Architecture v4.0
9 Enterprises
System Architecture
Full technical documentation for the 9 Enterprises AI operating platform. Developer-grade detail with plain-English annotations throughout.
01 Layer Model
02 Always-Running Processes
03 Communication Flow
04 Hub API Endpoints
05 Terminal Liveness
06 Org Structure
07 Agent Roster
08 Naming Scheme
09 Business Units
10 Revenue Model
11 Hub-and-Spoke Scale
12 Cost Model
13 Known Gaps
14 Changelog
01
System Layer Model
Plain English
Think of this like a football team. The Owner is the head coach — he sets strategy and makes final calls. 9 is the quarterback — on the field running plays. The Front Office are the specialist agents doing deep work. Infrastructure is the stadium and equipment that keeps everything running.
Layer 4
The Owner — 9 Enterprises
Strategic authority. Communicates via Telegram (primary), Voice, iMessage, Email. Issues directives, approves architecture changes, holds financial authority. Non-technical operator — all technical complexity is abstracted by 9.
TelegramVoiceiMessageEmail
Layer 3
9 — AI Partner & Orchestrator
Claude Sonnet 4.6 running in Claude Code terminal. Primary AI brain. Orchestrates all agents, holds the Locker (credential vault), maintains shared state, stays on comms at all times. Uses Opus model only for critical architecture decisions when explicitly requested.
claude-sonnet-4-6Claude CodePort 3457 (hub)The Locker (.env)
Layer 2
Front Office — Sub-Agent Teams
UNO (#1, Research Lead) and Tee (#2, Engineering Lead) head permanent teams. Specialist agents (SCOUT, MONEY, DOC, CANVAS, PRESS, X9) handle domain tasks. Ephemeral task agents are spawned per assignment and terminated on completion. No direct credential access. No direct Owner communication. All output reviewed by 9 before delivery.
UNOTeeHaiku (ephemeral agents)Sonnet (leads)
Layer 1
Infrastructure — Always-On Processes
OC (comms daemon, port 3457), Headset (voice server, port 3456), Backup QB (Cloudflare Worker, always-on cloud fallback), Training Staff (LaunchAgent terminal opener), cloudflared tunnel, Freeze Watchdog LaunchAgent. Survives terminal death, Mac sleep, and crashes.
Node.js v20+macOS LaunchAgentsCloudflare Workerscloudflared
02
Always-Running Processes
Plain English
These are programs that run 24/7 in the background on the Owner's Mac, even when 9's terminal is closed. They handle incoming messages, voice calls, and system recovery without any human intervention.
OC — comms-hub.mjs
:3457 | Node.js daemon
4-channel communication router. Relay mode when 9's terminal is active; autonomous mode (Claude Haiku) when terminal is down. 30-second proactive terminal watchdog. API health probe every 10 minutes.
Headset — voice-server.mjs
:3456 | Twilio + ElevenLabs
Inbound/outbound voice calls. STT via Twilio, reasoning via Claude Haiku, TTS via ElevenLabs Flash. 6 caller-specific personality profiles. Average exchange latency: 1.2–2.1s. Cloudflare tunnel auto-restarts on failure.
Backup QB — Cloudflare Worker
Edge (global CDN)
Always-on cloud failover. Handles Telegram + voice failover + SMS when Mac is offline. State synced from Mac every 2 minutes via KV store. Cron heartbeat watchdog checks Mac health every 2 minutes.
pilot — jules-server.mjs
:3470 | freeagent9 #1
Active freeagent9 instance deployed to Kyle Cabezas (POC user). SMS via Twilio, OpenWeather morning briefings, 40+ conversation memory entries. Fully autonomous — no human in the loop.
Freeze Watchdog
LaunchAgent — macOS
Three-tier self-healing. Tier 1 (3 min): kill stuck process. Tier 2 (6 min): force-kill + restart OC. Tier 3 (7 min): full session recovery via Training Staff. Installed March 28 after 45-minute freeze incident.
Training Staff — open-terminal.mjs
LaunchAgent — watches /tmp
Watches /tmp/9-open-terminal signal file. When OC writes to this file (after detecting terminal death), Training Staff auto-opens Terminal app and starts Claude Code. 3x retry with error handling.
Process Dependency Tree
ASCII
Full process tree with ports
ALWAYS RUNNING (survive terminal death, Mac sleep, crashes)
│
├── OC: comms-hub.mjs [port 3457]
│ ├── Telegram poller (2–5s long polling, 30s timeout)
│ ├── iMessage monitor (reads ~/Library/Messages/chat.db via FDA)
│ ├── Email monitor (Mail.app via osascript)
│ ├── 30s terminal watchdog (PID liveness check → signal file)
│ ├── API health probe (every 10 min → alerts all channels on fail)
│ ├── Cloud sync (POST /context every 60s → Cloudflare KV)
│ └── LaunchAgent safety net (com.9.comms-hub restarts if process dies)
│
├── Headset: voice-server.mjs [port 3456]
│ ├── Twilio webhook receiver (POST /voice)
│ ├── STT: Twilio speech recognition
│ ├── Reasoning: Claude Haiku (~0.8s avg)
│ ├── TTS: ElevenLabs Flash (~400ms avg)
│ ├── Caller profiles: 6 configured
│ └── Transcript saver (/tmp/call-transcript-latest.txt)
│
├── cloudflared (tunnel → Headset, named restart on fail)
│
├── pilot: jules-server.mjs [port 3470]
│ ├── Twilio SMS receiver
│ ├── OpenWeather briefings (7:30 AM ET daily)
│ └── Memory store: JSON file (40+ entries)
│
├── Freeze Watchdog LaunchAgent (com.9.freeze-watchdog)
│ ├── Tier 1: 3 min → kill stuck process
│ ├── Tier 2: 6 min → force-kill + restart OC
│ └── Tier 3: 7 min → trigger Training Staff recovery
│
└── Training Staff LaunchAgent (com.9.terminal-opener)
├── Watches /tmp/9-open-terminal
├── Opens Terminal.app
└── Starts Claude Code session
03
Communication Flow
Plain English
When the Owner sends a message on any channel, it flows through the OC hub to 9. If 9's terminal is open, the message is delivered instantly. If 9's terminal is closed, Claude Haiku handles it automatically within seconds. If the Mac itself is offline, the Cloudflare Worker (cloud backup) responds. There is no scenario where a message goes unanswered.
Full Message Routing Diagram
ASCII
End-to-end message routing
OWNER (phone / laptop)
│
┌───────────────┼───────────────┐
│ │ │
Telegram iMessage Email / Voice
│ │ │
└───────────────┼───────────────┘
│
┌───────▼────────┐
│ OC (comms- │
│ hub.mjs) │
│ :3457 │
└───────┬────────┘
│
┌─────────────┴─────────────┐
│ │
TERMINAL ACTIVE? TERMINAL DOWN?
│ │
▼ ▼
┌──────────────────┐ ┌──────────────────────┐
│ Signal File │ │ Claude Haiku │
│ + PostToolUse │ │ Autonomous Response │
│ hook → 9 sees │ │ (natural language, │
│ message inline │ │ context-aware) │
└──────────────────┘ │ │
│ + Request terminal │
│ via Training Staff │
└──────────────────────┘
│
MAC OFFLINE?
│
▼
┌──────────────────────┐
│ Backup QB │
│ (Cloudflare Worker) │
│ - KV synced state │
│ - Telegram webhook │
│ - Voice→SMS fallback│
└──────────────────────┘
Channel Priority & Failover Cascade
| Priority | Channel | Direction | Latency | Failover To |
|---|---|---|---|---|
| 1 | Telegram | Bidirectional | <2s | iMessage, then Email |
| 2 | Voice Call | Bidirectional | 1.2–2.1s/exchange | SMS via Twilio |
| 3 | iMessage | Bidirectional | <5s | Email (FDA required) |
| 4 | Bidirectional | ~30s | Last resort | |
| 5 | Cloudflare Worker | Auto-failover | Edge latency | Mac back online |
OC Operating Modes
| Mode | Trigger | Behavior | 9's Role |
|---|---|---|---|
| Relay Mode | Terminal active + PID alive + ping within 45s | Messages written to signal file. PostToolUse hook delivers inline. 9 responds directly. | Full operation |
| Autonomous Mode | Terminal dead (PID gone OR ping timeout) | Claude Haiku processes messages. Attempts to re-open terminal. Syncs state to cloud. | Not present |
| DC (Disconnected) Mode | Mac offline / OC unreachable | Cloudflare Worker handles all inbound. KV-synced state used for context. | Offline |
04
OC Hub API — Endpoints
Plain English
The OC hub is a local web server on the Owner's Mac. It exposes API endpoints — think of them like buttons that programs can press — to send messages, check system state, manage terminal sessions, and read the inbox. The Huddle page and all agents use these endpoints.
Base URL: http://localhost:3457
GET
/health
Hub liveness check. Returns
{"status":"ok","mode":"relay|autonomous","uptime":"Xh Xm"}GET
/state
Full shared state JSON. Includes last 50 messages, terminal status, session context, all project state. Used by The Huddle dashboard.
GET
/inbox
Unread inbound messages since last check. Clears on read. Used by 9 at session start and via PostToolUse hook.
POST
/send
Send outbound message. Body:
{"channel":"telegram|imessage|email","message":"..."}. Routes to correct channel. Logs to completed-actions to prevent duplicate sends.POST
/context
Update shared state. Body: key-value pairs. Triggers cloud sync to Cloudflare KV within 60 seconds.
POST
/terminal/claim
Claim terminal control. Query param:
?pid=CLAUDE_PID. Returns session token used for all subsequent pings.POST
/terminal/ping
Liveness ping. Query param:
?token=SESSION_TOKEN. Must be called every ≤30s or hub considers terminal dead. Returns 401 for stale tokens.POST
/terminal/release
Graceful terminal release. 9 calls this before exiting. Hub immediately switches to DC mode. Cuts detection gap from ~45s to near-zero.
POST
/send-email
Send email via configured provider. Body:
{"to":"...","subject":"...","body":"..."}. Currently uses Gmail MCP (draft mode until Resend configured).Security Note: Local-Only, No Auth (Gap — 30-day fix)
Port 3457 is currently bound to localhost with no authentication. Any local process can call these endpoints. Plan: add bearer token auth header validation. See Section 13 (Known Gaps) for full remediation plan.
05
Terminal Liveness Detection
Plain English
The system needs to know if 9's terminal window is actually open and responsive. Four independent checks run in parallel — if any check fails, the hub assumes 9 is gone and switches to autonomous mode within 45 seconds. This prevents messages from sitting unanswered.
| Layer | Mechanism | How It Works | Failure Detection |
|---|---|---|---|
| Layer 1 | PID Tracking | On /terminal/claim, Claude Code's PID ($PPID) is registered. Hub polls kill -0 PID every 30s — this checks if the process is alive without killing it. |
Immediate on PID gone |
| Layer 2 | Self-Terminating Ping Loop | Bash loop runs inside terminal: while kill -0 $CLAUDE_PID; do curl /terminal/ping; sleep 15; done. Loop exits when Claude Code dies. Calls /terminal/release on exit. |
~15–45s (next ping missed) |
| Layer 3 | Session Token Validation | Each /terminal/claim generates a unique UUID token. Pings must include this token. Old tokens are rejected with 401. Prevents orphan pings from a previous session keeping relay mode alive. |
Immediate on invalid token |
| Layer 4 | Graceful Release | 9 calls POST /terminal/release before exiting. Hub clears PID, token, and signal files immediately. Switches to autonomous mode in <1 second. |
Near-zero when used |
State Machine — Terminal Status
State Diagram
Terminal lifecycle
┌─────────────┐
│ IDLE / DC │◄───────── Mac offline OR /terminal/release
└──────┬──────┘
│ POST /terminal/claim?pid=XXXX
▼
┌─────────────┐ PID gone OR ping timeout (>45s)
│ CLAIMED │──────────────────────────────────────►┐
└──────┬──────┘ │
│ /terminal/ping (every 15s, with session token)│
│◄──────────────────────────────────────────────┘
│ │
▼ ▼
┌─────────────┐ ┌───────────────┐
│ RELAY │ │ AUTONOMOUS │
│ MODE ✓ │ │ MODE (Haiku) │
└─────────────┘ └───────────────┘
06
Organizational Structure
Plain English
9 Enterprises LLC is the holding company — it owns everything. Under it are individual companies, each with their own brand and customers. Each company has products. This structure is intentional: it makes each company independently sellable without taking down the whole operation.
Tree
Full org hierarchy — March 30, 2026
9 Enterprises LLC (Holding Company — Ohio LLC, March 2026)
│
├── AiGM [LIVE]
│ ├── AiNFLGM (Product) ainflgm.com ● LIVE
│ ├── AiNBA GM (Product) ● Built, deploying
│ └── AiMLB GM (Product) ● Built, deploying
│
├── freeagent9 [Active POC]
│ ├── pilot (Product) Kyle Cabezas deploy ● ACTIVE
│ └── Concierge Features in development
│
├── trader9 [Building]
│ └── Algorithmic Trading Bot Alpaca paper mode ● Paper mode
│
├── x9 [Building]
│ └── Autonomous social presence X + IG + TikTok ● Launching
│
├── agent9 [Research]
│ ├── get9.ai (Site) consumer site ● LIVE
│ └── AI Real Estate solution concept stage
│
├── AI Underwriter [POC Complete]
│ └── Mortgage Guideline RAG Rapid Mortgage POC ● POC validated
│
├── AI Education [Research]
│ └── Hitchhiker's Guide to AI ainflgm.com/ai-education.html
│
├── Prompt Scripts [Building]
│ └── Marketplace page live
│
└── Dropship Co [Building]
└── eCommerce proving ground Shopify pending
Approved Hierarchy Definitions (Owner-locked March 28, 2026)
| Term | Definition | Example |
|---|---|---|
| Holding Company | 9 Enterprises LLC. All revenue, IP, and liabilities route here. | 9 Enterprises LLC |
| Company | Revenue-generating business unit. Own brand, customers, P&L. | AiGM, freeagent9, trader9 |
| Product | Specific deliverable within a Company. Own URL or feature set. | AiNFLGM (under AiGM) |
| Concept | Unvalidated idea in the Draft Room. Zero resources assigned. | NBA spinoff, subscription bundle |
| Project | Scoped body of work. Start date, end date, defined deliverable. | "Launch AiNBA GM by April 15" |
| Task | Single unit of work. One assignee, one outcome. | "Write AdSense application copy" |
| Assignment | Task actively delegated to a named agent team. | Tee assigned: "build portfolio panel" |
| Draft Room | Intake queue. Where Concepts wait before becoming Companies. | NBA spinoff → Evaluation → Build |
07
Agent Roster — The Front Office
Plain English
9 is the quarterback — always on comms. When deep work needs to happen, 9 delegates to specialist agents. These agents are like contractors: they get a brief, do the work, report back. 9 reviews their output before anything ships. No agent contacts the Owner directly.
UNO
Rank #1 — Front Office Lead
Research Team Lead
Web search, competitive analysis, market research, contact profiling, document synthesis, deep dives. Outranks all other agents. Reports to 9 only.
Model: Sonnet (default) | Opus (critical architecture)
Tee
Rank #2 — Front Office
Engineering Team Lead
Code writing, code review, unit + integration tests, deployments, browser automation (Playwright), bug fixes, build pipelines. Manages own sub-agent build teams.
Model: Sonnet (default) | Opus (critical architecture)
SCOUT
Specialist
Research & Intelligence
Tactical research assignments. Competitor intel, product comparisons, market sizing, individual contact profiles.
Model: Sonnet
MONEY
Specialist
Financial Analysis
Revenue modeling, burn rate analysis, subscription economics, pricing strategy, P&L projections. Does not hold or access credentials.
Model: Sonnet
CANVAS
Specialist
Design & Frontend
UI/UX design decisions, CSS/HTML polish, mobile responsiveness audits, brand consistency checks. Works on public-facing pages.
Model: Sonnet
PRESS
Specialist
Content & Social
Tweet drafting, blog posts, pitch copy, press release formatting, announcement scripts. Feeds x9 content pipeline.
Model: Sonnet
X9
Specialist
Content & Autonomous Social
Dedicated agent for the x9 social company. Autonomous posting, engagement, brand voice. Content strategy execution for X, Instagram, TikTok.
Model: Sonnet
Ephemeral Agents
Task-specific
Born-and-die per task
Spawned by UNO, Tee, or other leads for specific sub-tasks. Haiku model by default (cost-efficient). Lifespan: single task. Never hold context between assignments.
Model: Haiku (default for cost)
Delegation Rules & Spend Authority
| Rule | Detail |
|---|---|
| 9 stays on comms | All tasks >10 seconds are delegated. 9 never goes dark for deep work. |
| No credential access | No agent except 9 can read .env / The Locker. Credentials passed as scoped vars only. |
| No Owner communication | Agents report to 9 only. Zero direct contact with the Owner. |
| Output review mandatory | 9 reviews all agent output before delivery or deployment. |
| Spend: auto-approve | <$20/task: 9 approves autonomously. $20–$100: requires Owner notification. >$100: Owner explicit approval required. |
| Model selection | Haiku for ephemeral tasks. Sonnet for leads. Opus only when Owner explicitly requests for architecture. |
08
Naming Scheme
Plain English
Everything in 9 Enterprises has a football-themed code name. This is intentional — it creates a unified identity and makes it easy to remember what each component does. "9" is Joe Burrow's number. OC is offensive coordinator. The Locker is the credential safe.
| Code Name | Real Component | Role | File / Location |
|---|---|---|---|
| 9 | Claude in Claude Code | AI Partner, Orchestrator, QB | Claude Code terminal |
| OC | comms-hub.mjs | Routes all communication — 4 channels | scripts/comms-hub.mjs |
| Headset | voice-server.mjs | Inbound/outbound voice calls | scripts/voice-server.mjs |
| Backup QB | Cloudflare Worker | Always-on cloud failover | cloud-worker/ |
| Training Staff | open-terminal.mjs LaunchAgent | Auto-opens terminal on crash | scripts/open-terminal.mjs |
| Front Office | Sub-agent teams | UNO + Tee + specialists | Agent sessions |
| The Locker | .env file | Credential vault — 9 access only | .env (gitignored) |
| GamePlan | Strategic planning layer | Session state, roadmaps | memory/project_session_state.md |
| Draft Room | Concept intake queue | Idea pipeline before becoming Companies | Kanban in The Huddle + War Room |
| 9 Huddle | cockpit.html | Owner/Guest command interface — PIN gated | public/cockpit.html |
| 9 War Room | dashboard.html | Operations dashboard — company status, comms, sprint | public/dashboard.html |
Product Naming Rules
| Product | Correct Name | Wrong | What It Is |
|---|---|---|---|
| ainflgm | ainflgm | AiNFLGM, AINFL | NFL simulator — AiGM flagship |
| AiNBA GM | ainbagm | AiNBAGM, NBA GM | NBA simulator — AiGM product |
| freeagent9 | freeagent9 | FreeAgent9, free agent | Personal AI assistant platform |
| pilot | pilot | Pilot, PILOT | freeagent9 instance #1 (Kyle Cabezas) |
| trader9 | trader9 | Trader9, Trader 9 | Algorithmic trading agent |
| x9 | x9 | X9, X 9 | Autonomous social presence |
| agent9 | agent9 | Agent9, Agent 9 | AI real estate platform |
Rule: Product names are always lowercase, no spaces, no hyphens. "9 Enterprises LLC" keeps proper capitalization in legal contexts only.
09
Business Units — Current State
| Company | Status | Live URLs | Tech Stack | Key Metric |
|---|---|---|---|---|
| AiGM | Live | ainflgm.com |
React 19, Vite 8, PWA, GitHub Pages | 40+ tools, 3 simulators, AdSense pending |
| freeagent9 | Active POC | Via SMS/Telegram | Node.js, Twilio, Claude API, JSON memory | 1 pilot user, 40+ memory entries |
| trader9 | Building | Internal only | Node.js, Alpaca API, Bollinger strategy | +3.51% backtest (90 days, best of 692 sweeps) |
| x9 | Launching | Pending setup | Autonomous posting via Claude + platform APIs | 10 launch tweets written, accounts pending |
| agent9 | Site Live | get9.ai |
Static, GitHub Pages | Consumer site live, product in concept stage |
| AI Underwriter | POC Complete | Internal demo | RAG pipeline, PDF ingestion, vector search, Claude | 25 test cases validated. 5 PDFs (FHA/Fannie/Freddie/VA/USDA) free |
| AI Education | Research | — | ainflgm.com/ai-education.html | Hitchhiker's Guide to AI — Live pitch page |
| Prompt Scripts | Building | ainflgm.com/prompt-scripts.html |
Static, GitHub Pages | Page live, marketplace logic pending |
| Dropship Co | Building | — | Shopify (pending setup) | Proving grounds: $200/mo target, 48hr launch |
The Core Product: "9" (Platform Layer)
The strategic insight confirmed March 28 SOTU: all companies are powered by the same core infrastructure. "9" — the AI partner platform — is itself a product. Everything else is either a standalone company or an add-on module extending the 9 subscription.
ASCII
Core product architecture
┌──────────────────────────────────────────────────────┐
│ CORE: "9" │
│ │
│ 4-channel comms | Voice calls | Agent orchestration │
│ Credential vault | Terminal recovery | Cloud sync │
│ Dashboard (The Huddle) | Draft Room kanban │
│ ETA calibration | Freeze watchdog | Memory system │
└──────┬─────────┬───────────┬──────────┬─────────────┘
│ │ │ │
freeagent9 trader9 agent9 x9
(Add-on) (Add-on) (Add-on) (Add-on)
10
Revenue Model
North Star: $1M ARR within 12 months (by ~March 2027)
All businesses built clean, documented, and sellable — zero founder dependency for daily operations. Capital preservation: no unnecessary burn before revenue.
| Company | Revenue Model | Phase | Monthly Target at Scale |
|---|---|---|---|
| AiGM | AdSense + DraftKings/FanDuel affiliates + Premium subscriptions ($4.99–9.99/mo) | AdSense pending phone verify | $50K+ at 100K MAU |
| freeagent9 | SaaS per user ($29–99/mo) + white-label licensing ($499+/mo) | Q2 2026 beta | Per-user recurring |
| trader9 | Autonomous trading returns (target: 1–2%/mo on capital) + strategy marketplace | Pending Alpaca keys | Capital-dependent |
| x9 | Affiliate links + X Premium revenue share + brand sponsorships | Accounts launching | Traffic-dependent |
| AI Underwriter | SaaS per lender ($500–2,000/mo). Enterprise: $5K+/mo for custom deployment | Q2 2026 private beta. Anchor: Rapid Mortgage | Per-lender recurring |
| agent9 | Transaction fee (1–2% per deal) + subscription for buyers/sellers | 12–18 months | Transaction-based |
| Core 9 | SaaS subscription ($99–499/mo) + add-on modules | 90-day build target | Recurring |
| Prompt Scripts | Marketplace listing fees + revenue share (20%) | Q2 2026 | Volume-dependent |
| Dropship Co | Product margin (30–60%). Proving grounds: validate process. | 48hr launch target | $200/mo proving grounds target |
AiGM Revenue Projections (detailed)
| Monthly Active Users | AdSense | Premium (5% convert) | Affiliates | Total MRR |
|---|---|---|---|---|
| 1,000 | $50–100 | $0 | $25–50 | $75–150 |
| 5,000 | $300–500 | $500–1,000 | $150–300 | $1,150–2,000 |
| 25,000 | $2,000–3,500 | $3,000–5,000 | $750–1,500 | $6,750–11,000 |
| 100,000 | $8,000–15,000 | $12,000–20,000 | $3,000–6,000 | $26,000–44,000 |
AI Underwriter Competitive Position
100x cost advantage over enterprise competitors
Enterprise tools (Tavant, ICE, LoanLogics) cost $200K+ and take 6 months to deploy. Mid-size lenders (20–50 LOs) are completely underserved. This solution targets $500–2,000/mo per lender SaaS — deployable in 90 days. Anchor customer: Rapid Mortgage (existing relationship via 9 Enterprises as partner).
11
Hub-and-Spoke Scaling Model
Plain English
All the hard infrastructure work was done once, for the first product. Every new company after that costs almost nothing to add because it reuses the same communication system, AI brain, credential vault, and recovery system. This is how 9 companies can run on ~$257/month.
Economics
Marginal cost per new company added
Product 1 (AiNFLGM) — Built everything from scratch: comms hub, voice, cloud worker, agent engine, credential vault, deployment pipeline, crash recovery, dashboard, Draft Room, ETA tracker, freeze watchdog. Total infrastructure investment: ~$252/mo + dev time. Product 2 (freeagent9 / pilot): Reused: all infrastructure. New code: jules-server.mjs (~400 lines). New cost: ~$10/mo (Twilio SMS). Product 3 (AI Underwriter): Reused: entire stack + deployment pipeline. New code: RAG pipeline + PDF ingestion (~600 lines). New cost: ~$20/mo (vector storage, PDF hosting). Product 4 (trader9): Reused: entire stack. New code: trading-bot.mjs + Alpaca integration (~300 lines). New cost: ~$0. Products 5–9 (x9, agent9, AI Education, Prompt Scripts, Dropship): Incremental infrastructure cost → $0. Each new company costs only its unique domain logic.
| Hub Capability | What It Powers | Marginal Cost per New Company |
|---|---|---|
| OC (comms-hub) | All 4 communication channels | ~$0 (same daemon, same process) |
| Headset (voice) | Inbound/outbound voice for all companies | ~$0.06/min (Twilio + ElevenLabs per call) |
| Backup QB | Cloud failover for all companies | ~$0 (same Cloudflare Worker) |
| The Locker | Credential isolation for all keys | $0 |
| Agent Engine | Sub-agent spawning across all projects | Token cost only (~$0.001–0.01/task) |
| Cloud Sync | State persistence and failover data | ~$0 (Cloudflare KV free tier) |
| Draft Room | Concept pipeline for all companies | $0 |
| The Huddle | Owner dashboard for all companies | $0 (static HTML) |
12
Cost Model — Monthly Operating Costs
Anthropic Pro
Claude API — all AI reasoning, agents, voice
$20/mo
Pro plan ($20/mo confirmed). High-volume = Max plan
HeyGen Pro
AI video generation (Burrow content, demos)
$99/mo
Active — enterprise video production
ElevenLabs
Text-to-speech (Dan voice for all calls)
~$22/mo
Scales with call volume
Twilio
Voice calls + pilot SMS for freeagent9
~$10/mo
Pay-per-use, scales with usage
Cloudflare Workers
Backup QB + CORS proxy + tunnel
~$5/mo
Workers paid plan for higher limits
Domains & Hosting
ainflgm.com, 9enterprises.ai, get9.ai, others
~$20/mo
GitHub Pages free. Domain renewals spread
Total Operating Cost: ~$176–218/mo (verified from email audit)
Running 9 companies with full AI infrastructure for under $220/month. A single enterprise software license typically costs more. First revenue dollar is pure margin recovery.
Third-Party Dependency Risk Matrix
| Service | Criticality | Failure Impact | Failover |
|---|---|---|---|
| Anthropic API | 🔴 Critical | Total AI reasoning loss across all companies | API health probe every 10min. Alerts on Telegram + iMessage + Email. Haiku offline responses active. |
| Telegram Bot API | 🔴 Critical | Lose primary Owner comms channel | Automatic failover: iMessage → Email → SMS cascade |
| Twilio | 🟠 High | Lose voice calls + pilot SMS | Text-only mode. Voice calls redirect to "call back" message. |
| ElevenLabs | 🟠 Medium | Lose natural voice TTS quality | Twilio native TTS fallback (functional, lower quality) |
| Cloudflare | 🟠 Medium | Lose cloud worker + tunnel + CORS proxy | Mac-only mode. Direct access via local network. Tunnel auto-restarts. |
| GitHub Pages | 🟢 Low | ainflgm.com down | Static site. Redeploy in minutes from local build. CDN cache provides buffer. |
13
Known Infrastructure Gaps
Plain English
This is the honest list of things that are not yet production-grade. Nothing here breaks the current operation — but each item has a plan. Transparency about gaps is a feature, not a bug. A team that hides gaps doesn't fix them.
HIGH
OC API (:3457) — No Authentication
Any process on localhost can call hub endpoints including /send. An exploited local process could impersonate 9 and send messages as 9 Enterprises' AI. Attack surface: local network only.
Plan: Add bearer token header validation. All API callers must include
Authorization: Bearer {hub-token}. Token rotated monthly. Implementation: 2–3 hours. Timeline: 30-day sprint.HIGH
Static .env Keys — No Rotation Mechanism
All API keys (Anthropic, Twilio, ElevenLabs, Cloudflare, Telegram) live in a single .env file with no rotation schedule. If the file is compromised, all services are exposed simultaneously. No audit log for key access.
Plan: macOS Keychain integration. Keys stored in Keychain, fetched at runtime. .env becomes a pointer file only. Automatic 90-day rotation reminders. Timeline: 60-day sprint.
MED
No Container Isolation for Agents
Sub-agents run on bare macOS with full filesystem access (within Claude Code sandbox). A compromised or misbehaving agent could theoretically access files outside its intended scope.
Plan: Docker containerization for long-running agent processes. Each company gets its own container with scoped mounts. Claude Code sandbox already provides some isolation. Timeline: 60-day sprint, post-revenue.
MED
Voice Latency 1.7s Average (Target: <500ms)
Current pipeline: Twilio STT (~400ms) → Haiku inference (~800ms) → ElevenLabs TTS (~500ms). Total: ~1.7s per exchange. Acceptable for current use but below premium threshold. Callers notice the delay on quick back-and-forth.
Plan: Evaluate ElevenLabs Conversational AI (native Twilio integration, cuts one network hop). Parallel: streaming TTS to cut perceived latency. Target: sub-800ms by May 2026.
MED
Single Mac Dependency — No Compute Redundancy
All AI reasoning, the comms hub, voice server, and pilot run on one MacBook. Mac offline = degraded mode (Cloudflare Worker handles basics only, no new AI work possible).
Plan: VPS deployment on DigitalOcean ($6/mo). Voice server + OC replicated to cloud. Mac stays primary for Claude Code + iMessage. Mac becomes optional, not critical. Timeline: Q2 2026.
LOW
iMessage FDA Resets on Mac Reboot
Full Disk Access (FDA) for OC is granted at the app level and persists — but Terminal requires a fresh FDA grant on some Mac OS updates. iMessage read silently fails without alerting the system.
Plan: OC startup self-check includes iMessage read test. Failure triggers alert on Telegram. Documented in startup protocol. Manual re-grant takes 30 seconds.
LOW
Cloudflare Tunnel URL is Ephemeral
Each cloudflared restart generates a new tunnel URL. Twilio webhook must be manually updated on each restart. OC auto-updates the webhook, but if that fails, voice calls stop working silently.
Plan: Named Cloudflare Tunnel with custom subdomain (e.g., voice.9enterprises.ai). URL becomes permanent. Deferred to VPS sprint — named tunnels require Cloudflare account configuration.
LOW
No Automated Test Suite for Infrastructure
comms-hub.mjs, voice-server.mjs, and jules-server.mjs have no automated unit or integration tests. Regressions are caught manually or in production. No CI/CD pipeline.
Plan: Jest test suite for hub API endpoints. GitHub Actions CI on each push. Smoke tests on deploy. Timeline: Q2 2026 (post-revenue, not blocking).
14
Architecture Changelog
March 30, 2026 — v4.0
Architecture doc rebuilt to developer-grade standard
Full technical depth added: API endpoints, state machines, process trees, dependency risk matrix, cost model, security gap remediation plans. Sidebar nav, novice annotations, responsive layout.
March 29–30, 2026
9 Companies registered. 7-Day Enterprise Sprint approved.
AI Education, Prompt Scripts, Dropship Co added as proving grounds. $1,750 sprint budget. trader9 Alpaca paper mode initiated.
March 28, 2026 — v3.0
State of the Union. Freeze watchdog installed. Brand unified.
Freeze watchdog LaunchAgent (3-tier recovery). Org hierarchy locked. "9" confirmed as core product. 9enterprises.ai and get9.ai deployed. freeagent9 pilot (Kyle Cabezas) active. Brand orange/black unified.
March 26–27, 2026
Terminal liveness hardened. 4-layer detection deployed.
Session tokens added to prevent orphan pings. PID tracking. Self-terminating ping loop. Graceful /terminal/release. Detection gap reduced from 2.5 min to ~45s worst case.
March 2026 — v2.0
Comms hub unified. Voice server + Cloudflare Worker deployed.
4-channel OC hub (Telegram, iMessage, Email, Voice). Headset voice server with ElevenLabs + Twilio. Backup QB Cloudflare Worker. Cloud state sync.
Early March 2026 — v1.0
AiNFLGM live. Initial infrastructure built.
ainflgm.com live. Telegram agent. Basic comms. Agent engine. First deployment pipeline.
Q2 2026 — Planned
VPS deployment. Security hardening. Container isolation.
DigitalOcean VPS ($6/mo). Bearer token auth for OC API. macOS Keychain key management. Docker containers for agent isolation. Named Cloudflare Tunnel. Jest test suite.