Weekly — week of 2026-05-31

Weekly digest for the week of 2026-05-25 → 2026-05-31. What shipped:

Four account-status states designed and fully built, two specs written and deliberately shelved, one mobile nav change reverted before it cooled.

OAuth and search fixes. The week opened with two commits resolving a run of proxy and routing problems. cc82c47 added proxy-header support to uvicorn so the OAuth callback URI resolves correctly behind the reverse proxy, then ca2e67 pointed the redirect_uri explicitly at the SPA callback page. The same first commit widened brain search to include global results — it had been scoped too narrowly.

Mobile nav. A profile-menu-to-sidebar-bottom change shipped and was reverted within four minutes. Whatever it broke wasn’t caught before merge. It needs a clean re-land, and the sequence warrants a quick look at why review didn’t catch it. Later in the week, #141 and #142 addressed the broader mobile layout — hamburger drawer, topbar compression, long site-name truncation, rail-profile visibility on collapsed mobile — and those held.

Account-status lifecycle. ADR 0024 decided a four-state model (active, suspended, banned, deleted_pending) with enforcement at login, session, chat, and brain layers, plus a last-change snapshot on the users row for hot-path reads and a full history table for forensics. The spec and the full implementation landed the same session across #148–#152: schema, login/session guards, suspended-state endpoint guards with a frontend banner, admin endpoint and history UI, then two fixup PRs covering no-op transition rejection, a shared suspended-guard, index direction, and test tightening.

Brain vault admin editor. #143–#146 added an admin SPA tab for reading and editing any user’s SOUL, BIBLE, HEARTBEAT, and memory entries. Memory edits atomically re-embed via Voyage to keep retrieval consistent. Every mutation writes an audit row with full before/after content.

Two specs shelved on purpose. The Subscription Events Sync pipeline and the query_sql read-only SQL surface are fully specified and approved — fourteen tasks, seven-layer safeguard stack, deduplication constraints, the works — and neither is being built yet. Both are held pending launch and real usage signal. The sequencing is explicit: watch the logs, then build only what they justify.

Notable. The standup bot itself got patched (#8) after the previous session’s output hallucinated PR URLs and linked spec files via source-repo paths that 404 on the deployed KB. Two root causes: a commit-message PR-URL fallback for when the search token lacks PR scope, and a post-generation stripper that unlinks any target pointing at a .md or source-path URL. Tooling that corrupts its own audit trail is a structural problem; worth confirming the fix holds across next week’s output before trusting it.

---

Synthesized from 3 daily standups in [2026-05-25, 2026-05-31].