ante-erp-cli 1.11.66 → 1.11.67

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ante-erp-cli",
-  "version": "1.11.66",
+  "version": "1.11.67",
   "description": "Comprehensive CLI tool for managing ANTE ERP self-hosted installations",
   "type": "module",
   "bin": {

package/src/commands/install.js

@@ -78,6 +78,8 @@ function showWelcome() {
 function showSuccess(installDir, credentials, config) {
   const frontendUrl = config.frontendDomain || 'http://localhost:8080';
   const apiUrl = config.apiDomain || 'http://localhost:3001';
+  const frontendCoreUrl = config.frontendCoreDomain || 'http://localhost:8085';
+  const backendCoreUrl = config.backendCoreDomain || 'http://localhost:4002';
   const gateAppUrl = config.gateAppDomain || 'http://localhost:8081';
   const guardianAppUrl = config.guardianAppDomain || 'http://localhost:8082';
   const facialWebUrl = config.facialAppDomain || 'http://localhost:8083';
@@ -86,7 +88,8 @@ function showSuccess(installDir, credentials, config) {
 
   let accessInfo = chalk.white('Access Information:') + '\n' +
     chalk.gray('━'.repeat(40)) + '\n' +
-    chalk.cyan('Frontend Main: ') + chalk.white(frontendUrl) + '\n';
+    chalk.cyan('Frontend Main: ') + chalk.white(frontendUrl) + '\n' +
+    chalk.cyan('Frontend Core: ') + chalk.white(frontendCoreUrl) + '\n';
 
   if (config.installGate) {
     accessInfo += chalk.cyan('Gate App:      ') + chalk.white(gateAppUrl) + '\n';
@@ -105,10 +108,11 @@ function showSuccess(installDir, credentials, config) {
   }
 
   if (config.installMlm) {
-    accessInfo += chalk.cyan('MLM App:    ') + chalk.white(mlmAppUrl) + '\n';
+    accessInfo += chalk.cyan('MLM App:       ') + chalk.white(mlmAppUrl) + '\n';
   }
 
   accessInfo += chalk.cyan('Backend:       ') + chalk.white(apiUrl) + '\n' +
+    chalk.cyan('Backend Core:  ') + chalk.white(backendCoreUrl) + '\n' +
     chalk.cyan('WebSocket:     ') + chalk.white(apiUrl) + '\n\n';
 
   console.log(
@@ -319,6 +323,8 @@ export async function install(options) {
     const frontendPort = parseInt(options.port) || 8080;
     const apiPort = 3001;
     const backendMlmPort = 4001;
+    const backendCorePort = 4002;
+    const frontendCorePort = 8085;
     const gateAppPort = 8081;
     const guardianAppPort = 8082;
     const facialWebPort = 8083;
@@ -331,6 +337,8 @@ export async function install(options) {
       frontendDomain: buildURL(host, frontendPort),
       apiDomain: buildURL(host, apiPort),
       mlmApiDomain: buildURL(host, backendMlmPort),
+      backendCoreDomain: buildURL(host, backendCorePort),
+      frontendCoreDomain: buildURL(host, frontendCorePort),
       gateAppDomain: buildURL(host, gateAppPort),
       guardianAppDomain: buildURL(host, guardianAppPort),
       facialAppDomain: buildURL(host, facialWebPort),
@@ -339,6 +347,8 @@ export async function install(options) {
       frontendPort,
       apiPort,
       backendMlmPort,
+      backendCorePort,
+      frontendCorePort,
       gateAppPort,
       guardianAppPort,
       facialWebPort,
@@ -350,7 +360,7 @@ export async function install(options) {
       installFacial: true,
       installPos: true,
       installMlm: true,
-      frontends: ['main', 'gate', 'guardian', 'facial', 'pos', 'mlm']
+      frontends: ['main', 'gate', 'guardian', 'facial', 'pos', 'mlm', 'core']
     };
 
     console.log(chalk.green(`✓ ${formatStepTitle(stepNetworkDetect, totalSteps, `Network detected: ${host}`)}\n`));
@@ -359,12 +369,14 @@ export async function install(options) {
     console.log(chalk.bold('📋 Installation Configuration:\n'));
     console.log(chalk.cyan('  Directory:'), chalk.white(config.installDir));
     console.log(chalk.cyan('  Frontend Main:'), chalk.white(config.frontendDomain));
+    console.log(chalk.cyan('  Frontend Core:'), chalk.white(config.frontendCoreDomain));
     console.log(chalk.cyan('  Gate App:'), chalk.white(config.gateAppDomain));
     console.log(chalk.cyan('  Guardian App:'), chalk.white(config.guardianAppDomain));
     console.log(chalk.cyan('  Facial Web:'), chalk.white(config.facialAppDomain));
     console.log(chalk.cyan('  POS App:'), chalk.white(config.posAppDomain));
     console.log(chalk.cyan('  MLM App:'), chalk.white(config.mlmAppDomain));
     console.log(chalk.cyan('  API:'), chalk.white(config.apiDomain));
+    console.log(chalk.cyan('  Backend Core:'), chalk.white(config.backendCoreDomain));
     console.log(chalk.cyan('  MLM API:'), chalk.white(config.mlmApiDomain));
     console.log();
 
@@ -442,6 +454,8 @@ export async function install(options) {
             frontendPort: config.frontendPort,
             backendPort: config.apiPort,
             backendMlmPort: config.backendMlmPort,
+            backendCorePort: config.backendCorePort,
+            frontendCorePort: config.frontendCorePort,
             gateAppPort: config.gateAppPort,
             guardianAppPort: config.guardianAppPort,
             facialWebPort: config.facialWebPort,
@@ -463,6 +477,8 @@ export async function install(options) {
             frontendPort: config.frontendPort,
             backendPort: config.apiPort,
             backendMlmPort: config.backendMlmPort,
+            backendCorePort: config.backendCorePort,
+            frontendCorePort: config.frontendCorePort,
             gateAppPort: config.gateAppPort,
             guardianAppPort: config.guardianAppPort,
             facialWebPort: config.facialWebPort,
@@ -474,6 +490,8 @@ export async function install(options) {
             posAppUrl: config.posAppDomain,
             mlmAppUrl: config.mlmAppDomain,
             mlmApiUrl: config.mlmApiDomain,
+            frontendCoreUrl: config.frontendCoreDomain,
+            backendCoreUrl: config.backendCoreDomain,
             companyId: config.companyId,
             installGate: config.installGate,
             installGuardian: config.installGuardian,

package/src/commands/regenerate-compose.js

@@ -74,11 +74,13 @@ export async function regenerateCompose() {
     const installed = detectInstalledApps(composeFile);
     console.log(chalk.cyan('Detected Configuration:'));
     console.log(chalk.gray(`  Frontend Main:  ${installed.hasMain ? '✓ Installed' : '✗ Not installed'}`));
+    console.log(chalk.gray(`  Backend Core:   ✓ Always Included`));
+    console.log(chalk.gray(`  Frontend Core:  ✓ Always Included`));
     console.log(chalk.gray(`  Gate App:       ${installed.hasGateApp ? '✓ Installed' : '✗ Not installed'}`));
     console.log(chalk.gray(`  Guardian App:   ${installed.hasGuardianApp ? '✓ Installed' : '✗ Not installed'}`));
     console.log(chalk.gray(`  Facial Web:     ${installed.hasFacialWeb ? '✓ Installed' : '✗ Not installed'}`));
     console.log(chalk.gray(`  POS App:        ${installed.hasPosApp ? '✓ Installed' : '✗ Not installed'}`));
-    console.log(chalk.gray(`  MLM App:     ${installed.hasMlmApp ? '✓ Installed' : '✗ Not installed'}\n`));
+    console.log(chalk.gray(`  MLM App:        ${installed.hasMlmApp ? '✓ Installed' : '✗ Not installed'}\n`));
 
     // Parse .env file
     const envConfig = parseEnvFile(envFile);
@@ -87,6 +89,8 @@ export async function regenerateCompose() {
     const frontendPort = parseInt(envConfig.FRONTEND_PORT) || 8080;
     const backendPort = parseInt(envConfig.BACKEND_PORT) || 3001;
     const backendMlmPort = parseInt(envConfig.BACKEND_MLM_PORT) || 4001;
+    const backendCorePort = parseInt(envConfig.BACKEND_CORE_PORT) || 4002;
+    const frontendCorePort = parseInt(envConfig.FRONTEND_CORE_PORT) || 8085;
     const gateAppPort = parseInt(envConfig.GATE_APP_PORT) || 8081;
     const guardianAppPort = parseInt(envConfig.GUARDIAN_APP_PORT) || 8082;
     const facialWebPort = parseInt(envConfig.FACIAL_WEB_PORT) || 8083;
@@ -95,25 +99,27 @@ export async function regenerateCompose() {
     const companyId = parseInt(envConfig.COMPANY_ID) || 1;
 
     console.log(chalk.cyan('Port Configuration:'));
-    console.log(chalk.gray(`  Frontend:    ${frontendPort}`));
-    console.log(chalk.gray(`  Backend:     ${backendPort}`));
+    console.log(chalk.gray(`  Frontend:       ${frontendPort}`));
+    console.log(chalk.gray(`  Backend:        ${backendPort}`));
+    console.log(chalk.gray(`  Backend Core:   ${backendCorePort}`));
+    console.log(chalk.gray(`  Frontend Core:  ${frontendCorePort}`));
     if (installed.hasGateApp) {
-      console.log(chalk.gray(`  Gate App:    ${gateAppPort}`));
+      console.log(chalk.gray(`  Gate App:       ${gateAppPort}`));
     }
     if (installed.hasGuardianApp) {
-      console.log(chalk.gray(`  Guardian:    ${guardianAppPort}`));
+      console.log(chalk.gray(`  Guardian:       ${guardianAppPort}`));
     }
     if (installed.hasFacialWeb) {
-      console.log(chalk.gray(`  Facial Web:  ${facialWebPort}`));
+      console.log(chalk.gray(`  Facial Web:     ${facialWebPort}`));
     }
     if (installed.hasPosApp) {
-      console.log(chalk.gray(`  POS App:     ${posAppPort}`));
+      console.log(chalk.gray(`  POS App:        ${posAppPort}`));
     }
     if (installed.hasMlmApp) {
-      console.log(chalk.gray(`  MLM App:  ${mlmAppPort}`));
-      console.log(chalk.gray(`  Backend MLM: ${backendMlmPort}`));
+      console.log(chalk.gray(`  MLM App:        ${mlmAppPort}`));
+      console.log(chalk.gray(`  Backend MLM:    ${backendMlmPort}`));
     }
-    console.log(chalk.gray(`  Company ID:  ${companyId}\n`));
+    console.log(chalk.gray(`  Company ID:     ${companyId}\n`));
 
     // Backup existing docker-compose.yml
     const timestamp = new Date().toISOString().split('.')[0].replace(/:/g, '-').replace('T', '_');
@@ -129,6 +135,8 @@ export async function regenerateCompose() {
       frontendPort,
       backendPort,
       backendMlmPort,
+      backendCorePort,
+      frontendCorePort,
       gateAppPort,
       guardianAppPort,
       facialWebPort,

package/src/commands/set-domain.js

@@ -97,9 +97,9 @@ function getEnvValue(envPath, key) {
 }
 
 /**
- * Check if gate-app, guardian-app, facial-web, pos-app, mlm-app, or backend-mlm is installed by checking docker-compose.yml
+ * Check if gate-app, guardian-app, facial-web, pos-app, mlm-app, backend-mlm, frontend-core, or backend-core is installed by checking docker-compose.yml
  * @param {string} composeFile - Path to docker-compose.yml
- * @returns {{hasGateApp: boolean, hasGuardianApp: boolean, hasFacialWeb: boolean, hasPosApp: boolean, hasMlmApp: boolean, hasBackendMlm: boolean}}
+ * @returns {{hasGateApp: boolean, hasGuardianApp: boolean, hasFacialWeb: boolean, hasPosApp: boolean, hasMlmApp: boolean, hasBackendMlm: boolean, hasFrontendCore: boolean, hasBackendCore: boolean}}
  */
 function detectInstalledApps(composeFile) {
   try {
@@ -110,10 +110,12 @@ function detectInstalledApps(composeFile) {
       hasFacialWeb: composeContent.includes('facial-web:') || composeContent.includes('container_name: ante-facial-web'),
       hasPosApp: composeContent.includes('pos-app:') || composeContent.includes('container_name: ante-pos'),
       hasMlmApp: composeContent.includes('mlm-app:') || composeContent.includes('container_name: ante-mlm'),
-      hasBackendMlm: composeContent.includes('backend-mlm:') || composeContent.includes('container_name: ante-backend-mlm')
+      hasBackendMlm: composeContent.includes('backend-mlm:') || composeContent.includes('container_name: ante-backend-mlm'),
+      hasFrontendCore: composeContent.includes('frontend-core:') || composeContent.includes('container_name: ante-frontend-core'),
+      hasBackendCore: composeContent.includes('backend-core:') || composeContent.includes('container_name: ante-backend-core')
     };
   } catch {
-    return { hasGateApp: false, hasGuardianApp: false, hasFacialWeb: false, hasPosApp: false, hasMlmApp: false, hasBackendMlm: false };
+    return { hasGateApp: false, hasGuardianApp: false, hasFacialWeb: false, hasPosApp: false, hasMlmApp: false, hasBackendMlm: false, hasFrontendCore: false, hasBackendCore: false };
   }
 }
 
@@ -172,10 +174,10 @@ export async function setDomain(options) {
       console.log(); // Add spacing
     }
 
-    let frontendUrl, apiUrl, gateAppUrl, guardianAppUrl, facialWebUrl, posAppUrl, mlmAppUrl, backendMlmUrl;
+    let frontendUrl, apiUrl, gateAppUrl, guardianAppUrl, facialWebUrl, posAppUrl, mlmAppUrl, backendMlmUrl, frontendCoreUrl, backendCoreUrl;
 
     // Detect which apps are installed
-    const { hasGateApp, hasGuardianApp, hasFacialWeb, hasPosApp, hasMlmApp, hasBackendMlm } = detectInstalledApps(composeFile);
+    const { hasGateApp, hasGuardianApp, hasFacialWeb, hasPosApp, hasMlmApp, hasBackendMlm, hasFrontendCore, hasBackendCore } = detectInstalledApps(composeFile);
 
     if (options.interactive !== false) {
       // Show current values
@@ -187,6 +189,8 @@ export async function setDomain(options) {
       const currentPosAppUrl = getEnvValue(envPath, 'POS_APP_URL');
       const currentClientAppUrl = getEnvValue(envPath, 'MLM_APP_URL');
       const currentBackendClientUrl = getEnvValue(envPath, 'MLM_API_URL');
+      const currentFrontendCoreUrl = getEnvValue(envPath, 'FRONTEND_CORE_URL');
+      const currentBackendCoreUrl = getEnvValue(envPath, 'BACKEND_CORE_URL');
 
       if (currentFrontendUrl) {
         console.log(chalk.gray(`Current Frontend URL: ${currentFrontendUrl}`));
@@ -209,6 +213,12 @@ export async function setDomain(options) {
       if (currentBackendClientUrl) {
         console.log(chalk.gray(`Current Backend-MLM API URL: ${currentBackendClientUrl}`));
       }
+      if (currentFrontendCoreUrl) {
+        console.log(chalk.gray(`Current Frontend Core URL: ${currentFrontendCoreUrl}`));
+      }
+      if (currentBackendCoreUrl) {
+        console.log(chalk.gray(`Current Backend Core API URL: ${currentBackendCoreUrl}`));
+      }
       if (currentApiUrl) {
         console.log(chalk.gray(`Current API URL: ${currentApiUrl}\n`));
       }
@@ -496,6 +506,8 @@ export async function setDomain(options) {
           if (hasPosApp) posAppUrl = `https://${subdomain}-pos.ante.ph`;
           if (hasMlmApp) mlmAppUrl = `https://${subdomain}-mlm.ante.ph`;
           if (hasBackendMlm) backendMlmUrl = `https://${subdomain}-api-mlm.ante.ph`;
+          if (hasFrontendCore) frontendCoreUrl = `https://${subdomain}-core.ante.ph`;
+          if (hasBackendCore) backendCoreUrl = `https://${subdomain}-api-core.ante.ph`;
 
           // Display generated domains for confirmation
           console.log(chalk.cyan('\n📋 Generated Domain Configuration:\n'));
@@ -507,6 +519,8 @@ export async function setDomain(options) {
           if (hasPosApp) console.log(chalk.gray(`  POS App:         ${posAppUrl}`));
           if (hasMlmApp) console.log(chalk.gray(`  MLM App:      ${mlmAppUrl}`));
           if (hasBackendMlm) console.log(chalk.gray(`  Backend-MLM:  ${backendMlmUrl}`));
+          if (hasFrontendCore) console.log(chalk.gray(`  Frontend Core:   ${frontendCoreUrl}`));
+          if (hasBackendCore) console.log(chalk.gray(`  Backend Core:    ${backendCoreUrl}`));
           console.log('');
 
           const confirmDomains = await inquirer.prompt([
@@ -594,6 +608,26 @@ export async function setDomain(options) {
             });
           }
 
+          if (hasFrontendCore) {
+            domainPrompts.push({
+              type: 'input',
+              name: 'frontendCoreUrl',
+              message: 'Frontend Core URL:\n  Examples: https://staging-core.ante.ph or http://143.198.91.153:8085\n  Enter URL',
+              default: currentFrontendCoreUrl || 'http://localhost:8085',
+              validate: validateUrl
+            });
+          }
+
+          if (hasBackendCore) {
+            domainPrompts.push({
+              type: 'input',
+              name: 'backendCoreUrl',
+              message: 'Backend Core API URL:\n  Examples: https://staging-api-core.ante.ph or http://143.198.91.153:4002\n  Enter URL',
+              default: currentBackendCoreUrl || 'http://localhost:4002',
+              validate: validateUrl
+            });
+          }
+
           domainPrompts.push({
             type: 'input',
             name: 'apiUrl',
@@ -613,6 +647,8 @@ export async function setDomain(options) {
           if (hasPosApp) posAppUrl = sanitizeUrl(answers.posAppUrl);
           if (hasMlmApp) mlmAppUrl = sanitizeUrl(answers.mlmAppUrl);
           if (hasBackendMlm) backendMlmUrl = sanitizeUrl(answers.backendMlmUrl);
+          if (hasFrontendCore) frontendCoreUrl = sanitizeUrl(answers.frontendCoreUrl);
+          if (hasBackendCore) backendCoreUrl = sanitizeUrl(answers.backendCoreUrl);
         }
       }
     } else {
@@ -755,6 +791,14 @@ export async function setDomain(options) {
       envUpdates.MLM_API_URL = backendMlmUrl;
     }
 
+    if (hasFrontendCore && frontendCoreUrl) {
+      envUpdates.FRONTEND_CORE_URL = frontendCoreUrl;
+    }
+
+    if (hasBackendCore && backendCoreUrl) {
+      envUpdates.BACKEND_CORE_URL = backendCoreUrl;
+    }
+
     updateEnvFile(envPath, envUpdates);
 
     console.log(chalk.green('✓ Configuration updated'));
@@ -813,6 +857,16 @@ export async function setDomain(options) {
           nginxConfig.backendMlmPort = 4001;
         }
 
+        if (hasFrontendCore && frontendCoreUrl) {
+          nginxConfig.frontendCoreDomain = frontendCoreUrl;
+          nginxConfig.frontendCorePort = 8085;
+        }
+
+        if (hasBackendCore && backendCoreUrl) {
+          nginxConfig.backendCoreDomain = backendCoreUrl;
+          nginxConfig.backendCorePort = 4002;
+        }
+
         await configureNginx(nginxConfig);
       } catch (error) {
         console.log(chalk.yellow('\n⚠  NGINX configuration failed:', error.message));
@@ -925,6 +979,18 @@ export async function setDomain(options) {
                 domains.push(backendMlmDomain);
               }
             }
+            if (hasFrontendCore && frontendCoreUrl && frontendCoreUrl.startsWith('https://')) {
+              const frontendCoreDomain = extractDomain(frontendCoreUrl);
+              if (frontendCoreDomain !== 'localhost' && !frontendCoreDomain.match(/^\d+\.\d+\.\d+\.\d+$/) && !domains.includes(frontendCoreDomain)) {
+                domains.push(frontendCoreDomain);
+              }
+            }
+            if (hasBackendCore && backendCoreUrl && backendCoreUrl.startsWith('https://')) {
+              const backendCoreDomain = extractDomain(backendCoreUrl);
+              if (backendCoreDomain !== 'localhost' && !backendCoreDomain.match(/^\d+\.\d+\.\d+\.\d+$/) && !domains.includes(backendCoreDomain)) {
+                domains.push(backendCoreDomain);
+              }
+            }
 
             // Track successful and failed domains
             const successfulDomains = [];
@@ -1016,6 +1082,16 @@ export async function setDomain(options) {
                 sslNginxConfig.backendMlmPort = 4001;
               }
 
+              if (hasFrontendCore && frontendCoreUrl) {
+                sslNginxConfig.frontendCoreDomain = frontendCoreUrl;
+                sslNginxConfig.frontendCorePort = 8085;
+              }
+
+              if (hasBackendCore && backendCoreUrl) {
+                sslNginxConfig.backendCoreDomain = backendCoreUrl;
+                sslNginxConfig.backendCorePort = 4002;
+              }
+
               await updateNginxForSSL(sslNginxConfig);
 
               // Step 3: Setup auto-renewal
@@ -1176,6 +1252,12 @@ export async function setDomain(options) {
     if (hasMlmApp && mlmAppUrl) {
       console.log(chalk.cyan('MLM App: '), chalk.white(mlmAppUrl));
     }
+    if (hasFrontendCore && frontendCoreUrl) {
+      console.log(chalk.cyan('Frontend Core: '), chalk.white(frontendCoreUrl));
+    }
+    if (hasBackendCore && backendCoreUrl) {
+      console.log(chalk.cyan('Backend Core:  '), chalk.white(backendCoreUrl));
+    }
     console.log(chalk.cyan('API:        '), chalk.white(apiUrl));
     console.log(chalk.cyan('WebSocket:  '), chalk.white(apiUrl));
 
@@ -1193,6 +1275,12 @@ export async function setDomain(options) {
     if (hasMlmApp && mlmAppUrl) {
       console.log(chalk.white(`   MLM App:    ${mlmAppUrl}`));
     }
+    if (hasFrontendCore && frontendCoreUrl) {
+      console.log(chalk.white(`   Frontend Core: ${frontendCoreUrl}`));
+    }
+    if (hasBackendCore && backendCoreUrl) {
+      console.log(chalk.white(`   Backend Core:  ${backendCoreUrl}`));
+    }
     console.log();
 
   } catch (error) {

package/src/commands/ssl-enable.js

@@ -48,7 +48,7 @@ function getEnvValue(envPath, key) {
 /**
  * Check if optional apps are installed by checking docker-compose.yml
  * @param {string} composeFile - Path to docker-compose.yml
- * @returns {{hasGateApp: boolean, hasGuardianApp: boolean, hasFacialWeb: boolean, hasPosApp: boolean, hasMlmApp: boolean, hasBackendMlm: boolean}}
+ * @returns {{hasGateApp: boolean, hasGuardianApp: boolean, hasFacialWeb: boolean, hasPosApp: boolean, hasMlmApp: boolean, hasBackendMlm: boolean, hasFrontendCore: boolean, hasBackendCore: boolean}}
  */
 function detectInstalledApps(composeFile) {
   try {
@@ -59,10 +59,12 @@ function detectInstalledApps(composeFile) {
       hasFacialWeb: composeContent.includes('facial-web:') || composeContent.includes('container_name: ante-facial-web'),
       hasPosApp: composeContent.includes('pos-app:') || composeContent.includes('container_name: ante-pos'),
       hasMlmApp: composeContent.includes('mlm-app:') || composeContent.includes('container_name: ante-mlm'),
-      hasBackendMlm: composeContent.includes('backend-mlm:') || composeContent.includes('container_name: ante-backend-mlm')
+      hasBackendMlm: composeContent.includes('backend-mlm:') || composeContent.includes('container_name: ante-backend-mlm'),
+      hasFrontendCore: composeContent.includes('frontend-core:') || composeContent.includes('container_name: ante-frontend-core'),
+      hasBackendCore: composeContent.includes('backend-core:') || composeContent.includes('container_name: ante-backend-core')
     };
   } catch {
-    return { hasGateApp: false, hasGuardianApp: false, hasFacialWeb: false, hasPosApp: false, hasMlmApp: false, hasBackendMlm: false };
+    return { hasGateApp: false, hasGuardianApp: false, hasFacialWeb: false, hasPosApp: false, hasMlmApp: false, hasBackendMlm: false, hasFrontendCore: true, hasBackendCore: true };
   }
 }
 
@@ -90,7 +92,7 @@ export async function sslEnable(options) {
     console.log(chalk.gray(`Installation: ${installDir}\n`));
 
     // Detect which apps are installed
-    const { hasGateApp, hasGuardianApp, hasFacialWeb, hasPosApp, hasMlmApp, hasBackendMlm } = detectInstalledApps(composeFile);
+    const { hasGateApp, hasGuardianApp, hasFacialWeb, hasPosApp, hasMlmApp, hasBackendMlm, hasFrontendCore, hasBackendCore } = detectInstalledApps(composeFile);
 
     // Read current configuration
     const frontendUrl = getEnvValue(envPath, 'FRONTEND_URL');
@@ -101,6 +103,8 @@ export async function sslEnable(options) {
     const posAppUrl = hasPosApp ? getEnvValue(envPath, 'POS_APP_URL') : '';
     const mlmAppUrl = hasMlmApp ? getEnvValue(envPath, 'MLM_APP_URL') : '';
     const backendMlmUrl = hasBackendMlm ? getEnvValue(envPath, 'MLM_API_URL') : '';
+    const frontendCoreUrl = hasFrontendCore ? getEnvValue(envPath, 'FRONTEND_CORE_URL') : '';
+    const backendCoreUrl = hasBackendCore ? getEnvValue(envPath, 'BACKEND_CORE_URL') : '';
 
     if (!frontendUrl || !apiUrl) {
       console.log(chalk.red('✗ Domain configuration not found'));
@@ -120,17 +124,21 @@ export async function sslEnable(options) {
                      (!facialWebUrl || facialWebUrl.startsWith('https://')) &&
                      (!posAppUrl || posAppUrl.startsWith('https://')) &&
                      (!mlmAppUrl || mlmAppUrl.startsWith('https://')) &&
-                     (!backendMlmUrl || backendMlmUrl.startsWith('https://'));
+                     (!backendMlmUrl || backendMlmUrl.startsWith('https://')) &&
+                     (!frontendCoreUrl || frontendCoreUrl.startsWith('https://')) &&
+                     (!backendCoreUrl || backendCoreUrl.startsWith('https://'));
 
     if (allHttps) {
       console.log(chalk.yellow('⚠  Domains are already configured with HTTPS:\n'));
       console.log(chalk.gray(`   Frontend: ${frontendUrl}`));
+      if (frontendCoreUrl) console.log(chalk.gray(`   Frontend Core: ${frontendCoreUrl}`));
       if (gateAppUrl) console.log(chalk.gray(`   Gate App: ${gateAppUrl}`));
       if (guardianAppUrl) console.log(chalk.gray(`   Guardian: ${guardianAppUrl}`));
       if (facialWebUrl) console.log(chalk.gray(`   Facial Web: ${facialWebUrl}`));
       if (posAppUrl) console.log(chalk.gray(`   POS App: ${posAppUrl}`));
       if (mlmAppUrl) console.log(chalk.gray(`   MLM App: ${mlmAppUrl}`));
       if (backendMlmUrl) console.log(chalk.gray(`   Backend MLM: ${backendMlmUrl}`));
+      if (backendCoreUrl) console.log(chalk.gray(`   Backend Core: ${backendCoreUrl}`));
       console.log(chalk.gray(`   API: ${apiUrl}\n`));
 
       // Check certificate status
@@ -189,6 +197,22 @@ export async function sslEnable(options) {
         }
       }
 
+      if (frontendCoreUrl) {
+        const frontendCoreDomain = extractDomain(frontendCoreUrl);
+        const frontendCoreStatus = await checkSSLStatus(frontendCoreDomain);
+        if (frontendCoreStatus.installed) {
+          console.log(chalk.green(`✓ Frontend Core SSL: Valid (expires in ${frontendCoreStatus.daysUntilExpiry} days)`));
+        }
+      }
+
+      if (backendCoreUrl) {
+        const backendCoreDomain = extractDomain(backendCoreUrl);
+        const backendCoreStatus = await checkSSLStatus(backendCoreDomain);
+        if (backendCoreStatus.installed) {
+          console.log(chalk.green(`✓ Backend Core SSL: Valid (expires in ${backendCoreStatus.daysUntilExpiry} days)`));
+        }
+      }
+
       if (apiStatus.installed) {
         console.log(chalk.green(`✓ API SSL: Valid (expires in ${apiStatus.daysUntilExpiry} days)`));
       }
@@ -218,12 +242,14 @@ export async function sslEnable(options) {
     // Show current configuration
     console.log(chalk.cyan('Current Configuration:'));
     console.log(chalk.gray(`   Frontend: ${frontendUrl}`));
+    if (frontendCoreUrl) console.log(chalk.gray(`   Frontend Core: ${frontendCoreUrl}`));
     if (gateAppUrl) console.log(chalk.gray(`   Gate App: ${gateAppUrl}`));
     if (guardianAppUrl) console.log(chalk.gray(`   Guardian: ${guardianAppUrl}`));
     if (facialWebUrl) console.log(chalk.gray(`   Facial Web: ${facialWebUrl}`));
     if (posAppUrl) console.log(chalk.gray(`   POS App: ${posAppUrl}`));
     if (mlmAppUrl) console.log(chalk.gray(`   MLM App: ${mlmAppUrl}`));
     if (backendMlmUrl) console.log(chalk.gray(`   Backend MLM: ${backendMlmUrl}`));
+    if (backendCoreUrl) console.log(chalk.gray(`   Backend Core: ${backendCoreUrl}`));
     console.log(chalk.gray(`   API: ${apiUrl}\n`));
 
     // Detect domains to configure
@@ -310,6 +336,30 @@ export async function sslEnable(options) {
       }
     }
 
+    if (frontendCoreUrl) {
+      const frontendCoreDomain = extractDomain(frontendCoreUrl);
+      if (frontendCoreDomain !== 'localhost' && !frontendCoreDomain.match(/^\d+\.\d+\.\d+\.\d+$/) && !domains.find(d => d.domain === frontendCoreDomain)) {
+        domains.push({
+          name: 'Frontend Core',
+          domain: frontendCoreDomain,
+          port: frontendCoreUrl.match(/:(\d+)/) ? frontendCoreUrl.match(/:(\d+)/)[1] : 8085,
+          url: frontendCoreUrl
+        });
+      }
+    }
+
+    if (backendCoreUrl) {
+      const backendCoreDomain = extractDomain(backendCoreUrl);
+      if (backendCoreDomain !== 'localhost' && !backendCoreDomain.match(/^\d+\.\d+\.\d+\.\d+$/) && !domains.find(d => d.domain === backendCoreDomain)) {
+        domains.push({
+          name: 'Backend Core',
+          domain: backendCoreDomain,
+          port: backendCoreUrl.match(/:(\d+)/) ? backendCoreUrl.match(/:(\d+)/)[1] : 4002,
+          url: backendCoreUrl
+        });
+      }
+    }
+
     if (apiDomain !== 'localhost' && !apiDomain.match(/^\d+\.\d+\.\d+\.\d+$/) && apiDomain !== frontendDomain) {
       domains.push({
         name: 'API',
@@ -473,6 +523,16 @@ export async function sslEnable(options) {
         sslConfig.backendMlmPort = backendMlmUrl.match(/:(\d+)/) ? parseInt(backendMlmUrl.match(/:(\d+)/)[1]) : 4001;
       }
 
+      if (frontendCoreUrl) {
+        sslConfig.frontendCoreDomain = frontendCoreUrl;
+        sslConfig.frontendCorePort = frontendCoreUrl.match(/:(\d+)/) ? parseInt(frontendCoreUrl.match(/:(\d+)/)[1]) : 8085;
+      }
+
+      if (backendCoreUrl) {
+        sslConfig.backendCoreDomain = backendCoreUrl;
+        sslConfig.backendCorePort = backendCoreUrl.match(/:(\d+)/) ? parseInt(backendCoreUrl.match(/:(\d+)/)[1]) : 4002;
+      }
+
       await updateNginxForSSL(sslConfig);
     } catch (error) {
       console.log(chalk.red('\n✗ Failed to configure NGINX:'), error.message);
@@ -559,7 +619,7 @@ export async function sslStatus() {
     const composeFile = join(installDir, 'docker-compose.yml');
 
     // Detect which apps are installed
-    const { hasGateApp, hasGuardianApp, hasFacialWeb, hasPosApp, hasMlmApp, hasBackendMlm } = detectInstalledApps(composeFile);
+    const { hasGateApp, hasGuardianApp, hasFacialWeb, hasPosApp, hasMlmApp, hasBackendMlm, hasFrontendCore, hasBackendCore } = detectInstalledApps(composeFile);
 
     const frontendUrl = getEnvValue(envPath, 'FRONTEND_URL');
     const apiUrl = getEnvValue(envPath, 'API_URL');
@@ -569,6 +629,8 @@ export async function sslStatus() {
     const posAppUrl = hasPosApp ? getEnvValue(envPath, 'POS_APP_URL') : '';
     const mlmAppUrl = hasMlmApp ? getEnvValue(envPath, 'MLM_APP_URL') : '';
     const backendMlmUrl = hasBackendMlm ? getEnvValue(envPath, 'MLM_API_URL') : '';
+    const frontendCoreUrl = hasFrontendCore ? getEnvValue(envPath, 'FRONTEND_CORE_URL') : '';
+    const backendCoreUrl = hasBackendCore ? getEnvValue(envPath, 'BACKEND_CORE_URL') : '';
 
     if (!frontendUrl || !apiUrl) {
       console.log(chalk.red('✗ Domain configuration not found\n'));
@@ -612,6 +674,16 @@ export async function sslStatus() {
       domains.push({ name: 'Backend MLM', domain: backendMlmDomain, url: backendMlmUrl });
     }
 
+    if (frontendCoreUrl) {
+      const frontendCoreDomain = extractDomain(frontendCoreUrl);
+      domains.push({ name: 'Frontend Core', domain: frontendCoreDomain, url: frontendCoreUrl });
+    }
+
+    if (backendCoreUrl) {
+      const backendCoreDomain = extractDomain(backendCoreUrl);
+      domains.push({ name: 'Backend Core', domain: backendCoreDomain, url: backendCoreUrl });
+    }
+
     domains.push({ name: 'API', domain: apiDomain, url: apiUrl });
 
     for (const { name, domain, url } of domains) {

package/src/commands/update.js

@@ -82,6 +82,8 @@ function updateDockerCompose(composeFile, envFile, newServices) {
     frontendPort: parseInt(envConfig.FRONTEND_PORT) || 8080,
     backendPort: parseInt(envConfig.BACKEND_PORT) || 3001,
     backendMlmPort: parseInt(envConfig.BACKEND_MLM_PORT) || 4001,
+    backendCorePort: parseInt(envConfig.BACKEND_CORE_PORT) || 4002,
+    frontendCorePort: parseInt(envConfig.FRONTEND_CORE_PORT) || 8085,
     gateAppPort: parseInt(envConfig.GATE_APP_PORT) || 8081,
     guardianAppPort: parseInt(envConfig.GUARDIAN_APP_PORT) || 8082,
     facialWebPort: parseInt(envConfig.FACIAL_WEB_PORT) || 8083,
@@ -347,6 +349,8 @@ function refreshDockerCompose(composeFile, envFile) {
     frontendPort: parseInt(envConfig.FRONTEND_PORT) || 8080,
     backendPort: parseInt(envConfig.BACKEND_PORT) || 3001,
     backendMlmPort: parseInt(envConfig.BACKEND_MLM_PORT) || 4001,
+    backendCorePort: parseInt(envConfig.BACKEND_CORE_PORT) || 4002,
+    frontendCorePort: parseInt(envConfig.FRONTEND_CORE_PORT) || 8085,
     gateAppPort: parseInt(envConfig.GATE_APP_PORT) || 8081,
     guardianAppPort: parseInt(envConfig.GUARDIAN_APP_PORT) || 8082,
     facialWebPort: parseInt(envConfig.FACIAL_WEB_PORT) || 8083,
@@ -396,6 +400,8 @@ function getRequiredPorts(composeFile, envFile) {
   // Core services - always needed
   ports.push(parseInt(envConfig.BACKEND_PORT) || 3001);  // Backend
   ports.push(parseInt(envConfig.FRONTEND_PORT) || 8080); // Frontend
+  ports.push(parseInt(envConfig.BACKEND_CORE_PORT) || 4002); // Backend Core (always included)
+  ports.push(parseInt(envConfig.FRONTEND_CORE_PORT) || 8085); // Frontend Core (always included)
 
   // Optional services - only add if installed
   if (installed.hasGateApp) {

package/src/templates/docker-compose.yml.js

@@ -8,6 +8,8 @@ export function generateDockerCompose(options = {}) {
     frontendPort = 8080,
     backendPort = 3001,
     backendMlmPort = 4001,
+    backendCorePort = 4002,
+    frontendCorePort = 8085,
     gateAppPort = 8081,
     guardianAppPort = 8082,
     facialWebPort = 8083,
@@ -193,6 +195,68 @@ services:
       options:
         max-size: "10m"
         max-file: "3"
+
+  # ANTE Backend Core - Express.js API for Frontend Core
+  backend-core:
+    image: ghcr.io/gtplusnet/ante-self-hosted-backend-core:latest
+    container_name: ante-backend-core
+    restart: unless-stopped
+    depends_on:
+      backend:
+        condition: service_healthy
+    environment:
+      NODE_ENV: production
+      BACKEND_CORE_PORT: 4002
+      DATABASE_URL: postgresql://ante:\${DB_PASSWORD}@postgres:5432/ante_db?schema=public&connection_limit=10
+      DIRECT_URL: postgresql://ante:\${DB_PASSWORD}@postgres:5432/ante_db?schema=public
+      REDIS_HOST: redis
+      REDIS_PORT: 6379
+      REDIS_PASSWORD: \${REDIS_PASSWORD}
+      JWT_SECRET: \${JWT_SECRET}
+      TZ: \${TZ:-Asia/Manila}
+    ports:
+      - "${backendCorePort}:4002"
+    networks:
+      - ante-network
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:4002/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+  # ANTE Frontend Core - React Application
+  frontend-core:
+    image: ghcr.io/gtplusnet/ante-self-hosted-frontend-core:latest
+    container_name: ante-frontend-core
+    restart: unless-stopped
+    depends_on:
+      backend-core:
+        condition: service_healthy
+    environment:
+      - VITE_API_URL=\${CORE_API_URL:-http://localhost:${backendCorePort}}
+      - VITE_APP_NAME=ANTE Frontend Core
+      - VITE_APP_VERSION=\${VERSION:-1.0.0}
+    ports:
+      - "${frontendCorePort}:8085"
+    networks:
+      - ante-network
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8085/"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
 ${installGate ? `
   # ANTE Gate App
   gate-app:

package/src/templates/env.js

@@ -12,6 +12,8 @@ export function generateEnv(credentials, options = {}) {
     frontendPort = 8080,
     backendPort = 3001,
     backendMlmPort = 4001,
+    backendCorePort = 4002,
+    frontendCorePort = 8085,
     gateAppPort = 8081,
     guardianAppPort = 8082,
     facialWebPort = 8083,
@@ -23,6 +25,8 @@ export function generateEnv(credentials, options = {}) {
     posAppUrl = 'http://localhost:8084',
     mlmAppUrl = 'http://localhost:9005',
     mlmApiUrl = 'http://localhost:4001',
+    frontendCoreUrl = 'http://localhost:8085',
+    backendCoreUrl = 'http://localhost:4002',
     companyId = 1,
     installGate = false,
     installGuardian = false,
@@ -74,6 +78,8 @@ SOCKET_URL=${socketUrl}
 # ------------------------------------------------------------------------------
 FRONTEND_PORT=${frontendPort}
 BACKEND_PORT=${backendPort}
+BACKEND_CORE_PORT=${backendCorePort}
+FRONTEND_CORE_PORT=${frontendCorePort}
 ${installMlm ? `BACKEND_MLM_PORT=${backendMlmPort}` : '# BACKEND_MLM_PORT=4001'}
 ${installGate ? `GATE_APP_PORT=${gateAppPort}` : '# GATE_APP_PORT=8081'}
 ${installGuardian ? `GUARDIAN_APP_PORT=${guardianAppPort}` : '# GUARDIAN_APP_PORT=8082'}
@@ -82,6 +88,13 @@ ${installPos ? `POS_APP_PORT=${posAppPort}` : '# POS_APP_PORT=8084'}
 ${installMlm ? `MLM_APP_PORT=${mlmAppPort}` : '# MLM_APP_PORT=9005'}
 # Note: WebSocket runs on the same port as backend (BACKEND_PORT)
 
+# ------------------------------------------------------------------------------
+# CORE SERVICES CONFIGURATION (Always Included)
+# ------------------------------------------------------------------------------
+FRONTEND_CORE_URL=${frontendCoreUrl}
+BACKEND_CORE_URL=${backendCoreUrl}
+CORE_API_URL=${backendCoreUrl}
+
 ${(installGate || installGuardian || installFacial || installPos || installMlm) ? `# ------------------------------------------------------------------------------
 # FRONTEND APP CONFIGURATION
 # ------------------------------------------------------------------------------

package/src/utils/nginx.js

@@ -54,6 +54,8 @@ export async function installNginx(spinner) {
  * @param {string} [config.posAppDomain] - POS app domain (optional)
  * @param {string} [config.mlmAppDomain] - MLM app domain (optional)
  * @param {string} [config.backendMlmDomain] - Backend MLM API domain (optional)
+ * @param {string} [config.frontendCoreDomain] - Frontend Core app domain (optional)
+ * @param {string} [config.backendCoreDomain] - Backend Core API domain (optional)
  * @param {number} config.frontendPort - Frontend Docker port (default: 8080)
  * @param {number} config.apiPort - API Docker port (default: 3001)
  * @param {number} [config.gateAppPort] - Gate app Docker port (default: 8081)
@@ -62,6 +64,8 @@ export async function installNginx(spinner) {
  * @param {number} [config.posAppPort] - POS app Docker port (default: 8084)
  * @param {number} [config.mlmAppPort] - MLM app Docker port (default: 9005)
  * @param {number} [config.backendMlmPort] - Backend MLM API Docker port (default: 4001)
+ * @param {number} [config.frontendCorePort] - Frontend Core Docker port (default: 8085)
+ * @param {number} [config.backendCorePort] - Backend Core API Docker port (default: 4002)
  * @param {boolean} config.ssl - Enable SSL configuration with Let's Encrypt (default: false)
  * @param {boolean} config.cloudflareSsl - Enable Cloudflare SSL mode with self-signed certs (default: false)
  * @returns {string} NGINX configuration content
@@ -76,6 +80,8 @@ export function generateNginxConfig(config) {
     posAppDomain,
     mlmAppDomain,
     backendMlmDomain,
+    frontendCoreDomain,
+    backendCoreDomain,
     frontendPort = 8080,
     apiPort = 3001,
     gateAppPort = 8081,
@@ -84,6 +90,8 @@ export function generateNginxConfig(config) {
     posAppPort = 8084,
     mlmAppPort = 9005,
     backendMlmPort = 4001,
+    frontendCorePort = 8085,
+    backendCorePort = 4002,
     ssl = false,
     cloudflareSsl = false,
     domainsWithCerts = []
@@ -98,6 +106,8 @@ export function generateNginxConfig(config) {
   const posAppHost = posAppDomain ? posAppDomain.replace(/^https?:\/\//, '').replace(/:\d+$/, '') : null;
   const mlmAppHost = mlmAppDomain ? mlmAppDomain.replace(/^https?:\/\//, '').replace(/:\d+$/, '') : null;
   const backendMlmHost = backendMlmDomain ? backendMlmDomain.replace(/^https?:\/\//, '').replace(/:\d+$/, '') : null;
+  const frontendCoreHost = frontendCoreDomain ? frontendCoreDomain.replace(/^https?:\/\//, '').replace(/:\d+$/, '') : null;
+  const backendCoreHost = backendCoreDomain ? backendCoreDomain.replace(/^https?:\/\//, '').replace(/:\d+$/, '') : null;
 
   // Cloudflare SSL mode - uses self-signed certs for Cloudflare "Full" mode
   if (cloudflareSsl) {
@@ -110,6 +120,8 @@ export function generateNginxConfig(config) {
       posAppHost,
       mlmAppHost,
       backendMlmHost,
+      frontendCoreHost,
+      backendCoreHost,
       frontendPort,
       apiPort,
       gateAppPort,
@@ -117,7 +129,9 @@ export function generateNginxConfig(config) {
       facialWebPort,
       posAppPort,
       mlmAppPort,
-      backendMlmPort
+      backendMlmPort,
+      frontendCorePort,
+      backendCorePort
     });
   }
 
@@ -132,6 +146,8 @@ export function generateNginxConfig(config) {
       posAppHost,
       mlmAppHost,
       backendMlmHost,
+      frontendCoreHost,
+      backendCoreHost,
       frontendPort,
       apiPort,
       gateAppPort,
@@ -140,6 +156,8 @@ export function generateNginxConfig(config) {
       posAppPort,
       mlmAppPort,
       backendMlmPort,
+      frontendCorePort,
+      backendCorePort,
       domainsWithCerts
     });
   }
@@ -395,6 +413,82 @@ server {
         proxy_read_timeout 60s;
     }
 }
+` : ''}${frontendCoreHost ? `
+# ANTE Frontend Core Configuration
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ${frontendCoreHost};
+
+    # Increase buffer sizes for large headers
+    client_header_buffer_size 16k;
+    large_client_header_buffers 4 16k;
+
+    # Increase body size for file uploads
+    client_max_body_size 100M;
+
+    # Disable caching for config.js to ensure runtime config is always fresh
+    location = /config.js {
+        proxy_pass http://localhost:${frontendCorePort}/config.js;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" always;
+        add_header Pragma "no-cache" always;
+        add_header Expires "0" always;
+    }
+
+    location / {
+        proxy_pass http://localhost:${frontendCorePort};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+
+        # Timeout settings
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+}
+` : ''}${backendCoreHost ? `
+# ANTE Backend Core API Configuration
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ${backendCoreHost};
+
+    # Increase buffer sizes for large headers
+    client_header_buffer_size 16k;
+    large_client_header_buffers 4 16k;
+
+    # Increase body size for file uploads
+    client_max_body_size 100M;
+
+    location / {
+        proxy_pass http://localhost:${backendCorePort};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+
+        # Timeout settings
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+
+        # WebSocket support
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+    }
+}
 ` : ''}`;
 }
 
@@ -415,6 +509,8 @@ function generateCloudflareNginxConfig(config) {
     posAppHost,
     mlmAppHost,
     backendMlmHost,
+    frontendCoreHost,
+    backendCoreHost,
     frontendPort,
     apiPort,
     gateAppPort = 8081,
@@ -422,7 +518,9 @@ function generateCloudflareNginxConfig(config) {
     facialWebPort = 8083,
     posAppPort = 8084,
     mlmAppPort = 9005,
-    backendMlmPort = 4001
+    backendMlmPort = 4001,
+    frontendCorePort = 8085,
+    backendCorePort = 4002
   } = config;
 
   // SSL certificate paths for Cloudflare self-signed certs
@@ -728,6 +826,94 @@ server {
         proxy_read_timeout 60s;
     }
 }
+` : ''}${frontendCoreHost ? `
+# ANTE Frontend Core Configuration (Cloudflare SSL)
+server {
+    listen 80;
+    listen 443 ssl;
+    listen [::]:80;
+    listen [::]:443 ssl;
+    server_name ${frontendCoreHost};
+
+    # SSL Certificate (self-signed for Cloudflare Full mode)
+    ssl_certificate ${sslCert};
+    ssl_certificate_key ${sslKey};
+
+    # Increase buffer sizes for large headers
+    client_header_buffer_size 16k;
+    large_client_header_buffers 4 16k;
+
+    # Increase body size for file uploads
+    client_max_body_size 100M;
+
+    # Disable caching for config.js to ensure runtime config is always fresh
+    location = /config.js {
+        proxy_pass http://localhost:${frontendCorePort}/config.js;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" always;
+        add_header Pragma "no-cache" always;
+        add_header Expires "0" always;
+    }
+
+    location / {
+        proxy_pass http://localhost:${frontendCorePort};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+
+        # Timeout settings
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+}
+` : ''}${backendCoreHost ? `
+# ANTE Backend Core API Configuration (Cloudflare SSL)
+server {
+    listen 80;
+    listen 443 ssl;
+    listen [::]:80;
+    listen [::]:443 ssl;
+    server_name ${backendCoreHost};
+
+    # SSL Certificate (self-signed for Cloudflare Full mode)
+    ssl_certificate ${sslCert};
+    ssl_certificate_key ${sslKey};
+
+    # Increase buffer sizes for large headers
+    client_header_buffer_size 16k;
+    large_client_header_buffers 4 16k;
+
+    # Increase body size for file uploads
+    client_max_body_size 100M;
+
+    location / {
+        proxy_pass http://localhost:${backendCorePort};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+
+        # Timeout settings
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+
+        # WebSocket support
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+    }
+}
 ` : ''}`;
 }
 
@@ -776,6 +962,8 @@ export async function generateCloudflareCert() {
  * @param {string} [config.posAppHost] - POS app hostname (optional)
  * @param {string} [config.mlmAppHost] - MLM app hostname (optional)
  * @param {string} [config.backendMlmHost] - Backend MLM API hostname (optional)
+ * @param {string} [config.frontendCoreHost] - Frontend Core hostname (optional)
+ * @param {string} [config.backendCoreHost] - Backend Core API hostname (optional)
  * @param {number} config.frontendPort - Frontend port
  * @param {number} config.apiPort - API port
  * @param {number} [config.gateAppPort] - Gate app port (default: 8081)
@@ -784,6 +972,8 @@ export async function generateCloudflareCert() {
  * @param {number} [config.posAppPort] - POS app port (default: 8084)
  * @param {number} [config.mlmAppPort] - MLM app port (default: 9005)
  * @param {number} [config.backendMlmPort] - Backend MLM API port (default: 4001)
+ * @param {number} [config.frontendCorePort] - Frontend Core port (default: 8085)
+ * @param {number} [config.backendCorePort] - Backend Core API port (default: 4002)
  * @param {string[]} [config.domainsWithCerts] - List of domains that have valid SSL certificates
  * @returns {string} NGINX configuration with SSL
  */
@@ -797,6 +987,8 @@ function generateSslNginxConfig(config) {
     posAppHost,
     mlmAppHost,
     backendMlmHost,
+    frontendCoreHost,
+    backendCoreHost,
     frontendPort,
     apiPort,
     gateAppPort = 8081,
@@ -805,6 +997,8 @@ function generateSslNginxConfig(config) {
     posAppPort = 8084,
     mlmAppPort = 9005,
     backendMlmPort = 4001,
+    frontendCorePort = 8085,
+    backendCorePort = 4002,
     domainsWithCerts = []
   } = config;
 
@@ -1170,6 +1364,125 @@ server {
     config_output += generateServerBlock(backendMlmHost, backendMlmPort, 'ANTE Backend MLM API');
   }
 
+  if (frontendCoreHost) {
+    // Frontend Core has special config.js caching rules
+    if (hasCert(frontendCoreHost)) {
+      config_output += `
+# ANTE Frontend Core Configuration (HTTPS)
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+    server_name ${frontendCoreHost};
+
+    # SSL Certificate paths
+    ssl_certificate /etc/letsencrypt/live/${frontendCoreHost}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/${frontendCoreHost}/privkey.pem;
+
+    # SSL Configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    # Security headers
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options SAMEORIGIN always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    # Increase buffer sizes for large headers
+    client_header_buffer_size 16k;
+    large_client_header_buffers 4 16k;
+
+    # Increase body size for file uploads
+    client_max_body_size 100M;
+
+    # Disable caching for config.js to ensure runtime config is always fresh
+    location = /config.js {
+        proxy_pass http://localhost:${frontendCorePort}/config.js;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" always;
+        add_header Pragma "no-cache" always;
+        add_header Expires "0" always;
+    }
+
+    location / {
+        proxy_pass http://localhost:${frontendCorePort};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+
+        # Timeout settings
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+}
+
+# HTTP to HTTPS redirect for ${frontendCoreHost}
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ${frontendCoreHost};
+    return 301 https://$server_name$request_uri;
+}`;
+    } else {
+      config_output += `
+# ANTE Frontend Core Configuration (HTTP only - SSL cert not available)
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ${frontendCoreHost};
+
+    # Increase buffer sizes for large headers
+    client_header_buffer_size 16k;
+    large_client_header_buffers 4 16k;
+
+    # Increase body size for file uploads
+    client_max_body_size 100M;
+
+    # Disable caching for config.js to ensure runtime config is always fresh
+    location = /config.js {
+        proxy_pass http://localhost:${frontendCorePort}/config.js;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" always;
+        add_header Pragma "no-cache" always;
+        add_header Expires "0" always;
+    }
+
+    location / {
+        proxy_pass http://localhost:${frontendCorePort};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+
+        # Timeout settings
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+}`;
+    }
+  }
+
+  if (backendCoreHost) {
+    config_output += generateServerBlock(backendCoreHost, backendCorePort, 'ANTE Backend Core API');
+  }
+
   return config_output.trim();
 }
 
@@ -1283,6 +1596,12 @@ export async function configureNginx(config) {
     if (config.mlmAppDomain) {
       console.log(chalk.gray(`   Client App: ${config.mlmAppDomain} → localhost:${config.mlmAppPort || 9005}`));
     }
+    if (config.frontendCoreDomain) {
+      console.log(chalk.gray(`   Frontend Core: ${config.frontendCoreDomain} → localhost:${config.frontendCorePort || 8085}`));
+    }
+    if (config.backendCoreDomain) {
+      console.log(chalk.gray(`   Backend Core API: ${config.backendCoreDomain} → localhost:${config.backendCorePort || 4002}`));
+    }
     console.log(chalk.gray(`   API: ${config.apiDomain} → localhost:${config.apiPort || 3001}`));
 
   } catch (error) {

package/src/utils/ssl.js

@@ -141,6 +141,8 @@ export async function obtainSSLCertificate(config) {
  * @param {string} [config.posAppDomain] - POS App domain URL (optional)
  * @param {string} [config.mlmAppDomain] - MLM App domain URL (optional)
  * @param {string} [config.backendMlmDomain] - Backend MLM API domain URL (optional)
+ * @param {string} [config.frontendCoreDomain] - Frontend Core domain URL (optional)
+ * @param {string} [config.backendCoreDomain] - Backend Core API domain URL (optional)
  * @param {number} [config.frontendPort=8080] - Frontend port
  * @param {number} [config.apiPort=3001] - API port
  * @param {number} [config.gateAppPort=8081] - Gate App port
@@ -149,6 +151,8 @@ export async function obtainSSLCertificate(config) {
  * @param {number} [config.posAppPort=8084] - POS App port
  * @param {number} [config.mlmAppPort=9005] - MLM App port
  * @param {number} [config.backendMlmPort=4001] - Backend MLM API port
+ * @param {number} [config.frontendCorePort=8085] - Frontend Core port
+ * @param {number} [config.backendCorePort=4002] - Backend Core API port
  * @param {string[]} [config.domainsWithCerts=[]] - List of domains that have valid SSL certificates
  * @returns {Promise<void>}
  */
@@ -162,6 +166,8 @@ export async function updateNginxForSSL(config) {
     posAppDomain,
     mlmAppDomain,
     backendMlmDomain,
+    frontendCoreDomain,
+    backendCoreDomain,
     frontendPort = 8080,
     apiPort = 3001,
     gateAppPort = 8081,
@@ -170,6 +176,8 @@ export async function updateNginxForSSL(config) {
     posAppPort = 8084,
     mlmAppPort = 9005,
     backendMlmPort = 4001,
+    frontendCorePort = 8085,
+    backendCorePort = 4002,
     domainsWithCerts = []
   } = config;
   const spinner = ora('Updating NGINX configuration for HTTPS...').start();
@@ -199,6 +207,8 @@ export async function updateNginxForSSL(config) {
       posAppDomain,
       mlmAppDomain,
       backendMlmDomain,
+      frontendCoreDomain,
+      backendCoreDomain,
       frontendPort,
       apiPort,
       gateAppPort,
@@ -207,6 +217,8 @@ export async function updateNginxForSSL(config) {
       posAppPort,
       mlmAppPort,
       backendMlmPort,
+      frontendCorePort,
+      backendCorePort,
       ssl: true,
       domainsWithCerts
     });

package/src/utils/validation.js

@@ -228,7 +228,8 @@ export async function checkPort(port) {
  * @returns {number[]} Array of ports to check
  */
 function detectPortsFromEnv(installDir = './ante-erp') {
-  const defaultPorts = [8080, 3001, 4001];
+  // Default ports now include core services (always included)
+  const defaultPorts = [8080, 3001, 4001, 4002, 8085];
 
   try {
     const envPath = join(installDir, '.env');
@@ -258,6 +259,24 @@ function detectPortsFromEnv(installDir = './ante-erp') {
       }
     }
 
+    // Check for BACKEND_CORE_PORT (in case it's customized)
+    const backendCorePortMatch = envContent.match(/^BACKEND_CORE_PORT=(\d+)/m);
+    if (backendCorePortMatch) {
+      const backendCorePort = parseInt(backendCorePortMatch[1]);
+      if (!ports.includes(backendCorePort)) {
+        ports.push(backendCorePort);
+      }
+    }
+
+    // Check for FRONTEND_CORE_PORT (in case it's customized)
+    const frontendCorePortMatch = envContent.match(/^FRONTEND_CORE_PORT=(\d+)/m);
+    if (frontendCorePortMatch) {
+      const frontendCorePort = parseInt(frontendCorePortMatch[1]);
+      if (!ports.includes(frontendCorePort)) {
+        ports.push(frontendCorePort);
+      }
+    }
+
     return ports;
   } catch (error) {
     return defaultPorts;