Atlas Plan
Plans011 2026 02 22 Workers Deployment and Simple Auth

Completed

  • T-001: Create @services/api scaffold
  • T-002: Register api networking and domains
  • T-003: Align dashboard Worker deployment config
  • T-004: Implement shared simple-auth session utilities
  • T-005: Add API login/logout/session endpoints
  • T-006: Implement API read endpoints for dashboard views
  • T-007: Switch dashboard loaders to API calls
  • T-008: Add dashboard login UI and route guards
  • T-009: Harden dashboard/API auth behavior
  • T-010: Create slides serving Worker
  • T-011: Configure slides Worker + R2 bindings
  • T-012: Add artifact publish/upload command
  • T-013: Enforce safe subpath routing rules
  • T-014: Create monorepo CI workflow
  • T-015: Create plan deploy workflow
  • T-016: Create dashboard/api deploy workflow
  • T-017: Create slides deploy workflow
  • T-018: Document GitHub environments and secrets
  • T-019: Update architecture docs for api and auth flow
  • T-020: Update project state and rollout notes
  • T-021: Run end-to-end validation checklist

In Progress

  • None

Blocked

  • None

Pending

  • None

Learnings

  • User decisions are fixed for this plan: Turso-first runtime, R2 buckets (pra-atlas-dev/pra-atlas-prod), manual env deploys, separate plan workflow.
  • Simple auth is requested for phase one and should cover both dashboard and slides.
  • Cloudflare Vite plugin currently conflicts with dashboard DuckDB SSR externalization; Worker deploy config was aligned first and plugin adoption deferred.
  • Dashboard auth hardening (server-function session enforcement) can be implemented independently from the API data migration.
  • Slides delivery auth and safe subpath routing can be shipped before artifact upload automation.
  • API now serves authenticated aggregate + detail dashboard endpoints from Turso/Drizzle.
  • Slides upload flow now supports non-interactive CI inputs for web/pdf/pptx artifact selection.
  • Dashboard aggregate and detail loaders now call API endpoints, closing the T-003 carry-over parity deferral.
  • GitHub deployment governance is now documented with explicit environment, secret, and approval guidance.
  • Architecture and analytics docs now reflect the Worker runtime boundary: dashboard via API/Turso, report generation via DuckDB marts.
  • Monorepo typecheck/test/build gates are currently green; monorepo lint is blocked by pre-existing @core/ai lint findings that are now documented.
  • Dashboard and slides auth/report subpath smoke checks pass in local runtime; custom dev.* domains are not resolvable from this execution host.

Questions

  • When should bootstrap simple auth be replaced by Cloudflare Access/SSO?
  • When should dashboard adopt Cloudflare Vite plugin after DuckDB runtime dependency is removed?

Next

  1. Prepare final review + commit for Plan 011 changeset.

Review

Previous Page

Tasks

Next Page

On this page

Completed
In Progress
Blocked
Pending
Learnings
Questions
Next