From a64c9ced65a4d34fbfe102847d5b89eff6d25cfa Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Wed, 10 Jun 2026 21:29:14 +0000
Subject: [PATCH 01/27] =?UTF-8?q?docs:=20client=20portal=20design=20+=20mi?=
 =?UTF-8?q?lestone=20plan=20(M1=20live=20view=20=E2=86=92=20M4=20full=20au?=
 =?UTF-8?q?th)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Read-only, client-scoped portal inside Terra-View (/portal/*), reusing cached
SLMM reads. Data chain Client -> Project.client_id -> MonitoringLocation ->
active UnitAssignment -> unit_id -> SLMM cache. Auth is a swappable
get_current_client gate; M1-M3 ride an interim signed "magic URL", M4 replaces
the backing. Milestones: M1 live view, M2 dashboard+alerts, M3 reports, M4 auth.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 docs/CLIENT_PORTAL.md | 142 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 142 insertions(+)
 create mode 100644 docs/CLIENT_PORTAL.md

diff --git a/docs/CLIENT_PORTAL.md b/docs/CLIENT_PORTAL.md
new file mode 100644
index 0000000..b74a94d
--- /dev/null
+++ b/docs/CLIENT_PORTAL.md
@@ -0,0 +1,142 @@
+# Client Portal — Design & Build Plan
+
+**Status:** in development (`feat/client-portal`) · **Targets:** 0.14.x
+
+A client-facing, **read-only**, **scoped** view into a client's own monitoring
+data. The first internet-facing-with-real-clients surface in the system. Built
+*inside* the Terra-View app (new `/portal/*` namespace), reusing the cached SLMM
+reads and Terra-View's report generation — Terra-View stays the UI/business layer;
+SLMM stays the device layer.
+
+## Principles
+
+1. **Read-only.** No device control (start/stop/config), no roster editing, no
+   internal pages. A client can look, never touch.
+2. **Strictly scoped.** A client only ever sees data for *their* projects. Every
+   portal endpoint verifies ownership server-side — never trust a `unit_id` /
+   `location_id` from the request.
+3. **Cache-first, no device contention.** Portal live data comes from SLMM's
+   cache (the same cached `/status` + `/history` the internal dashboard uses).
+   No device-hitting calls from the portal — a client can't make us hammer the
+   NL-43. Freshness depends on **keepalive being on** for the client's units.
+4. **Auth is a swappable gate.** Every route depends on one resolver,
+   `get_current_client()`. M1–M3 ride on an interim signed "magic URL"; M4
+   replaces the resolver's backing without touching routes or templates.
+
+## The data chain (how a client maps to live data)
+
+```
+Client.id
+  └─ Project (client_id == Client.id, status != deleted)
+       └─ MonitoringLocation (project_id, location_type == "sound", removed_at IS NULL)
+            └─ UnitAssignment (location_id, status == "active", device_type == "slm",
+                               assigned_until IS NULL or future)
+                 └─ unit_id  ==  RosterUnit.id  ==  SLMM unit_id
+                      └─ SLMM cached /status + /history   (read-only)
+```
+
+So the portal shows a client their **locations**, each surfacing the live sound
+level from whatever SLM is currently assigned there.
+
+## Data model (new)
+
+```python
+class Client(Base):                       # the customer org
+    id, name, slug (unique, URL-safe), contact_email (nullable, for M4),
+    active (bool), created_at
+
+class ClientAccessToken(Base):            # the interim "magic URL" gate
+    id, client_id, token_hash (sha256 — raw shown once on creation),
+    label, created_at, last_used_at, revoked_at (nullable)
+```
+
+Plus a migration adding **`Project.client_id`** (nullable FK → `clients.id`).
+The existing free-text `Project.client_name` stays for display/back-compat;
+`client_id` is the authoritative link.
+
+## Auth — the swappable gate
+
+```python
+def get_current_client(request, db) -> Client:   # every /portal route depends on this
+    # M1–M3: read signed `portal_client` cookie -> load Client
+    # M4: same signature, backed by real sessions (magic-link / password)
+```
+
+**Interim "magic URL" flow (M1–M3):**
+- Operator creates a `Client` + an access token → gets a one-time-display URL:
+  `https://…/portal/enter/{token}`.
+- Client clicks it → token is hashed, looked up (must be un-revoked) →
+  sets a **signed session cookie** (`portal_client`, HMAC via a new `SECRET_KEY`
+  env) → redirects to `/portal`. `last_used_at` updated.
+- `get_current_client` reads + verifies the cookie thereafter. No valid cookie →
+  "link invalid / expired" page.
+- Revoke = set `revoked_at`; the link (and any cookie minted from it) stops working.
+
+Unguessable + revocable + per-person, no email infra or passwords yet — and M4
+slots in behind the same `get_current_client` with zero route/template churn.
+
+## Routes (`/portal/*`)
+
+| Route | Purpose |
+|-------|---------|
+| `GET /portal/enter/{token}` | validate token → set cookie → redirect to `/portal` |
+| `GET /portal` | client's locations overview (status tiles + map) |
+| `GET /portal/location/{id}` | read-only live panel for that location's SLM |
+| `GET /portal/api/location/{id}/live` | **scoped** cached `/status` for the location's unit |
+| `GET /portal/api/location/{id}/history` | **scoped** cached trail for the chart |
+| `GET /portal/logout` | clear cookie |
+
+**Scoping helper** (used by every data route):
+`resolve_client_location(client, location_id, db) -> (location, unit_id)` — raises
+403 if the location isn't in one of the client's projects. The portal never calls
+the open `/api/slmm/{unit}/*` endpoints with a client-supplied id.
+
+## Templates (`templates/portal/`)
+
+- `portal/base.html` — minimal client-branded shell (no internal sidebar/nav).
+- `portal/overview.html` — location tiles (live cards mini) + a locations map.
+- `portal/location.html` — the read-only live panel: cards (Lp/Leq/Lmax/L1/L10),
+  L1/L10 chart, measuring + freshness badge. Reuses the cache-populate JS from the
+  internal panel, **stripped** of start/stop, config, and the device-hitting
+  refresh (cache + 15s auto-poll only).
+
+---
+
+## Milestones
+
+### M1 — Live view only  *(current)*
+Interim magic-URL gate; a client sees their locations and per-location read-only
+live data, all from cache.
+- [ ] `Client` + `ClientAccessToken` models; `Project.client_id` migration.
+- [ ] `SECRET_KEY` env + signed-cookie session helper.
+- [ ] `get_current_client` dependency + `/portal/enter/{token}` + logout.
+- [ ] Scoping helper `resolve_client_location`.
+- [ ] `/portal` overview + `/portal/location/{id}` (read-only live panel).
+- [ ] Scoped `/portal/api/location/{id}/live` + `/history`.
+- [ ] Portal templates (base, overview, location).
+- [ ] Minimal admin: create client + mint/revoke access link (small `/admin`
+      page or a script for now).
+
+### M2 — Dashboard + alerts
+- Richer client dashboard (multi-location at-a-glance, map, status rollup).
+- Surface each location's **threshold-alert status** (read-only) + an event/inbox
+  view. Leans on the SLMM alert engine + dispatch.
+
+### M3 — Reports
+- Client-facing list + download of the daily baseline-comparison reports.
+- Depends on the FTP report pipeline (`feat/ftp-report-pipeline`) landing and
+  being wired into the portal's scoped routes.
+
+### M4 — Full auth system
+- Replace the interim token behind `get_current_client` with a real auth design:
+  magic-link (passwordless email) and/or accounts, proper sessions, password
+  reset, and likely auth for the *internal* app too. Reverse-proxy + TLS posture.
+
+## Security notes
+
+- Portal is auth-gated from day one (even the interim gate) — never wide-open like
+  the internal app.
+- All scoping enforced server-side; client-supplied ids are always re-checked.
+- `SECRET_KEY` must be a real secret in prod (env, not committed).
+- Cookies: `HttpOnly`, `SameSite=Lax`, `Secure` once behind TLS.
+- Tokens stored hashed; raw shown once. Revocation is immediate.
-- 
2.52.0


From 80a8470b5504532532064f9273d1e4e84fdbc77f Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Wed, 10 Jun 2026 21:32:09 +0000
Subject: [PATCH 02/27] =?UTF-8?q?feat(portal):=20M1=20data=20model=20?=
 =?UTF-8?q?=E2=80=94=20Client,=20ClientAccessToken,=20Project.client=5Fid?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Client (customer org), ClientAccessToken (interim hashed magic-URL gate), and an
authoritative Project.client_id FK (client_name kept for display). New tables
auto-create via create_all; migrate_add_client_portal.py adds projects.client_id.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 backend/migrate_add_client_portal.py | 56 ++++++++++++++++++++++++++++
 backend/models.py                    | 35 +++++++++++++++++
 2 files changed, 91 insertions(+)
 create mode 100644 backend/migrate_add_client_portal.py

diff --git a/backend/migrate_add_client_portal.py b/backend/migrate_add_client_portal.py
new file mode 100644
index 0000000..bc66f72
--- /dev/null
+++ b/backend/migrate_add_client_portal.py
@@ -0,0 +1,56 @@
+#!/usr/bin/env python3
+"""
+Database migration: Client Portal (M1).
+
+Adds the authoritative client link to projects:
+  - projects.client_id  (TEXT, nullable)  -> clients.id
+
+The `clients` and `client_access_tokens` tables are created automatically by
+SQLAlchemy `create_all` at app startup (they're brand-new tables), so this
+migration only handles the column that create_all won't add to an existing
+`projects` table.
+
+Run once per database:
+    docker exec terra-view-terra-view-1 python3 backend/migrate_add_client_portal.py
+"""
+
+import sqlite3
+from pathlib import Path
+
+
+def migrate():
+    possible_paths = [
+        Path("data/seismo_fleet.db"),
+        Path("data/sfm.db"),
+        Path("data/seismo.db"),
+    ]
+    db_path = next((p for p in possible_paths if p.exists()), None)
+    if db_path is None:
+        print(f"Database not found in any of: {[str(p) for p in possible_paths]}")
+        print("A fresh DB created via models.py will include projects.client_id automatically.")
+        return
+
+    print(f"Using database: {db_path}")
+    conn = sqlite3.connect(db_path)
+    cursor = conn.cursor()
+
+    cursor.execute("PRAGMA table_info(projects)")
+    existing = {row[1] for row in cursor.fetchall()}
+
+    if "client_id" not in existing:
+        try:
+            cursor.execute("ALTER TABLE projects ADD COLUMN client_id TEXT")
+            print("✓ Added column: projects.client_id (TEXT)")
+        except sqlite3.OperationalError as e:
+            print(f"✗ Failed to add projects.client_id: {e}")
+    else:
+        print("○ Column already exists: projects.client_id")
+
+    conn.commit()
+    conn.close()
+    print("\n✓ Client-portal migration complete.")
+    print("  Note: `clients` + `client_access_tokens` tables auto-create on app startup.")
+
+
+if __name__ == "__main__":
+    migrate()
diff --git a/backend/models.py b/backend/models.py
index aae3039..8c5d5e9 100644
--- a/backend/models.py
+++ b/backend/models.py
@@ -192,6 +192,7 @@ class Project(Base):
 
     # Project metadata
     client_name = Column(String, nullable=True, index=True)  # Client name (e.g., "PJ Dick")
+    client_id = Column(String, nullable=True, index=True)    # FK -> clients.id; authoritative portal link (client_name kept for display)
     site_address = Column(String, nullable=True)
     site_coordinates = Column(String, nullable=True)  # "lat,lon"
     start_date = Column(Date, nullable=True)
@@ -704,3 +705,37 @@ class PendingDeployment(Base):
 
     created_at = Column(DateTime, default=datetime.utcnow)
     updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+
+# ============================================================================
+# CLIENT PORTAL — read-only, scoped client access (see docs/CLIENT_PORTAL.md)
+# ============================================================================
+
+class Client(Base):
+    """A portal client (customer org). Owns one or more Projects via
+    Project.client_id; their portal surfaces only those projects' locations.
+    Read-only — clients never control devices."""
+    __tablename__ = "clients"
+
+    id = Column(String, primary_key=True, index=True)        # UUID
+    name = Column(String, nullable=False)                    # display name, e.g. "PJ Dick"
+    slug = Column(String, nullable=False, unique=True, index=True)  # URL-safe handle
+    contact_email = Column(String, nullable=True)            # for M4 magic-link
+    active = Column(Boolean, default=True)                   # False = portal access off
+    created_at = Column(DateTime, default=datetime.utcnow)
+
+
+class ClientAccessToken(Base):
+    """Interim 'magic URL' gate (M1-M3). The raw secret lives in the link and is
+    shown once on creation; only its sha256 is stored here. Revoke by setting
+    revoked_at. In M4 this is replaced behind get_current_client() without
+    touching routes/templates."""
+    __tablename__ = "client_access_tokens"
+
+    id = Column(String, primary_key=True, index=True)        # UUID
+    client_id = Column(String, nullable=False, index=True)   # FK -> clients.id
+    token_hash = Column(String, nullable=False, index=True)  # sha256 hex of the secret
+    label = Column(String, nullable=True)                    # e.g. "Dave's link"
+    created_at = Column(DateTime, default=datetime.utcnow)
+    last_used_at = Column(DateTime, nullable=True)
+    revoked_at = Column(DateTime, nullable=True)             # set = link no longer works
-- 
2.52.0


From 6c048a9c30cd307b28602236620e8536b52c3464 Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Wed, 10 Jun 2026 21:36:09 +0000
Subject: [PATCH 03/27] =?UTF-8?q?feat(portal):=20M1=20auth=20gate=20?=
 =?UTF-8?q?=E2=80=94=20signed=20magic-URL=20session=20+=20get=5Fcurrent=5F?=
 =?UTF-8?q?client?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

backend/portal_auth.py: stdlib HMAC-signed session cookie carrying the access-
token id (re-validated against the DB each request, so revoke kills live
sessions), hash_token, resolve_token, and the get_current_client dependency
(raises PortalAuthError). SECRET_KEY env (insecure dev default + warning).

routers/portal.py: /portal/enter/{token} mints the cookie -> /portal; /logout;
/access; /portal home stub. main.py registers the router + a PortalAuthError
handler (HTML access page for pages, 401 JSON for /portal/api/*).

Portal shell templates (base, access_required, overview stub), branded dark.

Verified: cookie round-trip + tamper/garbage rejection, token resolution
(valid/bad), get_current_client (valid/no-cookie/revoked) — 8/8 against a temp DB.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 backend/main.py                       |  19 +++++
 backend/portal_auth.py                | 114 ++++++++++++++++++++++++++
 backend/routers/portal.py             |  67 +++++++++++++++
 templates/portal/access_required.html |  20 +++++
 templates/portal/base.html            |  44 ++++++++++
 templates/portal/overview.html        |  22 +++++
 6 files changed, 286 insertions(+)
 create mode 100644 backend/portal_auth.py
 create mode 100644 backend/routers/portal.py
 create mode 100644 templates/portal/access_required.html
 create mode 100644 templates/portal/base.html
 create mode 100644 templates/portal/overview.html

diff --git a/backend/main.py b/backend/main.py
index 54792ad..2f025fd 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -66,6 +66,21 @@ app.mount("/static", StaticFiles(directory="backend/static"), name="static")
 # Use shared templates configuration with timezone filters
 from backend.templates_config import templates
 
+# Client-portal auth: an unauthenticated portal request renders the access page
+# (HTML routes) or returns 401 JSON (/portal/api/* routes). Centralized so every
+# portal route can simply Depends(get_current_client).
+from backend.portal_auth import PortalAuthError
+
+@app.exception_handler(PortalAuthError)
+async def portal_auth_handler(request: Request, exc: PortalAuthError):
+    if request.url.path.startswith("/portal/api"):
+        return JSONResponse(status_code=401, content={"detail": "Not authenticated"})
+    return templates.TemplateResponse(
+        "portal/access_required.html",
+        {"request": request, "reason": "required"},
+        status_code=401,
+    )
+
 # Add custom context processor to inject environment variable into all templates
 @app.middleware("http")
 async def add_environment_to_context(request: Request, call_next):
@@ -97,6 +112,10 @@ app.include_router(slmm.router)
 app.include_router(slm_ui.router)
 app.include_router(slm_dashboard.router)
 app.include_router(seismo_dashboard.router)
+
+# Client portal (read-only, scoped client view) — see docs/CLIENT_PORTAL.md
+from backend.routers import portal
+app.include_router(portal.router)
 app.include_router(sfm.router)
 app.include_router(modem_dashboard.router)
 
diff --git a/backend/portal_auth.py b/backend/portal_auth.py
new file mode 100644
index 0000000..02933b0
--- /dev/null
+++ b/backend/portal_auth.py
@@ -0,0 +1,114 @@
+"""
+Client-portal auth — the swappable gate (see docs/CLIENT_PORTAL.md).
+
+M1-M3 ride on an interim signed "magic URL": an unguessable token in the link
+mints a signed session cookie.  Every portal route depends on get_current_client();
+M4 replaces the backing (magic-link / accounts) without touching routes/templates.
+
+The cookie carries the ACCESS-TOKEN id (not the client id) and is re-validated
+against the DB on every request, so revoking a link (revoked_at) kills its live
+sessions on the next request — not just future clicks.
+
+No new dependency: the cookie is signed with stdlib HMAC-SHA256 over a SECRET_KEY.
+"""
+
+import os
+import hmac
+import json
+import time
+import base64
+import hashlib
+import logging
+from datetime import datetime
+
+from fastapi import Request, Depends
+from sqlalchemy.orm import Session
+
+from backend.database import get_db
+from backend.models import Client, ClientAccessToken
+
+logger = logging.getLogger(__name__)
+
+# Signing secret for portal session cookies. MUST be set to a real secret in prod
+# (env). The insecure default only exists so dev/test boots without config.
+SECRET_KEY = os.getenv("SECRET_KEY", "dev-insecure-change-me")
+if SECRET_KEY == "dev-insecure-change-me":
+    logger.warning("[PORTAL] SECRET_KEY is the insecure default — set SECRET_KEY in prod.")
+
+COOKIE_NAME = "portal_session"
+COOKIE_MAX_AGE = 60 * 60 * 24 * 30  # 30 days
+
+
+class PortalAuthError(Exception):
+    """Raised by get_current_client when there's no valid portal session.
+    Handled centrally in main.py: HTML routes get the access-required page,
+    /portal/api/* routes get a 401 JSON."""
+
+
+# -- token + cookie primitives ----------------------------------------------
+
+def hash_token(raw: str) -> str:
+    """sha256 hex of a raw access-token secret (what we store + look up by)."""
+    return hashlib.sha256(raw.encode()).hexdigest()
+
+
+def _sign(body: str) -> str:
+    return hmac.new(SECRET_KEY.encode(), body.encode(), hashlib.sha256).hexdigest()
+
+
+def make_session_cookie(token_id: str) -> str:
+    body = base64.urlsafe_b64encode(
+        json.dumps({"tid": token_id, "iat": int(time.time())}).encode()
+    ).decode()
+    return f"{body}.{_sign(body)}"
+
+
+def _read_session_cookie(value: str):
+    """Return the token id from a signed cookie, or None if missing/tampered."""
+    try:
+        body, sig = value.rsplit(".", 1)
+    except (ValueError, AttributeError):
+        return None
+    if not hmac.compare_digest(sig, _sign(body)):
+        return None
+    try:
+        data = json.loads(base64.urlsafe_b64decode(body.encode()))
+    except Exception:
+        return None
+    return data.get("tid")
+
+
+# -- the dependency every portal route uses ---------------------------------
+
+def get_current_client(request: Request, db: Session = Depends(get_db)) -> Client:
+    """Resolve the authenticated client, or raise PortalAuthError.
+
+    Re-validates the access token on every request so a revoked link / disabled
+    client drops the session immediately."""
+    cookie = request.cookies.get(COOKIE_NAME)
+    token_id = _read_session_cookie(cookie) if cookie else None
+    if not token_id:
+        raise PortalAuthError()
+    tok = db.query(ClientAccessToken).filter_by(id=token_id, revoked_at=None).first()
+    if not tok:
+        raise PortalAuthError()
+    client = db.query(Client).filter_by(id=tok.client_id, active=True).first()
+    if not client:
+        raise PortalAuthError()
+    return client
+
+
+def resolve_token(raw_token: str, db: Session):
+    """Validate a raw magic-URL token. Returns (ClientAccessToken, Client) on
+    success, or (None, None). Also stamps last_used_at."""
+    tok = db.query(ClientAccessToken).filter_by(
+        token_hash=hash_token(raw_token), revoked_at=None
+    ).first()
+    if not tok:
+        return None, None
+    client = db.query(Client).filter_by(id=tok.client_id, active=True).first()
+    if not client:
+        return None, None
+    tok.last_used_at = datetime.utcnow()
+    db.commit()
+    return tok, client
diff --git a/backend/routers/portal.py b/backend/routers/portal.py
new file mode 100644
index 0000000..bc96006
--- /dev/null
+++ b/backend/routers/portal.py
@@ -0,0 +1,67 @@
+"""
+Client portal — read-only, scoped client view (see docs/CLIENT_PORTAL.md).
+
+M1: a client opens a magic URL (/portal/enter/{token}) which mints a signed
+session cookie, then sees their locations (overview) and per-location read-only
+live data sourced from SLMM's cache. Every data route re-checks ownership.
+"""
+
+import logging
+
+from fastapi import APIRouter, Request, Depends
+from fastapi.responses import RedirectResponse
+from sqlalchemy.orm import Session
+
+from backend.database import get_db
+from backend.models import Client
+from backend.templates_config import templates
+from backend.portal_auth import (
+    get_current_client, make_session_cookie, resolve_token,
+    COOKIE_NAME, COOKIE_MAX_AGE,
+)
+
+logger = logging.getLogger(__name__)
+router = APIRouter(prefix="/portal", tags=["portal"])
+
+
+@router.get("/enter/{token}")
+def portal_enter(token: str, request: Request, db: Session = Depends(get_db)):
+    """Magic-URL entry: validate the token, mint a session cookie, land on /portal."""
+    tok, client = resolve_token(token, db)
+    if not client:
+        return templates.TemplateResponse(
+            "portal/access_required.html",
+            {"request": request, "reason": "invalid"},
+            status_code=403,
+        )
+    resp = RedirectResponse(url="/portal", status_code=303)
+    resp.set_cookie(
+        COOKIE_NAME, make_session_cookie(tok.id),
+        max_age=COOKIE_MAX_AGE, httponly=True, samesite="lax",
+    )
+    logger.info(f"[PORTAL] {client.slug}: session opened via token {tok.id[:8]}")
+    return resp
+
+
+@router.get("/logout")
+def portal_logout():
+    resp = RedirectResponse(url="/portal/access", status_code=303)
+    resp.delete_cookie(COOKIE_NAME)
+    return resp
+
+
+@router.get("/access")
+def portal_access(request: Request):
+    """Landing for an unauthenticated visitor (no valid link)."""
+    return templates.TemplateResponse(
+        "portal/access_required.html", {"request": request, "reason": "required"}
+    )
+
+
+@router.get("")
+def portal_home(request: Request, client: Client = Depends(get_current_client)):
+    """Client overview. (M1 task 4 fills in the scoped location list + map.)"""
+    return templates.TemplateResponse(
+        "portal/overview.html",
+        {"request": request, "client": client, "locations": []},
+    )
diff --git a/templates/portal/access_required.html b/templates/portal/access_required.html
new file mode 100644
index 0000000..b6d7423
--- /dev/null
+++ b/templates/portal/access_required.html
@@ -0,0 +1,20 @@
+{% extends "portal/base.html" %}
+{% block title %}Access{% endblock %}
+{% block content %}
+<div class="max-w-md mx-auto mt-16 text-center">
+    <div class="inline-flex items-center justify-center w-14 h-14 rounded-full bg-slate-800 border border-slate-700 mb-5">
+        <svg class="w-7 h-7 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5"
+                  d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z"></path>
+        </svg>
+    </div>
+    {% if reason == "invalid" %}
+        <h1 class="text-xl font-semibold mb-2">This link isn't valid</h1>
+        <p class="text-gray-400 text-sm">The access link is expired or has been revoked.
+            Please contact TMI for a new link.</p>
+    {% else %}
+        <h1 class="text-xl font-semibold mb-2">Access link required</h1>
+        <p class="text-gray-400 text-sm">Open the monitoring link TMI sent you to view your locations.</p>
+    {% endif %}
+</div>
+{% endblock %}
diff --git a/templates/portal/base.html b/templates/portal/base.html
new file mode 100644
index 0000000..25daa37
--- /dev/null
+++ b/templates/portal/base.html
@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html lang="en" class="h-full dark">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>{% block title %}Monitoring{% endblock %} · TMI</title>
+
+    <script src="https://cdn.tailwindcss.com"></script>
+    <script>
+        tailwind.config = {
+            darkMode: 'class',
+            theme: { extend: { colors: { seismo: {
+                orange: '#f48b1c', navy: '#142a66', burgundy: '#7d234d'
+            } } } }
+        }
+    </script>
+    <link rel="icon" type="image/png" sizes="32x32" href="/static/icons/favicon-32.png">
+    <meta name="theme-color" content="#142a66">
+    {% block head %}{% endblock %}
+</head>
+<body class="h-full bg-slate-900 text-gray-100 antialiased">
+    <header class="border-b border-slate-700/70 bg-slate-800/60 backdrop-blur">
+        <div class="max-w-5xl mx-auto px-4 py-3 flex items-center justify-between">
+            <a href="/portal" class="flex items-center gap-2 font-semibold">
+                <span class="inline-block w-2.5 h-2.5 rounded-full bg-seismo-orange"></span>
+                TMI Monitoring{% if client %} <span class="text-gray-500 font-normal">·</span>
+                <span class="text-seismo-orange">{{ client.name }}</span>{% endif %}
+            </a>
+            {% if client %}
+            <a href="/portal/logout" class="text-sm text-gray-400 hover:text-gray-200">Sign out</a>
+            {% endif %}
+        </div>
+    </header>
+
+    <main class="max-w-5xl mx-auto px-4 py-6">
+        {% block content %}{% endblock %}
+    </main>
+
+    <footer class="max-w-5xl mx-auto px-4 py-8 text-xs text-gray-600">
+        Read-only monitoring view. Data is provided as-is for informational purposes.
+    </footer>
+    {% block scripts %}{% endblock %}
+</body>
+</html>
diff --git a/templates/portal/overview.html b/templates/portal/overview.html
new file mode 100644
index 0000000..fefc731
--- /dev/null
+++ b/templates/portal/overview.html
@@ -0,0 +1,22 @@
+{% extends "portal/base.html" %}
+{% block title %}Your locations{% endblock %}
+{% block content %}
+<h1 class="text-2xl font-semibold mb-1">Your monitoring locations</h1>
+<p class="text-gray-400 text-sm mb-6">Live sound levels for your active locations.</p>
+
+{# M1 task 4 fleshes this out into location tiles + a map. #}
+{% if locations %}
+<div class="grid sm:grid-cols-2 lg:grid-cols-3 gap-4">
+    {% for loc in locations %}
+    <a href="/portal/location/{{ loc.id }}" class="block rounded-xl border border-slate-700 bg-slate-800/50 p-4 hover:border-seismo-orange transition-colors">
+        <div class="font-semibold">{{ loc.name }}</div>
+        <div class="text-xs text-gray-400 mt-1">{{ loc.address or loc.project_name }}</div>
+    </a>
+    {% endfor %}
+</div>
+{% else %}
+<div class="rounded-xl border border-slate-700 bg-slate-800/50 p-8 text-center text-gray-400">
+    No active monitoring locations yet.
+</div>
+{% endif %}
+{% endblock %}
-- 
2.52.0


From 9f402100579c948f7d1e4794372aa55daf2a93ae Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Wed, 10 Jun 2026 21:38:16 +0000
Subject: [PATCH 04/27] feat(portal): M1 scoping gate + scoped cache endpoints
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

resolve_client_location() enforces ownership (sound location in one of the
client's active projects) and 404s everything else — same response for missing
and not-yours, so location existence never leaks. active_unit_for_location()
resolves the currently-assigned SLM.

Scoped GET /portal/api/location/{id}/live and /history: gate -> resolve unit ->
read SLMM cache (never the device). /live returns a SCRUBBED projection (sound
metrics + run state only; no battery/SD/raw_payload). Both degrade gracefully
when there's no device or SLMM is down.

Verified: ownership gate (owns / other-client / vibration / deleted-project /
removed / nonexistent) + active-vs-completed unit resolution — 8/8 on a temp DB.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 backend/routers/portal.py | 90 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 88 insertions(+), 2 deletions(-)

diff --git a/backend/routers/portal.py b/backend/routers/portal.py
index bc96006..1cc01c1 100644
--- a/backend/routers/portal.py
+++ b/backend/routers/portal.py
@@ -6,14 +6,18 @@ session cookie, then sees their locations (overview) and per-location read-only
 live data sourced from SLMM's cache. Every data route re-checks ownership.
 """
 
+import os
 import logging
+from datetime import datetime
 
-from fastapi import APIRouter, Request, Depends
+import httpx
+from fastapi import APIRouter, Request, Depends, HTTPException
 from fastapi.responses import RedirectResponse
+from sqlalchemy import or_
 from sqlalchemy.orm import Session
 
 from backend.database import get_db
-from backend.models import Client
+from backend.models import Client, MonitoringLocation, Project, UnitAssignment
 from backend.templates_config import templates
 from backend.portal_auth import (
     get_current_client, make_session_cookie, resolve_token,
@@ -23,6 +27,44 @@ from backend.portal_auth import (
 logger = logging.getLogger(__name__)
 router = APIRouter(prefix="/portal", tags=["portal"])
 
+SLMM_BASE_URL = os.getenv("SLMM_BASE_URL", "http://localhost:8100")
+
+# Whitelist of fields the portal exposes to a client — sound metrics + run state
+# only. Internal device health (battery/power/SD/raw_payload) is NOT disclosed.
+_PORTAL_LIVE_FIELDS = ("measurement_state", "last_seen", "measurement_start_time",
+                       "lp", "leq", "lmax", "lpeak", "ln1", "ln2")
+
+
+# -- scoping (every data route gates through these) --------------------------
+
+def _client_project_ids(client: Client, db: Session) -> list:
+    return [r[0] for r in db.query(Project.id).filter(
+        Project.client_id == client.id, Project.status != "deleted").all()]
+
+
+def resolve_client_location(client: Client, location_id: str, db: Session) -> MonitoringLocation:
+    """Ownership gate: location must be a sound location in one of the client's
+    active projects. Raises 404 (not 403) for both 'missing' and 'not yours' so
+    we never leak whether a location exists."""
+    loc = db.query(MonitoringLocation).filter_by(id=location_id, removed_at=None).first()
+    if (not loc or loc.location_type != "sound"
+            or loc.project_id not in _client_project_ids(client, db)):
+        raise HTTPException(status_code=404, detail="Location not found")
+    return loc
+
+
+def active_unit_for_location(location_id: str, db: Session):
+    """The SLM unit currently assigned to this location, or None."""
+    now = datetime.utcnow()
+    asg = (db.query(UnitAssignment)
+           .filter(UnitAssignment.location_id == location_id,
+                   UnitAssignment.status == "active",
+                   UnitAssignment.device_type == "slm",
+                   or_(UnitAssignment.assigned_until.is_(None),
+                       UnitAssignment.assigned_until > now))
+           .order_by(UnitAssignment.assigned_at.desc()).first())
+    return asg.unit_id if asg else None
+
 
 @router.get("/enter/{token}")
 def portal_enter(token: str, request: Request, db: Session = Depends(get_db)):
@@ -65,3 +107,47 @@ def portal_home(request: Request, client: Client = Depends(get_current_client)):
         "portal/overview.html",
         {"request": request, "client": client, "locations": []},
     )
+
+
+# -- scoped data (cache reads only — never hits the device) ------------------
+
+@router.get("/api/location/{location_id}/live")
+async def portal_location_live(location_id: str,
+                               client: Client = Depends(get_current_client),
+                               db: Session = Depends(get_db)):
+    """Scrubbed cached live reading for a location the client owns."""
+    resolve_client_location(client, location_id, db)
+    unit_id = active_unit_for_location(location_id, db)
+    if not unit_id:
+        return {"status": "ok", "data": None, "reason": "no_device"}
+    try:
+        async with httpx.AsyncClient(timeout=5.0) as hc:
+            r = await hc.get(f"{SLMM_BASE_URL}/api/nl43/{unit_id}/status")
+    except Exception:
+        return {"status": "ok", "data": None, "reason": "unreachable"}
+    if r.status_code != 200:
+        return {"status": "ok", "data": None, "reason": "no_data"}
+    full = (r.json() or {}).get("data", {}) or {}
+    return {"status": "ok", "data": {k: full.get(k) for k in _PORTAL_LIVE_FIELDS}}
+
+
+@router.get("/api/location/{location_id}/history")
+async def portal_location_history(location_id: str, hours: float = 2.0,
+                                  client: Client = Depends(get_current_client),
+                                  db: Session = Depends(get_db)):
+    """Cached chart trail for a location the client owns. (Trail rows are already
+    just timestamp + lp/leq/lmax/ln1/ln2 — safe to pass through.)"""
+    resolve_client_location(client, location_id, db)
+    unit_id = active_unit_for_location(location_id, db)
+    if not unit_id:
+        return {"status": "ok", "readings": []}
+    hours = max(0.1, min(hours, 48.0))
+    try:
+        async with httpx.AsyncClient(timeout=5.0) as hc:
+            r = await hc.get(f"{SLMM_BASE_URL}/api/nl43/{unit_id}/history",
+                             params={"hours": hours})
+    except Exception:
+        return {"status": "ok", "readings": []}
+    if r.status_code != 200:
+        return {"status": "ok", "readings": []}
+    return {"status": "ok", "readings": (r.json() or {}).get("readings", [])}
-- 
2.52.0


From d3e221b6b12fa03dbe7c5d1aa481e50101cb4a44 Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Wed, 10 Jun 2026 21:41:13 +0000
Subject: [PATCH 05/27] =?UTF-8?q?feat(portal):=20M1=20pages=20=E2=80=94=20?=
 =?UTF-8?q?locations=20overview=20+=20read-only=20live=20location=20view?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

/portal overview: client's active sound locations as live tiles (current Lp +
Live/Stopped badge + "updated Xm ago", polled from the scoped cache every 15s)
plus a Leaflet map of locations with coordinates. /portal/location/{id}: 404-gated
read-only live panel — Lp/Leq/Lmax/L1/L10 cards + a 4-line Chart.js trace
(backfilled from /history) + measuring/freshness badge. Cache-only, 15s poll, no
device controls, no refresh-from-device. _client_locations() feeds the overview.

Verified: portal.py compiles; both inline scripts balance; all four portal
templates parse in Jinja2.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 backend/routers/portal.py      |  40 +++++++++-
 templates/portal/location.html | 138 +++++++++++++++++++++++++++++++++
 templates/portal/overview.html |  87 +++++++++++++++++++--
 3 files changed, 257 insertions(+), 8 deletions(-)
 create mode 100644 templates/portal/location.html

diff --git a/backend/routers/portal.py b/backend/routers/portal.py
index 1cc01c1..1382b45 100644
--- a/backend/routers/portal.py
+++ b/backend/routers/portal.py
@@ -66,6 +66,26 @@ def active_unit_for_location(location_id: str, db: Session):
     return asg.unit_id if asg else None
 
 
+def _client_locations(client: Client, db: Session) -> list:
+    """The client's active sound locations (for the overview tiles + map)."""
+    pids = _client_project_ids(client, db)
+    if not pids:
+        return []
+    projs = {p.id: p.name for p in
+             db.query(Project.id, Project.name).filter(Project.id.in_(pids)).all()}
+    locs = (db.query(MonitoringLocation)
+            .filter(MonitoringLocation.project_id.in_(pids),
+                    MonitoringLocation.location_type == "sound",
+                    MonitoringLocation.removed_at.is_(None))
+            .order_by(MonitoringLocation.sort_order, MonitoringLocation.name).all())
+    return [{
+        "id": loc.id, "name": loc.name,
+        "address": loc.address, "coordinates": loc.coordinates,
+        "project_name": projs.get(loc.project_id),
+        "has_device": active_unit_for_location(loc.id, db) is not None,
+    } for loc in locs]
+
+
 @router.get("/enter/{token}")
 def portal_enter(token: str, request: Request, db: Session = Depends(get_db)):
     """Magic-URL entry: validate the token, mint a session cookie, land on /portal."""
@@ -101,14 +121,28 @@ def portal_access(request: Request):
 
 
 @router.get("")
-def portal_home(request: Request, client: Client = Depends(get_current_client)):
-    """Client overview. (M1 task 4 fills in the scoped location list + map.)"""
+def portal_home(request: Request, client: Client = Depends(get_current_client),
+                db: Session = Depends(get_db)):
+    """Client overview — their active sound locations with live tiles + a map."""
     return templates.TemplateResponse(
         "portal/overview.html",
-        {"request": request, "client": client, "locations": []},
+        {"request": request, "client": client,
+         "locations": _client_locations(client, db)},
     )
 
 
+@router.get("/location/{location_id}")
+def portal_location(location_id: str, request: Request,
+                    client: Client = Depends(get_current_client),
+                    db: Session = Depends(get_db)):
+    """Read-only live view for one of the client's locations (404 if not owned)."""
+    loc = resolve_client_location(client, location_id, db)
+    return templates.TemplateResponse("portal/location.html", {
+        "request": request, "client": client, "location": loc,
+        "has_device": active_unit_for_location(location_id, db) is not None,
+    })
+
+
 # -- scoped data (cache reads only — never hits the device) ------------------
 
 @router.get("/api/location/{location_id}/live")
diff --git a/templates/portal/location.html b/templates/portal/location.html
new file mode 100644
index 0000000..4bb107b
--- /dev/null
+++ b/templates/portal/location.html
@@ -0,0 +1,138 @@
+{% extends "portal/base.html" %}
+{% block title %}{{ location.name }}{% endblock %}
+{% block head %}
+<script src="https://cdn.jsdelivr.net/npm/chart.js@4"></script>
+{% endblock %}
+{% block content %}
+<a href="/portal" class="text-sm text-gray-400 hover:text-gray-200">&larr; All locations</a>
+<h1 class="text-2xl font-semibold mt-1">{{ location.name }}</h1>
+<div class="flex items-center gap-2 text-sm mt-1 mb-6">
+    <span id="p-badge" class="hidden px-2 py-0.5 text-xs font-medium rounded-full"></span>
+    <span id="p-fresh" class="text-gray-400"></span>
+</div>
+
+{% if not has_device %}
+<div class="rounded-xl border border-slate-700 bg-slate-800/50 p-8 text-center text-gray-400">
+    No device is currently assigned to this location.
+</div>
+{% else %}
+<div class="grid grid-cols-2 sm:grid-cols-5 gap-3 mb-6">
+    <div class="rounded-lg bg-slate-800/60 border border-slate-700 p-3">
+        <div class="text-xs text-gray-400">Lp (Instant)</div>
+        <div id="p-lp" class="text-2xl font-bold text-blue-400">--</div><div class="text-xs text-gray-500">dB</div>
+    </div>
+    <div class="rounded-lg bg-slate-800/60 border border-slate-700 p-3">
+        <div class="text-xs text-gray-400">Leq (Average)</div>
+        <div id="p-leq" class="text-2xl font-bold text-green-400">--</div><div class="text-xs text-gray-500">dB</div>
+    </div>
+    <div class="rounded-lg bg-slate-800/60 border border-slate-700 p-3">
+        <div class="text-xs text-gray-400">Lmax (Max)</div>
+        <div id="p-lmax" class="text-2xl font-bold text-red-400">--</div><div class="text-xs text-gray-500">dB</div>
+    </div>
+    <div class="rounded-lg bg-slate-800/60 border border-slate-700 p-3">
+        <div class="text-xs text-gray-400">L1</div>
+        <div id="p-ln1" class="text-2xl font-bold text-purple-400">--</div><div class="text-xs text-gray-500">dB</div>
+    </div>
+    <div class="rounded-lg bg-slate-800/60 border border-slate-700 p-3">
+        <div class="text-xs text-gray-400">L10</div>
+        <div id="p-ln2" class="text-2xl font-bold text-orange-400">--</div><div class="text-xs text-gray-500">dB</div>
+    </div>
+</div>
+
+<div class="rounded-xl border border-slate-700 bg-slate-800/50 p-4" style="min-height: 360px;">
+    <canvas id="p-chart"></canvas>
+</div>
+{% endif %}
+{% endblock %}
+
+{% block scripts %}
+{% if has_device %}
+<script>
+const LOC_ID = "{{ location.id }}";
+const cd = { t: [], lp: [], leq: [], ln1: [], ln2: [] };
+let chart;
+const numOrNull = v => { const f = parseFloat(v); return isNaN(f) ? null : f; };
+
+function ds(label, color) {
+    return { label, data: [], borderColor: color, backgroundColor: color,
+             borderWidth: 2, pointRadius: 0, tension: 0.3, spanGaps: true };
+}
+function initChart() {
+    const ctx = document.getElementById('p-chart').getContext('2d');
+    chart = new Chart(ctx, {
+        type: 'line',
+        data: { labels: [], datasets: [
+            ds('Lp', 'rgb(96,165,250)'), ds('Leq', 'rgb(74,222,128)'),
+            ds('L1', 'rgb(192,132,252)'), ds('L10', 'rgb(251,146,60)') ] },
+        options: {
+            responsive: true, maintainAspectRatio: false, animation: false,
+            interaction: { intersect: false, mode: 'index' },
+            scales: {
+                y: { min: 30, max: 130, title: { display: true, text: 'dB', color: '#94a3b8' },
+                     ticks: { color: '#94a3b8' }, grid: { color: 'rgba(148,163,184,0.12)' } },
+                x: { ticks: { color: '#94a3b8', maxTicksLimit: 8 }, grid: { color: 'rgba(148,163,184,0.12)' } }
+            },
+            plugins: { legend: { labels: { color: '#cbd5e1' } } }
+        }
+    });
+}
+
+function setCard(id, v) { document.getElementById(id).textContent = (v == null || v === '') ? '--' : v; }
+function setBadge(measuring, lastSeen) {
+    const b = document.getElementById('p-badge'), f = document.getElementById('p-fresh');
+    if (measuring === null) { b.className = 'hidden px-2 py-0.5 text-xs font-medium rounded-full'; b.textContent = ''; }
+    else if (measuring) { b.className = 'px-2 py-0.5 text-xs font-medium rounded-full bg-green-900/40 text-green-300'; b.textContent = '● Live'; }
+    else { b.className = 'px-2 py-0.5 text-xs font-medium rounded-full bg-slate-700 text-gray-300'; b.textContent = '■ Stopped'; }
+    f.innerHTML = fmtFreshness(lastSeen);
+}
+function fmtFreshness(iso) {
+    if (!iso) return '<span class="text-gray-500">no recent reading</span>';
+    const t = new Date(iso.endsWith('Z') ? iso : iso + 'Z');
+    const s = Math.max(0, Math.round((Date.now() - t.getTime()) / 1000));
+    let ago, stale = false;
+    if (s < 10) ago = 'just now';
+    else if (s < 60) ago = s + 's ago';
+    else if (s < 3600) { ago = Math.round(s / 60) + 'm ago'; stale = s >= 300; }
+    else { ago = Math.round(s / 3600) + 'h ago'; stale = true; }
+    const cls = stale ? 'text-amber-400' : 'text-gray-400';
+    return `as of ${t.toLocaleTimeString()} <span class="${cls}">(${ago}${stale ? ' · cached' : ''})</span>`;
+}
+
+async function prefill() {
+    try {
+        const j = await (await fetch(`/portal/api/location/${encodeURIComponent(LOC_ID)}/live`)).json();
+        const d = j.data;
+        if (!d) {
+            setBadge(null, null);
+            document.getElementById('p-fresh').textContent =
+                j.reason === 'no_device' ? 'No device assigned' : 'Currently unreachable';
+            return;
+        }
+        setCard('p-lp', d.lp); setCard('p-leq', d.leq); setCard('p-lmax', d.lmax);
+        setCard('p-ln1', d.ln1); setCard('p-ln2', d.ln2);
+        const measuring = d.measurement_state === 'Start' || d.measurement_state === 'Measure';
+        setBadge(measuring, d.last_seen);
+    } catch (e) { /* keep last values */ }
+}
+async function backfill() {
+    try {
+        const j = await (await fetch(`/portal/api/location/${encodeURIComponent(LOC_ID)}/history?hours=2`)).json();
+        for (const row of (j.readings || [])) {
+            cd.t.push(row.timestamp ? new Date(row.timestamp + 'Z').toLocaleTimeString() : '');
+            cd.lp.push(numOrNull(row.lp)); cd.leq.push(numOrNull(row.leq));
+            cd.ln1.push(numOrNull(row.ln1)); cd.ln2.push(numOrNull(row.ln2));
+        }
+        chart.data.labels = cd.t;
+        chart.data.datasets[0].data = cd.lp; chart.data.datasets[1].data = cd.leq;
+        chart.data.datasets[2].data = cd.ln1; chart.data.datasets[3].data = cd.ln2;
+        chart.update('none');
+    } catch (e) { /* leave chart empty */ }
+}
+
+initChart();
+prefill();
+backfill();
+setInterval(prefill, 15000);   // cache poll — read-only, no device contention
+</script>
+{% endif %}
+{% endblock %}
diff --git a/templates/portal/overview.html b/templates/portal/overview.html
index fefc731..a5b0994 100644
--- a/templates/portal/overview.html
+++ b/templates/portal/overview.html
@@ -1,16 +1,29 @@
 {% extends "portal/base.html" %}
 {% block title %}Your locations{% endblock %}
+{% block head %}
+<link rel="stylesheet" href="https://unpkg.com/leaflet@1.9.4/dist/leaflet.css" />
+{% endblock %}
 {% block content %}
 <h1 class="text-2xl font-semibold mb-1">Your monitoring locations</h1>
-<p class="text-gray-400 text-sm mb-6">Live sound levels for your active locations.</p>
+<p class="text-gray-400 text-sm mb-6">Live sound levels for your active locations. Read-only.</p>
 
-{# M1 task 4 fleshes this out into location tiles + a map. #}
 {% if locations %}
+<div id="loc-map" class="h-64 rounded-xl overflow-hidden mb-6 hidden border border-slate-700"></div>
+
 <div class="grid sm:grid-cols-2 lg:grid-cols-3 gap-4">
     {% for loc in locations %}
-    <a href="/portal/location/{{ loc.id }}" class="block rounded-xl border border-slate-700 bg-slate-800/50 p-4 hover:border-seismo-orange transition-colors">
-        <div class="font-semibold">{{ loc.name }}</div>
-        <div class="text-xs text-gray-400 mt-1">{{ loc.address or loc.project_name }}</div>
+    <a href="/portal/location/{{ loc.id }}" data-loc="{{ loc.id }}"
+       class="loc-tile block rounded-xl border border-slate-700 bg-slate-800/50 p-4 hover:border-seismo-orange transition-colors">
+        <div class="flex items-start justify-between gap-2">
+            <div class="font-semibold">{{ loc.name }}</div>
+            <span class="loc-badge hidden shrink-0 px-2 py-0.5 text-xs rounded-full"></span>
+        </div>
+        <div class="text-xs text-gray-400 mt-0.5 truncate">{{ loc.address or loc.project_name or '' }}</div>
+        <div class="mt-3 flex items-baseline gap-1">
+            <span class="loc-lp text-3xl font-bold text-seismo-orange">--</span>
+            <span class="text-sm text-gray-400">dB Lp</span>
+        </div>
+        <div class="loc-fresh text-xs text-gray-500 mt-1">&nbsp;</div>
     </a>
     {% endfor %}
 </div>
@@ -20,3 +33,67 @@
 </div>
 {% endif %}
 {% endblock %}
+
+{% block scripts %}
+<script src="https://unpkg.com/leaflet@1.9.4/dist/leaflet.js"></script>
+<script>
+const LOCATIONS = {{ locations|tojson }};
+
+function fmtAgo(iso) {
+    if (!iso) return '';
+    const t = new Date(iso.endsWith('Z') ? iso : iso + 'Z');
+    const s = Math.max(0, Math.round((Date.now() - t.getTime()) / 1000));
+    if (s < 60) return 'updated just now';
+    if (s < 3600) return 'updated ' + Math.round(s / 60) + 'm ago';
+    return 'updated ' + Math.round(s / 3600) + 'h ago';
+}
+
+async function loadTile(loc) {
+    const el = document.querySelector(`.loc-tile[data-loc="${loc.id}"]`);
+    if (!el) return;
+    const lp = el.querySelector('.loc-lp'), badge = el.querySelector('.loc-badge'),
+          fresh = el.querySelector('.loc-fresh');
+    try {
+        const j = await (await fetch(`/portal/api/location/${encodeURIComponent(loc.id)}/live`)).json();
+        const d = j.data;
+        badge.classList.remove('hidden');
+        if (!d) {
+            badge.textContent = j.reason === 'no_device' ? 'No device' : 'Offline';
+            badge.className = 'loc-badge shrink-0 px-2 py-0.5 text-xs rounded-full bg-slate-700 text-gray-300';
+            lp.textContent = '--'; fresh.innerHTML = '&nbsp;';
+            return;
+        }
+        lp.textContent = (d.lp == null || d.lp === '') ? '--' : d.lp;
+        const measuring = d.measurement_state === 'Start' || d.measurement_state === 'Measure';
+        badge.textContent = measuring ? '● Live' : 'Stopped';
+        badge.className = 'loc-badge shrink-0 px-2 py-0.5 text-xs rounded-full ' +
+            (measuring ? 'bg-green-900/40 text-green-300' : 'bg-slate-700 text-gray-300');
+        fresh.textContent = fmtAgo(d.last_seen);
+    } catch (e) { /* leave placeholders */ }
+}
+
+function refreshTiles() { LOCATIONS.forEach(loadTile); }
+refreshTiles();
+setInterval(refreshTiles, 15000);
+
+// Map of locations that have coordinates
+const withCoords = LOCATIONS.filter(l => l.coordinates);
+if (withCoords.length) {
+    const mapEl = document.getElementById('loc-map');
+    mapEl.classList.remove('hidden');
+    const map = L.map('loc-map');
+    L.tileLayer('https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png',
+        { maxZoom: 19, attribution: '© OpenStreetMap' }).addTo(map);
+    const pts = [];
+    withCoords.forEach(l => {
+        const [la, lo] = (l.coordinates || '').split(',').map(Number);
+        if (!isNaN(la) && !isNaN(lo)) {
+            L.marker([la, lo]).addTo(map).bindPopup(l.name);
+            pts.push([la, lo]);
+        }
+    });
+    if (pts.length) map.fitBounds(pts, { padding: [30, 30], maxZoom: 15 });
+    else mapEl.classList.add('hidden');
+}
+</script>
+{% endblock %}
-- 
2.52.0


From 26b4b1e7e402348ae5dfb528c4e1c53c1ae38d7b Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Wed, 10 Jun 2026 21:43:28 +0000
Subject: [PATCH 06/27] =?UTF-8?q?feat(portal):=20M1=20admin=20CLI=20?=
 =?UTF-8?q?=E2=80=94=20create=20client,=20link=20projects,=20mint/revoke?=
 =?UTF-8?q?=20links?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

backend/portal_admin.py (run in-container): create-client, link-project (by id/
number/name -> sets Project.client_id), mint-link (prints the full magic URL once,
stores only the hash), list, revoke. PORTAL_BASE_URL controls the printed link base.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 backend/portal_admin.py | 165 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 165 insertions(+)
 create mode 100644 backend/portal_admin.py

diff --git a/backend/portal_admin.py b/backend/portal_admin.py
new file mode 100644
index 0000000..c69e4db
--- /dev/null
+++ b/backend/portal_admin.py
@@ -0,0 +1,165 @@
+#!/usr/bin/env python3
+"""
+Client-portal admin CLI (M1). Operator tooling — run inside the terra-view
+container against the live DB. The raw magic-link token is shown ONCE on mint;
+only its hash is stored.
+
+  # create a client
+  python3 backend/portal_admin.py create-client --name "Myler Co" --slug myler [--email dave@x.com]
+
+  # attach a project to a client (sets Project.client_id) — by id, number, or name
+  python3 backend/portal_admin.py link-project --slug myler --project-id <PID>
+  python3 backend/portal_admin.py link-project --slug myler --project-number 2567-23
+  python3 backend/portal_admin.py link-project --slug myler --project-name "RKM Hall"
+
+  # mint a magic access link (FULL URL PRINTED ONCE — copy it now)
+  python3 backend/portal_admin.py mint-link --slug myler [--label "Dave's link"]
+
+  # list clients, their projects, and active links
+  python3 backend/portal_admin.py list
+
+  # revoke a link (stops the link AND any live session it minted)
+  python3 backend/portal_admin.py revoke --token-id <TID>
+
+The printed URL base comes from PORTAL_BASE_URL (default http://localhost:8001).
+"""
+
+import os
+import sys
+import uuid
+import secrets
+import argparse
+from datetime import datetime
+
+from backend.database import SessionLocal
+from backend.models import Client, ClientAccessToken, Project
+from backend.portal_auth import hash_token
+
+PORTAL_BASE_URL = os.getenv("PORTAL_BASE_URL", "http://localhost:8001").rstrip("/")
+
+
+def _get_client(db, slug):
+    c = db.query(Client).filter_by(slug=slug).first()
+    if not c:
+        sys.exit(f"No client with slug '{slug}'. Create it first.")
+    return c
+
+
+def create_client(args):
+    db = SessionLocal()
+    try:
+        if db.query(Client).filter_by(slug=args.slug).first():
+            sys.exit(f"A client with slug '{args.slug}' already exists.")
+        c = Client(id=str(uuid.uuid4()), name=args.name, slug=args.slug,
+                   contact_email=args.email, active=True)
+        db.add(c)
+        db.commit()
+        print(f"✓ Created client '{c.name}' (slug={c.slug}, id={c.id})")
+        print("  Next: link-project, then mint-link.")
+    finally:
+        db.close()
+
+
+def link_project(args):
+    db = SessionLocal()
+    try:
+        c = _get_client(db, args.slug)
+        q = db.query(Project)
+        if args.project_id:
+            p = q.filter_by(id=args.project_id).first()
+        elif args.project_number:
+            p = q.filter_by(project_number=args.project_number).first()
+        elif args.project_name:
+            p = q.filter_by(name=args.project_name).first()
+        else:
+            sys.exit("Specify --project-id, --project-number, or --project-name.")
+        if not p:
+            sys.exit("Project not found.")
+        p.client_id = c.id
+        db.commit()
+        print(f"✓ Linked project '{p.name}' (id={p.id}) -> client '{c.name}'")
+    finally:
+        db.close()
+
+
+def mint_link(args):
+    db = SessionLocal()
+    try:
+        c = _get_client(db, args.slug)
+        raw = secrets.token_urlsafe(32)
+        tok = ClientAccessToken(id=str(uuid.uuid4()), client_id=c.id,
+                                token_hash=hash_token(raw), label=args.label)
+        db.add(tok)
+        db.commit()
+        print(f"✓ Minted access link for '{c.name}'"
+              f"{f' ({args.label})' if args.label else ''} — token id {tok.id}")
+        print("\n  COPY THIS NOW (shown only once):\n")
+        print(f"      {PORTAL_BASE_URL}/portal/enter/{raw}\n")
+    finally:
+        db.close()
+
+
+def revoke(args):
+    db = SessionLocal()
+    try:
+        tok = db.query(ClientAccessToken).filter_by(id=args.token_id).first()
+        if not tok:
+            sys.exit("No token with that id.")
+        if tok.revoked_at:
+            print("○ Already revoked.")
+            return
+        tok.revoked_at = datetime.utcnow()
+        db.commit()
+        print(f"✓ Revoked token {tok.id} — the link and any live sessions it minted are dead.")
+    finally:
+        db.close()
+
+
+def list_all(args):
+    db = SessionLocal()
+    try:
+        clients = db.query(Client).order_by(Client.name).all()
+        if not clients:
+            print("No clients yet.")
+            return
+        for c in clients:
+            state = "" if c.active else " [INACTIVE]"
+            print(f"\n● {c.name}  (slug={c.slug}){state}")
+            projs = db.query(Project).filter_by(client_id=c.id).all()
+            print("  projects: " + (", ".join(p.name for p in projs) or "(none linked)"))
+            toks = db.query(ClientAccessToken).filter_by(client_id=c.id).all()
+            if not toks:
+                print("  links: (none — run mint-link)")
+            for t in toks:
+                status = "revoked" if t.revoked_at else "active"
+                last = t.last_used_at.strftime("%Y-%m-%d %H:%M") if t.last_used_at else "never used"
+                print(f"  link {t.id}  [{status}]  {t.label or ''}  (last: {last})")
+        print()
+    finally:
+        db.close()
+
+
+def main():
+    ap = argparse.ArgumentParser(description="Client-portal admin (M1)")
+    sub = ap.add_subparsers(dest="cmd", required=True)
+
+    p = sub.add_parser("create-client"); p.add_argument("--name", required=True)
+    p.add_argument("--slug", required=True); p.add_argument("--email"); p.set_defaults(fn=create_client)
+
+    p = sub.add_parser("link-project"); p.add_argument("--slug", required=True)
+    p.add_argument("--project-id"); p.add_argument("--project-number"); p.add_argument("--project-name")
+    p.set_defaults(fn=link_project)
+
+    p = sub.add_parser("mint-link"); p.add_argument("--slug", required=True)
+    p.add_argument("--label"); p.set_defaults(fn=mint_link)
+
+    p = sub.add_parser("revoke"); p.add_argument("--token-id", required=True); p.set_defaults(fn=revoke)
+
+    p = sub.add_parser("list"); p.set_defaults(fn=list_all)
+
+    args = ap.parse_args()
+    args.fn(args)
+
+
+if __name__ == "__main__":
+    main()
-- 
2.52.0


From 1cf80ea7ea6a6d02a26d3b34a03a28542908db5d Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 01:16:30 +0000
Subject: [PATCH 07/27] fix(portal): portal_admin.py runnable as a script, not
 just -m

`python3 backend/portal_admin.py` set sys.path[0] to backend/, hiding the
`backend` package and breaking `from backend.database import ...`. Insert the
project root on sys.path so the documented script invocation works.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 backend/portal_admin.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/backend/portal_admin.py b/backend/portal_admin.py
index c69e4db..2d8b346 100644
--- a/backend/portal_admin.py
+++ b/backend/portal_admin.py
@@ -31,6 +31,10 @@ import secrets
 import argparse
 from datetime import datetime
 
+# Allow `python3 backend/portal_admin.py ...` (which puts backend/ on sys.path[0],
+# hiding the `backend` package) in addition to `python3 -m backend.portal_admin`.
+sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
 from backend.database import SessionLocal
 from backend.models import Client, ClientAccessToken, Project
 from backend.portal_auth import hash_token
-- 
2.52.0


From 2031681d0f2b7b4c7454fefb875bbf2ad47548af Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 02:01:58 +0000
Subject: [PATCH 08/27] docs(portal): add "Going to prod" checklist (migration,
 SECRET_KEY, exposure)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 docs/CLIENT_PORTAL.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/docs/CLIENT_PORTAL.md b/docs/CLIENT_PORTAL.md
index b74a94d..0fc2e88 100644
--- a/docs/CLIENT_PORTAL.md
+++ b/docs/CLIENT_PORTAL.md
@@ -132,6 +132,32 @@ live data, all from cache.
   magic-link (passwordless email) and/or accounts, proper sessions, password
   reset, and likely auth for the *internal* app too. Reverse-proxy + TLS posture.
 
+## Going to prod (M1)
+
+1. **Run the migration on the prod DB** — `migrate_add_client_portal.py` adds
+   `projects.client_id` (the new tables auto-create via `create_all`). Skipping it
+   500s anything that touches `Project.client_id`. This is the silent killer.
+   ```bash
+   docker compose exec web-app python3 backend/migrate_add_client_portal.py
+   ```
+2. **Set a real `SECRET_KEY`** in the prod env (compose). The portal signs session
+   cookies with it; the insecure dev default (it logs a warning at boot) is
+   forgeable. Non-negotiable for an internet-facing portal.
+3. **SLMM_BASE_URL** — prod base compose already points at `:8100` (correct; the
+   `:9100` mismatch is a dev-only override quirk). For full live data (L1/L10 +
+   chart backfill) prod SLMM must be on the `dev` build with its migrations
+   (`migrate_add_ln_percentiles`, `migrate_add_monitor_enabled`) and **keepalive on**
+   for the client's units — otherwise the portal degrades gracefully (cards show
+   `--`, chart empty), it just isn't fully populated.
+4. **Seed real clients** with the CLI (`backend/portal_admin.py`): `create-client`
+   → `link-project` (a real sound project with an active SLM assignment) →
+   `mint-link` → send the client the printed URL (shown once).
+5. **Exposure** — portal routes are auth-gated, but port 8001 still serves the
+   whole *internal* app with no auth. Before real clients are on it, the portal
+   should sit behind the reverse proxy with only `/portal/*` exposed (or the app
+   restricted). This is the point where the parked reverse-proxy/TLS work becomes
+   load-bearing.
+
 ## Security notes
 
 - Portal is auth-gated from day one (even the interim gate) — never wide-open like
-- 
2.52.0


From 3fc20e104a8ee6cb61caa41c9120549e86bfbfbf Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 02:18:06 +0000
Subject: [PATCH 09/27] feat(portal): one-click "View client portal" preview
 from the project page
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds a "View client portal" button on the project detail page that opens the
client portal scoped to that project — no CLI. GET /projects/{id}/portal-preview
auto-provisions a client + access token for the project (provision_preview_session)
and seals a portal session cookie, then redirects to /portal.

- Reuses the project's linked client if it has one; otherwise creates/reuses a
  per-project 'preview-<id>' client. Only sets project.client_id when unset, so it
  never clobbers a real client link. Idempotent — repeat clicks reuse the same
  client/token.
- Lives under /projects (not /portal), so a future public proxy exposing only
  /portal/* won't expose this operator shortcut.

Verified: provisioning (unlinked creates+links, idempotent, linked-no-clobber) 7/7.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 backend/main.py                | 21 +++++++++++++++++++-
 backend/portal_auth.py         | 35 ++++++++++++++++++++++++++++++++++
 templates/projects/detail.html | 13 ++++++++++++-
 3 files changed, 67 insertions(+), 2 deletions(-)

diff --git a/backend/main.py b/backend/main.py
index 2f025fd..5305c37 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -4,7 +4,7 @@ from fastapi import FastAPI, Request, Depends, HTTPException
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.staticfiles import StaticFiles
 from fastapi.templating import Jinja2Templates
-from fastapi.responses import HTMLResponse, FileResponse, JSONResponse
+from fastapi.responses import HTMLResponse, FileResponse, JSONResponse, RedirectResponse
 from fastapi.exceptions import RequestValidationError
 from sqlalchemy.orm import Session
 from typing import List, Dict, Optional
@@ -413,6 +413,25 @@ async def project_detail_page(request: Request, project_id: str):
     })
 
 
+@app.get("/projects/{project_id}/portal-preview")
+async def project_portal_preview(project_id: str, db: Session = Depends(get_db)):
+    """Operator testing shortcut: log into the client portal scoped to this project
+    (auto-provisioning a client/link if needed), no CLI. Lives under /projects (not
+    /portal), so a public proxy that exposes only /portal/* won't expose this."""
+    from backend.models import Project
+    from backend.portal_auth import (
+        provision_preview_session, make_session_cookie, COOKIE_NAME, COOKIE_MAX_AGE,
+    )
+    project = db.query(Project).filter_by(id=project_id).first()
+    if not project:
+        return JSONResponse(status_code=404, content={"detail": "Project not found"})
+    token_id = provision_preview_session(project, db)
+    resp = RedirectResponse(url="/portal", status_code=303)
+    resp.set_cookie(COOKIE_NAME, make_session_cookie(token_id),
+                    max_age=COOKIE_MAX_AGE, httponly=True, samesite="lax")
+    return resp
+
+
 @app.get("/projects/{project_id}/nrl/{location_id}", response_class=HTMLResponse)
 async def nrl_detail_page(
     request: Request,
diff --git a/backend/portal_auth.py b/backend/portal_auth.py
index 02933b0..da869a2 100644
--- a/backend/portal_auth.py
+++ b/backend/portal_auth.py
@@ -16,9 +16,11 @@ import os
 import hmac
 import json
 import time
+import uuid
 import base64
 import hashlib
 import logging
+import secrets
 from datetime import datetime
 
 from fastapi import Request, Depends
@@ -112,3 +114,36 @@ def resolve_token(raw_token: str, db: Session):
     tok.last_used_at = datetime.utcnow()
     db.commit()
     return tok, client
+
+
+def provision_preview_session(project, db) -> str:
+    """Testing convenience (operator-side): ensure a Client + access token exist for
+    a project so an operator can preview the client portal without the CLI. Returns
+    the token id to seal into a session cookie.
+
+    Reuses the project's linked client if it has one; otherwise creates/uses a
+    per-project 'preview-<id>' client. Only sets project.client_id when it's unset,
+    so previewing never clobbers a real client link. The token's raw secret is
+    discarded (preview rides the cookie, not a magic link)."""
+    client = None
+    if project.client_id:
+        client = db.query(Client).filter_by(id=project.client_id, active=True).first()
+    if client is None:
+        slug = f"preview-{str(project.id)[:8]}"
+        client = db.query(Client).filter_by(slug=slug).first()
+        if client is None:
+            client = Client(id=str(uuid.uuid4()),
+                            name=(project.client_name or project.name or "Preview"),
+                            slug=slug, active=True)
+            db.add(client)
+            db.flush()
+        if not project.client_id:
+            project.client_id = client.id
+    tok = db.query(ClientAccessToken).filter_by(client_id=client.id, revoked_at=None).first()
+    if tok is None:
+        tok = ClientAccessToken(id=str(uuid.uuid4()), client_id=client.id,
+                                token_hash=hash_token(secrets.token_urlsafe(32)),
+                                label="preview")
+        db.add(tok)
+    db.commit()
+    return tok.id
diff --git a/templates/projects/detail.html b/templates/projects/detail.html
index ba971f3..1542c2f 100644
--- a/templates/projects/detail.html
+++ b/templates/projects/detail.html
@@ -4,7 +4,7 @@
 
 {% block content %}
 <!-- Breadcrumb Navigation -->
-<div class="mb-6">
+<div class="mb-6 flex items-center justify-between gap-3">
     <nav class="flex items-center space-x-2 text-sm">
         <a href="/projects" class="text-seismo-orange hover:text-seismo-navy flex items-center">
             <svg class="w-4 h-4 mr-1" fill="none" stroke="currentColor" viewBox="0 0 24 24">
@@ -17,6 +17,17 @@
         </svg>
         <span class="text-gray-900 dark:text-white font-medium" id="project-name-breadcrumb">Project</span>
     </nav>
+
+    <!-- Preview the client portal for this project (opens scoped, read-only) -->
+    <a href="/projects/{{ project_id }}/portal-preview" target="_blank" rel="noopener"
+       class="shrink-0 inline-flex items-center gap-1.5 px-3 py-1.5 text-sm rounded-lg border border-seismo-orange/40 bg-seismo-orange/10 text-seismo-orange hover:bg-seismo-orange/20 transition-colors"
+       title="Preview this project's client portal in a new tab">
+        <svg class="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 12a3 3 0 11-6 0 3 3 0 016 0z"></path>
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M2.458 12C3.732 7.943 7.523 5 12 5c4.478 0 8.268 2.943 9.542 7-1.274 4.057-5.064 7-9.542 7-4.477 0-8.268-2.943-9.542-7z"></path>
+        </svg>
+        View client portal
+    </a>
 </div>
 
 <!-- Header (loads dynamically) -->
-- 
2.52.0


From 0103917870f83e83d605f923a87f4a3c07a20d5e Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 03:16:32 +0000
Subject: [PATCH 10/27] feat(portal): live ~1Hz WS stream with auto-close
 (visibility + idle cap)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The portal location view is now genuinely live, not a 15s poll. Scoped WS endpoint
/portal/api/location/{id}/stream: authenticates via the session cookie, enforces
ownership (resolve_client_location), then bridges the unit's shared SLMM /monitor
fan-out feed to the browser — a viewer is just one more subscriber, no extra
device connection. Frames are scrubbed to the portal whitelist (drops unit_id,
raw_payload, counter, lmin) before reaching the client.

location.html: cache prefill for instant first paint, then upgrades to the live
socket (cards tick ~1Hz, chart scrolls). Auto-close so an abandoned tab can't pin
the device at 1Hz polling (~8x cellular data):
- closes when the tab is hidden, reopens when visible (Page Visibility) — the main
  guard;
- hard 15-min cap -> "Live paused — click to resume" overlay.

Refactor: client_from_cookie() extracted from get_current_client so the WS handler
(no Request-based Depends) can auth the same way.

Verified: scrub drops internal fields / keeps metrics + heartbeat (7/7), auth
refactor (3/3), portal compiles, location.html JS balances + parses.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 backend/portal_auth.py         | 26 ++++++----
 backend/routers/portal.py      | 93 ++++++++++++++++++++++++++++++++--
 templates/portal/location.html | 82 ++++++++++++++++++++++++++++--
 3 files changed, 183 insertions(+), 18 deletions(-)

diff --git a/backend/portal_auth.py b/backend/portal_auth.py
index da869a2..ac52ae7 100644
--- a/backend/portal_auth.py
+++ b/backend/portal_auth.py
@@ -82,20 +82,24 @@ def _read_session_cookie(value: str):
 
 # -- the dependency every portal route uses ---------------------------------
 
-def get_current_client(request: Request, db: Session = Depends(get_db)) -> Client:
-    """Resolve the authenticated client, or raise PortalAuthError.
-
-    Re-validates the access token on every request so a revoked link / disabled
-    client drops the session immediately."""
-    cookie = request.cookies.get(COOKIE_NAME)
-    token_id = _read_session_cookie(cookie) if cookie else None
+def client_from_cookie(cookie_value, db: Session):
+    """Resolve a Client from a raw session-cookie value, or None. Re-validates the
+    access token against the DB each call, so a revoked link / disabled client
+    drops immediately. Shared by the HTTP dependency and the WebSocket handler
+    (which can't use Request-based Depends)."""
+    token_id = _read_session_cookie(cookie_value) if cookie_value else None
     if not token_id:
-        raise PortalAuthError()
+        return None
     tok = db.query(ClientAccessToken).filter_by(id=token_id, revoked_at=None).first()
     if not tok:
-        raise PortalAuthError()
-    client = db.query(Client).filter_by(id=tok.client_id, active=True).first()
-    if not client:
+        return None
+    return db.query(Client).filter_by(id=tok.client_id, active=True).first()
+
+
+def get_current_client(request: Request, db: Session = Depends(get_db)) -> Client:
+    """Resolve the authenticated client, or raise PortalAuthError."""
+    client = client_from_cookie(request.cookies.get(COOKIE_NAME), db)
+    if client is None:
         raise PortalAuthError()
     return client
 
diff --git a/backend/routers/portal.py b/backend/routers/portal.py
index 1382b45..abbea7b 100644
--- a/backend/routers/portal.py
+++ b/backend/routers/portal.py
@@ -7,20 +7,23 @@ live data sourced from SLMM's cache. Every data route re-checks ownership.
 """
 
 import os
+import json
+import asyncio
 import logging
 from datetime import datetime
 
 import httpx
-from fastapi import APIRouter, Request, Depends, HTTPException
+import websockets
+from fastapi import APIRouter, Request, Depends, HTTPException, WebSocket
 from fastapi.responses import RedirectResponse
 from sqlalchemy import or_
 from sqlalchemy.orm import Session
 
-from backend.database import get_db
+from backend.database import get_db, SessionLocal
 from backend.models import Client, MonitoringLocation, Project, UnitAssignment
 from backend.templates_config import templates
 from backend.portal_auth import (
-    get_current_client, make_session_cookie, resolve_token,
+    get_current_client, client_from_cookie, make_session_cookie, resolve_token,
     COOKIE_NAME, COOKIE_MAX_AGE,
 )
 
@@ -28,6 +31,7 @@ logger = logging.getLogger(__name__)
 router = APIRouter(prefix="/portal", tags=["portal"])
 
 SLMM_BASE_URL = os.getenv("SLMM_BASE_URL", "http://localhost:8100")
+SLMM_WS_BASE_URL = SLMM_BASE_URL.replace("http://", "ws://").replace("https://", "wss://")
 
 # Whitelist of fields the portal exposes to a client — sound metrics + run state
 # only. Internal device health (battery/power/SD/raw_payload) is NOT disclosed.
@@ -185,3 +189,86 @@ async def portal_location_history(location_id: str, hours: float = 2.0,
     if r.status_code != 200:
         return {"status": "ok", "readings": []}
     return {"status": "ok", "readings": (r.json() or {}).get("readings", [])}
+
+
+# -- live stream (fan-out feed, scoped + scrubbed) ---------------------------
+
+def _scrub_frame(raw: str) -> str:
+    """Project a monitor frame down to the portal whitelist. Drops internal fields
+    (unit_id, raw_payload, lmin) before it reaches a client; passes control fields
+    (feed_status, heartbeat) + timestamp through."""
+    try:
+        d = json.loads(raw)
+    except Exception:
+        return raw
+    out = {k: d.get(k) for k in _PORTAL_LIVE_FIELDS if k in d}
+    if "timestamp" in d:
+        out["timestamp"] = d["timestamp"]
+    for ctrl in ("feed_status", "heartbeat"):
+        if ctrl in d:
+            out[ctrl] = d[ctrl]
+    return json.dumps(out)
+
+
+@router.websocket("/api/location/{location_id}/stream")
+async def portal_location_stream(websocket: WebSocket, location_id: str):
+    """Live ~1Hz feed for a location the client owns. Auths via the session cookie,
+    enforces ownership, then bridges the unit's shared SLMM /monitor fan-out feed
+    to the browser (scrubbed). A viewer is just one more subscriber to the one
+    device feed — no extra device connection."""
+    await websocket.accept()
+
+    # Auth + ownership on a short-lived session, then release it for the long bridge.
+    db = SessionLocal()
+    try:
+        client = client_from_cookie(websocket.cookies.get(COOKIE_NAME), db)
+        if client is None:
+            await websocket.close(code=1008)  # policy violation (not authenticated)
+            return
+        try:
+            resolve_client_location(client, location_id, db)
+        except HTTPException:
+            await websocket.close(code=1008)
+            return
+        unit_id = active_unit_for_location(location_id, db)
+    finally:
+        db.close()
+
+    if not unit_id:
+        try:
+            await websocket.send_json({"feed_status": "no_device"})
+        finally:
+            await websocket.close(code=1000)
+        return
+
+    target = f"{SLMM_WS_BASE_URL}/api/nl43/{unit_id}/monitor"
+    backend_ws = None
+    try:
+        backend_ws = await websockets.connect(target)
+
+        async def forward_to_client():
+            async for message in backend_ws:
+                await websocket.send_text(_scrub_frame(message))
+
+        async def watch_client():
+            while True:
+                await websocket.receive_text()
+
+        tasks = [asyncio.ensure_future(forward_to_client()),
+                 asyncio.ensure_future(watch_client())]
+        done, pending = await asyncio.wait(tasks, return_when=asyncio.FIRST_COMPLETED)
+        for t in pending:
+            t.cancel()
+        for t in tasks:
+            try:
+                await t
+            except (asyncio.CancelledError, Exception):
+                pass
+    except Exception as e:
+        logger.warning(f"[PORTAL] stream {location_id}: {e}")
+    finally:
+        if backend_ws:
+            try:
+                await backend_ws.close()
+            except Exception:
+                pass
diff --git a/templates/portal/location.html b/templates/portal/location.html
index 4bb107b..1a3148c 100644
--- a/templates/portal/location.html
+++ b/templates/portal/location.html
@@ -39,8 +39,14 @@
     </div>
 </div>
 
-<div class="rounded-xl border border-slate-700 bg-slate-800/50 p-4" style="min-height: 360px;">
+<div class="relative rounded-xl border border-slate-700 bg-slate-800/50 p-4" style="min-height: 360px;">
     <canvas id="p-chart"></canvas>
+    <div id="p-paused" class="hidden absolute inset-0 flex items-center justify-center bg-slate-900/70 rounded-xl">
+        <button onclick="resumeStream()"
+                class="px-4 py-2 rounded-lg bg-seismo-orange/20 text-seismo-orange border border-seismo-orange/40 hover:bg-seismo-orange/30 text-sm font-medium">
+            &#9208; Live paused — click to resume
+        </button>
+    </div>
 </div>
 {% endif %}
 {% endblock %}
@@ -129,10 +135,78 @@ async function backfill() {
     } catch (e) { /* leave chart empty */ }
 }
 
+// ---- live stream (upgrades the cache prefill to a real ~1Hz feed) --------
+let ws = null, hardCap = null, paused = false;
+const IDLE_CAP_MS = 15 * 60 * 1000;  // auto-close after 15 min so an abandoned
+                                     // tab doesn't pin the device at 1Hz polling
+
+function pushPoint(d) {
+    cd.t.push(new Date().toLocaleTimeString());
+    cd.lp.push(numOrNull(d.lp)); cd.leq.push(numOrNull(d.leq));
+    cd.ln1.push(numOrNull(d.ln1)); cd.ln2.push(numOrNull(d.ln2));
+    if (cd.t.length > 600) { cd.t.shift(); cd.lp.shift(); cd.leq.shift(); cd.ln1.shift(); cd.ln2.shift(); }
+    chart.data.labels = cd.t;
+    chart.data.datasets[0].data = cd.lp; chart.data.datasets[1].data = cd.leq;
+    chart.data.datasets[2].data = cd.ln1; chart.data.datasets[3].data = cd.ln2;
+    chart.update('none');
+}
+
+function openStream() {
+    if (paused || ws) return;
+    const proto = location.protocol === 'https:' ? 'wss:' : 'ws:';
+    ws = new WebSocket(`${proto}//${location.host}/portal/api/location/${encodeURIComponent(LOC_ID)}/stream`);
+    ws.onmessage = (e) => {
+        let d; try { d = JSON.parse(e.data); } catch (_) { return; }
+        if (d.feed_status === 'no_device') {
+            setBadge(null, null);
+            document.getElementById('p-fresh').textContent = 'No device assigned';
+            return;
+        }
+        if (d.heartbeat) return;
+        if (d.feed_status === 'unreachable') {
+            document.getElementById('p-fresh').innerHTML = '<span class="text-amber-400">device unreachable</span>';
+            return;
+        }
+        setCard('p-lp', d.lp); setCard('p-leq', d.leq); setCard('p-lmax', d.lmax);
+        setCard('p-ln1', d.ln1); setCard('p-ln2', d.ln2);
+        const measuring = d.measurement_state === 'Start' || d.measurement_state === 'Measure';
+        setBadge(measuring, d.timestamp || new Date().toISOString());
+        pushPoint(d);
+    };
+    ws.onclose = () => { ws = null; };
+    ws.onerror = () => {};
+    clearTimeout(hardCap);
+    hardCap = setTimeout(() => { paused = true; closeStream(); showPaused(true); }, IDLE_CAP_MS);
+}
+
+function closeStream() {
+    clearTimeout(hardCap);
+    if (ws) { try { ws.close(); } catch (_) {} ws = null; }
+}
+
+function showPaused(on) {
+    const el = document.getElementById('p-paused');
+    if (el) el.classList.toggle('hidden', !on);
+}
+function resumeStream() {
+    paused = false; showPaused(false);
+    prefill();        // refresh cards instantly on resume
+    openStream();
+}
+
+// Stop streaming when the tab is hidden (client switched away / locked phone) and
+// resume when it's visible again — the main cost guard, so the device relaxes back
+// to its idle poll rate the moment nobody is actually looking.
+document.addEventListener('visibilitychange', () => {
+    if (document.hidden) closeStream();
+    else if (!paused) openStream();
+});
+window.addEventListener('beforeunload', closeStream);
+
 initChart();
-prefill();
-backfill();
-setInterval(prefill, 15000);   // cache poll — read-only, no device contention
+prefill();      // instant first paint from cache
+backfill();     // seed the chart trail
+openStream();   // then upgrade to the live feed
 </script>
 {% endif %}
 {% endblock %}
-- 
2.52.0


From b971d1906805e6cb24af5b9109db8b746043dac3 Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 03:33:42 +0000
Subject: [PATCH 11/27] feat(portal): tile headline is Leq, not Lp; note
 live-map for M2

Lp (instantaneous) twitches every reading and makes a poor at-a-glance headline;
Leq (energy-average) is the stable, standard sound-monitoring/compliance metric.
Overview tiles now lead with Leq. Design doc: live project map (status-colored
pins + current-reading popups) recorded as an M2 item; headline-metric rationale
noted.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 docs/CLIENT_PORTAL.md          | 11 ++++++++++-
 templates/portal/overview.html | 10 +++++-----
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/docs/CLIENT_PORTAL.md b/docs/CLIENT_PORTAL.md
index 0fc2e88..c489567 100644
--- a/docs/CLIENT_PORTAL.md
+++ b/docs/CLIENT_PORTAL.md
@@ -118,10 +118,19 @@ live data, all from cache.
       page or a script for now).
 
 ### M2 — Dashboard + alerts
-- Richer client dashboard (multi-location at-a-glance, map, status rollup).
+- Richer client dashboard (multi-location at-a-glance, status rollup).
+- **Live project map** — upgrade the overview's basic location pins into a real
+  project map: pins colored by measuring/level, popups showing each location's
+  current reading, centered/zoomed to the project. (M1 ships the plain pin map;
+  this makes it a live status map.)
 - Surface each location's **threshold-alert status** (read-only) + an event/inbox
   view. Leans on the SLMM alert engine + dispatch.
 
+### Notes carried from M1
+- Tile headline metric is **Leq** (energy-average, the sound-monitoring compliance
+  metric) — chosen over the twitchy instantaneous Lp. If clients ever want a
+  different headline (e.g. Lmax for peaks), make it a per-deployment setting.
+
 ### M3 — Reports
 - Client-facing list + download of the daily baseline-comparison reports.
 - Depends on the FTP report pipeline (`feat/ftp-report-pipeline`) landing and
diff --git a/templates/portal/overview.html b/templates/portal/overview.html
index a5b0994..57539be 100644
--- a/templates/portal/overview.html
+++ b/templates/portal/overview.html
@@ -20,8 +20,8 @@
         </div>
         <div class="text-xs text-gray-400 mt-0.5 truncate">{{ loc.address or loc.project_name or '' }}</div>
         <div class="mt-3 flex items-baseline gap-1">
-            <span class="loc-lp text-3xl font-bold text-seismo-orange">--</span>
-            <span class="text-sm text-gray-400">dB Lp</span>
+            <span class="loc-leq text-3xl font-bold text-seismo-orange">--</span>
+            <span class="text-sm text-gray-400">dB Leq</span>
         </div>
         <div class="loc-fresh text-xs text-gray-500 mt-1">&nbsp;</div>
     </a>
@@ -51,7 +51,7 @@ function fmtAgo(iso) {
 async function loadTile(loc) {
     const el = document.querySelector(`.loc-tile[data-loc="${loc.id}"]`);
     if (!el) return;
-    const lp = el.querySelector('.loc-lp'), badge = el.querySelector('.loc-badge'),
+    const leq = el.querySelector('.loc-leq'), badge = el.querySelector('.loc-badge'),
           fresh = el.querySelector('.loc-fresh');
     try {
         const j = await (await fetch(`/portal/api/location/${encodeURIComponent(loc.id)}/live`)).json();
@@ -60,10 +60,10 @@ async function loadTile(loc) {
         if (!d) {
             badge.textContent = j.reason === 'no_device' ? 'No device' : 'Offline';
             badge.className = 'loc-badge shrink-0 px-2 py-0.5 text-xs rounded-full bg-slate-700 text-gray-300';
-            lp.textContent = '--'; fresh.innerHTML = '&nbsp;';
+            leq.textContent = '--'; fresh.innerHTML = '&nbsp;';
             return;
         }
-        lp.textContent = (d.lp == null || d.lp === '') ? '--' : d.lp;
+        leq.textContent = (d.leq == null || d.leq === '') ? '--' : d.leq;
         const measuring = d.measurement_state === 'Start' || d.measurement_state === 'Measure';
         badge.textContent = measuring ? '● Live' : 'Stopped';
         badge.className = 'loc-badge shrink-0 px-2 py-0.5 text-xs rounded-full ' +
-- 
2.52.0


From 5455d3a9315563d538480accd10d22c54057fa75 Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 03:40:17 +0000
Subject: [PATCH 12/27] style(portal): overview map uses dot markers, matching
 the internal project map

Swap Leaflet's default teardrop pins for L.circleMarker (radius 8, seismo-orange
fill, white border) + a name tooltip, same as partials/projects/location_map.html.
Also disables scroll-wheel zoom to match.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 templates/portal/overview.html | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/templates/portal/overview.html b/templates/portal/overview.html
index 57539be..acd82f6 100644
--- a/templates/portal/overview.html
+++ b/templates/portal/overview.html
@@ -81,14 +81,18 @@ const withCoords = LOCATIONS.filter(l => l.coordinates);
 if (withCoords.length) {
     const mapEl = document.getElementById('loc-map');
     mapEl.classList.remove('hidden');
-    const map = L.map('loc-map');
+    const map = L.map('loc-map', { scrollWheelZoom: false });
     L.tileLayer('https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png',
         { maxZoom: 19, attribution: '© OpenStreetMap' }).addTo(map);
     const pts = [];
     withCoords.forEach(l => {
         const [la, lo] = (l.coordinates || '').split(',').map(Number);
         if (!isNaN(la) && !isNaN(lo)) {
-            L.marker([la, lo]).addTo(map).bindPopup(l.name);
+            // Same dot style as the internal project map (circleMarker, not a pin).
+            L.circleMarker([la, lo], {
+                radius: 8, fillColor: '#f48b1c', color: '#fff',
+                weight: 2, opacity: 1, fillOpacity: 0.9,
+            }).addTo(map).bindTooltip(l.name, { direction: 'top', offset: [0, -6] });
             pts.push([la, lo]);
         }
     });
-- 
2.52.0


From b908f394ed8f937d735689f4132e692806baf76b Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 06:05:09 +0000
Subject: [PATCH 13/27] =?UTF-8?q?feat(portal):=20M2a=20=E2=80=94=20live=20?=
 =?UTF-8?q?status=20map=20+=20status=20rollup=20on=20the=20overview?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reuses the existing per-location /live fetch (no backend change):
- Map dots recolor live by current level (green/amber/red bands, grey when
  not measuring/offline) and the tooltip shows the live Leq. Bands are
  placeholders until M2 alert thresholds drive the color.
- Status rollup header: total locations, # live vs offline, and a "Loudest now"
  Leq callout. Aggregated each 15s refresh.

Refactored the refresh into refreshAll() (Promise.all over loadTile -> updateRollup);
loadTile now also feeds liveState + recolors the matching map dot.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 templates/portal/overview.html | 124 +++++++++++++++++++++++++++------
 1 file changed, 103 insertions(+), 21 deletions(-)

diff --git a/templates/portal/overview.html b/templates/portal/overview.html
index acd82f6..4f01d3d 100644
--- a/templates/portal/overview.html
+++ b/templates/portal/overview.html
@@ -8,6 +8,22 @@
 <p class="text-gray-400 text-sm mb-6">Live sound levels for your active locations. Read-only.</p>
 
 {% if locations %}
+<!-- Status rollup (filled live from the per-location /live fetches) -->
+<div id="rollup" class="hidden mb-5 flex flex-wrap items-center gap-2 text-sm">
+    <span class="inline-flex items-center gap-1.5 px-3 py-1.5 rounded-lg bg-slate-800/60 border border-slate-700">
+        <span class="text-gray-400">Locations</span><b id="r-total" class="text-gray-100">&ndash;</b>
+    </span>
+    <span class="inline-flex items-center gap-1.5 px-3 py-1.5 rounded-lg bg-slate-800/60 border border-slate-700">
+        <span class="w-2 h-2 rounded-full bg-green-500"></span><b id="r-live">&ndash;</b><span class="text-gray-400">live</span>
+    </span>
+    <span class="inline-flex items-center gap-1.5 px-3 py-1.5 rounded-lg bg-slate-800/60 border border-slate-700">
+        <span class="w-2 h-2 rounded-full bg-slate-500"></span><b id="r-off">&ndash;</b><span class="text-gray-400">offline</span>
+    </span>
+    <span id="r-peak-wrap" class="hidden inline-flex items-center gap-1.5 px-3 py-1.5 rounded-lg bg-slate-800/60 border border-slate-700">
+        <span class="text-gray-400">Loudest now</span><b id="r-peak" class="text-seismo-orange">&ndash;</b><span class="text-gray-400">dB Leq &middot;</span><span id="r-peak-loc" class="text-gray-300"></span>
+    </span>
+</div>
+
 <div id="loc-map" class="h-64 rounded-xl overflow-hidden mb-6 hidden border border-slate-700"></div>
 
 <div class="grid sm:grid-cols-2 lg:grid-cols-3 gap-4">
@@ -38,6 +54,20 @@
 <script src="https://unpkg.com/leaflet@1.9.4/dist/leaflet.js"></script>
 <script>
 const LOCATIONS = {{ locations|tojson }};
+const liveState = {};          // loc.id -> {status, leq(num|null), leqStr}
+const markersById = {};        // loc.id -> circleMarker (for live recolor)
+
+// Dot/level color. Bands are placeholders until per-location alert thresholds
+// exist (M2 alerts will color by threshold breach instead).
+const LEVEL_AMBER = 55, LEVEL_RED = 70;
+const COLOR_IDLE = '#64748b';  // slate-500 — not producing a live level
+function levelColor(st) {
+    if (!st || st.status !== 'measuring' || st.leq == null) return COLOR_IDLE;
+    if (st.leq >= LEVEL_RED) return '#ef4444';    // red-500
+    if (st.leq >= LEVEL_AMBER) return '#f59e0b';  // amber-500
+    return '#22c55e';                              // green-500
+}
+function num(v) { const f = parseFloat(v); return isNaN(f) ? null : f; }
 
 function fmtAgo(iso) {
     if (!iso) return '';
@@ -48,35 +78,84 @@ function fmtAgo(iso) {
     return 'updated ' + Math.round(s / 3600) + 'h ago';
 }
 
+function updateMarker(loc) {
+    const m = markersById[loc.id]; if (!m) return;
+    const st = liveState[loc.id];
+    m.setStyle({ fillColor: levelColor(st) });
+    let label = loc.name;
+    if (st) {
+        if (st.status === 'measuring') label += ` &middot; ${st.leqStr} dB Leq`;
+        else if (st.status === 'stopped') label += ' &middot; stopped';
+        else if (st.status === 'nodevice') label += ' &middot; no device';
+        else label += ' &middot; offline';
+    }
+    m.setTooltipContent(label);
+}
+
 async function loadTile(loc) {
     const el = document.querySelector(`.loc-tile[data-loc="${loc.id}"]`);
-    if (!el) return;
-    const leq = el.querySelector('.loc-leq'), badge = el.querySelector('.loc-badge'),
-          fresh = el.querySelector('.loc-fresh');
+    const leqEl = el && el.querySelector('.loc-leq'),
+          badge = el && el.querySelector('.loc-badge'),
+          fresh = el && el.querySelector('.loc-fresh');
     try {
         const j = await (await fetch(`/portal/api/location/${encodeURIComponent(loc.id)}/live`)).json();
         const d = j.data;
-        badge.classList.remove('hidden');
         if (!d) {
-            badge.textContent = j.reason === 'no_device' ? 'No device' : 'Offline';
-            badge.className = 'loc-badge shrink-0 px-2 py-0.5 text-xs rounded-full bg-slate-700 text-gray-300';
-            leq.textContent = '--'; fresh.innerHTML = '&nbsp;';
-            return;
+            liveState[loc.id] = { status: j.reason === 'no_device' ? 'nodevice' : 'offline', leq: null };
+            if (badge) {
+                badge.classList.remove('hidden');
+                badge.textContent = j.reason === 'no_device' ? 'No device' : 'Offline';
+                badge.className = 'loc-badge shrink-0 px-2 py-0.5 text-xs rounded-full bg-slate-700 text-gray-300';
+            }
+            if (leqEl) leqEl.textContent = '--';
+            if (fresh) fresh.innerHTML = '&nbsp;';
+        } else {
+            const measuring = d.measurement_state === 'Start' || d.measurement_state === 'Measure';
+            const leqStr = (d.leq == null || d.leq === '') ? '--' : d.leq;
+            liveState[loc.id] = { status: measuring ? 'measuring' : 'stopped', leq: num(d.leq), leqStr };
+            if (leqEl) leqEl.textContent = leqStr;
+            if (badge) {
+                badge.classList.remove('hidden');
+                badge.textContent = measuring ? '● Live' : 'Stopped';
+                badge.className = 'loc-badge shrink-0 px-2 py-0.5 text-xs rounded-full ' +
+                    (measuring ? 'bg-green-900/40 text-green-300' : 'bg-slate-700 text-gray-300');
+            }
+            if (fresh) fresh.textContent = fmtAgo(d.last_seen);
         }
-        leq.textContent = (d.leq == null || d.leq === '') ? '--' : d.leq;
-        const measuring = d.measurement_state === 'Start' || d.measurement_state === 'Measure';
-        badge.textContent = measuring ? '● Live' : 'Stopped';
-        badge.className = 'loc-badge shrink-0 px-2 py-0.5 text-xs rounded-full ' +
-            (measuring ? 'bg-green-900/40 text-green-300' : 'bg-slate-700 text-gray-300');
-        fresh.textContent = fmtAgo(d.last_seen);
     } catch (e) { /* leave placeholders */ }
+    updateMarker(loc);
 }
 
-function refreshTiles() { LOCATIONS.forEach(loadTile); }
-refreshTiles();
-setInterval(refreshTiles, 15000);
+function updateRollup() {
+    const total = LOCATIONS.length;
+    let live = 0, off = 0, peak = null, peakStr = null, peakLoc = null;
+    for (const l of LOCATIONS) {
+        const s = liveState[l.id]; if (!s) continue;
+        if (s.status === 'measuring') {
+            live++;
+            if (s.leq != null && (peak == null || s.leq > peak)) { peak = s.leq; peakStr = s.leqStr; peakLoc = l.name; }
+        } else if (s.status === 'offline' || s.status === 'nodevice') off++;
+    }
+    document.getElementById('r-total').textContent = total;
+    document.getElementById('r-live').textContent = live;
+    document.getElementById('r-off').textContent = off;
+    const pw = document.getElementById('r-peak-wrap');
+    if (peak != null) {
+        pw.classList.remove('hidden');
+        document.getElementById('r-peak').textContent = peakStr;
+        document.getElementById('r-peak-loc').textContent = peakLoc;
+    } else pw.classList.add('hidden');
+    document.getElementById('rollup').classList.remove('hidden');
+}
 
-// Map of locations that have coordinates
+async function refreshAll() {
+    await Promise.all(LOCATIONS.map(loadTile));
+    updateRollup();
+}
+refreshAll();
+setInterval(refreshAll, 15000);
+
+// Map of locations that have coordinates — dots recolor live via updateMarker().
 const withCoords = LOCATIONS.filter(l => l.coordinates);
 if (withCoords.length) {
     const mapEl = document.getElementById('loc-map');
@@ -88,9 +167,10 @@ if (withCoords.length) {
     withCoords.forEach(l => {
         const [la, lo] = (l.coordinates || '').split(',').map(Number);
         if (!isNaN(la) && !isNaN(lo)) {
-            // Same dot style as the internal project map (circleMarker, not a pin).
-            L.circleMarker([la, lo], {
-                radius: 8, fillColor: '#f48b1c', color: '#fff',
+            // Same dot style as the internal project map (circleMarker, not a pin),
+            // but recolored live by current level.
+            markersById[l.id] = L.circleMarker([la, lo], {
+                radius: 8, fillColor: levelColor(liveState[l.id]), color: '#fff',
                 weight: 2, opacity: 1, fillOpacity: 0.9,
             }).addTo(map).bindTooltip(l.name, { direction: 'top', offset: [0, -6] });
             pts.push([la, lo]);
@@ -98,6 +178,8 @@ if (withCoords.length) {
     });
     if (pts.length) map.fitBounds(pts, { padding: [30, 30], maxZoom: 15 });
     else mapEl.classList.add('hidden');
+    // Paint dots with whatever live data has already arrived.
+    LOCATIONS.forEach(updateMarker);
 }
 </script>
 {% endblock %}
-- 
2.52.0


From 2da9493cb58ef4478dc9a9197e112caece75c65f Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 17:11:34 +0000
Subject: [PATCH 14/27] =?UTF-8?q?feat(portal):=20"Copy=20client=20link"=20?=
 =?UTF-8?q?=E2=80=94=20generate/copy/revoke=20shareable=20links=20from=20t?=
 =?UTF-8?q?he=20project=20page?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

No-CLI way to get a real shareable magic link (/portal/enter/<token>) for a
project's client. Project page gets a "Copy client link" button next to the
preview; opens a modal that lists active links (with revoke), generates a fresh
one, and copies it to the clipboard.

Backend (operator, internal /projects/*):
- POST /projects/{id}/portal-link  -> mint a fresh token, return the full URL
  (built from request.base_url so it uses the operator's host).
- GET  /projects/{id}/portal-links -> list active links (label/created/last-used).
- POST /projects/{id}/portal-link/{tid}/revoke -> revoke one (scoped to the
  project's client).

Refactor: split ensure_project_client() + mint_link_token() out of
provision_preview_session() so minting a shareable link and the preview cookie
share one provisioning path.

Verified: ensure/mint persistence across commits + sessions, minted link resolves,
token stored hashed, second mint = distinct active link (4/4); compiles; share
script balances; detail.html parses.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 backend/main.py                |  54 ++++++++++++++
 backend/portal_auth.py         |  32 ++++++---
 templates/projects/detail.html | 128 ++++++++++++++++++++++++++++++---
 3 files changed, 195 insertions(+), 19 deletions(-)

diff --git a/backend/main.py b/backend/main.py
index 5305c37..cad523a 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -432,6 +432,60 @@ async def project_portal_preview(project_id: str, db: Session = Depends(get_db))
     return resp
 
 
+@app.post("/projects/{project_id}/portal-link")
+async def project_portal_link_create(project_id: str, request: Request, db: Session = Depends(get_db)):
+    """Mint a fresh shareable client link for this project's client. Returns the
+    full /portal/enter/<token> URL (shown once). Operator-only (internal app)."""
+    from backend.models import Project
+    from backend.portal_auth import ensure_project_client, mint_link_token
+    project = db.query(Project).filter_by(id=project_id).first()
+    if not project:
+        return JSONResponse(status_code=404, content={"detail": "Project not found"})
+    client = ensure_project_client(project, db)
+    raw = mint_link_token(client, db, label="shared link")
+    url = str(request.base_url).rstrip("/") + f"/portal/enter/{raw}"
+    return {"url": url, "client_name": client.name}
+
+
+@app.get("/projects/{project_id}/portal-links")
+async def project_portal_links_list(project_id: str, db: Session = Depends(get_db)):
+    """List active (non-revoked) shareable links for this project's client."""
+    from backend.models import Project, ClientAccessToken, Client
+    project = db.query(Project).filter_by(id=project_id).first()
+    if not project or not project.client_id:
+        return {"client_name": None, "links": []}
+    client = db.query(Client).filter_by(id=project.client_id).first()
+    toks = (db.query(ClientAccessToken)
+            .filter_by(client_id=project.client_id, revoked_at=None)
+            .order_by(ClientAccessToken.created_at.desc()).all())
+    return {
+        "client_name": client.name if client else None,
+        "links": [{
+            "id": t.id, "label": t.label,
+            "created_at": t.created_at.isoformat() if t.created_at else None,
+            "last_used_at": t.last_used_at.isoformat() if t.last_used_at else None,
+        } for t in toks],
+    }
+
+
+@app.post("/projects/{project_id}/portal-link/{token_id}/revoke")
+async def project_portal_link_revoke(project_id: str, token_id: str, db: Session = Depends(get_db)):
+    """Revoke one shareable link (scoped to this project's client). Kills the link
+    and any live session minted from it on the next request."""
+    from datetime import datetime as _dt
+    from backend.models import Project, ClientAccessToken
+    project = db.query(Project).filter_by(id=project_id).first()
+    if not project or not project.client_id:
+        return JSONResponse(status_code=404, content={"detail": "Not found"})
+    tok = db.query(ClientAccessToken).filter_by(id=token_id, client_id=project.client_id).first()
+    if not tok:
+        return JSONResponse(status_code=404, content={"detail": "Link not found"})
+    if not tok.revoked_at:
+        tok.revoked_at = _dt.utcnow()
+        db.commit()
+    return {"ok": True}
+
+
 @app.get("/projects/{project_id}/nrl/{location_id}", response_class=HTMLResponse)
 async def nrl_detail_page(
     request: Request,
diff --git a/backend/portal_auth.py b/backend/portal_auth.py
index ac52ae7..cb4dc8c 100644
--- a/backend/portal_auth.py
+++ b/backend/portal_auth.py
@@ -120,15 +120,10 @@ def resolve_token(raw_token: str, db: Session):
     return tok, client
 
 
-def provision_preview_session(project, db) -> str:
-    """Testing convenience (operator-side): ensure a Client + access token exist for
-    a project so an operator can preview the client portal without the CLI. Returns
-    the token id to seal into a session cookie.
-
-    Reuses the project's linked client if it has one; otherwise creates/uses a
-    per-project 'preview-<id>' client. Only sets project.client_id when it's unset,
-    so previewing never clobbers a real client link. The token's raw secret is
-    discarded (preview rides the cookie, not a magic link)."""
+def ensure_project_client(project, db) -> Client:
+    """Find or create the Client for a project. Reuses the project's linked client
+    if it has one; otherwise creates/uses a per-project 'preview-<id>' client and
+    sets project.client_id (only when unset, so it never clobbers a real link)."""
     client = None
     if project.client_id:
         client = db.query(Client).filter_by(id=project.client_id, active=True).first()
@@ -143,6 +138,25 @@ def provision_preview_session(project, db) -> str:
             db.flush()
         if not project.client_id:
             project.client_id = client.id
+    return client
+
+
+def mint_link_token(client, db, label=None) -> str:
+    """Mint a fresh access token for a client and return the RAW secret (caller
+    builds the /portal/enter/<raw> URL and shows it once). Only the hash is stored."""
+    raw = secrets.token_urlsafe(32)
+    db.add(ClientAccessToken(id=str(uuid.uuid4()), client_id=client.id,
+                             token_hash=hash_token(raw), label=label))
+    db.commit()
+    return raw
+
+
+def provision_preview_session(project, db) -> str:
+    """Operator preview shortcut: ensure a Client + access token exist for a project
+    and return a token id to seal into a session cookie (no shared link). Reuses an
+    existing token so repeat previews don't accumulate clutter; the raw secret is
+    discarded (preview rides the cookie)."""
+    client = ensure_project_client(project, db)
     tok = db.query(ClientAccessToken).filter_by(client_id=client.id, revoked_at=None).first()
     if tok is None:
         tok = ClientAccessToken(id=str(uuid.uuid4()), client_id=client.id,
diff --git a/templates/projects/detail.html b/templates/projects/detail.html
index 1542c2f..94675ed 100644
--- a/templates/projects/detail.html
+++ b/templates/projects/detail.html
@@ -18,16 +18,27 @@
         <span class="text-gray-900 dark:text-white font-medium" id="project-name-breadcrumb">Project</span>
     </nav>
 
-    <!-- Preview the client portal for this project (opens scoped, read-only) -->
-    <a href="/projects/{{ project_id }}/portal-preview" target="_blank" rel="noopener"
-       class="shrink-0 inline-flex items-center gap-1.5 px-3 py-1.5 text-sm rounded-lg border border-seismo-orange/40 bg-seismo-orange/10 text-seismo-orange hover:bg-seismo-orange/20 transition-colors"
-       title="Preview this project's client portal in a new tab">
-        <svg class="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 12a3 3 0 11-6 0 3 3 0 016 0z"></path>
-            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M2.458 12C3.732 7.943 7.523 5 12 5c4.478 0 8.268 2.943 9.542 7-1.274 4.057-5.064 7-9.542 7-4.477 0-8.268-2.943-9.542-7z"></path>
-        </svg>
-        View client portal
-    </a>
+    <!-- Client portal actions for this project -->
+    <div class="shrink-0 flex items-center gap-2">
+        <button type="button" onclick="openShareModal()"
+                class="inline-flex items-center gap-1.5 px-3 py-1.5 text-sm rounded-lg border border-slate-600 bg-slate-700/40 text-gray-200 hover:bg-slate-700 transition-colors"
+                title="Get a shareable link to this project's client portal">
+            <svg class="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13.828 10.172a4 4 0 010 5.656l-3 3a4 4 0 11-5.656-5.656l1.5-1.5"></path>
+                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10.172 13.828a4 4 0 010-5.656l3-3a4 4 0 115.656 5.656l-1.5 1.5"></path>
+            </svg>
+            Copy client link
+        </button>
+        <a href="/projects/{{ project_id }}/portal-preview" target="_blank" rel="noopener"
+           class="inline-flex items-center gap-1.5 px-3 py-1.5 text-sm rounded-lg border border-seismo-orange/40 bg-seismo-orange/10 text-seismo-orange hover:bg-seismo-orange/20 transition-colors"
+           title="Preview this project's client portal in a new tab">
+            <svg class="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 12a3 3 0 11-6 0 3 3 0 016 0z"></path>
+                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M2.458 12C3.732 7.943 7.523 5 12 5c4.478 0 8.268 2.943 9.542 7-1.274 4.057-5.064 7-9.542 7-4.477 0-8.268-2.943-9.542-7z"></path>
+            </svg>
+            View client portal
+        </a>
+    </div>
 </div>
 
 <!-- Header (loads dynamically) -->
@@ -2085,5 +2096,102 @@ document.addEventListener('DOMContentLoaded', function() {
     }
 });
 
+</script>
+
+<!-- Share client portal link modal -->
+<div id="share-modal" class="hidden fixed inset-0 z-50 flex items-center justify-center bg-black/50 p-4"
+     onclick="if(event.target===this)closeShareModal()">
+    <div class="bg-white dark:bg-slate-800 rounded-xl shadow-xl w-full max-w-lg p-6">
+        <div class="flex items-center justify-between mb-1">
+            <h3 class="text-lg font-semibold text-gray-900 dark:text-white">Client portal link</h3>
+            <button onclick="closeShareModal()" class="text-gray-400 hover:text-gray-600 dark:hover:text-gray-200">
+                <svg class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"/></svg>
+            </button>
+        </div>
+        <p class="text-sm text-gray-500 dark:text-gray-400 mb-4">
+            Anyone with a link can view this project's client portal (read-only). Links are revocable.
+        </p>
+
+        <div id="share-new" class="hidden mb-4">
+            <label class="block text-xs text-gray-500 dark:text-gray-400 mb-1">New link &mdash; copy it now</label>
+            <div class="flex gap-2">
+                <input id="share-new-url" readonly
+                       class="flex-1 px-3 py-2 text-sm rounded-lg border border-slate-300 dark:border-slate-600 bg-gray-50 dark:bg-slate-900 text-gray-800 dark:text-gray-200" />
+                <button onclick="copyShareUrl(this)" class="px-3 py-2 text-sm rounded-lg bg-seismo-orange text-white hover:bg-orange-600">Copy</button>
+            </div>
+        </div>
+
+        <div class="flex items-center justify-between mb-2">
+            <span class="text-xs font-medium text-gray-500 dark:text-gray-400 uppercase tracking-wide">Active links</span>
+            <button onclick="generateShareLink()" class="text-sm text-seismo-orange hover:text-seismo-navy font-medium">+ Generate new link</button>
+        </div>
+        <div id="share-list" class="space-y-2 max-h-56 overflow-y-auto"></div>
+    </div>
+</div>
+
+<script>
+const SHARE_PROJECT_ID = "{{ project_id }}";
+function openShareModal() {
+    document.getElementById('share-modal').classList.remove('hidden');
+    document.getElementById('share-new').classList.add('hidden');
+    loadShareLinks();
+}
+function closeShareModal() { document.getElementById('share-modal').classList.add('hidden'); }
+
+async function loadShareLinks() {
+    const list = document.getElementById('share-list');
+    list.innerHTML = '<div class="text-sm text-gray-400">Loading…</div>';
+    try {
+        const j = await (await fetch(`/projects/${SHARE_PROJECT_ID}/portal-links`)).json();
+        if (!j.links || !j.links.length) {
+            list.innerHTML = '<div class="text-sm text-gray-400">No links yet — generate one above.</div>';
+            return;
+        }
+        list.innerHTML = '';
+        for (const l of j.links) {
+            const last = l.last_used_at ? ('last used ' + new Date(l.last_used_at + 'Z').toLocaleString()) : 'never used';
+            const row = document.createElement('div');
+            row.className = 'flex items-center justify-between gap-2 px-3 py-2 rounded-lg border border-slate-200 dark:border-slate-700';
+            row.innerHTML = `<div class="text-sm min-w-0">
+                <div class="text-gray-800 dark:text-gray-200 truncate">${l.label || 'Link'}</div>
+                <div class="text-xs text-gray-400">${last}</div></div>`;
+            const btn = document.createElement('button');
+            btn.className = 'shrink-0 text-xs text-red-600 hover:text-red-700';
+            btn.textContent = 'Revoke';
+            btn.onclick = () => revokeShareLink(l.id);
+            row.appendChild(btn);
+            list.appendChild(row);
+        }
+    } catch (e) {
+        list.innerHTML = '<div class="text-sm text-red-500">Failed to load links.</div>';
+    }
+}
+
+async function generateShareLink() {
+    try {
+        const j = await (await fetch(`/projects/${SHARE_PROJECT_ID}/portal-link`, { method: 'POST' })).json();
+        if (j.url) {
+            document.getElementById('share-new').classList.remove('hidden');
+            document.getElementById('share-new-url').value = j.url;
+            loadShareLinks();
+        }
+    } catch (e) {
+        if (window.showToast) showToast('Failed to generate link', 'error');
+    }
+}
+
+function copyShareUrl(btn) {
+    const inp = document.getElementById('share-new-url');
+    inp.select();
+    const done = () => { btn.textContent = 'Copied!'; setTimeout(() => btn.textContent = 'Copy', 1500); };
+    if (navigator.clipboard) navigator.clipboard.writeText(inp.value).then(done).catch(() => { document.execCommand('copy'); done(); });
+    else { document.execCommand('copy'); done(); }
+}
+
+async function revokeShareLink(id) {
+    if (!confirm('Revoke this link? Anyone using it will be signed out on their next action.')) return;
+    try { await fetch(`/projects/${SHARE_PROJECT_ID}/portal-link/${id}/revoke`, { method: 'POST' }); loadShareLinks(); }
+    catch (e) { if (window.showToast) showToast('Failed to revoke', 'error'); }
+}
 </script>
 {% endblock %}
-- 
2.52.0


From bececafe78e92be3f6adb93ff17a9e8551bf6f9a Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 17:26:37 +0000
Subject: [PATCH 15/27] feat(portal): plain no-token "open" links for dev
 feedback (PORTAL_OPEN_LINKS)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds a frictionless shareable link so anyone can open a project's client portal
during dev without minting/copying a magic token. GET /portal/open/{project_id}
(gated by PORTAL_OPEN_LINKS) provisions the client session and lands on /portal;
lives under /portal so it works through a proxy exposing only /portal/*.

The project page's "Copy client link" modal now leads with this Quick share link
(amber, host taken from window.location.origin so it always matches the host you
copied it from — no more LAN-vs-public foot-gun). The token-based generate/list/
revoke stays below for the eventual secure path.

PORTAL_OPEN_LINKS defaults ON for the prototype (whole app is open anyway) and logs
a warning; set =false before real clients. The get_current_client seam is
untouched, so M4 auth still layers in front of the same routes regardless.

Verified: compiles, share script balances, detail.html parses, flag default
on / =false off.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 backend/main.py                |  5 +++--
 backend/portal_auth.py         |  9 +++++++++
 backend/routers/portal.py      | 23 +++++++++++++++++++++++
 templates/projects/detail.html | 23 +++++++++++++++++++++++
 4 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/backend/main.py b/backend/main.py
index cad523a..799d943 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -69,7 +69,7 @@ from backend.templates_config import templates
 # Client-portal auth: an unauthenticated portal request renders the access page
 # (HTML routes) or returns 401 JSON (/portal/api/* routes). Centralized so every
 # portal route can simply Depends(get_current_client).
-from backend.portal_auth import PortalAuthError
+from backend.portal_auth import PortalAuthError, PORTAL_OPEN_LINKS
 
 @app.exception_handler(PortalAuthError)
 async def portal_auth_handler(request: Request, exc: PortalAuthError):
@@ -409,7 +409,8 @@ async def project_detail_page(request: Request, project_id: str):
     """Project detail dashboard"""
     return templates.TemplateResponse("projects/detail.html", {
         "request": request,
-        "project_id": project_id
+        "project_id": project_id,
+        "portal_open_links": PORTAL_OPEN_LINKS,
     })
 
 
diff --git a/backend/portal_auth.py b/backend/portal_auth.py
index cb4dc8c..72537cc 100644
--- a/backend/portal_auth.py
+++ b/backend/portal_auth.py
@@ -40,6 +40,15 @@ if SECRET_KEY == "dev-insecure-change-me":
 COOKIE_NAME = "portal_session"
 COOKIE_MAX_AGE = 60 * 60 * 24 * 30  # 30 days
 
+# Dev convenience: plain, no-token portal links (/portal/open/{project_id}) so
+# anyone can open a client portal for feedback without minting a magic link.
+# Defaults ON for the current prototype (the whole app is open anyway); set
+# PORTAL_OPEN_LINKS=false before real clients are on the portal.
+PORTAL_OPEN_LINKS = os.getenv("PORTAL_OPEN_LINKS", "true").lower() in ("1", "true", "yes")
+if PORTAL_OPEN_LINKS:
+    logger.warning("[PORTAL] open links ENABLED — no-token /portal/open/* shareable links. "
+                   "Set PORTAL_OPEN_LINKS=false before real clients.")
+
 
 class PortalAuthError(Exception):
     """Raised by get_current_client when there's no valid portal session.
diff --git a/backend/routers/portal.py b/backend/routers/portal.py
index abbea7b..6af574e 100644
--- a/backend/routers/portal.py
+++ b/backend/routers/portal.py
@@ -24,6 +24,7 @@ from backend.models import Client, MonitoringLocation, Project, UnitAssignment
 from backend.templates_config import templates
 from backend.portal_auth import (
     get_current_client, client_from_cookie, make_session_cookie, resolve_token,
+    provision_preview_session, PORTAL_OPEN_LINKS,
     COOKIE_NAME, COOKIE_MAX_AGE,
 )
 
@@ -109,6 +110,28 @@ def portal_enter(token: str, request: Request, db: Session = Depends(get_db)):
     return resp
 
 
+@router.get("/open/{project_id}")
+def portal_open(project_id: str, request: Request, db: Session = Depends(get_db)):
+    """Dev-only plain shareable link: open a project's client portal with no token
+    (gated by PORTAL_OPEN_LINKS). Lets anyone with the URL view it for feedback —
+    sets the session cookie and lands on /portal. Lives under /portal so it works
+    through a reverse proxy that exposes only /portal/*."""
+    if not PORTAL_OPEN_LINKS:
+        return templates.TemplateResponse(
+            "portal/access_required.html", {"request": request, "reason": "required"},
+            status_code=404)
+    project = db.query(Project).filter_by(id=project_id).first()
+    if not project:
+        return templates.TemplateResponse(
+            "portal/access_required.html", {"request": request, "reason": "invalid"},
+            status_code=404)
+    token_id = provision_preview_session(project, db)
+    resp = RedirectResponse(url="/portal", status_code=303)
+    resp.set_cookie(COOKIE_NAME, make_session_cookie(token_id),
+                    max_age=COOKIE_MAX_AGE, httponly=True, samesite="lax")
+    return resp
+
+
 @router.get("/logout")
 def portal_logout():
     resp = RedirectResponse(url="/portal/access", status_code=303)
diff --git a/templates/projects/detail.html b/templates/projects/detail.html
index 94675ed..572493a 100644
--- a/templates/projects/detail.html
+++ b/templates/projects/detail.html
@@ -2112,6 +2112,19 @@ document.addEventListener('DOMContentLoaded', function() {
             Anyone with a link can view this project's client portal (read-only). Links are revocable.
         </p>
 
+        {% if portal_open_links %}
+        <!-- Dev quick link: plain, no-token URL anyone can open (PORTAL_OPEN_LINKS on) -->
+        <div class="mb-4 p-3 rounded-lg bg-amber-50 dark:bg-amber-900/20 border border-amber-200 dark:border-amber-800/50">
+            <label class="block text-xs font-medium text-amber-700 dark:text-amber-300 mb-1">Quick share link (dev — anyone can open, no login)</label>
+            <div class="flex gap-2">
+                <input id="open-url" readonly
+                       class="flex-1 px-3 py-2 text-sm rounded-lg border border-amber-300 dark:border-amber-700 bg-white dark:bg-slate-900 text-gray-800 dark:text-gray-200" />
+                <button onclick="copyOpenUrl(this)" class="px-3 py-2 text-sm rounded-lg bg-seismo-orange text-white hover:bg-orange-600">Copy</button>
+            </div>
+            <p class="text-xs text-amber-600 dark:text-amber-400 mt-1">For feedback during development. Disable <code>PORTAL_OPEN_LINKS</code> before real clients.</p>
+        </div>
+        {% endif %}
+
         <div id="share-new" class="hidden mb-4">
             <label class="block text-xs text-gray-500 dark:text-gray-400 mb-1">New link &mdash; copy it now</label>
             <div class="flex gap-2">
@@ -2134,10 +2147,20 @@ const SHARE_PROJECT_ID = "{{ project_id }}";
 function openShareModal() {
     document.getElementById('share-modal').classList.remove('hidden');
     document.getElementById('share-new').classList.add('hidden');
+    const ou = document.getElementById('open-url');   // only present when PORTAL_OPEN_LINKS on
+    if (ou) ou.value = `${location.origin}/portal/open/${SHARE_PROJECT_ID}`;
     loadShareLinks();
 }
 function closeShareModal() { document.getElementById('share-modal').classList.add('hidden'); }
 
+function copyOpenUrl(btn) {
+    const inp = document.getElementById('open-url');
+    inp.select();
+    const done = () => { btn.textContent = 'Copied!'; setTimeout(() => btn.textContent = 'Copy', 1500); };
+    if (navigator.clipboard) navigator.clipboard.writeText(inp.value).then(done).catch(() => { document.execCommand('copy'); done(); });
+    else { document.execCommand('copy'); done(); }
+}
+
 async function loadShareLinks() {
     const list = document.getElementById('share-list');
     list.innerHTML = '<div class="text-sm text-gray-400">Loading…</div>';
-- 
2.52.0


From 29b974a1f7d7d61345f37189b5c142d571512e7c Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 18:01:27 +0000
Subject: [PATCH 16/27] =?UTF-8?q?feat(portal):=20M2b-1=20=E2=80=94=20alert?=
 =?UTF-8?q?=20rule=20config=20UI=20on=20the=20SLM=20detail=20page?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds an "Alerts" card to /slm/{id}: lists rules and a create/edit/delete form
(simple-first — "Alert when [Leq] is [above] [65] dB for [N] s", optional
time-of-day window + day picker, advanced hysteresis/cooldown collapsed). Talks
to the existing SLMM alert CRUD via the proxy (/api/slmm/{unit}/alerts/rules);
no SLMM changes. Rule changes invalidate the evaluator's cache server-side.

Verified: alerts script JS balances, slm_detail.html parses, and the TV proxy
forwards method + JSON body + query params for POST/PUT/DELETE.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 templates/slm_detail.html | 186 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 186 insertions(+)

diff --git a/templates/slm_detail.html b/templates/slm_detail.html
index 6a17ea8..def5ed4 100644
--- a/templates/slm_detail.html
+++ b/templates/slm_detail.html
@@ -112,4 +112,190 @@
         </div>
     </div>
 </div>
+
+<!-- Alerts -->
+<div class="bg-white dark:bg-slate-800 rounded-xl shadow-lg p-6 mt-6">
+    <div class="flex items-center justify-between mb-4">
+        <div>
+            <h2 class="text-xl font-semibold text-gray-900 dark:text-white">Alerts</h2>
+            <p class="text-xs text-gray-500 dark:text-gray-400">Threshold rules evaluated on this device's live feed.</p>
+        </div>
+        <button onclick="openAlertForm()" type="button"
+                class="px-3 py-1.5 text-sm rounded-lg bg-seismo-orange text-white hover:bg-orange-600">+ Add alert</button>
+    </div>
+
+    <div id="alert-rules-list" class="space-y-2"></div>
+
+    <!-- create / edit form -->
+    <div id="alert-form" class="hidden mt-4 p-4 rounded-lg border border-slate-200 dark:border-slate-700 bg-gray-50 dark:bg-slate-900/40">
+        <input type="hidden" id="ar-id">
+        <div class="grid sm:grid-cols-2 gap-3 mb-3">
+            <div>
+                <label class="block text-xs text-gray-500 dark:text-gray-400 mb-1">Name</label>
+                <input id="ar-name" type="text" placeholder="e.g. Night noise limit"
+                       class="w-full px-2 py-1.5 rounded border border-slate-300 dark:border-slate-600 bg-white dark:bg-slate-800 text-sm text-gray-800 dark:text-gray-200">
+            </div>
+            <label class="flex items-end gap-2 text-sm text-gray-700 dark:text-gray-300 pb-1">
+                <input type="checkbox" id="ar-enabled" checked class="rounded"> Enabled
+            </label>
+        </div>
+
+        <div class="flex flex-wrap items-center gap-2 text-sm text-gray-700 dark:text-gray-300">
+            <span>Alert when</span>
+            <select id="ar-metric" class="px-2 py-1.5 rounded border border-slate-300 dark:border-slate-600 bg-white dark:bg-slate-800">
+                <option value="leq">Leq</option><option value="lp">Lp</option>
+                <option value="lmax">Lmax</option><option value="lpeak">Lpeak</option>
+                <option value="ln1">L1</option><option value="ln2">L10</option>
+            </select>
+            <span>is</span>
+            <select id="ar-comparison" class="px-2 py-1.5 rounded border border-slate-300 dark:border-slate-600 bg-white dark:bg-slate-800">
+                <option value="above">above</option><option value="below">below</option>
+            </select>
+            <input id="ar-threshold" type="number" step="0.1" placeholder="65"
+                   class="w-20 px-2 py-1.5 rounded border border-slate-300 dark:border-slate-600 bg-white dark:bg-slate-800"> <span>dB</span>
+            <span>for</span>
+            <input id="ar-duration" type="number" min="0" value="0"
+                   class="w-20 px-2 py-1.5 rounded border border-slate-300 dark:border-slate-600 bg-white dark:bg-slate-800"> <span>seconds</span>
+        </div>
+
+        <div class="mt-3">
+            <label class="inline-flex items-center gap-2 text-sm text-gray-700 dark:text-gray-300">
+                <input type="checkbox" id="ar-sched-on" onchange="toggleSchedule()" class="rounded"> Only during certain hours
+            </label>
+            <div id="ar-sched" class="hidden mt-2 flex flex-wrap items-center gap-2 text-sm text-gray-700 dark:text-gray-300">
+                <span>from</span><input id="ar-start" type="time" class="px-2 py-1.5 rounded border border-slate-300 dark:border-slate-600 bg-white dark:bg-slate-800">
+                <span>to</span><input id="ar-end" type="time" class="px-2 py-1.5 rounded border border-slate-300 dark:border-slate-600 bg-white dark:bg-slate-800">
+                <span class="ml-2">on</span>
+                <span id="ar-days" class="flex gap-1"></span>
+            </div>
+        </div>
+
+        <details class="mt-3 text-sm text-gray-600 dark:text-gray-400">
+            <summary class="cursor-pointer select-none">Advanced</summary>
+            <div class="mt-2 flex flex-wrap items-center gap-3">
+                <span>Clear margin</span><input id="ar-margin" type="number" step="0.1" value="2"
+                    class="w-16 px-2 py-1 rounded border border-slate-300 dark:border-slate-600 bg-white dark:bg-slate-800"><span>dB (hysteresis)</span>
+                <span>Cooldown</span><input id="ar-cooldown" type="number" min="0" value="300"
+                    class="w-20 px-2 py-1 rounded border border-slate-300 dark:border-slate-600 bg-white dark:bg-slate-800"><span>s</span>
+            </div>
+        </details>
+
+        <div class="mt-4 flex gap-2">
+            <button onclick="saveAlertRule()" type="button" class="px-3 py-1.5 text-sm rounded-lg bg-seismo-orange text-white hover:bg-orange-600">Save</button>
+            <button onclick="closeAlertForm()" type="button" class="px-3 py-1.5 text-sm rounded-lg border border-slate-300 dark:border-slate-600 text-gray-700 dark:text-gray-300 hover:bg-gray-100 dark:hover:bg-slate-700">Cancel</button>
+        </div>
+    </div>
+</div>
+
+<script>
+const ALERT_UNIT = "{{ unit_id }}";
+const METRIC_LABELS = { leq: 'Leq', lp: 'Lp', lmax: 'Lmax', lpeak: 'Lpeak', ln1: 'L1', ln2: 'L10' };
+const DAY_LABELS = ['M', 'T', 'W', 'T', 'F', 'S', 'S'];  // Mon=0 .. Sun=6
+
+// Render the day checkboxes once.
+(function () {
+    const wrap = document.getElementById('ar-days');
+    DAY_LABELS.forEach((lbl, i) => {
+        const l = document.createElement('label');
+        l.className = 'inline-flex items-center gap-0.5';
+        l.innerHTML = `<input type="checkbox" id="ar-day-${i}" class="rounded"><span class="ml-0.5">${lbl}</span>`;
+        wrap.appendChild(l);
+    });
+})();
+
+function condText(r) {
+    const m = METRIC_LABELS[r.metric] || r.metric;
+    let s = `${m} ${r.comparison} ${r.threshold_db} dB`;
+    if (r.duration_s) s += ` for ${r.duration_s}s`;
+    if (r.schedule_start && r.schedule_end) s += ` · ${r.schedule_start}–${r.schedule_end}`;
+    return s;
+}
+
+function renderRule(r) {
+    const row = document.createElement('div');
+    row.className = 'flex items-center justify-between gap-2 px-3 py-2 rounded-lg border border-slate-200 dark:border-slate-700';
+    row.innerHTML = `<div class="min-w-0">
+        <div class="text-sm font-medium text-gray-800 dark:text-gray-200 truncate">${r.name}${r.enabled ? '' : ' <span class="text-xs text-gray-400">(disabled)</span>'}</div>
+        <div class="text-xs text-gray-500">${condText(r)}</div></div>
+        <div class="shrink-0 flex items-center gap-3 text-xs">
+            <button data-act="edit" class="text-seismo-orange hover:underline">Edit</button>
+            <button data-act="del" class="text-red-600 hover:underline">Delete</button>
+        </div>`;
+    row.querySelector('[data-act="edit"]').onclick = () => openAlertForm(r);
+    row.querySelector('[data-act="del"]').onclick = () => deleteAlertRule(r.id);
+    return row;
+}
+
+async function loadAlertRules() {
+    const list = document.getElementById('alert-rules-list');
+    try {
+        const j = await (await fetch(`/api/slmm/${ALERT_UNIT}/alerts/rules`)).json();
+        const rules = j.rules || [];
+        if (!rules.length) { list.innerHTML = '<div class="text-sm text-gray-400">No alerts configured.</div>'; return; }
+        list.innerHTML = '';
+        rules.forEach(r => list.appendChild(renderRule(r)));
+    } catch (e) { list.innerHTML = '<div class="text-sm text-red-500">Failed to load alerts.</div>'; }
+}
+
+function toggleSchedule() {
+    document.getElementById('ar-sched').classList.toggle('hidden', !document.getElementById('ar-sched-on').checked);
+}
+
+function openAlertForm(r) {
+    document.getElementById('alert-form').classList.remove('hidden');
+    document.getElementById('ar-id').value = r ? r.id : '';
+    document.getElementById('ar-name').value = r ? r.name : '';
+    document.getElementById('ar-metric').value = r ? r.metric : 'leq';
+    document.getElementById('ar-comparison').value = r ? r.comparison : 'above';
+    document.getElementById('ar-threshold').value = (r && r.threshold_db != null) ? r.threshold_db : '';
+    document.getElementById('ar-duration').value = r ? r.duration_s : 0;
+    document.getElementById('ar-enabled').checked = r ? r.enabled : true;
+    document.getElementById('ar-margin').value = r ? r.clear_margin_db : 2;
+    document.getElementById('ar-cooldown').value = r ? r.cooldown_s : 300;
+    const hasSched = !!(r && r.schedule_start && r.schedule_end);
+    document.getElementById('ar-sched-on').checked = hasSched;
+    document.getElementById('ar-start').value = hasSched ? r.schedule_start : '';
+    document.getElementById('ar-end').value = hasSched ? r.schedule_end : '';
+    const days = (r && r.schedule_days) ? r.schedule_days.split(',') : [];
+    DAY_LABELS.forEach((_, i) => { document.getElementById('ar-day-' + i).checked = days.includes(String(i)); });
+    toggleSchedule();
+}
+function closeAlertForm() { document.getElementById('alert-form').classList.add('hidden'); }
+
+async function saveAlertRule() {
+    const id = document.getElementById('ar-id').value;
+    const threshold = parseFloat(document.getElementById('ar-threshold').value);
+    if (isNaN(threshold)) { if (window.showToast) showToast('Enter a threshold', 'error'); return; }
+    const schedOn = document.getElementById('ar-sched-on').checked;
+    const days = DAY_LABELS.map((_, i) => document.getElementById('ar-day-' + i).checked ? i : null).filter(v => v !== null);
+    const payload = {
+        name: document.getElementById('ar-name').value || 'Alert',
+        metric: document.getElementById('ar-metric').value,
+        comparison: document.getElementById('ar-comparison').value,
+        threshold_db: threshold,
+        duration_s: parseInt(document.getElementById('ar-duration').value) || 0,
+        clear_margin_db: parseFloat(document.getElementById('ar-margin').value) || 2,
+        cooldown_s: parseInt(document.getElementById('ar-cooldown').value) || 300,
+        schedule_start: schedOn ? (document.getElementById('ar-start').value || null) : null,
+        schedule_end: schedOn ? (document.getElementById('ar-end').value || null) : null,
+        schedule_days: (schedOn && days.length) ? days.join(',') : null,
+        enabled: document.getElementById('ar-enabled').checked,
+    };
+    const url = id ? `/api/slmm/${ALERT_UNIT}/alerts/rules/${id}` : `/api/slmm/${ALERT_UNIT}/alerts/rules`;
+    try {
+        const r = await fetch(url, { method: id ? 'PUT' : 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(payload) });
+        if (!r.ok) throw new Error('save failed');
+        closeAlertForm(); loadAlertRules();
+        if (window.showToast) showToast('Alert saved', 'success');
+    } catch (e) { if (window.showToast) showToast('Failed to save alert', 'error'); }
+}
+
+async function deleteAlertRule(id) {
+    if (!confirm('Delete this alert rule?')) return;
+    try { await fetch(`/api/slmm/${ALERT_UNIT}/alerts/rules/${id}`, { method: 'DELETE' }); loadAlertRules(); }
+    catch (e) { if (window.showToast) showToast('Failed to delete', 'error'); }
+}
+
+loadAlertRules();
+</script>
 {% endblock %}
-- 
2.52.0


From 0914cf0a75326488c63d62939fcc4c80be7a547a Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 19:02:56 +0000
Subject: [PATCH 17/27] =?UTF-8?q?feat(portal):=20M2b-2=20=E2=80=94=20surfa?=
 =?UTF-8?q?ce=20alert=20state=20+=20breach=20history=20(internal=20+=20por?=
 =?UTF-8?q?tal)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Internal (SLM detail page): live alarm-state badge in the Alerts header
(● N active / ✓ all clear), a History list of fired events (onset → clear, peak
dB, ack status) with an Ack button, refreshed every 20s. Reads the existing SLMM
/alerts/events + /ack via the proxy.

Portal (client, read-only, scoped): new GET /portal/api/location/{id}/events —
ownership-gated, returns a scrubbed projection (rule_name/metric/threshold/onset/
peak/clear/status only; no internal ids or ack-by) plus an `active` count. The
location page shows a red "Currently above threshold" banner when active and a
read-only breach history, polled every 20s. No ack on the client side.

Verified: portal.py compiles; both scripts balance; both templates parse.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 backend/routers/portal.py      | 28 ++++++++++++
 templates/portal/location.html | 48 +++++++++++++++++++++
 templates/slm_detail.html      | 79 +++++++++++++++++++++++++++++++++-
 3 files changed, 154 insertions(+), 1 deletion(-)

diff --git a/backend/routers/portal.py b/backend/routers/portal.py
index 6af574e..6f86108 100644
--- a/backend/routers/portal.py
+++ b/backend/routers/portal.py
@@ -214,6 +214,34 @@ async def portal_location_history(location_id: str, hours: float = 2.0,
     return {"status": "ok", "readings": (r.json() or {}).get("readings", [])}
 
 
+# Whitelist of alert-event fields exposed to a client (no internal ids/ack-by).
+_PORTAL_EVENT_FIELDS = ("rule_name", "metric", "threshold_db", "onset_at",
+                        "onset_value", "peak_value", "clear_at", "status")
+
+
+@router.get("/api/location/{location_id}/events")
+async def portal_location_events(location_id: str, limit: int = 20,
+                                 client: Client = Depends(get_current_client),
+                                 db: Session = Depends(get_db)):
+    """Scrubbed breach history for a location the client owns (read-only)."""
+    resolve_client_location(client, location_id, db)
+    unit_id = active_unit_for_location(location_id, db)
+    if not unit_id:
+        return {"status": "ok", "events": []}
+    limit = max(1, min(limit, 100))
+    try:
+        async with httpx.AsyncClient(timeout=5.0) as hc:
+            r = await hc.get(f"{SLMM_BASE_URL}/api/nl43/{unit_id}/alerts/events",
+                             params={"limit": limit})
+    except Exception:
+        return {"status": "ok", "events": []}
+    if r.status_code != 200:
+        return {"status": "ok", "events": []}
+    raw = (r.json() or {}).get("events", [])
+    events = [{k: e.get(k) for k in _PORTAL_EVENT_FIELDS} for e in raw]
+    return {"status": "ok", "events": events, "active": sum(1 for e in events if e.get("status") == "active")}
+
+
 # -- live stream (fan-out feed, scoped + scrubbed) ---------------------------
 
 def _scrub_frame(raw: str) -> str:
diff --git a/templates/portal/location.html b/templates/portal/location.html
index 1a3148c..7ebe04e 100644
--- a/templates/portal/location.html
+++ b/templates/portal/location.html
@@ -16,6 +16,13 @@
     No device is currently assigned to this location.
 </div>
 {% else %}
+<div id="p-alarm-banner" class="hidden mb-4 px-4 py-3 rounded-lg bg-red-900/30 border border-red-700/50 text-red-200 text-sm flex items-center gap-2">
+    <svg class="w-5 h-5 shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
+              d="M12 9v2m0 4h.01M5.07 19h13.86c1.54 0 2.5-1.67 1.73-3L13.73 4a2 2 0 00-3.46 0L3.34 16c-.77 1.33.19 3 1.73 3z"/>
+    </svg>
+    <span id="p-alarm-text">Currently above threshold.</span>
+</div>
 <div class="grid grid-cols-2 sm:grid-cols-5 gap-3 mb-6">
     <div class="rounded-lg bg-slate-800/60 border border-slate-700 p-3">
         <div class="text-xs text-gray-400">Lp (Instant)</div>
@@ -48,6 +55,12 @@
         </button>
     </div>
 </div>
+
+<!-- Alert history (read-only) -->
+<div class="mt-6">
+    <h2 class="text-sm font-medium text-gray-400 mb-2">Alert history</h2>
+    <div id="p-events" class="space-y-2"></div>
+</div>
 {% endif %}
 {% endblock %}
 
@@ -203,10 +216,45 @@ document.addEventListener('visibilitychange', () => {
 });
 window.addEventListener('beforeunload', closeStream);
 
+// ---- alert history + current-alarm banner (read-only) --------------------
+const EV_METRIC = { leq: 'Leq', lp: 'Lp', lmax: 'Lmax', lpeak: 'Lpeak', ln1: 'L1', ln2: 'L10' };
+function fmtAlertTime(iso) { return iso ? new Date(iso.endsWith('Z') ? iso : iso + 'Z').toLocaleString() : ''; }
+
+async function loadEvents() {
+    try {
+        const j = await (await fetch(`/portal/api/location/${encodeURIComponent(LOC_ID)}/events?limit=20`)).json();
+        const events = j.events || [];
+        const banner = document.getElementById('p-alarm-banner');
+        if (j.active) {
+            banner.classList.remove('hidden');
+            document.getElementById('p-alarm-text').textContent =
+                j.active > 1 ? `${j.active} alerts currently active` : 'Currently above threshold.';
+        } else banner.classList.add('hidden');
+        const list = document.getElementById('p-events');
+        if (!events.length) { list.innerHTML = '<div class="text-sm text-gray-500">No alerts have fired.</div>'; return; }
+        list.innerHTML = '';
+        for (const e of events) {
+            const m = EV_METRIC[e.metric] || e.metric;
+            const active = e.status === 'active';
+            const when = active ? `since ${fmtAlertTime(e.onset_at)}`
+                                : `${fmtAlertTime(e.onset_at)} → ${fmtAlertTime(e.clear_at)}`;
+            const peak = (e.peak_value != null) ? ` · peak ${e.peak_value} dB` : '';
+            const row = document.createElement('div');
+            row.className = 'px-3 py-2 rounded-lg border text-sm ' +
+                (active ? 'border-red-700/60 bg-red-900/20 text-red-200' : 'border-slate-700 bg-slate-800/40 text-gray-300');
+            row.innerHTML = `<div>${e.rule_name || 'Alert'} <span class="text-xs text-gray-400">· ${m} ${e.threshold_db} dB</span></div>
+                <div class="text-xs text-gray-400">${when}${peak}</div>`;
+            list.appendChild(row);
+        }
+    } catch (e) { /* leave history as-is */ }
+}
+
 initChart();
 prefill();      // instant first paint from cache
 backfill();     // seed the chart trail
 openStream();   // then upgrade to the live feed
+loadEvents();
+setInterval(loadEvents, 20000);
 </script>
 {% endif %}
 {% endblock %}
diff --git a/templates/slm_detail.html b/templates/slm_detail.html
index def5ed4..abeccbe 100644
--- a/templates/slm_detail.html
+++ b/templates/slm_detail.html
@@ -117,7 +117,9 @@
 <div class="bg-white dark:bg-slate-800 rounded-xl shadow-lg p-6 mt-6">
     <div class="flex items-center justify-between mb-4">
         <div>
-            <h2 class="text-xl font-semibold text-gray-900 dark:text-white">Alerts</h2>
+            <h2 class="text-xl font-semibold text-gray-900 dark:text-white flex items-center gap-2">Alerts
+                <span id="alert-state-badge" class="hidden text-xs px-2 py-0.5 rounded-full"></span>
+            </h2>
             <p class="text-xs text-gray-500 dark:text-gray-400">Threshold rules evaluated on this device's live feed.</p>
         </div>
         <button onclick="openAlertForm()" type="button"
@@ -185,6 +187,15 @@
             <button onclick="closeAlertForm()" type="button" class="px-3 py-1.5 text-sm rounded-lg border border-slate-300 dark:border-slate-600 text-gray-700 dark:text-gray-300 hover:bg-gray-100 dark:hover:bg-slate-700">Cancel</button>
         </div>
     </div>
+
+    <!-- Alert history -->
+    <div class="mt-6 pt-4 border-t border-slate-200 dark:border-slate-700">
+        <div class="flex items-center justify-between mb-2">
+            <h3 class="text-sm font-medium text-gray-700 dark:text-gray-300">History</h3>
+            <button onclick="loadAlertEvents()" type="button" class="text-xs text-gray-400 hover:text-gray-600 dark:hover:text-gray-300">Refresh</button>
+        </div>
+        <div id="alert-events" class="space-y-2"></div>
+    </div>
 </div>
 
 <script>
@@ -296,6 +307,72 @@ async function deleteAlertRule(id) {
     catch (e) { if (window.showToast) showToast('Failed to delete', 'error'); }
 }
 
+// ---- alert history (events) ----------------------------------------------
+
+function fmtAlertTime(iso) {
+    if (!iso) return '';
+    return new Date(iso.endsWith('Z') ? iso : iso + 'Z').toLocaleString();
+}
+
+function updateAlertState(events) {
+    const badge = document.getElementById('alert-state-badge');
+    badge.classList.remove('hidden');
+    const active = events.filter(e => e.status === 'active').length;
+    if (active) {
+        badge.textContent = `● ${active} active`;
+        badge.className = 'text-xs px-2 py-0.5 rounded-full bg-red-100 text-red-700 dark:bg-red-900/40 dark:text-red-300';
+    } else {
+        badge.textContent = '✓ All clear';
+        badge.className = 'text-xs px-2 py-0.5 rounded-full bg-green-100 text-green-700 dark:bg-green-900/40 dark:text-green-300';
+    }
+}
+
+function renderEvent(e) {
+    const m = METRIC_LABELS[e.metric] || e.metric;
+    const active = e.status === 'active';
+    const row = document.createElement('div');
+    row.className = 'flex items-center justify-between gap-2 px-3 py-2 rounded-lg border ' +
+        (active ? 'border-red-300 dark:border-red-800 bg-red-50 dark:bg-red-900/20'
+                : 'border-slate-200 dark:border-slate-700');
+    const when = active ? `since ${fmtAlertTime(e.onset_at)}`
+                        : `${fmtAlertTime(e.onset_at)} → ${fmtAlertTime(e.clear_at)}`;
+    const peak = (e.peak_value != null) ? ` · peak ${e.peak_value} dB` : '';
+    const ack = e.acknowledged_at ? ` · ack'd${e.acknowledged_by ? ' by ' + e.acknowledged_by : ''}` : '';
+    row.innerHTML = `<div class="min-w-0">
+        <div class="text-sm truncate">
+            <span class="${active ? 'text-red-600 dark:text-red-400 font-medium' : 'text-gray-800 dark:text-gray-200'}">${e.rule_name || 'Alert'}</span>
+            <span class="text-xs text-gray-500"> · ${m} ${e.threshold_db} dB</span>
+        </div>
+        <div class="text-xs text-gray-500">${when}${peak}${ack}</div></div>`;
+    if (!e.acknowledged_at) {
+        const btn = document.createElement('button');
+        btn.className = 'shrink-0 text-xs text-seismo-orange hover:underline';
+        btn.textContent = 'Ack';
+        btn.onclick = () => ackEvent(e.id);
+        row.appendChild(btn);
+    }
+    return row;
+}
+
+async function loadAlertEvents() {
+    const list = document.getElementById('alert-events');
+    try {
+        const j = await (await fetch(`/api/slmm/${ALERT_UNIT}/alerts/events?limit=50`)).json();
+        const events = j.events || [];
+        updateAlertState(events);
+        if (!events.length) { list.innerHTML = '<div class="text-sm text-gray-400">No alerts have fired.</div>'; return; }
+        list.innerHTML = '';
+        events.forEach(e => list.appendChild(renderEvent(e)));
+    } catch (e) { list.innerHTML = '<div class="text-sm text-red-500">Failed to load history.</div>'; }
+}
+
+async function ackEvent(id) {
+    try { await fetch(`/api/slmm/${ALERT_UNIT}/alerts/events/${id}/ack`, { method: 'POST' }); loadAlertEvents(); }
+    catch (e) { if (window.showToast) showToast('Failed to acknowledge', 'error'); }
+}
+
 loadAlertRules();
+loadAlertEvents();
+setInterval(loadAlertEvents, 20000);   // surface new breaches / clears
 </script>
 {% endblock %}
-- 
2.52.0


From fa7dc39e5ef698728cf7d3ea951a71272765086a Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 19:36:16 +0000
Subject: [PATCH 18/27] =?UTF-8?q?feat(portal):=20M2b-3=20note=20=E2=80=94?=
 =?UTF-8?q?=20enabled=20alerts=20keep=20the=20device=20monitored=2024/7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

UI note on the SLM alerts card reflecting the SLMM keepalive coupling.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 templates/slm_detail.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/slm_detail.html b/templates/slm_detail.html
index abeccbe..3aa8fdf 100644
--- a/templates/slm_detail.html
+++ b/templates/slm_detail.html
@@ -120,7 +120,7 @@
             <h2 class="text-xl font-semibold text-gray-900 dark:text-white flex items-center gap-2">Alerts
                 <span id="alert-state-badge" class="hidden text-xs px-2 py-0.5 rounded-full"></span>
             </h2>
-            <p class="text-xs text-gray-500 dark:text-gray-400">Threshold rules evaluated on this device's live feed.</p>
+            <p class="text-xs text-gray-500 dark:text-gray-400">Threshold rules evaluated on this device's live feed. An enabled alert keeps the device monitored 24/7.</p>
         </div>
         <button onclick="openAlertForm()" type="button"
                 class="px-3 py-1.5 text-sm rounded-lg bg-seismo-orange text-white hover:bg-orange-600">+ Add alert</button>
-- 
2.52.0


From 4839d14a22e916711107d9a7c928ef58c0b8b81f Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 19:41:48 +0000
Subject: [PATCH 19/27] =?UTF-8?q?style(portal):=20field-instrument=20redes?=
 =?UTF-8?q?ign=20=E2=80=94=20shell=20+=20overview?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

A refined dark "field instrument" aesthetic for the client-facing portal:
- Type: Hanken Grotesk UI + IBM Plex Mono for readings (dB values feel like real
  instrumentation). Tabular numerals.
- Atmosphere: deep navy-black base with a navy/burgundy aurora and a faint fixed
  instrument grid; sticky blurred header with an animated signal-bars mark.
- Panel system (.panel/.panel-hover): translucent, hairline-lit, depth + hover
  lift. Pulsing live dot; staggered load reveal.
- Overview: mono Leq hero on each tile (colored by level when live), pill badges
  with the pulsing dot, rollup pills, dark CARTO map tiles, level-colored dots.

All live-data JS hook IDs preserved (verified). No backend change.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 templates/portal/base.html     | 126 ++++++++++++++++++++++++++++-----
 templates/portal/overview.html | 108 ++++++++++++++--------------
 2 files changed, 163 insertions(+), 71 deletions(-)

diff --git a/templates/portal/base.html b/templates/portal/base.html
index 25daa37..e771c96 100644
--- a/templates/portal/base.html
+++ b/templates/portal/base.html
@@ -1,43 +1,135 @@
 <!DOCTYPE html>
-<html lang="en" class="h-full dark">
+<html lang="en" class="h-full">
 <head>
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <title>{% block title %}Monitoring{% endblock %} · TMI</title>
 
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Hanken+Grotesk:wght@400;500;600;700;800&family=IBM+Plex+Mono:wght@400;500;600&display=swap" rel="stylesheet">
+
     <script src="https://cdn.tailwindcss.com"></script>
     <script>
         tailwind.config = {
-            darkMode: 'class',
-            theme: { extend: { colors: { seismo: {
-                orange: '#f48b1c', navy: '#142a66', burgundy: '#7d234d'
-            } } } }
+            theme: { extend: {
+                colors: { seismo: { orange: '#f48b1c', navy: '#142a66', burgundy: '#7d234d' } },
+                fontFamily: {
+                    sans: ['"Hanken Grotesk"', 'ui-sans-serif', 'system-ui', 'sans-serif'],
+                    mono: ['"IBM Plex Mono"', 'ui-monospace', 'monospace'],
+                },
+            } }
         }
     </script>
     <link rel="icon" type="image/png" sizes="32x32" href="/static/icons/favicon-32.png">
-    <meta name="theme-color" content="#142a66">
+    <meta name="theme-color" content="#080b14">
+
+    <style>
+        :root {
+            --bg: #080b14;
+            --border: rgba(124, 146, 188, 0.14);
+            --border-bright: rgba(168, 188, 224, 0.30);
+            --text: #e7ecf6;
+            --text-dim: #8c98b0;
+            --accent: #f48b1c;
+            --accent-glow: rgba(244, 139, 28, 0.40);
+            --ok: #34d399; --warn: #fbbf24; --bad: #f87171;
+        }
+        html, body { height: 100%; }
+        body {
+            margin: 0;
+            color: var(--text);
+            font-family: "Hanken Grotesk", ui-sans-serif, system-ui, sans-serif;
+            font-feature-settings: "ss01";
+            background-color: var(--bg);
+            /* atmosphere: a navy aurora up top + a faint instrument grid */
+            background-image:
+                radial-gradient(1100px 560px at 50% -12%, rgba(20, 42, 102, 0.55), transparent 68%),
+                radial-gradient(700px 400px at 88% 8%, rgba(125, 35, 77, 0.18), transparent 70%),
+                linear-gradient(rgba(124, 146, 188, 0.045) 1px, transparent 1px),
+                linear-gradient(90deg, rgba(124, 146, 188, 0.045) 1px, transparent 1px);
+            background-size: auto, auto, 46px 46px, 46px 46px;
+            background-attachment: fixed;
+        }
+        ::selection { background: rgba(244, 139, 28, 0.30); }
+
+        .font-mono, .reading { font-family: "IBM Plex Mono", ui-monospace, monospace; font-variant-numeric: tabular-nums; }
+
+        /* Panel system — translucent, hairline-lit, with depth */
+        .panel {
+            position: relative;
+            background: linear-gradient(180deg, rgba(24, 33, 54, 0.72), rgba(12, 18, 31, 0.62));
+            border: 1px solid var(--border);
+            border-radius: 16px;
+            backdrop-filter: blur(8px);
+            -webkit-backdrop-filter: blur(8px);
+            box-shadow: 0 1px 0 rgba(255, 255, 255, 0.05) inset, 0 22px 48px -28px rgba(0, 0, 0, 0.85);
+        }
+        .panel::before {
+            content: ''; position: absolute; inset: 0 0 auto 0; height: 1px;
+            background: linear-gradient(90deg, transparent, var(--border-bright), transparent);
+        }
+        .panel-hover { transition: transform .22s ease, border-color .22s ease, box-shadow .22s ease; }
+        .panel-hover:hover {
+            transform: translateY(-3px);
+            border-color: rgba(244, 139, 28, 0.55);
+            box-shadow: 0 30px 60px -30px rgba(0, 0, 0, 0.9), 0 0 0 1px var(--accent-glow);
+        }
+
+        .hairline { border-top: 1px solid var(--border); }
+
+        /* Live indicator */
+        .live-dot { width: 8px; height: 8px; border-radius: 999px; background: var(--accent); box-shadow: 0 0 0 0 var(--accent-glow); animation: pulse 2.2s infinite; }
+        @keyframes pulse { 0% { box-shadow: 0 0 0 0 var(--accent-glow); } 70% { box-shadow: 0 0 0 9px rgba(244, 139, 28, 0); } 100% { box-shadow: 0 0 0 0 rgba(244, 139, 28, 0); } }
+
+        /* Staggered load reveal */
+        @keyframes rise { from { opacity: 0; transform: translateY(12px); } to { opacity: 1; transform: none; } }
+        .reveal { opacity: 0; animation: rise .55s cubic-bezier(.2, .7, .2, 1) forwards; }
+
+        /* Brand signal-bars mark */
+        .signal-bars { display: inline-flex; align-items: flex-end; gap: 2px; height: 16px; }
+        .signal-bars i { width: 3px; background: var(--accent); border-radius: 1px; animation: bars 1.4s ease-in-out infinite; }
+        .signal-bars i:nth-child(1) { height: 40%; animation-delay: 0s; }
+        .signal-bars i:nth-child(2) { height: 70%; animation-delay: .2s; }
+        .signal-bars i:nth-child(3) { height: 100%; animation-delay: .4s; }
+        .signal-bars i:nth-child(4) { height: 55%; animation-delay: .6s; }
+        @keyframes bars { 0%, 100% { transform: scaleY(.5); opacity: .7; } 50% { transform: scaleY(1); opacity: 1; } }
+
+        /* Dark Leaflet polish */
+        .leaflet-container { background: #0a0f1c !important; }
+        .leaflet-tooltip { background: rgba(14, 20, 34, 0.95); border: 1px solid var(--border-bright); color: var(--text); box-shadow: none; font-family: inherit; font-size: 12px; }
+        .leaflet-tooltip-top::before { border-top-color: var(--border-bright); }
+        .leaflet-control-attribution { background: rgba(8, 11, 20, 0.6) !important; color: #5a6478 !important; }
+        .leaflet-control-attribution a { color: #7a8499 !important; }
+        ::-webkit-scrollbar { width: 9px; height: 9px; }
+        ::-webkit-scrollbar-thumb { background: rgba(124, 146, 188, 0.22); border-radius: 9px; }
+    </style>
     {% block head %}{% endblock %}
 </head>
-<body class="h-full bg-slate-900 text-gray-100 antialiased">
-    <header class="border-b border-slate-700/70 bg-slate-800/60 backdrop-blur">
-        <div class="max-w-5xl mx-auto px-4 py-3 flex items-center justify-between">
-            <a href="/portal" class="flex items-center gap-2 font-semibold">
-                <span class="inline-block w-2.5 h-2.5 rounded-full bg-seismo-orange"></span>
-                TMI Monitoring{% if client %} <span class="text-gray-500 font-normal">·</span>
-                <span class="text-seismo-orange">{{ client.name }}</span>{% endif %}
+<body class="min-h-full antialiased">
+    <header class="sticky top-0 z-30 border-b border-[var(--border)] bg-[rgba(8,11,20,0.72)] backdrop-blur-xl">
+        <div class="max-w-5xl mx-auto px-5 py-3.5 flex items-center justify-between">
+            <a href="/portal" class="flex items-center gap-2.5 group">
+                <span class="signal-bars"><i></i><i></i><i></i><i></i></span>
+                <span class="font-semibold tracking-tight text-[15px]">
+                    TMI <span class="text-[var(--text-dim)] font-normal">Monitoring</span>
+                    {% if client %}<span class="text-[var(--text-dim)] font-normal mx-0.5">/</span>
+                    <span class="text-seismo-orange">{{ client.name }}</span>{% endif %}
+                </span>
             </a>
             {% if client %}
-            <a href="/portal/logout" class="text-sm text-gray-400 hover:text-gray-200">Sign out</a>
+            <a href="/portal/logout" class="text-[13px] text-[var(--text-dim)] hover:text-[var(--text)] transition-colors">Sign out</a>
             {% endif %}
         </div>
     </header>
 
-    <main class="max-w-5xl mx-auto px-4 py-6">
+    <main class="max-w-5xl mx-auto px-5 py-8">
         {% block content %}{% endblock %}
     </main>
 
-    <footer class="max-w-5xl mx-auto px-4 py-8 text-xs text-gray-600">
-        Read-only monitoring view. Data is provided as-is for informational purposes.
+    <footer class="max-w-5xl mx-auto px-5 py-10 text-[11px] text-[var(--text-dim)]/70 flex items-center gap-2">
+        <span class="w-1 h-1 rounded-full bg-[var(--text-dim)]/50"></span>
+        Read-only monitoring view · data provided as-is for informational purposes
     </footer>
     {% block scripts %}{% endblock %}
 </body>
diff --git a/templates/portal/overview.html b/templates/portal/overview.html
index 4f01d3d..a4760fb 100644
--- a/templates/portal/overview.html
+++ b/templates/portal/overview.html
@@ -4,49 +4,55 @@
 <link rel="stylesheet" href="https://unpkg.com/leaflet@1.9.4/dist/leaflet.css" />
 {% endblock %}
 {% block content %}
-<h1 class="text-2xl font-semibold mb-1">Your monitoring locations</h1>
-<p class="text-gray-400 text-sm mb-6">Live sound levels for your active locations. Read-only.</p>
+<div class="reveal">
+    <div class="text-[11px] uppercase tracking-[0.2em] text-seismo-orange/80 font-mono mb-2">Live monitoring</div>
+    <h1 class="text-3xl font-bold tracking-tight">Your locations</h1>
+    <p class="text-[var(--text-dim)] text-sm mt-1">Real-time sound levels across your active monitoring sites.</p>
+</div>
 
 {% if locations %}
 <!-- Status rollup (filled live from the per-location /live fetches) -->
-<div id="rollup" class="hidden mb-5 flex flex-wrap items-center gap-2 text-sm">
-    <span class="inline-flex items-center gap-1.5 px-3 py-1.5 rounded-lg bg-slate-800/60 border border-slate-700">
-        <span class="text-gray-400">Locations</span><b id="r-total" class="text-gray-100">&ndash;</b>
-    </span>
-    <span class="inline-flex items-center gap-1.5 px-3 py-1.5 rounded-lg bg-slate-800/60 border border-slate-700">
-        <span class="w-2 h-2 rounded-full bg-green-500"></span><b id="r-live">&ndash;</b><span class="text-gray-400">live</span>
-    </span>
-    <span class="inline-flex items-center gap-1.5 px-3 py-1.5 rounded-lg bg-slate-800/60 border border-slate-700">
-        <span class="w-2 h-2 rounded-full bg-slate-500"></span><b id="r-off">&ndash;</b><span class="text-gray-400">offline</span>
-    </span>
-    <span id="r-peak-wrap" class="hidden inline-flex items-center gap-1.5 px-3 py-1.5 rounded-lg bg-slate-800/60 border border-slate-700">
-        <span class="text-gray-400">Loudest now</span><b id="r-peak" class="text-seismo-orange">&ndash;</b><span class="text-gray-400">dB Leq &middot;</span><span id="r-peak-loc" class="text-gray-300"></span>
-    </span>
+<div id="rollup" class="hidden mt-6 mb-6 flex flex-wrap items-center gap-2.5">
+    <div class="panel px-4 py-2.5 flex items-center gap-2.5">
+        <span class="text-[var(--text-dim)] text-[10px] uppercase tracking-[0.15em]">Locations</span>
+        <b id="r-total" class="reading text-lg font-semibold">&ndash;</b>
+    </div>
+    <div class="panel px-4 py-2.5 flex items-center gap-2">
+        <span class="live-dot"></span><b id="r-live" class="reading text-lg font-semibold text-seismo-orange">&ndash;</b><span class="text-[var(--text-dim)] text-xs">live</span>
+    </div>
+    <div class="panel px-4 py-2.5 flex items-center gap-2">
+        <span class="w-2 h-2 rounded-full bg-[var(--text-dim)]/50"></span><b id="r-off" class="reading text-lg font-semibold">&ndash;</b><span class="text-[var(--text-dim)] text-xs">offline</span>
+    </div>
+    <div id="r-peak-wrap" class="hidden panel px-4 py-2.5 flex items-center gap-2">
+        <span class="text-[var(--text-dim)] text-[10px] uppercase tracking-[0.15em]">Loudest now</span>
+        <b id="r-peak" class="reading text-lg font-semibold text-seismo-orange">&ndash;</b><span class="text-[var(--text-dim)] text-xs">dB</span>
+        <span id="r-peak-loc" class="text-[var(--text-dim)] text-sm"></span>
+    </div>
 </div>
 
-<div id="loc-map" class="h-64 rounded-xl overflow-hidden mb-6 hidden border border-slate-700"></div>
+<div id="loc-map" class="panel reveal hidden h-72 overflow-hidden mb-6" style="animation-delay:80ms"></div>
 
 <div class="grid sm:grid-cols-2 lg:grid-cols-3 gap-4">
     {% for loc in locations %}
     <a href="/portal/location/{{ loc.id }}" data-loc="{{ loc.id }}"
-       class="loc-tile block rounded-xl border border-slate-700 bg-slate-800/50 p-4 hover:border-seismo-orange transition-colors">
+       class="loc-tile panel panel-hover reveal block p-5" style="animation-delay: {{ (loop.index0 * 55) + 140 }}ms">
         <div class="flex items-start justify-between gap-2">
-            <div class="font-semibold">{{ loc.name }}</div>
-            <span class="loc-badge hidden shrink-0 px-2 py-0.5 text-xs rounded-full"></span>
+            <div class="min-w-0">
+                <div class="font-semibold tracking-tight truncate">{{ loc.name }}</div>
+                <div class="text-xs text-[var(--text-dim)] mt-0.5 truncate">{{ loc.address or loc.project_name or '' }}</div>
+            </div>
+            <span class="loc-badge hidden shrink-0"></span>
         </div>
-        <div class="text-xs text-gray-400 mt-0.5 truncate">{{ loc.address or loc.project_name or '' }}</div>
-        <div class="mt-3 flex items-baseline gap-1">
-            <span class="loc-leq text-3xl font-bold text-seismo-orange">--</span>
-            <span class="text-sm text-gray-400">dB Leq</span>
+        <div class="mt-5 flex items-baseline gap-1.5">
+            <span class="loc-leq reading text-[2.6rem] leading-none font-semibold">--</span>
+            <span class="text-xs text-[var(--text-dim)] font-mono tracking-wide">dB&nbsp;Leq</span>
         </div>
-        <div class="loc-fresh text-xs text-gray-500 mt-1">&nbsp;</div>
+        <div class="loc-fresh text-[11px] text-[var(--text-dim)]/70 mt-2 font-mono">&nbsp;</div>
     </a>
     {% endfor %}
 </div>
 {% else %}
-<div class="rounded-xl border border-slate-700 bg-slate-800/50 p-8 text-center text-gray-400">
-    No active monitoring locations yet.
-</div>
+<div class="panel reveal p-12 text-center text-[var(--text-dim)] mt-6">No active monitoring locations yet.</div>
 {% endif %}
 {% endblock %}
 
@@ -57,15 +63,14 @@ const LOCATIONS = {{ locations|tojson }};
 const liveState = {};          // loc.id -> {status, leq(num|null), leqStr}
 const markersById = {};        // loc.id -> circleMarker (for live recolor)
 
-// Dot/level color. Bands are placeholders until per-location alert thresholds
-// exist (M2 alerts will color by threshold breach instead).
+// Dot/level color. Placeholder bands until per-location alert thresholds exist.
 const LEVEL_AMBER = 55, LEVEL_RED = 70;
-const COLOR_IDLE = '#64748b';  // slate-500 — not producing a live level
+const COLOR_IDLE = '#5a6478';
 function levelColor(st) {
     if (!st || st.status !== 'measuring' || st.leq == null) return COLOR_IDLE;
-    if (st.leq >= LEVEL_RED) return '#ef4444';    // red-500
-    if (st.leq >= LEVEL_AMBER) return '#f59e0b';  // amber-500
-    return '#22c55e';                              // green-500
+    if (st.leq >= LEVEL_RED) return '#f87171';
+    if (st.leq >= LEVEL_AMBER) return '#fbbf24';
+    return '#34d399';
 }
 function num(v) { const f = parseFloat(v); return isNaN(f) ? null : f; }
 
@@ -78,11 +83,13 @@ function fmtAgo(iso) {
     return 'updated ' + Math.round(s / 3600) + 'h ago';
 }
 
+const BADGE_BASE = 'loc-badge inline-flex items-center gap-1.5 shrink-0 px-2.5 py-1 text-[11px] rounded-full border ';
+
 function updateMarker(loc) {
     const m = markersById[loc.id]; if (!m) return;
     const st = liveState[loc.id];
     m.setStyle({ fillColor: levelColor(st) });
-    let label = loc.name;
+    let label = `<b>${loc.name}</b>`;
     if (st) {
         if (st.status === 'measuring') label += ` &middot; ${st.leqStr} dB Leq`;
         else if (st.status === 'stopped') label += ' &middot; stopped';
@@ -102,23 +109,18 @@ async function loadTile(loc) {
         const d = j.data;
         if (!d) {
             liveState[loc.id] = { status: j.reason === 'no_device' ? 'nodevice' : 'offline', leq: null };
-            if (badge) {
-                badge.classList.remove('hidden');
-                badge.textContent = j.reason === 'no_device' ? 'No device' : 'Offline';
-                badge.className = 'loc-badge shrink-0 px-2 py-0.5 text-xs rounded-full bg-slate-700 text-gray-300';
-            }
-            if (leqEl) leqEl.textContent = '--';
+            if (badge) { badge.classList.remove('hidden'); badge.className = BADGE_BASE + 'border-[var(--border)] text-[var(--text-dim)]'; badge.textContent = j.reason === 'no_device' ? 'No device' : 'Offline'; }
+            if (leqEl) { leqEl.textContent = '--'; leqEl.style.color = 'var(--text-dim)'; }
             if (fresh) fresh.innerHTML = '&nbsp;';
         } else {
             const measuring = d.measurement_state === 'Start' || d.measurement_state === 'Measure';
             const leqStr = (d.leq == null || d.leq === '') ? '--' : d.leq;
             liveState[loc.id] = { status: measuring ? 'measuring' : 'stopped', leq: num(d.leq), leqStr };
-            if (leqEl) leqEl.textContent = leqStr;
+            if (leqEl) { leqEl.textContent = leqStr; leqEl.style.color = measuring ? levelColor(liveState[loc.id]) : 'var(--text)'; }
             if (badge) {
                 badge.classList.remove('hidden');
-                badge.textContent = measuring ? '● Live' : 'Stopped';
-                badge.className = 'loc-badge shrink-0 px-2 py-0.5 text-xs rounded-full ' +
-                    (measuring ? 'bg-green-900/40 text-green-300' : 'bg-slate-700 text-gray-300');
+                if (measuring) { badge.className = BADGE_BASE + 'border-[rgba(244,139,28,0.45)] text-seismo-orange'; badge.innerHTML = '<span class="live-dot"></span> Live'; }
+                else { badge.className = BADGE_BASE + 'border-[var(--border)] text-[var(--text-dim)]'; badge.textContent = 'Stopped'; }
             }
             if (fresh) fresh.textContent = fmtAgo(d.last_seen);
         }
@@ -155,30 +157,28 @@ async function refreshAll() {
 refreshAll();
 setInterval(refreshAll, 15000);
 
-// Map of locations that have coordinates — dots recolor live via updateMarker().
+// Map of locations with coordinates — dark tiles, dots recolor live.
 const withCoords = LOCATIONS.filter(l => l.coordinates);
 if (withCoords.length) {
     const mapEl = document.getElementById('loc-map');
     mapEl.classList.remove('hidden');
-    const map = L.map('loc-map', { scrollWheelZoom: false });
-    L.tileLayer('https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png',
-        { maxZoom: 19, attribution: '© OpenStreetMap' }).addTo(map);
+    const map = L.map('loc-map', { scrollWheelZoom: false, attributionControl: true });
+    L.tileLayer('https://{s}.basemaps.cartocdn.com/dark_all/{z}/{x}/{y}{r}.png', {
+        maxZoom: 19, subdomains: 'abcd', attribution: '© OpenStreetMap © CARTO'
+    }).addTo(map);
     const pts = [];
     withCoords.forEach(l => {
         const [la, lo] = (l.coordinates || '').split(',').map(Number);
         if (!isNaN(la) && !isNaN(lo)) {
-            // Same dot style as the internal project map (circleMarker, not a pin),
-            // but recolored live by current level.
             markersById[l.id] = L.circleMarker([la, lo], {
-                radius: 8, fillColor: levelColor(liveState[l.id]), color: '#fff',
-                weight: 2, opacity: 1, fillOpacity: 0.9,
+                radius: 7, fillColor: levelColor(liveState[l.id]), color: '#fff',
+                weight: 2, opacity: 0.9, fillOpacity: 0.95,
             }).addTo(map).bindTooltip(l.name, { direction: 'top', offset: [0, -6] });
             pts.push([la, lo]);
         }
     });
-    if (pts.length) map.fitBounds(pts, { padding: [30, 30], maxZoom: 15 });
+    if (pts.length) map.fitBounds(pts, { padding: [36, 36], maxZoom: 15 });
     else mapEl.classList.add('hidden');
-    // Paint dots with whatever live data has already arrived.
     LOCATIONS.forEach(updateMarker);
 }
 </script>
-- 
2.52.0


From f760e81309bff16e61ccd3f61b9cc560588df317 Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 20:10:29 +0000
Subject: [PATCH 20/27] style(portal): live-console location page, polished
 access splash, light/dark toggle
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Location page rebuilt as a monitoring console: Leq hero readout (mono, level-
  colored, auto-flips with theme), instrument strip for Lp/Lmax/L1/L10, refined
  dark Chart.js (mono ticks, thin lines), panel-styled alert history, polished
  pause overlay. All live-stream/chart/alert JS hooks preserved.
- Access page → centered branded splash.
- Light/Dark toggle: CSS-variable theme system (structure + level/metric accent
  colors flip), header sun/moon button, localStorage + no-flash boot script,
  smooth body transition. On toggle, a 'portal-theme' event re-skins the Chart.js
  trace and swaps Leaflet tiles (CARTO dark <-> light) + recolors map dots.

All JS hook IDs intact (verified); both themes validated to parse + balance.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 templates/portal/access_required.html |  15 ++-
 templates/portal/base.html            | 117 +++++++++++++------
 templates/portal/location.html        | 159 ++++++++++++++++----------
 templates/portal/overview.html        |  21 ++--
 4 files changed, 205 insertions(+), 107 deletions(-)

diff --git a/templates/portal/access_required.html b/templates/portal/access_required.html
index b6d7423..95591d0 100644
--- a/templates/portal/access_required.html
+++ b/templates/portal/access_required.html
@@ -1,20 +1,19 @@
 {% extends "portal/base.html" %}
 {% block title %}Access{% endblock %}
 {% block content %}
-<div class="max-w-md mx-auto mt-16 text-center">
-    <div class="inline-flex items-center justify-center w-14 h-14 rounded-full bg-slate-800 border border-slate-700 mb-5">
-        <svg class="w-7 h-7 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+<div class="max-w-md mx-auto mt-20 text-center reveal">
+    <div class="panel inline-flex items-center justify-center w-16 h-16 rounded-2xl mb-6">
+        <svg class="w-7 h-7 text-[var(--text-dim)]" fill="none" stroke="currentColor" viewBox="0 0 24 24">
             <path stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5"
                   d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z"></path>
         </svg>
     </div>
     {% if reason == "invalid" %}
-        <h1 class="text-xl font-semibold mb-2">This link isn't valid</h1>
-        <p class="text-gray-400 text-sm">The access link is expired or has been revoked.
-            Please contact TMI for a new link.</p>
+        <h1 class="text-2xl font-bold tracking-tight mb-2">This link isn't valid</h1>
+        <p class="text-[var(--text-dim)] text-sm leading-relaxed">The access link is expired or has been revoked.<br>Please contact TMI for a new link.</p>
     {% else %}
-        <h1 class="text-xl font-semibold mb-2">Access link required</h1>
-        <p class="text-gray-400 text-sm">Open the monitoring link TMI sent you to view your locations.</p>
+        <h1 class="text-2xl font-bold tracking-tight mb-2">Access link required</h1>
+        <p class="text-[var(--text-dim)] text-sm leading-relaxed">Open the monitoring link TMI sent you to view your locations.</p>
     {% endif %}
 </div>
 {% endblock %}
diff --git a/templates/portal/base.html b/templates/portal/base.html
index e771c96..36e8109 100644
--- a/templates/portal/base.html
+++ b/templates/portal/base.html
@@ -5,6 +5,9 @@
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <title>{% block title %}Monitoring{% endblock %} · TMI</title>
 
+    <!-- apply saved theme before paint (no flash) -->
+    <script>(function(){var t=localStorage.getItem('portal-theme')||'dark';document.documentElement.setAttribute('data-theme',t);})();</script>
+
     <link rel="preconnect" href="https://fonts.googleapis.com">
     <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
     <link href="https://fonts.googleapis.com/css2?family=Hanken+Grotesk:wght@400;500;600;700;800&family=IBM+Plex+Mono:wght@400;500;600&display=swap" rel="stylesheet">
@@ -25,16 +28,45 @@
     <meta name="theme-color" content="#080b14">
 
     <style>
+        /* ---- dark (default) ---- */
         :root {
             --bg: #080b14;
-            --border: rgba(124, 146, 188, 0.14);
-            --border-bright: rgba(168, 188, 224, 0.30);
+            --grid: rgba(124, 146, 188, 0.045);
+            --aurora-1: rgba(20, 42, 102, 0.55);
+            --aurora-2: rgba(125, 35, 77, 0.18);
             --text: #e7ecf6;
             --text-dim: #8c98b0;
+            --border: rgba(124, 146, 188, 0.14);
+            --border-bright: rgba(168, 188, 224, 0.30);
+            --panel-a: rgba(24, 33, 54, 0.72);
+            --panel-b: rgba(12, 18, 31, 0.62);
+            --panel-inset: rgba(255, 255, 255, 0.05);
+            --panel-shadow: 0 22px 48px -28px rgba(0, 0, 0, 0.85);
+            --header-bg: rgba(8, 11, 20, 0.72);
             --accent: #f48b1c;
             --accent-glow: rgba(244, 139, 28, 0.40);
-            --ok: #34d399; --warn: #fbbf24; --bad: #f87171;
+            --lvl-ok: #34d399; --lvl-warn: #fbbf24; --lvl-bad: #f87171;
+            --m-lp: #60a5fa; --m-lmax: #f87171; --m-l1: #c084fc; --m-l10: #fbbf24;
         }
+        /* ---- light ---- */
+        html[data-theme="light"] {
+            --bg: #eef1f8;
+            --grid: rgba(20, 42, 102, 0.05);
+            --aurora-1: rgba(120, 150, 220, 0.22);
+            --aurora-2: rgba(244, 139, 28, 0.10);
+            --text: #16203a;
+            --text-dim: #5d6b86;
+            --border: rgba(20, 42, 102, 0.13);
+            --border-bright: rgba(20, 42, 102, 0.22);
+            --panel-a: rgba(255, 255, 255, 0.92);
+            --panel-b: rgba(248, 250, 254, 0.85);
+            --panel-inset: rgba(255, 255, 255, 0.6);
+            --panel-shadow: 0 18px 40px -28px rgba(40, 55, 95, 0.35);
+            --header-bg: rgba(244, 246, 251, 0.80);
+            --lvl-ok: #16a34a; --lvl-warn: #d97706; --lvl-bad: #dc2626;
+            --m-lp: #2563eb; --m-lmax: #dc2626; --m-l1: #9333ea; --m-l10: #d97706;
+        }
+
         html, body { height: 100%; }
         body {
             margin: 0;
@@ -42,28 +74,27 @@
             font-family: "Hanken Grotesk", ui-sans-serif, system-ui, sans-serif;
             font-feature-settings: "ss01";
             background-color: var(--bg);
-            /* atmosphere: a navy aurora up top + a faint instrument grid */
             background-image:
-                radial-gradient(1100px 560px at 50% -12%, rgba(20, 42, 102, 0.55), transparent 68%),
-                radial-gradient(700px 400px at 88% 8%, rgba(125, 35, 77, 0.18), transparent 70%),
-                linear-gradient(rgba(124, 146, 188, 0.045) 1px, transparent 1px),
-                linear-gradient(90deg, rgba(124, 146, 188, 0.045) 1px, transparent 1px);
+                radial-gradient(1100px 560px at 50% -12%, var(--aurora-1), transparent 68%),
+                radial-gradient(700px 400px at 88% 8%, var(--aurora-2), transparent 70%),
+                linear-gradient(var(--grid) 1px, transparent 1px),
+                linear-gradient(90deg, var(--grid) 1px, transparent 1px);
             background-size: auto, auto, 46px 46px, 46px 46px;
             background-attachment: fixed;
+            transition: background-color .3s ease, color .3s ease;
         }
         ::selection { background: rgba(244, 139, 28, 0.30); }
 
         .font-mono, .reading { font-family: "IBM Plex Mono", ui-monospace, monospace; font-variant-numeric: tabular-nums; }
 
-        /* Panel system — translucent, hairline-lit, with depth */
         .panel {
             position: relative;
-            background: linear-gradient(180deg, rgba(24, 33, 54, 0.72), rgba(12, 18, 31, 0.62));
+            background: linear-gradient(180deg, var(--panel-a), var(--panel-b));
             border: 1px solid var(--border);
             border-radius: 16px;
             backdrop-filter: blur(8px);
             -webkit-backdrop-filter: blur(8px);
-            box-shadow: 0 1px 0 rgba(255, 255, 255, 0.05) inset, 0 22px 48px -28px rgba(0, 0, 0, 0.85);
+            box-shadow: 0 1px 0 var(--panel-inset) inset, var(--panel-shadow);
         }
         .panel::before {
             content: ''; position: absolute; inset: 0 0 auto 0; height: 1px;
@@ -73,43 +104,46 @@
         .panel-hover:hover {
             transform: translateY(-3px);
             border-color: rgba(244, 139, 28, 0.55);
-            box-shadow: 0 30px 60px -30px rgba(0, 0, 0, 0.9), 0 0 0 1px var(--accent-glow);
+            box-shadow: 0 30px 60px -30px rgba(0, 0, 0, 0.55), 0 0 0 1px var(--accent-glow);
         }
-
         .hairline { border-top: 1px solid var(--border); }
 
-        /* Live indicator */
+        /* metric accent colors (flip per theme) */
+        .c-lp { color: var(--m-lp); } .c-lmax { color: var(--m-lmax); }
+        .c-l1 { color: var(--m-l1); } .c-l10 { color: var(--m-l10); }
+
         .live-dot { width: 8px; height: 8px; border-radius: 999px; background: var(--accent); box-shadow: 0 0 0 0 var(--accent-glow); animation: pulse 2.2s infinite; }
         @keyframes pulse { 0% { box-shadow: 0 0 0 0 var(--accent-glow); } 70% { box-shadow: 0 0 0 9px rgba(244, 139, 28, 0); } 100% { box-shadow: 0 0 0 0 rgba(244, 139, 28, 0); } }
 
-        /* Staggered load reveal */
         @keyframes rise { from { opacity: 0; transform: translateY(12px); } to { opacity: 1; transform: none; } }
         .reveal { opacity: 0; animation: rise .55s cubic-bezier(.2, .7, .2, 1) forwards; }
 
-        /* Brand signal-bars mark */
         .signal-bars { display: inline-flex; align-items: flex-end; gap: 2px; height: 16px; }
         .signal-bars i { width: 3px; background: var(--accent); border-radius: 1px; animation: bars 1.4s ease-in-out infinite; }
-        .signal-bars i:nth-child(1) { height: 40%; animation-delay: 0s; }
-        .signal-bars i:nth-child(2) { height: 70%; animation-delay: .2s; }
-        .signal-bars i:nth-child(3) { height: 100%; animation-delay: .4s; }
-        .signal-bars i:nth-child(4) { height: 55%; animation-delay: .6s; }
+        .signal-bars i:nth-child(1) { height: 40%; } .signal-bars i:nth-child(2) { height: 70%; animation-delay: .2s; }
+        .signal-bars i:nth-child(3) { height: 100%; animation-delay: .4s; } .signal-bars i:nth-child(4) { height: 55%; animation-delay: .6s; }
         @keyframes bars { 0%, 100% { transform: scaleY(.5); opacity: .7; } 50% { transform: scaleY(1); opacity: 1; } }
 
-        /* Dark Leaflet polish */
-        .leaflet-container { background: #0a0f1c !important; }
-        .leaflet-tooltip { background: rgba(14, 20, 34, 0.95); border: 1px solid var(--border-bright); color: var(--text); box-shadow: none; font-family: inherit; font-size: 12px; }
+        .theme-toggle { color: var(--text-dim); transition: color .2s ease, background .2s ease; }
+        .theme-toggle:hover { color: var(--text); }
+        html[data-theme="light"] .moon { display: none; }
+        html[data-theme="dark"] .sun, :root:not([data-theme="light"]) .sun { display: none; }
+
+        /* Leaflet polish (dark default; .leaflet-light tweaks tooltip for light) */
+        .leaflet-container { background: var(--bg) !important; }
+        .leaflet-tooltip { background: var(--panel-a); border: 1px solid var(--border-bright); color: var(--text); box-shadow: none; font-family: inherit; font-size: 12px; }
         .leaflet-tooltip-top::before { border-top-color: var(--border-bright); }
-        .leaflet-control-attribution { background: rgba(8, 11, 20, 0.6) !important; color: #5a6478 !important; }
-        .leaflet-control-attribution a { color: #7a8499 !important; }
+        .leaflet-control-attribution { background: rgba(0,0,0,0.25) !important; color: var(--text-dim) !important; }
+        .leaflet-control-attribution a { color: var(--text-dim) !important; }
         ::-webkit-scrollbar { width: 9px; height: 9px; }
         ::-webkit-scrollbar-thumb { background: rgba(124, 146, 188, 0.22); border-radius: 9px; }
     </style>
     {% block head %}{% endblock %}
 </head>
 <body class="min-h-full antialiased">
-    <header class="sticky top-0 z-30 border-b border-[var(--border)] bg-[rgba(8,11,20,0.72)] backdrop-blur-xl">
+    <header class="sticky top-0 z-30 border-b border-[var(--border)] bg-[var(--header-bg)] backdrop-blur-xl">
         <div class="max-w-5xl mx-auto px-5 py-3.5 flex items-center justify-between">
-            <a href="/portal" class="flex items-center gap-2.5 group">
+            <a href="/portal" class="flex items-center gap-2.5">
                 <span class="signal-bars"><i></i><i></i><i></i><i></i></span>
                 <span class="font-semibold tracking-tight text-[15px]">
                     TMI <span class="text-[var(--text-dim)] font-normal">Monitoring</span>
@@ -117,9 +151,15 @@
                     <span class="text-seismo-orange">{{ client.name }}</span>{% endif %}
                 </span>
             </a>
-            {% if client %}
-            <a href="/portal/logout" class="text-[13px] text-[var(--text-dim)] hover:text-[var(--text)] transition-colors">Sign out</a>
-            {% endif %}
+            <div class="flex items-center gap-1.5">
+                <button onclick="togglePortalTheme()" class="theme-toggle p-2 rounded-lg" title="Toggle light / dark" aria-label="Toggle theme">
+                    <svg class="moon w-[18px] h-[18px]" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M20.354 15.354A9 9 0 018.646 3.646 9.003 9.003 0 0012 21a9.003 9.003 0 008.354-5.646z"/></svg>
+                    <svg class="sun w-[18px] h-[18px]" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 3v1m0 16v1m9-9h-1M4 12H3m15.364 6.364l-.707-.707M6.343 6.343l-.707-.707m12.728 0l-.707.707M6.343 17.657l-.707.707M16 12a4 4 0 11-8 0 4 4 0 018 0z"/></svg>
+                </button>
+                {% if client %}
+                <a href="/portal/logout" class="text-[13px] text-[var(--text-dim)] hover:text-[var(--text)] transition-colors px-2">Sign out</a>
+                {% endif %}
+            </div>
         </div>
     </header>
 
@@ -127,10 +167,23 @@
         {% block content %}{% endblock %}
     </main>
 
-    <footer class="max-w-5xl mx-auto px-5 py-10 text-[11px] text-[var(--text-dim)]/70 flex items-center gap-2">
-        <span class="w-1 h-1 rounded-full bg-[var(--text-dim)]/50"></span>
+    <footer class="max-w-5xl mx-auto px-5 py-10 text-[11px] text-[var(--text-dim)] flex items-center gap-2 opacity-70">
+        <span class="w-1 h-1 rounded-full bg-[var(--text-dim)]"></span>
         Read-only monitoring view · data provided as-is for informational purposes
     </footer>
+
+    <script>
+        // Theme toggle. Pages can listen for 'portal-theme' to re-skin canvases/maps.
+        function cssVar(n) { return getComputedStyle(document.documentElement).getPropertyValue(n).trim(); }
+        function togglePortalTheme() {
+            const cur = document.documentElement.getAttribute('data-theme') === 'light' ? 'light' : 'dark';
+            const next = cur === 'light' ? 'dark' : 'light';
+            document.documentElement.setAttribute('data-theme', next);
+            try { localStorage.setItem('portal-theme', next); } catch (e) {}
+            document.documentElement.setAttribute('content', next === 'light' ? '#eef1f8' : '#080b14');
+            document.dispatchEvent(new CustomEvent('portal-theme', { detail: next }));
+        }
+    </script>
     {% block scripts %}{% endblock %}
 </body>
 </html>
diff --git a/templates/portal/location.html b/templates/portal/location.html
index 7ebe04e..b846da9 100644
--- a/templates/portal/location.html
+++ b/templates/portal/location.html
@@ -4,61 +4,74 @@
 <script src="https://cdn.jsdelivr.net/npm/chart.js@4"></script>
 {% endblock %}
 {% block content %}
-<a href="/portal" class="text-sm text-gray-400 hover:text-gray-200">&larr; All locations</a>
-<h1 class="text-2xl font-semibold mt-1">{{ location.name }}</h1>
-<div class="flex items-center gap-2 text-sm mt-1 mb-6">
-    <span id="p-badge" class="hidden px-2 py-0.5 text-xs font-medium rounded-full"></span>
-    <span id="p-fresh" class="text-gray-400"></span>
+<a href="/portal" class="reveal inline-flex items-center gap-1.5 text-sm text-[var(--text-dim)] hover:text-[var(--text)] transition-colors">
+    <svg class="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 19l-7-7 7-7"/></svg>
+    All locations
+</a>
+<div class="reveal mt-3 flex flex-wrap items-end justify-between gap-3">
+    <h1 class="text-3xl font-bold tracking-tight">{{ location.name }}</h1>
+    <div class="flex items-center gap-2.5">
+        <span id="p-badge" class="hidden"></span>
+        <span id="p-fresh" class="text-[var(--text-dim)] font-mono text-xs"></span>
+    </div>
 </div>
 
 {% if not has_device %}
-<div class="rounded-xl border border-slate-700 bg-slate-800/50 p-8 text-center text-gray-400">
-    No device is currently assigned to this location.
-</div>
+<div class="panel reveal p-12 text-center text-[var(--text-dim)] mt-6">No device is currently assigned to this location.</div>
 {% else %}
-<div id="p-alarm-banner" class="hidden mb-4 px-4 py-3 rounded-lg bg-red-900/30 border border-red-700/50 text-red-200 text-sm flex items-center gap-2">
-    <svg class="w-5 h-5 shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+<div id="p-alarm-banner" class="hidden reveal mt-5 px-4 py-3 rounded-xl bg-[rgba(248,113,113,0.10)] border border-[rgba(248,113,113,0.38)] text-red-200 text-sm flex items-center gap-2.5">
+    <svg class="w-5 h-5 shrink-0 text-red-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
         <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
               d="M12 9v2m0 4h.01M5.07 19h13.86c1.54 0 2.5-1.67 1.73-3L13.73 4a2 2 0 00-3.46 0L3.34 16c-.77 1.33.19 3 1.73 3z"/>
     </svg>
-    <span id="p-alarm-text">Currently above threshold.</span>
+    <span id="p-alarm-text" class="font-medium">Currently above threshold.</span>
 </div>
-<div class="grid grid-cols-2 sm:grid-cols-5 gap-3 mb-6">
-    <div class="rounded-lg bg-slate-800/60 border border-slate-700 p-3">
-        <div class="text-xs text-gray-400">Lp (Instant)</div>
-        <div id="p-lp" class="text-2xl font-bold text-blue-400">--</div><div class="text-xs text-gray-500">dB</div>
+
+<!-- Hero console: Leq primary + instrument strip -->
+<div class="panel reveal mt-5 p-6 sm:p-7" style="animation-delay:60ms">
+    <div class="text-[10px] uppercase tracking-[0.22em] text-[var(--text-dim)] font-mono mb-1.5">Leq · average</div>
+    <div class="flex items-baseline gap-2.5">
+        <span id="p-leq" class="reading text-6xl sm:text-7xl leading-none font-semibold">--</span>
+        <span class="text-sm text-[var(--text-dim)] font-mono">dB</span>
     </div>
-    <div class="rounded-lg bg-slate-800/60 border border-slate-700 p-3">
-        <div class="text-xs text-gray-400">Leq (Average)</div>
-        <div id="p-leq" class="text-2xl font-bold text-green-400">--</div><div class="text-xs text-gray-500">dB</div>
-    </div>
-    <div class="rounded-lg bg-slate-800/60 border border-slate-700 p-3">
-        <div class="text-xs text-gray-400">Lmax (Max)</div>
-        <div id="p-lmax" class="text-2xl font-bold text-red-400">--</div><div class="text-xs text-gray-500">dB</div>
-    </div>
-    <div class="rounded-lg bg-slate-800/60 border border-slate-700 p-3">
-        <div class="text-xs text-gray-400">L1</div>
-        <div id="p-ln1" class="text-2xl font-bold text-purple-400">--</div><div class="text-xs text-gray-500">dB</div>
-    </div>
-    <div class="rounded-lg bg-slate-800/60 border border-slate-700 p-3">
-        <div class="text-xs text-gray-400">L10</div>
-        <div id="p-ln2" class="text-2xl font-bold text-orange-400">--</div><div class="text-xs text-gray-500">dB</div>
+
+    <div class="hairline mt-6 pt-5 grid grid-cols-2 sm:grid-cols-4 gap-5">
+        <div>
+            <div class="text-[10px] uppercase tracking-[0.15em] text-[var(--text-dim)] font-mono">Lp · instant</div>
+            <div class="mt-1 flex items-baseline gap-1"><span id="p-lp" class="reading text-2xl font-semibold c-lp">--</span><span class="text-[10px] text-[var(--text-dim)] font-mono">dB</span></div>
+        </div>
+        <div>
+            <div class="text-[10px] uppercase tracking-[0.15em] text-[var(--text-dim)] font-mono">Lmax · peak</div>
+            <div class="mt-1 flex items-baseline gap-1"><span id="p-lmax" class="reading text-2xl font-semibold c-lmax">--</span><span class="text-[10px] text-[var(--text-dim)] font-mono">dB</span></div>
+        </div>
+        <div>
+            <div class="text-[10px] uppercase tracking-[0.15em] text-[var(--text-dim)] font-mono">L1</div>
+            <div class="mt-1 flex items-baseline gap-1"><span id="p-ln1" class="reading text-2xl font-semibold c-l1">--</span><span class="text-[10px] text-[var(--text-dim)] font-mono">dB</span></div>
+        </div>
+        <div>
+            <div class="text-[10px] uppercase tracking-[0.15em] text-[var(--text-dim)] font-mono">L10</div>
+            <div class="mt-1 flex items-baseline gap-1"><span id="p-ln2" class="reading text-2xl font-semibold c-l10">--</span><span class="text-[10px] text-[var(--text-dim)] font-mono">dB</span></div>
+        </div>
     </div>
 </div>
 
-<div class="relative rounded-xl border border-slate-700 bg-slate-800/50 p-4" style="min-height: 360px;">
-    <canvas id="p-chart"></canvas>
-    <div id="p-paused" class="hidden absolute inset-0 flex items-center justify-center bg-slate-900/70 rounded-xl">
-        <button onclick="resumeStream()"
-                class="px-4 py-2 rounded-lg bg-seismo-orange/20 text-seismo-orange border border-seismo-orange/40 hover:bg-seismo-orange/30 text-sm font-medium">
-            &#9208; Live paused — click to resume
-        </button>
+<!-- Live trace -->
+<div class="panel reveal mt-5 overflow-hidden" style="animation-delay:120ms">
+    <div class="px-5 pt-4 text-[10px] uppercase tracking-[0.22em] text-[var(--text-dim)] font-mono">Live trace · last 2h</div>
+    <div class="relative px-3 pb-3 pt-2" style="min-height: 340px;">
+        <canvas id="p-chart"></canvas>
+        <div id="p-paused" class="hidden absolute inset-0 flex items-center justify-center bg-[rgba(8,11,20,0.78)] rounded-xl backdrop-blur-sm">
+            <button onclick="resumeStream()"
+                    class="px-4 py-2 rounded-lg bg-seismo-orange/15 text-seismo-orange border border-seismo-orange/40 hover:bg-seismo-orange/25 text-sm font-medium transition-colors">
+                &#9208; Live paused — tap to resume
+            </button>
+        </div>
     </div>
 </div>
 
-<!-- Alert history (read-only) -->
-<div class="mt-6">
-    <h2 class="text-sm font-medium text-gray-400 mb-2">Alert history</h2>
+<!-- Alert history -->
+<div class="reveal mt-7" style="animation-delay:180ms">
+    <div class="text-[10px] uppercase tracking-[0.22em] text-[var(--text-dim)] font-mono mb-3">Alert history</div>
     <div id="p-events" class="space-y-2"></div>
 </div>
 {% endif %}
@@ -72,40 +85,65 @@ const cd = { t: [], lp: [], leq: [], ln1: [], ln2: [] };
 let chart;
 const numOrNull = v => { const f = parseFloat(v); return isNaN(f) ? null : f; };
 
-function ds(label, color) {
-    return { label, data: [], borderColor: color, backgroundColor: color,
-             borderWidth: 2, pointRadius: 0, tension: 0.3, spanGaps: true };
+// Level color for the Leq hero (matches the overview bands).
+const LEVEL_AMBER = 55, LEVEL_RED = 70;
+function leqColor(measuring, v) {
+    // CSS var refs so the hero color auto-flips with the theme.
+    if (!measuring || v == null || isNaN(v)) return 'var(--text)';
+    if (v >= LEVEL_RED) return 'var(--lvl-bad)';
+    if (v >= LEVEL_AMBER) return 'var(--lvl-warn)';
+    return 'var(--lvl-ok)';
+}
+function paintLeq(measuring, leqVal) {
+    const el = document.getElementById('p-leq');
+    if (el) el.style.color = leqColor(measuring, parseFloat(leqVal));
+}
+
+function ds(label) { return { label, data: [], borderWidth: 1.5, pointRadius: 0, tension: 0.35, spanGaps: true }; }
+function skinChart() {
+    if (!chart) return;
+    const dim = cssVar('--text-dim');
+    const cols = [cssVar('--m-lp'), cssVar('--lvl-ok'), cssVar('--m-l1'), cssVar('--m-l10')];
+    chart.data.datasets.forEach((d, i) => { d.borderColor = cols[i]; d.backgroundColor = cols[i]; });
+    const grid = 'rgba(124,146,188,0.10)', gridX = 'rgba(124,146,188,0.05)', border = 'rgba(124,146,188,0.18)';
+    const y = chart.options.scales.y, x = chart.options.scales.x;
+    y.ticks.color = dim; y.title.color = dim; y.grid.color = grid; y.border.color = border;
+    x.ticks.color = dim; x.grid.color = gridX; x.border.color = border;
+    chart.options.plugins.legend.labels.color = cssVar('--text');
+    chart.update('none');
 }
 function initChart() {
     const ctx = document.getElementById('p-chart').getContext('2d');
+    const mono = { family: 'IBM Plex Mono', size: 10 };
     chart = new Chart(ctx, {
         type: 'line',
-        data: { labels: [], datasets: [
-            ds('Lp', 'rgb(96,165,250)'), ds('Leq', 'rgb(74,222,128)'),
-            ds('L1', 'rgb(192,132,252)'), ds('L10', 'rgb(251,146,60)') ] },
+        data: { labels: [], datasets: [ds('Lp'), ds('Leq'), ds('L1'), ds('L10')] },
         options: {
             responsive: true, maintainAspectRatio: false, animation: false,
             interaction: { intersect: false, mode: 'index' },
             scales: {
-                y: { min: 30, max: 130, title: { display: true, text: 'dB', color: '#94a3b8' },
-                     ticks: { color: '#94a3b8' }, grid: { color: 'rgba(148,163,184,0.12)' } },
-                x: { ticks: { color: '#94a3b8', maxTicksLimit: 8 }, grid: { color: 'rgba(148,163,184,0.12)' } }
+                y: { min: 30, max: 130, title: { display: true, text: 'dB', font: { family: 'IBM Plex Mono' } },
+                     ticks: { font: mono }, grid: {}, border: {} },
+                x: { ticks: { font: mono, maxTicksLimit: 8 }, grid: {}, border: {} }
             },
-            plugins: { legend: { labels: { color: '#cbd5e1' } } }
+            plugins: { legend: { labels: { font: { family: 'Hanken Grotesk' }, usePointStyle: true, pointStyleWidth: 10, boxHeight: 7 } } }
         }
     });
+    skinChart();
 }
+document.addEventListener('portal-theme', skinChart);
 
 function setCard(id, v) { document.getElementById(id).textContent = (v == null || v === '') ? '--' : v; }
 function setBadge(measuring, lastSeen) {
     const b = document.getElementById('p-badge'), f = document.getElementById('p-fresh');
-    if (measuring === null) { b.className = 'hidden px-2 py-0.5 text-xs font-medium rounded-full'; b.textContent = ''; }
-    else if (measuring) { b.className = 'px-2 py-0.5 text-xs font-medium rounded-full bg-green-900/40 text-green-300'; b.textContent = '● Live'; }
-    else { b.className = 'px-2 py-0.5 text-xs font-medium rounded-full bg-slate-700 text-gray-300'; b.textContent = '■ Stopped'; }
+    const base = 'inline-flex items-center gap-1.5 px-2.5 py-1 text-[11px] rounded-full border ';
+    if (measuring === null) { b.className = 'hidden'; b.textContent = ''; }
+    else if (measuring) { b.className = base + 'border-[rgba(244,139,28,0.45)] text-seismo-orange'; b.innerHTML = '<span class="live-dot"></span> Live'; }
+    else { b.className = base + 'border-[var(--border)] text-[var(--text-dim)]'; b.textContent = 'Stopped'; }
     f.innerHTML = fmtFreshness(lastSeen);
 }
 function fmtFreshness(iso) {
-    if (!iso) return '<span class="text-gray-500">no recent reading</span>';
+    if (!iso) return '<span class="text-[var(--text-dim)]">no recent reading</span>';
     const t = new Date(iso.endsWith('Z') ? iso : iso + 'Z');
     const s = Math.max(0, Math.round((Date.now() - t.getTime()) / 1000));
     let ago, stale = false;
@@ -113,7 +151,7 @@ function fmtFreshness(iso) {
     else if (s < 60) ago = s + 's ago';
     else if (s < 3600) { ago = Math.round(s / 60) + 'm ago'; stale = s >= 300; }
     else { ago = Math.round(s / 3600) + 'h ago'; stale = true; }
-    const cls = stale ? 'text-amber-400' : 'text-gray-400';
+    const cls = stale ? 'text-amber-400' : 'text-[var(--text-dim)]';
     return `as of ${t.toLocaleTimeString()} <span class="${cls}">(${ago}${stale ? ' · cached' : ''})</span>`;
 }
 
@@ -131,6 +169,7 @@ async function prefill() {
         setCard('p-ln1', d.ln1); setCard('p-ln2', d.ln2);
         const measuring = d.measurement_state === 'Start' || d.measurement_state === 'Measure';
         setBadge(measuring, d.last_seen);
+        paintLeq(measuring, d.leq);
     } catch (e) { /* keep last values */ }
 }
 async function backfill() {
@@ -184,6 +223,7 @@ function openStream() {
         setCard('p-ln1', d.ln1); setCard('p-ln2', d.ln2);
         const measuring = d.measurement_state === 'Start' || d.measurement_state === 'Measure';
         setBadge(measuring, d.timestamp || new Date().toISOString());
+        paintLeq(measuring, d.leq);
         pushPoint(d);
     };
     ws.onclose = () => { ws = null; };
@@ -231,7 +271,7 @@ async function loadEvents() {
                 j.active > 1 ? `${j.active} alerts currently active` : 'Currently above threshold.';
         } else banner.classList.add('hidden');
         const list = document.getElementById('p-events');
-        if (!events.length) { list.innerHTML = '<div class="text-sm text-gray-500">No alerts have fired.</div>'; return; }
+        if (!events.length) { list.innerHTML = '<div class="text-sm text-[var(--text-dim)]">No alerts have fired.</div>'; return; }
         list.innerHTML = '';
         for (const e of events) {
             const m = EV_METRIC[e.metric] || e.metric;
@@ -240,10 +280,9 @@ async function loadEvents() {
                                 : `${fmtAlertTime(e.onset_at)} → ${fmtAlertTime(e.clear_at)}`;
             const peak = (e.peak_value != null) ? ` · peak ${e.peak_value} dB` : '';
             const row = document.createElement('div');
-            row.className = 'px-3 py-2 rounded-lg border text-sm ' +
-                (active ? 'border-red-700/60 bg-red-900/20 text-red-200' : 'border-slate-700 bg-slate-800/40 text-gray-300');
-            row.innerHTML = `<div>${e.rule_name || 'Alert'} <span class="text-xs text-gray-400">· ${m} ${e.threshold_db} dB</span></div>
-                <div class="text-xs text-gray-400">${when}${peak}</div>`;
+            row.className = 'panel px-3.5 py-2.5 text-sm ' + (active ? 'border-[rgba(248,113,113,0.4)]' : '');
+            row.innerHTML = `<div class="${active ? 'text-red-300' : 'text-[var(--text)]'}">${e.rule_name || 'Alert'} <span class="text-xs text-[var(--text-dim)] font-mono">· ${m} ${e.threshold_db} dB</span></div>
+                <div class="text-xs text-[var(--text-dim)] font-mono mt-0.5">${when}${peak}</div>`;
             list.appendChild(row);
         }
     } catch (e) { /* leave history as-is */ }
diff --git a/templates/portal/overview.html b/templates/portal/overview.html
index a4760fb..f5673a2 100644
--- a/templates/portal/overview.html
+++ b/templates/portal/overview.html
@@ -62,16 +62,23 @@
 const LOCATIONS = {{ locations|tojson }};
 const liveState = {};          // loc.id -> {status, leq(num|null), leqStr}
 const markersById = {};        // loc.id -> circleMarker (for live recolor)
+let tiles = null;              // map tile layer (re-skinned on theme toggle)
 
-// Dot/level color. Placeholder bands until per-location alert thresholds exist.
+// Dot/level color (computed hex; reads the theme CSS vars so it flips with theme).
 const LEVEL_AMBER = 55, LEVEL_RED = 70;
-const COLOR_IDLE = '#5a6478';
 function levelColor(st) {
-    if (!st || st.status !== 'measuring' || st.leq == null) return COLOR_IDLE;
-    if (st.leq >= LEVEL_RED) return '#f87171';
-    if (st.leq >= LEVEL_AMBER) return '#fbbf24';
-    return '#34d399';
+    if (!st || st.status !== 'measuring' || st.leq == null) return cssVar('--text-dim');
+    if (st.leq >= LEVEL_RED) return cssVar('--lvl-bad');
+    if (st.leq >= LEVEL_AMBER) return cssVar('--lvl-warn');
+    return cssVar('--lvl-ok');
 }
+function tileUrl() {
+    return document.documentElement.getAttribute('data-theme') === 'light'
+        ? 'https://{s}.basemaps.cartocdn.com/light_all/{z}/{x}/{y}{r}.png'
+        : 'https://{s}.basemaps.cartocdn.com/dark_all/{z}/{x}/{y}{r}.png';
+}
+// Re-skin map tiles + recolor everything when the theme flips.
+document.addEventListener('portal-theme', () => { if (tiles) tiles.setUrl(tileUrl()); refreshAll(); });
 function num(v) { const f = parseFloat(v); return isNaN(f) ? null : f; }
 
 function fmtAgo(iso) {
@@ -163,7 +170,7 @@ if (withCoords.length) {
     const mapEl = document.getElementById('loc-map');
     mapEl.classList.remove('hidden');
     const map = L.map('loc-map', { scrollWheelZoom: false, attributionControl: true });
-    L.tileLayer('https://{s}.basemaps.cartocdn.com/dark_all/{z}/{x}/{y}{r}.png', {
+    tiles = L.tileLayer(tileUrl(), {
         maxZoom: 19, subdomains: 'abcd', attribution: '© OpenStreetMap © CARTO'
     }).addTo(map);
     const pts = [];
-- 
2.52.0


From 505c2e3ca53161ebf48cc9f8939558cac5f2a82e Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 20:34:31 +0000
Subject: [PATCH 21/27] =?UTF-8?q?style(portal):=20warm,=20solid=20light=20?=
 =?UTF-8?q?mode=20=E2=80=94=20paper=20bg=20+=20defined=20cards?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Light mode was washed out. Switch the background to warm paper (#f7f5ef), make
panels solid white (no longer translucent/ghostly) with a warm hairline border
and a grounded two-layer shadow, and warm the text ink. Light-specific hover
shadow (the dark one is invisible on paper). Also fix two dark-only reds — the
alarm banner and active-event text now use var(--lvl-bad) so they read on both
themes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 templates/portal/base.html     | 32 ++++++++++++++++++--------------
 templates/portal/location.html |  8 ++++----
 2 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/templates/portal/base.html b/templates/portal/base.html
index 36e8109..7fd0a3a 100644
--- a/templates/portal/base.html
+++ b/templates/portal/base.html
@@ -48,24 +48,28 @@
             --lvl-ok: #34d399; --lvl-warn: #fbbf24; --lvl-bad: #f87171;
             --m-lp: #60a5fa; --m-lmax: #f87171; --m-l1: #c084fc; --m-l10: #fbbf24;
         }
-        /* ---- light ---- */
+        /* ---- light (warm paper) ---- */
         html[data-theme="light"] {
-            --bg: #eef1f8;
-            --grid: rgba(20, 42, 102, 0.05);
-            --aurora-1: rgba(120, 150, 220, 0.22);
-            --aurora-2: rgba(244, 139, 28, 0.10);
-            --text: #16203a;
-            --text-dim: #5d6b86;
-            --border: rgba(20, 42, 102, 0.13);
-            --border-bright: rgba(20, 42, 102, 0.22);
-            --panel-a: rgba(255, 255, 255, 0.92);
-            --panel-b: rgba(248, 250, 254, 0.85);
-            --panel-inset: rgba(255, 255, 255, 0.6);
-            --panel-shadow: 0 18px 40px -28px rgba(40, 55, 95, 0.35);
-            --header-bg: rgba(244, 246, 251, 0.80);
+            --bg: #f7f5ef;                                /* warm paper */
+            --grid: rgba(92, 78, 52, 0.05);              /* warm faint grid */
+            --aurora-1: rgba(120, 140, 205, 0.15);       /* soft cool wash */
+            --aurora-2: rgba(244, 139, 28, 0.12);        /* brand warmth */
+            --text: #2a2620;                             /* warm charcoal ink */
+            --text-dim: #7c756a;                         /* warm muted */
+            --border: rgba(60, 50, 35, 0.15);
+            --border-bright: rgba(60, 50, 35, 0.12);
+            --panel-a: #ffffff;                          /* solid — no longer ghostly */
+            --panel-b: #fbfaf5;
+            --panel-inset: rgba(255, 255, 255, 0.9);
+            --panel-shadow: 0 14px 30px -16px rgba(60, 50, 35, 0.26), 0 2px 6px -2px rgba(60, 50, 35, 0.08);
+            --header-bg: rgba(247, 245, 239, 0.85);
             --lvl-ok: #16a34a; --lvl-warn: #d97706; --lvl-bad: #dc2626;
             --m-lp: #2563eb; --m-lmax: #dc2626; --m-l1: #9333ea; --m-l10: #d97706;
         }
+        /* On light, the hover-lift shadow wants warm depth (the dark one is invisible on paper). */
+        html[data-theme="light"] .panel-hover:hover {
+            box-shadow: 0 22px 44px -20px rgba(60, 50, 35, 0.30), 0 0 0 1px var(--accent-glow);
+        }
 
         html, body { height: 100%; }
         body {
diff --git a/templates/portal/location.html b/templates/portal/location.html
index b846da9..88a4f1f 100644
--- a/templates/portal/location.html
+++ b/templates/portal/location.html
@@ -19,8 +19,8 @@
 {% if not has_device %}
 <div class="panel reveal p-12 text-center text-[var(--text-dim)] mt-6">No device is currently assigned to this location.</div>
 {% else %}
-<div id="p-alarm-banner" class="hidden reveal mt-5 px-4 py-3 rounded-xl bg-[rgba(248,113,113,0.10)] border border-[rgba(248,113,113,0.38)] text-red-200 text-sm flex items-center gap-2.5">
-    <svg class="w-5 h-5 shrink-0 text-red-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+<div id="p-alarm-banner" class="hidden reveal mt-5 px-4 py-3 rounded-xl bg-[rgba(220,38,38,0.10)] border border-[rgba(220,38,38,0.32)] text-[var(--lvl-bad)] text-sm flex items-center gap-2.5">
+    <svg class="w-5 h-5 shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
         <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
               d="M12 9v2m0 4h.01M5.07 19h13.86c1.54 0 2.5-1.67 1.73-3L13.73 4a2 2 0 00-3.46 0L3.34 16c-.77 1.33.19 3 1.73 3z"/>
     </svg>
@@ -280,8 +280,8 @@ async function loadEvents() {
                                 : `${fmtAlertTime(e.onset_at)} → ${fmtAlertTime(e.clear_at)}`;
             const peak = (e.peak_value != null) ? ` · peak ${e.peak_value} dB` : '';
             const row = document.createElement('div');
-            row.className = 'panel px-3.5 py-2.5 text-sm ' + (active ? 'border-[rgba(248,113,113,0.4)]' : '');
-            row.innerHTML = `<div class="${active ? 'text-red-300' : 'text-[var(--text)]'}">${e.rule_name || 'Alert'} <span class="text-xs text-[var(--text-dim)] font-mono">· ${m} ${e.threshold_db} dB</span></div>
+            row.className = 'panel px-3.5 py-2.5 text-sm ' + (active ? 'border-[rgba(220,38,38,0.4)]' : '');
+            row.innerHTML = `<div class="${active ? 'text-[var(--lvl-bad)] font-medium' : 'text-[var(--text)]'}">${e.rule_name || 'Alert'} <span class="text-xs text-[var(--text-dim)] font-mono">· ${m} ${e.threshold_db} dB</span></div>
                 <div class="text-xs text-[var(--text-dim)] font-mono mt-0.5">${when}${peak}</div>`;
             list.appendChild(row);
         }
-- 
2.52.0


From a555cb74ddeca1a7bc82acc65bd552e12d141b7b Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 20:42:55 +0000
Subject: [PATCH 22/27] style(portal): default to light theme

Light is now the default for new visitors/clients (was dark); the toggle still
flips to dark and the choice persists. Also fixed the mobile theme-color meta to
update the actual <meta> tag (was setting a no-op attribute on <html>) and use the
warm paper shade.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 templates/portal/base.html | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/templates/portal/base.html b/templates/portal/base.html
index 7fd0a3a..d4f55fe 100644
--- a/templates/portal/base.html
+++ b/templates/portal/base.html
@@ -5,8 +5,8 @@
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <title>{% block title %}Monitoring{% endblock %} · TMI</title>
 
-    <!-- apply saved theme before paint (no flash) -->
-    <script>(function(){var t=localStorage.getItem('portal-theme')||'dark';document.documentElement.setAttribute('data-theme',t);})();</script>
+    <!-- apply saved theme before paint (no flash); light is the default -->
+    <script>(function(){var t=localStorage.getItem('portal-theme')||'light';document.documentElement.setAttribute('data-theme',t);})();</script>
 
     <link rel="preconnect" href="https://fonts.googleapis.com">
     <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
@@ -25,7 +25,7 @@
         }
     </script>
     <link rel="icon" type="image/png" sizes="32x32" href="/static/icons/favicon-32.png">
-    <meta name="theme-color" content="#080b14">
+    <meta name="theme-color" content="#f7f5ef">
 
     <style>
         /* ---- dark (default) ---- */
@@ -184,7 +184,8 @@
             const next = cur === 'light' ? 'dark' : 'light';
             document.documentElement.setAttribute('data-theme', next);
             try { localStorage.setItem('portal-theme', next); } catch (e) {}
-            document.documentElement.setAttribute('content', next === 'light' ? '#eef1f8' : '#080b14');
+            const mc = document.querySelector('meta[name="theme-color"]');
+            if (mc) mc.setAttribute('content', next === 'light' ? '#f7f5ef' : '#080b14');
             document.dispatchEvent(new CustomEvent('portal-theme', { detail: next }));
         }
     </script>
-- 
2.52.0


From a81764d4bc6f361c1a0361cc823bbbe2f3671841 Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 20:46:04 +0000
Subject: [PATCH 23/27] style(portal): cool light background, keep the solid
 cards
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reverts the light-mode ground to a cool light (#eef2f9) with cool navy ink,
borders, and shadow — keeping the solid (opaque, defined) cards from the
un-ghosting pass so it's clean rather than dull. theme-color meta updated to match.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 templates/portal/base.html | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/templates/portal/base.html b/templates/portal/base.html
index d4f55fe..375feee 100644
--- a/templates/portal/base.html
+++ b/templates/portal/base.html
@@ -25,7 +25,7 @@
         }
     </script>
     <link rel="icon" type="image/png" sizes="32x32" href="/static/icons/favicon-32.png">
-    <meta name="theme-color" content="#f7f5ef">
+    <meta name="theme-color" content="#eef2f9">
 
     <style>
         /* ---- dark (default) ---- */
@@ -48,27 +48,27 @@
             --lvl-ok: #34d399; --lvl-warn: #fbbf24; --lvl-bad: #f87171;
             --m-lp: #60a5fa; --m-lmax: #f87171; --m-l1: #c084fc; --m-l10: #fbbf24;
         }
-        /* ---- light (warm paper) ---- */
+        /* ---- light (cool) — solid cards on a cool ground ---- */
         html[data-theme="light"] {
-            --bg: #f7f5ef;                                /* warm paper */
-            --grid: rgba(92, 78, 52, 0.05);              /* warm faint grid */
-            --aurora-1: rgba(120, 140, 205, 0.15);       /* soft cool wash */
-            --aurora-2: rgba(244, 139, 28, 0.12);        /* brand warmth */
-            --text: #2a2620;                             /* warm charcoal ink */
-            --text-dim: #7c756a;                         /* warm muted */
-            --border: rgba(60, 50, 35, 0.15);
-            --border-bright: rgba(60, 50, 35, 0.12);
-            --panel-a: #ffffff;                          /* solid — no longer ghostly */
-            --panel-b: #fbfaf5;
+            --bg: #eef2f9;                               /* cool light */
+            --grid: rgba(20, 42, 102, 0.05);             /* cool faint grid */
+            --aurora-1: rgba(120, 150, 220, 0.18);       /* cool wash */
+            --aurora-2: rgba(244, 139, 28, 0.08);        /* faint brand accent */
+            --text: #16203a;                             /* cool navy ink */
+            --text-dim: #5d6b86;                         /* cool muted */
+            --border: rgba(20, 42, 102, 0.13);
+            --border-bright: rgba(20, 42, 102, 0.18);
+            --panel-a: #ffffff;                          /* solid — kept from the un-ghosting pass */
+            --panel-b: #f7f9fc;
             --panel-inset: rgba(255, 255, 255, 0.9);
-            --panel-shadow: 0 14px 30px -16px rgba(60, 50, 35, 0.26), 0 2px 6px -2px rgba(60, 50, 35, 0.08);
-            --header-bg: rgba(247, 245, 239, 0.85);
+            --panel-shadow: 0 14px 30px -16px rgba(40, 55, 95, 0.22), 0 2px 6px -2px rgba(40, 55, 95, 0.07);
+            --header-bg: rgba(238, 242, 249, 0.85);
             --lvl-ok: #16a34a; --lvl-warn: #d97706; --lvl-bad: #dc2626;
             --m-lp: #2563eb; --m-lmax: #dc2626; --m-l1: #9333ea; --m-l10: #d97706;
         }
-        /* On light, the hover-lift shadow wants warm depth (the dark one is invisible on paper). */
+        /* On light, the hover-lift shadow wants cool depth (the dark one vanishes on light). */
         html[data-theme="light"] .panel-hover:hover {
-            box-shadow: 0 22px 44px -20px rgba(60, 50, 35, 0.30), 0 0 0 1px var(--accent-glow);
+            box-shadow: 0 22px 44px -20px rgba(40, 55, 95, 0.26), 0 0 0 1px var(--accent-glow);
         }
 
         html, body { height: 100%; }
@@ -185,7 +185,7 @@
             document.documentElement.setAttribute('data-theme', next);
             try { localStorage.setItem('portal-theme', next); } catch (e) {}
             const mc = document.querySelector('meta[name="theme-color"]');
-            if (mc) mc.setAttribute('content', next === 'light' ? '#f7f5ef' : '#080b14');
+            if (mc) mc.setAttribute('content', next === 'light' ? '#eef2f9' : '#080b14');
             document.dispatchEvent(new CustomEvent('portal-theme', { detail: next }));
         }
     </script>
-- 
2.52.0


From c1bc391ba265b97142f47df29fc3e5eef426cd7b Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 23:28:57 +0000
Subject: [PATCH 24/27] feat(portal): show the client their active alert limits
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

New scoped GET /portal/api/location/{id}/thresholds returns the enabled alert
rules (scrubbed: name/metric/comparison/threshold/duration/schedule — no cooldown
or hysteresis internals). Location page renders an "Alert limits" panel above the
history, e.g. "Night noise · Leq above 65 dB for 60s · 22:00–07:00", hidden when
no limits are set. Gives the breach history context.

Verified: portal.py compiles; location script balances; template parses.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 backend/routers/portal.py      | 28 +++++++++++++++++++++++++
 templates/portal/location.html | 38 +++++++++++++++++++++++++++++++++-
 2 files changed, 65 insertions(+), 1 deletion(-)

diff --git a/backend/routers/portal.py b/backend/routers/portal.py
index 6f86108..412a7f5 100644
--- a/backend/routers/portal.py
+++ b/backend/routers/portal.py
@@ -242,6 +242,34 @@ async def portal_location_events(location_id: str, limit: int = 20,
     return {"status": "ok", "events": events, "active": sum(1 for e in events if e.get("status") == "active")}
 
 
+# Whitelist of alert-rule fields shown to a client (the active limits, no cooldown/
+# hysteresis internals).
+_PORTAL_RULE_FIELDS = ("name", "metric", "comparison", "threshold_db", "duration_s",
+                       "schedule_start", "schedule_end", "schedule_days")
+
+
+@router.get("/api/location/{location_id}/thresholds")
+async def portal_location_thresholds(location_id: str,
+                                     client: Client = Depends(get_current_client),
+                                     db: Session = Depends(get_db)):
+    """The active alert limits for a location the client owns (enabled rules only),
+    so the client can see what they're being alerted on. Read-only, scrubbed."""
+    resolve_client_location(client, location_id, db)
+    unit_id = active_unit_for_location(location_id, db)
+    if not unit_id:
+        return {"status": "ok", "rules": []}
+    try:
+        async with httpx.AsyncClient(timeout=5.0) as hc:
+            r = await hc.get(f"{SLMM_BASE_URL}/api/nl43/{unit_id}/alerts/rules")
+    except Exception:
+        return {"status": "ok", "rules": []}
+    if r.status_code != 200:
+        return {"status": "ok", "rules": []}
+    raw = (r.json() or {}).get("rules", [])
+    rules = [{k: x.get(k) for k in _PORTAL_RULE_FIELDS} for x in raw if x.get("enabled")]
+    return {"status": "ok", "rules": rules}
+
+
 # -- live stream (fan-out feed, scoped + scrubbed) ---------------------------
 
 def _scrub_frame(raw: str) -> str:
diff --git a/templates/portal/location.html b/templates/portal/location.html
index 88a4f1f..97d5e8b 100644
--- a/templates/portal/location.html
+++ b/templates/portal/location.html
@@ -69,8 +69,14 @@
     </div>
 </div>
 
+<!-- Alert limits (what this location is alerted on) -->
+<div id="p-limits-section" class="reveal mt-7 hidden" style="animation-delay:180ms">
+    <div class="text-[10px] uppercase tracking-[0.22em] text-[var(--text-dim)] font-mono mb-3">Alert limits</div>
+    <div id="p-thresholds" class="space-y-2"></div>
+</div>
+
 <!-- Alert history -->
-<div class="reveal mt-7" style="animation-delay:180ms">
+<div class="reveal mt-7" style="animation-delay:220ms">
     <div class="text-[10px] uppercase tracking-[0.22em] text-[var(--text-dim)] font-mono mb-3">Alert history</div>
     <div id="p-events" class="space-y-2"></div>
 </div>
@@ -260,6 +266,35 @@ window.addEventListener('beforeunload', closeStream);
 const EV_METRIC = { leq: 'Leq', lp: 'Lp', lmax: 'Lmax', lpeak: 'Lpeak', ln1: 'L1', ln2: 'L10' };
 function fmtAlertTime(iso) { return iso ? new Date(iso.endsWith('Z') ? iso : iso + 'Z').toLocaleString() : ''; }
 
+// ---- alert limits (the active thresholds, read-only) ---------------------
+function fmtThreshold(r) {
+    const m = EV_METRIC[r.metric] || r.metric;
+    const cmp = r.comparison === 'below' ? 'below' : 'above';
+    let s = `${m} ${cmp} ${r.threshold_db} dB`;
+    if (r.duration_s) s += ` for ${r.duration_s}s`;
+    if (r.schedule_start && r.schedule_end) s += ` · ${r.schedule_start}–${r.schedule_end}`;
+    return s;
+}
+async function loadThresholds() {
+    const sec = document.getElementById('p-limits-section');
+    try {
+        const j = await (await fetch(`/portal/api/location/${encodeURIComponent(LOC_ID)}/thresholds`)).json();
+        const rules = j.rules || [];
+        if (!rules.length) { sec.classList.add('hidden'); return; }
+        const list = document.getElementById('p-thresholds');
+        list.innerHTML = '';
+        for (const r of rules) {
+            const row = document.createElement('div');
+            row.className = 'panel px-3.5 py-2.5 text-sm flex items-center gap-2.5';
+            row.innerHTML = `<span class="w-1.5 h-1.5 rounded-full bg-seismo-orange shrink-0"></span>
+                <span class="text-[var(--text)]">${r.name || 'Alert'}</span>
+                <span class="text-[var(--text-dim)] font-mono text-xs">${fmtThreshold(r)}</span>`;
+            list.appendChild(row);
+        }
+        sec.classList.remove('hidden');
+    } catch (e) { sec.classList.add('hidden'); }
+}
+
 async function loadEvents() {
     try {
         const j = await (await fetch(`/portal/api/location/${encodeURIComponent(LOC_ID)}/events?limit=20`)).json();
@@ -293,6 +328,7 @@ prefill();      // instant first paint from cache
 backfill();     // seed the chart trail
 openStream();   // then upgrade to the live feed
 loadEvents();
+loadThresholds();
 setInterval(loadEvents, 20000);
 </script>
 {% endif %}
-- 
2.52.0


From fe7cf91488249b34cff60c120599f6247aa6a70e Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Thu, 11 Jun 2026 23:40:52 +0000
Subject: [PATCH 25/27] fix(portal): pre-merge security hardening from code
 review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- PORTAL_OPEN_LINKS now defaults OFF — /portal/open/* is an unauthenticated,
  proxy-reachable session-minting path (and a linked project's open link grants
  the whole client's scope), so it must be explicitly enabled in dev.
- Session cookie: enforce server-side expiry (check iat vs COOKIE_MAX_AGE — was
  browser-only) and guard a non-dict signed body (was an uncaught AttributeError →
  500, reachable if SECRET_KEY is the insecure default).
- Escape operator-set strings (location/rule/event names) before innerHTML +
  Leaflet tooltips — they're client-facing, so a name with markup was stored XSS
  in the client's browser. Global esc() helper applied at every injection point.
- WS _scrub_frame drops a non-JSON frame instead of forwarding it raw; /history
  rows now whitelisted like the other scoped endpoints.
- Preview-client slug uses the full project id (an 8-char prefix could collide
  two projects onto one client).

Verified: cookie reader (fresh/expired/non-dict/missing-iat) + open-links default
off; templates parse; scoped scrubbing intact.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 backend/portal_auth.py         | 23 +++++++++++++++--------
 backend/routers/portal.py      | 15 ++++++++++-----
 templates/portal/base.html     |  2 ++
 templates/portal/location.html |  8 ++++----
 templates/portal/overview.html |  6 +++---
 5 files changed, 34 insertions(+), 20 deletions(-)

diff --git a/backend/portal_auth.py b/backend/portal_auth.py
index 72537cc..d233e2f 100644
--- a/backend/portal_auth.py
+++ b/backend/portal_auth.py
@@ -40,14 +40,14 @@ if SECRET_KEY == "dev-insecure-change-me":
 COOKIE_NAME = "portal_session"
 COOKIE_MAX_AGE = 60 * 60 * 24 * 30  # 30 days
 
-# Dev convenience: plain, no-token portal links (/portal/open/{project_id}) so
-# anyone can open a client portal for feedback without minting a magic link.
-# Defaults ON for the current prototype (the whole app is open anyway); set
-# PORTAL_OPEN_LINKS=false before real clients are on the portal.
-PORTAL_OPEN_LINKS = os.getenv("PORTAL_OPEN_LINKS", "true").lower() in ("1", "true", "yes")
+# Plain, no-token portal links (/portal/open/{project_id}). These are an
+# UNAUTHENTICATED, proxy-reachable session-minting path (and a linked project's
+# open link grants the *whole* client's scope), so they default OFF and must be
+# explicitly enabled — set PORTAL_OPEN_LINKS=true only in a dev/prototype env.
+PORTAL_OPEN_LINKS = os.getenv("PORTAL_OPEN_LINKS", "false").lower() in ("1", "true", "yes")
 if PORTAL_OPEN_LINKS:
     logger.warning("[PORTAL] open links ENABLED — no-token /portal/open/* shareable links. "
-                   "Set PORTAL_OPEN_LINKS=false before real clients.")
+                   "Keep this OFF in any internet-facing / production deployment.")
 
 
 class PortalAuthError(Exception):
@@ -84,9 +84,16 @@ def _read_session_cookie(value: str):
         return None
     try:
         data = json.loads(base64.urlsafe_b64decode(body.encode()))
+        if not isinstance(data, dict):
+            return None
+        # Server-side expiry: a leaked cookie isn't valid forever (max_age is only a
+        # browser hint). iat is set by make_session_cookie.
+        iat = data.get("iat")
+        if not isinstance(iat, (int, float)) or (time.time() - iat) > COOKIE_MAX_AGE:
+            return None
+        return data.get("tid")
     except Exception:
         return None
-    return data.get("tid")
 
 
 # -- the dependency every portal route uses ---------------------------------
@@ -137,7 +144,7 @@ def ensure_project_client(project, db) -> Client:
     if project.client_id:
         client = db.query(Client).filter_by(id=project.client_id, active=True).first()
     if client is None:
-        slug = f"preview-{str(project.id)[:8]}"
+        slug = f"preview-{project.id}"   # full id — an 8-char prefix can collide across projects
         client = db.query(Client).filter_by(slug=slug).first()
         if client is None:
             client = Client(id=str(uuid.uuid4()),
diff --git a/backend/routers/portal.py b/backend/routers/portal.py
index 412a7f5..8c58614 100644
--- a/backend/routers/portal.py
+++ b/backend/routers/portal.py
@@ -211,7 +211,9 @@ async def portal_location_history(location_id: str, hours: float = 2.0,
         return {"status": "ok", "readings": []}
     if r.status_code != 200:
         return {"status": "ok", "readings": []}
-    return {"status": "ok", "readings": (r.json() or {}).get("readings", [])}
+    raw = (r.json() or {}).get("readings", [])
+    fields = ("timestamp", "lp", "leq", "lmax", "ln1", "ln2")  # whitelist, like the other endpoints
+    return {"status": "ok", "readings": [{k: x.get(k) for k in fields} for x in raw]}
 
 
 # Whitelist of alert-event fields exposed to a client (no internal ids/ack-by).
@@ -272,14 +274,15 @@ async def portal_location_thresholds(location_id: str,
 
 # -- live stream (fan-out feed, scoped + scrubbed) ---------------------------
 
-def _scrub_frame(raw: str) -> str:
+def _scrub_frame(raw: str):
     """Project a monitor frame down to the portal whitelist. Drops internal fields
     (unit_id, raw_payload, lmin) before it reaches a client; passes control fields
-    (feed_status, heartbeat) + timestamp through."""
+    (feed_status, heartbeat) + timestamp through. Returns None for a non-JSON frame
+    so the caller drops it rather than forwarding anything unscrubbed."""
     try:
         d = json.loads(raw)
     except Exception:
-        return raw
+        return None
     out = {k: d.get(k) for k in _PORTAL_LIVE_FIELDS if k in d}
     if "timestamp" in d:
         out["timestamp"] = d["timestamp"]
@@ -327,7 +330,9 @@ async def portal_location_stream(websocket: WebSocket, location_id: str):
 
         async def forward_to_client():
             async for message in backend_ws:
-                await websocket.send_text(_scrub_frame(message))
+                frame = _scrub_frame(message)
+                if frame is not None:
+                    await websocket.send_text(frame)
 
         async def watch_client():
             while True:
diff --git a/templates/portal/base.html b/templates/portal/base.html
index 375feee..c58f0be 100644
--- a/templates/portal/base.html
+++ b/templates/portal/base.html
@@ -179,6 +179,8 @@
     <script>
         // Theme toggle. Pages can listen for 'portal-theme' to re-skin canvases/maps.
         function cssVar(n) { return getComputedStyle(document.documentElement).getPropertyValue(n).trim(); }
+        // HTML-escape operator-set strings (location/rule names) before innerHTML/tooltip injection.
+        function esc(s) { return String(s == null ? '' : s).replace(/[&<>"']/g, c => ({ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' }[c])); }
         function togglePortalTheme() {
             const cur = document.documentElement.getAttribute('data-theme') === 'light' ? 'light' : 'dark';
             const next = cur === 'light' ? 'dark' : 'light';
diff --git a/templates/portal/location.html b/templates/portal/location.html
index 97d5e8b..377117f 100644
--- a/templates/portal/location.html
+++ b/templates/portal/location.html
@@ -268,7 +268,7 @@ function fmtAlertTime(iso) { return iso ? new Date(iso.endsWith('Z') ? iso : iso
 
 // ---- alert limits (the active thresholds, read-only) ---------------------
 function fmtThreshold(r) {
-    const m = EV_METRIC[r.metric] || r.metric;
+    const m = EV_METRIC[r.metric] || esc(r.metric);
     const cmp = r.comparison === 'below' ? 'below' : 'above';
     let s = `${m} ${cmp} ${r.threshold_db} dB`;
     if (r.duration_s) s += ` for ${r.duration_s}s`;
@@ -287,7 +287,7 @@ async function loadThresholds() {
             const row = document.createElement('div');
             row.className = 'panel px-3.5 py-2.5 text-sm flex items-center gap-2.5';
             row.innerHTML = `<span class="w-1.5 h-1.5 rounded-full bg-seismo-orange shrink-0"></span>
-                <span class="text-[var(--text)]">${r.name || 'Alert'}</span>
+                <span class="text-[var(--text)]">${esc(r.name || 'Alert')}</span>
                 <span class="text-[var(--text-dim)] font-mono text-xs">${fmtThreshold(r)}</span>`;
             list.appendChild(row);
         }
@@ -309,14 +309,14 @@ async function loadEvents() {
         if (!events.length) { list.innerHTML = '<div class="text-sm text-[var(--text-dim)]">No alerts have fired.</div>'; return; }
         list.innerHTML = '';
         for (const e of events) {
-            const m = EV_METRIC[e.metric] || e.metric;
+            const m = EV_METRIC[e.metric] || esc(e.metric);
             const active = e.status === 'active';
             const when = active ? `since ${fmtAlertTime(e.onset_at)}`
                                 : `${fmtAlertTime(e.onset_at)} → ${fmtAlertTime(e.clear_at)}`;
             const peak = (e.peak_value != null) ? ` · peak ${e.peak_value} dB` : '';
             const row = document.createElement('div');
             row.className = 'panel px-3.5 py-2.5 text-sm ' + (active ? 'border-[rgba(220,38,38,0.4)]' : '');
-            row.innerHTML = `<div class="${active ? 'text-[var(--lvl-bad)] font-medium' : 'text-[var(--text)]'}">${e.rule_name || 'Alert'} <span class="text-xs text-[var(--text-dim)] font-mono">· ${m} ${e.threshold_db} dB</span></div>
+            row.innerHTML = `<div class="${active ? 'text-[var(--lvl-bad)] font-medium' : 'text-[var(--text)]'}">${esc(e.rule_name || 'Alert')} <span class="text-xs text-[var(--text-dim)] font-mono">· ${m} ${e.threshold_db} dB</span></div>
                 <div class="text-xs text-[var(--text-dim)] font-mono mt-0.5">${when}${peak}</div>`;
             list.appendChild(row);
         }
diff --git a/templates/portal/overview.html b/templates/portal/overview.html
index f5673a2..941063d 100644
--- a/templates/portal/overview.html
+++ b/templates/portal/overview.html
@@ -96,9 +96,9 @@ function updateMarker(loc) {
     const m = markersById[loc.id]; if (!m) return;
     const st = liveState[loc.id];
     m.setStyle({ fillColor: levelColor(st) });
-    let label = `<b>${loc.name}</b>`;
+    let label = `<b>${esc(loc.name)}</b>`;
     if (st) {
-        if (st.status === 'measuring') label += ` &middot; ${st.leqStr} dB Leq`;
+        if (st.status === 'measuring') label += ` &middot; ${esc(st.leqStr)} dB Leq`;
         else if (st.status === 'stopped') label += ' &middot; stopped';
         else if (st.status === 'nodevice') label += ' &middot; no device';
         else label += ' &middot; offline';
@@ -180,7 +180,7 @@ if (withCoords.length) {
             markersById[l.id] = L.circleMarker([la, lo], {
                 radius: 7, fillColor: levelColor(liveState[l.id]), color: '#fff',
                 weight: 2, opacity: 0.9, fillOpacity: 0.95,
-            }).addTo(map).bindTooltip(l.name, { direction: 'top', offset: [0, -6] });
+            }).addTo(map).bindTooltip(esc(l.name), { direction: 'top', offset: [0, -6] });
             pts.push([la, lo]);
         }
     });
-- 
2.52.0


From 04cd6b9f24fec36d005e66470104765aaec2d253 Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Fri, 12 Jun 2026 02:39:33 +0000
Subject: [PATCH 26/27] docs(portal): security hardening backlog for the
 dedicated pass

Consolidates the deferred items (reverse proxy exposing only /portal/*, TLS,
SECRET_KEY, PORTAL_OPEN_LINKS off, M4 auth incl. the operator app + currently-
unauthenticated operator endpoints, and the smaller code-review items) into an
actionable checklist so the hardening session starts from a list, not a recall.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 docs/CLIENT_PORTAL.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/docs/CLIENT_PORTAL.md b/docs/CLIENT_PORTAL.md
index c489567..b654d72 100644
--- a/docs/CLIENT_PORTAL.md
+++ b/docs/CLIENT_PORTAL.md
@@ -175,3 +175,34 @@ live data, all from cache.
 - `SECRET_KEY` must be a real secret in prod (env, not committed).
 - Cookies: `HttpOnly`, `SameSite=Lax`, `Secure` once behind TLS.
 - Tokens stored hashed; raw shown once. Revocation is immediate.
+
+## Security hardening backlog ("Fest 2026")
+
+The to-do for the dedicated hardening pass, roughly highest-impact first. Until
+then the portal runs on security-by-obscurity (open port + interim links) — fine
+for a not-in-use demo, not for real clients.
+
+**Exposure (the big one):** port 8001 serves the *entire operator app* (roster,
+projects, `/admin/*`, device config, the SLMM proxy) with **zero auth**, so an
+open port exposes far more than the read-only portal.
+- [ ] Reverse proxy (NPM/Caddy/Nginx) in front, exposing **only `/portal/*`** to
+      the internet; keep the operator app reachable on the LAN only.
+- [ ] TLS everywhere (Let's Encrypt). Then set portal cookies `Secure`.
+- [ ] Don't port-forward the raw app; if a quick gate is wanted before M4, an
+      auth proxy (Authelia / Authentik) can front the portal without writing auth.
+
+**Config musts:**
+- [ ] Set a real `SECRET_KEY` env (signs session cookies; default is public).
+- [ ] `PORTAL_OPEN_LINKS=false` in any internet-facing env (it defaults off now).
+
+**M4 — real auth** (replaces the interim token behind `get_current_client`):
+- [ ] Magic-link email and/or accounts; proper sessions + password reset.
+- [ ] Authenticate the **operator** app too (it currently has none).
+- [ ] Gate the operator-only endpoints that are presently unauthenticated:
+      `/projects/{id}/portal-preview`, `/projects/{id}/portal-link*`,
+      `/portal/open/*`.
+
+**Smaller items from the pre-merge code review:**
+- [ ] Keepalive isn't auto-turned-off when the last alert rule on a unit is
+      deleted (intentional "never auto-off"; revisit if it wastes cellular).
+- [ ] Consider rate-limiting the scoped portal endpoints once public.
-- 
2.52.0


From 684a487203463b3e4aa2f39cb36df1f2fa07fb59 Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Fri, 12 Jun 2026 03:20:16 +0000
Subject: [PATCH 27/27] =?UTF-8?q?docs:=20changelog=20[Unreleased]=20?=
 =?UTF-8?q?=E2=80=94=20add=20the=20client=20portal=20feature?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Documents the read-only client portal under [Unreleased] alongside the SLM
live-monitoring work: per-client scoping + interim auth, live location view with
the auto-closing WS stream, locations overview map + rollup, the alerts
config→surface→24/7 track, operator sharing tools, the field-instrument design +
light/dark toggle, the security posture, and upgrade notes (migration, SECRET_KEY,
SLMM alert-engine pairing).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 CHANGELOG.md | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 908f277..5941174 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -49,6 +49,62 @@ The two builds must ship **together**.  Note the `docker-compose.yml` container
 
 ---
 
+### Client portal *(new — read-only client-facing view)*
+
+A scoped, read-only portal at **`/portal/*`** where a client sees only *their*
+locations, live.  Built inside Terra-View (no new service), reusing the cached
+SLMM feed; every route resolves the client through one swappable
+`get_current_client` gate, so the interim magic/open-link auth can be replaced
+(M4) without touching routes or templates.  Strictly read-only — no device control.
+
+#### Added
+
+- **Per-client scoping + interim auth.**  New `Client`, `ClientAccessToken`, and a
+  `Project.client_id` FK.  A signed (HMAC) session cookie carries the access-token
+  id, re-validated against the DB each request (revoke kills live sessions, with
+  server-side expiry).  Entry via a magic link (`/portal/enter/{token}`) or a
+  dev-only plain link (`/portal/open/{id}`, `PORTAL_OPEN_LINKS`, **default off**).
+- **Live location view.**  KPI cards (Lp/Leq/Lmax/L1/L10) + chart populate
+  instantly from cache, then upgrade to a real **~1 Hz WebSocket stream** scoped to
+  the client's unit (a scrubbed bridge to the SLMM fan-out feed).  The stream
+  **auto-closes when the tab is hidden** (Page Visibility) and after a 15-min idle
+  cap, so an abandoned tab can't pin the device at 1 Hz / burn cellular.
+- **Locations overview.**  Live status map (level-colored dots, dark/light CARTO
+  tiles) + a status rollup (live/offline counts, "loudest now").  Leq is the
+  headline metric.
+- **Alerts (config → surface → 24/7).**  Threshold-rule config on the SLM detail
+  page (proxying SLMM's alert CRUD); breach **history + ack** internally and a
+  read-only, scrubbed history + current-alarm banner + **"your alert limits"** panel
+  in the portal; enabling a rule pins that device's monitor on so alerts evaluate
+  round-the-clock.
+- **Operator sharing tools.**  A **"View client portal"** preview button and a
+  **"Copy client link"** modal (mint / list / revoke magic links) on the project
+  page, plus a `backend/portal_admin.py` CLI.
+- **Field-instrument design.**  Distinctive themed portal — Hanken Grotesk UI +
+  IBM Plex Mono readouts, panel system, pulsing live dot, staggered reveal — with a
+  **light/dark toggle** (light default, persisted, no-flash).
+
+#### Security
+
+- All scoping enforced server-side (404-not-403, no existence leak); client
+  endpoints return **scrubbed** projections (no device-health/internal ids); WS
+  frames whitelisted; operator-set strings HTML-escaped before injection (XSS).
+  Pre-merge code review hardened cookie expiry, open-links default, and the slug
+  collision.  Remaining hardening (reverse proxy, TLS, `SECRET_KEY`, M4 auth) is
+  tracked in `docs/CLIENT_PORTAL.md` → "Security hardening backlog".
+
+#### Upgrade Notes
+
+- **Migration:** `docker compose exec web-app python3 backend/migrate_add_client_portal.py`
+  (adds `projects.client_id`; the `clients` / `client_access_tokens` tables
+  auto-create).
+- Set a real **`SECRET_KEY`** in any internet-facing env (signs session cookies),
+  and keep **`PORTAL_OPEN_LINKS=false`** there.
+- Portal alerts depend on the **SLMM `dev`** alert engine (rules/events/evaluator +
+  cooldown + keepalive coupling) — same build pairing as above.
+
+---
+
 ## [0.13.3] - 2026-06-05
 
 Calibration sync from SFM events.  Closes the manual data-entry loop on calibration dates — Terra-View now pulls `device.calibration_date` from each seismograph's most recent event sidecar once a day and updates `RosterUnit.last_calibrated` when the device reports something fresher than what's stored.  Manual edits still win when they're newer than the latest event; a fresh event arriving later supersedes the manual edit.  Adds a "Sync now" button under Settings → Advanced → Calibration Defaults for on-demand runs, and a `docs/ROADMAP.md` to track in-flight + deferred work.
-- 
2.52.0