Right now
…indexed SKUs
…categories
…pipelines
…healthy
…recalls
…regulations
…discrepancies
…brands
Data sources
| Source | Type | Cadence | Rows | Last run |
|---|---|---|---|---|
| Loading… | ||||
Live endpoints (public, no auth)
| Method | Path | Description |
|---|---|---|
| Data spine | ||
GET | /architecture/stats | Live counts driving this page. |
GET | /architecture/sources | All data-source pipelines with current status. |
GET | /architecture/sources/:id | One source + last 20 ingestion runs. |
| SKU catalog | ||
GET | /sku/search?q=&category=&brand=&includeSources=1 | FTS5 fuzzy over indexed catalog (p99 < 50ms). Falls back to LIKE during bootstrap. |
GET | /sku/:id | SKU detail with sources + recalls. |
GET | /compare?skus=a,b,c | Side-by-side comparison of 2-6 SKUs + shared-spec matrix. |
| Audit pipeline | ||
POST | /audit | Full audit (extract → search → verify + self-verify → rank → cross-check). Accepts kind: text / query / url / image / photo. |
POST | /audit/stream | Same, SSE per-stage for live UI. |
POST | /visual-audit | Opus 4.7 3.75MP vision — Chrome extension screenshots + parses any product page, including Temu/AliExpress/robots-blocked pages. Persists to sku_catalog. |
POST | /passive-scan | Stage-2 dark-pattern verification with regulation citation (FTC Junk Fees Rule, etc.). |
| Multi-page shopping session | ||
POST | /shopping-session/start | Start a 30-min session with user-granted host-allowlist + KV storage. |
POST | /shopping-session/capture | Append a visual-audit JSON to the session. Verifies host is on consent allowlist. |
GET | /shopping-session/:id/summary | Opus 4.7 reads all pages, surfaces journey-level dark patterns (price drift, dripped fees, bait-and-switch). |
| Chat & elicitor | ||
POST | /chat/clarify | Study-3 ecological-bot preference elicitor. Detects Job 2 paste and short-circuits to audit. |
POST | /chat/followup | Post-audit Q&A with 1M context over the full audit. |
| Packs + public ticker | ||
GET | /packs/stats | Knowledge-pack registry counts. |
GET | /packs/:slug | Full pack JSON. |
GET | /ticker | Public disagreement ticker (k-anonymity ≥ 5 enforced). |
| Auth + sync | ||
POST | /auth/request | Magic-link email via Resend. No passwords, ever. |
POST | /auth/verify | Exchange magic-link token for a JWT session cookie. |
GET | /auth/whoami | Returns {userId, email, createdAt} or {anonUserId}. |
POST | /auth/signout | Invalidate session. |
GET | /history/audits | User's audit history (cross-device after sign-in). |
GET | /preferences | User's saved weights, values overlay, source weighting. |
PUT | /preferences | Update a preference slice. |
| Developer surfaces | ||
POST | /mcp | Model Context Protocol (JSON-RPC 2.0). Tools: lens.audit, lens.sku_search, lens.dark_pattern_scan, lens.regulation_lookup, lens.pack_get, lens.pack_list. |
Cross-browser + cross-device compatibility
| Surface | Chrome | Firefox | Safari | Mobile |
|---|---|---|---|---|
| Web dashboard (lens-b1h.pages.dev) | ✓ full | ✓ full | ✓ full | ✓ responsive |
| Chrome extension (MV3) | ✓ primary target | △ MV3 via Mozilla port | △ Safari Web Extension port | ✗ desktop only |
| Mobile PWA | ✓ install via Android Chrome | ✓ install | ✓ Add to Home Screen on iOS 16.4+ | ✓ primary target |
| MCP (external agents) | ✓ Claude Code, Claude Agent SDK, any MCP 2024-11-05 client | |||
| Public API | ✓ CORS-enabled, fetch/curl/SDK from anywhere | |||
User profile + cross-device sync
Lens uses a two-tier identity system. Both tiers are first-class — you can use Lens forever without ever signing in.
| Tier | How identified | Where state lives | What syncs across devices |
|---|---|---|---|
| Anonymous | anonUserId minted on first visit, stored in localStorage + sent as x-lens-anon-id header. |
localStorage + Cloudflare D1 (keyed by anonUserId). |
Nothing — device-local by design. |
| Signed-in | Magic-link email via Resend. JWT in HttpOnly cookie. No passwords, ever. | Cloudflare D1 + KV. Anonymous state migrates to the user on first sign-in (anonUserId kept as reference). | Audit history, preferences, values overlay, source weighting, watchers, interventions, welfare-delta. Read/write via /preferences, /history/audits, /watchers, /interventions. |
Full export available via Export profile JSON in the web dashboard. Signed, portable, works on any future Lens instance. Delete-all-server-state supported via DELETE /preferences/:id and /auth/signout + cookie revoke.
Trust + privacy posture (hard invariants)
| Invariant | Enforced how |
|---|---|
| No affiliate links, ever | Every retailer URL scrubbed of ref=, tag=, utm_* before return. CI grep-test + LOOP_DISCIPLINE off-limits rule. |
| No ranking bias | Deterministic utility math U = Σ wᵢ·sᵢ. No LLM in the ranker. All contributions inspectable in the UI. |
| No commission, ad revenue, or partner deals | Project-violation commit rule in VISION_COMPLETE §13. |
| k-anonymity on aggregates | Public ticker suppresses any bucket with fewer than 5 contributing audits. |
| Per-host consent for passive scan | Content-script gates Stage-2 escalation on chrome.storage.local per-host consent record. |
| Shopping-session consent | Every session-capture call verifies the URL host against the consented allowlist. 403 on out-of-scope hosts. 30-min TTL default. |
| No PII in session KV | Visual-audit extracts only product-page facts (name, brand, price, specs). Reviewer PII, session cookies, tokens all stripped before the POST. |
| Every fact cited | Every sku_catalog row has ≥1 sku_source_link row with a public external_url. Discrepancies (> 15% delta between sources) flagged in discrepancy_log. |
Schema (D1)
| Table | Purpose |
|---|---|
sku_catalog | Canonical SKU identity rows. Target: millions. |
sku_source_link | Many-to-one with sku_catalog. One row per (sku, source). The raw attestation layer. |
sku_spec | Normalized spec key/value with per-source confidence. |
triangulated_price | Consensus price (median, p25, p75) across active sources. Recomputed hourly. |
price_history | Time-series prices per (sku, source). |
discrepancy_log | Rows flagged when two sources disagree > 15% on the same field. |
recall | CPSC / NHTSA / FDA recalls, normalized. |
recall_affects_sku | Junction populated by the daily matcher cron. |
firmware_advisory | Vendor + NVD CVE advisories for connected devices. |
regulation_event | Federal Register + FTC + HIBP breach entries. |
brand_index | Brand slugs, canonical names, aliases, authorized-dealer URLs. |
category_taxonomy | UNSPSC + Amazon browse-tree merged category codes. |
data_source | One row per ingester. Status, cadence, last_run_at. |
ingestion_run | One row per run. Rows seen / upserted / skipped, errors, duration. |
sku_fts | FTS5 virtual table. Fuzzy search over name + brand + model + category + summary. |
Cron schedule
| Pattern | Workflow | Purpose |
|---|---|---|
*/15 * * * * | ingest.dispatch | Every 15 min: rotate through due data sources, run up to 2 in parallel. |
*/15 * * * * | email.poll | Gmail receipt inbox polling (F12 OAuth). |
17 */2 * * * | price.poll | Every 2h: detect price drops inside retailer price-match windows. |
7 9 * * * | recall.watch | Daily 07:09 UTC: cross-match new recalls against user purchases. |
23 10 * * * | subs.renewal-watch | Daily: 7-day pre-charge subscription alerts. |
31 7 * * 1 | firmware.watch | Weekly: CVE + vendor advisory scan against owned devices. |
41 * * * * | ticker.aggregate | Hourly: publish k≥5 anonymized disagreement buckets. |
41 * * * * | triangulate.price | Hourly: recompute triangulated_price + discrepancy_log. |
13 6 * * 1 | pack.maintenance | Weekly: knowledge-pack validator + enricher + regulation-watcher. |
Further reading
IMPROVEMENT_PLAN_V2.md — the 4-day sprint plan · DATA_SOURCES.md — the ingester registry with triangulation contract · PERSONAS.md — the four named people Lens is built for · VISION_COMPLETE.md — the canonical product thesis · AMBIENT_MODEL.md — the three-mode (active / passive / background) design.