- TODO__Agents.md: added task for contact search — backend to whitelist
contact_li_json_ext in event search, frontend to add OR condition in
search__event() and update local IDB fast-path filter. Blocked on backend.
- CLIENT__IDAA_and_customized_mods.md: documented the search architecture
gap under Recovery Meetings — what default_qry_str contains, why
contact_li_json is unsearchable as raw JSON, what contact_li_json_ext is
and what needs to happen to enable contact name/email search.
Backend agent notified via ae_send_message 2026-04-08.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Added Section 4 'Staff Editing Rules': documents per-object behavior when
trusted/admin staff edit member content. BB Post external_person_id is readonly
for non-admin staff; Post Comment preserves existing record identity; Recovery
Meeting external_person_id is intentionally editable for ownership reassignment.
Clarifies that staff identity only fills when the record has no existing linkage.
- Added Section 5 'Recovery Meetings — Contact 1 Convention': states the business
rule that Contact 1 is nearly always the same person as external_person_id (the
meeting owner). Documents the distinction between ownership link vs. display contact.
- Added race condition defense note to Section 3 Implementation Patterns: creation
buttons and edit submit handlers must scavenge from localStorage when the Svelte
store is briefly null on mount.
- Updated test coverage table: Recovery Meetings now has substantial Playwright
coverage (idaa_recovery_meeting_edit.test.ts). Noted pending BB Post/Comment tests.
- Updated Last Verified date to 2026-04-07.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
CRITICAL IDENTITY FIX:
Ensures all member-generated content (Meetings, Posts, Comments) is explicitly linked to the creator's Novi UUID via 'external_person_id' at the moment of creation.
Changes:
- Added 'external_person_id' to creation payloads in Recovery Meetings and BB Posts.
- Implemented 'identity scavenging' from localStorage in submit handlers to prevent race conditions where Svelte stores are briefly null.
- Refactored Post Comment edit component to robustly initialize and save creator identity.
- Added 'The Novi UUID Rule' to IDAA documentation to mandate this pattern for future development.
- Added Playwright test to verify creation linkage and fixed a version-mismatch bug in the test auth helper.
Note: Archives and Archive Content are excluded as they do not require member ownership.
20 calls/sec, 600/min, 100k/day. Notes the 10s flat backoff + single retry
and the 5-min TTL cache that prevents normal-use rate limiting.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Critical bugs fixed:
- $derived(() => {}) stored the function itself; uuid/api_key were always
undefined so verification never fired. Fixed to $derived.by(() => {}).
- novi_verifying pre-initialized to true (flash prevention) was also used as
the concurrency guard — guard saw it as in-flight and exited immediately,
leaving the spinner stuck forever. Split into separate verify_in_flight flag.
- $idaa_loc reads in dedupe snapshot (outside untrack) subscribed the effect
to idaa_loc writes, causing needless re-runs post-verification.
- Rate limit was not UUID-aware: 429 on one UUID blocked impersonation
(new UUID). TTL and rate-limit guards now both bypass when UUID changes.
Also includes: store defaults for novi_verified_ts + novi_rate_limited_until,
docs update, iframe template g_uuid param (prior agent changes).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Previously, IDAA iframe access relied on trusting URL params (uuid, email,
full_name) passed from Novi — any 36-char string granted authenticated access
with no actual verification.
The (idaa)/+layout.svelte now performs an async Novi API call on every UUID
load to verify the UUID exists, fetches name/email directly from Novi (cannot
be spoofed via URL), and sets $idaa_loc.novi_verified on success.
All-or-nothing: if novi_idaa_api_key is absent or the call fails, access denied.
- ae_idaa_stores.ts: add novi_verified boolean field to idaa_loc
- (idaa)/+layout.svelte: async UUID verification with spinner to prevent
Access Denied flash; permission upgrade-only strategy preserved
- video_conferences/+page.svelte: skip duplicate Novi member details call if
layout already verified ($idaa_loc.novi_verified check)
- iframe HTML files: remove browser-side Novi API fetch and email/full_name
params; pass only uuid; add README/START/STOP/WARNING comments for client
staff; fix iframe-before-script DOM ordering bug
- documentation: CLIENT__IDAA_and_customized_mods.md updated with full
verification flow, site_cfg_json fields, permission table, access gate
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- CLIENT__IDAA_and_customized_mods.md: New comprehensive doc covering IDAA
architecture, all 4 submodules (Archives, BB, Recovery Meetings, Jitsi),
Novi UUID auth system, permission levels, state stores, iframe integration,
and testing requirements. Reverse-engineered from source 2026-02-26.
- MODULE__AE_Events_Badges.md: trailing whitespace only
- tests/README.md: blank line only
