security: address assessment findings and bump to v2026.3.11

- C1: Disable Swagger UI in production (env gate)
- M1+M2: Add Helmet.js for security headers (CSP, X-Frame-Options,
  X-Content-Type-Options, Referrer-Policy) and remove X-Powered-By
- H2: Add @nestjs/throttler rate limiting (5 req/min on login/register)
- M4: Remove orgSchema from JWT payload and client-side storage;
  tenant middleware now resolves schema from orgId via cached DB lookup
- L1: Fix Chatwoot user identification (read from auth store on ready)
- Remove schemaName from frontend Organization type and UI displays

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

frontend/index.html

@@ -23,6 +23,20 @@
           })
         }
       })(document,"script");
+      window.addEventListener('chatwoot:ready', function() {
+        try {
+          var raw = localStorage.getItem('ledgeriq-auth');
+          if (!raw) return;
+          var auth = JSON.parse(raw);
+          var user = auth && auth.state && auth.state.user;
+          if (user && window.$chatwoot) {
+            window.$chatwoot.setUser(user.id, {
+              name: (user.firstName || '') + ' ' + (user.lastName || ''),
+              email: user.email
+            });
+          }
+        } catch (e) {}
+      });
     </script>
   </body>
 </html>

frontend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hoa-ledgeriq-frontend",
-  "version": "2026.03.10",
+  "version": "2026.3.11",
   "private": true,
   "type": "module",
   "scripts": {

frontend/src/pages/auth/SelectOrgPage.tsx

@@ -120,11 +120,6 @@ export function SelectOrgPage() {
                   <Text fw={500}>{org.name}</Text>
                   <Group gap={4}>
                     <Badge size="sm" variant="light">{org.role}</Badge>
-                    {org.schemaName && (
-                      <Badge size="xs" variant="dot" color="gray">
-                        {org.schemaName}
-                      </Badge>
-                    )}
                   </Group>
                 </div>
               </Group>

frontend/src/pages/settings/SettingsPage.tsx

@@ -38,10 +38,6 @@ export function SettingsPage() {
               <Text size="sm" c="dimmed">Your Role</Text>
               <Badge variant="light">{currentOrg?.role || 'N/A'}</Badge>
             </Group>
-            <Group justify="space-between">
-              <Text size="sm" c="dimmed">Schema</Text>
-              <Text size="sm" ff="monospace" c="dimmed">{currentOrg?.schemaName || 'N/A'}</Text>
-            </Group>
           </Stack>
         </Card>
 

frontend/src/stores/authStore.ts

@@ -5,7 +5,6 @@ interface Organization {
   id: string;
   name: string;
   role: string;
-  schemaName?: string;
   status?: string;
   settings?: Record<string, any>;
 }