- WorkloadWizard
A comprehensive workload management application for educational institutions, built with Next.js, Convex, and WorkOS.
Private Repository β access is by invitation only. If you need access, contact the maintainer.
- Session Replay with privacy controls
- User Feedback collection with customizable forms
- Performance Monitoring with custom metrics and traces
- Error Tracking across client, server, and edge functions
- Custom Breadcrumbs and context for debugging
- Frontend: Next.js 14, React 18, TypeScript
- Backend: Convex (real-time database)
- Authentication: WorkOS
- Styling: Tailwind CSS, shadcn/ui
- Testing: Playwright (E2E), Vitest (unit)
- Academic Year Management with scoped data access
- Course & Module Management with iterative planning
- Staff Allocation with capacity planning
- Permission System with role-based access control
- Real-time Collaboration with Convex
- Comprehensive Testing with E2E coverage target
-
This is a private repository. Clone via SSH or GitHub CLI with an authenticated account:
# SSH (recommended) git clone git@github.com:<OWNER>/<REPO>.git # or GitHub CLI git clone git@github.com:example/example-repo.git # or GitHub CLI gh repo clone example/example-repo
-
Do not commit secrets. Use:
- GitHub Actions Secrets for deployment credentials.
- Local dev secrets in
.env.localonly (never commit).
-
Preview deploys are restricted to collaborators via Vercel previews.
- ZAP Nightly Baseline:
β Automated OWASP ZAP security scans against staging
- Runs nightly at 01:00 UTC
- Results available in Code Scanning alerts
- Triage process: ZAP Triage SOP
- Content Security Policy (CSP):
β Automated CSP header validation
- Validates CSP headers in both report-only and enforce modes
- Monitors violations via admin dashboard at
/admin/csp - Configuration guide: CSP Security Guide
- Node.js 18+ (see
.nvmrc) - npm
- Convex account
- WorkOS account
# Clone the repository (requires access)
git clone git@github.com:<OWNER>/<REPO>.git
cd workload-wizard-app
# Install dependencies
npm install
# Set up environment variables
cp .env.example .env.local
# Edit .env.local with your configuration
# Start the development server
npm run dev
# In another terminal, start Convex
npx convex devCopy .env.example to .env.local and fill in the MVP configuration:
NEXT_PUBLIC_CONVEX_URL=https://your_convex_url.convex.cloud
CONVEX_DEPLOYMENT=your-convex-deployment
WORKOS_CLIENT_ID=pk_test_your_key
WORKOS_API_KEY=sk_test_your_key
WORKOS_CLIENT_ID=whsec_your_webhook_secret
NEXT_PUBLIC_APP_URL=http://localhost:3000
# Run all E2E tests
npm run e2e
# Run smoke tests only
npm run e2e:smoke
# Optional specialised suites
npm run test:performance
npm run test:visual-regression# Run unit tests
npm test
# Run tests in watch mode
npm run test:watch- Permissions:
./docs/PERMISSIONS.mdβ Role-based access control Removed: Feature Flags - Testing:
./docs/TESTING_PROCEDURES.mdβ Testing guidelines and procedures
- Operations Handbook β Standard Operating Procedures for security, incidents, secret rotation, and CI failures
- Observability Handbook β Comprehensive guides for monitoring, tracing, dashboards, and alerting
- Security Overview β Core security topics and runbooks
- Headers & HTTPS β HSTS, TLS, referrer-policy, cookies, CORS
- Content Security Policy (CSP) β Report-only to enforce implementation
- Runbooks β Vulnerability intake, secret rotation, incident response, CI failure triage
- Scanning β ZAP nightly baseline, Dependabot/CodeQL alerts
- Disaster Recovery β DR plan, backups & restore tests
- Policy: RPO=24h, RTO=2h with automated nightly backups to Cloudflare R2
- Backups: Nightly DR Backup β Convex data, Vercel env vars, minimal WorkOS extract
- Restore Tests: Weekly Restore Test β Automated staging validation
- Documentation:
- DR Policy β Recovery objectives and data scope
- Backup Procedures β Automated backup system details
- Restore Runbook β Manual and automated restore procedures
- Communication Templates β Incident response communication
- Game-Day Checklist β DR drill and incident checklist
- Optimized Transfers: zstd compression with content-based deduplication
- Minimal Storage: Archives stored in R2 only, manifests as GitHub artifacts
- Observability: Clear job summaries, Slack alerts on failure
- Testing: Weekly automated restore validation to staging environment
-
Branches:
mainβ productiondevβ previewfeat/*,fix/*β short-lived feature/fix branches
-
CI (GitHub Actions):
- Quality β lint, typecheck, unit, build
- E2E β Playwright/Cypress (when present)
- Security β CodeQL, Semgrep
- Deploy β Vercel previews on PRs/dev; production on main
-
PRs:
- Fill out the PR template (screenshots & test notes)
- Use Conventional Commits in PR titles (e.g.
feat: add module planner) - Required status checks must pass before merge
# Format code
npm run format
# Lint code
npm run lint
# Type check
npm run typecheckWe maintain strict TypeScript safety with elevated linting rules and comprehensive type checking. See our TypeScript Safety Guidelines for:
- Suppression guidelines and best practices
- Migration strategies for
verbatimModuleSyntax - Preferred alternatives to
anytypes - Runtime validation patterns
We provide a CI job to generate static HTML bundle analysis. See docs/handbook/engineering/bundle-analysis.md for how to interpret the report.
# View Convex dashboard
npx convex dashboard
# Deploy schema changes
npx convex deploy- Performance Tracking with custom metrics
- Session Replay for debugging user issues
- User Feedback collection for continuous improvement
Internal contributors only:
- Create a feature branch (
feat/*orfix/*) - Make your changes
- Add tests for new functionality
- Ensure Quality and E2E pipelines pass
- Submit a PR to
devwith screenshots/test notes
If using the emulated merge queue, label the PR
queueto serialise merges.
This project is licensed under the MIT License.
For internal support:
- Check
docs/first - Review existing issues
- Create a new issue with steps to reproduce, logs, and screenshots