ARSM
mcp
Warn
Health Warn
- License — License: NOASSERTION
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 8 GitHub stars
Code Warn
- network request — Outbound network request in AutoServiceApp/AutoService.WebUI/package.json
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This is a full-stack workshop management application designed for auto service businesses. It provides mechanics with a dashboard to schedule, claim, and track repair appointments using a React frontend and a .NET backend.
Security Assessment
The overall risk is rated as Low. The scan detected no dangerous permissions or hardcoded secrets. There is an outbound network request flagged in a package file, but this is a standard and expected finding for any full-stack web application containing a frontend framework. According to the documentation, authentication is handled relatively securely via ASP.NET Core Identity and JWT, storing access tokens in HttpOnly cookies rather than vulnerable local storage. No evidence was found of unauthorized shell command execution or malicious data collection.
Quality Assessment
The project is very actively maintained, with its most recent push occurring today. However, it currently suffers from extremely low community visibility, evidenced by having only 8 GitHub stars. This means it has not been broadly tested or vetted by a wide audience. Additionally, the repository uses a NOASSERTION license, meaning it technically lacks a clear open-source license. You should verify the author's intent before utilizing it in any commercial environment.
Verdict
Use with caution — the code appears safe and well-structured, but an unverified license and very low community adoption mean it carries inherent compliance and reliability risks.
This is a full-stack workshop management application designed for auto service businesses. It provides mechanics with a dashboard to schedule, claim, and track repair appointments using a React frontend and a .NET backend.
Security Assessment
The overall risk is rated as Low. The scan detected no dangerous permissions or hardcoded secrets. There is an outbound network request flagged in a package file, but this is a standard and expected finding for any full-stack web application containing a frontend framework. According to the documentation, authentication is handled relatively securely via ASP.NET Core Identity and JWT, storing access tokens in HttpOnly cookies rather than vulnerable local storage. No evidence was found of unauthorized shell command execution or malicious data collection.
Quality Assessment
The project is very actively maintained, with its most recent push occurring today. However, it currently suffers from extremely low community visibility, evidenced by having only 8 GitHub stars. This means it has not been broadly tested or vetted by a wide audience. Additionally, the repository uses a NOASSERTION license, meaning it technically lacks a clear open-source license. You should verify the author's intent before utilizing it in any commercial environment.
Verdict
Use with caution — the code appears safe and well-structured, but an unverified license and very low community adoption mean it carries inherent compliance and reliability risks.
ARSM is a mechanic-facing workshop management tool built for auto service businesses. It helps mechanics organize their daily repair schedules, claim appointments, and track job progress through a clean, responsive dashboard.
README.md
ARSM - Appointment and Resource Scheduling Management
ARSM is a mechanic-facing workshop management tool built for auto service businesses. It helps mechanics organize their daily repair schedules, claim appointments, and track job progress through a clean, responsive dashboard.
Use ARSM when you need to:
- View and manage repair's appointments at a glance
- Claim unassigned appointments and update their status in real time
- Browse a monthly calendar overview of all scheduled work
- Coordinate mechanic workloads across your workshop
Built as a full-stack application with ASP.NET Core Web API (backend), React + TypeScript (frontend), and PostgreSQL (database), orchestrated via .NET Aspire for streamlined local development.
Language
- English: this file
- Hungarian: README(HU).md
Copilot Skills (Quick Use)
Detailed agent policies are maintained as skills and prompts.
/mcp-context-policy→ MCP server usage and Context Mode interaction policy./config-driven-endpoints→ Fixed config-driven ports/URLs policy, no hardcoded endpoint fallback./ef-migration→ EF migration workflow and troubleshooting runbook./docs-sync→ Documentation synchronization policy and workflow./endpoint-tests-sync→ Endpoint HTTP/SQL test synchronization workflow after endpoint changes.
Skill sources:
.github/skills/autoservice-mcp-context-policy/SKILL.md.github/skills/autoservice-config-driven-endpoints/SKILL.md.github/skills/autoservice-ef-migration/SKILL.md.github/skills/autoservice-docs-sync/SKILL.md.github/skills/autoservice-endpoint-tests-sync/SKILL.md
Authentication (High Level)
- Authentication is based on ASP.NET Core Identity + JWT, with backend-managed HttpOnly cookie sessions.
- Access and refresh tokens are stored in secure HttpOnly cookies, with refresh token rotation and server-side persistence (hashed).
- Auth endpoints:
POST /api/auth/register,POST /api/auth/login,POST /api/auth/refresh,POST /api/auth/logout,GET /api/auth/validate. - Appointment endpoints:
GET /api/appointments,GET /api/appointments/today,PUT /api/appointments/{id}/claim,PUT /api/appointments/{id}/status. - Dashboard access is for mechanics only. After login, mechanics land on a Scheduler page with a planner space (today's appointments) and a monthly calendar view.
- Sensitive operational/security details are intentionally not published in this README.
Run with Aspire
cd AutoServiceApp
cd AutoService.AppHost
dotnet run
This starts the orchestrated local environment (API + infrastructure + related services).
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found