Services status — 2026-05-14 (refreshed evening)
Quick visual audit of the credential + service surfaces across shared vs project scope. Green ticks = good for now. Yellow = working but with named limitations. Red = blocker.
Strikethrough = ~~superseded/done since the morning version of this report~~ (visible to show today’s compounding wins).
TL;DR
- 8 of 8 service surfaces fully functional (was 6 of 7 this morning). Pushover, voip.ms, and the Cloud Run Job all moved from ⏸/⚠️ to ✅ in the evening session.
- Zero hard blockers in 1Password / Cloudflare / GCP / GitHub / Twilio / Resend / Pushover / voip.ms.
- Shopify audrey-readonly scopes remains the one ❌ — 5-min UI fix queued for tomorrow’s audrey stand-up. Not infrastructure-blocking.
1Password — vault + scope state
| Vault | My SA can reach? | Items | Status | Notes |
|---|---|---|---|---|
| Code Shared | ✅ read-only | 17 (was 15 this morning; +Pushover + voip.ms) | ✅ Good | Holds all portfolio-shared creds |
| Dogwood | ✅ read+write | 6 | ✅ Good | Per-project vault |
| Private | ❌ unreachable | n | ⚠️ Limited | Dan-only via desktop / local CLI |
Notes:
- ✅ Two new items landed in Code Shared this evening: API Pushover portfolio-notify + voip.ms api.
- ⚠️ The Pushover item is in API_CREDENTIAL category (trap recurrence noted; functionally inert; leaving as-is). The voip.ms item is in Password category (correct). Forward rule applies — prefer Password for new portfolio secrets.
Cloudflare — accounts / zones / R2 / tokens
Account: 2366f43fb08cc98065551599ad8e6e63 (Dan Sellars).
Tokens in 1Password (Code Shared)
| Token | Scope | Status |
|---|---|---|
dare-pipeline analytics |
CDN, security layer, and DNS provider sitting in front of dare.co.uk.">CF Analytics Read | ✅ |
dare-dashboard pages-deploy |
Pages: Edit + Zone read | ✅ |
Cloudflare agent-edge deploy |
Workers: Edit (multi-zone) | ✅ |
Cloudflare Access claude-session |
Service-token (Access) | ✅ |
R2 dare-pipeline-thumbs |
Object R+W on dare-images only |
✅ |
R2 buckets (after today’s edge retirement)
| Bucket | Status | Notes |
|---|---|---|
dare-images |
✅ Live | Backs images.dare.co.uk |
dogwood-photos |
✅ Live | Awaits dogwood content build-out |
xlabs |
⚠️ Legacy | Next-oldest retire candidate |
Pages projects + Workers
| Surface | Status |
|---|---|
dare-dev-reports Pages project |
✅ Live |
dare-dashboard Pages project |
✅ Live |
dare-co-uk Worker (main site) |
✅ Live |
dare-contact-page Worker |
✅ Live |
agent-edge Worker |
✅ Live |
audreyinc-beta, dogwood-api, etc. |
⚠️ Mixed — monthly review queue |
Parked
- ⏸ R2
portfolio-image-promotiontoken — not currently blocking; mint when 2nd portfolio site needs R2 image promotion. - ⏸ GitHub PAT for
xlab-co/devreports-content— pending piece of Cloud Run devreports parallel path.
GCP — projects + service accounts
Active account: dan@dare.co.uk. Active project: dare-devreports.
| Project | Service account | Status |
|---|---|---|
audrey-experiments |
audrey-vertex-sa (roles/aiplatform.user) |
✅ Live; JSON key in op://Code Shared/gcp audrey-experiments vertex-sa |
dare-devreports |
Cloud Run Job runtime SA | ✅ Verified end-to-end this evening — Cloud Run Job devreports-publish executes cleanly: PAT in Secret Manager → git clone → markdown render → wrangler deploys to dare-dev-reports Pages. Parallel runtime alongside Mac launchd + GHA |
| dare.co.uk org (316548249330) | n/a | ✅ Org-level hierarchy ready for agency client work |
Parked: Gemini Cloud Assist (one-project scale); revisit at 2nd GCP project.
Messaging / SMS / Push / Voice
| Surface | State | Credential | Notes |
|---|---|---|---|
| Pushover (push) — notify-portfolio v1 | ✅ SHIPPED + verified end-to-end this evening | op://Code Shared/API Pushover portfolio-notify/{user_key,app_token} |
~/bin/notify-portfolio callable from anywhere in the toolkit; test push delivered to phone; ready for first integration (cron-failure / audrey commerce / report-ready) |
| voip.ms — REST/JSON API | ✅ Verified end-to-end this evening | op://Code Shared/voip.ms api/{api_username,api_password,account_id,endpoint} |
getBalance returns $35.30; 1 DID on account (447400880760 UK, Dan’s personal line); IP allowlist contains residential IP (may need re-add if ISP reassigns) |
| voip.ms AI Agent BETA | ⚠️ Confirmed inbound-only (per official FAQ); CLAUDE.md outbound-callback frame doesn’t fit | (same as above) | Reframed as audrey customer support line; parked per project_voipms_ai_agent_audrey_support_parked with named resume conditions |
| Twilio audrey | ✅ Active | op://Code Shared/... |
Entity submission done; toll-free SMS verified |
| Twilio dogwood | ✅ Active | op://Dogwood/Twilio |
Per-project |
| Twilio dare | ✅ Active | (via dare-contact-worker.js) | Contact form integration |
| sms.to (dare contact form) | ✅ Active | op://Private/... |
Used in dare-contact-worker |
| ~~Pushover — account opened, tokens not yet minted~~ | ~~⏸ Parked credential-mint~~ | Superseded by the SHIPPED row above | |
| ~~voip.ms AI-voice — beta access only, not yet integrated~~ | ~~⏸ Parked~~ | Superseded by the verified row above + reframed use case |
Resend (email)
| Surface | State |
|---|---|
noreply@dare.co.uk (dare contact form) |
✅ Active (op://Private/...) |
| Dogwood Resend | ✅ Active (op://Dogwood/Resend) |
| Audrey Resend | ⏸ Not yet provisioned |
Shopify (audrey)
| Surface | State | Notes |
|---|---|---|
Admin API custom app audrey-readonly |
❌ Zero scopes → 401 | 5-min fix queued for tomorrow’s audrey stand-up |
| Storefront API | ⏸ Not yet registered | Required for cart-attribute writes (A/B attribution) |
| Web Pixels API | ⏸ Not yet registered | For behavioural events |
GitHub — repos + auth
gh CLI: authenticated as Dan (dan@dare.co.uk).
| Repo | Visibility | Purpose | Status |
|---|---|---|---|
xlab-co/toolkit |
Private | The ~/bin/ source-of-truth |
✅ Pushed to head |
xlab-co/claude-memory |
Private | Auto-memory; push hook on Stop | ✅ Pushed to head |
xlab-studio/dare-co-uk |
Private | dare.co.uk site repo | ✅ Pushed to head |
xlab-studio/dare-pipeline |
Private | GHA cron host + Cloud Run image | ✅ Pushed to head |
Notes:
- ⚠️ CCR remote agents can’t write to xlab-co/* repos (per project_ccr_remote_agent_auth_gap). Workaround: inline-only for remote agents.
- ⚠️ Cross-repo sync gap (toolkit↔dare-pipeline) — v1.5 priority; not blocking but slows iteration.
Cross-cutting blockers (the actually-open list)
Honest answer: one. All other surfaces are fully working or have named cheap fixes.
- Shopify audrey-readonly scopes — 5-min UI fix; queued for tomorrow’s audrey stand-up.
feedback_services_1_0_hidden_traps carries the v1.5 priorities for the toolkit/dep ripple costs, but those are workflow accelerators, not blockers.
Recommended low-cost-clear actions
In order of effort:
- (5 min — TOMORROW) Add API access scopes to
audrey-readonlyShopify app + reinstall. Unblocks the audrey thread. - ~~(when needed) Mint Pushover application token + user key; store in
op://Code Shared/Pushover dare-pipeline/{app_token,user_key}. Build trigger: whennotify-portfoliov1 ships.~~ ✅ Done this evening — notify-portfolio v1 SHIPPED with verified Pushover round-trip. - (quarterly, ~10 min) Run a 1Password / Cloudflare token sweep — existing
~/bin/audit-cf-tokens.shdoes the CDN, security layer, and DNS provider sitting in front of dare.co.uk.">CF side; add a siblingaudit-op-items.shto list 1Password items + last-used timestamps. Probably a 30-min build when next quarterly review surfaces. - (quarterly, opportunistic) Promote 1Password items from
API_CREDENTIALcategory toPasswordorLoginperfeedback_1password_api_credential_category_trap. Two recurrences today (R2 dare-pipeline-thumbs already moved earlier; Pushover noted as API_CREDENTIAL but leaving). Not urgent.
What got built since the morning report
(For session-end take-stock — these are net-new in the ~6 hours since the morning version of this report shipped.)
- ✅
notify-portfoliov1 — bash messaging micro-service, Pushover-only, verified e2e (xlab-co/toolkit commitf325355) - ✅ Pushover account + app token minted + 1Password stored + end-to-end test push delivered
- ✅ voip.ms API credentials minted, IP-allowlisted, 1Password stored,
getBalance+getDIDsInfoverified - ✅ voip.ms AI Agent BETA documented; inbound-only constraint confirmed; reframed as audrey support line; parked with named resume conditions
- ✅
dare_services_status_2026-05-14.mdrefreshed (this doc) - ✅ GitHub PAT minted + stored in 1Password (
github cloud-run-devreports PAT) + pushed to GCP Secret Manager + Cloud Run Job executes end-to-end — closes the last “⚠️” from this morning’s services-status sweep in a single day - ✅ Old Secret Manager versions cleaned up (v1-v7 destroyed; only v8 ENABLED)
- ✅ Zero hard blockers across all 8 service surfaces tonight (Shopify scopes still queued for tomorrow’s audrey work; not blocking infrastructure)
Foundation is settled. The work is now about what to build with it, not about whether the credentials work. The shipping list compounds: notify-portfolio + sitemap-regen + anchor-enricher + cf-access + gcp-auth are now all the same shape, addressable by future-us as “the service for X.”