mark/vibn-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df4cae2a5cf81de3c2d9bc31243b7eb2bb7e48a9
vibn-frontend/docs/for-smbs.md
mawkone 6b8862ef2b feat(api): comprehensive QA hardening — security gates, chat improvements, beta scaffolds 
Closes checklist items F-01..F-06, D-01..D-28, S-01..S-10, C-01..C-07,
B-01..B-07, R-01..R-02, O-03.

Security (28 deletions + 10 auth gates):
- Delete 28 unauthenticated debug/cursor/firebase/test routes
- Gate ai/chat, ai/conversation, context/summarize, work-completed with withTenantProject/withAuth
- Add HMAC-SHA256 signature verification to webhooks/coolify
- Switch all admin secret comparisons to timingSafeStringEq

Foundations (lib/server/*):
- api-handler.ts: withAuth, withTenantProject, withWorkspace, withAdminSecret, withRateLimit
- logger.ts: structured request-scoped logging with turnId
- audit-log.ts: writeAuditLog helper + audit_log table
- rate-limit.ts: Postgres sliding window rate limiter
- coolify-webhook.ts: verifyCoolifySignature
- timing-safe.ts: timingSafeStringEq

Chat hardening (chat/route.ts):
- MAX_TOOL_ROUNDS 15 → 8 (C-01)
- Loop detection: hard-break at 3 identical fingerprints (was 5) (C-02)
- Add 6-consecutive-tool-call hard-break (C-02)
- Mode: respond first, act second prompt block (C-03)
- SSE heartbeat every 25s via setInterval (C-04)
- Per-tool 45s timeout via Promise.race (C-05)
- turnId per-turn UUID for log correlation (C-06)
- Recovery fires when roundsSinceText >= 4 (C-07)
- SSE plan event on plan_task_add/edit (B-05)

Beta features:
- invites table + GET/POST /api/invites (P4.8)
- invites/[token] validate + redeem (P4.8)
- fs_project_dev_servers table + lib/server/dev-server-state.ts (P6.B1)
- fs_project_secrets table + CRUD routes (P6.D2)
- lib/integrations/brief-extract.ts (P3.7)

Documentation:
- app/api/ROUTES.md: full route map with auth + tenant
2026-05-17 19:17:22 -07:00

57 lines
5.2 KiB
Markdown
Raw Blame History

For Small Business Owners (rewritten)
This is your golden age.
Look at how your business runs right now.
A booking tool over here. An invoicing tool over there. A separate CRM. A point-of-sale system that doesn't quite know about either of them. An accounting add-on. A scheduling app. A customer feedback tool. A loyalty platform. A marketing thing your last consultant set up that you can't remember the login for.
And underneath all of it — the spreadsheet. The one you actually trust. The one you've been using for years to keep track of what your "real" software can't.
Eight tools, none of them built for you, none of them talking to each other. You're the one holding it all together.
It was never supposed to work this way.
What changed
For twenty years, the only choice small businesses had was to rent software built for somebody else. Each tool covered a slice of the business. None of them covered your business. You stitched them together because there was no other option.
There's another option now.
You can replace your entire stack — every tool that doesn't fit, every subscription that doesn't earn its keep, every spreadsheet you use to glue them together — with one tool, built for your business. Not configured for it. Not customized for it. Built for it.
Booking, scheduling, invoicing, customers, inventory, reporting — all in one place, designed around how you actually run things. Your terminology. Your workflow. Your rules.
This used to require an engineering team and six figures. Now it requires you, an idea, and a few afternoons. Or a local builder who can do it for you.
You own it. Forever. No subscription. No vendor lock-in. No price hikes next year.
Start where the pain is
Pull up your bank statement and find the monthly subscription line.
For every tool you pay for, ask one question:
"Is this actually doing the job for my business today?"
The booking tool that almost works the way your shop runs. The CRM that doesn't quite handle your kind of customer. The invoicing software that fits a Shopify store but not your store. The inventory tool that's too complicated for what you actually need. The reporting dashboard that gives you everything except the number you actually want to see.
Each one of those is a tool you're renting that doesn't fit.
Now imagine all of them gone, replaced by one system that does fit — built around the way you actually work, owned by your business, no monthly rent.
That's what Vibn is for.
What you can build
You don't need to be technical. You describe what your business does and what you need it to do. The AI builds it. It puts it online, sets up logins for your team and your customers, and helps you actually get people using it.
A few of the things small business owners are building:
A single tool that runs the whole front-of-house — bookings, customer notes, scheduling, payments, follow-ups — replacing four or five subscriptions with one custom system
A custom shop management tool built around your trade, your jobs, your crew — replacing the generic field-service software that never quite worked
A complete client portal where customers book, pay, see their history, leave reviews, and refer friends — in one place, branded to your business, not a generic SaaS
An end-to-end studio system — classes, members, schedules, packages, attendance, marketing — purpose-built for your studio, not the average one
A unified back-office system that handles invoicing, expenses, payroll prep, and reporting in one place, the way your bookkeeper actually thinks about it
A small-format ERP — yes, really — for a business that's outgrown spreadsheets but never going to be big enough for SAP
These are not integrations. These are not dashboards. These are the actual tools that run the business, built once, owned forever.
You own it. Forever.
This is the part the SaaS industry doesn't want you to think about.
Every month you pay for software, you're renting. You're not building anything that's yours. When they raise the price, you pay. When they change the features, you adapt. When they get acquired or shut down, you lose your workflow and your data.
The tool you build with Vibn is yours. Your business owns it. Your data lives in it. You don't pay rent on it every month. It works the way you work, because you built it the way you work.
This is what software should have always been for small business.
What if you don't want to build it yourself?
You don't have to.
A new kind of professional is emerging — local builders who specialize in building custom Vibn systems for the small businesses in their community. They speak your language. They understand small business. They hand you the keys when they're done.
You hire them once. You own the tool forever. No subscription. No vendor lock-in.
[ Find a builder in your area ]
You are why this exists
Small business is the backbone of every neighborhood, every economy, every community worth being part of. You deserve software that fits your business — not a generic version of somebody else's. You deserve to own the tools that run your livelihood.
That's what Vibn is here for.
This is your golden age. Let's build it.
[ Start building free → ]
No credit card · Free to start · Built in Canada
Reference in New Issue View Git Blame Copy Permalink