- Doc 02: Add member_identifier table, member_number, primary_member_id,
account_number auto-generation, isMinor override, tax_exemption as
separate table, member move, updated business rules
- Doc 03: Document lookup table pattern replacing pgEnums for status and
condition, add system/custom value distinction
- Doc 22: Mark all Phase 2 items as complete, add new tables to additions
section, update audit findings, note admin frontend exists
Security fixes:
- Register route validates company exists before creating user
- Rate limiting on auth routes (10 per 15min per IP)
- Dev auth plugin guards against production use
- Main.ts throws if JWT_SECRET missing in production
Added Phase 2 audit doc (22) covering:
- Built vs planning doc comparison
- Security review with fixes applied
- Duplicate code patterns identified
- Standard POS feature gap analysis
- Music-specific feature gaps
33 tests passing.
