- Add GET /api/backup/export and POST /api/backup/import endpoints for full data backup
- Add drag-and-drop reorder for goal steps with PUT /api/goals/{id}/steps/reorder
- Auto-assign sort_order on step creation (preserves creation order)
- Fix duplicate milestone rendering in goal detail page
- Add category management button in goal dialog
- Migrate database default from SQLite to PostgreSQL
- Fix router guard redirect loop for logged-in users on setup/login pages
- Fix ALTER TABLE ADD COLUMN crash on callable defaults (uuid.uuid4)
- Add auth status rate limiter and token version caching
- Update CLAUDE.md to reflect current architecture
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
passlib 1.7.4 has a known bug with bcrypt 4.x on Python 3.13 where
detect_wrap_bug passes an over-72-byte hash as a password, causing
ValueError on every login attempt.
Switched to bcrypt.hashpw/checkpw directly, removing the passlib
dependency entirely.
Also fixed 401 page reload on /auth/login endpoint.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
