# 2026-04-25 — Host Routing Rollout & Architecture Lock

## Wordmark Fix ✅
- Matt flagged wordmark was crunched (tagline overlapping "Desk" text)
- SVG canvas expanded: `400×128` → `440×160`
- Dropped `scale(0.85)` on the mark, restored ground line
- Re-spaced: Hoff at y=70, Desk at y=112, tagline at y=142 (30px buffer)
- Updated: `wordmark.svg`, `preview.html`, and live `brand-preview.html` on notes.hoffdesk.com

## Starlette Host Routing — FULLY DEPLOYED ✅

### What Changed
- Socrates wrote `main_v2.py` with Starlette `Host()` routing — 3 sub-apps (family, notes, blog) + dev mode fallback
- Systemd service updated from `main:app` → `main_v2:application`, host `127.0.0.1` → `0.0.0.0`
- Cloudflare tunnel ingress updated:
  - Removed `family.` → port 8001 split (now all through port 8000, Host routing handles dispatch)
  - Removed `blog.hoffdesk.com` (zombie subdomain, no DNS CNAME)
  - Added `hoffdesk.com` ingress entry
- DNS: `hoffdesk.com` apex changed from placeholder A record (192.0.2.1) to CNAME pointing to `*.cfargotunnel.com`

### Verification
| Subdomain | Result | Notes |
|-----------|--------|-------|
| `family.hoffdesk.com` | ✅ 302 → `/family/login/` | Dashboard app |
| `notes.hoffdesk.com` | ✅ 302 → `/admin/blog/` | Blog admin app (was showing dashboard before!) |
| `hoffdesk.com` | ✅ 302 → `/api/blog/` | Public blog app (was NXDOMAIN before) |
| `api.hoffdesk.com` | ✅ 200 | Health check pass |
| `cal.hoffdesk.com` | ✅ | Radicale, unchanged |
| `hook.hoffdesk.com` | ✅ | Webhooks, unchanged |

### Auth Testing
- `family.hoffdesk.com/family/login/` — POST /auth/login with `matt/hoffdesk-matt-2026` → ✅ 200, session cookie set
- `notes.hoffdesk.com/admin/blog/` — session cookie carries across subdomain → ✅ admin dashboard renders
- Credentials confirmed: `matt/hoffdesk-matt-2026`, `aundrea/hoffdesk-aundrea-2026`

## UI Enhancements
- **Password visibility toggle** (eye icon) added to both login pages:
  - `family_login.html` — toggle sits inside password input, eye/eye-off SVGs
  - `admin_login.html.j2` — same toggle, blog admin login
  - CSS: `.password-wrapper` with `.password-toggle` button, absolute positioned
  - JS: `togglePassword()` swaps `type="password"` ↔ `type="text"`

## Remaining
- Dashboard still served as static HTML (read_text), not Jinja2 — handoff doc `JINJA2-HANDOFF.md` written
- Pipeline Phase 2 templates still unwired (blocked on Socrates routes)
- `proto.hoffdesk.com` dev server still running, should retire
# 2026-04-25 — Continued: Codebase Reviews + Credential Security

## HoffDesk Agents — Full Codebase Review Delivered ✅

### What I Reviewed
- Full mono-repo: `agents/` (3 OpenClaw agents), `services/family_assistant/` (24 modules, ~10k lines), `shared/` (api-specs, schemas, project-docs)
- Every major Python module read: pipeline.py (1148), intent_engine.py (761), hermes.py (666), calendar_sync.py (660), location_cache.py (658), newsletter_parser.py (612), family_brain.py (495), document_sorter.py (486), cli.py (475), conflict_engine.py (415), conflict_notify.py (414), rejection_engine.py (412), maintenance_sentinel.py (376), config.py (369), clicker.py (303), slot_handler.py (309), appointment_parser.py (325), rrule_builder.py (273), email_webhook.py (252), setup.py (251), email_fetcher.py (224), intent_router.py (208), inbound_hook.py (173)
- GitHub: NightKnight64/hoffdesk-agents

### Key Findings
- **Overall score by dimension:** Architecture 8/10, Features 7/10, Code Quality 7/10, Portability 6/10, Commercial Viability 4/10, Security 6/10
- **CRITICAL: `.env` with live credentials lives inside the tracked repo tree** — gitignored but one force-push from exposure
- **CRITICAL: `appointment_retry.txt` is empty (0 lines)** — LLM retry path sends blank prompt, email silently fails
- Pipeline has ~500 lines of duplicated code (IMAP path vs webhook path)
- 23/24 modules have zero tests
- Gaming PC (Tailscale) is a hard dependency for embeddings + vision
- Circuit breaker pattern on IMAP auth is a smart pattern
- Shadow filtering (rejection_engine.py) events are demoted, not deleted — correct UX decision
- `rrule_builder.py` prevents LLM hallucination on recurrence — best pattern in the codebase
- Review written to `review/hoffdesk-agents-review.md`

## DHA Core — Codebase Review Delivered ✅

### What I Reviewed
- `/home/hoffmann_admin/dha-core-legacy` (NightKnight64/dha-core) — 10 files, 716 lines
- Historical prototype that became family-assistant
- Architecture: Abstract module framework (DHA_Module ABC) + EventBus + Service_Manifest YAML

### Key Findings
- Good abstraction design (plugin pattern via ABC + YAML manifest) but all adapters stubbed
- Google adapter returns hardcoded mock data, notification module just `print()`s, no real I/O
- `household.yaml` includes Maggie the dog with RBAC role — playful, but reflects prototype stage
- Portability 5/10 by virtue of being incomplete (minimal deps, but useless without wiring)
- Evolution value: 7/10 — taught patterns that shaped Family Assistant
- **Recommendation:** Archive on GitHub with "superseded by family-assistant" note

## Family Assistant (Standalone) — Reviewed ✅

### Relationship to hoffdesk-agents
- 22/24 Python files are byte-for-identical to the mono-repo version
- `hermes.py` differs (602 vs 666 lines — mono-repo has OpenClaw integration)
- `pipeline.py` differs by 1 byte
- Standalone repo has important artifacts mono-repo lacks: `systemd/` service files, Cloudflare `email_worker.js`, `WEBHOOK_DEPLOY.md`, backup script, MIT LICENSE
- **SAME `.env` credential risk** as mono-repo

### Evolution: DHA Core (716 lines, abstract) → Family Assistant (~10k lines, shipping) → hoffdesk-agents monorepo
- DHA Core: prototype with good patterns, everything stubbed
- Family Assistant: real production code processing Matt's email, syncing Radicale, serving Telegram
- hoffdesk-agents: mono-repo adding OpenClaw agent integration, shared workspace, cross-agent coordination

## Credential Security Summary
Three repos with live `.env` files in tracked trees:
1. `hoffdesk-agents/services/.env` — GMAIL_APP_PASSWORD, GOOGLE_PLACES_API_KEY, CALDAV_PASSWORD, TELEGRAM_BOT_TOKEN, WEBHOOK_SECRET, OLLAMA_EMBED_URL
2. `~/.openclaw/workspace/scripts/.env` — same credentials
3. dha-core has no live credentials (prototype)

**Recommendation (repeated from review):** Rotate all 6 credentials, move `.env` to `~/.openclaw/secrets/family-assistant.env`