- ProcessBuyIn with late registration cutoff and admin override
- ProcessRebuy with limit, level/time cutoff, and chip threshold checks
- ProcessAddOn with window validation and single-use enforcement
- ProcessReEntry requiring busted status with player reactivation
- ProcessBountyTransfer with PKO half-split and fixed bounty modes
- UndoTransaction reversing all financial effects
- IsLateRegistrationOpen checking both level AND time cutoffs
- GetSeasonReserves for season withholding tracking
- Rake split transactions per category (house, staff, league, season_reserve)
- Full audit trail integration for every transaction
- WebSocket broadcast for real-time updates
- 14 passing tests covering all flows
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Create 01-03-SUMMARY.md with plan execution results
- Update STATE.md: plan 7 of 14, 6 plans completed, 43% progress
- Update ROADMAP.md: 6/14 plans complete for Phase 1
- Mark AUTH-01, AUTH-03, PLYR-06 requirements complete
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add auth HTTP handlers (login, me, logout) with proper JSON responses
- Enforce HS256 via jwt.WithValidMethods to prevent algorithm confusion attacks
- Add context helpers for extracting operator ID and role from JWT claims
- Add comprehensive auth test suite (11 unit tests + 6 integration tests)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- SUMMARY.md with all accomplishments and deviations
- STATE.md updated with plan 10 position and decisions
- ROADMAP.md updated with plan progress
- REQUIREMENTS.md: UI-05, UI-06 marked complete
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Clock API routes: start, pause, resume, advance, rewind, jump, get, warnings
- Role-based access control (floor+ for mutations, any auth for reads)
- Clock state persistence callback to DB on meaningful changes
- Blind structure levels loaded from DB on clock start
- Clock registry wired into HTTP server and cmd/leaf main
- 25 tests covering: state machine, countdown, pause/resume, auto-advance,
jump, rewind, hand-for-hand, warnings, overtime, crash recovery, snapshot
- Fix missing crypto/rand import in auth/pin.go (Rule 3 auto-fix)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ChipSetService with full CRUD, duplication, builtin protection
- BlindStructure service with level validation and CRUD
- PayoutStructure service with bracket/tier nesting and 100% sum validation
- BuyinConfig service with rake split validation and all rebuy/addon fields
- TournamentTemplate service with FK validation and expanded view
- WizardService generates blind structures from high-level inputs
- API routes: /chip-sets, /blind-structures, /payout-structures, /buyin-configs, /tournament-templates
- All mutations require admin role, reads require floor+
- Wired template routes into server protected group
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- SvelteKit SPA with adapter-static, prerender, SSR disabled
- Catppuccin Mocha/Latte theme CSS with semantic color tokens
- WebSocket client with auto-reconnect and exponential backoff
- HTTP API client with JWT auth and 401 handling
- Auth state store with localStorage persistence (Svelte 5 runes)
- Tournament state store handling all WS message types (Svelte 5 runes)
- PIN login page with numpad, 48px touch targets
- Updated Makefile frontend target for real SvelteKit build
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ClockEngine with full state machine (stopped/running/paused transitions)
- Level management: load, advance, rewind, jump, hand-for-hand mode
- Drift-free ticker at 100ms with 1/sec broadcast (10/sec in final 10s)
- ClockRegistry for multi-tournament support (thread-safe)
- ClockSnapshot for reconnecting clients (CLOCK-09)
- Configurable overtime mode (repeat/stop)
- Crash recovery via RestoreState (resumes as paused for safety)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Embedded NATS server with JetStream (sync_interval=always per Jepsen 2025)
- AUDIT and STATE JetStream streams for tournament event durability
- NATS publisher with UUID validation to prevent subject injection
- WebSocket hub with JWT auth (query param), tournament-scoped broadcasting
- Origin validation and slow-consumer message dropping
- chi HTTP router with middleware (logger, recoverer, request ID, CORS, body limits)
- Server timeouts: ReadHeader 10s, Read 30s, Write 60s, Idle 120s, MaxHeader 1MB
- MaxBytesReader middleware for request body limits (1MB default)
- JWT auth middleware with HMAC-SHA256 validation
- Role-based access control (admin > floor > viewer)
- Health endpoint reporting all subsystem status (DB, NATS, WebSocket)
- SvelteKit SPA served via go:embed with fallback routing
- Signal-driven graceful shutdown in reverse startup order
- 9 integration tests covering all verification criteria
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- SUMMARY.md with full execution record and deviations
- STATE.md updated: plan 2/14, decisions, session info
- ROADMAP.md updated: Phase 1 progress 2/14
- REQUIREMENTS.md: ARCH-03, ARCH-08, PLYR-01, PLYR-07, SEAT-01, SEAT-02 complete
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Statement-splitting migration runner for go-libsql compatibility
(go-libsql does not support multi-statement Exec)
- FTS5 virtual table on player names with sync triggers
- Default seed data: DKK venue settings, Standard and Copenhagen chip sets
- Dev-only seed: default admin operator (PIN: 1234, bcrypt hashed)
- Dev mode flag (--dev) controls dev seed application
- First-run setup detection when no operators exist
- Single connection forced during migration for table visibility
- Idempotent: second startup skips all applied migrations
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Go module at github.com/felt-app/felt with go-libsql pinned to commit hash
- Full directory structure per research recommendations (cmd/leaf, internal/*, frontend/)
- Makefile with build, run, run-dev, test, frontend, all, clean targets
- LibSQL database with WAL mode, foreign keys, and embedded migration runner
- SvelteKit SPA stub served via go:embed
- Package stubs for all internal packages (server, nats, store, auth, clock, etc.)
- go build and go vet pass cleanly
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
14 plans in 6 waves covering all 68 requirements for the Tournament
Engine phase. Includes research (go-libsql, NATS JetStream, Svelte 5
runes, ICM complexity), plan verification (2 iterations), and user
feedback (hand-for-hand UX, SEAT-06 reword, re-entry semantics,
integration test, DKK defaults, JWT 7-day expiry, clock tap safety).
Wave structure:
1: A (scaffold), B (schema)
2: C (auth/audit), D (clock), E (templates), J (frontend scaffold)
3: F (financial), H (seating), M (layout shell)
4: G (player management)
5: I (tournament lifecycle)
6: K (overview/financials), L (players), N (tables/more)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
