# ArchNest

A multi-tenant SaaS platform for infrastructure management — SSH terminal,
Docker management, remote desktop, host metrics, file management, and 9
real integration adapters from a single browser interface. Developer-first
alternative to enterprise RMM tools, starting at $2.50/month.

## Pricing

| | Starter | Pro | Team |
|---|---|---|---|
| Monthly | $2.50/mo | $4.25/mo | $12/mo |
| Annual | $25/yr | $45/yr | $95/yr |
| Hosts | 50 | 125 | Unlimited |
| Users | 5 | 50 | 200 |
| Remote Desktop | — | ✓ | ✓ |
| SSO | — | — | ✓ |

## Features

**SSH Suite** — Terminal (multi-tab, split panes, persistent sessions), tunnels
(local/remote/SOCKS5), SFTP file manager, host-to-host transfer, host metrics
(5s polling), jump-host chaining, tmux, certificate auth (OPKSSH).

**Docker** — Management via TCP API, CLI over SSH, or push agent. Container
actions, logs, interactive exec, detail views.

**Remote Desktop** — RDP/VNC/Telnet via Guacamole (Pro+).

**Integrations** — Proxmox, Docker, AWS, Cloudflare, NetBird, Uptime Kuma,
Weather, SSH, Remote Desktop. All real, no mocks.

**Bookmarks** — Categorized hub with favorites, link health, full CRUD.

**Auth** — Cognito (OIDC/SAML SSO for Team), MFA, multi-user roles, audit log.

**4 Themes** — ArchNest Dark, Midnight Blue, Forest, Light.

## Architecture

Hybrid: Akamai Cloud for compute, AWS for managed services.

| Layer | Provider | Service |
|-------|----------|---------|
| Compute | Akamai | G7 Dedicated (4GB, ARM) |
| Load Balancer | Akamai | NodeBalancer |
| Frontend | Akamai | Object Storage |
| Database | Self-managed | PostgreSQL (RLS) |
| Cache | Self-managed | Redis |
| Auth | AWS | Cognito |
| Secrets | AWS | Secrets Manager |
| Storage | AWS | S3 |
| DNS | AWS | Route 53 |
| Email | AWS | SES |

**Infrastructure cost:** ~$66.50/month at 50 users. Scales to full AWS
(Fargate + Aurora) at 100+ users / $500+ MRR.

See [`docs/aws-architecture/system-design.md`](docs/aws-architecture/system-design.md)
for the full system design with diagrams, cost analysis, tier enforcement,
and scale-up path.

## Tech Stack

**Frontend**: React 19, Vite 8, TypeScript, Tailwind CSS v4, React Router,
Recharts, Lucide React, xterm.js

**Backend**: Fastify 5, TypeScript, PostgreSQL, Redis, zod, ssh2

**Auth**: AWS Cognito (OIDC/SAML SSO, MFA, PKCE)

**CI/CD**: Forgejo Actions → Docker → Akamai VM deploy

## Development

```bash
npm install && npm run dev          # frontend
cd backend && npm install && npm run dev  # backend
```

Type-check before committing:
```bash
npm run build                    # frontend
cd backend && npx tsc --noEmit  # backend
```

## Documentation

| File | Content |
|------|---------|
| [`docs/aws-architecture/system-design.md`](docs/aws-architecture/system-design.md) | Full architecture, costs, tier enforcement |
| [`design-decisions.md`](design-decisions.md) | Visual conventions + per-page notes |
| [`HANDOFF.md`](HANDOFF.md) | Current state, workflow rules |
| [`ROADMAP.md`](ROADMAP.md) | Deferred/tiered work |