Complete User's Guide to the Trinity Beast Command Center (TBCC)
The Trinity Beast Command Center (TBCC) is a unified operations dashboard that brings together all administrative functions for The Trinity Beast Infrastructure into a single browser-based interface. Rather than switching between multiple AWS Console tabs, admin pages, and terminal windows, the TBCC provides everything you need in one place.
The console is designed as a widget-based dashboard modeled after the AWS Console experience, with a dark theme and card-based layout that organizes operational tools by function. Key capabilities include:
Before using the TBCC, ensure the following are in place on your Neo machine:
211998422884 (region us-east-2). Run aws sts get-caller-identity to verify.websockets Python package — The terminal relay script auto-installs this on first run if it is not already present.trinity-beast-lpo-server/scripts directory on your PATH so that tbccstart and tbccstop can be run from any terminal window.The terminal relay is a lightweight Python WebSocket server that bridges the TBCC browser interface to your local shell. To start it, run tbccstart from any terminal window.
ws://127.0.0.1:9999 (localhost only — not network accessible)./tmp/tbcc-relay.log./tmp/tbcc-relay.pid for clean shutdown.#!/bin/bash
# The Trinity Beast Command Center — Start Terminal Relay
# Run from anywhere: tbccstart
SCRIPT_DIR="$(cd "$(dirname "$(readlink -f "$0" 2>/dev/null || echo "$0")")" && pwd)"
RELAY="$SCRIPT_DIR/terminal-relay.py"
if ! [ -f "$RELAY" ]; then
echo "❌ terminal-relay.py not found at $RELAY"
exit 1
fi
# Check if already running
if pgrep -f "terminal-relay.py" > /dev/null 2>&1; then
echo "⚡ Terminal Relay is already running (PID $(pgrep -f terminal-relay.py))"
exit 0
fi
nohup python3 "$RELAY" > /tmp/tbcc-relay.log 2>&1 &
PID=$!
echo $PID > /tmp/tbcc-relay.pid
sleep 1
if kill -0 $PID 2>/dev/null; then
echo "✅ Terminal Relay started (PID $PID)"
echo " Listening on ws://127.0.0.1:9999"
echo " Log: /tmp/tbcc-relay.log"
echo " Stop: tbccstop"
else
echo "❌ Failed to start. Check /tmp/tbcc-relay.log"
exit 1
fiTo stop the terminal relay, run tbccstop from any terminal window. This kills the background relay process and cleans up the PID file.
#!/bin/bash
# The Trinity Beast Command Center — Stop Terminal Relay
# Run from anywhere: tbccstop
PIDS=$(pgrep -f "terminal-relay.py")
if [ -z "$PIDS" ]; then
echo "⚡ Terminal Relay is not running."
rm -f /tmp/tbcc-relay.pid
exit 0
fi
kill $PIDS 2>/dev/null
rm -f /tmp/tbcc-relay.pid
echo "✅ Terminal Relay stopped (PID $PIDS)"Once the terminal relay is running, open the TBCC in any browser:
https://cpmp-site.org/admin/trinity-beast-command-center.htmltbccstart in your local terminal.The TBCC is organized into distinct visual regions designed for efficient operations workflow:
The six widgets are:
Below is a representative view of the TBCC dashboard showing all six widgets, the top navigation bar with relay status and Demo Key toggle, and the terminal panel at the bottom:
Icon: 💬 Blue chat bubble | Purpose: Manage customer support tickets, respond to inquiries, and track resolution.
The Support Administration widget provides access to the full support ticket lifecycle — from customer submission through resolution and closure. It links to both the admin-facing console and the public-facing support page.
| Tile | Description | Links To |
|---|---|---|
| Support Console | Dashboard, ticket management, replies | supportadmin.html |
| Public Support Page | Customer-facing ticket submission form | support.html |
| Ticket Stats | Live JSON endpoint for ticket statistics | API endpoint |
Support tickets progress through the following statuses as they move through the resolution workflow:
| Status | Color | Description |
|---|---|---|
| New | Orange | Just submitted, not yet reviewed by an administrator |
| Open | Blue | Acknowledged by an admin, currently being reviewed |
| In Progress | Purple | Actively being worked on — investigation or fix underway |
| Awaiting Customer | Yellow | Admin has replied, waiting for customer response |
| Resolved | Green | Issue has been addressed and solution provided |
| Closed | Gray | Finalized — no further action needed |
Tickets are classified into the following categories to help route and prioritize them:
The dashboard provides an at-a-glance view of ticket volume and status distribution, along with a table of recent tickets.
The public support page at cpmp-site.org/support.html allows customers to submit new tickets without needing an admin account. Below is a representative view of the submission form:
Icon: 📨 Purple open envelope | Purpose: Compose and send emails via Amazon SES with templates, drafts, and configurable senders.
The Email Administration widget provides access to the Email Admin Console where you can compose emails using pre-built templates, manage drafts, and configure sender addresses. All emails are sent through Amazon SES with proper DKIM and SPF authentication.
| Tile | Description | Links To |
|---|---|---|
| Email Console | Templates, compose, drafts, send | emailadmin.html |
| Drafts | Resume saved email drafts | emailadmin.html#drafts |
| Senders | Manage from-addresses and reply-to | emailadmin.html#senders |
The following sender identities are configured in Amazon SES for use with the Email Admin Console:
| Display Name | Purpose | |
|---|---|---|
| CPMP Support | Support@CPMP-Site.org | Customer support correspondence |
| CPMP Mission | Contact@CPMP-Site.org | General public contact, donation inquiries |
| CPMP Mission | No-Reply@CPMP-Site.org | Automated emails (receipts, welcome, newsletters) |
| CPMP Admin | Admin@CPMP-Site.org | System admin, AWS alerts, TBCC notifications |
| The Trinity Beast | Partners@CPMP-Site.org | Partner applications and onboarding |
| Cory Dean Kalani | CoryDeanKalani@CPMP-Site.org | Primary account — all aliases route here |
The compose tab provides a rich email editor with template selection, sender configuration, recipient management, and a Quill.js rich text editor for the email body.
Newsletter welcome emails are language-aware. The email_translations table in Aurora stores all translatable text fields for each SES template. When a subscriber signs up, the server looks up their preferred language and passes the translated fields to SES. To update any translation, modify the row in the table — no code changes or redeployment required.
| Template | Languages | Fields | Purpose |
|---|---|---|---|
CPMPNewsletterWelcome | 9 (en, ur, pa, es, fr, de, hi, ja, ar) | subject, heading, body, freedom, medical, water, education, word, mapBtn, giveBtn, unsubscribe | CPMP mission newsletter welcome email |
LPONewsletterWelcome | 9 (en, ur, pa, es, fr, de, hi, ja, ar) | subject, heading, body, docsBtn, apiBtn, unsubscribe | LPO/Trinity Beast newsletter welcome email |
To view all translations for a template and language:
POST /admin/sql
{"query": "SELECT field_name, field_value FROM email_translations WHERE template_name = 'CPMPNewsletterWelcome' AND lang = 'de' ORDER BY field_name", "mode": "read"}
To update a single field (e.g., change the German subject line):
POST /admin/sql-batch
{"query": "UPDATE email_translations SET field_value = 'Willkommen beim CPMP-Newsletter' WHERE template_name = 'CPMPNewsletterWelcome' AND lang = 'de' AND field_name = 'heading'"}
To add a new language (e.g., Italian), insert all fields for each template:
POST /admin/sql-batch
{"query": "INSERT INTO email_translations (template_name, lang, field_name, field_value) VALUES ('CPMPNewsletterWelcome', 'it', 'subject', 'Benvenuto alla Newsletter CPMP'), ('CPMPNewsletterWelcome', 'it', 'heading', 'Benvenuto alla Newsletter CPMP'), ... ON CONFLICT (template_name, lang, field_name) DO UPDATE SET field_value = EXCLUDED.field_value;"}
No redeployment needed: All email translations are read from the database at send time. Update a row in email_translations and the next welcome email sent in that language will use the new text immediately. The SES templates use {{variable}} placeholders — the server fills them from the table.
Icon: Cyan bar chart | Purpose: Direct links to AWS CloudWatch dashboards and monitoring resources.
The CloudWatch Monitoring widget provides one-click access to the key monitoring dashboards, log groups, and alarm configurations in AWS CloudWatch. These links open directly in the AWS Console for the us-east-2 region.
| Tile | Description | Links To |
|---|---|---|
| Application Dashboard | LPO, LRS, Lambda, and Container metrics — CPU, memory, request rates, latency, cache hit ratios | AWS CloudWatch Dashboard |
| Security Dashboard | WAF blocks, GuardDuty findings, rate limiting, ALB error codes, security alarms, ElastiCache health | AWS CloudWatch Dashboard |
| Log Groups | All ECS task and Lambda function log streams for real-time log tailing and search | AWS CloudWatch Log Groups |
| Alarms | SNS alert thresholds and notification configurations — CPU spikes, error rates, unhealthy targets, WAF blocks, GuardDuty findings | AWS CloudWatch Alarms |
Icon: 💳 Indigo Stripe "S" logo | Purpose: Centralized access to all Stripe Dashboard functions for managing subscriptions, customers, payments, products, webhooks, and reporting.
The Stripe widget brings together everything you need to manage your payment infrastructure without navigating the Stripe site for each task. It is organized into four logical sections: Subscriptions & Customers, Products & Revenue, Configuration & Webhooks, and Reporting & Logs.
| Tile | Destination | Purpose |
|---|---|---|
| Subscriptions | Stripe → Subscriptions | View and manage all active, past due, and canceled subscriptions. Filter by status, search by customer. |
| Customers | Stripe → Customers | Customer profiles, payment methods on file, subscription history, and email addresses. |
| Invoices | Stripe → Invoices | All invoices — paid, open, void, uncollectible. Download PDFs, resend receipts, void invoices. |
| Tile | Destination | Purpose |
|---|---|---|
| Products & Prices | Stripe → Products | Manage LPO tier products (Free, Pro, Enterprise, Unlimited, Lifetime) and the LRS add-on ($20/mo). Edit prices, metadata, and descriptions. |
| Payments | Stripe → Payments | All charges, refunds, and disputes. Search by amount, customer, or payment method. Issue refunds. |
| Balance & Payouts | Stripe → Balance | Current balance, pending payouts, payout schedule, and transfer history to your bank account. |
| Tile | Destination | Purpose |
|---|---|---|
| Webhooks | Stripe → Webhooks | Webhook endpoints, event delivery logs, failed deliveries, and retry status. Monitor the /webhook endpoint health. |
| Customer Portal | Stripe → Portal Settings | Configure self-service portal: cancellation policy, payment method updates, invoice visibility, return URL. |
| Payment Links | Stripe → Payment Links | Create and manage checkout URLs for subscription tiers and the LRS add-on. Generate QR codes. |
| Tile | Destination | Purpose |
|---|---|---|
| Event Logs | Stripe → Events | Full API event log — every webhook delivery, API call, and state change. Filter by event type. |
| Reports | Stripe → Reports | Revenue reports, MRR (Monthly Recurring Revenue), churn rate, subscription growth, and financial summaries. |
| Developers | Stripe → Developers | API keys (publishable + secret), API request logs, test mode toggle, and SDK documentation links. |
Icon: Green lab flask | Purpose: Pre-built API test commands with one-click copy or execute functionality.
The Testing widget contains a library of ready-to-run cURL commands that cover the most common API testing and diagnostic scenarios. Each command has a Run ▶ button (executes in the terminal widget) and a Copy 📋 button (copies to clipboard for use in an external terminal).
| Command | Description |
|---|---|
| LPO Health Check | curl -s https://api.cpmp-site.org/health |
| LRS Health Check | curl -s https://lrs.cpmp-site.org/health |
| LRS Usage Report | Fetch one usage record from the LRS reporting endpoint |
| Fetch BTC Price | Test BTC price query with demo API key |
| Fetch ETH Price | Test ETH price query with demo API key |
| Admin Config | View application parameters from the admin config endpoint |
| Support Stats | Fetch live ticket statistics from the support API |
| Newsletter Templates | List all available newsletter templates |
| Email Senders | List configured email sender identities |
| Email Templates | List all available email templates |
| Newsletter Subscribers | List all newsletter subscribers |
| Map Pins | Fetch map pin data for the CPMP mission map |
When you click Run ▶ on a command, it executes through the WebSocket relay and the output streams into the terminal widget at the bottom of the page. Below is a representative view:
Icon: 🖥 Rose server stack | Purpose: Operational AWS CLI commands organized by service category for infrastructure management.
The AWS Operations widget is the most command-dense widget on the dashboard. It organizes pre-built AWS CLI commands into logical service categories, each with Run and Copy buttons. Commands cover the full operational surface of The Trinity Beast Infrastructure.
ECS Exec tunnels provide interactive shell access to running containers. These are the most frequently used operational commands.
| Command | Description |
|---|---|
| ECS Exec — Main Service | Interactive shell into the main The Trinity Beast container (LPO primary) |
| ECS Exec — Mirror Service | Interactive shell into the mirror container (LPO failover/read replica) |
| ECS Exec — LRS Service | Interactive shell into the LRS container (Listener Report Service) |
| Command | Description |
|---|---|
| List Services | List all ECS services in the Trinity Beast cluster |
| Service Status | Show detailed status of all three services (desired count, running count, deployments) |
| Force Deploy All 3 | Force a new deployment of all three ECS services (Main, Mirror, LRS) — pulls latest images |
| Running Tasks | List all currently running ECS tasks with their task IDs and status |
| Command | Description |
|---|---|
| Aurora Cluster Status | Show Aurora PostgreSQL cluster status, endpoints, and instance health |
| ElastiCache Status | Show ElastiCache for Redis cluster status, node count, and endpoint |
| Command | Description |
|---|---|
| Lambda Status | List all Lambda functions with runtime, memory, and last modified date |
| Recent Invocations | Show recent Lambda invocation metrics from CloudWatch |
| Command | Description |
|---|---|
| Recent Images | List the most recent container images pushed to ECR with tags and sizes |
| Command | Description |
|---|---|
| Website Files | List files in the S3 website bucket (cpmp-site.org static assets) |
| CloudFront Invalidation | Create a CloudFront cache invalidation for /* to push updated content |
| Command | Description |
|---|---|
| Recent CloudWatch Logs | Tail the most recent log events from ECS task log groups |
| Command | Description |
|---|---|
| Scheduled Rules | List all EventBridge scheduled rules (cron jobs, rate-based triggers) |
The nightly sync job runs at 1:00 AM EST via EventBridge → ECS Fargate. It syncs Aurora → ElastiCache (price logs, usage logs, API keys, application parameters) and prunes old data. Check this first thing each day after the health check.
| Command | Description |
|---|---|
| Last Sync Status | Pull the most recent sync job log stream from CloudWatch and display run time, status, duration, cache totals, and per-category sync counts |
bash scripts/kcc.sh health first, then bash scripts/kcc.sh sync-check to confirm the nightly sync completed. Both should be green before starting the day's work.
| Command | Description |
|---|---|
| List Secrets | List all secrets stored in AWS Secrets Manager (names only, not values) |
Kiro CLI (v2.0.0) provides an AI-powered terminal chat session directly from the TBCC. Use it for natural language AWS operations, code generation, and troubleshooting.
| Command | Description |
|---|---|
| Launch Kiro CLI Chat | Start an interactive AI chat session with Kiro CLI — natural language AWS operations, code generation, and troubleshooting |
/Applications/Kiro CLI.app and added to PATH via .bash_profile. The kiro-cli chat command is interactive — use the Copy 📋 button and paste into your local Terminal for the best experience.
Database administration tools for connecting to Aurora PostgreSQL via port forwarding. Use with pgAdmin, DBeaver, or psql on your Neo machine.
| Command | Description |
|---|---|
| 🐘 Aurora Port Forward (pgAdmin) | Forward Aurora PostgreSQL port 5432 to localhost:5432 via SSM Session Manager. Once running, connect pgAdmin or psql to localhost:5432 with your Aurora credentials. |
localhost:5432 with database CPMP_Backend_Aurora.
Below is a representative view of the AWS Operations widget as it appears on the TBCC dashboard, showing the command sections with Run and Copy buttons:
Icon: 💻 Cyan terminal prompt | Purpose: Built-in terminal emulator connected to your local MacBook via WebSocket relay.
The terminal widget is a full-width panel at the bottom of the TBCC dashboard that provides a browser-based terminal experience. It connects to Cory Dean Kalani's MacBook Neo through the WebSocket relay server (terminal-relay.py) and can execute any command the local shell can run.
The terminal relay uses a simple architecture with no external dependencies beyond the websockets Python package:
Browser (TBCC) ←→ WebSocket ←→ terminal-relay.py (localhost:9999) ←→ bash shellThe relay listens only on 127.0.0.1 (localhost), so it is not accessible from other machines on the network. Each command sent from the browser spawns a subprocess on the Neo machine, and stdout/stderr are streamed back to the browser over the WebSocket connection.
Below is a representative view of the terminal widget showing output from a health check and a price query:
Icon: 👥 Teal people silhouettes | Purpose: Onboard, manage, and monitor AWS partners connected via PrivateLink (TCP) or VPC Peering (UDP).
The Partner Management widget organises its functionality across four tabs: Partners (view all connected partners), Pending Approvals (accept or reject incoming connection requests), Security Groups (manage UDP access CIDRs), and Onboard Partner (a step-by-step wizard that generates the exact CLI commands for both sides of the connection).
Icon: 🔄 Emerald exchange arrows | Purpose: Manage all 6 real-time WebSocket exchange feeds and their 150 asset mappings from a single dashboard widget.
The Exchange Manager widget is the operational control panel for The Trinity Beast's table-driven exchange architecture. It provides full visibility into every WebSocket feed, every asset-to-symbol mapping, and every runtime metric — organized across three tabs.
A live table showing all 6 configured exchanges with their connection status, WebSocket endpoint, source tag, and asset count. Each row includes an Enable/Disable toggle that calls POST /admin/exchange-feeds/toggle — no deploy required.
| Column | Description |
|---|---|
| Exchange | Display name (Coinbase, Gemini, Kraken, Gate.io, Bybit, OKX) |
| Endpoint | WebSocket URL (e.g., wss://advanced-trade-ws.coinbase.com) |
| Source Tag | Tag written to usage logs and API responses (e.g., coinbase-ws) |
| Assets | Number of enabled asset mappings for this exchange (24 each) |
| Enabled | Toggle switch — disables the feed without removing the configuration |
Adding Exchange #7: Click "Add Exchange" to open the feed configuration form. Fill in the WebSocket endpoint, subscribe template with {SYMBOLS} placeholder, JSON paths for price/symbol/timestamp extraction, and ping settings. Save, add asset mappings in Tab 2, restart the container. The new exchange is live.
A filterable table of all 150 asset-to-symbol mappings across all exchanges. Filter by exchange name to see just one exchange's assets. Each row shows the normalized asset name (BTC), the exchange-specific symbol (BTC-USD, btcusd, BTC/USD, etc.), and an enabled flag.
| Column | Description |
|---|---|
| Exchange | Which exchange this mapping belongs to |
| Asset | Normalized asset name (BTC, ETH, SOL, etc.) |
| Exchange Symbol | Exchange-specific symbol format (e.g., BTC_USDT for Gate.io) |
| Enabled | Whether this asset is actively subscribed on the exchange |
Asset mappings are managed via POST /admin/exchange-assets/save (batch upsert) and DELETE /admin/exchange-assets (single or bulk delete). The public GET /exchanges endpoint reads from these same tables to power the demo dropdown on the subscription page.
18 color-coded metric cards pulled from GET /admin/stress-stats, showing the real-time state of the container that handled the request. Metrics are grouped into categories:
Cards turn green for healthy values, amber for warning thresholds, and red for critical values (e.g., UDP drop % > 1%, 5xx errors > 0, batch flush errors > 0).
| Endpoint | Purpose |
|---|---|
GET /admin/exchange-feeds | Load the Exchange Feeds tab |
POST /admin/exchange-feeds/save | Create or update an exchange configuration |
POST /admin/exchange-feeds/toggle | Enable or disable an exchange |
GET /admin/exchange-assets | Load the Asset Mappings tab (filterable by exchange) |
POST /admin/exchange-assets/save | Batch create/update asset mappings |
GET /admin/stress-stats | Load the Runtime Metrics tab |
Icon: 🏥 Red heart pulse | Purpose: Real-time health monitoring of all 3 ECS containers via ElastiCache-based cluster-wide aggregation.
The Cluster Health widget is the first widget on the TBCC dashboard — a full-width panel that shows the operational state of all 3 containers (BeastMain, BeastMirror, BeastLRS) at a glance. Unlike a simple port health check, this widget shows actual runtime metrics from inside each container.
Each container runs a background goroutine (StartMetricsPublisher()) that publishes its 24-counter metrics snapshot to ElastiCache every 3 seconds. The widget calls GET /admin/cluster-stats, which reads all 3 snapshots in a single ElastiCache pipeline call — one round-trip, sub-millisecond, guaranteed all 3 containers.
Why not ALB polling? The previous approach required up to 30 HTTP requests through the ALB, hoping the load balancer would route to different containers. It was slow, unreliable, and wasteful. The ElastiCache approach guarantees all 3 containers in 1 call because each container publishes independently.
| Key | TTL | Content |
|---|---|---|
cluster:stats:BeastMain | 30 seconds | Full metrics snapshot + cluster_node + region + published_at |
cluster:stats:BeastMirror | 30 seconds | Same structure |
cluster:stats:BeastLRS | 30 seconds | Same structure |
If a container hasn't published in 30 seconds, its key expires and the widget shows it as missing — an immediate signal that something is wrong.
The widget displays 3 cards in a horizontal row, one per container. Each card shows:
| Metric | Description | Thresholds |
|---|---|---|
| Health Status | Green checkmark if reporting, red X if missing | Present = green, Missing = red |
| Uptime | Time since the container started (from published_at) | Informational |
| Total Requests | TCP + UDP + LRS combined | Informational |
| Cache Hit % | sync.Map + ElastiCache hits / total lookups | >95% = green, <90% = red |
| DB Connections | In-use / open connections | Informational |
| UDP Drop % | Packets dropped / packets received | 0% = green, >1% = red |
| BG Drop % | Background work dropped / submitted | 0% = green, >1% = red |
| 5xx Errors | Server error count since last reset | 0 = green, >0 = red |
The widget header shows a badge indicating how many nodes are reporting — 3/3 Nodes in green when all containers are healthy, or 2/3 Nodes in red if any container is missing.
The widget auto-loads on page open and includes a "Check All Nodes" refresh button. The dashboard currently refreshes on a 30-second timer.
Future Enhancement: The 30-second refresh interval and the 3-second publish interval are candidates for future application parameters, allowing the refresh cadence to be tuned without a code deploy.
Six key runtime metrics from the cluster stats are also published to CloudWatch for dashboard and alarm visibility:
UDPDropPct — UDP packet drop percentageBgDropPct — Background work drop percentageDBInUseConns — Database connections currently in useDBWaitCount — Database connection pool wait countBatchFlushErrors — Batch pipeline flush error countSyncMapHitPct — sync.Map cache hit percentageThe TBCC links to four child pages that provide full-featured admin consoles and the public-facing support interface. Each child page is a standalone HTML application that communicates with the Trinity Beast API backend.
URL: cpmp-site.org/admin/newsletteradmin.html
The Newsletter Admin Console is a full-featured newsletter management application with four main sections accessible via a sidebar navigation:
The compose tab displays available templates as selectable cards. Clicking a template pre-fills the editor with the template's layout and default content.
URL: cpmp-site.org/admin/supportadmin.html
The Support Admin Console provides a complete ticket management system with three main sections:
Expanding a ticket reveals the full conversation thread, including the original customer message, admin replies, and internal notes (visible only to admins).
URL: cpmp-site.org/admin/emailadmin.html
The Email Admin Console provides a complete email management system with four main sections accessible via sidebar navigation:
URL: cpmp-site.org/support.html
The public support page is the customer-facing interface for the support system. It provides three main functions:
The page supports permanent links for direct access:
support.html?email=bugs.bunny@acme.com — Opens the ticket list for a specific email address.support.html?ticket=CPMP-20260417-a3f1 — Opens a specific ticket's detail view directly.All admin API endpoints are protected by the X-Admin-Key header. Public endpoints (health checks, price queries, customer-facing support) require no authentication. The admin key is stored in the application_parameters table and can be changed at any time without redeploying.
Every request to a protected endpoint must include the X-Admin-Key header with the correct admin API key.
curl -H "X-Admin-Key: YOUR_ADMIN_KEY" https://api.cpmp-site.org/admin/config| Response | Meaning |
|---|---|
200 OK | Key is valid — request processed |
401 Unauthorized | No X-Admin-Key header provided |
403 Forbidden | Key provided but does not match |
The admin HTML pages (TBCC, Newsletter Admin, Email Admin, Support Admin) prompt for the key on first visit and store it in localStorage. You won't be asked again unless the key is rejected or you clear browser data.
These endpoints are accessible without any API key or admin key. They serve customer-facing functionality and health monitoring.
| Method | Endpoint | Description |
|---|---|---|
| GET | /health | LPO server health check — returns "LPO Health Check - OK" |
| GET | /price?asset=BTC | Fetch real-time crypto price (requires Bearer API key in Authorization header) |
| GET | /map/pins | Fetch map pin data for the CPMP mission map |
| POST | /support/submit | Submit a new support ticket (customer-facing) |
| GET | /support/tickets?email=xxx | List all tickets for an email address (customer-facing) |
| GET | /support/ticket/{ticket_number} | View ticket detail by ticket number (customer-facing, includes non-internal replies) |
| POST | /newsletter/subscribe | Subscribe to newsletter (from website form) |
| GET | /newsletter/unsubscribe?email=x&source=x | Unsubscribe from newsletter (from email link) |
| GET | /newsletter/resubscribe?email=x&source=x | Re-subscribe to newsletter (from opt-out landing page) |
| GET | /admin/bootstrap-key?key=xxx | One-time bootstrap: sets the admin API key (only works when no key is configured) |
All endpoints below require the X-Admin-Key header.
| Method | Endpoint | Description |
|---|---|---|
| GET | /admin/config | View current application parameters (prewarm interval, cache TTL, demo key, etc.) |
| GET | /admin/setup-demo | Initialize demo API key in the database (one-time setup) |
| GET | /admin/invalidate-key?api_key=xxx | Invalidate an API key from memory + ElastiCache cache (forces Aurora re-read) |
| GET | /admin/demo-mode?mode=demo|performance | Toggle demo key between Demo (3 QPS) and Performance (1000 QPS) mode |
| Method | Endpoint | Description |
|---|---|---|
| GET | /newsletter/list?type=cpmp|listener | List all newsletters filtered by type |
| GET | /newsletter/{id} | Get a single newsletter by UUID (includes content) |
| POST | /newsletter/save | Create or update a newsletter (body: {id?, title, content, type}) |
| POST | /newsletter/{id}/status | Toggle newsletter active/inactive status |
| POST | /newsletter/{id}/send | Send newsletter to all active subscribers of matching type via SES |
| GET | /newsletter/subscribers?source=cpmp|listener | List all active subscribers (optional source filter) |
| GET | /newsletter/templates?type=cpmp|listener | List newsletter templates (optional type filter) |
| GET | /newsletter/templates/{id} | Get a single template by UUID (includes content) |
| POST | /newsletter/templates/save | Create or update a template (body: {id?, type, topic, name, content}) |
| DELETE | /newsletter/templates/{id} | Delete a newsletter template |
| Method | Endpoint | Description |
|---|---|---|
| GET | /email/templates?topic=xxx | List email templates (optional topic filter) |
| GET | /email/templates/{id} | Get a single email template (includes content) |
| POST | /email/templates/save | Create or update email template (body: {id?, topic, name, subject, content}) |
| DELETE | /email/templates/{id} | Delete an email template |
| GET | /email/senders | List all configured email senders (display name, email, reply-to) |
| POST | /email/senders/save | Create or update sender (body: {id?, display_name, email, reply_to}) |
| DELETE | /email/senders/{id} | Delete an email sender |
| GET | /email/drafts?status=draft|sent | List email drafts (optional status filter) |
| GET | /email/drafts/{id} | Get a single draft (includes full content, recipients, CC, BCC) |
| POST | /email/drafts/save | Create or update draft (body: {id?, template_id?, sender_id?, subject, content, recipients, cc, bcc}) |
| DELETE | /email/drafts/{id} | Delete an email draft |
| POST | /email/drafts/{id}/send | Send a draft via SES (marks as sent, sets sent_at) |
| Method | Endpoint | Description |
|---|---|---|
| GET | /support/admin/stats | Aggregate ticket counts by status (total, new, open, in_progress, awaiting_customer, resolved, closed) |
| GET | /support/admin/tickets?status=x&category=x&email=x | List all tickets with optional filters, ordered by updated_at DESC |
| GET | /support/admin/tickets/{id} | Get full ticket detail by UUID (includes ALL replies, including internal notes) |
| POST | /support/admin/tickets/{id}/update | Update ticket status or category (body: {status?, category?}) |
| POST | /support/admin/tickets/{id}/reply | Add a reply to a ticket (body: {author, message, is_internal}). Non-internal replies trigger SES email to customer. |
These endpoints are on the LRS server (lrs.cpmp-site.org) and require a subscriber API key via the Authorization: Bearer header — not the admin key.
| Method | Endpoint | Description |
|---|---|---|
| GET | /health | LRS health check |
| GET | /reports/usage | Detailed usage report — individual query logs with pagination, asset/date filters, 4 output formats |
| GET | /reports/summary | Summary report — aggregated stats (total requests, cache hit rate, by asset/source) |
| GET | /reports/report-usage | Report usage detail — tracks how many reports have been pulled |
| GET | /reports/report-summary | Report usage summary — aggregated report consumption stats |
application_parameters table under the key admin_api_key. To change it, update the value in the database — the running services will pick up the new key within 5 minutes (the application parameter reload interval). No redeployment required.
Common issues and their solutions when working with the TBCC:
| Issue | Solution |
|---|---|
| Terminal shows "Offline" | Run tbccstart in your local terminal to start the WebSocket relay server. |
| Terminal disconnects frequently | Check /tmp/tbcc-relay.log for errors. The relay may have crashed — restart with tbccstop followed by tbccstart. |
| Commands fail with "credentials" error | Run aws sts get-caller-identity to verify your AWS CLI configuration. Ensure credentials are set for account 211998422884 in region us-east-2. |
| ECS Exec fails | Ensure the Session Manager plugin is installed on your Neo machine. Verify by running session-manager-plugin in your terminal. Install from the AWS docs if missing. |
| CloudWatch links open wrong region | Verify you are logged into the us-east-2 (Ohio) region in the AWS Console. The TBCC links include the region parameter, but the AWS Console may override it if you have a different default. |
| Page shows stale content | Run the CloudFront invalidation command from the AWS Operations widget to clear the CDN cache and push updated content to the edge. |
| WebSocket blocked by browser | Ensure you are accessing the TBCC via HTTPS or localhost. Some browsers block mixed content (HTTPS page connecting to ws:// instead of wss://). The relay runs on localhost, which is exempt from mixed content restrictions in most browsers. |