v2.6.0 - Complete API Authentication Consolidation MAJOR SECURITY UPDATE - Phase 1 Complete Fixed 18 critical security vulnerabilities: - All ACH API endpoints (7 files) - All Content Intelligence endpoints (6 files) - All Framework endpoints (2 files) - All auth migration endpoints (1 file) Before: Hardcoded 'demo-user' and userId = 1 After: Proper user authentication via shared helpers Key Features: - Unified authentication across all APIs - Support for both session and hash-based auth - Proper user attribution for all analyses - Backward compatible with existing functionality Security Impact: - CRITICAL vulnerabilities fixed - Proper access control implemented - User data properly isolated - Ready for multi-user deployments Technical: - Created shared auth helpers (_shared/auth-helpers.ts) - getUserIdOrDefault() for user ID resolution - requireAuth() for protected endpoints - Full session + hash authentication support From Audit: TODOS_AND_STUBS_AUDIT.md Completed: Phase 1 (18 files) Remaining: Phase 2 (API keys), Phase 3 (workspace UI) Closes: 18 HIGH priority security TODOs