Synthesis: March 23, 2026

Authexis — pipeline collapse and stage_data migration

The idea-to-content pipeline was fundamentally restructured. The old 5-step article processing chain (google search → fetch → score → store → generate ideas) was replaced with a single daily.scan_and_generate_ideas handler that passes search result snippets directly to the idea generator as ephemeral context. No articles are stored. Roughly 4,200 lines of dead article handler code were removed (7 handler files, 7 test files). Briefings were gutted too — removed Claude-generated article sections, pyramid layout, lifecycle prompts, and onboarding drips. Briefings are now pure data assembly with no AI call needed, saving ~1,391 lines.

The stage_data audit completed: all remaining reads across engine and web were replaced with flat column reads (#1607-1609). The AI model was upgraded from Claude Sonnet 4.5 to Sonnet 4.6, guidepost prompts were rewritten with mandatory formatting requirements and self-check checklists, and a _smartify_quotes post-processor was added to guarantee curly quotes and em dashes in all output.

Blog queue slot-filling was implemented — blog posts now auto-schedule via slots, mirroring the social queue pattern. Publishing logs now track all outbound activity. Multiple deploy failures from a Python 3.11 f-string syntax error were resolved (Railway’s Python 3.11 doesn’t support backslashes in f-strings that Python 3.14 allows). Three milestones closed: v2.0 (product simplification), v2.1 (content model refactor), v2.2 (simplified pipeline).

Eclectis — product launch readiness sprint

The biggest single-day sprint in the project’s history — 23 issues closed, driven by a Cowork product test run that exposed a chain of dead ends in the signup-to-first-article journey. Email confirmation was redirecting to an empty articles page instead of onboarding (#431). After signup, users saw no “check your email” message (#424). The onboarding “Start discovering” button led to an empty page with no scanning indicator (#428, #422). All fixed: signup now shows a confirmation screen, email confirmation routes to onboarding, and the articles page polls for scan progress (“Scanning your sources… 2 of 4 complete”).

Stripe was set up from scratch — product, price ($8/mo Pro), webhook, and env vars in Vercel production. A persistent upgrade banner was added for free-tier users (#430). An API key security issue was found and fixed: the raw Anthropic key was being sent to the browser (#429).

The Mailgun SKIP_PATTERNS fix from the supervisor’s intervention led to a deeper repair: a migration was written to reprocess all newsletters that completed with zero articles before the fix (#433), recovering previously lost content. The Brevo webhook was hardened with per-item try/catch (#435). Vote notes, tooltips, and a downvote-asks-reason flow rounded out the UX work.

Paulos — rollover fixes, fleet config, marketing CLI

The session shipped 30+ issues across three themes. The rollover pipeline got 5 fixes (#547-551): fleet.toml host filtering, bare shell detection via has_claude_agent(), polymathic-h exclusion (it’s the aggregation target, not an injection target), serialized git pushes to prevent merge conflicts, and supervisor idle detection before sum-up/reflect.

The briefing system gained three features: daily synthesis scanner (#494), needs-clarification issue display (#499), and git-based fallback (#496). The complete marketing CLI was built: intake, engage, train, review, and status commands with 33 tests. Security hardening: webhook auth fail-secure (#524), SSH shell escaping (#525), graceful API key handling (#558-560).

Scholexis — five core CRUD features in one day

The app went from having 5 dead sidebar links to a fully navigable product. Assignments CRUD (#209), Tasks with inline status toggle (#210), Events with all-day toggle (#211), Calendar week view aggregating all three data sources (#212), and Access Grants with inline email-based user lookup (#213) — all built from scratch.

Security hardening continued: role validation whitelists only “student” and “parent” in signup (#191), rate limiting added to login and signup (#194), dashboard queries parallelized from 12+ sequential calls to Promise.all() (#193). All browser confirm() dialogs replaced with styled ConfirmDialog components using shame-free language (#192). Tests brought to 101 total. Next.js port milestone at 102/105 — remaining 3 issues all need human decisions, not code.

Dinly — production readiness across 4 scout passes

Over a two-day session, 18 issues were closed across security, performance, UX, tests, and dead code. HTML injection in invite emails was fixed (#178). Recipe time fields now clamp to valid ranges (#190). The plan page’s 3 redundant family member queries were deduplicated (#188). The onboarding wizard finally displays errors instead of silently swallowing them (#189). 10 unit tests were added for the ingredient parser, bringing the total to 75. The .env.example was created and CRON_SECRET set in Vercel production. 4 of 5 product vision items are now implemented — only “AI assists with suggestions” remains, filed as #192 needing Paul’s input.

Prakta — scout-triage-execute cycle

A full scout-triage-execute cycle cleared 10 issues. Two security vulnerabilities were fixed: completeSourceTask was missing user_id verification (#207, allowing cross-user manipulation), and the WebAuthn challenges table had an overly permissive RLS policy (#208). Defer re-ingestion was moved from synchronous to background execution using Next.js 16’s after() API (#209). The biggest UX change: post-login now redirects from /dashboard to /today (#211), aligning the entry point with the serve-don’t-show model across all 5 auth flows. Only 3 open issues remain, all backlog/blocked.

Phantasmagoria — narrative-first pipeline integration

The new Phase 1 → Phase 2 → Phase 3 architecture was integrated into all three production generators (generate_standalone.py, generate_anomaly.py, generate_site.py). The old GUIDE_*.md prompt building (hundreds of lines of string concatenation per generator) was replaced by template loading from PROMPT_*.md files with variable substitution. Net result: -737 lines across the three generators while gaining better narrative quality and coherent effects. 38 unit tests were added for event_assembler.py. 730 lines of dead code removed. PRODUCT.md rewritten to reflect the new “AI for creativity, constraints for balance” principle. The scout-to-ship cycle completed in a single day.

Synaxis-h — final polish passes

Seven issues closed in scout passes #11 and #12. Mobile nav got Escape key and click-outside-to-dismiss handlers (#86). SCSS cleanup removed orphaned variables and dead form styles (#87). JSON-LD Organization logo swapped to proper-sized image (#89). SVG logo got width/height attributes to prevent CLS (#94). Fingerprinted JS assets got immutable cache headers (#95). Three remaining issues all require Paul’s input — 12 scout passes have been run and the codebase is comprehensively clean.

Skillexis — security fix and scout

The open redirect vulnerability in auth callbacks (#198) was the highest-priority finding — fixed, tested, and merged. Two scout passes surfaced 10 issues total, 8 labeled ready-for-dev. The test coverage gap in engine command handlers was flagged for prep (#202).

Simplebooks — discovery session

Two scout passes mapped the state of the project post-migration and built a prioritized backlog. The critical finding: all 8,500+ lines of app code (88 files across 16 feature branches) were never merged to main. The main branch still has only Create Next App boilerplate. Five structural issues and five code quality issues were filed. Issue #1 (merge strategy) is the blocker for everything else.

Cross-cutting themes

Product launch readiness. Eclectis, Dinly, and Synaxis-h all hit a “the codebase is clean, what’s left needs human decisions” state. Scout passes are yielding diminishing returns. These projects are moving from build to launch — the remaining work is business decisions (pricing, deployment, content), not code.

Security as a continuous process. Six projects shipped security fixes: Authexis (deploy hardening), Eclectis (API key leak, webhook hardening), Scholexis (role validation, rate limiting), Dinly (HTML injection, input validation), Prakta (user_id verification, RLS), Skillexis (open redirect). The pattern from yesterday continued — each project independently hardens without coordination.

Scout-to-ship in one day. Phantasmagoria and Prakta both completed full scout → triage → execute → ship cycles within a single session. The pipeline is fast enough that discovery and resolution happen in the same day.

Dead code at scale. Authexis removed ~8,400 lines (articles pipeline + deprecated handlers + orphaned routes). Phantasmagoria removed ~1,467 lines (dead generators + guide files). Synaxis-h cleaned another ~1,200 lines of post-prune SCSS. The fleet shed over 11,000 lines of dead code in one day.

The rollover pipeline works. 10 work logs were written automatically by the 2am rollover. This is the first successful end-to-end run — the fixes from the morning session (host filtering, bare shell detection, serialized pushes, supervisor idle wait) all performed correctly.

Carry-over

• Simplebooks merge blocker — #1, all 8,500 lines of app code are on unmerged feature branches. Needs merge strategy decision.
• Eclectis Stripe in test mode — live payments won’t work until switched to live keys.
• Scholexis Next.js port — 102/105 closed. 3 remaining issues need human decisions.
• Authexis #1543 — API, MCP, Apple app refactor needs scope clarification.
• Dinly #192 — AI-assisted recipe suggestions needs Paul’s input on LLM choice/budget.
• Phantasmagoria playtest — first batch run with narrative-first pipeline needs testing in Stellaris 4.3.

Risks

• Authexis Python version mismatch — Railway runs 3.11, local is 3.14. F-string syntax differences caused deploy failures. Consider Docker or CI check.
• Eclectis newsletter reprocessing — if engine hasn’t been redeployed with fixed SKIP_PATTERNS, reprocessed newsletters will hit the same bug.
• Scholexis untested CRUD — 5 new features (2,500+ lines) built from patterns without browser testing.

By the numbers