Browsers were caching the old index.html which still pointed at the
pre-Wave-2 bundle hash. Hashed assets under /assets/ stay cacheable
for a year (immutable), but index.html (and any SPA fallback) must
revalidate every request so a fresh deploy is visible immediately.
events, interactive Visx Gantt + spending-profile chart
Charts are now the primary editor for life events. The Plan-tab body
re-orders to make charts ~80% of viewport real-estate; legacy form
sections are collapsed into a drawer.
Backend:
- alembic 0004: life_event.category enum (essential / discretionary /
not_spending). Defaults to essential so existing rows keep their
full spending impact.
- Simulator gains discretionary_outflows + flex_rules params. Tracks
per-path running ATH, applies the deepest applicable cut to
discretionary outflows when portfolio drops vs ATH (PLab-style flex
spending). Cut amount stays in the portfolio (refund pattern).
- New flex_spending module with FlexRule + applicable_cut +
cuts_per_year (vectorised). Sortable rules; "deepest cut wins" so
users specify cumulative cuts at each tier.
- New /scenarios/{id}/spending-profile endpoint returning per-year
base / essential / discretionary / flex_cut / total breakdown.
- SimulateRequest gains flex_rules + life_event.category roundtrip.
- 8 new tests; 246 total pytest pass; mypy + ruff clean.
Frontend (Visx + ECharts):
- Installed @visx/{scale,shape,group,axis,event,responsive,tooltip}
for native SVG drag interactions.
- New <SpendingProfileChart> — Visx stacked-area of base/essential/
discretionary with red flex-cut overlay, hover tooltip, click-to-
scrub-year.
- New <EventGantt> — interactive Visx Gantt:
* Click empty space → popover create at that year (default
essential spending event)
* Click a bar → inline edit popover (name, kind, range, £/y,
category) with delete button
* Drag bar middle → moves the whole event (year-resolution snap)
* Drag bar edges → resizes year_start / year_end
* All gestures persist via PATCH /life-events/{id}
- New <FlexRulesEditor> — list of {from_ath_pct, cut} tiers, save-on-
change to scenario.config_json.flex_rules.
- Plan-tab redesign: NW fan dominant top with floating stat badges
(Year/Age/NW/Δ NW/Spending/Eff. tax) over the chart; spending-
profile chart middle; Gantt bottom; flex-rules editor; legacy form
sections in a collapsed <details> drawer.
- Frontend typecheck + 7 vitest tests + production build all clean.
Adds a thin read-only client for the actualbudget HTTP API
(`fire_planner/actualbudget.py`) and a `GET /spending/annual` endpoint
that returns trailing-N-month spending broken out by category group.
Default exclusions ("Investments and Savings", "Budget Reset") strip
out wealth transfers so the headline number reflects actual
consumption — for Viktor's data, ~£41k/yr instead of the raw £210k
total. Caller can pass `?exclude=...` to override.
Frontend uses the headline `total_gbp` to autofill the Annual spending
input (same pattern as nw_seed from networth), with a small
provenance line below the input showing the window + which groups
were excluded.
Auth: 3 new env vars (ACTUALBUDGET_API_URL/KEY/SYNC_ID) sourced from
Vault `secret/fire-planner` via the existing ExternalSecret —
infra/stacks/fire-planner applied separately. Backend silently keeps
the hardcoded default if the upstream is unreachable.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
StaticFiles is a Starlette primitive — its 404 raises
starlette.exceptions.HTTPException, NOT fastapi.HTTPException
(which subclasses Starlette's). My initial except clause caught the
subclass and let the base class propagate, so /scenarios still 404'd.
Switch to except StarletteHTTPException so both the parent and any
FastAPI subclass are caught. Verified end-to-end via chrome-service
in the next deploy.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
StaticFiles(html=True) only serves index.html for directory paths,
which 404s on /scenarios, /what-if, /scenarios/123 — anything React
Router owns. Subclass StaticFiles to catch the 404 from get_response
and return index.html so the SPA can take over routing client-side.
API routes still match first (under /api/* in prod), so no risk of
shadowing.
Found via headless verification through chrome-service: dashboard
loaded 200 + nav rendered, but /scenarios + /what-if returned 404.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Three-stage build:
1. node:22-alpine — `npm ci` + `npm run build` produces frontend/dist
2. python:3.12-slim — poetry installs backend deps into a venv
3. python:3.12-slim — runtime, copies the venv + frontend/dist,
sets FRONTEND_DIST=/app/frontend_dist
Backend gates the API surface on FRONTEND_DIST:
- Unset (dev / tests): routers mount at root (/networth, /scenarios,
…). 172 tests still pass unchanged. The Vite dev server proxies
`/api/*` → backend stripping the prefix.
- Set (prod): routers mount under `/api/*`. The SPA bundle mounts at
`/` with html=True so React Router owns client routing for paths
like `/scenarios`, `/what-if`. Same-origin, no CORS, one deploy.
Operational endpoints (`/healthz`, `/metrics`, `/recompute`) stay at
root in both shapes.
Existing Woodpecker pipeline picks this up unchanged — same context,
same Dockerfile path, just produces a richer image.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Adds the read+write endpoints the frontend needs to drive a
ProjectionLab-style UX on top of the existing engine.
- /networth, /networth/history — NW total + per-account from
account_snapshot (frontend chart)
- /scenarios CRUD + projection — list/get/create/patch/delete user
scenarios; cartesian read-only
- /scenarios/{id}/life-events — life event CRUD nested under scenario
- /life-events/{id} — patch + delete by id
- /scenarios/{id}/goals,
/goals/{id} — retirement goal CRUD
- /simulate, /compare — sync, no-DB-write what-if endpoints
Auth: Bearer-token dependency on writes + simulate when API_BEARER_TOKEN
is set; reads always open (lock down via Authentik-fronted ingress in
prod). Existing /recompute keeps its bearer auth.
CORS middleware reads FRONTEND_ORIGINS (comma-separated) for the dev
SPA. Lifespan now provisions the SQLAlchemy engine + session_factory
on app.state and disposes them on shutdown.
40 new tests covering happy paths and validation. 172 tests total.
mypy strict + ruff clean (B008 ignore added — Depends() in defaults
is the canonical FastAPI pattern, not a bug).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
