diff --git a/docs/CODEX_RESUME_PROMPT.md b/docs/CODEX_RESUME_PROMPT.md
new file mode 100644
index 0000000..e585997
--- /dev/null
+++ b/docs/CODEX_RESUME_PROMPT.md
@@ -0,0 +1,191 @@
+# Codex Resume Prompt — Trading Web Redesign + Cross-Workspace Audit
+
+Paste the contents of this file into a fresh Codex / Claude / Gemini agent
+session running on the **same machine** that did the original work
+(`Sar-M2-bl`, user `saravana`). The agent will pick up where the previous
+session left off and drive toward 100% completion of the audit backlog plus
+opportunistic improvements.
+
+The short "copy-paste" version of this prompt lives at the bottom of this
+file. The long version is the full agent brief — the short one tells the
+agent to read the long one.
+
+---
+
+## ── BEGIN AGENT BRIEF ──
+
+You are resuming an in-progress audit + redesign across two sibling repos on
+this machine. Two prior sessions already shipped the foundational work and
+the audit. Your job is to drive the open audit items to ✅ done with
+high-quality, no-regression commits. Do not start over. Do not skip the
+verification gates.
+
+### Step 0 — Required reads (do this BEFORE writing any code)
+
+Read these four files in order. They are the source of truth — anything
+contradicting them is wrong:
+
+1. `/Users/saravana/BytelystAI/trading/learning_ai_invt_trdg/docs/HANDOVER.md`
+2. `/Users/saravana/BytelystAI/trading/learning_ai_invt_trdg/docs/AUDIT_REDESIGN.md`
+3. `/Users/saravana/BytelystAI/learning_ai/learning_ai_common_plat/docs/HANDOVER.md`
+4. `/Users/saravana/BytelystAI/learning_ai/learning_ai_common_plat/docs/AUDIT_PLATFORM.md`
+
+After reading, summarise in your own words: which items are ✅ done, which
+are 🟦 in progress, which are ⬜ open, and which one you are about to
+attempt. If your summary disagrees with the audit doc tables, re-read.
+
+### Step 1 — Environment
+
+This machine has the private-registry token in `~/.zshrc`. Every shell you
+spawn must `source ~/.zshrc` before running `pnpm`. Without it `pnpm`
+prints `WARN: Failed to replace env in config: ${GITEA_NPM_TOKEN}` and the
+install will fail on private `@bytelyst/*` packages.
+
+```bash
+source ~/.zshrc           # gets GITEA_NPM_TOKEN onto your shell
+echo "$GITEA_NPM_TOKEN" | wc -c     # should print 41 (40 chars + newline)
+```
+
+### Step 2 — Verification gates (run BEFORE and AFTER every change)
+
+You MUST run the appropriate gate before claiming any item is ✅ done. If
+a gate fails after your change, you broke something — fix it before
+committing. Do NOT --no-verify. Do NOT skip hooks.
+
+**Trading repo gates** (`cd /Users/saravana/BytelystAI/trading/learning_ai_invt_trdg`):
+
+```bash
+npm --prefix web run typecheck            # → exit 0
+npm --prefix web run build                # → ✓ built
+npm --prefix web test                     # → 151+ pass / ≤4 known fails
+npx tsc --noEmit -p backend/tsconfig.json # → exit 0
+```
+
+**Platform repo gates** (`cd /Users/saravana/BytelystAI/learning_ai/learning_ai_common_plat`):
+
+```bash
+source ~/.zshrc
+pnpm typecheck                            # → exit 0
+pnpm test                                 # → ~2,200 pass
+pnpm lint > /tmp/lint.log 2>&1            # at the start: 85 pre-existing
+                                          # errors. After your fix: count
+                                          # MUST go down, not up.
+```
+
+The 4 known trading test failures are documented as audit items F7+F8.
+They are NOT regressions. If you see >4 failures, you regressed.
+
+### Step 3 — Priority queue (work top-down)
+
+These are ordered for highest-value-per-hour. Pick one, finish it, commit,
+push, tick the audit doc, then move to the next. Do not parallelise
+unrelated buckets.
+
+| #  | Repo     | Item   | What to do                                                                                          | Effort |
+| -- | -------- | ------ | --------------------------------------------------------------------------------------------------- | ------ |
+| 1  | trading  | E2     | Regen root `pnpm-lock.yaml` so CI sees `react-router-dom`, `@monaco-editor/react`, `@dnd-kit/*`     | 5 min  |
+| 2  | trading  | F7+F8  | Fix the 4 pre-existing test failures (`useTabFeatureFlags` cache + `EntryForm` alert)               | 1-2 hr |
+| 3  | trading  | B1     | Build RSI/MACD/Bollinger overlay toggles in `web/src/views/HomeView.tsx`'s `StockChart`             | 2-3 hr |
+| 4  | trading  | B2+B3  | Wire ★ Watchlist + 🔔 buttons in `TickerHeader`; pull company name from `fetchResearchProfile`        | 1-2 hr |
+| 5  | trading  | C2     | Add in-memory FMP cache (30-min TTL, key by full URL) — free tier is 250 req/day                    | 1-2 hr |
+| 6  | trading  | F6     | Tests for the 7 new backend endpoints (chart/bars, news, indices, research×3, screener)             | 2-3 hr |
+| 7  | trading  | C1     | Sandbox or refuse `strategyConfig.type === 'code'` in `/api/backtest/run`. Currently no handler.    | 4-6 hr |
+| 8  | trading  | B6     | Make `CodeStrategyEditor` "Save" actually persist via `createTradeProfile` (not just localStorage)  | 1 hr   |
+| 9  | trading  | D1     | Skeleton loaders for News, ResearchCards, Screener (replace plain "Loading…" text)                  | 1-2 hr |
+| 10 | trading  | D5     | Responsive layout: collapse sidebar + hide right panel under 1024 px                                | 3-4 hr |
+| 11 | platform | P-sweep| Per-package `pnpm --filter <pkg> lint:fix` for the 85 surfaced errors. ONE COMMIT PER PACKAGE.      | 2-4 hr |
+| 12 | trading  | G1-G4  | Mobile parity: news/research/screener tabs in Expo app. Code editor stays web-only.                 | days   |
+
+For each item the full description + acceptance criteria is in the
+corresponding audit doc row. Do not invent your own scope.
+
+### Step 4 — Commit conventions
+
+The previous sessions used these conventions. Match them exactly so the
+audit history stays grep-able.
+
+- One audit item (or one bucket of related items) per commit.
+- Subject line: `<type>(<id>): short description` — e.g.
+  `fix(B1): wire RSI/MACD/Bollinger overlay toggles`,
+  `test(F6): add coverage for /api/chart/bars`,
+  `chore(P-sweep): pnpm --filter @bytelyst/auth lint:fix`.
+- Body explains the WHY in present-tense prose, not a bullet list of files.
+  Reference audit IDs at the bottom: `Refs: docs/AUDIT_REDESIGN.md item B1.`
+- End with `Co-Authored-By: <model> <noreply@anthropic.com>` (use your
+  actual model name).
+- After committing, **edit the audit doc table row**: change `⬜` → `✅`
+  and put the short commit hash in the "Fix commit" column.
+
+### Step 5 — Things to NEVER do
+
+1. **Do not commit `pnpm-lock.yaml` regenerated as a side effect.** If
+   your work changes deps, mention it in the commit body and let the
+   reviewer decide. The platform repo currently has a +2.9k/-8.5k lockfile
+   diff sitting in the working tree from the prior session — leave it
+   alone unless you specifically own it.
+2. **Do not touch the nomgap WIP files** in the platform repo
+   (`docker-compose.ecosystem.yml`, `products/nomgap/product.json`,
+   `services/platform-service/src/modules/flags/seed.ts`). They belong to
+   another contributor's in-progress migration.
+3. **Do not refactor unrelated code** because you "noticed it while
+   nearby". Open a new audit row instead and let the human prioritise.
+4. **Do not skip verification gates.** "TypeScript passes locally" is not
+   verification — running the gate command and seeing exit 0 is.
+5. **Do not bulk-fix the 85 platform lint errors in one commit.** Each
+   package needs eyeball review (the autofixer can remove unused exports
+   that are public API). One package = one commit.
+6. **Do not push --force to main.** Backups exist
+   (`backup/main-20260504-061739` in trading,
+   `backup/main-20260504-062733` in platform) but rewriting public main
+   history is still the wrong move.
+
+### Step 6 — When you finish a chunk
+
+After each commit + push:
+
+1. Run the verification gates again (yes, again — the push hooks may have
+   reformatted files).
+2. Update the audit doc row.
+3. Briefly tell the human: which item ID, which commit hash, what gate
+   output you saw. Three sentences max.
+
+If you complete an entire bucket (all rows ✅), open a new section in the
+audit doc called "Bucket X — closed" with a one-paragraph retrospective
+(what was harder than expected, what surfaced as follow-up work).
+
+### Step 7 — When to stop and ask
+
+Stop and ask the human, do not guess, when:
+
+- An audit item's acceptance criteria is ambiguous and the existing code
+  has no precedent.
+- A fix would change a public API surface (exported function signature,
+  endpoint contract, schema field).
+- A gate fails and the failure is in code you didn't write and have no
+  context for.
+- You have closed everything in your priority slice and want to know what
+  to pick up next.
+
+Otherwise: keep going. The point of this brief is so you don't have to
+ping the human every 10 minutes.
+
+## ── END AGENT BRIEF ──
+
+---
+
+## Short copy-paste prompt for Codex
+
+Paste this single block into Codex / Claude / Gemini:
+
+```
+Resume the trading-redesign + platform-audit work on this machine. Read
+/Users/saravana/BytelystAI/trading/learning_ai_invt_trdg/docs/CODEX_RESUME_PROMPT.md
+in full first — it contains your full brief, the priority queue, the
+verification gates, and the commit conventions. Then start at the top of
+the priority queue (item E2, regen the root pnpm-lock.yaml) and work
+down, one commit per audit item, ticking the audit doc as you go.
+Source ~/.zshrc in every shell so GITEA_NPM_TOKEN is available. Do not
+skip verification gates. Do not touch the nomgap WIP files. When done
+with a chunk, push and tell me the commit hash + gate output in three
+sentences.
+```