Multi-tenant SaaS task management platform. Built for teams that need Kanban boards, real-time collaboration, and intelligent search -- with enterprise-grade tenant isolation.
- Multi-Tenant Architecture: Shared PostgreSQL database with Row-Level Security for tenant isolation. Enterprise customers can opt into dedicated database instances.
- Kanban Boards: Drag-and-drop task management with columns, labels, priorities, due dates, and subtasks.
- Real-Time Collaboration: Live task updates, presence indicators, and typing notifications via Socket.IO with Redis pub/sub for horizontal scaling.
- Intelligent Search: Hybrid vector + keyword search powered by pgvector. Semantic search finds tasks by meaning, not just exact keywords.
- Role-Based Access Control: Four-tier permission model (owner, admin, member, viewer) enforced server-side on every API endpoint.
- Billing & Subscriptions: Stripe integration with idempotent webhook processing, entitlement caching, and self-service subscription management.
- Audit Logging: Immutable audit trail for every create, update, and delete operation with before/after state capture.
- Notifications: Real-time in-app notifications for assignments, mentions, and due date reminders.
| Layer | Technology |
|---|---|
| Frontend | Next.js 14 (App Router), React 18, Tailwind CSS |
| API | NestJS, Prisma ORM, Zod validation |
| Database | PostgreSQL 16, pgvector, Row-Level Security |
| Cache & Pub/Sub | Redis 7 |
| Realtime | Socket.IO with Redis adapter |
| Background Jobs | BullMQ |
| Billing | Stripe (Checkout, Webhooks, Customer Portal) |
| AI/Search | OpenAI Embeddings (text-embedding-3-small), pgvector |
| Monorepo | Turborepo, pnpm workspaces |
| CI/CD | GitHub Actions |
| Infrastructure | Docker, Kubernetes, Terraform |
notch/
apps/
web/ Next.js frontend
api/ NestJS API server
worker/ BullMQ background job processor
realtime/ Socket.IO realtime server
packages/
db/ Prisma schema, migrations, RLS policies
auth/ Authentication logic and session management
rbac/ Permission definitions and enforcement
audit/ Audit log emitter library
billing/ Stripe integration
events/ Event bus, schemas, publishers
ai/ AI/LLM integration, permission-aware retrieval
contracts/ Shared TypeScript types and Zod schemas
ui/ Shared UI component library
infra/
rls-policies.sql Row-Level Security policies for all tenant tables
docker-compose.test.yml Test environment (Postgres + Redis)
docs/
adrs/ Architecture Decision Records
architecture.md System architecture documentation
api-spec.md REST API specification
database-schema.md Database schema documentation
.github/
workflows/ CI/CD pipeline definitions
- Node.js 20+
- pnpm 9+
- Docker and Docker Compose
git clone https://github.com/your-org/notch.git
cd notch
pnpm installdocker compose -f infra/docker-compose.test.yml up -dThis starts PostgreSQL 16 (with pgvector) and Redis 7.
cp .env.example .envUpdate .env with your local configuration:
DATABASE_URL=postgresql://notch_test:notch_test_password@localhost:5432/notch_test
REDIS_URL=redis://localhost:6379
SESSION_SECRET=your-256-bit-random-secret-here
STRIPE_SECRET_KEY=sk_test_xxx
STRIPE_WEBHOOK_SECRET=whsec_xxx
OPENAI_API_KEY=sk-xxx# Push Prisma schema to database
pnpm --filter @notch/api exec prisma db push
# Apply RLS policies
PGPASSWORD=notch_test_password psql -h localhost -U notch_test -d notch_test -f infra/rls-policies.sql
# Seed sample data
pnpm --filter @notch/api exec prisma db seedpnpm devThis starts all applications in development mode via Turborepo:
- Web: http://localhost:3000
- API: http://localhost:3001
- Realtime: http://localhost:3002
| Password | Workspace | Role | |
|---|---|---|---|
| [email protected] | Password123! | Acme Corp | owner |
| [email protected] | Password123! | Acme Corp | admin |
| [email protected] | Password123! | Startup Inc | owner |
| [email protected] | Password123! | Startup Inc | admin |
# Unit tests
pnpm test
# Integration tests (requires Docker services running)
pnpm test:integration
# E2E tests
pnpm --filter @notch/web exec playwright test
# All tests with coverage
pnpm test -- --coveragepnpm lint
pnpm check# Create a new migration
pnpm --filter @notch/api exec prisma migrate dev --name your_migration_name
# Reset database (drops all data)
pnpm --filter @notch/api exec prisma migrate reset
# Open Prisma Studio (database browser)
pnpm --filter @notch/api exec prisma studioAll major architectural decisions are documented as ADRs in docs/adrs/:
| ADR | Title |
|---|---|
| 001 | Multi-Tenant Isolation via PostgreSQL RLS |
| 002 | Cookie Sessions with CSRF Protection |
| 003 | Stripe Billing with Idempotent Webhooks |
| 004 | AI Search via pgvector with Permission-Aware Retrieval |
| 005 | Realtime via Socket.IO with Redis Pub/Sub |
- Create a feature branch from
main:git checkout -b feat/your-feature - Make changes following the project conventions
- Ensure all tests pass:
pnpm test && pnpm lint && pnpm check - Verify tenant isolation if touching any database-related code
- Add audit log assertions for any new mutation endpoints
- Submit a pull request using the PR template
- Obtain at least one approval from the relevant code owner
All of the following must pass before a PR can be merged:
- CI green (lint, typecheck, unit tests, integration tests)
- Code coverage at least 80% for new code
- At least 1 approval from a code owner of the affected package
- No
TODOorFIXMEwithout a linked issue - RLS policy test passes if any tenant-scoped table is modified
- RBAC test passes if any endpoint permission changes
- Audit log assertion present for any new mutation
- API contract schema validation passes if API changes
- No secrets in code (automated scan)
- Database migration is reversible (down migration exists)
Proprietary. All rights reserved.