🛡️
L3L7
Cloudflare WAF
🔐
L7
Auth Gate
⏱️
L4
Rate Limit
🧱
L7
CORS + Helmet
🎫
L5L7
JWT Verify
✅
L7
Risk Check
🔏
L6
SRI Hashes
🔒
L6
SSL / TLS
🔌
L4L5
WS Upgrade
User (Browser)
Desktop or mobile
- Opens tradingwithhak.com
- Loads pages from CDN
- Interacts with UI
Cloudflare Pages
CDN + Edge + WAF
- DDoS protection
- Global edge delivery
- Auto-deploy from GitHub
- SSL/TLS termination
2
TradingWithHak
Frontend App Layer
- 20 HTML pages
- 26 JS files + 2 CSS
- auth-gate-v2.js guards pages
- SRI hashes on CDN scripts
Education Track
Crawl → Walk → Run
- index, crawl, walk, run
- Progress in localStorage
- YouTube (nocookie)
Paper Trading
Live market sim
- trading.html — Buy/sell
- Real-time Finnhub prices
- Portfolio + P&L + WS
The Pit
Live community
- Chat + camera + screen
- Watchlist + ticker
- TradingView charts
HakBudget
Budget + receipts + shopping
- budget-2026, budget-sheet
- receipt-inbox, receipt-history
- shopping-list, settings-stores
- Slot localStorage + Supabase sync
Stance Dashboard
Self-reflection
- Character / Financial / Time
- Alignment View
- Decision Log
!
Login Page
login.html
- Magic link or password
- Supabase auth modal
- payment-required.html
localStorage
Client-side store
- budgetConfig/Data_slot_0
- stanceDashboard
- ptAuth (JWT token)
- Auto-save 3s debounce
3
Railway Backend
Fastify + SQLite + WebSocket
- /api/orders, /api/portfolio
- /api/b/receipt/*, /api/b/receipts
- /api/b/shopping/*, /api/b/replenish
- /api/b/stores, /api/b/contact
- /ws — Real-time price ticks
- Helmet + CORS + JWT + Rate Limit
Order Mgmt System
Wall Street audit trail
- Pre-trade risk check
- Atomic fill execution
- Immutable order ledger
- Idempotent submissions
Risk Engine
Real-time monitoring
- 25% max position size
- 8% daily loss limit
- Breach alerts
Market Data Service
Finnhub WebSocket feed
- 11 symbols subscribed
- Normalizes trade data
- Feeds priceCache + EventBus
Price Cache
In-memory Map
- Latest price per symbol
- Read by OMS for fills
- Read by /api/price/:symbol
- Zero-latency lookups
Event Bus
In-process pub/sub
- TICK — every price update
- ORDER_FILLED — after trade
- PNL_UPDATE — P&L change
- Replaces Redis (in-process)
Supabase
Auth + PostgreSQL + Storage
- Auth: magic link + password
- RLS policies per user
- Budgets, receipts tables
- Image storage (receipts)
- Source of truth on login
SQLite
Trading ledger
- users, orders, fills
- risk_events — breach log
- WAL mode + FK enforced
- Cash balance trigger ≥ 0
!
Finnhub API
Market data provider
- WebSocket trade stream
- REST quotes + news
- API key auth
Claude API
AI categorization
- Receipt categorization
- API key auth
!
Google Vision
Receipt OCR
- Text extraction
- Service account auth
!
Stripe
Payments
- Subscription billing
- Webhook signature verify
- Promo codes (CRUD + apply)
My Daily Pulse
Mobile PWA
- 5 tabs: Home, Time, Budget, Pantry, Insights
- Commitments + Energy + Reflections
- Budget slots + Receipt scan
- Pantry tracking + Shopping lists
Native Apps
iOS + Android
- iOS: SwiftUI native (App Store)
- Android: TWA wrapper (APK builds)
- Both wrap My Daily Pulse PWA
Time Engine
Commitments + Energy
- Commitments CRUD + reflections
- Energy auto-calc from reflections
- Character check-ins + growth areas
- Joy memories + prompts + quotes
Pantry + Shopping
Inventory engine
- Pantry CRUD + expiry tracking
- Shopping lists + runs + optimization
- Coupons + deals + savings
- Recipes + meal planning
OSI Model Reference
L7
Application
HTTP, REST, WAF, CORS, Auth logic
L6
Presentation
TLS/SSL, JSON, SRI hashes
L5
Session
JWT tokens, WebSocket, Supabase auth
L4
Transport
TCP, rate limiting, WS upgrade
L3
Network
IP routing, DDoS filtering
L2
Data Link
Ethernet — not app-relevant
L1
Physical
Cables — not app-relevant
Packet Types
Market data
Trade orders
Auth tokens
Budget sync
Receipt/OCR
Shopping list
Payments
Time + Energy
Pantry + Recipes
OSI Layers
L7 Application
L6 Presentation
L5 Session
L4 Transport
L3 Network
-