Trackers โ AI Session Handoff
Complete AI context for the SONAN Trackers project. An AI agent reading this page has everything needed to continue work on any tracker without asking foundational questions.
Latest Session
Date: 2026-07-02 Developer: Adnan AI: Claude (Cowork mode)
Objective
Migrate all tracker infrastructure from the old malikadnanakram Cloudflare account to the sonantechai account. The timesheet was showing no employees because the old frontend still called malikadnanakram.workers.dev. Also resolved tracker login issues and documented the full system.
What Was Accomplished
- Exported full D1 database from
malikadnanakramโold_export.sql(879 lines, 606 time entries) - Discovered and fixed 4 schema mismatches between old and new DB
- Generated and executed
timesheet_migration.sqlโ 685 statements, 1,384 rows written successfully - Verified data: employees=2, time_entries=606, pay_periods=40, stores=1, tax_settings=12, holidays=14
- Confirmed timesheet frontend now shows both employees
- Diagnosed task tracker password: hardcoded
SONANGroup!layer 1 gate (not localStorage โ works same in incognito) - Confirmed all three task trackers (Sonan, HP, WR) are fully operational
Credentials & Secrets โ Complete Reference
This page contains all system passwords and API keys. Do not share externally.
Task Trackers (Sonan, HP, WR)
| Credential | Value | Where Used |
|---|---|---|
| Layer 1 gate password | SONANGroup! | Hardcoded in each tracker's index.html โ shown on first load, works in incognito |
| App setup โ API URL | https://sonan-tracker-api.sonantechai.workers.dev | Enter in Settings/Setup screen after layer 1 |
| App setup โ API Key | Sonan2026 | Enter in Settings/Setup screen; also set as Wrangler secret API_KEY |
| App password | Set by user on first setup | Stored as SHA-256 in localStorage.st_pw_hash |
Timesheet Tracker
| Credential | Value | Where Used |
|---|---|---|
| Frontend API URL | https://sonan-timesheet-api.sonantechai.workers.dev | Must be configured in timesheet Settings before any data loads |
| Frontend API Key | SonanTS2026 | Must be configured in timesheet Settings; sent as X-API-Key header on every request |
| Admin username | admin | Timesheet login screen |
| Admin password | Admin@St77318! | Timesheet admin login โ verified working July 2026 |
| Admin pw hash | 45722548c94c0d47aa45e1e636de883c205a6b506fc47a3b3a871d80678fe288 | Stored in tax_settings where setting_key='admin_pw_hash' |
| Password hash formula | SHA-256("SONAN_TS_SALT_2026_" + plaintext) | Worker function hashPassword() |
API_KEY Worker secret | SonanTS2026 | Set via npx wrangler secret put API_KEY in timesheet dir |
ENCRYPT_KEY Worker secret | 64-char hex (AES-256 key) | Set via npx wrangler secret put ENCRYPT_KEY โ used to encrypt pay rates, SSN in DB |
Infrastructure Reference
| Resource | Name | ID / URL |
|---|---|---|
| Cloudflare account | sonantechai | a7bd7d4b54bb7cb5907f8ddd45c3e5d9 |
| Old CF account (retired) | malikadnanakram | 1c4efc80b09c64ee528f983aa89828a3 |
| D1 Database (current) | sonan-tracker-db | d0e1e4d2-42be-4e0d-a521-534e7c4ebb99 |
| D1 Database (old, retired) | sonan-tracker-db | 74fe9ec1-d8c8-4392-bc54-7ddcc09e5222 (in malikadnanakram) |
| Task Worker | sonan-tracker-api | sonan-tracker-api.sonantechai.workers.dev |
| Timesheet Worker | sonan-timesheet-api | sonan-timesheet-api.sonantechai.workers.dev |
| GitHub repo | sonantechai/sonan-trackers | github.com/sonantechai/sonan-trackers |
| Local folder | sonan-trackers | E:\Claude_Projects\sonan-trackers\ |
Auth System โ Deep Dive
Task Tracker Auth Flow
Page loads
โโ IIFE runs immediately
โโ var PASS = 'SONANGroup!'
โโ if localStorage.sd_unlocked !== '1':
show #pw-gate div โ user must enter SONANGroup!
(this gate has nothing to do with localStorage st_pw_hash)
After layer 1 passes:
โโ Check localStorage.st_api_url
โโ not set โ show #setup div (enter API URL + API Key + new password)
โโ set โ check localStorage.st_pw_hash
โโ not set โ show app directly (no password yet)
โโ set โ show #lock div (enter app password)
Timesheet Auth Flow
Frontend loads
โโ Reads localStorage: ts_api_url, ts_api_key
โโ If not set โ show Settings/config screen (enter URL + key)
All API requests:
โโ Worker checks: request.headers.get('X-API-Key') === env.API_KEY
โโ If mismatch โ return 401 (frontend shows no data / errors)
Admin login:
โโ POST /auth/login { username: 'admin', password: '...' }
โโ Worker: hash = SHA-256('SONAN_TS_SALT_2026_' + password)
โโ Compare against tax_settings WHERE setting_key='admin_pw_hash'
โโ If no hash stored โ first-time setup, save new hash
โโ Success โ return session token stored in localStorage
How to Reset Passwords
Task Tracker App Password (localStorage layer)
Run in browser console on the tracker page:
['st_api_url','st_api_key','st_pw_hash','st_dark'].forEach(k => localStorage.removeItem(k));
Then refresh โ the setup screen appears. Layer 1 (SONANGroup!) must still be entered first.
Timesheet Admin Password
Update the hash directly in D1 from Windows terminal:
npx wrangler d1 execute sonan-tracker-db --remote --command="UPDATE tax_settings SET setting_value='SETUP_REQUIRED' WHERE setting_key='admin_pw_hash'"
Then log in to the timesheet as admin โ the first login will set a new password. Alternatively, compute the new hash and insert it directly:
# Compute hash in Python:
import hashlib
pw = "YourNewPassword"
h = hashlib.sha256(f"SONAN_TS_SALT_2026_{pw}".encode()).hexdigest()
print(h)
# Then set it:
npx wrangler d1 execute sonan-tracker-db --remote --command="UPDATE tax_settings SET setting_value='<hash>' WHERE setting_key='admin_pw_hash'"
Migration Notes โ July 2026
Problem
The timesheet frontend at sonantech-timesheet-tracker.sonandigital.com showed zero employees. Root cause: old frontend was hardcoded to call malikadnanakram.workers.dev (the retired account) instead of the new sonantechai.workers.dev URL. Additionally, the new D1 database had no timesheet data.
Export Process
Wrangler must run from Windows terminal (sandbox gets 403 from Cloudflare proxy):
# In PowerShell โ set token for old (malikadnanakram) account:
$env:CLOUDFLARE_API_TOKEN = "cfut_sqJKHl9QsepOfLD8GAQsV2vKS2y5lz69byuSEKRx79f2819a"
$env:CLOUDFLARE_ACCOUNT_ID = "1c4efc80b09c64ee528f983aa89828a3"
# Drop to CMD (inherits env vars, avoids PowerShell execution policy issues with npx.ps1):
cmd
# Export:
npx wrangler d1 export sonan-tracker-db --remote --output=old_export.sql
Schema Mismatches Fixed
| Table | Problem | Fix |
|---|---|---|
time_entries | Missing column week_number | ALTER TABLE ADD COLUMN week_number INTEGER DEFAULT 0 |
pay_periods | Missing 7 columns: deductions_total/json, advances_total/json, overtime_hours/pay, regular_hours | 7ร ALTER TABLE ADD COLUMN statements |
holidays | Old schema: (id, holiday_date, name, is_paid, paid_hours, applies_to, created_at) โ new schema: (id, holiday_date, name, type) | Transformed INSERT statements to use only new columns |
performance, audit_log, login_attempts | Major schema divergence | Excluded from migration entirely (non-critical) |
Migration File Location
E:\Claude_Projects\sonan-trackers\timesheet_migration.sql
Generated by Python script that processed old_export.sql. Contains schema ALTERs followed by INSERT OR IGNORE for all data rows. Safe to re-run (idempotent due to OR IGNORE).
Troubleshooting Guide
| Symptom | Cause | Fix |
|---|---|---|
| Timesheet shows no employees / blank data | API URL or API Key not configured in Settings | Open Settings in timesheet frontend โ set URL to https://sonan-timesheet-api.sonantechai.workers.dev and key to SonanTS2026 |
| Timesheet all requests return 401 | X-API-Key header missing or wrong value | Check frontend Settings; also verify API_KEY secret in Cloudflare dashboard matches SonanTS2026 |
| Task tracker password rejected, clearing localStorage doesn't help | Layer 1 password is hardcoded in HTML, not localStorage | The correct password is SONANGroup! โ this is immutable without editing and redeploying the HTML |
| Wrangler auth fails / uses wrong account | Cached OAuth session overrides API token env var | Set both CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID env vars in PowerShell, then drop to CMD with cmd |
| Workers not updating after git push | Workers are not connected to GitHub CD | Must run npx wrangler deploy manually from the worker directory |
| D1 migration fails: "table X has no column Y" | New DB schema diverges from old | Prepend the appropriate ALTER TABLE statement to the migration file, re-run |
Next Steps for AI Agent
All systems are live and stable. If continuing work on the trackers:
- Read Context page for architecture overview
- Check the files in
E:\Claude_Projects\sonan-trackers\sonan-tracker\for the current code state - All wrangler commands must be run from the user's Windows terminal โ the sandbox cannot reach Cloudflare
- Always target the
sonantechaiaccount (ID:a7bd7d4b54bb7cb5907f8ddd45c3e5d9) โ the oldmalikadnanakramaccount is retired - The shared D1 DB ID is
d0e1e4d2-42be-4e0d-a521-534e7c4ebb99โ verify this before any schema changes