Block a user
color-mix() inline statt CSS-Tokens
Hardcoded #fff in ConfigDialog
SettingsUsers rohe Dialog statt ConfigDialog
NotificationPanel Unicode Close-Button
mypy + pip-audit als soft-fail in CI
Kein ESLint/Biome im Frontend
Frontend Coverage-Reporting fehlt
UserService importiert HTTPException
auth.py change_password macht direkte DB-Aufrufe
DB-Passwort-Route loggt ohne exc_info
Frontend-Komponenten ohne Unit-Tests
Settings-Route leakt DB-Exception an Client
CompressionRepository f-String SQL
Backend-Coverage 33% vs 75% Threshold