INTERNAL ยท LIVE OPS DASHBOARD
Coreshift HQ Ops
How we run apps. Five plays. One deliberate system.
An internal operating system for catching bugs before users do, shipping fixes in hours, and scaling to every Coreshift HQ app. Built once for KeyContent. Cloned in an afternoon for every app after.
Current phase
Phase 1 ยท Week 1 โ Foundation
Next milestone
CEO Pitch Monday, May 18, 2026
The Three Goals
Catch bugs before users do
Sentry + the in-app widget surface issues automatically โ no more 'thanks for letting us know' emails.
Ship fixes in hours, not days
Brief Claude Code โ review the preview โ merge โ done. Triage takes 10 min/day.
Scale to every Coreshift HQ app
One playbook, cloned per app. Built right means built once.
Development & Production Phases
Where the project has been, where it is now, and where it's going. Each phase delivers value on its own โ no big-bang.
0
Done
Phase 0 Foundation Widget
Shipped May 11
The user-facing piece: a Report Issue widget. Authenticated users submit Bug / Suggestion / Question reports with optional screenshot.
- In-app floating button on every authenticated page
- Type selector (Bug / Suggestion / Question)
- Screenshot upload to Supabase Storage
- Postmark email to operator with full context
1
In progress
Phase 1 Maintenance Ops Rollout
5 weeks ยท Week 1 active
Wrap monitoring, alerting, triage, and workflow around the widget. Foundational infrastructure that every Coreshift HQ app will inherit.
- Week 1: GitHub Issues + Sentry error monitoring
- Week 2: Better Stack uptime + public status page
- Week 3: User Channel (Phase 0 covers this) โ
- Week 4: Triage workflow + briefing templates
- Week 5: In-repo documentation
2
Planned
Phase 2 Widget Enhancements
Post-pitch ยท 3-4 weeks
Same widget grows new outputs without a frontend rewrite. From email-only to a full triage pipeline with persistent storage.
- bug_reports table in Supabase
- Auto-create GitHub Issues from each report
- Auto-reply to users on resolution
- User-facing "My past reports" view
3
Planned
Phase 3 Scale to Other Apps
When App #2 launches
Apply the same playbook to the next Coreshift HQ app. The app_id field is already plumbed through โ cloning takes an afternoon.
- PLAYBOOK-cloning-to-new-app.md
- First clone to App #2
- Federated Sentry org + Better Stack workspace
4
Future
Phase 4 Sentinel
When at 2-3 apps
The unified internal ops dashboard. One queue aggregating every app's bug reports, alerts, and triage state. Internal-only.
- Centralized vs federated architecture decision
- Sentinel web app โ triage queue + filters
- Cross-app analytics + trend detection
35
Done
1
In Progress
0
Blocked
2
This Week
20
Backlog
Key Artifacts
Who's Involved
A
Operator Abe
Triage ยท brief ยท verify
C
Implementer Claude Code
Read ยท code ยท ship
T
The Tools Sentry ยท Better Stack ยท Cloudflare ยท Supabase
Watch ยท alert ยท record
Recently Shipped
โ
Report Issue widget V1
Live on staging.keycontent.ai with Bug / Suggestion / Question types, screenshot upload, and type-aware placeholders
โ
Postmark rewire
Edge Function migrated from Resend to Postmark with verified sender
โ
app_id field
Forward-compatible field for the Sentinel multi-app vision
โ
CEO Pitch Deck
14 slides including the "P0โP3, Elevated" elevation slide
โ
HTML Ops Playbook
Single-file viewer for the 5 HOW-WE-DO docs
โ
ROADMAP.md
Master rollout plan with Sentinel future state baked in
Live Rollout Board
Every task across every phase. Updated by editing KANBAN.md and running update-kanban.cmd.
โ Done
35Report Issue widget V1
Live on staging.keycontent.ai with Bug / Suggestion / Question types, screenshot upload, and type-aware placeholders
Postmark rewire
Edge Function migrated from Resend to Postmark with verified sender
app_id field
Forward-compatible field for the Sentinel multi-app vision
CEO Pitch Deck
14 slides including the "P0โP3, Elevated" elevation slide
HTML Ops Playbook
Single-file viewer for the 5 HOW-WE-DO docs
ROADMAP.md
Master rollout plan with Sentinel future state baked in
HOW-WE-DO-PRIORITY.md
P0โP3 + user-impact narrative + blast radius elevation
HOW-WE-DO-PR-REVIEWS.md
Behavior-based, code-free review checklist
HOW-WE-DO-INCIDENTS.md
Incident runbook with the 1 AM Rule
HOW-WE-DO-DEPLOYS.md
Three rules: staging, rollback, gradual
HOW-WE-DO-BUG-REPORTS.md
Codifies the Phase 0 widget pipeline
HOW-WE-DO-APP-AUDITS.md
Onboarding gate + quarterly re-audit checklist. Captures the first KeyContent audit inline
Register APP-AUDITS in playbook renderer
PLAY 6 now renders in ops-playbook.html (73.4 KB)
HIBP password protection
Enabled on staging + prod. `get_advisors` confirms no more leaked-password warnings
Sentinel kanban published
Live at coreshifthqnz.github.io/coreshift-kanbans/sentinel/ alongside DigitalArchitect. Includes kanban + playbook + roadmap. Pitch deck deliberately internal
Cloudflare org access
Operator now has org access. Unblocks Sentry env vars, gradual rollout, alert integration, and all downstream Phase 1+ Cloudflare work
GitHub branch protection
Rules added on `main` + `staging`: PR required (0 approvals โ 2-person team), linear history, force-push blocked, deletion blocked. Admin bypass left enabled (judgment-call exception for Ricky)
Supabase backup retention verified
Prod has 8 days of daily physical DB backups. Storage objects NOT included (see Phase 1 Week 5 follow-up for that gap)
Sentry env vars in Railway
`VITE_SENTRY_DSN` + `VITE_SENTRY_ENVIRONMENT=staging` planted in Railway staging environment. Frontend builds on Railway (not Cloudflare Pages โ doc correction needed; see backlog)
Sentry SDK installation
Both `keycontent-frontend` and `keycontent-backend` actively receiving events on staging. Release tracking confirmed (commit SHA tagged on deploys). Crash-free sessions: 100%. **Phase 1 Week 1 complete.**
Better Stack uptime monitors
Free tier, 3-min checks across 2 regions for production + staging. Bonus monitor on coreshifthq.com. Email alerts to operator
Public status page (Better Stack subdomain)
Live at https://keycontent.betteruptime.com showing production status only. Custom domain (status.keycontent.ai) deferred โ requires Better Stack paid tier
SSL/TLS Full (Strict)
Cloudflare encryption mode bumped from Full โ Full (Strict) for `keycontent.ai`. End-to-end cert validation now enforced between CF and Railway origin
Cloudflare alert integration
HTTP DDoS Attack Alert + Universal SSL Alert configured at account level. Email destination: abe@coreshifthq.com. Both enabled. **Phase 1 Week 2 complete.**
HOW-WE-DO-DEPLOYS v2 (Railway revision)
Standard Deploy Pipeline, Three Rules (Rule 3 reframed from "gradual" โ "observable"), Rollback Procedures, and V0 promotion example all updated to match Railway reality. Cloudflare's role narrowed to DNS+CDN+WAF
HOW-WE-DO-PR-REVIEWS v2 (Railway revision)
5-step review replaced with Two-Phase Review: Phase A (pre-merge, description + files-changed + clarifying Qs) + Phase B (post-merge-to-staging behavior testing). Safety net retitled to "Sentry + Better Stack + Railway fast rollback."
Cloudflare Bot Fight Mode
Enabled on `keycontent.ai` zone with JS Detections on. Free-tier bot/abuse defense for auth endpoints + general traffic
GitHub labels
13 new labels (P0-P3, radius:*, status types) live in the repo
GitHub issue templates
Bug / Feature / Question YAML forms merged via PR #70
GitHub project board
KeyContent Triage with auto-add workflow
Sentry projects
keycontent-frontend + keycontent-backend created and named
Sentry secrets (Supabase staging)
SENTRY_DSN_EDGE + SENTRY_ENVIRONMENT planted
Sentry secrets (GitHub Actions)
SENTRY_AUTH_TOKEN + SENTRY_ORG + SENTRY_PROJECT planted
Postmark domain verification
`keycontent.ai` fully verified (DKIM + Return-Path); `hello@keycontent.ai` signature live
Gmail inbox rules
`KeyContent/Bug` (red+star+important), `/Suggestion` (yellow), `/Question` (blue+important) labels and subject filters live
๐ก In Progress
1RLS fix for `webhook_events`
Migration `20260512192536_enable_rls_webhook_events` shipped to staging; advisor cleared. Awaiting staging verification (Zernio event smoke test) and prod promotion
๐ซ Blocked
0No items
๐ต This Week
2Pitch dry-run
15 min with timer before Monday
CEO Pitch (Monday May 18)
Present deck + playbook + live staging demo
โช Backlog
20V0 to production
Promotion follows HOW-WE-DO-DEPLOYS. Triggered post-pitch approval
Status page custom domain
Move status page from `keycontent.betteruptime.com` to `status.keycontent.ai`. Requires Better Stack Pro tier (~$25/mo). Decide post-pitch whether the polish is worth the cost
Briefing templates for Claude Code
One template per ticket type
PR review checklist published in repo
In-repo copy of HOW-WE-DO-PR-REVIEWS
Triage rhythm locked
Morning routine codified
PRIORITY.md in repo
In-repo summary of priority framework
Incident runbook in repo
In-repo summary for fast 2 AM reference
Operator onboarding doc
For future second operator or hire
Supabase Storage backup strategy
Daily DB backups exclude Storage bucket objects. Prod `job-assets` has ~890 user objects with no backup. Design a strategy (S3-rsync, manual quarterly export, or Supabase's S3 protocol)
bug_reports DB table
Persistent storage for analytics + history
Auto-create GitHub Issues from reports
Type โ label mapping, direct triage pipeline
Auto-reply users on resolution
Close the loop, build trust
"My past reports" view
User-facing transparency
Document cloning playbook
PLAYBOOK-cloning-to-new-app.md
First clone to App #2
When App #2 launches
Sentinel architecture decision
Centralized vs federated reads
Sentinel dashboard build
Internal triage queue across all apps
Monthly trend reviews
Recurring bug patterns analysis
Quarterly free-tier usage check
Watch Sentry / Postmark / etc. limits
Quarterly stale-issue prune
Close aged P3s