Service Manual
Operational reference for maintainers and on-call. Public version — sensitive runbooks live in the private ops repo.
1. Architecture
- Frontend & SSR: TanStack Start (React 19, Vite 7), deployed on Cloudflare Workers.
- Database, Auth, Storage: Lovable Cloud (Postgres + Row Level Security).
- Payments: Stripe (Checkout, Subscriptions, Connect).
- Email: Transactional via Lovable Cloud email infra.
- Monitoring: Cloudflare logs, Stripe Dashboard, Lovable analytics.
2. Environments
- Preview:
id-preview--*.lovable.app— auto-built from the latest preview. - Production:
priorityinbox.lovable.app— published deployments only. - Stable webhook URLs:
project--<id>.lovable.appfor Stripe webhooks.
3. Service-level objectives
| Metric | Target |
|---|---|
| Site availability (rolling 30d) | 99.5% |
| Paid DM delivery success | 99.9% |
| Stripe webhook processing | < 5s p95 |
| P1 incident response | < 30 min, 24/7 |
| Support reply (general) | < 2 business days |
4. Incident response
- Detect — alert, user report, or scheduled scan.
- Triage — assign severity (P1 outage, P2 degraded, P3 minor).
- Communicate — post status to
status.priorityinbox.appwithin 15 min of confirming a P1. - Mitigate — roll back the latest deploy, disable the affected feature flag, or block the offending IP range.
- Resolve — fix forward, deploy, verify.
- Postmortem — within 5 business days for P1/P2.
5. Common runbooks
Stripe webhook failures
- Check the Stripe Dashboard → Developers → Webhooks for failed deliveries.
- Inspect Worker logs around the failure timestamp.
- Replay failed events from Stripe once root cause is fixed.
Paid DM not delivered
- Confirm Stripe Checkout Session is
completeand paid. - Check the
messagestable for the corresponding row; if missing, replay thecheckout.session.completedwebhook. - Notify creator and sender once delivered.
Payout discrepancy
- Compare
messages.amounttotals against Stripe Connect balance. - Confirm platform fee calculation matches the creator's current plan.
- Document any variance > $1 in the finance log.
Abuse report (CSAM, threats)
- Preserve message and metadata. Do not delete before legal review.
- For CSAM: report to NCMEC CyberTipline within 24 hours.
- Suspend offending account immediately; freeze payouts.
- Notify affected parties as appropriate and required by law.
6. Security operations
- Quarterly review of RLS policies on every public-schema table.
- Rotate Stripe webhook signing secrets annually or on suspected exposure.
- Run the platform security scanner before every major release.
- Vulnerability reports: security@priorityinbox.app. Acknowledge within 72 hours.
7. Data lifecycle
- Backups: automated daily database snapshots, 30-day retention.
- Account deletion: personal data purged or anonymized within 30 days; financial records retained 7 years per US tax law.
- Export request: fulfill within 30 days via Settings → Account → Export.
8. Change management
- Schema changes ship as migrations with GRANTs and RLS in the same file.
- Breaking API changes require a deprecation notice in-app and 30 days minimum.
- Feature flags default off; enable per cohort, then globally.
9. Contacts
- Engineering on-call: oncall@priorityinbox.app
- Security: security@priorityinbox.app
- Abuse: abuse@priorityinbox.app
- Legal / privacy: legal@priorityinbox.app