Software Updates

update investor branding and add investors@ mailbox

• Change investor page contact from Rosser to Zachary Rosser
• Update CTA to investors@katura1999.com instead of personal email
• Restore footer label to 'Investors' (plural) across en/pt/es
• Add investors@katura1999.com as shared mailbox in email system

write 33 approved foundational memories to MemoryNode

marketing nav group + under development page + memory review doc

• Add Marketing group (marketing, stella marketing, stella media, stella videos, sales goals, wholesale)
• Move Support from Sales group to Sales (Sales now: CRM, Invoices, Support)
• Add 'Under Development' link in System group → /admin/under-development
• Remove stella/goals/wholesale from commandPaletteOnlyItems (now in sidebar)
• Add EN + PT translations for groupMarketing, underDevelopment
• Directory of all 30+ pages removed from sidebar
• Organized by section with descriptions
• Direct links, no search required
• docs/YEN-FOUNDATIONAL-MEMORIES-REVIEW.md — plain-English review of all 15 seed memories for approval before running seed script

duplicate Activity import + sidebar consolidation + memory instrumentation

• Merge duplicate lucide-react imports into single block (Turbopack)
• Core: Dashboard, Orders, Products, Projects, Customers, Collections, Inventory, Analytics
• Business Tools: Yen AI, Messages, Meetings, Email, Calendar, Tasks
• Sales: CRM, Invoices, Marketing, Support
• Team + Finance + Content + System (streamlined)
• All removed items still searchable via ⌘K command palette
• Updated EN + PT i18n translations
• P0: Added structured logging to meeting-end memory extraction
• P1: Created /api/cron/yen-memory-maintenance daily cron (3 AM UTC) Calls runMemoryMaintenance() + logs getMemoryHealth() snapshot Added to vercel.json cron schedule
• P2: Created scripts/seed-yen-memories.ts — 15 foundational MemoryNode records (business identity, key people, policies, constraints) Uses graph system, not legacy YenMemory table

translation grouping + /admin/usage dashboard + memory hardening

• SubtitlePanel: groupConsecutiveLines() merges same-speaker lines within 8s
• Per-line translation awareness skips translation for same-language speakers
• sourceLanguage tracking in admin + guest meeting rooms
• GET /api/admin/usage — token/cost breakdowns by source, user, model, day
• DeepL, Deepgram, LiveKit cost estimation
• Budget status + token rate limit display
• /admin/usage page with KPI cards, sparkline, tables
• pruneExpiredMemories() — archives nodes past expiresAt
• decayUnreinforcedMemories() — archives stale low-importance nodes (60d)
• deduplicateMemories() — content-similarity dedup within scope+type
• runMemoryMaintenance() — single call for all cleanup tasks
• getMemoryHealth() — monitoring metrics for admin
• On-access pruning in buildMemoryContext()

no-hallucination hard rule + per-user & org-wide token rate limits

• Added top-level hard rule: Yen is FORBIDDEN from inventing or guessing any contact information (email, phone, address, name). If a tool did not return a confirmed value, Yen must honestly say so and ask. No exceptions.
• Added TOKEN_LIMITS constants (all env-var-overrideable): Individual: 40k/day · 200k/week · 600k/month Company: 200k/day · 800k/week · 3M/month
• Added checkUserTokenLimits(userId, tenantId): single parallel query checks all 6 windows and returns ok:false + limitKind + reason + usage
• Added getUserTokenStats(tenantId): per-user breakdown of token usage (day/week/month + cost) for the admin dashboard
• Added checkUserTokenLimits call after checkMonthlyBudget
• Returns HTTP 429 with rateLimited:true, limitKind, used/limit counts, and full usage snapshot — applies to ALL users including Katura employees

clean meeting summary output, bypass sendEmail gate for Katura employees, update Yen signature

• handleGetMeetingSummary: replace JSON.stringify with fmtList() helper that renders action items / decisions / open questions / follow-ups as bullet points instead of raw JSON arrays
• evaluateGuard: made async; adds early ALLOW for sendEmail when recipient is *@katura1999.com or a known WorkerProfile.personalEmail (falls through to SOFT_GATE for all other external addresses)
• chat/route.ts + agent-runner.ts: await evaluateGuard() at both call sites
• compose-email/route.ts: replaced plain-text signature table with branded logo signature matching Rosser's format (Katura logo, navy divider, gold accent links)

structured feedback system — FeedbackEvent + PlaybookRule + GoldenExample

• yen-feedback.prisma: 3 new schema models
• SQL migration + runner
• API: /feedback, /feedback/[id], /playbook, /playbook/[id], /golden-examples
• YenFeedbackWidget: 4-button component (Good/Bad/Edited/Problem) + tag selector
• Audit pages: /audit/feedback + /audit/playbook with activate/retire controls
• chat/route.ts: injects active PlaybookRules into system prompt via raw SQL
• email/page.tsx: replaced memory-hack thumbs with proper YenFeedbackWidget

fetch work/personal emails from DB, never hardcode addresses

malformed Anthropic request after soft-gate + add listRecentMeetings/getMeetingSummary tools

fix personal CC email (Gmail), add post-send thumbs feedback → memory

comprehensive architecture doc — three products, full technical inventory

audit restructure — token spend dashboard + tools/guardrails/emails sub-pages

sendEmail tool — Confirm/Decline flow instead of refusal

• Register sendEmail tool definition (to, toName, cc, ccName, subject, bodyHtml, bodyText, note)
• Add handleSendEmail handler — calls /api/admin/yen/send-email (Brevo) after user approves
• Add dispatch case 'sendEmail'
• Tool description instructs model to always draft + call, never refuse
• Remove 'send emails without confirmation' from hard NEVER list
• Add dedicated '# Sending emails' section: draft from context, call sendEmail, let soft gate handle confirm/decline
• Explicit: 'The soft gate is the safety mechanism. You do not need to be the safety mechanism.'
• Math.floor(liveFirmCost) before formatPrice — ticks in whole dollars only (was 0.01 increments)

memory schema hardening — Virgil's 9-point review

• MemoryNode: add workspaceId, userId, archivedAt
• MemoryNode: comment on @@unique([tenantId,id]) enforced in SQL
• MemorySummary: label now non-null default 'overview' (required for compound unique)
• MemorySummary: @@unique now (tenantId, scope, scopeId, label) — Option B multi-summary
• MemorySummary: add refreshReason field
• Add @@index([tenantId, scope, scopeId]) to MemorySummary for queries without label
• All memorySummary upsert/findUnique use new key tenantId_scope_scopeId_label
• label defaults to 'overview' everywhere (was null/scopeId)
• ALTER TYPE ADD VALUE IF NOT EXISTS for all enum members (safe on existing DBs)
• ALTER TABLE ADD COLUMN IF NOT EXISTS for all new columns
• CHECK constraints: confidence [0,1], importance [1,10]
• UNIQUE(tenantId, id) on MemoryNode for composite FK safety
• Composite FKs: MemorySource and MemoryEdge reference (tenantId, nodeId) not just nodeId
• Partial indexes: active scope + active subject, ranked by importance DESC
• MemorySummary unique constraint migrated from (tenant,scope,scopeId) → (tenant,scope,scopeId,label)
• NULL label rows backfilled to 'overview' before constraint applied
• RLS enabled on all 4 tables with service_role bypass policy

Virgil's memory architecture — MemoryNode graph layer

• prisma/schema/yen-memory-graph.prisma: MemoryNode, MemorySource, MemoryEdge, MemorySummary
• MemoryNode: typed (13 types), durable, status-tracked, source-linked
• MemorySource: evidence backing every node — why Yen believes it
• MemoryEdge: supersedes/contradicts/supports/belongs_to_project graph
• MemorySummary: precomputed scope-level summaries (cheap retrieval)
• src/lib/yen/memory-graph.ts: full pipeline
• extractMemoriesFromTranscript() — Haiku extraction from transcripts
• classifyMemoryCandidate() — permanent/long_term/short_term/sensitive/discard
• upsertMemoryNode() — dedup, supersede old, attach source
• refreshMemorySummary() — Haiku summary regen per client/project
• buildMemoryContext() — narrow retrieval (1 summary + 10 nodes + 5 graph)
• processTranscriptIntoMemory() — full pipeline: extract → upsert → summarize
• tools.ts: storeMemoryNode, getMemoryContext, correctMemoryNode tools
• human correction always outranks model extraction (confidence=0.95)
• never_model access level never injected into prompts
• never_model nodes silently omitted from all retrieval
• sensitive type auto-set to never_model
• retrieval budgets: chat(10 nodes), email(8), proposal(20) — no firehose
• cost guard checked before every extraction call

email mailbox, client memory, follow-up rules, audit log

• Add /admin/yen/email compose UI with Anthropic Haiku/Sonnet routing
• Add /admin/yen/audit filterable log (tool calls, guardrails, emails)
• Add compose-email API with cost guard, abort/Stop, client memory enrichment
• Add send-email API via Brevo from yen@katura1999.com with audit logging
• Add audit API aggregating YenToolCall + YenGuardrailEvent + YenEmailSent
• Add client-memory CRUD API (/api/admin/yen/client-memory)
• Add follow-up-rules CRUD API (/api/admin/yen/follow-up-rules)
• Add prisma schemas: ClientMemoryCard, ClientMemoryEvent, YenFollowUpRule, YenPermission, YenEmailSent
• Add tool definitions + dispatch + handlers for getClientMemory, updateClientMemory, createFollowUpRule, listFollowUpRules
• Regenerate Prisma client

client preview & CAD renders — comprehensive feature documentation

subtitle fragmentation, duplication, and translation consistency

• Three issues surfaced during the May 12 Pedro test meeting:
• 1. FRAGMENTATION — Deepgram fires is_final at every endpoint boundary,
• producing many short lines for what's actually one sentence. Fix:
• accumulate consecutive finals in finalMergeBufferRef for 600ms and
• push a single merged line to the display. Broadcast + DB persist
• still happen immediately on each fragment (remote viewers unaffected).
• 2. DUPLICATION — After a final the live caption stayed visible while the
• same text was added to the transcript history, showing the line twice.
• Fix: the merge-timer callback clears latestSourceRef/Translated and
• calls setLiveCaption(null) on the next frame (only if no new interim
• has started), handing the display off cleanly to the history lines.
• 3. TRANSLATION INCONSISTENCY — In-flight interim translate requests were
• completing AFTER the final's translate response and overwriting it
• with stale data. Also, translateInterimForViewer was calling
• pushSubtitle(undefined, res.text) on finals which raced with the
• live-caption clear. Fix: bump interimTranslateTokenRef at start of
• every final block to cancel in-flight interims; final translate only
• updates setTranscript (history column) and never touches live caption.
• Cleanup: finalMergeTimerRef is cancelled in both stopStt() and
• ws.onclose so no stale callbacks fire after the session ends.

Deepgram Nova-3 STT full implementation log — May 12 2026

stale closure — translation never fired after startStt()

• ws.onmessage interim branch (translateInterimForViewer call)
• ws.onmessage final branch (translate fetch + sourceLanguage field)
• translateInterimForViewer useCallback (reads ref not stale state)

Deepgram fragmentation + translation diagnostics

• translate route: warn in server logs when DEEPL_API_KEY is not set
• room client: show one-time toast 'check DEEPL_API_KEY' when translate returns the original text unchanged with cached=false (the soft-fail path in translateSegment when the key is missing)
• translate catch: log warning instead of swallowing silently

add wss://api.deepgram.com to CSP connect-src

• The Deepgram WebSocket was being blocked by Content-Security-Policy.
• Add both wss:// and https:// for api.deepgram.com to allow the live
• STT connection from the browser.

AudioWorklet not processing — silent sink + early port listener

• Root cause: Chrome optimizes away AudioWorklet nodes not connected to
• AudioDestinationNode. source → worklet with no worklet → destination
• means process() is never called → zero bytes sent to Deepgram.
• Fix 1 (both admin + guest rooms):
• Add worklet → silentSink(gain=0) → destination so the node stays in
• the active audio graph. Zero gain means no mic bleed to speakers.
• Fix 2 (both rooms):
• Move worklet.port.onmessage assignment to BEFORE the WebSocket is
• created, not inside ws.onopen. Audio buffers queued during the WS
• handshake (~200ms) were being silently dropped. Now they buffer on
• the port and flush when the WS opens.
• Fix 3 (guest room):
• Add audioCtx.resume() guard that was missing from the guest client
• (was only in admin client after last commit).

meeting room STT — AudioContext suspension + WS error recovery

• toggleAiNotes: remove dead isSttSupported branch (always true; Deepgram works everywhere — just call startStt() directly in the else branch)

deepgram-token routes — return master key directly

• The rotated Deepgram API key does not have admin/member scope required
• to create ephemeral sub-keys via POST /v1/projects/{id}/keys. Both
• admin and guest token routes were 500-ing on the getProjectId() call.
• Fix: return DEEPGRAM_API_KEY directly from both routes. Both endpoints
• are already protected by auth (admin session / valid invite token), so
• returning the master key is safe — only authenticated users ever see it.
• Removes the unnecessary round-trip to Deepgram key-creation API.

fix + feat: share-link 500, schedule timezone + attendee search

• Add preferredName String? to prisma/schema/jewelry-projects.prisma
• Run prisma generate → fixes 500 on POST /api/admin/jewelry-projects/[id]/share-links
• Root cause: column existed in DB (migration was run) but Prisma 6 runtime rejects unknown fields in create.data even with 'as any' cast
• Show local timezone below date/time pickers (e.g. 'America/New_York (EST)')
• Derived from Intl.DateTimeFormat().resolvedOptions().timeZone on mount
• Replace plain text input with search-as-you-type dropdown
• Debounced 250ms fetch to /api/admin/customers/search (existing endpoint)
• Finds users by name OR any email (stella@katura1999.com + contatoluiseagency@gmail.com both surface)
• Click to add → email chip; manual type + Enter still works as fallback
• Suggestions auto-hide already-added emails

Deepgram Nova-3 STT replaces browser SpeechRecognition

• public/deepgram-processor.js — AudioWorklet: Float32→Int16 PCM for Deepgram WS
• api/admin/meetings/[id]/deepgram-token — creates 90-min scoped temp key
• api/guest/deepgram-token — same, auth via inviteToken (raw SQL, same pattern as translate)
• meeting-room-client: async startStt() opens Deepgram WS via AudioWorklet
• Prefers LiveKit mic track (no second getUserMedia, fixes iOS)
• Falls back to getUserMedia if LK track not ready
• onmessage: is_final→finalLogic, else→interimLogic (Hey Yen, broadcast, persist, translate all unchanged)
• stopStt: sends CloseStream, closes WS + AudioContext + stream
• isSttSupported always true (works in all browsers incl Firefox, Safari, iOS)
• guest-room-client: same async Deepgram pattern
• Removed isIOS guard (iOS now works via LK mic track reuse)
• Same interim/final broadcast logic to host

Hey Yen phonetic regex, STT lang BCP-47 fix (pt-BR not pt), spoken lang settings panel, Sparkles=always public Yen, remove FAB

customer autocomplete + preferredName headline, i18n (PT/ES/FR), DESIGNED FOR, mobile zoom 170%; feat(meetings): guest Yen passive display

panel layout respects subtitle bar, Yen FAB bottom-left, Hey Yen public mode, guest captions broadcast + subtitles default on, instant meeting end when host leaves alone

Hey Yen AI assistant — keyword trigger, streaming chat panel, tool calling, LiveKit broadcast

fix translation for local speaker, button color semantics, meeting cost+impact summary

• Local speaker final STT result now calls pushSubtitle(undefined, res.text) so translated text appears in the subtitle overlay (was only updating the transcript sidebar before)
• Local speaker interim STT also calls translateInterimForViewer so translation is live as you speak, not just after the utterance ends
• CtrlBtn gains variant prop: 'media' | 'feature' | 'default'
• Mic + Camera: variant=media → yellow (#facc15) when muted/off, white when active
• Subtitles, Yen Advisor, Settings, Translation, Chat: variant=feature → sky-blue when active, dimmed when inactive
• New MeetingCostSummary client component with per-service cost breakdown: LiveKit ($0.0012/participant-min), DeepL ($5.49/1M chars), Claude (real token counts)
• Queries MeetingTranslationCache for actual translated char count
• Pulls inputTokens/outputTokens from MeetingMinutes (already stored)
• Words transcribed stat (browser Web Speech API = free)