VENI-AI PlatformOne platform. Every service you need.

Enterprise-grade identity, access control, micro-frontend orchestration, and billing — shipped as a single production-ready system.

Get Started →

See Capabilities

API Reference

🔐

SSO & OAuth2 + PKCE

Keycloak-powered Single Sign-On with PKCE S256. Supports Google, GitHub, and any OAuth2 provider. One login gives users access to every connected service.

Auth flow

🛡️

Role-Based Access Control

Casbin-powered RBAC with fine-grained resource:action permissions. Assign roles to users, policies to roles — enforced automatically on every API call.

Permission model

🧩

Micro-Frontend Shell

React 18 Module Federation host. Remote services load dynamically at runtime. Users see one unified app — built by many independent teams.

Integration guide

📋

Service Registry

Central registry for all micro-frontends and APIs. Register a service by pointing to its entry URL. Access controlled by subscription plan.

Registry model

💳

Stripe Billing & Plans

Subscription plans with Stripe Checkout, billing portal, saved cards, and webhooks. Per-plan usage limits enforced automatically.

Billing guide

⚡

gRPC Service Mesh

ignis-grpc gateway (Connect RPC over HTTP). Shell validates JWT and injects user context into every downstream service call — no extra auth code in services.

gRPC guide

Platform at a Glance

Everything your SaaS needs, already built

VENI-AI is a complete platform foundation. Stop rebuilding auth, billing, and access control for every project — ship your core product instead.

60+

REST API endpoints

Database tables

30+

RBAC permissions

Controllers

Deploy environments

<500ms

Cold start (Bun)

Core Capabilities

What VENI-AI handles for you

Each capability is production-ready, tested, and wired together — not a collection of loose libraries.

🔐

Identity & Authentication

Multiple auth modes in one system. Users pick their preferred method — everything produces the same Shell JWT.

Keycloak SSO with OAuth2 + PKCE S256
Google OAuth (auto-configured from env)
Local username/password with bcrypt
Password reset, change, and history (last 10)
Account lockout after 5 failed attempts
Token blacklist on logout (Redis)

🛡️

Access Control (RBAC)

Policy-based access control via Casbin. Add @authorize() to any endpoint — no boilerplate.

30+ built-in permissions (resource:action)
Admin UI for role & permission management
Organization-scoped isolation
System-admin bypass for cross-org operations
Runtime policy changes — no restart needed

🏢

Multi-Organization

Full multi-tenant support out of the box. Every data operation is scoped to the user's organization automatically.

Auto-provisioning from email domain
Organization types: Enterprise, Startup, Individual, Non-profit, Government
B2B onboarding flow with admin approval
Per-organization subscription plan
Plan history tracking

💳

Subscriptions & Billing

Full Stripe integration — from checkout to usage enforcement. Define plans once, enforce everywhere.

Subscription plans with Stripe Checkout
Hosted billing portal (invoices, card management)
Saved payment methods + direct upgrade
Per-plan usage limits with consumption tracking
Stripe webhook processing
Trial management

🧩

Micro-Frontend Platform

Shell UI is the host shell. Remote services plug in as Module Federation remotes — one URL is all you need to register.

React 18 + Vite Module Federation host
Dynamic remote loading from Service Registry
Auth token broadcast via BroadcastChannel
Service scaffolding with veni create app
Shared React, Router, and vendor chunks
Access gated by subscription plan

⚡

Service Mesh (gRPC)

ignis-grpc gateway over HTTP. No gRPC client libraries needed in downstream services — plain fetch works.

Connect RPC over HTTP (no HTTP/2 required)
JWT validation at the gateway
User context injected into every call
Token exchange for service-scoped JWTs
Built-in: HRM, Sure, Report service stubs

📊

Admin & Observability

Full admin UI and audit trail. Know exactly who did what, when, and from where.

Audit log for all significant events
IP address and user-agent capture
Dashboard: users, roles, orgs, apps, onboarding
Paginated activity log API
Extensible — log custom events from any service

🚀

Production Deployment

Kubernetes-native from day one. Three-environment overlay structure, one command to deploy.

Kubernetes + kustomize overlays (dev / uat / prod)
One-command deploy: ./scripts/deploy.sh prod v1.0.0
Docker multi-stage builds (Bun runtime)
readOnlyRootFilesystem support
HPA, PDB, resource limits pre-configured
cert-manager + Let's Encrypt TLS

Platform Interface

Clean, production-ready UI — out of the box

Every screen ships with the platform. Auth, admin, billing, and service management — all built on a consistent design system.

shell.venizia.ai/login

◈

VENI-AI

One login.
Every service.

Welcome back

Continue with Keycloak SSO

Continue with Google

— or sign in with password —

Don't have an account? Create account

Want to register your org? Apply here

Authentication — SSO + OAuth2 + PKCE

shell.venizia.ai/dashboard

👥

142

Users

🛡

Roles

🏢

Orgs

⚙️

Apps

📋

Pending

Pro PlanBusiness

API Calls840 / 1000

Users12 / 25

10:42 AMuser.created on users

10:38 AMauth.login on auth

09:15 AMonboarding.approved

Admin Dashboard — stats, plan usage, activity log

shell.venizia.ai/admin/users

Name	Email	Provider	Status	Roles
JD jdoe	jane@acme.com	keycloak	Active	admin editor
AS asmith	alice@corp.io	google	Active	viewer
BJ bjones	bob@startup.co	local	Locked	editor
CL clee	carol@enterprise.ai	keycloak	Active	admin

User Management — CRUD, roles, status, RBAC

shell.venizia.ai/pricing

Simple, transparent pricing

Start free, upgrade when you're ready.

MonthlyAnnual

Hobby

$0 / mo

1 user

500 API calls

2 apps

Current

Pro

$29 / mo

5 users

10k API calls

10 apps

Upgrade

Business

$99 / mo

25 users

100k API calls

Unlimited apps

Upgrade

Enterprise

Custom

Unlimited users

Unlimited calls

SLA + support

Contact

Pricing — Stripe-powered plans with monthly / annual toggle

How It Works

One login. Every service.

A user authenticates once with Shell. That session is trusted everywhere — no per-service login, no token juggling for the end user.

👤 User

→

🔐 Keycloak SSO

→

🐚 Shell API

→

🎫 Shell JWT

→

🧩 Shell UI

broadcasts →

📡 BroadcastChannel

→

🏢 HRM

📈 Reports

✅ Sure

🏢 HRM Service

→ POST /auth/exchange →

🎫 Service JWT

→

🔒 HRM API (auth'd)

Technology Stack

Built on proven, modern foundations

Every technology was chosen for speed, type safety, and production reliability.

Bun 1.x

Hono (Ignis)

TypeScript 5

React 18

Vite

Module Federation

Keycloak 23

PostgreSQL

Drizzle ORM

Redis

Casbin RBAC

Stripe

Connect RPC

Kubernetes

kustomize

cert-manager

Use Cases

Who is VENI-AI built for?

🏢 Enterprise SaaS

Multi-org, RBAC, SSO via Keycloak, B2B onboarding, and Stripe billing — all the enterprise requirements, zero custom code.

🛠️ Internal Platforms

Host multiple internal tools under one login. Teams own their micro-frontends; Shell handles auth and routing.

🚀 Product Studios

Build multiple products on one platform. Shared identity and billing, independent codebases and teams.

🏗️ Service Scaffolding

Scaffold a production-ready service with veni create app — auth, DB, API, UI, and K8s manifests included.

Ready to build?

Get the platform running locally in 5 minutes. No cloud account needed.

Quick Start →Architecture API Reference All Guides