irisbites

M7 · Operator-tier playbook

Wire the AI Operating Layer
into one conversation.

Six AI modules working together is a system. Six AI modules NOT working together is a mess. M7 is the wiring — a shared knowledge graph, twenty cross-module automations, role-based dashboards, and a conversational operator surface the owner talks to instead of logging into six tools.

Download the PDF →Or have Iris install it — $3,997 →

TL;DR

What it actually takes.

M7 is not a new tool — it is the wiring of M1 through M6 plus three things only the wiring makes possible: cross-module memory (Tuesday's call feeds Wednesday's SMS feeds Thursday's booking), a conversational command surface (owner says “Iris, follow up with everyone who called last week and didn't book”), and one daily digest that replaces six tool-specific notifications.

Install length is fourteen real calendar days — roughly thirty hours of engineer work. The fourteen days are not padding; the owner has to live with each phase to validate it before the next layer goes on. Prerequisites: M1 through M6 must already be installed and at least fourteen days mature.

What follows is the fourteen-day plan, the wiring stack, the honest tradeoffs (M7 is harder to DIY than M1-M6 by an order of magnitude), the QA scenarios, and the safety rails that matter most when one bad RLS policy can leak data across the entire operating layer.

The 14-day plan

What you actually do, day by day.

Fourteen calendar days, roughly thirty engineer-hours. The pacing matters — Day 12 Shadow mode go-live only works if Days 1 through 11 actually validated.

Day 1

~3 hrs

Kickoff + foundational accounts

Sixty-minute kickoff covering the cross-module model, the trust gradient at the orchestrator level, the RBAC matrix, and the autonomy thresholds. Then ninety minutes spinning up the foundation: Make.com Teams workspace, Supabase project (BAA-eligible region for healthcare/finance), Softr or Glide dashboard, owner's Anthropic API key with a $200/mo cap, Twilio sub-account, Slack #iris-ops channel. Engineer creates the customer-specific repo at iris-bites/customers/[id]/.

Day 2

~4 hrs

Knowledge graph build

Deploy the eight-table schema to Supabase: contacts, conversations, appointments, deals, tasks, channels, channel_events, audit_log. Enable Row-Level Security on every table with the five-role policy set. Then bulk-import the owner's existing CRM data — contacts first, then conversations, deals, and appointments from the last six months. Test on 100 rows before the full load; review fuzzy-match dedupes with the owner before merging.

Day 3

~3 hrs

M1, M2, M4 webhook ingest

Build three Make scenarios: M1 calls land in the graph (Synthflow call.ended webhook), M2 leads land (Tidio + Beehiiv webhooks), M4 tickets land (Intercom Fin webhook). Each scenario has a Supabase Edge Function backup that listens to the same webhook and fires only if Make times out. Verify webhook signature validation rejects unsigned requests.

Day 4

~3 hrs

M3, M5, M6 ingest

Three more Make scenarios. M5 daily digest API → graph, metadata only — NEVER store email body, audit query must confirm zero body rows. M6 calendar event → graph appointments. M3 content posted → graph channel_events. Confirm the nightly reconciliation script runs at 23:00 owner-local as the tertiary backup.

Day 5

~4 hrs

Cross-module automations: phase 1

Build eight of the twenty reference automations. Missed-call SMS (staged). No-show reschedule (staged). Hot-lead alert (live, alerts only). Cross-channel dedupe (live — it's a safety automation). Lead → calendar bridge (staged). Complaint detection + escalation (live, escalation only). Calendar conflict prevention (live). Failure cascade backup (live, heartbeat). Test each in sandbox.

Day 6

~3 hrs

Cross-module automations: phase 2

Build the remaining twelve automations. Daily and weekly digest delivery. Repeat-customer upsell. Recurring topic → content engine trigger. Unresponsive lead drip. Birthday/anniversary. Quote-sent follow-up. Invoice payment reminder. Review request. Wire-fraud compliance flag (live escalation only). Team Slack digest per RBAC. Quarterly insight report. Most stay staged; safety-related ones go live.

Day 7

~3 hrs

Iris voice agent extension

Wire the voice agent at iris-stack/agent/iris/ to the customer's Supabase. Configure ten tools: search_contacts, get_contact_history, search_appointments, get_pending_tasks, trigger_automation, draft_communication, read_daily_digest, read_weekly_digest, log_owner_decision, escalate_to_human. Test five sample conversations. Verify the autonomy gate: tell Iris to send a discount to 340 contacts — she must propose batching and ask for confirmation.

Day 8

~4 hrs

Dashboard build

Softr or Glide connected to Supabase. Role-based home page per RBAC role — owner sees four panes (Today / Pending Decisions / Patterns / Numbers), manager sees three, staff sees two, external sees one scoped view. Build Contacts, Conversations, Appointments, Tasks, and Audit Log views. Custom domain at iris.[customer-domain].com. Smoke-test from each role's account.

Day 9

~2 hrs

Owner-defined automation #21

Re-read the intake's question 14: the owner's number-one cross-module workflow. Architect it. Build it in Make.com. Demo to the owner. Get the explicit “yes, this is the workflow.” Promote to live, still gated by the autonomy threshold. This is the “first wow” — the moment the owner sees their bespoke automation running.

Day 10

~3 hrs

End-to-end test scenarios

Run all fifteen QA scenarios from the install kit. Base scenarios 1–10, industry-specific 11–15, plus the five hard-no scenarios that Iris must refuse. Voice fidelity QA on twenty sample interactions, owner rates each, bar is 18/20 at 4 or 5. RBAC test from each role. Audit log test on five reads, five writes, five trigger-automations. Failure cascade test: simulate Synthflow silence, confirm backup activates within 30 min.

Day 11

~2 hrs/role

Team training

Owner training is the full walkthrough — dashboard, voice agent, autonomy controls, decision log, escalation handling, weekly digest. Manager training: forty-five minutes on what they see, what's hidden, how to flag escalations. Staff: thirty minutes group session on the channel-scoped dashboard. External users: fifteen minutes on the scoped view. Record everything for new-hire onboarding.

Day 12

~1 hr

Shadow mode go-live

Confirm the autonomy gate is at Stage 0 — every automation either staged for owner review or live in alert-only mode. Flip every Make scenario to ON. The graph fills with real-time events. Iris drafts cross-module actions for owner approval. Send the go-live confirmation: dashboard link, Iris phone number, SMS short-code, Slack DM. Schedule the Day 14, 21, 28 check-ins.

Days 13–14

~30 min/day

Burn-in observation

Engineer monitors Make run logs, Supabase row growth, audit volume, and Anthropic API costs. Owner exercises the voice agent and the dashboard daily. Day 14 check-in: review the staged automations' approval rate. Promote anything meeting the bar (over 90% owner approval, under 5% incorrect-action rate) from staged to live with autonomy.

The wiring stack [Verified 2026-05-23]

Six layers on top of M1-M6.

M7 adds ~$60–$180/mo on top of the M1-M6 SaaS stack. Total Operator install runs ~$400–$650/mo SaaS + $497/mo Iris retainer ≈ $900–$1,150/mo all-in — which replaces $80K–$120K/year of human ops capacity. Pricing re-verified within seven days of any paid install.

Orchestration

Make.com Teams (or n8n self-hosted)

$29–$59/mo

Make handles the twenty reference automations + the customer's bespoke automation #21. The scenario builder is the right shape for the multi-step, multi-tool flows M7 needs. n8n is the alternative for customers requiring self-host (healthcare with strict data-residency rules). Both work; Make is the default.

Shared knowledge graph

Supabase (Pro tier)

$25/mo Pro + usage

Eight-table relational graph that every module reads from and writes to. Row-Level Security enforces RBAC. Postgres backups are first-class. BAA-eligible regions for HIPAA customers. Airtable works as a fallback for low-complexity installs but Supabase is the Operator default.

Operator dashboard

Softr (or Glide for mobile-first)

$99–$167/mo

No-code dashboard shell that reads from Supabase with role-based pages. Softr is the default; Glide is the right call if the owner lives on their phone. Custom domain support, SSL provisioning, and clean RBAC inheritance from Supabase make this the right layer for the role-based dashboards.

Voice + text command surface

Iris voice agent (LiveKit + Claude + ElevenLabs)

~$15–$30/mo + per-minute voice

The conversational interface lives at iris-stack/agent/iris/. Owner calls a Twilio number, hits Iris in a LiveKit room, asks anything — Iris orchestrates M1-M6 via the ten tool functions. This is the moat: nobody else ships a conversational operator that touches six modules with the right RBAC and audit trail.

Supervisor brain

Claude Sonnet 4.6

$30–$60/mo Anthropic API

Sonnet handles digest writing, cross-module routing decisions, and the voice agent conversations. Haiku handles classifiers. Spend at Operator volume stays around $30–$60/mo on a typical install — modest compared to the SaaS stack underneath.

Analytics

Plausible (or PostHog for revenue attribution)

$9–$19/mo

Plausible is the privacy-first default. PostHog if the owner cares deeply about revenue-attribution funnels. Either tracks dashboard usage so the next install's default views can be tuned. Not optional — measurement is what keeps the Operator install honest at the 30-day mark.

All-in monthly (M7 incremental + full Operator stack)

M7 layer alone: $60–$180/mo. Full Operator stack (M1-M7 SaaS + Iris retainer): ~$900–$1,150/mo. The math against human ops capacity is the pitch — one full-time ops manager is $80K–$120K/year fully loaded.

DIY or paid — honestly

M7 is harder to DIY than M1-M6.

Most playbook PDFs end with “or just buy our thing.” This one is honest about when DIY is the better answer — for M7 the answer is “almost never.”

When DIY is the right call

Almost nobody. M7 assumes you've already DIY'd M1-M6 and lived with each for fourteen days. If that's you and you're a senior engineer who's comfortable with Supabase RLS policies, webhook signature validation, and multi-tenant RBAC — yes, you can do this yourself. Budget thirty hours of focused work. Most owners who try DIY at this layer underestimate the audit-log and RLS work and end up with a leaky operator.

When Iris-Assist is NOT the right call

M7 doesn't fit the Iris-Assist shape. The work is too distributed across fourteen days and too deep in production systems to be guided through on a ninety-minute call. If you want help on M7 but not a full install, the Stack Audit ($1,597) is the right tier — we review your existing M1-M6 installs and architect the M7 plan you execute yourself.

When Iris Build Operator ($3,997 Founding 10) is the right call

You've already paid for M1-M6 installs (ours or your own) and you're ready for the layer that makes them feel like one product instead of six. You want the conversational operator surface. You want the dashboard. You want the shared graph that lets Iris remember that Tuesday's call led to Wednesday's SMS led to Thursday's booking. Founding 10 pricing is $3,997 setup + $497/mo — it will be $5,997 setup after install #10.

QA — the twelve scenarios

Twelve checks before Shadow go-live.

End-to-end scenarios that exercise the full operating layer. Block go-live on any fail. The five hard-no scenarios in the install kit are the most important — Iris must refuse them correctly.

  1. 01Cross-module memory — call from Tuesday, SMS from Wednesday, booking from Thursday all link to one contact row.
  2. 02Conversational command — “Iris, follow up with everyone who called last week and didn't book” — she proposes the list and asks for confirmation.
  3. 03Autonomy gate — try to make Iris send 340 messages without confirmation. Must refuse.
  4. 04RBAC test (owner) — sees all contacts, financials, audit log.
  5. 05RBAC test (manager) — sees operations + tasks; financials hidden.
  6. 06RBAC test (staff) — sees only their channel; cannot trigger automations.
  7. 07RBAC test (external) — sees only scoped view per intake Q12.
  8. 08Audit log — five reads + five writes + five trigger-automations all land with correct actor + before/after.
  9. 09Failure cascade — simulate Synthflow webhook silence. Backup path activates within 30 minutes.
  10. 10Dedupe — overlapping webhook from M1 + M2 for same contact produces ONE graph row, not two.
  11. 11Daily digest — fires to owner's preferred channel at correct local time with accurate counts.
  12. 12Voice fidelity — 20 sample Iris interactions, owner rates each, bar is 18/20 at 4 or 5.

Risks + safety rails

What to lock down before Shadow go-live.

RLS policy bugs. The single highest-stakes failure mode in M7. One bad Row-Level Security policy and the manager role sees financial data, or the external role sees customer PII. Test every role's view independently after every schema change. Check JWT claims. Never roll out a policy change without re-running the RBAC tests.

Autonomy creep. The trust gradient at the orchestrator level matters more than at any individual module. Iris should never take autonomous actions for the first fourteen days — only draft for owner review. Promotion from staged to live requires >90% owner approval and <5% incorrect-action rate. Skip this and Iris will action something the owner didn't actually want.

PII + email body storage. The M5 ingest scenario MUST filter out email bodies. Audit query is mandatory: SELECT count(*) FROM conversations WHERE module_source='m5' AND body_full IS NOT NULL; must return zero. If it doesn't, fix the filter before going to Shadow.

Webhook spoofing. Every ingest scenario validates webhook signatures. Unsigned requests get rejected. If a module's webhook lacks signing, route through a Supabase Edge Function that adds HMAC validation before insert.

GDPR + retention. The audit_log table can hold years of activity. Configure retention policies aligned with the customer's GDPR posture — typically 24 months for audit, 36 months for conversations. Document the retention policy in the install record.

Pick the path that fits the install you actually need.

DIY the whole thing free if you're a senior engineer. Or pay $1,597 for a Stack Audit + M7 architecture plan. Or pay $3,997 (Founding 10 pricing) and we install the full Operator stack in fourteen days.

Free

Download the PDF

This playbook as a PDF you can print and check off.

Get the PDF →

$1,597

Stack Audit

We review your M1-M6 installs and architect the M7 plan you execute yourself. Waitlist now.

Join the waitlist →

$3,997 + $497/mo

Iris Build Operator

Founding 10 pricing. Full Operator install — M1-M7 wired together. Fourteen days.

See Operator →