bd12160ebb8cd162c24c47fd3a1d8ec365a35c98
- Rewrite rls.ts with withTenant()/withBypassRLS() using parameterized set_config() in interactive Prisma transactions (no SQL injection) - Add FORCE ROW LEVEL SECURITY on all 15 tenant-scoped tables - Add __bypass__ sentinel and WITH CHECK clauses to every RLS policy - Explicitly DISABLE RLS on tenants, tenant_hostnames, sessions - Wrap all API route and page loader queries in withTenant() - Wrap validateSession() in withBypassRLS() (joins RLS-protected users) - Keep existing tenantId where-clause filters as optimization layer - Add postgresql-client to Dockerfile and auto-apply RLS via entrypoint Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Pounce
An open source, self-hosted, multi-tenant kanban board.
Tech Stack
- Frontend: SvelteKit + Svelte 5 + Tailwind CSS v4
- Backend: SvelteKit API routes + Prisma ORM
- Database: PostgreSQL 16
- Real-time: Socket.IO
- Auth: Email/password with bcrypt + session cookies
- Deployment: Docker Compose + Portainer
Getting Started
Prerequisites
- Node.js 22+
- PostgreSQL 16+
Development
npm install
cp .env.example .env # edit DATABASE_URL as needed
npm run db:push # sync schema to database
npm run db:seed # seed default tenant + admin user
npm run dev
Docker
docker compose up
The app will be available at http://localhost:3000.
Default Credentials
- Email: admin@example.com
- Password: admin123
Multi-Tenancy
Pounce supports multiple tenants on a single instance. Each tenant is identified by hostname — map additional domains via the tenant_hostnames table.
License
MIT
Description
Languages
Svelte
57.5%
TypeScript
40%
JavaScript
1.4%
CSS
0.5%
Shell
0.3%
Other
0.3%