A production-grade, cloud-native Employee Management System with an AI-powered chat interface that integrates the Model Context Protocol (MCP) with a dual-LLM architecture, demonstrating enterprise DevOps practices through Jenkins-based CI/CD automation, Infrastructure as Code (IaC), Dockerized services deployed on AWS EC2, and end-to-end monitoring.
- π₯ Employee Management: Complete CRUD operations for employee data
- π¬ Chat interface: Natural language queries to database
- π§ Dual LLM System: OpenRouter (Primary) & HuggingFace (Backup) for Intent Detection + Response Generation
- π MCP Server:Real-time data retrieval via MCP
- π CI/CD Automation (Jenkins)
- π³ Containerization (Docker + Docker Compose)
- βοΈ Cloud Deployment (AWS EC2)
- ποΈ Infrastructure as Code (Terraform)
- π€ Configuration Management (Ansible)
- π Monitoring & Observability (Prometheus + Grafana)
ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ
β User ββββββββββΊβ Next.js ββββββββββΊβ FastAPI ββββββββββΊβ MCP ββββββββββΊβ MongoDB β
β Browser βββββββββββ Frontend βββββββββββ Backend βββββββββββ Server βββββββββββ Atlas β
ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ
β β β
β β β
βΌ βΌ βΌ
React UI LLM Intent Detection MCP Tools
chat interface (OpenRouter/HF) (16 operations)
Response Generation JSON-RPC stdio
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β DEVELOPER WORKFLOW β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
Git Push to GitHub
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CI/CD PIPELINE (Jenkins) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 1. Source Code Checkout (GitHub Webhook) β
β 2. Unit & Integration Tests (Backend / Frontend) β
β 3. Docker Image Build (Multi-stage builds) β
β 4. Image Scan / Best Practices β
β 5. Push Images to Docker Hub β
β 6. Deploy to EXISTING EC2 β
β 7. Health Checks & Smoke Tests β
β 8. Notifications (Success / Failure) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β RUNNING APPLICATION (PRODUCTION) On EC2 β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β ββββββββββββββββββββββββ β
β Internet (HTTPS)βββΊβ NGINX Reverse Proxy β β
β Port 443/80 β Let's Encrypt SSL β β
β ββββββββββββββββββββββββ β
β β β
β ββββββββββββββ΄ββββββββββββββ β
β β β β
β βΌ βΌ β
β ββββββββββββββββββββ ββββββββββββββββββββ ββββββββββββββββββββ β
β β Frontend β β Backend β β MCP Server β β
β β (Next.js) βββββΊβ (FastAPI) βββββΊβ (Node.js) β β
β β Port: 3000 β β Port: 8000 β β stdio β β
β β Docker Image β β Docker Image β β Subprocess β β
β ββββββββββββββββββββ ββββββββββββββββββββ ββββββββββββββββββββ β
β β β
β work-zen-docker-network β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββββββ΄βββββββββββββββββββββ
β β
βΌ βΌ
ββββββββββββββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββ
β DATABASE (MongoDB Atlas) β β MONITORING STACK β
ββββββββββββββββββββββββββββββββββββ€ ββββββββββββββββββββββββββββββββββββββ€
β Cloud-hosted NoSQL Database β β Prometheus (9090) β
β - employees β β Grafana (3001) β
β - attendance β β Node Exporter (9100) β
β - payroll β β cAdvisor (8081) β
ββββββββββββββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββ
| Feature | Technology | Purpose |
|---|---|---|
| ποΈ IaC | Terraform | Provision AWS infrastructure (VPC, EC2, Security Groups) |
| π€ Config Mgmt | Ansible | Server setup, app deployment, monitoring stack |
| π CI/CD | Jenkins | Automated build, test, deploy pipeline with webhooks |
| π Monitoring | Prometheus + Grafana | System & container metrics, custom dashboards |
| π³ Containers | Docker + Compose | Multi-stage builds, optimized images, orchestration |
| βοΈ Cloud | AWS EC2 | Production deployment with t3.micro optimization |
| π Security | UFW + Security Groups | Firewall rules, minimal port exposure |
| π Reverse Proxy | NGINX + Let's Encrypt | SSL/TLS termination, HTTPS, load balancing |
| π Scalability | Resource limits | Memory/CPU constraints, horizontal scaling ready |
- Next.js 14.0.4 - React framework with server-side rendering
- React 18.2.0 - UI component library
- TypeScript 5 - Type-safe JavaScript
- TailwindCSS 3.4.1 - Utility-first CSS framework
- FastAPI 0.109.0 - High-performance Python REST API
- Motor 3.3.2 - Async MongoDB driver
- PyMongo 4.6.1 - MongoDB Python driver
- Python 3.9+ - Backend programming language
- Node.js 18+ - MCP server runtime
- OpenRouter API - Primary LLM provider (Mistral-7B-Instruct-v0.2)
- HuggingFace API - Backup LLM provider
- Dual LLM System - Intent detection + Response generation
- Model Context Protocol (MCP) - Anthropic's standard for AI-DB communication
- Docker - Container runtime and image building
- Docker Compose - Multi-container orchestration
- Jenkins 2.528.3 - CI/CD automation server
- Terraform - Infrastructure as Code for AWS
- Ansible - Configuration management and deployment automation
- AWS EC2 - Cloud compute (t3.micro optimized)
- NGINX - High-performance reverse proxy and SSL termination
- Let's Encrypt - Free SSL/TLS certificates with auto-renewal
- Prometheus v2.47.0 - Metrics collection and alerting
- Grafana 10.2.0 - Metrics visualization and dashboards
- Node Exporter v1.6.1 - System metrics exporter
- cAdvisor v0.49.1 - Container metrics exporter
The project uses a comprehensive Jenkins pipeline with the following stages:
pipeline {
agent any
stages {
1οΈβ£ Checkout β Pull latest code from GitHub
2οΈβ£ Test Backend β Python unit tests (optimized)
3οΈβ£ Test Frontend β Node.js unit tests (optimized)
4οΈβ£ Build Images β Docker multi-stage builds
5οΈβ£ Push to Hub β Docker Hub image registry
6οΈβ£ Deploy to EC2 β SSH deployment with retry logic
7οΈβ£ Health Check β Verify deployment success
}
}β Automated Testing β Docker Image Management
- Automated push to Docker Hub registry β Deployment Automation
- SSH-based deployment to EC2
- Force pull latest images (--pull always)
- Automatic container restart
- Zero-downtime deployment strategy β Health Checks β Notifications
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β INFRASTRUCTURE & OPERATIONS (ON DEMAND) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β TERRAFORM (IaC) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β’ Create EC2 instances β
β β’ Create Security Groups β
β β’ Allocate Elastic IP β
β β’ Define VPC / Subnets β
β β’ Create NEW environments (dev/staging/prod) β
β β
β Executed ONLY when: β
β β New environment needed β
β β Instance type change β
β β Infrastructure scaling β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β ANSIBLE (CONFIG MGMT) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β’ Install Docker & Docker Compose β
β β’ Create /home/ubuntu/Work-Zen β
β β’ Configure OS, users, permissions β
β β’ Install monitoring stack β
β β’ Bootstrap server to be CI/CD-ready β
β β
β Executed ONLY when: β
β β New EC2 created β
β β Base config changes β
β β Disaster recovery β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Work-Zen uses NGINX as a reverse proxy with Let's Encrypt SSL certificates for secure HTTPS communication in production.
Live Production URL: https://workzen.duckdns.org
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β NGINX Reverse Proxy Architecture β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Internet (Port 443/80)
β
βΌ
βββββββββββββββββ
β NGINX Server β β Let's Encrypt SSL Certificate
β Port 80/443 β (Auto-renewal via certbot)
βββββββββββββββββ
β
βββββββββ΄βββββββββ
β β
βΌ βΌ
ββββββββββββββββ ββββββββββββββββ
β Frontend β β Backend β
β :3000 β β :8000/api/ β
β (Next.js) β β (FastAPI) β
ββββββββββββββββ ββββββββββββββββ
β
Automatic HTTPS Redirect - HTTP (80) β HTTPS (443)
β
Let's Encrypt Certificate - Free, auto-renewing SSL/TLS
β
TLS 1.2 & 1.3 Support - Modern encryption protocols
β
A+ SSL Rating - Strong cipher configuration
β
HSTS Enabled - HTTP Strict Transport Security
β
Certificate Auto-Renewal - Automated via certbot cron job
- NGINX_SETUP.md - Detailed NGINX configuration guide
- AWS_EC2_DEPLOYMENT.md - EC2 deployment with NGINX
- DEPLOYMENT_QUICK_START.md - Quick deployment guide
- π Foreign Key Relationships: Proper indexes on
employee_idlinking all collections - β‘ Optimized MongoDB Queries: Efficient aggregation pipelines
- π― 62+ Filter Parameters: Comprehensive filtering across all collections
| Tool | Version | Purpose |
|---|---|---|
| π³ Docker | 20.10+ | Container runtime |
| π΅ Docker Compose | 2.0+ | Multi-container orchestration |
| βοΈ AWS Account | - | Cloud infrastructure (optional) |
| π§ Terraform | 1.0+ | Infrastructure provisioning (optional) |
| π€ Ansible | 2.9+ | Configuration management (optional) |
| π Jenkins | 2.5+ | CI/CD automation (optional) |
Fastest way to get started - production-ready in 3 minutes!
# 1οΈβ£ Clone the repository
git clone https://github.com/shiranthaDS/Work-Zen.git
cd Work-Zen
# 2οΈβ£ Configure environment
cp .env.example .env
# Edit .env and add your MongoDB URL and API keys
# 3οΈβ£ Start all services
docker-compose up -d --build
# 4οΈβ£ Check container status
docker-compose ps
# 5οΈβ£ View logs
docker-compose logs -f # All containers
docker-compose logs -f backend # Backend only
docker-compose logs -f frontend # Frontend only
# 6οΈβ£ Access the application
# π Frontend: http://localhost:3000
# βοΈ Backend API: http://localhost:8000
# π API Docs: http://localhost:8000/docs
# π Prometheus: http://localhost:9090
# π Grafana: http://localhost:3001
# π Production URL (when deployed):
# π Production: https://workzen.duckdns.org
# π API: https://workzen.duckdns.org/api/
# π API Docs: https://workzen.duckdns.org/api/docs# Start containers
docker-compose up -d # π Start in background
docker-compose up # π Start with logs in foreground
# Stop containers
docker-compose stop # βΈοΈ Stop containers
docker-compose down # ποΈ Stop and remove containers
# Restart containers
docker-compose restart # π Restart all
docker-compose restart backend # π Restart backend only
# View logs
docker-compose logs -f backend # π Follow backend logs
docker-compose logs --tail=100 backend # π Last 100 lines
docker-compose logs --since 30m # β° Last 30 minutes
# Check container status
docker-compose ps # π List all containers
docker ps # π³ List running containers
# Execute commands in container
docker-compose exec backend bash # π» Access backend shell
docker-compose exec frontend sh # π» Access frontend shell
# Rebuild specific service
docker-compose up -d --build backend
# Clean restart (remove volumes)
docker-compose down -v
docker-compose up -d --buildBackend Startup Messages:
β
Connected to MongoDB: ems_database
β
OpenRouter API configured (Primary LLM)
π Starting MCP Server from: /app/mcp-server
β
MCP Server started successfully
INFO: Application startup complete.
MCP Server Startup:
π Connecting to MongoDB...
β
Connected to MongoDB database: ems_database
β
Database indexes created successfully
EMS MCP Server running on stdio
Container Status (Docker):
$ docker-compose ps
NAME STATUS PORTS
work-zen-backend Up 5 minutes 0.0.0.0:8000->8000/tcp
work-zen-frontend Up 5 minutes 0.0.0.0:3000->3000/tcp
work-zen-prometheus Up 5 minutes 0.0.0.0:9090->9090/tcp
work-zen-grafana Up 5 minutes 0.0.0.0:3001->3001/tcp
work-zen-node-exporter Up 5 minutes 0.0.0.0:9100->9100/tcp
work-zen-cadvisor Up 5 minutes 0.0.0.0:8081->8081/tcpwork-zen/
βββ π§ infrastructure/ # DevOps & Infrastructure
β βββ terraform/ # Infrastructure as Code
β β βββ main.tf # AWS resource definitions
β β βββ variables.tf # Input variables
β β βββ outputs.tf # Output values
β β βββ README.md # Terraform documentation
β βββ ansible/ # Configuration Management
β βββ inventory/ # Dynamic inventory
β βββ playbooks/ # Automation playbooks
β β βββ setup.yml # Server provisioning
β β βββ deploy.yml # App deployment
β β βββ monitoring.yml # Monitoring setup
β β βββ rollback.yml # Rollback procedures
β βββ README.md # Ansible documentation
β
βββ π monitoring/ # Observability Stack
β βββ prometheus/
β β βββ prometheus.yml # Prometheus configuration
β βββ grafana/
β β βββ provisioning/
β β βββ datasources/ # Auto-provisioned datasources
β β βββ dashboards/ # Pre-configured dashboards
β βββ docker-compose.monitoring.yml
β
βββ βοΈ backend/ # FastAPI Backend
β βββ app/
β β βββ database.py # MongoDB connection
β β βββ main.py # FastAPI app
β β βββ mcp_client.py # MCP Client (stdio)
β β βββ models/ # Pydantic models
β β βββ routes/ # API endpoints
β β βββ employees.py
β β βββ job_data.py
β β βββ attendance.py
β β βββ leaves.py
β β βββ payroll.py
β β βββ chat.py # AI chat endpoint
β βββ Dockerfile # Multi-stage build
β βββ requirements.txt
β βββ .env
β
βββ π mcp-server/ # MCP Server (Node.js)
β βββ index.js # MCP server with 16 MongoDB tools
β βββ database.js # MongoDB connection
β βββ package.json
β βββ .env
β
βββ π¨ frontend/ # Next.js Frontend
β βββ src/
β β βββ app/
β β β βββ page.tsx # Dashboard
β β β βββ employees/ # Employee pages
β β β βββ job-data/ # Job data pages
β β β βββ attendance/ # Attendance pages
β β β βββ leaves/ # Leave pages
β β β βββ payroll/ # Payroll pages
β β β βββ salary-structures/ # Salary pages
β β β βββ chat/ # AI chat page
β β βββ components/ # Reusable components
β β β βββ Sidebar.tsx
β β β βββ Header.tsx
β β βββ services/ # API services
β βββ Dockerfile # Multi-stage build
β βββ package.json
β βββ .env.local
β
βββ π Jenkinsfile # CI/CD Pipeline Definition
βββ π³ docker-compose.yml # Application orchestration
βββ π docker-compose.monitoring.yml # Monitoring stack
βββ π Documentation/
β βββ README.md # This file
β βββ ARCHITECTURE.md # System architecture
β βββ DOCKER_SETUP.md # Docker guide
β βββ AWS_EC2_DEPLOYMENT.md # AWS deployment
β βββ JENKINS_SETUP.md # CI/CD setup
β βββ DEPLOYMENT_QUICK_START.md
βββ .env.example # Environment template
The MCP Server provides 16 specialized tools for database operations:
| Tool | Description |
|---|---|
list_employees |
Get all employees |
get_employee |
Get employee by ID |
search_employees |
Advanced employee search |
list_job_data |
Get all job data |
get_job_data |
Get job data by employee |
list_attendance |
Get attendance records |
get_attendance |
Get attendance by employee |
list_leaves |
Get leave requests |
get_leave |
Get specific leave |
pending_leaves |
Get pending approvals |
get_leave_balance |
Calculate leave balance |
list_payroll |
Get payroll records |
get_payroll |
Get payroll by employee |
department_employees |
Get employees by dept |
stats_summary |
System statistics |
search |
General search |
MIT License - See LICENSE file for details
Shirantha Dissanayake
- π§ Email: shiranthadw@gmail.com
- π GitHub: @shiranthaDS
For issues, questions, or contributions:
- π Issues: GitHub Issues
- π¬ Discussions: GitHub Discussions
If you find this project helpful, please consider giving it a star on GitHub!
Built with β€οΈ using FastAPI, Next.js, Model Context Protocol, and Enterprise DevOps Practices
π Showcasing: Docker β’ Kubernetes β’ Terraform β’ Ansible β’ Jenkins β’ Prometheus β’ Grafana β’ AWS β’ CI/CD
This project demonstrates production-grade DevOps practices and cloud-native architecture suitable for enterprise environments.