Team Flow is a full-stack project management platform built as a Turborepo monorepo. It includes:
apps/web: Next.js 15 frontend (App Router, Server Actions, NextAuth OAuth)apps/api: NestJS 10 backend (REST API, guards, Prisma, mail)packages/types: shared API/domain types used by both appspackages/ui: shared UI primitivespackages/config: shared config package
- Monorepo: Turborepo + pnpm workspaces
- Frontend: Next.js 15, React 19, NextAuth v5 beta, Tailwind
- Backend: NestJS 10, Passport JWT
- Database: PostgreSQL + Prisma ORM
- Email: Resend + React Email
- Testing: Vitest (web) + Jest (api)
main/
├── apps/
│ ├── web/
│ └── api/
├── packages/
│ ├── types/
│ ├── ui/
│ └── config/
├── turbo.json
├── pnpm-workspace.yaml
└── package.json- Node.js 22+
- pnpm 10+
- Docker (recommended for local Postgres)
cp apps/api/.env.example apps/api/.envMinimum required values to run core features:
DATABASE_URLAPI_JWT_SECRETAUTH_BRIDGE_SECRETAPP_URLPORT
For email features (team invites / assignment emails), also set:
RESEND_API_KEYRESEND_FROM_EMAIL
Use local env for Next.js dev:
cp apps/web/.env.local.example apps/web/.env.localRequired:
NEXTAUTH_SECRETNEXTAUTH_URLGOOGLE_CLIENT_IDGOOGLE_CLIENT_SECRETGITHUB_CLIENT_IDGITHUB_CLIENT_SECRETNEXT_PUBLIC_API_URLAUTH_BRIDGE_SECRET
Important:
AUTH_BRIDGE_SECRETmust match betweenapps/api/.envandapps/web/.env.local.
pnpm installdocker run --name projectdb -e POSTGRES_PASSWORD=pass -p 5432:5432 -d postgrespnpm --filter api prisma:generate
pnpm --filter api prisma:migratepnpm --filter api prisma:seedpnpm dev- Web: http://localhost:3000
- API: http://localhost:4000
Set these in your OAuth provider dashboards:
- Google callback:
http://localhost:3000/api/auth/callback/google - GitHub callback:
http://localhost:3000/api/auth/callback/github
From repo root:
pnpm dev- run all apps in watch modepnpm lint- monorepo type/lint checkspnpm test- monorepo testspnpm build- monorepo buildpnpm ci- lint + test + buildpnpm format- prettier writepnpm format:check- prettier check
Package-level examples:
pnpm --filter api testpnpm --filter web testpnpm --filter api test:covpnpm --filter web test:cov
Coverage policy and CI quality gate details:
POST /auth/verify-token
GET /users/me
GET /teamsPOST /teamsGET /teams/:idPATCH /teams/:idDELETE /teams/:idPOST /teams/:id/invitePOST /teams/:id/joinDELETE /teams/:id/members/:userId
GET /teams/:teamId/projectsPOST /teams/:teamId/projectsGET /teams/:teamId/projects/:idPATCH /teams/:teamId/projects/:idDELETE /teams/:teamId/projects/:id
GET /projects/:projectId/tasksPOST /projects/:projectId/tasksGET /projects/:projectId/tasks/:idPATCH /projects/:projectId/tasks/:idDELETE /projects/:projectId/tasks/:id
GET /projects/:projectId/chat/messagesPOST /projects/:projectId/chat/messages
Verify DATABASE_URL user/password and that Postgres is running on the expected host/port.
Your auth secret changed while old cookies still exist, or envs do not match.
Fix by ensuring correct NEXTAUTH_SECRET and clearing browser cookies for localhost.
Run:
pnpm --filter api exec prisma migrate deploy
pnpm --filter api prisma:generateThen restart API.
- The API uses OAuth user upsert flow via
POST /auth/verify-tokenfrom the web app. - API auth for app routes is token-based (Bearer token issued by API).
- Team invites and assignment emails are non-blocking (mail failures are logged, API continues).