- Move app.use(router) after await authStore.init() so the beforeEach guard
sees the correct isAuthenticated state on page load
- Fix backfill_session_costs._root_prefix: remove underscore→dash replacement
that caused paths like /Users/ai_leed/... to not match ~/.claude/projects/ folders
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Auto-create/update OmgEntry when Project.job_number changes (PATCH /api/projects);
delete stale entry on clear; sync name/client when those fields change too
- Backfill script: scripts/backfill_omg_from_projects.py
- Projects List-view: add OMG # column with link to /omg?highlight=<job_number>;
Grid-view badge also made clickable; OmgView supports ?highlight= deep-link with scroll+highlight
- AzureWorkItem: add omg_number column (migration 0009), extracted from
fields_json[Custom.OMGDeliverableNumber] on sync; DevOps table shows OMG # column
with CC-project link when matched; toolbar badge shows count of items without OMG #
- Session no longer lost on F5: refresh_token moved to HttpOnly+SameSite=Lax cookie;
authStore.init() restores session on app start; axios interceptor retries on 401
via cookie refresh before logging out; POST /api/auth/logout clears cookie
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- New POST /api/auth/microsoft endpoint validates Azure ID token via JWKS
- Removed POST /api/auth/login and /change-password
- Added azure_oid + nullable password_hash to users (migration 0007)
- Auto-provisions all @oliver.agency accounts on first SSO login
- Case-insensitive email matching links existing vadymsamoilenko@ account
- DEV_AUTH_BYPASS flag for local development without MSAL
- Frontend: MSAL loginPopup replaces email/password form
- Added scripts/grant_admin.py for role management
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
