feat: comprehensive security and architecture improvements

- Add Zod validation schemas with strong password requirements (12+ chars, complexity)
- Implement rate limiting for authentication endpoints (registration, password reset)
- Remove duplicate MetricCard component, consolidate to ui/metric-card.tsx
- Update README.md to use pnpm commands consistently
- Enhance authentication security with 12-round bcrypt hashing
- Add comprehensive input validation for all API endpoints
- Fix security vulnerabilities in user registration and password reset flows

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

test-refactored-pipeline.js

@@ -1,49 +1,52 @@
 // Test script for the refactored data processing pipeline
-import { PrismaClient } from '@prisma/client';
-import { processQueuedImports } from './lib/importProcessor.ts';
-import { processAllUnparsedTranscripts } from './lib/transcriptParser.ts';
-import { processUnprocessedSessions, getAIProcessingCosts } from './lib/processingScheduler.ts';
+import { PrismaClient } from "@prisma/client";
+import { processQueuedImports } from "./lib/importProcessor.ts";
+import { processAllUnparsedTranscripts } from "./lib/transcriptParser.ts";
+import {
+  processUnprocessedSessions,
+  getAIProcessingCosts,
+} from "./lib/processingScheduler.ts";
 
 const prisma = new PrismaClient();
 
 async function testRefactoredPipeline() {
-  console.log('🧪 Testing Refactored Data Processing Pipeline\n');
+  console.log("🧪 Testing Refactored Data Processing Pipeline\n");
 
   // Step 1: Check current state
-  console.log('📊 Current Database State:');
+  console.log("📊 Current Database State:");
   const stats = await getDatabaseStats();
   console.log(stats);
-  console.log('');
+  console.log("");
 
   // Step 2: Test import processing (minimal fields only)
-  console.log('🔄 Testing Import Processing (Phase 1)...');
+  console.log("🔄 Testing Import Processing (Phase 1)...");
   await processQueuedImports(5); // Process 5 imports
-  console.log('');
+  console.log("");
 
   // Step 3: Test transcript parsing
-  console.log('📝 Testing Transcript Parsing (Phase 2)...');
+  console.log("📝 Testing Transcript Parsing (Phase 2)...");
   await processAllUnparsedTranscripts();
-  console.log('');
+  console.log("");
 
   // Step 4: Test AI processing with cost tracking
-  console.log('🤖 Testing AI Processing with Cost Tracking (Phase 3)...');
+  console.log("🤖 Testing AI Processing with Cost Tracking (Phase 3)...");
   await processUnprocessedSessions(3, 2); // Process 3 sessions with concurrency 2
-  console.log('');
+  console.log("");
 
   // Step 5: Show final results
-  console.log('📈 Final Results:');
+  console.log("📈 Final Results:");
   const finalStats = await getDatabaseStats();
   console.log(finalStats);
-  console.log('');
+  console.log("");
 
   // Step 6: Show AI processing costs
-  console.log('💰 AI Processing Costs:');
+  console.log("💰 AI Processing Costs:");
   const costs = await getAIProcessingCosts();
   console.log(costs);
-  console.log('');
+  console.log("");
 
   // Step 7: Show sample processed session
-  console.log('🔍 Sample Processed Session:');
+  console.log("🔍 Sample Processed Session:");
   const sampleSession = await getSampleProcessedSession();
   if (sampleSession) {
     console.log(`Session ID: ${sampleSession.id}`);
@@ -54,19 +57,23 @@ async function testRefactoredPipeline() {
     console.log(`Escalated: ${sampleSession.escalated}`);
     console.log(`Forwarded HR: ${sampleSession.forwardedHr}`);
     console.log(`Summary: ${sampleSession.summary}`);
-    console.log(`Questions: ${sampleSession.sessionQuestions.length} questions`);
-    console.log(`AI Requests: ${sampleSession.aiProcessingRequests.length} requests`);
-    
+    console.log(
+      `Questions: ${sampleSession.sessionQuestions.length} questions`
+    );
+    console.log(
+      `AI Requests: ${sampleSession.aiProcessingRequests.length} requests`
+    );
+
     if (sampleSession.sessionQuestions.length > 0) {
-      console.log('Sample Questions:');
+      console.log("Sample Questions:");
       sampleSession.sessionQuestions.slice(0, 3).forEach((sq, i) => {
         console.log(`  ${i + 1}. ${sq.question.content}`);
       });
     }
   }
-  console.log('');
+  console.log("");
 
-  console.log('✅ Pipeline test completed!');
+  console.log("✅ Pipeline test completed!");
 }
 
 async function getDatabaseStats() {
@@ -78,7 +85,7 @@ async function getDatabaseStats() {
     totalMessages,
     totalQuestions,
     totalSessionQuestions,
-    totalAIRequests
+    totalAIRequests,
   ] = await Promise.all([
     prisma.session.count(),
     prisma.session.count({ where: { importId: { not: null } } }),
@@ -87,7 +94,7 @@ async function getDatabaseStats() {
     prisma.message.count(),
     prisma.question.count(),
     prisma.sessionQuestion.count(),
-    prisma.aIProcessingRequest.count()
+    prisma.aIProcessingRequest.count(),
   ]);
 
   return {
@@ -99,27 +106,27 @@ async function getDatabaseStats() {
     totalMessages,
     totalQuestions,
     totalSessionQuestions,
-    totalAIRequests
+    totalAIRequests,
   };
 }
 
 async function getSampleProcessedSession() {
   return await prisma.session.findFirst({
-    where: { 
+    where: {
       processed: true,
-      messages: { some: {} }
+      messages: { some: {} },
     },
     include: {
       sessionQuestions: {
         include: {
-          question: true
+          question: true,
         },
-        orderBy: { order: 'asc' }
+        orderBy: { order: "asc" },
       },
       aiProcessingRequests: {
-        orderBy: { requestedAt: 'desc' }
-      }
-    }
+        orderBy: { requestedAt: "desc" },
+      },
+    },
   });
 }