System Architecture

Protocol Health Club runs a blood work automation pipeline on a single AWS EC2 instance. The system connects three external platforms — Junction (lab data), GoHighLevel (CRM), and AWS Bedrock (Claude AI) — into a Next.js application that processes blood reports end-to-end.

System Map

mermaid

flowchart LR
    subgraph external["External Systems"]
        Junction[("Junction\nLab + Wearable Data")]
        GHL[("GoHighLevel\nCRM / Contacts")]
        Bedrock[("AWS Bedrock\nClaude AI")]
    end

    subgraph users["Users"]
        NP["Nurse Practitioner\n(reviews in GHL)"]
        Dev["Engineer / Ops\n(uses Dashboard)"]
        Client["Client\n(receives PDF)"]
    end

    subgraph server["EC2 Server (Ubuntu)"]
        subgraph nextjs["Next.js Application"]
            UI["Dashboard UI"]
            API["API Routes\n/api/pipeline/*"]
            Runner["Pipeline Runner"]
            DB[("SQLite\npipeline.db")]
            Output["/output/*.pdf"]
        end
    end

    Dev -->|SSH tunnel| UI
    Junction -.->|webhook future| API
    Dev -->|manual upload| UI
    UI --> API
    API --> Runner
    Runner <--> DB
    Runner -->|invoke| Bedrock
    Runner -->|read/write contact| GHL
    Runner --> Output
    Output -->|GHL link| Client
    GHL --> NP
    NP -->|approves & sends| Client

Components

Next.js Application

Framework: Next.js 14, App Router, TypeScript, Tailwind CSS
Hosting: AWS EC2 (Ubuntu), port 3000
Access: Currently via SSH tunnel. Planned: Cloudflare + HTTPS + Next-Auth

AWS Bedrock (Claude AI)

Auth: Bedrock API key (Bearer token)
Models in use:
- Haiku 4.5 — fast tasks, OCR
- Sonnet 4.6 — biomarker extraction
- Opus 4.7 — clinical analysis
Region: us-east-1

GoHighLevel (GHL)

Auth: Private Integration Token (PIT), contacts scope
Location ID: VXhSATpOGAvRAnd0iu7x
Capabilities: Full read/write on contacts, custom fields, tags, notes

Junction

Auth: X-Vital-API-Key
Environment: Production / US region
Capabilities: Lab results, wearable data, user linking

SQLite Database

File: web/pipeline.db
Tables: runs, steps
Purpose: Full pipeline trace for every run — observability only, no raw PHI stored

Infrastructure Layout

AWS EC2 (t2.micro or similar)
├── Ubuntu 22.04
├── Node.js 20
├── /home/ubuntu/app/
│   ├── .env                 ← secrets (never committed)
│   ├── docs/                ← internal markdown reference
│   ├── smoke_test.py        ← API auth verification
│   └── web/                 ← Next.js app
│       ├── pipeline.db      ← SQLite trace store
│       ├── public/output/   ← generated client PDFs
│       └── lib/pipeline/    ← pipeline step modules
└── DuckDNS                  ← dynamic DNS → SSH access

Network / Security

Port	Open to internet?	Purpose
22	✅ Yes	SSH access
3000	❌ No (AWS Security Group blocks it)	Next.js — SSH tunnel only
443	❌ Not yet	Planned: HTTPS via Cloudflare

No inbound ports besides SSH are currently open. All external API calls are outbound only.

System Architecture ​

System Map ​

Components ​

Next.js Application ​

AWS Bedrock (Claude AI) ​

GoHighLevel (GHL) ​

Junction ​

SQLite Database ​

Infrastructure Layout ​

Network / Security ​