Client Portal Archetype¶
SCOPE_ITEM: Secure, branded web portal where a service company's clients can view project status, access documents, communicate with their account team, manage invoices, and track key metrics — all in one place.
When This Archetype Applies¶
CHECK: A company wants to give their clients self-service access to project data, documents, or communication. CHECK: Users are external clients of the company (not internal staff). CHECK: Portal replaces scattered email, WeTransfer, shared drives. CHECK: Portal is NOT a marketplace (no transactions between users). CHECK: Portal is NOT a public-facing product (access is per-client).
IF: Company needs internal-facing tools alongside the client portal. THEN: Combine with internal-tools archetype for the back-office layer.
IF: Clients need to transact with each other. THEN: Use marketplace archetype instead.
Variants¶
Professional Services Portal¶
SCOPE_ITEM: Portal for consulting, legal, accounting, or agency clients. INCLUDES: Project status dashboard, document sharing with versioning, secure messaging, invoice overview, meeting scheduling. OPTIONAL: Time tracking visibility, deliverable approval flow, retainer usage tracking, e-signatures.
Project Delivery Portal¶
SCOPE_ITEM: Portal for construction, IT, or creative project delivery. INCLUDES: Project milestones and Gantt/timeline view, deliverable tracking, file sharing (large files), issue/snag list, progress photos. OPTIONAL: Change request flow, budget tracking visibility, subcontractor limited access.
Account Management Portal¶
SCOPE_ITEM: Portal for B2B clients managing ongoing service relationships. INCLUDES: Account dashboard (contract status, SLA metrics, usage), support ticket system, document library, invoice and payment history. OPTIONAL: Product/service catalogue, renewal management, user management for client-side team.
Healthcare / Regulated Portal¶
SCOPE_ITEM: Portal with enhanced security for regulated industries. INCLUDES: All standard features plus: field-level encryption, access logging, consent management, data retention enforcement, audit export for regulatory compliance. OPTIONAL: Two-factor authentication mandatory, IP restriction, session recording for compliance.
GE Stack Mapping¶
| Layer | Technology | Notes |
|---|---|---|
| Frontend | Next.js (App Router) | Server components for secure data |
| API | Hono on Node.js | Type-safe, middleware for multi-tenancy |
| Database | PostgreSQL + Drizzle ORM | EU-hosted, GDPR compliant |
| Auth | NextAuth.js | Magic link (default) or email + password |
| File storage | S3-compatible (EU region) | Presigned URLs, versioning, virus scan |
| E-signatures | ZealID, Signicat, or Scrive (EU) | Optional module. DocuSign/Dropbox Sign secondary (US — sovereignty risk) |
| Messaging | PostgreSQL + SSE/email | In-portal + email notifications |
| Background jobs | BullMQ + Redis | Notifications, report generation |
| Hosting | EU-hosted infrastructure | GDPR Article 44 compliant |
Complexity Estimation¶
| Variant | Typical scope items | Estimated effort |
|---|---|---|
| Simple document portal | 30-50 | 3-5 weeks |
| Professional services portal | 60-90 | 6-10 weeks |
| Full project delivery portal | 90-130 | 10-14 weeks |
| Regulated portal | 100-150 | 12-18 weeks |
Key Decision Points¶
IF: Client's customers are non-technical (SME owners, individuals). THEN: Default to magic link authentication (no passwords to manage).
IF: Client's customers are enterprise (IT departments, corporate).
THEN: Consider SSO integration (their client's IdP).
See: internal-tools authentication-corporate.md for SSO patterns.
IF: Documents require legally binding signatures.
THEN: Include e-signature module.
See: document-management.md
IF: Client needs real-time project status updates.
THEN: Include dashboard with SSE/polling.
See: dashboard.md
IF: Client has support/helpdesk needs.
THEN: Include support ticket system.
See: communication.md
Multi-Tenancy Model¶
SCOPE_ITEM: Each client sees only their own data (strict data isolation).
INCLUDES:
- Row-level security: every query filtered by client_id.
- Middleware: extract client_id from session, inject into all queries.
- Admin view: company staff can see all clients, switch context.
- No cross-client data leakage (verified by automated tests).
┌────────────────────────────────────┐
│ Company Admin View │
│ (sees all clients, full access) │
├────────────────────────────────────┤
│ Client A View │ Client B View │
│ (own data only) │ (own data only) │
└──────────────────┴─────────────────┘
CHECK: Multi-tenancy filtering must be applied at the data access layer
(Drizzle query builder), not at the API route level. Defence in depth.
CHECK: Every API endpoint must verify the requesting user has access
to the requested client_id.
Compliance Baseline¶
COMPLIANCE: GDPR — EU-hosted data, DPA between company and GE, sub-processor agreement for hosting. COMPLIANCE: Data isolation — Strict multi-tenancy, no cross-client data leakage. COMPLIANCE: Access control — Client users see only their data. COMPLIANCE: Audit trail — Document access, downloads, and messages logged. COMPLIANCE: Data retention — Configurable per document type, automatic archival/deletion. COMPLIANCE: Backup — Daily automated backups, tested restore procedure.
Related Archetypes¶
- Internal Tools — For the company's back-office.
- Marketplace — When clients need to transact.
- B2B SaaS — When the portal is productised.
File Index¶
| File | Purpose |
|---|---|
feature-tree.md |
Complete feature decomposition |
dashboard.md |
Widget patterns, KPIs, real-time data |
document-management.md |
Upload, versioning, e-signatures |
communication.md |
Messaging, notifications, support tickets |
checklist.md |
Scoping and delivery checklist |