Switch from hardcoded credentials to env var substitution (DB_PASSWORD,
SESSION_SECRET, ORIGIN). Use production ports (3200:3000, 3201:5432) and
host.docker.internal for DB connectivity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Health check endpoint (GET /api/health) with DB probe and uptime
- In-memory sliding window rate limiting on login (10/60s) and register (5/3600s)
- Structured logging with pino (request timing in hooks, Socket.IO events in server.js)
- Site admin dashboard with tenant stats, CRUD, and requireSiteAdmin guard
- Tenant admin enhanced with tag and category management UI
- Docker HEALTHCHECK in Dockerfile and docker-compose.yml
- Backup documentation (docs/backup.md)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>