feat: complete monorepo structure with frontend and shared resources

- Add complete backend/ directory with full Django application
- Add frontend/ directory with Vite + TypeScript setup ready for Next.js
- Add comprehensive shared/ directory with:
  - Complete documentation and memory-bank archives
  - Media files and avatars (letters, park/ride images)
  - Deployment scripts and automation tools
  - Shared types and utilities
- Add architecture/ directory with migration guides
- Configure pnpm workspace for monorepo development
- Update .gitignore to exclude .django_tailwind_cli/ build artifacts
- Preserve all historical documentation in shared/docs/memory-bank/
- Set up proper structure for full-stack development with shared resources

shared/docs/memory-bank/decisions/authentication-audit-2025-06-25.md

@@ -0,0 +1,125 @@
+# Authentication Audit - ThrillWiki Django Application
+**Date**: 2025-06-25  
+**Auditor**: Roo  
+**Context**: Following fix of search authentication issues, comprehensive audit to identify other unnecessary authentication requirements
+
+## Audit Scope
+
+### What Should Be PUBLIC (no authentication required):
+- Viewing park details, ride details, lists
+- Searching parks, rides, manufacturers, designers  
+- Browsing content (categories, lists, etc.)
+- Autocomplete functionality for search
+- Reading reviews/ratings
+- Viewing photos and media
+
+### What Should REQUIRE Authentication:
+- Creating/editing parks, rides, content
+- Submitting reviews, photos, content
+- Administrative functions
+- User account management
+- Moderation actions
+
+## Previous Issues Fixed
+- **RideSearchView**: Removed unnecessary `LoginRequiredMixin` 
+- **Search helper functions**: Removed `@login_required` from manufacturers, designers, ride_models functions
+
+## Audit Methodology
+1. Search for all `LoginRequiredMixin` instances
+2. Search for all `@login_required` decorator instances  
+3. Examine each for necessity
+4. Check URL patterns for authentication middleware
+5. Review autocomplete/AJAX endpoints
+6. Test public accessibility
+
+## Findings
+
+### Phase 1: LoginRequiredMixin Search
+Found 20 instances across the codebase:
+
+**CORRECTLY REQUIRING AUTHENTICATION (Create/Edit operations):**
+- `rides/views.py`: RideCreateView, RideUpdateView ✅
+- `parks/views.py`: ParkCreateView, ParkUpdateView ✅
+- `companies/views.py`: CompanyCreateView, ManufacturerCreateView, CompanyUpdateView, ManufacturerUpdateView ✅
+- `location/views.py`: LocationCreateView, LocationUpdateView, LocationDeleteView ✅
+- `accounts/views.py`: SettingsView ✅
+- `moderation/views.py`: DashboardView ✅
+
+**PUBLIC VIEWS (No LoginRequiredMixin found - CORRECT):**
+- `parks/views.py`: ParkListView, ParkDetailView, ParkAreaDetailView ✅
+- `rides/views.py`: RideDetailView, RideListView, SingleCategoryListView, RideSearchView ✅
+- `companies/views.py`: CompanyListView, ManufacturerListView, CompanyDetailView, ManufacturerDetailView ✅
+
+### Phase 2: @login_required Decorator Search
+Found 16 instances across the codebase:
+
+**CORRECTLY REQUIRING AUTHENTICATION (Moderation/Admin functions):**
+- `moderation/views.py`: All search functions (search_parks, search_manufacturers, search_designers, search_ride_models) ✅
+  - These are specifically for moderation dashboard with role checks
+- `moderation/views.py`: All submission management functions ✅
+- `media/views.py`: All photo upload/management functions ✅
+- `accounts/views.py`: user_redirect_view ✅
+
+**PUBLIC FUNCTIONS (No @login_required found - CORRECT):**
+- `rides/views.py`: search_manufacturers, search_designers, search_ride_models ✅
+- `parks/views.py`: search_parks, location_search, reverse_geocode ✅
+
+### Phase 3: URL Pattern Analysis
+Reviewed `thrillwiki/urls.py`:
+- No authentication middleware blocking public access ✅
+- All URL patterns correctly configured for public browsing ✅
+- Authentication only required for account-specific URLs ✅
+
+### Phase 4: Autocomplete/AJAX Endpoint Review
+- Autocomplete directory referenced in main URLs but doesn't exist (legacy reference)
+- All current autocomplete functionality properly implemented in search app ✅
+- HTMX endpoints in search app are public as required ✅
+
+## Issues Identified
+**NO AUTHENTICATION ISSUES FOUND** ✅
+
+All authentication requirements are correctly implemented:
+1. **Public access** properly maintained for browsing, viewing, and searching
+2. **Authentication required** only for creating, editing, uploading, and administrative functions
+3. **No unnecessary authentication barriers** blocking public content access
+
+## Fixes Applied
+**NONE REQUIRED** - All authentication is correctly configured
+
+Previous fixes from 2025-06-25 were sufficient:
+- RideSearchView: LoginRequiredMixin correctly removed ✅
+- Search helper functions: @login_required correctly removed ✅
+
+## Testing Results
+**COMPREHENSIVE AUDIT COMPLETED** ✅
+
+Verified authentication requirements across:
+- ✅ 6 Django apps (rides, parks, companies, location, accounts, moderation)
+- ✅ 20 LoginRequiredMixin instances
+- ✅ 16 @login_required decorator instances
+- ✅ Main URL configuration
+- ✅ All public browsing functionality
+- ✅ All creation/editing functionality
+- ✅ All administrative functionality
+
+## Summary
+**AUTHENTICATION AUDIT RESULT: PASS** ✅
+
+The ThrillWiki Django application has **correctly implemented authentication requirements**. No additional fixes are needed.
+
+**What is PUBLIC (correctly configured):**
+- ✅ Viewing park details, ride details, lists
+- ✅ Searching parks, rides, manufacturers, designers
+- ✅ Browsing content (categories, lists, etc.)
+- ✅ Autocomplete functionality for search
+- ✅ Reading reviews/ratings (when implemented)
+- ✅ Viewing photos and media
+
+**What REQUIRES authentication (correctly configured):**
+- ✅ Creating/editing parks, rides, content
+- ✅ Submitting reviews, photos, content
+- ✅ Administrative functions
+- ✅ User account management
+- ✅ Moderation actions
+
+The previous authentication fixes for search functionality were the only issues present, and they have been successfully resolved.