COSC481W-2025Fall · vas2000-emu · Dec 1, 2025 · Sep 14, 2025 · Sep 14, 2025 · Sep 14, 2025
diff --git a/-remote --heads origin  findstr homepage b/-remote --heads origin  findstr homepage
diff --git a/.github/ISSUE_TEMPLATE/pbi.md b/.github/ISSUE_TEMPLATE/pbi.md
@@ -0,0 +1,37 @@
+---
+name: "Product Backlog Item"
+about: "Create a new Product Backlog Item in INVEST format"
+title: "<Feature Name> [PBI]"
+labels: ["PBI"]
+assignees: []
+---
+
+## User Story
+
+As a <persona>, I want <feature> so that <business value>.
+
+- **Persona**: <who is using this?>  
+- **Feature**: <what capability is being built?>  
+- **Business Value**: <why this matters to the product or user>  
+
+---
+
+## Reference(s)
+
+- Link(s) to design docs, wireframes, or related PBIs if any  
+
+---
+
+## Tasks
+
+- [ ] Task 1  
+- [ ] Task 2  
+- [ ] Task 3  
+
+---
+
+## Acceptance Criteria
+
+- [ ] Clear condition 1 that must be true  
+- [ ] Clear condition 2 that must be true  
+- [ ] Any error handling or edge cases  
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,37 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '0 0 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript-typescript' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
diff --git a/.gitignore b/.gitignore
@@ -15,22 +15,39 @@ yarn-error.log*
 
 # env
 .env*
+<<<<<<< HEAD
+=======
 .env.local
 .env.development.local
 .env.test.local
 .env.production.local
+>>>>>>> 2cf79ae775545c31935108f06979a795fe08bdad
 
 # misc
 .DS_Store
 .vercel/
 *.tsbuildinfo
+<<<<<<< HEAD
+# test files
+clean.txt
+bad.txt
+secret.txt
+=======
 Thumbs.db
 Desktop.ini
+>>>>>>> 2cf79ae775545c31935108f06979a795fe08bdad
 
 # test files
 clean.txt
 bad.txt
 secret.txt
+<<<<<<< HEAD
+playwright-report/
+
+.cursorignore
+sprint-1-assignee-breakdown.txt
+get-issues.ps1
+=======
 
 # Python
 venv/
@@ -103,3 +120,4 @@ dist/
 *.tsbuildinfo
 
 issues/
+>>>>>>> 2cf79ae775545c31935108f06979a795fe08bdad
diff --git a/apps/web/.github/workflows/codeql.yml b/apps/web/.github/workflows/codeql.yml
@@ -0,0 +1,38 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '0 0 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript-typescript' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
+
diff --git a/apps/web/.gitignore b/apps/web/.gitignore
@@ -1,68 +1,105 @@
-# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
-
-# dependencies
-/node_modules
-/.pnp
-.pnp.*
-.yarn/*
-!.yarn/patches
-!.yarn/plugins
-!.yarn/releases
-!.yarn/versions
-
-# testing
-/coverage
-/test-results
-/playwright-report
-/playwright/.cache
-
-# next.js
-/.next/
-/out/
-
-# production
-/build
+# next / build
+.next/
+out/
+build/
 
-# misc
-.DS_Store
-*.pem
-Thumbs.db
-Desktop.ini
+# deps
+node_modules/
 
-# debug
+# logs
+*.log
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 .pnpm-debug.log*
 
-# env files (can opt-in for committing if needed)
+# env
 .env*
 .env.local
 .env.development.local
 .env.test.local
 .env.production.local
 
-# vercel
-.vercel
-
-# typescript
+# misc
+.DS_Store
+.vercel/
 *.tsbuildinfo
-next-env.d.ts
+Thumbs.db
+Desktop.ini
+
+# test files
+clean.txt
+bad.txt
+secret.txt
+
+# Python
+venv/
+.venv/
+backend/.venv/
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+
+# pytest
+.pytest_cache/
+.coverage
+htmlcov/
+.mypy_cache/
+.pytest_cache/
+.coverage
+backend/htmlcov/
+backend/coverage.xml
+
+# Playwright
+playwright-report/
+test-results/
+playwright/.cache/
+
+# docs (if you want to ignore extracted wireframes)
+docs/
+
+# Cursor/IDE
+.cursorignore
+.claude/
+
+# Scripts and temporary files
+get-issues.ps1
+update-*.ps1
+issue_*_update.json
+*.ps1
+
+# Sprint/assignee files (if temporary)
+sprint-*-assignee-breakdown.txt
+*-assignee-breakdown.txt
 
 # IDE
 .idea/
 .vscode/
 *.swp
 *.swo
 *~
+.project
+.classpath
+.settings/
 
 # OS
 .DS_Store
 .DS_Store?
 ._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
 Thumbs.db
 
-# Testing outputs
-/coverage/
+# Testing
+coverage/
 *.lcov
 .nyc_output/
+
+# Build outputs
+dist/
+*.tsbuildinfo
+
+issues/
diff --git a/apps/web/app/api/spotify/[...path]/route.js b/apps/web/app/api/spotify/[...path]/route.js
@@ -29,6 +29,10 @@ async function handler(req, context) {
   } catch (e) {
     // Log full error details on the server for debugging
     console.error('[proxy] token error:', e);
+<<<<<<< HEAD
+    // Respond with a generic error message to the client
+    return new NextResponse(JSON.stringify({ error: 'token_error', message: 'An unexpected error occurred.' }), { status: 401 });
+=======
 
     // Return a more helpful error message to the client
     const errorMessage = e.code === 'NO_TOKENS' 
@@ -46,6 +50,7 @@ async function handler(req, context) {
         headers: { 'Content-Type': 'application/json' }
       }
     );
+>>>>>>> 2cf79ae775545c31935108f06979a795fe08bdad
   }
 
   const params = await context.params;

diff --git a/apps/web/app/api/user/profile/route.js b/apps/web/app/api/user/profile/route.js
@@ -68,7 +68,11 @@ export async function GET() {
     if (spotifyToken) {
       // Try to fetch Spotify account info if token is valid
       try {
+<<<<<<< HEAD
+        const { getValidAccessToken } = await import('../../../lib/spotify.js');
+=======
         const { getValidAccessToken } = await import('../../../../lib/spotify.js');
+>>>>>>> 2cf79ae775545c31935108f06979a795fe08bdad
         const accessToken = await getValidAccessToken(supabase, user.id);
         const spotifyRes = await fetch('https://api.spotify.com/v1/me', {
           headers: { 'Authorization': `Bearer ${accessToken}` },