Giorgio Gilestro
6e7f57c6b2
Server no longer holds portfolios. Holdings live in the browser (localStorage); the server publishes an anonymous ticker_universe and a gzipped /api/universe payload identical for every authenticated user, so access patterns can't betray which tickers a user holds. AI commentary is generated ephemerally from the browser-supplied pie and the cost ledger row records no positions. Migrations 0009-0011 added the universe table and dropped positions / portfolio_snapshots / portfolios. Authentication is now e-mail OTP only. Migration 0010 dropped password_hash and email_verified (every active session is by construction proof of email control). The /signup endpoint is gone; signup and login share a single email-entry page. Email rendering is HTML+plain-text multipart with a shared brand palette (app/branding.py) asserted in sync with the CSS by a drift-detection test. LLM provider defaults to DeepSeek-direct (cheaper, api.deepseek.com) with OpenRouter as automatic fallback if DeepSeek fails. ai_log_job and indicator_summary_job now iterate the two tones (NOVICE, INTERMEDIATE) per cycle so the dashboard's tone toggle is instant; PROMPT_VERSION bumped to 6 with an educational anti-TA / anti-gambling stance baked into _CORE. NOVICE mode renders a curated glossary inline (CBOE VIX, yield curve, HY OAS, etc.) with JS-positioned tooltips that survive viewport edges and sticky bars. Model name and tokens hidden from the user UI; still recorded in StrategicLog.model and AICall for admin. Layout adds a sticky top nav, a sticky bottom markets bar (one chip per exchange with status LED + headline index + 1d change), and Phase H feedback reporting is queued in tasks/todo.md. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
48 lines
1.6 KiB
HTML
48 lines
1.6 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
<title>Cassandra · Verify email</title>
|
|
<script>
|
|
(function() {
|
|
try { document.documentElement.dataset.theme = localStorage.getItem('cassandra.theme') || 'dark'; }
|
|
catch (e) { document.documentElement.dataset.theme = 'dark'; }
|
|
})();
|
|
</script>
|
|
<link rel="stylesheet" href="{{ url_for('static', path='/css/cassandra.css') }}" />
|
|
</head>
|
|
<body>
|
|
<div class="auth-shell">
|
|
<div class="auth-card">
|
|
<div class="auth-card__brand">Cassandra</div>
|
|
<div class="auth-card__hint">verify your email</div>
|
|
|
|
<p class="auth-card__lede">
|
|
We sent a {{ ttl_minutes }}-minute code to <strong>{{ email }}</strong>.
|
|
Enter the 6 digits below to finish signing in.
|
|
</p>
|
|
|
|
{% if error %}<div class="auth-error">{{ error }}</div>{% endif %}
|
|
{% if sent %}<div class="auth-info">{{ sent }}</div>{% endif %}
|
|
|
|
<form method="post" action="/verify" autocomplete="off">
|
|
<label>Verification code
|
|
<input type="text" name="code" inputmode="numeric" pattern="[0-9]{6}"
|
|
minlength="6" maxlength="6" required autofocus
|
|
style="font-family:var(--font-mono); letter-spacing:0.4em; text-align:center;">
|
|
</label>
|
|
<button type="submit">Verify</button>
|
|
</form>
|
|
|
|
<form method="post" action="/verify/resend" style="margin-top:0.75rem;">
|
|
<button type="submit" class="auth-card__resend">Resend code</button>
|
|
</form>
|
|
|
|
<div class="auth-card__alt">
|
|
Wrong email? <a href="/logout">Start over →</a>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html>
|