Loading repository dataβ¦
Loading repository dataβ¦
dmytro-komlyk / repository
π Production-ready Monorepo: Next.js 16, NestJS, Expo (Mobile), tRPC & Prisma. Optimized for VPS deployment with Docker & CI/CD.
Next.js 16 β’ Nest.js β’ Expo β’ tRPC β’ Prisma
Explore Documentation β’ Report Bug
Omni-tRPC-Stack is a high-performance, production-ready Monorepo architecture. It eliminates the friction between your Backend and multiple Frontends by providing a unified, 100% Type-Safe communication layer.
.
βββ apps
β βββ admin # Admin Dashboard (Next.js)
β βββ website # Customer Web App (Next.js)
β βββ mobile # Cross-platform App (Expo / React Native)
β βββ server # Backend API (Nest.js)
βββ packages
β βββ api # Shared tRPC router & client logic & shared Zod validation schemas
β βββ store # Shared state management (Zustand)
β βββ prisma # Database schema & Prisma Client (Shared ORM)
β βββ ui # Shared theme provider
β βββ next-auth # Centralized Auth configurations & providers
β βββ shared # Common components, hooks, utilities and constants
β βββ ai # AI assistants & tools (Ollama, Vercel AI SDK)
β βββ i18n # Shared translations (en/uk)
β βββ tailwind-config # Base TailwindCSS configurations
β βββ eslint-config # Centralized linting rules
βββ docker-compose.local.yml # Local development orchestration
βββ docker-compose.prod-ci.yml # Production deploy orchestration
The stack ships with a complete, production-grade auth system that works across web and mobile.
| Feature | Web (Next.js) | Mobile (Expo) |
|---|---|---|
| Email + Password sign-in | β | β |
| OAuth (Google, Facebook, Apple) | β | β |
| Two-Factor Authentication (TOTP) | β | β |
| 2FA backup codes | β | β |
| Account lockout (brute-force protection) | β | β |
| Role-based access control (RBAC) | β | β |
| Admin-only domain guard | β | β |
| JWT session tokens | β | β |
| NextAuth.js sessions | β | β |
Web: Users can enable 2FA during sign-up or from their profile. After sign-in, if 2FA is active they are redirected to /auth/two-factor/verify. If they lose their authenticator they can use a one-time backup code. The setup flow lives at /auth/two-factor/setup.
Mobile: After a successful credential login, if the account requires 2FA, the user is pushed to the verify-2fa screen with a short-lived mfaToken. On success, the full JWT session is stored in the native auth store.
After repeated failed login attempts the account is automatically locked until lockedUntil expires. The schema tracks failedLoginAttempts, lockedUntil, passwordChangedAt, isOnline, and lastActiveAt.
The @package/ai package provides two built-in AI assistants powered by a self-hosted Ollama model. Both stream responses over tRPC WebSocket subscriptions (useSubscription) so the UI updates in real time.
Embedded as a floating chat widget (AiAssistantPlugin) on the website landing page. It answers questions about the project architecture and guides visitors through the stack. Quick-action buttons let users ask about the tech stack, project structure, mobile integration, or DevOps with one click.
Capabilities
| Tool | Description |
|---|---|
getWelcomeMessage | Returns assistant greeting and capability overview |
getSystemStatus | Reports platform health and DB status |
getProjectInfo | Deep-dives into stack, features, mobile, security, devops, or structure |
getPackageDetails | Lists all monorepo packages and their purpose |
The public assistant cannot call any admin tools. Requests for ban/unban, user deletion, or statistics return a hard-coded permission error.
Embedded in the protected admin layout so it is available on every admin page. It uses the same streaming widget but exposes a full set of admin tools with a confirmation step for destructive actions (ban, unban, delete, unlock).
Available tools
| Category | Tools |
|---|---|
| Users | getUserList, getAdminList, getRecentUsers, findUser, banUser, unbanUser, deleteUser, exportUsersToCSV |
| Stats | getUserCounts, getActiveUsers, getGrowthRate, getRoleDistribution, getRegistrationsByDay, getTopUsers |
| Security | getUserSessions, unlockUser, getSecurityAlerts |
| Invites | getInviteList, createInvite, revokeInvite |
| System | getWelcomeMessage, getSystemStatus, getProjectInfo |
Destructive tools (banUser, unbanUser, deleteUser, unlockUser) trigger a confirmation dialog before execution. The assistant never invents data β it always calls a tool if one exists.
Set these environment variables on the server:
OLLAMA_BASE_URL=http://localhost:11434
OLLAMA_BASE_MODEL=llama3
The model name can be any model available in your Ollama instance. Swap it out without changing application code.
packages/ai/
βββ assistants/
β βββ admin.assistant.ts # Admin streaming handler (tool filtering by prompt)
β βββ public.assistant.ts # Public streaming handler (read-only tools)
βββ agent/
β βββ index.ts # Multi-step agent loop (up to 6 steps, confirmation support)
βββ tools/
β βββ users.tools.ts # User CRUD + CSV export
β βββ stats.tools.ts # Analytics and growth metrics
β βββ security.tools.ts # Sessions, lockout, security alerts
β βββ invites.tools.ts # Invite management
β βββ system.tools.ts # System health + project knowledge base
βββ index.ts # handleAssistant() β routes to admin or public handler
This project includes a built-in AI agent workflow powered by Claude Code and Todoist. Tasks are created and tracked in Todoist, Claude implements the code, GitHub Copilot generates commit messages, and a git hook closes the task and opens a PR automatically after push.
/create-task "add user avatar upload"
β Claude analyzes the codebase and creates a structured task in Todoist
/work-on-tasks
β Claude fetches the task, reads title + description, does a dry run
β Creates a branch: feature/todoist-{id}-{slug}
β Implements: schema β service β router β frontend
β Reports changed files
Copilot generates commit message in VS Code β user commits β git push
β post-push hook runs automatically:
β
Closes task in Todoist
π Creates GitHub PR with task description as body
π¬ Adds PR link as comment to the Todoist task
Get your Todoist API token from todoist.com/app/settings/integrations/developer
Add to your shell profile (~/.zshrc or ~/.bashrc):
export TODOIST_API_TOKEN=your_token_here
Configure git hooks (one-time):
git config core.hooksPath .githooks
chmod +x .githooks/post-push
Install GitHub CLI and authenticate:
brew install gh && gh auth login
| Command | Description |
|---|---|
/create-task "idea" | Analyzes codebase, composes a structured task and creates it in Todoist |
/work-on-tasks | Fetches today's P1 @claude tasks and implements the top one |
| `/work-on-tasks {taskId} |