social-autoposter 1.3.6 → 1.3.8

package/bin/server.js

@@ -4728,7 +4728,7 @@ async function handleApi(req, res) {
           "COALESCE(tlm.last_at, d.last_message_at) AS last_message_at, " +
           "d.discovered_at, " +
           "d.conversation_status, d.interest_level, d.mode, " +
-          "d.human_reason, d.flagged_at, " +
+          "d.human_reason, d.flagged_at, d.snoozed_until, " +
           "d.target_project, d.icp_precheck, d.icp_matches, d.qualification_status, " +
           "d.qualification_notes, d.booking_link_sent_at, " +
           // dm_links aggregates replace the legacy single-link columns. Latest
@@ -4845,7 +4845,8 @@ async function handleApi(req, res) {
               "WHERE mm.dm_id = d.id), " +
             "'[]'::json" +
           ") AS campaign_names, " +
-          "CASE WHEN d.conversation_status = 'needs_human' THEN 0 " +
+          "CASE WHEN d.conversation_status = 'needs_human' AND (d.snoozed_until IS NULL OR d.snoozed_until <= NOW()) THEN 0 " +
+               "WHEN d.conversation_status = 'needs_human' THEN 75 " +
                "WHEN d.conversation_status IN ('converted','closed') THEN 90 " +
                "WHEN d.interest_level = 'hot' THEN 10 " +
                "WHEN d.interest_level = 'warm' THEN 20 " +
@@ -5028,6 +5029,54 @@ async function handleApi(req, res) {
     }).catch(e => json(res, { error: e.message }, 500));
   }
 
+  // POST /api/dm/:id/snooze - skip a flagged DM until the prospect sends a new
+  // inbound. Sets dms.snoozed_until to NOW()+30d (cap) so the engage loop and
+  // dashboard escalation card both hide it. Auto-cleared in
+  // scripts/dm_conversation.py log_inbound() the next time a real inbound
+  // message lands, which re-arms the thread under its existing conversation_status.
+  // Body: { hours?: number, unsnooze?: boolean }. hours capped to 720 (30d).
+  const snoozeMatch = p.match(/^\/api\/dm\/(\d+)\/snooze$/);
+  if (snoozeMatch && req.method === 'POST') {
+    const dmId = parseInt(snoozeMatch[1], 10);
+    return readBody(req).then(async (body) => {
+      let payload = {};
+      if (body) { try { payload = JSON.parse(body); } catch { return json(res, { error: 'invalid_json' }, 400); } }
+      const unsnooze = !!(payload && payload.unsnooze);
+      const dmRows = await pq(
+        "SELECT d.id, d.platform, d.their_author, " +
+          "COALESCE(p_direct.project_name, p_via_reply.project_name, d.target_project) AS project_name " +
+        "FROM dms d " +
+        "LEFT JOIN posts   p_direct    ON p_direct.id    = d.post_id " +
+        "LEFT JOIN replies r_link      ON r_link.id      = d.reply_id " +
+        "LEFT JOIN posts   p_via_reply ON p_via_reply.id = r_link.post_id " +
+        "WHERE d.id = $1",
+        [dmId]
+      );
+      if (!dmRows || !dmRows.length) return json(res, { error: 'dm_not_found' }, 404);
+      const dm = dmRows[0];
+      if (!req.user || !req.user.admin) {
+        const projName = dm.project_name || '';
+        const claims = (req.user && Array.isArray(req.user.projects)) ? req.user.projects : [];
+        if (!projName || !claims.includes(projName)) {
+          return json(res, { error: 'forbidden' }, 403);
+        }
+      }
+      let upd;
+      if (unsnooze) {
+        upd = await pq("UPDATE dms SET snoozed_until = NULL WHERE id = $1 RETURNING id, snoozed_until", [dmId]);
+      } else {
+        const rawHours = Number(payload && payload.hours);
+        const hours = Number.isFinite(rawHours) && rawHours > 0 ? Math.min(720, Math.floor(rawHours)) : 720;
+        upd = await pq(
+          "UPDATE dms SET snoozed_until = NOW() + ($2 || ' hours')::interval WHERE id = $1 RETURNING id, snoozed_until",
+          [dmId, String(hours)]
+        );
+      }
+      if (!upd || !upd.length) return json(res, { error: 'update_failed' }, 500);
+      return json(res, { ok: true, dm_id: dmId, snoozed_until: upd[0].snoozed_until }, 200);
+    }).catch(e => json(res, { error: e.message }, 500));
+  }
+
   // GET /api/top - top-performing posts by engagement
   // Mirrors scripts/top_performers.py: active posts, non-trivial content,
   // excludes platforms we don't score. Default ranking is upvotes DESC (that's
@@ -5312,7 +5361,7 @@ async function handleApi(req, res) {
           "COUNT(*) FILTER (WHERE d.qualification_status = 'disqualified')::int AS q_disqualified, " +
           "COUNT(*) FILTER (WHERE d.booking_link_sent_at IS NOT NULL)::int AS booking_sent, " +
           "COUNT(*) FILTER (WHERE d.conversation_status = 'converted')::int AS converted, " +
-          "COUNT(*) FILTER (WHERE d.conversation_status = 'needs_human')::int AS needs_human " +
+          "COUNT(*) FILTER (WHERE d.conversation_status = 'needs_human' AND (d.snoozed_until IS NULL OR d.snoozed_until <= NOW()))::int AS needs_human " +
         "FROM dms d " +
         "LEFT JOIN posts   p_direct    ON p_direct.id    = d.post_id " +
         "LEFT JOIN replies r_link      ON r_link.id      = d.reply_id " +
@@ -6429,6 +6478,10 @@ const HTML = `<!DOCTYPE html>
   .dm-esc-link { margin-left: auto; padding: 2px 8px; font-size: 11px; font-weight: 600; color: #92400e; background: #fef3c7; border: 1px solid #fde68a; border-radius: 4px; text-decoration: none; }
   .dm-esc-link:hover { background: #fde68a; }
   .dm-esc-link-missing { font-size: 10px; color: var(--text-muted); font-style: italic; }
+  .dm-esc-skip { padding: 2px 8px; font-size: 11px; font-weight: 600; color: var(--text-secondary); background: transparent; border: 1px solid var(--border); border-radius: 4px; cursor: pointer; font-family: inherit; }
+  .dm-esc-skip:hover { color: var(--text-strong); border-color: var(--border-hover); }
+  .dm-esc-skip:disabled { opacity: 0.6; cursor: not-allowed; }
+  .dm-esc-snoozed { padding: 2px 8px; font-size: 10px; font-weight: 600; color: #1d4ed8; background: #dbeafe; border: 1px solid #bfdbfe; border-radius: 4px; text-transform: uppercase; letter-spacing: 0.04em; }
 
   .prospect-modal-overlay { position: fixed; inset: 0; background: var(--shadow-modal); display: flex; align-items: flex-start; justify-content: center; z-index: 9999; padding: 60px 20px 20px; overflow-y: auto; }
   .prospect-modal { background: var(--bg-card); border: 1px solid var(--border); border-radius: 12px; max-width: 640px; width: 100%; padding: 24px 28px; color: var(--text); font-size: 13px; line-height: 1.5; }
@@ -12920,6 +12973,7 @@ function renderTopDms(payload) {
     interest_level: d.interest_level || '',
     mode: d.mode || 'rapport',
     human_reason: d.human_reason || '',
+    snoozed_until: d.snoozed_until || null,
     project_name: d.project_name || '',
     target_project: d.target_project || '',
     project_display: d.target_project || d.project_name || '',
@@ -13328,10 +13382,23 @@ function renderDmEscalationCard(dm) {
         '<a class="dm-esc-link" href="' + escapeHtml(profileUrl) + '" target="_blank" rel="noopener">open profile</a>';
     }
   }
+  const snoozedTs = dm.snoozed_until ? parseServerUtcTs(dm.snoozed_until) : null;
+  const isSnoozed = !!(snoozedTs && snoozedTs.getTime() > Date.now());
+  const snoozeBtnId = 'dm-esc-skip-' + Number(dm.id);
+  const snoozeLabel = isSnoozed ? 'Unskip' : 'Skip until they reply';
+  const snoozeTitle = isSnoozed
+    ? 'Stop ignoring this thread; re-show in human queue.'
+    : 'Hide this thread from the engage loop and the dashboard escalation surface. If they send a new inbound message, it auto-re-arms.';
+  const snoozedBadge = isSnoozed
+    ? '<span class="dm-esc-snoozed" title="Auto-cleared when they send a new inbound.">skipped</span>'
+    : '';
+  const skipBtn = '<button type="button" class="dm-esc-skip" id="' + snoozeBtnId + '" title="' + escapeHtml(snoozeTitle) + '" onclick="toggleDmSnooze(this, ' + Number(dm.id) + ', ' + (isSnoozed ? 'true' : 'false') + ')">' + escapeHtml(snoozeLabel) + '</button>';
   const head =
     '<div class="dm-esc-head">' +
       '<span class="dm-esc-tag">escalation</span>' +
       (dm.flagged_at ? '<span class="dm-exp-ctx-author">flagged ' + escapeHtml(relTime(dm.flagged_at)) + '</span>' : '') +
+      snoozedBadge +
+      skipBtn +
       linkHtml +
     '</div>';
 
@@ -13526,6 +13593,66 @@ async function submitDmInstructions(btn, dmId) {
   }
 }
 
+// Toggle the snoozed_until flag on a flagged DM. POSTs to /api/dm/:id/snooze
+// with {unsnooze:true} (to clear) or {} (to set NOW()+30d). After the response
+// lands we update the in-memory dm.snoozed_until and re-render the card so the
+// badge and button label flip without a full reload. The next time the
+// prospect sends an inbound, dm_conversation.log_inbound clears snoozed_until
+// automatically and the thread re-surfaces in the engage queue.
+async function toggleDmSnooze(btn, dmId, currentlySnoozed) {
+  if (!btn) return;
+  btn.disabled = true;
+  const prevText = btn.textContent;
+  btn.textContent = currentlySnoozed ? 'Unskipping…' : 'Skipping…';
+  try {
+    const resp = await fetch('/api/dm/' + dmId + '/snooze', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(currentlySnoozed ? { unsnooze: true } : {}),
+    });
+    let data = {};
+    try { data = await resp.json(); } catch (_) {}
+    if (!resp.ok) {
+      btn.textContent = prevText;
+      btn.disabled = false;
+      const fb = document.getElementById('dm-esc-fb-' + dmId);
+      if (fb) {
+        fb.className = 'dm-esc-feedback dm-esc-feedback-err';
+        fb.textContent = (data && data.error) ? ('Failed: ' + data.error) : ('Failed (HTTP ' + resp.status + ')');
+      }
+      return;
+    }
+    const dm = (window.__dmsById || {})[dmId];
+    if (dm) dm.snoozed_until = data && data.snoozed_until || null;
+    const nowSnoozed = !currentlySnoozed;
+    btn.textContent = nowSnoozed ? 'Unskip' : 'Skip until they reply';
+    btn.setAttribute('onclick', 'toggleDmSnooze(this, ' + dmId + ', ' + nowSnoozed + ')');
+    btn.disabled = false;
+    const card = btn.closest('.dm-esc-card');
+    if (card) {
+      const head = card.querySelector('.dm-esc-head');
+      const existingBadge = head ? head.querySelector('.dm-esc-snoozed') : null;
+      if (nowSnoozed && head && !existingBadge) {
+        const badge = document.createElement('span');
+        badge.className = 'dm-esc-snoozed';
+        badge.title = 'Auto-cleared when they send a new inbound.';
+        badge.textContent = 'skipped';
+        head.insertBefore(badge, btn);
+      } else if (!nowSnoozed && existingBadge) {
+        existingBadge.remove();
+      }
+    }
+  } catch (e) {
+    btn.textContent = prevText;
+    btn.disabled = false;
+    const fb = document.getElementById('dm-esc-fb-' + dmId);
+    if (fb) {
+      fb.className = 'dm-esc-feedback dm-esc-feedback-err';
+      fb.textContent = 'Network error: ' + ((e && e.message) || 'unknown');
+    }
+  }
+}
+
 // Cmd/Ctrl+Enter inside any escalation textarea triggers send.
 if (!window.__dmEscKeydownInstalled) {
   window.__dmEscKeydownInstalled = true;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "social-autoposter",
-  "version": "1.3.6",
+  "version": "1.3.8",
   "description": "Automated social posting pipeline for Reddit, X/Twitter, LinkedIn, and Moltbook. Install as a Claude Code agent skill.",
   "bin": {
     "social-autoposter": "bin/cli.js"
@@ -18,14 +18,8 @@
     "config.example.json",
     "requirements.txt",
     "SKILL.md",
-    "skill/run-reddit-search.sh",
-    "skill/run-reddit-threads.sh",
-    "skill/run-twitter-cycle.sh",
-    "skill/run-linkedin.sh",
-    "skill/run-moltbook.sh",
-    "skill/run-github.sh",
-    "skill/stats.sh",
-    "skill/engage.sh",
+    "skill/*.sh",
+    "skill/lib/*.sh",
     "setup/SKILL.md",
     "browser-agent-configs/"
   ],

package/schema-postgres.sql

@@ -180,6 +180,14 @@ ALTER TABLE dms ADD COLUMN IF NOT EXISTS short_link_first_click_at TIMESTAMP;
 ALTER TABLE dms ADD COLUMN IF NOT EXISTS short_link_last_click_at TIMESTAMP;
 CREATE UNIQUE INDEX IF NOT EXISTS idx_dms_short_link_code ON dms(short_link_code) WHERE short_link_code IS NOT NULL;
 
+-- Dashboard "skip until next inbound" affordance for needs_human (and any other)
+-- escalations: while snoozed_until > NOW(), engage-dm-replies.sh hides the row
+-- and the escalation card collapses to a "snoozed" badge. Auto-cleared by
+-- dm_conversation.log_inbound() when a new inbound message arrives, which
+-- re-surfaces the DM under its existing conversation_status on the next cycle.
+ALTER TABLE dms ADD COLUMN IF NOT EXISTS snoozed_until TIMESTAMP;
+CREATE INDEX IF NOT EXISTS idx_dms_snoozed_until ON dms(snoozed_until) WHERE snoozed_until IS NOT NULL;
+
 -- prospects: persistent per-(platform, author) record. One person can have multiple DMs over time.
 CREATE TABLE IF NOT EXISTS prospects (
     id SERIAL PRIMARY KEY,

package/scripts/dm_conversation.py

@@ -410,7 +410,8 @@ def log_inbound(conn, dm_id, author, content, message_at=None, event_id=None):
                        conversation_status = CASE
                            WHEN conversation_status IN ('needs_human','converted','closed','public_only') THEN conversation_status
                            ELSE 'needs_reply'
-                       END
+                       END,
+                       snoozed_until = NULL
         WHERE id = %s
     """, (dm_id,))
     conn.commit()

package/scripts/dm_short_links.py

@@ -1072,6 +1072,18 @@ def cmd_wrap_post_text(args):
     print(json.dumps(res))
 
 
+def cmd_utm_text(args):
+    """UTM-only wrap (no DB, no minting). Prints the wrapped text on stdout.
+    Used by the Twitter engagement prompt where Claude types the reply through
+    mcp__twitter-agent__browser_type and there is no Python posting layer to
+    invoke wrap_text_for_post. The typed URL itself carries all attribution
+    via utm_source=s4l + utm_term=<platform>; PostHog captures it on landing.
+    """
+    out = utm_only_text(text=args.text, platform=args.platform,
+                        project_name=args.project)
+    sys.stdout.write(out)
+
+
 def cmd_backfill_post(args):
     n = backfill_post_id(minted_session=args.minted_session, post_id=args.post_id)
     print(json.dumps({'backfilled': n, 'post_id': args.post_id,
@@ -1119,6 +1131,17 @@ def main():
     p_wrap_post.add_argument('--project', required=True,
                              help='project_name from config.json (drives wrapper hostname)')
 
+    p_utm = sub.add_parser('utm-text',
+                            help='UTM-only wrap (no DB write). Replaces every URL '
+                                 'in --text with its UTM-tagged version and prints '
+                                 'the result on stdout. Use when no Python posting '
+                                 'layer is available (Claude-driven MCP typing).')
+    p_utm.add_argument('--text', required=True)
+    p_utm.add_argument('--platform', required=True,
+                       choices=['reddit', 'twitter', 'x', 'linkedin', 'github_issues', 'github', 'moltbook'])
+    p_utm.add_argument('--project', required=True,
+                       help='project_name from config.json (drives utm_campaign + wrapper hostname classification)')
+
     p_bp = sub.add_parser('backfill-post',
                            help='Stamp post_links.post_id for every code minted '
                                 'under --minted-session. Idempotent.')
@@ -1140,6 +1163,8 @@ def main():
         cmd_wrap_text(args)
     elif args.cmd == 'wrap-post-text':
         cmd_wrap_post_text(args)
+    elif args.cmd == 'utm-text':
+        cmd_utm_text(args)
     elif args.cmd == 'backfill-post':
         cmd_backfill_post(args)
     elif args.cmd == 'backfill-reply':

package/scripts/linkedin_api.py

@@ -94,7 +94,7 @@ def _wrap_if_project(text, project):
         return text, None
     try:
         sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
-        from dm_short_links import wrap_text_for_post
+        from dm_short_links import wrap_text_for_post, utm_only_text
         res = wrap_text_for_post(text=text, platform="linkedin", project_name=project)
         if res.get("ok"):
             if res.get("codes"):
@@ -102,10 +102,17 @@ def _wrap_if_project(text, project):
                       f"{res['codes']}", file=sys.stderr)
             return res.get("text", text), res.get("minted_session")
         print(f"[linkedin_api] WARNING: URL wrap failed "
-              f"({res.get('error')}); posting unwrapped", file=sys.stderr)
+              f"({res.get('error')}); falling back to UTM-only", file=sys.stderr)
+        return utm_only_text(text=text, platform="linkedin", project_name=project), None
     except Exception as e:
-        print(f"[linkedin_api] WARNING: URL wrap raised ({e}); posting unwrapped",
+        print(f"[linkedin_api] WARNING: URL wrap raised ({e}); falling back to UTM-only",
               file=sys.stderr)
+        try:
+            from dm_short_links import utm_only_text
+            return utm_only_text(text=text, platform="linkedin", project_name=project), None
+        except Exception as ee:
+            print(f"[linkedin_api] WARNING: UTM-only fallback also failed ({ee}); "
+                  f"posting unwrapped", file=sys.stderr)
     return text, None
 
 

package/scripts/post_reddit.py

@@ -449,13 +449,27 @@ def _ban_entries_to_subs(entries) -> set[str]:
 
 
 def _make_ban_entry(sub: str, reason: str | None, project: str | None) -> dict:
-    """Build a new ban-list entry with the current UTC timestamp."""
+    """Build a new ban-list entry with the current UTC timestamp.
+
+    Stamps the current Reddit account (top-level config.json reddit_account
+    .username) so per-account scoping in reddit_tools._load_comment_blocked_subs
+    can ignore this entry on other machines posting as a different account.
+    Returns account=None if the config has no reddit_account, in which case
+    the reader treats the entry as global (back-compat with pre-2026-05-15).
+    """
     from datetime import datetime, timezone
+    account = None
+    try:
+        with open(CONFIG_PATH) as _f:
+            account = (json.load(_f).get("reddit_account") or {}).get("username") or None
+    except Exception:
+        pass
     return {
         "sub": sub.strip().lower(),
         "added_at": datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ"),
         "reason": reason or None,
         "project": project or None,
+        "account": account,
     }
 
 

package/scripts/reddit_tools.py

@@ -190,6 +190,13 @@ def _load_comment_blocked_subs(project_name=None):
         config_path = os.path.join(os.path.dirname(os.path.abspath(__file__)), "..", "config.json")
         with open(config_path) as f:
             config = json.load(f)
+        # Per-account scoping (2026-05-15): a ban applies only to the account
+        # that triggered it. Different machines may post the same project as
+        # different accounts (laptop=Deep_Ad1959, sandbox VM=StreetRefuse7512);
+        # without this filter, account A's real ban would suppress a sub for
+        # account B that has no such ban. Entries with account=null are
+        # treated as global (apply regardless), preserving pre-2026-05-15 data.
+        current_account = (config.get("reddit_account") or {}).get("username") or None
         blocked = set()
         bans = config.get("subreddit_bans") or {}
         if isinstance(bans, dict):
@@ -198,8 +205,15 @@ def _load_comment_blocked_subs(project_name=None):
                 if not slug:
                     continue
                 entry_project = None
+                entry_account = None
                 if isinstance(entry, dict):
                     entry_project = entry.get("project") or None
+                    entry_account = entry.get("account") or None
+                # Account filter first: if entry is tagged with a specific
+                # account and it's not the current one, this ban doesn't apply.
+                if (entry_account is not None and current_account is not None
+                        and entry_account.lower() != current_account.lower()):
+                    continue
                 if entry_project is None:
                     blocked.add(slug)
                 elif project_name and entry_project.lower() == project_name.lower():

package/scripts/score_twitter_candidates.py

@@ -214,7 +214,16 @@ def upsert_candidates(tweets, config, batch_id=None):
                     bookmarks_t1 = NULL,
                     t1_checked_at = NULL,
                     delta_score = NULL,
-                    batch_id = COALESCE(EXCLUDED.batch_id, twitter_candidates.batch_id)
+                    batch_id = COALESCE(twitter_candidates.batch_id, EXCLUDED.batch_id)
+                WHERE NOT (
+                    twitter_candidates.status = 'pending'
+                    AND twitter_candidates.batch_id IS DISTINCT FROM EXCLUDED.batch_id
+                    AND EXISTS (
+                        SELECT 1 FROM twitter_batches tb
+                        WHERE tb.batch_id = twitter_candidates.batch_id
+                          AND tb.phase_started_at > NOW() - INTERVAL '20 minutes'
+                    )
+                )
                 """,
                 [
                     url,

package/scripts/send_dashboard_invite.py

@@ -0,0 +1,141 @@
+#!/usr/bin/env python3
+"""
+send_dashboard_invite.py
+Send the S4L dashboard onboarding email to a previously-provisioned user.
+Reads the user's name and scoped projects from dashboard_users, composes the
+invite, and sends via Gmail API from i@m13v.com.
+
+Usage:
+    python3 send_dashboard_invite.py <email> [<email> ...]
+    python3 send_dashboard_invite.py --dry-run kent@runner.now
+"""
+
+import argparse
+import base64
+import os
+import sys
+from email.mime.text import MIMEText
+from email.mime.multipart import MIMEMultipart
+from pathlib import Path
+
+import psycopg2
+from psycopg2.extras import RealDictCursor
+from google.auth.transport.requests import Request
+from google.oauth2.credentials import Credentials
+from googleapiclient.discovery import build
+
+REPO_ROOT = Path(__file__).resolve().parent.parent
+ENV_FILE = REPO_ROOT / ".env"
+if ENV_FILE.exists():
+    with open(ENV_FILE) as f:
+        for line in f:
+            line = line.strip()
+            if line and not line.startswith("#") and "=" in line:
+                k, v = line.split("=", 1)
+                os.environ.setdefault(k.strip(), v.strip())
+
+FROM_NAME = "Matthew Diakonov"
+FROM_EMAIL = "i@m13v.com"
+CC_EMAIL = "i@m13v.com"
+TOKEN_PATH = os.path.expanduser("~/gmail-api/token_i_at_m13v.com.json")
+SCOPES = ["https://mail.google.com/"]
+DASHBOARD_URL = "https://app.s4l.ai"
+
+
+def load_user(email):
+    conn = psycopg2.connect(os.environ["DATABASE_URL"])
+    try:
+        with conn.cursor(cursor_factory=RealDictCursor) as cur:
+            cur.execute(
+                "SELECT email, name, projects FROM dashboard_users WHERE email=%s",
+                (email.lower(),),
+            )
+            row = cur.fetchone()
+            if not row:
+                raise RuntimeError(f"No dashboard_users row for {email}")
+            return dict(row)
+    finally:
+        conn.close()
+
+
+def build_invite(user):
+    name = user.get("name") or user["email"]
+    first = name.split()[0] if " " in name else name
+    projects = user.get("projects") or []
+    scope = ", ".join(projects) if projects else "all projects"
+    subject = f"Your S4L dashboard access ({scope})"
+
+    text_body = f"""Hi {first},
+
+I set up dashboard access for you covering {scope}. You'll see live posting, replies, DMs, SEO pages, and weekly stats for {'these projects' if len(projects) > 1 else 'the project'}.
+
+Sign in:
+1. Go to {DASHBOARD_URL}
+2. Enter {user['email']} and click "Email me a sign-in link"
+3. Open the link from your inbox; you'll land in your dashboard
+
+A weekly report covering the same scope will land in your inbox every Monday at 9am.
+
+Reply to this email with any questions.
+
+Matthew
+"""
+
+    html_body = f"""<html><body style="font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;color:#222;max-width:640px;line-height:1.5;">
+<p>Hi {first},</p>
+<p>I set up dashboard access for you covering <b>{scope}</b>. You'll see live posting, replies, DMs, SEO pages, and weekly stats for {'these projects' if len(projects) > 1 else 'the project'}.</p>
+<p><b>Sign in:</b></p>
+<ol>
+<li>Go to <a href="{DASHBOARD_URL}">{DASHBOARD_URL}</a></li>
+<li>Enter <code>{user['email']}</code> and click "Email me a sign-in link"</li>
+<li>Open the link from your inbox; you'll land in your dashboard</li>
+</ol>
+<p>A weekly report covering the same scope will land in your inbox every Monday at 9am.</p>
+<p>Reply to this email with any questions.</p>
+<p>Matthew</p>
+</body></html>"""
+
+    return subject, text_body, html_body
+
+
+def gmail_service():
+    creds = Credentials.from_authorized_user_file(TOKEN_PATH, SCOPES)
+    if creds.expired and creds.refresh_token:
+        creds.refresh(Request())
+        with open(TOKEN_PATH, "w") as f:
+            f.write(creds.to_json())
+    return build("gmail", "v1", credentials=creds)
+
+
+def send(service, to_addr, subject, text_body, html_body):
+    msg = MIMEMultipart("alternative")
+    msg["from"] = f"{FROM_NAME} <{FROM_EMAIL}>"
+    msg["to"] = to_addr
+    msg["cc"] = CC_EMAIL
+    msg["subject"] = subject
+    msg.attach(MIMEText(text_body, "plain"))
+    msg.attach(MIMEText(html_body, "html"))
+    raw = base64.urlsafe_b64encode(msg.as_bytes()).decode("utf-8")
+    result = service.users().messages().send(userId="me", body={"raw": raw}).execute()
+    return result["id"]
+
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument("emails", nargs="+")
+    parser.add_argument("--dry-run", action="store_true")
+    args = parser.parse_args()
+
+    service = None if args.dry_run else gmail_service()
+    for email in args.emails:
+        user = load_user(email)
+        subject, text_body, html_body = build_invite(user)
+        if args.dry_run:
+            print(f"--- {email} ---\nSubject: {subject}\n\n{text_body}")
+            continue
+        mid = send(service, email, subject, text_body, html_body)
+        print(f"SENT -> {email}  cc={CC_EMAIL}  id={mid}  subj='{subject}'")
+
+
+if __name__ == "__main__":
+    main()

package/scripts/twitter_browser.py

@@ -517,10 +517,19 @@ def reply_to_tweet(tweet_url, text, apply_campaigns=True):
                         if detected_project:
                             wrap_res = wrap_text_for_post(text=suffix, platform='twitter',
                                                           project_name=detected_project)
-                            if wrap_res.get('ok') and wrap_res.get('codes'):
+                            # Use the wrapped text whenever the wrap call succeeded.
+                            # codes=[] is now valid (UTM-only fallback path for
+                            # projects with short_links_live=false), and the
+                            # rewritten text still carries full s4l attribution.
+                            # Old guard `and wrap_res.get('codes')` silently
+                            # skipped utm_only fallbacks and let bare URLs
+                            # through in the suffix.
+                            if wrap_res.get('ok'):
                                 wrapped_suffix = wrap_res['text']
+                                tag = 'codes' if wrap_res.get('codes') else 'utm_only'
                                 print(f"[reply_to_tweet] suffix wrap project={detected_project} "
-                                      f"codes={wrap_res['codes']}", file=sys.stderr)
+                                      f"{tag}={wrap_res.get('codes') or [s.get('reason') for s in wrap_res.get('skipped',[])]}",
+                                      file=sys.stderr)
                     except Exception as _e:
                         print(f"[reply_to_tweet] suffix wrap failed ({_e}); raw",
                               file=sys.stderr)

package/scripts/twitter_post_plan.py

@@ -117,7 +117,7 @@ def update_candidate(cid: int, status: str) -> None:
         return
     cmd = [
         "psql", DATABASE_URL, "-c",
-        f"UPDATE twitter_candidates SET status='{sql_status}' WHERE id={cid}",
+        f"UPDATE twitter_candidates SET status='{sql_status}' WHERE id={cid} AND status != 'posted'",
     ]
     rc, out, err = run_subprocess(cmd, timeout_sec=30)
     if rc != 0:

package/skill/amplitude-24h-signups.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+# amplitude-24h-signups.sh — launchd wrapper for scripts/amplitude_24h_signups.py.
+#
+# Fires every 5 min from com.m13v.social-amplitude-24h.plist.
+# Writes ~/social-autoposter/skill/cache/amplitude_24h_signups.json.
+#
+# The script itself uses a real-time PostHog count for the headline number
+# (cheap, ~1s) and refreshes the eventually-consistent Amplitude export
+# only every ~25 min (heavy, ~30s + ~150 MB).
+#
+# Read by project_stats_json.py:_amplitude_signups when days==1.
+
+set -uo pipefail
+
+REPO_DIR="$HOME/social-autoposter"
+
+# shellcheck source=/dev/null
+[ -f "$REPO_DIR/.env" ] && source "$REPO_DIR/.env"
+
+# Inject Amplitude + PostHog creds from keychain so the export half can run
+# without env vars being baked into the launchd plist.
+export AMPLITUDE_STUDYLY_API_KEY="${AMPLITUDE_STUDYLY_API_KEY:-$(security find-generic-password -s amplitude-studyly-api-key -w 2>/dev/null)}"
+export AMPLITUDE_STUDYLY_SECRET_KEY="${AMPLITUDE_STUDYLY_SECRET_KEY:-$(security find-generic-password -s amplitude-studyly-secret-key -w 2>/dev/null)}"
+export POSTHOG_PERSONAL_API_KEY="${POSTHOG_PERSONAL_API_KEY:-$(security find-generic-password -s PostHog-Personal-API-Key-m13v -w 2>/dev/null)}"
+
+cd "$REPO_DIR" || exit 2
+
+# shellcheck source=lock.sh
+source "$REPO_DIR/skill/lock.sh"
+acquire_lock amplitude-24h-signups 5
+
+RUN_START=$(date +%s)
+/opt/homebrew/bin/python3.11 "$REPO_DIR/scripts/amplitude_24h_signups.py"
+EXIT_CODE=$?
+RUN_ELAPSED=$(( $(date +%s) - RUN_START ))
+
+echo "[$(date +%H:%M:%S)] === done in ${RUN_ELAPSED}s (exit=${EXIT_CODE}) ==="
+exit "$EXIT_CODE"

package/skill/archive-old-logs.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+# Archive log files older than 7 days from skill/logs/ to skill/logs-archive/.
+# The dashboard (bin/server.js) does many fs.readdirSync(LOG_DIR) calls per
+# pulse. Letting that directory grow to 17k+ files starves the event loop
+# and the dashboard stops responding. Pruning to a sibling dir keeps the
+# files around for forensics without including them in the dashboard scan.
+#
+# Scheduled daily by ~/Library/LaunchAgents/com.m13v.social-archive-logs.plist
+
+set -uo pipefail
+
+LOG_DIR="/Users/matthewdi/social-autoposter/skill/logs"
+ARCHIVE_DIR="/Users/matthewdi/social-autoposter/skill/logs-archive"
+DAYS="${ARCHIVE_DAYS:-7}"
+
+mkdir -p "$ARCHIVE_DIR" "$LOG_DIR"
+
+# Per-run summary log so the dashboard's "Other" section can find this job.
+# Filename matches the JOBS[].logPrefix value in bin/server.js.
+RUN_LOG="$LOG_DIR/archive-logs-$(date +%Y-%m-%d_%H%M%S).log"
+log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "$RUN_LOG"; }
+
+if [ ! -d "$LOG_DIR" ]; then
+  log "ERROR: LOG_DIR not found: $LOG_DIR"
+  exit 0
+fi
+
+log "=== archive-old-logs starting (DAYS=$DAYS) ==="
+
+# Only top-level files; do not touch claude-sessions/ or other subdirs.
+# Also exclude the per-run summary we just created so we don't archive
+# ourselves on long-tail edge cases.
+find "$LOG_DIR" -maxdepth 1 -type f -mtime +"$DAYS" ! -name "$(basename "$RUN_LOG")" -print0 \
+  | xargs -0 -I{} mv {} "$ARCHIVE_DIR/" 2>&1 | tee -a "$RUN_LOG" >/dev/null || true
+
+remaining=$(find "$LOG_DIR" -maxdepth 1 -type f | wc -l | tr -d ' ')
+archived=$(find "$ARCHIVE_DIR" -maxdepth 1 -type f | wc -l | tr -d ' ')
+
+log "kept=$remaining archived_total=$archived"
+log "=== done ==="