Skip to content

Quick Start

Get Mitch‑Risk running in minutes with Docker Compose.

Prerequisites

  • Docker and Docker Compose installed
  • Node.js >= 22 (for local development only)
  • Git (to clone the repository)

Docker Compose Quickstart

No build tools required — just Docker. Use the pre-built image from GitHub Container Registry:

bash
curl -O https://raw.githubusercontent.com/mitchelljfranklin/mitch-risk/master/docker-compose.pull.yml

Create a .env file with your secrets:

env
POSTGRES_PASSWORD=<a strong password>
AUTH_SECRET=<generate a strong random string>
APP_ENCRYPTION_KEY=<at least 32 random characters>
CRON_SECRET=<another strong random string>
APP_URL=http://localhost:3000
bash
docker compose -f docker-compose.pull.yml up -d

Portainer users: A ready-to-customize template is available at docker-compose.portainer.yml. Paste it into Portainer's stack editor and replace the CHANGE_ME placeholders.

Build from source

bash
git clone https://github.com/mitchelljfranklin/mitch-risk.git
cd mitch-risk
cp .env.example .env

Edit .env and set your own secrets:

env
DATABASE_URL=postgresql://mitch:mitch@db:5432/mitch_risk?schema=public
AUTH_SECRET=<generate a strong random string>
APP_ENCRYPTION_KEY=<at least 32 random characters>
CRON_SECRET=<another strong random string>
APP_URL=http://localhost:3000

Start the stack:

bash
docker compose up -d

First Login

  1. Open http://localhost:3000/setup in your browser.
  2. Create your first admin account (email + password, minimum 12 characters).
  3. The /setup page is only available when no users exist — after setup, it returns 404.

Next Steps

After logging in, configure the platform:

  1. Configure email — go to Settings → Email, enter your SMTP server details.
  2. Create a template — go to Templates, build a questionnaire with sections and questions.
  3. Add a vendor — go to Vendors, create a vendor profile with contact info.
  4. Send an assessment — create an assessment for the vendor from your template and send it.
  5. Review responses — when the vendor submits, review their answers and generate findings.

Local Development

bash
npm install
cp .env.example .env
npx prisma migrate dev
npm run db:seed
npm run dev

Open http://localhost:3000.

Useful Commands

CommandPurpose
npm run devStart dev server
npm run buildProduction build
npm run lintRun ESLint
npm run typecheckTypeScript check
npm run format:checkPrettier format check
npm run precheckRun typecheck + lint + format:check (same as CI)
npm run testRun unit + integration tests
npm run test:e2eRun Playwright e2e tests
npm run db:migrateApply Prisma migrations
npm run db:seedSeed the database

Environment Variables

VariableRequiredDefaultDescription
DATABASE_URLYesPostgreSQL connection string
AUTH_SECRETYesAuth.js JWT signing secret (min 32 chars, used for session tokens)
APP_ENCRYPTION_KEYYesKey for AES-256-GCM encryption of secrets at rest (min 32 chars)
CRON_SECRETYes (prod)Secret passed in X-Cron-Secret header to trigger cron jobs
APP_URLNohttp://localhost:3000Public URL used for portal links and auth callbacks
EVIDENCE_STORAGE_PATHNo./.storage/evidence/Directory for local file storage
TRUSTED_PROXY_COUNTNo0Number of trusted reverse proxy hops for client IP resolution
CLIENT_IP_HEADERNoOptional dedicated header for client IP (e.g. cf-connecting-ip)
AUTH_URLNoFalls back to APP_URLOverride for auth callbacks if different from APP_URL

Important: CRON_SECRET must be set in production. The app refuses to boot without it (except during next build). TRUSTED_PROXY_COUNT must match your actual proxy hop count — see Reverse Proxy for details.

Open-source, self-hosted third party vendor risk management.