Fix site audit security and UX issues

[injoon5]

Summary

• Gate Convex write/auth helper functions behind the server-held secret and keep admin bypass explicit.
• Make user comment deletion soft-delete instead of hard-delete.
• Sanitize /now markdown rendering and require admin auth in the Convex mutation.
• Fix light-mode code highlighting, footer markup, mobile padding, nav/accessibility papercuts, and language toggle semantics.
• Fix client hydration/router console warnings from reading-time animation, random comment placeholders, and analytics autocollect.

Testing

• npm run build
• npx prettier --check on touched files
• npx eslint on touched files
• npx convex deploy --preview-create="my-preview-deployment-name"
• Browser click-through against local SvelteKit + Convex preview: home, blog post, code block, language toggle, like, comment create/edit controls, projects, /now.

Notes

• Convex preview deployed to https://grand-opossum-228.convex.cloud and ADMIN_SECRET was set there.
• Full npm run lint is still blocked by pre-existing unformatted files outside this change.
• npm run check is still blocked by pre-existing Node typings and Convex Id typing issues.

  

[cloudflare-workers-and-pages]

Deploying web with    Cloudflare Pages

Latest commit:	871996a
Status:	🚫  Build failed.

View logs

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
web	Ready	Preview, Comment	May 24, 2026 5:01am