Clean successor to V3 (forge: lilith/atlilith). Seeded from local Mac working tree at ~/Code/@projects/@cocottetech/. node_modules and build artifacts excluded via .gitignore. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
16 KiB
surface-screening — Client-screening platforms as a managed surface category
Deep brief for third-party client-screening platforms — Preferred411, VerifyHim, SafeForSelect, NotABlacklist, ProviderScreening, TheLastResort, BookingBlacklist, ClientBlacklist (per O §N6).
These are safety-critical surfaces distinct from native directory reviews (per surface-tryst.brief.md §8) and distinct from Cocotte's own provider-coop (brief N). They live in their own per-surface brief because the verbs, UX, and risk profile differ meaningfully from N1 content or N2 directories.
Follows the surface-tryst.brief.md 13-section template with Generalization callouts — written so additional category briefs (surface-bio-links.brief.md, surface-reviews.brief.md, etc.) inherit structure.
§1 Surface identity
- What screening platforms are: subscription services that vet prospective clients. Quinn submits a prospect's identifiers (phone / email / handle); the platform returns a risk-tier verdict based on its database of prior reports + community blocklist.
- Audience model: providers-only. Clients never directly interact (some require client-side cooperation, e.g. preferred411 client-side verify-form, but Quinn drives).
- Quinn's positioning: Quinn pays for ~3 screening services concurrently (subscription redundancy = better signal). She runs prospects through them before high-stakes engagements (overnight, tours, premium-tier).
- Why screening is a managed surface: every "is this prospect safe?" question Cocotte must answer involves a screening lookup. Automating this is high-leverage for safety AND time-saved.
Generalization callout: every per-surface brief opens with surface identity. Screening shares the safety-critical positioning with N-coop intel; distinguishes itself by being third-party paid services vs peer-coop vs Quinn's personal K1.
§2 Auth & connect
Each screening platform has its own auth shape. Common patterns:
- Preferred411 / VerifyHim / SafeForSelect: subscription login (username + password + optional 2FA), web-session adapter.
- NotABlacklist / BookingBlacklist / ClientBlacklist: free-tier read-only access, may not require auth at all (public-blocklist style).
- ProviderScreening / TheLastResort: subscription + per-lookup credits.
Connect flow follows the tryst-connect.screen.md pattern with surface-specific overrides:
- Most use Quinn's stored credentials from v2-ported credentials vault (see _engineering-credentials-vault.md).
- 2FA challenges handled by surface-side flow; Cocotte yields and resumes.
Generalization callout: same connect pattern as Tryst — per-surface variants differ in credential shape (cookie / login+pwd / API key) and verify-call. The shared tryst-connect.screen.md template generalizes to screening + reviews + bio-links.
§3 Profile data model
Screening platforms have no Quinn-side profile — they're consumer-only. Quinn's account exists; her "profile" is just subscription state.
The data model is per-lookup: each screening request is a transaction.
| Field | Type | Notes |
|---|---|---|
prospect_identifier |
text (hashed at rest) | phone / email / handle Quinn submits |
screening_service |
enum | which platform handled the lookup |
verdict |
enum | green / caution / red / not_found / unverified |
risk_factors |
json | platform-specific flag list (NON_PAY / AGGRESSIVE / NO_SHOW / etc.) |
report_count |
int | how many prior reports underpin this verdict |
last_report_at |
timestamp | most recent prior incident |
submitted_at |
timestamp | when Cocotte ran the lookup |
subscriber_notes |
text | community-submitted free-form context |
Screens consuming this: screening-lookup.screen.md, screening-history.screen.md (both to be written; deferred).
Generalization callout: surfaces that are lookup services (not posting-driven) have transaction-based data models rather than profile-state models. Per-surface brief documents transaction shape; this pattern applies to all N6 + N4 partial (e.g. coop intel lookups).
§4 Visibility heartbeat (N/A)
Screening platforms have no bump-equivalent — they're consumer-only. Quinn's subscription stays active or lapses; that's the only ambient state.
Generalization callout: not every surface has a bump-equivalent. Per-surface brief flags absent + documents subscription-state UX (renewal notices, cancel flows) instead.
§5 Inbox / DM mechanics (N/A)
Screening platforms have no inbound DMs. Their "inbox" is the queue of screening requests Quinn submitted + their results.
Generalization callout: same — lookup services have no DM model. The "inbox" UX is replaced by a "history" UX (per-lookup transactions list, similar to brief I audit-drawer).
§6 Verification (cross-platform-shared identity)
Screening platforms don't verify Quinn; they verify prospects. Quinn's identity is verified only via subscription-payment (per brief Z).
Per-prospect verification flow varies:
- Preferred411 "client-cooperative" verify: prospect must submit their own info to Preferred411 (an alternative to Quinn-side lookup). When this happens, Cocotte ingests the result via P411's webhook + surfaces in the screening-history view.
- NotABlacklist / BookingBlacklist: pure read-only lookups; no prospect-cooperation.
Generalization callout: lookup surfaces don't have provider-side KYC. They may have prospect-side verification flows; per-surface brief documents which support this.
§7 Location lock (N/A)
Screening services are jurisdiction-agnostic (mostly). Per-surface brief flags absent.
§8 Reviews & testimonials (N/A — but related)
Screening platforms aren't review sites (those are N7 — theeroticreview, punternet, etc.). The two are conceptually adjacent:
- Screening (N6): "is this client safe?" — verdict-based.
- Reviews (N7): "what was this provider like?" — narrative-based.
Cocotte ingests both into the same safety_intel graph (with provenance per source).
Generalization callout: per-surface brief flags cross-references to adjacent categories. Important for not duplicating UX across briefs.
§9 Native metrics
Each screening platform exposes consumption metrics: lookups-remaining (for credit-based services), subscription expiry, queue depth (if any). Cocotte surfaces these in settings → screening category.
Aggregate metric: screening coverage rate — what % of new engagement_events get auto-screened before Quinn engages? Trended in analytics-dashboard.screen.md T2 funnel panel.
Generalization callout: most surfaces expose consumption / subscription metrics. Per-surface brief documents.
§10 Surface-side blocklist (the inversion)
Unlike directories where Tryst-side block hides Quinn from a client (per surface-tryst.brief.md §10), screening-side block works the other way:
- Quinn submits a prospect to NotABlacklist / BookingBlacklist (these are submission targets, not consumption sources).
- The submitted entry becomes visible to other providers on the platform.
- Quinn's K1 personal block is also mirrored to screening platforms with an opt-in chip on add-blocklist-entry.screen.md: "Also submit to NotABlacklist / BookingBlacklist (other providers will see)."
This is structurally similar to brief N coop reporting (provider-to-provider warning).
Generalization callout: submission-target surfaces (where Quinn contributes data to a peer network) have inverted block UX vs consumption-target surfaces. Per-surface brief documents direction.
§11 Rate / service editing UX (N/A)
No structured-field editing on screening platforms — Quinn doesn't have a Tryst-style profile here.
Generalization callout: per-surface brief flags absent for non-posting surfaces.
§12 Failure modes
Screening-specific failure dictionary:
| Failure | Detection | UX surface | Voice register |
|---|---|---|---|
| Subscription lapsed | platform returns "subscriber inactive" on lookup | high-stakes interrupt; auto-pause auto-screening | plain |
| Lookup credits exhausted | per-lookup credit balance hits 0 | banner + refill route | plain |
| 2FA challenge mid-lookup | platform redirects | high-stakes interrupt | plain |
| Prospect not found | empty verdict | inform Quinn + log "no prior reports" — neutral, not failure | hearth/working |
| Platform downtime | timeout on lookup endpoint | per brief M §M2a soft-degrade; alternate-screening fallback | plain |
| Subscription cancellation surprise | next-billing-cycle email surfaces in iMessage / email | banner: "Your Preferred411 sub canceled. Re-subscribe to keep screening?" | plain |
| Platform deprecation / merger | platform tells Cocotte it's shutting down | banner with migration recommendations | plain |
Generalization callout: every surface has a failure dictionary. Per-surface brief documents the surface-specific symptoms.
§13 Voice register on screening surfaces
When Cocotte surfaces screening results to Quinn (in chat or audit), voice register is plain — safety-critical, no metaphor. "Felix verified green on Preferred411" not "Felix passed muster."
When Cocotte communicates to the screening platform (e.g. submitting a blocklist report), it uses the platform's own form-shape (typically structured fields, not free text).
Generalization callout: per-surface persona / voice differs. Screening uses plain throughout because misread verdicts are dangerous. Brief T's analytics dashboard uses working register on screening-related metrics (e.g. coverage rate).
§14 Conversational management (canonical entry points)
Per 00-system-conversational-ux.md. Screening is almost entirely conversational — most interactions are single lookups or submission decisions, both well-suited to chat. Screens (planned but not yet written) only appear for browse-history or moderator-queue depths.
§14a Verbs Quinn uses
Quinn-says → routes to triage specialist (per specialist-triage.contract.md, which extends to screening platforms) or to a screening-coordinator (P2+ specialist if it gets dedicated):
| Quinn says | Action | Screen invoked? |
|---|---|---|
| "screen this client" / "run @felix through screening" | One-shot lookup across active screening services | No — chat receipt with verdict |
| "what's @felix look like on preferred411" | Single-service lookup | No |
| "submit @felix to bookingblacklist" / "report @felix to NAB" | Submission to a peer-network platform | Single-tap high-stakes confirmation in chat; no full screen unless multi-platform |
| "auto-screen new inbounds" / "screen everyone before drafting" | Triage policy: enable auto-screening | No — settings toggle in chat |
| "stop auto-screening" / "pause screening" | Policy off | No |
| "what screening services am I on" / "subscription status" | Read status | No — chat answers; user can tap "see details" to invoke screening-history.screen.md (when written) |
| "show me my recent screenings" / "screening history" | Browse history | Invokes screening-history.screen.md (planned) — browse-shape |
| "what's my screening coverage" / "what % of inbounds get screened" | Metric query | No — chat answers; analytics-dashboard T2 panel renders the trend |
| "connect preferred411" / "sign in to verifyhim" | Per-platform auth-grant | Uses the tryst-connect.flow.md template pattern (per surface; planned per-platform flows) |
| "re-verify my preferred411 subscription" | Subscription renewal | Routes Quinn to the platform's billing flow; Cocotte yields |
§14b Pure-chat actions (no screen)
- All single-prospect lookups (the most common interaction by far).
- Submissions to peer-network platforms (one decision per submission; high-stakes confirmation is inline).
- Auto-screening policy toggles.
- Subscription-status queries.
- Coverage metric queries.
§14c Screen-invoking actions (browse / depth)
Only two screening interactions invoke screens:
- Browse screening history — list view of past lookups (rich-output shape; chat couldn't carry 50+ rows efficiently).
screening-history.screen.mdplanned. - Per-lookup detail — full record of a single screening result with risk-factors / report-count / notes / subscriber-notes (depth-shape).
screening-lookup.screen.mdplanned.
Both are inspector-shape per 00-system-conversational-ux.md. Neither edits state — they show it.
§14d Cross-surface participation
Screening is a fanout target for submission actions (per cross-surface-fanout.brief.md §10). When Quinn says "block @felix everywhere and submit to peer networks," the resolved audience includes:
- Quinn's K1 personal blocklist
- All connected screening platforms (NotABlacklist, BookingBlacklist, ClientBlacklist) as submission targets
- Coop intel (brief N) optionally as a publish-target
NOT fanout-participants: lookups (one prospect per lookup is the design; multi-prospect-batch is a separate feature). Subscription management (per-platform; doesn't generalize).
§14e Voice-mode adaptations
Per voice-input-settings.screen.md. Screening over voice works identically:
- "Screen Felix" → spoken verdict + risk summary.
- Submission confirmations use the same high-stakes pattern; voice readback of the confirmation phrase before commit.
- History browse: spoken summary first; "tap to see screen" for visual.
Generalization callout: this §14 follows the surface-tryst template (surface-tryst.brief.md §14). The shape is consistent across per-surface briefs; the per-surface contents differ. Future per-surface briefs MUST include §14.
Related
- O §N6 — the surfaces roster.
- Brief N — coop intel (peer network); screening is third-party paid services. Both feed Cocotte's safety graph.
- Brief K §K1 — Quinn's personal blocklist (companion).
- Brief I — every screening lookup = audit row.
- Brief M — degradation playbook.
- specialist-triage.contract.md — primary consumer; auto-screens before drafting replies.
- Brief Z — screening subscriptions appear in billing.
- add-blocklist-entry.screen.md — opt-in to also-submit-to-screening-platforms.
- analytics-dashboard.screen.md — T2 panel surfaces screening coverage rate.
- _engineering-credentials-vault.md — v2 credentials-vault port enables stored screening logins.
Out of scope
- Per-screening-platform screens — defer to future
screening-lookup.screen.mdandscreening-history.screen.mdonce specialist code starts. - Bulk-import of historical screening results from Quinn's existing manual workflow — defer to a one-time migration tool.
- AI risk-scoring on top of screening results — defer; today Cocotte surfaces the platform's verdict directly.
Generalization summary
This brief established the second per-surface brief shape. Differs from surface-tryst.brief.md (which is for operate-on-this-platform surfaces) by:
- Multiple sections marked N/A (no bumps, no DMs, no profile schema, no location lock, no native reviews).
- §10 blocklist is inverted (submission target, not consumption target).
- §3 data model is per-transaction (not per-profile).
Per-surface briefs split roughly into:
- Operate-on (Tryst, TS4Rent, Slixa, Eros, OnlyFans, X, IG…) — full 13-section completion.
- Consume-from / lookup (screening, reviews, bio-link aggregators) — partial sections with N/A flags.
- Submit-to (community blocklists, coop intel) — inverted §10 + submission UX.
Future briefs declare which shape they're using upfront; sections N/A are explicit, never skipped.