jester/zlh-grind
1
0
Fork 0
Code Issues 14 Pull Requests Actions Packages Projects Releases Wiki Activity

Record Portal auth UX decisions

Browse Source
This commit is contained in:
jester 2026-04-28 20:28:04 +00:00
parent d151c654ab
commit e205af0537
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Codex/Portal/DECISIONS.md
View File

@ -10,6 +10,9 @@
- confirmed-unused HUD wrapper components and stale legacy CSS should stay removed rather than being reintroduced as dead scaffolding. - confirmed-unused HUD wrapper components and stale legacy CSS should stay removed rather than being reintroduced as dead scaffolding.
- runtime/tooling cleanup is allowed when it preserves user-visible behavior and keeps lint/build green. - runtime/tooling cleanup is allowed when it preserves user-visible behavior and keeps lint/build green.
- Portal should preserve compatibility with API auth and hosted IDE flows even when API token verification is tightened. - Portal should preserve compatibility with API auth and hosted IDE flows even when API token verification is tightened.
- password reset request UX must remain account-enumeration safe: the user-facing success copy is generic and must not show account-not-found state.
- reset-password confirmation must not auto-login; successful reset should direct the user to log in again.
- authenticated profile password changes use `POST /api/auth/change-password` with `{ currentPassword, newPassword }`.
## Tracking rule ## Tracking rule
- when Portal work completes, remove it from `OPEN_ITEMS.md` - when Portal work completes, remove it from `OPEN_ITEMS.md`