Add smoke-post-deploy.spec.ts for health checks
- Add playwright.config.smoke.ts (no webServer)
- Add smoke-post-deploy job to cd.yml (runs when STAGING_URL set)
- Document procedure in e2e/README.md
- Add VITE_CDN_URL, VITE_CDN_ENABLED to .env.example
- Create getAssetURL, getAudioURL in utils/cdn.ts
- Use getAudioURL in hlsService for HLS stream URLs
- Document migration approach in ZUSTAND_MIGRATION_STRATEGY.md
- Add persistWithMigration utility for future stores
- Add version and migrate to authStore, library, ui, cartStore, playerStore
- Add useAbortSignal hook for component lifecycle cancellation
- Pass signal to apiClient in useLibraryItems, useUser, useDashboard,
useMyTracks, useNotificationMenu
- Prevents memory leaks when navigating away during fetch
- Global setup no longer throws when API is unavailable; writes empty
auth state so Playwright can start; specs that need auth use their
own login or storageState override.
- Ensure e2e/.auth dir exists before writing empty state.
- Remove packages/design-system/ directory (superseded by SUMI tokens
in apps/web/src/index.css, confirmed no imports exist)
- Update package.json keywords from kodo-design-system to sumi-design-system
- Create docs/STORYBOOK_CONTRACT.md defining mandatory story structure:
Default, Loading, Error, Empty states for feature components
- Typography audit: SUMI utility classes defined in index.css, codebase
correctly uses Tailwind classes with SUMI tokens via @theme — no
migration needed
Co-authored-by: Cursor <cursoragent@cursor.com>
- Fix setTimeout memory leak in ChatRoom.tsx by storing timeout in
useRef and cleaning up on unmount
- Add tests for Accordion, Collapsible, FloatingInput, AnimatedNumber,
and FAB components (5 new test files, all passing)
- Fix socialService methods (deleteComment, markRead, markAllRead) to
return values matching test expectations
- Fix MSW handlers for chat/token and notification endpoints to use
proper { success: true, data: ... } envelope format
- Fix invalid CSS selector in TrackList.test.tsx that caused JSDOM crash
- Document excluded test files with TODO tickets in vitest.config.ts
Co-authored-by: Cursor <cursoragent@cursor.com>
- Add Group and GroupMember models with CRUD service methods
- Implement social group endpoints: create, list, get, join, leave
- Add WishlistItem model with get/add/remove service methods
- Add CartItem model with get/add/remove/checkout service methods
- Create handlers for marketplace wishlist and cart operations
- Register playlist export (JSON/CSV) and duplicate routes
- Enable PLAYLIST_SHARE and NOTIFICATIONS feature flags
Co-authored-by: Cursor <cursoragent@cursor.com>
