diff --git a/OPEN_THREADS.md b/OPEN_THREADS.md
index 609479f..0d58594 100644
--- a/OPEN_THREADS.md
+++ b/OPEN_THREADS.md
@@ -1,4 +1,4 @@
-# Open Threads – zlh-grind
+# Open Threads — zlh-grind
 
 This file tracks items that are unresolved, under investigation, or explicitly deferred.
 
@@ -64,4 +64,25 @@ This file tracks items that are unresolved, under investigation, or explicitly d
 - PM2 usage
 - React Router
 - HUD/scanline UI experiments
-- Neon accent palette
\ No newline at end of file
+- Neon accent palette
+
+---
+
+## Portal Migration to APIv2 Auth (Open)
+
+### Context
+- Portal was originally built against APIv1 + Pterodactyl
+- APIv2 auth is now live and verified
+- Portal login + data access must be realigned
+
+### Open Questions
+- Which API routes should be protected first by auth?
+- When should refresh-token or session renewal be added (if ever)?
+- Should roles/scopes be enforced now or deferred?
+
+### Blocking Items
+- Portal login page still assumes CSRF + legacy flows
+- Legacy API abstractions still present in portal repo
+
+### Owner
+- Portal Team