James Chang

James Chang / Work / The Judge Tool / Changelog

Static snapshot of the /changelog page as of April 2026. Live at thejudgetool.com/changelog.

Judge Tool · Changelog · Last Updated

14 releases in 20 days.

v0.0.1 → v0.14.0 between Mar 6–26, 2026. Every release categorized: feature, fix, perf, refactor, test, docs, or security. Full app scaffolded in one session, then methodically hardened.

14releases (v0.0.1 → v0.14.0)
83individual changes tracked
13development sessions
+16,395 / −9,237net lines changed

Change-type distribution

Features
31 (37%)
Fixes
13 (16%)
Refactor
12 (14%)
Docs
12 (14%)
Security
7 (8%)
Tests
7 (8%)
Perf
1 (1%)

Releases

v0.14.0 Mar 26, 2026 · Session 13 security

Vercel migration & security hardening

  • Migrated app hosting from Render Pro to Vercel free tier — $49/mo savings
  • Hashed competition judgePin with bcrypt — eliminated plaintext PIN storage
  • Added TypeScript module augmentation for next-auth — removed unsafe type casts
  • Split auth into auth.config.ts (Edge-safe) and auth.ts (Node.js)
  • Marketing site moved to GitHub Pages, separate from app

12 files changed · +180 / −95

v0.13.0 Mar 19, 2026 · Session 12 feature

Static marketing site

  • Separated static marketing site into its own marketing/ directory
  • Independent deployment from the app
  • Added package.json for Render static site config
v0.12.0 Mar 18, 2026 · Session 11 feature

Marketing landing page

  • Full marketing landing page: hero, pain points, judge section, feature comparison, CTA
  • Dark mode with system preference detection
  • Mobile responsive across all sections
  • Middleware updated to allow unauthenticated access to /

8 files changed · +1,850 / −25

v0.11.0 Mar 17, 2026 · Session 10 feature

Meta pages — Roadmap, Changelog, Status, Analytics

  • Added /roadmap with health scorecard, phased roadmap, risk register, velocity
  • Added /changelog with release cards, change-type distribution, expandable details
  • Added /status with live API health checks
  • Added /analytics with product metrics
  • MetaPageNav shared component; MermaidDiagram for client-side rendering

12 files changed · +2,400 / −50

v0.10.0 Mar 16, 2026 · Session 9 improvement

Tech page overhaul

  • Rewrote /tech into 11-section build teardown
  • Cost comparison (US dev shop vs offshore vs AI-assisted)
  • AI development workflow section with delegation split documented
  • Mermaid architecture flowchart + 3 ERD diagrams
  • CollapsibleSection component using native HTML details/summary

7 files changed · +2,190 / −324

v0.8.0 Mar 11, 2026 · Session 7b security

Code review fixes & architecture cleanup

  • Split monolithic competition/actions/index.ts (1,200+ lines) into 6 focused files
  • Security hardening on server-action auth patterns
  • Performance improvements on Prisma queries with selective includes
  • Fixed edge cases discovered during code review

37 files changed · +1,785 / −1,728

v0.7.0 Mar 11, 2026 · Session 7a improvement

Diataxis docs, E2E simulation & accessibility

  • E2E competition simulation — 2,000+ assertions: seed → distribute → score 4 cats → tabulate → validate
  • Simulation generates markdown report at reports/simulation-report.md
  • Restructured docs into Diataxis framework (15 docs): tutorials, how-to, reference, explanation
  • Fixed 3 DQ edge-case bugs that unit tests missed

85 files changed · +3,533 / −148

v0.6.0 Mar 10, 2026 · Session 6 security

WCAG accessibility, OWASP security & spec gaps

  • WCAG pass — ARIA labels, keyboard navigation, focus management
  • OWASP security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy)
  • Sliding-window rate limiter (5 attempts / 15 min) on both login providers
  • Failed login attempts logged with timestamp
  • Test count: ~40 → 113 across 25 suites (+3 new edge-case suites)

47 files changed · +1,657 / −258

v0.4.0 Mar 9, 2026 (mid) · Session 4 feature

Box distribution algorithm

  • Latin square box distribution generator — no repeat competitor at same table across categories
  • Distribution approval workflow with cascading delete guard
  • Category submission dialog for table captains
  • Server-side gates for competition state transitions
  • 188 unit tests for the distribution generator alone

17 files changed · +1,006 / −100

v0.3.0 Mar 9, 2026 (AM) · Session 3b security

Security hardening

  • Created auth-guards.ts: requireAuth(), requireOrganizer(), requireJudge(), requireCaptain()
  • Retrofitted all 62 server actions with auth guards
  • Derived all user IDs from session — eliminated IDOR
  • Captain actions verify table.captainId === userId
  • Wrapped multi-step mutations in prisma.$transaction

15 files changed · +172 / −173

v0.1.0 Mar 8, 2026 · Session 2 feature

Complete application build

The big one — full app in one session.

  • Prisma schema (12 models)
  • 5 feature modules with full structure (competition, judging, scoring, tabulation, users)
  • NextAuth.js v5 with JWT strategy and 3 Credentials providers
  • Dashboard shell with role-based sidebar navigation
  • KCBS scoring constants and engine
  • Judge flow (4-phase setup: not-registered → awaiting-table → pick-seat → ready)
  • Scoring components (ScorePicker, ScoreCard, SubmissionQueue)
  • Captain dashboard (TableStatusBoard, ScoreReviewTable, CorrectionRequestPanel)
  • Tabulation engine (weighted scoring, drop-lowest, KCBS tiebreaking)
  • Results page (4-tab layout with 15s polling)
  • Design system: 11 common components + 10 UI primitives

130 files changed · +14,396 / −1,605 — later flagged in retrospective as "don't build the whole app in one commit."

v0.0.1 Mar 6, 2026 · Session 1 feature

Project scaffolding

  • Next.js 14.2 with TypeScript strict mode and App Router
  • Tailwind CSS v3 with custom deep red theme (#C0392B)
  • Path aliases: @/*, @features/*, @shared/*
  • shadcn/ui configured for new-york style
  • Initial CLAUDE.md with project constraints
← Roadmap & health