How It Works — Quickfire Cyber Bulletin

Architecture overview

Quickfire Cyber Bulletin is a Dockerised Python application designed to run resource-consciously on a shared VPS alongside other services.

â”Œâ”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”    â”Œâ”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”    â”Œâ”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”
â”‚  app         â”‚    â”‚  worker      â”‚    â”‚  postgres    â”‚
â”‚  FastAPI     â”‚â—„â”€â”€â”€â”‚  Pipeline    â”‚â”€â”€â”€â–ºâ”‚  PostgreSQL  â”‚
â”‚  port 8000   â”‚    â”‚  + Scheduler â”‚    â”‚  database    â”‚
â””â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”˜    â””â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”˜    â””â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”˜
        â”‚                   â”‚
        â”‚            â”Œâ”€â”€â”€â”€â”€â”€â”´â”€â”€â”€â”€â”€â”€â”
        â”‚            â”‚  ollama     â”‚  (optional)
        â”‚            â”‚  local LLM  â”‚
        â”‚            â””â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”˜
        â”‚
â”Œâ”€â”€â”€â”€â”€â”€â”€â–¼â”€â”€â”€â”€â”€â”€â”
â”‚  Caddy       â”‚  HTTPS reverse proxy
â”‚  qfb.dmj     â”‚  DNS via Cloudflare
â”‚  now.com     â”‚
â””â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”˜

Daily pipeline schedule (UTC)

Time	Step	Description
06:00	fetch_sources	Fetch CISA KEV, NVD (last 25h), EPSS, GitHub Advisories, RSS feeds
06:10	enrich_cves	Link source items to vulnerability records
06:15	score_items	Calculate deterministic risk scores
06:20	generate_summaries	AI summarisation (only if ENABLE_LOCAL_AI=true)
06:30	generate_brief	Assemble ranked daily brief as draft
Manual	publish_brief	Admin reviews draft and publishes

Pipeline runs at 06:00 UTC to avoid overlap with the nameetings.cloud pipeline running on the same VPS.

Resource-conscious design

Public pages serve pre-generated database content — no live computation per visitor
The local AI model (Ollama) runs only during the batch window, not all day
Raw source payloads and fetch logs are pruned after 90 days
No streaming AI — all generation happens in the background pipeline
Docker services are scoped to their roles: web app, worker, database, optional AI

Local AI (optional)

When ENABLE_LOCAL_AI=true, the worker uses Ollama to generate plain-language summaries. The default model is llama3.2:3b, chosen to be conservative on shared server resources. qwen3:4b is supported as a higher-quality option if the server has headroom.

If Ollama is unavailable or AI is disabled, the system falls back to template-based summaries automatically. The pipeline never fails because AI is unavailable.

Data flow

Raw items arrive from public APIs and RSS feeds â†’ stored in source_items
CVE IDs are extracted from titles and text â†’ linked to vulnerabilities
Vulnerability records are enriched with CVSS (NVD), EPSS (FIRST), and KEV (CISA) data
Deterministic risk scores are calculated from signal weights
Items are assigned to brief sections by product category and score
A draft brief is assembled and stored in daily_briefs
Admin reviews the draft and publishes it
Published brief is served from the database — no live computation

What this system does not do