בס״ד

STACK MAP — Hookstreet / Zee Operating System

docs/STACK_MAP.md · last changed (pre-VM history) · rendered from GitHub master

STACK MAP — Hookstreet / Zee Operating System

What this is: Complete read-only inventory + mapping of Sam's technical & operating stack — for evaluating whether it has become a repeatable client-install system.
Generated: 2026-06-04 · Method: 4-agent read-only sweep + direct verification (MIS tab audit, Worker route map, command router).
Status: LIVING reference (overwrite in place; keep the "Generated" line current). Nothing was modified to produce this.
Secrets: redacted — existence/location/risk only, never values.

⚠ HOW TO READ THIS (provenance). The structural facts — repos, scriptIds, the install pattern, what's personal vs sellable — are stable and trustworthy. The state facts — which trigger is on, is Schwab live, is an endpoint gated, is a page built — are a 2026-06-04 snapshot, and 3–4 sessions are modifying them hourly. Re-verify any state claim against live code/registry before relying on it. This document was partly synthesized from session context; where a state claim hadn't been re-read from code at write time it may lag. See the Correction Log at the bottom for items already proven stale on re-verification.


1. EXECUTIVE SUMMARY

What it is: A personal operating system built on one consistent pattern — Google Sheet as database → Apps Script as orchestration → Cloudflare Worker as fast/secure middle layer → static portal + Telegram/SMS as the UI. Four domains: a command center (queue/grocery/relays), a trading brain (MIS), a money layer (Plaid/obligations), and a family/home layer (kiosk, cameras, calendars).

What it solves: Sam's single-point-of-execution problem — capture anything from his phone, see his whole world sorted by consequence, act on it, and have a few things run on a schedule (morning brief, cadence pulse). It turns scattered tools into one loop.

Personal to Sam: MIS (trading rules + real accounts), obligations/mortgages, the villa STR business, the family kiosk, Orthodox-calendar logic, Mildred's scope.

Reusable for clients: the install pattern itself (Sheet+Script+Worker+portal+SMS) and the services delivery kit (underwriting + operations-build) — genuinely productizable.

Overbuilt: MIS has ~90 endpoints, dual engines, 40 tabs for a trader doing ~2.5 trades/month. The portal hit ~22 pages / 4 queue views before the current consolidation.

Valuable infrastructure: command-inbox (the one-database command engine), the Worker security/relay layer, the FSE decision-truth model, the underwriting/ops skills.


2. REPOSITORY MAP (14 repos, 0 archived; 3 public)

Repo Vis Purpose Status
MIS priv Trading decision engine (v1 brain + v2 data layer + FSE) ACTIVE (live session)
hookstreet-workspace priv Meta-repo — this workspace; CONTEXT.md = source of truth ACTIVE
hookstreetservices-site PUB Villa rental + advisory marketing site (hookstreetservices.com) ACTIVE
hookstreet-bos-sheets priv Canonical BOS Sheets (obligations/reporting) SEMI-ACTIVE (triggers disabled)
command-inbox (folder, clasp-pushed, tracked in workspace) priv Command engine + Telegram webhook ACTIVE
levsms priv Community SMS assistant (zmanim/minyanim) ACTIVE
hookstreet-skills priv 19 Claude/Codex skills ACTIVE
CM_Invoice_System priv C&M invoice system (Sheets+Script) DORMANT (last push 5/13)
HookStreet-Business-OS priv Older BOS repo (no description) UNCLEAR — likely superseded by bos-sheets
eden-gardens-os priv Eden client engagement DORMANT
hookstreet-voice-intake priv Voice→Gmail→Script intake EXPERIMENTAL (early)
abnbcalc PUB STR calculator DORMANT
north-woodmere-lawn-coop PUB Lawn co-op proposal site DORMANT
Lee priv no description UNKNOWN — not referenced anywhere
command-center priv no description, Mar 2026 UNKNOWN — likely early predecessor

Connections: workspace is the hub; MIS + command-inbox + bos-sheets are nested clasp projects pushed separately; hookstreetservices-site deploys to GitHub Pages; the Worker (ops-api) is the connective tissue between portal pages and the Apps Script backends.
Flag: Lee and command-center are undocumented — investigate or archive.

clasp / Apps Script projects (scriptIds)

Folder scriptId
command-inbox 1GIAKknTtdvqMH2EfPH5cYEsMyqpcnrzXcuDJWFsEtzyiadlqj-Wf5945
MIS v1 (canonical email/scoring) 1yBMztL4RCYGViYMuCSNoahvTzvRS83VgDX0OXMzr0IvUFjghQ2pDpm7Q
MIS (src root) 1r9vWL1DsqSloDL8OteFNekkDZihFw_5jtTBSJ0UjbEigwRxGlILtUzbI
MIS v2 (data layer) 1KDEBYMFZKeImsxKxpY_5Vvc9-ypPBixTUnCPES6dDKI1rRy7vPDOHrfd
BOS v1 1_cgriwCQtZyQWAiDjeOpfa5T9-kFTkb6sXzLg0kaTKB2eG186O6XoMWo
BOS v2 1ROnmAAhtTYEXfNoSnmrtBQdUwymGqejdxoXJHemYuqeKv4pIvz_3R34s
CM_Invoice_System 106wdSg6lMTsqBaGBtH93j_D0AbSrjUtKuRM2WzdjKE7tq5Vqbe1ZQPAp
levsms/router 1KEr8Lt3YS-5FkkZJYGlGqb2qN_yR029_MAQe5BhlrnIcZPSuNYsKcICn

3. DATA SOURCES

Source Data Access Lands Freshness Status Risk
Google Sheets (MIS v1/v2, BOS v1/v2, CM, Command Inbox) system-of-record Apps Script / Drive the sheets live LIVE hand-edits can break formula tabs
Apps Script orchestration/compute clasp web apps LIVE 6-min exec limit (brief timeout)
Finnhub fundamentals/earnings/quote Script Property FINNHUB_API_KEY MIS tabs per refresh LIVE rate limits at 250 tickers
GoogleFinance price/beta/VIX/history in-sheet formulas MIS v2 15-min delayed LIVE recalc cost scales badly
Yahoo v8 (intraday) 1-min + pre/post + 2y daily Worker yfIntraUrl/yfChartUrl /mis/peek live LIVE unofficial endpoint
Schwab API live quotes OAuth, creds in Script Properties MIS v2 live when on CONFIGURED-but-gated (7-day refresh) v1 creds plaintext in CONTROL tab
Plaid (production) bank balances/items Worker + KV /plaid/* 5-min cache + crons LIVE real money; gating critical
Broker CSV/JSON imports cost basis + realized P&L MIS/v2/_*.pyfn=loadcosts/loadrealized MIS v2 manual LIVE (snapshot-authoritative) file-path drift (My Drive vs OneDrive)
Gmail broker trade emails + flagged mail GmailApp (bot runs as sam@) TRADE_LOG / morning context per trigger LIVE (read-only) only sees sam@, not ztreitel@
Telegram / Command Inbox Sam's two-way input webhook → Worker → Script INBOX/queue live LIVE
iCal feeds (Airbnb 9312/9332, Google, TripIt) calendars Worker env URLs /calendar live LIVE full feed was world-readable (now gated)
GitHub source control gh/git repos LIVE
Hikvision NVR camera JPEGs Worker digest auth /camera/snapshot ~1.5s LIVE public NVR port open (deferred)

4. INTEGRATION MAP

INPUT LAYER
  Telegram msg / voice ─┐
  iOS Shortcut ─────────┤
  Portal button ────────┼─→ Worker /inbox (whitelist) ─→ Apps Script doPost ─→ routeCommand_
  Broker emails ────────┘                                                          │
  Broker CSV/JSON ─→ python _import_*.py ─→ MIS v2 fn=loadcosts/loadrealized       │
                                                                                   ▼
PROCESSING LAYER
  command-inbox/start-here.gs   (capture → classify → card)
  MIS v2 Code.gs                (Momentum_Engine → Snapshot → FINAL_STATE_ENGINE resolver)
  MIS v1                        (183-ticker GOOGLEFINANCE scoring — triggers KILLED)
                                                                                   ▼
STORAGE LAYER
  Personal Command Inbox sheet  (Action_Queue · INBOX · Grocery_List · Transcript)
  MIS v2 sheet                  (40 tabs: HOLDINGS_CLEAN · Position_Costs · FSE · Realized_PnL · …)
  BOS "Monthly Obligations" v1/v2 sheets
  Cloudflare KV (PLAID_ITEMS — overloaded: items, balances, threads, state cache)
                                                                                   ▼
OUTPUT LAYER
  Worker endpoints: /state /inbox /mis/peek /plaid/balances /calendar /rethink …
                                                                                   ▼
UI LAYER
  Portal (home/operating/cameras/wife/work/briefings/peek) ← CF Access (sam@ only)
  Telegram replies (brief, MIS, relays) · Family kiosk (speaks aloud)

AUTOMATION/TRIGGER LAYER
  morningBriefing_ 6:48am · pushQueueToOwner 8am · autoAssembleInbox_ /4h ·
  pulseDigest_ /30min · Worker crons (nightly MIS snapshot, Plaid refresh)

AUDIT/LOGGING LAYER
  Action_Events tab · FSE_Run_Log · Decisions · KV webhook audit logs · Transcript

Canonical chain example: Broker Positions CSV → _import_positions.py → Position_Costs tab → fn=joincost → HOLDINGS_CLEAN → fn=peekoverlay → Worker /mis/peek → peek.html / Telegram.


5. GOOGLE SHEETS / APPS SCRIPT INVENTORY

Personal Command Inbox (1U0-Ll…, script 1GIAKkn…)
- Input: INBOX, Grocery_List. Engine: classifiers in start-here.gs. Output: Action_Queue (QUEUE_JSON the portal reads), thread relays. History: Action_Events, Transcript.
- Safe to hand-edit: Grocery_List YES (fixed 2026-06-03 to read by header + case-insensitive Pending/Bought). Action_Queue via commands, not by hand.
- Input→Engine→Output→History: clean.

MIS v2 (1N2v-MDDi…, script 1KDEBYMFZ…)
- Input: TICKERS, Snapshot, broker imports. Engine: Momentum_Engine (56 col) + Trade_Planner (58 col) + FINAL_STATE_ENGINE. Output: dashboard/brief/peekoverlay. History: FSE_Run_Log, Realized_PnL, Performance_Snapshots, Decisions.
- VIOLATIONS (verified tab audit): dual engines both classify (Momentum + Trade_Planner overlap — the "two surfaces" FSE was meant to kill); Performance_Snapshots frozen (identical rows nightly); Data_Health failing; per-ticker price-history tabs (won't scale past ~200 tabs); Macro/VIX header-is-data; date-serial leaked into RR_13W. Do NOT hand-edit the formula tabs (Momentum/Snapshot).

BOS v1 ("Monthly Obligations" 1L_rxCSOnc…, script 1_cgriwCQ…) — Weekly Review, Operations Summary, Quick Capture drain, Mildred start. Triggers disabled by Sam (5/26).
BOS v2 ("…v2" 1qNYUbb…, script 1ROnmAA…) — config-driven weekly/biweekly overview. Complementary, also disabled. → half-parked; consolidate or freeze.

CM_Invoice_System (script 106wdSg…) — invoice generation. Dormant.


6. ENDPOINTS AND COMMANDS

MIS Worker app (MIS/v2/Code.gs, ?token=<RUN_TOKEN>, default fn=state) — ~90 endpoints. Key: state (R), fse (W), brief/briefpush/briefdetail (warm-cached), performance ("am I making money", R), peekoverlay (Worker overlay, R), positions/holdings (R), joincost/setcost/importbroker/loadcosts/loadrealized (W), risk/factors/backtest/stress/mcvar (R), fillsectors/extendrows/finnhub/migratehistory (W), warm/warmtrig/cacheclear, schwabauth/schwabexchange/schwabactivate/livequotes, snapshot/setupsnapshot, washsale/washlist, health/capacity/auditsheet/integrity.
- Doc drift: MIS_SYSTEM_STATE.md references fn=portfolio; the real endpoint is fn=portmetrics.
- ~90 endpoints is far more surface than a personal trader exercises — most are scaffolding.

command-inbox commands (routeCommand_): ACTION/TASK/URGENT/DONE/DEFER/DELEGATE/NEED_INFO/PROOF/STATUS (W) · QUEUE/QUEUE_JSON/LIST (R) · REVIEW/TIDY (R, propose-only) · GROCERY/BOUGHT (W) / GLIST (R) · SPEAK/VOICE/VOICES · TELL/CHANIE/MILDRED/FAMILY (W relays) · STATE/EXPORT (R) · PULSE · MIS/M → mis-bridge · EOD (planned).
- Bug: a second case 'MILDRED' is dead/unreachable code.

Deployments: command-inbox web app @84 (grocery deploys; now self-deployed via clasp deploy -i, no UI redeploy) + a @HEAD deployment; MIS v2 deploy token mv2-run-7Kq9xP2Lz!!!.
- Unknown: exact @NN for MIS v2 (not in code/clasp; two divergent deploy URLs exist — docs HEAD vs python-script URL).


7. AUTOMATION AND TRIGGERS

Trigger Cadence Owner Status Failure mode Monitored?
morningBriefing_ 6:48 AM daily command-inbox LIVE silent no-send if Telegram unconfigured no
pushQueueToOwner 8 AM daily command-inbox LIVE no
autoAssembleInbox_ every 4h command-inbox LIVE no
pulseDigest_ every 30 min (observe mode) command-inbox LIVE partial
Worker cron: MIS nightly snapshot 0 2 * * * UTC ops-api LIVE feeds the frozen-snapshot bug no
Worker cron: Plaid balance refresh 10:30 + 21:00 ops-api LIVE no
MIS warm-cache trigger needs one-time install MIS NOT installed (Sam-side) brief cold-computes → timeout no
BOS v1/v2 (Weekly/Ops/Mildred) weekly/daily bos-sheets DISABLED no

Candid: there is no central System_Health monitor. fn=health/integrity exist for MIS but nothing watches the triggers — a silently-failing morning brief wouldn't page anyone. That's the gap behind "did the brief fire?"


8. UI / DASHBOARD SURFACES

~22 portal pages (outputs/*.html). Current/safe: home.html (master), operating-map.html (consequence view), peek.html (ticker), link.html (Plaid), cameras.html, chanie-home/bills/beach, mildred.html (scoped), family-kiosk.html, briefings.html, rethink/triage/list (queue lenses), start-here.html (PWA). Telegram = the brief + MIS + relays.

Cockpit / institutional MIS dashboard: STILL DEFERRED. The current MIS view is the slow Google-rendered fn=dashboard HTML; the themed light/dark institutional portal (with the Apple-Stocks-style price chart) is planned, not built (Step 6 of the consolidation plan). Three Stitch mockups exist as the design anchor; the real page isn't shipped.

Sprawl note: WEB_SUITE_MAP.md + HOME_DIRECTIVE.md already lock "one page per purpose / don't build a 9th home." The Grand Central consolidation is actively fixing it.

Clean-URL map (outputs/_redirects, Cloudflare Pages)

/→home (200 rewrite) · /start /loops /queue /grocery→start-here · /cash /banks→link · /mis /scope→peek · /decide /home→home · /map /sitemap→map · /briefings · /rethink /consolidate→rethink · /triage /swipe→triage · /list /loops-all→list · /operating /opmap /steering→operating-map · /cameras · /obligations · /bills→chanie-bills · /regulars /groceries→grocery-regulars · /family→family-kiosk · /wife /her /chanie→chanie-home · /mildred /work→mildred


9. SECURITY / PERMISSIONS / SECRETS

Where secrets live (existence/location only): Worker secrets via wrangler (Plaid, INBOX_SECRET, OPS_READ_TOKEN, MILDRED_READ_TOKEN, NVR_, OPENAI/ANTHROPIC/FINNHUB, iCal URLs) — server-side, not shipped to browsers, low risk. Apps Script Script Properties (Finnhub, Schwab, INBOX_SECRET). CF Access gates ops.hookstreetservices.com to sam@hookstreetcapital.com only* — the load-bearing control.

Real exposures, ranked (the dangerous part):
1. 🔴 outputs/pwa-deploy/index.html is a PUBLIC Netlify mirror with a read API key in its source — NOT behind CF Access. Genuinely open to the internet. Action: stop sharing that link; already flagged in architecture.html.
2. ✅ CORRECTED 2026-06-04 (re-read from code): /state is NOT keyless — the live Worker gates it with OPS_READ_TOKEN (index.ts:1160); read endpoints (/state, /plaid/balances, queue reads) require x-ops-key. The session-42 close (a5fbc7e) reports the world-readable holes were closed. The first draft's "keyless /state = biggest hole" was a memory/agent-read error. Remaining (lower severity): a couple of unauthenticated write endpoints on the bare workers.dev origin (/inbox write path, /mis/notify) — anonymous command injection is still possible; worth requiring a key. Verify by hitting the live endpoints.
3. 🟠 Master opskey_… token hardcoded in home.html + link.html client JS. Unlocks balances, full calendar, queue, rethink. Safe only while CF Access holds — one Access-misconfig from a full leak. (Exactly why Mildred's CF Access path-scoping must be airtight.)
4. 🟠 v1 Schwab creds plaintext in the CONTROL tab (v2 does it right via Script Properties). Migrate before any v1 sharing.
5. 🟡 Referer-gating is spoofablescope=family/business, Chanie/kiosk reads. Soft, not auth; bypassable via curl on the workers.dev origin. Acceptable only because the data is low-sensitivity + the named domain is Access-gated.

KV note: single namespace PLAID_ITEMS (id 1801c5fa…) is overloaded for Plaid items, balance cache, webhook audit, chat threads, grocery regulars, and the /state bundle cache. Works, but worth splitting eventually.


10. CLIENT-INSTALL POTENTIAL

Module Client problem Reusable Complexity Sell as
Spreadsheet OS audit "my business lives in my head" audit method (skills) LOW setup fee
Sheets operating dashboard (BOS) no single source of truth Sheet+Script+portal pattern MED setup + monthly
Obligations/invoice tracker missed payments / AR chaos CM + BOS code MED setup + support
SMS command center (LevSMS) community/club info line levsms router MED white-label monthly
Family/home dashboard household coordination kiosk + relays MED niche/internal
STR operating system rental running the owner str-ops skill + ledger MED STR consulting
Client briefing dashboard exec can't see status portal + Worker MED retainer
RE Deal Snapshot "what's this deal worth before I bid" underwriting-method skill + deal-snapshot.html LOW flat fee
Trading dashboard (MIS) HIGH internal-only — do NOT sell

11. OVERBUILT VS VALUABLE (blunt)

Component Overbuilt? Valuable? Verdict Why
MIS (~90 endpoints, dual engines, 40 tabs) Yes, heavily Core yes Freeze sprawl, keep core (FSE + cost basis) Vast surface for ~2.5 trades/mo; truth-layer is gold, rest is scaffolding
command-inbox engine No Very Keep — crown jewel One DB + commands + relays; the install pattern
Worker (ops-api) Slightly (KV overloaded) Very Keep Security/relay layer; split the KV eventually
Portal pages (~22) Was yes (4 queue views) Yes Consolidating (good) Grand Central is fixing; hold the line at one home
BOS v1 + v2 Yes (two parallel) Partially Consolidate to one, or freeze Both disabled; complementary-but-redundant
Services kit (_staging/ + skills) No — underused Very Productize/surface Most install-ready asset, buried in a site-staging folder
pwa-deploy public mirror No Remove/retire Genuine security exposure, superseded
Lee / command-center repos ? ? Investigate or archive Undocumented

12. STANDARDIZED CLIENT STACK (minimum viable install)

Your own stack already is the template:

Control plane   →  ONE Google Sheet (Input → Engine → Output → History tabs)
Orchestration   →  Apps Script web app (clasp-deployed; commands + triggers)
Fast/secure mid →  Cloudflare Worker (auth, caching, relays) — optional for simple installs
UI              →  Static portal page (Cloudflare Pages + Access) — one page, scoped
I/O channels    →  Telegram bot + Gmail (capture/notify); SMS via Twilio if community
Monitoring      →  a System_Health tab + a daily "did it fire?" check  ← (MISSING today)
Handoff         →  a Runbook (you already write these as HOW_TOs)

MVP install = Sheet + Apps Script + one Access-gated portal page + Telegram. The Worker, SMS, and multi-view portal are upsells. Every layer is built at least once — the productization work is packaging + a System_Health module + a runbook template, not new engineering.


13. WHAT IS UNIQUE TO SAM (do NOT generalize)

Personal trading rules + real broker accounts (898/436/720600/5692/son/daughter); MIS entirely; personal cash flow / obligations / mortgages; family kiosk + cameras + Chanie/kids pages; Orthodox calendar/zmanim/Shabbos logic; STR property-specific logic (9312/9332 + litigation); Mildred's VA restrictions; HOA/Eden/HookStreet client commitments; all real client PII (invoices). None of these ship to a client.


14. WHAT CAN BE PACKAGED (HookStreet / Treitel Ventures offerings)

Offer Buyer Deliverable Monthly? Proof
RE Deal Snapshot buyers/sponsors 24-hr underwrite read no deal-snapshot.html + underwriting-method skill
Operating-System Build (BOS) owner-operators Sheet+Script+portal install yes command-inbox-engine skill + live system
Operating Map / Revenue Loop Sprint small teams the sprint optional systems.html (already live)
Fractional-COO 90-day growing SMB 10-deliverable framework retainer CONSULTING_PACKAGE.md + Eden reference
Spreadsheet OS audit messy-sheet owners audit + roadmap → leads to build obligations-audit + archive-deep-dive skills
LevSMS white-label shuls/orgs SMS install yes live levsms (A2P/Twilio compliance caution)
Youth Money Map parents packaged small offer no docs/revenue/youth-financial-literacy/* (complete)

Most install-ready asset: the _staging/ underwrite engagement kit (call script → proposal template → one-pager → playbook → discipline) — fully generalized, currently buried in a site-staging folder. Surface it as the canonical delivery playbook and link it back to CONSULTING_PACKAGE.md.


15. FINAL TAKEAWAY


Known unknowns (verify before relying)

Correction Log (claims proven stale/wrong on re-verification)

For the other ("Zee's world") chat: trust §1, §2 (repos/scriptIds), §4 (pattern), §10–§14 (productization) as stable. Independently re-verify §3 freshness, §5–§7 (MIS + triggers state), and §9 (security) against live code/registry — those move hourly while sessions run.

Source trail: read-only 4-agent sweep + direct verification, 2026-06-04. Re-verified + corrected same day after live commits landed. No files/sheets/deployments modified. Secrets redacted to location/existence only.

Source trail · docs/STACK_MAP.md @ master · rendered 2026-07-02 7:23 PM EDT by scripts/build-docs.py · the .md in the repo is the truth; this page is the phone-readable view