Sign in with your admin account to continue.
| Name | Status | Plan | Signed Up | Actions |
|---|
| Date | Logins | Statements | PDF Exports | Excel Exports | Projects Created |
|---|
| Date | Total Users | Active | Trial | Firms | Past Due | Cancelled |
|---|
| Timestamp | Status | Firestore | Stripe | Latency |
|---|
| Check | Frequency | What It Does |
|---|---|---|
| 🏥 Health Check | Every 6 hours | Tests Firestore + Stripe connectivity, logs latency, flags degraded status |
| 🚨 Error Spike Detection | Every 6 hours | Counts errors in last 24h — alerts if > 20 errors detected |
| 📈 Daily Metrics Snapshot | Daily (midnight ET) | Captures subscriber counts, plan breakdown, churn numbers |
| 🧹 Error Log Cleanup | Weekly (Monday 3am ET) | Purges error logs older than 7 days to keep database clean |
| Timestamp | Type | Message | User | Source |
|---|
When enabled, destructive operations are blocked across the platform. Toggle ON before major deployments or maintenance.
All dependency versions are pinned to prevent breaking changes. Do NOT run npm update without testing in staging first.
| Package | Version | Purpose | Load |
|---|---|---|---|
| Firebase JS SDK | 10.12.0 | Auth, Firestore, App init | Blocking |
| Stripe.js | v3 (latest) | Checkout redirect | Deferred |
| SheetJS (xlsx) | 0.18.5 | Excel import/export | Deferred |
| jsPDF | 2.5.1 | PDF generation | Deferred |
| jsPDF-AutoTable | 3.8.2 | PDF table formatting | Deferred |
| Package | Pinned | Installed | Purpose |
|---|---|---|---|
| firebase-admin | ^11.11.0 | 11.11.1 | Server-side Firebase SDK |
| firebase-functions | ^4.5.0 | 4.9.0 | Cloud Functions framework |
| stripe | ^14.0.0 | 14.25.0 | Stripe API (webhooks) |
| resend | ^3.0.0 | 3.5.0 | Transactional email API |
When adjusting entries are posted, the raw net amount is multiplied by the section's sign so debits increase debit-normal accounts and credits increase credit-normal accounts. This prevents the sign-flip bug fixed in commit bead8a0.
The Notes to the Financial Statements are auto-generated by generateNotes() based on user inputs in the Notes Questionnaire tab. The system uses conditional logic to include only relevant disclosures.
~40+ form fields covering entity type, basis of accounting, revenue recognition, inventory methods, debt terms, leases, related parties, subsequent events, and more. Radio buttons toggle sub-sections; text areas capture custom language.
generateNotes() reads each input via nqVal() and nqRadio(). If a section has data, it's included; empty sections are skipped. Note numbers auto-increment (noteNum++) so there are never gaps.
Each note type has pre-written GAAP-compliant boilerplate (e.g., "Use of Estimates" is always included). User text is merged with templates — custom language overrides defaults where provided.
Notes pull live data from the trial balance: e.g., debt schedules show actual balances, depreciation notes reference fixed asset totals, and going concern analysis uses computed ratios.
HTML rendered into the Notes tab, included in PDF export (full package), and mirrored to Excel as a buildNotesData() sheet.
All server-side logic lives in functions/index.js. Region: us-central1 (default).
| Event | Action |
|---|---|
| checkout.session.completed | Activate subscription, store Stripe customer ID, set plan type |
| invoice.paid | Renew subscription, update lastPaymentAt |
| invoice.payment_failed | Set status to past_due |
| customer.subscription.deleted | Set status to cancelled |
| Collection | Purpose | Key Fields |
|---|---|---|
| users | User profiles & subscription data | email, plan, subscriptionStatus, stripeCustomerId, firm{} |
| users/{uid}/projects | Encrypted project data | name, data (encrypted blob), updatedAt |
| emailQueue | Pending workflow emails | to, subject, eventType, projectName, sent, sentAt |
Roles: Staff prepares → Manager reviews & approves → Partner gives final sign-off.
At each transition: Status updates in Firestore, timeline entry logged, email queued for assignees.
Comments: Threaded per-project, visible to all assignees, trigger email notifications.
| Feature | Implementation | Status |
|---|---|---|
| Data Encryption | AES-256-GCM, PBKDF2 key (600K rounds, cached per session) | Active |
| HTTP Security Headers | X-Content-Type-Options, X-Frame-Options (DENY), X-XSS-Protection, HSTS, Referrer-Policy, Permissions-Policy | Active |
| Rate Limiting | In-memory limiter on webhook endpoint (30 req/min per IP) | Active |
| Error Monitoring | Global window.onerror + unhandled promise rejection → Firestore errorLogs | Active |
| Usage Analytics | Daily counters in Firestore analytics collection (logins, exports, statements) | Active |
| Health Monitoring | Cloud Function endpoint testing Firestore + Stripe connectivity | Active |
| Daily Metrics Backup | Scheduled function captures subscriber counts nightly at midnight ET | Active |
| Error Log Cleanup | Automated weekly purge of error logs older than 7 days | Active |
| Session Expiry | 8-hour timeout, auto sign-out on check | Active |
| Sign-Up Blocking | SIGNUPS_DISABLED = true — blocks public registration | Testing |
| Stripe Webhook Verification | Signature verification via constructEvent() | Active |
| Admin Bypass | getnoteflowapp@gmail.com skips subscription gate | Active |
| 2FA / Phone Auth | Code present but commented out — enable when ready | Standby |
| Firestore Rules | Users can only read/write their own documents | Active |
| Variable | Purpose |
|---|---|
| STRIPE_SECRET_KEY | Stripe API secret (currently test mode: sk_test_...) |
| STRIPE_WEBHOOK_SECRET | Webhook signature verification key |
| RESEND_API_KEY | Resend email API key (pending setup) |
cp "Financial Statement Prep index.html" public/index.html
npx firebase-tools deploy --only hosting
npx firebase-tools deploy --only functions
Check https://getnoteflowapp.com — confirm login, statement generation, and exports work. Check Firebase Console → Functions for deployment status.