v1.0.0

Euthus v1.0.0 - first stable release.

Production-ready WCAG accessibility auditor: Puppeteer + axe-core
worker, Express API with SSE audit lifecycle, Next.js dashboard,
optional magic-link auth, Prometheus + OpenTelemetry observability.

Highlights since v1.0.0-rc.1

• Soft-auth via magic link (18 commits, ADRs 0005 + 0006)
• 4-layer SSRF defense (intake DNS, pinned IP, subrequest interceptor)
• Mutation testing 100% on the auth folder; expanded to application/ + interfaces/
• Threat model (STRIDE-lite) with file:line pointers to mitigations
• Three-state circuit breaker on the email provider
• Idempotency key on POST /api/auth/magic-link
• Auth merge observability (counters + structured logs)
• E2E auth.spec.ts wired into CI (was self-skipping)
• WCAG AA contrast gap closed in footer; axe self-test extended to /entrar*
• Dependency-review action on PRs (license + advisory diff gate)
• SBOM (CycloneDX) + Sigstore keyless attestation on every release tag
• CodeQL with custom SSRF guardrail query
• Bundle budgets for /entrar/*

Compatibility

• Node 20, MongoDB 7, Redis 7
• Next.js 16, React 19 (frontend)
• Mongoose 9, Puppeteer 24 (backend)
• TypeScript strict + noUncheckedIndexedAccess + exactOptionalPropertyTypes

See CHANGELOG.md, docs/ROADMAP.md, and ADRs 0001-0006 for context.