Tastemakers

9

Releases

90

Total Changes

8

Sessions

624

Git Commits

5

Repositories

Changes by Type

✦Feature

▤Docs

⛨Security

↻Refactor

⚑Fix

⚡Performance

v0.7.02026-03-19Session 710 changes

Changelog, Roadmap Polish & Admin Scaffold

Built /changelog page with full release history and typed change entries
Added admin layout with sidebar navigation linking /tech, /roadmap, /changelog
Updated /tech page with Cost Comparison section and 11-section restructure

All Changes

✦FeatureBuilt /changelog page with stats summary, release cards, and change type badgesweb

✦FeatureCreated admin layout with sidebar navigation (Dashboard, Login, Under the Hood, Roadmap)web

✦FeatureCreated admin login page with form calling POST /api/loginweb

↻RefactorRestructured /tech page from 10 to 11 sections matching new specweb

✦FeatureAdded Cost Comparison section — US dev shop vs offshore vs AI-assisted cost calculatorweb

✦FeatureAdded Collapsible component for accordion behavior across all pagesweb

↻RefactorMade all sections with >3 items collapsible (Feature Modules, Build Journal, Lessons)web

▤DocsAdded 2 new lessons learned (terminal-only dev, security debt compounds)web

✦FeatureAI Workflow section now uses 6-card grid layout instead of single cardweb

↻RefactorBuild Journal reordered to most-recent-firstweb

v0.6.02026-03-19Session 612 changes

Roadmap & Project Health Dashboard

Built /roadmap page with all 50 tracked findings organized by P1/P2/P3
SVG score ring showing project health (3.8/10) with category breakdowns
Product roadmap with 3-phase accordion (Short/Medium/Long term)

All Changes

✦FeatureBuilt /roadmap page with 10 data-driven sections and cross-links to /techweb

✦FeatureSVG ScoreRing component with animated stroke-dasharray progressweb

✦FeatureHealth scorecard with 6 category breakdown bars (Architecture, Security, Testing, etc.)web

✦FeatureProduct roadmap — 3-phase accordion with colored borders and status badgesweb

✦FeatureSession velocity horizontal bar chart showing items per sessionweb

✦FeatureNext session planner with 5 priority-ordered security tasksweb

✦FeatureRisk register collapsible table with impact/likelihood/mitigation columnsweb

✦FeatureAudit recommendations — 15 prioritized action items from code reviewsweb

✦FeatureFindings pattern analysis with category breakdown bars and key insightsweb

✦FeatureOverall progress multi-segment bar (P1 red, P2 yellow, P3 purple, completed green)web

✦FeatureAll 50 findings rendered as FindingCard components with ID, tags, dates, file pathsweb

✦FeatureTooling & Workflow section: Available (5), Planned (4), Missing (4)web

v0.5.02026-03-13Session 69 changes

Under the Hood — Technical Overview Page

Built /tech page with Mermaid.js architecture diagram and 3 ERD schemas
10-section data-driven page: genesis, AI workflow, stats, stack, schema, journal
Inline design system with dark dev-tool aesthetic and reusable components

All Changes

✦FeatureBuilt /tech page — 1,085 lines of data-driven React with 10 sectionsweb

✦FeatureMermaidDiagram component loading Mermaid.js v11 from CDN via dynamic importweb

✦FeatureArchitecture flowchart showing all 4 clients, API layer, data layer, external servicesweb

✦Feature3 collapsible ERD diagrams: Core (users/restaurants/tags), Categories, Access Controlweb

✦FeatureBy the Numbers stats grid with LOC bar chart by projectweb

✦FeatureBuild Journal timeline with dot indicators and type-colored badgesweb

✦FeatureDesign tokens object (t) with 14 color tokens, 2 font stacksweb

✦FeatureReusable Section, Card, StatBox, Badge components with inline CSSweb

▤DocsLessons Learned section with 5 insights about AI-assisted developmentweb

v0.4.02026-03-13Session 55 changes

Android Assessment & Platform Audit

Discovered Android app won't compile — missing Hilt module + Firebase config
Identified premature Phase 3–5 dependencies blocking scaffold stage
Documented 2 cross-project P2 findings for Android

All Changes

⛨SecurityFound allowBackup="true" in Android manifest — enables ADB data extractionandroid

▤DocsDocumented missing Hilt DI module preventing Android compilationandroid

▤DocsDocumented premature Firebase/Play Services dependencies (no google-services.json)android

▤DocsLogged Android user_id in requests codifying IDOR vulnerabilityandroid

▤DocsNoted Android Restaurant model missing city/country fields from backendandroid

v0.3.02026-03-13Session 411 changes

Security Audit — Critical Vulnerabilities Found

Found 10 P1 critical security issues including secrets in git and IDOR
Unauthenticated delete endpoints, broken Apple JWT, debug credential leaks
Documented all findings in tastemakers-backend/todos/ with acceptance criteria

All Changes

⛨SecurityFound .env_bkp with production DB password, API keys, Laravel APP_KEY in gitbackend

⛨SecurityFound unauthenticated image-delete, tags-delete, tastemakerlist-delete endpointsbackend

⛨SecurityFound hardcoded Firebase FCM server key and Google OAuth client ID in sourcebackend

⛨SecurityFound broken Apple Sign-In — JWT signature never verified against JWKSbackend

⛨SecurityFound debug echo/print_r leaking Foursquare API URL with credentialsbackend

⛨SecurityFound public /clear-cache route running 5 artisan commands without authbackend

⛨SecurityFound IDOR — user_id accepted from request body in 4+ endpointsbackend

⛨SecurityFound Google/Apple OAuth storing raw token as unhashed passwordbackend

⛨SecurityFound wp-config.php with production MySQL password and auth salts exposedwordpress

⛨SecurityFound SSL verification disabled for FCM push notification requestsbackend

⚡PerformanceFound env() called 12+ times in controllers — breaks after config:cachebackend

v0.2.02026-03-13Session 39 changes

Cross-Platform API Contract Mapping

Mapped every API endpoint across iOS, Android, and web clients
Found field name mismatches (tag_name vs name, description vs short_description)
Documented 19 cross-project findings in todos/ directory

All Changes

↻RefactorMapped all 50 API endpoints across iOS, Android, Web, and backend documentationcross-project

⚑FixIdentified tag 'name' vs 'tag_name' mismatch — tags deserialize as null in clientscross-project

⚑FixIdentified user 'short_description' vs 'description' mismatch — bios fail to savecross-project

⚑FixFound search-tags endpoint divergence — iOS calls different controller than docs specifycross-project

▤DocsCreated 19 cross-project todo files with priority, scope, file paths, acceptance criteriacross-project

▤DocsFound 5 different brand name spellings (tastemaker, testmaker, testsmaker, testemakers, TasteMaker)cross-project

⚑FixIdentified TypeScript types missing API response envelope wrappersweb

⛨SecurityIdentified localStorage token XSS vulnerability — needs httpOnly cookie upgradeweb

▤DocsIdentified incomplete root CLAUDE.md API contract (missing 11+ endpoints)docs

v0.1.02026-03-13Session 27 changes

Web Frontend Scaffold

Created Next.js 15 + TypeScript web frontend on port 3050
API proxy to Laravel backend (localhost:4050) via next.config.ts rewrites
TypeScript interfaces for User, Restaurant, Tag, TastemakerList

All Changes

✦FeatureScaffolded tastemakers-web with Next.js 15 App Router and React 19web

✦FeatureConfigured TypeScript strict mode with path aliases (@/* → ./src/*)web

✦FeatureSet up API proxy rewrites: /api/* → localhost:4050/api/*web

✦FeatureCreated apiFetch<T>() helper with auto Bearer token injectionweb

✦FeatureDefined TypeScript interfaces: User, Restaurant, Tag, TastemakerListweb

▤DocsCreated CLAUDE.md for web project with setup, structure, and 7-phase implementation planweb

▤DocsEstablished port assignments: 3050 web, 4050 API, 4051 admin, 5446 PG, 6384 Redisinfrastructure

v0.0.12026-03-13Session 111 changes

Backend Audit & Project Documentation

Read every controller, model, and migration in the Laravel backend
Documented 31 backend findings and set up CLAUDE.md for all 5 repos
Established todos/ tracking system for cross-project code review findings

All Changes

▤DocsRead and audited all 11 controllers (6,358 LOC), 9 models, 17 migrationsbackend

▤DocsDocumented 31 backend-specific findings in tastemakers-backend/todos/backend

▤DocsCreated CLAUDE.md context files for all 5 repositories + monorepo rootall

▤DocsEstablished todos/ directory structure with README index and per-issue markdown filesall

⚡PerformanceFound N+1 query catastrophe — 600+ queries for 100 tastemakers in restaurantDetailsbackend

⚡PerformanceFound missing database indexes on all 3 pivot table FK columnsbackend

↻RefactorIdentified god controllers: RestaurantController (2,985 LOC), UserController (1,623 LOC)backend

▤DocsDocumented Haversine formula duplicated 16 times in RestaurantControllerbackend

▤DocsFound 390+ lines of commented-out code (13% of RestaurantController)backend

▤DocsIdentified permission checking copy-pasted 51 times across 7 controllersbackend

↻RefactorMapped 3 inconsistent API response formats across all controllersbackend

Legacy2021–2025Pre-audit16 changes

Original iOS App Development (617 commits)

iOS app built over 4+ years with 25 ViewControllers and 617 git commits
Features: restaurant discovery, tagging, lists, social login, badge system
Laravel 8 backend API with PostgreSQL, Passport OAuth2, Foursquare integration

All Changes

✦FeatureBuilt iOS app with 25 ViewControllers: auth, restaurant discovery, tagging, lists, profilesios

✦FeatureImplemented Google OAuth and Apple Sign-In for iOS social loginios

✦FeatureBuilt restaurant image upload, like/unlike, and reporting systemios

✦FeatureImplemented Foursquare venue search integration for restaurant discoverybackend

✦FeatureBuilt tastemaker list curation and follow/bookmark systembackend

✦FeatureImplemented badge system (Sous-Chef, Head-Chef, Iron-Chef, Michelin-Star)ios

✦FeatureBuilt admin panel with Blade templates, DataTables, and RBACbackend

✦FeatureConfigured Laravel Passport OAuth2 for Bearer token authenticationbackend

✦FeatureBuilt category system with bulk Excel import (Maatwebsite/Excel)backend

✦FeatureImplemented geolocation search with Haversine distance formulabackend

✦FeatureBuilt WordPress marketing site at tastemakersapp.comwordpress

✦FeatureSet up PostgreSQL database with 15 tables and 5 pivot tablesbackend

✦FeatureImplemented Firebase FCM push notifications for iOSbackend

⚑FixGoogle login crash fixed (iOS 17 support update, Nov 2023)ios

↻RefactorUpdated CocoaPods and removed deprecated methods (Jan 2023)ios

✦FeatureScaffolded Android app with Kotlin + Jetpack Compose (early stage, 135 LOC)android