Appearance
Z2 Service Catalog
Canonical endpoint registry for all Z2 services. Single source of truth — all other documents reference this file.
Host
| Property | Value |
|---|---|
| Hostname | hinata-z2 |
| LAN IP | 192.168.1.153 |
| Tailscale IP | 100.120.141.100 |
| Proxmox Web | https://192.168.1.153:8006 |
| OS | Proxmox VE |
Z2 Host Services (systemd)
| Service | Port | Owner | Health Check | Description |
|---|---|---|---|---|
| bulma-api | 8081 | bulma-finances | curl http://localhost:8081/health | Financial data API |
| weather-api | 8082 | allmight-health | curl http://localhost:8082/health | Weather data API |
| email-p4-api | 8080 | heimerdinger-nlp | curl http://localhost:8080/health | Email intelligence API |
| collector-bulma | 8090 | bulma-finances + zoro-fitness | curl http://localhost:8090/health | Bulma + Zoro collector (transactions, posture) |
| collector-events | 8091 | melfi-sovereignty | curl http://localhost:8091/health | Activity events collector |
| collector-football | 8092 | trunks-coding | curl http://localhost:8092/health | Football data collector (pending scraper) |
| collector-mastery | 8093 | shikamaru-learning | curl http://localhost:8093/health | Mastery/learning collector |
| collector-musicmastery | 8094 | squidward-music | curl http://localhost:8094/health | Music mastery collector |
| pilates-researcher | — | allmight-health | systemctl status pilates-researcher.timer | Pilates slot scraper (30-min timer, self-gates 06-18h/hourly overnight) |
| hinata-zepile-collector | 5000 | zepile-appraiser | curl http://localhost:5000/health | Housing/jobs/marketplace scraper (Flask + internal 2h scheduler) |
Deleted Z2 host units (2026-06-11): hinata-poll-truelayer-morning, hinata-poll-truelayer-evening, hinata-normalise-inbox, hinata-transcribe-audio, hinata-mail-body-archive (.service + .timer). No banking poller runs on the Z2 host.
Containers
| CT | Hostname | IP | Services | Mount Points |
|---|---|---|---|---|
| 100 | jimmy-neutron-postgres | 192.168.1.253 | PostgreSQL 15 (hinata DB · system.tasks) | /mnt/data/postgres-backup → /mnt/backup, /mnt/data/shared → /shared |
| 101 | heimerdinger-nlp | 192.168.1.132 | NLP API :8000 | /mnt/data/shared → /shared |
| 102 | iroh-mail-poller | — | Mail polling service | /mnt/data/shared → /shared |
| 103 | itachi-security | — | Vaultwarden :8080 | /mnt/data/shared → /shared |
| 104 | l-research | — | Research tools | /mnt/data/shared → /shared |
| 105 | nujabes-audio | — | Audio processing | /mnt/data/shared → /shared |
| 106 | minato-telegram | 192.168.1.132 | telegram-bot + hinata-bot-poller | /mnt/data/transcripts → /transcripts, /opt/hinata-vault (ro), /opt/jimmy-brain-ops/scripts → /opt/scripts (ro) |
| 107 | orochimaru-transcripts | — | Transcript storage | /mnt/data/transcripts → /transcripts |
| 108 | zoro-fitness | — | Zoro fitness data | /mnt/data/zoro-fitness, /opt/hinata-sandpit (ro) |
| 109 | bulma-finance | 192.168.1.214 | Bulma banking (6 systemd timers) | /mnt/data/hinata/data/bulma → /root/data/bulma |
CT109 Bulma Banking Timers
| Timer | Schedule | Description |
|---|---|---|
| bulma-poll-monzo | every 15 min | Monzo transaction polling |
| bulma-poll-truelayer | every 15 min | TrueLayer transaction polling |
| bulma-analytics | 06:30 daily | Financial analytics run |
| bulma-daily-alert | 09:00 daily | Daily spending alert |
| bulma-weekly-alert | Sun 19:00 | Weekly spending alert |
| bulma-weekly-summary | Sun 20:00 | Weekly financial summary |
CT109 reaches the collector at LAN address 192.168.1.153:8090. The Z2 host Tailscale IP (100.120.141.100) is unreachable from inside LXC containers. Data plane: /mnt/data/hinata/data/bulma on Z2 host, bind-mounted to /root/data/bulma in CT109.
Database (CT100)
| Schema | Owner Commander | Tables | Description |
|---|---|---|---|
| hinata | System | tasks, burnout_checks, cli_token_overrides, colonel_inputs, health_events, session_labels, system_events | System-level tables (renamed from public 2026-06-08) |
| bulma | bulma-finances | accounts, credit_limits, transactions | Financial data |
| zoro | zoro-fitness | posture_assessments | Fitness tracking |
| football | trunks-coding | (empty — pending scraper data) | Football statistics |
| mastery | shikamaru-learning | mastery_touches | Learning activity |
| musicmastery | squidward-music | musicmastery_events | Music mastery leaderboard + events |
| orochimaru | orochimaru-scout | token_burn_sessions, token_burn_daily, token_burn_agents | Token burn tracking |
| weather | allmight-health | snapshots, daily_forecasts | Weather historical data |
Shared Infrastructure
| Path | Location | Consumers | Purpose |
|---|---|---|---|
| /mnt/data/transcripts/ | Z2 HDD | CT106, CT107 | Session transcripts (7 files) — symlinked from /opt/hinata-transcripts/ |
| /opt/hinata-vault/ | Z2 host | CT106 (ro) | Read-only vault sync |
| /mnt/data/ | Z2 host (HDD) | CT101-105 via bind mount | Persistent data storage |
| /opt/jimmy-brain-ops/scripts/ | Z2 host | CT106 (ro) | Automation scripts |
Studio Data Pipeline
| Studio Component | Data File | Generator Script | Location | Trigger | Freshness |
|---|---|---|---|---|---|
| TokenBurnChart | public/data/sessionBurn.json | refresh-session-burn.py | Mac (old vault: Sandpit/Github/hinata-brain/captain/jimmy-neutron-brain-ops/scripts/) | Manual — needs automation | Stale unless manually run |
| TokenBurnChart (daily) | Sandpit/hinata/data/token-burn/YYYY-MM/ | extract-daily-token-burn.py | Mac (launchd: com.hinata.token-burn-continuous) | Continuous daemon | Live |
| Mastery/Shogi | public/data/mastery-*.json | collector-mastery webhook | Z2 host :8093 → CT100 postgres | On mastery event | Live |
| MusicMastery | public/data/musicmastery-*.json | collector-musicmastery webhook | Z2 host :8094 → CT100 postgres | On music event | Live |
| CalendarView | CalDAV / Fastmail | Direct fetch | Browser | On load | Live |
| Mailbox | Sandpit/hinata/mail-archive/YYYY-MM-DD.jsonl | mail-actionable-archive.py | Z2 scripts | Daily | Live |
Known issues:
refresh-session-burn.pyruns from old iCloud vault path (Sandpit/Github/hinata-brain/captain/...) — needs migration toSandpit/hinata-sandpit/scripts/or Z2- Single Studio path (lifted 2026-06-14):
Sandpit/hinata/applications/hinata-studio/(sole canonical — runtime + git tree). Vite dev server, wrangler dev, andrefresh-*.pywriters all converge here. sessionBurn.jsonhas no launchd automation — goes stale between manual runs
Script → Data Dependencies (Z2)
| Script | Reads | Writes | Frequency |
|---|---|---|---|
telegram-bot.py | /opt/vault/federation/*, /opt/vault/the-government/* | /mnt/data/transcripts/telegram.md | Continuous |
session-end-check.sh | Session JSONL, /opt/vault/memory/ | Multiple Studio data files, telegram notifications | On session end |
session-start.sh | /opt/vault/memory/MEMORY.md, /mnt/data/transcripts/telegram-session-state.md | Lock files | On session start |
check-delegation-ratio.py | Session JSONL | Token burn reports | On demand |
generate-prompt-audit.py | /opt/vault/federation/* (COMMANDER_MAP) | Prompt audit report | On demand |
scan-context-drift.py | /opt/vault/federation/* | Drift report | On demand |
Credential Architecture (Itachi)
Vaultwarden (CT103) is the canonical credential store. JSON files in /opt/itachi/credentials/ are deleted (2026-06-09). All 37 credentials in Vaultwarden.
| Priority | Source | Location | Notes |
|---|---|---|---|
| 1 | Env vars | /etc/hinata/telegram.env (CT106) | Static — needs manual update on rotation |
| 2 | Vaultwarden CLI | CT103 Vaultwarden → bw get item | Canonical source of truth |
| 3 | Bootstrap file | /etc/hinata/vw-bootstrap.json (Z2 host) | Vaultwarden unlock only — not general credential storage |
Current state (2026-06-09):
/mnt/data/itachi-credentials/deleted — all credentials migrated to Vaultwardenbw-session-renew.shreads bootstrap from/etc/hinata/vw-bootstrap.jsonmail-poller.pyreadsmail_imap_credentialviabw get item(BW CLI)pilates-researcher.serviceextractspilates_keyvia ExecStartPre →/tmp/pilates_key.json(ephemeral)- CT106 loads credentials from
/etc/hinata/telegram.env(static env file)
Target state: All credentials in Vaultwarden. JSON files deleted. read-credentials.sh resolves via Vaultwarden CLI only. CT106 env files auto-generated from Vaultwarden on rotation.
Hard rules:
- Credentials come from Itachi on Z2 (Vaultwarden, CT103) primarily
- Never use iCloud as a fallback — old iCloud credential folder will be deleted
- Never print credential values in logs or transcripts
External (Cloudflare)
| Service | URL | Type |
|---|---|---|
| michael-engineer.dev | Public website | Pages |
| studio.michael-engineer.dev | Studio dashboard (ZT-protected) | Pages + Workers |
| hinata-studio-api | Worker API | Workers + D1 |