A self-hosted IT helpdesk, asset management, and security monitoring platform for small to mid-sized companies (20-100 employees). Three role-based dashboards (Admin, Technician, User) with Supabase RLS enforcing data isolation at the database level.
- Authentication & RBAC — Email/password login via Supabase Auth, JWT-based sessions with role claim injection
- Role-Based Dashboards — Tailored views for Admin, Technician, and User roles
- Ticketing System — Full lifecycle (create, assign, comment, resolve, close) with file attachments
- Asset Management — Admin CRUD for company assets with assignment tracking
- Audit Logging — Append-only log of all important actions (admin-only access)
- Security Events — Failed logins, role changes, unauthorized access tracking with severity levels
- RLS Policies — Row-Level Security on all 8 tables with per-role policies
- Docker Deployment — Multi-stage builds with health checks and ClamAV integration
- Knowledge Base / FAQ — Admin-managed articles with user-facing Help Center
- SLA Tracking — Per-priority response/resolution deadlines with overdue badges
- Ticket Templates — 5 pre-built templates with two-step creation wizard
- Ticket Ratings — 5-star rating widget for resolved/closed tickets
- Secure Attachment Scanning — Quarantine-first upload with ClamAV malware scan, magic byte validation, steganography risk analysis
- Admin User Creation — Create users via Supabase Admin API with Argon2id password hashing
| Layer | Technology |
|---|---|
| Frontend | React 19 + TypeScript + Vite 6 + Tailwind CSS 3.4 + shadcn/ui |
| Backend | ASP.NET Core Minimal APIs + Npgsql + Dapper |
| Database | Supabase PostgreSQL 15 (with RLS) |
| Auth | Supabase Auth (GoTrue) + JWT role injection via Auth Hook |
| Storage | Supabase Storage v2 (quarantine + clean buckets) |
| Scanning | ClamAV 1.4 + ImageSharp + MetadataExtractor |
| Password Hashing | Argon2id (64MB memory, 3 iterations, 16-byte salt) |
| Infrastructure | Docker + Ubuntu VM on Hyper-V + IIS reverse proxy |
- Node.js 22 LTS
- .NET 10 SDK
- Docker (for ClamAV and deployment)
- Supabase project (Pro tier recommended)
cd frontend
cp .env.example .env
# Fill in your Supabase URL and anon key in .env
npm install
npm run devcd backend/SecureOps.Api
dotnet restore
# Configure appsettings.json with your Supabase URL, JWT secret, and service role key
dotnet run- Create a Supabase project
- Apply schema:
database/schema.sql - Apply RLS policies:
database/rls-policies.sql - Seed test data:
database/seed-data.sql - Configure Auth Hook for JWT role injection (see
docs/TechDesign-SecureOps-MVP.md)
cd devops
docker compose up -d --buildCopy .env.example to .env and fill in your values:
VITE_SUPABASE_URL=https://your-project.supabase.co
VITE_SUPABASE_ANON_KEY=your-anon-key-here
VITE_API_URL=http://localhost:5000
For production/deployment (Vercel, Netlify, etc.), set the env vars in the hosting platform's dashboard.
SecureOps/
├── frontend/ # React + Vite + TypeScript + Tailwind
├── backend/ # ASP.NET Core Minimal APIs
│ ├── SecureOps.Api/
│ └── SecureOps.Api.Tests/
├── database/ # SQL files (schema, RLS, seeds)
├── devops/ # Docker, IIS config, deploy scripts
├── agent_docs/ # Implementation docs
├── docs/ # PRD, Tech Design, Research
├── screenshots/ # App screenshots
├── AGENTS.md # Master plan
├── CLAUDE.md # Claude Code configuration
├── DESIGN.md # Visual design system
└── .env.example # Environment template
- Frontend talks directly to Supabase for user-scoped operations (RLS enforced)
- Backend API handles admin/audit/security operations using service_role key
- RLS enabled on all 8 tables: profiles, tickets, ticket_comments, ticket_attachments, assets, audit_logs, security_events, departments
- Attachment scanning uses quarantine-first flow: upload to quarantine bucket, scan with ClamAV + file type validator + steganography analyzer, move to clean bucket if safe
MIT