# CECL Integration Deployment Guide

## 🚀 Quick Server Deployment

### Files to Upload to `public_html/`:

1. **`portal-auth-simple.php`** ← JWT authentication bridge (uses Azure Key Vault)
2. **`clientportal-portal.php`** ← New streamlined CECL interface

### Azure Key Vault Setup:

The authentication bridge uses Azure Managed Identity to access Key Vault secrets:

**Required Key Vault Secret:**
- `jwt-secret` ← Must match the JWT secret used by your portal

**Server Requirements:**
- **Azure App Service** with **Managed Identity enabled**
- **Key Vault access policy** granting the managed identity `get` and `list` permissions on secrets

No environment variables needed - everything is handled through Azure Key Vault!

### Quick Test URLs:

- **Current CECL**: `https://bankerscaddy.com/clientportal.php` (unchanged)
- **New Portal CECL**: `https://bankerscaddy.com/clientportal-portal.php` (new)

### Installation Steps:

1. **Upload files** to your `public_html/` directory
2. **Set environment variables** for JWT_SECRET and PORTAL_URL
3. **Test directly** by visiting the new URL
4. **Deploy portal update** to point to production URL

### Dependencies:

The `portal-auth.php` file needs:
- **Firebase JWT library**: `composer require firebase/php-jwt` (or use built-in functions)
- **PHP 7.4+** (you already have 8.1)

### Quick Test:

1. Visit: `https://bankerscaddy.com/clientportal-portal.php`
2. Should show clean 3-card interface
3. Test with a real user account

---

**Ready to deploy?** Just say the word and I'll help you get the files uploaded!