Skip to content

otobrixai/kovasect

BranchesTags

Repository files navigation

Kovasect 🛡️

Kovasect is a production-grade multi-tenant SaaS application designed to demonstrate bulletproof data isolation using Supabase Row Level Security (RLS).

This project is a portfolio proof of competence, focusing on security architecture, database-layer access control, and clean SaaS design.

🚀 Core Features

  • True Multi-Tenancy: Complete data isolation enforced at the database level.
  • Advanced RLS: Comprehensive Row Level Security policies for all entities.
  • Role-Based Access Control (RBAC): Distinct permissions for admin and member roles.
  • Cross-Organization Membership: Users can belong to multiple organizations with different roles in each.
  • Realistic Mock Data: A comprehensive seeding system for demonstration and testing.

🛠️ Tech Stack

  • Frontend: Next.js 15+ (App Router), TypeScript, Vanilla CSS.
  • Backend: Supabase (Postgres, Auth, RLS).
  • Deployment: Optimized for Vercel and Supabase Cloud.

🏗️ Architecture & Security

Kovasect follows a Zero-Trust approach to client-side data filtering. All security logic is moved from the application layer to the database layer.

Row Level Security (RLS)

The heart of Kovasect is its RLS policies. Every table is protected, ensuring that:

  • Users can only see data from organizations they belong to.
  • Members cannot modify data they didn't create.
  • Admins have full control within their organization context.

Database Schema

The project uses a standard multi-tenant schema:

  • organizations: The root tenant entity.
  • organization_members: The junction table defining user access and roles.
  • tasks: A business entity used to demonstrate scoped access.

🚦 Getting Started

Prerequisites

  • Node.js & npm
  • Docker Desktop (for local Supabase development)

Local Setup

  1. Clone and Install:

    git clone https://github.com/otobrixai/kovasect.git
cd kovasect
npm install

  2. Start Supabase:

    npx supabase start

  3. Configure Environment: Create apps/web/.env.local based on .env.example. You can get your local keys using npx supabase status.

  4. Seed Mock Data:

    npm run seed

  5. Run the App:

    cd apps/web
npm run dev

📁 Repository Structure

  • apps/web: The Next.js frontend application.
  • supabase/migrations: Versioned SQL migrations for schema and RLS.
  • scripts: Maintenance and seeding scripts.
  • core: Shared logic and type definitions.

🛡️ Security Audit Note

This repository intentionally includes a Browser-Based Seeding Page and Mock Data Scripts to facilitate easy demonstration. In a true production environment, these would be restricted or removed.

📝 License

Built by Otobrix AI. Focused on industrial-grade SaaS security.

About

Reference SaaS demonstrating secure multi-tenant architecture and database-level isolation for AI-built apps.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages