TexFolio is a modern SaaS application that combines the precision of LaTeX document rendering with the intelligence of Large Language Models (LLMs). It solves the problem of formatting complex resumes while ensuring they are optimized for Applicant Tracking Systems (ATS).

Unlike traditional resume builders that generate clunky HTML-to-PDF exports, TexFolio compiles real LaTeX code in the background to produce industry-standard, typography-perfect PDFs.

• LangGraph Resume Coach: Multi-agent pipeline scoring Content, Impact, Format, and ATS compatibility.
• Smart Resume Analysis: Get real-time feedback on your resume with a 0-100 ATS score.
• Bullet Point Generator: Generate action-oriented, quantified bullet points for any job title (Powered by NVIDIA NIM / Groq).
• Text Improver: Instantly rewrite summary or descriptions to be more professional.
• Cover Letter Generator: Auto-write tailored cover letters based on your resume and a job description.
• LinkedIn Import: Upload your LinkedIn PDF and let Llama 3.3 automatically extract and populate your resume data.

• Real LaTeX Rendering: Uses pdflatex to compile high-quality PDFs.
• FAANG-Ready Templates: Includes the popular "FAANGPath" and "Classic" templates used by top tech companies.
• Clean URLs: Automatic formatting of LinkedIn and GitHub links for a cleaner look.

• Interactive Stepper: A guided, step-by-step form experience.
• Drag & Drop: Easily reorder sections (Education, Experience, Skills, etc.).
• Live Preview: Real-time feedback on your edits as you type. ✨

• Multi-Organization Support: Create and manage teams with shared resume access.
• Role-Based Access Control (RBAC): Owner → Admin → Editor → Viewer hierarchy.
• Organization Branding: Lock templates, enforce company fonts, and set primary colors.
• Member Invitations: Invite users with scoped roles; ownership transfer support.
• Org-Aware Resumes: Resumes with visibility: "organization" are shared across the team.
• Audit Logging: Immutable trail for all membership changes and organization actions.

• Queue-Based PDF Generation: BullMQ + Redis offloads LaTeX compilation from the HTTP thread.
  • Progress tracking (10% → 30% → 100%)
  • Automatic retries with exponential backoff
  • Rate-limited worker concurrency (5 PDFs/min)
• Distributed Rate Limiting: Redis-backed fixed-window counters survive reboots and scale horizontally.
• Health Monitoring:
  • /health — API liveness
  • /health/ai — AI circuit breaker status + key configuration
  • /health/pdf — PDF pipeline (pdflatex + Redis) readiness
• Circuit Breaker: Automatic AI service failover (NVIDIA NIM → Groq) with configurable thresholds.
• Request ID Tracking: Every request traceable from client to server with correlation IDs.
• Structured Logging: JSON-serialized logs for observability.

• Authentication: Clerk JWT with strict middleware + Zod config validation.
• API Key Authentication: Service-to-service HMAC-signed keys with scoped permissions (read:resumes, write:resumes, admin).
• Input Sanitization: XSS/prototype pollution prevention on all JSON inputs.
• Rate Limiting: Tiered limits — Pro users get higher quotas; anonymous requests fall back to IP.
• Security Headers: CSP, X-Frame-Options, nosniff, referrer policy, and X-Request-ID enforced.
• Payments: Razorpay with cryptographic webhook signature validation.
• Email Delivery: Brevo API for one-click PDF sharing.
• GDPR Compliance:
  • /api/me/export — Complete JSON dump of all personal data
  • /api/me/delete — Soft-delete with 30-day buffer and PII anonymization
• Database: MongoDB Atlas with connection pooling, compound indexes, and transaction support.
• CI/CD: GitHub Actions for automated security audits + TypeScript build verification.

Interactive Editor	Dashboard

AI Analysis	PDF Preview

Note: Add your screenshots to a docs/ folder in the root directory.

• Core: React 19, Vite (Rolldown bundler), TypeScript
• Styling: Tailwind CSS v4
• State Management: Zustand (with persist), React Query (@tanstack/query)
• Organization Context: Zustand store (organizationStore) + OrganizationContext provider for active-org resolution, role-aware UI guards, and X-Organization-Id header injection
• Forms: React Hook Form
• UI Components: Headless UI, Lucide React
• Authentication: Clerk React SDK

• Server: Hono v4 (Node.js adapter) — Ultra-fast web standard framework with middleware pipeline
• Database: MongoDB (Mongoose) with connection pooling, compound indexes, and multi-document transactions
• AI Engine: LangChain + LangGraph (Resume Coach Agent with 4-stage pipeline)
• LLM Providers: NVIDIA NIM (Primary), Google Gemini, Groq (Fallback chain)
• PDF Engine: pdflatex via Docker container (texfolio-latex) or local MiKTeX, with spawn-based command injection prevention
• Job Queue: BullMQ backed by Redis for async PDF generation with progress tracking, retries, and worker concurrency limits
• Rate Limiting: Distributed fixed-window counters via ioredis (survives restarts, scales horizontally)
• Caching: Redis for session-adjacent data and queue state
• Integrations: Razorpay (Payments), Brevo (Emails), Clerk (Auth)
• Middleware: Request ID propagation, tiered rate limiting, Clerk JWT auth, RBAC role enforcement, API key auth (HMAC), structured logging, CORS, CSP
• CI/CD: GitHub Actions with automated security audits + TypeScript build verification

Follow these steps to set up TexFolio locally.

• Node.js >= 18
• MongoDB (Local or Atlas)
• Redis (Local or Docker) — Required for BullMQ queues and distributed rate limiting
• LaTeX Distribution (MiKTeX or TeX Live) OR Docker (for containerized pdflatex rendering) — Recommended
• Groq API Key (for AI features)
• Clerk API Keys (for Auth)

1. Clone the repository

   git clone https://github.com/theunstopabble/TexFolio.git
   cd TexFolio

2. Install Dependencies

   npm install

3. Environment Setup Copy .env.example files and fill in your keys:

   cp apps/api/.env.example apps/api/.env
   cp apps/web/.env.example apps/web/.env

   apps/api/.env

   # Core
   NODE_ENV=development
   PORT=5000
   MONGODB_URI=your_mongodb_connection_string
   REDIS_URL=redis://localhost:6379
   CORS_ORIGIN=http://localhost:5173
   
   # Auth
   CLERK_SECRET_KEY=your_clerk_secret_key
   CLERK_PUBLISHABLE_KEY=your_clerk_publishable_key
   
   # AI (at least one required)
   NVIDIA_API_KEY=your_nvidia_nim_key
   GROQ_API_KEY=your_groq_api_key
   GOOGLE_AI_API_KEY=your_google_gemini_key
   
   # PDF (set to true if using Docker for LaTeX)
   PDFLATEX_PATH=pdflatex
   USE_DOCKER_LATEX=true
   
   # Payments
   RAZORPAY_KEY_ID=your_razorpay_key_id
   RAZORPAY_KEY_SECRET=your_razorpay_secret
   RAZORPAY_WEBHOOK_SECRET=your_razorpay_webhook_secret
   
   # Email
   BREVO_API_KEY=your_brevo_api_key
   SENDER_EMAIL=hello@texfolio.app
   
   # Service-to-Service API Keys (optional but recommended)
   API_KEY_SECRET=your_random_64_char_secret_for_hmac_signing

   apps/web/.env

   VITE_API_URL=http://localhost:5000/api
   VITE_CLERK_PUBLISHABLE_KEY=your_clerk_publishable_key

4. Run the Application Run both frontend and backend concurrently:

   npm run dev

   • Frontend: http://localhost:5173
   • Backend: http://localhost:5000

TexFolio follows a Service-Oriented Architecture within a Monorepo.

TexFolio/
├── apps/
│   ├── api/                          # Backend Server (Hono)
│   │   ├── src/
│   │   │   ├── services/             # Business Logic (AI, PDF, Audit, Org)
│   │   │   ├── templates/            # .tex LaTeX Templates
│   │   │   ├── models/               # Mongoose Models (User, Resume, Org, AuditLog, ApiKey)
│   │   │   ├── routes.hono/          # REST API Endpoints
│   │   │   ├── middleware.hono/      # Auth, RBAC, Rate Limit, API Key, Audit
│   │   │   ├── queues/               # BullMQ Workers (PDF Generation)
│   │   │   ├── config/               # Environment validation (Zod)
│   │   │   └── agents/               # LangGraph AI pipelines
│   │   └── Dockerfile                # API container
│   ├── web/                          # Frontend Client (React)
│   │   └── src/
│   │       ├── features/             # Feature-based folders (Resume Editor)
│   │       ├── components/           # Shared Components (Header, OrgSwitcher)
│   │       ├── context/              # React Context (Auth, Organization)
│   │       ├── stores/               # Zustand Stores (UI, Organization)
│   │       └── pages/                # Route Views (Home, Dashboard, Orgs, Editor)
│   └── latex-renderer/
│       └── Dockerfile                # Dedicated LaTeX compilation container
├── packages/
│   └── shared/                       # Shared TypeScript types/config
├── docker-compose.yml                # Full stack orchestration (API + LaTeX + Redis)
└── .github/workflows/ci.yml          # CI/CD pipeline

1. Request Arrival: Client requests PDF generation (/api/resumes/:id/pdf).
2. Job Enqueue: Server enqueues a BullMQ job with resumeId, userId, and optional organizationId.
3. Progress Tracking: Client polls /api/resumes/:id/pdf-status for job progress (10% → 30% → 100%).
4. Worker Processing: Dedicated worker fetches resume + org branding (template lock, color, font overrides).
5. Transformation: PDFService escapes LaTeX, applies org branding, and maps to Mustache tags.
6. Compilation: pdflatex (Docker or local) compiles .tex → .pdf with spawn (no exec).
7. Delivery: Worker returns the output path; client receives download URL.

Request → authMiddleware (Clerk JWT)
  → Resolve X-Organization-Id header or route param
  → Fetch OrganizationMember (role lookup)
  → requireRole("admin") middleware
  → ResumeService.orgQuery({ userId, orgId, role })
  → AuditService.log({ actorId, action, resourceType })
  → Response

App.tsx
  → OrganizationProvider (context)
    → organizationStore (Zustand, persist)
      → Header: OrganizationSwitcher dropdown
      → Dashboard: org context banner + CTA
      → /organizations        → Organizations.tsx    (list, create)
      → /organizations/:id    → OrganizationDetail.tsx (overview, resumes)
      → /organizations/:id/settings → OrganizationSettings.tsx (branding, locked template)
      → /organizations/:id/members  → OrganizationMembers.tsx (invite, roles, remove)
      → API calls → Axios interceptor injects X-Organization-Id header dynamically

• Storage: Redis fixed-window counters via INCR + PEXPIRE (atomic pipeline).
• Keys: ratelimit:user:<userId>:<windowId> or ratelimit:ip:<ip>:<windowId>.
• Tiers: Pro users get higher quotas; anonymous requests fall back to IP.
• Fail-Open: If Redis is unreachable, requests are allowed (prevent total outage).
• Headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-RateLimit-Tier.

All protected routes strictly require a Clerk Bearer token, unless noted otherwise.

Organization context is resolved via X-Organization-Id header or inferred from route params.

Usage: Include key in X-API-Key header or Authorization: ApiKey <key>. Supported scopes: read:resumes, write:resumes, read:analytics, admin.

TexFolio supports multi-tenant organizations with strict role-based access control.

Owner (4)  →  Admin (3)  →  Editor (2)  →  Viewer (1)

When visibility: "organization" is set on a resume:

• All members can view it.
• Admins and Editors can modify it.
• PDF generation automatically applies the org's lockedTemplateId, primaryColor, and enforceCompanyFont overrides.

Only the current owner can promote another member to owner. The previous owner is automatically demoted to admin.

TexFolio implements a privacy-by-design approach for EU GDPR compliance.

Returns a complete JSON dump containing:

• All personal resumes
• Audit log history
• Organizations owned
• Organization memberships

• Resumes: Titles, names, emails, phones, locations, and all content sections are replaced with [REDACTED] or [DELETED].
• Organization Memberships: Status changed to pending (effectively revoked).
• Audit Logs: Actor IDs anonymized with [DELETED:<userId>] marker.
• Hard Deletion: A background job (not yet automated) should permanently remove records after a 30-day buffer.

Contributions are welcome! Please feel free to submit a Pull Request.

Author: Gautam Kumar Website: Texfolio