# LazyToken — Demo Environment

A repeatable, synthetic-data demo for sales conversations and evaluations. It
stands up a LazyToken server populated with a realistic mid-size R&D org so every
dashboard screen tells a story — **without any real customer data**.

The demo dataset is generated by `server/scripts/seed-demo.ts` (npm script
`seed:demo`). It is deterministic (same numbers every run) and self-contained: it
creates its own org and never touches the small `seed.ts` fixture used by tests.

---

## 1. What the demo represents

**Northwind Labs** — a 60-seat, Enterprise-tier org, ~90 days into adoption:

| Dimension        | What the seed creates |
|------------------|-----------------------|
| Teams            | Platform, Payments, Data, Mobile, SRE — each "goes live" on a different day, producing a real **adoption curve** |
| Developers       | ~22 developer accounts across the five teams |
| Devices          | ~21 active devices (macOS/Linux/Windows), 2 "silent" (stale), 1 revoked, one on an older agent version |
| AI agents        | **Copilot** and **Claude Code** as first-class citizens (Copilot-heavy, mirroring a Microsoft shop), plus a Cursor / Gemini CLI tail — per PRD §3.7 agent-equality |
| Metrics          | ~90 days of daily savings with weekday seasonality; ~7–8k raw metric rows |
| Opportunities    | `kubectl` / `docker` / `terraform` show as **high-volume, low-savings passthrough** (≈8–12% saved) next to build/test tools at 76–85% |
| Security events  | Context Firewall (DLP) events across all rule types — `aws-key`, `github-token`, `openai-key`, `anthropic-key`, `private-key`, `connection-string`, `jwt`, `high-entropy`, `guardrail-block` — **type + tool + time only, never a matched value** |
| Licensing        | A live Enterprise license window so the header shows a healthy, non-expired license |

Roughly: **~54M raw tokens → ~28M after filtering (~49% saved org-wide)**, with
the strong-savings tools far higher and passthrough tools deliberately low so the
Opportunities story lands.

---

## 2. Launch the demo

Assumes Node 22+ and PostgreSQL 16 (or use the Docker path from the
[Quick Start](./QUICK-START.md)). Use a dedicated database so the demo is easy to
reset:

```bash
cd server
npm ci

createdb lazytoken_demo
DATABASE_URL=postgresql://<user>@localhost:5432/lazytoken_demo npx prisma migrate deploy
DATABASE_URL=postgresql://<user>@localhost:5432/lazytoken_demo npm run seed:demo

# Start the server against the SAME database:
DATABASE_URL=postgresql://<user>@localhost:5432/lazytoken_demo npm run dev
```

The seed prints the logins and a live enroll token. Open the dashboard (default
`http://localhost:8080`).

**Reset / re-seed:** the seed refuses to run twice into the same DB. To start
over, drop and recreate the database:

```bash
dropdb lazytoken_demo && createdb lazytoken_demo
DATABASE_URL=...lazytoken_demo npx prisma migrate deploy
DATABASE_URL=...lazytoken_demo npm run seed:demo
```

---

## 3. Demo logins

| Role    | Email                    | Password            | Use it to show |
|---------|--------------------------|---------------------|----------------|
| Admin   | `admin@northwind.demo`   | `demo-admin-1234`   | Everything — policies, users, licensing, settings |
| Finance | `finance@northwind.demo` | `demo-finance-1234` | The ROI / cost angle (CFO persona) |
| Lead    | `lead@northwind.demo`    | `demo-lead-1234`    | Team-scoped view (Platform team lead) |
| Viewer  | `viewer@northwind.demo`  | `demo-viewer-1234`  | Read-only executive view |

> These are **synthetic demo credentials** for a throwaway database. Never reuse
> them for anything real.

---

## 4. Suggested demo script (≈8 minutes)

1. **Open on Executive as `admin@northwind.demo`.** Lead with the headline: "~49%
   of tokens filtered out before they ever reached the model, across ~90 days."
   Point at the **adoption curve** — teams coming online one after another.
2. **Teams.** Show the spread across Platform / Payments / Data / Mobile / SRE and
   drill into one. Mention the **anonymization mode** ("Dev #N") for works-councils
   and GDPR-sensitive orgs (see the [Security Whitepaper](./SECURITY-WHITEPAPER.md)).
3. **Commands / Opportunities.** Contrast the strong savers (git, cargo, pytest at
   ~80%) with `kubectl` / `docker` / `terraform` flagged as **passthrough
   opportunities** — "here's where we can tune filters next."
4. **Security (the differentiator).** Open the Context Firewall screen: counts by
   type over time — AWS keys, GitHub/OpenAI/Anthropic tokens, private keys,
   guardrail blocks. Emphasize: *we log that a secret was blocked, never the
   secret itself.* This is the moment the conversation moves to the security
   budget.
5. **Fleet.** Show active vs. silent devices and an out-of-date agent — the
   "central control" story for the DevEx/Platform persona.
6. **Agent equality.** Filter by AI agent to show **Copilot and Claude Code side
   by side** — "we're not a Claude-only tool; we cover the fleet you actually run."

---

## 5. What to say about the data

- It is **synthetic** — generated locally, deterministic, no customer involved.
- The **shape** is realistic (adoption ramp, weekend dips, passthrough tools,
  DLP event mix) so the screens behave like production.
- Nothing in the demo dataset violates the privacy model: metrics are numbers +
  tool names; security events are `{type, tool, time}` only. It is the same
  allowlist the real agent is bound to.

---

## 6. Notes and honest caveats

- The demo uses **password logins** for simplicity. SSO (OIDC/SAML) is configured
  per real org and is not part of the synthetic seed.
- The dashboard reads only from the aggregated tables the rollup populates; the
  seed runs that rollup for you, so every aggregated screen is ready immediately.
- USD values depend on the org's price table. The demo sets a per-agent price
  table (`claude-code` $3, `copilot` $2, `cursor` $3, `gemini-cli` $1.25 per
  MTok); adjust it under **Settings → Token prices** to match a prospect's real
  contract and watch the ROI number move live.
