System Architecture
Domain & DNS
Domain: coy.gg on Cloudflare
Zone ID: bb3bbbc9972efa4b08f7e5dff8419f39
Nameservers: cora.ns.cloudflare.com, dan.ns.cloudflare.com
DNS Records
| Subdomain |
Type |
Target |
Notes |
| wiki.coy.gg |
CNAME |
coydevs-wiki.pages.dev |
Cloudflare Pages |
| ads.coy.gg |
CNAME |
ad-analyzer Pages |
Cloudflare Pages |
| copy.coy.gg |
AAAA |
100:: |
Cloudflare Worker |
| creative.coy.gg |
AAAA |
100:: |
Cloudflare Worker |
| research.coy.gg |
AAAA |
100:: |
Cloudflare Worker |
| assets.coy.gg |
CNAME |
R2 storage |
Public R2 bucket |
| fb-scraper.coy.gg |
A |
178.156.231.126 |
VPS (proxied) |
| gateway.coy.gg |
CNAME |
Cloudflare tunnel |
OpenClaw gateway |
Zero Trust / Cloudflare Access
- Access URL: coygg.cloudflareaccess.com
- Auth method: Email OTP
- Session duration: 24 hours
- Scope: All *.coy.gg apps gated by CF Access
Access Apps
| App |
Domain |
Decision |
| Coy Internal Apps |
*.coy.gg |
allow |
| Copy System API Bypass |
copy.coy.gg/api/* |
bypass |
| Research API Bypass |
research.coy.gg/api/* |
bypass |
| FB Scraper API Bypass |
fb-scraper.coy.gg |
bypass |
| Gateway Bypass |
gateway.coy.gg |
bypass |
Access Policies (*.coy.gg app)
Note: The office IP bypass (priority 1) lets you in without OTP when at the office. Away from office → OTP to me@coy.gg.
Databases
| Project |
Type |
Name |
ID |
| Ad Analyzer |
D1 |
ad-analyzer-db |
50d798cb-c001-48c2-9602-4d45c23322a0 |
| Creative Engine |
D1 |
creative-engine-db |
d378347e-cfef-4472-935e-68164af30a87 |
| Copy System |
D1 |
copy-system-db |
52b93002-22c0-44c8-b585-e65ae20eac8a |
| Product Research |
D1 |
product-research-db |
69d7165a-a97d-438b-a5d0-dac49ed70679 |
| PolicyJar |
Supabase |
ovhaygdwyitwodbweobi |
N/A |
Storage
- R2 bucket: creative-engine-assets (public via assets.coy.gg)
Vector Search
- Vectorize index: voc-embeddings (1536 dims, cosine, OpenAI text-embedding-3-small)
- Used by: Copy System (VOC embeddings for feedback loop)
Hetzner VPS
IP: 178.156.231.126 | SSH: ssh vps (root) or ssh vps-dev (dev)
Specs: 2 vCPU, 4GB RAM, 75GB SSD, Ubuntu 24.04.3
Purpose: Persistent browser sessions + Python services (NOT general compute — all pipeline work stays on Cloudflare)
VPS Services
| Service |
Port |
File |
Auth |
| fb-scraper |
9868 |
/home/dev/fb_scraper.py |
Bearer fb-scraper-2026 |
| copy-editor |
9869 |
/home/dev/copy_editor.py |
Bearer copy-editor-2026 |
| cf-tunnel-fb |
— |
systemd service |
Cloudflare quick tunnel → port 9868 |
| nginx |
80/443 |
/etc/nginx/sites-available/fb-scraper |
SSL: self-signed cert |
FB scraper account: Miese Angel (kellkatou@hotmail.com, UID 100003929158736) via Thordata residential proxy (US)
VPS Key Files
| File |
Purpose |
| /home/dev/fb_scraper.py |
FB group scraper aiohttp service |
| /home/dev/copy_editor.py |
Computational editing service (10 scripts, Brysbaert + Warriner DBs) |
| /home/dev/fb_login.py |
Re-login script if FB session expires |
| /home/dev/fb-cookies.json |
Saved FB session cookies |
| /home/dev/update-tunnel-url.sh |
Updates VPS_FB_SCRAPER_URL after VPS reboot |
| /home/dev/cfox/ |
Python venv with camoufox 0.4.11 + playwright |
| /home/dev/ceditor/ |
Python venv for copy-editor (spaCy, textstat, anthropic) |
OpenClaw Gateway Tunnel
Tunnel: openclaw-gateway (ID: 111506ce-fd80-4857-b3a2-4ff44ca1b8c4)
DNS: gateway.coy.gg → CNAME to tunnel (permanent)
Routes: gateway.coy.gg → http://localhost:18789 (OpenClaw gateway port)
Config: C:\Users\me.cloudflared\config.yml
Auto-start: Windows Startup shortcut → cloudflared.exe
Cron Workers
| Worker |
Schedule |
Action |
| research-discover |
Every 6h |
Triggers product research discovery |
| research-process |
Every 10min |
Processes queued research items |
| research-enrich |
Every 30min |
Enriches products via Foreplay API |
| creative-cron |
Every 2min |
Calls /api/process-jobs on Creative Engine |
| copy-pipeline |
Every 30min |
Advances copy pipeline + scrapes FB groups |
| pr-auto-merge |
Every 1h (Sonnet) |
Auto-merges approved PRs on coydevs/policyjar |
External Services
| Service |
Purpose |
Used By |
| CamoFox (Fly.io) |
Anti-detection browser, web scraping |
Product Research, Copy System |
| Telnyx |
WebRTC softphone, call control, SMS, IVR |
PolicyJar |
| Stripe |
Subscription billing, metered minutes |
PolicyJar |
| OpenAI |
Embeddings, GPT |
Copy System, Creative Engine |
| Anthropic |
Claude for pipeline agents |
Copy System |
| Fal.ai |
Kling video, image generation |
Creative Engine |
| ElevenLabs |
Voice synthesis |
Creative Engine |
| Foreplay |
Ad spy, enrichment |
Ad Analyzer, Product Research |
| Meta/Facebook |
OAuth, ads API (App ID: 1792537038079116) |
Copy System, Ad Analyzer |
| Thordata |
Residential proxy US (10GB) |
CamoFox on VPS |
| Inference.net |
Schematron HTML→JSON extraction |
Product Research |
Dev Environment
- Docker container: coy-dev (Ubuntu 24.04), SSH localhost:2222
- Mounts: C:\Users\me\Projects → /home/dev/projects/
- Rule: Never use PowerShell for file edits — CRLF issues. Use SSH into coy-dev.
Hosting Summary
| Project |
Host |
Platform |
| PolicyJar |
Vercel |
Next.js + Supabase |
| PolicyJar Sales |
Cloudflare Pages |
Static HTML (policyjar-site) |
| Ad Analyzer |
Cloudflare |
Workers (OpenNext) + D1 |
| Creative Engine |
Cloudflare |
Workers (OpenNext) + D1 + R2 |
| Copy System |
Cloudflare |
Workers (OpenNext) + D1 + Vectorize |
| Product Research |
Cloudflare |
Workers (OpenNext) + D1 |
| Wiki |
Cloudflare Pages |
Next.js static export |
| CamoFox |
Fly.io |
Node.js + Camoufox |
| FB Scraper |
Hetzner VPS |
Python aiohttp |
| Copy Editor |
Hetzner VPS |
Python aiohttp |