feat: per-user notifications (ntfy + RSS), deduplicated actions, backfill task

Notifications:
- New /notifications page accessible to all users (ntfy + RSS config)
- ntfy now supports no-auth, Bearer token, and HTTP Basic auth (for ACL-protected self-hosted servers)
- RSS enabled/disabled independently of ntfy; token auto-generated on first GET
- Notification settings removed from admin-only Settings page; replaced with link card
- Sidebar adds Notifications nav link for all users
- notification_dispatcher.py: fan-out now marks RSS events dispatched independently

Action history:
- Migration 0012: deduplicates existing bill_actions rows and adds UNIQUE(bill_id, action_date, action_text)
- congress_poller.py: replaces existence-check inserts with ON CONFLICT DO NOTHING (race-condition safe)
- Added backfill_all_bill_actions task (no date filter) + admin endpoint POST /backfill-all-actions

Authored-By: Jack Levy

backend/app/api/admin.py

@@ -130,6 +130,10 @@ async def get_stats(
             WHERE bb.id IS NULL AND bd.raw_text IS NOT NULL
         """)
     )).scalar()
+    # Bills that have never had their action history fetched
+    bills_missing_actions = (await db.execute(
+        text("SELECT COUNT(*) FROM bills WHERE actions_fetched_at IS NULL")
+    )).scalar()
     return {
         "total_bills": total_bills,
         "docs_fetched": docs_fetched,
@@ -141,6 +145,7 @@ async def get_stats(
         "pending_llm": pending_llm,
         "bills_missing_sponsor": bills_missing_sponsor,
         "bills_missing_metadata": bills_missing_metadata,
+        "bills_missing_actions": bills_missing_actions,
         "remaining": total_bills - total_briefs,
     }
 
@@ -183,6 +188,14 @@ async def trigger_fetch_actions(current_user: User = Depends(get_current_admin))
     return {"task_id": task.id, "status": "queued"}
 
 
+@router.post("/backfill-all-actions")
+async def backfill_all_actions(current_user: User = Depends(get_current_admin)):
+    """Queue action fetches for every bill that has never had actions fetched."""
+    from app.workers.congress_poller import backfill_all_bill_actions
+    task = backfill_all_bill_actions.delay()
+    return {"task_id": task.id, "status": "queued"}
+
+
 @router.post("/backfill-metadata")
 async def backfill_metadata(current_user: User = Depends(get_current_admin)):
     """Fill in null introduced_date, congress_url, chamber for existing bills."""

backend/app/api/members.py

@@ -69,12 +69,11 @@ async def get_member(bioguide_id: str, db: AsyncSession = Depends(get_db)):
     if not member:
         raise HTTPException(status_code=404, detail="Member not found")
 
-    # Kick off member interest scoring on first view (non-blocking)
+    # Kick off member interest on first view — single combined task avoids duplicate API calls
     if member.detail_fetched is None:
         try:
-            from app.workers.member_interest import fetch_member_news, calculate_member_trend_score
-            fetch_member_news.delay(bioguide_id)
-            calculate_member_trend_score.delay(bioguide_id)
+            from app.workers.member_interest import sync_member_interest
+            sync_member_interest.delay(bioguide_id)
         except Exception:
             pass
 

backend/app/api/notifications.py

@@ -0,0 +1,138 @@
+"""
+Notifications API — user notification settings and per-user RSS feed.
+"""
+import secrets
+from xml.etree.ElementTree import Element, SubElement, tostring
+
+from fastapi import APIRouter, Depends, HTTPException
+from fastapi.responses import Response
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.core.dependencies import get_current_user
+from app.database import get_db
+from app.models.notification import NotificationEvent
+from app.models.user import User
+from app.schemas.schemas import NotificationSettingsResponse, NotificationSettingsUpdate
+
+router = APIRouter()
+
+_EVENT_LABELS = {
+    "new_document": "New Bill Text",
+    "new_amendment": "Amendment Filed",
+    "bill_updated": "Bill Updated",
+}
+
+
+def _prefs_to_response(prefs: dict, rss_token: str | None) -> NotificationSettingsResponse:
+    return NotificationSettingsResponse(
+        ntfy_topic_url=prefs.get("ntfy_topic_url", ""),
+        ntfy_auth_method=prefs.get("ntfy_auth_method", "none"),
+        ntfy_token=prefs.get("ntfy_token", ""),
+        ntfy_username=prefs.get("ntfy_username", ""),
+        ntfy_password=prefs.get("ntfy_password", ""),
+        ntfy_enabled=prefs.get("ntfy_enabled", False),
+        rss_enabled=prefs.get("rss_enabled", False),
+        rss_token=rss_token,
+    )
+
+
+@router.get("/settings", response_model=NotificationSettingsResponse)
+async def get_notification_settings(
+    current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+):
+    user = await db.get(User, current_user.id)
+    # Auto-generate RSS token on first visit so the feed URL is always available
+    if not user.rss_token:
+        user.rss_token = secrets.token_urlsafe(32)
+        await db.commit()
+        await db.refresh(user)
+    return _prefs_to_response(user.notification_prefs or {}, user.rss_token)
+
+
+@router.put("/settings", response_model=NotificationSettingsResponse)
+async def update_notification_settings(
+    body: NotificationSettingsUpdate,
+    current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+):
+    user = await db.get(User, current_user.id)
+    prefs = dict(user.notification_prefs or {})
+
+    if body.ntfy_topic_url is not None:
+        prefs["ntfy_topic_url"] = body.ntfy_topic_url.strip()
+    if body.ntfy_auth_method is not None:
+        prefs["ntfy_auth_method"] = body.ntfy_auth_method
+    if body.ntfy_token is not None:
+        prefs["ntfy_token"] = body.ntfy_token.strip()
+    if body.ntfy_username is not None:
+        prefs["ntfy_username"] = body.ntfy_username.strip()
+    if body.ntfy_password is not None:
+        prefs["ntfy_password"] = body.ntfy_password.strip()
+    if body.ntfy_enabled is not None:
+        prefs["ntfy_enabled"] = body.ntfy_enabled
+    if body.rss_enabled is not None:
+        prefs["rss_enabled"] = body.rss_enabled
+
+    user.notification_prefs = prefs
+
+    if not user.rss_token:
+        user.rss_token = secrets.token_urlsafe(32)
+
+    await db.commit()
+    await db.refresh(user)
+    return _prefs_to_response(user.notification_prefs or {}, user.rss_token)
+
+
+@router.post("/settings/rss-reset", response_model=NotificationSettingsResponse)
+async def reset_rss_token(
+    current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+):
+    """Regenerate the RSS token, invalidating the old feed URL."""
+    user = await db.get(User, current_user.id)
+    user.rss_token = secrets.token_urlsafe(32)
+    await db.commit()
+    await db.refresh(user)
+    return _prefs_to_response(user.notification_prefs or {}, user.rss_token)
+
+
+@router.get("/feed/{rss_token}.xml", include_in_schema=False)
+async def rss_feed(rss_token: str, db: AsyncSession = Depends(get_db)):
+    """Public tokenized RSS feed — no auth required."""
+    result = await db.execute(select(User).where(User.rss_token == rss_token))
+    user = result.scalar_one_or_none()
+    if not user:
+        raise HTTPException(status_code=404, detail="Feed not found")
+
+    events_result = await db.execute(
+        select(NotificationEvent)
+        .where(NotificationEvent.user_id == user.id)
+        .order_by(NotificationEvent.created_at.desc())
+        .limit(50)
+    )
+    events = events_result.scalars().all()
+    return Response(content=_build_rss(events), media_type="application/rss+xml")
+
+
+def _build_rss(events: list) -> bytes:
+    rss = Element("rss", version="2.0")
+    channel = SubElement(rss, "channel")
+    SubElement(channel, "title").text = "PocketVeto — Bill Alerts"
+    SubElement(channel, "description").text = "Updates on your followed bills"
+    SubElement(channel, "language").text = "en-us"
+
+    for event in events:
+        payload = event.payload or {}
+        item = SubElement(channel, "item")
+        label = _EVENT_LABELS.get(event.event_type, "Update")
+        bill_label = payload.get("bill_label", event.bill_id.upper())
+        SubElement(item, "title").text = f"{label}: {bill_label} — {payload.get('bill_title', '')}"
+        SubElement(item, "description").text = payload.get("brief_summary", "")
+        if payload.get("bill_url"):
+            SubElement(item, "link").text = payload["bill_url"]
+        SubElement(item, "pubDate").text = event.created_at.strftime("%a, %d %b %Y %H:%M:%S +0000")
+        SubElement(item, "guid").text = str(event.id)
+
+    return tostring(rss, encoding="unicode").encode("utf-8")