Infrastructure Overview

AI Agents

Active Hosts

GitHub Repos

MCP Servers

macOS Runners

ARC Linux Runners

iOS Apps

CF Workers

Quick Reference

Host	Tailscale IP	Role
MacBook Air M4	`100.126.195.52`	Dev, 9 CI runners, Claude Code
Dell Precision 5520	`100.95.212.93`	k3s (ArgoCD, ARC, Tablez vCluster)
Mac Mini M4	`100.92.170.124`	iBuild-E + iClaw-E
VPS srv1099021	`100.111.142.118`	Volt-E (Boston)
Pi4-03 8GB	`100.107.48.17`	Pi-E
Pi4-02	`100.77.12.75`	Review-E
Pi4-01	`100.73.159.126`	Tailscale exit node
DS412+ NAS	`100.95.36.122`	NFS volumes (~9TB) for k3s

Hosts

Active Infrastructure

Host	Specs	OS	Location	SSH Access
MacBook Air M4	Apple M4, 24GB	macOS 15	Oslo	Local
Dell Precision 5520	i7-7820HQ, 32GB, 233GB NVMe	Ubuntu 24.04	Oslo	`ssh -i ~/.ssh/dell-stig-1 claude@100.95.212.93`
Mac Mini M4	Apple M4	macOS	Oslo	`ssh -i ~/.ssh/mac-executor claude@100.92.170.124`
VPS srv1099021	x86_64	Linux	Boston	`ssh -i ~/.ssh/vps-srv1099021 root@100.111.142.118`
Pi4-02	ARM64, 4GB	Linux	Oslo	`ssh -i ~/.ssh/rpi-pi4-02 claude@100.77.12.75`
Pi4-03 8GB	ARM64, 8GB	Linux	Oslo	`ssh -i ~/.ssh/rpi-claude claude@100.107.48.17`
DS412+ NAS	~9TB	Linux	Oslo	—
Pi4-01	ARM64	Linux	Oslo	`ssh -i ~/.ssh/rpi-pi4-01`

Physical Layout

Oslo (Home):
├── MacBook Air M4 — dev + CI runners + Claude Code
├── Dell Precision 5520 (i7, 32GB) — k3s cluster
├── Mac Mini M4 — iBuild-E + iClaw-E
├── Raspberry Pi 4-01 — Tailscale exit node
├── Raspberry Pi 4-02 — Review-E
├── Raspberry Pi 4-03 — Pi-E
├── Synology DS412+ (~9TB) — NFS for k3s
└── Mobile: Samsung A17, iPhone 15 Pro Max, iPad

Boston (Hostinger DC):
└── VPS srv1099021 — Volt-E

Agents

Where Agents Run

MacBook Air M4 (Oslo)                    Raspberry Pi 4-03 8GB (Oslo)
├── Codi-E (claude-3) -- Orchestrator    └── Pi-E -- Remote Executor
├── Claude-4 ----------- Executor            (OpenClaw Docker, Sonnet 4.6)
├── Claude-5 ----------- Executor
└── Claude-6 ----------- Executor       Raspberry Pi 4-02 (Oslo)
                                          └── Review-E -- Code Reviewer
Mac Mini M4 (Oslo)                             (agent-runner, Sonnet 4.6)
├── iBuild-E ----------- iOS Builder
│    (Claude Code + LaunchAgent)          Dell Precision 5520 (Oslo, k3s)
└── iClaw-E ------------ Personal Asst   └── ATL-E -- Agile Team Lead
     (OpenClaw)                                (k8s deployment, TypeScript)

VPS srv1099021 (Boston)
└── Volt-E ------------- Remote Executor
     (OpenClaw Docker, Sonnet 4.6)

Capabilities

Capability	Codi-E	4/5/6	Pi-E	Volt-E	Review-E	iBuild-E	iClaw-E
Create PRs	Yes	Yes	Yes	Yes	No	Yes	-
Merge PRs	Yes	Yes	No	No	No	No	-
iOS Builds	Yes	Yes	No	No	No	Yes	-
Code Review	No	No	No	No	Yes	No	-
Architecture	Yes	No	No	No	No	No	-
Discord	Yes	Yes	Yes	Yes	Yes	Yes	Yes

Authentication

Single Claude Max subscription: invotekas@gmail.com shared by ALL agents. No API billing.

Agent	Claude Auth	GitHub Auth	Token Keepalive
Codi-E / 4/5/6	Local Claude Max	User's gh CLI	Manual
Pi-E	OAuth (shared)	pie-agent-bot	Claude cron (3-day)
Volt-E	OAuth (shared)	volt-e-agent-bot	Claude cron (3-day)
Review-E	OAuth (shared)	review-e-bot	Claude cron (3-day)
iBuild-E	Local Claude Max	ibuild-e-bot	Local LaunchAgent
iClaw-E	Local Claude Max	iclaw-e-bot	—

Discord Bot IDs

Agent	Mention Format	Channel
Codi-E	`<@1477267530946187305>`	—
Pi-E	`<@1477270576765735024>`	#pi-e
Volt-E	`<@1477272514332852416>`	#volt-e
Review-E	`<@1477785888095473798>`	#review-e

Kubernetes

Dell k3s Cluster

Host: Dell Precision 5520 (100.95.212.93). GitOps: cluster-gitops → ArgoCD v3.0.4.

Component	Namespace	Description
ArgoCD	argocd	Cluster orchestrator (self-managed)
ARC 0.13.1	arc-systems	Actions Runner Controller
ARC Runners	arc-runners	18 scale sets (16 Stig-Johnny + 1 cuti-e + 1 DinD)
ATL-E	atl-agent	Agile Team Lead (TypeScript)
vCluster Platform	invotek	Dashboard at vcluster.invotek.no
NFS Provisioner	—	Helm v4.0.18, `nfs-csi` StorageClass
starc	starc	Legacy client (MSSQL 40GB)

Storage: NFS from DS412+ at 100.95.36.122:/volume1/docker. Future projects get own vCluster.

Tablez vCluster (Active Client/Partner)

GitOps: tablez-dev/tablez-gitops → Flux CD with image automation.

Component	Type	NFS
Flux CD	GitOps controller	—
Flux Image Automation	Auto-updates container images from GHCR	—
tablez-reservation	C# service	—
tablez-api-gateway	C# service	—
tablez-restaurant	C# service	—
tablez-guest	C# service	—
tablez-notification	Docker service	—
tablez-ai	Docker service	—
Postgres	Database	5Gi
Valkey	Cache (Redis-compat)	—
Prometheus	Metrics	10Gi
Grafana	Dashboards	dynamic
Loki	Log aggregation	5Gi
Tempo	Distributed tracing	5Gi
Cloudflare Tunnel	External access (grafana.invotek.no)	—

Grafana at grafana.invotek.no via CF Tunnel (Zero Trust). Terraform manages DNS + tunnel (local state).

CI pipeline: PR merged → docker-build workflow → image pushed to GHCR → Flux image automation detects new tag → auto-commits update to tablez-gitops → Flux deploys to vCluster.

Networking

SSH Keys

Key	Target	Command
`dell-stig-1`	Dell k3s	`ssh -i ~/.ssh/dell-stig-1 claude@100.95.212.93`
`mac-executor`	Mac Mini M4	`ssh -i ~/.ssh/mac-executor claude@100.92.170.124`
`rpi-claude`	Pi4-03	`ssh -i ~/.ssh/rpi-claude claude@100.107.48.17`
`rpi-pi4-02`	Pi4-02	`ssh -i ~/.ssh/rpi-pi4-02 claude@100.77.12.75`
`vps-srv1099021`	VPS	`ssh -i ~/.ssh/vps-srv1099021 root@100.111.142.118`

Cloudflare Domains (5)

Domain	Purpose
dashecorp.com	Shared app domain, email routing
invotek.no	Company (GDPR workers, Grafana tunnel)
stigjohnny.no	Personal (blog, CV)
nutrie.app	Nutri-E (DSLD, webhook, OpenAI)
cutiefeedback.com	Cuti-E platform

Tunnels

Tunnel	Domain	Target
tablez-vcluster	grafana.invotek.no	Tablez Grafana
vcluster-platform	vcluster.invotek.no	vCluster dashboard

Security Layers

#	Layer	Where	What
1	Tailscale ACL	All agents	tag:sandbox restricts outbound
2	Docker iptables	Pi-E, Volt-E	DOCKER-USER blocks private ranges
3	macOS pf	Mac Mini M4	Blocks Tailscale/LAN outbound
4	Host iptables	Volt-E	uid-owner blocks container

ACL source of truth: Stig-Johnny/infra-config/tailscale/acl.json

GitHub

Stig-Johnny

cuti-e (public)

tablez-dev

Stig-Johnny — Active

Category	Repos	#
Apps	nutri-e, fast-e, count-e, drink-e, heart-e, star-rewards, cutie	7
MCP	appstoreconnect, claude-memory, context-layer, cutie, deadline-tracker, infra-health, pushbullet-sms, slack-notifications, submission-checklist, telegram-notifications, totp	11
Infra	mac-executor, pi-e-config, volt-e-config, review-e-config, atl-agent, claude-3, cluster-gitops, infra-config, dashecorp-skills	9
Sites	dashecorp, private-sites, cv, invotek-no-2023	4
Legacy	agent-runner (dead), mcp-open-core (dead), ~20 others	~23

Runners

macOS (MacBook Air M4) — 9

Labels: [self-hosted, macOS, ARM64, ios]. One per repo. v2.332.0. Required for Xcode.

Linux ARC (Dell k3s) — 18

ARC 0.13.1. Labels: arc-linux-{repo}. Scale 0-3. Standard: 250m→1cpu. Higher: 500m→2cpu. DinD: 1cpu→4cpu.

GitHub Apps (5)

App	Agent	Status
ibuild-e-bot	iBuild-E	LIVE
review-e-bot	Review-E	LIVE
pie-agent-bot	Pi-E	LIVE
volt-e-agent-bot	Volt-E	LIVE
iclaw-e-bot	iClaw-E	LIVE

GitHub Actions Runners

macOS Runners

Linux ARC Scale Sets

Hosts

macOS Runners (MacBook Air M4, Oslo)

All v2.332.0. Run as LaunchAgents (start on login). Labels: [self-hosted, macOS, ARM64, ios]. Required for Xcode/iOS builds.

Runner Name	Repo	Path
mac-mini-m1	Stig-Johnny/nutri-e	`~/actions-runner/`
mac-mini-fast-e	Stig-Johnny/fast-e	`~/actions-runner-fast-e/`
mac-mini-count-e	Stig-Johnny/count-e	`~/actions-runner-count-e/`
mac-mini-drink-e	Stig-Johnny/drink-e	`~/actions-runner-drink-e/`
mac-mini-heart-e	Stig-Johnny/heart-e	`~/actions-runner-heart-e/`
mac-mini-star-rewards	Stig-Johnny/star-rewards	`~/actions-runner-star-rewards/`
mac-mini-cutie	Stig-Johnny/cutie	`~/actions-runner-cutie/`
mac-mini-ios-sdk	cuti-e/ios-sdk	`~/actions-runner-ios-sdk/`
mac-mini-ios-link-sdk	cuti-e/ios-link-sdk	`~/actions-runner-ios-link-sdk/`

Legacy naming: Runner names say "mac-mini" from when they ran on a Mac Mini. They now run on MacBook Air M4.

Linux ARC Runners (Dell Precision 5520, Oslo — k3s)

Actions Runner Controller (ARC) 0.13.1. GitOps: cluster-gitops/runners/. Scale 0-3 pods. Auth via SealedSecret. Image: ghcr.io/actions/actions-runner:latest.

Stig-Johnny ApplicationSet (16 repos)

Labels: arc-linux-{repo} (e.g., arc-linux-nutri-e)

Resources	Repos
Standard (250m/512Mi → 1cpu/2Gi)	totp-mcp, pushbullet-sms-mcp, telegram-notifications-mcp, slack-notifications-mcp, claude-memory-mcp, appstoreconnect-mcp, heart-e, drink-e, count-e, fast-e, dashecorp, claude-3, atl-agent
Higher (500m/1Gi → 2cpu/4Gi)	star-rewards, nutri-e, cutie

cuti-e Runners

Label	Repo	Resources	Scale
`arc-linux-ios-sdk`	cuti-e/ios-sdk	250m/512Mi → 1cpu/2Gi	0-2

Docker-in-Docker

Label	Repo	Resources	Scale
`arc-linux-docker`	Stig-Johnny/nutri-e only	1cpu/2Gi → 4cpu/8Gi	0-2

Runner Routing

Job Type	Runner Label	Host	Why
iOS build/test	`[self-hosted, macOS, ARM64, ios]`	MacBook Air M4	Requires Xcode, simulator
Android build	`[self-hosted, macOS, ios]`	MacBook Air M4	AAPT2 is x86-only (Rosetta)
Linux CI (lint, scripts)	`arc-linux-{repo}`	Dell k3s	No Xcode needed
Docker-in-Docker	`arc-linux-docker`	Dell k3s	nutri-e container builds

Rule: Never use ubuntu-latest. Always self-hosted to avoid GitHub-hosted costs ($0.08/min for macOS).

Missing ARC Runners

These repos have no Linux ARC runner configured:

Repo	Impact
infra-health-mcp	No Linux CI
context-layer-mcp	No Linux CI
deadline-tracker-mcp	No Linux CI
cutie-mcp	No Linux CI
submission-checklist-mcp	No Linux CI
cuti-e/ios-link-sdk	No Linux CI (only macOS runner)

Maintenance

Task	Command
Check macOS runners	`launchctl list \| grep actions.runner`
Check ARC pods	`ssh dell; kubectl get pods -n arc-runners`
Xcode update broke runners	`xcodebuild -runFirstLaunch` on MacBook Air
Container bloat cleanup	`docker system prune -a --volumes -f`
Add new ARC runner	Add entry to `cluster-gitops/runners/stig-johnny-runners.yaml`

DevOps & CI/CD

All repos: GitHub Flow — trunk-based, feature branches, squash merge. Conventional commits required.

PR Lifecycle (End-to-End)

Agent creates PR — pushes feature branch, runs gh pr create

4 things trigger in parallel:
• build-and-test.yml → CI on self-hosted runner
• Copilot → automatic code review
• request-review.yml → Discord #tasks thread + Review-E tagged
• auto-merge.yml → starts waiting for checks

Review-E picks up from Discord → reviews code → approves or requests changes

Discord thread receives updates:
• build-status-to-discord.yml → CI pass/fail
• forward-copilot-reviews.yml → Copilot review
• pr-comments-to-discord.yml → any comments

Auto-merge decides:
• Wait for CI (10 min timeout)
• Wait for Copilot (60s)
• Query unresolved threads (GraphQL)
• All clear → enable auto-merge (squash)
• Blocked → fallback REST merge API

Post-merge:
• Discord thread: merge notification + author mention
• Linked issues auto-closed
• release-please.yml triggered

Auto-merge Decision Flow

PR opened/synchronized
  |
  +-- Has manual-merge label? --> Skip
  |
  +-- Wait for CI (10 min timeout)
  |   +-- Any failed? --> FAIL
  |
  +-- Wait 60s for Copilot
  |
  +-- Query threads via GraphQL
  |   +-- Unresolved? --> FAIL
  |
  +-- Try GraphQL enableAutoMerge
  |   +-- Failed? --> Fallback: REST pulls.merge
  |
  +-- Poll for merged_at (2 min)
  |
  +-- Post-merge:
      +-- Trigger release-please
      +-- iOS files changed? --> Xcode Cloud monitor
      +-- Discord merge notification
      +-- Close linked issues

Discord Thread Model

Each PR gets a dedicated Discord thread in #tasks:

Event	Workflow	Action
PR opened	`request-review.yml`	Creates thread, stores msg ID as `<!-- discord-review-msg-id:XXX -->`
CI done	`build-status-to-discord.yml`	Pass/fail to thread
Copilot reviews	`forward-copilot-reviews.yml`	Review summary to thread
Comments	`pr-comments-to-discord.yml`	Comment content to thread
Merged/closed	`auto-merge.yml`	Resolution + author mention

Release Pipeline

PR merges to main → release-please.yml triggers

Releasable commits? (feat/fix/perf/deps) → Opens Release PR (version.txt + CHANGELOG)

Auto-approved via RELEASE_PAT (Review-E PAT, expires 2026-05-30)

Auto-merged (squash)

GitHub Release + git tag → release-notes-to-discord.yml

iOS: Xcode Cloud builds → TestFlight

Standard Workflows (8 per app repo)

Workflow	Trigger	Purpose
`auto-merge.yml`	PR opened/sync	Wait for checks, merge
`request-review.yml`	PR opened	Discord thread, request Review-E
`pr-comments-to-discord.yml`	Comments	Forward to Discord thread
`forward-copilot-reviews.yml`	PR opened/sync	Forward Copilot to Discord
`build-status-to-discord.yml`	workflow_run	CI status to Discord
`auto-resolve-copilot.yml`	PR review	Resolve Copilot threads
`notify-failure.yml`	workflow_run	Discord alert on failure
`release-please.yml`	push to main	Version, changelog, Release

Runner Routing

Job	Runner	Host
iOS build/test	`[self-hosted, macOS, ARM64, ios]`	MacBook Air M4
Android build	`[self-hosted, macOS, ios]`	MacBook Air M4 (Rosetta)
Linux CI	`arc-linux-{repo}`	Dell k3s
Docker-in-Docker	`arc-linux-docker`	Dell k3s (nutri-e)

Repo Workflow Status

Repo	auto-merge	copilot-fwd	notify-fail	xcode-monitor
nutri-e	old	Yes	Yes	Yes
star-rewards	partial	Yes	Yes	Yes
fast-e	partial	Yes	Yes	Yes
count-e	latest	Yes	Yes	Yes
drink-e	fixed	Yes	Yes	No
heart-e	tmpl	Yes	Yes	No
cutie	Yes	No	No	n/a

Known Issues

Issue	Impact
Auto-merge ~60% under load	ARC runners sometimes don't spin up
No Discord notification on manual merge	Thread doesn't close
Release-please PRs bypass pipeline	Bot PRs: no CI/Discord/review
Xcode Cloud checks on non-iOS repos	Auto-merge filters them out

Apps

App	Bundle ID	Status	Version	Price	Backend
Nutri-E	`no.invotek.Nutri-E`	READY_FOR_SALE	1.0.4	$4.99/mo	CF Workers
Fast-E	`no.invotek.FastE`	READY_FOR_SALE	1.2	Free	Local
Count-E	`no.invotek.CountE`	READY_FOR_SALE	1.0	Free	Local
Reward-E	`no.invotek.RewardE`	IN_REVIEW	#120	$1.99/mo	Firebase
Drink-E	`no.invotek.DrinkE`	TestFlight	#13	Free	Local
Heart-E	`no.invotek.HeartE`	Not in ASC	—	Free	Local

All: SwiftUI + XcodeGen + CutiE SDK + SwiftData. iOS 16.0 (Fast-E: 17). 39 locales.

Subscriptions (RevenueCat)

App	Monthly	Yearly
Nutri-E	$4.99	$39.99
Reward-E	$1.99	$14.99

MCP Servers

Custom (13)

Server	Purpose	Repo
appstoreconnect	ASC API	appstoreconnect-mcp
claude-memory	Persistent memory	claude-memory-mcp
context-layer	Codebase context	context-layer-mcp
cutie-mcp	Cuti-E platform	cutie-mcp
deadline-tracker	Deadlines	deadline-tracker-mcp
discord	Discord messaging	mcp-discord
email-inbox	Agent email (CF Worker → D1)	local
infra-health	Infra health	infra-health-mcp
pushbullet-sms	SMS / 2FA	pushbullet-sms-mcp
slack-notifications	Slack	slack-notifications-mcp
submission-checklist	App submissions	submission-checklist-mcp
telegram-notifications	Telegram (legacy)	telegram-notifications-mcp
totp	TOTP 2FA	totp-mcp

Third-Party (5) + Cloud (1)

Server	Purpose
playwright	Browser automation
github	GitHub API
cloudflare	Workers/D1/KV
bitwarden	Secrets vault
context7	Library docs
revenuecat (cloud)	Subscriptions

Credentials

Admin Accounts

Account	Purpose
`invotekas@gmail.com`	Invotek admin — Cloudflare, Tailscale, CF Access, Claude Max
`codiedev42@gmail.com`	Dev — Bitwarden, Xcode Cloud, Google Drive
`post@stigjohnny.no`	Personal — vCluster Platform

Credential Inventory (Bitwarden Names Only)

Category	Entry	Used By	Expiry
GitHub	RELEASE_PAT	Release auto-approve	2026-05-30
GitHub	GitHub OAuth Token	Docker runners	—
Apple	ASC API Key	appstoreconnect-mcp	—
Cloud	Cloudflare API Token	CF MCP + Actions	—
Cloud	OpenAI API Key	Blog + Nutri-E	—
Discord	Bot Tokens (x4)	Each agent	—
Revenue	RevenueCat API Key	RC MCP	—
SMS	Pushbullet API Key	SMS MCP	—

GCP: Workload Identity Federation (keyless).
GitHub Apps: PEM on hosts, 1hr tokens, 30min refresh.
Claude Max: One sub (invotekas@gmail.com), cron keepalive (3-day), M4 push fallback.

Architecture

Full Topology

                         +-------------------------------------+
                         |           CLOUDFLARE                |
                         |  5 domains, 27 Workers, D1, KV     |
                         |  2 Tunnels (Grafana, vCluster)      |
                         +-----------------+-------------------+
                                           |
                         +-----------------+-------------------+
                         |  GITHUB (3 orgs, 69 repos)          |
                         |  5 GitHub Apps, Copilot Review      |
                         +-----------------+-------------------+
                                           |
              +----------------------------+----------------------------+
              |                            |                            |
    +-----------------+       +-----------------+        +-----------------+
    | DISCORD         |       | REVENUECAT      |        | APP STORE       |
    | 4 bots, 5+ ch   |       | 2 apps w/ subs  |        | CONNECT         |
    +--------+--------+       +-----------------+        | 6 apps          |
             |                                            +-----------------+
    =========|==========================================================
             |              TAILSCALE MESH (100.x.x.x)
    =========|==========================================================
             |
    +--------+-----------------------------------------------------+
    | OSLO                                                          |
    | +-------------------+  +-----------------------------------+ |
    | | MacBook Air M4    |  | Dell Precision 5520 (k3s)         | |
    | | Codi-E + 3 exec   |  | +-------------------------------+ | |
    | | 9 macOS runners   |  | | ArgoCD (self-managed)         | | |
    | | LaunchAgents      |  | | ARC: 18 Linux runner sets     | | |
    | | Token push/refresh |  | | ATL-E (k8s deploy)           | | |
    | +-------------------+  | | NFS <- DS412+ NAS (~9TB)      | | |
    |                         | | vCluster Platform             | | |
    | +-------------------+  | |  +- Tablez vCluster            | | |
    | | Mac Mini M4       |  | |     (Flux, 6 C# services,     | | |
    | | iBuild-E+iClaw-E  |  | |      Postgres, Valkey,        | | |
    | | pf + ACL sandbox  |  | |      Grafana/Prom/Loki/Tempo) | | |
    | +-------------------+  | +-------------------------------+ | |
    |                         +-----------------------------------+ |
    | +-------------------+  +--------------+  +--------------+    |
    | | Pi4-03 8GB        |  | Pi4-02       |  | Pi4-01       |    |
    | | Pi-E (OpenClaw)   |  | Review-E     |  | Exit node    |    |
    | | Sonnet 4.6        |  | (agent-runnr)|  +--------------+    |
    | +-------------------+  +--------------+                      |
    +--------------------------------------------------------------+
    +--------------------------------------------------------------+
    | BOSTON (Hostinger DC)                                          |
    | +-------------------+                                         |
    | | VPS srv1099021    |                                         |
    | | Volt-E (OpenClaw) |                                         |
    | | Sonnet 4.6        |                                         |
    | +-------------------+                                         |
    +--------------------------------------------------------------+

Agent Communication

User (Stig-Johnny)
     |
     v
Claude-3 (Orchestrator)
     |
     +--> GitHub Issues --> Claude-4/5/6 (local) + Pi-E/Volt-E (Discord)
     +--> Discord #tasks --> All agents
     +--> Workspace Messages --> Claude-4/5/6

Any Agent creates PR
     v
request-review.yml --> Discord thread --> Review-E approves
     v
auto-merge.yml --> Squash merge
     v
release-please --> Release PR --> RELEASE_PAT approve --> GitHub Release