From 9e6aed38840954dca3ab8c8f73d0adea466fb323 Mon Sep 17 00:00:00 2001
From: JoaquinBN <47780609+JoaquinBN@users.noreply.github.com>
Date: Sat, 10 Jan 2026 00:16:16 +0700
Subject: [PATCH 1/5] Restrict contribution submissions to users with required
 roles (#304)

Non-validators cannot submit validator contributions, and non-builders cannot submit builder contributions. Backend validation enforces role checks with 403 responses. Frontend disables contribution tabs and shows links to unlock journeys.
---
 backend/contributions/views.py                | 19 +++++++
 .../components/ContributionSelection.svelte   | 50 ++++++++++++++++++-
 frontend/src/routes/SubmitContribution.svelte |  3 ++
 3 files changed, 70 insertions(+), 2 deletions(-)

diff --git a/backend/contributions/views.py b/backend/contributions/views.py
index 5e7ec6d..2ed6461 100644
--- a/backend/contributions/views.py
+++ b/backend/contributions/views.py
@@ -657,6 +657,25 @@ def create(self, request, *args, **kwargs):
                     status=status.HTTP_400_BAD_REQUEST
                 )
 
+        # Validate category restrictions based on user role
+        contribution_type_id = data.get('contribution_type')
+        if contribution_type_id:
+            try:
+                contribution_type = ContributionType.objects.select_related('category').get(id=contribution_type_id)
+                if contribution_type.category:
+                    if contribution_type.category.slug == 'builder' and not hasattr(request.user, 'builder'):
+                        return Response(
+                            {'error': 'You must complete the Builder Welcome journey before submitting builder contributions.'},
+                            status=status.HTTP_403_FORBIDDEN
+                        )
+                    if contribution_type.category.slug == 'validator' and not hasattr(request.user, 'validator'):
+                        return Response(
+                            {'error': 'You must complete the Validator Waitlist journey before submitting validator contributions.'},
+                            status=status.HTTP_403_FORBIDDEN
+                        )
+            except ContributionType.DoesNotExist:
+                pass
+
         serializer = self.get_serializer(data=data)
         serializer.is_valid(raise_exception=True)
         self.perform_create(serializer)
diff --git a/frontend/src/lib/components/ContributionSelection.svelte b/frontend/src/lib/components/ContributionSelection.svelte
index 243618f..ba31e43 100644
--- a/frontend/src/lib/components/ContributionSelection.svelte
+++ b/frontend/src/lib/components/ContributionSelection.svelte
@@ -15,9 +15,14 @@
 		providedContributionTypes = null,  // Allow passing types from parent
 		disabled = false,  // Disable selection when locked (e.g., mission)
 		selectedMission = $bindable(null),  // Currently selected mission
+		isValidator = true,
+		isBuilder = true,
 		onSelectionChange = () => {}
 	} = $props();
 
+	let validatorTabDisabled = $derived(!isValidator && !stewardMode);
+	let builderTabDisabled = $derived(!isBuilder && !stewardMode);
+
 	let contributionTypes = $state([]);
 	let missions = $state([]);  // All missions
 	let filteredTypes = $state([]);
@@ -268,8 +273,10 @@
 				type="button"
 				class="category-btn"
 				class:active={selectedCategory === 'validator'}
+				class:disabled={validatorTabDisabled}
 				style={selectedCategory === 'validator' ? 'background: #e0f2fe; color: #0369a1;' : ''}
-				onclick={() => selectCategory('validator')}
+				onclick={() => !validatorTabDisabled && selectCategory('validator')}
+				disabled={validatorTabDisabled}
 			>
 				Validator
 			</button>
@@ -277,13 +284,27 @@
 				type="button"
 				class="category-btn"
 				class:active={selectedCategory === 'builder'}
+				class:disabled={builderTabDisabled}
 				style={selectedCategory === 'builder' ? 'background: #ffedd5; color: #c2410c;' : ''}
-				onclick={() => selectCategory('builder')}
+				onclick={() => !builderTabDisabled && selectCategory('builder')}
+				disabled={builderTabDisabled}
 			>
 				Builder
 			</button>
 		</div>
 
+		{#if validatorTabDisabled || builderTabDisabled}
+			<div class="category-locked-message">
+				{#if validatorTabDisabled && builderTabDisabled}
+					Complete a journey to submit contributions: <a href="#/validators/waitlist">Validator Waitlist</a> or <a href="#/builders/welcome">Builder Welcome</a>
+				{:else if validatorTabDisabled}
+					<a href="#/validators/waitlist">Complete the Validator Waitlist journey</a> to submit validator contributions.
+				{:else}
+					<a href="#/builders/welcome">Complete the Builder Welcome journey</a> to submit builder contributions.
+				{/if}
+			</div>
+		{/if}
+
 		<!-- Contribution Type Dropdown/Search -->
 		<div class="contribution-type-selector">
 		<div class="dropdown-container" class:last-element={!selectedContributionType} class:dropdown-open={dropdownOpen}>
@@ -495,6 +516,31 @@
 		position: relative;
 	}
 
+	.category-btn.disabled {
+		opacity: 0.5;
+		cursor: not-allowed;
+	}
+
+	.category-btn.disabled:hover {
+		background: transparent;
+	}
+
+	.category-locked-message {
+		padding: 0.75rem 1rem;
+		background: #fef3c7;
+		border: 1px solid #f59e0b;
+		border-radius: 0.375rem;
+		margin-top: 0.75rem;
+		font-size: 0.875rem;
+		color: #92400e;
+	}
+
+	.category-locked-message a {
+		color: #d97706;
+		font-weight: 500;
+		text-decoration: underline;
+	}
+
 	.contribution-type-selector {
 		position: relative;
 		margin-top: 0;
diff --git a/frontend/src/routes/SubmitContribution.svelte b/frontend/src/routes/SubmitContribution.svelte
index 7372e52..7438b84 100644
--- a/frontend/src/routes/SubmitContribution.svelte
+++ b/frontend/src/routes/SubmitContribution.svelte
@@ -1,6 +1,7 @@
 <script>
   import { push, querystring } from 'svelte-spa-router';
   import { authState } from '../lib/auth.js';
+  import { userStore } from '../lib/userStore';
   import { onMount } from 'svelte';
   import api, { contributionsAPI } from '../lib/api.js';
   import ContributionSelection from '../lib/components/ContributionSelection.svelte';
@@ -346,6 +347,8 @@
           defaultContributionType={formData.contribution_type}
           onlySubmittable={true}
           stewardMode={false}
+          isValidator={!!$userStore.user?.validator}
+          isBuilder={!!$userStore.user?.builder}
           onSelectionChange={handleSelectionChange}
         />
       </div>

From 314f22ba46e3720948318dceca1cf768a3d66e27 Mon Sep 17 00:00:00 2001
From: JoaquinBN <joaquinbressan@gmail.com>
Date: Fri, 9 Jan 2026 18:16:54 +0100
Subject: [PATCH 2/5] Add mission filtering to AllContributions and make
 mission titles clickable

- Backend: Enable mission filtering in ContributionViewSet
- Frontend: Add mission state and URL parameter handling to AllContributions
- Frontend: Make mission title clickable to filter contributions by mission
---
 backend/contributions/views.py              |  2 +-
 frontend/src/components/Missions.svelte     |  7 ++++++-
 frontend/src/routes/AllContributions.svelte | 21 ++++++++++++++++++---
 3 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/backend/contributions/views.py b/backend/contributions/views.py
index 5e7ec6d..a927a04 100644
--- a/backend/contributions/views.py
+++ b/backend/contributions/views.py
@@ -206,7 +206,7 @@ class ContributionViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = ContributionSerializer
     permission_classes = [permissions.AllowAny]  # Allow read-only access without authentication
     filter_backends = [DjangoFilterBackend, filters.SearchFilter, filters.OrderingFilter]
-    filterset_fields = ['user', 'contribution_type']
+    filterset_fields = ['user', 'contribution_type', 'mission']
     search_fields = ['notes', 'user__email', 'user__name', 'contribution_type__name']
     ordering_fields = ['contribution_date', 'created_at', 'points', 'frozen_global_points']
     ordering = ['-contribution_date']
diff --git a/frontend/src/components/Missions.svelte b/frontend/src/components/Missions.svelte
index 857798c..db8bd12 100644
--- a/frontend/src/components/Missions.svelte
+++ b/frontend/src/components/Missions.svelte
@@ -258,7 +258,12 @@
       <div class="px-4 py-3 border-b last:border-b-0 hover:bg-gray-50 transition-colors">
         <!-- Title row with badges and submit button -->
         <div class="flex items-center gap-3 mb-2 flex-wrap">
-          <h3 class="text-base font-bold font-heading text-gray-900">{mission.name}</h3>
+          <button
+            onclick={() => push(`/all-contributions?mission=${mission.id}&category=${$currentCategory !== 'global' ? $currentCategory : 'validator'}`)}
+            class="text-base font-bold font-heading text-gray-900 {colors.titleTextHover} transition-colors text-left"
+          >
+            {mission.name}
+          </button>
 
           {#if mission.contribution_type_details}
             <Badge
diff --git a/frontend/src/routes/AllContributions.svelte b/frontend/src/routes/AllContributions.svelte
index 5fca732..3237fd9 100644
--- a/frontend/src/routes/AllContributions.svelte
+++ b/frontend/src/routes/AllContributions.svelte
@@ -10,11 +10,13 @@
   let participantFilter = $state(''); // Name or address
   let selectedCategory = $state('validator'); // 'validator' or 'builder' (no "all" option)
   let selectedContributionType = $state(null); // Full contribution type object
+  let selectedMission = $state(null); // Mission ID from ContributionSelection
   let sortBy = $state('-contribution_date'); // Sorting
 
   // === APPLIED FILTERS (what's actually being used) ===
   let appliedCategory = $state('validator');
   let appliedTypeId = $state(''); // Track which type filter is actually applied
+  let appliedMissionId = $state(''); // Track which mission filter is actually applied
 
   // === DATA STATE ===
   let contributions = $state([]);
@@ -42,8 +44,8 @@
         page: currentPage,
         page_size: pageSize,
         ordering: sortBy,
-        // Only group if no specific type is applied
-        group_consecutive: !appliedTypeId
+        // Only group if no specific type or mission is applied
+        group_consecutive: !appliedTypeId && !appliedMissionId
       };
 
       // Participant filter
@@ -62,6 +64,9 @@
       // Type filter - use the applied type, not the selected one
       if (appliedTypeId) params.contribution_type = appliedTypeId;
 
+      // Mission filter
+      if (appliedMissionId) params.mission = appliedMissionId;
+
       // Fetch contributions
       const response = await contributionsAPI.getContributions(params);
       contributions = response.data.results || [];
@@ -92,6 +97,7 @@
     // Store the applied filters
     appliedCategory = selectedCategory;
     appliedTypeId = selectedContributionType?.id || '';
+    appliedMissionId = selectedMission || '';
 
     if (participantFilter && looksLikeAddress(participantFilter)) {
       loadUserDetails(participantFilter);
@@ -106,8 +112,10 @@
     participantFilter = '';
     selectedCategory = 'validator'; // Reset to default
     selectedContributionType = null;
+    selectedMission = null;
     appliedCategory = 'validator';
     appliedTypeId = '';
+    appliedMissionId = '';
     sortBy = '-contribution_date';
     userDetails = null;
     currentPage = 1;
@@ -143,6 +151,11 @@
       appliedTypeId = typeId;
       // selectedContributionType will be set by ContributionSelection when it loads
     }
+    if (params.get('mission')) {
+      const missionId = params.get('mission');
+      appliedMissionId = missionId;
+      selectedMission = Number(missionId);
+    }
     if (params.get('sort')) sortBy = params.get('sort');
     if (params.get('page')) currentPage = Number(params.get('page'));
   }
@@ -152,6 +165,7 @@
     if (participantFilter) params.set('user', participantFilter);
     if (appliedCategory) params.set('category', appliedCategory);
     if (appliedTypeId) params.set('type', String(appliedTypeId));
+    if (appliedMissionId) params.set('mission', String(appliedMissionId));
     if (sortBy !== '-contribution_date') params.set('sort', sortBy);
     if (currentPage > 1) params.set('page', String(currentPage));
 
@@ -199,6 +213,7 @@
       <ContributionSelection
         bind:selectedCategory
         bind:selectedContributionType
+        bind:selectedMission
         defaultContributionType={appliedTypeId ? Number(appliedTypeId) : null}
         onlySubmittable={false}
       />
@@ -260,7 +275,7 @@
     {error}
     showUser={true}
     category={appliedCategory}
-    disableGrouping={!!appliedTypeId}
+    disableGrouping={!!appliedTypeId || !!appliedMissionId}
   />
 
   <!-- PAGINATION -->

From 52492ca480b228c0ea8f91f53e1e820ef1fdb95f Mon Sep 17 00:00:00 2001
From: JoaquinBN <joaquinbressan@gmail.com>
Date: Fri, 9 Jan 2026 18:58:36 +0100
Subject: [PATCH 3/5] Add role-based input field guard for contribution
 submissions

- Allow users to freely switch between Validator and Builder tabs
- Disable input field when selected category role is missing
- Move role requirement message below selector with category-specific text
- Show 'Role required' placeholder and disable dropdown when role is missing
---
 .../components/ContributionSelection.svelte   | 38 +++++++++----------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/frontend/src/lib/components/ContributionSelection.svelte b/frontend/src/lib/components/ContributionSelection.svelte
index ba31e43..81febe1 100644
--- a/frontend/src/lib/components/ContributionSelection.svelte
+++ b/frontend/src/lib/components/ContributionSelection.svelte
@@ -22,6 +22,10 @@
 
 	let validatorTabDisabled = $derived(!isValidator && !stewardMode);
 	let builderTabDisabled = $derived(!isBuilder && !stewardMode);
+	let currentCategoryDisabled = $derived(
+		(selectedCategory === 'validator' && !isValidator && !stewardMode) ||
+		(selectedCategory === 'builder' && !isBuilder && !stewardMode)
+	);
 
 	let contributionTypes = $state([]);
 	let missions = $state([]);  // All missions
@@ -275,8 +279,7 @@
 				class:active={selectedCategory === 'validator'}
 				class:disabled={validatorTabDisabled}
 				style={selectedCategory === 'validator' ? 'background: #e0f2fe; color: #0369a1;' : ''}
-				onclick={() => !validatorTabDisabled && selectCategory('validator')}
-				disabled={validatorTabDisabled}
+				onclick={() => selectCategory('validator')}
 			>
 				Validator
 			</button>
@@ -286,25 +289,12 @@
 				class:active={selectedCategory === 'builder'}
 				class:disabled={builderTabDisabled}
 				style={selectedCategory === 'builder' ? 'background: #ffedd5; color: #c2410c;' : ''}
-				onclick={() => !builderTabDisabled && selectCategory('builder')}
-				disabled={builderTabDisabled}
+				onclick={() => selectCategory('builder')}
 			>
 				Builder
 			</button>
 		</div>
 
-		{#if validatorTabDisabled || builderTabDisabled}
-			<div class="category-locked-message">
-				{#if validatorTabDisabled && builderTabDisabled}
-					Complete a journey to submit contributions: <a href="#/validators/waitlist">Validator Waitlist</a> or <a href="#/builders/welcome">Builder Welcome</a>
-				{:else if validatorTabDisabled}
-					<a href="#/validators/waitlist">Complete the Validator Waitlist journey</a> to submit validator contributions.
-				{:else}
-					<a href="#/builders/welcome">Complete the Builder Welcome journey</a> to submit builder contributions.
-				{/if}
-			</div>
-		{/if}
-
 		<!-- Contribution Type Dropdown/Search -->
 		<div class="contribution-type-selector">
 		<div class="dropdown-container" class:last-element={!selectedContributionType} class:dropdown-open={dropdownOpen}>
@@ -317,17 +307,17 @@
 			<input
 				type="text"
 				class="search-input"
-				placeholder={loading ? "Loading..." : disabled ? "Locked to mission" : "Select or search contribution type..."}
+				placeholder={loading ? "Loading..." : disabled ? "Locked to mission" : currentCategoryDisabled ? "Role required" : "Select or search contribution type..."}
 				bind:value={searchQuery}
 				oninput={handleSearchInput}
 				onfocus={handleSearchFocus}
 				onblur={handleSearchBlur}
-				disabled={loading || disabled}
+				disabled={loading || disabled || currentCategoryDisabled}
 			/>
 			<button
 				class="dropdown-arrow"
 				onclick={handleDropdownClick}
-				disabled={loading || disabled}
+				disabled={loading || disabled || currentCategoryDisabled}
 			>
 				<svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg">
 					<path d="M3 4.5L6 7.5L9 4.5" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
@@ -447,6 +437,16 @@
 				{/if}
 			</div>
 		{/if}
+
+		{#if currentCategoryDisabled}
+			<div class="category-locked-message">
+				{#if selectedCategory === 'validator'}
+					You need to be a validator to submit validator contributions. You can enter the <a href="#/validators/waitlist">Validator Waitlist</a>.
+				{:else}
+					Complete the <a href="#/builders/welcome">Builder Welcome journey</a> to submit builder contributions.
+				{/if}
+			</div>
+		{/if}
 	</div>
 </div>
 

From 4954127d128b696f23d6f0ffab1498fa58fe18ad Mon Sep 17 00:00:00 2001
From: JoaquinBN <joaquinbressan@gmail.com>
Date: Fri, 9 Jan 2026 18:58:51 +0100
Subject: [PATCH 4/5] Add participant search bar to navbar with autocomplete
 dropdown

---
 backend/users/views.py                   |  30 ++-
 frontend/src/components/Navbar.svelte    |   6 +-
 frontend/src/components/SearchBar.svelte | 280 +++++++++++++++++++++++
 frontend/src/lib/api.js                  |   3 +-
 4 files changed, 316 insertions(+), 3 deletions(-)
 create mode 100644 frontend/src/components/SearchBar.svelte

diff --git a/backend/users/views.py b/backend/users/views.py
index b816712..4f9bb07 100644
--- a/backend/users/views.py
+++ b/backend/users/views.py
@@ -5,7 +5,7 @@
 from rest_framework.parsers import MultiPartParser, FormParser
 from django.shortcuts import get_object_or_404
 from django.conf import settings
-from django.db.models import Sum
+from django.db.models import Sum, Q
 from .models import User
 from .serializers import UserSerializer, UserCreateSerializer, UserProfileUpdateSerializer
 from .cloudinary_service import CloudinaryService
@@ -788,3 +788,31 @@ def referrals(self, request):
             'validator_points': validator_pts,
             'referrals': referral_list
         })
+
+    @action(detail=False, methods=['get'], permission_classes=[IsAuthenticated])
+    def search(self, request):
+        """Search users by name, address, email, or social handles."""
+        query = request.query_params.get('q', '').strip()
+
+        if len(query) < 2:
+            return Response([])
+
+        users = User.objects.filter(
+            Q(name__icontains=query) |
+            Q(address__icontains=query) |
+            Q(email__icontains=query) |
+            Q(twitter_handle__icontains=query) |
+            Q(discord_handle__icontains=query) |
+            Q(telegram_handle__icontains=query) |
+            Q(github_username__icontains=query)
+        ).filter(visible=True)[:10]
+
+        return Response([
+            {
+                'id': user.id,
+                'name': user.name,
+                'address': user.address,
+                'profile_image_url': user.profile_image_url
+            }
+            for user in users
+        ])
diff --git a/frontend/src/components/Navbar.svelte b/frontend/src/components/Navbar.svelte
index f221028..8628359 100644
--- a/frontend/src/components/Navbar.svelte
+++ b/frontend/src/components/Navbar.svelte
@@ -2,6 +2,7 @@
   import { push, location } from 'svelte-spa-router';
   import AuthButton from './AuthButton.svelte';
   import ReferralSection from './ReferralSection.svelte';
+  import SearchBar from './SearchBar.svelte';
   import Icon from './Icons.svelte';
   import { authState } from '../lib/auth.js';
   import { categoryTheme, currentCategory } from '../stores/category.js';
@@ -52,8 +53,11 @@
     <!-- Right section with actions -->
     <div class="flex-1 flex justify-end items-center h-16 px-4">
       <div class="hidden md:flex items-center gap-4">
+        {#if $authState.isAuthenticated}
+          <SearchBar />
+        {/if}
         <ReferralSection />
-        <button 
+        <button
           onclick={handleSubmitContribution}
           class="px-4 py-2 {$categoryTheme.button} rounded-md font-medium"
         >
diff --git a/frontend/src/components/SearchBar.svelte b/frontend/src/components/SearchBar.svelte
new file mode 100644
index 0000000..3bfa322
--- /dev/null
+++ b/frontend/src/components/SearchBar.svelte
@@ -0,0 +1,280 @@
+<script>
+  import { push } from 'svelte-spa-router';
+  import { onMount } from 'svelte';
+  import { usersAPI } from '../lib/api';
+  import Avatar from './Avatar.svelte';
+
+  let query = $state('');
+  let results = $state([]);
+  let isOpen = $state(false);
+  let isLoading = $state(false);
+  let selectedIndex = $state(-1);
+  let debounceTimeout = $state(null);
+  let containerRef = $state(null);
+
+  function handleInput(event) {
+    query = event.target.value;
+    selectedIndex = -1;
+
+    if (debounceTimeout) {
+      clearTimeout(debounceTimeout);
+    }
+
+    if (query.trim().length < 2) {
+      results = [];
+      isOpen = false;
+      return;
+    }
+
+    debounceTimeout = setTimeout(async () => {
+      await performSearch();
+    }, 300);
+  }
+
+  async function performSearch() {
+    if (query.trim().length < 2) return;
+
+    isLoading = true;
+    try {
+      const response = await usersAPI.searchUsers(query.trim());
+      results = response.data;
+      isOpen = results.length > 0;
+    } catch (error) {
+      results = [];
+      isOpen = false;
+    } finally {
+      isLoading = false;
+    }
+  }
+
+  function handleResultClick(user) {
+    navigateToUser(user);
+  }
+
+  function navigateToUser(user) {
+    query = '';
+    results = [];
+    isOpen = false;
+    push(`/participant/${user.address}`);
+  }
+
+  function handleKeydown(event) {
+    if (!isOpen || results.length === 0) return;
+
+    switch (event.key) {
+      case 'ArrowDown':
+        event.preventDefault();
+        selectedIndex = Math.min(selectedIndex + 1, results.length - 1);
+        break;
+      case 'ArrowUp':
+        event.preventDefault();
+        selectedIndex = Math.max(selectedIndex - 1, -1);
+        break;
+      case 'Enter':
+        event.preventDefault();
+        if (selectedIndex >= 0 && results[selectedIndex]) {
+          navigateToUser(results[selectedIndex]);
+        }
+        break;
+      case 'Escape':
+        isOpen = false;
+        selectedIndex = -1;
+        break;
+    }
+  }
+
+  function handleClickOutside(event) {
+    if (containerRef && !containerRef.contains(event.target)) {
+      isOpen = false;
+      selectedIndex = -1;
+    }
+  }
+
+  function handleFocus() {
+    if (results.length > 0) {
+      isOpen = true;
+    }
+  }
+
+  function formatAddress(addr) {
+    if (!addr) return '';
+    return `${addr.substring(0, 6)}...${addr.substring(addr.length - 4)}`;
+  }
+
+  onMount(() => {
+    document.addEventListener('click', handleClickOutside);
+    return () => {
+      document.removeEventListener('click', handleClickOutside);
+      if (debounceTimeout) {
+        clearTimeout(debounceTimeout);
+      }
+    };
+  });
+</script>
+
+<div class="search-container" bind:this={containerRef}>
+  <div class="search-input-wrapper">
+    <svg
+      class="search-icon"
+      fill="none"
+      stroke="currentColor"
+      viewBox="0 0 24 24"
+    >
+      <path
+        stroke-linecap="round"
+        stroke-linejoin="round"
+        stroke-width="2"
+        d="M21 21l-6-6m2-5a7 7 0 11-14 0 7 7 0 0114 0z"
+      />
+    </svg>
+    <input
+      type="text"
+      placeholder="Search participants..."
+      value={query}
+      oninput={handleInput}
+      onkeydown={handleKeydown}
+      onfocus={handleFocus}
+      class="search-input"
+    />
+    {#if isLoading}
+      <div class="loading-spinner"></div>
+    {/if}
+  </div>
+
+  {#if isOpen && results.length > 0}
+    <div class="search-dropdown">
+      {#each results as user, index}
+        <button
+          class="search-result {index === selectedIndex ? 'selected' : ''}"
+          onclick={() => handleResultClick(user)}
+          onmouseenter={() => { selectedIndex = index; }}
+        >
+          <Avatar {user} size="sm" />
+          <div class="result-info">
+            <span class="result-name">{user.name || 'Anonymous'}</span>
+            <span class="result-address">{formatAddress(user.address)}</span>
+          </div>
+        </button>
+      {/each}
+    </div>
+  {/if}
+</div>
+
+<style>
+  .search-container {
+    position: relative;
+    width: 280px;
+  }
+
+  .search-input-wrapper {
+    position: relative;
+    display: flex;
+    align-items: center;
+  }
+
+  .search-icon {
+    position: absolute;
+    left: 0.75rem;
+    width: 1rem;
+    height: 1rem;
+    color: #9ca3af;
+    pointer-events: none;
+  }
+
+  .search-input {
+    width: 100%;
+    padding: 0.5rem 0.75rem 0.5rem 2.25rem;
+    border: 1px solid #e5e7eb;
+    border-radius: 0.5rem;
+    font-size: 0.875rem;
+    background-color: #f9fafb;
+    transition: all 0.2s;
+  }
+
+  .search-input:focus {
+    outline: none;
+    border-color: #2563eb;
+    background-color: white;
+    box-shadow: 0 0 0 3px rgba(37, 99, 235, 0.1);
+  }
+
+  .search-input::placeholder {
+    color: #9ca3af;
+  }
+
+  .loading-spinner {
+    position: absolute;
+    right: 0.75rem;
+    width: 1rem;
+    height: 1rem;
+    border: 2px solid #e5e7eb;
+    border-radius: 50%;
+    border-top-color: #2563eb;
+    animation: spin 0.8s linear infinite;
+  }
+
+  @keyframes spin {
+    to { transform: rotate(360deg); }
+  }
+
+  .search-dropdown {
+    position: absolute;
+    top: calc(100% + 0.5rem);
+    left: 0;
+    right: 0;
+    z-index: 50;
+    background-color: white;
+    border-radius: 0.5rem;
+    box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1), 0 2px 4px -1px rgba(0, 0, 0, 0.06);
+    border: 1px solid #e5e7eb;
+    max-height: 320px;
+    overflow-y: auto;
+  }
+
+  .search-result {
+    display: flex;
+    align-items: center;
+    gap: 0.75rem;
+    width: 100%;
+    padding: 0.75rem;
+    text-align: left;
+    background: none;
+    border: none;
+    cursor: pointer;
+    transition: background-color 0.15s;
+  }
+
+  .search-result:hover,
+  .search-result.selected {
+    background-color: #f3f4f6;
+  }
+
+  .search-result:first-child {
+    border-radius: 0.5rem 0.5rem 0 0;
+  }
+
+  .search-result:last-child {
+    border-radius: 0 0 0.5rem 0.5rem;
+  }
+
+  .result-info {
+    display: flex;
+    flex-direction: column;
+    min-width: 0;
+  }
+
+  .result-name {
+    font-size: 0.875rem;
+    font-weight: 500;
+    color: #111827;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+  }
+
+  .result-address {
+    font-size: 0.75rem;
+    color: #6b7280;
+    font-family: monospace;
+  }
+</style>
diff --git a/frontend/src/lib/api.js b/frontend/src/lib/api.js
index d120d96..c3b8867 100644
--- a/frontend/src/lib/api.js
+++ b/frontend/src/lib/api.js
@@ -62,7 +62,8 @@ export const usersAPI = {
   getDeploymentStatus: () => api.get('/users/deployment_status/'),
   getActiveValidators: () => api.get('/users/validators/'),
   getReferrals: () => api.get('/users/referrals/'),
-  getReferralPoints: () => api.get('/users/referral_points/')
+  getReferralPoints: () => api.get('/users/referral_points/'),
+  searchUsers: (query) => api.get('/users/search/', { params: { q: query } })
 };
 
 // API endpoints for contributions

From 0a2850d389d4a20b580369798105ea927eff2261 Mon Sep 17 00:00:00 2001
From: JoaquinBN <joaquinbressan@gmail.com>
Date: Sat, 10 Jan 2026 12:33:48 +0100
Subject: [PATCH 5/5] Add CRON_SYNC_TOKEN environment secret to App Runner
 deployment

Add CRON_SYNC_TOKEN as a runtime environment secret that references the AWS SSM Parameter Store. Also remove hardcoded CPU and Memory configuration from the deployment script to allow managing instance sizes directly from the AWS console.
---
 backend/.env.example        |  6 +++++-
 backend/deploy-apprunner.sh | 10 ++++------
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/backend/.env.example b/backend/.env.example
index d0fd0e7..a1fa147 100644
--- a/backend/.env.example
+++ b/backend/.env.example
@@ -78,4 +78,8 @@ GITHUB_ENCRYPTION_KEY=your_encryption_key_here
 # For production: Get real keys at https://www.google.com/recaptcha/admin
 # Select "reCAPTCHA v2" > "I'm not a robot" Checkbox
 RECAPTCHA_PUBLIC_KEY=6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
-RECAPTCHA_PRIVATE_KEY=6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
\ No newline at end of file
+RECAPTCHA_PRIVATE_KEY=6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
+
+# Cron Sync Token
+# Used for authenticating cron job requests to sync validators
+CRON_SYNC_TOKEN=your_cron_sync_token_here
\ No newline at end of file
diff --git a/backend/deploy-apprunner.sh b/backend/deploy-apprunner.sh
index 555c601..b9e6295 100755
--- a/backend/deploy-apprunner.sh
+++ b/backend/deploy-apprunner.sh
@@ -211,7 +211,8 @@ if aws apprunner describe-service --service-arn arn:aws:apprunner:$REGION:$ACCOU
           "GITHUB_ENCRYPTION_KEY": "$SSM_PREFIX/prod/github_encryption_key",
           "GITHUB_REPO_TO_STAR": "$SSM_PREFIX/prod/github_repo_to_star",
           "RECAPTCHA_PUBLIC_KEY": "$SSM_PREFIX/prod/recaptcha_public_key",
-          "RECAPTCHA_PRIVATE_KEY": "$SSM_PREFIX/prod/recaptcha_private_key"
+          "RECAPTCHA_PRIVATE_KEY": "$SSM_PREFIX/prod/recaptcha_private_key",
+          "CRON_SYNC_TOKEN": "$SSM_PREFIX/prod/cron_sync_token"
         },
         "StartCommand": "./startup.sh gunicorn --bind 0.0.0.0:8000 --timeout 180 --workers 2 tally.wsgi:application"
       },
@@ -223,8 +224,6 @@ if aws apprunner describe-service --service-arn arn:aws:apprunner:$REGION:$ACCOU
     }
   },
   "InstanceConfiguration": {
-    "Cpu": "0.25 vCPU",
-    "Memory": "0.5 GB",
     "InstanceRoleArn": "arn:aws:iam::$ACCOUNT_ID:role/AppRunnerInstanceRole"
   },
   "HealthCheckConfiguration": {
@@ -293,7 +292,8 @@ else
           "GITHUB_ENCRYPTION_KEY": "$SSM_PREFIX/prod/github_encryption_key",
           "GITHUB_REPO_TO_STAR": "$SSM_PREFIX/prod/github_repo_to_star",
           "RECAPTCHA_PUBLIC_KEY": "$SSM_PREFIX/prod/recaptcha_public_key",
-          "RECAPTCHA_PRIVATE_KEY": "$SSM_PREFIX/prod/recaptcha_private_key"
+          "RECAPTCHA_PRIVATE_KEY": "$SSM_PREFIX/prod/recaptcha_private_key",
+          "CRON_SYNC_TOKEN": "$SSM_PREFIX/prod/cron_sync_token"
         },
         "StartCommand": "./startup.sh gunicorn --bind 0.0.0.0:8000 --timeout 180 --workers 2 tally.wsgi:application"
       },
@@ -305,8 +305,6 @@ else
     }
   },
   "InstanceConfiguration": {
-    "Cpu": "0.25 vCPU",
-    "Memory": "0.5 GB",
     "InstanceRoleArn": "arn:aws:iam::$ACCOUNT_ID:role/AppRunnerInstanceRole"
   },
   "HealthCheckConfiguration": {