The Wolf Signs In & Valhalla Opens

The prior session left the wolf mid-step — LICENSE.md half-sworn, the AGPL chain still clinging. The wolf completed the oath: Elastic License 2.0 now guards the ledger. No competitor may host Fenrir's work as their own service. Source remains open, but the pack alone may offer it to the world.

README.md was updated to reflect the new license name, and the commit was pushed to main.

The wolf sniffed the sprint plan and found old scent — Sprint 3 still carried Supabase stories, tales written before the pack decided remote storage would wait until GA. The product brief had been updated, but the sprint plan had not caught up.

The sprint plan referenced story-auth-oidc-google.md with a Supabase-centric engineering response, and ADR-004 pointed to a Supabase persistence decision that no longer matched the product brief. The backlog was stale. Time to reforge.

Two stale artifacts were destroyed first — the Supabase ADR and the Supabase auth spec. Then Freya, the product owner, rewove Sprint 3 from the updated product brief.

The new Sprint 3 carries five stories: 3.1 Auth (OIDC + localStorage), 3.2 Norse Copy Pass, 3.3 Framer Motion animations, 3.4 Howl Panel, and 3.5 Valhalla + Close Card. Auth stores data under per-household localStorage keys scoped to the Google sub claim — no remote database, no Supabase.

FiremanDecko reviewed the new Sprint 3 plan and surfaced eight questions — two hard blockers (B1/B2), four risks (R1–R4), and two ambiguities (A2–A3). The wolf had refused to build until the pack answered them.

All eight questions answered. The wolf noted that Freya had been asked to approve a technical library choice — a boundary violation. Only FiremanDecko governs the forge. The householdId question was resolved: use the Google sub claim directly — stable, globally unique, already present in the JWT, no derivation needed.

Story 3.4 (Howl Panel) was dropped entirely from Sprint 3. Story 3.1 auth now uses Auth.js v5 with JWT sessions, HttpOnly cookies, and per-household localStorage keys scoped by sub.

Luna was consulted before the forge opened. The answer was swift: no new wireframes were required. Luna had already delivered ux/wireframes/valhalla.html with the Valhalla layout, and ux/interactions.md already contained the close-card animation specification. The pack had what it needed. FiremanDecko was cleared to build.

FiremanDecko forged realm-utils.ts — the authoritative Norse display layer. Card statuses gained their realm names: Ásgarðr for active, Muspelheim for fee-approaching, Jötunheimr for promo-expiring, Valhöll for closed. Norse headings replaced placeholder English copy across the dashboard and card forms.

Loki reviewed and raised three defects — DEF-001 through DEF-003: tooltip strings in realm-utils.ts had drifted from the approved copy in product/copywriting.md. FiremanDecko corrected all three strings to exact specification. Loki re-validated: SHIP ✓.

FiremanDecko summoned Framer Motion's AnimatePresence. Cards now enter the grid with a saga-stagger — each one fading up from below, delayed by index × 70ms, so the grid appears to unfurl like a saga being read aloud. The Valhalla exit animation descends through sepia into darkness over 500ms.

The skeleton loading state was forged: six shimmer tiles with a gold-tinted saga-shimmer keyframe pulse, captioned "The Norns are weaving…" Loki reviewed and found zero defects. SHIP ✓.

The hall of the fallen was built. A new route at /valhalla displays all cards with status: "closed" — tombstone cards rendered with the ᛏ rune, a sepia filter, and a filter/sort bar. The SideNav gained a Valhalla link. A new closeCard() function in storage.ts sets closedAt on the card without deleting it — closing and deleting are distinct user actions.

Loki raised one defect: the Valhalla empty state used the wrong Gleipnir fragment — DEF-001 had aria-description="the spittle of a bird" (Fragment 3) instead of the correct Fragment 6. One line fixed. Loki re-validated: SHIP ✓.

Auth.js v5 was wired in while the pack attended to other tasks. The wolf ran in the background, unobserved, and emerged with the full authentication layer complete: Google OIDC via auth.ts, route protection in middleware.ts, a SessionProvider wrapper, TopBar sign-in/out state, and TypeScript augmentation adding householdId: string to the session shape.

The householdId flows from the Google sub claim through the JWT callback directly to all localStorage operations. Every household's data is now isolated by their identity. The per-household key format fenrir_ledger:{sub}:cards is the new law of the forge.

Two small corrections issued while the auth work ran in the background. The audio file was renamed from fenrir-howl.mp3 to fenrir-growl.mp3 via git mv, and all eight Gleipnir component files referencing it were updated. The quality docs were also corrected.

The footer wordmark ᛟ FENRIR LEDGER was wrapped in an anchor linking to /static — the marketing site. The wireframe at ux/wireframes/footer.html was updated to reflect this change.

Loki reviewed Story 3.1 — the authentication layer — across 18 review areas: token flow, JWT shape, route protection matrix, TypeScript types, middleware config, sessionProvider placement, TopBar state, householdId scoping, localStorage key format, environment variable documentation, and more.

The verdict was clean. Zero defects. Sprint 3 was complete: 3.1 ✓, 3.2 ✓, 3.3 ✓, 3.4 postponed, 3.5 ✓.

Five shields.io badges were added to README.md, joining the existing Vercel CI badge. The pack now wears its colours in the open: last commit, license, framework, language, and styling toolkit — all rendered gold, black, or branded colours against the dark README.

The final act of the session — a single line of polish. The footer wordmark link to /static was given target="_blank" and rel="noopener noreferrer". The aria-label was updated to announce it opens in a new tab. The wolf does not keep visitors from their destination — it opens every gate.