Operational Handover / Alibaba Readiness

Complete infrastructure reality, consolidation path, and migration architecture for the Hermes ecosystem.

This website is meant to be directly handed to Nolan as a working technical brief. It combines the current verified production state, the wider project ecosystem, the AI and GPU direction, the current constraints around Hermetica and Quant EVA, and a staged migration model for a cleaner Alibaba Cloud future.

Executive Read

The stack currently spans a live GCP web host, a Cloud Run multi-service trading platform, a separate protected KunstvanVB AI VM, a large private Hermetica family on Hostkey, image-generation infrastructure linked to Hephaistos / ComfyUI, and external burst-compute compute routes such as Kaggle. The right Alibaba strategy is not one giant all-in-one box, but one coordinated business landscape with clearly separated runtime roles.

Public Web Stack Cloud Run Services GPU / Image Generation Private Control Plane Cloudflare Access
Verified GCP Web Host
1 VM

PixelPiraterij production currently runs on a single Google Compute Engine VM with Coolify, Traefik, Directus, PostgreSQL and Redis.

Verified Quant EVA Pattern
5 Services

Quant EVA is documented as a Cloud Run multi-service stack, not as a simple single VPS deployment.

Target Alibaba Shape
2-3 Nodes

Recommended target: one web/core host, one GPU/AI host, and later an optional private internal control host.

Main Migration Rule
Parallel First

Build, validate, switch origin last, then only decommission old infrastructure after stable proof.

Verified State

Current verified infrastructure reality

The most important distinction in this handover is between what is already hard-verified, what is strongly supported by local documentation, and what still needs live origin-level confirmation.

Layer Verified Today Meaning Status
PixelPiraterij production Runs on GCP VM pixelpiraterij-vps in europe-west4-a, type e2-standard-2, 2 vCPU / 8 GB RAM / 30 GB pd-balanced, public IP 34.12.130.53. Main live web/business hosting node with Coolify, Traefik, Directus, PostgreSQL and Redis. Hard Verified
Quant EVA Locally documented as Cloud Run stack in project quant-eva with services quant-eva-backend, quant-eva-frontend, quant-eva-hmm, quant-crypto-frontend, lijfstats-frontend. This is already a split service architecture and should not be treated as a single website migration. Hard Verified
KunstvanVB AI VM Protected local documentation explicitly references GCP project project-d4314e7d-c0fd-4587-acc with VM kunstvanvb-ai-vps in europe-west4-a, and the project also contains the attached disk kunstvanvb-ai-vps as a live GCP resource. Separate AI/business runtime is documented and tied to real GCP infrastructure, even though this session did not fully inspect every in-guest process. GCP Confirmed + Protected
Hermetica.cloud Main domain responds behind Cloudflare and exposes an Express-based app. Live Hostkey files show the Hermetica private stack with reverse proxies and service routes for commandcenter, chat, workflow, memory, servicecenter and related lanes. Hermetica is not a small side surface here. It is a large private Hostkey stack with multiple protected services behind the public edge. Large Hostkey Stack Confirmed
NotebookOS notebookos.hermetica.cloud exists, is Access-protected, appears in local monitoring collector code, and has a concrete codebase with Hephaistos and Kaggle router/service references. NotebookOS belongs to the Hermetica runtime picture and was owner-confirmed as recently moved into the Hostkey stack, which also explains the Kaggle tie-in. Hostkey Runtime Confirmed
Kaggle path Kaggle is wired into NotebookOS and Hermetica render flows through runtime code, queue folders, dispatch endpoints and environment settings such as KAGGLE_CONFIG_PATH=/root/.kaggle/kaggle.json and KAGGLE_NOTEBOOK_ACCELERATOR=gpu-t4x2. Kaggle is the burst-compute lane inside the bigger Hermetica stack, especially for NotebookOS render jobs. The only open detail is the current remote session state. Burst Compute Confirmed
Hephaistos / GPU path ComfyUI workflows, cloud image pipelines and the alias hephaistos-wake are present in local materials, GCP directly confirms disk hephaistos-comfyui-80 in europe-west4-b, and owner confirmation identifies the runtime as an on-demand L4 24 GB GPU lane kept idle when unused. The GPU/image-generation path is real, disk-backed and intentionally cost-controlled. It is meant to stay idle or off outside active generation windows. L4 GPU Lane Confirmed
Project Families

Portfolio grouped by runtime role

This is not a flat list of sites. It is a layered ecosystem with different operational characteristics: public business hosting, private control systems, AI compute, and serverless trading services.

PixelPiraterij

Public-facing business and product stack

Migration Ready First
  • pixelpiraterij.nl as flagship business site
  • pixelpiraterij.online as broader product/system layer
  • hub.pixelpiraterij.online as app and future browser-utility surface
  • Client sites and subdomains under the same operational family
  • Shared metadata layer for Android and web-facing utility products
Operationally the cleanest first migration candidate because it already behaves like a conventional business hosting stack.

Quant EVA

Trading, analytics and AI-assisted decision stack

Decompose Before Moving
  • Next.js frontend
  • FastAPI backend
  • HMM regime service
  • TradFi and crypto logic
  • Documented external integrations: Gemini, Saxo, Binance, Supabase, yfinance, ccxt
Should be treated as a service architecture, not as a simple VPS copy task.

Hermetica / Hermes

Protected internal service family

Origin Discovery Required
  • hermetica.cloud command and presentation layer
  • workflow.hermetica.cloud
  • chat.hermetica.cloud
  • commandcenter.hermetica.cloud
  • notebookos.hermetica.cloud
Cloudflare Access is in front, and the protected runtime behind it is the larger Hostkey Hermetica stack rather than a vague unknown origin.

KunstvanVB

Separate organization / AI-business runtime

Inventory Needed
  • Protected reference to kunstvanvb-ai-vps
  • Separate GCP project context
  • Likely linked to wider creative / AI business systems
Should not be merged blindly into either PixelPiraterij or Quant EVA until workload detail is confirmed.

Hephaistos / ComfyUI

Image generation and model-heavy infrastructure

GPU / Disk Specific
  • ComfyUI workflows are present locally
  • Cloud image pipeline references exist
  • Model storage and disk size matter structurally
  • Historically linked to region switching and non-static GPU paths
Operationally best suited to a dedicated GPU host rather than a shared public web server.

Kaggle and External Compute

Experiment, notebook or auxiliary ML layer

External / Runtime Referenced
  • Operationally referenced in the stack
  • Locally referenced in monitoring collector code
  • Current live credentials and GPU assignment not visible here
Should be handled as either an external experimental layer or later replaced by Alibaba GPU capacity.
Topology

How the system behaves today

This is the effective shape of the ecosystem based on verified runtime facts plus strong local documentation.

Current production topology

Cloudflare edge layer Public DNS, SSL, proxying and Access-protected surfaces for domains such as evaquant.tech and *.hermetica.cloud.
GCP VM for PixelPiraterij production pixelpiraterij-vps hosts Coolify, Traefik, Directus, PostgreSQL, Redis, and the live public business stack.
GCP Cloud Run for Quant EVA Quant EVA is split across frontend, backend and HMM-oriented runtime components in europe-west4.
Separate KunstvanVB AI VM Protected local documentation points to kunstvanvb-ai-vps as a distinct running system, and the project inventory confirms its dedicated disk resource in GCP.
Large private Hermetica family on Hostkey Workflow, chat, command center, memory, servicecenter and NotebookOS are reinforced by matching local configs, code, monitoring references and Hostkey runtime paths.
GPU / model-heavy layer Hephaistos / ComfyUI runs as a separate GPU-specific operating pattern with detachable model storage and on-demand activation.

What this means operationally

Public web hosting is already concentrated The PixelPiraterij family can be migrated as one business hosting cluster.
Trading services are already decoupled Quant EVA already behaves more like a small application platform than a simple site deployment.
AI and GPU workloads should remain isolated Image generation and model storage have a different profile from web traffic, CMS and databases.
Private control services need a backend map first Cloudflare Access protects them well, but migration requires service-by-service origin discovery.
Target Shape

Recommended Alibaba target architecture

The target state should centralize the business stack under Alibaba without collapsing all runtime classes into a single fragile machine.

Server A - Core Web / Business Platform

Public websites, CMS, deployments, app hosting baseline

Primary First Move
  • PixelPiraterij public stack
  • Client sites and landing pages
  • Coolify / reverse proxy
  • Directus
  • PostgreSQL
  • Redis
Suggested baseline profile: 8 vCPU, 16 GB RAM, 250 GB SSD/NVMe.

Server B - GPU / AI Node

Image generation, models, inference and heavy AI workflows

GPU Specific
  • Hephaistos workloads
  • ComfyUI
  • Model storage
  • GPU inference and generation tasks
  • Possible future AI worker split
Suggested baseline profile: 8-16 vCPU, 32-64 GB RAM, dedicated NVIDIA GPU, 500 GB to 1 TB NVMe.

Server C - Private Control Plane

Optional later host for internal-only services

Phase 2 / Optional
  • Chat
  • Workflow
  • Command Center
  • NotebookOS
Only after origin discovery confirms which services actually belong together and which security boundaries matter most.
Key Design Principle

Not one giant box, but one coordinated business landscape.

The right Alibaba outcome is a unified business environment with clear role separation: public web and data services on one stable core host, GPU and model-heavy work on a dedicated AI node, and private internal tooling isolated only when the service map justifies it.

Execution Plan

Recommended migration phases

The migration path should minimize risk by building in parallel first, validating thoroughly, switching origins last, and only decommissioning old systems after proof.

0

Audit Completion

Finish the cleaned service inventory for Hephaistos, the L4 lane, Kaggle burst usage, the live role of kunstvanvb-ai-vps, and the exact Hostkey service layout of the protected Hermetica family.

1

Build Alibaba Server A

Prepare the new core web host with Docker, deployment layer, database services, backups, logging, security and reverse-proxy foundation before moving any public traffic.

2

Migrate PixelPiraterij Public Stack

Move the public business cluster first: PixelPiraterij sites, Hub, World, client sites, Directus content, PostgreSQL data, uploads and routing. Validate in parallel. Switch Cloudflare origin only after clean proof.

3

Build Alibaba Server B

Stand up the GPU node with NVIDIA drivers, CUDA, Docker GPU support, model storage structure and backup policy.

4

Migrate Hephaistos / ComfyUI

Copy models, workflows, custom nodes and any essential outputs. Validate generation quality and performance before retiring any legacy GPU infrastructure.

5

Map Private Hermetica Origins

Identify exactly where chat, workflow, command center and notebook services currently run, classify them by trust level, and only then decide whether they belong on Server A, Server B or a future Server C.

6

Decompose Quant EVA Before Any Move

Break Quant EVA down into frontend, backend API, HMM worker/service, secret layer, integrations and traffic pattern. Only then decide whether to keep it on Cloud Run longer or self-manage it on Alibaba.

7

Controlled Old Infrastructure Wind-Down

Retire or reduce old GCP infrastructure only after stable validation windows, working backups, clean logs, and confirmed service continuity.

Risk Model

Main constraints and blind spots

These are the key areas where migration should remain deliberate rather than aggressive.

Quant EVA is not a brochure site

It already behaves like a small application platform with split frontend, backend and HMM-specific compute. Treating it like a single VPS copy would likely produce operational regressions.

High Architectural Sensitivity

Hermetica edge is visible, origins are not

Cloudflare Access, local configs and monitoring code together prove the protected Hermetica family is real and large on Hostkey. What still needs discipline is a clean service inventory for migration planning.

Service Inventory Needed

GPU workloads are storage-heavy too

Hephaistos and ComfyUI style systems are not just about GPU power. Model directories, custom nodes, snapshots, workflow configs and disk layout matter just as much.

Disk + GPU Coupling

Kaggle may still be functionally relevant

Kaggle appears in real service code, queue orchestration and NotebookOS runtime settings, so it belongs in the architecture as a burst-compute lane. The open question is current live remote session state, not whether Kaggle is part of the system.

Burst Lane Session Review

Do not collapse every runtime into one host

One giant machine would increase blast radius, reduce isolation and make AI load compete with public web traffic. The cleaner business design is coordinated separation, not reckless compression.

Avoid Single Blast Radius

Old infrastructure should be retired late

The correct order is build, validate, switch, observe, then only decommission. This is especially important for image-generation and protected private services.

Rollback Friendly Strategy
Alibaba Support Scope

Where Nolan can assist most effectively

This section translates the technical reality into practical areas where Alibaba Cloud guidance adds immediate value.

1. Validate the target infrastructure split

Confirm the recommended separation between a core web/business host and a dedicated GPU/AI node, and advise whether a third private control-plane host should exist from day one or later.

2. Match the right Alibaba runtime families

Map the public web stack, the GPU/image-generation stack, and any later private internal services to the right Alibaba server classes, storage model and security posture.

3. Help shape the migration landing zones

Define the cleanest rollout model for public websites, databases, CMS content, AI nodes, and possible future private services while keeping Cloudflare in front.

4. Review GPU strategy against external compute

Assess whether Kaggle-like experimentation should remain external, become hybrid, or be absorbed into a dedicated Alibaba GPU node once the live AI workload map is complete.

5. Assess Quant EVA as a later migration wave

Support the decomposition of Quant EVA into clean service boundaries and help determine whether full self-management on Alibaba is operationally preferable to retaining serverless elements longer.

6. Bring professional hosting discipline

Advise on business-grade backups, storage segmentation, deployment hygiene, observability, GPU isolation, and a scalable hosting structure for future client workloads under the same ecosystem.

Final Position

Bottom-line conclusion

This handover is intended to remove ambiguity: the ecosystem is already a genuine multi-runtime product landscape, and its Alibaba future should reflect that reality.

What is already clear

  • PixelPiraterij public hosting is the cleanest first Alibaba migration candidate.
  • Quant EVA is a structured service stack and should be migrated as such, if migrated.
  • Hermetica private services exist but need origin-level discovery before migration.
  • Hephaistos / ComfyUI style workloads belong with dedicated GPU logic, not mixed into standard public hosting by default.

What the best Alibaba future looks like

  • One stable Alibaba core host for business websites, CMS, data and deployments.
  • One separate Alibaba GPU node for image generation, models and AI-heavy inference.
  • A possible later internal/private node for protected Hermetica services if origin mapping confirms the need.
  • Cloudflare retained as the edge, security and access layer throughout the transition.