Cross-project synthesis: March 19, 2026

Four projects active today. Lighter fleet activity but significant depth on each — two products deployed to production, one resolved its longest-standing security issue, and the fourth got a major feature expansion.

Authexis — Dashboard enrichment + auth infrastructure

The dashboard article listings got a usability overhaul. “Top articles this week” now shows inline thumbs up/down rating buttons (clickable without navigation), the AI’s scoring rationale below each article, and uses the shared ScoreBadge component. Users can triage articles directly from the dashboard instead of navigating to the articles page.

Auth infrastructure hardened: a full set of branded Supabase email templates (confirmation, recovery, magic link, invite, email change, reauthentication) using the gold-ribbon design system. The Supabase redirect URL configuration was fixed — wildcard patterns don’t work in production, replaced with explicit callback URLs via supabase config push. Auth config is now version-controlled in web/supabase/config.toml.

Two smaller fixes: workspace switcher’s transient 500 error (race condition with .single() vs .maybeSingle()) and missing image_style field in workspace settings. 5 issues closed.

A near-miss: the first supabase config push accidentally overwrote remote auth settings (MFA, email confirmations, OTP). Caught in the diff output and corrected immediately. All settings restored, but it highlights the risk of config push overwriting everything — always diff before pushing.

Dinly — Massive feature expansion, deployed to production

Dinly evolved from yesterday’s MVP into a multi-user, type-aware meal planning platform and deployed to production at www.getdinly.com.

The session started with a quality pass: 22 scout findings across error handling, RLS security, timezone safety, ICS compatibility, and parser edge cases. All 6 grouped issues shipped: error feedback on save actions, error boundaries and loading skeletons, RLS ownership audit, timezone-safe date arithmetic, VTIMEZONE in calendar exports, and divide-by-zero guards in the ingredient parser.

Meal types became a first-class concept: 28 canonical dinner styles (pasta, tacos, stir fry, etc.) with keyword-based auto-categorization covering 95% of 3,808 imported recipes. Recipe cards show type badges, the library has a type filter, and candidate selection groups by type. Family members can now request dinner types or specific recipes during voting, feeding into the ranking engine with +3/+5 boosts.

Multi-user household support shipped as a complete chain: email field on family members, branded invite emails via Brevo, invite acceptance auto-linking to household and profile, independent voting for logged-in members, and role-based access controls (shared/cook/admin tiers). The is_primary_cook boolean was replaced with is_cook for multi-cook households. Admin pages show all users, households, and invite status.

Email infrastructure built on Brevo’s transactional API: TypeScript client ported from the paulos Python pattern, 5 dark-themed HTML notification templates, 6 Supabase auth templates. All transactional emails auto-BCC the admin.

Recipe bookmarks shipped with four types (want to cook, favorite, tried, not interested), signals feeding into the ranking engine (+2 want to cook, +1 favorite, -2 not interested).

The planning flow was redesigned: the old linear model (pick recipes → vote → assign days) became a type-aware multi-stage flow: Draft → Vote → Curate → Resolve → Assign to Days → Shopping List. The curate and resolve steps are new additions enabling the cook to pick winners from ranked results and assign specific recipes to type entries.

The project restructured to web/ subdirectory and deployed to Vercel. 32 issues closed.

Eclectis — Token encryption resolved, launch prep continues

The longest-standing security issue is fixed. Integration tokens (Raindrop, Readwise) are now encrypted at rest using Supabase Vault. The implementation uses a BEFORE INSERT/UPDATE trigger that encrypts on write and a user_profiles_decrypted view for reads. The journey had a bump: the original migration failed silently because pgcrypto functions on Supabase need extensions. schema qualification, and the initial switch to the decrypted view (before the migration actually worked) broke the entire settings page — interests, preferences, and integrations all returned null. Caught when Paul noticed his interests were empty, diagnosed quickly, reverted reads, fixed the migration SQL, reapplied, and switched back. Clean now.

Article listings gained summaries (4 lines below titles), fixing a long-standing issue where the content_summary DB column was never mapped to the frontend summary field. Also discovered Claude was prepending “# Summary” headers to every summary despite prompt instructions — moved formatting rules to the system prompt and ran a migration to strip existing headers.

Other fixes: onboarding redirect loop (middleware hardcoding /onboarding instead of /articles), branded email templates, BCC on transactional emails. Via grind earlier: OG meta tags, robots.txt for authenticated routes, Claude API timeouts, Stripe price ID logging, scan log status tracking, and a blog page pulling from paulwelty.com RSS. 14 issues closed.

Prakta — Production deployment live at www.prakta.io

Prakta is live in production. The main deployment blocker was a Vercel project mismatch — the domain was assigned to one project while code was deployed to another (created when linking from the web/ subdirectory). Fixed by relinking to the correct project and pushing all environment variables.

Feature additions before deployment: admin nav section, blog pages from paulwelty.com RSS filtered by “prakta” category, self-assessment settings with config lever mapping, task prereqs with AI guessing, Stripe idempotency keys, webhook error handling, input validation, and the logo (combined P symbol + wordmark in the warm editorial palette). Supabase auth configured with explicit redirect URLs and 6 branded email templates. 14 issues closed.

Cross-cutting themes

Production deployments. Both Dinly (www.getdinly.com) and Prakta (www.prakta.io) deployed to production today. Two products went from code to live in the same session. Combined with Eclectis being launch-ready, three products are now in production and approaching real users.

Supabase auth patterns converging. Authexis, Dinly, Eclectis, and Prakta all shipped branded email templates and auth configuration today. The pattern is stabilizing: explicit callback URLs (no wildcards), config.toml committed and pushed via supabase config push, six branded templates matching each product’s design system. This should become a standard scaffold step for new products.

Brevo as the transactional email layer. Dinly built a TypeScript Brevo client ported from the paulos Python pattern. Authexis and Prakta also use Brevo. The transactional email infrastructure is converging across the portfolio — a shared pattern for invite emails, notification emails, and auth templates.

The “config push overwrites everything” risk. Authexis accidentally overwrote remote Supabase settings. Eclectis had a similar migration-order bug. Both were caught and fixed quickly, but supabase config push and supabase db push are destructive operations that need the same care as git push --force.

Carry-over

• Authexis: Verify auth flows after config push, test briefing pyramid on Stacy’s workspace
• Dinly: Test new planning flow end-to-end in browser, configure Supabase SMTP and email templates, wire Brevo notifications into app actions
• Eclectis: Apply email templates to Supabase dashboard, verify PostHog and Sentry, create Product Hunt launch milestone
• Prakta: Paste email templates into Supabase dashboard, test full production flow, configure Google OAuth and Stripe products

Risks

• Eclectis Vault key. If the integrations_encryption_key in vault.decrypted_secrets is deleted, decryption fails silently (returns empty JSON). All integration token reads depend on this key existing.
• Dinly new planning flow untested. The Draft → Vote → Curate → Resolve → Assign flow is built but not yet walked through end-to-end with real data.
• Prakta and Dinly have zero tests. Combined ~80 issues shipped with no test coverage.
• Brevo API key exposure. An Eclectis key was accidentally pasted in chat and rotated. Confirm the new key is in Railway env vars.

By the numbers

65 issues closed across 4 projects. Two new products deployed to production. The fleet is entering the launch phase.