social-autoposter 1.3.3 → 1.3.5

package/bin/server.js

@@ -3562,10 +3562,16 @@ async function handleApi(req, res) {
       const rows = await pq(q);
       let events = (rows && rows.length && rows[0].json_agg) ? rows[0].json_agg : [];
       // Non-admin: drop events not tagged with an allowed project (including
-      // octolens mentions, which have no project column).
+      // octolens mentions, which have no project column). Strip Claude cost
+      // fields; cost is operator-internal (API spend not charged to clients).
       if (!req.user.admin) {
         const allowed = new Set(req.user.projects);
         events = events.filter(e => e.project && allowed.has(e.project));
+        events.forEach(e => {
+          delete e.cost_usd;
+          delete e.cost_usd_orchestrator;
+          delete e.cost_usd_estimated;
+        });
       }
       return json(res, { events });
     })().catch(e => json(res, { error: e.message }, 500));
@@ -5432,20 +5438,44 @@ async function handleApi(req, res) {
       };
     }).sort((a, b) => b.weight - a.weight || a.name.localeCompare(b.name));
     // Surface any posts that didn't match a weighted project, so the matrix adds up.
+    // configured = the project name is in config.json (just at weight 0), so the
+    // weight editor stays available. unconfigured rows come from stale project
+    // names found in post rows only and aren't editable here.
     const knownNames = new Set(weighted.map(p => p.name));
+    const configuredNames = new Set(configuredProjects.map(p => p.name));
+    const configuredByName = Object.fromEntries(configuredProjects.map(p => [p.name, p]));
     const unassigned = Object.entries(byProject)
       .filter(([name]) => !knownNames.has(name))
       .map(([name, stats]) => ({
         name,
-        weight: 0,
+        weight: Number((configuredByName[name] || {}).weight) || 0,
         target_share: 0,
         total: stats.total,
         actual_share: grandTotal > 0 ? stats.total / grandTotal : 0,
         deficit: -(grandTotal > 0 ? stats.total / grandTotal : 0),
         by_platform: Object.fromEntries(platforms.map(pl => [pl, stats.by_platform[pl] || 0])),
-        website: null,
+        website: (configuredByName[name] && configuredByName[name].website) || null,
         unassigned: true,
+        configured: configuredNames.has(name),
       }));
+    // Also include configured projects with weight=0 and zero posts in the
+    // window, so an operator can lift them back up from the table.
+    configuredProjects.forEach(cp => {
+      if (knownNames.has(cp.name)) return;
+      if (byProject[cp.name]) return;
+      unassigned.push({
+        name: cp.name,
+        weight: Number(cp.weight) || 0,
+        target_share: 0,
+        total: 0,
+        actual_share: 0,
+        deficit: 0,
+        by_platform: Object.fromEntries(platforms.map(pl => [pl, 0])),
+        website: cp.website || null,
+        unassigned: true,
+        configured: true,
+      });
+    });
     // Per-project Claude cost in the same window. Mirrors /api/cost/stats
     // attribution: per_row_cost = COALESCE(orchestrator_cost_usd,
     // total_cost_usd) / rows_in_session, summed across the activity rows
@@ -5566,11 +5596,44 @@ async function handleApi(req, res) {
       grand_cost_usd_orchestrator: grandCostOrch,
       grand_cost_usd_estimated: grandCostEst,
       cost_available: !!(req.user && req.user.admin),
+      can_edit_weight: !auth.CLIENT_MODE && !!(req.user && req.user.admin),
       projects,
       unassigned,
     });
   }
 
+  // POST /api/project/weight - update one project's weight in config.json.
+  // Admin only and disabled in CLIENT_MODE (no config.json on Cloud Run).
+  // Body: { name: string, weight: number }. Weight must be a non-negative
+  // finite number. The picker reads config.json directly on each pick, so no
+  // restart or cache bust is needed.
+  if (p === '/api/project/weight' && req.method === 'POST') {
+    if (auth.CLIENT_MODE) return json(res, { error: 'config_readonly_in_client_mode' }, 405);
+    if (!req.user || !req.user.admin) return json(res, { error: 'forbidden' }, 403);
+    return readBody(req).then(body => {
+      let payload;
+      try { payload = JSON.parse(body); }
+      catch { return json(res, { error: 'invalid_json' }, 400); }
+      const name = typeof payload.name === 'string' ? payload.name.trim() : '';
+      const weight = Number(payload.weight);
+      if (!name) return json(res, { error: 'name_required' }, 400);
+      if (!Number.isFinite(weight) || weight < 0 || weight > 1e6) {
+        return json(res, { error: 'invalid_weight' }, 400);
+      }
+      let config;
+      try { config = JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8')); }
+      catch (e) { return json(res, { error: 'config_read_failed', detail: e.message }, 500); }
+      const projects = Array.isArray(config.projects) ? config.projects : [];
+      const target = projects.find(pr => pr && pr.name === name);
+      if (!target) return json(res, { error: 'project_not_found', name }, 404);
+      const previous = Number(target.weight) || 0;
+      target.weight = weight;
+      try { fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2) + '\n'); }
+      catch (e) { return json(res, { error: 'config_write_failed', detail: e.message }, 500); }
+      return json(res, { saved: true, name, weight, previous });
+    }).catch(e => json(res, { error: e.message }, 400));
+  }
+
   // GET /api/deploy/status - latest Vercel production deploy per project.
   // Written every ~5 min to skill/cache/deploy_status.json by launchd
   // com.m13v.social-deploy-status (scripts/project_deploy_status.py). If the
@@ -6510,7 +6573,7 @@ const HTML = `<!DOCTYPE html>
       <button type="button" class="style-stats-pill" data-value="30d">Last 30d</button>
     </div>
   </div>
-  <details class="style-stats-section" id="cost-stats" open>
+  <details class="style-stats-section sa-admin-only" id="cost-stats" open>
     <summary>
       <span class="style-stats-title"><span class="style-stats-caret">&#9654;</span><span id="cost-stats-heading">Cost per Activity (last 24 hours)</span></span>
       <span class="style-stats-total" id="cost-stats-total"></span>
@@ -6785,7 +6848,7 @@ const HTML = `<!DOCTYPE html>
           <th class="activity-sortable" data-sort="summary">
             <span class="activity-header-label">What <span class="activity-sort-arrow" data-sort-arrow="summary"></span></span>
           </th>
-          <th style="width:90px;text-align:right;" class="activity-sortable" data-sort="cost_usd">
+          <th style="width:90px;text-align:right;" class="activity-sortable sa-admin-only" data-sort="cost_usd">
             <span class="activity-header-label">Cost <span class="activity-sort-arrow" data-sort-arrow="cost_usd"></span></span>
           </th>
           <th style="width:40px;text-align:center;">
@@ -9128,6 +9191,27 @@ async function handleDeleteBtnClick(btn) {
   _saDelFailed.delete(payload.key);
   btn.classList.add('is-loading');
   btn.setAttribute('title', 'sending...');
+  // Optimistic add: the Resend roundtrip is ~15s and the activity table can
+  // re-render mid-flight, detaching this button node from the DOM. The fresh
+  // button reads _saDelPending at render time, so adding the key up-front
+  // guarantees the new button paints pending immediately instead of
+  // reverting to the default trash icon.
+  _saDelPending.add(payload.key);
+  const applyPendingState = () => {
+    document.querySelectorAll('button.sa-del-btn[data-sa-del-payload]').forEach(b => {
+      let k = null;
+      try {
+        const raw = b.getAttribute('data-sa-del-payload') || '';
+        if (raw) k = JSON.parse(decodeURIComponent(escape(atob(raw)))).key;
+      } catch {}
+      if (k === payload.key) {
+        b.classList.remove('is-loading', 'is-failed');
+        b.classList.add('is-pending');
+        b.setAttribute('title', 'pending deletion');
+        b.setAttribute('aria-label', 'pending deletion');
+      }
+    });
+  };
   try {
     const r = await fetch('/api/activity/mark-deletion', {
       method: 'POST',
@@ -9135,19 +9219,18 @@ async function handleDeleteBtnClick(btn) {
       body: JSON.stringify(payload),
     });
     const j = await r.json().catch(() => ({}));
-    btn.classList.remove('is-loading');
     if (r.ok && (j.status === 'pending' || j.already_existed)) {
-      _saDelPending.add(payload.key);
-      btn.classList.add('is-pending');
-      btn.setAttribute('title', 'pending deletion');
-      btn.setAttribute('aria-label', 'pending deletion');
+      applyPendingState();
     } else {
+      _saDelPending.delete(payload.key);
       _saDelFailed.add(payload.key);
+      btn.classList.remove('is-loading');
       btn.classList.add('is-failed');
       const msg = (j && j.error) ? String(j.error) : ('HTTP ' + r.status);
       btn.setAttribute('title', 'failed: ' + msg + ' (click to retry)');
     }
   } catch (e) {
+    _saDelPending.delete(payload.key);
     btn.classList.remove('is-loading');
     _saDelFailed.add(payload.key);
     btn.classList.add('is-failed');
@@ -9395,7 +9478,7 @@ async function loadActivityStats() {
 // post's first-ever snapshot so day 1 never attributes lifetime counts
 // to a capture day; expect those lines to sit at 0 until at least two
 // consecutive days of snapshots have accumulated per post.
-const DAILY_METRICS = [
+let DAILY_METRICS = [
   { id: 'views',           label: 'Views',             color: '#6366f1', endpoint: '/api/views/per-day',    valueKey: 'views_gained',     platformAware: true },
   { id: 'upvotes',         label: 'Upvotes',           color: '#f97316', endpoint: '/api/upvotes/per-day',  valueKey: 'upvotes_gained',   platformAware: true },
   { id: 'comments',        label: 'Comments',          color: '#14b8a6', endpoint: '/api/comments/per-day', valueKey: 'comments_gained',  platformAware: true },
@@ -9408,7 +9491,7 @@ const DAILY_METRICS = [
   // platformAware: filters cost to the chosen platform's activity rows.
   // format: 'usd' so the legend pill, Y-axis ticks, bar labels, and
   // hover tooltip render as dollars (e.g. $12.34) instead of K/M counts.
-  { id: 'cost',            label: 'Cost (USD)',        color: '#dc2626', endpoint: '/api/cost/per-day',     valueKey: 'cost_usd',         platformAware: true,  format: 'usd' },
+  { id: 'cost',            label: 'Cost (USD)',        color: '#dc2626', endpoint: '/api/cost/per-day',     valueKey: 'cost_usd',         platformAware: true,  format: 'usd', adminOnly: true },
   // All funnel metrics count UNIQUE VISITORS (distinct_id), not raw events.
   // A user iterating on the same project (multiple prompts, multiple
   // schedule retries, multiple pageviews) is 1, not N. See
@@ -10108,6 +10191,7 @@ async function loadDailyMetrics() {
   const qsAware = platformAwareParams.join('&');
   const qsProj  = projectOnlyParams.join('&');
   try {
+    const costAvail = window.SA_IS_ADMIN !== false;
     const [views, upvotes, comments, clicks, bookings, funnel, cost] = await Promise.all([
       fetchOne('/api/views/per-day?'    + qsAware),
       fetchOne('/api/upvotes/per-day?'  + qsAware),
@@ -10115,7 +10199,7 @@ async function loadDailyMetrics() {
       fetchOne('/api/clicks/per-day?'   + qsAware),
       fetchOne('/api/bookings/per-day?' + qsProj),
       fetchOne('/api/funnel/per-day?'   + qsProj),
-      fetchOne('/api/cost/per-day?'     + qsAware),
+      costAvail ? fetchOne('/api/cost/per-day?' + qsAware) : Promise.resolve({ rows: [], failed: false }),
     ]);
     const allFailed = [views, upvotes, comments, clicks, bookings, funnel, cost].every(r => r.failed);
     if (allFailed) {
@@ -11414,6 +11498,7 @@ function renderCostStats(payload) {
 let _costStatsLoadedFor = null;
 let _costStatsLoading = false;
 async function loadCostStats(force) {
+  if (window.SA_IS_ADMIN === false) return;
   if (_costStatsLoading) return;
   const hours = currentStatusWindow().hours;
   const row = document.getElementById('cost-stats-platform-pills');
@@ -13501,6 +13586,7 @@ function renderProjectStatus(data) {
   const grandTotal = Number(data && data.grand_total) || 0;
   const totals = (data && data.platform_totals) || {};
   const costAvailable = !!(data && data.cost_available);
+  const canEditWeight = !!(data && data.can_edit_weight);
   const grandCost = Number(data && data.grand_cost_usd) || 0;
   const grandCostOrch = Number(data && data.grand_cost_usd_orchestrator) || 0;
   const grandCostEst = Number(data && data.grand_cost_usd_estimated) || 0;
@@ -13607,9 +13693,21 @@ function renderProjectStatus(data) {
     const costCellHtml = costAvailable
       ? costCell(Number(r.cost_usd) || 0, Number(r.cost_usd_orchestrator) || 0, Number(r.cost_usd_estimated) || 0, { extra: 'color:var(--text-secondary);' })
       : '';
+    const weightVal = Number(r.weight) || 0;
+    const editable = canEditWeight && (!r.unassigned || r.configured);
+    const weightCellHtml = editable
+      ? '<td style="text-align:right;font-variant-numeric:tabular-nums;">' +
+          '<input type="number" min="0" step="1" value="' + weightVal + '" ' +
+            'data-project-weight-input="' + escapeHtml(r.name) + '" ' +
+            'data-original-weight="' + weightVal + '" ' +
+            'class="project-weight-input" ' +
+            'style="width:60px;text-align:right;font-variant-numeric:tabular-nums;padding:2px 6px;border:1px solid var(--border);background:var(--bg-subtle,transparent);color:var(--text);border-radius:4px;font-size:13px;font-weight:600;" ' +
+            'title="Edit and press Enter or blur to save" />' +
+        '</td>'
+      : '<td style="text-align:right;font-variant-numeric:tabular-nums;">' + weightVal + '</td>';
     return '<tr>' +
       '<td style="text-align:left;font-weight:600;">' + nameLabel + '</td>' +
-      '<td style="text-align:right;font-variant-numeric:tabular-nums;">' + (r.weight || 0) + '</td>' +
+      weightCellHtml +
       '<td style="text-align:right;font-variant-numeric:tabular-nums;color:var(--text-muted);">' + (r.unassigned ? '&mdash;' : formatPct(r.target_share)) + '</td>' +
       platformCells +
       totalCell +
@@ -13640,6 +13738,61 @@ function renderProjectStatus(data) {
         '<tbody>' + bodyRows + footerHtml + '</tbody>' +
       '</table>' +
     '</div>' + legend;
+  if (canEditWeight) {
+    body.querySelectorAll('input.project-weight-input').forEach(inp => {
+      inp.addEventListener('keydown', e => {
+        if (e.key === 'Enter') { e.preventDefault(); inp.blur(); }
+        else if (e.key === 'Escape') {
+          inp.value = inp.dataset.originalWeight || '0';
+          inp.blur();
+        }
+      });
+      inp.addEventListener('blur', () => saveProjectWeight(inp));
+    });
+  }
+}
+async function saveProjectWeight(inp) {
+  const name = inp.dataset.projectWeightInput;
+  const original = Number(inp.dataset.originalWeight) || 0;
+  const raw = inp.value.trim();
+  const next = Number(raw);
+  if (!name) return;
+  if (raw === '' || !Number.isFinite(next) || next < 0) {
+    inp.value = String(original);
+    return;
+  }
+  if (Math.trunc(next) === Math.trunc(original) && next === original) return;
+  inp.disabled = true;
+  const prevBorder = inp.style.borderColor;
+  inp.style.borderColor = 'var(--text-muted)';
+  try {
+    const res = await fetch('/api/project/weight', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ name, weight: next }),
+    });
+    const data = await res.json().catch(() => ({}));
+    if (!res.ok || data.error) {
+      inp.value = String(original);
+      inp.style.borderColor = '#b91c1c';
+      setTimeout(() => { inp.style.borderColor = prevBorder; }, 1500);
+      console.error('[project-weight] save failed', data);
+      return;
+    }
+    inp.dataset.originalWeight = String(next);
+    inp.style.borderColor = '#15803d';
+    setTimeout(() => { inp.style.borderColor = prevBorder; }, 800);
+    try { window.posthog && window.posthog.capture('project_weight_edit', { project: name, weight: next, previous: original }); } catch (er) {}
+    _projectStatusLoading = false;
+    loadProjectStatus(true);
+  } catch (e) {
+    inp.value = String(original);
+    inp.style.borderColor = '#b91c1c';
+    setTimeout(() => { inp.style.borderColor = prevBorder; }, 1500);
+    console.error('[project-weight] save error', e);
+  } finally {
+    inp.disabled = false;
+  }
 }
 async function refreshAllData() {
   const icon = document.getElementById('global-refresh-icon');
@@ -13884,7 +14037,7 @@ function renderActivity(events) {
         '</div>' +
       '</td>' +
       '<td class="activity-summary">' + summaryHtml + '</td>' +
-      '<td style="text-align:right;font-variant-numeric:tabular-nums;color:var(--text-secondary);">' + fmtCostCell(e.cost_usd, e.cost_usd_orchestrator, e.cost_usd_estimated) + '</td>' +
+      '<td class="sa-admin-only" style="text-align:right;font-variant-numeric:tabular-nums;color:var(--text-secondary);">' + fmtCostCell(e.cost_usd, e.cost_usd_orchestrator, e.cost_usd_estimated) + '</td>' +
       '<td style="text-align:center;">' + renderDeleteBtnHtml(e) + '</td>' +
     '</tr>';
   }).join('');
@@ -14180,6 +14333,7 @@ function saStartApp() {
   document.body.classList.remove('sa-authed-pending');
   const isCloud = document.body.classList.contains('sa-cloud');
   const isAdmin = window.SA_IS_ADMIN !== false;
+  if (!isAdmin) DAILY_METRICS = DAILY_METRICS.filter(m => !m.adminOnly);
   try { window.posthog && window.posthog.capture('dashboard_opened', { is_admin: isAdmin, is_cloud: isCloud }); } catch (e) {}
   // Status + pending are local-only (UI hidden by body.sa-cloud). Endpoints
   // are admin-only too, so skipping them on cloud also stops 403 spam for

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "social-autoposter",
-  "version": "1.3.3",
+  "version": "1.3.5",
   "description": "Automated social posting pipeline for Reddit, X/Twitter, LinkedIn, and Moltbook. Install as a Claude Code agent skill.",
   "bin": {
     "social-autoposter": "bin/cli.js"

package/scripts/active_campaigns.py

@@ -20,10 +20,39 @@ import os
 import sys
 
 sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
-import db
 
 
-def get_active_campaigns(platform):
+def _get_active_via_api(platform):
+    from http_api import api_get
+    resp = api_get(
+        "/api/v1/campaigns",
+        query={
+            "status": "active",
+            "platform": platform,
+            "with_budget_remaining": "true",
+            "limit": 500,
+        },
+    )
+    rows = ((resp or {}).get("data") or {}).get("campaigns") or []
+    out = []
+    for r in rows:
+        max_total = r.get("max_posts_total")
+        posts_made = r.get("posts_made") or 0
+        if max_total is None or posts_made >= max_total:
+            continue
+        out.append({
+            "id": int(r["id"]),
+            "name": r.get("name"),
+            "prompt": r.get("prompt"),
+            "max_posts_total": int(max_total),
+            "posts_made": int(posts_made),
+            "remaining": int(max_total) - int(posts_made),
+        })
+    return out
+
+
+def _get_active_via_neon(platform):
+    import db
     conn = db.get_conn()
     try:
         cur = conn.execute(
@@ -41,7 +70,6 @@ def get_active_campaigns(platform):
         rows = cur.fetchall()
     finally:
         conn.close()
-
     return [
         {
             "id": r[0],
@@ -55,6 +83,18 @@ def get_active_campaigns(platform):
     ]
 
 
+def get_active_campaigns(platform):
+    """Active campaigns for `platform` with budget remaining.
+
+    Routes through /api/v1/campaigns by default so VMs without
+    DATABASE_URL still get the active list. Set
+    SOCIAL_AUTOPOSTER_LEGACY_NEON=1 for the direct-Neon path.
+    """
+    if os.environ.get("SOCIAL_AUTOPOSTER_LEGACY_NEON") == "1":
+        return _get_active_via_neon(platform)
+    return _get_active_via_api(platform)
+
+
 def format_prompt_block(campaigns, repo_dir):
     if not campaigns:
         return ""

package/scripts/campaign_bump.py

@@ -9,6 +9,9 @@ Usage:
 The named row's campaign_id column is set to the given campaign, and the
 campaign's posts_made counter advances by one. Idempotent: if the row already
 references this campaign, no counter bump happens.
+
+Routes through /api/v1/campaigns/bump by default. Set
+SOCIAL_AUTOPOSTER_LEGACY_NEON=1 to use direct Neon.
 """
 
 import argparse
@@ -16,37 +19,57 @@ import os
 import sys
 
 sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
-import db
 
 ALLOWED_TABLES = {"posts", "replies", "dm_messages"}
 
 
-def main():
-    ap = argparse.ArgumentParser()
-    ap.add_argument("--table", required=True, choices=sorted(ALLOWED_TABLES))
-    ap.add_argument("--id", type=int, required=True)
-    ap.add_argument("--campaign-id", type=int, required=True)
-    args = ap.parse_args()
+def _bump_via_api(table, row_id, campaign_id):
+    from http_api import api_post
+    resp = api_post(
+        "/api/v1/campaigns/bump",
+        {"table": table, "id": int(row_id), "campaign_id": int(campaign_id)},
+    )
+    data = (resp or {}).get("data") or {}
+    bumped = bool(data.get("bumped"))
+    return bumped
 
+
+def _bump_via_neon(table, row_id, campaign_id):
+    import db
     conn = db.get_conn()
     try:
         cur = conn.execute(
-            f"UPDATE {args.table} SET campaign_id = %s "
+            f"UPDATE {table} SET campaign_id = %s "
             f"WHERE id = %s AND (campaign_id IS NULL OR campaign_id <> %s) "
             f"RETURNING id",
-            [args.campaign_id, args.id, args.campaign_id],
+            [campaign_id, row_id, campaign_id],
         )
         bumped = cur.fetchone() is not None
         if bumped:
             conn.execute(
                 "UPDATE campaigns SET posts_made = posts_made + 1, updated_at = NOW() "
                 "WHERE id = %s",
-                [args.campaign_id],
+                [campaign_id],
             )
         conn.commit()
-        print(f"table={args.table} id={args.id} campaign={args.campaign_id} bumped={bumped}")
+        return bumped
     finally:
         conn.close()
+
+
+def main():
+    ap = argparse.ArgumentParser()
+    ap.add_argument("--table", required=True, choices=sorted(ALLOWED_TABLES))
+    ap.add_argument("--id", type=int, required=True)
+    ap.add_argument("--campaign-id", type=int, required=True)
+    args = ap.parse_args()
+
+    if os.environ.get("SOCIAL_AUTOPOSTER_LEGACY_NEON") == "1":
+        bumped = _bump_via_neon(args.table, args.id, args.campaign_id)
+    else:
+        bumped = _bump_via_api(args.table, args.id, args.campaign_id)
+
+    print(f"table={args.table} id={args.id} campaign={args.campaign_id} bumped={bumped}")
     return 0
 
 

package/scripts/check_external_pool_depth.py

@@ -0,0 +1,256 @@
+#!/usr/bin/env python3
+"""Email-alert when any external_short_links pool runs low.
+
+For every project with `external_short_links: true` in config.json, checks the
+(project, platform) pool depth against two thresholds:
+
+  WARN     -- available / total <= 0.20  (i.e., 80% of the pool has been claimed)
+  CRITICAL -- available == 0             (pool exhausted, next post returns
+                                          {ok: false, error: 'pool_exhausted'})
+
+Emails go to i@m13v.com via the Gmail DWD lane. State lives in the
+`external_pool_alerts` table so we don't spam: same (project, platform,
+severity) is suppressed for 24h after a send.
+
+Designed to run on launchd every 30 min. The 20% threshold gives 7-30 days of
+runway warning before a CRITICAL fires (at typical 5-15 posts/day burn). The
+CRITICAL alert is the "on error" case the user asked for; it fires at most
+once per 24h per (project, platform).
+
+Usage:
+  python3 scripts/check_external_pool_depth.py            # check + alert
+  python3 scripts/check_external_pool_depth.py --dry-run  # report only, no email/state writes
+  python3 scripts/check_external_pool_depth.py --force    # ignore 24h cooldown
+"""
+from __future__ import annotations
+import argparse
+import json
+import os
+import sys
+from datetime import datetime, timezone
+from email.message import EmailMessage
+import base64
+
+REPO_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+sys.path.insert(0, os.path.join(REPO_DIR, 'scripts'))
+sys.path.insert(0, os.path.expanduser('~/gmail-api'))
+
+import db as dbmod  # noqa: E402
+
+WARN_REMAINING_RATIO = 0.20
+COOLDOWN_HOURS = 24
+NOTIFICATION_EMAIL = os.environ.get('NOTIFICATION_EMAIL', 'i@m13v.com')
+PLATFORMS = ['reddit', 'twitter', 'linkedin', 'github_issues', 'moltbook']
+CONFIG_PATH = os.path.join(REPO_DIR, 'config.json')
+
+
+def _scrub_dashes(s: str) -> str:
+    return s.replace('—', ',').replace('–', ',') if s else s
+
+
+def _load_external_projects() -> list[dict]:
+    with open(CONFIG_PATH) as f:
+        cfg = json.load(f)
+    return [p for p in cfg.get('projects', []) if p.get('external_short_links')]
+
+
+def _pool_depth(conn, project: str, platform: str) -> tuple[int, int]:
+    cur = conn.execute(
+        "SELECT "
+        "  COUNT(*) FILTER (WHERE post_id IS NULL AND reply_id IS NULL) AS available, "
+        "  COUNT(*) AS total "
+        "FROM post_links "
+        "WHERE minted_session LIKE %s AND project_name = %s AND platform = %s",
+        ('pool:%', project, platform),
+    )
+    r = dict(cur.fetchone())
+    return int(r['available'] or 0), int(r['total'] or 0)
+
+
+def _recent_alert_exists(conn, project: str, platform: str, severity: str) -> bool:
+    cur = conn.execute(
+        "SELECT 1 FROM external_pool_alerts "
+        "WHERE project_name=%s AND platform=%s AND severity=%s "
+        "  AND sent_at > NOW() - INTERVAL %s "
+        "LIMIT 1",
+        (project, platform, severity, f"{COOLDOWN_HOURS} hours"),
+    )
+    return cur.fetchone() is not None
+
+
+def _record_alert(conn, project: str, platform: str, severity: str,
+                  available: int, total: int, ratio: float) -> None:
+    conn.execute(
+        "INSERT INTO external_pool_alerts "
+        "  (project_name, platform, severity, available, total, ratio) "
+        "VALUES (%s, %s, %s, %s, %s, %s)",
+        (project, platform, severity, available, total, ratio),
+    )
+    conn.commit()
+
+
+def _gmail_send(subject: str, body: str) -> None:
+    from gmail_dwd_client import gmail_for
+    msg = EmailMessage()
+    msg['Subject'] = _scrub_dashes(subject)
+    msg['From'] = 'social-autoposter <i@m13v.com>'
+    msg['To'] = NOTIFICATION_EMAIL
+    msg.set_content(_scrub_dashes(body))
+    raw = base64.urlsafe_b64encode(msg.as_bytes()).decode('ascii')
+    client = gmail_for('i@m13v.com')
+    client.service.users().messages().send(userId='me', body={'raw': raw}).execute()
+
+
+def _format_subject(project: str, platform: str, severity: str,
+                    available: int, total: int) -> str:
+    pct = f"{(available / total * 100):.0f}%" if total else "0%"
+    return f"[POOL {severity}] {project}/{platform}: {available}/{total} left ({pct})"
+
+
+def _format_body(project: str, platform: str, severity: str,
+                 available: int, total: int, ratio: float,
+                 destinations: list[dict]) -> str:
+    lines = [
+        f"Severity:     {severity}",
+        f"Project:      {project}",
+        f"Platform:     {platform}",
+        f"Available:    {available}",
+        f"Total minted: {total}",
+        f"Remaining:    {ratio*100:.1f}%",
+        "",
+    ]
+    if severity == 'CRITICAL':
+        lines += [
+            "The pool is exhausted. The next post for this (project, platform) will",
+            "return {ok: false, error: 'pool_exhausted'} and skip. Refill IMMEDIATELY:",
+            "",
+        ]
+    else:
+        lines += [
+            f"Pool has dropped under {int(WARN_REMAINING_RATIO*100)}% remaining. Schedule a refill",
+            "in the next few days to avoid hitting pool_exhausted on the next cycle.",
+            "",
+        ]
+    lines += [
+        "Refill commands (in ~/social-autoposter):",
+        "  python3 scripts/mint_kent_pool.py        # Kent clients (Runner/Agora/Podlog)",
+        "  # for other external clients: extend mint_kent_pool.py SITE_CONFIG first",
+        "",
+        "Pool status snapshot:",
+        "  python3 scripts/mint_kent_pool.py --status",
+        "",
+    ]
+    if destinations:
+        lines += ["Per-destination breakdown for this slice:"]
+        for d in destinations[:20]:
+            lines.append(
+                f"  {d['minted_session'][-65:]:<65} "
+                f"avail={d['available']:>5} claimed={d['claimed']:>5}"
+            )
+        if len(destinations) > 20:
+            lines.append(f"  ... and {len(destinations) - 20} more destinations")
+        lines.append("")
+    lines += [
+        f"Cooldown:     {COOLDOWN_HOURS}h per (project, platform, severity)",
+        f"Re-fire:      python3 scripts/check_external_pool_depth.py --force",
+    ]
+    return "\n".join(lines)
+
+
+def _destinations_for_slice(conn, project: str, platform: str) -> list[dict]:
+    cur = conn.execute(
+        "SELECT minted_session, "
+        "       COUNT(*) FILTER (WHERE post_id IS NULL AND reply_id IS NULL) AS available, "
+        "       COUNT(*) FILTER (WHERE post_id IS NOT NULL OR reply_id IS NOT NULL) AS claimed "
+        "FROM post_links "
+        "WHERE minted_session LIKE %s AND project_name = %s AND platform = %s "
+        "GROUP BY minted_session ORDER BY available ASC",
+        ('pool:%', project, platform),
+    )
+    return [dict(r) for r in cur.fetchall()]
+
+
+def check(dry_run: bool = False, force: bool = False,
+          warn_ratio: float = WARN_REMAINING_RATIO,
+          limit: int | None = None) -> dict:
+    projects = _load_external_projects()
+    conn = dbmod.get_conn()
+    fired: list[dict] = []
+    skipped_cooldown: list[dict] = []
+    healthy: list[dict] = []
+    try:
+        for p in projects:
+            project_name = p['name']
+            for platform in PLATFORMS:
+                available, total = _pool_depth(conn, project_name, platform)
+                if total == 0:
+                    continue
+                ratio = available / total if total > 0 else 0.0
+                if available == 0:
+                    severity = 'CRITICAL'
+                elif ratio <= warn_ratio:
+                    severity = 'WARN'
+                else:
+                    healthy.append({
+                        'project': project_name, 'platform': platform,
+                        'available': available, 'total': total, 'ratio': ratio,
+                    })
+                    continue
+                key = (project_name, platform, severity)
+                if not force and _recent_alert_exists(conn, *key):
+                    skipped_cooldown.append({
+                        'project': project_name, 'platform': platform,
+                        'severity': severity, 'available': available, 'total': total,
+                    })
+                    continue
+                fired_row = {
+                    'project': project_name, 'platform': platform,
+                    'severity': severity, 'available': available, 'total': total,
+                    'ratio': ratio,
+                }
+                fired.append(fired_row)
+                if dry_run:
+                    continue
+                if limit is not None and len(fired) > limit:
+                    continue
+                destinations = _destinations_for_slice(conn, project_name, platform)
+                subject = _format_subject(project_name, platform, severity, available, total)
+                body = _format_body(project_name, platform, severity, available, total,
+                                    ratio, destinations)
+                try:
+                    _gmail_send(subject, body)
+                    _record_alert(conn, project_name, platform, severity,
+                                  available, total, ratio)
+                except Exception as e:
+                    fired_row['send_error'] = str(e)
+                    print(f"[pool-check] email send failed for {project_name}/{platform}: {e}",
+                          file=sys.stderr)
+        return {
+            'checked_at': datetime.now(timezone.utc).isoformat(),
+            'fired': fired,
+            'skipped_cooldown': skipped_cooldown,
+            'healthy_count': len(healthy),
+            'dry_run': dry_run,
+        }
+    finally:
+        conn.close()
+
+
+def main():
+    ap = argparse.ArgumentParser(description=__doc__)
+    ap.add_argument('--dry-run', action='store_true',
+                    help='compute and report, do not email or write state')
+    ap.add_argument('--force', action='store_true',
+                    help='ignore 24h cooldown, re-fire matching alerts')
+    ap.add_argument('--warn-ratio', type=float, default=WARN_REMAINING_RATIO,
+                    help=f'WARN threshold for available/total (default {WARN_REMAINING_RATIO})')
+    ap.add_argument('--limit', type=int, default=None,
+                    help='cap the number of alert emails per run (smoke testing)')
+    args = ap.parse_args()
+    result = check(dry_run=args.dry_run, force=args.force,
+                   warn_ratio=args.warn_ratio, limit=args.limit)
+    print(json.dumps(result, indent=2, default=str))
+
+
+if __name__ == '__main__':
+    main()

package/scripts/dm_short_links.py

@@ -522,6 +522,11 @@ def _mint_one_post(conn, *, target_url: str, projects: list, platform: str,
     platform UTMs + code in utm_content), so the LLM's URL in the comment text
     is ignored for routing -- visitors always land on the destination we baked
     in. Pool depth managed by scripts/mint_external_pool.py.
+
+    Routes DB ops through social-autoposter-website /api/v1/post-links/* so
+    VMs / sandboxes without DATABASE_URL still mint successfully. The `conn`
+    arg is accepted for backward compatibility but ignored. Set
+    SOCIAL_AUTOPOSTER_LEGACY_NEON=1 to fall back to the direct-Neon path.
     """
     target_url = _ensure_scheme((target_url or '').strip())
     if not target_url or target_url == 'https://':
@@ -540,45 +545,68 @@ def _mint_one_post(conn, *, target_url: str, projects: list, platform: str,
             'detail': f"no website for project={project_name!r} in config.json",
         }
 
+    platform_norm = (platform or '').lower()
+    if platform_norm == 'x':
+        platform_norm = 'twitter'
+
     project_cfg = next((p for p in projects if p.get('name') == project_name), None)
+    use_legacy = os.environ.get('SOCIAL_AUTOPOSTER_LEGACY_NEON') == '1'
+
     if project_cfg and project_cfg.get('external_short_links'):
-        # Pool path. Atomically claim the oldest unclaimed pool row matching
-        # (project_name, platform). FOR UPDATE SKIP LOCKED makes concurrent
-        # cycles take different rows instead of contending on the same one.
-        platform_norm = (platform or '').lower()
-        if platform_norm == 'x':
-            platform_norm = 'twitter'
-        cur = conn.execute(
-            "SELECT code, target_url FROM post_links "
-            "WHERE project_name = %s AND platform = %s "
-            "  AND post_id IS NULL AND reply_id IS NULL "
-            "  AND minted_session LIKE 'pool:%%' "
-            "ORDER BY minted_at ASC LIMIT 1 FOR UPDATE SKIP LOCKED",
-            (project_name, platform_norm),
-        )
-        row = cur.fetchone()
-        if not row:
-            return {
-                'ok': False,
-                'error': 'pool_exhausted',
-                'project': project_name,
-                'platform': platform_norm,
-                'detail': (f"external_short_links pool empty for {project_name}/{platform_norm}; "
-                           f"re-mint via scripts/mint_external_pool.py and send updated CSV to client"),
-            }
-        row = dict(row)
-        pool_code = row['code']
-        pool_target = row['target_url']
-        # Re-stamp minted_session with the caller's session so backfill_post_id /
-        # backfill_reply_id finds this row when log_post returns. Without this,
-        # the pool row's minted_session stays 'pool:<slug>-<platform>' and the
-        # backfill UPDATE matches nothing.
-        conn.execute(
-            "UPDATE post_links SET minted_session = %s "
-            "WHERE code = %s",
-            (minted_session, pool_code),
-        )
-        conn.commit()
+        # Pool path. Atomically claim the oldest unclaimed pool row.
+        if use_legacy:
+            cur = conn.execute(
+                "SELECT code, target_url FROM post_links "
+                "WHERE project_name = %s AND platform = %s "
+                "  AND post_id IS NULL AND reply_id IS NULL "
+                "  AND minted_session LIKE 'pool:%%' "
+                "ORDER BY minted_at ASC LIMIT 1 FOR UPDATE SKIP LOCKED",
+                (project_name, platform_norm),
+            )
+            row = cur.fetchone()
+            if not row:
+                return {
+                    'ok': False,
+                    'error': 'pool_exhausted',
+                    'project': project_name,
+                    'platform': platform_norm,
+                }
+            row = dict(row)
+            pool_code = row['code']
+            pool_target = row['target_url']
+            conn.execute(
+                "UPDATE post_links SET minted_session = %s WHERE code = %s",
+                (minted_session, pool_code),
+            )
+            conn.commit()
+        else:
+            sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+            from http_api import api_post
+            try:
+                resp = api_post(
+                    "/api/v1/post-links/claim-pool",
+                    {
+                        "project_name": project_name,
+                        "platform": platform_norm,
+                        "minted_session": minted_session,
+                    },
+                    ok_on_conflict=True,
+                )
+            except Exception as e:
+                return {'ok': False, 'error': 'api_unreachable', 'detail': str(e)}
+            if not resp or not resp.get('ok'):
+                err = (resp or {}).get('error') or {}
+                code = err.get('code') if isinstance(err, dict) else None
+                return {
+                    'ok': False,
+                    'error': code or 'pool_exhausted',
+                    'project': project_name,
+                    'platform': platform_norm,
+                    'detail': err.get('message') if isinstance(err, dict) else str(err),
+                }
+            data = resp.get('data') or {}
+            pool_code = data.get('code')
+            pool_target = data.get('target_url')
         return {
             'ok': True,
             'code': pool_code,
@@ -596,22 +624,54 @@ def _mint_one_post(conn, *, target_url: str, projects: list, platform: str,
         platform=platform,
     )
 
-    # Posts mint fresh codes every call — no idempotency on (post_id, target_url)
-    # because post_id is NULL at mint time. The minted_session UUID groups the
-    # codes so the caller can backfill them all in one UPDATE after log_post
-    # returns. If a wrap is retried (rare), we get duplicate codes pointing at
-    # the same target_url; orphans of failed posts are bounded and harmless.
+    # Fresh mint: try up to 8 random codes before giving up on collision.
+    if use_legacy:
+        for _ in range(8):
+            code = _gen_code()
+            try:
+                conn.execute(
+                    "INSERT INTO post_links (code, platform, project_name, "
+                    "       target_url, kind, project_at_mint, minted_session) "
+                    "VALUES (%s, %s, %s, %s, %s, %s, %s)",
+                    (code, platform, project_name, final_target, kind,
+                     matched_project, minted_session),
+                )
+                conn.commit()
+                return {
+                    'ok': True,
+                    'code': code,
+                    'short_url': f"{website}/r/{code}",
+                    'target_url': final_target,
+                    'kind': kind,
+                }
+            except Exception as e:
+                if 'duplicate key' in str(e).lower() and 'post_links_pkey' in str(e).lower():
+                    conn.execute("ROLLBACK")
+                    continue
+                raise
+        return {'ok': False, 'error': 'code_collision_after_8_tries'}
+
+    sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+    from http_api import api_post
     for _ in range(8):
         code = _gen_code()
         try:
-            conn.execute(
-                "INSERT INTO post_links (code, platform, project_name, "
-                "       target_url, kind, project_at_mint, minted_session) "
-                "VALUES (%s, %s, %s, %s, %s, %s, %s)",
-                (code, platform, project_name, final_target, kind,
-                 matched_project, minted_session),
+            resp = api_post(
+                "/api/v1/post-links/mint",
+                {
+                    "code": code,
+                    "platform": platform,
+                    "project_name": project_name,
+                    "target_url": final_target,
+                    "kind": kind,
+                    "project_at_mint": matched_project,
+                    "minted_session": minted_session,
+                },
+                ok_on_conflict=True,
             )
-            conn.commit()
+        except Exception as e:
+            return {'ok': False, 'error': 'api_unreachable', 'detail': str(e)}
+        if resp and resp.get('ok'):
             return {
                 'ok': True,
                 'code': code,
@@ -619,11 +679,15 @@ def _mint_one_post(conn, *, target_url: str, projects: list, platform: str,
                 'target_url': final_target,
                 'kind': kind,
             }
-        except Exception as e:
-            if 'duplicate key' in str(e).lower() and 'post_links_pkey' in str(e).lower():
-                conn.execute("ROLLBACK")
-                continue
-            raise
+        err = (resp or {}).get('error') or {}
+        err_code = err.get('code') if isinstance(err, dict) else None
+        if err_code == 'code_collision':
+            continue  # try another random code
+        return {
+            'ok': False,
+            'error': err_code or 'mint_api_error',
+            'detail': err.get('message') if isinstance(err, dict) else str(err),
+        }
     return {'ok': False, 'error': 'code_collision_after_8_tries'}
 
 
@@ -653,7 +717,11 @@ def wrap_text_for_post(*, text: str, platform: str, project_name: str) -> dict:
 
     minted_session = str(uuid.uuid4())
     projects = _load_projects()
-    conn = dbmod.get_conn()
+    # Conn is only opened for the legacy direct-Neon path (env-gated). The
+    # default API path doesn't need it; lazy-open avoids a wasted Neon
+    # connection on VMs that don't have DATABASE_URL.
+    use_legacy = os.environ.get('SOCIAL_AUTOPOSTER_LEGACY_NEON') == '1'
+    conn = dbmod.get_conn() if use_legacy else None
     try:
         seen = {}
         codes = []
@@ -704,7 +772,26 @@ def wrap_text_for_post(*, text: str, platform: str, project_name: str) -> dict:
             'skipped': skipped,
         }
     finally:
-        conn.close()
+        if conn is not None:
+            conn.close()
+
+
+def _backfill_via_api(*, minted_session: str, post_id: int | None = None,
+                      reply_id: int | None = None) -> int:
+    sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+    from http_api import api_post
+    body: dict = {"minted_session": minted_session}
+    if post_id is not None:
+        body["post_id"] = int(post_id)
+    if reply_id is not None:
+        body["reply_id"] = int(reply_id)
+    try:
+        resp = api_post("/api/v1/post-links/backfill", body)
+    except Exception:
+        return 0
+    if not resp or not resp.get('ok'):
+        return 0
+    return int((resp.get('data') or {}).get('updated') or 0)
 
 
 def backfill_post_id(*, minted_session: str, post_id: int) -> int:
@@ -714,9 +801,14 @@ def backfill_post_id(*, minted_session: str, post_id: int) -> int:
     Caller should NOT raise on rowcount==0 because some posts have no URLs
     and minted_session was None — the caller should skip the backfill in
     that case.
+
+    Routes through /api/v1/post-links/backfill by default. Set
+    SOCIAL_AUTOPOSTER_LEGACY_NEON=1 for the direct-Neon path.
     """
     if not minted_session or post_id is None:
         return 0
+    if os.environ.get('SOCIAL_AUTOPOSTER_LEGACY_NEON') != '1':
+        return _backfill_via_api(minted_session=minted_session, post_id=post_id)
     conn = dbmod.get_conn()
     try:
         cur = conn.execute(
@@ -735,6 +827,8 @@ def backfill_reply_id(*, minted_session: str, reply_id: int) -> int:
     writes to the `replies` table, not `posts`)."""
     if not minted_session or reply_id is None:
         return 0
+    if os.environ.get('SOCIAL_AUTOPOSTER_LEGACY_NEON') != '1':
+        return _backfill_via_api(minted_session=minted_session, reply_id=reply_id)
     conn = dbmod.get_conn()
     try:
         cur = conn.execute(

package/scripts/get_run_cost.py

@@ -70,37 +70,15 @@ def main():
         return
 
     try:
-        import psycopg2  # noqa: F401  (psycopg2 only needed via dbmod transitively)
         sys.path.insert(0, os.path.join(ROOT_DIR, 'scripts'))
-        import db as dbmod
-        conn = dbmod.get_conn()
-        if cycle_id:
-            cur = conn.execute(
-                """SELECT COALESCE(SUM(total_cost_usd), 0),
-                          COALESCE(SUM(subagent_cost_usd), 0),
-                          COALESCE(SUM(task_call_count), 0),
-                          COALESCE(SUM(subagent_count), 0)
-                   FROM claude_sessions
-                   WHERE cycle_id = %s""",
-                [cycle_id],
+        if os.environ.get('SOCIAL_AUTOPOSTER_LEGACY_NEON') == '1':
+            parent_cost, subagent_cost, task_count, subagent_count = _fetch_via_neon(
+                cycle_id=cycle_id, since=args.since, scripts=args.scripts,
             )
         else:
-            since_ts = datetime.fromtimestamp(args.since, tz=timezone.utc).isoformat()
-            placeholders = ','.join(['%s'] * len(args.scripts))
-            cur = conn.execute(
-                f"""SELECT COALESCE(SUM(total_cost_usd), 0),
-                           COALESCE(SUM(subagent_cost_usd), 0),
-                           COALESCE(SUM(task_call_count), 0),
-                           COALESCE(SUM(subagent_count), 0)
-                    FROM claude_sessions
-                    WHERE script IN ({placeholders}) AND started_at >= %s""",
-                args.scripts + [since_ts],
+            parent_cost, subagent_cost, task_count, subagent_count = _fetch_via_api(
+                cycle_id=cycle_id, since=args.since, scripts=args.scripts,
             )
-        row = cur.fetchone()
-        parent_cost = float(row[0] or 0)
-        subagent_cost = float(row[1] or 0)
-        task_count = int(row[2] or 0)
-        subagent_count = int(row[3] or 0)
         if args.breakdown:
             print(f"{parent_cost:.4f} {subagent_cost:.4f} {task_count} {subagent_count}")
         else:
@@ -109,5 +87,56 @@ def main():
         print("0.0000")
 
 
+def _fetch_via_api(*, cycle_id, since, scripts):
+    from http_api import api_get
+    if cycle_id:
+        query = {"cycle_id": cycle_id}
+    else:
+        query = {"since_ts": str(int(since)), "scripts": ",".join(scripts)}
+    resp = api_get("/api/v1/claude-sessions/cost", query=query)
+    data = (resp or {}).get("data") or {}
+    return (
+        float(data.get("parent_cost") or 0),
+        float(data.get("subagent_cost") or 0),
+        int(data.get("task_count") or 0),
+        int(data.get("subagent_count") or 0),
+    )
+
+
+def _fetch_via_neon(*, cycle_id, since, scripts):
+    import psycopg2  # noqa: F401
+    import db as dbmod
+    conn = dbmod.get_conn()
+    if cycle_id:
+        cur = conn.execute(
+            """SELECT COALESCE(SUM(total_cost_usd), 0),
+                      COALESCE(SUM(subagent_cost_usd), 0),
+                      COALESCE(SUM(task_call_count), 0),
+                      COALESCE(SUM(subagent_count), 0)
+               FROM claude_sessions
+               WHERE cycle_id = %s""",
+            [cycle_id],
+        )
+    else:
+        since_ts = datetime.fromtimestamp(since, tz=timezone.utc).isoformat()
+        placeholders = ','.join(['%s'] * len(scripts))
+        cur = conn.execute(
+            f"""SELECT COALESCE(SUM(total_cost_usd), 0),
+                       COALESCE(SUM(subagent_cost_usd), 0),
+                       COALESCE(SUM(task_call_count), 0),
+                       COALESCE(SUM(subagent_count), 0)
+                FROM claude_sessions
+                WHERE script IN ({placeholders}) AND started_at >= %s""",
+            list(scripts) + [since_ts],
+        )
+    row = cur.fetchone()
+    return (
+        float(row[0] or 0),
+        float(row[1] or 0),
+        int(row[2] or 0),
+        int(row[3] or 0),
+    )
+
+
 if __name__ == '__main__':
     main()

package/scripts/top_performers.py

@@ -536,6 +536,117 @@ def format_report(summary, top, bottom, project=None, platform=None,
     return "\n".join(lines)
 
 
+def _apply_top_filter(rows, limit):
+    """Anti-pattern filter applied to top-N candidates.
+
+    PRODUCT_NAMES: hard-drop self-promotional examples regardless of
+    clicks (don't teach Claude to namedrop). URL/www. mention: only
+    drop when clicks==0 (a URL-bearing post with real human clicks IS
+    the gold example by definition; see 2026-05-12 click-aware fix).
+    Caller passes overfetched rows; we trim to `limit` after filter.
+    """
+    clean = []
+    for r in rows:
+        content = (r[5] or "")
+        clicks = r[11] if len(r) > 11 and r[11] is not None else 0
+        lower = content.lower()
+        if any(name in lower for name in PRODUCT_NAMES):
+            continue
+        has_url = ("http://" in lower or "https://" in lower or "www." in lower)
+        if has_url and clicks == 0:
+            continue
+        clean.append(r)
+    return clean[:limit]
+
+
+def _fetch_report_via_api(*, platform, project, top, bottom):
+    """Pull all 6 SQL aggregations in one call via the v1 route.
+
+    Returns (summary, style_perf, top_posts, bottom_posts,
+              fallback_top|None, top_by_group|None). Row shapes match
+    the column order format_post / format_report expect.
+    """
+    from http_api import api_get
+    resp = api_get(
+        "/api/v1/posts/top-performers-report",
+        query={
+            "platform": platform or "",
+            "project": project or "",
+            "top": str(top),
+            "bottom": str(bottom),
+        },
+    )
+    data = (resp or {}).get("data") or {}
+    summary = data.get("summary") or []
+    style_perf = data.get("style_perf") or []
+    raw_top = data.get("top_posts") or []
+    raw_bottom = data.get("bottom_posts") or []
+    raw_fallback = data.get("fallback_top") or []
+    raw_group = data.get("top_by_group") or {}
+
+    top_filtered = _apply_top_filter(raw_top, top) if raw_top else []
+    fallback_filtered = None
+    if project and not top_filtered and raw_fallback:
+        fallback_filtered = _apply_top_filter(raw_fallback, top)
+    top_by_group = None
+    if not project:
+        top_by_group = {
+            proj: _apply_top_filter(rows, 5)
+            for proj, rows in raw_group.items()
+        }
+    return summary, style_perf, top_filtered, raw_bottom, fallback_filtered, top_by_group
+
+
+def _fetch_report_via_neon(*, platform, project, top, bottom):
+    conn = dbmod.get_conn()
+    try:
+        summary = get_project_platform_summary(conn, project=project, platform=platform)
+        style_perf = get_style_performance(conn, platform=platform)
+        top_posts = get_top_posts(conn, project=project, platform=platform, limit=top)
+        bottom_posts = get_bottom_posts(conn, project=project, platform=platform, limit=bottom)
+        fallback_top = None
+        if project and not top_posts:
+            fallback_top = get_top_posts(conn, project=None, platform=platform, limit=top)
+        top_by_group = None
+        if not project:
+            top_by_group = {}
+            min_score = min_score_for(platform)
+            platform_filter = "AND platform = %s" if platform else ""
+            platform_params = [platform] if platform else []
+            cur = conn.execute(
+                f"{POSTS_WITH_CLICKS_CTE}"
+                f"SELECT DISTINCT COALESCE(project_name, '(no project)') FROM posts_w_clicks "
+                f"WHERE status = 'active' AND platform NOT IN ('github_issues') "
+                f"AND our_content IS NOT NULL AND LENGTH(our_content) >= %s "
+                f"AND upvotes IS NOT NULL AND {SCORE_SQL} >= %s "
+                f"{platform_filter} "
+                f"ORDER BY 1",
+                [MIN_CONTENT_LEN, min_score] + platform_params,
+            )
+            projects = [row[0] for row in cur.fetchall()]
+            for proj in projects:
+                proj_filter = proj if proj != "(no project)" else None
+                where_extra = "AND project_name = %s" if proj_filter else "AND project_name IS NULL"
+                params = ([proj_filter] if proj_filter else []) + platform_params
+                cur = conn.execute(
+                    f"{POSTS_WITH_CLICKS_CTE}"
+                    f"SELECT id, platform, upvotes, comments_count, views, "
+                    f"our_content, thread_title, thread_content, "
+                    f"project_name, posted_at::date, our_account, clicks "
+                    f"FROM posts_w_clicks WHERE status = 'active' AND {SCORE_SQL} >= {min_score} "
+                    f"AND our_content IS NOT NULL AND LENGTH(our_content) >= {MIN_CONTENT_LEN} "
+                    f"AND platform NOT IN ('github_issues') "
+                    f"{where_extra} {platform_filter} "
+                    f"ORDER BY {SCORE_SQL} DESC, COALESCE(clicks,0) DESC, "
+                    f"         {UPVOTES_NET_SQL} DESC LIMIT 5",
+                    params,
+                )
+                top_by_group[proj] = cur.fetchall()
+        return summary, style_perf, top_posts, bottom_posts, fallback_top, top_by_group
+    finally:
+        conn.close()
+
+
 def main():
     parser = argparse.ArgumentParser(description="Generate top performers feedback report")
     parser.add_argument("--platform", default=None, help="Filter to specific platform")
@@ -545,71 +656,20 @@ def main():
     parser.add_argument("--json", action="store_true", help="Output as JSON")
     args = parser.parse_args()
 
-    conn = dbmod.get_conn()
-
-    summary = get_project_platform_summary(conn, project=args.project, platform=args.platform)
-    style_perf = get_style_performance(conn, platform=args.platform)
-    top = get_top_posts(conn, project=args.project, platform=args.platform, limit=args.top)
-    bottom = get_bottom_posts(conn, project=args.project, platform=args.platform, limit=args.bottom)
-
-    # If project was specified but no posts met the threshold, fall back to
-    # general high-performing posts on the same platform
-    fallback_top = None
-    if args.project and not top:
-        fallback_top = get_top_posts(conn, project=None, platform=args.platform, limit=args.top)
-
-    # When no project filter, also get top 5 per project for focused examples.
-    # Uses the same SCORE_SQL composite as get_top_posts so ranking is consistent.
-    top_by_group = None
-    if not args.project:
-        top_by_group = {}
-        min_score = min_score_for(args.platform)
-        platform_filter = "AND platform = %s" if args.platform else ""
-        platform_params = [args.platform] if args.platform else []
-        # Get distinct projects (respecting platform filter). Uses the
-        # CTE so the SCORE_SQL >= threshold expression resolves `clicks`.
-        cur = conn.execute(
-            f"{POSTS_WITH_CLICKS_CTE}"
-            f"SELECT DISTINCT COALESCE(project_name, '(no project)') FROM posts_w_clicks "
-            f"WHERE status = 'active' AND platform NOT IN ('github_issues') "
-            f"AND our_content IS NOT NULL AND LENGTH(our_content) >= %s "
-            f"AND upvotes IS NOT NULL AND {SCORE_SQL} >= %s "
-            f"{platform_filter} "
-            f"ORDER BY 1",
-            [MIN_CONTENT_LEN, min_score] + platform_params
-        )
-        projects = [row[0] for row in cur.fetchall()]
-        for proj in projects:
-            proj_filter = proj if proj != "(no project)" else None
-            where_extra = "AND project_name = %s" if proj_filter else "AND project_name IS NULL"
-            params = ([proj_filter] if proj_filter else []) + platform_params
-            # Per-project top-5 examples — these are what Claude actually
-            # sees as the few-shot prompt. Click DESC tiebreaker means two
-            # posts at the same composite score sort the higher-click one
-            # first, putting the better conversion proof in front of Claude.
-            cur = conn.execute(
-                f"{POSTS_WITH_CLICKS_CTE}"
-                f"SELECT id, platform, upvotes, comments_count, views, "
-                f"our_content, thread_title, thread_content, "
-                f"project_name, posted_at::date, our_account, clicks "
-                f"FROM posts_w_clicks WHERE status = 'active' AND {SCORE_SQL} >= {min_score} "
-                f"AND our_content IS NOT NULL AND LENGTH(our_content) >= {MIN_CONTENT_LEN} "
-                f"AND platform NOT IN ('github_issues') "
-                f"{where_extra} {platform_filter} "
-                f"ORDER BY {SCORE_SQL} DESC, COALESCE(clicks,0) DESC, "
-                f"         {UPVOTES_NET_SQL} DESC LIMIT 5",
-                params
-            )
-            top_by_group[proj] = cur.fetchall()
-
-    conn.close()
+    if os.environ.get("SOCIAL_AUTOPOSTER_LEGACY_NEON") == "1":
+        fetch = _fetch_report_via_neon
+    else:
+        fetch = _fetch_report_via_api
+    summary, style_perf, top, bottom, fallback_top, top_by_group = fetch(
+        platform=args.platform, project=args.project, top=args.top, bottom=args.bottom,
+    )
 
     if args.json:
         output = {
-            "summary": [dict(row) for row in summary],
-            "top_posts": [dict(row) for row in top],
-            "bottom_posts": [dict(row) for row in bottom],
-            "fallback_top": [dict(row) for row in fallback_top] if fallback_top else [],
+            "summary": [list(row) for row in summary],
+            "top_posts": [list(row) for row in top],
+            "bottom_posts": [list(row) for row in bottom],
+            "fallback_top": [list(row) for row in fallback_top] if fallback_top else [],
         }
         print(json.dumps(output, indent=2, default=str))
     else: