Project management system built with .NET 10 -- Clean Architecture, DDD, and dual REST/gRPC implementation
Cpnucleo is a project management and task tracking system built as a .NET 10 reference implementation for Clean Architecture, Domain-Driven Design, and a CQRS-like dual data access strategy. The REST API uses FastEndpoints with EF Core while the gRPC server uses FastEndpoints Remote Messaging with Dapper, both operating against the same PostgreSQL database. 27 architecture tests (NetArchTest) enforce layer dependency rules at build time, ensuring the domain layer remains free of infrastructure concerns.
| Technology | Version | Purpose |
|---|---|---|
| .NET | 10.0 | Runtime and SDK |
| ASP.NET Core | 10.0 | Web framework |
| FastEndpoints | 8.1 | REST endpoint routing and gRPC messaging |
| Entity Framework Core | 10.0 | ORM for WebApi and IdentityApi |
| Dapper | 2.1 | Micro-ORM for GrpcServer |
| Dapper.AOT | 1.0 | Compile-time SQL interception |
| Npgsql | 10.0 | PostgreSQL driver |
| PostgreSQL | 16.7 | Primary database |
| Astro + Qwik | Astro 5 / Qwik 1.x | Static frontend routing with resumable interactive islands |
| Tailwind CSS | 3.x | Catalyst-inspired product UI styling |
| Riok.Mapperly | 4.3 | Compile-time object mapping |
| OpenTelemetry | 1.15 | Distributed tracing, metrics, logging |
| Docker + Compose | Latest | Containerization and orchestration |
| NGINX | Latest | Reverse proxy and load balancing |
| GitHub Actions | -- | CI/CD pipelines |
| Hostinger Docker Manager | -- | Production deployment target |
- Clean Architecture with strict layer separation enforced by 27 automated NetArchTest rules
- Dual data access strategies: EF Core (REST API) and Dapper with Unit of Work (gRPC server) against the same database
- JWT authentication via a dedicated Identity API with Argon2id-hashed credentials
- Rate limiting per IP: 50 req/min on WebApi, 10 req/min on IdentityApi
- OpenTelemetry observability with OTLP export and optional Grafana LGTM stack
- NGINX load balancing across two WebApi instances with least-connection routing
- Multi-platform Docker builds (linux/amd64 + linux/arm64/v8) with AOT, trimming, and extra optimization options
- Astro + Qwik frontend with Tailwind CSS, IdentityApi login, and Catalyst-inspired CRUD screens for all WebApi resources, including prefilled edit forms and readable relation labels
- Five test projects: architecture validation, Application and security unit tests, WebApi unit tests, and WebApi integration tests
- Automated CI/CD with GitHub Actions deploying GHCR images to Hostinger Docker Manager
┌─────────────────────────────────────────────────────┐
│ Presentation Layer │
│ WebApi (REST) GrpcServer IdentityApi WebClient │
│ FastEndpoints FE.Messaging JWT Auth Astro │
│ + EF Core + Dapper + Qwik/TW │
└────────────────────────┬────────────────────────────┘
│
┌────────────────────────┴────────────────────────────┐
│ Application Layer │
│ Feature slices/use cases shared by REST and gRPC │
│ Pilot: Projects/CreateProject │
└────────────────────────┬────────────────────────────┘
│
┌────────────────────────┴────────────────────────────┐
│ Infrastructure Layer │
│ ApplicationDbContext DapperRepository<T> │
│ EF Core Migrations Unit of Work │
│ Npgsql + PostgreSQL │
└────────────────────────┬────────────────────────────┘
│
┌────────────────────────┴────────────────────────────┐
│ Domain Layer │
│ 11 Entities (sealed, BaseEntity, factory methods) │
│ Repository interfaces IPasswordHasher contract │
│ Zero external dependencies │
└─────────────────────────────────────────────────────┘
Layer dependencies enforced by 27 NetArchTest rules at build time.
- .NET 10 SDK (10.0.102+)
- Docker
- Docker Compose v2
git clone https://github.com/jonathanperis/cpnucleo.git
cd cpnucleo
docker compose up| Service | URL |
|---|---|
| WebApi (via NGINX) | http://localhost:9999 |
| IdentityApi | http://localhost:5200 |
| GrpcServer | http://localhost:5300 (gRPC) / http://localhost:5301 (health) |
| WebClient | http://localhost:5400 |
Development mode (build from source with Grafana LGTM observability):
docker compose -f compose.yaml -f compose.override.yaml up --buildProduction mode (pre-built images from GHCR):
docker compose -f compose.yaml -f compose.prod.yaml up -dsrc/
Domain/ Core business logic (zero external dependencies)
Application/ Feature slices/use cases shared by REST + gRPC
Infrastructure/ EF Core + Dapper data access implementations
WebApi/ REST API (FastEndpoints + EF Core)
GrpcServer/ gRPC command server (FastEndpoints.Messaging + Dapper)
GrpcServer.Contracts/ Shared command/result DTOs
IdentityApi/ JWT authentication service
WebClient/ Astro + Qwik + Tailwind frontend
tests/
Architecture.Tests/ Clean Architecture rules (xUnit + NetArchTest)
WebApi.Unit.Tests/ Endpoint unit tests (NUnit + FakeItEasy)
WebApi.Integration.Tests/ End-to-end API tests (xUnit v3 + FastEndpoints.Testing)
dotnet test cpnucleo.slnx # Run all tests
dotnet test tests/Architecture.Tests/ # Architecture rules only
dotnet test tests/WebApi.Unit.Tests/ # Unit tests only| Suite | Framework | Coverage |
|---|---|---|
| Architecture.Tests | xUnit + NetArchTest | Layer deps, naming, sealed entities |
| Application.Unit.Tests | NUnit + FakeItEasy + Shouldly | Shared Application use cases |
| Security.Unit.Tests | NUnit + Shouldly | Password hashing and login verification |
| WebApi.Unit.Tests | NUnit + FakeItEasy + Shouldly | 53 endpoint unit-test cases; local compile cleanup currently needed |
| WebApi.Integration.Tests | xUnit v3 + FastEndpoints.Testing | Full HTTP CRUD per entity |
build-check.yml (pull requests): builds each service, runs architecture tests, performs container health check validation.
main-release.yml (push to main): builds and runs architecture tests with TRIM=true and EXTRA_OPTIMIZE=true, pushes amd64/arm64 GHCR images plus immutable sha-${GITHUB_SHA} manifests, runs container health checks, deploys immutable amd64 GHCR images to Hostinger Docker Manager.
See the Pages documentation for detailed documentation on architecture, API reference, WebClient CRUD behavior, database setup, testing, and deployment.
Contributing guidelines, security policy, and code of conduct are maintained in the jonathanperis/.github repository and apply to all repositories.
MIT -- see LICENSE
