- LCI October — Pres Mgmt Restoration: all items now checked, header
flipped from 🔴 in-progress to ✅ complete.
- Axonius DC — June 9: the show happened, badge layout work is done.
Downgraded the remaining "Badges follow-ups" from 🔴 (event-deadline
urgency) to 🚧 (normal backlog) — no event deadline attached until the
next badge-printing event.
- Checked "Use template badge types in search filter" per request:
confirmed still NOT done — ae_comp__badge_search.svelte still has a
hardcoded "Axonius 2026 badge type codes" list with its own pre-existing
TODO comment. Left open, noted the verification.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
presenter_is_authed only checked sign-in state, never .agree, so a
presenter could upload without ever agreeing whenever the admin's
"Require Presenter Agreement" setting was on.
Added presenter_agree_ok (trusted_access || !require__presenter_agree ||
auth__event_presenter_obj.agree) and presenter_can_upload
(presenter_is_authed && presenter_agree_ok) in
presenter/[presenter_id]/+page.svelte, swapped into every place the
upload UI / file-list permissions are gated in both the default and
manage_files alt views. The alt view's public_access identity bypass is
preserved but now also requires presenter_agree_ok.
Added an inline warning message in place of the upload section when
signed in but pending agreement, instead of it silently disappearing.
Marked done in TODO__Agents.md; all three open LCI Pres Mgmt restoration
items are now resolved (2 were already fixed and just needed verifying).
svelte-check: 0 errors, 0 warnings.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Checked all three open items in the LCI October restoration list
against current code:
- Presenter email sign-in link routing — FIXED (2026-06-12, e05602b87).
email_sign_in__event_presenter() routes through the session page with
presenter_id/presentation_id params; verified sign_in_out.svelte reads
them and grants presenter-level auth, not just session read access.
- session_page_menu.svelte sign-in prop — VERIFIED CORRECT, no bug found.
event_session_id prop is the real session object field, not a URL
param. The component's separate url_session_id is intentionally a
different thing (POC/Champion link shape only).
- Presenter agreement not enforced before upload — STILL OPEN, confirmed.
presenter_is_authed (the gate used everywhere upload UI shows) has no
dependency on .agree at all; require__presenter_agree only controls
whether the Agreed/Not Agreed button is shown, never blocks anything.
No enforcement found anywhere in the chain, including inside the
upload component itself. Added a concrete fix direction.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- BOOTSTRAP__AI_Agent_Quickstart.md: new category 9 under Common Mistakes
pointing to today's incident (local/remote config sync pitfalls)
- REFERENCE__Common_Agent_Mistakes.md: three new entries —
16) local "shadow field" silently bypasses an admin-synced master field
17) SWR await after a write does not mean dependent caches are fresh
18) conditional/stateful sync gates are effectively undebuggable
- PROJECT__Stores_Svelte5_Migration.md: updated the canonical Migration
Pattern example to stamp __version in the serializer (the old example
silently didn't, which is exactly what caused the leads_loc/pres_mgmt_loc
bugs fixed today); flagged badges_loc/launcher_loc/events_auth_loc as
not yet fixed (dormant, not harmful) and idaa_loc as the next migration
that should get this from day one
- TODO__Agents.md: cross-referenced today's Pres Mgmt config sync overhaul
in the LCI October restoration section for context, without touching
the open items in that list
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Two things prompted by direct feedback after testing:
1. Every input on the Config page now has a title tooltip explaining what
it actually controls, where, and any interaction with other settings
(e.g. clarifying Hide Location affects both the session detail page AND
the Location column in Session Search results — not obvious from the
label alone).
2. Split "Session Field Visibility" into "Session Display" (just
description/location/message) and a new dedicated "POC Settings"
section. Previously hide__session_poc ("Hide POC", checked = remove)
sat directly next to show__session_li_poc_field ("Show POC Column",
checked = add) in the same flat list — same checked state meaning
opposite things for adjacent fields, confusing even though each field's
own hide__/show__ naming is internally consistent with the project
convention. Hide POC is now rendered as a visually distinct master
switch (bold, its own row) with the three dependent settings indented
under a left border below it and auto-disabled (with reduced opacity)
whenever Hide POC is checked, so the "no effect once hidden" dependency
is visible in the UI, not just documented in a footnote.
No field semantics changed — same PressMgmtRemoteCfg, same sync function,
same save path. Pure presentation/documentation pass.
Logged the rationale in PROJECT__AE_Events_PressMgmt_Config_Cleanup.md.
svelte-check: 0 errors, 0 warnings.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Same bug pattern as the earlier POC column fix. The Session Search
results table's Location column prop only ever read the local-only,
never-synced hide__session_li_location_field — never the admin-synced
hide__session_location (Config page > Session Field Visibility > Hide
Location). Column always showed regardless of that setting or
permission level.
Fixed in pres_mgmt/+page.svelte:
hide__session_location || hide__session_li_location_field
The other two usages of this component already hardcode
hide__session_location={true} correctly (you're already on that
location's own page, showing its name again would be redundant).
Logged in PROJECT__AE_Events_PressMgmt_Config_Cleanup.md with a note to
audit other hide__* fields for the same gap if more reports come in.
svelte-check: 0 errors, 0 warnings.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
lock_config made roughly half of sync_config__event_pres_mgmt()'s fields
conditional: they only updated in a given browser if lock_config happened
to be true at the exact moment that browser last synced. A field's local
value therefore depended on the history of saves, not the current setting
— undebuggable from the UI, and easy to corrupt by toggling Lock Config
off even briefly during testing. This was the actual root cause of the
"POC column / Hide POC sometimes works" reports.
Checked the DB: every event, old and new, already had lock_config: true.
The "unlocked, per-browser preference" use case it was built for has
never actually been used in practice.
- Removed lock_config from PressMgmtRemoteCfg, PresMgmtLocState, the
sync function (no more conditional block — every field syncs
unconditionally now, same as labels/Require Agreements always did),
and the Config page UI (no more System section)
- Old DB records with a lock_config key are simply ignored, same as any
other removed key — no migration needed
- Moved the now-fully-orphaned ae_comp__event_settings_pres_mgmt_form.svelte
to ~/tmp/agents_trash (zero imports anywhere; the settings page already
links to the canonical Config page) — completes Step 5 from the
cleanup doc
- Marked PROJECT__AE_Events_PressMgmt_Config_Cleanup.md complete — all
Implementation Steps and known regressions resolved
svelte-check: 0 errors, 0 warnings.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Four fixes found while tracing why Manager-saved Config page changes
(QR, POC column, etc.) weren't reliably reaching pres_mgmt_loc:
1. Config page save was a race, not deterministic. The save handler only
called load_ae_obj_id__event() (SWR — returns stale Dexie cache
immediately, refreshes in the background, not awaited) and assumed
that "picked up the new config." It never called
sync_config__event_pres_mgmt() itself. Now calls it directly with the
just-saved draft, so the editing browser updates instantly with no
race. Kept the load_ae_obj_id__event() call (default try_cache: true)
for propagating to other browsers/tabs via Dexie — do not pass
try_cache: false there, that skips the Dexie write entirely.
2. Removed the dead "Lock Config" Sync/Unlink toggle in the sign-in
panel (e_app_access_type.svelte). It wrote to four fields
($ae_loc.lock_config/sync_local_config,
pres_mgmt_loc.current.lock_config/sync_local_config) that are never
read anywhere (confirmed via full-repo grep), and confusingly shared
a name with the real, functional "Lock Config" checkbox on the Pres
Mgmt Config page. Removed the button and the now-orphaned
lock_config/sync_local_config fields from PresMgmtLocState.
3. show__launcher_link was never assigned by sync_config__event_pres_mgmt()
— only its inverse hide__launcher_link was. The toggle button's
`show__launcher_link || trusted_access` visibility gate (in 3 menu
files) always collapsed to trusted-only, ignoring the admin's setting.
Added the missing assignment.
4. AE_PRES_MGMT_LOC_VERSION was bumped to 2 this morning claiming it
"forces a localStorage reset" — it didn't, because _check_and_wipe()
was never wired up for ae_pres_mgmt_loc, and even if it had been, the
store never wrote a __version field to compare. Fixed: the store's
serializer now stamps __version, and store_versions.ts wires the
check. Found and fixed the same bug already live in ae_leads_loc,
except worse there — it was wiping leads users' local prefs on EVERY
page load, not just once.
All logged in PROJECT__AE_Events_PressMgmt_Config_Cleanup.md.
svelte-check: 0 errors, 0 warnings.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Root cause of the presenter QR not propagating to other browsers/incognito:
sync_config__event_pres_mgmt() was only called from pres_mgmt/+page.svelte
and session/[session_id]/+page.svelte. A browser landing directly on the
presenter page (e.g. via a presenter's sign-in link) never synced remote
config into pres_mgmt_loc.current at all — every always-synced and
lock-synced field (QR enables, POC visibility, code visibility, labels,
etc.) silently stayed at hardcoded local defaults regardless of what was
set on the Config page, since that page was never visited in that browser.
Added the same sync $effect (mirroring the existing pattern/comment already
in session/[session_id]/+page.svelte) to:
- presenter/[presenter_id]/+page.svelte
- locations/+page.svelte
- location/[event_location_id]/+page.svelte
- reports/+page.svelte
Logged in PROJECT__AE_Events_PressMgmt_Config_Cleanup.md with a note that
any future pres_mgmt entry page needs the same block.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
show__presenter_qr (admin) is meant to be the global default for everyone,
signed in or not. show_content__presenter_qr is a trusted-staff-only local
override for when the admin hasn't enabled it globally. Presenter QR was
still on the old logic requiring show_content__presenter_qr to also be
true even when the admin enabled it for everyone — non-trusted users
(presenters) have no way to set that flag, so QR never appeared for them.
- presenter_view.svelte: generation effect + display block now use
show__presenter_qr || (trusted_access && show_content__presenter_qr),
matching the session_view.svelte fix from earlier today
- presenter_page_menu.svelte: QR toggle was gated to administrator_access,
hiding it from plain Trusted onsite staff; loosened to trusted_access
and dropped the redundant `|| trusted_access` (now only shown when
admin hasn't already enabled QR globally)
- ae_comp__events_menu_opts.svelte: both session and presenter QR toggles
were visible to all authenticated_access users whenever admin had
enabled QR globally, even though the toggle had no effect for them;
now gated to trusted_access && !show__*_qr, matching session_page_menu.svelte
- Log the fix in PROJECT__AE_Events_PressMgmt_Config_Cleanup.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
show__session_li_poc_field was local-browser-only and the session list
prop computation ignored the admin's hide__session_poc master switch
entirely, so disabling POC for an event didn't hide the column if a
user's browser had it toggled on.
- Add show__session_li_poc_field to PressMgmtRemoteCfg + Config page UI
(Session Field Visibility) + sync_config__event_pres_mgmt() lock-synced
block, so it's admin-configurable per event like the other display flags
- Fix list/table column visibility to hide__session_poc || !show__session_li_poc_field
in pres_mgmt/+page.svelte and locations/ae_comp__event_location_obj_li.svelte
- Remove the now-redundant local "Show/Hide POC Column" toggle buttons from
ae_comp__events_menu_opts.svelte and event_page_menu.svelte
- Log the fix in PROJECT__AE_Events_PressMgmt_Config_Cleanup.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- session_view.svelte: session name/code were only rendered in edit_mode — non-editors
saw a blank card. Now always visible; edit_mode just wraps them in field editors.
- Restructured hero card as a <ul> with datetime, room, and POC as rows inside the card.
POC no longer floats below as a disconnected block.
- Dynamic POC label (label__session_poc_name) used throughout: row label, modal titles,
fallback text, and editor label — no more hardcoded "Host:".
- POC "Select Person" flow: gate select editor on person_options_loaded to prevent empty
dropdown on open; button reads "Reload Person" after list is loaded.
- Restored email sign-in link button in POC row with idle/sending/sent/error feedback.
Shown when require__session_agree && show__email_access_link && poc_person_primary_email.
- Restored inline copy-access-link for trusted staff (show__copy_access_link).
- session_page_menu.svelte: fix event_session_id prop — was passing event_id instead of
event_session_id, breaking the Sign_in_out auth grant.
- ae_comp__event_session_poc_profile.svelte: migrate run() to $effect, fix poc_person_id_random
→ poc_person_id, fix events_slct reference in copy link URL.
- +page.svelte: add pres_mgmt config sync so session pages opened directly by URL get
correct hide__session_poc and other remote config values.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Rewrote PROJECT__IDAA_Stores_Svelte5_Migration_2026.md with complete
detail: full 29-file consumer inventory with hit counts per module,
exact files that only reference the localStorage key string (no changes
needed), store_versions.ts wipe note, explicit Phase 1 ordering, test
seed guidance, and updated Risk Register including R3 nested-object
merge gap.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
BOOTSTRAP__AI_Agent_Quickstart.md: rewrite store reactivity trap section
to distinguish events sub-stores (PersistedState, fine-grained) from
ae_loc/idaa_loc (svelte-persisted-store, coarse). Add import/read/write
syntax examples and pointer to migration doc.
PROJECT__Stores_Svelte5_Migration.md: rewritten to reflect events module
fully complete; documents established PersistedState pattern with canonical
examples; tables show all 5 sub-stores done + events_loc retired.
TODO__Agents.md: events migration marked complete (2026-06-11); idaa_loc
and ae_loc listed as remaining work; stale events_loc file_display_overrides
ref fixed.
tests/README.md: replace Leads-only store migration note with full events
sub-store table, localStorage keys, and explanation of PersistedState
deserialization (no __version guard needed).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
New report at Pres Mgmt > Reports > File Downloads. Groups all event files
by session and presenter, with 10 filename format presets (original, session
code/date/name combos, presenter variants). Per-file Download button and Copy
Link button using hosted_file endpoint for ?key= auth support.
Also fixes direct download links in element_manage_event_file_li and the
hosted_files download button — event_file endpoint does not yet propagate
?key= auth internally, so all direct links now use hosted_file endpoint
which supports it today.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds cfg_json.punch_holes.{left,right,center} to mark pre-perforated badge
clip slots with X overlays. Slots are 5/8in x 1/8in, 1/4in from top,
3/8in from left/right edges. Markers print on the badge so attendees know
where to push out the perforations. Template form exposes checkboxes in
Header & Branding. Documented in MODULE__AE_Events_Badge_Templates.md.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
BOOTSTRAP__AI_Agent_Quickstart.md:
- Mistake #15 addendum: events/session modules use legacy tmp_sort_1 encoding
(priority=true→'1'), not build_tmp_sort — requires descending sort until migrated
- Mistake #16 (new): service worker without skipWaiting+clients.claim silently serves
stale code to long-lived tabs; explains the "can't reproduce in dev" pattern that
likely caused the IDAA recovery meetings issue for months
CLIENT__IDAA_and_customized_mods.md:
- New "Sort Encoding" section: table of legacy vs build_tmp_sort modules with
correct comparator direction for each
- New "Search Trigger" section: explains why $slct.account_id not $ae_loc.account_id
TODO__Agents.md:
- IDB Sort: added ae_events__event migration task + legacy encoding warning
- DevOps: marked service worker fix complete; replaced nginx caching item with
proxy buffer tuning task
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Public (attendee) kiosk: unprinted badges link to /review; printed
badges show green "Checked in · Nx · First/Last" row (non-clickable)
- Public attendees no longer see Print button (staff-only action)
- Printed badges sort to end of list for public non-trusted users
- Manager access: Print (reprint) and Email Link buttons always visible
without requiring Edit Mode; main row behavior unchanged
- Empty state wording: context-aware — "Enter your name above to find
your badge" for public users with no query vs "No badges found" after
an actual search
- Docs: Epson C3500 fanfold section filled in (was empty placeholder);
style_href/duplex implementation status corrected in badge templates
doc; Axonius C3500 layout TODO marked complete
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
build_tmp_sort() encodes priority=true as '0' for ascending sort. JS comparators
were using b.localeCompare(a) (descending), inverting the encoding so priority=false
items sorted first. Fixed to a.localeCompare(b) in ae_journals_search_helpers.ts (3
sites in recovery_meetings +page.svelte and wrapper component).
Also fixes a Dexie anti-pattern in bb/[post_id]: .reverse() before .sortBy() is a
no-op in Dexie; moved array .reverse() to after the await.
Documents the encoding rule and legacy inverted-encoding modules in
GUIDE__SvelteKit2_Svelte5_DexieJS.md and adds mistake #15 to BOOTSTRAP quickstart.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds entry #14 to BOOTSTRAP__AI_Agent_Quickstart.md (section 7 "Mistakes
Agents Have Made") and a new "Bootstrap Race" subsection to
GUIDE__SvelteKit2_Svelte5_DexieJS.md ("Common Gotchas"), capturing the
fix from 5fce14980: gate account-scoped liveQuery triggers on
$slct.account_id (non-persisted), not $ae_loc.account_id (persisted,
potentially stale), and treat IDB records from a different non-null
account as a cache miss. Also fixes five pre-existing MD049 emphasis
style warnings (asterisk → underscore) in the Dexie guide.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
MODULE__AE_Events_Launcher_Config_Menu.md — v3.0 inventory of the
3-tab drawer layout (now superseded but kept as reference baseline).
MODULE__AE_Events_Launcher_Config_Menu_new.md — v3.1 unified design
spec that drove the sidebar tab migration.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Proactively re-injects 'key' (site access key) and 'uuid' (Novi token)
into 'Open Externally' and 'Copy Link' URLs on the Video Conferences
page. This prevents authentication failures when members open meetings
in a new browser tab after SvelteKit internal navigation has dropped
the bootstrap parameters.
Updated CLIENT__IDAA_and_customized_mods.md to document the requirement
for these keys in breakout URLs.
Kills the standard conference presentation app set between sessions:
Microsoft PowerPoint, Keynote, Adobe Acrobat Reader DC, VLC, soffice.
- Calls native.kill_processes({ process_name_li }) via existing relay
- Process list overridable per device via event_device.other_json.launcher.kill_process_li
- Button lives in Native OS config > System Actions (edit mode only)
- Reuses system_status for feedback — shows which apps are being killed
- Original list recovered from git history of legacy architecture docs
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Moved PROJECT__AE_Events_Badges_Config_Cleanup.md to archive.
- Updated PROJECT__Use_AE_API_V3_CRUD_upgrade.md with latest audit and migration status.
- Migrated ae_comp__event_presenter_form_agree.svelte to modern V3 update_ae_obj helper.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Archived completed May 2026 tasks and streamlined the active list to
focus on upcoming events and the final V3 API surgical cleanup.
- Created TODO__Agents__ARCHIVE_2026-05.md with completed items.
- Streamlined TODO__Agents.md for active show support (CMSC, Axonius).
- Added V3 CRUD migration tracking for core site and utility helpers.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Standardized documentation structure for Badges and Leads modules into
focused technical references and practical onsite guides.
- Refined MODULE__AE_Events_Badges.md (Core data integrity & sync logic)
- Renamed MODULE__AE_Events_Exhibitor_Leads.md to MODULE__AE_Events_Leads.md
- Renamed MODULE__AE_Events_Badges_Onsite.md to GUIDE__AE_Events_Badges_Onsite.md
- Expanded GUIDE__AE_Events_Onsite_Runbook.md with Badge and Leads sections.
- Maintained all critical business logic, including the 'Override Fields' pattern.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
