1 files changed, 36 insertions, 0 deletions

diff --git a/issues/task_002_add_authentication.md b/issues/task_002_add_authentication.md
new file mode 100644
index 0000000..018fff0
--- /dev/null
+++ b/issues/task_002_add_authentication.md
@@ -0,0 +1,36 @@
+# Task: Add Authentication
+
+## Goal
+Implement session-based authentication to secure the application for public deployment.
+
+## Plan
+
+1.  **Dependencies:**
+    *   Add `github.com/alexedwards/scs/v2` (Session management).
+    *   Add `github.com/alexedwards/scs/sqlite3store` (SQLite store for sessions).
+    *   Add `golang.org/x/crypto/bcrypt` (Password hashing).
+
+2.  **Database Schema:**
+    *   Create migration `migrations/003_add_auth.sql`.
+    *   Create `users` table (`id`, `username`, `password_hash`).
+    *   Create `sessions` table (required by `scs` SQLite store).
+
+3.  **Core Logic (`internal/auth`):**
+    *   Create `AuthService` to handle login, logout, and password verification.
+    *   Implement `User` model.
+
+4.  **Configuration:**
+    *   Update `Config` to include `SessionSecret` (for cookie encryption, if needed, though `scs` handles this well).
+
+5.  **Handlers & Middleware:**
+    *   Initialize `SessionManager` in `main.go`.
+    *   Create `LoginHandler` (GET/POST).
+    *   Create `LogoutHandler` (POST).
+    *   Create `AuthMiddleware` to protect routes.
+
+6.  **UI:**
+    *   Create `web/templates/login.html`.
+    *   Update `web/templates/base.html` (or similar) to show Logout button when logged in.
+
+7.  **Seed Data:**
+    *   Create a CLI command or startup check to ensure a default admin user exists (or provide instructions to create one).