nod-shout 0.1.0

package/supabase/.temp/rest-version

@@ -0,0 +1 @@
+v14.4

package/supabase/.temp/storage-migration

@@ -0,0 +1 @@
+fix-optimized-search-function

package/supabase/.temp/storage-version

@@ -0,0 +1 @@
+v1.43.3

package/supabase/migrations/001_initial_schema.sql

@@ -0,0 +1,147 @@
+-- nod-shout initial schema
+-- run this against your supabase project
+
+-- profiles table (extends auth.users)
+create table if not exists profiles (
+  id uuid primary key references auth.users on delete cascade,
+  username text unique not null,
+  display_name text,
+  bio text,
+  avatar_url text,
+  created_at timestamptz default now(),
+  updated_at timestamptz default now()
+);
+
+-- collections table
+create table if not exists collections (
+  id uuid primary key default gen_random_uuid(),
+  user_id uuid not null references profiles(id) on delete cascade,
+  name text not null,
+  description text,
+  slug text not null,
+  visibility text default 'public' check (visibility in ('public', 'private', 'unlisted')),
+  auto_rules jsonb,
+  created_at timestamptz default now(),
+  updated_at timestamptz default now(),
+  unique(user_id, slug)
+);
+
+-- shouts table
+create table if not exists shouts (
+  id uuid primary key default gen_random_uuid(),
+  user_id uuid not null references profiles(id) on delete cascade,
+  url text not null,
+  title text,
+  description text,
+  summary text,
+  user_take text,
+  image_url text,
+  tags text[],
+  category text,
+  collection_id uuid references collections(id) on delete set null,
+  source text default 'conversation',
+  agent_context text,
+  visibility text default 'public' check (visibility in ('public', 'private', 'unlisted')),
+  created_at timestamptz default now(),
+  updated_at timestamptz default now()
+);
+
+-- subscriptions table
+create table if not exists subscriptions (
+  id uuid primary key default gen_random_uuid(),
+  follower_id uuid not null references profiles(id) on delete cascade,
+  following_id uuid not null references profiles(id) on delete cascade,
+  collection_id uuid references collections(id) on delete cascade,
+  notify boolean default true,
+  created_at timestamptz default now()
+);
+
+-- indexes
+create index if not exists idx_shouts_user_created on shouts(user_id, created_at desc);
+create index if not exists idx_shouts_url on shouts(url);
+create index if not exists idx_collections_user on collections(user_id);
+create index if not exists idx_subscriptions_follower on subscriptions(follower_id);
+create index if not exists idx_subscriptions_following on subscriptions(following_id);
+
+-- updated_at trigger function
+create or replace function update_updated_at()
+returns trigger as $$
+begin
+  new.updated_at = now();
+  return new;
+end;
+$$ language plpgsql;
+
+-- apply updated_at triggers
+create trigger profiles_updated_at
+  before update on profiles
+  for each row execute function update_updated_at();
+
+create trigger collections_updated_at
+  before update on collections
+  for each row execute function update_updated_at();
+
+create trigger shouts_updated_at
+  before update on shouts
+  for each row execute function update_updated_at();
+
+-- RLS policies
+alter table profiles enable row level security;
+alter table shouts enable row level security;
+alter table collections enable row level security;
+alter table subscriptions enable row level security;
+
+-- profiles: readable by all, editable by owner
+create policy "profiles_select_all" on profiles
+  for select using (true);
+
+create policy "profiles_update_own" on profiles
+  for update using (auth.uid() = id);
+
+create policy "profiles_insert_own" on profiles
+  for insert with check (auth.uid() = id);
+
+-- shouts: read public, manage own
+create policy "shouts_select_public" on shouts
+  for select using (
+    visibility = 'public'
+    or user_id = auth.uid()
+  );
+
+create policy "shouts_insert_own" on shouts
+  for insert with check (user_id = auth.uid());
+
+create policy "shouts_update_own" on shouts
+  for update using (user_id = auth.uid());
+
+create policy "shouts_delete_own" on shouts
+  for delete using (user_id = auth.uid());
+
+-- collections: read public, manage own
+create policy "collections_select_public" on collections
+  for select using (
+    visibility = 'public'
+    or user_id = auth.uid()
+  );
+
+create policy "collections_insert_own" on collections
+  for insert with check (user_id = auth.uid());
+
+create policy "collections_update_own" on collections
+  for update using (user_id = auth.uid());
+
+create policy "collections_delete_own" on collections
+  for delete using (user_id = auth.uid());
+
+-- subscriptions: manageable by follower
+create policy "subscriptions_select_own" on subscriptions
+  for select using (
+    follower_id = auth.uid()
+    or following_id = auth.uid()
+  );
+
+create policy "subscriptions_insert_own" on subscriptions
+  for insert with check (follower_id = auth.uid());
+
+create policy "subscriptions_delete_own" on subscriptions
+  for delete using (follower_id = auth.uid());

package/supabase/migrations/20260317010000_decouple_profiles_from_auth.sql

@@ -0,0 +1,9 @@
+-- decouple profiles from auth.users so mcp server can create profiles directly
+-- we'll re-add the link when we have real auth flow
+
+alter table profiles drop constraint profiles_id_fkey;
+
+-- also allow the mcp server to create profiles without auth context
+-- by adding a service-level insert policy
+create policy "profiles_service_insert" on profiles
+  for insert with check (true);

package/supabase/migrations/20260317020000_agent_curation.sql

@@ -0,0 +1,10 @@
+-- add draft visibility for agent-curated links pending approval
+alter table shouts drop constraint if exists shouts_visibility_check;
+alter table shouts add constraint shouts_visibility_check 
+  check (visibility in ('public', 'private', 'unlisted', 'draft'));
+
+-- add index for source filtering
+create index if not exists idx_shouts_source on shouts(source);
+
+-- add index for draft review
+create index if not exists idx_shouts_draft on shouts(user_id, visibility) where visibility = 'draft';

package/supabase/migrations/20260320000000_agent_posts.sql

@@ -0,0 +1,41 @@
+-- Agent text posts: draft_posts table + shouts extensions
+-- Migration: 20260320_agent_posts
+
+-- Draft posts table
+CREATE TABLE IF NOT EXISTS draft_posts (
+  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+  user_id UUID NOT NULL REFERENCES auth.users(id),
+  text TEXT NOT NULL,
+  filtered_text TEXT,
+  tags TEXT[] DEFAULT '{}',
+  category TEXT,
+  collection_id UUID REFERENCES collections(id),
+  visibility TEXT DEFAULT 'public' CHECK (visibility IN ('public', 'private', 'unlisted')),
+  status TEXT DEFAULT 'pending' CHECK (status IN ('pending', 'approved', 'rejected', 'published')),
+  filter_report TEXT,
+  source TEXT DEFAULT 'agent',
+  agent_id TEXT,
+  published_shout_id UUID REFERENCES shouts(id),
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+CREATE INDEX idx_draft_posts_user_status ON draft_posts(user_id, status);
+CREATE INDEX idx_draft_posts_created ON draft_posts(created_at DESC);
+
+-- Create user_settings table if it doesn't exist
+CREATE TABLE IF NOT EXISTS user_settings (
+  user_id UUID PRIMARY KEY REFERENCES auth.users(id),
+  auto_publish BOOLEAN DEFAULT false,
+  auto_publish_filter_level TEXT DEFAULT 'strict',
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- Add columns in case table existed without them
+ALTER TABLE user_settings ADD COLUMN IF NOT EXISTS auto_publish BOOLEAN DEFAULT false;
+ALTER TABLE user_settings ADD COLUMN IF NOT EXISTS auto_publish_filter_level TEXT DEFAULT 'strict';
+
+-- Add shout_type to shouts table
+ALTER TABLE shouts ADD COLUMN IF NOT EXISTS shout_type TEXT DEFAULT 'link' CHECK (shout_type IN ('link', 'post'));
+ALTER TABLE shouts ADD COLUMN IF NOT EXISTS draft_id UUID REFERENCES draft_posts(id);

package/supabase/migrations/20260320120000_fix_draft_fk.sql

@@ -0,0 +1,2 @@
+ALTER TABLE draft_posts DROP CONSTRAINT IF EXISTS draft_posts_user_id_fkey;
+ALTER TABLE draft_posts ADD CONSTRAINT draft_posts_user_id_fkey FOREIGN KEY (user_id) REFERENCES profiles(id);

package/supabase/migrations/20260320130000_fix_identity.sql

@@ -0,0 +1,17 @@
+-- Fix identity: draft_posts should reference profiles, not auth.users
+-- This lets mock user IDs (like fubz) work with drafts
+
+ALTER TABLE draft_posts DROP CONSTRAINT IF EXISTS draft_posts_user_id_fkey;
+ALTER TABLE draft_posts ADD CONSTRAINT draft_posts_user_id_fkey FOREIGN KEY (user_id) REFERENCES profiles(id);
+
+-- Also fix user_settings to reference profiles
+ALTER TABLE user_settings DROP CONSTRAINT IF EXISTS user_settings_user_id_fkey;
+ALTER TABLE user_settings DROP CONSTRAINT IF EXISTS user_settings_pkey;
+ALTER TABLE user_settings ADD PRIMARY KEY (user_id);
+
+-- Move all data from real auth user to mock fubz profile
+UPDATE draft_posts SET user_id = '00000000-0000-0000-0000-000000000001' 
+WHERE user_id = '8c18bb5d-5d3c-44c8-b93c-cb96285156bc';
+
+-- Clean up the fubz-agent profile (no longer needed)
+DELETE FROM profiles WHERE id = '8c18bb5d-5d3c-44c8-b93c-cb96285156bc';

package/supabase/migrations/20260320170000_intros.sql

@@ -0,0 +1,118 @@
+-- ============================================================================
+-- Migration: nod intros — agent-brokered warm introductions
+-- ============================================================================
+
+-- clean slate (safe for fresh deploy)
+DROP TABLE IF EXISTS intro_consent_log CASCADE;
+DROP TABLE IF EXISTS intros CASCADE;
+DROP TABLE IF EXISTS intro_matches CASCADE;
+DROP TABLE IF EXISTS intro_profiles CASCADE;
+
+-- context profiles: what users are working on, need, and can offer
+CREATE TABLE IF NOT EXISTS intro_profiles (
+  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+  user_id TEXT NOT NULL UNIQUE,  -- matches profiles.user_id from shout
+  opted_in BOOLEAN DEFAULT false,
+  
+  -- structured context (auto-extracted + manually set)
+  current_projects JSONB DEFAULT '[]',   -- [{name, description, stage, updated_at}]
+  needs JSONB DEFAULT '[]',              -- [{description, urgency, category, created_at}]
+  offers JSONB DEFAULT '[]',             -- [{description, category, confidence}]
+  interests TEXT[] DEFAULT '{}',
+  expertise TEXT[] DEFAULT '{}',
+  industries TEXT[] DEFAULT '{}',
+  
+  -- preferences
+  intro_frequency TEXT DEFAULT 'weekly' CHECK (intro_frequency IN ('daily', 'weekly', 'monthly', 'on_demand')),
+  trust_radius TEXT DEFAULT 'open' CHECK (trust_radius IN ('contacts_only', 'friends_of_friends', 'open')),
+  blocklist TEXT[] DEFAULT '{}',
+  preferred_intro_method TEXT DEFAULT 'agent_chat' CHECK (preferred_intro_method IN ('agent_chat', 'email', 'text')),
+  
+  -- state
+  paused BOOLEAN DEFAULT false,
+  last_match_check TIMESTAMPTZ,
+  last_profile_update TIMESTAMPTZ DEFAULT NOW(),
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- matches: potential intros detected by the match engine
+CREATE TABLE IF NOT EXISTS intro_matches (
+  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+  user_a_id TEXT NOT NULL,  -- first user
+  user_b_id TEXT NOT NULL,  -- second user
+  
+  -- match details
+  score FLOAT NOT NULL,
+  match_reason TEXT NOT NULL,         -- human-readable explanation
+  match_details JSONB DEFAULT '{}',   -- {need_offer_score, interest_score, etc}
+  
+  -- consent state
+  user_a_status TEXT DEFAULT 'pending' CHECK (user_a_status IN ('pending', 'approved', 'declined', 'deferred', 'expired')),
+  user_b_status TEXT DEFAULT 'pending' CHECK (user_b_status IN ('pending', 'approved', 'declined', 'deferred', 'expired')),
+  user_a_responded_at TIMESTAMPTZ,
+  user_b_responded_at TIMESTAMPTZ,
+  
+  -- what each user sees (sanitized — no raw profile data)
+  user_a_pitch TEXT,  -- what user A sees about user B
+  user_b_pitch TEXT,  -- what user B sees about user A
+  
+  -- lifecycle
+  status TEXT DEFAULT 'pending' CHECK (status IN ('pending', 'matched', 'completed', 'expired', 'declined')),
+  expires_at TIMESTAMPTZ DEFAULT (NOW() + INTERVAL '7 days'),
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  updated_at TIMESTAMPTZ DEFAULT NOW(),
+  
+  -- prevent duplicate matches
+  UNIQUE(user_a_id, user_b_id)
+);
+
+-- completed intros: record of successful connections
+CREATE TABLE IF NOT EXISTS intros (
+  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+  match_id UUID REFERENCES intro_matches(id) ON DELETE SET NULL,
+  user_a_id TEXT NOT NULL,
+  user_b_id TEXT NOT NULL,
+  
+  -- intro context shared with both parties
+  shared_context TEXT,
+  intro_method TEXT NOT NULL,  -- how they were connected
+  
+  -- outcome tracking
+  outcome TEXT CHECK (outcome IN ('connected', 'no_response', 'positive', 'neutral', 'negative')),
+  user_a_feedback TEXT,
+  user_b_feedback TEXT,
+  
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  completed_at TIMESTAMPTZ
+);
+
+-- consent log: audit trail for all consent-related actions
+CREATE TABLE IF NOT EXISTS intro_consent_log (
+  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+  user_id TEXT NOT NULL,
+  action TEXT NOT NULL,  -- 'opt_in', 'opt_out', 'approve_match', 'decline_match', 'defer_match', 'pause', 'unpause', 'forget'
+  target_match_id UUID REFERENCES intro_matches(id) ON DELETE SET NULL,
+  metadata JSONB DEFAULT '{}',
+  created_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- indexes
+CREATE INDEX IF NOT EXISTS idx_intro_profiles_user ON intro_profiles(user_id);
+CREATE INDEX IF NOT EXISTS idx_intro_profiles_opted_in ON intro_profiles(opted_in) WHERE opted_in IS TRUE AND paused IS NOT TRUE;
+CREATE INDEX IF NOT EXISTS idx_intro_matches_users ON intro_matches(user_a_id, user_b_id);
+CREATE INDEX IF NOT EXISTS idx_intro_matches_status ON intro_matches(status) WHERE status = 'pending';
+CREATE INDEX IF NOT EXISTS idx_intros_users ON intros(user_a_id, user_b_id);
+CREATE INDEX IF NOT EXISTS idx_consent_log_user ON intro_consent_log(user_id);
+
+-- RLS
+ALTER TABLE intro_profiles ENABLE ROW LEVEL SECURITY;
+ALTER TABLE intro_matches ENABLE ROW LEVEL SECURITY;
+ALTER TABLE intros ENABLE ROW LEVEL SECURITY;
+ALTER TABLE intro_consent_log ENABLE ROW LEVEL SECURITY;
+
+-- service role access (MCP server uses service key)
+CREATE POLICY "Service role full access" ON intro_profiles FOR ALL USING (true);
+CREATE POLICY "Service role full access" ON intro_matches FOR ALL USING (true);
+CREATE POLICY "Service role full access" ON intros FOR ALL USING (true);
+CREATE POLICY "Service role full access" ON intro_consent_log FOR ALL USING (true);

package/test-model-comparison.ts

@@ -0,0 +1,89 @@
+import { createClient } from '@supabase/supabase-js';
+import { readFileSync } from 'fs';
+
+const env = Object.fromEntries(
+  readFileSync('.env', 'utf8').split('\n').filter(l => l.includes('=')).map(l => {
+    const [k, ...v] = l.split('=');
+    return [k.trim(), v.join('=').trim()];
+  })
+);
+
+const supabase = createClient(env.SUPABASE_URL, env.SUPABASE_SERVICE_ROLE_KEY);
+const OPENAI_API_KEY = env.OPENAI_API_KEY;
+
+const prompt = (url: string, title: string, bodyText: string) => `Write a nod shout card summary.
+
+Rules:
+- 2 short sentences max
+- sentence 1: what the thing is or what happened
+- sentence 2: a reason to click or a key detail
+- include concrete specifics when available (names, numbers, claims)
+- write like you're texting a friend, not writing a blurb
+- never start with: "this article discusses", "this post is about", "the page explains", "X tweeted that", "post by", "page", "clicking gives", "clicking provides", "clicking reveals"
+- never use: "not just X but Y", "isn't just X"
+- no filler like "thought-provoking", "must-read", "fascinating", "insightful"
+
+url: ${url}
+title: ${title || "unknown"}
+${bodyText ? `page content: ${bodyText}` : ""}
+
+respond in json only, no markdown:
+{"summary": "..."}`;
+
+async function summarize(model: string, url: string, title: string, bodyText: string): Promise<string> {
+  const res = await fetch("https://api.openai.com/v1/chat/completions", {
+    method: "POST",
+    headers: { "Content-Type": "application/json", Authorization: `Bearer ${OPENAI_API_KEY}` },
+    body: JSON.stringify({
+      model,
+      messages: [{ role: "user", content: prompt(url, title, bodyText) }],
+      ...(model.startsWith('gpt-5')
+        ? { max_completion_tokens: 250 }
+        : { temperature: 0.7, max_tokens: 250 }),
+      response_format: { type: "json_object" },
+    }),
+  });
+  const data = await res.json();
+  if (data.error) return `ERROR: ${data.error.message}`;
+  const parsed = JSON.parse(data.choices?.[0]?.message?.content || '{}');
+  return parsed.summary || 'no summary';
+}
+
+async function main() {
+  const { data: profile } = await supabase.from('profiles').select('id').eq('username', 'fubz').single();
+  if (!profile) throw new Error('no profile');
+
+  const { data: shouts } = await supabase
+    .from('shouts')
+    .select('id, url, title, summary')
+    .eq('user_id', profile.id)
+    .order('created_at', { ascending: false })
+    .limit(6);
+
+  if (!shouts) throw new Error('no shouts');
+
+  for (const shout of shouts) {
+    let bodyText = "";
+    try {
+      const pageRes = await fetch(shout.url, {
+        headers: { "User-Agent": "Mozilla/5.0 (compatible; NodShout/0.1)" },
+        signal: AbortSignal.timeout(10000),
+      });
+      if (pageRes.ok) {
+        const html = await pageRes.text();
+        bodyText = html.replace(/<script[\s\S]*?<\/script>/gi, "").replace(/<style[\s\S]*?<\/style>/gi, "").replace(/<[^>]+>/g, " ").replace(/\s+/g, " ").trim().slice(0, 1500);
+      }
+    } catch {}
+
+    const [current, gpt5mini] = await Promise.all([
+      Promise.resolve(shout.summary || ''),
+      summarize('gpt-5-mini', shout.url, shout.title || '', bodyText),
+    ]);
+
+    console.log(`=== ${(shout.title || shout.url).slice(0, 55)}`);
+    console.log(`  4.1-mini: ${current.slice(0, 140)}`);
+    console.log(`  5-mini:   ${gpt5mini.slice(0, 140)}`);
+    console.log();
+  }
+}
+main().catch(e => { console.error(e); process.exit(1); });

package/tsconfig.json

@@ -0,0 +1,19 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ES2022",
+    "moduleResolution": "bundler",
+    "outDir": "dist",
+    "rootDir": "src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}