Fix email reply access and threading

supabase/functions/send-admin-email-reply/index.ts

@@ -38,12 +38,16 @@ const handler = async (req: Request): Promise<Response> => {
       return createErrorResponse({ message: 'Unauthorized' }, 401, corsHeaders);
     }
 
-    // Verify admin role
-    const { data: isAdmin, error: roleError } = await supabase
+    // Verify admin, moderator, or superuser role
+    const { data: isSuperuser } = await supabase
+      .rpc('has_role', { _user_id: user.id, _role: 'superuser' });
+    const { data: isAdmin } = await supabase
       .rpc('has_role', { _user_id: user.id, _role: 'admin' });
+    const { data: isModerator } = await supabase
+      .rpc('has_role', { _user_id: user.id, _role: 'moderator' });
 
-    if (roleError || !isAdmin) {
-      edgeLogger.warn('Non-admin attempted email reply', { 
+    if (!isSuperuser && !isAdmin && !isModerator) {
+      edgeLogger.warn('Non-privileged user attempted email reply', { 
         requestId: tracking.requestId,
         userId: user.id 
       });

supabase/functions/send-contact-message/index.ts

@@ -177,6 +177,23 @@ const handler = async (req: Request): Promise<Response> => {
     const ticketNumber = submission.ticket_number || 'PENDING';
     const messageId = `<${ticketNumber}.${submission.id}@thrillwiki.com>`;
 
+    // Insert initial message into email thread
+    await supabase
+      .from('contact_email_threads')
+      .insert({
+        submission_id: submission.id,
+        direction: 'inbound',
+        from_email: email.trim().toLowerCase(),
+        to_email: adminEmail,
+        subject: subject.trim(),
+        body_text: message.trim(),
+        message_id: messageId,
+        metadata: {
+          category: category,
+          name: name.trim()
+        }
+      });
+
     if (forwardEmailKey) {
       // Send admin notification
       fetch('https://api.forwardemail.net/v1/emails', {