# 2026-04-24 — Sprint Day 1 ## Sprint Kicked Off - Matt cleared the sprint brief. Board: Socrates 🧠 (backend), Daedalus 🎨 (frontend), Wadsworth 📋 (coordination) - Sprint brief: `shared/project-docs/sprint-brief-2026-04-24.md` ## Family Login — DELIVERED ✅ - `dashboard/templates/family_login.html` — warm, branded, mobile-first login page - `dashboard/router.py` — added `/family/login/` route + updated `GET /` and `GET /dashboard/` redirects - Auth router has a `redirect_url` referenced-before-assignment bug (Socrates' domain, flow still works via client-side redirect) - Handoff doc: `dashboard/FAMILY-LOGIN-HANDOFF.md` ## Still Waiting On - `/api/today` — ✅ already built by Socrates in dashboard router - `family.hoffdesk.com` tunnel — Wadsworth - Socrates to confirm route registration in main.py ## Pending This Sprint 1. Dashboard Jinja2 conversion (after tunnel + route confirmation) 2. Dashboard login page — ✅ DONE 3. Pipeline Phase 2 template wiring (blocked on Socrates) # 2026-04-24 — Sprint Day 1 ## Sprint Kicked Off - Matt cleared the sprint brief. Board: Socrates 🧠 (backend), Daedalus 🎨 (frontend), Wadsworth 📋 (coordination) - Sprint brief: `shared/project-docs/sprint-brief-2026-04-24.md` ## Family Login — DELIVERED ✅ - `dashboard/templates/family_login.html` — warm, branded, mobile-first login page - `dashboard/router.py` — added `/family/login/` route + updated `GET /` and `GET /dashboard/` redirects - Auth router has a `redirect_url` referenced-before-assignment bug (Socrates' domain, flow still works via client-side redirect) - Handoff doc: `dashboard/FAMILY-LOGIN-HANDOFF.md` ## Still Waiting On - `/api/today` — ✅ already built by Socrates in dashboard router - `family.hoffdesk.com` tunnel — Wadsworth - Socrates to confirm route registration in main.py ## Pending This Sprint 1. Dashboard Jinja2 conversion (after tunnel + route confirmation) 2. Dashboard login page — ✅ DONE 3. Pipeline Phase 2 template wiring (blocked on Socrates) --- ## Late Session — Sprint Brief, Auth Unification, Subdomain Routing Plan ### Auth Unification (2026-04-24) - **Matt's call:** Session cookies for browsers, Bearer tokens for API/webhooks - Documented in `shared/project-docs/auth-unification.md` - Blog admin: `X-Admin-Token` → session cookie ✅ DONE - Content generation: `?token=` → session cookie ✅ DONE - Login page: now uses `/auth/login`, session cookie, redirect param ✅ DONE - Family admin: session cookie (wire the login route) - Removed events API: Bearer token (machine-to-machine) - Webhooks/bots: keep as-is - Aundrea logs in once, never sees a token - **Credentials:** matt/hoffdesk-matt-2026, aundrea/hoffdesk-aundrea-2026 - **Socrates delivered:** session middleware, /auth/login, /auth/me, /auth/logout - **Daedalus completed:** removed all X-Admin-Token, ?token=, API_TOKEN refs from all templates - **Token-free templates:** admin_base.html.j2, admin_editor.html.j2, admin_login.html.j2, magic_wand.html.j2, admin_dashboard.html.j2, admin_post_list.html.j2, pipeline_brief_form.html.j2, pipeline_brief_review.html.j2 - **401 redirect handler** added to admin_base.html.j2 (HTMX auto-redirects to /auth/login) - **Synced shared/project-docs/ copies** with production paths ### Recently Removed Events Widget - Built frontend widget in `dashboard/templates/index.html` - Polls `GET /family/events/removed?hours=24&limit=5` every 60s via JS fetch (not HTMX, since response is JSON) - Hidden by default, only appears when count > 0 - **Socrates spec updated** with cross-references to Daedalus' dashboard/REMOVED-WIDGET-SPEC.md - Updated auth to proxy pattern per Socrates' recommendation — no cookie in JS - **Handoff spec:** dashboard/REMOVED-WIDGET-SPEC.md ### Subdomain Routing Fix (Socrates' Plan) - **Problem:** Dashboard router at prefix="" intercepts root, so notes.hoffdesk.com shows family dashboard - **Solution (Socrates):** Starlette Host() routing — separate sub-apps per subdomain - Plan: `shared/research/subdomain-routing-implementation.md` (Socrates' workspace) - **Daedalus' recommendations:** - Do both: separate port tonight (quick fix) + host-based routing (proper fix) - Move blog/dashboard static files to shared/ so neither workspace is production source of truth - Convert dashboard to Jinja2 before host routing goes live - Add acceptance criteria: unauthenticated users see branded dashboard login, not generic /auth/login ### Domain Audit - **Live:** notes.hoffdesk.com, api.hoffdesk.com, cal.hoffdesk.com, hook.hoffdesk.com - **Zombie:** blog.hoffdesk.com (in tunnel config, no DNS CNAME) - **Dev-only:** proto.hoffdesk.com (manual startup, mock data — retire when family. is live) - **Not configured:** hoffdesk.com (bare domain), family.hoffdesk.com - **Hardcoded URLs to fix post-routing:** - magic_wand.html.j2 line 98: `const API_BASE = 'https://notes.hoffdesk.com/admin/content'` → make relative - admin_base.html.j2 line 30: Dashboard link → update to `https://family.hoffdesk.com/` - Blog SEO URLs at `hoffdesk.com/blog/` → keep (correct for permalinks) ### Model Change - Switched to **deepseek-v4-flash:cloud** (added to openclaw.json ollama models list, allowed in daedalus agent config) - Model provider: ollama-pro (cloud via OpenRouter/Ollama Pro) ### Created Files - `DOMAIN-ARCHITECTURE.md` — full subdomain map + route tree + problems - `SPRINT-BRIEF.md` — sprint planning brief with ownership tables - `shared/project-docs/auth-unification.md` — auth decision doc - `shared/project-docs/dashboard-socrates-handoff.md` — answers for Socrates - `shared/project-docs/sprint-brief-2026-04-24.md` — shared sprint brief - `dashboard/REMOVED-WIDGET-SPEC.md` — handoff spec for Socrates - `family.hoffdesk.com` tunnel and DNS pending