docs: update README and reference manual for PostgreSQL migration and systemd scripts

README.md

@@ -7,6 +7,7 @@ A self-hosted vulnerability management dashboard for the NTS-AEO-STEAM and NTS-A
 ### Prerequisites
 
 - Node.js 18+
+- Docker (for PostgreSQL 16 container)
 - Python 3 with `python3-pandas` and `python3-openpyxl` (for compliance xlsx parsing)
 
 ### Install
@@ -29,19 +30,22 @@ apt install -y python3-pandas python3-openpyxl
 
 ```bash
 cp backend/.env.example backend/.env
-# Edit backend/.env — at minimum set SESSION_SECRET:
+# Edit backend/.env — at minimum set SESSION_SECRET and DATABASE_URL:
 #   openssl rand -base64 32
 ```
 
-See `backend/.env.example` for all available options including Ivanti API, Jira, and Atlas integration keys.
+See `backend/.env.example` for all available options including `DATABASE_URL`, Ivanti API, Jira, and Atlas integration keys.
 
-### Initialize Database
+### Start PostgreSQL
+
+The deploy script handles the full Postgres setup — container, schema, dependencies, and data migration from SQLite:
 
 ```bash
-node backend/setup.js
+chmod +x scripts/deploy-postgres.sh
+./scripts/deploy-postgres.sh
 ```
 
-Creates the database with the complete schema and prints a one-time admin password. Save it.
+For fresh installs without an existing SQLite database, the script creates the schema and skips migration.
 
 ### Build and Run
 
@@ -55,7 +59,7 @@ cd frontend && npm run build && cd ..
 
 Dashboard: http://localhost:3000 · API: http://localhost:3001
 
-For persistent deployments, use the systemd services in `systemd/`. See the full manual for setup instructions.
+The helper scripts use `systemctl` under the hood — the systemd units in `systemd/` must be installed first. See the full manual for setup instructions.
 
 ## Features
 
@@ -80,11 +84,13 @@ For persistent deployments, use the systemd services in `systemd/`. See the full
 cve-dashboard/
 ├── backend/
 │   ├── server.js              # Express API server
-│   ├── setup.js               # Database initialization (run once)
+│   ├── db.js                  # PostgreSQL connection pool (pg)
+│   ├── db-schema.sql          # Complete DDL for fresh Postgres setup
+│   ├── setup-postgres.js      # Schema initializer (runs db-schema.sql)
 │   ├── routes/                # API route handlers
 │   ├── helpers/               # API clients (Ivanti, Jira, Atlas, CARD)
 │   ├── middleware/            # Auth middleware
-│   ├── migrations/            # Schema migrations (for existing deployments)
+│   ├── migrations/            # Schema migrations (legacy SQLite deployments)
 │   └── scripts/               # Compliance parser, data import utilities
 ├── frontend/
 │   ├── src/
@@ -99,6 +105,9 @@ cve-dashboard/
 │   ├── security/              # Security audits and remediation plans
 │   ├── testing/               # Test plans and scripts
 │   └── troubleshooting/       # Investigation scripts and reports
+├── docker-compose.yml         # PostgreSQL 16 container definition
+├── scripts/
+│   └── deploy-postgres.sh     # One-time deployment: container, schema, migration
 ├── systemd/                   # systemd service files
 ├── start-servers.sh
 └── stop-servers.sh
@@ -108,7 +117,8 @@ cve-dashboard/
 
 | Layer | Technology |
 |-------|------------|
-| Backend | Node.js 18+, Express 5, SQLite3 |
+| Backend | Node.js 18+, Express 5 |
+| Database | PostgreSQL 16 (Docker, port 5433) |
 | Frontend | React 19, Recharts, Lucide React |
 | Auth | bcryptjs, cookie-based sessions, express-rate-limit |
 | Compliance | Python 3, pandas, openpyxl |
@@ -116,6 +126,7 @@ cve-dashboard/
 ## Documentation
 
 - **[Full Reference Manual](docs/guides/full-reference-manual.md)** — comprehensive feature documentation, API reference, database schema, security model, and configuration details
+- **[Postgres Migration Plan](docs/guides/postgres-migration-plan.md)** — architecture decisions, schema design, and cutover procedure for the SQLite to PostgreSQL migration
 - **[Migration Guide](backend/migrations/README.md)** — schema migration scripts for upgrading existing deployments
 - **[Design System](docs/design/design-system.md)** — UI component patterns and color system
 - **[Ivanti API Reference](docs/api/ivanti-api-reference.md)** — Ivanti/RiskSense API integration details