Changelog

BBQ Judge — Release History

Every release from project scaffolding to the latest feature. Each entry maps to a PR merge with detailed change breakdowns by type.

Last updated: March 26, 2026

17
Releases
121
Total Changes
16
Sessions
45.7K
Lines Added

Changes by Type

Feature68
Docs12
Security12
Fix10
Refactor10
Test8
Perf1

Releases

v0.16.02026-04-22Session 14PR #19–#23

CI Pipeline, SEO Surface, and the Quality Loop

  • GitHub Actions CI now gates every PR: lint + typecheck + 126 tests, ~1 min cold
  • Closed the pending-todo backlog from 27 items to 0 (26 were already fixed, 1 cosmetic shipped)
  • Detailed plan for an integration-test harness + first submitScoreCard test, ready to execute next session

9 changes — click to expand

FeatureAdded sitemap.xml + robots.txt on app (Next.js metadata routes) and marketing site (static); submitted to Google Search Console for both properties
FeatureAdded per-page <title> + <meta description> to /tech, /roadmap, /changelog, /analytics; root layout now has metadataBase + title template so SERPs show distinct snippets per page
FeatureGitHub Actions workflow .github/workflows/test.yml runs lint + tsc --noEmit + vitest on every push and PR to main (concurrency-cancel on rapid pushes)
FixRules page uses MAX_WEIGHTED_SCORE.toFixed(4) instead of hardcoded '{VALUE}.0000' interpolation — closes code-review todo #045
TestAdded 13 tests for sitemap.ts + robots.ts covering auth-gated URL exclusion and sitemap↔robots consistency (suite: 113 → 126)
RefactorReconciled todos/ directory: renamed 26 stale 'pending-' files to 'complete-' after verifying fixes in current code; removed a recursive todos/todos symlink
DocsAdded docs/plans/integration-tests.md — full design + runbook for server-action integration tests, ready for next session to execute
DocsCLAUDE.md Testing section: corrected '25 test suites' drift to accurate counts, added CI pointer
DocsPRODUCTION_ROADMAP.md: checked off CSP headers + health endpoint (both shipped earlier sessions but not marked); annotated integration-test item with plan link
v0.15.02026-04-20Session 14

Google Analytics 4 Wired Up

  • GA4 pageview tracking active on both app (G-RQ5TDP3X7Y) and marketing site (G-K2RGCLFFXV)
  • SPA-aware PageviewTracker fires config events on client-side route changes — no double-counting
  • Env-gated (NEXT_PUBLIC_GA_MEASUREMENT_ID) so local dev stays out of production analytics

5 changes — click to expand

FeatureAdded GoogleAnalytics client component with Suspense-wrapped PageviewTracker for Next.js App Router SPA navigation
FeatureWired Google Analytics 4 into app root layout (gated on NEXT_PUBLIC_GA_MEASUREMENT_ID env var)
FeatureAdded inline gtag.js snippet to marketing site index.html for static GitHub Pages site
DocsFlipped Phase 6 analytics decision from 'no tool' to 'GA4 + AuditLog'; updated /analytics page to show GA4 as active platform
DocsAdded NEXT_PUBLIC_GA_MEASUREMENT_ID to .env.example with production value documented as comment
v0.14.02026-03-26Session 13

Vercel Migration & Security Hardening

  • Migrated hosting from Render Pro to Vercel (free tier) — $49/mo savings
  • Hashed competition judgePin with bcrypt — eliminated plaintext PIN storage
  • Added TypeScript module augmentation for next-auth — removed all unsafe type casts

11 changes — click to expand

FeatureMigrated Next.js app hosting from Render Pro to Vercel with auto-deploy from main branch
FeatureMoved static marketing site to GitHub Pages (thirstypig/thejudgetool.com repo)
FeatureSplit auth into auth.config.ts (Edge-safe) and auth.ts (Node.js) for Vercel Edge Runtime compatibility
SecurityCompetition judgePin now bcrypt-hashed — was plaintext. Auth uses bcrypt.compare for PIN verification
SecurityPIN generation action (generateJudgePin) now hashes before storing; returns plaintext only to organizer UI
RefactorAdded next-auth module augmentation (src/types/next-auth.d.ts) — eliminated all `as unknown as` double-casts
RefactorCleaned up auth-guards.ts — direct property access instead of type casts
RefactorSwitched auth.config.ts from default export to named export (authConfig) for consistency
FixFixed import ordering in middleware.ts — imports before executable statements
FixAdded prisma generate to build command for Vercel fresh node_modules
FixUpdated CheckInTab PIN display — shows 'PIN is set' when hashed, reveals plaintext only after generation
v0.13.02026-03-19Session 12PR #14–#15

Static Marketing Site

  • Separated static marketing site from Next.js app for independent deployment
  • Marketing site as standalone HTML/CSS in marketing/ directory
  • Fixed Render static site deployment with package.json

3 changes — click to expand

FeatureSeparated static marketing site from Next.js app into marketing/ directory
FixAdded package.json to marketing site for Render static deploy compatibility
FixExcluded root path from auth middleware so landing page loads for unauthenticated users
v0.12.02026-03-18Session 11PR #12–#13

Marketing Landing Page

  • Full marketing landing page with dark mode and mobile responsive design
  • Admin-only access to meta pages (tech, roadmap, changelog, status, analytics)
  • Hero, pain points, feature comparison, and CTA sections

4 changes — click to expand

FeatureMarketing landing page with hero, pain points, judge section, feature comparison, and CTA
FeatureDark mode support on landing page with system preference detection
FeatureMobile responsive design for all landing page sections
FixMiddleware updated to allow unauthenticated access to root path
v0.11.02026-03-17Session 10PR #11

Meta Pages — Roadmap, Changelog, Status, Analytics

  • Added /roadmap with health scorecard, phased roadmap, risk register, and velocity tracking
  • Added /changelog with release history, change type distribution, and expandable details
  • Added /status with live health checks and /analytics with product metrics

6 changes — click to expand

FeatureRoadmap page with health scorecard (6 categories), 3-phase roadmap, risk register, and session velocity
FeatureChangelog page with release cards, change type badges, stats summary, and expandable details
FeatureStatus page with live API health checks and system component status
FeatureAnalytics page with product metrics and usage statistics
FeatureMetaPageNav shared component for cross-navigation between meta pages
FeatureMermaidDiagram component for rendering Mermaid.js diagrams client-side
v0.10.02026-03-16Session 9PR #10

Tech Page Overhaul

  • Rewrote /tech page into comprehensive 11-section build teardown
  • Added cost comparison, AI workflow docs, and Mermaid architecture diagrams
  • Added sidebar nav links for organizer role

7 changes — click to expand

Feature11-section /tech page with genesis, stats, cost comparison, AI workflow, architecture, tech stack, database ERDs, feature modules, build journal, lessons learned, and tools
FeatureCost comparison section: US dev shop vs offshore vs AI-assisted development
FeatureAI Development Workflow section with delegation split documentation
FeatureMermaid.js architecture flowchart and 3 ERD diagrams
FeatureCollapsibleSection component using native HTML details/summary
RefactorMoved all page data into TypeScript arrays/objects — no hardcoded JSX lists
DocsUpdated build journal with session 8 and 9 entries
v0.9.02026-03-13Session 8PR #9

Tech Page v1

  • Created initial /tech page with codebase stats
  • Added tools inventory and integrations listing
  • Server component — no client-side JavaScript

3 changes — click to expand

FeatureInitial /tech page with codebase statistics grid
FeatureTools and integrations section grouped by category
FeatureTech stack listing with version details
v0.8.02026-03-11Session 7bPR #8

Code Review Fixes & Architecture Cleanup

  • Split monolithic competition/actions into 6 focused files
  • Security hardening on server actions and query patterns
  • Performance improvements on database queries

5 changes — click to expand

RefactorSplit competition/actions/index.ts (1,200+ lines) into 6 domain-specific files: competitions, competitors, judges, tables, category-rounds, distribution
SecurityHardened server action auth patterns and ownership verification
PerfOptimized Prisma queries with selective includes and compound indexes
RefactorCleaned up stale files and dead code from architecture changes
FixFixed edge cases discovered during code review
v0.7.02026-03-11Session 7aPR #7

Diataxis Docs, E2E Simulation & Accessibility

  • E2E competition simulation script with 2,000+ assertions
  • Documentation restructured into Diataxis framework (15 docs)
  • Simulation found 3 DQ-handling bugs that unit tests missed

9 changes — click to expand

FeatureE2E competition simulation script — runs full KCBS lifecycle (seed → distribute → score 4 categories → tabulate → validate)
FeatureSimulation generates markdown report at reports/simulation-report.md with standings and validation summaries
DocsRestructured all documentation into Diataxis framework: tutorials, how-to, reference, explanation
DocsAdded tutorials: getting-started.md, first-competition.md
DocsAdded how-to guides: add-a-feature-module.md, run-tests.md, manage-database.md
DocsAdded reference docs: architecture.md, auth.md, scoring-rules.md, api.md, seed-data.md, database-schema.md
DocsAdded explanation docs: judge-flow.md, security-model.md, box-distribution.md
FixFixed 3 DQ edge-case bugs in tabulation discovered by E2E simulation
Test2,000+ assertions in E2E simulation covering scoring, tiebreaking, and DQ handling
v0.6.02026-03-10Session 6PR #6

WCAG Accessibility, OWASP Security & Spec Gaps

  • WCAG accessibility pass — ARIA labels, keyboard nav, focus management
  • OWASP security headers and rate limiting on both login providers
  • Test count jumped from ~40 to 113 with 3 new edge-case suites

10 changes — click to expand

FeatureARIA labels and roles on all interactive elements
FeatureKeyboard navigation support for DataTable, dropdowns, and modals
FeatureFocus management on route transitions and modal open/close
SecurityOWASP security headers in next.config.js (X-Frame-Options, X-Content-Type-Options, Referrer-Policy)
SecurityIn-memory sliding-window rate limiter (5 attempts / 15 min) on both login providers
SecurityFailed login attempts logged with timestamp and identifier
TestBox distribution edge-case test suite (empty inputs, single table, maxed out)
TestSchema validation test suite (all Zod schemas with valid/invalid inputs)
TestTabulation edge-case test suite (all DQs, ties, dropped scores)
TestTest count increased from ~40 to 113 across 25 suites
v0.5.02026-03-09Session 5PR #5

Organizer UX Overhaul

  • Restructured organizer pages with new routes for check-in, tables, and boxes
  • Competition selector dropdown and score audit with per-judge breakdown
  • Enhanced DataTable with client-side search and configurable pagination

9 changes — click to expand

FeatureCompetition selector dropdown in organizer top bar
FeatureScore audit view with per-judge formula breakdown (raw × weight = weighted)
FeatureNew organizer routes: /teams/checkin, /teams/boxes, /judges/checkin, /judges/tables
FeatureDataTable enhanced with searchFn prop for client-side search
FeatureDataTable pagination with configurable page sizes (10/25/50)
FeatureCompetitor check-in: checkedIn + checkedInAt fields, checkInTeam/uncheckInTeam actions
RefactorRenamed 'Competitors' to 'BBQ Teams' across all organizer UI
RefactorRemoved CBJ- prefix from all UI display — raw numbers only
RefactorOrganizer sidebar restructured with event lifecycle ordering
v0.4.02026-03-09Session 4PR #4

Box Distribution Algorithm

  • Latin square box distribution algorithm (no repeat competitor at same table)
  • 188 unit tests for the distribution generator
  • Captain dashboard polished with category submission screen

6 changes — click to expand

FeatureBox distribution generator with Latin square constraint (BR-2: no repeat competitor at same table across categories)
FeatureDistribution approval workflow with cascading delete guard
FeatureCategory submission dialog for table captains
FeatureServer-side gates for competition state transitions
Test188 unit tests for box distribution algorithm
SecurityguardAndCascadeDeleteSubmissions() checks for locked scores before cascade
v0.3.02026-03-09Session 3bPR #3

Security Hardening

  • Auth guards added to every server action
  • User IDs derived from session — removed all client-supplied IDs
  • Database writes wrapped in Prisma transactions

6 changes — click to expand

SecurityCreated auth-guards.ts: requireAuth(), requireOrganizer(), requireJudge(), requireCaptain()
SecurityRetrofitted all 62 server actions to start with auth guard
SecurityDerived all user IDs from session — eliminated IDOR vulnerabilities
SecurityCaptain actions verify table ownership (table.captainId === userId)
SecurityWrapped multi-step mutations in prisma.$transaction
FixFixed claimSeat to verify assignment.userId === session userId
v0.2.02026-03-09Session 3aPR #2

Judge Flow & Comment Cards

  • Extended judge flow with event info and comment card phases
  • Two-tab judge management layout (import + roster)
  • CompetitionJudge model for per-competition registration

7 changes — click to expand

FeatureEvent info phase — pre-judging screen with competition details and gated Start button
FeatureComment card phase — post-scoring feedback with taste and tenderness checks
FeatureCommentCard model with auto-populated scores from ScoreCard
FeatureCompetitionJudge model for per-competition registration and check-in tracking
FeatureTwo-tab judge management: JudgeImportForm (single + bulk) + JudgeRosterPanel
FeatureCommentCardToggle on organizer setup page
FeaturelocalStorage keys for judge session state: started flag, comments-done flag
v0.1.02026-03-08Session 2PR #1

Complete Application Build

  • Full app in one session: 12 Prisma models, 5 feature modules, auth, dashboard, seed data
  • KCBS scoring engine with weighted averages and tiebreaking
  • Design system: 11 common components + 10 UI primitives

16 changes — click to expand

FeaturePrisma schema: 12 models (Competition, User, Competitor, Table, TableAssignment, CompetitionJudge, CategoryRound, Submission, ScoreCard, CorrectionRequest, CommentCard, AuditLog)
Feature5 feature modules with full structure: competition, judging, scoring, tabulation, users
FeatureNextAuth.js v5 with JWT strategy, two Credentials providers (judge + organizer)
FeatureDashboard shell with role-based sidebar navigation (organizer, judge, captain)
FeatureKCBS scoring constants: valid scores, weights, tiebreaking rules
FeatureJudge flow: 4-phase setup (not-registered → awaiting-table → pick-seat → ready)
FeatureScoring components: ScorePicker (1-9 grid), ScoreCard compound, SubmissionQueue
FeatureCaptain dashboard: TableStatusBoard, ScoreReviewTable, CorrectionRequestPanel
FeatureTabulation engine: weighted scoring, drop-lowest, KCBS tiebreaking
FeatureResults page: 4-tab layout (progress, results, score audit, audit log) with 15s polling
FeatureSeed data: 1 competition, 1 organizer, 24 judges (4 captains), 24 BBQ teams, 4 tables
FeatureDesign system: PageHeader, StatusBadge, RoleBadge, EmptyState, LoadingSpinner, ThemeToggle, ConfirmDialog, DataTable, ScoreDisplay, SectionCard, UserAvatar
FeatureUI primitives: button, input, label, badge, card, tabs, dropdown-menu, alert-dialog, table, sheet
FeatureRules page with KCBS scoring reference
FeatureMiddleware: role-based route protection for /organizer, /captain, /judge, /rules
Test3 initial test suites for scoring utils, validation, and tabulation
v0.0.12026-03-06Session 1

Project Scaffolding

  • Next.js 14 with TypeScript strict mode and App Router
  • Tailwind CSS v3 with custom deep red theme
  • Path aliases configured: @/*, @features/*, @shared/*

5 changes — click to expand

FeatureNext.js 14.2 app with TypeScript strict mode
FeatureTailwind CSS v3 with custom theme (deep red #C0392B primary)
FeaturePath aliases: @/* → src/*, @features/* → src/features/*, @shared/* → src/shared/*
Featureshadcn/ui configured for new-york style with CSS variables
DocsInitial CLAUDE.md with project constraints and stack info