Infrastructure Map

Operational view of services, secrets, runners, and domains.

No incidents

Users / Clients

Public entry point for projects and automations.

Cloudflare

DNS + CDN + WAF
SSL/TLS active

Active Domains

secrets.friskydevelopments.com
status.friskydevelopments.com
deploy.friskydevelopments.com

DigitalOcean Chosen plan

frisky-do-core-01 To create

Infisical

secrets.friskydevelopments.com
Secrets management

HTTPSMFA

Backups

Snapshots + daily
Restore required

Pending

Coolify

deploy.friskydevelopments.com
Deploy panel on DigitalOcean

DOPending

Monitoring

Uptime + metrics
Active alerts

Planned

Google Cloud

Cloud Run + Storage
Status: Active

Azure

Legacy staging / temporary jobs
Status: Paused

Local Mac mini

Private runners
Status: Active

Future Hetzner

Final low-cost target
Status: Planned

n8n automation

Internal workflows
Status: Waiting

Deployment Plan

DigitalOcean first, Hetzner later.

DigitalOcean Decision

DO becomes the initial persistent base.

Completed

DigitalOcean Base

Droplet, SSH, firewall, DNS, and backups.

Infisical Self-Hosted

HTTPS, MFA, project, and environments.

Pending

Create `frisky-do-core-01`

Enable SSH key-only

Configure `secrets.friskydevelopments.com`

Test backup and restore

Brisa Dev/Staging Pilot

Migrate voices and test runner without copying keys.

Pending

Brisa Production

Cloudflare, GCloud, payments, and WhatsApp.

Pending

Coolify on DigitalOcean

Install after Infisical backup/restore passes.

Pending

Replit Migration Tracking

Audit Replit apps, map secrets, and migrate deploy targets into Coolify or Cloud Run.

Pending

Owner Space

Executive control room for projects, costs, access, domains, incidents, and operating decisions.

Owner view active

Active projects6

Tracked budget$650

Domains3

Open decisions5

Project Portfolio

Brisa de BarraPilot for secrets, voices, Cloudflare, GCloud, payments, and WhatsApp.

Pilot

STIX / AION OSTactical admin, bot ops, security screens, and Stitch design system.

Design

ClipsFlowTimeline, monetization, deploy path, and creator workflow.

Backlog

Shared InfrastructureDigitalOcean, Infisical, Coolify, Cloudflare, runners, and backups.

Core

Domains & Surfaces

secrets.friskydevelopments.comInfisical on DigitalOcean

deploy.friskydevelopments.comCoolify on DigitalOcean

status.friskydevelopments.comMonitoring and incident status

Access Control

OwnerFull recovery access in 1Password, no public runtime dependency.

AgentsScoped tasks, minimum secrets, expiration, and audit notes.

ProductionNo production secret moves without backup, restore, and rollback.

Decision Register

DigitalOcean is the persistent baseInfisical and Coolify live there first; Hetzner stays future.

Replit migrates by inventoryNo Repl is shut down until target deploy, DNS, and rollback are confirmed.

Infisical becomes operational source1Password remains recovery, not runtime.

Operating Cadence

DailyCheck blockers, migration status, and active deploys.

WeeklyReview costs, secrets drift, backups, and agent outputs.

MonthlyDecide what moves to Hetzner, Cloud Run, or stays on DigitalOcean.

Budget Control

Separate home-ops, temporary credits, execution arms, and real media operating spend.

Spend gates active

DigitalOcean

$200

Home-ops/control-plane budget: Infisical, Coolify, owner admin, backups coordination, monitoring.

Home base

GCloud

~$250

Credits for roughly 60 days. Use for immediate production API lane, but keep portable.

Credits

Azure

$100

Temporary execution-arm budget for jobs, speech/media experiments, Blob, and managed identity.

Temporary arm

Studio Translation/Media

$100

Narrow proof-of-work only. Do not spend this on broad automation until one small workflow proves value.

Proof only

Hetzner

TBD

Likely long-term workload destination after credits. Keep GCloud and Azure portable.

Future

Budget rule

No provider credit should hide real operating cost. Studio/media spend is tracked separately from infrastructure.

Startup Credits Application Plan

Position Frisky as an AI-native product ecosystem, not a translation agency.

Application story locked

Application Positioning

AI-native product ecosystemUmbrella category for creator, studio, automation, media, and multilingual operations.

Studio automation platformTranslation is one workflow inside the platform, not the business category.

Creator/operator cloud OSOwner admin, agents, deployments, media workflows, APIs, and infrastructure layer.

Core Story

Frisky is building an AI-native product ecosystem for creator, studio, media, automation, and multilingual operations. Translation is one workflow inside the platform, not the business category.

AI-firstProduct infraMedia ops

1. Google for Startups

up to $350k

Priority one because GCloud is the short-term production API lane and Google explicitly supports AI-first startups.

Apply first

2. Cloudflare for Startups

up to $250k

Front door, edge, security, Workers, R2, and performance layer.

Edge

3. DigitalOcean

Home ops

Long-term control-plane layer: Infisical, Coolify, owner admin, dashboards, and monitoring.

Home base

4. GitHub for Startups

$10k

Developer tooling, Copilot, Actions, security, and PR workflows.

Dev tools

5. OpenAI Startups

Partner path

Use for founder community, API build resources, and partner routes rather than assuming public fixed credits.

Partner

6. Microsoft for Startups

up to $5k+

Use only if Azure Speech/AI, demos, or Microsoft ecosystem workloads matter.

Azure arm

7. Replit

Migration + credits

Current workload source and possible startup tooling path; migrate carefully while keeping rollback.

Active source

8. Perplexity

Research

Research, market intelligence, citations, and startup application evidence gathering.

Intel

9. AWS Activate

up to $100k

Optional backup. Do not add AWS to the core architecture yet.

Optional

Deployments Module

The connective layer for repos, secrets, agents, runners, targets, health checks, DNS, and rollback.

Gates not armed

RepoGitHub / local checkout

SecretsInfisical

RunnerCodex / Jules / Cursor

TargetCoolify / Cloud Run

Health/health + /ready

RollbackReplit / prior release

Deployment Queue

Infisicalsecrets.friskydevelopments.com → DigitalOcean

Pending

Coolifydeploy.friskydevelopments.com → DigitalOcean

Pending

Brisa Dev/StagingFirst app to validate secrets + deploy path.

Planned

Replit workloadsClassified into Coolify or Cloud Run after inventory.

Planned

Release Gates

Secrets readyNo manual key copy; app reads from Infisical or scoped env injection.

Health checks passApp exposes health endpoint before DNS cutover.

Rollback confirmedPrevious host stays alive until the new route is stable.

Target Matrix

DigitalOcean / CoolifyPersistent apps, previews, long-running services.

Google Cloud RunProduction APIs and edge-stable services.

Azure LegacyTemporary jobs until migrated.

ReplitRollback source during cutover.

Replit Migration Tracker

Status board for moving Replit workloads into the new DigitalOcean/Coolify and Cloud Run plan.

Discovery pending

1. Inventory Repls

List active Replit apps, owners, domains, runtime, secrets, and traffic.

Pending

2. Classify Destinations

Move persistent apps to DigitalOcean/Coolify; keep production APIs on Cloud Run when needed.

Planned

3. Secrets Migration

Planned

4. Cutover & Rollback

Test deploy, switch DNS, verify health checks, and keep Replit rollback until stable.

Planned

Apps found0

Secrets mapped0

Ready to migrate0

BlockedDiscovery

Divide & Conquer Board

Work lanes for Jules, Cursor, Copilot, and Codex so the migration can move in parallel.

Parallel execution

Codex Coordinator

Owns this admin, source-of-truth state, docs, verification, and handoff checklists.

Keep plan and dashboard synced.
Review diffs before deploy.
Document blockers clearly.

Jules Implementer

Execution worker for bounded implementation tasks with clear files, clear output, and no broad secret access.

Build Replit inventory scripts.
Draft Coolify deploy recipes.
Return patches plus handoff notes.

Cursor Code Editor

Handles repo-level code changes, Dockerfiles, env templates, and app-specific migration fixes.

Patch apps for container deploy.
Add health checks.
Clean env examples.

Copilot Housekeeping

Owns README drafting, resource cleanup, repo organization notes, and small review suggestions.

Build the owner README.
Clean the resource map.
Flag messy folders and stale docs.

Gemini CLI Strategist

Runs command-line analysis for architecture critique, migration ordering, and risk checks without receiving production secrets.

Compare Replit versus Coolify targets.
Review migration sequence.
Flag cost and reliability risks.

CodeRabbit PR Review

Reviews pull requests for risky diffs, missing tests, security issues, and deploy regressions.

Review migration PRs.
Call out deploy risks.
Keep findings actionable.

Bugbot Trial / Prove Value

Before cancellation, use it for focused bug sweeps on deploy readiness, broken links, and stale config.

Find broken links and stale refs.
Check config drift.
Cancel if no useful findings.

Self-updating plan

This page watches `frisky-infra-state.js` every 30 seconds and updates counts, timestamps, and migration status when that state file changes.

Secrets & Resources Inventory

Target operational source: Infisical. 1Password remains as recovery.

Project	Service	Key / Resource	Environment	Current	Target	Status	Risk	Consumer	Notes

AION_OS // CORE

Autonomous

Command Center

Uptime, streams, terminal feed, alerts, and network topology as the operations layer.

Admin Security

Firebase identity, 2FA, access control, and deep diagnostics for root access.

Bot Ops

Telegram, Discord, tactical commands, log feed, and scheduled deployments.

Stream Node

VC, OBS, audio, clipping, and live operations control from separate nodes.

Stitch aplicado al admin

Tokens, nodes, and architecture pulled from the exported Google Labs Stitch package.

Void Black#0B0C0E

Electric Blueactions

Neon Greenonline

Safety Orangealerts

AppShell + NavigationShared base for map, plan, inventory, and Stitch Lab.

SystemContextAutonomous/Assist mode, health, alerts, and operational status.

AdminNodeSecurity, deployments, access, backups, and diagnostics.

BotNode / StreamNode / ClipsNodeFuture areas for Telegram, Discord, OBS, VC, and ClipsFlow.

08:42:11 > INIT SECURE HANDSHAKE... OK

08:42:14 > DIGITALOCEAN PLAN LOCKED

[NET] secrets.friskydevelopments.com queued

[WARN] backup restore must pass before real secrets

08:42:21 > BRISA PILOT READY FOR DEV/STAGING