-
Run #14 remediation: governor sweeper, scan/storage/payments hardening
-
server: delegated login ("Sign in with Makenot.work") for testnot
-
server: site access gate for testnot (fan+/creator only)
-
server: gallery/carousel, promo-validator, fuzz #11/#12 remediations, embed port, observability
-
tests: thread cost_allocation + runway_config into AppState literals
-
server: fix cargo test — AppState.tier_prices in harnesses + stale price assertions
-
launch-eve audit pass: Ultra Fuzz Runs #8-9 + cross-cutting sweeps
-
server: close Ultra Fuzz Run #4 phases 1-5 + 41-test integration triage
-
server: replace global CSRF allowlist with per-route posture helpers
-
v0.6.16: pg_stat_activity saturation alert + caddy-ask concurrency cap
-
test: add missing Config fields to integration test harness
-
v0.6.1: accept multiple Stripe webhook signing secrets
-
Audit coverage push + docengine assumptions feature
-
Code fuzz + ultra fuzz remediations, doc fixes, WAL archiving
-
Audit Run 20 remediations and mnw-cli todo update
-
Server: Everything tier pricing, OpenAPI, SyncKit push idempotency, docs refresh
-
Phase 3: harness helpers + test documentation
-
Audit Run 16: type safety, performance, dedup, testing (A- -> A)
-
Fix integration tests for CSRF rotation, hashed API keys, and schema changes
-
Add WAM (Whack-a-Mole) ticket manager with 25 proactive ticket sources
-
Security audit: fix 23 flaws from adversarial code fuzz, harden test suite
-
Stripe/McMaster-Carr quality remediations
-
Restructure into monorepo