========================================
[Sun Feb  8 23:41:29 AEDT 2026] CC VPS triggered by Rivet
========================================

Task:
Fix bug: Message UI missing CSRF in messages/[conversationId]/page.tsx:131. Uses raw fetch() instead of csrfFetch(). Check how other components use csrfFetch and apply the same pattern.
----------------------------------------

## Fixed

**Changed:** `/src/app/(authenticated)/messages/[conversationId]/page.tsx:131`

**What:** Replaced raw `fetch()` with `csrfFetch()` for sending messages

**Why:** The message send endpoint was missing CSRF token headers, leaving it vulnerable to CSRF attacks. Now matches the pattern used in other POST endpoints (job posting, profile building).

Build passed, committed, and pushed to main.

----------------------------------------
[Sun Feb  8 23:42:51 AEDT 2026] Task finished (exit code: 0)
