- Redesign GoogleCalendarConnect component with better mobile/desktop layout
- Change from horizontal to vertical layout on mobile with proper button stacking
- Add proper card styling with border, background, and shadow
- Increase button padding and minimum heights for better touch targets (44px)
- Improve spacing and typography hierarchy
- Add flex-shrink-0 to prevent icon/text wrapping issues
- Center align action buttons and improve visual balance
- Update GoogleCalendarAddButton with better header and max-width constraint
- Ensure buttons stay within card boundaries on all screen sizes

- Remove disconnect button from calendar cards for cleaner design
- Add Google Calendar connection toggle to user profile dropdown menu
- Show real-time connection status with visual indicators (connected/disconnected)
- Add connect/disconnect functionality directly in navigation
- Implement status checking on component mount and user change
- Better separation of concerns: calendar cards for actions, dropdown for settings
- Improve button alignment and remove unnecessary complexity from event cards

- Add role badges next to logo showing Admin or Staff status when logged in
- Use distinct colors: red for Admin (with Settings icon), blue for Staff (with Shield icon)
- Responsive design: show text on desktop (sm+), icon only on mobile for space
- Add badges to both desktop header and mobile menu for consistency
- Only visible to users with elevated permissions (admin/organizer roles)
- Improves role awareness and administrative workflow clarity

- Fix RefundDialog component displaying cents as dollars (e.g.  instead of )
- Replace manual price formatting with formatPrice() utility in RefundDialog
- Fix AttendeeManagement component revenue and ticket price displays
- Ensure consistent currency formatting across all refund-related components
- Database correctly stores amounts in cents, now properly converted for display
- Affects ticket prices, refund amounts, processing fees, and revenue calculations
- No changes to underlying refund calculation logic (which was correct)

- Hide Create Event button from regular users (only visible to staff/admin)
- Reorder navigation buttons: Create Event (leftmost) → Staff → My Events → Browse Events (rightmost)
- Apply consistent ordering to both desktop and mobile navigation
- Prepare layout for future admin button placement (will be rightmost)
- Improve role-based navigation security and user experience
- Remove unnecessary Create Event visibility for users without permissions

- Show Sign In button immediately on page load instead of loading spinner
- Remove jarring layout shift when auth state loads
- Add smooth opacity transition during auth check (75% opacity while loading)
- Disable pointer events during loading to prevent premature clicks
- Apply consistent behavior to both desktop and mobile navigation
- Improves perceived performance and eliminates CLS (Cumulative Layout Shift)
- Better UX with immediate interactive elements rather than delayed UI

- Add getEventCardDescription utility function for consistent description handling
- Prioritize short_description over full description across all card styles
- Implement consistent 85-character truncation (adjustable per card type)
- Add line-clamp-2 and min-height classes for uniform card heights
- Apply consistent spacing with leading-relaxed for better readability
- Update all card variants: DefaultCard, PreviewListCard, FullListCard, TimelineCard
- Eliminate layout shift issues caused by varying description lengths
- Ensure all event cards have consistent visual hierarchy and spacing

…ct loops

- Enhanced middleware to validate both session and user state
- Added comprehensive error handling for expired/invalid tokens
- Implemented automatic clearing of stale authentication cookies
- Added client-side utility to clear authentication data
- Added debug button on login page for users experiencing auth issues
- Improved session validation with expiry checks

This resolves issues where middleware detected stale sessions causing redirect loops.

- Fix TypeScript error in utils/supabase/middleware.ts line 55
- Ensure hasValidSession and hasValidUser are explicitly boolean values
- Use double negation (!!) operator for safe boolean conversion
- Minimal change to maintain auth functionality integrity

This resolves the CI pipeline failure blocking PR deployment.

- Add missing footer-title test ID with visible LocalLoop text in Footer
- Update E2E test to conditionally check create-event-link (staff/admin only)
- Replace img tags with Next.js Image component for better performance
- Fix ESLint warnings for optimized image loading
- All E2E tests now passing locally (3/3 tests)

These changes resolve the CI pipeline failures while maintaining:
- Role-based access control for staff/admin features
- Proper accessibility with test IDs
- Performance optimizations with Next.js Image
- Non-breaking changes to authentication functionality

- Set viewport maximum scale to 1 and disable user scaling
- Add overflow-x: hidden to body and html elements
- Improves touch interaction consistency on mobile devices

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

- Add Free badge for non-paid upcoming events (green)
- Add Soon badge for events within 7 days (orange)
- Update badge colors: blue for paid events, yellow for past events
- Apply consistently across all event card styles (default, list, compact, timeline)
- Improve visual hierarchy and event status communication

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

- Fix Dashboard title text color using semantic foreground/muted-foreground
- Reorder navigation: Staff → Create Event → My Events → Browse Events
- Position theme toggle as separator before user/login button
- Enhance dark mode readability across dashboard components

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

- Remove redundant card wrapper from ticket selection component
- Streamline event detail layout by eliminating duplicate titles
- Improve spacing and visual hierarchy in ticket selection area
- Enhance user experience with cleaner, less cluttered interface

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

- Separate events into upcoming and past categories in server component
- Add toggle functionality to show/hide past events section
- Maintain clean separation between featured and non-featured events
- Improve event discovery by allowing users to browse historical events

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

- Remove duplicate titles and improve form header layout
- Add Show Preview button positioned on right side for better UX
- Standardize form spacing with consistent mb-2 label spacing
- Improve switch visibility with enhanced unchecked state styling
- Update all placeholder texts to use consistent 'Summer Food Truck Festival' theme
- Enhance form accessibility and visual hierarchy

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

- Remove unused favicon.ico file to clean up assets
- Add .cursorignore file for better development environment setup

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

- Update footer logo to use same dimensions as navigation (48x48, w-12 h-12)
- Ensure consistent logo sizing throughout the application
- Maintain visual consistency between header and footer branding

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

- Remove unused Eye and EyeOff imports from lucide-react
- Remove unused showPreview parameter from EventForm component
- Resolves linting errors that were causing CI failures

- Fix missing closing parenthesis and incorrect JSX structure in title character count display
- Resolves build failure that was blocking CI pipeline
- All unit tests continue to pass (93/93)

…e CI scores

- Fix ARIA controls attribute to only reference existing elements in search suggestions
- Enable zoom functionality by allowing user scaling up to 5x for accessibility compliance
- Make logo images decorative by removing redundant alt text that duplicates adjacent text
- These fixes address critical accessibility violations in Lighthouse CI testing

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

- Add Zod-based validation schemas for authentication inputs
- Implement UUID validation for user IDs
- Add OAuth state parameter validation for CSRF protection
- Create authorization code format validation
- Add email validation with injection prevention
- Implement password strength requirements
- Add redirect URL validation to prevent open redirects
- Include rate limiting with token bucket algorithm
- Add sanitization utilities for XSS prevention

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

BREAKING CHANGE: Google Calendar encryption key is now required in production

- Prevent hard-coded encryption key usage in production
- Add environment validation for GOOGLE_CALENDAR_ENCRYPTION_KEY
- Improve encryption key derivation with unique salt
- Add production-safe logging with data masking
- Secure token access and storage audit logging

Addresses critical security vulnerability where tokens could be
decrypted using predictable hard-coded keys.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

- Implement IP-based rate limiting for OAuth endpoints
- Add comprehensive input validation using Zod schemas
- Replace unsafe user ID validation with UUID validation
- Add authorization code format validation
- Fix direct auth.users schema access to use RLS-safe methods
- Add production-safe logging with sensitive data masking
- Implement error handling for rate limit violations

Protects against brute force attacks and ensures all OAuth inputs
are properly validated before processing.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

- Add comprehensive security headers (HSTS, CSP, X-Frame-Options)
- Implement Permissions-Policy to disable unnecessary browser APIs
- Add X-Content-Type-Options and Referrer-Policy headers
- Configure authentication-specific security policies
- Add no-cache headers for authentication pages
- Prevent search engine indexing of auth pages
- Enhance API endpoint security with strict headers

Implements defense-in-depth security strategy with multiple
layers of browser-based protection.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

- Document all implemented security enhancements
- Provide before/after security analysis
- Detail critical vulnerability fixes
- Include deployment checklist and environment requirements
- Add implementation details for each security layer
- Document compliance with OWASP and OAuth 2.0 standards
- Provide client acceptance criteria and status

Serves as complete reference for security improvements
implemented in response to client request.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

…ta-testid coverage

- Add skip navigation links for keyboard users
- Implement ARIA landmarks and descriptive labels throughout application
- Enhance UI components with accessibility props (Button, Input, Label)
- Add comprehensive data-testid attributes for E2E testing (100% coverage)
- Create accessibility utility library with helpers and constants
- Improve EventCard accessibility with semantic HTML and ARIA
- Fix data-testid naming consistency (data-test-id → data-testid)
- Add screen reader optimizations with aria-hidden for decorative elements
- Implement focus management and keyboard navigation support

BREAKING CHANGE: data-test-id attributes renamed to data-testid for consistency

🛡️ WCAG 2.1 AA compliant implementation
📋 Full documentation in ACCESSIBILITY_IMPROVEMENTS.md

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>