Closes a security flaw where the server trusted any pubkey the client
sent. The frontend now signs a per-session, time-bound challenge
(kind-22242 event) that the backend verifies with swentel/nostr-php
before establishing the session.
- NostrAuth: issueChallenge() + loginWithSignedEvent() with full
schnorr/id verification, TTL window, and idempotent re-entry for
concurrent Livewire listeners.
- auth-button: mounts a fresh challenge, exposes it via data-attribute
+ requestNostrChallenge() fallback, renders a full-viewport AAA-style
loading overlay while the wallet signs.
- NostrSessionGuard: override logout() to drop the cookie-jar dep so
programmatic logout works in any context.
- 🛠 Introduce `RichTextMarkdownNormalizer` to convert Markdown and mixed input to cleaner HTML.
- 🗂 Include a new Blade partial to enable Markdown-on-paste behavior in rich-text editors.
- 📋 Enhance `create` and `edit` forms to normalize descriptions and support Markdown conversion.
- 🧪 Add test coverage for Markdown normalization scenarios.
- 🛠 Add CLI command to normalize project proposal descriptions in bulk.
- 🔧 Update `vite.config.js` for improved development setup (e.g., ignored paths).
HolgerHatGarKeineNode