Engineering & Ops Reference · v1.0 · 2026-04-23

BSP Ecosystem + Handshake Reference

How Bright Side Plumbing's digital ecosystem is wired together — what runs where, how pieces talk to each other, and what happens when a customer request comes in. Primary audience: Stephanie, Kalen, Tim, and any future team member needing to orient to the stack.

Executive summary
👥 The cast of systems
🔗 The handshake systems (primary focus)
📊 End-to-end scenarios
🔐 Credentials + secrets map
🚨 Common failure modes + playbooks
🗓️ Lifecycle + ownership map
🌐 URLs + access map
📝 What's changing soon
Glossary

1. Executive summary

BSP runs a three-ring digital ecosystem. The outer ring is what customers touch: the website (Bricks Builder on WordPress), phone calls (3CX PBX), SMS (Telnyx), and the AI voice agent Daniel (Vapi). The middle ring orchestrates: the Nexus VM runs Python pipelines (Titan) that pull data from external systems, generate page content, route messages, and schedule work. The inner ring holds data: ServiceTitan is the source of truth for jobs and customers; Google Business Profile is the source for reviews; LiteSpeed + Cloudflare cache the edge. Claude Code agents (like this one) sit outside the rings — they use SSH + REST to ship changes.

The whole thing is held together by handshakes — the well-defined points where one system hands data or control to another. When those handshakes work, customers get same-day service with confirmation SMS within 60 seconds of booking. When they break (like the Apr 20 Tim Mahony incident — ServiceTitan booking auto-dismissed + our form submission threw 400), customers almost churn. This document catalogs every handshake so the next breakage is easy to diagnose.

                       ┌───────────────────────────────────┐
                       │   CUSTOMER-FACING SURFACE (outer) │
                       │   🌐 website  📞 phone  💬 sms     │
                       │       🤖 Daniel AI voice          │
                       └──────────────┬────────────────────┘
                                      │
                                 handshakes
                                      │
                       ┌──────────────▼────────────────────┐
                       │        ORCHESTRATION (middle)      │
                       │  Nexus VM · Titan pipelines · WP   │
                       │  cron · Claude Code agents          │
                       └──────────────┬────────────────────┘
                                      │
                                 handshakes
                                      │
                       ┌──────────────▼────────────────────┐
                       │      DATA + EDGE (inner)           │
                       │  ServiceTitan · GBP · Telnyx · 3CX│
                       │  LiteSpeed · Cloudflare · Postgres │
                       └────────────────────────────────────┘

2. 👥 The cast of systems

Each card: what the system is, what it does, where it lives, who owns it, why it matters.

🖥️ Nexus VM

The orchestration host. Ubuntu server running all Python pipelines, custom APIs, cron jobs, and integration wrappers.

Runs Titan pipelines (location_page_mining.py, fleet_availability.py, etc.)
Hosts Nexus dashboard + Ashton dashboard on port 8501
Home of /opt/nexus/ codebase

Where: dovew@34.55.179.122 (GCP)
Owner: Robert. SSH key ~/.ssh/google_compute_engine
Timezone: America/Chicago

⚙️ Titan pipelines

Python scripts that generate content, pull data, run recurring work. Live under /opt/nexus/titan/.

location_page_mining.py — generates city page briefs from ST + GBP + Fleet data
fleet_availability.py — every 15 min, computes per-city tech ETA via Google Distance Matrix (Rung 1: ST schedule-based, no GPS)
nexus_html_logger.py — writes MH entries
titan_sync_daemon.py — mirrors ServiceTitan data to local Postgres

Where: /opt/nexus/titan/
Owner: Robert (development) · Nexus VM cron (execution)

🌐 Bricks Builder

WordPress theme that builds pages visually. Replaces Oxygen (scheduled for Mon/Tue Apr 27-28 2026 production cutover).

Version 2.3.2 on staging · 2.3.3 available
Stores page content in _bricks_page_content_2 post meta (PHP-serialized array)
CSS loading mode: inline (staging)
62 Global Classes currently defined

Where: staging bricks.callbrightside.com · prod (post-cutover) callbrightside.com
Owner: Robert (license + domain) · Claude Code (page builds via REST)

📦 Code Snippets plugin

WordPress plugin that injects custom PHP/CSS/JS at runtime hooks (wp_head, wp_footer, init). Our entire polish stack lives here.

Authenticated REST API at /wp-json/code-snippets/v1/snippets
79 active snippets site-wide · 7 active for OP 258 after Phase D consolidation
Quirk: PUT on active field inconsistent across plugin versions

Where: WordPress wp_snippets table
Owner: Claude Code (runtime) · Robert (approval for production ships)

🔧 ServiceTitan

SaaS CRM/dispatch system. Source of truth for customers, jobs, bookings, invoices, technician schedule.

Tenant ID 4316907157
API base api.servicetitan.io with /crm/v2, /jpm/v2, /dispatch/v2, /telecom/v2, /settings/v2 paths
Scheduling Pro widget = first-touch online booking (has a 73% Dismissed-queue rate — known issue)

Where: ServiceTitan SaaS (URL TBD — ask Robert for login URL)
Owner: Ashton (operational) · Robert (API credentials)

⭐ Google Business Profile (GBP)

Google's local-business listing + reviews source. BSP's 4.9★ rating visible on Maps + Search comes from here.

Live rating 4.9, review count 392+ (as of Apr 23 2026 prod page title)
Internal wrapper API at Nexus: /api/gbp/reviews, /api/gbp/reviews/recent, /api/gbp/reviews/stats
External API: mybusiness.googleapis.com

Where: Google infrastructure (account: BSP)
Owner: Robert (account) · Ashton (review responses)

💬 Telnyx

Programmable SMS provider. Replaces prior Twilio consideration for customer-facing and internal alert messaging.

10DLC brand + campaign registered for TCPA compliance
Messaging profile + BSP-owned FROM number
Future wrapper at /opt/nexus/titan/integrations/telnyx_sms.py

Where: Telnyx SaaS + Nexus wrapper
Owner: Robert (account) · Tim (incoming implementation for dismissed-queue worker)

📞 3CX

Voice PBX running BSP phone lines. VoIP routing + extension management + call control API.

Managed by LawnPhone.com (David Kite / Brandon Lofthouse · support@lawnphone.com)
API keys present in .env (config + admin keys separate)
Office hours corrected to 8am start per MH bsp-apr18-3cx-officehours-8am-correction

Where: 3CX instance URL TBD — in LawnPhone.com-managed env
Owner: Robert (account, approves changes) · Ashton (daily operations) · LawnPhone.com (technical admin)

🤖 Daniel (Vapi AI agent)

AI voice assistant for inbound/outbound calls. Handles scheduling prompts, FAQ, and can trigger ServiceTitan booking.

Runs on Vapi platform (not Retell — Retell deprecated Apr 2026)
Assistant ID e2920d04 · Phone +19139639817
Wrapper at /opt/nexus/titan/api/vapi_voice.py (webhook handler)

Where: Vapi SaaS + Nexus wrapper
Owner: Robert (prompt + flow design) · Ashton (takes escalations from Daniel)

📄 Morpheus

Documentation rendering layer. Serves the playbook HTML files (Codebase Doc, Master History, this doc) under morpheus.callbrightside.com/documents/.

Source directory /opt/nexus/nexus/scripts/output/playbooks/ on VM
HTML files committed directly — no build step

Where: Nexus VM · DNS alias

☁️ Cloudflare

Edge CDN + cache in front of callbrightside.com. Also bricks.callbrightside.com via orange-cloud.

Cache purged via /client/v4/zones/{id}/purge_cache
Zone ID + API token in CLOUDFLARE_ZONE_ID + CLOUDFLARE_API_TOKEN env vars
Before Apr 23 bug fix, scripts were looking for CF_API_TOKEN — silently failing for months

Where: Cloudflare SaaS
Owner: Robert

⚡ LiteSpeed Cache (LSC)

WordPress-side page cache. Sits between the Bricks render pipeline and Cloudflare edge.

Plugin active: litespeed-cache/litespeed-cache.php
Custom purge endpoint wrapping it: /wp-json/bsp/v2/cache/purge

Where: WordPress plugin on staging + prod
Owner: Robert

🧠 Claude Code

Development agent (the one writing this doc). SSHs into Nexus VM, executes Python, edits code, ships snippets.

Access: SSH key google_compute_engine + WordPress app password claude-api user
Guardrails: CLAUDE.md rules 0-8, proof-of-work protocol, one-task-at-a-time, receipts-required
Constraints: can't touch production without explicit Robert approval

Where: Claude Code CLI (local) + ephemeral SSH sessions
Owner: Robert (operator)

⏱️ Tim's dismissed-queue worker (planned)

New Python cron/systemd worker to rescue ServiceTitan Dismissed bookings. See /tmp/tim_handoff_plan.md (317 lines, updated Apr 23).

Target location: /opt/nexus/titan/workers/dismissed_queue/
Cadence: every 15 min, 6am-10pm CT
Will use Telnyx SMS + 3CX voice rails

Where: Nexus VM (once shipped)
Owner: Tim (engineer) — Robert confirms prereqs before Tim starts

3. 🔗 The handshake systems

This is the core of this document. Every place where two systems exchange data or control is a handshake — the clean, defined boundary between them. Breakages almost always live at handshakes, not inside systems.

Each handshake below lists: direction, auth, protocol, endpoint(s), trigger, payload, purpose, failure mode, retry logic, observability.

📞 Handshake 1 — Customer call ↔ 3CX ↔ ServiceTitan

 Customer phone → 3CX (VoIP) → answered by tech OR voicemail
        │
        ├── answered → manual ST entry by Ashton
        └── voicemail → callback flow (70% book next day per MH)

📤 Direction: Customer → 3CX → (manual) ServiceTitan · voicemail → (manual) callback
🔐 Auth: PSTN → 3CX trunk · ST entry via Ashton user session
📡 Protocol: SIP (inbound), manual data entry (ST)
📍 Endpoint(s): BSP published phone (913) 963-1029 · 3CX config API if programmatic lookup needed
⚡ Trigger: Customer dials the number
📦 Payload: Caller CID, call duration, recording URL (3CX side)
🎯 Purpose: First-touch customer contact → booking or lead
⚠️ Failure mode: Extension loop (Rule 14 Apr 21 incident — caller hits dead extension, can't reach anyone). 30% of after-hours voicemails don't convert.
🔄 Retry: Human callback; no automated retry
📝 Observability: 3CX call log via THREECX_API_URL; MH bsp-apr20-memory-backfill-3cx-afterhours-routing

Sources: MH apr17-3cx-toggle-retired-permanent-fix, apr18-3cx-officehours-8am-correction, apr20-memory-backfill-3cx-afterhours-routing, apr21 Tim Mahony incident.

💬 Handshake 2 — Customer SMS ↔ Telnyx ↔ Nexus worker ↔ ServiceTitan

 Customer SMS → Telnyx number → webhook (POST) → /api/telnyx/inbound
        │
        ├── STOP/HELP → TCPA opt-out handler
        ├── Lead text → ServiceTitan lead creation
        └── Other reply → Slack to Ashton + titan.telnyx_messages log

📤 Direction: Customer → Telnyx → Nexus → ServiceTitan (outbound: Nexus → Telnyx → Customer)
🔐 Auth: Telnyx webhook signature (HMAC-SHA256). ST: OAuth2 per tenant credentials
📡 Protocol: Inbound webhook (JSON POST) · Outbound REST (Telnyx API v2)
📍 Endpoint(s): Inbound: https://[VM]/api/telnyx/inbound route not yet built · Outbound: https://api.telnyx.com/v2/messages
⚡ Trigger: Customer sends SMS to BSP Telnyx number
📦 Payload: Inbound: message body, from_number, message_id, direction. Outbound: to, text, messaging_profile_id
🎯 Purpose: 2-way SMS: customer inquiries + booking confirmation handshake + dismissed-queue rescue alerts
⚠️ Failure mode: Telnyx retries webhook 3x if our endpoint returns non-2xx. If Telnyx is down (very rare), messages queue on their end.
🔄 Retry: Telnyx built-in webhook retries · outbound: exponential backoff if we get 5xx
📝 Observability: Telnyx dashboard · titan.telnyx_messages table (once Tim's worker ships)

Sources: Codebase Doc §38 SMS+Voice rails · Tim handoff plan Apr 23 update.

📊 Handshake 3 — Nexus pipeline ↔ GBP API

 cron (hourly) → fetch_gbp_reviews_for_city(city_slug)
        → Internal /api/gbp/reviews or /api/gbp/reviews/recent
        → (internal wraps) mybusiness.googleapis.com
        → returns reviews[] with author, rating, text, date
        → pipeline filters by city + landmarks mention

📤 Direction: Pipeline → internal GBP wrapper → Google My Business API
🔐 Auth: OAuth2 access token stored on Nexus for BSP's GBP account
📡 Protocol: REST (JSON)
📍 Endpoint(s): Internal: /api/gbp/reviews/recent?limit=400 · External: mybusiness.googleapis.com
⚡ Trigger: Pipeline runs (location_page_mining.py, nexus_doc_refresh.py, standup_autobuild.py)
📦 Payload: Request: limit, optional filters. Response: review objects with star rating, text, author, date, mentioned landmarks/cities
🎯 Purpose: Populate location page reviews section with real customer voices + mention detection
⚠️ Failure mode: Token expiry silently fails. API quotas (very high for GBP but finite).
🔄 Retry: Pipeline falls back to cached review_intelligence.db on failure
📝 Observability: Nexus logs · local SQLite review_intelligence.db

Sources: /opt/nexus/titan/api/gbp.py · /opt/nexus/titan/location_page_mining.py.

🗓️ Handshake 4 — Nexus pipeline ↔ ServiceTitan API

 Multiple callers (titan_sync_daemon, eta_relay, auto_dispatcher, referral_weapon, money_finder)
        → api.servicetitan.io/{crm|jpm|dispatch|telecom|settings}/v2/tenant/4316907157/...
        → OAuth2 bearer token per-tenant
        → returns jobs, customers, dispatch, calls

📤 Direction: Pipeline → ServiceTitan (bidirectional — we read jobs/customers, we write leads/campaigns)
🔐 Auth: ServiceTitan OAuth2 (client credentials grant) · tenant-specific headers
📡 Protocol: REST (JSON)
📍 Endpoint(s): api.servicetitan.io/crm/v2/tenant/4316907157/leads (create lead — see Snippet #97 campaignId fix) · /jpm/v2/tenant/.../jobs (read jobs) · /telecom/v2/tenant/.../calls (call history) · /dispatch/v2/tenant/.../... (fleet dispatch) · /settings/v2/tenant/... (config)
⚡ Trigger: Cron (every 15 min: fleet_availability) · event (contact form submit → lead create) · daily (titan_sync_daemon)
📦 Payload: Varies per endpoint. Lead creation requires campaignId, businessUnitId, jobTypeId, customer object (learned via Apr 21 Tim Mahony incident).
🎯 Purpose: Sync customer + job data into local Postgres · create leads from web forms · measure funnel health
⚠️ Failure mode: Missing campaignId → 400 Bad Request (exact bug Apr 20). Token expiry → 401. Rate limits under heavy pipeline runs.
🔄 Retry: Exponential backoff on 5xx; token refresh on 401
📝 Observability: titan.jobs, titan.customers tables · Nexus logs

Sources: /opt/nexus/titan/api/*.py · MH bsp-apr20-contact-form-pipeline-full-fix · MH bsp-apr21-tim-mahony-incident-snippet97.

🌐 Handshake 5 — Nexus pipeline ↔ WordPress REST API

 Pipeline → /wp-json/wp/v2/pages/{id}                  (GET/POST/PUT)
         → /wp-json/code-snippets/v1/snippets          (GET/POST/PUT/DELETE)
         → /wp-json/bsp/v2/cache/purge                 (POST)
         → Basic auth with claude-api application pw

📤 Direction: Pipeline → WordPress (read + write page content, manage snippets)
🔐 Auth: Basic auth with Application Password (claude-api user · password in .env as BRICKS_WP_APP_PASSWORD)
📡 Protocol: REST (JSON)
📍 Endpoint(s): See diagram above. Namespace discovery at /wp-json/ lists: wp/v2, code-snippets/v1, bricks/v1, bricks-ai-studio/v1, litespeed/v1-v3, bsp/v1-v3, hostinger-*, mcp.
⚡ Trigger: Pipeline run (page regeneration) · one-shot ops (consolidation, cache purge)
📦 Payload: Pages: title, content, meta. Snippets: name, code, scope, priority, active.
🎯 Purpose: Page content generation · snippet lifecycle (create, activate, deactivate, delete) · cache invalidation
⚠️ Failure mode: update_post_meta returns false on success (WP internal hash-compare false positive; Apr 23 discovery) — use $wpdb->update fallback · PUT on snippet active field inconsistent across Code Snippets plugin versions
🔄 Retry: Idempotent operations (PUT) · DELETE + POST if PUT active flag doesn't persist
📝 Observability: Nexus logs · WP debug.log · Code Snippets admin UI

Sources: Codebase Doc §28.2 update_post_meta false · §28.1 PUT active inconsistent.

📦 Handshake 6 — WordPress ↔ Code Snippets plugin ↔ rendered page

 HTTP request → WP bootstrap → init action → snippets load
        │
        ├── wp_head hook: CSS snippets inject into 
        ├── wp_footer priority 99999: CSS/JS snippets inject before 
        ├── template_redirect priority 1: ob_start snippets rewrite HTML
        └── Bricks renders its own content_2 meta into main

📤 Direction: Plugin → WP render pipeline → final HTML output
🔐 Auth: None (runs server-side as WP)
📡 Protocol: PHP action/filter hooks
📍 Endpoint(s): Hook: wp_footer priority 99999 (our standard) · template_redirect priority 1 (server-side img src swap) · init (one-shot mutations)
⚡ Trigger: Any page load · admin request · REST call
📦 Payload: PHP source code stored in wp_snippets table · executed in-process
🎯 Purpose: Runtime code injection without touching theme files (best-practice per Bricks Academy)
⚠️ Failure mode: PHP fatal errors → snippet auto-deactivates (Code Snippets plugin safety) · infinite loops → admin hangs until execution limit
🔄 Retry: None — failed snippet is inactive until fixed
📝 Observability: WP debug.log · Code Snippets admin Error log panel

Sources: Codebase Doc §27.5 Custom Code integration · Academy lesson 01_custom_code.md.

🎨 Handshake 7 — Bricks Builder ↔ WordPress post meta

 Builder save → write to post_meta._bricks_page_content_2 (PHP-serialized array)
        → Bricks 2.3.2 quirk: some 4-value properties serialize as literal "Array" string
        → On frontend render, Bricks parses meta → emits CSS (inline or external)

📤 Direction: Builder UI → post meta · Render pipeline ← post meta
🔐 Auth: WP admin session (builder) · post meta public-read, admin-write
📡 Protocol: PHP direct DB access via get/update_post_meta
📍 Endpoint(s): Meta keys: _bricks_page_content_2 (~49KB for OP 258), _bricks_template_conditions, _bricks_editor_mode, _bricks_template_type
⚡ Trigger: Builder save · Claude Code native-save (mutating tree directly)
📦 Payload: PHP-serialized array of element definitions (section → container → block → div hierarchy, each with id/name/parent/children/settings)
🎯 Purpose: Source-of-truth for visual page structure
⚠️ Failure mode: wp_postmeta.meta_value must be LONGTEXT (verified ✓ on staging). Bricks Array serialization bug for 4-value padding/margin/border-radius.
🔄 Retry: Data is idempotent; failed write can be retried. Use $wpdb->update when update_post_meta no-ops.
📝 Observability: MySQL direct query · Bricks builder preview

Sources: Codebase Doc §28.2, §28.3, §37.4 · Bricks Academy lesson 10 Known Issues.

🧠 Handshake 8 — Claude Code ↔ Nexus VM

 Claude Code (local) ──ssh/scp──▶ Nexus VM (34.55.179.122)
         │
         ├── python3 /tmp/script.py (with .env credentials)
         ├── curl /wp-json/... (WP REST)
         ├── curl /api/cloudflare/zones/{id}/purge_cache
         └── python3 nexus_html_logger.py (MH writes)

📤 Direction: Claude Code → VM (execute) · VM → Claude Code (stdout/stderr captured)
🔐 Auth: SSH key ~/.ssh/google_compute_engine (public half authorized on VM for user dovew)
📡 Protocol: SSH (execute + capture) · SCP (file transfer)
📍 Endpoint(s): dovew@34.55.179.122 port 22
⚡ Trigger: Claude Code chooses to run a command · user sends a request requiring VM access
📦 Payload: Python scripts, shell commands, output
🎯 Purpose: Execute anything requiring server-side credentials or access to Nexus local state
⚠️ Failure mode: SSH key missing/rotated → connection refused · VM down → unreachable · network partition
🔄 Retry: No automated retry; Claude Code surfaces failure
📝 Observability: Shell exit codes · Claude Code conversation log

⏱️ Handshake 9 — Cron ↔ Nexus pipelines

 Linux cron daemon → /usr/bin/python3 /opt/nexus/titan/{script}.py
        │
        ├── fleet_availability.py          every 15 min
        ├── GA4 full report                daily 8am
        ├── financial validator            daily after briefing
        ├── review intelligence             hourly
        ├── CPL monitor                    daily 3pm
        └── (22+ other automations)

📤 Direction: cron → Nexus pipelines (no return channel; pipelines log to stdout/stderr and local DB)
🔐 Auth: User dovew; .env loaded at process start
📡 Protocol: Unix cron
📍 Endpoint(s): crontab -l under dovew
⚡ Trigger: Schedule defined per pipeline
📦 Payload: Each pipeline has its own inputs (DB queries, API calls) and outputs (JSON files in /opt/nexus/nexus/scripts/output/, SQLite/Postgres writes, MH entries, Slack messages)
🎯 Purpose: Automation — data freshness, monitoring, reporting
⚠️ Failure mode: Silent stderr (many pipelines redirect to /dev/null). Missing .env vars. Stale GCP auth.
🔄 Retry: Next schedule tick; no in-run retry
📝 Observability: /opt/nexus/nexus/scripts/output/*_cron.log files · MH entries

☁️ Handshake 10 — Nexus ↔ Cloudflare API

 Nexus script → POST https://api.cloudflare.com/client/v4/zones/{ZONE_ID}/purge_cache
        Body: {"purge_everything": true}
        Auth: Bearer CLOUDFLARE_API_TOKEN

📤 Direction: Nexus → Cloudflare
🔐 Auth: API token (Bearer). Env vars: CLOUDFLARE_API_TOKEN + CLOUDFLARE_ZONE_ID.
📡 Protocol: REST (JSON POST)
📍 Endpoint(s): https://api.cloudflare.com/client/v4/zones/{zone}/purge_cache
⚡ Trigger: After any page/snippet change that needs edge invalidation
📦 Payload: {"purge_everything": true} or {"files": ["https://..."]} for surgical purge
🎯 Purpose: Ensure edge cache reflects latest origin content
⚠️ Failure mode: Apr 23 discovery: scripts previously checked CF_API_TOKEN (wrong name) — env actually uses CLOUDFLARE_API_TOKEN. Purges silently returned no-op. Fixed.
🔄 Retry: Manual re-run if response success: false
📝 Observability: CF dashboard cache analytics · response body contains result.id for traceability

Source: Codebase Doc §34.1.

⚡ Handshake 11 — Nexus ↔ LiteSpeed Cache

📤 Direction: Nexus → WordPress LSC plugin
🔐 Auth: WP Basic auth (claude-api)
📡 Protocol: REST (POST to custom BSP endpoint wrapping LSC)
📍 Endpoint(s): /wp-json/bsp/v2/cache/purge (BSP custom route that calls LSC internally)
⚡ Trigger: Same as Cloudflare purge — after content change
📦 Payload: Empty POST
🎯 Purpose: Invalidate origin-side page cache before CF edge re-fetch
⚠️ Failure mode: LSC plugin disabled/malfunctioning → origin serves stale content. 200 response doesn't always mean purge succeeded — verify by checking page x-litespeed-cache header after.

📄 Handshake 12 — Morpheus ↔ Playbook HTML files

📤 Direction: File on VM → web server → browser
🔐 Auth: Public (morpheus.callbrightside.com is publicly accessible)
📡 Protocol: HTTP(S)
📍 Endpoint(s): morpheus.callbrightside.com/documents/*.html → serves from /opt/nexus/nexus/scripts/output/playbooks/*.html
⚡ Trigger: Any HTTP request for doc URL
📦 Payload: HTML files (Codebase Doc ~1.27MB · Master History ~2.6MB · this Reference doc ~TBD)
🎯 Purpose: Make institutional knowledge accessible to Robert + team without VM SSH
⚠️ Failure mode: Broken HTML → renders degraded · file not written → 404
📝 Observability: web server access log · Nexus file system

🤖 Handshake 13 — Daniel ↔ Vapi ↔ 3CX

 Inbound call → 3CX routes to Daniel extension → Vapi answers
        │
        ├── AI conversation (Vapi-managed)
        ├── Transfer to human ext → 3CX routes to Ashton
        └── Booking intent → vapi_voice.py webhook → ST lead creation

📤 Direction: Customer phone → 3CX → Vapi · webhook back to Nexus for DB logging + ST lead
🔐 Auth: Vapi API key · 3CX SIP trunk · Nexus webhook signature validation
📡 Protocol: SIP (voice) · webhook (Vapi → Nexus JSON POST)
📍 Endpoint(s): Daniel phone +19139639817 · Vapi assistant e2920d04 · Nexus webhook at /opt/nexus/titan/api/vapi_voice.py handler
⚡ Trigger: Customer dials Daniel line OR warm-transfer from human agent
📦 Payload: Vapi call events (start/end), transcripts, function calls (booking intent, etc.)
🎯 Purpose: AI-assisted call handling — reduces load on human agents for simple booking/FAQ
⚠️ Failure mode: Vapi down → calls go to 3CX voicemail fallback
📝 Observability: Vapi dashboard · titan.vapi_calls table via transcript_repo.py

Source: /opt/nexus/titan/api/vapi_voice.py · MH apr17-vapi-monitoring-deployed.

💬 Handshake 14 — Homepage chat widget ↔ Daniel (web → voice handoff)

📤 Direction: Website chat button → tel:+19139639817 (phone) OR in-browser Vapi widget TBD
🔐 Auth: n/a (initiates call)
📡 Protocol: Browser handles tel: URI
📍 Endpoint(s): Homepage + city pages: a.brxe-button href="#daniel-chat" currently · full Vapi browser widget integration deferred
⚡ Trigger: User clicks "Chat with Daniel our AI Agent" button
🎯 Purpose: Low-friction web → voice handoff for AI-assisted booking
⚠️ Failure mode: Current state: anchor href points at #daniel-chat — no JS handler yet. Needs Vapi widget wire-up. pending integration

⚠️ Handshake 15 — Website form submission ↔ ServiceTitan (gap)

 Customer submits contact form → WordPress POST handler → Snippet #97 → ST /leads API
        │
        └── (gap): NO positive handshake send-off back to customer
                  Tim (customer) raised this Apr 21: "did my form even go through?"

📤 Direction: Website form → ST lead creation (Apr 21 Tim incident confirmed this path works after Snippet #97 campaignId fix)
🔐 Auth: Server-side ST OAuth2 (credentials in .env, not browser-accessible)
📡 Protocol: PHP form POST → internal ST OAuth wrapper → ST /crm/v2/leads
📍 Endpoint(s): Snippet #97 bsp-contact-form-st-lead
⚡ Trigger: Contact form submit
📦 Payload: customer object (name, phone, email, address), campaignId (GCLID-based routing), businessUnitId, jobTypeId
🎯 Purpose: Convert form visitors → ServiceTitan leads
⚠️ Failure mode: GAP: no customer-facing confirmation after submit. Tim Mahony wrote "I do not have any confirmation" Apr 21. This is the motivation for the Tim handoff plan Deliverable A (confirmation handshake via Telnyx SMS).
🔄 Retry: Browser submits once; no automatic retry
📝 Observability: Slack delivery · email delivery · ST leads list · NO customer-facing acknowledgement (the gap)

Source: Tim handoff plan · MH bsp-apr21-tim-mahony-incident-snippet97.

⏱️ Handshake 16 — Tim's dismissed-queue worker ↔ ServiceTitan (planned)

📤 Direction: Worker → ServiceTitan (read Dismissed bookings) · Worker → Telnyx (alert Ashton) · Worker → Slack (team visibility) · Worker → 3CX (emergency voice trigger)
🔐 Auth: ST OAuth2 · Telnyx API key · Slack webhook URL · 3CX admin key
📡 Protocol: REST polling (*/15 min) · Outbound webhooks
📍 Endpoint(s): GET api.servicetitan.io/crm/v2/tenant/4316907157/bookings?status=Dismissed&source=Online Booking Widget&createdAfter={T-48h}
⚡ Trigger: Cron or systemd timer every 15 min during business hours 6am-10pm CT
📦 Payload: Booking objects (status, customer contact, booking_id, source, timestamps)
🎯 Purpose: Rescue dismissed-queue bookings before customer churns (prevents next Tim Mahony incident)
⚠️ Failure mode: Worker dies → bookings silently dismiss · ST token expiry · Telnyx quota · Slack webhook rotation
🔄 Retry: Next tick of cron · local titan.dismissed_queue_alerts tracks ack state to avoid double-pinging
📝 Observability: titan.dismissed_queue_alerts · daily MH entry bsp-{YYYYMMDD}-dismissed-queue-daily (planned) · Slack + SMS receipts

Source: Tim handoff plan Apr 23 update (Deliverable C).

🤖 Handshake 17 — Daniel ↔ ServiceTitan (planned booking flow)

📤 Direction: Vapi function call → Nexus webhook → ST lead/booking creation
🔐 Auth: Same ST OAuth2 as human channels
📡 Protocol: Vapi function calling → JSON POST to Nexus
📍 Endpoint(s): Future: Nexus webhook for Vapi-initiated bookings · ST /crm/v2/leads
⚡ Trigger: Customer speaks booking intent during Daniel call
🎯 Purpose: Zero-human booking path: Daniel captures enough info, creates ST lead, optionally asks for ST-side booking confirmation
⚠️ Failure mode: Vapi mis-extracts call params · incomplete info → bad lead
📝 Observability: Vapi transcript · ST lead source tag

Status: medium-term (Q2-Q3 2026). Not shipped as of Apr 23 2026.

📬 Handshake 18 — Tim's worker ↔ Slack webhook

📤 Direction: Worker → Slack
🔐 Auth: Webhook URL (bearer by URL)
📡 Protocol: HTTPS POST
📍 Endpoint(s): SLACK_WEBHOOK_URL TBD — Robert to create #bsp-alerts channel + webhook
⚡ Trigger: Dismissed-queue item aged > 60 min · 120-min re-alert · 240-min escalation
🎯 Purpose: Team-visible audit trail alongside SMS (which is private DM)

4. 📊 End-to-end scenarios

Scenario A — New customer calls BSP

 1. Customer dials (913) 963-1029
 2. 3CX answers, IVR or direct route to tech extension
 3. Tech answers OR voicemail
    a. Answered → human sales flow → ServiceTitan manual job creation by Ashton
    b. Voicemail → callback flow (70% book next day per MH)
 4. Job completed → invoiced in ServiceTitan → HCP mirror to Postgres

Scenario B — Customer submits website form (Tim's pain point)

 1. Customer fills contact form on callbrightside.com
 2. WordPress POST handler → Snippet #97 fires
 3. Snippet #97 creates ST lead via /crm/v2/leads (campaignId required since Apr 21)
 4. Slack DM to Ashton + email to Robert
 5. (gap) NO SMS to customer — they don't know form went through
 6. Ashton manually follows up hours later
 7. Future (Deliverable A): Telnyx SMS fires within 60s → customer reassured

Scenario C — Customer texts BSP

 1. Customer texts BSP's Telnyx number
 2. Telnyx → webhook to /api/telnyx/inbound on Nexus
 3. Nexus parses: STOP/HELP → TCPA handler · lead text → ST lead · other → Ashton Slack
 4. Auto-reply via Telnyx (Variant 1 first-time OR Variant 2 repeat OR manual)

Scenario D — Pipeline regenerates a city page at midnight

 1. cron fires location_page_mining.py --city overland-park
 2. Pipeline pulls:
    - GBP reviews (/api/gbp/reviews/recent)
    - ServiceTitan job/customer stats
    - Fleet availability (precomputed every 15 min)
 3. Pipeline builds brief JSON (h1_variants, subtitle, CTAs, services, etc.)
 4. Writes to WP post meta via REST (or PHP-native on page edit)
 5. Triggers wp_update_post → Bricks regenerates inline CSS
 6. Purges: LiteSpeed (/wp-json/bsp/v2/cache/purge) + Cloudflare (/zones/{id}/purge_cache)
 7. Next request fetches fresh HTML from origin

Scenario E — Claude Code ships a snippet update

 1. Robert types prompt to Claude Code
 2. Claude writes Python script locally
 3. scp /script.py dovew@34.55.179.122:/tmp/
 4. ssh dovew@34.55.179.122 "python3 /tmp/script.py"
 5. Script loads .env, constructs payload, POSTs to /wp-json/code-snippets/v1/snippets
 6. New snippet active=true → runs on next page load
 7. Script fires LS + CF purges
 8. Claude Code takes a headless Chrome screenshot to verify
 9. Claude writes MH entry via nexus_html_logger.py

5. 🔐 Credentials + secrets map

Master credential store: /opt/nexus/nexus/config/.env (mode 600, owner dovew). Not committed to git.

Credential	Env var	Used by	Owner / rotation
ST OAuth2 client ID/secret	ST_* vars	Titan pipelines (titan_sync, eta_relay, referral_weapon)	Robert · per ST client policy
GBP OAuth2 token	GBP_* vars	`gbp.py` wrapper	Robert · refresh per Google expiry
WP application password	BRICKS_WP_APP_PASSWORD	Claude Code snippet operations	Robert · on-demand rotation
Cloudflare API token	CLOUDFLARE_API_TOKEN	Cache purge	Robert · zone-scoped
Cloudflare zone ID	CLOUDFLARE_ZONE_ID	Cache purge	Robert (static)
Telnyx API key	TELNYX_API_KEY	Future worker + SMS handshake	Robert
Telnyx FROM number	TELNYX_FROM_NUMBER	Outbound SMS	Robert
Telnyx 10DLC brand + campaign	TELNYX_10DLC_*	TCPA registration	Robert
3CX API URL + keys	THREECX_API_URL, THREECX_API_KEY, THREECX_ADMIN_API_KEY	Voice integration	Robert (via LawnPhone.com)
Vapi API key + assistant ID	VAPI_API_KEY, VAPI_ASSISTANT_ID	Daniel voice agent	Robert
SSH private key (Claude → VM)	n/a — file `~/.ssh/google_compute_engine`	Claude Code SSH	Robert laptop · rotation per GCP guidance
Slack webhook URL	SLACK_WEBHOOK_URL TBD	Team alerts	Robert

6. 🚨 Common failure modes + playbooks

CF cache purge silently fails

Symptoms: Content changes on origin, but edge serves stale content even after "CF PURGE" log line.

Root cause (Apr 23 discovery): Scripts checked env var CF_API_TOKEN; actual var is CLOUDFLARE_API_TOKEN. Conditional fell through, no HTTP call made.

Fix: Use env.get('CLOUDFLARE_API_TOKEN') or env.get('CF_API_TOKEN') (both-compatible). Verify by checking response result.id.

`update_post_meta` returns false on success

Symptoms: PHP says write failed, but data IS actually updated in DB.

Root cause: WP's internal hash-compare false positive on deeply-nested arrays.

Fix: Fall back to $wpdb->update($wpdb->postmeta, [...], [...]). Pair with wp_update_post(['ID' => $id]) to bump modified time + trigger Bricks regen.

PUT on inactive snippets silently fails to persist `active`

Symptoms: PUT {active: true} returns 200, subsequent GET still shows active: false.

Fix: DELETE + POST new snippet with target active state. Or use PUT on code field only (which does persist reliably).

Bricks 2.3.2 "Array" serialization bug

Symptoms: CSS output contains padding-top: Array; instead of valid value. Browser ignores.

Fix: Override via custom CSS snippet with explicit values. Possibly resolved in 2.3.3 "Fix DB" tool.

Cascade specificity wars with locked snippets

Symptoms: Your new rule doesn't apply despite being later in source order.

Diagnosis: Inspect which selector has higher specificity. #115 often has (0,1,3,1) patterns.

Fix: Use 3-ID selector chain for a (0,3,0,0) override that beats on pure ID count. In the future, use @layer bricks.reset — but cascade layers not currently active on our site (verified Apr 23).

Fleet endpoint returns null after hours

Symptoms: Chip shows no ETA; pipeline uses fallback value.

Expected: Fleet data is only populated during business hours 7am-6pm CT when techs have scheduled jobs. Weekend + holidays = null.

Fix: Chip uses 2-state logic (Snippet #161) — "Open Now" during business hours, "Open for Emergencies" otherwise. No fallback number exposed to customer.

7. 🗓️ Lifecycle + ownership map

Person	Domain	Authority
Robert Dove (you)	Product · launch timing · brand · credentials · Phase D/F/G decisions	Final say on ship-or-not
Kalen Barker (4th-gen master plumber)	Operational decisions · pricing · service promises · chip copy · customer-facing claims	Veto on anything that touches customer experience
Stephanie Barker	Business ops · hiring · financial oversight full scope TBD — confirm with Robert	P/I/S/D/N format communication standard is hers
Ashton King (he)	CX · ServiceTitan operational · phone ops · 100 Year Plumbing duties	Daily booking flow, review response
Audrey Grant	Design (Figma source of truth) · service page content playbook	Visual design decisions · no emojis · project-by-project
Tim (engineer — TBD full name)	Dismissed-queue worker (Deliverable C)	Owns implementation of Tim handoff plan deliverables, pending Robert's prereqs
LawnPhone.com (David Kite / Brandon Lofthouse)	3CX administration	Vendor — manages 3CX instance
Claude Code	Implementation execution · documentation · analysis	Zero authority — requires Robert approval before production action

8. 🌐 URLs + access map

Resource	URL	Access
Production site	`https://callbrightside.com/`	Public · Oxygen theme currently
Staging site	`https://bricks.callbrightside.com/`	Public (noindex)
Morpheus docs	`https://morpheus.callbrightside.com/documents/`	Public
Codebase Doc	`.../BSP_Bricks_Codebase_Documentation.html`	Public
Master History	`.../BSP_Master_Session_History.html`	Public
This reference	`.../BSP_Ecosystem_Handshake_Reference.html`	Public
Nexus VM	`dovew@34.55.179.122` :22	SSH key required
ServiceTitan	tenant URL TBD · API base `api.servicetitan.io`	Ashton (UI) · OAuth2 (API)
3CX instance	URL TBD — ask LawnPhone.com	Admin creds
Telnyx dashboard	`https://portal.telnyx.com/`	Robert account
Vapi dashboard	`https://vapi.ai/`	Robert account
Cloudflare dashboard	`https://dash.cloudflare.com/`	Robert account
Google Business Profile	Managed via `business.google.com`	Robert account · Ashton user
Hostinger (WP host)	`https://hpanel.hostinger.com/`	Robert account

9. 📝 What's changing soon

Change	Owner	Target	Status
Monday/Tuesday production launch — deactivate Oxygen, activate Bricks	Robert	Apr 27-28 2026	Prep in progress
Tim's dismissed-queue worker (Deliverable C)	Tim	Post-launch	Blocked on Robert prereqs
Native Bricks header template (Phase G)	Claude Code	Pre-launch recommended	G0 context done; awaiting Robert go
13 remaining city pages (Friday clone batch)	Claude Code via pipeline	Pre-launch	Pipeline ready; bulk generation deferred
§32 Tier 1 data-accuracy strip (4.9/384+/15-sec/60-min)	Claude Code	Pre-launch	Ready to ship on Robert go
Daniel booking flow (ST integration)	Robert + Daniel prompt design	Q2-Q3 2026	Medium-term
Fleet API real-time integration (beyond schedule-based)	Robert	Q3-Q4 2026	Long-term
Form submission → SMS handshake (Deliverable A)	Tim	Week after Deliverable C	Planned; addresses Tim Mahony pain point

10. Glossary

Bricks / Bricks Builder: WordPress theme + visual builder. Currently 2.3.2 on staging.
Snippet: PHP/CSS/JS code stored in Code Snippets plugin's wp_snippets DB table, executed via WP hooks.
Template 105: Current header template ("Audrey Header v3") on staging. Scheduled for replacement in Phase G.
Global Class (Bricks): Reusable CSS class defined in Bricks builder, stored in wp_options.bricks_global_classes.
Theme Styles (Bricks): Site-wide design tokens (colors, fonts, spacing) with conditions. Stored in wp_options.bricks_theme_styles.
Cascade layers: CSS feature (@layer) that manages priority by layer order instead of specificity. Bricks 2.0+ wraps defaults in @layer bricks — but we verified this NOT active on our render output (Apr 23).
Post meta / _bricks_page_content_2: WordPress database record (serialized PHP array) storing Bricks page element tree.
wp_footer / wp_head hooks: PHP action points where injected code runs during page render.
Specificity (CSS): Rule-weight calculation: (inline, IDs, classes/attrs, elements). Higher specificity wins on same !important status.
Native-save: BSP/Claude term for editing Bricks post meta directly (vs. going through the builder UI) — used for bulk content mutations.
Handshake: In this doc: any point where two systems exchange control or data. Boundary where most breakages occur.
Fleet ETA: Drive time in minutes from nearest tech's scheduled job address to a target city, via Google Distance Matrix. NOT real GPS.
Dismissed queue: ServiceTitan Scheduling Pro bookings that auto-land in "Dismissed" status and require human rescue. 73% of April bookings landed here — the problem Tim's worker fixes.
Deliverable A/B/C: From Tim handoff plan: A=customer confirmation handshake SMS; B=Booking→Dispatch SOP doc; C=dismissed-queue cron worker. Ship order C→A→B.
Sacred HTML v2: Robert's term for data_weapons_plan_v2.html (NOT BSP_Sacred_HTML_v2.html).
Oxygen: Predecessor page builder on production callbrightside.com. Scheduled for deactivation Mon/Tue Apr 27-28 2026.
LiteSpeed / Cloudflare: Origin page cache (LSC plugin) and edge CDN cache (Cloudflare) — purged in that order on content changes.
MH: Master History — rolling HTML log at BSP_Master_Session_History.html. Load-bearing for Zeus RAG retrieval between Claude Code sessions.
Zeus RAG: Retrieval-augmented generation layer (18,380 chunks from MH + Sacred HTML etc.) used to surface prior institutional knowledge.
Sacred v2 / Stephanie format: Communication framework: Problem → Impact → Solution → Data → Need. Used for leadership briefings.