Hosts can optionally cap total attendance (RSVPs + plus-ones) when
creating an event. Capped events require guests to log in via the
existing email code flow; RSVPs are tied to accounts and deduped per
user. The event page shows spots left and replaces the form with a
full notice when the cap is reached; the server rejects over-cap
RSVPs and edits with 409 as a race backstop.
Also threads a safeNext-validated ?next= param through the login and
name-setup flow so guests land back on the event after signing in.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Log phone, IP, and user agent to sms_consents table before sending
verification SMS. Add disclosure text to login form.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Auto-detect whether the user entered an email or phone number.
Email sends via Resend, phone sends via Twilio SMS. Users table
has nullable phone and email columns; verification_codes uses a
generic identifier field.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace email-based auth (Resend) with phone-based auth (Twilio SMS).
Add BBQ_FEATURES env var for toggling features at deploy time — when
auth is disabled, no login routes are registered and the app works
as before.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>