Reqon — self-hosted job-search command center. Live requisitions grouped by fit tier, each carrying a fit score, interview-probability estimate, salary, link-confidence, and a full tracking layer (status, dates, recruiter, referral, resume version, follow-ups, next action).
Fit = domain / résumé match. Interview probability = odds of landing a screen, kept separate from fit. Expected value = fit × probability — your apply-effort allocator. Tier is set by expected value.
Every edit saves server-side and persists. Use Run Scout to pull fresh roles from board APIs, and the Today tab for what needs action.
A requisition = one specific role at a company. Group is by company name.
Paste a JSON array of roles (or {"roles":[…]}) — e.g. ChatGPT's output. Append-only merge: dedupes by company+role, never overwrites your tracking edits. Runs locally — no token or HTTPS needed.
—
Enable or disable the board APIs the scout polls, add companies by careers URL, and check each source's last run. Saves to boards.json / watchlist.json — takes effect on the next run, no restart.
Thresholds and keyword lists that decide which roles the scout adds and how it ranks them.
Employment types match the role title and are dropped. Blockers demote a match (−2 fit each) so heavy hits fall below your min-fit / min-tier; light hits just rank lower.
Drives scoring & pre-fill. Re-parse your resume to refresh keywords.
Higher weight = stronger pull. Weight ≥ 3 marks a term "emphasized" (a scout fit bonus). Set a weight to 0 (or remove) to suppress. These overrides are kept when you re-parse your résumé, and feed the server scout. The on-device app scout uses Search criteria keywords; it only runs when no server is connected.
Standard self-ID answer sets, synced to the app. Stored privately for your reference — the apply-assist never auto-fills or submits these.
How statuses route to board tabs, when hygiene lanes flag work, the analytics window, and per-source apply modes.
Comma-separated statuses routed to each board tab. Any unlisted status falls into Open.
Lanes are non-destructive: closed reqs are surfaced for review and archived only on confirm (snapshot taken first) — never auto-deleted.
fillable = Claude-in-Chrome can fill the form · gated = login-walled · simplify = Simplify Copilot · manual = by hand. Each card has a per-row override.
The OpenAI model and budget for scout rescoring, plus the per-req draft assistant. API keys live under Advanced.
Cost control: each run makes at most this many AI calls, and a role isn't re-scored until its posting changes or this many days pass. ~0.5–1k tokens per call on gpt-5.4-mini.
Per-req "✍ AI draft" composes a cover note or screening answer from your profile + narratives + JD. Output is editable and never auto-submitted.
The always-on server composes a morning digest from your data and delivers it at the set time via Slack webhook or SMTP. A file fallback is always written to agent/digest-latest.html.
Save settings before sending a test. Gmail with 2-Step Verification needs an App Password (Google Account → Security → App passwords), not your account password.
Reads recruiter emails on the server and updates the board — auto-sets rejections, flags interviews/offers for review. Same credential model as the iOS app; this is the server-side equivalent. Needs a Gmail App Password.
Every board save snapshots the previous data first; corruption-shaped saves are refused. Snapshots are never auto-deleted beyond the retention cap (manual & phase snapshots are always kept).
Only the newest 50 auto-snapshots are kept. A save that would drop more than the guard % of rows — or an empty save over a non-empty store — is refused as likely corruption. Set the guard to 0 to allow any size drop.
Deletes are soft (tombstones) so they sync to other devices. Purging permanently removes them (snapshots first).
API keys and tokens for AI rescoring and job aggregators.
.env and are never sent back to the browser. Fields show only whether a key is set; leave blank to keep the current value.Full-access passphrase for remote/app sign-in (the one the login page + app Sync ask for). Takes effect immediately — no restart. Changing it logs out paired devices until they re-pair (re-scan the QR or re-enter). Leave blank and click to disable remote auth (not recommended).
The ingest token is scoped to POST /api/reqs/merge + /quickadd only — safe to hand an automation (ChatGPT Action). Send either it or the app passphrase as the X-CRM-Token header.
iOS blocks plaintext HTTP, so connecting from outside your LAN needs HTTPS. Set this to your Tailscale Funnel or Caddy hostname and the pairing QR below will bake that origin (no port). Leave blank for same-network LAN pairing. See agent/run-tunnel.sh and MOBILE-SETUP.md.
Scan from the iOS app (Settings → Sync → Scan QR) to set the server URL + passphrase automatically — no typing. The QR carries full access, so only show it on your own screen.
Token-based APNs (.p8 key). From the Apple Developer portal: Keys → an APNs key (.p8) + its Key ID, your Team ID, and the app's Bundle ID (com.reqon.app). Paste the .p8 contents or give a server file path — the key is written 0600 and never sent back to the browser.