Vhagar Infra Map — Cloud + Auth

Public distribution

Blog + decks (from ai-social repo)

Cloudflare Pages auto-deploys the public site from commits.
ai-social → Pages build → decks.asklar.dev

LinkedIn publishing loop

Draft → publish → scrape analytics → update content guidelines. (Analytics lives in local DB, surfaced via dashboards.)

Private access

Dashboards are hosted on the PC

No public port exposure. Cloudflare Tunnel forwards to localhost services.

Cloudflare Access gates who can see it

Access policy = Alex-only. This is the boundary that makes “remote personal infra” safe.

OAuth boundary (Fitbit)

Fitbit sync uses Alex’s registered app + OAuth tokens. The sensitive token state stays on the PC; dashboards just visualize derived data.

Key idea

Public artifacts are safe to forward (decks/blog).
Private dashboards remain private because the tunnel terminates inside the home PC + Access policy.
External APIs are reached by skills; the cloud never holds the secrets.

Cloud surfaces + auth boundaries