Saving an estimate of 0 caused advanceToNext to re-poker the same
issue repeatedly: !0 is true and 0 === 0 matches the "unestimated"
check. Track pokered issues with an `estimated` flag so they are
skipped regardless of estimate value.
Also guard against empty session index entries in createScopedSession
(NATS KV tombstones after delete can return empty values, producing
an invalid trailing-dot key that crashes Bucket.get).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Pokerface is designed for desktop use. On screens below 768px, show
a simple message asking users to open on their PC or Mac. Legal
pages remain accessible on mobile.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Added all required Jira OAuth scopes to .env.example
- Added NATS_TOKEN and JIRA_MOCK_FALLBACK to .env.example
- Added open source section to privacy policy linking to the repo
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Same-origin requests omit the Origin header, which was rejected in
production. Also restrict to WebSocket transport on both client and
server to eliminate need for sticky sessions with multiple replicas.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The checkAuth useEffect was overwriting the legal page view state
with 'login' when unauthenticated users navigated directly to
/terms, /privacy, or /support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove unused normalizeIssue and JIRA_STORY_POINTS_FIELD env var
- Add URL routing for /terms, /privacy, /support pages
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Full-stack app with Express/Socket.io backend, React frontend,
NATS JetStream for state, and Atlassian Jira OAuth integration.
Includes security hardening: NATS auth support, KV bucket TTL
enforcement, CAS retry for race conditions, error message
sanitization, and OAuth state stored in NATS KV.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
