cocottetech/@platform/codebase/@features/ai-copilot/docs/surface-screening.brief.md
natalie 1b719e1fd7 chore(bootstrap): initial V4 commit
Clean successor to V3 (forge: lilith/atlilith). Seeded from local Mac
working tree at ~/Code/@projects/@cocottetech/. node_modules and build
artifacts excluded via .gitignore.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 08:11:41 -07:00

16 KiB

surface-screening — Client-screening platforms as a managed surface category

Deep brief for third-party client-screening platforms — Preferred411, VerifyHim, SafeForSelect, NotABlacklist, ProviderScreening, TheLastResort, BookingBlacklist, ClientBlacklist (per O §N6).

These are safety-critical surfaces distinct from native directory reviews (per surface-tryst.brief.md §8) and distinct from Cocotte's own provider-coop (brief N). They live in their own per-surface brief because the verbs, UX, and risk profile differ meaningfully from N1 content or N2 directories.

Follows the surface-tryst.brief.md 13-section template with Generalization callouts — written so additional category briefs (surface-bio-links.brief.md, surface-reviews.brief.md, etc.) inherit structure.

§1 Surface identity

  • What screening platforms are: subscription services that vet prospective clients. Quinn submits a prospect's identifiers (phone / email / handle); the platform returns a risk-tier verdict based on its database of prior reports + community blocklist.
  • Audience model: providers-only. Clients never directly interact (some require client-side cooperation, e.g. preferred411 client-side verify-form, but Quinn drives).
  • Quinn's positioning: Quinn pays for ~3 screening services concurrently (subscription redundancy = better signal). She runs prospects through them before high-stakes engagements (overnight, tours, premium-tier).
  • Why screening is a managed surface: every "is this prospect safe?" question Cocotte must answer involves a screening lookup. Automating this is high-leverage for safety AND time-saved.

Generalization callout: every per-surface brief opens with surface identity. Screening shares the safety-critical positioning with N-coop intel; distinguishes itself by being third-party paid services vs peer-coop vs Quinn's personal K1.

§2 Auth & connect

Each screening platform has its own auth shape. Common patterns:

  • Preferred411 / VerifyHim / SafeForSelect: subscription login (username + password + optional 2FA), web-session adapter.
  • NotABlacklist / BookingBlacklist / ClientBlacklist: free-tier read-only access, may not require auth at all (public-blocklist style).
  • ProviderScreening / TheLastResort: subscription + per-lookup credits.

Connect flow follows the tryst-connect.screen.md pattern with surface-specific overrides:

  • Most use Quinn's stored credentials from v2-ported credentials vault (see _engineering-credentials-vault.md).
  • 2FA challenges handled by surface-side flow; Cocotte yields and resumes.

Generalization callout: same connect pattern as Tryst — per-surface variants differ in credential shape (cookie / login+pwd / API key) and verify-call. The shared tryst-connect.screen.md template generalizes to screening + reviews + bio-links.

§3 Profile data model

Screening platforms have no Quinn-side profile — they're consumer-only. Quinn's account exists; her "profile" is just subscription state.

The data model is per-lookup: each screening request is a transaction.

Field Type Notes
prospect_identifier text (hashed at rest) phone / email / handle Quinn submits
screening_service enum which platform handled the lookup
verdict enum green / caution / red / not_found / unverified
risk_factors json platform-specific flag list (NON_PAY / AGGRESSIVE / NO_SHOW / etc.)
report_count int how many prior reports underpin this verdict
last_report_at timestamp most recent prior incident
submitted_at timestamp when Cocotte ran the lookup
subscriber_notes text community-submitted free-form context

Screens consuming this: screening-lookup.screen.md, screening-history.screen.md (both to be written; deferred).

Generalization callout: surfaces that are lookup services (not posting-driven) have transaction-based data models rather than profile-state models. Per-surface brief documents transaction shape; this pattern applies to all N6 + N4 partial (e.g. coop intel lookups).

§4 Visibility heartbeat (N/A)

Screening platforms have no bump-equivalent — they're consumer-only. Quinn's subscription stays active or lapses; that's the only ambient state.

Generalization callout: not every surface has a bump-equivalent. Per-surface brief flags absent + documents subscription-state UX (renewal notices, cancel flows) instead.

§5 Inbox / DM mechanics (N/A)

Screening platforms have no inbound DMs. Their "inbox" is the queue of screening requests Quinn submitted + their results.

Generalization callout: same — lookup services have no DM model. The "inbox" UX is replaced by a "history" UX (per-lookup transactions list, similar to brief I audit-drawer).

§6 Verification (cross-platform-shared identity)

Screening platforms don't verify Quinn; they verify prospects. Quinn's identity is verified only via subscription-payment (per brief Z).

Per-prospect verification flow varies:

  • Preferred411 "client-cooperative" verify: prospect must submit their own info to Preferred411 (an alternative to Quinn-side lookup). When this happens, Cocotte ingests the result via P411's webhook + surfaces in the screening-history view.
  • NotABlacklist / BookingBlacklist: pure read-only lookups; no prospect-cooperation.

Generalization callout: lookup surfaces don't have provider-side KYC. They may have prospect-side verification flows; per-surface brief documents which support this.

§7 Location lock (N/A)

Screening services are jurisdiction-agnostic (mostly). Per-surface brief flags absent.

Screening platforms aren't review sites (those are N7 — theeroticreview, punternet, etc.). The two are conceptually adjacent:

  • Screening (N6): "is this client safe?" — verdict-based.
  • Reviews (N7): "what was this provider like?" — narrative-based.

Cocotte ingests both into the same safety_intel graph (with provenance per source).

Generalization callout: per-surface brief flags cross-references to adjacent categories. Important for not duplicating UX across briefs.

§9 Native metrics

Each screening platform exposes consumption metrics: lookups-remaining (for credit-based services), subscription expiry, queue depth (if any). Cocotte surfaces these in settings → screening category.

Aggregate metric: screening coverage rate — what % of new engagement_events get auto-screened before Quinn engages? Trended in analytics-dashboard.screen.md T2 funnel panel.

Generalization callout: most surfaces expose consumption / subscription metrics. Per-surface brief documents.

§10 Surface-side blocklist (the inversion)

Unlike directories where Tryst-side block hides Quinn from a client (per surface-tryst.brief.md §10), screening-side block works the other way:

  • Quinn submits a prospect to NotABlacklist / BookingBlacklist (these are submission targets, not consumption sources).
  • The submitted entry becomes visible to other providers on the platform.
  • Quinn's K1 personal block is also mirrored to screening platforms with an opt-in chip on add-blocklist-entry.screen.md: "Also submit to NotABlacklist / BookingBlacklist (other providers will see)."

This is structurally similar to brief N coop reporting (provider-to-provider warning).

Generalization callout: submission-target surfaces (where Quinn contributes data to a peer network) have inverted block UX vs consumption-target surfaces. Per-surface brief documents direction.

§11 Rate / service editing UX (N/A)

No structured-field editing on screening platforms — Quinn doesn't have a Tryst-style profile here.

Generalization callout: per-surface brief flags absent for non-posting surfaces.

§12 Failure modes

Screening-specific failure dictionary:

Failure Detection UX surface Voice register
Subscription lapsed platform returns "subscriber inactive" on lookup high-stakes interrupt; auto-pause auto-screening plain
Lookup credits exhausted per-lookup credit balance hits 0 banner + refill route plain
2FA challenge mid-lookup platform redirects high-stakes interrupt plain
Prospect not found empty verdict inform Quinn + log "no prior reports" — neutral, not failure hearth/working
Platform downtime timeout on lookup endpoint per brief M §M2a soft-degrade; alternate-screening fallback plain
Subscription cancellation surprise next-billing-cycle email surfaces in iMessage / email banner: "Your Preferred411 sub canceled. Re-subscribe to keep screening?" plain
Platform deprecation / merger platform tells Cocotte it's shutting down banner with migration recommendations plain

Generalization callout: every surface has a failure dictionary. Per-surface brief documents the surface-specific symptoms.

§13 Voice register on screening surfaces

When Cocotte surfaces screening results to Quinn (in chat or audit), voice register is plain — safety-critical, no metaphor. "Felix verified green on Preferred411" not "Felix passed muster."

When Cocotte communicates to the screening platform (e.g. submitting a blocklist report), it uses the platform's own form-shape (typically structured fields, not free text).

Generalization callout: per-surface persona / voice differs. Screening uses plain throughout because misread verdicts are dangerous. Brief T's analytics dashboard uses working register on screening-related metrics (e.g. coverage rate).

§14 Conversational management (canonical entry points)

Per 00-system-conversational-ux.md. Screening is almost entirely conversational — most interactions are single lookups or submission decisions, both well-suited to chat. Screens (planned but not yet written) only appear for browse-history or moderator-queue depths.

§14a Verbs Quinn uses

Quinn-says → routes to triage specialist (per specialist-triage.contract.md, which extends to screening platforms) or to a screening-coordinator (P2+ specialist if it gets dedicated):

Quinn says Action Screen invoked?
"screen this client" / "run @felix through screening" One-shot lookup across active screening services No — chat receipt with verdict
"what's @felix look like on preferred411" Single-service lookup No
"submit @felix to bookingblacklist" / "report @felix to NAB" Submission to a peer-network platform Single-tap high-stakes confirmation in chat; no full screen unless multi-platform
"auto-screen new inbounds" / "screen everyone before drafting" Triage policy: enable auto-screening No — settings toggle in chat
"stop auto-screening" / "pause screening" Policy off No
"what screening services am I on" / "subscription status" Read status No — chat answers; user can tap "see details" to invoke screening-history.screen.md (when written)
"show me my recent screenings" / "screening history" Browse history Invokes screening-history.screen.md (planned) — browse-shape
"what's my screening coverage" / "what % of inbounds get screened" Metric query No — chat answers; analytics-dashboard T2 panel renders the trend
"connect preferred411" / "sign in to verifyhim" Per-platform auth-grant Uses the tryst-connect.flow.md template pattern (per surface; planned per-platform flows)
"re-verify my preferred411 subscription" Subscription renewal Routes Quinn to the platform's billing flow; Cocotte yields

§14b Pure-chat actions (no screen)

  • All single-prospect lookups (the most common interaction by far).
  • Submissions to peer-network platforms (one decision per submission; high-stakes confirmation is inline).
  • Auto-screening policy toggles.
  • Subscription-status queries.
  • Coverage metric queries.

§14c Screen-invoking actions (browse / depth)

Only two screening interactions invoke screens:

  • Browse screening history — list view of past lookups (rich-output shape; chat couldn't carry 50+ rows efficiently). screening-history.screen.md planned.
  • Per-lookup detail — full record of a single screening result with risk-factors / report-count / notes / subscriber-notes (depth-shape). screening-lookup.screen.md planned.

Both are inspector-shape per 00-system-conversational-ux.md. Neither edits state — they show it.

§14d Cross-surface participation

Screening is a fanout target for submission actions (per cross-surface-fanout.brief.md §10). When Quinn says "block @felix everywhere and submit to peer networks," the resolved audience includes:

  • Quinn's K1 personal blocklist
  • All connected screening platforms (NotABlacklist, BookingBlacklist, ClientBlacklist) as submission targets
  • Coop intel (brief N) optionally as a publish-target

NOT fanout-participants: lookups (one prospect per lookup is the design; multi-prospect-batch is a separate feature). Subscription management (per-platform; doesn't generalize).

§14e Voice-mode adaptations

Per voice-input-settings.screen.md. Screening over voice works identically:

  • "Screen Felix" → spoken verdict + risk summary.
  • Submission confirmations use the same high-stakes pattern; voice readback of the confirmation phrase before commit.
  • History browse: spoken summary first; "tap to see screen" for visual.

Generalization callout: this §14 follows the surface-tryst template (surface-tryst.brief.md §14). The shape is consistent across per-surface briefs; the per-surface contents differ. Future per-surface briefs MUST include §14.

Out of scope

  • Per-screening-platform screens — defer to future screening-lookup.screen.md and screening-history.screen.md once specialist code starts.
  • Bulk-import of historical screening results from Quinn's existing manual workflow — defer to a one-time migration tool.
  • AI risk-scoring on top of screening results — defer; today Cocotte surfaces the platform's verdict directly.

Generalization summary

This brief established the second per-surface brief shape. Differs from surface-tryst.brief.md (which is for operate-on-this-platform surfaces) by:

  • Multiple sections marked N/A (no bumps, no DMs, no profile schema, no location lock, no native reviews).
  • §10 blocklist is inverted (submission target, not consumption target).
  • §3 data model is per-transaction (not per-profile).

Per-surface briefs split roughly into:

  • Operate-on (Tryst, TS4Rent, Slixa, Eros, OnlyFans, X, IG…) — full 13-section completion.
  • Consume-from / lookup (screening, reviews, bio-link aggregators) — partial sections with N/A flags.
  • Submit-to (community blocklists, coop intel) — inverted §10 + submission UX.

Future briefs declare which shape they're using upfront; sections N/A are explicit, never skipped.