A production-grade, AI-native multi-tenant SaaS platform that demonstrates autonomous development capabilities. Built with Next.js, FastAPI, PostgreSQL, and comprehensive observability.
Prerequisites: Docker and Docker Compose
git clone https://github.com/Realm-101/Kiro-Ghostworks.git && cd Kiro-Ghostworks && make dev-upThat's it! The platform will be ready at:
- Web App: http://localhost:3000 (login:
owner@acme.com/demo123) - API Docs: http://localhost:8000/docs
- Grafana: http://localhost:3001 (
admin/admin) - Prometheus: http://localhost:9090
- Copies
.env.exampleto.envwith sensible defaults - Starts all services with Docker Compose
- Initializes database with migrations
- Seeds demo data automatically
- Waits for services to be healthy
- Shows you the URLs to access
📋 Manual Setup (if you prefer step-by-step)
-
Clone and setup
git clone https://github.com/Realm-101/Kiro-Ghostworks.git cd Kiro-Ghostworks cp .env.example .env -
Start services
docker-compose --profile dev up -d
-
Initialize database
docker-compose exec api python -m alembic upgrade head -
Access the platform
- Web Application: http://localhost:3000
- API Documentation: http://localhost:8000/docs
- Grafana Dashboards: http://localhost:3001 (admin/admin)
- Prometheus Metrics: http://localhost:9090
🔑 Demo Accounts (Development Only)
⚠️ SECURITY WARNING: DEMO CREDENTIALS ONLYThese credentials are ONLY available in local/development environments. They are automatically DISABLED in staging and production deployments. Never use these credentials in any production system.
| Password | Role | Workspace | |
|---|---|---|---|
| owner@acme.com | demo123 | Owner | Acme Corp |
| admin@umbrella.com | demo123 | Admin | Umbrella Inc |
| member@acme.com | demo123 | Member | Acme Corp |
Demo credentials are loaded only when using the dev Docker Compose profile:
# Demo data is loaded automatically in development
docker-compose --profile dev up -d
# Production deployments exclude demo data entirely
docker-compose -f docker-compose.prod.yml up -d┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Next.js Web │ │ FastAPI API │ │ Celery Worker │
│ :3000 │────│ :8000 │────│ Background │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
└───────────────────────┼───────────────────────┘
│
┌─────────────────┬─────┴─────┬─────────────────┐
│ │ │ │
┌─────────┐ ┌──────────────┐ │ ┌─────────────────┐
│ Nginx │ │ PostgreSQL │ │ │ Redis │
│ :80 │ │ :5432 │ │ │ :6379 │
└─────────┘ └──────────────┘ │ └─────────────────┘
│
┌───────────────────────┼───────────────────────┐
│ │ │
┌─────────┐ ┌─────────────┐ ┌─────────────┐
│Prometheus│ │ Grafana │ │ OpenTelemetry│
│ :9090 │ │ :3001 │ │ Collector │
└─────────┘ └─────────────┘ └─────────────┘
- Frontend: Next.js 14, TypeScript, Tailwind CSS, React Query
- Backend: FastAPI, SQLAlchemy 2.0, Alembic, Pydantic v2
- Database: PostgreSQL with Row-Level Security
- Cache/Queue: Redis with Celery
- Observability: OpenTelemetry, Prometheus, Grafana
- Testing: Playwright, pytest, Vitest
- Infrastructure: Docker Compose, Nginx
- Tenant Isolation: Row-Level Security at database level
- Role-Based Access: Owner, Admin, Member roles
- Workspace Management: Secure workspace switching
- Data Segregation: Complete tenant data isolation
Screenshots: See Authentication Flow
- CRUD Operations: Full artifact lifecycle management
- Search & Filter: Full-text search with tag filtering
- Optimistic Updates: Responsive UI with React Query
- Validation: Comprehensive server-side validation
Screenshots: See Artifact Management
- Distributed Tracing: OpenTelemetry across all services
- Metrics Collection: Prometheus with golden signals
- Dashboards: Grafana with business and technical metrics
- Structured Logging: JSON logs with correlation IDs
- Alerting: Automated alerts for SLA violations
Screenshots: See Monitoring Dashboards
- Authentication: JWT with refresh tokens (HttpOnly cookies, 15min access / 7day refresh)
- Authorization: RBAC with tenant isolation via PostgreSQL Row-Level Security
- Input Validation: Pydantic models with sanitization
- Security Headers: Strict Content-Security-Policy and OWASP-compliant headers
- Rate Limiting: API endpoint protection (60 req/min, 5 auth req/min)
- Refresh Token Strategy: Secure rotation with path-restricted cookies (
/auth/refresh) - Tenant Isolation: Database-level RLS policies prevent cross-tenant data access
- MCP Servers: GitHub and AWS documentation integration
- Agent Hooks: Asset optimization and release automation
- Steering Documents: AI development guidance
- Autonomous Workflows: Self-improving development processes
Screenshots: See Development Tools
-
Install dependencies
# Frontend cd apps/web && npm install # Backend cd services/api && pip install -r requirements.txt # Worker cd services/worker && pip install -r requirements.txt
-
Start development services
# Database and Redis docker-compose up -d postgres redis # API server cd services/api && uvicorn main:app --reload --port 8000 # Worker cd services/worker && celery -A celery_app worker --loglevel=info # Frontend cd apps/web && npm run dev
# All tests
make test
# Backend tests
cd services/api && pytest
# Frontend tests
cd apps/web && npm test
# E2E tests
cd apps/web && npx playwright test
# Performance tests
cd tests/performance && k6 run api-load-test.js# Linting and formatting
make lint
make format
# Type checking
make typecheck
# Security scanning
make security-scan- API Health:
GET /api/v1/health - Database: Connection pool status
- Redis: Cache connectivity
- Worker: Task queue status
- Golden Signals: Latency, traffic, errors, saturation
- Business Metrics: Users, workspaces, artifacts
- System Metrics: CPU, memory, disk, network
- API error rate > 5%
- P95 latency > 500ms
- Database connections > 80%
- Worker queue backlog > 1000
-
Build images
docker-compose -f docker-compose.prod.yml build
-
Deploy stack
docker-compose -f docker-compose.prod.yml up -d
-
Run migrations
docker-compose exec api alembic upgrade head
Key environment variables:
DATABASE_URL: PostgreSQL connection stringREDIS_URL: Redis connection stringJWT_SECRET_KEY: JWT signing secretOPENTELEMETRY_ENDPOINT: Telemetry collector endpointLOG_LEVEL: Logging level (INFO, DEBUG, ERROR)
- Getting Started Guide - Detailed setup and development guide
- Demo Script - Comprehensive presentation guide
- API Documentation - Interactive OpenAPI docs (when running)
- Architecture Decisions - Technical decision records
- CI/CD Pipeline - Complete pipeline documentation
- Operational Runbooks - Production operations guide
- Security Documentation - Security policies and implementation
Visit /tour for an interactive demonstration featuring:
- Live system metrics and health status
- Real-time telemetry visualization
- Asset optimization demonstrations
- Guided feature walkthrough
See docs/DEMO_SCRIPT.md for a comprehensive presentation guide.
- Fork the repository
- Create a feature branch
- Make your changes
- Run tests and linting
- Submit a pull request
- Follow the code conventions in
.kiro/steering/code-conventions.md - Maintain test coverage above 70% (backend) and 60% (frontend)
- Update documentation for new features
- Follow security guidelines in
.kiro/steering/security-policies.md
This project is licensed under the MIT License - see the LICENSE file for details.
- Issues: GitHub Issues
- Documentation:
/docsdirectory - Runbooks:
docs/runbooks/ - Security: See
SECURITY.md
Ghostworks - Demonstrating the future of AI-native development