refactor: fix biome linting issues and update project documentation

- Fix 36+ biome linting issues reducing errors/warnings from 227 to 191
- Replace explicit 'any' types with proper TypeScript interfaces
- Fix React hooks dependencies and useCallback patterns
- Resolve unused variables and parameter assignment issues
- Improve accessibility with proper label associations
- Add comprehensive API documentation for admin and security features
- Update README.md with accurate PostgreSQL setup and current tech stack
- Create complete documentation for audit logging, CSP monitoring, and batch processing
- Fix outdated project information and missing developer workflows

app/api/reset-password/route.ts

@@ -2,15 +2,37 @@ import crypto from "node:crypto";
 import bcrypt from "bcryptjs";
 import { type NextRequest, NextResponse } from "next/server";
 import { prisma } from "../../../lib/prisma";
+import { extractClientIP } from "../../../lib/rateLimiter";
+import {
+  AuditOutcome,
+  createAuditMetadata,
+  securityAuditLogger,
+} from "../../../lib/securityAuditLogger";
 import { resetPasswordSchema, validateInput } from "../../../lib/validation";
 
 export async function POST(request: NextRequest) {
   try {
+    const ip = extractClientIP(request);
+    const userAgent = request.headers.get("user-agent") || undefined;
     const body = await request.json();
 
     // Validate input with strong password requirements
     const validation = validateInput(resetPasswordSchema, body);
     if (!validation.success) {
+      await securityAuditLogger.logPasswordReset(
+        "password_reset_validation_failed",
+        AuditOutcome.FAILURE,
+        {
+          ipAddress: ip,
+          userAgent,
+          metadata: createAuditMetadata({
+            error: "validation_failed",
+            validationErrors: validation.errors,
+          }),
+        },
+        "Password reset validation failed"
+      );
+
       return NextResponse.json(
         {
           success: false,
@@ -34,6 +56,19 @@ export async function POST(request: NextRequest) {
     });
 
     if (!user) {
+      await securityAuditLogger.logPasswordReset(
+        "password_reset_invalid_token",
+        AuditOutcome.FAILURE,
+        {
+          ipAddress: ip,
+          userAgent,
+          metadata: createAuditMetadata({
+            error: "invalid_or_expired_token",
+          }),
+        },
+        "Password reset attempt with invalid or expired token"
+      );
+
       return NextResponse.json(
         {
           success: false,
@@ -56,6 +91,22 @@ export async function POST(request: NextRequest) {
       },
     });
 
+    await securityAuditLogger.logPasswordReset(
+      "password_reset_completed",
+      AuditOutcome.SUCCESS,
+      {
+        userId: user.id,
+        companyId: user.companyId,
+        ipAddress: ip,
+        userAgent,
+        metadata: createAuditMetadata({
+          email: "[REDACTED]",
+          passwordChanged: true,
+        }),
+      },
+      "Password reset completed successfully"
+    );
+
     return NextResponse.json(
       {
         success: true,
@@ -65,6 +116,20 @@ export async function POST(request: NextRequest) {
     );
   } catch (error) {
     console.error("Reset password error:", error);
+
+    await securityAuditLogger.logPasswordReset(
+      "password_reset_server_error",
+      AuditOutcome.FAILURE,
+      {
+        ipAddress: extractClientIP(request),
+        userAgent: request.headers.get("user-agent") || undefined,
+        metadata: createAuditMetadata({
+          error: "server_error",
+        }),
+      },
+      `Server error in password reset completion: ${error}`
+    );
+
     return NextResponse.json(
       {
         success: false,