Parallax¶
Oracle APEX application built for Untapped Revenue Solutions (UR) — a hospitality dynamic-pricing platform their clients use to manage property revenue. ~40 users; 21 UR-direct client properties + 2 properties UR has sold to others, all in one instance. Strategic, contractual relationship: potential 5-year dev + support engagement and possible SaaS resale (couple of months out, clarity TBD).
| Field | Value |
|---|---|
| Public URL (vanity) | https://parallax.projecteidos.com |
| Direct ORDS URL | https://g8ee0cce1dad263-urprod.adb.uk-london-1.oraclecloudapps.com/ords/r/prod/ur/login |
| APEX builder URL (vanity) | https://apex-ur.projecteidos.com |
| Direct APEX builder URL | https://g8ee0cce1dad263-urprod.adb.uk-london-1.oraclecloudapps.com/ords/r/apex/workspace-sign-in/ |
| Audience | UR's staff + UR's hospitality clients (~40 users total) |
| Criticality | critical — paying customer; revenue / contractual impact if down; no formal SLA but high implicit expectation |
| Maturity | hobby/trial → moving to professional |
| Owner | Vishnu Kant |
| Last reviewed | 2026-05-06 |
1. At a glance¶
Parallax is the hospitality-revenue platform we built for Untapped Revenue Solutions (UR). UR's hospitality clients use it to dynamically price hotel rooms based on occupancy, local events, competitor analysis, and other factors — i.e., a price-prediction engine, not a booking system. About 40 users today, covering 21 properties that are UR's direct clients plus 2 properties UR has resold to other hoteliers — all running on a single instance.
Built as an Oracle APEX application inside a paid Oracle Autonomous Database in the EIDOSDev1 OCI tenancy, UR compartment. The database is named UR-Prod (2 OCPU, 20 GB, autoscale up to 3×). Two vanity URLs front it via E1's Caddy: parallax.projecteidos.com for the customer-facing app and apex-ur.projecteidos.com for the APEX workspace-builder login. Both also reach the same ADB at its direct ORDS URL.
There is no formal SLA with UR, but we charge them separately for the infrastructure, so the implicit expectation is high uptime and no data loss. The strategic prize is a multi-year development + support contract and UR's plan to resell the platform as a SaaS (timeline: ~couple of months, clarity to come).
2. Business purpose¶
- Customer-facing SaaS-like product delivered to UR.
- Strategic relationship: cheap Release 1 in exchange for long-term partnership.
- Potential upside: multi-year dev/support contract + revenue share if UR's SaaS go-to-market succeeds.
- We bill UR separately for infrastructure costs (the paid ADB), so there's a direct financial expectation of high uptime.
3. Audience¶
- UR's own staff — operate and tune the platform.
- UR's hospitality clients — end users of the dynamic-pricing functionality (hotel managers / revenue managers).
- ~40 users total; 23 properties (21 UR-direct + 2 UR-sold).
4. Hosting & cloud infrastructure¶
- Cloud: Oracle Cloud Infrastructure (OCI)
- Tenancy:
EIDOSDev1 - Compartment:
UR - Server: E5 — Paid ADB (instance name
UR-Prod) - Reverse proxy: Caddy on E1 — provides the vanity URLs
parallax.projecteidos.comandapex-ur.projecteidos.com. (Vanity URLs avoid the higher ADB tier that would otherwise be needed for custom domain support inside ORDS.) - Deployment model: APEX workspace inside ADB; no separate VPS / container.
- Environments:
- Prod: workspace
PROD, schema(s) under it. Customer-facing. - Pre-prod: planned — another workspace in the same ADB with a separate schema. Not yet provisioned. (KI-005)
- Dev: no dedicated environment. Active development happens in Coder workspaces against an APEX export checked into Git, then exports are restored manually into prod.
Infrastructure map¶
| Item | Value | Notes |
|---|---|---|
| Vanity URL (app) | parallax.projecteidos.com | E1 Caddy → ADB ORDS |
| Vanity URL (builder) | apex-ur.projecteidos.com | E1 Caddy → ADB APEX builder |
| Direct ORDS URL (app) | https://g8ee0cce1dad263-urprod.adb.uk-london-1.oraclecloudapps.com/ords/r/prod/ur/login | publicly reachable, not behind Caddy |
| Direct APEX builder URL | https://g8ee0cce1dad263-urprod.adb.uk-london-1.oraclecloudapps.com/ords/r/apex/workspace-sign-in/ | publicly reachable |
| Reverse proxy | Caddy on E1 (140.238.97.163) |
for vanity URLs only |
| TLS cert (vanity) | Let's Encrypt via Caddy [CONFIRM] |
|
| TLS cert (direct ORDS) | Oracle-managed | |
| OCI tenancy | EIDOSDev1 | |
| OCI compartment | UR | |
| ADB instance name | UR-Prod | |
| ADB OCID | ocid1.autonomousdatabase.oc1.uk-london-1.anwgiljtbm2l2oiafhqt6zg5vhcawibce2cxeeuwkhbik6xibqv7pdbtx3ba |
|
| ADB shape | 2 OCPU / 20 GB storage | |
| ADB workload type | APEX-only | |
| Auto-scaling | enabled, up to 3× | scales OCPU on demand |
| Backup retention | 60 days (Oracle default) | restorable (paid tier) |
| Cross-region DR | none (single-region uk-london-1) | |
| Region | uk-london-1 |
Credentials in Vault¶
All Parallax-related credentials live under the ur/ KV mount in Vault: https://vault.448.global/ui/vault/secrets/ur/kv/list
| Secret type | Vault location | Notes |
|---|---|---|
| APEX workspace admin password | ur/ mount |
exact key [INFO NEEDED] — list at the URL above |
| ADB ADMIN user password | ur/ mount |
|
| OCI tenancy console (EIDOSDev1) | [INFO NEEDED] (likely a different mount, not ur/ since it's not Parallax-specific) |
confirm path |
| OCI API signing key (if used for automation) | [INFO NEEDED] |
|
| ADB wallet (mTLS) | n/a | APEX-only ADB, no direct DB connection wallet |
CLI access:
export VAULT_ADDR=https://vault.448.global
vault login # via OIDC -> M365 -> Authentik
vault kv list ur/
vault kv get ur/<key-name>
5. Technology behind it¶
- Type: custom-built Oracle APEX application
- Platform: Oracle Autonomous Database (Paid) + APEX runtime + ORDS (built-in to ADB)
- Language: PL/SQL + APEX-managed JavaScript
- Database: Oracle ADB itself
- Custom auth layer: workspace user accounts →
ur_userstable → page-level + hotel-level access control implemented in the app - Source repo:
https://git.projecteidos.com/vishnu/parallax.git - Development workflow: active development in Coder workspaces against the APEX export → committed to Git → manually exported and restored in prod
- Companion tooling under
/home/coder/parallax/: application/— APEX workspace export sourcedata_migrator/— data ETL/migration toolingschema_exporter/— schema export utilityschema_replication/poc— replication PoC for prod-to-pre-prod data cloning (in progress; see Section 9)n8n workflows/— companion automations including the access-request → JIRA pipeline
6. Data it handles¶
- UR client property data — hotel/accommodation inventory, rate plans, pricing rules
- Pricing recommendations / outcomes — competitor analysis inputs, occupancy data, local-event signals, calculated rates
- No end-customer / booking PII — Parallax operates on aggregate property and pricing data, not on individual guest records
- No payment / financial records — no booking values stored, no PCI scope
- UR user accounts + hotel-level access permissions in the
ur_userstable
GDPR posture: because the system handles no PII, GDPR data-subject obligations are minimal. We have not yet had a formal GDPR review with UR (worth doing before SaaS resale). Logs and request metadata may still contain IPs / timestamps that are technically personal data; this should be addressed in a privacy notice.
7. External dependencies¶
- OCI EIDOSDev1 tenancy availability (region-level outage = full outage)
- E1 Caddy (vanity URLs depend on it; direct ORDS URLs survive E1 going down)
- The Vault on O1 — for credential lookup. Vault outages don't affect running Parallax (secrets are in the ADB), but they affect our ability to administer.
- No PMS / channel-manager integrations today (Mews, Cloudbeds, Booking.com, etc. — none).
- No outbound integrations today — Parallax doesn't push prices/rates to a downstream booking system.
8. Authentication & access¶
- End-user login: APEX local accounts (workspace user accounts). Access provisioning flow:
- We (system admins) manually create a workspace user account.
- The app's
user-accesspage creates the corresponding row inur_users. - Page-level + hotel-level access control gates the user's view inside the app.
- Application-admin role for UR: not yet provisioned. UR's application admins do not have admin access to the access-management page today.
- Access requests from UR: UR raises a request via a button in the UI → n8n workflow → JIRA ticket → we action it manually. Not self-service.
- APEX workspace admin (development): Vishnu (
VKANT) + workspace admin creds in Vault. - ADB ADMIN: Vishnu + Bradley.
- OCI EIDOSDev1 root: Tracey (primary), Bradley (also has full access).
- MFA: not enforced anywhere — not for end users, not for application admins, not for APEX workspace admins, not for ADB ADMIN, not for OCI tenancy admins. (KI-031)
9. Maturity assessment¶
| Dimension | Status | Evidence |
|---|---|---|
| Backups | Trial | 60-day Oracle automated, paid tier (restorable). No off-OCI copy. |
| Restore tested | Hobby | Never restore-tested. (RM-004) |
| Monitoring | Hobby | No Beszel coverage on ADB; OCI built-in metrics not actively reviewed. (RM-003) |
| Alerting | Hobby | None configured. |
| Redundancy | Trial | ADB high-availability is built-in within region. Cross-region DR: none. |
| Patching cadence | Professional (managed by Oracle) | Autonomous DB advantage. |
| Deploy process | Hobby | Manual APEX export/import. CD pipeline planned but not yet built. (KI-032) |
| Secrets handling | Trial | In Vault — but Vault is currently down; paths to be captured. |
| Source-of-truth | Trial | App is committed to Git, but the live workspace state is the operational truth. Drift possible. |
| Environment isolation | Hobby | No pre-prod or dev environment. Active dev happens in Coder against committed exports. (KI-005) |
| Documentation | this doc |
Overall maturity: trial — paying customer running on a paid tier, but with several professional-grade gaps still to close.
10. Known risks & vulnerabilities¶
- No MFA anywhere (KI-031) — single-factor end-user, admin, and tenancy-root access for a paying-customer system.
- Single OCI tenancy / region (KI-005) — uk-london-1 only, no cross-region DR.
- Direct ORDS URL is publicly reachable — anyone who knows the
g8ee0cce1dad263-urprod.adb.uk-london-1.oraclecloudapps.comhostname can attempt to log into the app or the APEX builder. Caddy controls (rate-limiting, IP allow-listing once added) can be bypassed by hitting the ORDS endpoint directly. (KI-011) - Caddy on E1 is a SPOF for the vanity URLs (KI-001) — even if E5 ADB is up, an E1 outage takes the customer-facing URL offline. Direct ORDS URL still works as a fallback.
- No pre-prod / dev environment (KI-005) — no place to test changes against realistic data before they hit prod. PoC underway to clone prod data into a dev environment reliably.
- No CD pipeline (KI-032) — manual export/import increases human error and slows recovery.
- Application admins (UR) lack admin access to the user-access page — every access change is a JIRA ticket → us. Friction + slower off-boarding for departed UR users / clients.
- No automated password resets / sign-up / off-boarding — the access flow is entirely manual.
- Workspace deletion / data egress — APEX workspace can be deleted by an admin; Oracle charges for egress (abnormal outbound = bill shock or compromise indicator); no alerting on either today.
- No formal GDPR / privacy review with UR despite the SaaS-resale plans.
11. Impact if it goes down¶
- UR's hospitality clients can't price their properties → direct revenue loss for UR's clients during the outage.
- UR escalates to us under the implicit "no data loss, max uptime" expectation.
- Reputational impact on the strategic 5-year relationship and on the SaaS-resale plan.
- Fallback: if E1 Caddy is down but the ADB is up, the direct ORDS URL still works — this could be communicated to UR's clients as an emergency access path (worth confirming this is acceptable / worth the URL exposure).
12. Owner & on-call¶
- Primary owner: Vishnu Kant (vishnukant@projecteidos.com)
- Backup owner: Bradley Leggett (DBA — has all accesses)
- OCI tenancy admin custodian: Tracey Weetman
- On-call channel:
[INFO NEEDED](formal channel TBD; today, escalations come via JIRA) - Recovery runbook:
[INFO NEEDED]— RB-004 candidate ("Parallax is down")
13. References & links¶
- Public URL (vanity): https://parallax.projecteidos.com
- Direct ORDS URL: https://g8ee0cce1dad263-urprod.adb.uk-london-1.oraclecloudapps.com/ords/r/prod/ur/login
- APEX builder (vanity): https://apex-ur.projecteidos.com
- APEX builder (direct): https://g8ee0cce1dad263-urprod.adb.uk-london-1.oraclecloudapps.com/ords/r/apex/workspace-sign-in/
- Source repo: https://git.projecteidos.com/vishnu/parallax.git
- Local working copy:
/home/coder/parallax/ - OCI tenancy: EIDOSDev1, compartment
UR - ADB instance:
UR-Prod(OCIDocid1.autonomousdatabase.oc1.uk-london-1.anwgiljtbm2l2oiafhqt6zg5vhcawibce2cxeeuwkhbik6xibqv7pdbtx3ba) - Companion services: n8n workflows (access-request → JIRA), data migrator, schema exporter, schema_replication PoC
- Sister vanity URL into same ADB: APEX UR
- Active incident note (2026-05-06): Vault is down — pending Vishnu's confirmation of severity / runbook status (likely RB-003)
- Domain: see domains.md