- Add auth HTTP handlers (login, me, logout) with proper JSON responses
- Enforce HS256 via jwt.WithValidMethods to prevent algorithm confusion attacks
- Add context helpers for extracting operator ID and role from JWT claims
- Add comprehensive auth test suite (11 unit tests + 6 integration tests)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ChipSetService with full CRUD, duplication, builtin protection
- BlindStructure service with level validation and CRUD
- PayoutStructure service with bracket/tier nesting and 100% sum validation
- BuyinConfig service with rake split validation and all rebuy/addon fields
- TournamentTemplate service with FK validation and expanded view
- WizardService generates blind structures from high-level inputs
- API routes: /chip-sets, /blind-structures, /payout-structures, /buyin-configs, /tournament-templates
- All mutations require admin role, reads require floor+
- Wired template routes into server protected group
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Go module at github.com/felt-app/felt with go-libsql pinned to commit hash
- Full directory structure per research recommendations (cmd/leaf, internal/*, frontend/)
- Makefile with build, run, run-dev, test, frontend, all, clean targets
- LibSQL database with WAL mode, foreign keys, and embedded migration runner
- SvelteKit SPA stub served via go:embed
- Package stubs for all internal packages (server, nats, store, auth, clock, etc.)
- go build and go vet pass cleanly
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
