fix(auth): unify password length requirement to 15 charactersv0.1.1

The add-user.ts script required only 8 characters while createUserSchema
required 15. Now both enforce the same minimum of 15 characters for
stronger password security.

🤖 Generated with [Claude Code](https://claude.ai/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2 files changed, 3 insertions, 3 deletions

diff --git a/docs/dev/roadmap.md b/docs/dev/roadmap.md
index ed45ea6..498ef11 100644
--- a/docs/dev/roadmap.md
+++ b/docs/dev/roadmap.md
@@ -198,7 +198,7 @@ Smaller features first to enable early MVP validation.
 
 ### Medium Priority
 - [x] Fix card update authorization in sync push (verify existing card ownership)
-- [ ] Unify password length requirement (add-user.ts: 8 chars → 15 chars)
+- [x] Unify password length requirement (add-user.ts: 8 chars → 15 chars)
 
 ### Low Priority
 - [ ] Consider httpOnly cookie for token storage (XSS mitigation)
diff --git a/src/server/scripts/add-user.ts b/src/server/scripts/add-user.ts
index 5fcccac..bad34fd 100644
--- a/src/server/scripts/add-user.ts
+++ b/src/server/scripts/add-user.ts
@@ -17,8 +17,8 @@ async function main() {
 		process.exit(1);
 	}
 
-	if (password.length < 8) {
-		console.error("Error: Password must be at least 8 characters");
+	if (password.length < 15) {
+		console.error("Error: Password must be at least 15 characters");
 		process.exit(1);
 	}