Dependency Audit & Build Pipeline Cleanup

Dependency Audit

All three codebases audited and patched:

• Axios DoS vulnerability resolved — upgraded to patched version, eliminating the prototype pollution vector in request config merging.
• Marketing site clean — zero vulnerabilities. Upgraded Astro integrations and removed stale dependencies.
• API clean — zero vulnerabilities.
• One residual dev-only advisory — esbuild in the frontend dev server (Vite). Does not affect production builds or deployed code.

Build Pipeline Cleanup

• Marketing site flattened — removed the legacy Turborepo monorepo structure. The Astro site now builds directly at the project root without Turbo orchestration, cutting build complexity and eliminating an unused packages/ui workspace.
• Deploy script rewritten — numbered phases, build timer, page count, and clean ASCII output. No more emoji.
• Line counter fixed — the LOC script now correctly counts marketing site source after the directory restructure. Total codebase: 81,486 lines across API, frontend, docs, and marketing.

Internal Documentation

Added a docs/ directory to the app codebase covering architecture (system overview, database, API, frontend, infrastructure), operational runbooks (deploy, database, monitoring, incident response, Stripe), TMADD index, and three Architecture Decision Records (RLS, minor units, UIE).