What it is
"Agoge" is the educational arm of the SPS portfolio. Three products live under the Agoge Development LLC umbrella, all focused on higher-education and learner-facing software: Agoge Academic Advisor (AAA), UniversalGrader (a.k.a. Agoge Platform), and LedgerLearner. Marketing site at agogedev.com.
Topology
FastAPI + SQLite] end subgraph U[UniversalGrader] UG[Course / grading tool
Azure App Service] end subgraph L[LedgerLearner] LL[Socratic accounting tutor
ledgerlearner.app] LL_SMOKE[ledgerlearner-smoke
eval harness] end USR((Advisor / instructor / student)) --> CF[CF Access
Google IdP] CF --> AAA_FE AAA_FE --> AAA_BE AAA_BE -->|enrolled?| MSU[MSU sources] USR --> UG UG --> AZURE[(Azure DB)] USR --> LL LL --> LL_API[Anthropic API]
Agoge Academic Advisor (AAA) live
Virtual academic advisor for MSU's Broad MSBDSA program. FERPA-by-architecture: handles student-identifying or grade-related data, but minimizes what it actually processes. Live at advisor.sandpointstudios.ltd.
Hosting
| Code | /opt/agoge-academic-advisor/ on vigil-server |
| Backend | FastAPI + systemd unit aaa-backend, bound to 127.0.0.1:8006 (localhost only) |
| Frontend | React/Vite, served by the same backend or via CF Pages |
| DB | SQLite at /opt/agoge-academic-advisor/data/aaa.db |
| Prod env | /etc/agoge-academic-advisor/aaa.env |
| Public URL | advisor.sandpointstudios.ltd via the cloudflared tunnel |
Auth posture (CLEAN 2026-05-11)
The auth chain is fully production-mode as of 2026-05-11:
- Door: Cloudflare Access OAuth (Google IdP) at the edge. User must be on the Access allowlist for app id
2788b8f6-51ce-457d-add9-244eae09839c. - App: FastAPI reads the
Cf-Access-Authenticated-User-Emailheader. Safe to trust because port 8006 binds localhost-only — only cloudflared can reach it. - RBAC:
app/services/rbac.pyrequires a row in theadvisorstable before identity is granted. No row → 403. No env-only fallback. NoDEV_MODEbranch.
reference_oidc_sso_pattern.md).
Advisor roster (8 seeded)
| Person | |
|---|---|
tdixon@msu.edu | Teagan Dixon |
richardsje@msu.edu | Jessica Richards |
declercq@msu.edu | Cheri DeClercq |
batesan4@msu.edu | Andrea Bates |
doming15@msu.edu | Vickie Lehtonen |
delgadof@msu.edu | Julie Delgado |
grimes18@msu.edu | Casey Grimes |
fmd1074@gmail.com | Julie Delgado (alt) |
Display names in DB are still NetIDs (e.g. batesan4) pending a cosmetic SQL update. Vickie + Casey role decision (admin vs advisor) open. CF Access allowlist needs widening from "Teagan only" to all 8 emails.
Scope expansion
Per project_aaa_users_and_scope.md: Jessica + Cheri are the primary advisor users (NOT Richard, who uses the UniversalGrader suite). Scope is expanding beyond MSBDSA — Julie's Healthcare Management program is owed in a dedicated session with Julie present. Multi-program data model needs to be designed before that lands. Full automation owed before Teagan's summer-in-MX so she can stay out of the day-to-day.
UniversalGrader (Agoge Platform) live
Course and grading tool, Azure-hosted. The repo is named UniversalGrader; the product is marketed as "Agoge Platform" externally. Used by instructors (Richard among them) for autograded assignments. Live at app.agogedev.com.
| Hosting | Azure App Service |
| Frontend | Cloudflare Pages |
| DB | Azure DB |
| Ports (local dev) | 8002 backend / 3002 frontend |
| Repo | teaganwins-dev/UniversalGrader |
| Local source | ~/dev/UniversalGrading/ |
Collaborators
Arthur (arthurSPS) was added with write permission 2026-05-17 as part of his Agoge learning trio access (invite pending acceptance).
LedgerLearner live
Socratic accounting tutor — guides students through accounting problems by asking probing questions rather than handing over answers. Sibling repo ledgerlearner-smoke holds an eval harness used to validate prompt + scoring changes against a known-answer set before they ship.
| Hosting | ledgerlearner.app (apex) |
| Repo | teaganwins-dev/ledgerlearner |
| Eval harness | teaganwins-dev/ledgerlearner-smoke — runs scored Q&A against the live model |
| Local source | ~/dev/LedgerLearner/ |
Arthur (arthurSPS) has write permission as of 2026-05-17.
Data
| AAA | SQLite at /opt/agoge-academic-advisor/data/aaa.db — advisor accounts, advisor-student touchpoint logs, program metadata. FERPA-relevant per-user separation enforced by RBAC. |
| UniversalGrader | Azure DB — courses, assignments, submissions, grades. FERPA-relevant. |
| LedgerLearner | Question library + per-session conversation logs. No PII unless students enter it. |
Dependencies
- Cloudflare Access — door for AAA.
- cloudflared tunnel on vigil-server — exposes AAA at advisor.sandpointstudios.ltd.
- Azure App Service — UniversalGrader hosting.
- Anthropic API — LedgerLearner Socratic conversation engine.
- MSU data sources — AAA reads enrollment metadata; minimized to need-to-know.
Roadmap
- AAA: CF Access allowlist widening to all 8 advisors (currently Teagan-only). Cosmetic display-name SQL update. Vickie + Casey role decisions. Multi-program data model for Julie's Healthcare Management program.
- Pre-MX: full AAA automation so day-to-day advising load doesn't require Teagan being present.
- UniversalGrader: ongoing — Arthur ramping up via the new collaborator invite.
- LedgerLearner: ongoing — eval harness gates prompt changes.
- NDA / FERPA: the contributor NDA template (see
~/dev-context/legal/contributor-nda-template.md) has a FERPA-equivalent Section 6 that applies before Arthur gets full AAA access. Counsel review still owed.
Related
- Cloudflare Access + Mailcow in shared infra.
- Vigil Steward / Iris — eventually orchestrates the morning briefing on AAA enrolment data.