Skip to content

INFRASTRUCTURE.md — alaivOS Infrastructure Map

Last updated: April 13, 2026 (Omega v2.7) Canonical status: Single source of truth for infra. Supersedes all earlier fragments.

Supersedes / absorbs: - OMEGA_V2_7_SESSION_HANDOVER.md (§6 services table, KV plan) - MASTER_PENDING_ITEMS.md (§ Infrastructure Status block) - OMEGA_V2_6_SESSION_HANDOVER.md, OMEGA_V2_5_SESSION_HANDOVER.md (infra sections) - EPSILON_v2.0_HANDOVER.md, EPSILON_v1.1_HANDOVER.md, EPSILON_SETUP.md, EPSILON_SESSION_CANONICAL_NOTES.md - SPRINT_EPSILON_COTURN_CX43.md, SPRINT_EPSILON_CHECKUP_RELAY.md, SPRINT_EPSILON_ENCRYPT_PLAINTEXT.md - SPRINT_EPSILON_SERVER_W2.md, SPRINT_EPSILON_NEXT.md, SPRINT_EPSILON_2B_CDN_UPLOAD.md, EPSILON_CDN_RENAME.md - ZETA_CX22_PROVISIONING.md, SPRINT_WAVE2_INFRA_GAPS.md - CLOUDFLARE_WORKER_BANKING.md, CLOUDFLARE_WORKER_TASKS.md - SPRINT_ALPHA_FCM_PUSH.md, SUPABASE_SPRINT16_MIGRATION.md - SPRINT_ALPHA_CALL_SIGNALING.md, SPRINT_BETA1_CALL_SESSION.md - alaivOS_phone_ai_server_hub_architecture.md, alaivOS_web_architecture_complete.md

Cross-references: DATA_PIPELINE.md, GHOST_PROTOCOL.md, LAUNCH_PLAYBOOK.md, LEGAL_AND_PRIVACY.md, VOICE_AND_AI.md.

0. TL;DR

Component Vendor Spec Monthly
ghost-01 (CX43, Helsinki) Hetzner 8 vCPU, 16 GB RAM — 46.62.149.145 €17
cx23 (Europe traffic) Hetzner 4 vCPU, 8 GB RAM — 204.168.205.135 €4
cx23-b (DDG + airports) Hetzner 4 vCPU, 8 GB RAM, 38 GB disk — 204.168.236.190 €4
Supabase Supabase EU-central-1, project aljvskgceeurgoqdplhh Free
Cloudflare (R2 + Workers + Pages + KV) Cloudflare Account 3c64fc322ef36bd9138c7bc46382f559 Free
TheSportsDB Patreon Patreon Commercial ToS $3
Anthropic API Anthropic Batch API (Checkup only) ~$20 initial credits
TOTAL ~€28/mo + $3/mo

Zero paid API deps in POI/search/weather. Google Places = temporary luxury layer with dart-define kill-switch.

1. Hetzner Servers

1.1 ghost-01 — CX43, Helsinki (€17/mo, primary)

Role: Ghost Brain + Kokoro TTS + harvesting + Coturn + nginx + sports cache + Checkup relay + pipeline master.

  • IP: 46.62.149.145 · Spec: 8 vCPU, 16 GB RAM · OS kernel: 6.8.0-107 (reboot pending — "System restart required")
  • SSH: ssh -i ~/.ssh/id_ed25519 root@46.62.149.145
  • DNS: ghost.alaivos.com → 46.62.149.145 (A record, Cloudflare proxied)

Services (all systemd, active):

Service Port Purpose
ollama 11434 LLM inference — gemma4:e4b active, OLLAMA_KEEP_ALIVE=-1 (pinned, ~10 GB loaded RAM, 12 tok/s, thinking mode OFF for Instant)
ghost-router 11435 (internal) Python proxy, injects gemma4:e4b default per route (/opt/ghost/model_router.py)
sports-cache 8300 31-league multi-sport cache (ESPN + TheSportsDB + Jolpica F1 + boxing scraper), 1hr TTL, stale-on-error
checkup-relay 8100 Laiv Checkup — device-strip → Gemma 4 E4B anonymize → Anthropic Batch API. Needs ANTHROPIC_API_KEY
nginx 443/80 Public HTTPS for ghost.alaivos.com (headers updated for gemma4:e4b)
coturn 3478/udp+tcp, 5349/tls, 49152-65535/udp TURN relay for WebRTC calls

Ollama models installed: gemma4:e4b (ACTIVE, 9.6 GB), gemma4:e2b (7.2 GB, 21.8 tok/s), qwen3.5:9b (6.6 GB fallback, 5.6 tok/s), plus 0.8B/2B/4B reference.

Rollback: sed -i "s/gemma4:e4b/qwen3.5:9b/" /opt/ghost/model_router.py && systemctl restart ghost-router

Coturn: realm alaivos.com, TURN_SECRET=717f7eee08175aa556d8066f5e77348c6754d3841aa4f8b9e3e6710e491fd3c3, HMAC-SHA1 time-limited auth, no-tcp-relay, RFC1918 peers denied. Config at /etc/turnserver.conf.

Ghost public token header (for signed app requests): X-Ghost-Token: a8ef1026e95484f31aee9a3eab0c5646c809acf73c422300be113a40e61b3995

1.2 cx23 — Europe traffic (€4/mo)

  • IP: 204.168.205.135 · Role: Tier-1 live traffic collection (EU) + OSM/POI enrichment
  • Cron: TomTom snapshots (APM/MID/PM) on round-robin keys; rsync to ghost-01 nightly

1.3 cx23-b — Expansion + DDG (€4/mo)

  • IP: 204.168.236.190 · Role: DDG harvester + airport pipeline + secondary traffic. 38 GB disk — too small for self-hosted Photon.

1.4 Bishop — Mini PC (J's desk, not a GPU server)

Hardware: AMD Ryzen AI 9 HX 370, 64 GB DDR5 RAM, Radeon 890M iGPU + XDNA 2 NPU (50 TOPS), no discrete GPU, no CUDA.

Role: - One-time training: voice pipeline (Kokoro → Piper fine-tune), Laiv Brain Distillation (~3,500 examples, $475-710, 4-6 weeks). - Personal SmartLab stack (Docker/Proxmox, alaivOS dev env, business tools). - Training on CPU — slower but sufficient for one-time jobs.

Status: pending J provisioning. Blocks voice pipeline v1.0.

2. Cloudflare

  • Account ID: 3c64fc322ef36bd9138c7bc46382f559
  • Zone (alaivos.com): 61aa2fc5577e9f95ec50a60b3e78a001

2.1 R2 CDN — cdn.alaivos.com

  • Bucket: alaivos-models · S3 endpoint: https://3c64fc322ef36bd9138c7bc46382f559.r2.cloudflarestorage.com
  • rclone: v1.73.4 on ghost-01, remote r2: configured at ~/.config/rclone/rclone.conf
  • Credentials: /opt/ghost/airport_pipeline/.env (R2_ENDPOINT_URL, R2_ACCESS_KEY_ID, R2_SECRET_ACCESS_KEY, R2_BUCKET)

Current objects under models/ (tier-based filenames, app reads manifest.json v3 for SHA + sizes):

Filename Model Size
laiv-xs.gguf Qwen 3.5 0.8B Q4_K_M 0.96 GB
laiv-s.gguf Qwen 3.5 2B Q4_K_M 2.55 GB
laiv-m.gguf Qwen 3.5 4B Q4_K_M 3.16 GB
laiv-l.gguf Gemma 4 E2B Q4_K_M 6.67 GB
laiv-xl.gguf Gemma 4 E4B Q4_K_M 8.95 GB
laiv-ghost.gguf Gemma 4 E4B Q4_K_M (server mirror) 8.95 GB
manifest.json v3, 7 tiers 4 KB
laiv-core-s/sm/m/l.bin Backward-compat aliases

Also hosted: tts-eval/kokoro-voices/ (11 WAVs), tts-eval/kokoro-crosslang/ (15 WAVs), api/models.json, infra/airports/*.json.

2.2 Workers (free tier)

Hostname Worker Source
photon.alaivos.com Photon autocomplete proxy /opt/alaivos/workers/photon/
search.alaivos.com Search aggregator (DDG) /opt/alaivos/workers/search/
places.alaivos.com POI lookup /opt/alaivos/workers/places/
banking.alaivos.com Open Banking proxy /opt/alaivos/workers/banking/
hub.alaivos.com Shared agent brain portal (PENDING deploy — 3 files + CNAME + Supabase creds)

2.3 Pages (free) — 3 sites

alaivos.com (marketing + billing portal), landing, docs. Kappa owns. Pending: 7 legal pages, privacy.html (phone collection + third-party AI processing line), terms.html (trial conditions), phone-hash row in law-enforcement page, World Cup landing (before June 1).

2.4 KV — Shared Agent Brain (planned, v2.7)

All Omega / Epsilon / builder / Delta agents read/write from a single KV namespace, eliminating copy-paste between sessions.

Keys: master-kb, current-sprint, sprint-results, sprint-log, delta-findings, arch-decisions.

Access pattern: - Omega: Cloudflare MCP (preferred) or web_fetch. - Epsilon: wrangler CLI on Knight (local) — install still pending on ghost-01. - Builders: bash + curl. - Delta: curl writes to delta-findings.

Business track uses separate KV alaivos-biz-kb (separate Claude.ai project, alaivos-biz-core/ dir). Shared intelligence copied, not referenced.

Setup sequence: wrangler + API token → create KV + deploy Worker → seed with 12 canonicals + MASTER_KB.md → project instructions updated with real URLs → Cloudflare MCP enabled in Omega chat.

2.5 DNS (Cloudflare zone alaivos.com)

Hostname Target Notes
ghost.alaivos.com 46.62.149.145 (A) Proxied
cdn.alaivos.com R2 bucket alaivos-models Public hostname
photon.alaivos.com Worker
search.alaivos.com Worker
places.alaivos.com Worker
banking.alaivos.com Worker
hub.alaivos.com CNAME (pending) Shared brain portal
alaivos.com + www Pages

3. Supabase

  • Project ref: aljvskgceeurgoqdplhh · URL: https://aljvskgceeurgoqdplhh.supabase.co · Region: eu-central-1
  • anon key: in alaivos/lib/config/env.dart · service_role key: Supabase Dashboard → Project Settings → API
  • Dashboard: https://supabase.com/dashboard/project/aljvskgceeurgoqdplhh

Tables (subset): - user_profiles — + 6 V2.7 onboarding fields (reinstall recovery via Alpha sprint; needs 6 ALTER TABLE statements). - trial_devices — device fingerprint registry for TrialGuard (silent at signup). - ai_personas — persona presets + custom slider values. - Encrypted (AES-256-GCM, V2.7 Epsilon sprint): shared_gift_notes, web_ai_content, ai_command_queue (read+rewrite).

Realtime: used for WebRTC signaling (call offer/answer/ICE) and E2EE chat relay (libsignal payloads, server only sees ciphertext).

Edge Functions:

Function Channels Deploy
send-push chat_message, family_location, score_update, birthday, departure_alert, reminder, incoming_call cd supabase && npx supabase functions deploy send-push --project-ref aljvskgceeurgoqdplhh --no-verify-jwt

Edge secrets: FIREBASE_SERVICE_ACCOUNT (full SA JSON), FIREBASE_PROJECT_ID=alaivos-2026.

4. Third-Party Services

4.1 Anthropic API (Checkup Relay only)

  • Signup: console.anthropic.com as Citerius Holdings LLC, $20 initial credits.
  • Used by checkup-relay on ghost-01:8100 via Batch API (overnight, ~$0.012/checkup).
  • Dependency chain: Anthropic key → Checkup Relay → Checkup Pipeline (Alpha) → Checkup UI (Gamma).
  • Privacy: dual anonymization (device strip → Gemma 4 E4B rewrite) before leaving ghost-01. Privacy policy must disclose third-party AI processing line.

4.2 TheSportsDB — $3/mo Patreon (commercial ToS)

  • Free key "3" used during dev; Patreon required before launch for commercial terms.
  • Covers 15 football/LatAm/cricket leagues. Combined with ESPN (14 US sports, free), Jolpica (F1, free), and boxing scraper → 31 total leagues in sports cache.

4.3 Twilio — Day 14 phone verification

  • SMS OTP for mandatory Day 14 phone verify (unlock Elite). Phone hash stored only, never raw.
  • Dependency: Twilio signup → phone verify sprint unblocks.

4.4 Firebase (FCM push)

  • Project: alaivos-2026 · Console: https://console.firebase.google.com/project/alaivos-2026
  • google-services.json at alaivos/android/app/
  • Service account JSON held in Supabase edge secret FIREBASE_SERVICE_ACCOUNT.
  • Dependency: Firebase project → FCM sprint (Wave 1 Alpha) → chat push / incoming_call / birthday / score / departure_alert.

4.5 RevenueCat

  • Subscription management across App Store + Play Store. Config in alaivOS_RevenueCat_Config.md. Coordinated live-config session after store approvals.

4.6 Stripe

  • Payment processor. Live config after store approvals (one coordinated session: Stripe + RevenueCat + Mac + Xcode + TestFlight + submissions).

4.7 Apple Developer & Google Play

  • Apple: submitted March 24, Day 20 of review (as of April 13).
  • Google Play: submitted March 25, Day 19 of review (needs address proof).
  • Mac rental scheduled post-Apple approval for Xcode/TestFlight.

4.8 DMCA Designated Agent

  • Registration via Registered Agents Inc — $6, ~10 min. Pending J action. Referenced in LEGAL_AND_PRIVACY.md.

4.9 Warrant Canary

  • canary.html PGP re-sign due April 19, 2026 (6 days from last update). Referenced in LEGAL_AND_PRIVACY.md.

4.10 TomTom Traffic API

  • 19 keys, /opt/ghost/data_pipeline/accounts.json, replicated across 3 servers. Round-robin via get_next_key(). ~47,500 calls/day budget. (Full detail in DATA_PIPELINE.md.)

4.11 Open-Meteo (weather + AQ)

  • Free, no key, 10k req/day per IP. Pipeline pulls → R2 pipeline/weather/, app reads cached files (≤30 min stale). Only RainViewer radar tiles are live-fetched.

5. Scaling Triggers

Trigger Action Cost
Single CX43 ceiling ~300 comfortable subs, ~500 max Current
>500 Ghost subs Second ghost-XX node OR CX43→CX53 upgrade +€17-25/mo
>1,000 Ghost subs Dedicated GPU GEX44 (discrete GPU, CUDA) €184/mo
Photon self-host Requires bigger disk than cx23-b (38 GB too small) New node
Bishop training jobs Keep off hot path — one-time, offline batches

Benchmarks (Gemma 4 E4B on CX43 CPU): - Single user: ~3-4 s typical, 30 s thinking-mode spikes (disabled for Instant path). - 5 concurrent: last finishes ~259 s. - 10 concurrent: last finishes ~255 s.

6. Call System (WebRTC)

  • Signaling: Supabase Realtime (offer/answer/ICE candidates).
  • TURN relay: Coturn on ghost-01 (3478/5349), HMAC-SHA1 auth, TURN_SECRET hashed client-side from {expiry}:{userId}.
  • Push: FCM incoming_call channel via send-push edge function (added V2.7).
  • Status: 3/3 sprints DONE (signaling Alpha, session Beta-1, UI Gamma per Delta audit).

7. Security Posture

  • E2EE (chat): libsignal_protocol_dart end-to-end, Supabase Realtime carries ciphertext only. Every tier including Starter.
  • Encrypted-at-rest tables (V2.7): AES-256-GCM on shared_gift_notes, web_ai_content, ai_command_queue.
  • Health data: never synced to cloud, never in Ghost prompts.
  • Phone: hash only (never raw), mandatory Day 14 verify for Elite.
  • Device fingerprint: silent at signup, Supabase trial_devices — TrialGuard check before profile creation.
  • Coturn: denied-peer-ip on RFC1918 ranges; no-tcp-relay.
  • nginx: HTTPS-only, headers hardened (CSP, HSTS, X-Frame-Options); updated for gemma4:e4b routes.
  • Kernel: 6.8.0-107 on ghost-01 (reboot pending).

8. Secrets Inventory

Canonical note: /root/.secrets/ does NOT exist on ghost-01 yet (v1.1 handover was wrong). Consolidation into chmod-600 dir pending next Epsilon sprint.

Secret Location
Supabase service_role Supabase Dashboard → Project Settings → API
Firebase SA JSON Supabase edge secret FIREBASE_SERVICE_ACCOUNT
Cloudflare API token Dashboard (retrieval from J in progress)
R2 access key ID 143fbea3685fe4a2aa8d1bacc66284cf
R2 secret key 4a9900627aef18ba43005c3c4a36e41417e2e24d75a7f6ef19a172e7e73459fc
R2 creds on server /opt/ghost/airport_pipeline/.env
rclone R2 config ~/.config/rclone/rclone.conf on ghost-01
X-Ghost-Token a8ef1026e95484f31aee9a3eab0c5646c809acf73c422300be113a40e61b3995
Coturn TURN_SECRET 717f7eee08175aa556d8066f5e77348c6754d3841aa4f8b9e3e6710e491fd3c3
TomTom (19) /opt/ghost/data_pipeline/accounts.json
API-Football a543ea1e7a77fc980fa4f0950a535a55 (free, current seasons blocked)
Anthropic key PENDING (J signup as Citerius Holdings LLC)
Twilio creds PENDING (J signup)
Stripe live keys PENDING (post store approvals)

Never commit service_role, R2 secret, TomTom keys, or Anthropic key into alaivos/lib/config/env.dart.

9. Deployment / DevOps

  • Flutter app builds: Antigravity (remote builder environment) — CI/CD for APK/AAB + iOS archive (post-Mac rental).
  • Server ops: Claude Code sessions as Epsilon, commandable from mobile via Dispatch.
  • Sprints: Omega (web chat) issues; builders (Antigravity) execute; Delta audits; Kappa (Cowork) deploys HTML.
  • KV shared brain: all agents read/write single KB per §2.4.
  • Rollbacks: Ghost model — one-liner sed on model_router.py. CDN — keep old tier file behind alias until manifest bump.

10. Dependency Chains (what blocks what)

J → Firebase project              ──► FCM Edge fn (deployed) ──► chat push / incoming_call / score / birthday / family_location / reminder / departure_alert
J → Anthropic API key             ──► Checkup Relay :8100 ──► Checkup Pipeline (Alpha) ──► Checkup UI (Gamma) + Teaser hints (Beta-2)
J → Twilio signup                 ──► Day 14 phone verify ──► Elite unlock / trial conversion
J → TheSportsDB Patreon $3/mo     ──► Sports cache legal (commercial ToS)
J → Supabase migration (6 ALTER)  ──► Reinstall Persistence (Alpha) active
J → Cloudflare API token          ──► wrangler on ghost-01 ──► KV shared brain live
J → Apple + Google approval       ──► Mac rental ──► Stripe + RevenueCat + store submissions coordinated session
J → Bishop provisioning           ──► Voice pipeline (Kokoro→Piper fine-tune) ──► Laiv v1.0.1 voice / Brain Distillation
J → Warrant canary re-sign (Apr 19) ──► Legal posture intact
J → DMCA agent registration       ──► DMCA compliance
J → hub.alaivos.com deploy        ──► Shared brain portal accessible

11. Monthly Cost Summary

Line Cost
ghost-01 CX43 €17
cx23 €4
cx23-b €4
Supabase €0 (free tier)
Cloudflare (R2 + Workers + Pages + KV) €0 (free tier)
Firebase (FCM) €0 (free tier)
TheSportsDB Patreon $3
Anthropic (post-launch, Batch) ~$0.012/Checkup × users
Baseline ~€28/mo + $3/mo
Scale trigger at 500 subs +€17-25/mo
Scale trigger at 1,000 subs €184/mo (GEX44 GPU)

12. Contradictions Resolved

Contradiction Resolution
v1.1 handover said wrangler + /root/.secrets/ on ghost-01 Neither exists yet. Flagged as pending Epsilon tasks.
Multiple docs listed sports cache on 11436 vs 8300 Public port is 8300 (nginx-proxied), internal systemd listens on 11436. Use 8300 for canonical reference.
CLAUDE.md in files/ says Qwen 2.5 / 9B on-device Superseded by CLAUDE.md at project root: Qwen 3.5 on-device (0.8B/2B/4B practical, E2B/E4B tablets/future), Gemma 4 E4B Ghost-only.
EPSILON_v1.1 said pipeline runs on ghost-01 alone cx23 and cx23-b carry Tier-1/Tier-2 traffic + DDG + airports; ghost-01 is master + T0.
Bishop described as "GPU server" in early docs Bishop = mini PC, no discrete GPU, no CUDA. Radeon 890M iGPU + XDNA 2 NPU only.
Qwen 3.5 9B described as on-device-l Gemma 4 E2B now occupies laiv-l.gguf; Qwen 9B stays in Ollama as Ghost fallback only.
AI provider enum listed gemini/openai/claude Dead. Enum = {local, ghost} only. Anthropic used solely via ghost-01 Checkup relay.