# Capture changes into my fork

You're integrating one or more commits from a sibling GitHub fork into
the CURRENT WORKING DIRECTORY. The CWD should already be a clean git
working tree on a branch you're willing to commit to.

## Source thread: dropthejase rips out Supabase auth for Cognito

A full identity rebuild on AWS, with optional multi-factor login and a delete flow built for compliance.

| # | SHA | Subject | Fork | Authored |
|---|-----|---------|------|----------|
| 1 | [`0ae592f4`](https://github.com/dropthejase/louis/commit/0ae592f4ca17588f84a8e6617a5282877080da3d) | feat(infra): add AuthStack with Identity Pool, Lambda authorizer, per-user S3 po | `dropthejase/louis` | 2026-05-06 |
| 2 | [`2d294a87`](https://github.com/dropthejase/louis/commit/2d294a876cf39feb669df3a6cd910e24d46a692c) | feat(infra): add pre-token-gen Lambda for Cognito role claim injection | `dropthejase/louis` | 2026-05-07 |
| 3 | [`810abdef`](https://github.com/dropthejase/louis/commit/810abdef6d31a7f05fd8c46d16be0a5d0ea69b82) | feat(infra): Cognito User Pool (TOTP MFA, strong passwords, required attrs); nat | `dropthejase/louis` | 2026-05-07 |
| 4 | [`d6dbb5ef`](https://github.com/dropthejase/louis/commit/d6dbb5efbd14e6282409cb07207aed6d37c14fff) | chore(infra): delete unused Lambda Token authorizer | `dropthejase/louis` | 2026-05-07 |
| 5 | [`c95ee849`](https://github.com/dropthejase/louis/commit/c95ee8490c96ae33f55649106ad679ebafcd704c) | feat(backend): read userId from Cognito authorizer claims instead of Lambda cont | `dropthejase/louis` | 2026-05-07 |
| 6 | [`dfd69c1b`](https://github.com/dropthejase/louis/commit/dfd69c1b297dc84ffb67146b911af7066b6f48f2) | feat(frontend): Amplify Auth module; update Identity Pool to use Cognito id toke | `dropthejase/louis` | 2026-05-08 |
| 7 | [`559f50b7`](https://github.com/dropthejase/louis/commit/559f50b76c7bdeb9989a130a29325286e2874904) | feat(frontend): rewrite AuthContext and AwsContext to use Amplify Auth instead o | `dropthejase/louis` | 2026-05-08 |
| 8 | [`358951f9`](https://github.com/dropthejase/louis/commit/358951f9d605f9cbc396d427c4961da02f274568) | feat(frontend): replace supabase.auth.getSession() with getIdToken() across all  | `dropthejase/louis` | 2026-05-08 |
| 9 | [`99aa05a4`](https://github.com/dropthejase/louis/commit/99aa05a4091b3e5579782449c5a0071c9f9c07ad) | feat(frontend): signup page with email verification and TOTP MFA setup flow | `dropthejase/louis` | 2026-05-08 |
| 10 | [`67850660`](https://github.com/dropthejase/louis/commit/6785066062cc6ba3dc78a8948ad3305b4bc67da9) | feat(frontend): login page using Amplify signIn | `dropthejase/louis` | 2026-05-08 |
| 11 | [`28290d3c`](https://github.com/dropthejase/louis/commit/28290d3c8bcfd9cbea4c11a4e550294f0ea42450) | feat(task-13): env vars, replace supabase direct query with backend session-id e | `dropthejase/louis` | 2026-05-08 |
| 12 | [`f99ecb08`](https://github.com/dropthejase/louis/commit/f99ecb0815ef52f7e37bd360c311ae5263107579) | docs: update README and ARCHITECTURE for Cognito User Pool auth migration | `dropthejase/louis` | 2026-05-08 |
| 13 | [`396019f8`](https://github.com/dropthejase/louis/commit/396019f870890f12bdc152090ef51bd4eaabfd68) | docs: redraw architecture diagram to show Cognito User Pool, Pre-Token Gen Lambd | `dropthejase/louis` | 2026-05-08 |
| 14 | [`fe40ca91`](https://github.com/dropthejase/louis/commit/fe40ca91dc730d7b941dcd9c1cb1aca0e5717008) | feat(auth): post-confirmation and post-deletion lambdas, move supabase secret to | `dropthejase/louis` | 2026-05-08 |
| 15 | [`ce910c1e`](https://github.com/dropthejase/louis/commit/ce910c1e4481c62d691f7a2e09b0473a710958e8) | feat: replace Supabase deleteUser with Cognito AdminDeleteUser | `dropthejase/louis` | 2026-05-08 |
| 16 | [`5e6962d9`](https://github.com/dropthejase/louis/commit/5e6962d9b307a1b820638cff12cc98bba821f77e) | Remove pre-token-gen Lambda (Supabase RLS role claim, unused on Aurora) | `dropthejase/louis` | 2026-05-08 |
| 17 | [`2847ef2b`](https://github.com/dropthejase/louis/commit/2847ef2bd1f4cec8775488aa9c0a60d7f2024c33) | fix(backend): cascade delete user data before Cognito AdminDeleteUser | `dropthejase/louis` | 2026-05-08 |
| 18 | [`30088221`](https://github.com/dropthejase/louis/commit/30088221e5ffc608414e804c09c56278994578dd) | feat(infra): store email in user_profiles on Cognito post-confirmation | `dropthejase/louis` | 2026-05-08 |
| 19 | [`7b649fc4`](https://github.com/dropthejase/louis/commit/7b649fc445bbe17a2da8163fea487df2b3a50425) | Remove post-deletion Lambda (redundant - DELETE /user/account already cascades s | `dropthejase/louis` | 2026-05-08 |
| 20 | [`0a1d1a51`](https://github.com/dropthejase/louis/commit/0a1d1a51f88c7e860fc04da839dc0f5b8955f898) | Merge feature/cognito-auth: AWS migration complete (Aurora, AgentCore, Cognito) | `dropthejase/louis` | 2026-05-09 |
| 21 | [`943914bd`](https://github.com/dropthejase/louis/commit/943914bdc6601ee75007650d87cb926e640827e2) | chore: disable TOTP MFA on Cognito User Pool | `dropthejase/louis` | 2026-05-09 |
| 22 | [`95d538d8`](https://github.com/dropthejase/louis/commit/95d538d89cb82422cf1db5f0355cbca913b57f21) | fix: use access token for AgentCore calls (id token missing client_id claim) | `dropthejase/louis` | 2026-05-11 |
| 23 | [`ecc808c6`](https://github.com/dropthejase/louis/commit/ecc808c6fc3ea4093cb0d07df0bd34f1903d672f) | fix: remove allowedAudience from AgentCore JWT authorizer config | `dropthejase/louis` | 2026-05-11 |
| 24 | [`fdffba97`](https://github.com/dropthejase/louis/commit/fdffba97302bffcbdd77c039707c133b072abe12) | docs(readme): add MFA configuration note | `dropthejase/louis` | 2026-05-15 |
| 25 | [`7d621a00`](https://github.com/dropthejase/louis/commit/7d621a00ff5c0682fb4e5a466123bac8f4c91dcb) | feat(auth): enable optional TOTP MFA on Cognito User Pool | `dropthejase/louis` | 2026-05-15 |

### Commit URLs (for your tooling)

1. https://github.com/dropthejase/louis/commit/0ae592f4ca17588f84a8e6617a5282877080da3d
2. https://github.com/dropthejase/louis/commit/2d294a876cf39feb669df3a6cd910e24d46a692c
3. https://github.com/dropthejase/louis/commit/810abdef6d31a7f05fd8c46d16be0a5d0ea69b82
4. https://github.com/dropthejase/louis/commit/d6dbb5efbd14e6282409cb07207aed6d37c14fff
5. https://github.com/dropthejase/louis/commit/c95ee8490c96ae33f55649106ad679ebafcd704c
6. https://github.com/dropthejase/louis/commit/dfd69c1b297dc84ffb67146b911af7066b6f48f2
7. https://github.com/dropthejase/louis/commit/559f50b76c7bdeb9989a130a29325286e2874904
8. https://github.com/dropthejase/louis/commit/358951f9d605f9cbc396d427c4961da02f274568
9. https://github.com/dropthejase/louis/commit/99aa05a4091b3e5579782449c5a0071c9f9c07ad
10. https://github.com/dropthejase/louis/commit/6785066062cc6ba3dc78a8948ad3305b4bc67da9
11. https://github.com/dropthejase/louis/commit/28290d3c8bcfd9cbea4c11a4e550294f0ea42450
12. https://github.com/dropthejase/louis/commit/f99ecb0815ef52f7e37bd360c311ae5263107579
13. https://github.com/dropthejase/louis/commit/396019f870890f12bdc152090ef51bd4eaabfd68
14. https://github.com/dropthejase/louis/commit/fe40ca91dc730d7b941dcd9c1cb1aca0e5717008
15. https://github.com/dropthejase/louis/commit/ce910c1e4481c62d691f7a2e09b0473a710958e8
16. https://github.com/dropthejase/louis/commit/5e6962d9b307a1b820638cff12cc98bba821f77e
17. https://github.com/dropthejase/louis/commit/2847ef2bd1f4cec8775488aa9c0a60d7f2024c33
18. https://github.com/dropthejase/louis/commit/30088221e5ffc608414e804c09c56278994578dd
19. https://github.com/dropthejase/louis/commit/7b649fc445bbe17a2da8163fea487df2b3a50425
20. https://github.com/dropthejase/louis/commit/0a1d1a51f88c7e860fc04da839dc0f5b8955f898
21. https://github.com/dropthejase/louis/commit/943914bdc6601ee75007650d87cb926e640827e2
22. https://github.com/dropthejase/louis/commit/95d538d89cb82422cf1db5f0355cbca913b57f21
23. https://github.com/dropthejase/louis/commit/ecc808c6fc3ea4093cb0d07df0bd34f1903d672f
24. https://github.com/dropthejase/louis/commit/fdffba97302bffcbdd77c039707c133b072abe12
25. https://github.com/dropthejase/louis/commit/7d621a00ff5c0682fb4e5a466123bac8f4c91dcb

## What I want you to do

1.  **Sanity check first.**

    - Run `git status`. If the working tree is dirty (uncommitted
      changes you don't recognise, untracked stuff you don't expect),
      STOP and tell me — don't try to be helpful by stashing. I'll
      resolve it.
    - Run `git branch --show-current`. If the branch is `main` or
      `master`, confirm with me before proceeding.

2.  **For each commit URL above, in the order listed:**

    a.  Fetch the diff. Pick whichever works:
        - `gh api repos/<owner>/<repo>/commits/<sha>` returns the full
          patch in JSON.
        - WebFetch the URL with `.patch` appended, e.g.
          `https://github.com/<owner>/<repo>/commit/<sha>.patch`.

    b.  Read the original commit message. That's the AUTHOR's intent —
        respect it.

    c.  Read the diff and understand the change. **Don't blindly
        cherry-pick.** This is a sibling fork — paths, naming, and
        structure can differ. You're porting, not pasting.

    d.  Compare against THIS repo's layout:
        - File at the same path → apply the change.
        - File exists under a different name (renamed / restructured) →
          apply the equivalent change at the right location.
        - File doesn't exist here at all → decide: new file we want, or
          is the source adding something this repo already has by
          another name? Use judgement. Lean towards creating the file
          when in doubt — easier for me to delete than to recreate.

    e.  Apply the change. Run `git diff` after, eyeball it, fix
        obvious issues (lint errors, broken imports, typos in the diff
        itself).

    f.  Commit with a message that:
        - Preserves the source commit's subject line.
        - Adds a short body explaining what you adapted, if anything.
        - Includes trailers:

              Source: <commit-url>
              Source-author: <original author name>

        so the attribution stays clear.

3.  **After all commits are applied:**

    - Run `git log --oneline -<count>` showing what you produced.
    - Show `git status` final state.
    - List any files you skipped, conflicts you resolved, and any
      assumptions you made.

## Rules

- **Do not push.** Local commits only. I'll review and push.
- **Do not rebase or force.** Only fresh commits. If you'd otherwise
  need a force push, stop and explain why.
- **Don't touch `.git/config` or run `git remote add`.** Leave my
  repo's remote setup alone.
- **No package installs, build steps, or migrations** unless the
  change manifestly requires it AND you explicitly tell me what
  you're about to run first.
- **One commit per source commit.** Don't squash. Don't split. If
  porting genuinely requires either, explain.
- **Read existing code before changing it.** This isn't the source
  fork. Match the local style.

## If you get stuck

Stop and tell me. Show what you've already done (commits made, files
changed), what blocked you (conflict, missing file, ambiguous intent),
and your recommended next move. I'd rather ship 3 of 5 commits cleanly
than have you guess on the 4th and break things.