Skip to content

Add keyword-based Instagram DM verification with ManyChat#6

Open
aceyeom wants to merge 1 commit into
mainfrom
claude/magical-lovelace-ybrqcp
Open

Add keyword-based Instagram DM verification with ManyChat#6
aceyeom wants to merge 1 commit into
mainfrom
claude/magical-lovelace-ybrqcp

Conversation

@aceyeom

@aceyeom aceyeom commented Jun 22, 2026

Copy link
Copy Markdown
Owner

Summary

Refactors Instagram DM handle verification to use a keyword trigger instead of a default reply, making the system more robust and explicit. Users now DM a keyword + code (e.g., seal 4071) to trigger verification, rather than relying on a catch-all default reply.

Key Changes

Documentation & Setup

  • docs/SETUP-IG-VERIFY.md: Completely restructured to clarify the keyword-based flow:

    • Renamed §3 to emphasize "DB and keys" wiring
    • Split §3.2 into separate steps for secret generation and function deployment
    • Rewrote §4 to explain Keyword trigger (not Default Reply) with detailed ManyChat configuration
    • Added new §5 environment variable VITE_IG_KEYWORD (defaults to seal)
    • Expanded troubleshooting with keyword-specific issues
    • Added detailed explanation of the three-place keyword sync requirement

  • docs/GO-LIVE.md: Updated references to keyword-based flow and added fail-closed safety explanation

  • app/README.md: Clarified that seal fails closed on deployed builds without verification enabled

Frontend Changes

  • app/src/api/igverify.js:

    • Added igKeyword() function to read VITE_IG_KEYWORD (defaults to seal)
    • Added igMessage(code) function to construct the full DM text (e.g., seal 4071)
    • Updated deep-link and message handling to use the keyword

  • app/src/components/screens.jsx:

    • Updated IgVerifySheet to copy the full message (seal 4071) instead of just the code
    • Updated UI text to reflect "send this exact message" instead of "your code"

  • app/src/App.jsx:

    • Added fail-closed safety check: if Supabase backend is connected but VITE_IG_VERIFY_ENABLED is not set, sealing is blocked with an operator notice
    • Prevents silent fallthrough to stub verification in production

  • app/.env.example: Added VITE_IG_KEYWORD with documentation

  • app/src/i18n/strings.js:

    • Updated verification UI strings to reference "message" instead of "code"
    • Added new error message for misconfigured verification

Backend Functions

  • supabase/functions/celestual-manychat/index.ts:

    • Added KEYWORD constant (reads IG_KEYWORD secret, defaults to seal)
    • Enhanced codeCandidates() to prioritize codes immediately after the keyword (e.g., seal 4071) before falling back to any standalone 4-digit number
    • Added reEscape() helper for safe regex construction
    • Updated comments to explain keyword-based parsing

  • supabase/functions/celestual-ig-webhook/index.ts:

    • Added KEYWORD constant (reads IG_KEYWORD secret, defaults to seal)
    • Enhanced codeCandidates() with same keyword-aware parsing logic
    • Added reEscape() helper

Notable Implementation Details

  • Keyword sync requirement: The keyword must match in three places:

    1. ManyChat Keyword trigger (§4.1)
    2. Front-end VITE_IG_KEYWORD environment variable (§5)
    3. Function IG_KEYWORD secret (optional, only if overriding default)

  • Fail-closed safety: On deployed builds with a real Supabase backend, sealing now blocks with an operator notice if verification isn't enabled, preventing accidental production deployments that silently stub users through.

  • Code parsing priority: Both functions now try to extract codes from the keyword pattern first (seal 4071), then fall back to any standalone 4-digit number, ensuring robust parsing while maintaining security (parsing is never the security boundary).

  • ManyChat trigger type: Uses Contains match

https://claude.ai/code/session_01QXRnr1V7MZMTMqUnUQdXcK

@claude
Instagram verify: ManyChat keyword "seal <code>" + fail-closed seal gate
1197547 
The IG DM verification layer was fully built but silently bypassed whenever
VITE_IG_VERIFY_ENABLED wasn't set — the seal fell back to a local stub that
let anyone through, even on a deployed backend. Two fixes:

1. ManyChat activation keyword. ManyChat needs a word to wake an automation,
   so the code is now shown/copied as "seal 4071" (keyword + code). A ManyChat
   Keyword trigger on "seal" (Contains match) fires the External Request; the
   edge functions parse the 4-digit code back out (keyword-adjacent first, with
   a generic fallback for backward compatibility). Keyword is configurable via
   VITE_IG_KEYWORD (front-end) / IG_KEYWORD (functions), default "seal".

2. Fail closed in production. When a real Supabase backend is connected but
   verification is off, sealing is now blocked with an operator notice instead
   of stubbing people through. The dev/demo stub only survives when there's no
   backend at all; /demo still bypasses verification.

Also rewrites docs/SETUP-IG-VERIFY.md §3–4 with explicit DB + keys + ManyChat
keyword-trigger wiring, and updates GO-LIVE, the READMEs, and .env.example.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01QXRnr1V7MZMTMqUnUQdXcK
@vercel

vercel Bot commented Jun 22, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
celestual Ready Ready Preview, Comment Jun 22, 2026 3:10pm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aceyeom @claude