✦ Internal Infrastructure Document
How Our Studio
Infrastructure Works
A complete guide to the Bertini & Salas development infrastructure — how Arlo, the VPS, GitHub, and your local machine work together as one seamless system.
01 — Overview
Four Systems, One Brain
Everything in the studio is connected through Arlo — our name for the AI agent, powered by Antigravity (Opus 4.6). Instead of manually SSHing into servers or writing deploy scripts, you describe what you want and Arlo handles it.
🧠
Arlo (Antigravity · Opus 4.6)
The central orchestrator. Full terminal control on the Mac — runs commands, organises files and folders, manages projects locally. SSHs into the VPS, pushes to Git, opens browsers, connects to Supabase databases, and remembers everything through a persistent knowledge base.
💻
Local Machine
Where code is written and built. All project source code lives here. Backups are pulled to this machine as a safety net.
🖥️
OVH VPS
The live production server. Runs all websites, APIs, status page, Telegram bots, and automated backups. Ubuntu + Nginx + PM2.
🐙
GitHub
Every project is version-controlled. Arlo pushes, pulls, creates branches, and tracks repo freshness. 9+ repos monitored.
⚡
Supabase
Cloud database layer for projects needing auth, real-time data, and file storage. Arlo connects directly — queries, creates tables, manages schemas.
02 — Capabilities
What Arlo Does
Arlo isn't a chatbot — it's a full-stack engineer with direct access to your infrastructure.
1
Build & Deploy Websites
Writes code → builds the project → uploads to VPS via rsync → sets permissions → verifies live. No manual server work.
2
Monitor Everything 24/7
A custom status page checks every site, API, SSL cert, database, and PM2 process every 30 seconds. Instant Telegram + push alerts on failure.
3
Version Control & Git
Pushes to GitHub, creates branches, opens PRs, tracks repo activity. Alerts if a repo hasn't been pushed in 24+ hours.
4
Automated Backups
Daily server backups at 03:30 UTC — .env files, Nginx configs, SSL certs, databases, PM2 state. Kept 14 days on server + pulled to MacBook.
5
Server Diagnostics & Repair
Checks disk, memory, zombies, stale SSH. Kills hangs, restarts services, flushes logs, cleans old backups.
6
Client Staging & Gate Pages
Sets up PIN-gated staging environments. Clients get a private preview URL with hidden passcode entry.
7
Generate Documents & PDFs
A full HTML-to-PDF system with multiple branded themes (B&S dark/gold + LINE green). Client proposals auto-generated via AI with structured pricing, scope, and timelines. Templates stored in a dedicated pdfknowledge library — reusable across all client projects. Print-ready with A4 pagination.
8
Learn & Remember
After every task, Arlo documents what it learned — architecture decisions, deployment gotchas, config patterns. This knowledge persists forever.
9
Email & Notifications
Transactional emails via Resend, forwarding via ImprovMX. Arlo sets up domain DNS, verifies SPF/DKIM, and configures templates per project.
10
SEO & Site Migrations
Pre-launch SEO blocking, go-live switches, full audit checklists. Safe migrations from Wix/Squarespace/WordPress with 301 redirects and canonical preservation.
03 — Deployment
How Code Gets to Production
Every deployment follows the same battle-tested pattern. Arlo handles the entire flow.
| Step | What Happens | Where |
|---|
| 1. Build | Vite/React/Next.js compiles the project | MacBook |
| 2. Upload | rsync sends files to staging directory on VPS | MacBook → VPS |
| 3. Swap | Old files removed, new files moved into live directory | VPS |
| 4. Permissions | Ownership set to www-data, permissions to 755 | VPS |
| 5. Restart | PM2 restarts Node.js service (if applicable) | VPS |
| 6. Verify | Status page checked, site loaded, asset hashes updated | VPS + Browser |
Safety rule: Gate files are excluded from every deploy via rsync --exclude flags. A deploy can never overwrite a client's staging page.
04 — Monitoring
24/7 Health Monitoring
A custom-built status page runs on the VPS and checks every service every 30 seconds. Zero third-party dependencies — pure Node.js.
🌐
URL Checks
Every live site pinged for a 200 response.
🔌
Port Checks
TCP connections test Node.js services are listening.
📁
File Checks
Verifies critical files (JS bundles, configs) exist on disk.
🔒
SSL Checks
Monitors certificate expiry across all domains.
⚙️
PM2 Checks
Ensures all Node.js processes are "online".
💾
Disk & Memory
Resource usage tracked with warning thresholds.
📦
Backup Freshness
Alerts if latest backup >28 hours old.
🐙
Git Activity
Monitors GitHub push recency via API.
Alert channels: Telegram bot (@servervpshealthbot), FCM push notifications to the custom-built Server Health Android app, and the web dashboard at status.junipho.com/status/. State machine only fires on transitions (up→down, down→up) with cooldowns to prevent spam.
Android companion app: A native Android app built in-house that receives real-time push alerts when any service goes down. Also lets you trigger manual backups remotely via the /backup Telegram command — no laptop needed. The app is deployed via direct APK download from the VPS.
05 — Backups
Four-Tier Backup Strategy
Nothing is ever lost. The studio runs a multi-layered backup system that covers server configs, databases, code, and client data.
1
Automated Server Backups
Cron job at 03:30 UTC daily. Captures all .env files, Nginx configs, SSL certs, PM2 state, SQLite databases, and crontabs. 14-day retention on server. Triggerable via Telegram /backup command.
2
Local Pull to MacBook
Arlo pulls all server backups via rsync to ~/backups/vps/. Creates a second copy outside the VPS — protection against total server failure. 7-day local retention.
3
Application Database Backups
Projects with databases (client portals, booking systems, CRM tools) maintain their own separate SQLite snapshot backups of all data. These are captured both by the daily server backup script and through individual project-level snapshots — ensuring database state is never lost even if a deploy goes wrong.
4
Git Repository Tracking
9+ repos monitored via GitHub API. Status page checks "last push" — if a repo hasn't been pushed in 24+ hours, it shows a warning. Ensures code is always version-controlled.
Disaster recovery: Full rebuild procedure documented — provision VPS, upload backup, restore configs, install runtime, pm2 resurrect. Under 1 hour with backups available.
06 — Knowledge
The Knowledge System
Arlo doesn't forget. Every project, pattern, gotcha, and decision is stored in a structured knowledge base that persists permanently across every conversation and every project.
knowledge/
├── raak_website/ # Project-specific knowledge
│ ├── metadata.json # Title, summary, references
│ ├── timestamps.json # Auto-managed
│ └── artifacts/
│ ├── architecture.md # Tech stack, structure, key files
│ └── deployment.md # Build, deploy, VPS paths
├── studio_vps/ # Cross-cutting infrastructure
├── studio_databases/ # All database schemas
├── studio_domains_services/ # Domains, env vars, bots
├── nginx_patterns/ # Reusable Nginx configs
└── ... (51 items total)
metadata.json
Every item has a dense ~500-word summary covering purpose, tech stack, features, deployment, and gotchas. This is what Arlo reads first — the single most important field.
Artifact Documents
Detailed .md files — architecture, deployment, webhooks, admin panels, email templates. Never deleted or overwritten — new content appended with dated sections.
raak_websitethe_wacky_hair_cobagbuddycammoveantwerp_dentistryaln_carpentryhireatechiegathered_findsroses_tailorline_automationtelegram_botsserver_health_status_pageserver_health_androidstudio_vpsstudio_databasesstudio_domains_servicesstudio_securitynginx_patternspdf_quotesseo_patternsbooking_systemsstripe_patternsai_integrationvps_infrastructure+ 27 more
07 — Skills
The Skills Library
Knowledge is what Arlo knows. Skills are what Arlo can do. Each skill is a step-by-step procedure with exact commands, safety checks, and troubleshooting tables — shared globally across every project.
| Skill | What It Does |
|---|
| VPS Deploy | Deploy any static site or Node.js app — build, upload, swap, permissions, verify |
| VPS SSH & Troubleshoot | Connect, diagnostics, kill zombies, check disk/memory, restart services |
| VPS Backup Management | Trigger, pull, verify, restore backups. Full disaster recovery procedure |
| Server Health Monitoring | Build or extend the status page — check types, Telegram/FCM alerts |
| Add Service to Monitoring | Add a new project with URL, port, file, SSL, and Git checks |
| New Site Setup | End-to-end: directory, deploy, Nginx, SSL, gate, monitoring, backups |
| Client Staging & Gates | PIN-gated staging with hidden passcode entry and demo banners |
| AI Integration | Add, configure, and tune Google Gemini AI features |
| Booking System | Time slots, payments, reminders, admin CRM |
| E-Commerce Tracking | Custom order tracking — UI, carrier integration, emails |
| Email Setup | Transactional email (Resend) + forwarding (ImprovMX) |
| SEO Finalization | Pre-launch blocking, go-live switch, full audit checklist |
| SEO-Safe Migration | Migrate from Wix/Squarespace/WordPress without losing rankings |
| Project Audit | Systematic 12-domain quality gate audit |
| Knowledge Management | Rules for creating, extending, and maintaining the knowledge base |
Key principle: Skills are never deleted or overwritten. If a process changes, old steps are marked deprecated and new ones added. This preserves full history and prevents accidental loss.
08 — Persistence
How Knowledge Persists & Shares
This is what makes the setup fundamentally different. Arlo's knowledge isn't trapped in chat history — it's structured, permanent, and available everywhere.
1
Layer 1 — Permanent Knowledge Base
51 structured items at ~/.gemini/antigravity/knowledge/. This is Arlo's long-term memory. Survives across conversations, restarts, updates. Every project has its own knowledge item. Cross-cutting items (VPS, databases, security) are shared references.
2
Layer 2 — Global Skills (Shared Across All Projects)
15 skill files in the knowledge-skills Git repo. Available to every project workspace via a custom skills path. Open RAAK or Antwerp — same deployment, backup, and monitoring skills.
3
Layer 3 — Version-Controlled Backup
The entire knowledge base is synced to a Git repo via rsync. Version-controlled — see what changed, when, roll back if needed. Pushed to GitHub for off-machine backup.
| Auto-Documentation Trigger | What Gets Documented |
|---|
| New project created | metadata.json + architecture.md + deployment.md + studio_vps + studio_domains_services |
| New feature added | Appended to architecture.md with dated section |
| First deployment to VPS | Creates deployment.md, updates VPS site table and domain map |
| Infrastructure change | Nginx patterns, PM2 tables, SSL records, bot tables |
| Repeatable procedure | New skill created or existing skill extended |
| New database table | Schema added to studio_databases |
| New environment variable | Added to studio_domains_services |
The result: Over time, Arlo builds a living encyclopedia of the entire studio. Nothing forgotten, nothing undocumented. Every pattern reusable. When a new project starts, Arlo already knows how to deploy, monitor, gate, audit, and back it up.
09 — Services
Running Services & Routing
PM2 keeps Node.js processes alive. Nginx routes all traffic. Every service is health-checked.
| Service | Port | Health | Purpose |
|---|
| status-page | 3080 | /api/status | Monitoring dashboard |
| raak-payments | 3002 | /health | Stripe payments for RAAK |
| wackyhair-booking | 3001 | /api/health | Next.js booking system |
| bs-portal | 3457 | / | B&S client portal |
| bs-ai-chat | 3456 | / | AI discovery chatbot |
| vps-monitor | 3003 | / | Legacy Telegram monitor |
| openclaw | 18789 | /health | OpenClaw AI gateway |
junipho.com config
301 redirects to bertinisalas.com subdomains. Wacky Hair, Booking, BagBuddy, CamMove, Gathered Finds all migrated. Keeps PulseDiscovery, Status Page, and Bestie.
bertinisalas.com config
Routes B&S main site, Rose's Tailor, LINE Automation, AI chat/portal. 11 subdomains with individual server blocks in staging-subdomains.
⚠️ Critical gotcha: bertinisalas.com in sites-enabled is a regular file, not a symlink. Editing sites-available has NO effect. Always edit sites-enabled directly.
10 — Robustness
Why This Setup Is Robust
This isn't robust because we got lucky — it's robust because every layer has been made comprehensive on purpose. Every system has a safety net, every process has a check, and every lesson is permanent.
🔄
End-to-End Coverage
Every project has monitoring, backups, version control, deployment procedures, and knowledge documentation. Nothing is left uncovered — comprehensiveness is the default.
🛡️
Multi-Layer Safety Nets
Code on GitHub + server backups on VPS + local backups on MacBook + knowledge in Git. Lose any one layer and everything is still recoverable.
🔍
Pre-Flight Checks
nginx -t before every config change. node -c before status page restarts. Gate file exclusions on every deploy. Permissions verified after every upload.
📝
Strict Editing Rules
Arlo outputs complete files — never placeholders. Never removes code unless asked. Stops and asks on ambiguity. Every edit is minimal and scoped.
🧠
Permanent Memory
Every bug, gotcha, and lesson is encoded into the knowledge base and skills. The Vite base path bug, the symlink gotcha, the SSH hang — none can happen again.
📱
Always-On Visibility
Status page, Telegram alerts, Android push notifications, web dashboard. Three independent alert channels means you always know the state of every service.
The philosophy: Robustness isn't about reacting to failures — it's about building systems so comprehensive that failures are caught before they matter. Every new project automatically gets the full stack: monitoring, backups, version control, knowledge, and safety checks.
11 — Summary
Everything, All In-House
No Vercel. No Netlify. No AWS. No third-party monitoring. No external CI/CD. Everything runs on infrastructure you own and an AI agent you control.
1
You describe what you want
"Deploy the RAAK site" / "Add monitoring for the new project" / "Back up and pull to my machine"
2
Arlo checks its knowledge & skills
Looks up VPS path, build command, rsync exclusions, Nginx config, monitoring entries — all from persistent memory.
3
Arlo executes with safety checks
Connection timeouts, syntax checks, permission fixes, verification. You approve anything destructive.
4
Arlo documents what it learned
New patterns, gotchas, or infra changes recorded in the knowledge base — never forgets, never repeats mistakes.
Prepared by Arlo — AI Agent
Bertini & Salas Digital Studio
12 — Getting Started
How to Replicate This Setup
Want to build the same infrastructure? Here's how — and the key thing is: you don't do most of this manually. You tell the AI agent what you want and it executes. You just approve the steps.
1
Get a VPS & Install Essentials
Sign up for a VPS (we use OVH, ~€6/month). Choose Ubuntu 22.04+. Then ask your AI agent: "Install Node.js, PM2, Nginx, and Certbot on the VPS." It SSHs in and runs every command for you.
2
Set Up SSH Keys
Ask the agent: "Generate SSH keys and set up passwordless login to my VPS." It runs ssh-keygen, copies the public key, and disables password login — all from your Mac terminal.
3
Set Up Antigravity (The AI Agent)
This is the core of everything. We use Antigravity powered by Opus 4.6 — it runs in your IDE and has full access to your terminal, file system, browser, and SSH. No separate installation needed. It runs commands on your Mac, organises your folders, creates projects, SSHs into servers, and connects to Supabase.
4
Ask the Agent to Create Your Knowledge Base
Say: "Create a knowledge-skills Git repo with a knowledge/ folder and .agents/skills/ folder." The agent creates the directories, initialises Git, creates the first metadata.json files, and pushes to GitHub — all locally on your Mac. You never touch the terminal.
5
Ask It to Write Your First Skills
Say: "Write a VPS Deploy skill and a Backup skill." The agent creates SKILL.md files with step-by-step procedures. Next time you say "deploy my site," it reads those skills and executes them automatically.
6
Ask It to Set Up Backups
Say: "Set up daily automated backups on the VPS." The agent SSHs in, writes a backup script, schedules it with cron, and creates a skill documenting the process. Tell it to "pull backups to my Mac" and it rsyncs them down.
7
Build a Status Page & Android App
Ask the agent to build a monitoring system. It creates the Node.js status page, sets up Telegram alerts, and can even build an Android companion app for push notifications — so you get alerts on your phone when anything goes down.
8
Let It Organise Everything
The agent manages your local Mac too — it can reorganise project folders, clean up files, rename things, sort assets, and structure your workspace. Just ask: "Tidy up my project files" or "Move all PDFs to the templates folder."
The key insight: You almost never type terminal commands yourself. You describe what you want in plain English, the agent figures out the commands, and you approve them. Over time, it learns your entire infrastructure and can handle almost anything autonomously.
—
🧠
You Don't Need to Understand All of This
That's the whole point. All of the infrastructure, the backups, the monitoring, the deployments, the knowledge system — it all runs so that you only have to do one thing:
"Hey Arlo, deploy my site."
"Hey Arlo, back everything up."
"Hey Arlo, is everything running?"
The AI reads its knowledge, checks its skills, runs the right commands, verifies everything worked, and documents what it learned. You approve the steps. That's it.
Ready to build yours?
Go back to Page 13 and follow the steps. Ask the AI to do each one.
Questions? Just ask. Arlo is always here.
