Quick Start and Architecture
Use this guide to launch the demo in under a minute and understand the UI, API, and database layout.
Quick Start (1 minute)
- Open the dashboard at /app.
- Create a project, client, provider, and order.
- Refresh stats to see live totals.
- Try the AI tools with a short prompt.
Architecture overview
UI routes
UI pages are static HTML served by Express routes.
- / (landing)
- /app (dashboard)
- /pricing
- /docs
- /help
- /cabinet
API
CRUD + AI requests are under /api/*.
Database
SQLite DB file (default): database/portal.db
API endpoints
POST /api/auth/register
POST /api/auth/login
POST /api/auth/logout
GET /api/auth/me
POST /api/auth/forgot-password
POST /api/auth/reset-password
GET /api/subscription/me
POST /api/subscription/upgrade
POST /api/subscription/downgrade
GET /api/audit/recent
GET /api/admin/stats
POST /api/admin/bootstrap (dev-only)
GET /api/admin/bootstrap/status
GET /api/user/onboarding
POST /api/user/onboarding
POST /api/demo/seed
GET /api/workspace/me
GET /api/workspace/members
POST /api/workspace/rename
POST /api/workspace/invite
POST /api/feedback
GET /api/feedback/me
POST /api/billing/create-checkout-session (secure checkout or private invoice)
GET /api/health
GET /api/health/readiness
GET /api/stats
POST /api/ai-project
POST /api/chat
GET /api/projects
GET /api/projects?q=keyword
GET /api/projects/export
POST /api/projects
PUT /api/projects/:id
DELETE /api/projects/:id
POST /api/projects/:id/restore
GET /api/clients
POST /api/clients
PUT /api/clients/:id
DELETE /api/clients/:id
POST /api/clients/:id/restore
GET /api/providers
POST /api/providers
PUT /api/providers/:id
DELETE /api/providers/:id
POST /api/providers/:id/restore
GET /api/orders
GET /api/orders/export
POST /api/orders
PUT /api/orders/:id
DELETE /api/orders/:id
POST /api/orders/:id/restore
Auth endpoints support registration, login, logout, session checks, and password reset. Plan limits are enforced on create/export actions.
Billing checkout activates the selected plan and creates a private payment follow-up. Payment account details are not exposed on public pages.
Production checklist
- Set NODE_ENV=production and configure PORT.
- Use HTTPS end-to-end; secure cookies require TLS.
- Set ALLOWED_ORIGINS for your frontend domains.
- Review rate limits via RATE_LIMIT_WINDOW_MS and RATE_LIMIT_MAX.
- Store secrets in a .env file or host environment.
HTTPS requirement
Sessions use secure cookies in production, so HTTPS is required for login and API access.
Reverse proxy example (nginx)
server {
listen 443 ssl;
server_name portal.example.com;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Dev-only admin bootstrap
Use /api/admin/bootstrap only on localhost with NODE_ENV != production and ADMIN_BOOTSTRAP_TOKEN set.
Recommended next actions
- Review the dashboard workflow and confirm the data model.
- Draft API validation rules for production readiness.
- Decide on authentication and role access strategy.
- Plan hosting and deployment targets.
Roadmap
The portal is organized around practical business work: capture leads, manage projects, keep client and provider records, create orders, export CSV reports, and move to Business when team governance is needed.
- Now: registration, login, cabinet, workspace, projects, leads, clients, providers, orders, AI helper, feedback, and CSV exports.
- Next: payment checkout, stronger email delivery, production monitoring, and more role controls.
- Business: audit logs, webhooks, local agent setup, team invites, and workspace administration.
Video Guide
Watch the walkthrough to learn where to click and how analytics work.
Open Video Guide
If the guide link is not connected yet, the button opens Support so access can be requested.
Send Feedback
Use the in-product feedback flow or email Support. You can also POST to /api/feedback.
- Include page URL
- Include time (local)
- Include steps to reproduce
- Attach screenshot if possible
Tip: If you hit rate limits (429), wait a moment and try again.