Complete AI context for the SONAN Trackers project. An AI agent reading this page has everything needed to continue work on any tracker without asking foundational questions.

Latest Session

Date: 2026-07-02   Developer: Adnan   AI: Claude (Cowork mode)

Objective

Migrate all tracker infrastructure from the old malikadnanakram Cloudflare account to the sonantechai account. The timesheet was showing no employees because the old frontend still called malikadnanakram.workers.dev. Also resolved tracker login issues and documented the full system.

What Was Accomplished

  • Exported full D1 database from malikadnanakram โ†’ old_export.sql (879 lines, 606 time entries)
  • Discovered and fixed 4 schema mismatches between old and new DB
  • Generated and executed timesheet_migration.sql โ€” 685 statements, 1,384 rows written successfully
  • Verified data: employees=2, time_entries=606, pay_periods=40, stores=1, tax_settings=12, holidays=14
  • Confirmed timesheet frontend now shows both employees
  • Diagnosed task tracker password: hardcoded SONANGroup! layer 1 gate (not localStorage โ€” works same in incognito)
  • Confirmed all three task trackers (Sonan, HP, WR) are fully operational

Credentials & Secrets โ€” Complete Reference

๐Ÿ”’
Confidential โ€” Internal Use Only

This page contains all system passwords and API keys. Do not share externally.

Task Trackers (Sonan, HP, WR)

CredentialValueWhere Used
Layer 1 gate passwordSONANGroup!Hardcoded in each tracker's index.html โ€” shown on first load, works in incognito
App setup โ€” API URLhttps://sonan-tracker-api.sonantechai.workers.devEnter in Settings/Setup screen after layer 1
App setup โ€” API KeySonan2026Enter in Settings/Setup screen; also set as Wrangler secret API_KEY
App passwordSet by user on first setupStored as SHA-256 in localStorage.st_pw_hash

Timesheet Tracker

CredentialValueWhere Used
Frontend API URLhttps://sonan-timesheet-api.sonantechai.workers.devMust be configured in timesheet Settings before any data loads
Frontend API KeySonanTS2026Must be configured in timesheet Settings; sent as X-API-Key header on every request
Admin usernameadminTimesheet login screen
Admin passwordAdmin@St77318!Timesheet admin login โ€” verified working July 2026
Admin pw hash45722548c94c0d47aa45e1e636de883c205a6b506fc47a3b3a871d80678fe288Stored in tax_settings where setting_key='admin_pw_hash'
Password hash formulaSHA-256("SONAN_TS_SALT_2026_" + plaintext)Worker function hashPassword()
API_KEY Worker secretSonanTS2026Set via npx wrangler secret put API_KEY in timesheet dir
ENCRYPT_KEY Worker secret64-char hex (AES-256 key)Set via npx wrangler secret put ENCRYPT_KEY โ€” used to encrypt pay rates, SSN in DB

Infrastructure Reference

ResourceNameID / URL
Cloudflare accountsonantechaia7bd7d4b54bb7cb5907f8ddd45c3e5d9
Old CF account (retired)malikadnanakram1c4efc80b09c64ee528f983aa89828a3
D1 Database (current)sonan-tracker-dbd0e1e4d2-42be-4e0d-a521-534e7c4ebb99
D1 Database (old, retired)sonan-tracker-db74fe9ec1-d8c8-4392-bc54-7ddcc09e5222 (in malikadnanakram)
Task Workersonan-tracker-apisonan-tracker-api.sonantechai.workers.dev
Timesheet Workersonan-timesheet-apisonan-timesheet-api.sonantechai.workers.dev
GitHub reposonantechai/sonan-trackersgithub.com/sonantechai/sonan-trackers
Local foldersonan-trackersE:\Claude_Projects\sonan-trackers\

Auth System โ€” Deep Dive

Task Tracker Auth Flow

Page loads
  โ””โ”€ IIFE runs immediately
       โ””โ”€ var PASS = 'SONANGroup!'
       โ””โ”€ if localStorage.sd_unlocked !== '1':
            show #pw-gate div โ†’ user must enter SONANGroup!
            (this gate has nothing to do with localStorage st_pw_hash)

After layer 1 passes:
  โ””โ”€ Check localStorage.st_api_url
       โ””โ”€ not set โ†’ show #setup div (enter API URL + API Key + new password)
       โ””โ”€ set โ†’ check localStorage.st_pw_hash
            โ””โ”€ not set โ†’ show app directly (no password yet)
            โ””โ”€ set โ†’ show #lock div (enter app password)

Timesheet Auth Flow

Frontend loads
  โ””โ”€ Reads localStorage: ts_api_url, ts_api_key
  โ””โ”€ If not set โ†’ show Settings/config screen (enter URL + key)

All API requests:
  โ””โ”€ Worker checks: request.headers.get('X-API-Key') === env.API_KEY
  โ””โ”€ If mismatch โ†’ return 401 (frontend shows no data / errors)

Admin login:
  โ””โ”€ POST /auth/login { username: 'admin', password: '...' }
  โ””โ”€ Worker: hash = SHA-256('SONAN_TS_SALT_2026_' + password)
  โ””โ”€ Compare against tax_settings WHERE setting_key='admin_pw_hash'
  โ””โ”€ If no hash stored โ†’ first-time setup, save new hash
  โ””โ”€ Success โ†’ return session token stored in localStorage

How to Reset Passwords

Task Tracker App Password (localStorage layer)

Run in browser console on the tracker page:

['st_api_url','st_api_key','st_pw_hash','st_dark'].forEach(k => localStorage.removeItem(k));

Then refresh โ€” the setup screen appears. Layer 1 (SONANGroup!) must still be entered first.

Timesheet Admin Password

Update the hash directly in D1 from Windows terminal:

npx wrangler d1 execute sonan-tracker-db --remote --command="UPDATE tax_settings SET setting_value='SETUP_REQUIRED' WHERE setting_key='admin_pw_hash'"

Then log in to the timesheet as admin โ€” the first login will set a new password. Alternatively, compute the new hash and insert it directly:

# Compute hash in Python:
import hashlib
pw = "YourNewPassword"
h = hashlib.sha256(f"SONAN_TS_SALT_2026_{pw}".encode()).hexdigest()
print(h)

# Then set it:
npx wrangler d1 execute sonan-tracker-db --remote --command="UPDATE tax_settings SET setting_value='<hash>' WHERE setting_key='admin_pw_hash'"

Migration Notes โ€” July 2026

Problem

The timesheet frontend at sonantech-timesheet-tracker.sonandigital.com showed zero employees. Root cause: old frontend was hardcoded to call malikadnanakram.workers.dev (the retired account) instead of the new sonantechai.workers.dev URL. Additionally, the new D1 database had no timesheet data.

Export Process

Wrangler must run from Windows terminal (sandbox gets 403 from Cloudflare proxy):

# In PowerShell โ€” set token for old (malikadnanakram) account:
$env:CLOUDFLARE_API_TOKEN = "cfut_sqJKHl9QsepOfLD8GAQsV2vKS2y5lz69byuSEKRx79f2819a"
$env:CLOUDFLARE_ACCOUNT_ID = "1c4efc80b09c64ee528f983aa89828a3"

# Drop to CMD (inherits env vars, avoids PowerShell execution policy issues with npx.ps1):
cmd

# Export:
npx wrangler d1 export sonan-tracker-db --remote --output=old_export.sql

Schema Mismatches Fixed

TableProblemFix
time_entriesMissing column week_numberALTER TABLE ADD COLUMN week_number INTEGER DEFAULT 0
pay_periodsMissing 7 columns: deductions_total/json, advances_total/json, overtime_hours/pay, regular_hours7ร— ALTER TABLE ADD COLUMN statements
holidaysOld schema: (id, holiday_date, name, is_paid, paid_hours, applies_to, created_at) โ€” new schema: (id, holiday_date, name, type)Transformed INSERT statements to use only new columns
performance, audit_log, login_attemptsMajor schema divergenceExcluded from migration entirely (non-critical)

Migration File Location

E:\Claude_Projects\sonan-trackers\timesheet_migration.sql

Generated by Python script that processed old_export.sql. Contains schema ALTERs followed by INSERT OR IGNORE for all data rows. Safe to re-run (idempotent due to OR IGNORE).

Troubleshooting Guide

SymptomCauseFix
Timesheet shows no employees / blank dataAPI URL or API Key not configured in SettingsOpen Settings in timesheet frontend โ†’ set URL to https://sonan-timesheet-api.sonantechai.workers.dev and key to SonanTS2026
Timesheet all requests return 401X-API-Key header missing or wrong valueCheck frontend Settings; also verify API_KEY secret in Cloudflare dashboard matches SonanTS2026
Task tracker password rejected, clearing localStorage doesn't helpLayer 1 password is hardcoded in HTML, not localStorageThe correct password is SONANGroup! โ€” this is immutable without editing and redeploying the HTML
Wrangler auth fails / uses wrong accountCached OAuth session overrides API token env varSet both CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID env vars in PowerShell, then drop to CMD with cmd
Workers not updating after git pushWorkers are not connected to GitHub CDMust run npx wrangler deploy manually from the worker directory
D1 migration fails: "table X has no column Y"New DB schema diverges from oldPrepend the appropriate ALTER TABLE statement to the migration file, re-run

Next Steps for AI Agent

All systems are live and stable. If continuing work on the trackers:

  1. Read Context page for architecture overview
  2. Check the files in E:\Claude_Projects\sonan-trackers\sonan-tracker\ for the current code state
  3. All wrangler commands must be run from the user's Windows terminal โ€” the sandbox cannot reach Cloudflare
  4. Always target the sonantechai account (ID: a7bd7d4b54bb7cb5907f8ddd45c3e5d9) โ€” the old malikadnanakram account is retired
  5. The shared D1 DB ID is d0e1e4d2-42be-4e0d-a521-534e7c4ebb99 โ€” verify this before any schema changes