Skip to content

Latest commit

 

History

History
159 lines (130 loc) · 7.64 KB

replit.md

File metadata and controls

159 lines (130 loc) · 7.64 KB

Overview

ContractStrategist is a comprehensive employment negotiation platform that helps users develop personalized strategies for job offer negotiations. The application combines user profiling, employer research, AI-powered conversation assistance, and strategic guidance to maximize negotiation outcomes. Built as a full-stack web application, it features a React frontend with shadcn/ui components and an Express.js backend with PostgreSQL database integration.

User Preferences

Preferred communication style: Simple, everyday language.

System Architecture

Frontend Architecture

  • Framework: React 18 with TypeScript for type safety and modern development
  • Routing: Wouter for lightweight client-side routing
  • UI Framework: shadcn/ui component library built on Radix UI primitives for accessible, customizable components
  • Styling: Tailwind CSS with CSS variables for theming and responsive design
  • State Management: TanStack Query (React Query) for server state management and caching
  • Form Handling: React Hook Form with Zod validation for type-safe form management
  • Build Tool: Vite for fast development and optimized production builds

Backend Architecture

  • Runtime: Node.js with Express.js framework for RESTful API development
  • Language: TypeScript with ES modules for modern JavaScript features
  • Database ORM: Drizzle ORM for type-safe database operations with PostgreSQL
  • API Design: RESTful endpoints for user profiles, negotiations, conversations, and AI services
  • Storage Strategy: Dual storage implementation with in-memory fallback and PostgreSQL persistence
  • Middleware: Express middleware for JSON parsing, CORS handling, and request logging

Data Storage Solutions

  • Primary Database: PostgreSQL with Neon serverless database hosting
  • ORM: Drizzle ORM with schema-first approach for type safety
  • Migration System: Drizzle Kit for database schema migrations
  • Session Management: PostgreSQL session store with connect-pg-simple
  • Schema Design: Normalized tables for users, profiles, negotiations, and industry insights

Authentication and Authorization

  • User Management: Custom user system with profile-based authentication
  • Session Handling: Express sessions with PostgreSQL storage backend
  • Data Access: User-scoped data access patterns for multi-tenant security
  • Demo Mode: Simplified authentication for demonstration purposes

External Dependencies

  • AI Services: Grok API (XAI) integration for conversation assistance with real-time X posts data
  • Database Hosting: Neon PostgreSQL serverless database
  • Payment Processing: Stripe integration for secure payment handling
  • Development Tools: Replit-specific plugins for development environment integration
  • Component Libraries: Extensive Radix UI ecosystem for accessible UI components
  • Styling: Google Fonts integration for typography and design consistency

Pricing Strategy (1500% Markup) with Tiered Feature Access

  • Base Cost: ~$0.017 per message (Grok API + infrastructure costs)
  • Markup Model: 1500% above cost (16x multiplier) = ~$0.27 per message baseline
  • Tier System: Three tiers (Essentials, Professional, Executive) with progressively advanced features

Feature Tiers:

Essentials Tier:

  • AI-powered negotiation conversations
  • Basic market compensation data
  • Standard response time
  • Conversation history (30 days)

Professional Tier:

  • All Essentials features, plus:
  • Save and resume negotiations
  • Offer simulator & comparison
  • Legal & tax implications by location
  • Regional cost-of-living adjustments
  • Industry-specific playbooks
  • Priority support
  • Unlimited conversation history

Executive Tier:

  • All Professional features, plus:
  • Multi-offer orchestration
  • Executive compensation benchmarks
  • Equity & stock option analysis
  • Custom AI prompt templates
  • PDF export of strategies
  • API access for integrations
  • Dedicated account support
  • Early access to new features

Pricing Tiers:

  1. Per-Message Packages (Essentials Tier):

    • Starter: 10 credits for $2.70 ($0.27/message - 1500% markup)
    • Professional: 50 credits for $13.50 ($0.27/message - 1500% markup)
    • Expert: 150 credits for $40.50 ($0.27/message - 1500% markup)

  2. Per-Conversation Packages (Essentials Tier - 20 messages/conversation):

    • Single: 20 credits for $5.40 ($0.27/message)
    • Three: 60 credits for $16.20 ($5.40/conversation)
    • Five: 100 credits for $27.00 ($5.40/conversation)

  3. Monthly Subscriptions (Tiered Access):

    • Essentials Monthly: 100 credits/month for $27.00 (Essentials tier features)
    • Professional Monthly: 250 credits/month for $67.50 (Professional tier features)
    • Executive Monthly: 1000 credits/month for $270.00 (Executive tier features)

Security Implementation:

  • Server-side pricing validation: All pricing derived from shared constants, never trusted from client
  • Payment confirmation: Stripe PaymentIntent verification before crediting accounts
  • Idempotent processing: Prevents duplicate credit grants for same payment
  • User-scoped access: All operations restricted to authenticated user's data

Production Deployment Requirements

Required Environment Variables

Client-Side (VITE_ prefix):

  • VITE_FIREBASE_API_KEY - Firebase web API key
  • VITE_FIREBASE_PROJECT_ID - Firebase project identifier
  • VITE_FIREBASE_APP_ID - Firebase application ID
  • VITE_STRIPE_PUBLIC_KEY - Stripe publishable key for client-side integration

Server-Side:

  • FIREBASE_PROJECT_ID - Firebase project ID for server authentication (required)
  • FIREBASE_SERVICE_ACCOUNT_KEY - JSON string of Firebase service account credentials (required for production)
  • PRODUCTION_ORIGINS - Comma-separated list of allowed production origins for CORS (e.g., "https://yourdomain.com,https://www.yourdomain.com")
  • XAI_API_KEY - Grok API key for AI-powered conversations
  • STRIPE_SECRET_KEY - Stripe secret key for payment processing
  • DATABASE_URL - PostgreSQL connection string
  • NODE_ENV - Set to "production" for production deployment

Firebase Authentication Setup

Development Mode:

  • Uses FIREBASE_PROJECT_ID or falls back to VITE_FIREBASE_PROJECT_ID
  • Firebase Admin SDK operates with projectId only
  • Suitable for local development and testing

Production Mode:

  • Requires FIREBASE_SERVICE_ACCOUNT_KEY environment variable
  • Service account must have Firebase Authentication Admin permissions
  • Generate service account key from Firebase Console → Project Settings → Service Accounts
  • Store the JSON key as a string in the environment variable

To generate Firebase service account key:

  1. Go to Firebase Console → Project Settings → Service Accounts
  2. Click "Generate New Private Key"
  3. Download the JSON file
  4. Minify the JSON (remove whitespace) and set as FIREBASE_SERVICE_ACCOUNT_KEY

Security Hardening (Production)

Implemented Security Measures:

  • Rate limiting: 100 req/15min globally, 30 req/15min for AI endpoints
  • Helmet security headers enabled
  • Strict CORS origin validation (no wildcard in production)
  • Authentication required on all protected endpoints
  • File upload restrictions: 10MB max, strict MIME type whitelist
  • Payment security: Server-side validation, idempotent processing
  • Error handling: No stack traces or sensitive data exposed to clients
  • Response logging with sensitive data redaction (clientSecret, fileData, etc.)

Additional Production Recommendations:

  • Enable Content Security Policy (CSP) in Helmet configuration
  • Configure Stripe webhooks for asynchronous payment events
  • Set up monitoring and alerting for authentication failures
  • Regular security audits and dependency updates