Overview
SoConnective — Documentation
SoConnective
SoConnective is a self-hosted, AI-native, multi-tenant, white-label agency platform built by SoConnective — an operating system for running an agency and its clients from a single codebase you fully control. It consolidates the CRM, conversations, automation, and AI tooling that agencies normally stitch together from a dozen subscriptions into one product, with no per-seat tax and no vendor lock-in.
The 3-tier model
Tenancy is hierarchical, with strict isolation at every level:
| Tier | Who it is for | What they see |
|---|---|---|
| Platform (master) | SoConnective operators | Everything; manages agencies and the marketplace |
| Agency | An agency running on the platform | Their own account and the sub-accounts they own |
| Sub-account | An agency's client | Only their own account |
The Platform account is invisible to the tiers beneath it, and a user can only ever touch the accounts they belong to. See the security model for how this is enforced in depth.
The stack at a glance
| App | Stack | Role |
|---|---|---|
apps/cms | Payload CMS 3.85 · Postgres (payload schema) · multi-tenant plugin | API, auth, data, hooks, engine |
apps/crm | Next.js 16 · React 19 · Tailwind v4 · shadcn | The agency/client UI |
apps/docs | This site | Product & security documentation |
The CRM talks to the CMS over the Payload REST API (PAYLOAD_URL); auth flows through the httpOnly fs_session cookie, forwarded as a JWT. The platform runs on a VPS via Coolify + Traefik, with git on Forgejo and Redis (fs-cache) backing caching, rate-limiting, and metering.
Start here
- Product overview — the problem, the solution, and the philosophy
- Security model — tenancy, isolation, RLS, and the audit log
- Tenancy & data isolation — how cross-tenant access is made impossible
- Audit log — the immutable, forgery-proof activity trail
- Deployment & operations — how SoConnective ships and runs