feat: full hackathon pipeline refactor (milestones 1-3) + CLI polish

.env.example

@@ -85,7 +85,7 @@ RESEARCH_CONFIG=
 # =============================================================================
 
 # Directory for hackathon recordings
-HACKATHON_RECORDINGS_DIR=recordings/hackathon
+HACKATHON_RECORDINGS_DIR=episodes/recordings/hackathon
 
 # YouTube API credentials path
 YOUTUBE_CREDENTIALS_PATH=

.github/workflows/deploy-dashboard.yml

@@ -4,7 +4,7 @@ on:
   push:
     branches: [main]
     paths:
-      - 'hackathon/dashboard/frontend/**'
+      - 'hackathon/frontend/**'
   workflow_dispatch:
 
 permissions:
@@ -26,15 +26,15 @@ jobs:
         with:
           node-version: 22
           cache: npm
-          cache-dependency-path: hackathon/dashboard/frontend/package-lock.json
+          cache-dependency-path: hackathon/frontend/package-lock.json
 
       - name: Install dependencies
         run: npm install
-        working-directory: hackathon/dashboard/frontend
+        working-directory: hackathon/frontend
 
       - name: Build
         run: npm run build
-        working-directory: hackathon/dashboard/frontend
+        working-directory: hackathon/frontend
         env:
           VITE_USE_STATIC: 'true'
           VITE_BASE_PATH: /
@@ -44,11 +44,11 @@ jobs:
 
       - name: Copy index.html to 404.html for SPA routing
         run: cp dist/index.html dist/404.html
-        working-directory: hackathon/dashboard/frontend
+        working-directory: hackathon/frontend
 
       - uses: actions/upload-pages-artifact@v3
         with:
-          path: hackathon/dashboard/frontend/dist
+          path: hackathon/frontend/dist
 
   deploy:
     environment:

.github/workflows/security-scan.yml

@@ -0,0 +1,86 @@
+name: Security Dependency Scan
+
+on:
+  push:
+    branches: [ main, organize ]
+  pull_request:
+    branches: [ main ]
+  schedule:
+    # Run weekly on Sundays at 2 AM UTC
+    - cron: '0 2 * * 0'
+
+jobs:
+  security-scan:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.10'
+
+    - name: Install security tools
+      run: |
+        python -m pip install --upgrade pip
+        pip install safety pip-audit
+
+    - name: Run Safety scan
+      run: |
+        echo "Running Safety scan for known vulnerabilities..."
+        cd hackathon
+        safety check --requirement requirements.txt --json --output safety-report.json || true
+        safety check --requirement requirements.txt || echo "Safety found vulnerabilities - check report"
+
+    - name: Run pip-audit scan  
+      run: |
+        echo "Running pip-audit scan..."
+        cd hackathon
+        pip-audit --requirement requirements.txt --format=json --output=pip-audit-report.json || true
+        pip-audit --requirement requirements.txt || echo "pip-audit found vulnerabilities - check report"
+
+    - name: Run npm audit
+      run: |
+        echo "Running npm audit..."
+        cd hackathon/frontend
+        npm audit --audit-level=moderate --json > npm-security-report.json || true
+        npm audit --audit-level=moderate || echo "npm audit found vulnerabilities - check report"
+
+    - name: Upload Security Reports
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: security-reports
+        path: |
+          hackathon/safety-report.json
+          hackathon/pip-audit-report.json
+          hackathon/frontend/npm-security-report.json
+        retention-days: 30
+
+    - name: Security Summary
+      if: always()
+      run: |
+        echo "## Security Scan Summary" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+
+        if [ -f hackathon/safety-report.json ]; then
+          SAFETY_VULNS=$(jq '.vulnerabilities | length' hackathon/safety-report.json 2>/dev/null || echo "0")
+          echo "- **Safety scan**: $SAFETY_VULNS Python vulnerabilities found" >> $GITHUB_STEP_SUMMARY
+        fi
+
+        if [ -f hackathon/pip-audit-report.json ]; then
+          PIP_AUDIT_VULNS=$(jq '.vulnerabilities | length' hackathon/pip-audit-report.json 2>/dev/null || echo "0")
+          echo "- **pip-audit scan**: $PIP_AUDIT_VULNS Python vulnerabilities found" >> $GITHUB_STEP_SUMMARY
+        fi
+
+        if [ -f hackathon/frontend/npm-security-report.json ]; then
+          NPM_VULNS=$(jq '.vulnerabilities | length' hackathon/frontend/npm-security-report.json 2>/dev/null || echo "0")
+          echo "- **npm audit**: $NPM_VULNS Node.js vulnerabilities found" >> $GITHUB_STEP_SUMMARY
+        fi
+
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo "📋 **Action Items:**" >> $GITHUB_STEP_SUMMARY
+        echo "- Review security reports in artifacts" >> $GITHUB_STEP_SUMMARY
+        echo "- Update vulnerable dependencies" >> $GITHUB_STEP_SUMMARY
+        echo "- Re-run scan after updates" >> $GITHUB_STEP_SUMMARY

.gitignore

@@ -45,19 +45,22 @@ Thumbs.db
 logs/
 
 # Hackathon System Generated Files
+data/judge_config.json
+data/research_config.json
 data/submission_backups/
 data/temp.txt
 data/*.db
+!data/hackathon.db
 hackathon/episodes/
-hackathon/dashboard/frontend/dist/
+hackathon/frontend/dist/
 
 # Large/Archive Files
 *.tar
 *.zip
 
 # Video recordings (keep JSON metadata, ignore large videos)
-recordings/*.mp4
-recordings/*.webm
+episodes/recordings/*.mp4
+episodes/recordings/*.webm
 
 # Temporary/staging files
 tmp/

CLAUDE.md

@@ -20,7 +20,7 @@ uvicorn hackathon.backend.app:app --host 0.0.0.0 --port 8000
 python app.py --generate-static-data   # from hackathon/backend/
 ```
 
-### Frontend (hackathon/dashboard/frontend/)
+### Frontend (hackathon/frontend/)
 ```bash
 npm install
 npm run dev          # Start dev server
@@ -48,25 +48,20 @@ python -m hackathon.backend.migrate_schema [--dry-run]   # Migrate schema
 python -m hackathon.backend.sync_schema_to_frontend      # Sync schema → frontend types
 ```
 
-### Hackathon Pipeline
+### Hackathon Pipeline (unified CLI)
 ```bash
-python -m hackathon.backend.research --submission-id <id> --version v2          # GitHub + AI research
-python -m hackathon.backend.hackathon_manager --score --submission-id <id> --version v2       # Round 1: AI judge scoring
-python -m hackathon.backend.hackathon_manager --score --all --version v2                      # Score all researched
-python -m hackathon.backend.hackathon_manager --synthesize --submission-id <id> --version v2  # Round 2: AI + community
-python -m hackathon.backend.hackathon_manager --leaderboard --version v2                      # View leaderboard
-python -m hackathon.scripts.generate_episode --submission-id <id> --version v2                # Generate episode
+clanktank research   --submission-id <id> --version v2    # GitHub + AI research
+clanktank score      --submission-id <id> --version v2    # Round 1: AI judge scoring
+clanktank score      --all --version v2                   # Score all researched
+clanktank synthesize --submission-id <id> --version v2    # Round 2: AI + community
+clanktank leaderboard --version v2                        # View leaderboard
+clanktank episode    --submission-id <id> --version v2    # Generate episode
+clanktank serve --host 0.0.0.0 --port 8000               # Start API server
+clanktank db create                                       # Initialize database
+clanktank db migrate --dry-run                            # Migrate schema
 ```
 
-### Main Platform Pipeline
-```bash
-python scripts/sheet_processor.py -s "Block Tank Pitch Submission" -o ./data -j --db-file pitches.db  # Import sheets
-python scripts/pitch_manager.py --db-file data/pitches.db --list --filter-status submitted            # List pitches
-python scripts/pitch_manager.py --db-file data/pitches.db --research <id>                             # Research pitch
-python scripts/pitch_manager.py --db-file data/pitches.db --create-character all                      # Create characters
-node scripts/shmotime-recorder.js <episode-url>                                                        # Record episode
-python scripts/upload_to_youtube.py --from-json metadata.json                                          # Upload to YouTube
-```
+`uv run clanktank` or `python -m hackathon` both work. Old `hackathon_manager --score ...` paths still work for backward compatibility.
 
 ### Python Style
 ```bash
@@ -87,7 +82,7 @@ ruff format <file> # Format
 The hackathon system is schema-driven. `hackathon/backend/submission_schema.json` is the **single source of truth** for all field definitions. Changes flow:
 1. Edit `submission_schema.json`
 2. Run `python -m hackathon.backend.migrate_schema` to update database
-3. Run `python -m hackathon.backend.sync_schema_to_frontend` to regenerate TypeScript types at `hackathon/dashboard/frontend/src/types/submission.ts`
+3. Run `python -m hackathon.backend.sync_schema_to_frontend` to regenerate TypeScript types at `hackathon/frontend/src/types/submission.ts`
 
 Never hardcode field lists in Python or TypeScript — always load from schema.
 
@@ -108,7 +103,7 @@ Four personality-based judges with weighted scoring criteria (Innovation, Techni
 Judge personas defined in `hackathon/prompts/judge_personas.py`. Scoring pipeline: GitHub Analysis → AI Research (with GitIngest) → Round 1 AI Scoring → Community Voting (Discord) → Round 2 Synthesis.
 
 ### Frontend Caching
-The frontend has aggressive 5-minute caching (HTTP `Cache-Control: max-age=300` + in-memory cache in `hackathon/dashboard/frontend/src/lib/api.ts`). If backend data isn't appearing, hard refresh or wait 5 minutes.
+The frontend has aggressive 5-minute caching (HTTP `Cache-Control: max-age=300` + in-memory cache in `hackathon/frontend/src/lib/api.ts`). If backend data isn't appearing, hard refresh or wait 5 minutes.
 
 ### Status Progressions
 - **Main Platform**: submitted → researched → in_progress → done
@@ -143,7 +138,6 @@ Used in the research pipeline (`hackathon/backend/github_analyzer.py`) to genera
 Both SQLite: `data/pitches.db` (main platform), `data/hackathon.db` (hackathon). Override hackathon DB path with `HACKATHON_DB_PATH` env var.
 
 ### GitHub Actions
-- Daily episode recording at 04:15 UTC (`.github/workflows/daily-episode-recording.yml`)
 - Security scanning (`.github/workflows/security-scan.yml`)
 
 ## Workflow Preferences