Founder Admin Guide

1. Platform Overview

What Cognizant Cloud Is

Cognizant Cloud LLC is a healthcare AI SaaS platform that wraps free government data APIs into polished, monetizable tools. The platform lives at cognizantcloud.com and runs on Netlify with Supabase for auth and data, Stripe for payments, and the OpenAI gpt-5.4 family for AI features.

The company was founded by Joe Scrocco and Kevin Weller. The website replaced a Wix placeholder in March 2026 and was built in a single-day sprint on April 1, 2026, going from a static site with a chatbot to a full SaaS platform with 10+ standalone tools, 12 API endpoints, user accounts, tiered subscriptions, a credit system, and an education hub. On April 2, 2026, a major enhancement session shipped 19 additional features: Academy SPA redesign (14 sections with progress tracking), 4 audience landing pages, clean URL routing for all functions, auth improvements (session refresh, email memory), API docs overhaul with try-it forms, NPI taxonomy UX upgrades, tool breadcrumb navigation, Magic Data Fixer Pro UI in the dashboard, audience-filtered homepage product views, FormularyAI as 7th product card, and Trial Finder fixes. On April 7, 2026, 7 new CMS Hospital Data API endpoints were added (HCAHPS, infections, complications, readmissions, spending, timely care, and a unified hospital profile), bringing the total to 20 API endpoints. Also on April 7, four new products were deployed: Recall Command Center (professional recall monitoring with watchlist and CSV export), DrugWatch Intelligence (drug safety analysis via FAERS), Hospital Benchmarker (multi-hospital comparison across 30+ quality measures), and Clinical Code Navigator (cross-reference intelligence from one ICD-10 code to trials, drugs, providers, and hospitals). The platform now spans 30+ pages with 19 serverless functions.

Business Model

The model follows a three-stage funnel:

1. Free tools drive traffic. NPI ProLookup, Drug Intelligence Center, ICD-10 Explorer, Clinical Trial Finder, FDA Recall Monitor, Hospital Quality Explorer, Recall Command Center, DrugWatch Intelligence, Hospital Benchmarker, and Clinical Code Navigator are all free (with optional credit-gated premium features) and require no account. These tools call free government APIs, so the marginal cost of serving a free user is effectively zero.
2. Credits monetize power users. When users need AI-powered features (Magic Data Fixer, Deep Search, NPI Enrichment, Provider Intelligence), they spend credits. Free users get 50 welcome credits. Pro subscribers get 500/month. Ultra subscribers get 2,000/month. Anyone can buy credit packs from $1 to $1,000.
3. The API scales to enterprise. The Healthcare Data API offers 20 endpoints through a single authenticated interface. Companies integrate once and get provider data, drug intelligence, clinical trials, diagnosis codes, hospital quality (7 endpoints covering 6 CMS datasets), and drug pricing. All backed by free government data, so margins are 90%+.

Revenue Projections (Three Scenarios)

Current State (April 2026)

Platform live. 20 API endpoints. 13 free tools (10 standalone, 3 with credit-gated premium tiers). Stripe billing active. Zero paying customers. Zero organic traffic. Two founders + AI. No employees, no plans to hire.

Revenue by Segment (Year 1 through Year 4)

Key Milestones

What Accelerates the Timeline

• A single large enterprise deal ($100K+/yr) changes the math significantly and validates the enterprise pricing model
• AI email outreach at scale: Autonomous email system (SendGrid + Claude) can run 2-3 targeted campaigns per day across different segments without Kevin/Joe involvement. AI qualifies leads, handles routine responses, and only escalates when a prospect is ready to buy
• Travis Garland's network could fast-track 5-10 enterprise conversations in healthcare ops
• SEO on free tools is the cheapest acquisition channel; takes 6-18 months to compound but drives massive organic traffic
• Listing on Snowflake Marketplace / AWS Data Exchange puts us in front of buyers already shopping for healthcare data
• AI chatbot as pre-sales: The 11-specialist chatbot already handles product questions. Adding "request demo" and "get pricing" flows converts website visitors without Kevin/Joe
• Self-serve enterprise sandbox: Let enterprise buyers test the API for 14 days with no sales call. Reduces sales cycle from 6 months to weeks for self-motivated buyers

What Slows the Timeline

• Enterprise sales cycles (6-12 months) mean Year 1 enterprise revenue depends on conversations started immediately
• Kevin and Joe bandwidth: AI handles outreach and qualification, but closing enterprise deals ($24K+/yr) requires human trust. Kevin and Joe can realistically manage 10-20 active enterprise negotiations at a time
• SOC 2 / BAA requirements are table stakes for many enterprise healthcare buyers and take 3-6 months to obtain
• SEO takes time. Organic traffic from free tools will be minimal for the first 6 months
• AI email deliverability: Cold outreach at scale requires careful domain reputation management. Sending too aggressively too early can hurt deliverability

Why Margins Stay Above 90%

Zero employees. The core data comes from free government APIs (NPPES, openFDA, RxNorm, ClinicalTrials.gov, CMS, DailyMed, NLM) at $0 per call. AI-generated reports cost ~$0.002 each to produce and sell for $2-$10. AI handles sales outreach, customer onboarding, and support. Kevin and Joe handle only escalations and deal closing. Total infrastructure costs (Netlify, Supabase, OpenAI, SendGrid, Claude Code) stay under $100K/yr even at $10M+ revenue. A traditional company at $10M ARR spends $5-$7M on headcount. We spend $15K on AI tooling. That's the structural advantage of building AI-first from day one.

Key audiences by spend level:

• $24K-$120K/yr Enterprise: Pharma medical affairs teams needing FAERS monitoring, health systems benchmarking quality, PBMs validating provider networks, health IT companies embedding our API
• $49-$299/mo Professional: Healthcare consultants, hospital administrators, compliance officers, clinical pharmacists, academic researchers
• $29-$799/mo Developer: Health IT startups, digital health apps, interoperability platforms needing clean gov data access

Competitive Landscape (Detailed)

Gaps We Fill (No Competition)

The Cognizant Cloud API (Our Core Product)

The Cognizant Cloud Healthcare Data API is a fully branded, authenticated REST API that companies integrate into their products. It is ours. No upstream branding is visible. All responses come from cognizantcloud.com/api/v1/.

How It Works for Customers

1. Sign up at cognizantcloud.com/account (free, 50 credits to start)
2. Create an API key at cognizantcloud.com/api-keys (Pro/Ultra required)
3. Name and organize keys by project (e.g., "Production", "Staging", "Analytics Pipeline")
4. Make API calls with x-api-key header. Each call deducts credits based on the endpoint (1-2 credits per call).
5. Monitor usage in the API Keys dashboard: calls per endpoint, credits consumed, response times
6. Set monthly budget to prevent runaway costs. The system stops deducting when the budget is hit.
7. Buy more credits anytime (6 pack sizes from $1 to $1,000) or upgrade subscription tier

API Key Format

Keys follow the format cc_live_ followed by 48 hex characters. Example: cc_live_ceecff8292a9da1d905c31294afbb623ad1fad5f77e998e0

Keys are shown once at creation, then only the prefix is visible (cc_live_ceec...). The full key is hashed with SHA-256 and stored. We never store raw keys.

What Customers See

Every API response includes:

{
  "endpoint": "provider/search",
  "auth": "authenticated",
  "credits_used": 1,
  "response_time_ms": 47,
  "data": { ... }
}

Headers include: X-Powered-By: Cognizant Cloud API v1, X-Auth: authenticated, X-Credits-Remaining: 498

No upstream API names (NPPES, openFDA, etc.) appear in the response. Customers see only Cognizant Cloud branding.

2. Complete Product Inventory

Cost & Margin Analysis NEW

Every action on the platform has a known cost, credit price, and margin. We never lose money on any transaction. Most actions cost us $0 because they use free federal APIs. The few LLM-powered features are gated at high credit counts to maintain 85%+ margins.

Recall Command Center

DrugWatch Intelligence

Hospital Benchmarker

Clinical Code Navigator

Healthcare Data API (20 Endpoints)

3. API Documentation (Internal)

All 20 endpoints are accessed via a single Netlify function (api-v1.js) routed through /api/v1/?endpoint=ENDPOINT_NAME. Authentication is via the x-api-key header. Without an API key, the call still works but returns no metering headers. All responses include X-Auth, X-Credits-Used, X-Credits-Remaining, and X-Response-Time headers. The 7 hospital/* endpoints (added April 7, 2026) proxy the CMS Provider Data Catalog API with real-time data and 1-hour caching.

# Example request
curl "https://cognizantcloud.com/api/v1/?endpoint=provider/search&last_name=Smith&state=NY&limit=5" \
  -H "x-api-key: cc_live_your_key_here"

// Example response (trimmed)
{
  "endpoint": "provider/search",
  "credits_used": 1,
  "auth": "authenticated",
  "response_time_ms": 187,
  "data": {
    "result_count": 5,
    "results": [{
      "number": "1234567890",
      "basic": { "first_name": "JOHN", "last_name": "SMITH", "credential": "MD" },
      "taxonomies": [{ "code": "207R00000X", "desc": "Internal Medicine", "primary": true }],
      "addresses": [{ "city": "NEW YORK", "state": "NY" }]
    }]
  }
}

curl "https://cognizantcloud.com/api/v1/?endpoint=provider/lookup&npi=1234567890" \
  -H "x-api-key: cc_live_your_key_here"

curl "https://cognizantcloud.com/api/v1/?endpoint=drug/interactions&drug=metformin" \
  -H "x-api-key: cc_live_your_key_here"

curl "https://cognizantcloud.com/api/v1/?endpoint=drug/label&drug=Lipitor" \
  -H "x-api-key: cc_live_your_key_here"

curl "https://cognizantcloud.com/api/v1/?endpoint=drug/adverse-events&drug=ozempic&limit=5" \
  -H "x-api-key: cc_live_your_key_here"

curl "https://cognizantcloud.com/api/v1/?endpoint=drug/recalls&drug=metformin&limit=5" \
  -H "x-api-key: cc_live_your_key_here"

curl "https://cognizantcloud.com/api/v1/?endpoint=drug/ndc&drug=Humira" \
  -H "x-api-key: cc_live_your_key_here"

curl "https://cognizantcloud.com/api/v1/?endpoint=drug/rxnorm&drug=atorvastatin" \
  -H "x-api-key: cc_live_your_key_here"

curl "https://cognizantcloud.com/api/v1/?endpoint=drug/pricing&drug=Ozempic" \
  -H "x-api-key: cc_live_your_key_here"

curl "https://cognizantcloud.com/api/v1/?endpoint=trials/search&condition=diabetes&status=RECRUITING&limit=3" \
  -H "x-api-key: cc_live_your_key_here"

curl "https://cognizantcloud.com/api/v1/?endpoint=diagnosis/icd10&query=diabetes&limit=5" \
  -H "x-api-key: cc_live_your_key_here"

// Example response
{
  "endpoint": "diagnosis/icd10",
  "credits_used": 1,
  "data": {
    "query": "diabetes",
    "total_results": 237,
    "results": [
      { "code": "E11", "description": "Type 2 diabetes mellitus" },
      { "code": "E10", "description": "Type 1 diabetes mellitus" }
    ]
  }
}

curl "https://cognizantcloud.com/api/v1/?endpoint=hospital/hcahps&provider_id=050454&limit=5" \
  -H "x-api-key: cc_live_your_key_here"

curl "https://cognizantcloud.com/api/v1/?endpoint=hospital/infections&state=CA&limit=5" \
  -H "x-api-key: cc_live_your_key_here"

curl "https://cognizantcloud.com/api/v1/?endpoint=hospital/complications&hospital_name=Mayo&limit=5" \
  -H "x-api-key: cc_live_your_key_here"

curl "https://cognizantcloud.com/api/v1/?endpoint=hospital/readmissions&provider_id=050454" \
  -H "x-api-key: cc_live_your_key_here"

curl "https://cognizantcloud.com/api/v1/?endpoint=hospital/spending&state=NY&limit=5" \
  -H "x-api-key: cc_live_your_key_here"

curl "https://cognizantcloud.com/api/v1/?endpoint=hospital/timely-care&state=TX&limit=5" \
  -H "x-api-key: cc_live_your_key_here"

curl "https://cognizantcloud.com/api/v1/?endpoint=hospital/profile&provider_id=050454" \
  -H "x-api-key: cc_live_your_key_here"

// Response structure (trimmed)
{
  "endpoint": "hospital/profile",
  "provider_id": "050454",
  "hospital": {
    "name": "CEDARS-SINAI MEDICAL CENTER",
    "state": "CA",
    "overall_rating": 3,
    "hcahps": { ... },
    "infections": { ... },
    "complications": { ... },
    "readmissions": { ... },
    "spending": { ... }
  }
}

4. Infrastructure

Netlify

Dashboard: app.netlify.com/projects/cognizant-cloud
Account: kweller@diagnosticsolutionsgroup.com (team: Cognizant Cloud)
Site ID: 572137ea-4eca-4318-ad09-a0df1aaa76a4

Deploy Command

NETLIFY_AUTH_TOKEN=nfp_B8yRMEsz3b2b8EuUQis6yEaipRHnTWFN162d \
npx netlify deploy --prod --dir=. \
  --site 572137ea-4eca-4318-ad09-a0df1aaa76a4 \
  --no-build

Add --skip-functions-cache when function code has changed.

Netlify Functions (19 total)

Clean URL Routes (netlify.toml)

All 19 functions have clean URL routes configured in netlify.toml. Customer-facing code uses /api/xxx paths. The raw /.netlify/functions/ paths still work for backward compatibility.

Environment Variables (Netlify)

Supabase

Dashboard: supabase.com/dashboard
Account: kweller@diagnosticsolutionsgroup.com
Tier: Free (auto-pauses after 7 days of inactivity)

Database Tables

users

usage_log

credit_purchases

api_keys

api_key_usage

Database Schema Diagram

Database Trigger: handle_new_user

When a new user signs up via Supabase Auth, this trigger automatically creates a row in the users table. It reads first_name and last_name from auth metadata. If the email matches a founder address (kweller@diagnosticsolutionsgroup.com or jscrocco@diagnosticsolutionsgroup.com), it sets subscription_tier to god and credits to 999999999. Otherwise, it sets tier to free and credits to 50.

RPC Function: deduct_credits

Called by the API middleware to atomically deduct credits from a user's balance and log the usage. Takes p_user_id, p_amount, and p_tool parameters.

Stripe

Dashboard: dashboard.stripe.com

Products and Price IDs (8 total)

Webhook Events Handled

Checkout Flow

1. User clicks "Subscribe" or "Buy Credits" on /pricing
2. Frontend checks localStorage for auth token. If not logged in, redirects to /account?signup=true&plan=PLAN
3. Frontend POSTs to /api/checkout (stripe-checkout.js) with { plan, email }
4. Function creates a Stripe Checkout Session with ui_mode: 'embedded_page' and returns a clientSecret
5. Frontend loads Stripe.js, calls stripe.initEmbeddedCheckout({ clientSecret }), and mounts the payment form in a modal overlay. The user stays on cognizantcloud.com throughout the purchase.
6. On success, Stripe redirects to /account?checkout=success&session_id=SESSION_ID
7. Stripe fires checkout.session.completed webhook to /api/webhook (stripe-webhook.js)
8. Webhook handler finds or creates the user in Supabase and adds credits or activates subscription

Resend (Email)

Branded transactional emails come from noreply@cognizantcloud.com with the dark theme branding. DKIM + SPF verified for high deliverability. Supabase Auth is configured to route confirmation and password reset emails through Resend rather than Supabase's default sender.

GoDaddy DNS

OpenAI

Authentication Flow

1. Signup: User enters email + password on /account. Frontend POSTs to /api/auth (auth.js) with action: 'signup'.
2. Supabase Auth: Creates an auth.users record and sends a confirmation email (via Resend).
3. DB Trigger: handle_new_user trigger fires, creating a users row with appropriate tier and credits.
4. Email Confirmation: User clicks the link. Supabase redirects to /auth/confirm which is handled by auth-confirm.js. The function extracts the access token from the hash and redirects to /account?verified=true.
5. Login: User enters credentials. Frontend POSTs action: 'login'. Supabase returns JWT access_token and refresh_token.
6. Storage: Tokens stored in localStorage: cc_token (access), cc_refresh (refresh), cc_email (email).
7. Nav Update: auth-nav.js runs on every page. If cc_token exists in localStorage, it swaps the "Sign In" link to "My Account".
8. API Calls: Authenticated requests include Authorization: Bearer TOKEN header.
9. Token Refresh: When token expires, frontend POSTs action: 'refresh' with the refresh_token.
10. Auto-Refresh (NEW): js/auth-utils.js checks JWT expiry every 5 minutes. When less than 10 minutes remain, it automatically refreshes the token. On successful refresh, a subtle toast appears. On full expiry, a warning toast shows and the user is redirected to /account.
11. Email Memory (NEW): "Remember my email" checkbox on the login form. When checked, saves the email to localStorage key cc_remembered_email. Pre-fills on return visits. Clears on explicit logout.

Auth Improvements (April 2, 2026)

js/auth-utils.js is a reusable utility module that any page can include. It provides:

• Session refresh: setInterval every 5 minutes decodes the JWT, checks exp field, and calls /api/auth with action: 'refresh' when needed.
• Email memory: Reads/writes cc_remembered_email in localStorage. The login form checkbox triggers the save.
• Toast notifications: Subtle, non-blocking toasts for session refresh events (success, warning, error).

Credit System

1. Purchase: User buys credits via Stripe checkout (subscription or credit pack).
2. Webhook: Stripe fires checkout.session.completed. Webhook handler reads line items, maps the price ID to a credit amount using the PRICE_TIERS lookup table, and updates the user's credit balance in Supabase.
3. Logging: A credit_purchases row is inserted for every purchase.
4. Deduction: When a user consumes a premium feature, the backend calls the deduct_credits RPC function, which atomically decrements users.credits and inserts a usage_log row.
5. Checking: Before allowing a premium operation, the backend checks if the user has sufficient credits. If not, it returns HTTP 402 with the credits_remaining and credits_required.
6. Non-expiring: Credits never expire. Subscription credits are added monthly and stack with purchased credit packs.

API Key System

1. Creation: User (Pro, Ultra, or God) calls /api/keys (api-keys.js) with action: 'create'. A 24-byte random key is generated with prefix cc_live_. The raw key is shown once; only the SHA-256 hash is stored.
2. Format: cc_live_ + 48 hex characters (e.g., cc_live_a1b2c3d4e5f6...)
3. Authentication: On each API call, the provided key is hashed and looked up in api_keys table. If found and is_active is true, the request is authenticated.
4. Metering: After a successful API call, three parallel operations run: credit deduction, usage logging (api_key_usage table), and last_used_at update. These are fire-and-forget so metering failures do not break the API response.
5. Rate Limits: Pro keys get 100 calls/day. Ultra/God keys get 1,000 calls/day.
6. Revocation: Setting is_active = false immediately invalidates the key.

5. Pricing Deep Dive

Subscription Tiers

Credit Packs (one-time, never expire)

Credit Costs per Feature

Revenue vs API Cost Analysis

Blended gross margin: 90-95%. Competitors (Definitive Healthcare, ZoomInfo, IQVIA) charge $15K-$50K/year. We serve the long tail at 100x lower price points with equivalent or better margins because our data sources are free.

6. User Management

How Signup Works

1. User fills out the signup form on /account (email, password, optional first/last name).
2. Frontend POSTs to /.netlify/functions/auth with action: 'signup'.
3. Supabase Auth creates an auth.users record and sends a confirmation email via Resend.
4. The handle_new_user trigger fires on the auth.users insert, creating a users row.
5. The trigger reads raw_user_meta_data->'first_name' and 'last_name' from the auth record.
6. The trigger checks the email against the founder list. If a match, sets tier to god and credits to 999999999.

Founder Detection

Two emails are hardcoded as founder accounts in both the database trigger and the backend functions:

const FOUNDER_EMAILS = [
  'jscrocco@diagnosticsolutionsgroup.com',
  'kweller@diagnosticsolutionsgroup.com'
];

These addresses appear in auth.js and account.js. The trigger in Supabase has its own copy. Founders get:

• Subscription tier set to god
• Credits set to 999,999,999
• is_admin: true returned from the profile API
• Access to the Admin Dashboard in the account sidebar
• Visual "God Mode" badge and golden effects in the dashboard UI

God Mode Features

• Admin Dashboard: Shows total users, breakdown by tier (free/pro/ultra/god), total credits consumed, total credits purchased, and per-tool usage breakdown.
• Toggle View: A sidebar option to temporarily hide the admin section (and restore it).
• Unlimited everything: No batch limits, no enrichment limits, maximum data fixer capacity, API key creation with 1,000/day rate limit.
• Credits never run out: 999,999,999 initial balance ensures effectively unlimited usage.

How to View Users in Supabase

1. Go to supabase.com/dashboard
2. Select your project
3. Navigate to Table Editor in the left sidebar
4. Click users table
5. You can filter, sort, and search by any column

How to Manually Adjust Credits/Tier

-- Add 1000 credits to a user
UPDATE users
SET credits = credits + 1000,
    updated_at = now()
WHERE email = 'user@example.com';

-- Upgrade a user to Pro
UPDATE users
SET subscription_tier = 'pro',
    subscription_status = 'active',
    updated_at = now()
WHERE email = 'user@example.com';

-- Grant God Mode to someone
UPDATE users
SET subscription_tier = 'god',
    credits = 999999999,
    updated_at = now()
WHERE email = 'user@example.com';

7. Code Architecture

File Map

HTML Pages (26+)

JavaScript Files

CSS Files

How the Chatbot Works

Architecture

• Frontend: js/chatbot.js creates a floating panel (IIFE, no dependencies). Three bot personas (Navigator, Advisor, Strategist) with distinct colors, avatars, and greetings.
• Backend: netlify/functions/site-chat.js (clean URL: /api/chat) processes messages. Builds a system prompt from shared knowledge blocks plus tier-specific context plus any active specialist knowledge. Updated April 2, 2026 with full product catalog, all pricing, API details, and audience routing across all 11 specialists.
• Model: gpt-5.4-mini for all tiers.
• Daily limit: 500 messages per session (tracked in localStorage).

3-Tier Escalation

11 Specialists

Specialists activate automatically when keywords in the user's message match their trigger lists. Up to 2 specialists can be active at once (Team Mode). Each specialist injects domain-specific knowledge into the system prompt.

Team Mode: Up to 2 specialists active simultaneously. When a second specialist domain is detected, both knowledge blocks are injected into the system prompt. If a third domain is detected, the oldest specialist is deactivated (FIFO). The header shows both specialist names connected by an ampersand with the "Team Mode" label.

Sound System

The chatbot includes a Web Audio API sound system with distinct audio signatures per tier:

• Navigator receive: Gentle 2-note chime (698Hz, 880Hz), sine wave
• Advisor receive: Deeper 2-note chord (523Hz, 659Hz), triangle wave
• Strategist receive: Rich 3-note arpeggio (392Hz, 494Hz, 587Hz)
• Escalation: Ascending frequency sweep (300Hz to 800Hz), followed by target bot's chime
• Reset: White noise burst through a 2kHz bandpass filter (whoosh effect)

Sound is enabled by default and togglable. Audio context creation is deferred to first user gesture for Chrome autoplay policy.

Product Signal Detection

The chatbot silently monitors every user message for product intelligence signals, storing them in localStorage under cc-product-ideas (FIFO capped at 100 entries). Four categories: pain points, feature requests, workflow gaps, and buying signals. Each captured signal includes timestamp, user message, matched keywords, active bot tier, current page, and conversation context. The admin dashboard (js/admin.js) reads and displays these.

How Magic Search Works (npi-smart.js)

The Magic Search engine uses a 3-wave strategy to find providers even with misspelled names, nicknames, or partial information.

Wave 1: AI-Parsed Exact Searches

Parses the input text to extract structured fields (first name, last name, state, city, specialty). Fires exact queries against NPPES.

Wave 2: Spelling Variations

• Nickname expansion: 100+ nickname mappings (Bob to Robert, Jenny to Jennifer, etc.) with bidirectional lookups.
• Consonant doubling/un-doubling: "Smit" to "Smitt" and vice versa.
• Vowel swaps: a/e, e/i, i/y, o/u substitutions.
• Character swaps: Common typos (s/c, k/c, ph/f, etc.).
• Wildcard truncation: "Cinderel*" to catch partial spellings.

Wave 3: Broad Fallback

If Waves 1 and 2 produce too few results, Wave 3 fires last-name-only searches and wildcard truncations to cast a wider net.

Scoring and Ranking

Every result gets a confidence score (0-100) based on weighted factors:

The Levenshtein distance function is implemented inline. The nickname dictionary contains 90+ bidirectional mappings. Results are deduplicated by NPI, sorted by score, and returned with per-result confidence objects.

The engine fires 20-30 parallel queries across all waves. NPPES has no documented rate limits, and this approach consistently delivers results in under 2 seconds.

How the API Auth Middleware Works (api-v1.js)

1. Request arrives at /api/v1/?endpoint=ENDPOINT
2. If no x-api-key header is present, the request proceeds as anonymous (no metering)
3. If an API key is present:
   • The key is SHA-256 hashed
   • Hash is looked up in api_keys table (must be is_active = true)
   • The associated user's credits and tier are fetched
   • If insufficient credits, HTTP 402 is returned with details
4. The endpoint's handler function executes the upstream API call
5. Response time is measured
6. For authenticated requests, three parallel fire-and-forget operations run: credit deduction (deduct_credits RPC), usage logging (api_key_usage insert), and last_used_at update
7. Response includes headers: X-Auth, X-Credits-Used, X-Credits-Remaining, X-Response-Time, X-Rate-Limit

How Stripe Webhooks Process Payments

1. Stripe sends a POST to /api/webhook (stripe-webhook.js) with the event payload and a stripe-signature header.
2. The function verifies the signature using STRIPE_WEBHOOK_SECRET to prevent spoofed events.
3. For checkout.session.completed:
   • Extracts customer email and Stripe customer ID from the session
   • Calls findOrCreateUser which checks for an existing user by email, creates one if needed, and links the Stripe customer ID
   • Lists the session's line items and maps each price ID to the PRICE_TIERS config
   • If it is a subscription, updates subscription_tier, subscription_status, and adds monthly credits
   • If it is a credit pack, adds the credits to the balance
   • Logs the purchase in credit_purchases
4. For customer.subscription.updated: updates subscription status in the users table
5. For customer.subscription.deleted: resets user to free tier

8. Third-Party API Reference

All upstream APIs are free government APIs. This section documents each one with exact URLs, parameters, response structures, rate limits, and known quirks.

NPPES NPI Registry

Key params: number (NPI), first_name, last_name (supports * wildcard), organization_name, state, city, postal_code, taxonomy_description, enumeration_type (NPI-1/NPI-2), use_first_name_alias=True, limit (max 200).

openFDA

RxNorm (NLM)

ClinicalTrials.gov

Key params: query.cond (condition), query.intr (intervention), query.spons (sponsor), filter.overallStatus (pipe-delimited), filter.phase, pageSize, format=json.

NLM Clinical Tables (ICD-10)

CMS Hospital Compare

Request body uses conditions array with property, value, operator (=, CONTAINS, !=). The score field is returned as a string. The api-v1.js function uppercases inputs since CMS stores facility names in uppercase.

API Integration Summary

9. April 2, 2026 Feature Details

Clean URL Routing System

All customer-facing serverless function endpoints were migrated from raw /.netlify/functions/xxx paths to clean /api/xxx routes. This involved 16 new redirect rules in netlify.toml and 44 endpoint reference updates across 15 source files.

How it works: Each redirect in netlify.toml uses status = 200 (transparent proxy), so the browser sees /api/chat but Netlify internally routes to /.netlify/functions/site-chat. The raw paths still work for backward compatibility, but all UI code, documentation, and customer-facing references now use the clean paths.

Exception: auth-confirm.js uses /auth/confirm (not /api/) because it handles browser redirects from Supabase email confirmation, not direct API calls.

Academy SPA Redesign

The Cloud Academy at /academy was transformed from a single long scroll page into a fully functional single-page application:

• 14 sections covering healthcare data landscape, APIs, regulatory compliance, AI applications, platform tools, and advanced topics
• Persistent sidebar navigation with section icons and titles, collapsible on mobile
• Progress tracking: sections marked as "read" (green checkmarks) when the user scrolls through them. Progress percentage shown in the sidebar header. Uses localStorage for persistence.
• Hash-based routing: each section has a unique URL hash (e.g., /academy#healthcare-data-landscape). Direct linking to any section works. Browser back/forward buttons navigate between sections.
• Keyboard shortcuts: arrow keys or j/k for section navigation
• Mobile responsive: sidebar collapses to hamburger menu, content fills viewport

4 Audience Landing Pages

Four new pages targeting key audience segments, each with tailored messaging, relevant product spotlights, use cases, and CTAs:

The homepage also has a "Built for Your Team" section linking to these pages, and the tools hub has audience pills for filtering.

Homepage Product Views (7 Products, 5 Audiences)

The homepage products section now displays 7 product cards (was 6; FormularyAI added) with 5 audience view tabs:

1. All (default): Shows all 7 products with general descriptions
2. Providers: Tailored for healthcare providers, hospitals, credentialing
3. Pharma: Tailored for pharma sales ops, medical affairs, market access
4. Developers: Tailored for health IT, integration, API consumers
5. Marketers: Tailored for marketing agencies, lead enrichment

Each audience view shows the same 7 products but with audience-specific descriptions, examples, and value propositions. Switching tabs is instant (DOM manipulation, no page reload).

NPI Taxonomy UX Improvements

The Taxonomy Explorer tab on /npi received significant UX polish:

• Smooth directional slide transitions: content slides left or right depending on which tab is clicked, providing spatial context
• Sticky tab bar: the category tabs stay visible at the top while scrolling through results
• Animated underline: a teal underline indicator smoothly follows the active tab
• Height-locked container: prevents layout jumping by maintaining consistent container height during transitions

Tool Breadcrumb Back-Navigation

All 6 tool pages now have a sticky breadcrumb bar below the header:

• Pages: drug-checker, icd10, trial-finder, recall-monitor, hospital-quality, explorer
• Pattern: Home > Tools > [Tool Category] > [Tool Name]
• Sticky positioning keeps the breadcrumb visible while scrolling
• Consistent design across all tool pages

API Docs Enhancement

The /api-docs page was overhauled with developer-friendly features:

• Try-It forms: interactive parameter forms for each of the 20 endpoints. Fill in fields and click "Execute" to make a live API call.
• Multi-language examples: every endpoint shows code examples in cURL, JavaScript (fetch), and Python (requests)
• Error code reference: comprehensive table of HTTP status codes (400, 401, 402, 403, 404, 429, 500, 502) with descriptions and resolution steps
• Pagination guide: token-based pagination with examples and best practices
• Rate limiting docs: per-tier rate limits (Free: none, Pro: 100/day, Ultra/God: 1000/day)
• Authentication guide: step-by-step key creation and usage
• Response schemas: typed field descriptions for all 20 endpoint responses

Magic Data Fixer Pro UI

A full interactive Magic Data Fixer section was added to the account dashboard (/account):

• Textarea input: paste messy, unstructured data
• Format selector: dropdown to choose output format (CSV, JSON, Markdown table)
• Tier gating: Free users limited to 500 characters, Pro to 5,000, Ultra to 50,000. Character count shown with limit indicator.
• Credit cost display: shows cost before execution (Pro: 10 credits, Ultra: 25 credits, Free: 0 credits within limit)
• Results area: copy-to-clipboard and download buttons for the structured output
• Model info: displays which OpenAI model will be used (gpt-5.4-nano for Free/Pro, gpt-5.4 for Ultra)

Trial Finder Fixes and Current State

Fixes Shipped

• Phase filter fix: Changed from invalid filter.phase to filter.advanced=AREA[Phase]; added countTotal=true for accurate result counts.
• Search crash fix: document.querySelector('.header-nav') returned null after nav.js replaced old header classes with cc- prefixed classes. Updated to use .cc-nav with null-safety checks.
• Browse button fix: A literal </script> inside a PDF export template literal caused the HTML parser to truncate all JS after that point. Fixed by escaping to <\/script>.
• Cancel button: The condition tree browser modal now includes a Cancel button alongside Select.

Current Capabilities

• Search 400,000+ clinical trials by condition, phase, status, and location
• Interactive condition tree for browsing conditions hierarchically
• Patient and Clinical view modes
• Cancel button during search
• PDF export in patient-friendly and clinical formats
• Light and dark theme support

Roadmap

• Facility info integration: Cross-reference trial locations with Hospital Quality data for deeper facility context.

Nav Centering Fix

The header-inner element's max-width was inconsistent across pages, causing the navigation bar to appear at slightly different horizontal positions. This was fixed on 20+ pages by ensuring a consistent max-width: 1200px on all .header-inner elements.

API Keys Endpoint Fix

The API keys management page (/api-keys) was calling a non-existent auth-profile function to load user data. This was fixed to correctly call the /api/account endpoint (account.js function), which returns the user profile, subscription tier, and credit balance needed by the API keys UI.

10. Deployment Guide

How to Deploy (Exact Commands)

# Standard deploy (HTML/CSS/JS changes only)
cd "G:/My Drive/_Claude_Share_Joe_and_Kevin/_DSG/Work/Cognizant_Cloud_Site"
NETLIFY_AUTH_TOKEN=nfp_B8yRMEsz3b2b8EuUQis6yEaipRHnTWFN162d \
npx netlify deploy --prod --dir=. \
  --site 572137ea-4eca-4318-ad09-a0df1aaa76a4 --no-build

# Deploy with function cache reset (when function code changed)
NETLIFY_AUTH_TOKEN=nfp_B8yRMEsz3b2b8EuUQis6yEaipRHnTWFN162d \
npx netlify deploy --prod --dir=. \
  --site 572137ea-4eca-4318-ad09-a0df1aaa76a4 --no-build --skip-functions-cache

How to Add a New Netlify Function

1. Create a new .js file in netlify/functions/
2. Export a handler function: exports.handler = async function(event) { ... }
3. The function is automatically available at /.netlify/functions/FILENAME
4. Add a clean URL redirect in netlify.toml (all functions should have /api/xxx routes):

   [[redirects]]
     from = "/api/your-function"
     to = "/.netlify/functions/your-function"
     status = 200

5. Update this admin guide and guide-bot.js system prompt with the new function
6. Deploy with --skip-functions-cache

How to Add a New Page

1. Create a new .html file in the site root
2. Add a clean URL redirect in netlify.toml:

   [[redirects]]
     from = "/your-page"
     to = "/your-page.html"
     status = 200

3. Include <link rel="stylesheet" href="/css/theme.css"> for theme support
4. Include <link rel="stylesheet" href="/css/nav-fix.css"> in <head> (must be first stylesheet) and <script src="/js/nav.js" defer></script> for the universal nav header
5. Include <script src="/js/auth-nav.js"></script> for auth-aware navigation
6. Include <script src="/js/chatbot.js" defer></script> for the chatbot
7. Deploy

How to Add a New Stripe Product

1. Create the product and price in Stripe Dashboard
2. Copy the price ID (format: price_...)
3. Add the price ID to PRICES in stripe-checkout.js
4. Add the price ID to PRICE_TIERS in stripe-webhook.js with { tier, credits }
5. Update the pricing page UI if needed
6. Deploy with --skip-functions-cache

How to Run SQL in Supabase

1. Go to supabase.com/dashboard
2. Select your project
3. Click "SQL Editor" in the left sidebar
4. Paste your SQL and click "Run"

How to Update DNS

1. Log in to GoDaddy DNS management
2. Select cognizantcloud.com
3. Add, edit, or delete records as needed
4. DNS changes propagate in 1-48 hours (usually under 1 hour for TTL-based caching)

How to Update Email Templates

Email templates are configured in Supabase Auth settings. Go to Supabase Dashboard, select Authentication, then Templates. You can customize the confirmation email, password reset email, and magic link email. Templates support HTML and variables like {{ .ConfirmationURL }}.

Available Template Variables

npm Install Gotcha (Google Drive)

Google Drive's filesystem has extremely slow I/O for small-file operations. Running npm install directly on a Google Drive path can take 10 to 30 minutes and sometimes hangs because npm creates thousands of small files in node_modules.

Workaround: Install in /tmp, Then Copy

# 1. Copy package.json to a local temp directory
cp netlify/functions/package.json /tmp/fn-install/package.json

# 2. Install in the fast local filesystem
cd /tmp/fn-install
npm install

# 3. Copy the finished node_modules back to Google Drive
cp -r /tmp/fn-install/node_modules netlify/functions/node_modules

This reduces install time from 20+ minutes to under 30 seconds. Always use this pattern when adding or updating function dependencies.

11. Known Issues & Roadmap

Current Known Issues

All Improvements Shipped April 2, 2026

Roadmap (Next Priorities)

Product Strategy Summary

The full product strategy is documented in projects/product-strategy/PRODUCT_SUITE.md (1,796 lines). It covers 19 products across 8 audience segments.

Product Categories

Eight Target Audiences

1. Pharma companies (sales ops, medical affairs, market access)
2. PBMs and payers (formulary, quality, compliance)
3. Health IT companies (API integration, embedded analytics)
4. Healthcare marketing agencies (provider targeting, lead enrichment)
5. CROs (clinical trial recruitment, site identification)
6. Health systems (quality reporting, credentialing)
7. Government/public health (surveillance, compliance)
8. Individual healthcare professionals (daily workflow tools)

The 26 new APIs identified for future integration are documented in projects/api-research/CLAUDE.md.

12. Security & Compliance

What Data We Store

API keys are stored as hashes only. Raw API keys are shown to the user exactly once at creation time. After that, only the SHA-256 hash is stored. There is no way to recover a lost API key; the user must generate a new one.

What We Do NOT Store

HIPAA Status

AI Disclosure

LLMs are used in the following features:

• AI Chatbot: gpt-5.4-mini for all tiers. Generates conversational responses. May hallucinate details about specific drugs, providers, or regulations. Users should verify AI-generated information against authoritative sources.
• Magic Data Fixer: gpt-5.4-nano (Free/Pro) or gpt-5.4 (Ultra). Structures and cleans messy text. Output should be reviewed for accuracy.
• NPI Smart Search: No LLM used. This is a deterministic fuzzy matching engine using spelling variations and nickname lookups.

FTC Compliance

The platform follows FTC guidelines for digital subscriptions and auto-renewal transparency.

Data Source Attribution

All data comes from US government sources. Under 17 U.S.C. Section 105, works produced by US government employees are in the public domain.

Full attribution details are published on the /data-sources page.

Content Security Policy

The site uses a Content Security Policy header (set in netlify.toml) that restricts script sources to 'self' and 'unsafe-inline' plus Stripe, restricts connection sources to the site and known API domains, and blocks framing with frame-ancestors 'none'.

13. Contacts & Accounts

Where API Keys Are Stored

All production API keys and secrets are stored as environment variables in Netlify (Settings > Environment Variables). They are never committed to code. The local reference document is at API_Keys_and_Tokens/CLAUDE.md in the DSG workspace.

Key Management Rules

Account Access Matrix

Vendor Support Contacts

14. Brand Identity Guide

14.1 Brand Overview

Mission

Build tools that augment human intelligence in healthcare, making professionals smarter and faster when they access, analyze, and act on healthcare data.

Core Values

Company Description

14.2 Logo System

The Cognizant Cloud logo is a bold double-C monogram with three horizontal data-stream lines. The outer arc (6px stroke) and inner arc (3px, 40% opacity) read as "CC" for Cognizant Cloud. The data lines in the gap suggest information flowing into a human system, visually depicting augmentation. The arcs represent the human core; the data-stream lines represent external intelligence flowing in.

Primary Logo Display

Logo Mark at Multiple Sizes

Full Wordmark

Full Logo with Tagline

The approved horizontal composition used on QuickBooks invoices and formal documents. Includes the C monogram mark, company name, and tagline in a single lockup.

Color Variant Downloads

Do's and Don'ts

Clear Space and Minimum Size

Minimum clear space around the logo equals the height of one data-stream line. No other elements should intrude into this zone. Minimum sizes: 120px wide (full logo) or 24px (icon only) for digital. 1 inch (full logo) or 0.25 inch (icon only) for print.

Approved Composition

The approved primary logo is a custom horizontal layout refined from a 20-option exploration, selected and fine-tuned on April 6, 2026.

14.3 Color System

Primary Colors

Navy Scale

Navy scale: #020617 (950) through #f8fafc (50). Used for backgrounds, text hierarchy, and borders.

Teal Scale

Teal scale: #0f766e (700) through #5eead4 (300). The accent and interactive color family.

Semantic Colors

The 60-30-10 Rule

60% navy or white backgrounds. 30% supporting neutrals from the navy scale. 10% teal accent for interactive elements, buttons, and links. Teal should never be used as a large background fill.

Contrast Checker (WCAG 2.1 AA)

Gradient Gallery

Download CSS Variables

14.4 Typography

Outfit (Headings, Buttons, Labels)

Inter (Body Text, Paragraphs)

JetBrains Mono (Code, API Content)

Type Scale

Google Fonts Import

https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Outfit:wght@500;600;700;800&family=JetBrains+Mono:wght@400;500;600&display=swap

Responsive Behavior

Hero titles scale down to ~36px on mobile viewports. Section titles drop to ~28px. Body text stays at 16px minimum. On screens narrower than 768px, the sidebar collapses and content takes full width. All type remains sharp at these reduced sizes because both Outfit and Inter were designed for screen rendering first.

14.5 Brand Voice

We Are / We Are Not

Tagline System

Tone by Context

Vocabulary

Copy Examples

Healthcare-Specific Rules

• No fear-based language about drug use or overdose
• Frame products as tools for organizations, not interventions for individuals
• Reference published data when making product claims (e.g., Lieberman study: V2 xylazine 8x better)
• Do not include real patient data in screenshots or examples
• All marketing materials include appropriate disclaimers

14.6 Visual Patterns

Card Hover Demo

Button System

Border Radius Tokens

Shadow System

Glassmorphism Demo

Icon Style (Lucide/Feather)

All icons follow the Lucide/Feather style: 24x24 viewBox, 2px stroke, round caps and joins, minimal fills.

14.7 Design Preferences

Established during the 20-option logo exploration with Kevin and Joe on April 6, 2026. These apply to all brand collateral going forward.

Approved Patterns

Rejected Patterns

Visual Style Philosophy

Premium consulting firm aesthetic inspired by Stripe, Linear, and Vercel. Dark hero sections transitioning to light content areas. Glassmorphism with blurred translucent panels. Micro-interactions on card hovers. Noise/grain texture at 3% opacity on dark sections. Animated gradient borders on feature cards. Staggered scroll reveals with incremental delays.

14.8 Digital Asset Downloads

Logo Pack

Color and Type Files

Brand Guide and Tools

File Naming Convention

All brand assets follow this pattern: CognizantCloud_[Asset]_[Variation]_[Color].[ext]

Examples: CognizantCloud_Logo_Primary_FullColor.svg, CognizantCloud_Logo_Icon_White.png