Client Engagement Chat

Provide a private, token-protected chat portal for individual clients with vector-retrieved context.

What you can do#

The client engagement chat provides a private, branded chat portal for individual clients. Each client gets a dedicated endpoint that draws on client-specific knowledge documents, with answers grounded in engagement materials relevant to that client.

CapabilityDescriptionStatus
Per-client portalUnique URL per client slugShipped
Vector retrievalSemantic search across client knowledge documentsShipped
Filesystem fallbackWorks without a database using local markdown filesShipped
Token authenticationSimple token-based access controlShipped
Streaming chatReal-time SSE streaming responsesShipped
Conversation limitsTurn cap and message length validationShipped

How it works#

Each client portal is accessed via a unique URL:

POST /api/clients/<client-slug>/chat?token=<portal-token>

When a user sends a message:

  1. The portal token is verified against CLIENT_PORTAL_TOKEN
  2. The client slug is checked against known client portals (filesystem or database)
  3. The latest user query is embedded and matched against the client's knowledge documents using vector similarity search
  4. The AI generates a streaming response grounded in the retrieved engagement materials

Knowledge sources#

Client knowledge can come from two sources:

Markdown files (filesystem)#

Place markdown files in docs/clients/<client-slug>/ with numbered prefixes (e.g., 01-overview.md, 02-roadmap.md). These are loaded directly when the database is unavailable.

Vector store (database)#

For production use, sync client documents into the client_knowledge_documents table. Documents are chunked and embedded for semantic retrieval, providing more relevant results than full-document injection.

info The vector store is preferred when available. If no synced documents exist for a client, the system falls back to reading markdown files from the filesystem automatically.

Configuration#

VariableDescription
CLIENT_PORTAL_TOKENShared token for portal access (required)
SIDEKICK_PUBLIC_API_KEYAPI key for the AI model (required)
SIDEKICK_PUBLIC_VECTOR_API_KEYAPI key for embeddings (falls back to OPENAI_API_KEY)

Limits#

  • Conversation turns -- maximum 10 turns per session
  • Message length -- 2,000 characters per message
  • Retrieval results -- top 6 chunks above 0.6 similarity threshold

Security#

  • Token-gated access -- every request requires a valid portal token as a query parameter
  • Client isolation -- each client slug resolves to its own knowledge set; cross-client access is not possible
  • Safe file patterns -- only numbered markdown files matching the expected naming convention are loaded from the filesystem

warning The CLIENT_PORTAL_TOKEN is a shared secret. Treat it like an API key and rotate it if it may have been exposed.