Cloudflare Inventory — source of truth (live-pulled 2026-06-25)
Account
80f0da535e7e84b988cc5260afb3c7e2(sam@hookstreetcapital.com). NAMES only — never commit secret VALUES. Re-pull via the cloudflare-apiexecutetool. Update when workers/secrets/crons change.
8 Workers
| Worker | Role | Secrets | Crons | Status |
|---|---|---|---|---|
| ops-api | THE backend brain (cameras, Plaid, comms relays, MIS bridge, briefings, inbox) | 30 (below) | 5 (below) | ✅ live, active |
| chanie-relay | @ChanieTBot (wife's bot) | ALLOWED_CHATS, CHANIE_BOT_TOKEN, INBOX_SECRET, NOTIFY_SECRET | — | ✅ live |
| manny-relay | @MannyBot (Manny/Netzach bot) | ALLOWED_CHATS, INBOX_SECRET, MANNY_BOT_TOKEN | — | ✅ live |
| levsms-edge | LevSMS edge compute (zmanim/liturgy) | EDGE_TOKEN, APPS + LEVSMS_KV | — | ✅ live |
| hookstreetservices-site | the website (static) | — | — | ✅ static |
| abnbcalc | STR calculator (static) | — | — | ✅ static |
| hookstreet-ops | ⚠️ EMPTY — no secrets/bindings/crons | — | — | 🟡 likely STALE — verify no route, then delete |
| telegram-webhook | ⚠️ EMPTY — no secrets/bindings/crons | — | — | 🟡 likely STALE (old bot webhook?) — verify, then delete |
ops-api crons (5) — what fires when (all handled; none orphaned)
| UTC | ET | Job |
|---|---|---|
0 2 * * * |
22:00 (21:00 winter) | Nightly MIS snapshot · + Sat-night = motzei-Shabbos re-entry brief |
0 7 * * * |
03:00 | Nightly "Dreaming" — #042 bot-memory consolidation |
30 10 * * * |
06:30 | Plaid balance refresh (pre-morning) |
0 21 * * * |
17:00 | Plaid balance refresh (late afternoon) |
45 11 * * 1-6 |
07:45 Sun–Fri | Morning delivery check — verifies today's brief committed, pings Sam directly if missing (CF dow: 1=Sun..6=Fri; the old 1-5 was secretly Sun-Thu = the silent-Friday bug) |
ops-api secrets (30) — grouped by system
- Bots/Telegram: TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, CHANIE_BOT_TOKEN, CHANIE_CHAT_ID, MANNY_BOT_TOKEN, MANNY_CHAT_ID, INBOX_SECRET
- MIS: MIS_EXEC_URL, MIS_RUN_TOKEN, MIS_V2_TOKEN, MIS_V2_URL
- Money/Plaid: PLAID_CLIENT_ID, PLAID_SECRET (+ plain: PLAID_ENV, PLAID_WEBHOOK_URL, KV: PLAID_ITEMS)
- STR/bookings: AIRBNB_9312_ICAL, AIRBNB_9332_ICAL, ICAL_FEEDS, HOSPITABLE_TOKEN (added 2026-06-25 by Sam)
- Cameras: CAM_CF_ID, CAM_CF_SECRET (go2rtc tunnel access) · NVR_HOST, NVR_PASS, NVR_USER, NVR_USE ⚠️
- APIs: ANTHROPIC_API_KEY, OPENAI_API_KEY, FINNHUB_API_KEY, GITHUB_TOKEN
- Misc: APPS_SCRIPT_URL, OPS_READ_TOKEN, MILDRED_READ_TOKEN (+ AI binding, D1: MEMORY)
🧹 Cleanup candidates (need Sam's OK — no blind deletes)
NVR_USE— typo duplicate ofNVR_USER(code uses NVR_USER). Safe to delete. ✂️hookstreet-ops+telegram-webhookworkers — empty; likely dead. Verify no live route points at them, then delete.- NVR_HOST / NVR_PASS / NVR_USER — possibly obsolete now cameras run via go2rtc/CAM_CF_. HOLD* pending the camera forensic research (might restore the direct PC-free path).
How we do this better (the rules)
- This doc is the map. Pull it live, never guess. Surprise = a sign this drifted; re-pull.
- Secrets: you set them, code references by name. Never paste values into chat or git.
- Quarterly: scan for unused secrets + stale workers; rotate API keys.
- Every new secret/cron/worker → add a row here in the same change.