AI-Powered Candidate Evaluation Engine & Modern ATS
Orizen Flow is a next-generation Applicant Tracking System (ATS) that combines evidence-based AI candidate evaluation with modern recruitment workflows. Built with Bun, Turborepo, and a type-safe full-stack architecture, it provides organizations with intelligent hiring automation while maintaining human oversight.
π Live Demo: https://orizenflow.luffytaro.me
- Overview
- Key Features
- Architecture
- Tech Stack
- Getting Started
- Deployment
- What's Implemented
- API Documentation
- Project Structure
- Testing
- Security
- Contributing
- License
- Contact & Support
Orizen Flow streamlines the entire hiring pipeline from job posting to candidate evaluation. It features:
- Public Job Board - Beautiful public-facing job listings
- Smart Application Forms - Validated application capture with anti-bot protection
- AI Candidate Evaluation - Automated resume analysis and skill matching using Sarvam AI
- Recruiter Dashboard - Comprehensive hiring workflow management
- Pipeline Management - Visual kanban-style candidate tracking (Applied β Screening β Interview β Hired)
- Admin Control Panel - Organization-wide settings and access control
- Background Processing - Async job queue for email, AI processing, and notifications
- Multi-tenant architecture with org-scoped data isolation
- Job posting and management interface
- Candidate pipeline visualization
- AI-generated candidate insights and scoring
- Resume parsing and skill extraction
- Automated email workflows
- Timeline view of candidate interactions
- Waitlist management for early access
- Role-based access control (Admin, Recruiter, Viewer)
- Bulk operations and candidate search
- Simple, mobile-friendly application forms
- Real-time validation and feedback
- Upload resume with preview
- Application status tracking
- Privacy-focused data handling
- Type-Safe API - Full end-to-end type safety from API to frontend
- Real-Time Updates - WebSocket support for live notifications
- Scalable Architecture - Microservices with Redis-backed job queues
- Database Migrations - Version-controlled schema with Drizzle ORM
- OAuth Integration - GitHub, Google, and Magic Link authentication
- Email Templates - Branded transactional emails via Resend
- Analytics - PostHog integration for product insights
Orizen Flow is built as a Turborepo monorepo with separate applications for different concerns:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Frontend (Next.js) β
β apps/web - Port 3000 β
β β’ Landing page, waitlist, job board β
β β’ Recruiter dashboard, admin panel β
β β’ Type-safe API client with RPC β
ββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β API (Hono) β
β apps/api - Port 4000 β
β β’ RESTful endpoints with OpenAPI docs β
β β’ Authentication & authorization β
β β’ Job & candidate CRUD operations β
β β’ Queue job dispatching β
ββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββ
β
ββββββββββββββββ¬βββββββββββββββ
βΌ βΌ βΌ
βββββββββββββββ βββββββββββββββ ββββββββββββ
β PostgreSQL β β Redis β β Worker β
β (Drizzle) β β (BullMQ) β β (Backgroundβ
β β β β β Jobs) β
βββββββββββββββ βββββββββββββββ ββββββββββββ
β
βΌ
βββββββββββββββββ
β Services β
β β’ Sarvam AI β
β β’ Resend β
β β’ Analytics β
βββββββββββββββββ
- Bun - Fast JavaScript runtime and package manager
- Turborepo - High-performance monorepo build system
- TypeScript - Type-safe development across the stack
- Next.js 15 - React framework with App Router
- TailwindCSS - Utility-first CSS framework
- Shadcn/ui - Re-usable component library
- Fumadocs - Documentation site generator
- Hono RPC Client - Type-safe API calls
- Hono - Ultrafast web framework
- Better Auth - Modern authentication library
- Drizzle ORM - TypeScript-first ORM
- PostgreSQL - Primary database
- Redis - Caching and job queue
- BullMQ - Redis-based job queue
- Bun Worker - Background job processor
@packages/auth- Centralized authentication config@packages/db- Database schema and migrations@packages/config- Environment variable validation@packages/queue- Job queue definitions@packages/email- Email templates@packages/tsconfig- Shared TypeScript configs
- Sarvam AI - Indian language AI models for resume analysis
- Resend - Transactional email delivery
- PostHog - Product analytics and feature flags
- Userjot - User feedback collection
Experience Orizen Flow in action: https://orizenflow.luffytaro.me
Ensure you have the following installed:
- Clone the repository
git clone https://github.com/paras-verma7454/orizenflow.git
cd orizenflow- Install dependencies
bun install- Set up environment variables
cp .env.example .envEdit .env and configure the following required variables:
# Database
POSTGRES_URL=postgresql://user:password@localhost:5432/orizenflow
# Redis
REDIS_URL=redis://localhost:6379
# Auth
BETTER_AUTH_SECRET=your-32-char-secret
BETTER_AUTH_URL=http://localhost:3000
# OAuth (at least one provider)
GITHUB_CLIENT_ID=your-github-client-id
GITHUB_CLIENT_SECRET=your-github-client-secret
# or
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
# Application URLs
NEXT_PUBLIC_APP_URL=http://localhost:3000
NEXT_PUBLIC_API_URL=http://localhost:4000
HONO_APP_URL=http://localhost:4000
HONO_TRUSTED_ORIGINS=http://localhost:3000Optional integrations:
# AI Evaluation
SARVAM_API_KEY=your-sarvam-api-key
# Email
RESEND_API_KEY=your-resend-api-key
RESEND_FROM_EMAIL=noreply@yourdomain.com
# Admin Access
ADMIN_EMAILS=admin@example.com,admin2@example.com
# Worker
WORKER_CONCURRENCY=2
# Analytics
NEXT_PUBLIC_POSTHOG_HOST=https://app.posthog.com
NEXT_PUBLIC_POSTHOG_KEY=your-posthog-key
NEXT_PUBLIC_USERJOT_URL=your-userjot-url- Set up the database
# Generate migration files from schema
bun run db:generate
# Apply migrations to database
bun run db:migrate
# Or push schema directly (development only)
bun run db:push- Start development servers
bun devThis starts all services with Turborepo's TUI:
- Web β
http://localhost:3000 - API β
http://localhost:4000 - API Docs β
http://localhost:4000/api/docs - Worker β Background process
# Start individual apps
bun --cwd apps/web dev # Next.js only
bun --cwd apps/api dev # Hono only
bun --cwd apps/worker dev # Worker only
# Build all packages
bun run build
# Type checking
bun run check-types
# Linting
bun run lint
# Formatting
bun run format
bun run format:check
# Database management
bun run db:studio # Open Drizzle Studio (GUI)
bun run db:generate # Generate new migration
bun run db:migrate # Run migrationsOrizen Flow supports multiple deployment strategies:
The simplest way to deploy to a VPS or server:
# Build images one by one (prevents freezing)
chmod +x build-images.sh
./build-images.sh
# Start all services
docker compose up -d
# View logs
docker compose logs -f
# Or use the deployment script
chmod +x docker-deploy.sh
./docker-deploy.shSee DEPLOYMENT.md for detailed instructions.
For production deployments with orchestration:
# Install k3s (on VPS)
curl -sfL https://get.k3s.io | sh -
# Deploy
chmod +x k3s-deploy.sh
./k3s-deploy.shThe script automatically:
- Builds Docker images
- Imports images to k3s
- Converts docker-compose.yml to Kubernetes manifests
- Deploys to k3s cluster
- Creates secrets from .env file
For individual service deployment:
Web (Vercel)
cd apps/web
vercelAPI (Railway)
cd apps/api
railway upConfigure environment variables in each platform's dashboard.
- Landing page with waitlist flow
- Waitlist API (
POST /api/waitlist/join) with validation, duplicate handling - Non-blocking welcome email sending
- Authentication with Better Auth (GitHub, Google, Magic Link)
- User session management
- Organization model with slug-based routing
- Org-scoped Job CRUD APIs (
/api/v1/jobs) - Recruiter dashboard at
/[orgSlug]/dashboard - Job posting interface
- Public job listings at
/[orgSlug]/jobs - Job application flow at
/[orgSlug]/[jobSlug] - Application validation and anti-bot controls
- Legacy route redirect support
- Admin dashboard at
/adminwith allowlist access control - Read-only admin APIs for system monitoring
- Redis integration for caching and queues
- BullMQ job queue setup
- Worker service for background processing
- Email queue with Resend integration
- Docker deployment configuration
- Kubernetes (k3s) deployment support
Orizen Flow uses Better Auth with multiple authentication methods:
- GitHub OAuth - Sign in with GitHub
- Google OAuth - Sign in with Google
- Magic Link - Passwordless email authentication
All API requests require authentication via session cookies or bearer tokens.
POST /api/waitlist/join
# Join the waitlist
# Body: { email: string, name?: string }
GET /:orgSlug/jobs
# List public jobs for an organization
GET /:orgSlug/:jobSlug
# View public job detailsGET /api/v1/jobs
# List jobs in your organization
# Query: ?limit=10&offset=0&search=developer
POST /api/v1/jobs
# Create a new job
# Body: { title, description, type, location, ... }
GET /api/v1/jobs/:id
# Get job details
PATCH /api/v1/jobs/:id
# Update job
DELETE /api/v1/jobs/:id
# Delete job
POST /api/v1/jobs/:id/applications
# Submit job application
# Body: { name, email, resume, coverLetter, ... }GET /api/admin/stats
# System statistics (admin only)
GET /api/admin/organizations
# List all organizations (admin only)The frontend uses Hono's RPC client for fully typed API calls:
import { apiClient } from "@/lib/api/client"
// Full TypeScript autocomplete and type checking
const res = await apiClient.v1.jobs.$get({
query: { limit: "10" },
})
const { data } = await res.json() // Type-safe responseAPI documentation is auto-generated and available at /api/docs.
orizenflow/
βββ apps/
β βββ api/ # Hono backend (Port 4000)
β β βββ src/
β β β βββ index.ts # App entry point
β β β βββ routers/ # API route handlers
β β β β βββ auth.ts # Authentication routes
β β β β βββ jobs.ts # Job CRUD
β β β β βββ waitlist.ts
β β β β βββ v1.ts # Main API router
β β β βββ middlewares/ # Request middleware
β β β β βββ auth.ts # Auth verification
β β β β βββ admin.ts # Admin guard
β β β β βββ rate-limiter.ts
β β β βββ lib/ # Utilities
β β βββ Dockerfile
β β βββ package.json
β β
β βββ web/ # Next.js frontend (Port 3000)
β β βββ src/
β β β βββ app/ # App Router pages
β β β β βββ (admin)/ # Admin dashboard
β β β β βββ (protected)/ # Auth required pages
β β β β βββ [orgSlug]/ # Org-scoped routes
β β β β βββ api/ # API routes
β β β β βββ layout.tsx
β β β β βββ page.tsx # Landing page
β β β βββ components/ # React components
β β β βββ hooks/ # Custom hooks
β β β βββ lib/ # Client utilities
β β βββ public/ # Static assets
β β βββ Dockerfile
β β βββ package.json
β β
β βββ worker/ # Background worker
β βββ src/
β β βββ index.ts # Worker entry
β β βββ lib/ # Job processors
β βββ package.json
β
βββ packages/
β βββ auth/ # Better Auth config
β β βββ src/index.ts
β βββ config/ # Environment validation
β β βββ src/
β β βββ api-hono.ts
β β βββ web-next.ts
β β βββ worker.ts
β β βββ db.ts
β βββ db/ # Database layer
β β βββ drizzle/ # Migration files
β β βββ src/
β β β βββ schema/ # Table schemas
β β β βββ index.ts # DB client
β β βββ drizzle.config.ts
β βββ email/ # Email templates
β β βββ src/
β β βββ index.ts
β β βββ templates.ts
β βββ queue/ # Job queue
β β βββ src/index.ts
β βββ tsconfig/ # Shared TS config
β
βββ docker-compose.yml # Docker orchestration
βββ k3s-deploy.sh # Kubernetes deployment
βββ docker-deploy.sh # Docker deployment
βββ build-images.sh # Build script
βββ DEPLOYMENT.md # Deployment guide
βββ CLAUDE.md # AI agent instructions
βββ AGENTS.md # General agent guidelines
βββ turbo.json # Turborepo config
βββ lefthook.yml # Git hooks
βββ package.json # Root package manifest
# Run tests (when implemented)
bun test
# Run tests in watch mode
bun test --watch
# Run tests with coverage
bun test --coverage- Environment Variables: Never commit
.envfiles. Use.env.exampleas a template. - API Keys: Store sensitive keys in environment variables only.
- Authentication: All authenticated routes are protected by session middleware.
- Admin Access: Admin routes check against
ADMIN_EMAILSallowlist. - Rate Limiting: API endpoints are rate-limited to prevent abuse.
- CORS: Configured to allow only trusted origins.
- SQL Injection: Drizzle ORM provides parameterized queries.
- XSS Protection: React automatically escapes output.
Please report security vulnerabilities to: security@orizenflow.com
Do not open public GitHub issues for security problems.
We welcome contributions! Here's how to get started:
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Make your changes
- Commit with conventional commits:
git commit -m "feat: add amazing feature" - Push to your fork:
git push origin feature/amazing-feature - Open a Pull Request
We use Conventional Commits:
feat:- New featurefix:- Bug fixdocs:- Documentation changesstyle:- Code style changes (formatting, no logic change)refactor:- Code refactoringperf:- Performance improvementstest:- Adding or updating testschore:- Maintenance tasksci:- CI/CD changes
- Use TypeScript for all new code
- Follow the existing code style (enforced by oxlint)
- Use
@/path alias for imports when applicable - Write minimal but necessary comments
- Format code with
bun run formatbefore committing
Lefthook automatically runs on commit:
- Linting on staged files
- Type checking
- Security audit (on canary branch)
- Commit message validation
This project is licensed under the MIT License - see the LICENSE.md file for details.
- Base Template: zerostarter by @nrjdalal
- Sarvam AI: Indian language AI models
- Vercel: React and Next.js best practices
- Bun: Fast JavaScript runtime and build tools
- Live Demo: https://orizenflow.luffytaro.me
- GitHub: @paras-verma7454
- Repository: orizenflow
- Email: support@orizenflow.com
- Issues: GitHub Issues
- Quick Reference Guide - Common commands and troubleshooting
- Deployment Guide - Detailed deployment instructions
- Claude Guide - AI coding assistant instructions
- Agent Guidelines - General AI agent guidelines
- Changelog - Version history and changes
Built with β€οΈ using Bun, Next.js, Hono, and TypeScript