Product Pillars

Target Audience

• Individuals seeking judgement free mental health support outside therapist office hours.
• Users who appreciate evidence based CBT or DBT coping prompts in conversational form.
• Users needing instant visibility of crisis support resources and emergency contacts.
• Budget conscious people who want an always on companion with a free tier.
• Coaches and support networks reviewing opt in summaries to complement professional care.

Friend365 complements rather than replaces licensed clinicians or emergency services.

Core Features

AI Chat with Personal Memory

Memory extraction triggers every fifteen messages to capture milestones, preferences, and open loops. The prompt builder then assembles recent turns, session summary, and relevant vault entries before it calls OpenRouter.

• memoryService.js extracts context slices and notifies Redis.
• summarizationService.js refreshes summaries on schedule.
• aiService.js builds prompts and tracks cost per request.

Crisis Detection System

guardrailsService.js tags sessions with is_crisis_flagged and injects the correct response template based on severity.

Journaling and Mood Tracking

• journal_entries stores encrypted reflections with tags and optional summaries.
• mood_logs captures emoji pulses such as happy, neutral, sad, anxious, angry, calm.
• Upcoming roadmap brings memory insights and multilingual hotline routing.

Safety and Security Controls

Authentication

• JWT access tokens with seven day expiry plus refresh token rotation.
• bcrypt hashing with ten rounds for stored credentials.
• authenticateToken middleware shields private routes.

Data Protection

• AES 256 GCM encryption for chat_messages.content and journal_entries.content.
• ttl_expiry field schedules message removal after ninety days.
• TLS 1.3 enforced at the Nginx edge.

Application Hardening

• Helmet security headers and strict CORS allow list (localhost:5173, friend365.io, chat.friend365.io).
• Request size limited to ten kilobytes with validation and parameterised SQL.
• Redis backed rate limiting for abusive traffic prevention.

Rate Limiting and Usage Tracking

rateLimiter.js combines Redis counters with daily quotas stored in usage_tracking.

Redis keys include user:{userId}:global (15 minute global), user:{userId}:messages (1 minute chat), and memory_saved:{sessionId} (memory notifications). Daily counters reset at midnight UTC.

System Architecture

Friend365 ships as a single droplet deployment (Ubuntu 22.04, 2 GB RAM, 1 vCPU) at 134.199.170.110. Nginx terminates TLS and proxies to Express on port 3001 while PostgreSQL and Redis remain localhost bound.

Request Lifecycle

1. Browser hits /api/chat/message; Nginx proxies to Express.
2. requestLogger captures metadata; validateContentType enforces JSON.
3. Redis global limiter and chat limiter confirm quotas.
4. authenticateToken decodes JWT and loads user scope.
5. aiService composes prompt with recent turns, summary, and memory vault entries.
6. OpenRouter returns a reply; system stores message, usage, and cost rows.
7. On the fifteenth turn, summarisation and memory extraction refresh stored context.

Data Architecture and Schema

PostgreSQL acts as record keeper with nine primary tables while Redis supplies ephemeral counters and notifications.

Enums: message_role (user, assistant), session_status (active, closed, abandoned), mood_emoji (happy, neutral, sad, anxious, angry, calm).

Deployment and Operations

All components live on a single cloud server for cost control. Nginx handles TLS, PM2 keeps the Node process alive, and cron orchestrates daily backups.

# Application
pm2 restart friend365-api
pm2 logs friend365-api

# Web server
sudo nginx -t
sudo systemctl reload nginx

# Database
sudo systemctl restart postgresql
sudo -u postgres psql -d friend365_db

# Redis
sudo systemctl restart redis
redis-cli ping

Monitoring and Cost Tracking

Health check response

{
  "status": "healthy",
  "timestamp": "2025-10-03T12:00:00Z",
  "uptime": 12345,
  "services": {
    "database": "connected",
    "redis": "connected"
  }
}

Cost reporting query

SELECT DATE(request_timestamp) AS date,
       SUM(cost_usd) AS daily_cost,
       SUM(tokens_used) AS daily_tokens
FROM api_cost_tracking
WHERE request_timestamp >= CURRENT_DATE - INTERVAL '7 days'
GROUP BY DATE(request_timestamp);

Scalability considerations

• Single vCPU and 2 GB RAM currently support roughly fifty to one hundred concurrent users.
• Token budgets keep prompts around three hundred tokens to curb model spend.
• Database pool configured for twenty connections with thirty second idle timeout.
• Redis counters expire automatically; PM2 cluster mode uses all available cores.

Technology stack

Technology Stack Explained

Friend365 is built on a modern, scalable technology stack designed for reliability, security, and performance. Each component is carefully selected to provide the best user experience while maintaining operational efficiency.

Frontend Architecture

The user interface is built with React 18, a component-based library that enables efficient updates and a responsive design. Vite serves as the build tool, providing fast development server and optimized production builds. The frontend communicates with the backend through a RESTful API, using the Fetch API with proper error handling and token management.

Backend Services

The backend runs on Node.js with Express.js, providing a robust server environment. PM2 manages the application in cluster mode, ensuring high availability and automatic recovery from crashes. The architecture follows a modular design with separate services for AI integration, memory management, summarization, and safety guardrails.

AI Integration

Friend365 leverages OpenRouter's API to access advanced language models. The system uses different models for different tasks: a primary model for conversations and a secondary model for summarization. This approach optimizes both cost and response quality. The AI service implements circuit breakers and retry logic to handle API failures gracefully.

Data Management

PostgreSQL serves as the primary database, storing user data, chat history, and application state. Redis provides fast caching for rate limiting and session management. All sensitive data is encrypted using AES-256-GCM before storage, ensuring privacy even if the database is compromised. The system implements automatic data cleanup with configurable TTL values.

Security Infrastructure

Security is implemented at multiple layers. JWT tokens with refresh rotation handle authentication, while bcrypt secures passwords. Nginx provides SSL termination and acts as a reverse proxy, adding an extra layer of protection. The application implements comprehensive input validation and uses parameterized queries to prevent SQL injection attacks.

Deployment Architecture

The application is deployed on a single cloud server running Ubuntu 22.04. Nginx handles incoming traffic and SSL termination, while PM2 manages the Node.js application. PostgreSQL and Redis run on the same server but are bound to localhost for security. Automated backups and monitoring ensure reliability and quick recovery from issues.

Usability and User Experience

Friend365 is designed with user experience as a top priority, focusing on accessibility, ease of use, and emotional support. The interface adapts to different devices and user needs, providing a consistent experience across platforms.

Responsive Design

The application features a fully responsive design that works seamlessly on desktop, tablet, and mobile devices. The layout automatically adjusts to screen size, with a collapsible navigation menu on mobile devices. Touch-friendly controls and appropriately sized interactive elements ensure usability across all devices.

Intelligent Navigation

The sidebar navigation automatically highlights the current section as users scroll, providing clear orientation within the documentation. On mobile devices, a sticky header provides quick access to navigation without interrupting the reading experience. Smooth scrolling animations enhance the feeling of continuity when navigating between sections.

Accessibility Features

Friend365 follows WCAG accessibility guidelines, with proper semantic HTML structure, keyboard navigation support, and appropriate color contrast ratios. The interface uses clear typography with sufficient font sizes and line heights for comfortable reading. All interactive elements are properly labeled for screen reader compatibility.

Emotional Design

The visual design uses calming colors and gentle animations to create a soothing environment. The interface avoids jarring transitions or overwhelming visual elements that could cause stress. Micro-interactions provide subtle feedback without being distracting, helping users feel in control of their experience.

Performance Optimization

The application loads quickly and responds promptly to user interactions. Lazy loading and code splitting ensure that only necessary resources are loaded initially. The smart context system reduces AI response times by optimizing token usage, resulting in faster conversations without sacrificing quality.

Error Handling and Guidance

When errors occur, the system provides clear, helpful messages that guide users toward resolution rather than showing technical jargon. The interface gracefully handles network interruptions and API failures, offering alternative paths or retry options. Rate limiting is communicated clearly to users, with explanations of when they can continue using the service.

Key metrics

Illustrative charts summarise efficiency gains, tier limits, and baseline monthly costs.