# Quick Reference: Development & Production

_For detailed setup instructions, see `GETTING_STARTED.md`_

## Development Commands

```bash
# Initial setup
cp .env.dev.example .env && pnpm install

# Daily development
pnpm dev:start    # Start services (PostgreSQL + Redis)
pnpm dev          # Start apps with hot reload

# Database management
pnpm dev:migrate  # Run database migrations
pnpm db:studio    # Open Prisma Studio (database GUI)
pnpm dev:tools    # Admin tools (Adminer + Redis Commander)

# Service management
pnpm dev:status   # Check service status
pnpm dev:logs     # View service logs
pnpm dev:restart  # Restart services
pnpm dev:stop     # Stop all services
pnpm dev:reset    # Reset development environment

# Code quality
pnpm lint         # Run linting across all packages
pnpm type-check   # Run TypeScript checks
pnpm format       # Format code with Prettier
```

## Default Ports

- **Frontend**: http://localhost:3000 (configurable via `NEXT_PORT`)
- **Backend**: http://localhost:4000 (configurable via `BFF_PORT` or `PORT`)
- **Adminer**: http://localhost:8080 (when using `pnpm dev:tools`)
- **Redis Commander**: http://localhost:8081 (when using `pnpm dev:tools`)

## Hiding Next dev proxy deprecation warnings (Portal ➝ BFF)

If you see Node warnings like `(node:...) [DEP0060] DeprecationWarning: The util._extend API is deprecated`, they typically come from Next's internal dev proxy used for `rewrites()` (see `apps/portal/next.config.mjs`).

The preferred fix is to **bypass the Next rewrite-proxy** and call the BFF directly via CORS:

- **Portal**: set `NEXT_PUBLIC_API_BASE=http://localhost:4000`
- **BFF**: set `CORS_ORIGIN=http://localhost:3000`

Then restart `pnpm dev`.

## Production Commands

_For detailed deployment guide, see `DEPLOY.md`_

```bash
# Setup
cp .env.production.example .env  # Edit with production values

# Deploy
pnpm prod:deploy    # Build + start + migrate

# Management
pnpm prod:status    # Check service status
pnpm prod:logs      # View service logs
pnpm prod:update    # Update deployment
pnpm prod:restart   # Restart services
pnpm prod:stop      # Stop services
pnpm prod:backup    # Backup data
pnpm prod:cleanup   # Clean up old resources
```

## Production Endpoints

- **Portal**: https://yourdomain.com
- **API**: https://yourdomain.com/api
- **Health**: https://yourdomain.com/healthz

## Security Notes

- Nginx enforces HTTPS, HSTS, CSP and rate limiting
- Backend disables `x-powered-by`, supports `trust proxy`
- Never commit `.env` file - keep secrets secure