Infrastructure & Process Documentation
DevOps Center
Complete system architecture, service inventory, deployment processes, and operational runbooks for OmegaOS.
System Status
✅
Frontend
Cloudflare Pages
omegaos.co
✅
Backend API
Supabase Edge Functions
ckeykrgdnddjdojkxmyt.supabase.co
✅
Database
Supabase PostgreSQL
RLS Enabled
✅
Resend API
Welcome emails active
✅
Auth
Supabase Auth
Email/password + RLS
🔴
Domain Email
Resend DNS Pending
@omegaos.co verification
Architecture Overview
Client Browser
|
v
Cloudflare CDN (omegaos.co)
[Pages: Static HTML/JS]
|
+---> Supabase Auth (signup/login)
|
+---> Supabase Edge Functions (Deno)
| |
| +---> /signup (public, creates user + sends welcome email)
| +---> /profile (auth'd, get/update profile)
| +---> /documents (auth'd, list/upload docs)
| +---> /chat (auth'd, AI assistant)
| |
| +---> Resend API (transactional email)
|
+---> Supabase PostgreSQL (RLS-protected)
|
+---> clients (profile data)
+---> client_documents (uploaded files)
+---> messages (chat history)
Service Inventory
| Service | Provider | Tier | Cost/mo | Status |
|---|---|---|---|---|
| Frontend Hosting | Cloudflare Pages | Free | $0.00 | Live |
| DNS & CDN | Cloudflare | Free | $0.00 | Live |
| Domain | Cloudflare Registrar | At-cost | ~$0.75 | Active |
| Database | Supabase | Free | $0.00 | Live |
| Edge Functions | Supabase | Free (500K invocations) | $0.00 | Live |
| Auth | Supabase Auth | Free (50K MAU) | $0.00 | Live |
| Transactional Email | Resend | Free (3K/mo) | $0.00 | Live |
| File Storage | Supabase Storage | Free (1GB) | $0.00 | Live |
| Payment Processing | Stripe (planned) | Pay-as-you-go | 2.9% + $0.30/txn | Planned |
| Payroll Integration | Gusto Embedded | API Partner | TBD | Planned |
Current monthly operating cost: $0.75/mo (domain only). All infrastructure runs on free tiers.
Deployment Process
Frontend (Cloudflare Pages)
All HTML files are in the omega-site/ directory and deployed via Wrangler CLI.
# Deploy all pages
cd omega-site
npx wrangler pages deploy . --project-name omega-pipeline
# Verify deployment
curl -s -o /dev/null -w "%{http_code}" https://omegaos.co/
Backend (Supabase Edge Functions)
Edge functions run on Deno and are deployed via Supabase CLI or dashboard.
# Deploy edge function npx supabase functions deploy onboarding --project-ref ckeykrgdnddjdojkxmyt # Set secrets npx supabase secrets set RESEND_API_KEY=re_xxx --project-ref ckeykrgdnddjdojkxmyt # Check logs # Dashboard: supabase.com/dashboard/project/ckeykrgdnddjdojkxmyt/functions/onboarding/logs
Database Schema
clients
| Column | Type | Constraints |
|---|---|---|
| id | uuid (PK) | References auth.users |
| full_name | text | |
| business_name | text | |
| text | ||
| phone | text | |
| entity_type | text | CHECK: llc, s-corp, c-corp, sole-proprietorship, partnership, nonprofit |
| ein | text | |
| urgency | text | CHECK: immediate, this-month, this-quarter, exploring |
| services_needed | text[] | |
| onboarding_status | text | CHECK: pending, in_progress, in-review, active, archived |
| created_at | timestamptz | DEFAULT now() |
client_documents
| Column | Type | Constraints |
|---|---|---|
| id | uuid (PK) | DEFAULT gen_random_uuid() |
| client_id | uuid (FK) | References clients.id |
| document_name | text | NOT NULL |
| document_category | text | CHECK: tax-return, bank-statement, profit-loss, balance-sheet, w2, w9, 1099, articles-of-incorporation, ein-letter, insurance-policy, lease-agreement, payroll-report, other |
| storage_path | text | |
| uploaded_at | timestamptz | DEFAULT now() |
Row Level Security (RLS)
All tables have RLS enabled. Clients can only access their own records.
-- clients: users see only their own row CREATE POLICY "Users read own client" ON clients FOR SELECT USING (auth.uid() = id); -- client_documents: users see only their own documents CREATE POLICY "Users read own docs" ON client_documents FOR SELECT USING (client_id = auth.uid());
API Endpoints
| Endpoint | Method | Auth | Description |
|---|---|---|---|
/functions/v1/onboarding/signup | POST | Public | Create account, profile, send welcome email |
/functions/v1/onboarding/profile | GET | Bearer token | Retrieve client profile |
/functions/v1/onboarding/submit-profile | POST | Bearer token | Update client profile fields |
/functions/v1/onboarding/documents | GET | Bearer token | List uploaded documents |
/functions/v1/onboarding/register-document | POST | Bearer token | Register a document upload |
/functions/v1/onboarding/chat | POST | Bearer token | AI assistant chat message |
Project Timeline
Phase 1 — Completed
Core Infrastructure
Cloudflare Pages hosting, Supabase database, auth, edge functions, domain setup (omegaos.co)
Phase 2 — Completed
Client Onboarding
6-step onboarding wizard, document upload, AI chat assistant, welcome email automation
Phase 3 — Completed
Forms & Compliance
Forms library, compliance center, workflow visualization, PDF templates
Phase 4 — In Progress
Operations & Billing
DevOps page, financial tracker, Pay Bill feature, Payroll integration, email templates, M&A directory
Phase 5 — Planned
Advanced Features
Stripe payment processing, Gusto payroll API, CSV/Excel document processing, IRS payment integration
Phase 6 — Planned
Custom Payroll & Automation
In-house payroll calculations, automated tax filing, client reporting dashboards, Podio full migration
Secrets & Credentials Registry
Secrets are stored securely in Supabase Edge Function environment. Never commit secrets to code.
| Secret | Location | Purpose | Rotation |
|---|---|---|---|
| SUPABASE_URL | Edge Function Env | Database connection | Static |
| SUPABASE_ANON_KEY | Edge Function Env + Frontend | Public API access | Static |
| SUPABASE_SERVICE_ROLE_KEY | Edge Function Env | Admin DB operations | Rotate quarterly |
| RESEND_API_KEY | Edge Function Env | Send transactional email | Rotate quarterly |
Operational Runbooks
Add a New Page
- Create
pagename.htmlinomega-site/ - Follow existing design system (copy CSS variables)
- Add nav link to all pages' nav bar
- Deploy:
npx wrangler pages deploy . - Verify:
curl https://omegaos.co/pagename.html - Update this DevOps page's service inventory
Add a New Edge Function Endpoint
- Add route handler in
onboardingfunction - Add RLS policy if new table access needed
- Test locally with curl
- Deploy via Supabase CLI or dashboard
- Add endpoint to API documentation above
- Update finance tracker with any cost changes
Add a New Microservice
- Document purpose and cost in finance tracker
- Get approval from Yiorgos if monthly cost > $0
- Add to Service Inventory table above
- Set up monitoring and logging
- Create runbook for the new service
- Add audit entry to expenditure log
Rotate a Secret
- Generate new key in provider dashboard
- Update Supabase secret:
npx supabase secrets set KEY=value - Verify edge function still works
- Revoke old key in provider dashboard
- Log rotation in audit trail
Pending: Domain Email Verification
Action Required: Add these DNS records to Cloudflare for omegaos.co to enable sending from @omegaos.co email addresses.
| Type | Name | Value | Priority | Status |
|---|---|---|---|---|
| TXT | resend._domainkey | p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8yiNGgy3R1Zxyf87liitFRm3MMzNMsNUsY0iMYc2+Pn3w3ROKAR6p5ZeTNz2w4tvP3McYHFlgul308PvUKSS5Eu1qKIeylJ5m1vaD8mimmGzji629sU3jnB20X0SE6yPKkSxDH6h00+lAmnxPXWQKIVmSN0Gr4edhiTKpDl2G7QIDAQAB | — | Pending |
| MX | send | feedback-smtp.us-east-1.amazonses.com | 10 | Pending |
| TXT | send | v=spf1 include:amazonses.com ~all | — | Pending |
Once these records are added and verified, the edge function will be updated to send from
onboarding@omegaos.co instead of onboarding@resend.dev.