@gonzih/meet-the-one-ai 1.0.0

package/src/api/routes/identity.ts

@@ -0,0 +1,112 @@
+import { Router } from "express";
+import { z } from "zod";
+import { supabase } from "../../lib/supabase.js";
+import { inngest } from "../../lib/inngest.js";
+
+export const identity_router = Router();
+
+const UserParams = z.object({ user_id: z.string().uuid() });
+
+// GET /api/identity/:user_id/export
+// Triggers async export — user gets SMS when ready
+identity_router.get("/:user_id/export", async (req, res) => {
+  const parsed = UserParams.safeParse(req.params);
+  if (!parsed.success) {
+    res.status(400).json({ error: "Invalid user_id" });
+    return;
+  }
+
+  const { user_id } = parsed.data;
+
+  // Verify user exists and has an identity
+  const { data: identity } = await supabase
+    .from("identities")
+    .select("signal_completeness_score, session_count")
+    .eq("user_id", user_id)
+    .single();
+
+  if (!identity) {
+    res.status(404).json({ error: "No identity found — complete at least one session first" });
+    return;
+  }
+
+  await inngest.send({ name: "identity/export", data: { user_id } });
+
+  res.json({
+    ok: true,
+    message: "Export started — you'll receive a download link via SMS shortly",
+    completeness: identity.signal_completeness_score,
+    sessions: identity.session_count,
+  });
+});
+
+// GET /api/identity/:user_id
+// Returns current identity profile (for web portal)
+identity_router.get("/:user_id", async (req, res) => {
+  const parsed = UserParams.safeParse(req.params);
+  if (!parsed.success) {
+    res.status(400).json({ error: "Invalid user_id" });
+    return;
+  }
+
+  const { data, error } = await supabase
+    .from("identities")
+    .select("base_profile, modality_weights, signal_completeness_score, session_count, ready_for_matching, last_updated")
+    .eq("user_id", parsed.data.user_id)
+    .single();
+
+  if (error || !data) {
+    res.status(404).json({ error: "Identity not found" });
+    return;
+  }
+
+  res.json(data);
+});
+
+// DELETE /api/identity/:user_id
+// GDPR hard delete — removes all user data
+identity_router.delete("/:user_id", async (req, res) => {
+  const parsed = UserParams.safeParse(req.params);
+  if (!parsed.success) {
+    res.status(400).json({ error: "Invalid user_id" });
+    return;
+  }
+
+  const { user_id } = parsed.data;
+
+  // Verify user exists
+  const { data: user } = await supabase
+    .from("users")
+    .select("id")
+    .eq("id", user_id)
+    .single();
+
+  if (!user) {
+    res.status(404).json({ error: "User not found" });
+    return;
+  }
+
+  // Cascade delete — all child records deleted via ON DELETE CASCADE:
+  // sessions, identities, identity_modality_embeddings, matches (partial — see note)
+  // matches where user is user_b won't cascade — delete explicitly
+  await Promise.all([
+    supabase.from("matches").delete().eq("user_a_id", user_id),
+    supabase.from("matches").delete().eq("user_b_id", user_id),
+    supabase.from("declined_pairs").delete().eq("user_a_id", user_id),
+    supabase.from("declined_pairs").delete().eq("user_b_id", user_id),
+  ]);
+
+  // Delete user — cascades to sessions, identities, embeddings
+  const { error } = await supabase.from("users").delete().eq("id", user_id);
+
+  if (error) {
+    console.error("GDPR delete error", error);
+    res.status(500).json({ error: "Deletion failed — contact support" });
+    return;
+  }
+
+  // Note: R2 audio/transcript files are NOT deleted here — add async cleanup job
+  // for production. R2 lifecycle rules can auto-expire after 30 days.
+
+  res.json({ ok: true, message: "All data deleted" });
+});

package/src/api/routes/text-submission.ts

@@ -0,0 +1,64 @@
+import { Router } from "express";
+import { z } from "zod";
+import { supabase } from "../../lib/supabase.js";
+import { inngest } from "../../lib/inngest.js";
+import { create_session } from "../../lib/session-helpers.js";
+
+export const text_submission_router = Router();
+
+const TextBody = z.object({
+  user_id: z.string().uuid(),
+  text: z.string().min(10).max(10000),
+});
+
+// POST /api/session/text
+// Accepts a free-text submission (alternative to voice intake)
+text_submission_router.post("/text", async (req, res) => {
+  const parsed = TextBody.safeParse(req.body);
+  if (!parsed.success) {
+    res.status(400).json({ error: parsed.error.flatten() });
+    return;
+  }
+
+  const { user_id, text } = parsed.data;
+
+  // Verify user exists
+  const { data: user, error: user_error } = await supabase
+    .from("users")
+    .select("id")
+    .eq("id", user_id)
+    .single();
+
+  if (user_error || !user) {
+    res.status(404).json({ error: "User not found" });
+    return;
+  }
+
+  let session_id: string;
+  try {
+    session_id = await create_session(user_id, "text", { raw_text: text });
+  } catch (err) {
+    console.error("create_session error", err);
+    res.status(500).json({ error: "Failed to create session" });
+    return;
+  }
+
+  // Fire Inngest event — triggers compact-identity pipeline
+  // Text sessions skip transcription and go straight to analysis
+  await inngest.send({
+    name: "session/transcribed",
+    data: {
+      user_id,
+      session_id,
+      transcript_r2_key: "", // empty — compact-identity reads raw_text instead
+    },
+  });
+
+  // Update last_active
+  await supabase
+    .from("users")
+    .update({ last_active: new Date().toISOString() })
+    .eq("id", user_id);
+
+  res.json({ ok: true, session_id });
+});

package/src/api/webhooks/twilio.ts

@@ -0,0 +1,181 @@
+import { Router } from "express";
+import { supabase } from "../../lib/supabase.js";
+import { inngest } from "../../lib/inngest.js";
+import { normalize_phone, send_sms } from "../../lib/twilio.js";
+
+export const twilio_webhook_router = Router();
+
+// POST /api/webhooks/twilio/sms
+// Handles inbound SMS — consent responses and export triggers
+twilio_webhook_router.post("/sms", async (req, res) => {
+  // Twilio sends form-encoded body
+  const from: string = req.body.From ?? "";
+  const body: string = (req.body.Body ?? "").trim();
+
+  // Always respond with empty TwiML to suppress Twilio error
+  res.set("Content-Type", "text/xml");
+  res.send(`<?xml version="1.0" encoding="UTF-8"?><Response></Response>`);
+
+  if (!from || !body) return;
+
+  const phone = normalize_phone(from);
+  const text = body.toUpperCase();
+
+  try {
+    await handle_sms(phone, text, body);
+  } catch (err) {
+    console.error("twilio sms webhook error", err);
+  }
+});
+
+// POST /api/webhooks/twilio/conference
+// Status callback when conference ends — no action needed yet
+twilio_webhook_router.post("/conference", (_req, res) => {
+  res.sendStatus(204);
+});
+
+async function handle_sms(phone: string, text: string, raw_body: string) {
+  // Look up user by phone
+  const { data: user } = await supabase
+    .from("users")
+    .select("id, phone, brand")
+    .eq("phone", phone)
+    .single();
+
+  if (!user) {
+    console.warn(`Inbound SMS from unknown phone: ${phone}`);
+    return;
+  }
+
+  // ── EXPORT trigger ────────────────────────────────────────────────────────
+  if (text === "EXPORT" || text === "EXPORT IDENTITY" || text === "SEND ME MY IDENTITY") {
+    await inngest.send({
+      name: "identity/export",
+      data: { user_id: user.id },
+    });
+    await send_sms(
+      phone,
+      "Preparing your identity export — you'll receive a download link shortly.",
+      user.brand as Parameters<typeof send_sms>[2]
+    );
+    return;
+  }
+
+  // ── DELETE trigger ────────────────────────────────────────────────────────
+  if (text === "DELETE MY DATA" || text === "DELETE") {
+    // Fire deletion via API — use internal fetch to keep logic in one place
+    // In production replace with direct service call
+    await supabase.from("users").delete().eq("id", user.id);
+    // Note: cascades handle sessions, identities, embeddings
+    // matches deleted separately
+    await Promise.all([
+      supabase.from("matches").delete().eq("user_a_id", user.id),
+      supabase.from("matches").delete().eq("user_b_id", user.id),
+      supabase.from("declined_pairs").delete().eq("user_a_id", user.id),
+      supabase.from("declined_pairs").delete().eq("user_b_id", user.id),
+    ]);
+    // Can't send SMS after deletion since user no longer exists — no reply needed
+    return;
+  }
+
+  // ── Consent responses (ACCEPT / DECLINE with match reference) ────────────
+  // Format: "ACCEPT [match:uuid]" or just "ACCEPT" (applies to oldest pending)
+  const match_ref = raw_body.match(/\[match:([a-f0-9-]{36})\]/i);
+  const match_id_from_msg = match_ref?.[1];
+
+  if (text.startsWith("ACCEPT") || text.startsWith("YES")) {
+    await handle_consent_sms(user.id, "accepted", match_id_from_msg ?? null);
+    return;
+  }
+
+  if (text.startsWith("DECLINE") || text.startsWith("NO") || text.startsWith("PASS")) {
+    await handle_consent_sms(user.id, "declined", match_id_from_msg ?? null);
+    return;
+  }
+
+  // Unknown — send help
+  await send_sms(
+    phone,
+    "Reply ACCEPT or DECLINE to respond to a match. Reply EXPORT to get your identity file.",
+    user.brand as Parameters<typeof send_sms>[2]
+  );
+}
+
+async function handle_consent_sms(
+  user_id: string,
+  decision: "accepted" | "declined",
+  explicit_match_id: string | null
+) {
+  // Find the relevant pending match
+  let match_id = explicit_match_id;
+
+  if (!match_id) {
+    // Find oldest pending_consent match for this user
+    const { data } = await supabase
+      .from("matches")
+      .select("id, user_a_id, user_b_id, status")
+      .or(`user_a_id.eq.${user_id},user_b_id.eq.${user_id}`)
+      .eq("status", "pending_consent")
+      .order("created_at", { ascending: true })
+      .limit(1)
+      .single();
+
+    if (!data) return; // no pending match
+    match_id = data.id;
+  }
+
+  const { data: match } = await supabase
+    .from("matches")
+    .select("id, user_a_id, user_b_id, status")
+    .eq("id", match_id)
+    .single();
+
+  if (!match) return;
+
+  const is_user_a = user_id === match.user_a_id;
+
+  if (decision === "declined") {
+    await supabase.from("declined_pairs").upsert(
+      {
+        user_a_id: match.user_a_id,
+        user_b_id: match.user_b_id,
+        declined_by: user_id,
+        reason: "sms_declined",
+        created_at: new Date().toISOString(),
+      },
+      { onConflict: "user_a_id,user_b_id" }
+    );
+
+    await supabase
+      .from("matches")
+      .update({
+        status: is_user_a ? "a_declined" : "b_declined",
+        updated_at: new Date().toISOString(),
+      })
+      .eq("id", match_id);
+
+    return;
+  }
+
+  // accepted
+  const current_status = match.status;
+  let new_status: string;
+
+  if (is_user_a) {
+    new_status = current_status === "b_accepted" ? "both_accepted" : "a_accepted";
+  } else {
+    new_status = current_status === "a_accepted" ? "both_accepted" : "b_accepted";
+  }
+
+  await supabase
+    .from("matches")
+    .update({ status: new_status, updated_at: new Date().toISOString() })
+    .eq("id", match_id);
+
+  if (new_status === "both_accepted") {
+    await inngest.send({
+      name: "match/both-accepted",
+      data: { match_id },
+    });
+  }
+}

package/src/api/webhooks/vapi.ts

@@ -0,0 +1,219 @@
+import { Router } from "express";
+import { supabase } from "../../lib/supabase.js";
+import { inngest } from "../../lib/inngest.js";
+import { upload_buffer } from "../../lib/r2.js";
+
+export const vapi_webhook_router = Router();
+
+// POST /api/webhooks/vapi
+vapi_webhook_router.post("/", async (req, res) => {
+  const event = req.body as VapiEvent;
+  res.json({ ok: true });
+  try {
+    await handle_vapi_event(event);
+  } catch (err) {
+    console.error("vapi webhook handler error", err);
+  }
+});
+
+async function handle_vapi_event(event: VapiEvent) {
+  switch (event.message?.type) {
+    case "end-of-call-report":
+      await handle_call_ended(event);
+      break;
+    default:
+      break;
+  }
+}
+
+async function handle_call_ended(event: VapiEvent) {
+  const { call, recordingUrl, durationSeconds } = event.message ?? {};
+  if (!call?.id) return;
+
+  const vars = call.assistantOverrides?.variableValues ?? {};
+  const user_id = vars.user_id as string | undefined;
+  const match_id = vars.match_id as string | undefined;
+
+  // ── Consent call outcome ──────────────────────────────────────────────────
+  if (match_id) {
+    await handle_consent_outcome(call, match_id);
+    return;
+  }
+
+  // ── Intake call — create session ─────────────────────────────────────────
+  if (!user_id) {
+    console.warn("vapi call ended but no user_id or match_id in variableValues", call.id);
+    return;
+  }
+
+  const { data: session, error } = await supabase
+    .from("sessions")
+    .insert({
+      user_id,
+      source: "vapi",
+      duration_seconds: durationSeconds ? Math.round(durationSeconds) : null,
+      analysis_status: "pending",
+    })
+    .select("id")
+    .single();
+
+  if (error || !session) {
+    console.error("Failed to create session for vapi call", error);
+    return;
+  }
+
+  const session_id = session.id;
+
+  if (recordingUrl) {
+    try {
+      const audio_res = await fetch(recordingUrl);
+      const audio_buf = Buffer.from(await audio_res.arrayBuffer());
+      const audio_r2_key = `audio/${user_id}/${session_id}.wav`;
+
+      await upload_buffer(audio_r2_key, audio_buf, "audio/wav");
+      await supabase.from("sessions").update({ audio_r2_key }).eq("id", session_id);
+
+      await inngest.send({
+        name: "session/completed",
+        data: { user_id, session_id },
+      });
+    } catch (err) {
+      console.error("Failed to store audio for session", session_id, err);
+    }
+  } else {
+    const transcript_text = call.transcript ?? "";
+    if (transcript_text) {
+      await supabase.from("sessions").update({ raw_text: transcript_text }).eq("id", session_id);
+      await inngest.send({
+        name: "session/transcribed",
+        data: { user_id, session_id, transcript_r2_key: "" },
+      });
+    }
+  }
+
+  await supabase
+    .from("users")
+    .update({ last_active: new Date().toISOString() })
+    .eq("id", user_id);
+}
+
+async function handle_consent_outcome(
+  call: NonNullable<VapiEvent["message"]>["call"],
+  match_id: string
+) {
+  if (!call) return;
+
+  // Vapi assistant sets call.summary or transcript to indicate decision
+  // Convention: assistant ends call with structured summary JSON
+  // e.g. {"decision": "accepted"} or {"decision": "declined"}
+  const transcript = call.transcript ?? "";
+  const summary = call.summary ?? "";
+
+  const decision = extract_decision(summary || transcript);
+  if (!decision) {
+    console.warn(`No consent decision found for match ${match_id}, call ${call.id}`);
+    return;
+  }
+
+  // Load match to determine which user this call was for
+  const { data: match, error } = await supabase
+    .from("matches")
+    .select("id, user_a_id, user_b_id, status")
+    .eq("id", match_id)
+    .single();
+
+  if (error || !match) {
+    console.error(`Match not found for consent outcome: ${match_id}`);
+    return;
+  }
+
+  // Identify which user answered (match call.id to stored call reference — simplified:
+  // use variableValues.user_id if present, else infer from status)
+  const vars = call.assistantOverrides?.variableValues ?? {};
+  const answering_user_id = vars.user_id as string | undefined;
+
+  if (!answering_user_id) {
+    console.warn(`Cannot identify consenting user for match ${match_id}`);
+    return;
+  }
+
+  const is_user_a = answering_user_id === match.user_a_id;
+
+  if (decision === "declined") {
+    // Record decline — insert to declined_pairs and update match
+    await supabase.from("declined_pairs").upsert(
+      {
+        user_a_id: match.user_a_id,
+        user_b_id: match.user_b_id,
+        declined_by: answering_user_id,
+        reason: "consent_call_declined",
+        created_at: new Date().toISOString(),
+      },
+      { onConflict: "user_a_id,user_b_id" }
+    );
+
+    const new_status = is_user_a ? "a_declined" : "b_declined";
+    await supabase
+      .from("matches")
+      .update({ status: new_status, updated_at: new Date().toISOString() })
+      .eq("id", match_id);
+
+    return;
+  }
+
+  // decision === "accepted"
+  const current_status = match.status;
+  let new_status: string;
+
+  if (is_user_a) {
+    new_status = current_status === "b_accepted" ? "both_accepted" : "a_accepted";
+  } else {
+    new_status = current_status === "a_accepted" ? "both_accepted" : "b_accepted";
+  }
+
+  await supabase
+    .from("matches")
+    .update({ status: new_status, updated_at: new Date().toISOString() })
+    .eq("id", match_id);
+
+  if (new_status === "both_accepted") {
+    await inngest.send({
+      name: "match/both-accepted",
+      data: { match_id },
+    });
+  }
+}
+
+// Extract accept/decline from Vapi call summary or transcript
+function extract_decision(text: string): "accepted" | "declined" | null {
+  // Try structured JSON first (Vapi assistant summary)
+  try {
+    const parsed = JSON.parse(text);
+    if (parsed.decision === "accepted") return "accepted";
+    if (parsed.decision === "declined") return "declined";
+  } catch {
+    // not JSON — fall through to keyword search
+  }
+
+  const lower = text.toLowerCase();
+  if (/\b(accept|yes|interested|connect)\b/.test(lower)) return "accepted";
+  if (/\b(decline|no|pass|not interested)\b/.test(lower)) return "declined";
+  return null;
+}
+
+// ─── Vapi event types ─────────────────────────────────────────────────────────
+interface VapiEvent {
+  message?: {
+    type: string;
+    call?: {
+      id: string;
+      transcript?: string;
+      summary?: string;
+      assistantOverrides?: {
+        variableValues?: Record<string, unknown>;
+      };
+    };
+    recordingUrl?: string;
+    durationSeconds?: number;
+  };
+}

package/src/bot.ts

@@ -0,0 +1,44 @@
+import { Telegraf } from "telegraf";
+import { sendMessage } from "./agent.js";
+
+const TOKEN = process.env.TELEGRAM_BOT_TOKEN;
+
+export function createBot(): Telegraf {
+  if (!TOKEN) throw new Error("TELEGRAM_BOT_TOKEN env var is required");
+
+  const bot = new Telegraf(TOKEN);
+
+  bot.start(async (ctx) => {
+    const userId = String(ctx.from.id);
+
+    await ctx.reply(
+      "Welcome to Meet The One AI! I'm your personal AI matchmaker.\n\n" +
+        "I'll help you find someone truly compatible — not just based on looks, " +
+        "but on values, goals, and what matters most to you.\n\n" +
+        "Let's start by getting to know you. What's your name?"
+    );
+
+    try {
+      const response = await sendMessage(userId, "I just joined. Please help me set up my profile.");
+      if (response) await ctx.reply(response);
+    } catch (err) {
+      console.error(`[bot] /start error for ${userId}:`, err);
+    }
+  });
+
+  bot.on("text", async (ctx) => {
+    const userId = String(ctx.from.id);
+
+    try {
+      const response = await sendMessage(userId, ctx.message.text);
+      if (response) await ctx.reply(response);
+    } catch (err) {
+      console.error(`[bot] message error for ${userId}:`, err);
+      await ctx
+        .reply("I ran into a technical issue. Please try again in a moment.")
+        .catch(() => {});
+    }
+  });
+
+  return bot;
+}

package/src/index.ts

@@ -0,0 +1,11 @@
+import "dotenv/config";
+import { createBot } from "./bot.js";
+
+const bot = createBot();
+
+bot.launch().then(() => {
+  console.log("meet-the-one-ai is running...");
+});
+
+process.once("SIGTERM", () => bot.stop("SIGTERM"));
+process.once("SIGINT", () => bot.stop("SIGINT"));