Built in shifts with four AI agents

Full feature changelog

Every feature added to the site, in the order it was built. For a grouped current-state summary, see the Overview tab.

• Interactive world map — D3 Natural Earth projection with drag-to-pan and scroll-to-zoom
• Visit frequency colour coding — four tiers from "visited once" through "5+ visits", giving an honest picture of familiarity with each country
• City & region markers — purple dot markers for specific cities visited within countries, with hover tooltips
• Live stats header — countries, cities, continents and percentage progress toward 195 countries, computed dynamically from data
• Country rules — a displayed standard for what qualifies as a visited country (overnight stay or 24+ hours)
• Password-protected admin panel — full CRUD interface to add/remove countries and cities, set visit tiers, and save changes
• JWT authentication — the admin API is secured with signed tokens (30-hour expiry). Legacy JWT still accepted for backward compatibility.
• REST API — clean separation between data and presentation; map fetches live data on every load
• Responsive & resilient map — re-renders on window resize; graceful fallback if the API is unreachable
• Social profile links — LinkedIn, GitHub, and Salesforce Trailhead linked from the homepage
• "Chat with Dan" RAG chatbot — floating AI assistant powered by the Claude API, grounded in a curated knowledge base (website content, LinkedIn, GitHub, uploaded documents)
• Knowledge base document ingestion — server-side folder auto-parses .txt, .pdf, and .docx files and feeds them into the chatbot context
• Country fun facts — clicking a visited country generates three surprising facts via Claude, permanently cached server-side
• Daily AI content page — /random generates a fresh piece each day (fact series, thought experiment, etymology, etc.) via Claude, cached until Sydney midnight
• Ideas log — a running backlog of planned features with full CRUD API and a password-protected browser interface
• Shared admin session — single password login persists across all admin-capable pages via localStorage
• Admin map improvements — every country clickable in admin mode; new cities geocoded via Nominatim on save
• Private podcast hosting — audio files served via secret-URL RSS feeds; supports multiple named channels, each with its own feed URL; browser interface with drag-drop upload, XHR progress, channel management, and file deletion
• Steam gaming page — live data from the Steam Web API showing top games by playtime, total library stats, and achievement counts; server-side cached and proxied via Flask
• Server migration — entire site migrated from AWS EC2 (Nginx, Amazon Linux) to AWS Lightsail (Caddy, Ubuntu), consolidated with an existing Foundry VTT game server; DNS cutover, SSL provisioning, and systemd setup with zero downtime
• Uptime monitoring & status page — live status page showing 90-day uptime history, powered by an internal heartbeat service and an external uptime monitor; response times and downtime events logged as colour-coded day blocks
• Document Intelligence (IDP) — AI-powered document extraction tool reads PDFs, images, and Word docs to extract structured data with confidence scores; multiple vision models (Claude, GPT-4o, Gemini), shareable templates, sync/async API
• GitHub integration & CI/CD — GitHub Actions workflow auto-deploys on every push to main via a dedicated SSH deploy key
• Streaming chatbot responses — "Chat with Dan" now streams tokens live via Server-Sent Events with an animated cursor
• MCP experiment — a local stdio MCP prototype was built and later removed after it proved heavier than necessary for same-process chatbot access
• Claude API usage dashboard — the status page tracks chatbot token consumption per day with metric cards and an interactive D3 bar chart
• Published work section — homepage features an embedded Salesforce video and two authored Salesforce blog articles as equal-width cards

• Personal VPN service — click-to-provision ephemeral EC2 t3.nano exit nodes across 7 AWS regions using Tailscale for the mesh; nodes auto-terminate after inactivity; cost tracked per-session; interactive D3 world map, live connection visualisation, Tailscale key management
• Site-wide search — full-text search across all pages powered by SQLite FTS5; Cmd+K overlay with debounced as-you-type results, arrow-key navigation; auto-reindexes on every git commit via a post-commit hook
• Google Analytics dashboard — GA4 Data API integration showing realtime active users, page views (today/7d/30d), top pages bar chart, and visitor countries; 5-minute server-side cache
• Site-wide RAG chatbot — floating chat bubble on every page powered by a knowledge base of uploaded documents; all traffic via OpenRouter with a model picker (Gemini, Llama 4, DeepSeek, Mistral, Qwen3); admins can upload files or paste text via /knowledge.html
• Full OpenRouter routing — all AI calls (chatbot, IDP, Doom AI commentary) now route exclusively through OpenRouter, consolidating billing and enabling model switching without code changes
• GPS tracking & route visualisation — OwnTracks on iOS/Android posts coordinates via MQTT over TLS to Mosquitto; GPX tracks batch-processed to per-day GeoJSON; interactive Leaflet map at /travel/gps.html with collapsible sidebar, day-by-day timeline, per-person colour coding, Overview/Live/Narrative modes, date-range filter, D3 heatmap, and floating activity stats panel
• Settings page — centralised /settings.html for per-user account preferences; a Python bulk-update script propagated the Settings nav link across all site pages preserving per-file indentation
• OwnTracks user management — dedicated tab in the admin User Management panel; admins provision, reset, and revoke MQTT credentials per user; deactivating a user automatically revokes their MQTT account
• Content Security Policy (Phase 2) — all inline scripts and event handlers extracted to external .js files; no unsafe-inline in script-src; inline handlers replaced with addEventListener and data-* delegation across all pages
• Multi-model chatbot — the site chatbot now supports Claude CLI and Codex CLI as selectable backends in addition to OpenRouter models
• Time-spent widget — this page shows a live estimate of total hours spent building the site, broken down by agent, derived from JSONL session logs; auto-refreshes every five minutes
• Persistent Steam cache — Steam API data written to disk so the gaming page loads instantly after server restarts
• Pre-baked VPN AMIs — a Python bake script pre-installs Tailscale + iptables on a temporary EC2, captures an AMI, and terminates the instance; launch instances now use a slim bootstrap, cutting expected boot time significantly
• Jobhunt daily cron — job suggestions auto-generate at 06:00 each morning (Australia/Sydney time) via a cron-safe Flask app-context script; server timezone changed to Australia/Sydney
• VPN global expansion — added 5 new regions (Canada Central, Ireland, Singapore, Sydney, US West) with pre-baked AMIs; interactive map now shows 7 clickable dots
• Security hardening — SRI integrity hashes on CDN resources; _get_ip() fixed to use remote_addr to prevent X-Forwarded-For spoofing; burst rate limiting on login; SSRF block in job hunt URL archiver; archived HTML served as Content-Disposition: attachment to prevent stored XSS; fail2ban jail for MQTT port 8883; unauthenticated API endpoints audited
• IDP page fully functional — discovered 11 functions that were referenced but never defined since the page's creation; the synchronous updateRunBtn() call during page init had been silently blocking all rendering; now fully implemented including confidence bars, JSON/CSV export, template saving with shareable links, and auto-detect fields
• GPS travel wishlist — admin can add future destinations via the sidebar form with Nominatim geocoding; gold star markers on the map; stored in S3 with full CRUD API
• Automated homepage thumbnails — replaced hand-crafted SVG card thumbnails with live Playwright screenshots of every page, captured daily at 03:00 via a headless Chromium service; Caddy thumbnail cache changed to max-age=3600, must-revalidate
• Page Health Monitor — admin-only service at /status/monitor/ that takes full-page Playwright screenshots of every site page, sends each to the OpenRouter vision API (Gemini 2.0 Flash) for AI-powered visual review, and surfaces issues as a card-based dashboard; runs on-demand or automatically at 04:00 daily
• Three-tier user roles — user auth extended to admin, readonly_admin, and standard roles; read-only admins can inspect admin pages but mutating requests are blocked server-side
• Role migration repair — initial three-role rollout only derived role from the legacy is_admin flag; the live site used '*' page permissions as the real source of truth; migration now promotes any legacy '*'-permission account correctly
• Jobhunt auth bootstrap fix — name collision between shared nav bundle and jobhunt script caused a SyntaxError before auth initialisation ran, producing a blank page; jobhunt-specific session state is now namespaced
• User management redirect-loop fix — the real failure was a missing #nav-email element in the admin page JS, which threw and redirected back to login; the init path now guards that optional element
• User-menu impersonation — impersonation now starts from User Management; admins can swap into another user account while the original session is preserved in a separate cookie; the shared nav exposes a global "Stop impersonating" action

• Job Hunt ATS (initial) — private page at /jobhunt/ with a full kanban + table pipeline tracker, AI daily shortlist generation via Codex, per-opportunity editing, and an internal ideas roadmap
• Android emulator — live Android 14 emulator on an on-demand EC2 t3.large with KVM acceleration; ffmpeg captures both virtual framebuffer (MJPEG) and PulseAudio (Opus) and streams to the browser; touch events and hardware buttons forwarded via adb shell input; custom AMI cuts cold-start to under 5 minutes
• Automated pen-testing — weekly cron job runs nuclei against the live site; timestamped reports stored and surfaced at /status/security/ with pass/fail badges and expandable output; full HTTP security header suite added to Caddy
• User management & full auth overhaul — replaced single shared admin password with SQLite users.db; bcrypt passwords; HttpOnly session cookie; Caddy forward-auth; Google OAuth; Resend invite emails; per-user page permissions; admin panel at /admin/users.html
• Shortlist "Already applied" action — today's jobhunt shortlist includes an "Already applied" button that updates the persistent ATS status and removes the role from the shortlist in-place
• Declined shortlist items disappear — shortlist state filter now suppresses roles whose ATS opportunity has been marked not_interested
• Dedicated CSP security subtab — the security page treats CSP as a first-class scan artifact; a new daily audit script writes csp.json after scanning the current CSP header, recent browser report evidence, and frontend source matches
• Status page visibility fix — the main container carried the shared hidden class from initial page load; the load completion path now explicitly removes it before revealing the dashboard
• Jobhunt closed stage and split salary columns — distinct closed status added across backend, filter dropdown, and kanban board; compensation separated into "Stated Salary" (from listing text) and "AI Estimated Salary" (Glassdoor/Codex market estimate)
• Per-listing jobhunt refresh — each ATS row has a refresh action that re-runs the machine-owned parts of the pipeline (metadata, archive, salary estimation, match rationale) while leaving human-managed fields untouched
• Jobhunt multi-picklist filters — Status and Source filters are now checkbox-based multi-picklists; default status selection hides declined and closed outcomes
• Jobhunt Sydney timestamps and ATS badges — timestamps stored and rendered as explicit Australia/Sydney ISO datetimes; company cells render a CSP-safe generated badge; location cells show SVG flag images
• Jobhunt real company logos — ATS company column fetches and caches real logo images server-side from archived job HTML, serving them from the site's own origin
• Jobhunt shortlist now requires direct role URLs — search-result pages (Google, LinkedIn, Seek, etc.) are rejected; both generation-time validation and read-time filtering enforce direct job or application page URLs
• Workday shortlist URL repair — fixed a Workday URL builder that dropped the board segment from relative /job/... paths, producing 404s for live listings
• Jobhunt shortlist URL verification — every generated role URL is now fetched by the backend before save; only suggestions whose pages archive successfully are kept; the generation prompt explicitly tells Codex that unverifiable listings will be rejected
• Jobhunt action bindings restored — the page had lost its boot-time event wiring for static controls; buttons like "Generate today's five" and "Refresh today" now rebind on load
• Jobhunt generation reports real outcomes — the shortlist generator returns proposed, verified, saved, and rejected counts; the frontend status line rotates through live generation phases before finishing with a truthful summary
• Jobhunt ATS delete action — dedicated Delete action in both table and kanban views; deleting an opportunity also clears any matching entry from today's shortlist
• Kryptex XMR setup — the cryptocurrency page was converted from a generic plan into a Kryptex-specific implementation; new /api/crypto/stats endpoint probes the local XMRig service; admin Start/Stop controls manage xmrig.service via systemd
• Cryptocurrency live integration — XMRig installed and mining against Kryptex via xmr.kryptex.network:8029; stats endpoint handles the real XMRig summary payload shape; Start/Stop polls through the RandomX warm-up
• Cryptocurrency charts and condensed layout — the page was compressed from a long-form plan into an operator dashboard; charts show hashrate, accepted shares, and service state over the last 24 hours
• Cryptocurrency throttle reduced — XMRig CPU thread hint and systemd hard cap reduced from 50% to 25% to be gentler on the server
• Monitor evidence surfaced — Page Health Monitor now exposes the actual affected URL and captured AI evidence for each open issue; issue cards show the failing page URL and extracted findings
• Smart Home Radar — /smarthome/ curates Tuya Zigbee device recommendations with compatibility evidence links; per-user wishlist and not_interested selections stored in users.db
• Smart Home pricing — buy links on /smarthome/ now show indicative Australia pricing ranges next to Amazon AU and AliExpress searches
• Jobhunt company tracker — new "Companies to investigate" flow persists Codex suggestions into a dedicated company table; editable last-checked dates and notes; manual add supported; Codex auto-fills careers URL, domain, and rationale; column sorting; hidden-rows filter
• Tokaido planning page — public travel sub-page at /travel/tokaido-2-electric-boogaloo/; includes the actual Tokyo-to-Kyoto route from the uploaded itinerary CSV, day-by-day stage sequence, Google Maps vs actual distances, revised buffered itinerary, and per-stage GPS coordinates
• Breadcrumb navigation service — every page carries a two- or three-level breadcrumb rail generated by scripts/add_crumbs.py; each crumb has a dropdown listing siblings at the same depth
• AI attribution visualisation — this page shows a live graphic of which AI built which part of the site, sourced from Co-Authored-By git commit trailers; site-wide summary bar plus a per-card grid with colour-coded split bars; served from a 1-hour server-side cache
• AGENTS.md — Codex system instructions — a repo-root AGENTS.md is auto-loaded by the Codex CLI as its system prompt; encodes git hygiene, CSP safety, auth patterns, breadcrumb conventions, and salary column rules
• Anthropic application questions — admin-only page at /jobhunt/application-questions/ storing drafted answers for the Anthropic application form
• Jobhunt salary column rules enforced — "Salary" renamed to "Stated Salary" (listing-only) and "Estimated" renamed to "AI Estimated Salary" (AI market estimates); rules encoded in server.py, AGENTS.md, and applied retroactively
• Jobhunt expired listing detection — Greenhouse-style soft-redirects now detected via final-URL pattern matching and page title blocklist; an expired badge shown on manually-tagged ATS rows
• Jobhunt paused roles hidden by default — daily shortlist suppresses paused, rejected, and archived statuses; tracker status filter no longer includes "On hold" in its default selection
• Page Health Monitor false-positive suppression — the monitor AI prompt now includes page-specific hints to prevent recurring false positives; previously flagged false-positive issues resolved with notes in monitor.db
• Admin cross-user jobhunt management — the jobhunt page supports an admin-only "manage pipeline for" switcher; all jobhunt routes resolve a target user safely, letting admins view and edit another user's full pipeline
• Jobhunt companies-to-investigate panel — today's shortlist is now split into two columns: left shows today's five AI-suggested roles; right shows a Codex-generated list of companies worth investigating
• Jobhunt switcher removed — the temporary admin "manage pipeline for" control removed from the jobhunt page; user switching now lives only in User Management

• Salesforce OAuth2 integration — OAuth2 with PKCE flow connects the site to a Salesforce org; the refresh token is stored server-side for authenticated API queries; the /salesforce page manages the connection state
• Actions API and Swagger UI — a per-user token system provides machine-readable access to site data; the Swagger UI at /api/ exposes all endpoints with interactive curl examples and 8 auth methods
• Moveworks natural-language agent — a plain-English query interface at /moveworks backed by 6 capability integrations: server health, site access logs, job hunt pipeline data, GitHub activity (repos, issues, commits), notification dispatch, and Google Calendar events
• Google Calendar integration — OAuth2 connection; upcoming events are readable and writable via the Moveworks agent and a dedicated /google/calendar page
• Google Photos integration — OAuth2-gated page at /googlephotos for browsing and curating personal photos by date
• GitHub integration page — dedicated page at /github for querying repositories, issues, and commits; powers the GitHub capability in the Moveworks agent
• Notifications system — admin-managed notification type and delivery channel registry with live delivery stats at /notifications
• Gymrat timetable — live gym class schedule at /gymrat pulling the local gym's timetable with booking links and time filters
• Job Hunt: Tax Comparison — financial tool at /jobhunt/taxcomparison/ comparing after-tax take-home across AU and SG roles; full tax breakdowns, OTE splits, FX conversion, and bonus modelling
• Job Hunt: Cost of Living — comparison tool at /jobhunt/costofliving/ with monthly living costs across Australian cities and Singapore; housing, food, transport, utilities, and quality-of-life breakdowns
• Granola meeting notes backup — daily background sync at /granola pulls meeting transcripts and summaries from the Granola MCP server into SQLite; speaker blocks parsed and stored; page supports both REST API and live MCP source views
• XiaoZhi video sync architecture — the ESP32 firmware moved from a pushed batch queue to a sync_v1 model inspired by atomic14/esp32-tv; audio is the master clock; video frames fetched ahead of the audio position via server-side batch endpoints; the LVGL image path replaced the direct SPI present path to eliminate display tearing on the Bitcraft board
• Watchy smartwatch page and OTA server — public documentation page at /esp32/watchy/ covering the SQFMI Watchy v3 ESP32-S3 hardware and Chronos firmware ecosystem; OTA server endpoint returns firmware JSON for device update checks; WiFi credentials generator included; project parked pending first compile
• Four-agent development workflow — the development model now runs four agents: two Claude Code accounts (for session/quota independence), OpenAI Codex CLI, and Google Gemini CLI; each uses a distinct Co-Authored-By commit trailer; the AI Agents tab tracks their commit attribution live

Why four agents are in the loop

The boring answer is the real answer: to dodge usage ceilings without moving to a more expensive subscription tier. When one tool is rate-limited or at a context boundary, another picks up and keeps momentum going.

The four agents are:

• Claude Code (account 1) — carried most of the original build before usage limits were hit. Now less active but still available. Commits tagged Co-Authored-By: Claude Sonnet 4.6.
• Claude Code (account 2) — the current primary agent. Handles complex multi-file work, planning, and iterative debugging. Same trailer as account 1 — both appear as Claude in the attribution graph.
• OpenAI Codex CLI — CLI-based agent, typically driven from PuTTY directly on the server. Handles focused implementation tasks when Claude is capped. Commits tagged Co-Authored-By: OpenAI Codex.
• Google Gemini CLI — occasional shift agent with its own memory and rules file. Steps in when both Claude accounts are at their limits. Commits tagged Co-Authored-By: Google Gemini.

All four read the same handover file, write structured memory files after each session, and commit to the same branch. The operator surface differs (Claude Desktop over SSH, PuTTY CLI, Gemini CLI) but the repo, deploy process, and architecture stay coherent across shifts.

How the shift handoff works

Each agent reads the shared handover file and its own memory files at the start of a session, checks git status, and picks up where the previous agent left off. After significant work it updates the handover notes and its own memory index for the next session.

In practice the four tools are not competing architectures. They are interchangeable implementation hands on the same codebase. The important thing is that the repo, deployment process, and site behaviour stay coherent even as the active assistant changes mid-feature.