Pure reformatting, no content change. Each bullet/paragraph is now one
logical line instead of manually wrapped at ~80-100 chars, which looked
ragged with short trailing fragments in narrow/variable-width editor
panels. Editors soft-wrap long lines naturally; manual hard wraps don't
adapt to panel width.
Also gave the orphaned "Wallpaper reliability" item (previously sitting
between two --- dividers with no section header and a stray double
blank line) its own section header for consistency with the rest of
the doc.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- LCI October — Pres Mgmt Restoration: all items now checked, header
flipped from 🔴 in-progress to ✅ complete.
- Axonius DC — June 9: the show happened, badge layout work is done.
Downgraded the remaining "Badges follow-ups" from 🔴 (event-deadline
urgency) to 🚧 (normal backlog) — no event deadline attached until the
next badge-printing event.
- Checked "Use template badge types in search filter" per request:
confirmed still NOT done — ae_comp__badge_search.svelte still has a
hardcoded "Axonius 2026 badge type codes" list with its own pre-existing
TODO comment. Left open, noted the verification.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
presenter_is_authed only checked sign-in state, never .agree, so a
presenter could upload without ever agreeing whenever the admin's
"Require Presenter Agreement" setting was on.
Added presenter_agree_ok (trusted_access || !require__presenter_agree ||
auth__event_presenter_obj.agree) and presenter_can_upload
(presenter_is_authed && presenter_agree_ok) in
presenter/[presenter_id]/+page.svelte, swapped into every place the
upload UI / file-list permissions are gated in both the default and
manage_files alt views. The alt view's public_access identity bypass is
preserved but now also requires presenter_agree_ok.
Added an inline warning message in place of the upload section when
signed in but pending agreement, instead of it silently disappearing.
Marked done in TODO__Agents.md; all three open LCI Pres Mgmt restoration
items are now resolved (2 were already fixed and just needed verifying).
svelte-check: 0 errors, 0 warnings.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Checked all three open items in the LCI October restoration list
against current code:
- Presenter email sign-in link routing — FIXED (2026-06-12, e05602b87).
email_sign_in__event_presenter() routes through the session page with
presenter_id/presentation_id params; verified sign_in_out.svelte reads
them and grants presenter-level auth, not just session read access.
- session_page_menu.svelte sign-in prop — VERIFIED CORRECT, no bug found.
event_session_id prop is the real session object field, not a URL
param. The component's separate url_session_id is intentionally a
different thing (POC/Champion link shape only).
- Presenter agreement not enforced before upload — STILL OPEN, confirmed.
presenter_is_authed (the gate used everywhere upload UI shows) has no
dependency on .agree at all; require__presenter_agree only controls
whether the Agreed/Not Agreed button is shown, never blocks anything.
No enforcement found anywhere in the chain, including inside the
upload component itself. Added a concrete fix direction.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- BOOTSTRAP__AI_Agent_Quickstart.md: new category 9 under Common Mistakes
pointing to today's incident (local/remote config sync pitfalls)
- REFERENCE__Common_Agent_Mistakes.md: three new entries —
16) local "shadow field" silently bypasses an admin-synced master field
17) SWR await after a write does not mean dependent caches are fresh
18) conditional/stateful sync gates are effectively undebuggable
- PROJECT__Stores_Svelte5_Migration.md: updated the canonical Migration
Pattern example to stamp __version in the serializer (the old example
silently didn't, which is exactly what caused the leads_loc/pres_mgmt_loc
bugs fixed today); flagged badges_loc/launcher_loc/events_auth_loc as
not yet fixed (dormant, not harmful) and idaa_loc as the next migration
that should get this from day one
- TODO__Agents.md: cross-referenced today's Pres Mgmt config sync overhaul
in the LCI October restoration section for context, without touching
the open items in that list
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Two things prompted by direct feedback after testing:
1. Every input on the Config page now has a title tooltip explaining what
it actually controls, where, and any interaction with other settings
(e.g. clarifying Hide Location affects both the session detail page AND
the Location column in Session Search results — not obvious from the
label alone).
2. Split "Session Field Visibility" into "Session Display" (just
description/location/message) and a new dedicated "POC Settings"
section. Previously hide__session_poc ("Hide POC", checked = remove)
sat directly next to show__session_li_poc_field ("Show POC Column",
checked = add) in the same flat list — same checked state meaning
opposite things for adjacent fields, confusing even though each field's
own hide__/show__ naming is internally consistent with the project
convention. Hide POC is now rendered as a visually distinct master
switch (bold, its own row) with the three dependent settings indented
under a left border below it and auto-disabled (with reduced opacity)
whenever Hide POC is checked, so the "no effect once hidden" dependency
is visible in the UI, not just documented in a footnote.
No field semantics changed — same PressMgmtRemoteCfg, same sync function,
same save path. Pure presentation/documentation pass.
Logged the rationale in PROJECT__AE_Events_PressMgmt_Config_Cleanup.md.
svelte-check: 0 errors, 0 warnings.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Same bug pattern as the earlier POC column fix. The Session Search
results table's Location column prop only ever read the local-only,
never-synced hide__session_li_location_field — never the admin-synced
hide__session_location (Config page > Session Field Visibility > Hide
Location). Column always showed regardless of that setting or
permission level.
Fixed in pres_mgmt/+page.svelte:
hide__session_location || hide__session_li_location_field
The other two usages of this component already hardcode
hide__session_location={true} correctly (you're already on that
location's own page, showing its name again would be redundant).
Logged in PROJECT__AE_Events_PressMgmt_Config_Cleanup.md with a note to
audit other hide__* fields for the same gap if more reports come in.
svelte-check: 0 errors, 0 warnings.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
lock_config made roughly half of sync_config__event_pres_mgmt()'s fields
conditional: they only updated in a given browser if lock_config happened
to be true at the exact moment that browser last synced. A field's local
value therefore depended on the history of saves, not the current setting
— undebuggable from the UI, and easy to corrupt by toggling Lock Config
off even briefly during testing. This was the actual root cause of the
"POC column / Hide POC sometimes works" reports.
Checked the DB: every event, old and new, already had lock_config: true.
The "unlocked, per-browser preference" use case it was built for has
never actually been used in practice.
- Removed lock_config from PressMgmtRemoteCfg, PresMgmtLocState, the
sync function (no more conditional block — every field syncs
unconditionally now, same as labels/Require Agreements always did),
and the Config page UI (no more System section)
- Old DB records with a lock_config key are simply ignored, same as any
other removed key — no migration needed
- Moved the now-fully-orphaned ae_comp__event_settings_pres_mgmt_form.svelte
to ~/tmp/agents_trash (zero imports anywhere; the settings page already
links to the canonical Config page) — completes Step 5 from the
cleanup doc
- Marked PROJECT__AE_Events_PressMgmt_Config_Cleanup.md complete — all
Implementation Steps and known regressions resolved
svelte-check: 0 errors, 0 warnings.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Four fixes found while tracing why Manager-saved Config page changes
(QR, POC column, etc.) weren't reliably reaching pres_mgmt_loc:
1. Config page save was a race, not deterministic. The save handler only
called load_ae_obj_id__event() (SWR — returns stale Dexie cache
immediately, refreshes in the background, not awaited) and assumed
that "picked up the new config." It never called
sync_config__event_pres_mgmt() itself. Now calls it directly with the
just-saved draft, so the editing browser updates instantly with no
race. Kept the load_ae_obj_id__event() call (default try_cache: true)
for propagating to other browsers/tabs via Dexie — do not pass
try_cache: false there, that skips the Dexie write entirely.
2. Removed the dead "Lock Config" Sync/Unlink toggle in the sign-in
panel (e_app_access_type.svelte). It wrote to four fields
($ae_loc.lock_config/sync_local_config,
pres_mgmt_loc.current.lock_config/sync_local_config) that are never
read anywhere (confirmed via full-repo grep), and confusingly shared
a name with the real, functional "Lock Config" checkbox on the Pres
Mgmt Config page. Removed the button and the now-orphaned
lock_config/sync_local_config fields from PresMgmtLocState.
3. show__launcher_link was never assigned by sync_config__event_pres_mgmt()
— only its inverse hide__launcher_link was. The toggle button's
`show__launcher_link || trusted_access` visibility gate (in 3 menu
files) always collapsed to trusted-only, ignoring the admin's setting.
Added the missing assignment.
4. AE_PRES_MGMT_LOC_VERSION was bumped to 2 this morning claiming it
"forces a localStorage reset" — it didn't, because _check_and_wipe()
was never wired up for ae_pres_mgmt_loc, and even if it had been, the
store never wrote a __version field to compare. Fixed: the store's
serializer now stamps __version, and store_versions.ts wires the
check. Found and fixed the same bug already live in ae_leads_loc,
except worse there — it was wiping leads users' local prefs on EVERY
page load, not just once.
All logged in PROJECT__AE_Events_PressMgmt_Config_Cleanup.md.
svelte-check: 0 errors, 0 warnings.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Root cause of the presenter QR not propagating to other browsers/incognito:
sync_config__event_pres_mgmt() was only called from pres_mgmt/+page.svelte
and session/[session_id]/+page.svelte. A browser landing directly on the
presenter page (e.g. via a presenter's sign-in link) never synced remote
config into pres_mgmt_loc.current at all — every always-synced and
lock-synced field (QR enables, POC visibility, code visibility, labels,
etc.) silently stayed at hardcoded local defaults regardless of what was
set on the Config page, since that page was never visited in that browser.
Added the same sync $effect (mirroring the existing pattern/comment already
in session/[session_id]/+page.svelte) to:
- presenter/[presenter_id]/+page.svelte
- locations/+page.svelte
- location/[event_location_id]/+page.svelte
- reports/+page.svelte
Logged in PROJECT__AE_Events_PressMgmt_Config_Cleanup.md with a note that
any future pres_mgmt entry page needs the same block.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
show__presenter_qr (admin) is meant to be the global default for everyone,
signed in or not. show_content__presenter_qr is a trusted-staff-only local
override for when the admin hasn't enabled it globally. Presenter QR was
still on the old logic requiring show_content__presenter_qr to also be
true even when the admin enabled it for everyone — non-trusted users
(presenters) have no way to set that flag, so QR never appeared for them.
- presenter_view.svelte: generation effect + display block now use
show__presenter_qr || (trusted_access && show_content__presenter_qr),
matching the session_view.svelte fix from earlier today
- presenter_page_menu.svelte: QR toggle was gated to administrator_access,
hiding it from plain Trusted onsite staff; loosened to trusted_access
and dropped the redundant `|| trusted_access` (now only shown when
admin hasn't already enabled QR globally)
- ae_comp__events_menu_opts.svelte: both session and presenter QR toggles
were visible to all authenticated_access users whenever admin had
enabled QR globally, even though the toggle had no effect for them;
now gated to trusted_access && !show__*_qr, matching session_page_menu.svelte
- Log the fix in PROJECT__AE_Events_PressMgmt_Config_Cleanup.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The condition (show__session_qr || trusted_access) && show_content__session_qr
required the local per-browser toggle to also be true. Non-trusted users
(POCs, presenters) have no way to set it, so QR never appeared even when
admin had enabled it in Config.
New logic: show__session_qr alone is sufficient to generate and display the QR.
show_content__session_qr is now a staff-only override for when admin has NOT
enabled QR globally (allows trusted users to force it on per-browser).
Also: add QR Code toggle to session page Options modal (Display section),
visible to trusted staff only when admin has not already enabled it globally.
Both keys were inside the lock_config conditional block, so they only
synced when lock_config=true. As opt-in feature enables (like show__copy_access_link)
they should always sync on event load — moved to the always-synced block.
Gate QR generation effect and display blocks on the remote admin enable flag:
- session_view: effect and display both check show__session_qr || trusted_access
- presenter_view: generation effect and await block check show__presenter_qr || trusted_access
Previously only the toggle buttons were gated; the actual QR content rendered
regardless of the remote config if show_content__*_qr was already true in localStorage
- Add show__session_qr + show__presenter_qr to PressMgmtRemoteCfg and sync function;
QR toggles now gated on remote admin enable (trusted_access can still override)
- Remove hide__launcher_link_legacy everywhere (Flask launcher fully retired)
- Remove limit__options (YAGNI)
- Implement limit__navigation: hides Session Search nav link for non-trusted users
- Wire hide__report_kv into reports page: all 8 report tabs now use synced store
with canonical slug names and edit_mode bypass; config UI now uses structured
toggles instead of raw JSON textarea
- Gate hide__launcher_link local toggle on show__launcher_link || trusted_access
- Config UI: add show__session_qr + show__presenter_qr to opt-in features section
- Menu opts: add Query Limits / Display & Search / Staff Options section labels
- Bump AE_PRES_MGMT_LOC_VERSION to 2 (schema change forces localStorage reset)
- svelte-check: 0 errors
show__session_li_poc_field was local-browser-only and the session list
prop computation ignored the admin's hide__session_poc master switch
entirely, so disabling POC for an event didn't hide the column if a
user's browser had it toggled on.
- Add show__session_li_poc_field to PressMgmtRemoteCfg + Config page UI
(Session Field Visibility) + sync_config__event_pres_mgmt() lock-synced
block, so it's admin-configurable per event like the other display flags
- Fix list/table column visibility to hide__session_poc || !show__session_li_poc_field
in pres_mgmt/+page.svelte and locations/ae_comp__event_location_obj_li.svelte
- Remove the now-redundant local "Show/Hide POC Column" toggle buttons from
ae_comp__events_menu_opts.svelte and event_page_menu.svelte
- Log the fix in PROJECT__AE_Events_PressMgmt_Config_Cleanup.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ae_comp__event_presenter_obj_li.svelte:
- Email Access Link now shows for presenter.email when person_primary_email is
null (same fallback logic as +page.svelte). Passes email as person_id when no
Person record exists. Uses person_passcode ?? passcode.
- Visibility gate changed from administrator_access to trusted_access so staff
signed in via any method can still send links (was blocking non-admin staff).
- Icon changed to class="mr-1" for consistency.
presenter_view.svelte:
- Email field <li>, passcode <li>, and biography textarea disabled now all check
auth__kv.presenter[email] as a secondary key alongside auth__kv.presenter[id],
matching the pattern established in presenter_page_menu.svelte. Presenters who
signed in via email identity (no Person record) can now see and edit their own
fields without needing a Person record link.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
session_view.svelte: replaced raw Unicode ✓/✗ in hardcoded color spans with
Check/X Lucide components (class="mr-1") matching the app icon pattern.
ae_comp__event_presenter_obj_li.svelte: same icon cleanup (removed bg-red-500,
px-1, text-green-500 etc). Also brought disabled conditions in line with
presenter_page_menu.svelte — now checks auth__kv.presenter by both
event_presenter_id and email, plus person_id match, so multi-session and
email-identity presenters can interact with their Agreed buttons from the list.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Icons now use class="mr-1" consistent with all other Lucide icons in the
codebase. Removed hardcoded text-green-500 on Check and bg-red-500/text-white
on X — the button's ae_btn_success_filled/ae_btn_warning_filled classes already
handle theming in both light and dark mode via Skeleton presets.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
For events like LCI where ~75% of presenters are not in iMIS and have no Person
record, person_id on the presenter is null. Email (from the spreadsheet import)
is now the fallback identity throughout the sign-in flow:
- expand_auth_for_person: detects email via '@', routes Dexie and API lookups to
presenter.email field instead of person_id. Keys auth__kv.presenter by BOTH
event_presenter_id and email so any sibling presenter record with the same email
auto-unlocks without per-ID lookups.
- Copy Access Link button: now visible for any presenter with person_id OR email.
URL uses person_id ?? email and person_passcode ?? passcode as fallbacks.
- Email Access Link button: now visible for person_primary_email OR email. Sends
to the best available address; passes email as person_id when no Person record.
- presenter_agree_enabled: checks auth__kv.presenter[email] as a second key so
the Agreed button unlocks across all sessions for the same email identity.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When a presenter or session POC signs in via their access link, expand_auth_for_person
now queries both Dexie (warm cache) and the API in parallel so that cold-cache sessions
are covered. All presenter records and POC sessions for the same person_id in the event
are granted auth in one shot — a multi-session presenter no longer needs to click every
individual link.
Agreed button now also unlocks via person_id match (not only auth__kv.presenter[id]),
covering the case where a presenter signed in via a different session's link and wasn't
individually in auth__kv for this record yet.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
A person signing in via a single email link previously only got auth for
that one event_presenter_id or event_session_id. Presenters/POCs in
multiple sessions had to click a separate link per role.
On sign-in, expand_auth_for_person() queries Dexie for all presenter
records and POC sessions this person holds in the event and pre-populates
auth__kv.presenter, auth__kv.presentation, and auth__kv.session for all
of them. Runs as fire-and-forget — benign no-op on cold cache since
person_id matching in auth checks provides fallback coverage.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
A signed-in POC/chair/moderator who has session auth was blocked from
seeing the Email Access Link button because presenter_is_authed includes
auth__kv.session[session_id]. POCs need to help presenters sign in
regardless of their own auth state.
show__email_access_link (staff-only feature toggle) is the correct gate.
No auth gate needed — same pattern as the session POC email button.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Presenter email button: removed dependency on require__presenter_agree,
fixed auth gate that blocked trusted staff (presenter_is_authed includes
trusted_access, so !presenter_is_authed always hid the button from staff).
New condition: show when email feature is on AND person has email AND
(staff OR presenter not yet authed).
Session POC email button: removed dependency on require__session_agree.
Staff need to send sign-in links regardless of whether an agreement form
is in use. Added confirm dialog and descriptive title attribute. Updated
copy-link btn_title for consistency.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Three regressions in presenter_view.svelte:
- update_ae_obj__event_presenter calls for "Add Person" and "Save
Biography" were missing event_presentation_id. The function falls
back to events_slct.event_presentation_id which is never set on
this page, so both calls returned null silently.
- "Add Person" confirm dialog showed null for the presenter's name
because it referenced person_given_name (the linked person's field,
which is null when no person is linked) instead of given_name (the
presenter's own field).
Also: Re-link person list limit raised to 1000 (matching session POC
pattern) and added WHY comment explaining the admin-only re-link
restriction.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
POC (session) sign-in was silently broken:
- sign_in_out.svelte calls session_sign_in() only when session_id is a query
param; the URL was missing &session_id=... so the function never fired.
- Fixed in: email_sign_in__event_session URL and poc_sign_in_url derivation
in session_view.svelte.
Presenter email routed to wrong page:
- email_sign_in__event_presenter built a URL to /presenter/[id] which has no
sign-in handler. Changed to route to /session/[session_id] (same as the
existing copy-link on the presenter page), including presenter_id and
presentation_id params so presenter_sign_in() fires correctly.
Multi-session/multi-presentation person-centric auth:
- poc_is_authed in session_view.svelte now also checks
auth__person.id === poc_person_id, so a POC signed in via any of their
session links is automatically auth'd on all sessions where they are the POC.
- presenter_is_authed derived bool added to presenter page; includes person_id
match so a presenter is recognised on all their presentations after one
sign-in. All file upload and file list auth gates now use it.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
poc_kv_json is null when a session has never had POC data saved. Any bracket
access on it crashed immediately on modal open. Fix:
- Reads: use ?.[poc_type] optional chaining everywhere (checkboxes, biography_updated_on)
- Writes: initialize from a shallow copy of poc_kv_json ?? {} before indexing into it,
so the first save on a fresh session creates the structure rather than throwing
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Both ae_comp__event_session_poc_profile and ae_comp__event_session_poc_form_agree used
$lq__event_session_obj with the $ sigil throughout, expecting a store subscription. They
receive a plain resolved value from session_view.svelte, so Svelte threw store_invalid_shape
on mount. Replace all $lq__event_session_obj → lq__event_session_obj in both files.
Also clean up poc_profile: remove event_session_id_random (legacy alias) → event_session_id
in the auth check and the biography save call.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- session_view.svelte: session name/code were only rendered in edit_mode — non-editors
saw a blank card. Now always visible; edit_mode just wraps them in field editors.
- Restructured hero card as a <ul> with datetime, room, and POC as rows inside the card.
POC no longer floats below as a disconnected block.
- Dynamic POC label (label__session_poc_name) used throughout: row label, modal titles,
fallback text, and editor label — no more hardcoded "Host:".
- POC "Select Person" flow: gate select editor on person_options_loaded to prevent empty
dropdown on open; button reads "Reload Person" after list is loaded.
- Restored email sign-in link button in POC row with idle/sending/sent/error feedback.
Shown when require__session_agree && show__email_access_link && poc_person_primary_email.
- Restored inline copy-access-link for trusted staff (show__copy_access_link).
- session_page_menu.svelte: fix event_session_id prop — was passing event_id instead of
event_session_id, breaking the Sign_in_out auth grant.
- ae_comp__event_session_poc_profile.svelte: migrate run() to $effect, fix poc_person_id_random
→ poc_person_id, fix events_slct reference in copy link URL.
- +page.svelte: add pres_mgmt config sync so session pages opened directly by URL get
correct hide__session_poc and other remote config values.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
