c34ad27b86
Security fixes: - Register route validates company exists before creating user - Rate limiting on auth routes (10 per 15min per IP) - Dev auth plugin guards against production use - Main.ts throws if JWT_SECRET missing in production Added Phase 2 audit doc (22) covering: - Built vs planning doc comparison - Security review with fixes applied - Duplicate code patterns identified - Standard POS feature gap analysis - Music-specific feature gaps 33 tests passing.
880 B
880 B