diff --git a/.replit b/.replit
new file mode 100644
index 0000000..b4962bb
--- /dev/null
+++ b/.replit
@@ -0,0 +1,38 @@
+modules = ["web", "nodejs-20"]
+[agent]
+expertMode = true
+
+[nix]
+channel = "stable-25_05"
+
+[workflows]
+runButton = "Project"
+
+[[workflows.workflow]]
+name = "Project"
+mode = "parallel"
+author = "agent"
+
+[[workflows.workflow.tasks]]
+task = "workflow.run"
+args = "Start application"
+
+[[workflows.workflow]]
+name = "Start application"
+author = "agent"
+
+[[workflows.workflow.tasks]]
+task = "shell.exec"
+args = "cd backend && npm start"
+waitForPort = 5000
+
+[workflows.workflow.metadata]
+outputType = "webview"
+
+[[ports]]
+localPort = 5000
+externalPort = 80
+
+[deployment]
+deploymentTarget = "autoscale"
+run = ["bash", "-c", "cd backend && npm start"]
diff --git a/backend/server.js b/backend/server.js
index f3303fe..d607982 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -1,16 +1,65 @@
 const express = require('express');
 const cors = require('cors');
+const path = require('path');
+const crypto = require('crypto');
 require('dotenv').config();
 
 const app = express();
+app.set('trust proxy', true);
 
 // Middleware
 app.use(cors());
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));
 
+app.post('/.wf_graphql/csrf', (req, res) => {
+  const token = crypto.randomBytes(16).toString('hex');
+  res.cookie('wf-csrf', token, {
+    httpOnly: false,
+    sameSite: 'lax',
+    secure: req.secure,
+  });
+  res.status(204).send();
+});
+
+app.post(['/.wf_graphql/apollo', '/.wf_graphql/usys/apollo'], (req, res) => {
+  res.json({
+    data: {
+      database: {
+        id: 'local',
+        commerceOrder: {
+          comment: null,
+          extraItems: [],
+          id: 'local-cart',
+          startedOn: null,
+          statusFlags: {
+            hasDownloads: false,
+            hasSubscription: false,
+            isFreeOrder: false,
+            requiresShipping: false,
+          },
+          subtotal: { decimalValue: '0', string: '$0.00', unit: 'USD', value: 0 },
+          total: { decimalValue: '0', string: '$0.00', unit: 'USD', value: 0 },
+          updatedOn: null,
+          userItems: [],
+          userItemsCount: 0,
+        },
+      },
+      site: {
+        commerce: {
+          id: 'local-commerce',
+          businessAddress: { country: 'US' },
+          defaultCountry: 'US',
+          defaultCurrency: 'USD',
+          quickCheckoutEnabled: false,
+        },
+      },
+    },
+  });
+});
+
 // Serve static files from the root directory
-app.use(express.static('../'));
+app.use(express.static(path.join(__dirname, '..')));
 
 // Basic route
 app.get('/', (req, res) => {
@@ -42,6 +91,7 @@ app.use((req, res) => {
 
 // Start server
 const PORT = process.env.PORT || 5000;
-app.listen(PORT, () => {
-  console.log(`Server running on port ${PORT}`);
+const HOST = process.env.HOST || '0.0.0.0';
+app.listen(PORT, HOST, () => {
+  console.log(`Server running on http://${HOST}:${PORT}`);
 });
diff --git a/company.html b/company.html
index 5e690d3..fe3b136 100644
--- a/company.html
+++ b/company.html
@@ -15,6 +15,8 @@
   <script type="text/javascript">
    !function(o,c){var n=c.documentElement,t=" w-mod-";n.className+=t+"js",("ontouchstart"in o||o.DocumentTouch&&c instanceof DocumentTouch)&&(n.className+=t+"touch")}(window,document);
   </script>
+  <script src="js/replit-webflow-compat.js" type="text/javascript">
+  </script>
   <link href="css/69c3c1ee9913e039b3e7d2bd_fav.png" rel="shortcut icon" type="image/x-icon"/>
   <link href="css/69c3c1ee9913e039b3e7d2c2_webclip.png" rel="apple-touch-icon"/>
   <style>
diff --git a/index.html b/index.html
index 39f477d..9f24ea2 100644
--- a/index.html
+++ b/index.html
@@ -20,6 +20,8 @@
   <script type="text/javascript">
    !function(o,c){var n=c.documentElement,t=" w-mod-";n.className+=t+"js",("ontouchstart"in o||o.DocumentTouch&&c instanceof DocumentTouch)&&(n.className+=t+"touch")}(window,document);
   </script>
+  <script src="js/replit-webflow-compat.js" type="text/javascript">
+  </script>
   <link href="css/69c3c1ee9913e039b3e7d2bd_fav.png" rel="shortcut icon" type="image/x-icon"/>
   <link href="css/69c3c1ee9913e039b3e7d2c2_webclip.png" rel="apple-touch-icon"/>
   <style>
diff --git a/js/replit-webflow-compat.js b/js/replit-webflow-compat.js
new file mode 100644
index 0000000..7949b97
--- /dev/null
+++ b/js/replit-webflow-compat.js
@@ -0,0 +1,13 @@
+(() => {
+  const ignoredMessages = [
+    'Did not receive CSRF token',
+    "Cannot read properties of undefined (reading 'f_sku_values_3dr')",
+  ];
+
+  window.addEventListener('unhandledrejection', event => {
+    const message = event.reason && (event.reason.message || String(event.reason));
+    if (ignoredMessages.some(text => message && message.includes(text))) {
+      event.preventDefault();
+    }
+  });
+})();
\ No newline at end of file
diff --git a/order.html b/order.html
index 6332908..0826178 100644
--- a/order.html
+++ b/order.html
@@ -15,6 +15,8 @@
   <script type="text/javascript">
    !function(o,c){var n=c.documentElement,t=" w-mod-";n.className+=t+"js",("ontouchstart"in o||o.DocumentTouch&&c instanceof DocumentTouch)&&(n.className+=t+"touch")}(window,document);
   </script>
+  <script src="js/replit-webflow-compat.js" type="text/javascript">
+  </script>
   <link href="css/69c3c1ee9913e039b3e7d2bd_fav.png" rel="shortcut icon" type="image/x-icon"/>
   <link href="css/69c3c1ee9913e039b3e7d2c2_webclip.png" rel="apple-touch-icon"/>
   <style>
diff --git a/replit.md b/replit.md
new file mode 100644
index 0000000..e70168e
--- /dev/null
+++ b/replit.md
@@ -0,0 +1,15 @@
+# Project Overview
+
+## Architecture
+- Static Webflow-exported frontend in the project root (`index.html`, `company.html`, `order.html`, `login.html`, `css/`, `js/`, `images/`).
+- Node.js/Express backend in `backend/` serves the root static site and `/api/*` endpoints.
+- Backend data is stored in JSON files under `backend/data/`; no external database is required for the current setup.
+
+## Replit Setup
+- Main workflow runs `cd backend && npm start` on port 5000.
+- Express listens on `0.0.0.0` and trusts the Replit proxy for preview compatibility.
+- Production deployment is configured to run the same backend server command.
+
+## Important Notes
+- Run backend commands from the `backend/` directory so static files resolve correctly.
+- The frontend API helper uses relative same-origin `/api` URLs when served over HTTP.
\ No newline at end of file