Changelog
What shipped, when, and why
Entry-by-entry notes for augment-it, following the Lossless changelog conventions.
id.didi.sh is live — the full loop, clicked
DNS validated, the Let's Encrypt cert issued, and the operator clicked a production magic link end to end: an email from no-reply@didi.sh, the scanner-proof /access confirm page at https://id.didi.sh, and a didi_session cookie scoped to .didi.sh. The platform's one-login promise works in production, on the canonical URL, same day the domain was bought.
Production magic links land in a real inbox
Steps 1 and 2 of the humain-vc unlock close on production: a hand-rolled Resend adapter over Req delivers real sign-in emails from the deployed service, orgs and memberships exist with mix tasks to seed them, and production carries Michael's full identity — plus two infrastructure bugs found and fixed along the way.
One person, many addresses — email aliases land
A didi.sh ID now carries alt emails: a magic link to any alias authenticates the same didi_id. Normalized from the start (a user_emails table, globally unique across primaries and aliases) instead of merge-chained after the fact — the fullstack-vc lesson, applied preemptively.
Deployed — the identity service goes live on Fly
The walking skeleton left the laptop: id-didi-sh runs on Fly.io in lax with the libSQL file on a mounted volume, secrets set without ever being displayed, JWKS serving the production Ed25519 key at id-didi-sh.fly.dev — and a TLS cert issued for id.didi.sh, two DNS records away from the real domain.
Credential-posture splash — the one-login pitch goes public
The repo gets its GitHub Pages presence: an Astro splash dressed as an identity document — guilloche engraving, a SPECIMEN ID card as the hero object, stamp chrome — pitching one login to fast-track DD-ready materials, with the three services near-copied from ai-labs/splash and a CTA pointed at id.didi.sh.
Walking skeleton — magic link to signed cookie, proven live
Increment 1 ships the same day as the scaffold: a Phoenix app with the full identity schema, an Ed25519 keypair behind a JWKS endpoint, and the whole magic-link → didi_session cookie → /api/me → refresh → logout loop — 19 tests green and every step proven against the live server by a curl script.
Repo scaffold — the identity plane gets its home
id-didi-sh exists: the repo for the didi.sh identity service, scaffolded with the tree's universal directories, a README that carries the contract and the increment plan, and a CLAUDE.md that marks this as the Lossless tree's polyglot (Elixir) exception.