Self-hosted project management with enterprise permissions and AI superpowers.
Part of the GenX Project
Tell Claude what you want. It plans the work, estimates hours, creates subtasks, builds the features, and tracks its own progress. You review.
Most project management tools are either too simple (Trello) or too complex (Jira). And none of them understand AI-native workflows.
Kanbu is different:
| Problem | Kanbu Solution |
|---|---|
| "I need enterprise permissions but Trello doesn't have them" | NTFS-style ACL with inheritance, deny rules, and security groups |
| "I want AI to help but it can't access my tasks" | 154 MCP tools - Claude Code works directly in your board |
| "GitHub issues and my PM tool are never in sync" | Bi-directional GitHub sync with webhook integration |
| "I want to self-host but lose features" | Community edition has MORE features than most paid tools |
| "My backups are not secure or automated" | Enterprise backup system with AES-256 encryption & scheduling |
| "My team speaks different languages" | Each user talks to their own AI assistant in their own language |
- Kanban boards with drag-and-drop, swimlanes, and WIP limits
- Multiple views: Board, List, Calendar, Timeline
- Sprints & Milestones with burndown charts
- Time tracking with estimates vs. actuals
- Real-time collaboration: Live cursors, typing indicators, and instant sync via Socket.io
Kanbu implements a robust permission system inspired by Windows (NTFS) and Active Directory.
- Granular permissions: Bitmask-based control (Read, Write, Execute, Delete, Permissions).
- Inheritance: Workspace β Project β Task permissions flow down automatically.
- Deny-first logic: Explicit deny overrides any grant (e.g., ban a specific user from a project even if they are an admin).
- Audit logs: Complete security trail with export to CSV/JSON.
Permission Bitmask:
| Bit | Permission | Value | Description |
|---|---|---|---|
| R | Read | 1 | View resource |
| W | Write | 2 | Modify resource |
| X | Execute | 4 | Perform actions (reserved) |
| D | Delete | 8 | Remove resource |
| P | Permissions | 16 | Manage ACL entries |
Role Mapping:
| Role | Workspace ACL | Project ACL |
|---|---|---|
| OWNER | FULL_CONTROL (31) | FULL_CONTROL (31) |
| ADMIN | FULL_CONTROL (31) | - |
| MANAGER | - | EDITOR (15) |
| MEMBER | CONTRIBUTOR (7) | CONTRIBUTOR (7) |
| VIEWER | READ_ONLY (1) | READ_ONLY (1) |
Kanbu includes Kanbu Graphiti, a self-hosted knowledge graph engine (Python/FastAPI) that runs locally alongside the app.
- No external dependencies: You do not need to sign up for any third-party Graph Service. It runs on your own hardware using FalkorDB.
- Fact Extraction: Automatically builds a knowledge graph from your wiki pages.
- Temporal Queries: Ask "What did we know about this feature last month?"
- Contradiction Detection: Flags conflicting information across your documentation.
Connect Claude Code to manage your Kanbu projects with 154 available tools. Status: Production Ready (Hardened)
Tool Categories:
| Phase | Category | Tools | Examples |
|---|---|---|---|
| 1 | Pairing | 3 | kanbu_connect, kanbu_whoami, kanbu_disconnect |
| 2 | Core | 11 | kanbu_list_workspaces, kanbu_create_task |
| 3 | Subtasks & Comments | 9 | kanbu_create_subtask, kanbu_add_comment |
| 4 | Search & Activity | 5 | kanbu_search_tasks, kanbu_recent_activity |
| 5 | Analytics | 4 | kanbu_project_stats, kanbu_velocity |
| 6-12 | Admin & Settings | 90 | User management, ACL, Audit logs, Backups, Profile |
| 9+ | GitHub Connector | 10 | kanbu_list_github_prs, kanbu_create_github_branch |
| 17 | Wiki Management | 18 | kanbu_list_project_wiki_pages, kanbu_create_workspace_wiki_page |
| 13-16 | Hardening & Audit | 4 | Rate limiting, Security hardening |
- Bi-directional sync: Issues, PRs, commits, milestones
- Auto-link commits: Reference tasks in commit messages
- Sync logs: Complete visibility into what synced and when
Complete backup solution with enterprise-grade security:
- AES-256-GCM encryption at rest (optional, via
BACKUP_ENCRYPTION_KEY) - SHA-256 checksum verification to detect tampering or corruption
- Dual-mode PostgreSQL backup: Direct mode (network) or Docker mode (container exec)
- Scheduled backups with cron-style scheduling (internal or external triggers)
- Smart retention policies: Keep last N daily/weekly/monthly backups
- Database restore wizard with pre-restore backup and verification
- Webhook notifications with HMAC-SHA256 signed payloads
- Multi-instance support: Environment-based subdirectories for shared storage
| Layer | Technology |
|---|---|
| Frontend | React 18, TypeScript, Vite, Tailwind CSS, Shadcn/ui |
| State | Redux Toolkit, TanStack Query |
| Backend | Node.js 22, Fastify, tRPC v10, Socket.io |
| Database | PostgreSQL 15, Prisma ORM |
| AI / Graph | Kanbu Graphiti (Python/FastAPI), FalkorDB (Graph DB) |
| Monorepo | pnpm workspaces, Turborepo |
# Prerequisites: Node.js 22+, PostgreSQL 15+, pnpm 9+
# Clone and install
git clone https://github.com/hydro13/kanbu.git
cd kanbu
pnpm install
# Setup database
cd packages/shared
cp ../../apps/api/.env.example ../../apps/api/.env
# Edit .env with your DATABASE_URL and JWT_SECRET
pnpm db:generate
pnpm db:push
# Start development
cd ../..
pnpm dev
# Open http://localhost:5173cd docker
cp .env.example .env
# Edit .env - CHANGE THE PASSWORDS AND JWT_SECRET!
docker compose -f docker-compose.selfhosted.yml up -dContributions are welcome! Please read our Contributing Guide before submitting a PR.
GNU Affero General Public License v3.0 (AGPL-3.0)
- β Use, modify, and distribute freely
- β Commercial use allowed
β οΈ Modified versions must be open-sourcedβ οΈ Network use = distribution (must share source)
See LICENSE for details.
- π¬ Discord Community
- π Issue Tracker
Kanbu - Project management for the AI era
Built with β€οΈ by Robin Waslander