- Add auth to /api/ai via requireFamily middleware - Remove /api/ai and /api/auth/debug from public routes - Delete debug/test routes that expose internal state Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Patch 1: Add requireFamily to chat route Patch 2: Add requireFamily to family routes Patch 3: Create admin-auth.ts, apply to all admin routes Patch 4: Delete debug and migrate routes, update middleware Patch 5: Create audit_log table and schema Patch 6: Create password reset flow (reset-request, reset-confirm) Patch 7: Replace with real HTTP security tests Patch 8: RLS migrations already exist (01-app-role, 02-enable-rls) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
