Work log: 2026-04-02

What shipped today

Big day for the content pipeline UX. Three features landed that close critical gaps in the interview-to-draft flow: redo/revise buttons on the interview stage (#1914), editable steering guidance in the content detail view (#1911), and voice import during onboarding (#1915) so new users can populate their profile from existing writing samples. These were all merged to main and auto-deployed via Vercel.

On the infrastructure side, two security upgrades shipped: lodash bumped to 4.18.1 resolving the code injection vulnerability (GHSA-r5fr-rjxr-66jc, #1910), and the Anthropic SDK upgraded to 0.82.0 to fix a path validation bypass (#1908). Engine test coverage expanded with new tests for the trial_expired and admin_scorecard_email handlers (#1912), which were previously untested despite being critical business logic.

Separately, a doc hygiene session trimmed PRODUCT.md, DECISIONS.md, and RISKS.md by 700 lines (57%) to reduce token cost. All Rails-era decisions (Solid Queue, Heroku, SendGrid, GPT-4o, model callbacks, etc.) were removed since they described infrastructure that no longer exists. Resolved risks were pruned from RISKS.md. Pricing corrected to $99/$249 across all docs. #1917 (lodash vuln) was closed as already-resolved.

Completed

• #1915: Import voice from existing writing during onboarding
• #1914: Add redo/revise buttons on interview stage
• #1911: Steering guidance field now editable in content detail
• #1912: Test coverage for trial_expired and admin_scorecard_email handlers
• #1910: Lodash security upgrade to 4.18.1
• #1908: Anthropic SDK security upgrade to 0.82.0
• #1917: Lodash vuln issue (closed as already resolved)
• Doc trimming: PRODUCT.md, DECISIONS.md, RISKS.md cut from ~1,236 to ~533 lines

Release progress

• v1.5: 1 open / 49 closed (nearly complete)
• v2.0 (Product simplification): 25/25 closed
• v2.1 (Content model refactor): 15/15 closed
• v2.2 (Simplified pipeline): 3/3 closed

Carry-over

• #1916: Curated hand-picked briefing option — waiting on Paul’s clarification about what “hand-curated” means in practice
• #1913: White-label briefings — blocked on #1916

Risks

No new risks. Existing open risks unchanged (engine handler test coverage gaps, no web frontend tests, missing error boundaries, MCP OAuth token persistence).

Flags and watch-outs

• PRODUCT.md still references “$149/month entry point” in the tertiary audience description (line 33) — inconsistent with the corrected $99/$249 pricing table. Minor but should be cleaned up.
• The dev-loop ran idle for ~6 ticks with nothing in any queue. The project is in a good state but starving for new issues.

Next session

• Answer #1916 clarification (Paul) so the briefing feature can move to prep
• The last v1.5 open issue needs identification and closure
• Consider running /scout to surface new work — codebase has been stable for several days and the issue queues are empty