Move duplicate helper functions from multiple test files to helpers.go:
- authenticateWithPDS() - Used by post e2e tests
- contains() / anySubstring() - String utilities
- Import standardization across test files

Benefits:
- Eliminates code duplication across 6+ test files
- Centralizes test utilities for easier maintenance
- Improves test readability (focus on test logic, not helpers)

All tests continue to pass with consolidated helpers.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Minor formatting cleanup:
- Align struct field comments consistently
- No functional changes

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Add SetTestUserDID() function to inject user DID into context for testing.

Purpose:
- Mock authenticated users in integration tests without full OAuth flow
- Used by post handler tests to simulate authenticated requests
- Marked with comment: "ONLY be used in tests"

This enables testing authenticated endpoints (like post creation)
without requiring real PDS authentication in test environment.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Update PRD_POSTS.md with implementation status:
- Add "Implementation Status" section showing completed work
- Mark Alpha CREATE features as complete (✅)
- Mark Beta features as deferred (⚠️)
- Update all sections with checkmarks and status
- Add database schema status (migration 011 complete)
- Update success metrics (Alpha checklist complete)
- Reference IMPLEMENTATION_POST_CREATION.md for details

Completed (Alpha):
✅ Post creation endpoint with write-forward to community PDS
✅ Handler with authentication, validation, security checks
✅ Service layer with token refresh and community resolution
✅ PostgreSQL repository with proper indexing
✅ Jetstream consumer for real-time indexing
✅ E2E tests (service, repository, handler, live PDS+Jetstream)
✅ All 4 at-identifier formats supported

Deferred (Beta):
⚠️ Content rules validation
⚠️ Post read operations (get, list)
⚠️ Post update/edit operations
⚠️ Post deletion
⚠️ Voting system

Update other PRDs:
- PRD_BACKLOG: Add post creation to completed items
- PRD_COMMUNITIES: Reference post integration
- PRD_GOVERNANCE: Note content rules deferred to Beta

PRDs now accurately reflect codebase state.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Add social.coves.post lexicon definitions:

1. social.coves.post.record
- Post record schema for community repositories
- Fields: community (at-identifier), author (did), title, content
- Rich text support: facets for mentions/links
- Embed support: images, video, external, record
- Content labels: nsfw, spoiler, violence
- Federation fields: originalAuthor, federatedFrom (future)
- Location support (future)
- Author field REQUIRED (added after PR review)

2. social.coves.post.create
- XRPC procedure for post creation
- Input: matches record schema (minus author - server-populated)
- Output: uri (AT-URI), cid (content ID)
- Errors: InvalidRequest, AuthRequired, NotAuthorized, Banned

3. social.coves.post.get
- XRPC query for fetching single post (future)
- Input: uri (AT-URI)
- Output: post view with stats

Update community profile and feed lexicons:
- Reference post record type
- Update descriptions for post integration

All lexicons follow atProto conventions and use at-identifier
format for community references (supports DIDs and handles).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Add 4 test files covering full post creation flow:

1. post_creation_test.go - Service layer tests (11 subtests)
- Happy path with DID and handle resolution
- Validation: missing fields, invalid formats, length limits
- Content label validation (nsfw, spoiler, violence)
- Repository tests: create, duplicate URI handling

2. post_e2e_test.go - TRUE end-to-end test
- Part 1: Write-forward to live PDS
- Part 2: Real Jetstream WebSocket consumption
- Verifies complete cycle: HTTP → PDS → Jetstream → AppView DB
- Tests ~1 second indexing latency
- Requires live PDS and Jetstream services

3. post_handler_test.go - Handler security tests (10+ subtests)
- Reject client-provided authorDid (impersonation prevention)
- Require authentication (401 on missing token)
- Request body size limit (1MB DoS prevention)
- Malformed JSON handling
- All 4 at-identifier formats (DIDs, canonical, @-prefixed, scoped)
- Unicode/emoji support
- SQL injection prevention

4. helpers.go - Test utilities
- JWT token generation for test users

All tests passing. Coverage includes security, validation,
business logic, and real-time indexing.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>