Round-1 fixes from the headless UI review:
Backend
- scenarios PATCH now allows config_json/name/description on cartesian
scenarios (so users can pin flex_rules + notes that recompute will
preserve). Core fields (jurisdiction/strategy/etc.) still blocked
because they're rebuilt on recompute. Existing test updated.
Frontend
- Sidebar Plans switcher: drop the kind=user filter so the switcher
surfaces all 120 cartesian scenarios that ship out of the box.
- Settings → Milestones now reachable at both /settings (index) and
/settings/milestones (explicit) — the agent navigated to the latter
and got a blank page.
- EventGantt background click capture: explicit pointerEvents="all" +
fillOpacity=0 so click-to-add reliably fires on empty regions
between bars.
- Plan tab stat badges moved out of the chart card into a dedicated
row above the fan — previously they overlapped the chart's title,
legend caption ("p10/p50/p..."), and right-side withdrawal axis.
- Stub tabs (Tax Analytics / Compare / Reports / Estate) and stub
Settings sub-pages (Dividends / Bonds / Tax / Metrics / Other) get
a "soon" badge + slate-300 styling so they're clearly placeholders.
- New "Portfolio depleted at this year" pill renders in the badge
row when the scrubbed year's NW is 0 — previously the badges
silently went to £0 with no UI cue.
- Test life-event from the smoke run cleaned up from prod DB.
246 pytest pass; mypy/ruff clean; frontend typecheck/test/build green.
The SPA can't carry a Bearer header — there's no client-side mechanism
to obtain the RECOMPUTE_BEARER_TOKEN, and the value can't safely be
embedded in the JS bundle. Result: every POST/PATCH/DELETE on
scenarios/life-events/goals + every /simulate + /compare returned 401
in prod, breaking the SPA end-to-end.
Strip require_bearer from the routers. Authentik forward-auth on the
SPA path (/) is now the security boundary; /api/* is open at both
ingress + app level. Single-tenant personal tool — the data is
the user's own anonymous numeric projections.
Kept on /recompute (heavy admin batch in app.py) since that's an
operator action, not a user one.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Adds the read+write endpoints the frontend needs to drive a
ProjectionLab-style UX on top of the existing engine.
- /networth, /networth/history — NW total + per-account from
account_snapshot (frontend chart)
- /scenarios CRUD + projection — list/get/create/patch/delete user
scenarios; cartesian read-only
- /scenarios/{id}/life-events — life event CRUD nested under scenario
- /life-events/{id} — patch + delete by id
- /scenarios/{id}/goals,
/goals/{id} — retirement goal CRUD
- /simulate, /compare — sync, no-DB-write what-if endpoints
Auth: Bearer-token dependency on writes + simulate when API_BEARER_TOKEN
is set; reads always open (lock down via Authentik-fronted ingress in
prod). Existing /recompute keeps its bearer auth.
CORS middleware reads FRONTEND_ORIGINS (comma-separated) for the dev
SPA. Lifespan now provisions the SQLAlchemy engine + session_factory
on app.state and disposes them on shutdown.
40 new tests covering happy paths and validation. 172 tests total.
mypy strict + ruff clean (B008 ignore added — Depends() in defaults
is the canonical FastAPI pattern, not a bug).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
