feat: MyTask task market UI (M6-M8) + social recovery

.github/workflows/ci.yml

@@ -40,6 +40,7 @@ jobs:
           scan-ref: "."
           format: "sarif"
           output: "trivy-results.sarif"
+          trivyignores: .trivyignore
 
       - name: Upload Trivy results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v4
@@ -52,14 +53,17 @@ jobs:
         uses: actions/dependency-review-action@v4
         with:
           fail-on-severity: high
+          # Temporary: axios high vuln in @ledgerhq optional deps (via @aastar/airaccount).
+          # No non-breaking fix available until ledgerhq updates their axios dependency.
+          allow-ghsas: GHSA-43fc-jf86-j433
 
   # Job 2: Code quality checks
   quality:
     name: Code Quality
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        project: [aastar, aastar-frontend, sdk]
+        project: [aastar, aastar-frontend]
     steps:
       - uses: actions/checkout@v5
 
@@ -100,8 +104,6 @@ jobs:
             build-command: npm run build
           - project: aastar-frontend
             build-command: npm run build
-          - project: sdk
-            build-command: npm run build
     steps:
       - uses: actions/checkout@v5
 
@@ -113,11 +115,6 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
-      # Build SDK first if this is not the SDK build itself
-      - name: Build SDK (dependency)
-        if: matrix.project != 'sdk'
-        run: npm run build --workspace=sdk
-
       - name: Build project
         run: npm run build --workspace=${{ matrix.project }}
         env:
@@ -154,7 +151,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        project: [aastar, aastar-frontend, sdk]
+        project: [aastar, aastar-frontend]
     steps:
       - uses: actions/checkout@v5
 
@@ -166,11 +163,6 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
-      # Build SDK first if this is not the SDK type check itself
-      - name: Build SDK (dependency)
-        if: matrix.project != 'sdk'
-        run: npm run build --workspace=sdk
-
       - name: Run TypeScript compiler
         run: |
           if [ -f ${{ matrix.project }}/package.json ] && jq -e '.scripts["type-check"]' ${{ matrix.project }}/package.json > /dev/null; then

.trivyignore

@@ -0,0 +1,4 @@
+# Axios DoS via __proto__ in mergeConfig (CVE-2026-25639)
+# Pinned to axios@1.13.2 by @ledgerhq/domain-service (exact version, not a range).
+# No non-breaking fix available until ledgerhq updates their internal dependency.
+CVE-2026-25639

aastar-frontend/app/auth/login/page.tsx

@@ -49,7 +49,7 @@ export default function LoginPage() {
       });
 
       // Step 3: Browser WebAuthn authentication ceremony
-      const credential = await startAuthentication(authResponse.Options as any);
+      const credential = await startAuthentication({ optionsJSON: authResponse.Options as any });
 
       // Step 4: Complete login via backend (backend calls KMS SignHash to verify)
       toast.dismiss(loadingToast);