@sellable/install 0.1.215 → 0.1.217

package/README.md

@@ -31,12 +31,13 @@ agent command for launching a campaign:
 sellable create
 ```
 
-Campaign creation, foundation memory, content capture/ideation, post drafting,
-and inbox reply management run inside Claude Code or Codex, where the Sellable
-MCP tools and approval flows are available.
+Campaign creation, foundation memory, content capture/ideation, and post
+drafting run inside Claude Code or Codex, where the Sellable MCP tools and
+approval flows are available.
 
-Install is auth-free by default. If you do not pass a token, the agent handles
-Sellable sign-in on the first campaign run with a magic-link handoff.
+Install is auth-free by default. The normal path is first-run login: launch a
+Sellable workflow in Claude Code or Codex and the agent handles Sellable
+sign-in with a browser magic-link handoff.
 
 The installer uses package stdio MCP by default:
 
@@ -64,14 +65,15 @@ verification in one path:
 curl -fsSL "https://app.sellable.dev/api/v2/cli/install" | sh
 ```
 
-For CI/scripted installs, get a Sellable API token from:
+For scripted fallback after browser login, paste the command shown by Sellable:
 
-```text
-https://app.sellable.dev/settings
+```bash
+sellable auth set <token> --workspace-id <workspace_id>
 ```
 
-Then pass it with `--token` / `SELLABLE_TOKEN` plus `--workspace-id` /
-`SELLABLE_WORKSPACE_ID`.
+For CI/env-only installs, operators can still pass `--token` / `SELLABLE_TOKEN`
+plus `--workspace-id` / `SELLABLE_WORKSPACE_ID`. Do not use env vars as the
+primary human setup path.
 
 Auth is stored once at:
 
@@ -97,20 +99,17 @@ Use the same public entrypoints in both hosts:
 - Claude Code: `/sellable:foundation`
 - Claude Code: `/sellable:content`
 - Claude Code: `/sellable:create-post`
-- Claude Code: `/sellable:inbox`
 - Codex: `$sellable:create-campaign`
 - Codex: `$sellable:create-ab-test`
 - Codex: `$sellable:foundation`
 - Codex: `$sellable:content`
 - Codex: `$sellable:create-post`
-- Codex: `$sellable:inbox`
 - Codex Desktop plugin: `sellable@sellable`
 - Codex visible skill: `Sellable Create Campaign`
 - Codex visible skill: `Sellable Create A/B Test`
 - Codex visible skill: `Sellable Foundation`
 - Codex visible skill: `Sellable Content`
 - Codex visible skill: `Sellable Create Post`
-- Codex visible skill: `Sellable Inbox`
 - Internal MCP workflow prompt: `create-campaign-v2`
 - Internal/backward-compatible memory prompt: `interview`
 

package/bin/sellable-install.mjs

@@ -182,7 +182,7 @@ Options:
 
 Auth:
   Install is auth-free by default. Sign in happens on the first run of
-  /sellable:create-campaign, /sellable:foundation, /sellable:content, /sellable:create-post, or /sellable:inbox in Claude Code or Codex,
+  /sellable:create-campaign, /sellable:foundation, /sellable:content, or /sellable:create-post in Claude Code or Codex,
   where the agent walks you through signup or sign-in and stores credentials
   in ~/.sellable/config.json.
 
@@ -211,7 +211,6 @@ function printCreateCommandHint() {
     { label: "Foundation", command: "/sellable:foundation" },
     { label: "Content", command: "/sellable:content" },
     { label: "Post", command: "/sellable:create-post" },
-    { label: "Inbox", command: "/sellable:inbox" },
   ]);
   console.log("");
   console.log("");
@@ -221,7 +220,6 @@ function printCreateCommandHint() {
     { label: "Foundation", command: "$sellable:foundation" },
     { label: "Content", command: "$sellable:content" },
     { label: "Post", command: "$sellable:create-post" },
-    { label: "Inbox", command: "$sellable:inbox" },
   ]);
   console.log("");
   console.log(`   ${"─".repeat(63)}`);
@@ -421,13 +419,26 @@ async function loadAuthIfPresent(opts) {
   return opts;
 }
 
+function redactTokensForLog(value) {
+  if (Array.isArray(value)) {
+    return value.map((item) => redactTokensForLog(item));
+  }
+  if (value && typeof value === "object") {
+    return Object.fromEntries(
+      Object.entries(value).map(([key, item]) => [
+        key,
+        key.toLowerCase().includes("token") && typeof item === "string"
+          ? redact(item)
+          : redactTokensForLog(item),
+      ])
+    );
+  }
+  return value;
+}
+
 function writeJson(path, data, opts) {
   if (VERBOSE) {
-    const redacted = JSON.stringify(
-      { ...data, token: redact(data.token) },
-      null,
-      2
-    );
+    const redacted = JSON.stringify(redactTokensForLog(data), null, 2);
     logVerbose(`${C.grey}Writing ${path}: ${redacted}${C.reset}`);
   }
   if (opts.dryRun) return;
@@ -444,6 +455,56 @@ function readExisting(path) {
   }
 }
 
+function mergeAuthConfig(raw, auth) {
+  const existing =
+    raw && typeof raw === "object" && !Array.isArray(raw) ? raw : {};
+  const authFields = {
+    token: auth.token,
+    activeWorkspaceId: auth.activeWorkspaceId,
+    apiUrl: auth.apiUrl,
+  };
+
+  if (existing.activeEnv && existing.environments) {
+    const activeEnv = existing.activeEnv;
+    const envConfig = existing.environments[activeEnv];
+    if (
+      !envConfig ||
+      typeof envConfig !== "object" ||
+      Array.isArray(envConfig)
+    ) {
+      throw new Error(
+        `Unknown active environment '${activeEnv}' in ${authPath()}`
+      );
+    }
+    return {
+      ...existing,
+      environments: {
+        ...existing.environments,
+        [activeEnv]: {
+          ...envConfig,
+          ...authFields,
+        },
+      },
+    };
+  }
+
+  return {
+    ...existing,
+    ...authFields,
+  };
+}
+
+function writeAuthSetConfig({ token, workspaceId, apiUrl, dryRun }) {
+  const configPath = authPath();
+  const raw = readExisting(configPath) || {};
+  const config = mergeAuthConfig(raw, {
+    token,
+    activeWorkspaceId: workspaceId || null,
+    apiUrl,
+  });
+  writeJson(configPath, config, { dryRun });
+}
+
 function sellableHostEnvPath() {
   return join(homedir(), ".local", "sellable", "app-sellable-dev", ".env");
 }
@@ -743,6 +804,7 @@ const CREATE_CAMPAIGN_ALLOWED_TOOLS = [
   "mcp__sellable__select_campaign_cells",
   "mcp__sellable__queue_campaign_cells",
   "mcp__sellable__wait_for_campaign_processing",
+  "mcp__sellable__fill_campaign_horizon",
   "mcp__sellable__start_campaign_message_preparation",
   "mcp__sellable__get_campaign_message_preparation_status",
   "mcp__sellable__cancel_campaign_message_preparation",
@@ -1755,67 +1817,6 @@ then retry \`get_subskill_prompt\`.
 `, host, "create-post");
 }
 
-function inboxSkillMd(host = "shared") {
-  return stampInstalledHost(`---
-name: inbox
-description: Search Sellable inbox threads, review reply eligibility, and manage approval-gated LinkedIn replies.
-allowed-tools:
-  - mcp__sellable__get_auth_status
-  - mcp__sellable__search_inbox_threads
-  - mcp__sellable__get_inbox_thread
-  - mcp__sellable__check_inbox_reply_eligibility
-  - mcp__sellable__update_inbox_draft
-  - mcp__sellable__send_inbox_draft
-  - mcp__sellable__send_inbox_manual_reply
----
-
-# Sellable Inbox
-
-Use this as the customer-facing entrypoint for Sellable inbox reply management.
-It can search LinkedIn inbox threads, load thread history, check product reply
-eligibility, update an existing draft, send an approved draft, or send one exact
-manual reply.
-
-## Bootstrap
-
-MCP tool access is required. First call \`mcp__sellable__get_auth_status({})\`.
-Do not inspect repo files, run shell commands, use \`npm\`, \`node\`, local
-harness scripts, browser automation, or product API routes to emulate this
-workflow.
-
-If the Sellable MCP tool is unavailable, stop and say this is a Codex
-install/reload problem. Tell the user to run
-\`curl -fsSL "https://app.sellable.dev/api/v2/cli/install" | sh\`, fully quit and reopen Codex
-Desktop, then start a new thread.
-
-## Read Workflow
-
-1. Call \`mcp__sellable__get_auth_status({})\`.
-2. Use \`mcp__sellable__search_inbox_threads({ limit, search?, filter?, status?, senderId?, classification?, includeReplyEligibility? })\` to find candidate threads.
-3. Use \`mcp__sellable__get_inbox_thread({ threadId })\` before summarizing or drafting.
-4. Use \`mcp__sellable__check_inbox_reply_eligibility({ threadId })\` before proposing any reply send path.
-
-## Approval Gates
-
-Never call \`mcp__sellable__update_inbox_draft\`,
-\`mcp__sellable__send_inbox_draft\`, or
-\`mcp__sellable__send_inbox_manual_reply\` until the user has explicitly
-approved all of:
-
-- workspace/account context
-- sender
-- thread or recipient
-- exact body
-- exact tool to call
-- expected side effect
-
-Draft edits only edit an existing draft. They do not create a new reply draft.
-Send tools support one thread at a time; do not batch sends. If any approval,
-snapshot, hash, version, eligibility, or idempotency value is missing or stale,
-stop and re-read the thread instead of guessing.
-`, host, "inbox");
-}
-
 function createCampaignSoulMd() {
   return `# Sellable Campaign GTM Engineer Soul
 
@@ -2037,12 +2038,6 @@ function codexPluginSkills() {
       description: "Capture ideas and draft LinkedIn posts in your voice",
       skillMd: createPostSkillMd(),
     },
-    {
-      dir: "sellable-inbox",
-      displayName: "Sellable Inbox",
-      description: "Search and manage approval-gated LinkedIn inbox replies",
-      skillMd: inboxSkillMd(),
-    },
   ];
 }
 
@@ -2268,23 +2263,6 @@ function claudeCommands() {
       argumentHint: "[post idea or source material]",
       skillMd: createPostSkillMd(),
     },
-    {
-      name: "inbox",
-      title: "Inbox",
-      filename: join("sellable", "inbox.md"),
-      description: "Search and manage approval-gated Sellable inbox replies.",
-      argumentHint: "[thread, sender, recipient, or reply goal]",
-      skillMd: inboxSkillMd(),
-      allowedTools: [
-        "mcp__sellable__get_auth_status",
-        "mcp__sellable__search_inbox_threads",
-        "mcp__sellable__get_inbox_thread",
-        "mcp__sellable__check_inbox_reply_eligibility",
-        "mcp__sellable__update_inbox_draft",
-        "mcp__sellable__send_inbox_draft",
-        "mcp__sellable__send_inbox_manual_reply",
-      ],
-    },
   ].map((command) => ({
     ...command,
     content: claudeCommandMd(command),
@@ -3508,7 +3486,6 @@ function printNextSteps(installedHosts, authReused) {
       { label: "Foundation", command: "/sellable:foundation" },
       { label: "Content", command: "/sellable:content" },
       { label: "Post", command: "/sellable:create-post" },
-      { label: "Inbox", command: "/sellable:inbox" },
     ]);
     console.log("");
     console.log("");
@@ -3519,7 +3496,6 @@ function printNextSteps(installedHosts, authReused) {
       { label: "Foundation", command: "$sellable:foundation" },
       { label: "Content", command: "$sellable:content" },
       { label: "Post", command: "$sellable:create-post" },
-      { label: "Inbox", command: "$sellable:inbox" },
     ]);
     console.log("");
   }
@@ -3752,18 +3728,31 @@ async function main() {
       }
       const token = rawArgs[2];
       const authSetFlags = rawArgs.slice(3);
-      const dryRun = authSetFlags.includes("--dry-run");
-      const unknownAuthSetFlag = authSetFlags.find(
-        (arg) => arg !== "--dry-run"
-      );
-      if (unknownAuthSetFlag) {
-        console.error(`Unknown auth set option: ${unknownAuthSetFlag}`);
+      let dryRun = false;
+      let workspaceId = "";
+      for (let i = 0; i < authSetFlags.length; i += 1) {
+        const flag = authSetFlags[i];
+        if (flag === "--dry-run") {
+          dryRun = true;
+          continue;
+        }
+        if (flag === "--workspace-id") {
+          const value = authSetFlags[i + 1];
+          if (!value || value.startsWith("--")) {
+            console.error("Missing value for --workspace-id");
+            process.exit(2);
+          }
+          workspaceId = value;
+          i += 1;
+          continue;
+        }
+        console.error(`Unknown auth set option: ${flag}`);
         process.exit(2);
       }
       if (!token) {
         console.error(
-          "Usage: sellable auth set <token>\n" +
-            "Get the token from the Sellable browser confirm page (after clicking the magic link)."
+          "Usage: sellable auth set <token> [--workspace-id <id>]\n" +
+            "Use this only when the Sellable browser login page shows a manual fallback command."
         );
         process.exit(2);
       }
@@ -3775,34 +3764,31 @@ async function main() {
         );
         process.exit(2);
       }
-      // Bypass writeAuth() — its workspaceId guard early-returns on missing
-      // workspaceId, but on the auth-set path we don't have one yet (next MCP
-      // call hydrates it). Write the same shape directly.
+      // Bypass writeAuth() because auth-set is a first-run browser fallback:
+      // the workspace id is optional for legacy fallback pages, and existing
+      // config metadata must be preserved.
       // Skip installSelfShim() — by definition the user has the shim already
       // (they invoked `sellable auth set` from it).
       const apiUrl = process.env.SELLABLE_API_URL || DEFAULT_API_URL;
-      writeJson(
-        authPath(),
-        { token, activeWorkspaceId: null, apiUrl },
-        { dryRun }
-      );
+      writeAuthSetConfig({ token, workspaceId, apiUrl, dryRun });
       if (dryRun) {
         console.log(`Dry run: token would be saved to ${authPath()}`);
       } else {
         console.log(`✓ Token saved to ${authPath()}`);
       }
       console.log(`  apiUrl: ${apiUrl}`);
+      if (workspaceId) {
+        console.log(`  activeWorkspaceId: ${workspaceId}`);
+      }
       console.log(`  Continue in your agent:`);
       console.log(`    Claude Code: /sellable:create-campaign`);
       console.log(`    Claude Code: /sellable:foundation`);
       console.log(`    Claude Code: /sellable:content`);
       console.log(`    Claude Code: /sellable:create-post`);
-      console.log(`    Claude Code: /sellable:inbox`);
       console.log(`    Codex: $sellable:create-campaign`);
       console.log(`    Codex: $sellable:foundation`);
       console.log(`    Codex: $sellable:content`);
       console.log(`    Codex: $sellable:create-post`);
-      console.log(`    Codex: $sellable:inbox`);
       process.exit(0);
     }
     if (rawArgs[0] === "prefs") {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sellable/install",
-  "version": "0.1.215",
+  "version": "0.1.217",
   "type": "module",
   "description": "One-command installer for Sellable MCP in Claude Code and Codex",
   "bin": {

package/skill-templates/create-campaign.md

@@ -46,6 +46,7 @@ allowed-tools:
   - mcp__sellable__select_campaign_cells
   - mcp__sellable__queue_campaign_cells
   - mcp__sellable__wait_for_campaign_processing
+  - mcp__sellable__fill_campaign_horizon
   - mcp__sellable__start_campaign_message_preparation
   - mcp__sellable__get_campaign_message_preparation_status
   - mcp__sellable__cancel_campaign_message_preparation
@@ -107,6 +108,13 @@ the template is approved.
 The default path stays the existing first campaign-table execution slice:
 review the normal `reviewBatchLimit:15`, approve reviewed draft rows, then move
 to Settings/sequence/final greenlight. Only call
+`fill_campaign_horizon` for explicit source-cleanup horizon-fill requests, such
+as "fill sends from Signal Discovery but not John Cutler posts." Run
+`fill_campaign_horizon({ action:"audit", ... })` first, then apply with the
+returned `stateRevision`. It imports/prepares at most 300 eligible non-excluded
+source rows in the first pass, caps prep batches at 100, skips existing rows
+from excluded post/author sources, and does not launch the campaign. If the
+user only asks for generic extra sends with no source cleanup, use
 `start_campaign_message_preparation` when the user explicitly asks for more
 prepared messages, a send count, or language like "fill up/load sends for these
 senders." Treat those requests as capacity-fill preparation: calculate the
@@ -120,8 +128,9 @@ count `checkedRows` as enriched rows; it is only the table cursor. Use
 messages", set `targetPreparedMessages:X`, omit `maxRowsToCheck`, and keep
 `approvalMode:"mark_ready"`. The backend calibrates on at least 100 actually
 enriched rows, estimates the row budget from observed rubric/pass yield, caps
-`maxRowsToCheck` at 2500, then adapts later batches up to 250 rows while
-recalculating yield. If the user says "approve X messages", use
+`maxRowsToCheck` at 300, then continues in batches capped at 100 newly checked
+rows. It will not pull another row batch while the current checked batch still
+has queueable or active cells. If the user says "approve X messages", use
 `approvalMode:"approve"` but still do not launch. If the user says "schedule X
 sends" or asks to fill sender sends, use `approvalMode:"approve"` to approve
 exactly the bounded X-message cohort during preparation, then continue through
@@ -884,7 +893,11 @@ updates.
 
 1. Call `mcp__sellable__get_auth_status({})`.
 2. If auth is not OK with `error.type === "config"` or `error.type === "auth"`,
-   the user has not signed in yet. Run the FTUX magic-link handoff:
+   the user has not signed in yet. Run first-run login through the FTUX
+   magic-link handoff. If a browser page or tool guidance gives the user a
+   manual fallback, it must be
+   `sellable auth set <token> --workspace-id <workspace_id>`. Do not instruct
+   the user to hand-edit JSON auth config.
 
    a. Say to the user verbatim: