Register a user (replace with your details):
  curl -X POST http://localhost:8080/api/auth/register \
    -H "Content-Type: application/json" \
    -d '{"username":"testuser","password":"testpass123"}'
  Response: {"message":"User registered successfully"}

  Login to get JWT token (use same credentials):
  curl -X POST http://localhost:8080/api/auth/login \
    -H "Content-Type: application/json" \
    -d '{"username":"testuser","password":"testpass123"}'
  Response: {"token":"","username":"testuser"}

  Store token (bash example):
  TOKEN=$(curl -s -X POST http://localhost:8080/api/auth/login \
    -H "Content-Type: application/json" \
    -d '{"username":"testuser","password":"testpass123"}' | jq -r '.token')

  Test protected endpoint (list jobs; requires token):
  curl -H "Authorization: Bearer $TOKEN" http://localhost:8080/api/jobs
  Response: JSON array of jobs (empty if none exist).

  Create a company (protected):
  curl -X POST http://localhost:8080/api/companies \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d '{"name":"Test Corp","website":"https://test.com","notes":"Test"}'

  Create a job (needs company ID from above):
  curl -X POST http://localhost:8080/api/jobs \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d '{"role":"Software Engineer","location":"Remote","company":{"id":"<company-id>"},"status":"APPLIED"}'

  List jobs by company:
  curl -H "Authorization: Bearer $TOKEN" http://localhost:8080/api/companies/<company-id>/jobs

  Export jobs as CSV:
  curl -H "Authorization: Bearer $TOKEN" http://localhost:8080/api/jobs/export -o jobs.csv

  Other endpoints follow similar patterns (PUT/PATCH/DELETE for updates/deletes). Change SECRET_KEY in JwtUtil.java to a secure value (env var recommended) and restart server. If 403, ensure token is
  valid/not expired. Let me know results!