From e205af0537978b8c98967642970310014307b1f5 Mon Sep 17 00:00:00 2001
From: jester <admin@zerolaghub.com>
Date: Tue, 28 Apr 2026 20:28:04 +0000
Subject: [PATCH] Record Portal auth UX decisions

---
 Codex/Portal/DECISIONS.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Codex/Portal/DECISIONS.md b/Codex/Portal/DECISIONS.md
index 945a169..e9b5a98 100644
--- a/Codex/Portal/DECISIONS.md
+++ b/Codex/Portal/DECISIONS.md
@@ -10,6 +10,9 @@
 - confirmed-unused HUD wrapper components and stale legacy CSS should stay removed rather than being reintroduced as dead scaffolding.
 - runtime/tooling cleanup is allowed when it preserves user-visible behavior and keeps lint/build green.
 - Portal should preserve compatibility with API auth and hosted IDE flows even when API token verification is tightened.
+- password reset request UX must remain account-enumeration safe: the user-facing success copy is generic and must not show account-not-found state.
+- reset-password confirmation must not auto-login; successful reset should direct the user to log in again.
+- authenticated profile password changes use `POST /api/auth/change-password` with `{ currentPassword, newPassword }`.
 
 ## Tracking rule
 - when Portal work completes, remove it from `OPEN_ITEMS.md`