Call Analyst β€” Engineering Hub

One place for everything, Pablo. The refactor is shipped to prod and the AWS/auth plan is ready for your input. Five deep-dives below; the short version is right here.

Refactor live on callanalyst.app Auth/AWS plan ready for your call Updated 2026-06-19

The five pages

All behind the Daxos gate (password daxos2027 β€” one entry unlocks all of them for a year).

πŸ“šBuild Docs
How the product works today: consumer vs internal builds, tech stack, the serverless functions, data flows, integrations. Onboarding cold.
referenceopen β†’
πŸ“ˆRefactor Progress
What the refactor did, commit by commit, and how each step was verified. The detailed log behind the summary below. (Written pre-ship; now merged β€” see below.)
shippedopen β†’
πŸ› οΈRefactor Plan
The original 5-workstream plan: segregation, stop main=prod, CI, split the file, cleanup. WS4 (split) is now done; the rest is the roadmap.
planopen β†’
πŸ›οΈYour AWS Proposal
Your POC→production proposal written up: CDK, VPC-isolated Lambdas, CloudFront, containers, plus the compliance framing. Your direction, captured.
proposalopen β†’
πŸ”Auth / AWS Plan
Cognito (us-east-2, 100k users) + CDK + SES/SNS + Stripe-linked + US geofence, with 6 sequence diagrams & timings. Answers your A–D. Needs your decisions.
for Saturdayopen β†’
πŸš€The Refactor (shipped)
Explained right here on this page β€” what shipped to prod, how it was verified, and the two bugs caught on the way. Jump down ↓
this pageread ↓

Start here (suggested order)

  1. The refactor summary ↓ (this page) β€” what just changed in the codebase and why it matters for your work.
  2. Build Docs β€” how the product is wired today (the thing the AWS work plugs into).
  3. Auth / AWS Plan β€” the concrete Cognito/CDK/Stripe plan; the 5 open questions at the bottom are what we decide Saturday.
  4. Reference as needed: your AWS proposal, the refactor plan, the progress log.

πŸš€ The refactor β€” what just shipped

Live on callanalyst.app right now (commit f371406), verified four independent ways, zero behavior change. Same product, much cleaner code. One command rolls it back if it ever misbehaves.

Before β†’ after

AspectBeforeAfter
App shell1 file, 20,513 lines, all HTML+CSS+JS inlineindex.html 1,187 lines + ordered refs
Moduleseverything tangled in one block27 named js/NN-*.js files + 2 CSS
Core engineone atomic 5,810-line block7 logical parts (11a–11g), biggest 1,263
Build segregationIS_CONSUMER ? x : y scattered everywhereone FLAVOR_PROFILES.{consumer,internal}
Build stepnonestill none β€” plain ordered <script> tags
Secrets / dead codea live key in a comment + cruftremoved

Why it's safe (verified 4 ways)

The core split β€” the one genuinely risky part

The 20k→modules split was mechanical because each piece was already its own <script>. But the 5,810-line core was one atomic block — cutting it creates new boundaries. We ran an AST dependency analysis first and proved the core has zero load-time forward references, which is what made splitting it at section seams safe. We didn't guess; we proved it, then re-verified at runtime.

Two bugs caught before shipping

Worth knowing because it explains a gap: (1) the working clone was in a detached-HEAD state, so earlier "pushes" never actually reached GitHub β€” the branch was empty on origin. (2) the push was also rejected because the token lacks workflow scope and a commit added a GitHub Actions file. Both fixed: work secured to backups, CI parked at ci/smoke.yml, consolidated to one clean verified commit, pushed for real. This is the first time the refactor truly landed on main.

What this means for your work

The frontend is now reviewable and modular, and the serverless functions are untouched and isolated β€” they're the exact seam where your Cognito JWT-verify swaps in (replacing the Supabase token check). The module split is the foundation the AWS migration builds on. call-analyst-pwa/ARCHITECTURE.md is the map.

Decided vs open

βœ… Done / decided

  • Monolith split + core split + flavor profiles β€” shipped to prod
  • Both-flavor smoke test + (parked) CI workflow
  • Leaked secret removed; dead code deleted
  • Region us-east-2, auth = Cognito custom UI, IaC = CDK
  • US-only geofence at the CDN; TOS + cookie consent at registration; GDPR parked
  • Identity↔billing join = Cognito sub; entitlement in DynamoDB; TOTP MFA

πŸ”΅ Open β€” for Saturday

  • Backend: stay on Netlify functions (swap JWT verify only) or move to Lambda behind CloudFront?
  • Data: keep Supabase Postgres for projects/transcripts, or migrate to DynamoDB?
  • Cognito SRP vs USER_PASSWORD_AUTH for the custom UI
  • Cognito Essentials vs Plus (adaptive auth +$650/mo at 100k?)
  • Migration: lazy user-migration Lambda vs greenfield + force-reset
  • Kill the internal-branch drift β†’ FLAVOR env (the segregation end-state)

Two small follow-ups

Quick reference

Prod callanalyst.app Β· commit f371406 Β· auto-deploys from main

Repo cus-commits/call-analyst (private)

Architecture call-analyst-pwa/ARCHITECTURE.md (module map + load-order rules)

Run it npm i -D puppeteer && npm run smoke (boots both flavors, asserts clean)

Rollback one Netlify API call restores the pre-refactor build instantly (runbook saved; no rebuild)

Internal build analyst.daxos.us (Daxos tools, password-gated, separate branch)

Gate all daxos.us pages: password daxos2027

Engineering hub for Call Analyst Β· maintained for Pablo Β· 2026-06-19. Everything behind the Daxos gate. Questions β†’ Mark.