# Support multiple users on Palace Ring **Linear:** MAN-86 — https://linear.app/manglasabang/issue/MAN-86/support-multiple-users-on-palace-ring **Status:** Ace is working on this **Project:** default ## Description Goal: Go from 1 user (Junwon) to 2 users (Junwon + Elizabeth). 1→2 is the hard work; 2→4 will be easy once this is done. Elizabeth's test account: username `elizabeth`, palace `whitehall`, butler `william`, password `whitehall`. ## Architecture The palacering app (`/code`) runs on the prepalacering VM. Palace data is NOT on the VM for Junwon — `palaces/manglasabang/` stays on Junwon's Mac. The VM connects to the Mac via Tailscale and reads Junwon's palace data over the network. Elizabeth's palace (`palaces/whitehall/`) lives on the VM itself. This means: * Compute (app) → prepalacering VM * Junwon's data → Mac, accessed over Tailscale * New users' data → VM filesystem ## Subtasks * MAN-84: Deploy Palace Ring to prepalacering for Junwon (do this first) ## Work **1. Auth system** * Build login endpoint: username + password → session cookie * Add middleware that extracts logged-in user from every request * Protect all API endpoints — reject requests with no valid session * Login screen at [pre.palacering.com]() **2. Dynamic palace path resolution** * Replace hardcoded `"manglasabang"` with the logged-in user's palace name in all data API endpoints * Junwon's palace path resolves over Tailscale to his Mac * Elizabeth's palace path resolves to a local directory on the VM * Affected: `api/diary/day.ts`, `api/diary/chat.ts`, `api/health/day.ts`, `api/health/chat.ts`, `api/notebook.ts`, `api/tasks.ts`, `push.ts`, `mail/subscribe.ts` **3. Redis namespacing** * All thread-store Redis keys must be prefixed with user ID * Current prefix `"pc-threads:"` → `"pc-threads:{userId}:"` * Prevents cross-user data collision **4. Session log isolation** * Session log files in `web-bridges.ts` and `session-tails.ts` go into a shared directory with no user separation * Add per-user subdirectory or user-prefix to filenames **5. Butler identity per palace** * ClaudeBridge must be initialised with the logged-in user's palace root * Butler loads identity files from that palace (name, palace name, user name) * William must know he is William serving Elizabeth in Whitehall **6. Provision Elizabeth's palace on prepalacering VM** * Copy `palaces/modelpalace/` to `/palaces/whitehall/` on 5.78.153.101 * Confirm file isolation: Elizabeth's requests cannot reach Junwon's files ## Checks - [ ] Elizabeth can load [pre.palacering.com]() and see a login screen - [ ] Elizabeth logs in with `elizabeth / whitehall` and lands in her palace - [ ] Elizabeth's diary shows no data from Junwon's diary - [ ] Elizabeth writes a diary entry — it appears in `/palaces/whitehall/palaceappsdata/palacediary/` - [ ] Junwon's diary is unaffected, reads from Mac over Tailscale - [ ] Elizabeth's butler greets her as William, knows the palace is Whitehall - [ ] Junwon logs in and still sees his palace normally - [ ] Two simultaneous sessions do not collide in Redis or session logs