Integration Inventory¶

External services this repo talks to (inferred from package.json, conf.js, and routes/):

Cloud / infrastructure¶

Service	SDK	Used for
AWS S3 (two buckets, two regions)	`aws-sdk` v2	Media storage (user uploads, generated images, designs)
AWS Bedrock (Claude, Llama, Nova models)	`@aws-sdk/client-bedrock` + `@aws-sdk/client-bedrock-runtime`	LLM invocation for admin features (knowledge analysis, content suggestions)
Google Vertex AI / Gemini	`googleapis` + `conf/credentials.json` (presumed service account)	Some AI helpers; verify
Google Cloud RAG	(via `helper/ragProcess.js`, shared with `someli-api`)	Knowledge-base ingestion / retrieval

AI / LLM providers¶

Service	SDK	Used for
OpenAI	`openai`	Chat / completion fallback
Leonardo AI	(HTTP, key in `LEONARDO_KEY`)	Image generation

Payments¶

Service	SDK	Used for
Stripe	`stripe` ^16.2.0	Legacy customer billing access (admin overrides)
Paddle (sandbox + prod)	`@paddle/paddle-node-sdk` ^1.4.1	Current subscription billing access (admin operations)

The repo has /stripe_webhooks, /paddle_sandbox_webhooks, /paddle_production_webhooks exempted from body parsing in server.js, but no handlers exist for those paths in this repo. Either: - These webhooks are handled in someli-api only and the exemption here is vestigial, or - The handlers are planned for the admin scope.

Email / messaging¶

Service	SDK	Used for
SendGrid	`@sendgrid/mail`	Transactional email (account-related notifications)
Slack	`slack` (and a hardcoded bot token in `routes/auth.js:20` — see security.md)	Notifications to a Slack channel
Expo push	`expo-server-sdk`	Declared; likely unused in admin

Service	SDK	Used for
Twitter	`twitter`, `twitter-api-v2`, `oauth-1.0a`	(likely vestigial; commented-out Passport setup)
Facebook / GitHub / Google / LinkedIn OAuth	`passport-*` strategies	(likely vestigial; Passport setup commented out)

If admin staff ever needs to act on social accounts on a customer's behalf, this is where the integration would live. Currently appears dormant.

Stock media¶

Service	SDK	Used for
Pexels	(HTTP, `PEXELS_API_KEY`)	Stock photo search
Pixabay	(HTTP, `PIXABAY_API_KEY`)	Stock photo search
Unsplash	`unsplash-js`	Stock photo search

These pass through helper/stockImage.js (lightly forked from the someli-api copy).

Customer support¶

Service	SDK	Used for
Chaskiq	(HTTP, `CHASKIQ_SECRET`)	Live-chat / customer-support widget integration

Outbound HTTP¶

Target	Mechanism	Notes
`NOTIFY_URL`	(likely `axios` POSTs)	Cross-service notifications
`API_URL`	(links in emails)	Customer-app deep links
`APP_URL`	(links in emails)	Customer-app deep links
`PUBLISH_KEY` (header value)	(outbound auth for cross-service calls)	Verify usage; possibly only used in `someli-api` (consider removing from this repo's `conf.js`)

Internal HTTP¶

This API is consumed by admin_console_R. The FE config (admin_console_R/src/config/env.ts) points at VITE_API_URL, which is this service's URL in each environment.

This API does not consume someli-api HTTP — instead, both share the same MySQL database directly, and both require from the same helper/-style modules (with the drift documented in code-overlap.md).

Diagram¶

┌─────────────────┐         ┌──────────────────────┐         ┌──────────────────┐
│ admin_console_R │  HTTP   │   Someli-admin-api   │  HTTP   │   External       │
│ (browser)       │ ──────▶ │   (this repo)        │ ──────▶ │   (Bedrock, S3,  │
└─────────────────┘         │                      │         │   OpenAI, Paddle,│
                            │                      │         │   SendGrid, …)   │
                            └──────────┬───────────┘         └──────────────────┘
                                       │
                                       │ MySQL (shared with someli-api / designer-api)
                                       ▼
                            ┌──────────────────────┐
                            │   MySQL database     │
                            └──────────────────────┘

Notable absences¶

No queue / message broker (no SQS, no Redis Streams, no Kafka). All cross-service coordination is via the shared DB.
No HTTP-to-someli-api calls — the admin API does not call the customer API. This means if admin and customer logic for the same data path drift (e.g., a different state-machine for "is the account suspended?"), each runs its own copy of the logic.
No service mesh / API gateway. nginx is per-service.