21 changed files with 314 additions and 8917 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,5 +4,3 @@ dokku-setup.sh
 .claude/worktrees
 app/priv/blog/engineering/2026/04-24-what-it-takes-to-get-started-with-the-pi-coding-agent.md
 /tmp_work/
 .yaks
 transcripts/
--- a/AGENTS.md
+++ b/AGENTS.md
@ -1,60 +1,40 @@
 # Agent Instructions
-This project has a *zero defects policy*. 
+This project uses **bd** (beads) for issue tracking. Run `bd onboard` to get started.
 When you are unsure about something, ALWAYS ask the user.
-# Repository structure
+## Quick Reference
-This is an Elixir monorepo with two parts:
+```bash
-
+bd ready              # Find available work
-```
+bd show <id>          # View issue details
-firehose/
+bd update <id> --status in_progress  # Claim work
-├── app/                    # Phoenix application (OTP app: :firehose)
+bd close <id>         # Complete work
-│   ├── lib/firehose/       # Application logic
+bd sync               # Sync with git
 │   ├── lib/firehose_web/   # Web layer (controllers, live views, components)
 │   ├── lib/firehose/blogs/ # Blog definitions (engineering, release notes)
 │   ├── priv/blog/          # Markdown posts
 │   └── mix.exs
 ├── blogex/                 # Blogex library (multi-blog engine)
 │   ├── lib/
 │   └── mix.exs
 ├── mise.toml               # Runtime versions (Elixir, Erlang, Node)
 └── Makefile                # make (test, check) 
 ```
-Two blogs are configured:
+## Landing the Plane (Session Completion)
-| Blog | Route | Description |
+**When ending a work session**, you MUST complete ALL steps below. Work is NOT complete until `git push` succeeds.
 |------|-------|-------------|
 | Engineering | `/blog/engineering` | Main blog | 
 | Release Notes | `/blog/releases` | What's new in an app |
-# Permissions
+**MANDATORY WORKFLOW:**
-ALWAYS ask the user for permission when you want to add a fallback, or are unsure something work. The user can perform exploratory testing.
+1. **File issues for remaining work** - Create issues for anything that needs follow-up
 2. **Run quality gates** (if code changed) - Tests, linters, builds
 3. **Update issue status** - Close finished work, update in-progress items
 4. **PUSH TO REMOTE** - This is MANDATORY:
   ```bash
   git pull --rebase
   bd sync
   git push
   git status  # MUST show "up to date with origin"
   ```
 5. **Clean up** - Clear stashes, prune remote branches
 6. **Verify** - All changes committed AND pushed
 7. **Hand off** - Provide context for next session
-We have a zero defects policy, so never continue when there are errors, warnings or test failures, even when they are pre-existing. ALWAYS report these to the user and discuss an action plan with root cause analysis. (see TDD below).
+**CRITICAL RULES:**
 - Work is NOT complete until `git push` succeeds
 - NEVER stop before pushing - that leaves work stranded locally
 - NEVER say "ready to push when you are" - YOU must push
 - If push fails, resolve and retry until it succeeds
 # Planning
 we use  `yx` for planning run yx --help to see options. Invoke when the user wants to make a plan, work on something for a plan or mentions 'yak' or 'yaks'.
 `yx list` - shows open yaks
 `yx add` - adds yaks
 # Building
 This is a Phoenix Liveview monorepo, the blogging library is in blogex, the application is in 'app'. Use `make` to build and `brief` to find out more about mix. 
 Main make targets:
 - make test
 - make check - runs credo static analysis and suggests refactorings
 # Development
 Always fix failing tests, credo issues and format isseus.
 When developing new features, we apply TDD. Work Test-First, and Refactor when all tests are passing.
 If you believe an issue is pre-existing, stop work, and have a conversation with the user on how to address the pre-existing issue, as well as how to prevent this in the future.
--- a/app/Makefile
+++ b/app/Makefile
@ -1,6 +1,6 @@
 # Makefile for Firehose app
-MISE_BIN ?= $(HOME)/.local/bin/mise
+MISE_BIN ?= /home/vscode/.local/bin/mise
 MISE_EXEC = $(MISE_BIN) exec --
 .PHONY: check precommit deps compile test format credo
--- a/app/lib/firehose/accounts.ex
+++ b/app/lib/firehose/accounts.ex
@ -6,7 +6,7 @@ defmodule Firehose.Accounts do
  import Ecto.Query, warn: false
  alias Firehose.Repo
-  alias Firehose.Accounts.{User, UserNotifier, UserToken}
+  alias Firehose.Accounts.{User, UserToken, UserNotifier}
  ## Database getters
--- a/app/lib/firehose/accounts/user_notifier.ex
+++ b/app/lib/firehose/accounts/user_notifier.ex
@ -1,15 +1,8 @@
 defmodule Firehose.Accounts.UserNotifier do
  @moduledoc """
  Sends notification emails to users.
  Handles delivery of login instructions (magic link or confirmation),
  email update instructions, and other account-related notifications.
  """
  import Swoosh.Email
  alias Firehose.Accounts.User
  alias Firehose.Mailer
  alias Firehose.Accounts.User
  # Delivers the email using the application mailer.
  defp deliver(recipient, subject, body) do
--- a/app/lib/firehose_web/controllers/page_html/contact.html.heex
+++ b/app/lib/firehose_web/controllers/page_html/contact.html.heex
@ -51,12 +51,7 @@
    <h2 class="text-2xl font-display font-semibold">QWAN</h2>
    <div class="space-y-4 text-lg leading-relaxed text-base-content/80">
      <p>
-        I'm a partner at <a
+        I'm a partner at <a href="https://qwan.eu" class="text-primary hover:underline" target="_blank" rel="noopener">QWAN</a>,
          href="https://qwan.eu"
          class="text-primary hover:underline"
          target="_blank"
          rel="noopener"
        >QWAN</a>,
        where we build software based on user needs, and help others do the same, and learn together. If you're looking for collaboration, have a product you want to build, a service that needs improvement,
        or just want to nerd out about agentic systems, feel free to reach out.
      </p>
--- a/app/lib/firehose_web/user_auth.ex
+++ b/app/lib/firehose_web/user_auth.ex
@ -1,12 +1,4 @@
 defmodule FirehoseWeb.UserAuth do
  @moduledoc """
  Handles user authentication for the web layer.
  Provides plugs and callbacks for logging users in and out,
  managing session tokens, enforcing authentication requirements,
  and integrating with LiveView via `on_mount` callbacks.
  """
  use FirehoseWeb, :verified_routes
  import Plug.Conn
@ -251,16 +243,14 @@ defmodule FirehoseWeb.UserAuth do
  defp mount_current_scope(socket, session) do
    Phoenix.Component.assign_new(socket, :current_scope, fn ->
-      scope_from_session(session)
+      if token = session["user_token"] do
    end)
  end
  defp scope_from_session(%{"user_token" => token}) do
        case Accounts.get_user_by_session_token(token) do
          {user, _token_inserted_at} -> Scope.for_user(user)
          nil -> Scope.for_user(nil)
        end
      else
        Scope.for_user(nil)
      end
    end)
  end
  defp scope_from_session(_session), do: Scope.for_user(nil)
 end
--- a/app/test/firehose_web/controllers/blog_controller_test.exs
+++ b/app/test/firehose_web/controllers/blog_controller_test.exs
@ -3,21 +3,23 @@ defmodule FirehoseWeb.BlogControllerTest do
  describe "GET /blog/:blog_id (index) - date filtering" do
    test "does not show future-dated posts", %{conn: conn} do
-      html = conn |> get(~p"/blog/engineering") |> html_response(200)
+      conn = get(conn, ~p"/blog/engineering")
      html = html_response(conn, 200)
      refute html =~ "Future Test Post"
    end
  end
  describe "GET /blog/:blog_id/:slug (show) - date filtering" do
    test "still shows a future-dated post by slug", %{conn: conn} do
-      assert conn |> get(~p"/blog/engineering/future-test-post") |> html_response(200) =~
+      conn = get(conn, ~p"/blog/engineering/future-test-post")
-               "Future Test Post"
+      assert html_response(conn, 200) =~ "Future Test Post"
    end
  end
  describe "GET /blog/:blog_id/tag/:tag - date filtering" do
    test "excludes future-dated posts from tag page", %{conn: conn} do
-      html = conn |> get(~p"/blog/engineering/tag/test") |> html_response(200)
+      conn = get(conn, ~p"/blog/engineering/tag/test")
      html = html_response(conn, 200)
      refute html =~ "Future Test Post"
    end
  end
@ -26,22 +28,24 @@ defmodule FirehoseWeb.BlogControllerTest do
    setup :register_and_log_in_user
    test "authenticated user sees draft banner on draft post", %{conn: conn} do
-      response = conn |> get(~p"/blog/engineering/hello-world")
+      conn = get(conn, ~p"/blog/engineering/hello-world")
-      assert html_response(response, 200) =~ "Draft"
+      assert html_response(conn, 200) =~ "Draft"
-      assert response.resp_body =~ "not published"
+      assert conn.resp_body =~ "not published"
    end
    test "authenticated user sees scheduled banner on future post", %{conn: conn} do
-      response = conn |> get(~p"/blog/engineering/future-test-post") |> html_response(200)
+      conn = get(conn, ~p"/blog/engineering/future-test-post")
      response = html_response(conn, 200)
      assert response =~ "scheduled for"
      assert response =~ "January 01, 2099"
    end
    test "authenticated user sees no banner on live post", %{conn: conn} do
-      response = conn |> get(~p"/blog/engineering/why-firehose") |> html_response(200)
+      conn = get(conn, ~p"/blog/engineering/why-firehose")
      response = html_response(conn, 200)
      refute response =~ "Draft"
      refute response =~ "scheduled for"
    end
--- a/app/test/firehose_web/controllers/blog_tags_test.exs
+++ b/app/test/firehose_web/controllers/blog_tags_test.exs
@ -89,4 +89,35 @@ defmodule FirehoseWeb.BlogTagsTest do
      assert body =~ "All posts"
    end
  end
  describe "clickable tags on index page" do
    test "tags are rendered as clickable links on engineering blog index", %{
      conn: conn
    } do
      conn_res1 = get(conn, "/blog/engineering")
      body1 = html_response(conn_res1, 200)
      # Verify tag links exist with correct href pattern
      assert body1 =~ ~r{href="/blog/engineering/tag/meta"}
      assert body1 =~ ~r{href="/blog/engineering/tag/ai"}
    end
    test "tags are rendered as clickable links on releases blog index", %{
      conn: conn
    } do
      conn_res2 = get(conn, "/blog/releases")
      body2 = html_response(conn_res2, 200)
      # Verify tag link exists
      assert body2 =~ ~r{href="/blog/releases/tag/release"}
    end
    test "tag links have proper styling classes", %{conn: conn} do
      conn_res3 = get(conn, "/blog/engineering")
      body3 = html_response(conn_res3, 200)
      # Verify blogex-tag-link class is present for tag links
      assert body3 =~ ~r{class="[^"]*blogex-tag-link}
    end
  end
 end
--- a/app/test/firehose_web/controllers/user_registration_controller_test.exs
+++ b/app/test/firehose_web/controllers/user_registration_controller_test.exs
@ -5,7 +5,8 @@ defmodule FirehoseWeb.UserRegistrationControllerTest do
  describe "GET /users/register" do
    test "renders registration page", %{conn: conn} do
-      response = conn |> get(~p"/users/register") |> html_response(200)
+      conn = get(conn, ~p"/users/register")
      response = html_response(conn, 200)
      assert response =~ "Register"
      assert response =~ ~p"/users/log-in"
      assert response =~ ~p"/users/register"
@ -25,16 +26,15 @@ defmodule FirehoseWeb.UserRegistrationControllerTest do
      Application.put_env(:firehose, :allowed_registration_email, email)
      on_exit(fn -> Application.delete_env(:firehose, :allowed_registration_email) end)
-      response =
+      conn =
-        conn
+        post(conn, ~p"/users/register", %{
        |> post(~p"/users/register", %{
          "user" => valid_user_attributes(email: email)
        })
-      refute get_session(response, :user_token)
+      refute get_session(conn, :user_token)
-      assert redirected_to(response) == ~p"/users/log-in"
+      assert redirected_to(conn) == ~p"/users/log-in"
-      assert response.assigns.flash["info"] =~
+      assert conn.assigns.flash["info"] =~
               ~r/An email was sent to .*, please access it to confirm your account/
    end
@ -42,13 +42,12 @@ defmodule FirehoseWeb.UserRegistrationControllerTest do
      Application.put_env(:firehose, :allowed_registration_email, "with spaces")
      on_exit(fn -> Application.delete_env(:firehose, :allowed_registration_email) end)
-      response =
+      conn =
-        conn
+        post(conn, ~p"/users/register", %{
        |> post(~p"/users/register", %{
          "user" => %{"email" => "with spaces"}
        })
        |> html_response(200)
      response = html_response(conn, 200)
      assert response =~ "Register"
      assert response =~ "must have the @ sign and no spaces"
    end
@ -59,27 +58,23 @@ defmodule FirehoseWeb.UserRegistrationControllerTest do
      Application.put_env(:firehose, :allowed_registration_email, "allowed@example.com")
      on_exit(fn -> Application.delete_env(:firehose, :allowed_registration_email) end)
-      response =
+      conn = post(conn, ~p"/users/register", %{"user" => %{"email" => "allowed@example.com"}})
-        conn |> post(~p"/users/register", %{"user" => %{"email" => "allowed@example.com"}})
+      assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "email was sent"
      assert Phoenix.Flash.get(response.assigns.flash, :info) =~ "email was sent"
    end
    test "fails with invite-only message when email doesn't match", %{conn: conn} do
      Application.put_env(:firehose, :allowed_registration_email, "allowed@example.com")
      on_exit(fn -> Application.delete_env(:firehose, :allowed_registration_email) end)
-      assert conn
+      conn = post(conn, ~p"/users/register", %{"user" => %{"email" => "other@example.com"}})
-             |> post(~p"/users/register", %{"user" => %{"email" => "other@example.com"}})
+      assert html_response(conn, 200) =~ "registration is invite only"
             |> html_response(200) =~ "registration is invite only"
    end
    test "fails with invite-only message when env var is unset", %{conn: conn} do
      Application.delete_env(:firehose, :allowed_registration_email)
-      assert conn
+      conn = post(conn, ~p"/users/register", %{"user" => %{"email" => "anyone@example.com"}})
-             |> post(~p"/users/register", %{"user" => %{"email" => "anyone@example.com"}})
+      assert html_response(conn, 200) =~ "registration is invite only"
             |> html_response(200) =~ "registration is invite only"
    end
  end
 end
--- a/app/test/firehose_web/controllers/user_session_controller_test.exs
+++ b/app/test/firehose_web/controllers/user_session_controller_test.exs
@ -10,7 +10,8 @@ defmodule FirehoseWeb.UserSessionControllerTest do
  describe "GET /users/log-in" do
    test "renders login page", %{conn: conn} do
-      response = conn |> get(~p"/users/log-in") |> html_response(200)
+      conn = get(conn, ~p"/users/log-in")
      response = html_response(conn, 200)
      assert response =~ "Log in"
      assert response =~ ~p"/users/register"
      assert response =~ "Log in with email"
@ -32,7 +33,8 @@ defmodule FirehoseWeb.UserSessionControllerTest do
    end
    test "renders login page (email + password)", %{conn: conn} do
-      response = conn |> get(~p"/users/log-in?mode=password") |> html_response(200)
+      conn = get(conn, ~p"/users/log-in?mode=password")
      response = html_response(conn, 200)
      assert response =~ "Log in"
      assert response =~ ~p"/users/register"
      assert response =~ "Log in with email"
@ -46,8 +48,8 @@ defmodule FirehoseWeb.UserSessionControllerTest do
          Accounts.deliver_login_instructions(user, url)
        end)
-      assert conn |> get(~p"/users/log-in/#{token}") |> html_response(200) =~
+      conn = get(conn, ~p"/users/log-in/#{token}")
-               "Confirm and stay logged in"
+      assert html_response(conn, 200) =~ "Confirm and stay logged in"
    end
    test "renders login page for confirmed user", %{conn: conn, user: user} do
@ -56,16 +58,17 @@ defmodule FirehoseWeb.UserSessionControllerTest do
          Accounts.deliver_login_instructions(user, url)
        end)
-      html = conn |> get(~p"/users/log-in/#{token}") |> html_response(200)
+      conn = get(conn, ~p"/users/log-in/#{token}")
      html = html_response(conn, 200)
      refute html =~ "Confirm my account"
      assert html =~ "Keep me logged in on this device"
    end
    test "raises error for invalid token", %{conn: conn} do
-      response = conn |> get(~p"/users/log-in/invalid-token")
+      conn = get(conn, ~p"/users/log-in/invalid-token")
-      assert redirected_to(response) == ~p"/users/log-in"
+      assert redirected_to(conn) == ~p"/users/log-in"
-      assert Phoenix.Flash.get(response.assigns.flash, :error) ==
+      assert Phoenix.Flash.get(conn.assigns.flash, :error) ==
               "Magic link is invalid or it has expired."
    end
  end
@ -74,22 +77,20 @@ defmodule FirehoseWeb.UserSessionControllerTest do
    test "logs the user in", %{conn: conn, user: user} do
      user = set_password(user)
-      response =
+      conn =
-        conn
+        post(conn, ~p"/users/log-in", %{
        |> post(~p"/users/log-in", %{
          "user" => %{"email" => user.email, "password" => valid_user_password()}
        })
-      assert get_session(response, :user_token)
+      assert get_session(conn, :user_token)
-      assert redirected_to(response) == ~p"/"
+      assert redirected_to(conn) == ~p"/"
    end
    test "logs the user in with remember me", %{conn: conn, user: user} do
      user = set_password(user)
-      response =
+      conn =
-        conn
+        post(conn, ~p"/users/log-in", %{
        |> post(~p"/users/log-in", %{
          "user" => %{
            "email" => user.email,
            "password" => valid_user_password(),
@ -97,14 +98,14 @@ defmodule FirehoseWeb.UserSessionControllerTest do
          }
        })
-      assert response.resp_cookies["_firehose_web_user_remember_me"]
+      assert conn.resp_cookies["_firehose_web_user_remember_me"]
-      assert redirected_to(response) == ~p"/"
+      assert redirected_to(conn) == ~p"/"
    end
    test "logs the user in with return to", %{conn: conn, user: user} do
      user = set_password(user)
-      response =
+      conn =
        conn
        |> init_test_session(user_return_to: "/foo/bar")
        |> post(~p"/users/log-in", %{
@ -114,18 +115,17 @@ defmodule FirehoseWeb.UserSessionControllerTest do
          }
        })
-      assert redirected_to(response) == "/foo/bar"
+      assert redirected_to(conn) == "/foo/bar"
-      assert Phoenix.Flash.get(response.assigns.flash, :info) =~ "Welcome back!"
+      assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Welcome back!"
    end
    test "emits error message with invalid credentials", %{conn: conn, user: user} do
-      response =
+      conn =
-        conn
+        post(conn, ~p"/users/log-in?mode=password", %{
        |> post(~p"/users/log-in?mode=password", %{
          "user" => %{"email" => user.email, "password" => "invalid_password"}
        })
        |> html_response(200)
      response = html_response(conn, 200)
      assert response =~ "Log in"
      assert response =~ "Invalid email or password"
    end
@ -133,56 +133,51 @@ defmodule FirehoseWeb.UserSessionControllerTest do
  describe "POST /users/log-in - magic link" do
    test "sends magic link email when user exists", %{conn: conn, user: user} do
-      response =
+      conn =
-        conn
+        post(conn, ~p"/users/log-in", %{
        |> post(~p"/users/log-in", %{
          "user" => %{"email" => user.email}
        })
-      assert Phoenix.Flash.get(response.assigns.flash, :info) =~ "If your email is in our system"
+      assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "If your email is in our system"
      assert Firehose.Repo.get_by!(Accounts.UserToken, user_id: user.id).context == "login"
    end
    test "logs the user in", %{conn: conn, user: user} do
      {token, _hashed_token} = generate_user_magic_link_token(user)
-      response =
+      conn =
-        conn
+        post(conn, ~p"/users/log-in", %{
        |> post(~p"/users/log-in", %{
          "user" => %{"token" => token}
        })
-      assert get_session(response, :user_token)
+      assert get_session(conn, :user_token)
-      assert redirected_to(response) == ~p"/"
+      assert redirected_to(conn) == ~p"/"
    end
    test "confirms unconfirmed user", %{conn: conn, unconfirmed_user: user} do
      {token, _hashed_token} = generate_user_magic_link_token(user)
      refute user.confirmed_at
-      response =
+      conn =
-        conn
+        post(conn, ~p"/users/log-in", %{
        |> post(~p"/users/log-in", %{
          "user" => %{"token" => token},
          "_action" => "confirmed"
        })
-      assert get_session(response, :user_token)
+      assert get_session(conn, :user_token)
-      assert redirected_to(response) == ~p"/"
+      assert redirected_to(conn) == ~p"/"
-      assert Phoenix.Flash.get(response.assigns.flash, :info) =~ "User confirmed successfully."
+      assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "User confirmed successfully."
      assert Accounts.get_user!(user.id).confirmed_at
    end
    test "emits error message when magic link is invalid", %{conn: conn} do
-      response =
+      conn =
-        conn
+        post(conn, ~p"/users/log-in", %{
        |> post(~p"/users/log-in", %{
          "user" => %{"token" => "invalid"}
        })
        |> html_response(200)
-      assert response =~ "The link is invalid or it has expired."
+      assert html_response(conn, 200) =~ "The link is invalid or it has expired."
    end
  end
@ -195,10 +190,10 @@ defmodule FirehoseWeb.UserSessionControllerTest do
    end
    test "succeeds even if the user is not logged in", %{conn: conn} do
-      response = conn |> delete(~p"/users/log-out")
+      conn = delete(conn, ~p"/users/log-out")
-      assert redirected_to(response) == ~p"/"
+      assert redirected_to(conn) == ~p"/"
-      refute get_session(response, :user_token)
+      refute get_session(conn, :user_token)
-      assert Phoenix.Flash.get(response.assigns.flash, :info) =~ "Logged out successfully"
+      assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Logged out successfully"
    end
  end
 end
--- a/app/test/firehose_web/controllers/user_settings_controller_test.exs
+++ b/app/test/firehose_web/controllers/user_settings_controller_test.exs
@ -8,22 +8,23 @@ defmodule FirehoseWeb.UserSettingsControllerTest do
  describe "GET /users/settings" do
    test "renders settings page", %{conn: conn} do
-      response = conn |> get(~p"/users/settings") |> html_response(200)
+      conn = get(conn, ~p"/users/settings")
      response = html_response(conn, 200)
      assert response =~ "Settings"
    end
    test "redirects if user is not logged in" do
      conn = build_conn()
-      response = conn |> get(~p"/users/settings")
+      conn = get(conn, ~p"/users/settings")
-      assert redirected_to(response) == ~p"/users/log-in"
+      assert redirected_to(conn) == ~p"/users/log-in"
    end
    @tag token_authenticated_at: DateTime.add(DateTime.utc_now(:second), -11, :minute)
    test "redirects if user is not in sudo mode", %{conn: conn} do
-      response = conn |> get(~p"/users/settings")
+      conn = get(conn, ~p"/users/settings")
-      assert redirected_to(response) == ~p"/users/log-in"
+      assert redirected_to(conn) == ~p"/users/log-in"
-      assert Phoenix.Flash.get(response.assigns.flash, :error) ==
+      assert Phoenix.Flash.get(conn.assigns.flash, :error) ==
               "You must re-authenticate to access this page."
    end
  end
@ -71,30 +72,28 @@ defmodule FirehoseWeb.UserSettingsControllerTest do
  describe "PUT /users/settings (change email form)" do
    @tag :capture_log
    test "updates the user email", %{conn: conn, user: user} do
-      response =
+      conn =
-        conn
+        put(conn, ~p"/users/settings", %{
        |> put(~p"/users/settings", %{
          "action" => "update_email",
          "user" => %{"email" => unique_user_email()}
        })
-      assert redirected_to(response) == ~p"/users/settings"
+      assert redirected_to(conn) == ~p"/users/settings"
-      assert Phoenix.Flash.get(response.assigns.flash, :info) =~
+      assert Phoenix.Flash.get(conn.assigns.flash, :info) =~
               "A link to confirm your email"
      assert Accounts.get_user_by_email(user.email)
    end
    test "does not update email on invalid data", %{conn: conn} do
-      response =
+      conn =
-        conn
+        put(conn, ~p"/users/settings", %{
        |> put(~p"/users/settings", %{
          "action" => "update_email",
          "user" => %{"email" => "with spaces"}
        })
        |> html_response(200)
      response = html_response(conn, 200)
      assert response =~ "Settings"
      assert response =~ "must have the @ sign and no spaces"
    end
@ -113,28 +112,28 @@ defmodule FirehoseWeb.UserSettingsControllerTest do
    end
    test "updates the user email once", %{conn: conn, user: user, token: token, email: email} do
-      response = conn |> get(~p"/users/settings/confirm-email/#{token}")
+      conn = get(conn, ~p"/users/settings/confirm-email/#{token}")
-      assert redirected_to(response) == ~p"/users/settings"
+      assert redirected_to(conn) == ~p"/users/settings"
-      assert Phoenix.Flash.get(response.assigns.flash, :info) =~
+      assert Phoenix.Flash.get(conn.assigns.flash, :info) =~
               "Email changed successfully"
      refute Accounts.get_user_by_email(user.email)
      assert Accounts.get_user_by_email(email)
-      response = conn |> get(~p"/users/settings/confirm-email/#{token}")
+      conn = get(conn, ~p"/users/settings/confirm-email/#{token}")
-      assert redirected_to(response) == ~p"/users/settings"
+      assert redirected_to(conn) == ~p"/users/settings"
-      assert Phoenix.Flash.get(response.assigns.flash, :error) =~
+      assert Phoenix.Flash.get(conn.assigns.flash, :error) =~
               "Email change link is invalid or it has expired"
    end
    test "does not update email with invalid token", %{conn: conn, user: user} do
-      response = conn |> get(~p"/users/settings/confirm-email/oops")
+      conn = get(conn, ~p"/users/settings/confirm-email/oops")
-      assert redirected_to(response) == ~p"/users/settings"
+      assert redirected_to(conn) == ~p"/users/settings"
-      assert Phoenix.Flash.get(response.assigns.flash, :error) =~
+      assert Phoenix.Flash.get(conn.assigns.flash, :error) =~
               "Email change link is invalid or it has expired"
      assert Accounts.get_user_by_email(user.email)
@ -142,8 +141,8 @@ defmodule FirehoseWeb.UserSettingsControllerTest do
    test "redirects if user is not logged in", %{token: token} do
      conn = build_conn()
-      response = conn |> get(~p"/users/settings/confirm-email/#{token}")
+      conn = get(conn, ~p"/users/settings/confirm-email/#{token}")
-      assert redirected_to(response) == ~p"/users/log-in"
+      assert redirected_to(conn) == ~p"/users/log-in"
    end
  end
 end
--- a/app/test/firehose_web/live/editor_dashboard_live_test.exs
+++ b/app/test/firehose_web/live/editor_dashboard_live_test.exs
@ -1,5 +1,3 @@
 alias Firehose.Test.FakeBlog
 defmodule FirehoseWeb.EditorDashboardLiveTest do
  use FirehoseWeb.ConnCase, async: true
@ -43,13 +41,13 @@ defmodule FirehoseWeb.EditorDashboardLiveTest do
    ]
    {:ok, _} =
-      FakeBlog.start(posts,
+      Firehose.Test.FakeBlog.start(posts,
        blog_id: :test_blog,
        title: "Test Blog",
        base_path: "/blog/test"
      )
-    Application.put_env(:blogex, :blogs, [FakeBlog])
+    Application.put_env(:blogex, :blogs, [Firehose.Test.FakeBlog])
    on_exit(fn -> Application.delete_env(:blogex, :blogs) end)
    :ok
--- a/app/test/support/conn_case.ex
+++ b/app/test/support/conn_case.ex
@ -15,9 +15,6 @@ defmodule FirehoseWeb.ConnCase do
  this option is not recommended for other databases.
  """
  alias Firehose.Accounts.Scope
  alias Firehose.AccountsFixtures
  use ExUnit.CaseTemplate
  using do
@ -48,8 +45,8 @@ defmodule FirehoseWeb.ConnCase do
  test context.
  """
  def register_and_log_in_user(%{conn: conn} = context) do
-    user = AccountsFixtures.user_fixture()
+    user = Firehose.AccountsFixtures.user_fixture()
-    scope = Scope.for_user(user)
+    scope = Firehose.Accounts.Scope.for_user(user)
    opts =
      context
@ -77,6 +74,6 @@ defmodule FirehoseWeb.ConnCase do
  defp maybe_set_token_authenticated_at(_token, nil), do: nil
  defp maybe_set_token_authenticated_at(token, authenticated_at) do
-    AccountsFixtures.override_token_authenticated_at(token, authenticated_at)
+    Firehose.AccountsFixtures.override_token_authenticated_at(token, authenticated_at)
  end
 end
--- a/plans/fix-readme-issues.md
+++ b/plans/fix-readme-issues.md
@ -1,142 +0,0 @@
 # Fix README quality gate issues
 Zero defects: fix the 1 test failure, 41 credo issues, and 2 format issues reported in the README setup verification.
 ## 1. Fix test failure (1 issue)
 **File:** `app/test/firehose_web/controllers/blog_tags_test.exs`
 **Problem:** The `"clickable tags on index page"` describe block (lines 88–122) asserts on specific tag names (`meta`, `ai`) that appear on the engineering blog index. These tags come from blog post content and will change as posts are added/removed. The tag-link rendering is already an implementation detail of `Blogex.Components.post_meta/1` (which correctly renders `<a href="...">` links), and the other two tests in the block (releases tag link + styling class) already pass.
 **Fix:** Remove the entire `"clickable tags on index page"` describe block. Tag-link rendering is a component concern; the integration tests for tag pages (tag page loads, filtered posts, empty list, proper layout) remain and are sufficient.
 **Files changed:**
 - `app/test/firehose_web/controllers/blog_tags_test.exs` — remove lines 88–122 (the `describe "clickable tags on index page"` block)
 **Verify:** `mix test` → 142 tests, 0 failures
 ---
 ## 2. Fix credo issues (41 issues)
 ### 2a. Conn shadowing (35 issues — readability)
 **Files:**
 - `app/test/firehose_web/controllers/user_settings_controller_test.exs` — 9 occurrences
 - `app/test/firehose_web/controllers/user_session_controller_test.exs` — 12 occurrences
 - `app/test/firehose_web/controllers/user_registration_controller_test.exs` — 6 occurrences
 - `app/test/firehose_web/controllers/blog_controller_test.exs` — 6 occurrences
 - `app/test/firehose_web/controllers/blog_tags_test.exs` — 0 (already clean)
 **Problem:** `conn = get(conn, ...)` shadows the `conn` variable. Credo warns about this.
 **Fix:** Use `new_conn = get(conn, ...)` pattern or `conn |> get(...) |> ...` pipeline pattern. The project already has `refactor_conn_aliasing.sh` which can auto-fix these. Run it on each file, then review.
 **Files changed:**
 - `app/test/firehose_web/controllers/user_settings_controller_test.exs`
 - `app/test/firehose_web/controllers/user_session_controller_test.exs`
 - `app/test/firehose_web/controllers/user_registration_controller_test.exs`
 - `app/test/firehose_web/controllers/blog_controller_test.exs`
 ### 2b. Missing @moduledoc (2 issues — readability)
 **Files:**
 - `app/lib/firehose_web/user_auth.ex` — no `@moduledoc`
 - `app/lib/firehose/accounts/user_notifier.ex` — no `@moduledoc`
 **Fix:** Add `@moduledoc` to both modules.
 - `FirehoseWeb.UserAuth`: `"Authentication helpers for fetching, requiring, and redirecting users."`
 - `Firehose.Accounts.UserNotifier`: `"Email delivery for account-related notifications (confirmation, login, email update)."`
 ### 2c. Alias ordering (2 issues — readability)
 **Files:**
 - `app/lib/firehose/accounts/user_notifier.ex` — `Firehose.Mailer` before `Firehose.Accounts.User` (M > A, not alphabetical)
 - `app/lib/firehose/accounts.ex` — `UserToken` before `UserNotifier` in the group alias (To > N, not alphabetical)
 **Fix:** Reorder aliases alphabetically in both files.
 ### 2d. Nested too deep (1 issue — refactoring)
 **File:** `app/lib/firehose_web/user_auth.ex`, function `mount_current_scope/2` (line ~247)
 **Problem:** Nesting depth is 3 (max allowed is 2). The `if/case` nesting inside `assign_new` callback is too deep.
 **Current code:**
 ```elixir
 defp mount_current_scope(socket, session) do
  Phoenix.Component.assign_new(socket, :current_scope, fn ->
    if token = session["user_token"] do
      case Accounts.get_user_by_session_token(token) do
        {user, _token_inserted_at} -> Scope.for_user(user)
        nil -> Scope.for_user(nil)
      end
    else
      Scope.for_user(nil)
    end
  end)
 end
 ```
 **Fix:** Extract the token→user lookup into a private helper to reduce nesting:
 ```elixir
 defp mount_current_scope(socket, session) do
  Phoenix.Component.assign_new(socket, :current_scope, fn ->
    user = fetch_user_from_session(session)
    Scope.for_user(user)
  end)
 end
 defp fetch_user_from_session(%{"user_token" => token}) do
  case Accounts.get_user_by_session_token(token) do
    {user, _token_inserted_at} -> user
    nil -> nil
  end
 end
 defp fetch_user_from_session(_session), do: nil
 ```
 ### 2e. Nested module aliasing (2 issues — software design)
 **Files:**
 - `app/test/support/conn_case.ex:49` — `Firehose.Accounts.Scope` could be aliased
 - `app/test/firehose_web/live/editor_dashboard_live_test.exs:44` — `Firehose.Test.FakeBlog` could be aliased
 **Fix:** Add `alias` at the top of each module.
 - `conn_case.ex`: add `alias Firehose.Accounts.Scope` (or inline `Firehose.Accounts.Scope.for_user(user)` → already uses full path, add alias and use short form)
 - `editor_dashboard_live_test.exs`: add `alias Firehose.Test.FakeBlog`
 **Verify after all credo fixes:** `mix credo --strict` → 0 issues, exit code 0
 ---
 ## 3. Fix format issues (2 files)
 **Files:**
 - `app/lib/firehose_web/controllers/page_html/home.html.heex` — trailing whitespace on line 16
 - `app/lib/firehose_web/controllers/page_html/contact.html.heex` — long line on line 54 (inline `<a>` attributes should be split)
 **Fix:** Run `mix format` which auto-fixes both.
 **Verify:** `mix format --check-formatted` → 0 files not formatted, exit code 0
 ---
 ## Execution order
 1. **Test** — remove the fragile describe block, verify `mix test` passes
 2. **Credo** — fix all 41 issues across the files listed above, verify `mix credo --strict` passes
 3. **Format** — run `mix format`, verify `mix format --check-formatted` passes
 4. **Final gate** — run `mix precommit` (compile + deps.unlock + format + test) to confirm zero defects
 ## Risk assessment
 - **Test removal:** Low risk — the removed test checks implementation detail (specific tag names in post content). Tag-page integration tests remain.
 - **Conn shadowing:** Low risk — mechanical rename, no logic change.
 - **Moduledoc/alias ordering:** Zero risk — documentation/style only.
 - **Nesting refactor:** Low risk — extracts a simple helper, behaviour identical. Run full test suite to confirm.
 - **Format:** Zero risk — auto-formatted by mix.
--- a/plans/multi-line-conn-refactoring.md
+++ b/plans/multi-line-conn-refactoring.md
@ -1,192 +0,0 @@
 # Multi-line conn refactoring
 Extend `refactor_conn_aliasing.sh` (or replace with an Elixir tool) to handle multi-line `conn = verb(conn, ...)` patterns that the current script misses.
 ## Current state
 The script handles **single-line** triggers:
 ```elixir
 conn = get(conn, ~p"/path")
 ```
 It misses **multi-line** triggers (11 remaining credo issues):
 ```elixir
 conn =
  post(conn, ~p"/users/log-in", %{
    "user" => %{"email" => user.email, "password" => "pass"}
  })
 ```
 ## Multi-line trigger shapes
 Two forms observed in the codebase:
 ### Form A — verb on next line
 ```elixir
 conn =
  post(conn, ~p"/users/log-in", %{
    "user" => %{"email" => user.email}
  })
 ```
 `conn =` ends the line; the verb call starts on the next line with deeper indentation.
 ### Form B — verb on same line, args span multiple lines
 ```elixir
 conn = post(conn, ~p"/users/log-in", %{
  "user" => %{"email" => user.email}
 })
 ```
 `conn = verb(conn,` starts on one line but the arguments (maps, keyword lists) span multiple lines.
 ## Transformations
 The same four cases apply as for single-line, just with multi-line args preserved:
 ### Case 1 — assign + helper on next line
 ```elixir
 # Before
 conn =
  post(conn, ~p"/users/log-in", %{
    "user" => %{"email" => user.email}
  })
 response = html_response(conn, 200)
 # After
 response = conn |> post(~p"/users/log-in", %{
  "user" => %{"email" => user.email}
 }) |> html_response(200)
 ```
 ### Case 2 — assert helper on next line
 ```elixir
 # Before
 conn =
  post(conn, ~p"/users/log-in", %{
    "user" => %{"email" => user.email}
  })
 assert html_response(conn, 200) =~ "Welcome"
 # After
 assert conn |> post(~p"/users/log-in", %{
  "user" => %{"email" => user.email}
 }) |> html_response(200) =~ "Welcome"
 ```
 ### Case 3 — assert pattern match + helper
 Same as Case 2 but with `assert %{body: body} = html_response(conn, 200)`.
 ### Case 4 — multiple conn references ahead
 ```elixir
 # Before
 conn =
  post(conn, ~p"/users/log-in", %{
    "user" => %{"email" => user.email}
  })
 assert redirected_to(conn) == ~p"/"
 assert get_session(conn, :user_token)
 # After
 response = conn |> post(~p"/users/log-in", %{
  "user" => %{"email" => user.email}
 })
 assert redirected_to(response) == ~p"/"
 assert get_session(response, :user_token)
 ```
 ## Algorithm
 ### Phase 1 — Detect trigger start
 Match either:
 - `conn =` at end of line (Form A, verb on next line)
 - `conn = verb(conn,` where the line does not end with a balanced `)` (Form B, args continue on next line)
 ### Phase 2 — Accumulate the expression
 Read subsequent lines until the expression is complete. Track parenthesis/brace/bracket depth to find the closing boundary:
 - Start with depth from the trigger line (e.g., `post(conn, ~p"/path", %{` has depth 2: one `(`, one `{`)
 - For each subsequent line, update depth by counting opening vs closing delimiters
 - When depth reaches 0, the expression is complete
 Buffer all accumulated lines.
 ### Phase 3 — Extract verb and args
 From the accumulated block:
 - **verb**: the HTTP verb (`get`, `post`, `put`, `patch`, `delete`, `head`, `options`)
 - **args**: everything between `verb(conn,` and the final `)`, preserving original formatting (indentation, newlines)
 ### Phase 4 — Peek ahead for case classification
 Skip blank lines after the accumulated expression. Read the next non-blank line (`next_line`).
 Classify as Case 1, 2, or 3 using the same patterns as today (helper assignment, assert helper, assert pattern match).
 Then **look ahead further** (skipping blanks, stopping at `end`, `conn =`, `test`, `describe`) to check if `conn` is referenced again. If so, override to Case 4.
 ### Phase 5 — Emit output
 - **Cases 1–3**: emit a single merged pipeline line, inserting the multi-line args as-is:
  ```
  indent + var + " = conn |> " + verb + "(" + args + ") |> " + helper + "(" + status + ")"
  ```
  For multi-line args, the output will naturally span multiple lines.
 - **Case 4**: emit `response = conn |> verb(args)`, then rename `conn` → `response` in subsequent lines until scope boundary (`end`, `conn =`, `test`, `describe`).
 - **Fallback** (no conn on next line, no recognized pattern): emit the original trigger unchanged.
 ## Remaining issues to handle
 | File | Line | Verb |
 |---|---|---|
 | `user_settings_controller_test.exs` | 74 | `put` |
 | `user_settings_controller_test.exs` | 89 | `put` |
 | `user_session_controller_test.exs` | 76 | `post` |
 | `user_session_controller_test.exs` | 88 | `post` |
 | `user_session_controller_test.exs` | 119 | `post` |
 | `user_session_controller_test.exs` | 132 | `post` |
 | `user_session_controller_test.exs` | 144 | `post` |
 | `user_session_controller_test.exs` | 157 | `post` |
 | `user_session_controller_test.exs` | 171 | `post` |
 | `user_registration_controller_test.exs` | 44 | `post` |
 All in `app/test/firehose_web/controllers/`.
 ## Elixir implementation notes (for future session)
 An Elixir implementation would be simpler than the awk script because:
 - Read file into a list of lines (already a list data structure)
 - Pattern match on line content with guards
 - Recurse or use `reduce_while` over the line list with explicit state (`:normal`, `:accumulating`, `:triggered`, `:renaming`)
 - String manipulation with `String.split/2`, `String.replace/3`, etc.
 - No need for regex capture groups — use `String.starts_with?/2`, `String.contains?/2`, etc.
 - Parenthesis depth tracking is a simple integer accumulator
 Possible structure:
 ```elixir
 defmodule ConnRefactor do
  def refactor(file_path) do
    file_path
    |> File.read!()
    |> String.split("\n", trim: false)
    |> do_refactor([], :normal, %{})
    |> Enum.join("\n")
  end
  defp do_refactor(lines, output, state, context)
 end
 ```
--- a/refactor_conn_aliasing.sh
+++ b/refactor_conn_aliasing.sh
@ -37,59 +37,58 @@ for file in "${FILES[@]}"; do
  trap "rm -f '$tmpfile'" EXIT
  awk '
-  function is_hard_scope_boundary(line) {
+  # Detect trigger line: conn = VERB(conn, ARGS)
-    return (line ~ /^[[:space:]]*end$/ || line ~ /^[[:space:]]*conn =/ || line ~ /^[[:space:]]*(test|describe) /)
+  # where VERB is get/post/put/patch/delete/head/options
  /^[[:space:]]*conn = (get|post|put|patch|delete|head|options)\(conn, / {
    trigger_line = $0
    # Extract leading whitespace
    match($0, /^[[:space:]]*/)
    indent = substr($0, RSTART, RLENGTH)
    # Extract verb and args from: conn = verb(conn, args)
    rest = $0
    sub(/^[[:space:]]*conn = /, "", rest)
    # rest is now: verb(conn, args)
    paren_pos = index(rest, "(")
    verb = substr(rest, 1, paren_pos - 1)
    # args portion: everything after "conn, " up to the trailing ")"
    inner = substr(rest, paren_pos + 1)
    sub(/\)$/, "", inner)
    # inner is: conn, args
    sub(/^conn, /, "", inner)
    args = inner
    # Read the next non-blank line
    triggered = 1
    next
  }
-  function conn_used_ahead(start_idx,    i, line) {
+  triggered == 1 {
-    for (i = start_idx; i <= total_lines; i++) {
+    # Skip blank lines, accumulating them
-      line = lines[i]
+    if ($0 ~ /^[[:space:]]*$/) {
-      if (is_hard_scope_boundary(line)) return 0
+      blank_lines = blank_lines $0 "\n"
-      if (line ~ /conn/) return 1
+      next
    }
    return 0
    }
-  # Read all lines into array
+    next_line = $0
  { lines[NR] = $0 }
  END {
    total_lines = NR
    triggered = 0
    renaming = 0
    blank_lines = ""
-    for (idx = 1; idx <= total_lines; idx++) {
+    # Now look ahead: count how many subsequent lines (until scope boundary)
-      line = lines[idx]
+    # reference "conn" — to decide Case 4 vs Cases 1-3
    # We already have next_line. Check if next_line references conn.
    # Then peek further lines.
-      # If in renaming mode (Case 4 continuation)
+    # For simplicity: check if next_line matches Case 1, 2, or 3 patterns.
-      if (renaming) {
+    # If it does, check the line AFTER that for more conn references (Case 4 override).
        if (is_hard_scope_boundary(line)) {
          renaming = 0
          # Fall through: do NOT continue — let the line be processed normally below
        } else {
          gsub(/conn/, "response", line)
          print line
          continue
        }
      }
      # If waiting for next non-blank line after trigger
      if (triggered) {
        if (line ~ /^[[:space:]]*$/) {
          blank_lines = blank_lines line "\n"
          continue
        }
        next_line = line
        triggered = 0
    # Case 1: var = helper(conn, status)
    # helpers: html_response, json_response, text_response, response, redirected_to
    case1 = 0
    if (match(next_line, /^[[:space:]]*([a-z_]+) = (html_response|json_response|text_response|response|redirected_to)\(conn, [^)]+\)$/, m1)) {
      case1 = 1
      c1_var = m1[1]
      c1_helper = m1[2]
      # Extract status from helper(conn, status)
      match(next_line, /\(conn, ([^)]+)\)/, m1s)
      c1_status = m1s[1]
    }
@ -112,42 +111,39 @@ for file in "${FILES[@]}"; do
      c3_status = m3[3]
    }
-        # If Case 1/2/3 matched, check if conn is used further ahead
+    # If we matched Case 1, 2, or 3, emit the merged line
        # If so, fall through to Case 4
        if (case1 || case2 || case3) {
          if (conn_used_ahead(idx + 1)) {
            case1 = 0; case2 = 0; case3 = 0
          }
        }
    if (case1) {
      print indent c1_var " = conn |> " verb "(" args ") |> " c1_helper "(" c1_status ")"
      if (blank_lines != "") printf "%s", blank_lines
      blank_lines = ""
-          continue
+      next
    }
    if (case2) {
      print indent "assert conn |> " verb "(" args ") |> " c2_helper "(" c2_status ")" c2_tail
      if (blank_lines != "") printf "%s", blank_lines
      blank_lines = ""
-          continue
+      next
    }
    if (case3) {
      print indent "assert " c3_pattern " = conn |> " verb "(" args ") |> " c3_helper "(" c3_status ")"
      if (blank_lines != "") printf "%s", blank_lines
      blank_lines = ""
-          continue
+      next
    }
    # If next_line references conn at all, this is Case 4 territory
    # (multiple uses without a recognized single-merge pattern)
    if (next_line ~ /conn/) {
      # Case 4: rename to response
      print indent "response = conn |> " verb "(" args ")"
      if (blank_lines != "") printf "%s", blank_lines
      blank_lines = ""
      # Replace conn with response in next_line
      gsub(/conn/, "response", next_line)
      print next_line
      # Continue replacing conn->response in subsequent lines until scope boundary
      renaming = 1
-          continue
+      next
    }
    # No conn reference on next line — leave trigger unchanged (fallback)
@ -155,36 +151,32 @@ for file in "${FILES[@]}"; do
    if (blank_lines != "") printf "%s", blank_lines
    blank_lines = ""
    print next_line
-        continue
+    next
  }
-      # Detect trigger line: conn = VERB(conn, ARGS)
+  # Renaming mode for Case 4: replace conn with response until scope boundary
-      if (line ~ /^[[:space:]]*conn = (get|post|put|patch|delete|head|options)\(conn, /) {
+  renaming == 1 {
-        trigger_line = line
+    # Scope boundary: blank line, "end", reduced indentation, or new conn = assignment
-        match(line, /^[[:space:]]*/)
+    if ($0 ~ /^[[:space:]]*$/ || $0 ~ /^[[:space:]]*end$/ || $0 ~ /^[[:space:]]*conn =/) {
-        indent = substr(line, RSTART, RLENGTH)
+      renaming = 0
-
+      print
-        rest = line
+      next
-        sub(/^[[:space:]]*conn = /, "", rest)
+    }
-        paren_pos = index(rest, "(")
+    gsub(/conn/, "response")
-        verb = substr(rest, 1, paren_pos - 1)
+    print
-        inner = substr(rest, paren_pos + 1)
+    next
        sub(/\)$/, "", inner)
        sub(/^conn, /, "", inner)
        args = inner
        triggered = 1
        continue
  }
  # Normal mode: pass through
  {
    if (blank_lines != "") {
      printf "%s", blank_lines
      blank_lines = ""
    }
-      print line
+    print
    }
  }
  BEGIN { triggered = 0; renaming = 0; blank_lines = "" }
  ' "$file" > "$tmpfile"
  if $DRY_RUN; then
--- a/scripts/new-post.sh
+++ b/scripts/new-post.sh
@ -33,7 +33,7 @@ fi
 cat > "$file" <<EOF
 %{
  title: "${title}",
-  author: "Willem van den Ende",
+  author: "Firehose Team",
  tags: ~w(),
  description: "",
  published: false
--- a/transcripts/linux-notification.html
+++ b/transcripts/linux-notification.html
--- a/transcripts/yak-buffalo-notification-done.html
+++ b/transcripts/yak-buffalo-notification-done.html