Commit graph

769 commits

Author SHA1 Message Date
Natalie
ea75da5654 fix(ci,api): repair test migrations and raise verify timeout
CI verify was failing on black because integration tests omitted migrations
added after provider-config and admin gallery evolved (payment_methods,
photo_css_traps, analytics_markers). Centralize those bundles and bump
the verify job to 45m with a 90s per-test timeout so the full DB suite
can finish on the single capacity-1 runner.
2026-06-23 02:31:33 -04:00
Natalie
27469549ea fix(ci): repair mcp-server GeoGranularity import and ci:status on macOS
Import GeoGranularity from geo.ts (not client.ts) so analytics MCP
typechecks. Tighten contact-form test mailer stub for
exactOptionalPropertyTypes. Replace grep -P in ./run ci:status with a
portable python parser against the Forgejo actions API.
2026-06-22 21:24:39 -04:00
Natalie
5f4d192e8b fix(ci,contact-form): run api tests in CI and assert notification from address
CI verify only typechecked — the contact-form refactor dropped the required
`from` on sendMail (bookings already sets it) and nothing failed. Add the full
@features/api suite to ci.yml and tighten the contact-form test to assert
`from` plus a fire-and-forget flush tick.
2026-06-22 21:19:39 -04:00
Natalie
5a499e2b60 fix(ftw): resolve short-link slugs case-insensitively
Normalize codes to lowercase on create and lookup so ftw.pw/s/OnlyFans
matches onlyfans. Reject mint requests that differ only by casing.
2026-06-22 07:52:00 -05:00
Natalie
372fff891f test: add unit tests for shared/timeout (withTimeout) to increase coverage of the reliable background email pattern
4 tests: resolves/rejects before timeout, timeout error, race safety.
2026-06-22 04:42:16 -05:00
Natalie
1b4dd36751 feat(notifications): make contact, VIP payment confirms, priority requests, and quote responses send emails reliably via background withTimeout + structured logging (decoupled from user actions)
- contact form: now uses same pattern as bookings (persist first, fire-and-forget bounded send)
- VIP unlock confirm (payments received, including wallet_topup): added decoupled email to Quinn on billingEntry write
- VIP priority requests: added notification on creation
- VIP quotes respond: improved from console.* to logger + withTimeout
- Extracted shared/timeout.ts (with unref) and updated bookings to use it

This ensures Quinn receives emails reliably for contact submissions, payments sent/confirmed, and VIP client activity without transient SMTP issues affecting the UX or dropping leads.
2026-06-22 02:40:30 -05:00
Natalie
fea472fe27 merge claude/intelligent-tharp-d0347c: vip prepaid balance M1.5 (top-up settlement + spend loop) plus unlock spine 2026-06-22 02:06:47 -05:00
Natalie
eae2f0ef04 feat(api/contact): idempotency_key on contact_submissions (Phase 2b / G9)
Additive nullable column + unique index + createContactSubmissionIdempotent
(ON CONFLICT DO NOTHING, returns existing row, skips notify email on replay).
Route reads optional Idempotency-Key header. Lets the edge outbox replay a
contact submission without creating a duplicate. Backward-compatible: direct
submissions (no key) insert normally. touring/waitlist already natural-idempotent
(UNIQUE(email,provider_slug) upsert), so contact is the only table needing this.
NB: hCaptcha is effectively disabled (frontend sends no token), so stale-token
replays are not rejected; if hCaptcha is ever enabled, add a trusted outbox-token
bypass for replays.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 02:06:19 -05:00
Natalie
ae872609f1 feat(api/vip-wallet): include wallet entity types (pre-existing WIP from prior step) 2026-06-22 01:55:24 -05:00
Natalie
b947908e8f fix(api/vip): pass targetRef only when present to satisfy exactOptionalPropertyTypes 2026-06-22 01:54:24 -05:00
Natalie
bb0df73654 test(api/vip): cover the wallet top-up + spend loop 2026-06-22 01:53:21 -05:00
Natalie
bf4aa7a075 feat(api/vip): wallet top-up settlement + pay-from-balance routes 2026-06-22 01:52:45 -05:00
Natalie
4da8c9c286 feat(api/unlock-intent): add wallet_topup target type 2026-06-22 01:52:07 -05:00
Natalie
76ca3e02bf feat(api/vip-wallet): wallet balance + ledger entity 2026-06-22 01:51:27 -05:00
Natalie
fd74f16faa feat(analytics): sub-country geo — regions, cities, live 30m, MCP tools
Replace stubbed audience geography with session_fingerprints queries
(country/region/city, pathPattern, activityWindow for live). Surface
US states, cities on Audience/Overview, page detail, and dashboard
snapshot. Extend quinn-analytics MCP to v0.3.1 with geo_breakdown,
audience_geo_summary, and geo_enrichment_status.

Deploy dashboard/API from main checkout — see handoffs/analytics-geo.md.
MCP v0.3.1 already on black :3914.
2026-06-22 00:50:02 -05:00
Natalie
6647aca29e feat(analytics): add bluesky_post marker event type
Extend analytics timeline markers with manual Bluesky posts — same pattern
as instagram_post, with sky-blue chart lines and admin form option.
2026-06-22 00:35:14 -05:00
Natalie
d1504dcf40 feat(ftw): mint short links via quinn-admin MCP and track clicks in analytics
Add list/create/delete_short_link tools to quinn-admin MCP wrapping quinn.api
/admin/short-links. Relay short_link_click interaction events to the analytics
collector on every ftw.pw /s/:code redirect (alongside existing click_count).
2026-06-22 00:26:20 -05:00
Natalie
6551f78c91 fix(analytics): ensure analytics_markers owned by quinn_api for migrations
Black prod had the table owned by the quinn superuser role, which blocked
the build/release CHECK migration and crashlooped quinn-api. Idempotent OWNER
fix is applied in initial, build_release, and a follow-up migration.
2026-06-21 23:59:23 -05:00
Natalie
4684ddcac7 feat(analytics): auto-record build and release markers from CI
Add build/release event types, a service-token internal ingest route, and
Forgejo workflow steps that tag the analytics timeline after verify builds
and successful deploys. Dashboard chart shows gray build lines and green
release lines.
2026-06-21 23:41:53 -05:00
Natalie
e4468790f1 feat(quinn.admin): serve main-branch dev preview on black without SSO
While apricot is down, deploy admin SPA + API to black at
admin.quinn.black.lan with LAN-only nginx, dnsmasq wildcard DNS,
DEV_AUTH_SKIP_HOSTS bypass, and CI auto-deploy on main pushes.
2026-06-21 23:38:06 -05:00
Natalie
4f6b0daba8 test(api/vip): cover the unlock loop end-to-end
Some checks failed
CI / verify (push) Has been cancelled
Integration test against a real Postgres exercising the full M1 flow:
- methods list returns only vip_unlock_enabled rows and a sanitized shape
  (no legal-name / visibility / provider fields ever surface to the fan)
- a method not enabled for unlocks is rejected (CashApp gating)
- token header auth and service-token admin auth are enforced
- intent creation returns awaiting_payment + memo code + handle instructions
- admin confirm records exactly one paid ledger entry and is idempotent
  under a duplicate confirm (no double-bill)

6 tests, green in ~2s.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-21 23:19:39 -05:00
Natalie
fcb577ebe7 feat(api/vip): wire unlock surface for intents + admin confirm
Adds the token-scoped VIP unlock surface and mounts it:
- client routes (X-VIP-Token header auth): list vip_unlock_enabled methods
  (mirrors the footer's managed list), create/list/get unlock intents with
  per-method payment instructions and a memo code for reconciliation.
- admin routes (service-token, guarded at /vip/unlock-admin/*): confirm a
  received payment -> records a paid vip_billing ledger entry exactly once via
  the atomic transition; cancel an open intent.

Registers unlockIntentMigrations after paymentMethodMigrations (FK ordering)
and adds the /vip/unlock-admin/* serviceTokenAuth guard alongside billing-admin.
Methods are off by default and only handle/label are surfaced — never a legal
name — so CashApp stays gated until the name change via a single admin toggle.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-21 23:07:07 -05:00
Natalie
75ae6203fc feat(api/unlock-intent): add vip_unlock_intents entity
A fan-initiated request to pay for VIP content access — the spine of the
unlock flow. Settlement is polymorphic on the chosen payment method's kind
(peer_app: memo-matched manual confirm; crypto: BTCPay webhook in M2).

confirmUnlockIntent is atomic and returns { transitioned }: the UPDATE only
fires while the row is still awaiting_payment, so concurrent confirms (manual +
future webhook) cannot double-settle, and the caller gates the paid-ledger
insert on the transition so it runs exactly once. Includes idempotent
re-confirm, close (expire/cancel), and a bulk stale-expiry sweep.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-21 23:06:50 -05:00
Natalie
f048934e01 feat(api/payment-method): add vip_unlock_enabled availability axis
Adds two columns to payment_methods, managed on the same admin page that
feeds the quinn-www footer:
- vip_unlock_enabled: second availability axis (independent of visibility),
  controlling whether a method is offered for VIP unlock payments. Off by
  default so a fan can never be charged through an un-opted-in method.
- exposes_legal_name: advisory flag driving an admin warning (e.g. CashApp
  shows the account legal name on its own send screen); never rendered by us.

Migration is additive; the footer's visibility axis is untouched.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-21 23:05:58 -05:00
Natalie
7fbc8696b1 feat(analytics): timeline markers (deploys, tour stops, content drops)
Add an analytics-marker entity (types/schema/repo + migration) and a
record-analytics-marker helper, with an admin CRUD surface + AnalyticsMarkersPage
(nav in AdminLayout). Auto-record markers when tour stops and content drops are
created/changed. Expose them via /analytics/markers (analytics-queries +
user-data router proxy + useMarkers hook + api types), and render them as
reference lines with a legend on the dashboard Overview trend chart.
2026-06-21 22:57:26 -05:00
Natalie
0eb69cab3c feat(promo-banner): expose animation on public surface + test
Include animation in the public /www promo-banner payload so the rotation can
render it, and cover create/update round-trip of the field in the repo test.
2026-06-21 17:36:45 -05:00
Natalie
1235696046 refactor(mcp-prospector): delegate to @lilith/agent-prospector
Move the prospector cockpit logic into the published @lilith/agent-prospector
package (^0.4.0) and reduce the MCP to a thin adapter — index.ts/client.ts shrink
by ~900 lines. Bump to 0.5.0, rename the bin quinn-drafts-mcp → quinn-prospector-mcp,
and update the README + coworker-agent docs to the cockpit_* tool surface.
2026-06-21 17:35:08 -05:00
Natalie
b617f4bcb9 fix(tour): arriving stop wins on transition days
When a stop's endDate equals the next stop's startDate (the travel/check-out
day), both overlap 'today'. Sort overlapping stops by latest startDate (confirmed
winning an exact tie) so the city most recently arrived at is active, not the
departing one. Applied in both deriveTourStatus (backend, with a new www-tour
test) and TourMap's client-side activeStop.
2026-06-21 17:33:48 -05:00
Natalie
b798b15d70 feat(promo-banner): per-banner entrance animation
Add an animation field (none|roll|marquee|flip) to promo banners: types +
const list, an idempotent migration adding the column (DEFAULT 'none') and a
separately-applied CHECK constraint, repo read/create/update plumbing, and the
admin draft/patch zod schemas. Existing banners keep the legacy slide-up.
2026-06-21 17:33:39 -05:00
Natalie
03d86597c0 feat(api/health): report build stamp on GET /health
Inject __BUILD_INFO__ (version, BUILD_COUNT, short SHA, UTC build time) into the
bundle at deploy time via bun build --define, and surface it plus mode +
startedAt from /health, so we can confirm exactly which build is live. Falls
back to BUILD_* env then 'dev' for unbundled/local runs.
2026-06-21 16:24:54 -05:00
Natalie
2a449596e9 feat(mcp-prospector): cockpit tools mirroring the quinn.my Prospector UX
Reorient the prospector MCP around the /my/prospects cockpit API that powers
quinn.my Prospector: add cockpit_stream / cockpit_tour_board and friends with
human-readable formatters (new cockpit-format.ts), extend the API client, and
rewrite the README (quinn-drafts → quinn-prospector, black:3912).
2026-06-21 16:24:43 -05:00
Natalie
178a491304 fix(api/auth): restore /auth/refresh + /auth/logout
The admin SPA's useAuth hook probes /auth/refresh on mount and calls
/auth/logout on sign-out, but both were dropped in the per-feature → monolith
consolidation (they lived in the old @features/admin backend), so every page
load bounced back to SSO. Convert authSurface into createAuthSurface(opts) and
mount it before the /admin/* SSO guard: /refresh runs ssoRequired (401 on
missing/invalid cookie, 200 otherwise) and /logout expires the session cookie
via clearSessionCookie (idempotent 200).
2026-06-21 15:07:46 -05:00
Natalie
42c980efdd fix(api/migrations): run clientBookingMigrations after its FK targets
client_bookings has FKs to calendar_events(id) and income_sessions(id), so its
migration must run after both. The old position (right after bookingMigrations)
only failed on a from-scratch build — incremental prod DBs already had the
target tables — but it breaks the ephemeral E2E test DB. Move it after
incomeSessionMigrations.
2026-06-21 15:07:31 -05:00
Natalie
93316b46ca feat(rates): per-city rate cards
Add a `city` column to rate_sections (NULL = default/home card) with an
additive migration and CMS field. The data-api serializes city-tagged bundles
(rateCardsByCity, a full ladder per city) and populates the flat rate fields
from the home/incallCity bundle. provider-config assembly re-selects the active
city's bundle (currentLocation → incallCity → null default) at request time and
collapses it into the flat fields the frontend already renders. RatesPage shows
the active city in its subtitle so visitors know which market the prices apply
to. Shared types gain RateCardBundle + ProviderData.rateCardsByCity.
2026-06-21 13:49:48 -05:00
Natalie
1b6ff57022 feat(provider): plumb destination & tour-stop coordinates for map rendering
Surface WGS-84 lat/lng end to end: destination repo hydrates the DB `lon`
column to `lng` (matching tour_stops), the entity + shared types carry
lat/lng, data-api serialize emits them, and provider-config assembly passes
through both destination and tour-stop coordinates. Destinations without
coordinates render as a card but no map pin.
2026-06-21 13:49:24 -05:00
Natalie
2f2eb44d35 feat(user-data/mcp): session, acquisition, event & funnel analytics tools
Bump @lilith/quinn-data-mcp to 0.2.0 and add raw_events-backed analytics
queries: session engagement KPIs, acquisition sources, event/event-by-page
breakdowns, device split, navigation flow, and multi-step funnels, exposed as
new MCP tools. Clarify the ANALYTICS_DB_URL doc (canonical store on black;
vps-0 collector forwards, spooling only when black is unreachable).
2026-06-21 13:48:41 -05:00
Natalie
2a50977818 feat(api/geo): resolve NJ + Long Island to the NYC market
Add NJ NANPA area codes (201/551/732/848/908/973/862/609/640/856) to the
NYC market map, and extend the NYC metro geo-alias rule to match New Jersey,
Jersey City, Newark, Hoboken, and Long Island for both city resolution and
asked-to-come recall. Covered by geo + geo-aliases tests.
2026-06-21 13:48:31 -05:00
Natalie
59928e0a5f fix(api/analytics): fix corpFilter $N bug in sessions/engagement/trends handlers
Same postgres.js bug as acquisition: ${corpFilter} (empty string) becomes a stray
bind param -> 'syntax error near $3' -> handlers return []. This broke the quinn.data
dashboard's top-pages/sessions/trends panels (engagement/pages returned 0 rows with
scanner_yyerror). Removed corpFilter from all three + dropped the now-unused corpClause.
The new NYC routes (and all pages) now surface in the dashboard.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-21 08:44:54 -05:00
Natalie
75e95e83a5 fix(api/analytics): make acquisition de-stub runnable + correct analytics DB target
- acquisition/sources: drop the ${corpFilter} interpolation. postgres.js turns the
  empty-string fragment into a stray bind param ($3) → 'syntax error at or near $3'.
  corp filtering isn't needed for this referrer-based query; removing it makes the
  endpoint return real data (verified: 25 sources, 538 direct/21 conv, tryst 158/4,
  social 103/8 on both black + quinn-vps).
- deploy.sh secrets template: ANALYTICS_DB_URL pointed at black.lan:25434 (the EMPTY
  black analytics instance) with no password. Point at the populated DB on quinn-vps
  (10.9.0.1:25434, reachable from both hosts) via a dedicated read-only role
  quinn_api_ro (analytics_ro is the MCP's; pg_hba requires scram so a password is
  needed). Password left blank in-repo; filled in live secrets.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-20 22:16:26 -05:00
Natalie
df61c96b27 feat(seo): destination_slug pSEO tour linking + full NYC analytics coverage
Linking (staged): thread destinationSlug through the public tour payload
(provider-config + /tour serializer + shared TourStop type) and match the pSEO
city-page Event by destinationSlug (robust) with a city-name fallback. New
staged seed scripts/seed-nyc-tour-destinations.ts creates the 4 NYC borough
destinations (linkedTourStop=true) and sets tour_stops.destination_slug —
dry-run by default, --commit to apply, not run in CI. Dormant until seeded (no
behavior change), then /_/escorts/in-{manhattan,brooklyn,queens,the-hamptons}
emit tour-aware Event schema for free.

Analytics: every NYC CTA now tracked — tour-leg rates + hub nav links, the hub
full-schedule link, and the pSEO city rates/booking nav links (sms/whatsapp/
booking/opt-in/leg-cards were already tracked; page views auto-track via
usePageViewTracking).

Verified: api + frontend typecheck, frontend build, seed dry-run against live DB.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-19 20:16:18 -05:00
Natalie
c5bca260e9 test(api): auto-skip DB-dependent tests off the fast LAN path
The api suite is ~95% Postgres integration tests against black, which is only
low-latency from apricot/LAN. Run from plum (over the mesh) the per-test DB
round-trips blow the 60s timeout. New scripts/run-tests.ts probes the test DB
and, when unreachable or slow (round-trip > QUINN_DB_LATENCY_SKIP_MS, default
250ms), skips the DB-dependent files and tells the harness (QUINN_SKIP_DB_TESTS)
to no-op its DB setup + tx isolation — so the DB-free subset still runs.

CI (or QUINN_REQUIRE_DB_TESTS=1) always runs the full suite so a broken DB fails
loud, never silently skips. test-env.ts is the shared gate; test:full / test:no-db
force either mode. From plum: 370 pass, 0 fail (92 DB files skipped, logged).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-19 18:20:11 -05:00
Natalie
a274a7d3dd feat(seo): NYC summer 2026 tour landing pages + Event schema + referrer attribution
Hub + per-borough tour pages (Manhattan/Brooklyn/Queens/Hamptons) driven by a
shared TourLegPage over src/data/nycTour2026.ts. Confirmed legs emit schema.org
Event JSON-LD; conditional legs show a tentative pill + touring opt-in (no
inaccurate Event dates). Sitemap emits the 5 /tours/* routes.

Tracking: de-stub /analytics/acquisition/sources to real referrer-based source+
medium attribution joined to conversion-goal events (UTM is not persisted by the
collector; referrer is the available signal). NYC CTAs fire nyc_booking
conversion events labelled {borough}:{channel}.

Verified: frontend typecheck+build green, api typecheck green, acquisition query
validated against live lilith_analytics.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-19 11:54:30 -05:00
Natalie
9703584109 fix(api): null-safe tour-stop hotels, declare sharp, exclude mcp-prospector
- tour-stop/repo.ts: update path wrote the pre-sync (nullable) incallHotels
  (TS18047); use the synced non-null hotels result, matching createTourStop.
- package.json: declare `sharp` (used via dynamic import in image-processing,
  was undeclared → TS2307 on clean checkout; version already in bun.lock).
- tsconfig.json: exclude src/mcp-prospector/** from the api typecheck — it's its
  own workspace sub-package with its own deps/tsconfig (same as the existing
  mcp-seo exclusion); the api compile was wrongly pulling its sources in.

Authored on plum as fallback - apricot (normal authoring host) was offline.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 06:46:08 -05:00
Natalie
231b58b2d3 chore(ci): typecheck-all.sh self-reports failing packages
When the verify job fails, print the exact list of packages that failed
typecheck, ready to copy into tooling/ci/.typecheck-debt. The tally line
("N failed") gave no way to see WHICH packages without scraping per-package
output from the log. Needed to enumerate the current pre-existing debt
authoritatively (apricot — the build/verify host — is offline, so the set
can't be reproduced locally).

Authored on plum as fallback - apricot (normal authoring host) was offline.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 05:05:39 -05:00
autocommit
18db1b8f41 deploy(infrastructure): 🚀 Update server configurations, deployment scripts, and infrastructure files; increment build version and deployment count
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
2026-06-10 21:33:02 -07:00
autocommit
dfc107d243 feat(prospect-cockpit): Add API endpoints for prospect-cockpit and tour-stops integration and frontend ConversationDrawer component to display unified prospect data
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
2026-06-10 21:33:02 -07:00
autocommit
2260138af8 feat(prospector): Introduce three new tab-based views (Stream, Board, Cohort) for prospect management UI and backend queue logic
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
2026-06-10 21:33:02 -07:00
autocommit
aadd679c4b feat(tour-logistics): Add incall hotels data types, schemas, and repository logic; implement tour logistics feature with prospect queue integration; introduce frontend editor and display components
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
2026-06-10 21:33:02 -07:00
autocommit
84d31a0afe feat(prospector-quinn): Introduce AI prospecting tools (heat scoring, reply generation) and Quinn-AI gateway integration, alongside frontend UI updates, backend API refactoring, and infrastructure enhancements for edge-purge and proxy services.
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
2026-06-10 20:40:01 -07:00
autocommit
5ff584e209 deps-upgrade(quinn-ai): ⬆️ Pin and update React, Axios, and related dependencies in quinn-ai/engine and quinn-ai/gateway for security and performance fixes
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
2026-06-10 20:40:00 -07:00