Progress
Session-by-session execution log (rendered from progress.txt).
DATE: 2026-03-30
SESSION GOAL: Project initialization — create canonical docs, rules, and logging system (Phase 0).
CURRENT PHASE:
Phase 0 — Project foundation
COMPLETED THIS SESSION:
- Created /docs directory with all canonical documents:
PRD.md, APP_FLOW.md, TECH_STACK.md, FRONTEND_GUIDELINES.md,
BACKEND_STRUCTURE.md, SCORING_LOGIC.md, INGESTION_SOURCES.md,
VISUAL_LANGUAGE_MAP.md, INSPIRATION_LOG.md, ADR.md,
COMPONENT_MAP.md, DATA_FLOW.md, QA_CHECKLIST.md
- Created .cursor/rules/ with core-rules, product-rules, design-rules,
engineering-rules, logging-rules
- Created progress.txt and lessons.md logging templates
- Created README.md
- Resolved critical v1 unknowns and encoded decisions in docs:
- Stack: Next.js App Router + Supabase Postgres + Vercel
- Posture: hybrid (local dev + hosted deploy)
- Scoring: rule-based v1, AI-assisted v2
- ATS sources: Lever (primary), Greenhouse (secondary), Ashby (tertiary)
- UI framework: shadcn/ui for tactical, custom SVG for radar
- Wrote 5 initial ADR entries (framework, database, scoring approach, UI library, hybrid posture)
- Wrote 2 initial inspiration log entries (military sonar CRT, Linear app)
- Created IMPLEMENTATION_PLAN.md with phased milestones and acceptance criteria
IN PROGRESS:
- Nothing — Phase 0 is complete, awaiting approval to begin Phase 1 implementation.
NEXT:
- Review and approve docs.
- Begin Phase 1: scaffold Next.js project, initialize Supabase, apply schema.
BLOCKERS / QUESTIONS:
- None. All v1 decisions are documented.
FILES TOUCHED:
- docs/PRD.md (new)
- docs/APP_FLOW.md (new)
- docs/TECH_STACK.md (new)
- docs/FRONTEND_GUIDELINES.md (new)
- docs/BACKEND_STRUCTURE.md (new)
- docs/SCORING_LOGIC.md (new)
- docs/INGESTION_SOURCES.md (new)
- docs/VISUAL_LANGUAGE_MAP.md (new)
- docs/INSPIRATION_LOG.md (new)
- docs/ADR.md (new)
- docs/COMPONENT_MAP.md (new)
- docs/DATA_FLOW.md (new)
- docs/QA_CHECKLIST.md (new)
- docs/IMPLEMENTATION_PLAN.md (new)
- .cursor/rules/core-rules.md (new)
- .cursor/rules/product-rules.md (new)
- .cursor/rules/design-rules.md (new)
- .cursor/rules/engineering-rules.md (new)
- .cursor/rules/logging-rules.md (new)
- progress.txt (new)
- lessons.md (new)
- README.md (new)
VERIFICATION:
- All files listed in discovery.txt exist with substantive content.
- Rules match the guardrails specified in discovery.txt.
- Logging templates match the formats specified in discovery.txt.
KNOWN BUGS:
- None (no code yet).
NOTES:
- The darkalley-cursor/ subfolder contains an older prototype. It is not part of the v1 build but may be referenced for inspiration.
---
DATE: 2026-03-30
SESSION GOAL: Repository audit — reconcile legacy static prototype with target OS architecture; lock public vs admin boundary decision.
CURRENT PHASE:
Phase 0 complete → preparing Phase 1 (scaffold + data model verification)
COMPLETED THIS SESSION:
- Audited current repo state (Next.js skeleton + docs/rules + Supabase schema migration + legacy static prototype).
- Confirmed surface strategy: one app with two surfaces (public read-only + admin/ops).
- Confirmed v1 admin boundary: Supabase Auth + RLS (free; clean long-term boundary).
- Recorded boundary decision in docs/ADR.md (ADR-006).
IN PROGRESS:
- None (no product code changes approved yet).
NEXT:
- Phase 1 verification: ensure Supabase key boundaries are safe (service role server-only), apply/verify schema in the chosen environment, and prove read queries end-to-end.
BLOCKERS / QUESTIONS:
- Public surface requirements: which specific public pages are required for v1 (e.g., `/methodology`, `/progress`, `/jobs` read-only)?
- Admin UX scope: minimal admin console routes required before ingestion is enabled.
FILES TOUCHED:
- docs/ADR.md (updated: ADR-006)
- progress.txt (updated)
VERIFICATION:
- Read-only audit of repo tree and key files; no runtime verification performed (no behavior changes made).
KNOWN BUGS:
- Potential security risk to address in Phase 1: `SUPABASE_SERVICE_ROLE_KEY` must never be reachable by client bundles.
NOTES:
- `darkalley-cursor/` remains a useful proof-of-work artifact but must not define the Next.js/Supabase OS architecture.
---
DATE: 2026-03-30
SESSION GOAL: Phase 1 verification — enforce Supabase key boundaries; prove server-side read path; document decisions.
CURRENT PHASE:
Phase 1 — Scaffold + data model (verification slice)
COMPLETED THIS SESSION:
- Implemented explicit Supabase client split: server-only vs browser-safe.
- Added minimal server-side DB smoke read on home route (graceful when env not configured).
- Documented Supabase client split decision in ADR (ADR-007).
- Updated `.env.example` to include anon key.
- Updated README with Phase 1 setup basics.
IN PROGRESS:
- None.
NEXT:
- Decide and implement initial public read-only routes (jobs browse + methodology) without exposing privileged data.
- Implement Supabase Auth + RLS policies for admin mutations before enabling ops features.
BLOCKERS / QUESTIONS:
- Confirm minimum v1 public pages: `/jobs` (browse), `/methodology`, `/progress`?
- Confirm whether public reads should be server-only or allow browser anon reads under RLS.
FILES TOUCHED:
- .env.example (updated)
- src/lib/db/supabaseServer.ts (new)
- src/lib/db/supabaseBrowser.ts (new)
- src/lib/db/supabase.ts (updated)
- src/app/page.tsx (updated)
- docs/ADR.md (updated)
- README.md (updated)
- progress.txt (updated)
VERIFICATION:
- `npm run lint` (pass)
- `npm run build` (pass)
KNOWN BUGS:
- None confirmed.
NOTES:
- `SUPABASE_SERVICE_ROLE_KEY` is now guarded as server-only via `server-only` import.
---
DATE: 2026-03-30
SESSION GOAL: Phase 1 verification — connect hosted Supabase, apply schema migration, and confirm live DB reads.
CURRENT PHASE:
Phase 1 — Scaffold + data model (hosted verification)
COMPLETED THIS SESSION:
- Retrieved hosted Supabase project URL + anon key from Supabase project settings.
- Applied `supabase/migrations/001_initial_schema.sql` to the hosted Supabase database.
- Verified tables exist and seed data loaded (companies count = 1).
- Updated `.env.local` with hosted Supabase URL + anon key (service role remains placeholder).
- Updated server Supabase client to allow anon-key fallback for read-only verification.
IN PROGRESS:
- None.
NEXT:
- Decide whether public reads will be server-only (recommended) vs browser anon under RLS.
- Implement Supabase Auth + RLS before any admin mutations or ingestion runs.
BLOCKERS / QUESTIONS:
- Which hosted Supabase project is canonical if multiple exist? (Current: `cvkcwvmlnghwwvdqudod`.)
- Confirm minimum v1 public pages and whether any data should be publicly visible from day one.
FILES TOUCHED:
- .env.local (updated)
- src/lib/db/supabaseServer.ts (updated)
- progress.txt (updated)
VERIFICATION:
- Supabase: applied migration; list tables shows `companies/sources/scans/jobs/scores/notes/status_history`.
- Supabase: `select count(*) from public.companies` returned 1.
- `npm run build` (pass)
- `npm run lint` (pass)
KNOWN BUGS:
- None confirmed.
NOTES:
- Service-role key is intentionally not set yet; it will be required before implementing privileged ops actions.
---
DATE: 2026-03-30
SESSION GOAL: Public read-only surface MVP — `/jobs`, `/methodology`, `/progress` (server-side reads only).
CURRENT PHASE:
Phase 1 — Public read-only surface (MVP)
COMPLETED THIS SESSION:
- Added public routes:
- `/jobs` (read-only list + server-rendered filters)
- `/methodology` (renders `docs/SCORING_LOGIC.md`)
- `/progress` (renders `progress.txt`)
- Added minimal public navigation (`PublicTopNav`) and wired it in the root layout.
- Documented new surfaces/components in `docs/COMPONENT_MAP.md`.
IN PROGRESS:
- None.
NEXT:
- Decide initial public information architecture (what else is public besides jobs/methodology/progress).
- Begin admin/ops layer (auth + RLS + gated routes) before enabling ingestion.
BLOCKERS / QUESTIONS:
- Public data policy is "jobs ok" — confirm whether apply URLs should remain public, or be redacted in the public surface.
FILES TOUCHED:
- src/components/layout/PublicTopNav.tsx (new)
- src/app/layout.tsx (updated)
- src/lib/public/jobs.ts (new)
- src/app/jobs/page.tsx (new)
- src/app/methodology/page.tsx (new)
- src/app/progress/page.tsx (new)
- docs/COMPONENT_MAP.md (updated)
- progress.txt (updated)
VERIFICATION:
- `npm run lint` (pass)
- `npm run build` (pass)
KNOWN BUGS:
- None confirmed (MVP routes only).
NOTES:
- All public pages are implemented as server components; no browser Supabase client usage.
---
DATE: 2026-03-30
SESSION GOAL: Run dev locally; iterate on Phase 1 (fix Turbopack root, home env parity, README).
CURRENT PHASE:
Phase 1 — Public read-only surface + stability
COMPLETED THIS SESSION:
- Fixed dev/build Turbopack workspace root: parent `~/package-lock.json` caused Next to infer `/Users/keeganmoody` as root; set `turbopack.root` to this repo via `import.meta.url` (absolute project path).
- Aligned home page `hasEnv` with `supabaseServer` (anon key counts as configured for read smoke test).
- Updated README "Current phase" to Phase 1.
IN PROGRESS:
- None.
NEXT:
- Continue Phase 2 planning or admin/auth slice per IMPLEMENTATION_PLAN.
- Optional: remove or relocate stray `~/package-lock.json` if unintended, to reduce multi-root confusion globally.
BLOCKERS / QUESTIONS:
- None.
FILES TOUCHED:
- next.config.ts (updated)
- src/app/page.tsx (updated)
- README.md (updated)
- progress.txt (updated)
VERIFICATION:
- `npm run lint` (pass)
- `npm run build` (pass; no multi-lockfile / turbopack root warning)
KNOWN BUGS:
- None confirmed.
NOTES:
- `npm run dev` should load CSS correctly after turbopack root fix.
---
DATE: 2026-03-30
SESSION GOAL: Phase 2 — Lever ingestion pipeline (normalize, dedupe, runner) + ops-gated scan trigger.
CURRENT PHASE:
Phase 2 — Ingestion foundation (Lever)
COMPLETED THIS SESSION:
- Added `deduper.ts` (`dedupe_key` per BACKEND_STRUCTURE), `normalizer.ts` (Lever → `NormalizedJob`), `runner.ts` (fetch → company upsert → job insert with duplicate detection).
- Added `supabaseIngest.ts` — ingestion uses **service role only** (throws if missing).
- Updated Lever fetcher config to accept `company_slug` (matches DB seed) or `company` alias.
- Added server action `triggerScanAction` + `/ops/scan` page (secret + optional source UUID); `robots` noindex.
- Documented in README, `.env.example`, `docs/COMPONENT_MAP.md`.
IN PROGRESS:
- None.
NEXT:
- Add RLS policies + Supabase Auth for admin; rotate away from shared `OPS_SCAN_SECRET` when auth ships.
- Phase 2.2: scoring stub or real scorer after stable ingest.
BLOCKERS / QUESTIONS:
- None.
FILES TOUCHED:
- src/lib/db/supabaseIngest.ts (new)
- src/lib/ingestion/deduper.ts (new)
- src/lib/ingestion/normalizer.ts (new)
- src/lib/ingestion/runner.ts (new)
- src/lib/ingestion/fetchers/lever.ts (updated)
- src/app/actions/triggerScan.action.ts (new)
- src/app/ops/scan/page.tsx (new)
- src/app/ops/scan/ScanTriggerForm.tsx (new)
- .env.example (updated)
- README.md (updated)
- docs/COMPONENT_MAP.md (updated)
- progress.txt (updated)
VERIFICATION:
- `npm run lint` (pass)
- `npm run build` (pass)
KNOWN BUGS:
- None confirmed.
NOTES:
- Visit `/ops/scan` only after setting `OPS_SCAN_SECRET` and `SUPABASE_SERVICE_ROLE_KEY` in `.env.local`.
---
DATE: 2026-03-30
SESSION GOAL: Production go-live prep for darkalleybehindthegtmcafe.xyz (Vercel).
COMPLETED THIS SESSION:
- Set `metadataBase` in root layout from `NEXT_PUBLIC_SITE_URL` or `VERCEL_URL` for correct absolute metadata on deploy.
- Documented Vercel + custom domain + required env vars in README; added `NEXT_PUBLIC_SITE_URL` to `.env.example`.
IN PROGRESS:
- None (deploy requires user Vercel login / Git import).
NEXT:
- User: import repo in Vercel, set env vars, add domain `darkalleybehindthegtmcafe.xyz`, run `vercel login` locally if using CLI.
BLOCKERS / QUESTIONS:
- Local `vercel deploy --prod` failed: invalid CLI token (needs `vercel login`).
FILES TOUCHED:
- src/app/layout.tsx (updated)
- .env.example (updated)
- README.md (updated)
- progress.txt (updated)
VERIFICATION:
- `npm run lint` (pass)
- `npm run build` (pass)
KNOWN BUGS:
- None.
NOTES:
- Set `NEXT_PUBLIC_SITE_URL=https://darkalleybehindthegtmcafe.xyz` in Vercel Production env for canonical metadata.
---
DATE: 2026-03-30
SESSION GOAL: Documentation refresh + canonical URL alignment; verify production hostname.
COMPLETED THIS SESSION:
- Corrected production domain everywhere docs/examples referenced it: **darkalleybehindthegtmcafe.xyz** (apex; www redirects in Vercel). Replaced mistaken `darkalleybehindgtmcafe.xyz` (missing `the`) in README, `.env.example`, and prior progress entry.
- README: current phase (Phases 1–3 + dashboard + radar), `/dashboard` + ops scan scoring note, GitHub → Vercel, Namecheap DNS recap, `NEXT_PUBLIC_SITE_URL` guidance.
- `docs/COMPONENT_MAP.md`: dashboard, tactical, radar components; PublicTopNav + OpsScan updates; planned table trimmed to real gaps.
- `docs/IMPLEMENTATION_PLAN.md`: Phase 1–3 acceptance checkboxes; noise/prestigeTrap file split; Phases 4–5 shipped section; future phase table renumbered (6–9).
- `docs/DATA_FLOW.md`: consumers `/jobs` + `/dashboard`; `updateStatus.action.ts`, `addNote.action.ts`.
- `docs/TECH_STACK.md`: Geist via `next/font` in Decided; cleaned Planned table.
- `docs/ADR.md`: ADR-008 scoring module layout (noise + prestigeTrap files).
PRODUCT CONTEXT (recent ship, cross-reference):
- Five-dimension scorer + ingest integration; `/dashboard` tactical + radar; server actions for status and notes; commit `2aa61a1` (feat: scoring engine, dashboard, Lever ingest).
IN PROGRESS:
- None.
NEXT:
- Manually spot-check scoring vs `SCORING_LOGIC.md` on 5+ real jobs when data allows.
- Implement Supabase Auth + RLS before treating dashboard mutations as production-safe for multi-user.
BLOCKERS / QUESTIONS:
- None.
FILES TOUCHED:
- README.md, .env.example, progress.txt
- docs/COMPONENT_MAP.md, docs/IMPLEMENTATION_PLAN.md, docs/DATA_FLOW.md, docs/TECH_STACK.md, docs/ADR.md
VERIFICATION:
- `curl -sI https://darkalleybehindthegtmcafe.xyz`: HTTP/2 200, `server: Vercel`, HSTS present.
- `dig +short darkalleybehindthegtmcafe.xyz A`: `76.76.21.21`.
- `curl -sI https://www.darkalleybehindthegtmcafe.xyz`: HTTP/2 307 → `location: https://darkalleybehindthegtmcafe.xyz/`.
- Key routes (curl status): `/` 200, `/jobs` 200, `/methodology` 200, `/progress` 200. `/dashboard` returned **404** on production at check time—likely Vercel still on a pre-dashboard deployment; **push `main` and redeploy** (or promote latest deployment) so `/dashboard` matches this repo.
KNOWN BUGS:
- None from documentation work.
NOTES:
- Vercel Production must keep `NEXT_PUBLIC_SITE_URL=https://darkalleybehindthegtmcafe.xyz` for correct `metadataBase`.
---
DATE: 2026-03-30
SESSION GOAL: Recurring Lever ingestion via Vercel Cron.
COMPLETED THIS SESSION:
- Added `GET /api/cron/ingest`: verifies `Authorization: Bearer ${CRON_SECRET}`, optional `?sourceId=`, calls `runLeverScan` (same pipeline as `/ops/scan`).
- Root `vercel.json`: cron `0 8 * * *` (daily 08:00 UTC; Hobby-compatible once-per-day minimum).
- `.env.example`, README (ops + production env table), `docs/DATA_FLOW.md` updated.
IN PROGRESS:
- None.
NEXT:
- User: add `CRON_SECRET` to Vercel Production (and redeploy). Optional: tighten schedule on Pro in `vercel.json`.
BLOCKERS / QUESTIONS:
- None.
FILES TOUCHED:
- src/app/api/cron/ingest/route.ts (new)
- vercel.json (new)
- .env.example, README.md, docs/DATA_FLOW.md, docs/TECH_STACK.md, progress.txt
VERIFICATION:
- `npm run build` (pass)
NOTES:
- Cron runs on **production** deployments only. Local test: `curl -sS -H "Authorization: Bearer $CRON_SECRET" "http://localhost:3000/api/cron/ingest"`.
---
DATE: 2026-03-30
SESSION GOAL: Cron schedule aligned to 6am / noon / 8pm Eastern Standard Time.
COMPLETED THIS SESSION:
- `vercel.json`: three crons — `0 11 * * *`, `0 17 * * *`, `0 1 * * *` UTC (= 6:00, 12:00, 20:00 EST). README documents EDT drift and Hobby 2-job limit vs three entries.
FILES TOUCHED:
- vercel.json, README.md, docs/DATA_FLOW.md, progress.txt
VERIFICATION:
- `git push` + `vercel deploy --prod` (READY, aliased to apex).
NEXT:
- None for schedule; confirm three crons appear under Vercel → Cron Jobs (requires plan that allows 3 jobs).
---
DATE: 2026-03-30
SESSION GOAL: Cron config that works on Vercel Hobby (max 2 jobs).
COMPLETED THIS SESSION:
- `vercel.json`: **two** crons only — `0 11 * * *` and `0 1 * * *` UTC (~6am / ~8pm Eastern in EST; DST shifts local time). Dropped midday run so Hobby limit is satisfied.
FILES TOUCHED:
- vercel.json, README.md, docs/DATA_FLOW.md, progress.txt