From 06fb1f9ea9d9dfccd81784b41d068cac4c32f5a4 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Wed, 27 May 2026 17:25:42 +0000 Subject: [PATCH] broker-sync: update imap-cron comment to reflect default-skip IE (post-incident) --- stacks/broker-sync/main.tf | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/stacks/broker-sync/main.tf b/stacks/broker-sync/main.tf index ad2bf18b..24429f89 100644 --- a/stacks/broker-sync/main.tf +++ b/stacks/broker-sync/main.tf @@ -427,15 +427,20 @@ resource "kubernetes_cron_job_v1" "imap" { name = "BROKER_SYNC_DATA_DIR" value = "/data" } - # IE email parsing IS enabled (2026-05-27). The bearer-token CLI - # path (`broker-sync invest-engine`) is not wired as a CronJob - # — token expires ~monthly, MFA blocks scripted refresh, and - # the `/api/v0.3X/` version probe drifts every 4-6 weeks. Email - # confirmations land on every fill anyway, so we standardise on - # IMAP as the single canonical path for IE (parity with Schwab). - # If the bearer CLI is ever run manually, dedup is at WF level - # (external_id) so a re-run is safe; just expect the IMAP store - # not to know about those rows. + # 2026-05-27 (afternoon, post-incident): IE-via-IMAP is now + # STRUCTURALLY OPT-IN at the code level — broker_sync.providers.imap + # default-excludes `invest-engine`. The earlier "standardise on IMAP + # for IE" comment was inverted after a sibling Claude session ran + # broker-sync imap-ingest at 09:22 UTC without the EXCLUDE env and + # re-imported the 39 IE BUYs/DEPOSITs the previous day's dedup had + # removed. To re-enable IE-via-IMAP, add: + # env { + # name = "BROKER_SYNC_IMAP_INCLUDE_PROVIDERS" + # value = "invest-engine" + # } + # Until that env is set, only Schwab is parsed (the canonical use + # of the IMAP path — Schwab has no public API). + # See post-mortem in beads code-dc1b. env { name = "WF_SESSION_PATH" value = "/data/wealthfolio_session.json"