What It Does

The Portfolio API handles natural-language questions about the site owner’s background, skills, and projects. Rather than returning static FAQ responses, it routes queries through the Anthropic Messages API with the portfolio’s verified context injected as a system prompt — so answers stay accurate and grounded rather than hallucinated.

Architecture

• Express router — single /ask endpoint accepts POST requests with a question field; validates input and enforces per-IP rate limits before forwarding to the AI layer
• Anthropic SDK — streams the model response back to the client using server-sent events, so the UI can render tokens progressively without waiting for the full reply
• Context grounding — portfolio background data (experience, skills, projects, certs) is embedded in the system prompt at request time; the model is instructed to answer only from that context and decline out-of-scope questions
• systemd unit (portfolio-api.service) — persistent service with Restart=on-failure so the process recovers automatically; secrets (API key) loaded from an EnvironmentFile outside the repo
• nginx proxy — requests to /api/ are proxied to the Node.js process on localhost; the static Astro site and the API share the same nginx vhost and TLS certificate

Security

Rate limiting is enforced at the Express layer (not just nginx) so abuse is blocked before it reaches the Anthropic API and incurs cost. The API key is never in source control — loaded at runtime via the systemd EnvironmentFile directive pointing to a root-owned file on the VPS.