docs: audit and archive completed Journals and Badges projects

2026-06-12 17:35:02 -04:00
parent fd7ccd7ecc
commit c6ef729c55
11 changed files with 201 additions and 66 deletions
--- a/documentation/AE__Permissions_and_Security.md
+++ b/documentation/AE__Permissions_and_Security.md
@@ -1,6 +1,6 @@
 # Aether — Permissions and Security
-**Last Updated:** 2026-02-27
+**Last Updated:** 2026-06-12
 **Source of truth:** `src/lib/ae_utils/ae_utils__perm_checks.ts`, `src/lib/stores/ae_stores.ts`
 ---
@@ -76,15 +76,18 @@ $ae_loc.adv_mode             // boolean — advanced mode toggle
 | AE Username + Password | `trusted` and above | Staff with AE accounts |
 | Novi UUID | `authenticated` | IDAA members (Novi membership system) |
-Passcodes are stored per-level in `$ae_loc.site_access_code_kv`:
+### Site Passcode Security Warning
-```typescript
+
-site_access_code_kv: {
+The current frontend receives every site passcode in `access_code_kv_json`, copies the map into
-    administrator: null,  // highest passcode tier
+persisted `$ae_loc.site_access_code_kv`, and compares entered passcodes locally. Verbose logging
-    trusted: null,        // onsite staff passcode
+can also expose the complete map. This is a known active security gap, not the target design.
-    public: 'public1980', // example
+
-    authenticated: 'auth1980'
+Do not add new consumers of `site_access_code_kv`, log passcodes, or treat persisted
-}
+`access_type` as durable proof of authentication. The target flow verifies passcodes through
-```
+`/authenticate_passcode`, stores a signed JWT with a role-specific TTL, and removes passcodes from
 the public bootstrap response and client state.
 See `documentation/PROJECT__AE_Site_Passcode_Security.md` for the active migration plan.
 ### `x-no-account-id` — Narrow Transport Exception
--- a/documentation/MODULE__AE_Events_Badge_Templates.md
+++ b/documentation/MODULE__AE_Events_Badge_Templates.md
@@ -3,7 +3,7 @@
 **Module Path:** `src/routes/events/[event_id]/(badges)/templates/`
 **API Module:** `src/lib/ae_events/ae_events__event_badge_template.ts`
 **Database Table:** `event_badge_template`
-**Last Updated:** 2026-03-02
+**Last Updated:** 2026-06-12
 ---
@@ -310,6 +310,10 @@ Controls which fields appear in the print controls panel for non-trusted users,
 Valid field keys: `name`, `title`, `affiliations`, `location`, `pronouns`, `allow_tracking`.
 This config applies to the onsite print controls. Remote review currently uses
 `event.mod_badges_json.edit_permissions` instead. Consolidating or defining precedence between
 these two permission sources is tracked in `documentation/TODO__Agents.md`.
 ---
 ## Template-Derived Features (component behavior)
@@ -342,7 +346,8 @@ in DB and may be needed:
 - `footer_title`, `footer_left`, `footer_right` — not needed (legacy)
 - `header_background`, `footer_background` — not needed (legacy)
 - `script_src` — do not add; this field should not be used
- `duplex` — **add when backend adds the field**
+
 `duplex` is already saved to IDB and drives single-sided rendering.
 ---
--- a/documentation/MODULE__AE_Events_Badges.md
+++ b/documentation/MODULE__AE_Events_Badges.md
@@ -58,13 +58,25 @@ Aether acts as a **Pull-Only** consumer for registration data. It does not push
 | Level | Access |
 |---|---|
-| **Authenticated** | View own badge, limited self-edit (overrides only). |
+| **Public kiosk** | View badge and perform the first print; cannot edit fields without authenticated access. |
-| **Trusted** | Search all badges, view all, reprint existing badges. |
+| **Authenticated** | Edit fields allowed by the active permission config. |
-| **Administrator** | Full CRUD, bulk operations, override any field. |
+| **Trusted** | Search all badges, view all, and correct names; reprint requires global Edit Mode. |
-| **Manager** | All Admin + Event/Template configuration. |
+| **Administrator** | Full CRUD, bulk operations, and override access. |
 | **Manager** | All Administrator capabilities plus Event/Template configuration. |
 ### Attendee Self-Service (`/review`)
-Attendees can access their own record via a passcode-gated link (typically `?passcode=...`). This allows them to verify their info and provide preferred name/title overrides before printing.
+Attendees can access their own record via a passcode-gated link (typically `?passcode=...`).
 Editable fields come from `event.mod_badges_json.edit_permissions`, with module defaults as fallback.
 ### Onsite Kiosk (`/print`)
 The print controls update the badge preview live. Authenticated field editing is controlled by the
 badge template's `cfg_json.controls_cfg` (`shown` and `auth_editable`). Trusted + global Edit Mode
 overrides the template config and exposes all controls. This differs from the review page's
 event-level permission source; consolidation is an active follow-up.
 ### Review-Link Email
 Email Link actions are placeholders and do not currently send mail. When delivery is implemented,
 it must use the imported `event_badge.email` address, never attendee-editable `email_override`.
 ---
@@ -101,7 +113,13 @@ The badge type dropdown in the search form uses a **hardcoded list**, not the te
 ---
-## Print Tracking
+## Print Rendering and Tracking
 - The canonical badge render uses binary-search text fitting for name, title, affiliations, and location.
 - Template `show_qr_front`/`show_qr_back` settings control QR placement.
 - Template `style_href` loads event-specific CSS on the print page.
 - Template `duplex = false` suppresses the badge back for single-sided stock.
 - Chromium PDF proofing requires margins set to None; physical printer paper size remains driver-controlled.
 Aether tracks the lifecycle of every physical badge to prevent unauthorized reprints and monitor kiosk activity.
--- a/documentation/MODULE__AE_Journals.md
+++ b/documentation/MODULE__AE_Journals.md
@@ -13,8 +13,9 @@ This module manages private personal journals and journal entries with offline-f
 - Journal and journal-entry CRUD via V3 API wrappers.
 - Dexie-backed local cache with liveQuery-driven UI updates.
- Private/passcode-aware access behavior.
+- Private/passcode-aware access behavior and client-side content encryption.
- Entry editing flows including auto-save configuration.
+- Quick Add, Append/Prepend, import/export, and entry auto-save workflows.
 - Tabbed module, journal, and entry configuration modals.
 ---
@@ -38,15 +39,43 @@ Related config map:
 ---
 ## Implemented Entry Workflows
 - Quick Add creates a plaintext note in a selected journal without opening the full editor.
 - Append/Prepend injects timestamped content into an existing entry.
 - Bulk import creates entries from parsed files; export supports centralized templates.
 - Entry edits support debounced auto-save when `journals_loc.entry.auto_save` is enabled.
 - Full entry saves encrypt `content` into `content_encrypted` when the entry's `private`
 	flag is enabled; disabling `private` clears encrypted content/history fields.
 - The non-reactive `decrypt_journal_entry()` helper isolates decryption from Svelte effects.
 - Entry configuration exposes Actions, Metadata, Security, and JSON views. Trusted users
 	can Remove (disable); managers and administrators can hard Delete.
 ## Current Security Limitations
 - `passcode_hash` is editable but is not compared as secondary authentication before
 	decryption. This remains an active task.
 - Quick Add explicitly creates entries with `private: false`; import creates plaintext
 	content without setting encryption fields. These paths do not currently offer E2EE.
 - Successful decryption currently logs a short plaintext preview to the browser console.
 	Removal is tracked as an active privacy fix.
 - Outbound email sharing is not implemented and requires a product/security decision
 	because journal content is private.
 ---
 ## Access and Privacy
-Journals contain private personal data. Treat all journal and journal-entry routes as authenticated/private content.
+Journals contain private personal data. The Journals layout renders module content only when
 the user has `user_id`, `person_id`, and `trusted_access`. Treat all journal and journal-entry
 routes, API responses, decrypted state, logs, exports, and future sharing features as private.
 ---
 ## Related Docs
- `documentation/PROJECT__AE_UI_Journals_Module_Update_2026.md`
+- `documentation/archive/PROJECT__AE_UI_Journals_Module_Update_2026.md`
 - `documentation/TODO__Agents.md`
 - `documentation/GUIDE__SvelteKit2_Svelte5_DexieJS.md`
 - `documentation/GUIDE__AE_API_V3_for_Frontend.md`
 - `documentation/BOOTSTRAP__AI_Agent_Quickstart.md`
--- a/documentation/MODULE__AE_Journals_Config_Map.md
+++ b/documentation/MODULE__AE_Journals_Config_Map.md
@@ -53,9 +53,23 @@ This document tracks all available settings across the three levels of the Journ
 | `sort` | integer | Manual sort order weight. | Manual (Done) |
 | `archive_on` | datetime | Scheduled date for automatic archiving. | Manual (Done) |
 | `private` | boolean | Trigger for E2EE (Encryption). | Manual (Done) |
 | `content_encrypted` | encrypted string | Encrypted entry content written during a full save when `private` is enabled. | Generated on save |
 | `history_encrypted` | encrypted string | Encrypted entry history when history encryption is available. | Generated on save |
 | `passcode_hash` | string | Entry-level secondary-auth field; comparison logic is not yet implemented. | Manual (Done) |
 | `alert` | boolean | Trigger for visual "Alert" state. | Manual (Done) |
 | `group` | string | Grouping key for the list view. | Manual (JSON only) |
 ## Encryption Behavior and Gaps
 1. Full entry saves combine the journal `passcode` and `private_passcode` to encrypt
 	plaintext content when the entry's `private` flag is enabled.
 2. Decryption prefers a passcode typed in the current session, then falls back to the
 	journal `private_passcode`; the journal `passcode` is combined with that private key.
 3. `passcode_hash` secondary-auth comparison is pending and must not be described as enforced.
 4. Quick Add currently forces `private: false`, and bulk import creates plaintext entries
 	without encryption fields. Use the full editor to enable encryption until those workflows
 	are updated.
 ## 📐 Data Normalization Rules
 To prevent infinite reactivity loops and trivial save cycles, the following normalizations are applied before comparison:
 1.  **Strings:** Trimmed and `null` treated as `""`.
--- a/documentation/PROJECT__AE_Site_Passcode_Security.md
+++ b/documentation/PROJECT__AE_Site_Passcode_Security.md
@@ -1,8 +1,14 @@
 # PROJECT: Site Passcode Security — API-Verified Auth
-**Last Updated:** 2026-04-10
+**Last Updated:** 2026-06-12
-**Status:** Backend work in progress — frontend pending backend completion
+**Last Verified Against Frontend Source:** 2026-06-12
-**Priority:** High — passcodes for trusted/administrator access currently in localStorage plaintext
+**Status:** Active security gap — frontend migration not started
 **Priority:** High — passcodes for trusted/administrator access currently remain in localStorage plaintext
 The frontend still caches `access_code_kv_json`, compares passcodes locally, and can log the
 full passcode map when verbose logging is enabled. No frontend call to `/authenticate_passcode`
 or passcode-JWT expiry restoration exists. Backend implementation is documented as completed,
 but deployment must be confirmed in the backend repository/environment before frontend cutover.
 ---
@@ -81,7 +87,11 @@ This gives session expiry without a network call on every page load.
 ## Backend Changes Required
-**Note:** The backend fixes described below have been implemented and tested in the `aether_api_fastapi` repository (the `/authenticate_passcode` endpoint now uses explicit role priority, returns a full passcode JWT with `auth_type: 'passcode'`, applies per-role TTLs, and validates passcode length). Frontend changes can proceed once the backend deployment with these fixes is available.
+**Backend status note:** The fixes below were reported implemented and tested in the
 `aether_api_fastapi` repository. This frontend-only audit did not verify the backend source or
 deployment. Confirm that the deployed `/authenticate_passcode` uses explicit role priority,
 returns a complete passcode JWT with `auth_type: 'passcode'`, applies per-role TTLs, and validates
 passcode length before starting frontend cutover.
 ### Backend Agent Follow-Up
@@ -316,6 +326,19 @@ async def authenticate_passcode(
 ---
 ## Frontend Implementation Status
 Verified 2026-06-12:
 - [ ] Confirm the corrected backend endpoint is deployed and reachable.
 - [ ] Replace local passcode comparison with API verification and JWT storage.
 - [ ] Add pending/error UI for passcode authentication.
 - [ ] Stop copying `access_code_kv_json` into frontend auth state.
 - [ ] Validate passcode JWT expiry during session restoration.
 - [ ] Remove `site_access_code_kv` from auth store defaults and types.
 - [ ] Remove any logging of passcode maps or entered passcodes.
 - [ ] Backend Phase 2: remove `access_code_kv_json` from the public bootstrap model.
 ## Frontend Changes Required
 **These depend on the backend fixes above being deployed first.**
--- a/documentation/PROJECT__Documentation_Refresh_and_Archive_Plan_2026.md
+++ b/documentation/PROJECT__Documentation_Refresh_and_Archive_Plan_2026.md
@@ -49,6 +49,14 @@ Do not delete historical context; move to `documentation/archive/` with clear na
 - Added `documentation/archive/README.md` to explain archive categories and restoration policy.
 - Renamed `AE__Docker_CI_Cache_Policy.md` -> `GUIDE__Docker_CI_Cache_Policy.md`.
 - Renamed `AE__UI_UX_future_ideas.md` -> `PROPOSAL__AE_UI_UX_Future_Ideas.md`.
 - Audited the Journals UI update against current source and archived
  `PROJECT__AE_UI_Journals_Module_Update_2026.md`; remaining security work was moved to
  the active task list and module documentation.
 - Audited the Badges review/print project against current source and archived
  `PROJECT__AE_Events_Badges_Review_Print.md`; email delivery and permission-source
  unification remain active follow-ups.
 - Audited Site Passcode Security against current source. It remains an active high-priority
  project because plaintext client storage and local passcode comparison are still present.
 ### Next archive candidates (review + approve)
 - Older style-review snapshots once current style guide references are centralized.
@@ -65,7 +73,7 @@ Monthly lightweight review:
 ## 5) Immediate Follow-Up Tasks
-1. Run a quarterly archive review: identify stale `PROJECT__` docs with no TODO or index linkage and move them to `documentation/archive/`.
+1. Continue quarterly archive reviews for remaining stale `PROJECT__` docs; the Journals and Badges projects were archived on 2026-06-12, while Site Passcode Security remains active.
-2. Review `AE__Permissions_and_Security.md` against current permission helpers and IDAA authentication behavior.
+2. Continue the broader permission-helper and IDAA authentication review; the Site Passcode section was source-verified on 2026-06-12.
 3. Review module docs against current routes and store names rather than relying only on filename/header freshness.
 4. Add a lightweight reusable link-check script if manual path validation becomes frequent.
--- a/documentation/README__Docs_Index.md
+++ b/documentation/README__Docs_Index.md
@@ -55,8 +55,6 @@ Use this file as the routing map for project documentation.
 - `documentation/PROJECT__IDAA_Stores_Svelte5_Migration_2026.md`
 - `documentation/PROJECT__Use_AE_API_V3_CRUD_upgrade.md`
 - `documentation/PROJECT__AE_Events_PressMgmt_Config_Cleanup.md`
 - `documentation/PROJECT__AE_Events_Badges_Review_Print.md`
 - `documentation/PROJECT__AE_UI_Journals_Module_Update_2026.md`
 - `documentation/PROJECT__AE_Object_Field_Editor_V3_upgrade.md`
 - `documentation/PROJECT__AE_Site_Passcode_Security.md`
--- a/documentation/TODO__Agents.md
+++ b/documentation/TODO__Agents.md
@@ -72,6 +72,16 @@ wrong to users.
 - [x] **[Badges] Epson C3500 fanfold badge layout** — `badge_4x6_fanfold` layout CSS created,
  wired, and documented. First live use: Axonius Adapt DC, June 9, 2026. (2026-05-15)
 ### Badges follow-ups
 - [ ] **[Badges] Implement review-link email delivery** — current Email Link actions only show
  placeholder alerts. Send to `event_badge.email`, never the attendee-editable `email_override`.
 - [ ] **[Badges] Unify review and kiosk edit permissions** — remote review reads
  `event.mod_badges_json.edit_permissions`; print controls read template `cfg_json.controls_cfg`.
  Define precedence or consolidate them so both flows enforce one documented policy.
 - [ ] **[Badges] Use template badge types in search filter** — replace the hardcoded badge-type
  list in `ae_comp__badge_search.svelte` with the active template's `badge_type_list`.
 ---
 ## 🚧 V3 CRUD Migration (Surgical Cleanup)
@@ -85,6 +95,19 @@ Finalizing the 100% adoption of V3 Standard endpoints and retirement of legacy w
 ## 🚧 High Priority Workstreams
 ### [Security] Site Passcode JWT Migration
 - [ ] **[Security] Verify `/authenticate_passcode` deployment** — confirm explicit role priority,
  complete role flags, `auth_type: 'passcode'`, per-role TTLs, and minimum length validation.
 - [ ] **[Security] Replace local passcode comparison** — migrate
  `e_app_access_type.svelte` to server verification, JWT storage, and pending/error UI.
 - [ ] **[Security] Remove client-side passcode delivery/storage** — stop caching
  `access_code_kv_json`, remove `site_access_code_kv` from auth state, and remove passcode logging.
 - [ ] **[Security] Enforce passcode JWT expiry on restore** — expired passcode sessions must
  return to anonymous without affecting user-login JWT handling.
 Reference: `documentation/PROJECT__AE_Site_Passcode_Security.md`.
 ### [Stores] Svelte 4 → Svelte 5 State Migration
 The app uses `svelte-persisted-store` (coarse reactivity). Migration target: replace with Svelte 5
 `PersistedState` (from `runed`) for fine-grained updates. See `PROJECT__Stores_Svelte5_Migration.md`.
@@ -120,6 +143,15 @@ uses `build_tmp_sort` (overrides generic encoding in its `specific_processor`).
 ### [Journals] Journal Entry Config follow-ups
 - [ ] **[Journals] Entry passcode secondary auth** — implement `passcode_hash` comparison.
 - [ ] **[Journals] Quick Add/import encryption behavior** — both creation paths currently
  create plaintext entries; define the intended privacy UX and add encryption support before
  claiming that these paths honor entry E2EE.
 - [ ] **[Journals] Remove decrypted-content console preview** —
  `ae_journals_decryption.ts` logs the first 30 plaintext characters after successful decryption.
  Never log private journal content.
 - [ ] **[Journals] Confirm outbound email-sharing requirement** — the archived UI project listed
  this as unfinished, but no implementation exists. Confirm product/security requirements before
  creating an email workflow for private journal content.
 ---
--- a/documentation/archive/PROJECT__AE_Events_Badges_Review_Print.md
+++ b/documentation/archive/PROJECT__AE_Events_Badges_Review_Print.md
@@ -1,11 +1,17 @@
-# PROJECT: AE Events Badges — Review Form & Print Font Controls
+# Archived Project: AE Events Badges — Review Form & Print Font Controls
 **Created:** 2026-02-27
-**Last Updated:** 2026-03-18
+**Completed and Archived:** 2026-06-12
 **Last Verified Against Source:** 2026-06-12
 **Branch:** `ae_app_3x_llm`
 **Priority:** HIGH — first live event is Axonius, NYC, mid-April 2026
 **Owner:** Scott Idem / One Sky IT
-**Status:** ✅ TASK 1 COMPLETE | ✅ TASK 2 COMPLETE | ✅ TASK 3 COMPLETE | ✅ TASK 4.1 COMPLETE | ⏳ TASK 4.0 OPEN
+**Status:** Complete — review form, kiosk controls, auto-scaling, QR rendering, layouts, and print tracking are implemented.
 The original project scope is complete and this document is retained as implementation history.
 Current behavior is documented in `documentation/MODULE__AE_Events_Badges.md` and
 `documentation/MODULE__AE_Events_Badge_Templates.md`. Remaining email-delivery and permission-config
 unification work is tracked in `documentation/TODO__Agents.md`. Planning statements later in this
 archived document describe the state at the time they were written and are not current instructions.
 ---
@@ -44,32 +50,24 @@ Both flows should respect the same permission model:
 - Permissions are configured per-event in `event.mod_badges_json.edit_permissions`.
  Hardcoded defaults are used until that config is implemented.
-**Current gap (TASK 4):** The print page edit button is currently gated to trusted_access only.
+**Task 4 outcome:** The print controls now implement field-level editing. Authenticated users
-It needs to be accessible to attendees at the kiosk (with appropriate field-level gating),
+can edit template-approved fields, trusted staff can correct names, and trusted staff in global
-matching the permission model already implemented in `ae_comp__badge_review_form.svelte`.
+Edit Mode can edit all fields. First printing is available at public kiosk access; reprinting
 requires trusted access plus Edit Mode. Remote review uses event-level `edit_permissions`, while
 the print controls currently use template-level `controls_cfg`; unification is tracked separately.
 ---
-## Next Up for Badges (TASK 4)
+## Task 4 Outcomes
-### 0. Kiosk Editing — Print Page Permission Model Alignment
+### 0. Kiosk Editing — Complete
 **This is the most important gap before the first live event.**
-Currently the print page edit button is staff-only (trusted_access gate). At the kiosk,
+`ae_comp__badge_print_controls.svelte` provides the inline controls and live preview. Its default
-attendees need to be able to edit their own fields (same attendee-level permissions as the
+authenticated fields are title, affiliations, location, lead tracking, and pronouns; template
-review form), with staff-only fields gated appropriately.
+`controls_cfg` can narrow the fields shown and editable. Email delivery remains a placeholder;
 when implemented it must send to `event_badge.email`, never `email_override`.
-Work needed:
+### 1. Auto-Scaling Badge Text — Complete
 - Wire the same `can_edit_fields` / `can_edit(field)` permission logic into the print page
  that `ae_comp__badge_review_form.svelte` already uses.
 - The edit panel on the print page should show attendee-editable fields to all authenticated
  users, and staff-only fields to trusted_access+.
 - The badge render (v1 or v2) should update live as the attendee edits fields.
 - Consider whether the print page needs its own inline edit panel (sidebar or overlay)
  or whether it should share/reuse the review form component alongside the badge render.
 - **Do NOT use `email_override` as the send-to address** — always use `event_badge.email`.
 ### 1. Auto-Scaling Badge Text — In Progress
 `ae_comp__badge_obj_view.svelte` using `element_fit_text.svelte` (binary search auto-scale).
 Toggle between v1 (heuristic) and v2 (auto-scale) on the print page via the `v1`/`v2` header button.
 Heights tuned per layout in `fit_heights` derived object. Still needs visual tuning with real badges.
@@ -105,10 +103,11 @@ badge data, gated by `allow_tracking` on the badge.
 ## Implementation Status
-### ⏳ TASK 4.0: Kiosk Editing — NOT STARTED (updated 2026-03-18)
+### ✅ TASK 4.0: Kiosk Editing — COMPLETE (verified 2026-06-12)
-Print page edit access needs to be opened to attendee-level permissions, not just trusted_access.
+The print controls implement authenticated field editing, trusted name correction, trusted + Edit
-The permission model, field list, and `can_edit()` helper from `ae_comp__badge_review_form.svelte`
+Mode full editing, and live preview. The print path uses template `controls_cfg`; the review path
-should be the reference. See Design Intent section above.
+uses event `mod_badges_json.edit_permissions`. Aligning those configuration sources is a follow-up,
 not a blocker to the completed kiosk controls.
 **Note (2026-03-18):** `style_href` and `duplex` are both fully implemented and verified in code —
 the MODULE doc TODO list was stale. `duplex` is in `properties_to_save`; v2 badge render gates
--- a/documentation/archive/PROJECT__AE_UI_Journals_Module_Update_2026.md
+++ b/documentation/archive/PROJECT__AE_UI_Journals_Module_Update_2026.md
@@ -1,9 +1,15 @@
-# Aether Journals UI Update (2026)
+# Archived Project: Aether Journals UI Update (2026)
-> **Status:** 🚧 Phase 4 Active (Security/Encryption Blockers remain; Journal Entry config rework in progress)
+> **Status:** Completed and archived 2026-06-12
-> **Last Updated:** 2026-05-05
+> **Last Verified Against Source:** 2026-06-12
 > **Primary Agent:** Frontend SvelteKit Agent
 The UI modernization scope is complete: V3 CRUD, Quick Add, Append/Prepend,
 import/export, auto-save, configuration modals, decryption isolation, and the
 Journals style pass are implemented. Unfinished security and product follow-ups
 were transferred to `documentation/TODO__Agents.md`; current operational behavior
 and limitations live in `documentation/MODULE__AE_Journals.md`.
 ## 1. Project Overview
 This document outlines the modernization of the Journals module UI in the SvelteKit frontend (`aether_app_sveltekit`). The primary goals are to fully leverage the generic V3 API architecture and introduce high-velocity productivity features for journal management.
@@ -29,7 +35,7 @@ This document outlines the modernization of the Journals module UI in the Svelte
 *   **Definitions:** `app/ae_obj_types_def.py` -> `app/object_definitions/journals.py`
 *   **Endpoints:** `/v3/crud/journal/...` and `/v3/crud/journal_entry/...`
-### Frontend (In Progress)
+### Frontend (Completed UI modernization scope)
 *   **State Management:** `src/lib/ae_journals/ae_journals_stores.ts`
 *   **Local Storage:** Dexie.js (`db_journals`)
 *   **API Client:** `src/lib/api/api.ts` -> `get_ae_obj`
@@ -68,7 +74,7 @@ This document outlines the modernization of the Journals module UI in the Svelte
 - [x] Implement Bulk Export/Import system.
 - [x] Establish centralized Export Template engine.
-### Phase 4: Polish & Security (ACTIVE)
+### Phase 4: Polish & Security (UI scope complete; security follow-ups transferred)
 - [x] Implement Auto-Save toggle and visual status indicators.
 - [x] Extract decryption workflow to non-reactive helper.
 - [x] **Standardize Configuration Modals:** Refactored Module, Journal, and Entry configuration into a unified tabbed UI.
@@ -81,9 +87,9 @@ This document outlines the modernization of the Journals module UI in the Svelte
 - [x] **Dark mode fixes:** Entry content hover, journal view section/description background and text colors.
 - [x] **Modal close button:** All 3 config modals use `dismissable={false}` + explicit `<X>` button in header snippet for correct right-aligned placement.
 - [x] **Global select padding:** Added `padding-inline: 0.5rem` to `@layer base` in `app.css` (safe — utility `px-*` classes override it where intentional).
- [ ] Solidify E2EE passcode system for Journals and Entries.
+- [ ] Solidify E2EE passcode system for Journals and Entries. See active task list.
- [ ] Audit encryption flow for Quick Added and Imported entries.
+- [ ] Audit encryption flow for Quick Added and Imported entries. See active task list.
- [ ] Integrate Outbound Email sharing.
+- [ ] Integrate Outbound Email sharing. Deferred pending product confirmation.
 ---