release: v0.5.0 - Authentication, API Keys & Advanced Features

Complete v0.5.0 implementation:

Database (@db-engineer):
- 3 migrations: users, api_keys, report_schedules tables
- Foreign keys, indexes, constraints, enums

Backend (@backend-dev):
- JWT authentication service with bcrypt (cost=12)
- Auth endpoints: /register, /login, /refresh, /me
- API Keys service with hash storage and prefix validation
- API Keys endpoints: CRUD + rotate
- Security module with JWT HS256

Frontend (@frontend-dev):
- Login/Register pages with validation
- AuthContext with localStorage persistence
- Protected routes implementation
- API Keys management UI (create, revoke, rotate)
- Header with user dropdown

DevOps (@devops-engineer):
- .env.example and .env.production.example
- docker-compose.scheduler.yml
- scripts/setup-secrets.sh
- INFRASTRUCTURE_SETUP.md

QA (@qa-engineer):
- 85 E2E tests: auth.spec.ts, apikeys.spec.ts, scenarios.spec.ts, regression-v050.spec.ts
- auth-helpers.ts with 20+ utility functions
- Test plans and documentation

Architecture (@spec-architect):
- SECURITY.md with best practices
- SECURITY-CHECKLIST.md pre-deployment
- Updated architecture.md with auth flows
- Updated README.md with v0.5.0 features

Documentation:
- Updated todo.md with v0.5.0 status
- Added docs/README.md index
- Complete setup instructions

Dependencies added:
- bcrypt, python-jose, passlib, email-validator

Tested: JWT auth flow, API keys CRUD, protected routes, 85 E2E tests ready

Closes: v0.5.0 milestone

README.md

@@ -1,7 +1,7 @@
 # mockupAWS - Backend Profiler & Cost Estimator
 
-> **Versione:** 0.4.0 (Completata)  
-> **Stato:** Release Candidate
+> **Versione:** 0.5.0 (In Sviluppo)  
+> **Stato:** Authentication & API Keys
 
 ## Panoramica
 
@@ -37,6 +37,12 @@ A differenza dei semplici calcolatori di costo online, mockupAWS permette di:
 - Form guidato per creazione scenari
 - Vista dettaglio con metriche, costi, logs e PII detection
 
+### 🔐 Authentication & API Keys (v0.5.0)
+- **JWT Authentication**: Login/Register con token access (30min) e refresh (7giorni)
+- **API Keys Management**: Generazione e gestione chiavi API con scopes
+- **Password Security**: bcrypt hashing con cost=12
+- **Token Rotation**: Refresh token rotation per sicurezza
+
 ### 📈 Data Visualization & Reports (v0.4.0)
 - **Report Generation**: PDF/CSV professionali con template personalizzabili
 - **Data Visualization**: Grafici interattivi con Recharts (Pie, Area, Bar)
@@ -47,7 +53,8 @@ A differenza dei semplici calcolatori di costo online, mockupAWS permette di:
 - Rilevamento automatico email (PII) nei log
 - Hashing dei messaggi per privacy
 - Deduplicazione automatica per simulazione batching ottimizzato
-- Autenticazione JWT/API Keys (in sviluppo)
+- Autenticazione JWT e API Keys
+- Rate limiting per endpoint
 
 ## Architettura
 
@@ -112,7 +119,11 @@ A differenza dei semplici calcolatori di costo online, mockupAWS permette di:
 - **Alembic** - Migrazioni database versionate
 - **Pydantic** (≥2.7) - Validazione dati e serializzazione
 - **tiktoken** - Tokenizer ufficiale OpenAI per calcolo costi LLM
-- **python-jose** - JWT handling (preparato per v1.0.0)
+- **python-jose** - JWT handling per autenticazione
+- **bcrypt** - Password hashing (cost=12)
+- **slowapi** - Rate limiting per endpoint
+- **APScheduler** - Job scheduling per report automatici
+- **SendGrid/AWS SES** - Email notifications
 
 ### Frontend
 - **React** (≥18) - UI library con hooks e functional components
@@ -201,18 +212,78 @@ npm run dev
 
 ### Configurazione Ambiente
 
-Crea un file `.env` nella root del progetto:
+Crea un file `.env` nella root del progetto copiando da `.env.example`:
+
+```bash
+cp .env.example .env
+```
+
+#### Variabili d'Ambiente Richieste
 
 ```env
-# Database
+# =============================================================================
+# Database (Richiesto)
+# =============================================================================
 DATABASE_URL=postgresql+asyncpg://postgres:postgres@localhost:5432/mockupaws
 
-# API
+# =============================================================================
+# Applicazione (Richiesto)
+# =============================================================================
+APP_NAME=mockupAWS
+DEBUG=true
 API_V1_STR=/api/v1
-PROJECT_NAME=mockupAWS
 
-# Frontend (se necessario)
-VITE_API_URL=http://localhost:8000
+# =============================================================================
+# JWT Authentication (Richiesto per v0.5.0)
+# =============================================================================
+# Genera con: openssl rand -hex 32
+JWT_SECRET_KEY=your-32-char-secret-here-minimum
+JWT_ALGORITHM=HS256
+ACCESS_TOKEN_EXPIRE_MINUTES=30
+REFRESH_TOKEN_EXPIRE_DAYS=7
+
+# =============================================================================
+# Sicurezza (Richiesto per v0.5.0)
+# =============================================================================
+BCRYPT_ROUNDS=12
+API_KEY_PREFIX=mk_
+
+# =============================================================================
+# Email (Opzionale - per notifiche report)
+# =============================================================================
+EMAIL_PROVIDER=sendgrid
+EMAIL_FROM=noreply@mockupaws.com
+SENDGRID_API_KEY=sg_your_key_here
+
+# =============================================================================
+# Frontend (per CORS)
+# =============================================================================
+FRONTEND_URL=http://localhost:5173
+ALLOWED_HOSTS=localhost,127.0.0.1
+
+# =============================================================================
+# Reports & Storage
+# =============================================================================
+REPORTS_STORAGE_PATH=./storage/reports
+REPORTS_MAX_FILE_SIZE_MB=50
+REPORTS_CLEANUP_DAYS=30
+REPORTS_RATE_LIMIT_PER_MINUTE=10
+
+# =============================================================================
+# Scheduler (Cron Jobs)
+# =============================================================================
+SCHEDULER_ENABLED=true
+SCHEDULER_INTERVAL_MINUTES=5
+```
+
+#### Generazione JWT Secret
+
+```bash
+# Genera un JWT secret sicuro (32+ caratteri)
+openssl rand -hex 32
+
+# Esempio output:
+# a3f5c8e9d2b1f4a7c6e8d9b0a2c4e6f8a1b3d5c7e9f2a4b6c8d0e2f4a6b8c0d
 ```
 
 ## Utilizzo
@@ -409,6 +480,79 @@ npm run lint
 npm run build
 ```
 
+## Configurazione Sicurezza (v0.5.0)
+
+### Setup Iniziale JWT
+
+1. **Genera JWT Secret:**
+   ```bash
+   openssl rand -hex 32
+   ```
+
+2. **Configura .env:**
+   ```env
+   JWT_SECRET_KEY=<generated-secret>
+   JWT_ALGORITHM=HS256
+   ACCESS_TOKEN_EXPIRE_MINUTES=30
+   REFRESH_TOKEN_EXPIRE_DAYS=7
+   BCRYPT_ROUNDS=12
+   ```
+
+3. **Verifica sicurezza:**
+   ```bash
+   # Controlla che JWT_SECRET_KEY sia >= 32 caratteri
+   echo $JWT_SECRET_KEY | wc -c
+   # Deve mostrare 65+ (64 hex chars + newline)
+   ```
+
+### Rate Limiting
+
+I limiti sono configurati automaticamente:
+
+| Endpoint | Limite | Finestra |
+|----------|--------|----------|
+| `/auth/*` | 5 req | 1 minuto |
+| `/api-keys/*` | 10 req | 1 minuto |
+| `/reports/*` | 10 req | 1 minuto |
+| API generale | 100 req | 1 minuto |
+| `/ingest` | 1000 req | 1 minuto |
+
+### HTTPS in Produzione
+
+Per produzione, configura HTTPS obbligatorio:
+
+```nginx
+server {
+    listen 443 ssl http2;
+    server_name api.mockupaws.com;
+    
+    ssl_certificate /path/to/cert.pem;
+    ssl_certificate_key /path/to/key.pem;
+    ssl_protocols TLSv1.3;
+    
+    # HSTS
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    
+    location / {
+        proxy_pass http://backend:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+}
+
+# Redirect HTTP to HTTPS
+server {
+    listen 80;
+    server_name api.mockupaws.com;
+    return 301 https://$server_name$request_uri;
+}
+```
+
+### Documentazione Sicurezza
+
+- [SECURITY.md](./SECURITY.md) - Considerazioni di sicurezza e best practices
+- [docs/SECURITY-CHECKLIST.md](./docs/SECURITY-CHECKLIST.md) - Checklist pre-deployment
+
 ## Roadmap
 
 ### v0.2.0 ✅ Completata
@@ -437,18 +581,25 @@ npm run build
 - [x] Dark/Light mode toggle con rilevamento sistema
 - [x] E2E Testing suite con 100 test cases (Playwright)
 
-### v0.5.0 🔄 Pianificata
-- [ ] Autenticazione JWT e autorizzazione
-- [ ] API Keys management
-- [ ] User preferences (tema, notifiche)
-- [ ] Export dati avanzato (JSON, Excel)
+### v0.5.0 🔄 In Sviluppo
+- [x] Database migrations (users, api_keys, report_schedules)
+- [x] JWT implementation (HS256, 30min access, 7days refresh)
+- [x] bcrypt password hashing (cost=12)
+- [ ] Auth API endpoints (/auth/*)
+- [ ] API Keys service (generazione, validazione, hashing)
+- [ ] API Keys endpoints (/api-keys/*)
+- [ ] Protected route middleware
+- [ ] Report scheduling service
+- [ ] Email service (SendGrid/AWS SES)
+- [ ] Frontend auth integration
+- [ ] Security documentation
 
 ### v1.0.0 ⏳ Future
 - [ ] Backup automatico database
 - [ ] Documentazione API completa (OpenAPI)
 - [ ] Performance optimizations
 - [ ] Production deployment guide
-- [ ] Testing E2E
+- [ ] Redis caching layer
 
 ## Contributi