What we shipped recently

Opt-in 2FA enrollment for any account with QR setup, manual URI fallback, and 10 backup codes. Admin accounts get a soft nudge until enrolled.

OAuth via Google on /login and /signup. Existing accounts auto-link by email.

/account/settings/privacy lets any user download a ZIP of their data and request a 30-day-scheduled hard delete.

Cross-origin POSTs from a malicious page can no longer drop an admin out of an active impersonation session.

GitHub Actions workflow with Postgres service container; one-command deploy script that ships, builds remotely, restarts via systemd, and smoke-tests /api/health.

AED-native card checkout via Ziina. Hosted-redirect flow; webhook + return-URL safety nets.