Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@public/dashboard.html`:
- Around line 154-158: The progress bar string assigned to progressBar lacks
ARIA attributes; update the generated element for the progress bar (the div
containing class "bg-indigo-500 ...") to include role="progressbar",
aria-valuemin="0", aria-valuemax equal to a.total_sessions or 100 depending on
your model, aria-valuenow set to the numeric value (use a.attended_sessions or
pct), and an aria-label or aria-valuetext that describes the progress (e.g.,
“Progress: X of Y sessions (Z%)”) so screen readers can perceive the same info
as the visual meter; locate the variables pct, a.progress_pct,
a.attended_sessions and a.total_sessions and inject these attributes into the
progress bar div generation.

In `@src/worker.py`:
- Around line 13-14: Replace the EN DASH characters in the route documentation
string with normal hyphen-minus characters so the paths are copy-paste safe;
locate the module-level docstring or the string containing "GET  /api/dashboard 
– personal dashboard with progress stats" and "POST /api/attendance        –
mark session attendance           [auth]" and swap each "–" to "-"
(hyphen-minus) in that string.
- Around line 914-925: The loop builds hosted entries using dict-style row
access (r["id"], r["title"], etc.) which is inconsistent with the rest of the
file (use attribute access like row.id). Update the loop that iterates over
res.results to use attribute access (e.g., r.id, r.title, r.type, r.format,
r.schedule_type, r.participant_count, r.session_count, r.created_at) and also
map tag rows from t_res to t.name instead of t["name"]; keep the same
prepare/bind logic and the hosted append shape unchanged.
- Around line 1244-1255: The current check-then-insert/update using
env.DB.prepare with a SELECT then conditional UPDATE/INSERT on
session_attendance (session_id,user_id) is racy and lacks error handling;
replace it with an atomic upsert using SQLite's INSERT ... ON CONFLICT
(session_id, user_id) DO UPDATE to set status (or use a single SQL statement
executed via env.DB.prepare) and remove the separate SELECT branch, and if you
keep the two-step flow then wrap the INSERT in a try/except similar to api_join
to catch UNIQUE constraint errors, log the failure, and return a controlled
response via ok/error; target the block around the functions/variables
env.DB.prepare, session_attendance, new_id(), status, and ok().

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/worker.py`:
- Around line 915-917: The per-activity tag SELECT (using env.DB.prepare(...)
and binding r["id"] into t_res) must be replaced with a single batched query:
collect all activity IDs returned earlier, run one SELECT joining tags and
activity_tags with WHERE activity_id IN (...), then group results into a mapping
of activity_id -> list of tags in Python and use that map when building the
hosted and joined lists (the current per-row logic that reads t_res should be
switched to lookup in this map); also apply the same batching change for the
similar lookup around the code referenced at lines 943-945.
- Around line 1224-1228: The code currently defaults status = body.get("status",
"attended") which can silently mark missing statuses as attended; change this to
require an explicit status by using status = body.get("status") (no default) and
add a check if not status: return err("status is required"), then keep the
existing validation if status not in ("registered","attended","missed") to
return err("status must be registered, attended, or missed"); reference the
variables/status check and err(...) in the same block (status, session_id,
body.get, err) when making the change.
- Around line 1238-1242: The current gate uses is_host to allow hosts to bypass
enrollment (is_host from env.DB.prepare(...).bind(...).first()) so hosts can
write attendance without an enrollment row; change the logic to require an
enrollment row (enr) regardless of is_host by removing is_host from the
allowlist and returning err("You must be enrolled in this activity", 403) when
enr is falsy; keep the activity existence check if needed but do not let is_host
bypass the enrollment requirement in this handler.

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/worker.py`:
- Around line 1351-1358: The capture_exception call inside the exception handler
for the upsert in api_mark_attendance is missing request and environment
context; update the exception handling around
env.DB.prepare(...).bind(...).run() so that capture_exception(exc, req=req,
env=env, where="api_mark_attendance") (or the project's canonical param names)
is invoked before returning the error, ensuring req and env are passed alongside
exc and where to capture full context for debugging.

---

Duplicate comments:
In `@src/worker.py`:
- Around line 13-14: The route documentation in the docstring uses EN DASH
characters (–) after the paths (e.g. the lines with "GET  /api/dashboard        
– personal dashboard with progress stats" and "POST /api/attendance        –
mark session attendance           [auth]"); update those separators to the
standard ASCII hyphen-minus (-) so the lines become "GET  /api/dashboard        
- personal dashboard..." and "POST /api/attendance        - mark session
attendance..." to avoid copy-paste issues.
- Line 1063: Replace the deprecated synchronous decrypt() call with the async
decrypt_aes() and await it where the host_name is built (replace "host_name":
decrypt(r["host_name_enc"] or "", enc) with an awaited call to decrypt_aes);
ensure the enclosing function is async or that you use await within an async
map/gather, and wrap the await in try/except to catch RuntimeError (or any
decryption error) and log the error via the existing logger before falling back
to a safe value (e.g., empty string) so runtime failures for joined activities
don’t crash the endpoint.

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/worker.py`:
- Around line 999-1078: Add tests that cover the new /api/dashboard aggregation
and the enrollment-gated attendance upsert flows: create fixtures for activities
with zero sessions and with >0 sessions, users who are enrolled (enr_status
values including default "registered" and "active") and non-enrolled users, and
exercise re-marking the same session twice. For the dashboard endpoint assert
hosted and joined payload shapes (hosted, joined lists), joined[*].progress_pct,
joined[*].attended_sessions, stats keys (total_joined, completed, in_progress,
total_sessions_attended, hosted_count) and that zero-session activities yield
progress_pct 0 and don’t inflate in_progress; for attendance upserts simulate
attendance calls for an enrolled vs non-enrolled user and re-marking the same
session to ensure attendance increments only when allowed and idempotency holds.
Locate tests to cover the code paths populating joined, hosted, stats and the
enrollment-gated attendance upsert logic referenced in the PR.
- Around line 1059-1068: The code is calling the deprecated sync shim
decrypt(...) which raises RuntimeError; replace that call with the async decrypt
helper (e.g., await decrypt_async(...) or await decrypt(... ) if the async
function is named decrypt) when building the "host_name" field so the operation
is awaited and non-blocking; update the surrounding function (the
generator/handler that builds joined) to be async or perform an asyncio.gather
over multiple decrypt calls so the list comprehension/loop that produces joined
can await the async helper for r["host_name_enc"] and pass the enc parameter
correctly.

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@public/dashboard.html`:
- Around line 100-106: The variable totalParts (computed as hosted.reduce((s,a)
=> s + (a.participant_count||0), 0)) is dead code after switching to data.stats;
remove the totalParts declaration to clean up unused code (leave hosted,
participant_count, and statCard usage intact) so the dashboard.html no longer
computes an unused sum.