From da128f617319986c301f611fcba857663f31f01d Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Tue, 16 Jun 2026 00:19:33 +0000
Subject: [PATCH] docs: changelog + portal-auth Phase 1 notes

---
 CHANGELOG.md          | 8 ++++++++
 docs/CLIENT_PORTAL.md | 6 ++++++
 2 files changed, 14 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5941174..3952840 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -105,6 +105,14 @@ SLMM feed; every route resolves the client through one swappable
 
 ---
 
+### Portal authentication (Phase 1)
+- Each project's client portal is now gated by a **secure per-project link + shared password** (argon2-hashed). Operators manage it from the project page's **Portal access** panel (enable, generate password, copy link).
+- Per-project session isolation (a session for one project can't read another's data); brute-force lockout (5 tries / 15 min) on the password gate.
+- Retired the interim magic-link / `PORTAL_OPEN_LINKS` open links and the `portal_admin.py mint-link` command.
+- **Upgrade:** run `python3 backend/migrate_add_project_portal_auth.py` per DB. Set `COOKIE_SECURE=true` once served over HTTPS.
+
+---
+
 ## [0.13.3] - 2026-06-05
 
 Calibration sync from SFM events.  Closes the manual data-entry loop on calibration dates — Terra-View now pulls `device.calibration_date` from each seismograph's most recent event sidecar once a day and updates `RosterUnit.last_calibrated` when the device reports something fresher than what's stored.  Manual edits still win when they're newer than the latest event; a fresh event arriving later supersedes the manual edit.  Adds a "Sync now" button under Settings → Advanced → Calibration Defaults for on-demand runs, and a `docs/ROADMAP.md` to track in-flight + deferred work.
diff --git a/docs/CLIENT_PORTAL.md b/docs/CLIENT_PORTAL.md
index b654d72..e2698ea 100644
--- a/docs/CLIENT_PORTAL.md
+++ b/docs/CLIENT_PORTAL.md
@@ -2,6 +2,12 @@
 
 **Status:** in development (`feat/client-portal`) · **Targets:** 0.14.x
 
+> **Update (Phase-1 auth landed):** the interim magic-link gate described below is
+> **retired** — client access is now a per-project secure link + shared password
+> (argon2). See the design at `docs/superpowers/specs/2026-06-15-portal-auth-design.md`
+> and the build plan at `docs/superpowers/plans/2026-06-15-portal-auth.md`. The
+> operator manages access from each project's **Portal access** panel.
+
 A client-facing, **read-only**, **scoped** view into a client's own monitoring
 data. The first internet-facing-with-real-clients surface in the system. Built
 *inside* the Terra-View app (new `/portal/*` namespace), reusing the cached SLMM