# LazyToken — 15-Minute Quick Start

Zero to a live dashboard with realistic demo data, on your laptop, in about
fifteen minutes. This is the fastest way to *see* LazyToken; for a real
deployment follow the [Admin Guide](./ADMIN-GUIDE.md).

> **What you get at the end:** a running LazyToken server, an admin login, and a
> dashboard showing 90 days of savings across five teams, both Claude Code and
> Copilot agents, Context Firewall (DLP) events, and passthrough opportunities.

---

## Prerequisites

- **Docker + Docker Compose** (for the one-command stack), *or*
- **Node.js 22+** and **PostgreSQL 16** (for the local dev path).

Pick one path below.

---

## Path A — Docker (recommended, ~5 min)

From the repository root:

```bash
cd deploy
cp .env.example .env          # then edit .env (see below)
docker compose up -d
```

Set at least these in `deploy/.env`:

```env
POSTGRES_PASSWORD=change-me-strong
JWT_SECRET=$(openssl rand -hex 32)     # any 32+ char secret
BOOTSTRAP_ADMIN_EMAIL=admin@acme.com
BOOTSTRAP_ADMIN_PASSWORD=choose-a-strong-password
BOOTSTRAP_ORG_NAME=Acme
```

On first boot the server runs migrations and creates your first admin
automatically. Check it is live:

```bash
curl http://localhost:8080/healthz      # -> {"status":"ok"}
```

You now have an empty org. To fill it with demo data, jump to
[Load the demo data](#load-the-demo-data).

---

## Path B — Local dev (Node + PostgreSQL, ~8 min)

```bash
cd server
cp .env.example .env                    # set DATABASE_URL; JWT_SECRET optional in dev
createdb lazytoken_dev                  # PostgreSQL 16 running locally
npm install
npx prisma migrate deploy
npm run dev                             # http://localhost:8080/healthz
```

Create your first admin (in a second terminal):

```bash
cd server
npm run bootstrap:admin -- --email admin@acme.com --password 'strong-pw' --org "Acme"
```

---

## Load the demo data

The demo seed populates a rich, realistic multi-team dataset — ideal for a first
look or a sales demo. It creates its own org (**Northwind Labs**) and does **not**
touch your real org.

```bash
cd server
# Point at whichever database your server uses. For the local dev path:
DATABASE_URL=postgresql://<user>@localhost:5432/lazytoken_dev npm run seed:demo
```

> For an isolated demo database instead of your dev DB:
> ```bash
> createdb lazytoken_demo
> DATABASE_URL=postgresql://<user>@localhost:5432/lazytoken_demo npx prisma migrate deploy
> DATABASE_URL=postgresql://<user>@localhost:5432/lazytoken_demo npm run seed:demo
> ```
> and start the server with that same `DATABASE_URL`.

The script prints the demo logins and an enroll token when it finishes. See
[DEMO.md](./DEMO.md) for the full walkthrough of what the dashboard shows.

**Demo logins** (all four RBAC roles):

| Role    | Email                   | Password            |
|---------|-------------------------|---------------------|
| Admin   | `admin@northwind.demo`  | `demo-admin-1234`   |
| Finance | `finance@northwind.demo`| `demo-finance-1234` |
| Lead    | `lead@northwind.demo`   | `demo-lead-1234`    |
| Viewer  | `viewer@northwind.demo` | `demo-viewer-1234`  |

---

## Log in and look around

Open the dashboard (served by the same server; default `http://localhost:8080`)
and sign in as **admin@northwind.demo**. You should see:

- **Executive** — tokens saved, USD value, a 90-day adoption curve, top teams.
- **Teams** — five teams (Platform, Payments, Data, Mobile, SRE) with drill-down.
- **Commands / Opportunities** — build/test tools saving 75–85%; `kubectl`,
  `docker`, `terraform` flagged as high-volume passthrough opportunities.
- **Security** — Context Firewall (DLP) events by type and over time.
- **Fleet** — ~21 active devices, a couple of silent ones, one revoked.

---

## Enroll a real agent (optional)

If you have the `ltk` binary built, point a device at your server:

```bash
ltk enroll --server http://localhost:8080 --token <ORG-... from the seed output>
ltk status                              # shows enrollment, policy, reporting
```

Metrics flow in automatically as you use your coding agent. See the
[Admin Guide → Enrolling devices](./ADMIN-GUIDE.md#5-enrolling-devices) for
fleet rollout via MDM.

---

## Next steps

- **[DEMO.md](./DEMO.md)** — the guided demo script and what each screen proves.
- **[ADMIN-GUIDE.md](./ADMIN-GUIDE.md)** — production install, SSO, policies,
  licensing, scheduled ROI reports.
- **[SECURITY-WHITEPAPER.md](./SECURITY-WHITEPAPER.md)** — what we never collect,
  the payload allowlist, Context Firewall, air-gapped.
