[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-80427":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":15,"stars7d":16,"stars30d":17,"stars90d":15,"forks30d":15,"starsTrendScore":15,"compositeScore":18,"rankGlobal":10,"rankLanguage":10,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":20,"hasPages":20,"topics":22,"createdAt":10,"pushedAt":10,"updatedAt":32,"readmeContent":33,"aiSummary":34,"trendingCount":15,"starSnapshotCount":15,"syncStatus":16,"lastSyncTime":35,"discoverSource":36},80427,"second","Second-Inc\u002Fsecond","Second-Inc","The factory for custom internal software, purpose-built for human2agent work.","https:\u002F\u002Fdocs.second.so",null,"TypeScript",67,5,56,0,2,7,2.33,"Apache License 2.0",false,"main",[23,24,25,26,27,28,29,30,31],"agent-management","agents","ai-agents","internal-tool","nextjs","on-prem","self-hosted","shadcn-ui","typescript","2026-06-12 02:04:02","\u003Cp align=\"center\">\n \u003Cpicture>\n \u003Csource srcset=\"docs\u002Fassets\u002Freadme_cover.webp\" type=\"image\u002Fwebp\">\n \u003Cimg src=\"docs\u002Fassets\u002Freadme_cover.jpg\" alt=\"Second — humans and agents, side by side\" width=\"100%\">\n \u003C\u002Fpicture>\n\u003C\u002Fp>\n\n\u003Cdiv align=\"center\">\n\n\u003Cbr>\n\n\u003Cpicture>\n \u003Csource media=\"(prefers-color-scheme: dark)\" srcset=\"apps\u002Fweb\u002Fpublic\u002Ffavicon-dark.svg\">\n \u003Csource media=\"(prefers-color-scheme: light)\" srcset=\"apps\u002Fweb\u002Fpublic\u002Ffavicon-light.svg\">\n \u003Cimg alt=\"Second\" src=\"apps\u002Fweb\u002Fpublic\u002Ffavicon-light.svg\" width=\"56\" height=\"52\">\n\u003C\u002Fpicture>\n\n\u003Ch1>Second\u003C\u002Fh1>\n\n**Humans and agents, side by side.**\n\nSecond is a factory for custom internal software,\u003Cbr>purpose-built for human2agent work.\n\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FSecond-Inc\u002Fsecond\u002Factions\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Factions\u002Fworkflow\u002Fstatus\u002FSecond-Inc\u002Fsecond\u002Fci.yml?label=CI\" alt=\"CI\">\u003C\u002Fa>  \n\u003Ca href=\"#quick-start\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FTry_it-npx_@second--inc\u002Fcli-black.svg\" alt=\"Try it\">\u003C\u002Fa>\n\n\u003Ca href=\"#quick-start\">\u003Cstrong>Quick Start\u003C\u002Fstrong>\u003C\u002Fa> · \u003Ca href=\"https:\u002F\u002Fdocs.second.so\">\u003Cstrong>Docs\u003C\u002Fstrong>\u003C\u002Fa> · \u003Ca href=\"#security--governance\">\u003Cstrong>Security & Governance\u003C\u002Fstrong>\u003C\u002Fa> · \u003Ca href=\"#self-hosting\">\u003Cstrong>Self-Hosting\u003C\u002Fstrong>\u003C\u002Fa>\n\n\u003C\u002Fdiv>\n\n## Quick Start\nRun Second locally:\n```bash\nnpx --yes @second-inc\u002Fcli\n```\n\n| Platform | Status |\n|:---|:---|\n| Apple Silicon Mac (M1-M5) | **Available now** |\n| Intel Mac, Linux, Windows | Coming soon |\n\nBring your agent:\n\n\u003Ctable>\n \u003Ctr>\n \u003Ctd width=\"70\" align=\"center\">\n \u003Cimg src=\"apps\u002Fweb\u002Fpublic\u002Ficons\u002Fclaude-code.svg\" width=\"28\" height=\"28\" alt=\"Claude Code\">\n \u003C\u002Ftd>\n \u003Ctd width=\"70\" align=\"center\">\n \u003Cimg src=\"apps\u002Fweb\u002Fpublic\u002Ficons\u002Fcodex.svg\" width=\"28\" height=\"28\" alt=\"Codex\">\n \u003C\u002Ftd>\n \u003Ctd width=\"70\" align=\"center\">\n \u003Cimg src=\"apps\u002Fweb\u002Fpublic\u002Ficons\u002Fopencode.svg\" width=\"28\" height=\"28\" alt=\"OpenCode\">\n \u003C\u002Ftd>\n \u003C\u002Ftr>\n \u003Ctr>\n \u003Ctd align=\"center\">✅\u003C\u002Ftd>\n \u003Ctd align=\"center\">✅\u003C\u002Ftd>\n \u003Ctd align=\"center\">\u003Csub>Soon\u003C\u002Fsub>\u003C\u002Ftd>\n \u003C\u002Ftr>\n\u003C\u002Ftable>\n\n\u003Cbr>\n\n## What is Second?\n\nSecond is the infrastructure for human2agent work.\n\nInstead of managing agents in chat windows, **Second lets you orchestrate a team of agents inside custom apps you build around your team's actual needs.**\n\nFrom one prompt, Second builds complete apps **that treat agents as first-class citizens:** agents work inside the apps you build, right alongside your team. They read and write to the same real-time DB as your team does, and get generated, scoped tools to handle real workloads inside your apps.\n\nWe believe custom apps are the right abstraction for continuous work with a team of agents. Chat is great for one-off tasks, but shared state, queues and pipelines require real software where humans and agents can work on the same page.\n\n### How It Works\n\nSecond is a single workspace that creates production-ready apps.\n\n1. **You describe your app.** In a single prompt.\n2. **Second generates it.** The agents, scoped tools, and a beautiful UI, backed by a real-time DB.\n3. **Your team now works alongside agents** in the same shared custom software.\n\n\u003Ctable align=\"center\" width=\"100%\" cellpadding=\"16\">\n \u003Ctr>\n \u003Ctd align=\"center\">\n \u003Ch3>Example: \u003Cstrong>competitor tracker app\u003C\u002Fstrong> built on Second\u003C\u002Fh3>\n \u003Cp>This example features agents discovering new competitors, enriching them, and generating a weekly recap deck from all available information.\u003C\u002Fp>\n \u003Cvideo src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F2116c633-48f3-415a-a047-a72f05da3166\" width=\"600\" controls>\u003C\u002Fvideo>\n \u003Cp>\u003Csub>GitHub mobile app? \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F2116c633-48f3-415a-a047-a72f05da3166\">Click here to watch the video →\u003C\u002Fa>\u003C\u002Fsub>\u003C\u002Fp>\n \u003Cp>•\u003C\u002Fp>\n \u003Cp align=\"left\">\u003Cstrong>Second is the most powerful way to build custom GUIs for agents.\u003C\u002Fstrong>\u003Cbr>Production-ready software for your team, deployed in your VPC, built around your workflows.\u003C\u002Fp>\n \u003Cbr>\n \u003C\u002Ftd>\n \u003C\u002Ftr>\n\u003C\u002Ftable>\n\n## Second vs. Other Solutions\n\nMost platforms weren't built for multiplayer, async work with agents. They either treat agents as an afterthought bolted onto existing tools, or they're too opinionated and end up not fitting how your team actually works.\n\nSecond solves that: think Paperclip or Multica, but instead of pre-built software you get to build your own custom GUI for a team of agents, tailored to your company's needs.\n\n---\n\n## The Internal Platform Everyone Needs (and Builds)\n\nCompanies like **Ramp** and **Deel** have already figured out that teams are building amazing things internally with Claude, Codex, or Lovable- but most never reach production (security, governance, integrations, maintenance, agent access control...). To solve this, they built internal platforms for themselves.\n\n**Second lets every organization have that.**\n\nEvery app you build in Second gets a real-time DB, audit logs, RBAC, agent RBAC, and governance tools built into the workspace.\n\n\u003Ctable>\n \u003Ctr>\n \u003Ctd width=\"50%\" valign=\"top\">\n \u003Ch3 align=\"center\">👥 For Teams\u003C\u002Fh3>\n \u003Cul>\n \u003Cli>Build custom apps from a single prompt\u003C\u002Fli>\n \u003Cli>Run multiple agents in parallel across workflows\u003C\u002Fli>\n \u003Cli>Real-time collaborative UI with agents and humans on the same page\u003C\u002Fli>\n \u003Cli>Never blocked: integrations return mock data until connected\u003C\u002Fli>\n \u003C\u002Ful>\n \u003C\u002Ftd>\n \u003Ctd width=\"50%\" valign=\"top\">\n \u003Ch3 align=\"center\">🛠️ For Platform Engineers\u003C\u002Fh3>\n \u003Cul>\n \u003Cli>Fine-grained access control per app, per agent, per integration\u003C\u002Fli>\n \u003Cli>One-time workspace setup, unlimited apps\u003C\u002Fli>\n \u003Cli>Full governance: draft\u002Freview\u002Fpublish lifecycle\u003C\u002Fli>\n \u003Cli>Deploy on your own k8s, air-gapped or on-prem\u003C\u002Fli>\n \u003C\u002Ful>\n \u003C\u002Ftd>\n \u003C\u002Ftr>\n\u003C\u002Ftable>\n\n> [!TIP]\n> **Enterprise deployment?** See [Enterprise Deployment and Security](https:\u002F\u002Fdocs.second.so\u002Fenterprise).\n>\n> Need help with security, SSO, deployment, cost management, runtime setup, and SLA support? Contact [sales@second.so](mailto:sales@second.so).\n\n---\n\n## Core Philosophy\n\n| Principle | What it means in Second |\n|:---|:---|\n| **Build the app, not just the agent.** | The durable artifact is working internal software: a focused UI, live data, team workflows, and agents that operate inside that product. |\n| **Agents are first-class citizens.** | Apps can include multiple named agents with roles, tools, data access, schedules, and visible run history. They are not bolted-on chat widgets. |\n| **Humans stay in command.** | Plans, agent configs, integration setup, and publishing go through explicit review. Agents can work freely only inside the boundaries you approved. |\n| **Small tools beat broad access.** | The builder creates scoped tools for the specific app and use case. Tools are tied to approved domains, collections, integration grants, and secret placeholders. |\n| **Integrations should self-build.** | Instead of starting with a giant MCP catalog or handing agents every connector, Second generates the narrow integration contract and human setup instructions the app actually needs. |\n| **Collaboration is the runtime.** | Agent-to-agent and agent-to-human work happens through the app's shared state, realtime updates, resumable streams, comments, approvals, and audit trail. |\n| **Generated software must still be real software.** | Draft and published snapshots are separated, source is persisted, builds are checked, data survives restarts, and production access follows the same tenant and permission model. |\n| **Local-first, on-prem-ready.** | Start on your machine. Deploy inside your cloud when the workflow matters. Your VPC, your auth provider, your secrets, your rules. |\n\n---\n\n## Features\n\n| Feature |   |\n|:---|:---|\n| **🔧 Prompt-to-App Generation** | Generate internal apps, data models, agents, tools, and setup instructions from one prompt |\n| **🤖 App Agents** | Each app gets its own first-class agents with roles, prompts, data access, and approved tools |\n| **🧰 Scoped Tool Generation** | Tools are generated per app and tied to explicit domains, collections, inputs, and integration grants |\n| **🔌 Self-Building Integrations** | Second creates connection requirements and human setup instructions only when the app needs them |\n| **🤹 Multi-Agent Orchestration** | Run specialized agents in parallel across foreground, background, scheduled, and async workflows |\n| **🔄 BYO Runtime** | Use Claude Code, Codex, OpenCode, or your own harness. Switch runtimes per app or message |\n| **⚡ Realtime Collaboration** | Live data, change streams, resumable streams, and optimistic updates keep teams and agents synced |\n| **👥 Multiplayer Sessions** | Talk with agents, invite teammates into sessions, and collaborate with shared context |\n| **🔒 Agent Permissions** | Agents run with approved tools, data, and integrations. Everything is scoped and audited |\n| **🛡️ Governance** | Draft, review, approve, and publish apps with agents and integrations under control |\n| **📋 Audit Logs** | Every agent action, tool call, data write, and access denial recorded and searchable |\n| **🏠 Self-Hosted \u002F On-Prem** | Deploy on your own infrastructure. Your Kubernetes cluster, your VPC, your rules |\n| **🧠 Workspace Agents** | Create reusable agents with prompts, skills, models, and team visibility |\n| **📚 Workspace Skills** | Define instructions once, then attach them to agents across the workspace |\n| **⏲️ Scheduled Agent Jobs** | Agents run on a schedule for periodic research, monitoring, and background tasks |\n| **🚀 One-Command Setup** | From zero to running with `npx @second-inc\u002Fcli` |\n\n## What You Can Build\n\n\u003Ctable>\n\u003Ctr>\n\u003Ctd width=\"100%\" valign=\"top\">\n\n\u003Cdiv align=\"center\">\n\n\u003Ch3>🎯 Lead Enrichment Pipeline\u003C\u002Fh3>\n\n\u003Csub>**Flow:** 🤖 Scrape leads → 🤖 Enrich from LinkedIn + web → 🤖 Score and rank → 👤 Team reviews top leads\u003C\u002Fsub>\u003Cbr>\n\u003Csub>**Tools:** HubSpot, LinkedIn, Web Search\u003C\u002Fsub>\u003Cbr>\n\u003Csub>**Agents:** Scraper Agent, Enrichment Agent, Scoring Agent\u003C\u002Fsub>\n\n\u003C\u002Fdiv>\n\n\u003Ctable align=\"center\" width=\"90%\" cellpadding=\"10\">\n \u003Ctr>\n \u003Ctd colspan=\"3\">\u003Cstrong>PIPELINE\u003C\u002Fstrong> \u003Cspan align=\"right\">47 leads ▼\u003C\u002Fspan>\u003C\u002Ftd>\n \u003C\u002Ftr>\n \u003Ctr>\n \u003Ctd>\u003Csub>Lead\u003C\u002Fsub>\u003C\u002Ftd>\n \u003Ctd>\u003Csub>Score\u003C\u002Fsub>\u003C\u002Ftd>\n \u003Ctd>\u003Csub>Status\u003C\u002Fsub>\u003C\u002Ftd>\n \u003C\u002Ftr>\n \u003Ctr>\n \u003Ctd>\u003Cstrong>Acme Corp\u003C\u002Fstrong>\u003C\u002Ftd>\n \u003Ctd>92\u002F100\u003C\u002Ftd>\n \u003Ctd>✅ Ready\u003Cbr>👤 \u003Ccode>[Call]\u003C\u002Fcode>\u003C\u002Ftd>\n \u003C\u002Ftr>\n \u003Ctr>\n \u003Ctd>\u003Cstrong>Nova Labs\u003C\u002Fstrong>\u003C\u002Ftd>\n \u003Ctd>78\u002F100\u003C\u002Ftd>\n \u003Ctd>🤖 Enriching\u003Cbr>🤖 Score next\u003C\u002Ftd>\n \u003C\u002Ftr>\n \u003Ctr>\n \u003Ctd>\u003Cstrong>Peak Inc\u003C\u002Fstrong>\u003C\u002Ftd>\n \u003Ctd>--\u003C\u002Ftd>\n \u003Ctd>🤖 Scraping...\u003Cbr>\u003Csub>3 sources\u003C\u002Fsub>\u003C\u002Ftd>\n \u003C\u002Ftr>\n \u003Ctr>\n \u003Ctd colspan=\"3\">💬 \u003Cstrong>Scoring Agent\u003C\u002Fstrong>\u003Cbr>\"Acme Corp: 200 employees, Series A, hiring 3 engineers. Score: 92. Ready for review.\"\u003Cbr>\u003Cbr>👤 \u003Ccode>[Accept]\u003C\u002Fcode> \u003Ccode>[Edit]\u003C\u002Fcode> \u003Ccode>[Skip]\u003C\u002Fcode>\u003C\u002Ftd>\n \u003C\u002Ftr>\n\u003C\u002Ftable>\n\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd width=\"100%\" valign=\"top\">\n\n\u003Cdiv align=\"center\">\n\n\u003Ch3>📊 GTM War Room\u003C\u002Fh3>\n\n\u003Csub>**Flow:** 🤖 Agent pulls weekly metrics → 👤 PMM reviews positioning → 👤 Sales adds field notes → 🤖 Agent generates battlecard\u003C\u002Fsub>\u003Cbr>\n\u003Csub>**Tools:** HubSpot, Slack, Google Docs, Analytics\u003C\u002Fsub>\u003Cbr>\n\u003Csub>**Agents:** Metrics Agent, Battlecard Agent\u003C\u002Fsub>\n\n\u003C\u002Fdiv>\n\n\u003Ctable align=\"center\" width=\"90%\" cellpadding=\"10\">\n \u003Ctr>\n \u003Ctd colspan=\"2\">\u003Cstrong>GTM WAR ROOM\u003C\u002Fstrong>\u003C\u002Ftd>\n \u003Ctd align=\"right\">\u003Csub>Week 21 ▼\u003C\u002Fsub>\u003C\u002Ftd>\n \u003C\u002Ftr>\n \u003Ctr>\n \u003Ctd width=\"36\" align=\"center\">📈\u003C\u002Ftd>\n \u003Ctd colspan=\"2\">\u003Cstrong>THIS WEEK\u003C\u002Fstrong>\u003Cbr>Pipeline: $320k (+14%)\u003Cbr>Win rate: 38% (up from 31%)\u003Cbr>Lost to competitor: 3 deals\u003C\u002Ftd>\n \u003C\u002Ftr>\n \u003Ctr>\n \u003Ctd width=\"36\" align=\"center\">👤\u003C\u002Ftd>\n \u003Ctd colspan=\"2\">\u003Cstrong>PMM added positioning note\u003C\u002Fstrong>\u003Cbr>\"Emphasize self-hosted angle vs. Acme's cloud-only offer\"\u003C\u002Ftd>\n \u003C\u002Ftr>\n \u003Ctr>\n \u003Ctd width=\"36\" align=\"center\">👤\u003C\u002Ftd>\n \u003Ctd colspan=\"2\">\u003Cstrong>Sales added field note\u003C\u002Fstrong>\u003Cbr>\"Acme offering 40% discounts to win back churned accounts\"\u003C\u002Ftd>\n \u003C\u002Ftr>\n \u003Ctr>\n \u003Ctd width=\"36\" align=\"center\">🤖\u003C\u002Ftd>\n \u003Ctd colspan=\"2\">\u003Cstrong>Battlecard Agent\u003C\u002Fstrong>\u003Cbr>\"Updated battlecard with new field intel. 2 new objection handlers added.\"\u003Cbr>\u003Cbr>👤 \u003Ccode>[Review card]\u003C\u002Fcode> \u003Ccode>[Push to Docs]\u003C\u002Fcode>\u003C\u002Ftd>\n \u003C\u002Ftr>\n\u003C\u002Ftable>\n\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftable>\n\nAnd many more:\n\n| Use Case | What It Does | Tools | Agents |\n|:---|:---|:---|:---|\n| **Competitor Research Dashboard** | Monitor competitor changes, review and flag important updates, compile reports, and share research | Web Search, Google Alerts, Drive | Research Agent, Alert Agent, Report Agent |\n| **Content Curation Pipeline** | Fetch videos, select clips, cut and upload assets, and route finished content for approval | YouTube API, Clipping Service, Google Drive | Curator Agent, Clip Agent |\n| **Social Media Ops** | Draft posts, schedule across platforms, track engagement, repurpose top performers | Twitter\u002FX, LinkedIn, Buffer | Content Agent, Scheduling Agent, Analytics Agent |\n| **Recruiting Pipeline** | Source candidates, screen resumes, schedule interviews, track pipeline | LinkedIn, ATS, Google Calendar, Gmail | Sourcing Agent, Screening Agent, Scheduling Agent |\n| **Customer Success** | Pull data from CRMs and support tools, surface churn risk, draft outreach | HubSpot, Intercom, Slack | Insights Agent, Churn Agent, Outreach Agent |\n| **Invoice & Expense Tracking** | Collect invoices from email, extract data, match to POs, flag discrepancies | Gmail, Google Drive, Accounting API | Extraction Agent, Matching Agent, Approval Agent |\n| **Compliance Monitoring** | Scan for policy violations, flag issues, route to approvers | Internal APIs, Slack, Jira | Compliance Agent, Triage Agent, Routing Agent |\n| **Internal Knowledge Base** | Continuously index docs, summarize updates, answer team questions | Notion, Confluence, Slack | Indexing Agent, Summary Agent, Q&A Agent |\n| **Founder's Daily Brief** | Aggregate metrics, news, emails, and calendar into one morning summary | Gmail, Google Calendar, Analytics, Web Search | Metrics Agent, News Agent, Brief Agent |\n| **PR & Media Monitoring** | Track brand mentions, analyze sentiment, draft responses, alert on crises | Web Search, Twitter\u002FX, Slack, Google Docs | Monitor Agent, Sentiment Agent, Response Agent |\n| **Product Feedback Loop** | Collect feedback from support tickets, reviews, and calls, cluster themes, surface to PM | Intercom, G2, Gong, Slack | Collection Agent, Clustering Agent, Summary Agent |\n| **Vendor & Contract Management** | Track renewal dates, compare pricing, flag expiring contracts, draft RFPs | Gmail, Notion, Slack | Tracker Agent, Comparison Agent, Draft Agent |\n| **SEO Content Pipeline** | Research keywords, generate briefs, draft articles, track rankings | Ahrefs, Web Search, Notion, Analytics | Research Agent, Brief Agent, Writer Agent |\n| **Security Alert Triage** | Ingest alerts from multiple tools, deduplicate, prioritize, assign to on-call | PagerDuty, Slack, Jira, SIEM API | Ingestion Agent, Triage Agent, Assignment Agent |\n| **Meeting Follow-ups** | Record action items from meetings, assign owners, send follow-up emails, track completion | Google Calendar, Gong, Gmail, Notion | Notes Agent, Follow-up Agent, Tracker Agent |\n\n---\n\n## Why Second is Special\n\n**Second generates dynamic, agent-native software.** For each app:\n\n- **Scoped tools created per app, for every agent.** Agents can never do things you don't want them to do.\n- **Second is true self-building software.** It generates the integrations, connection instructions, and scoped tools.\n- **Agents never see secrets.** Secrets are injected server-side.\n- **`agents.json`: governed policy as code.** Each app has an `agents.json`. Changes require admin approval via hash verification.\n- **Draft and published are fully separated.** Builders iterate freely with mock data. Published apps only run the last approved config.\n\nOn top of that, Second handles the hard parts:\n\n| Capability |   |\n|:---|:---|\n| **🤹 Multi-agent orchestration** | Multiple specialized agents per app, coordinated through shared app state |\n| **⏲️ Long-running async work** | Scheduled jobs, periodic research, background runs, and resumable streams |\n| **🗃️ Live data persistence** | Realtime DB with Change Streams; app data survives restarts and user churn |\n| **🧾 Governance and auditability** | Review flows, access checks, integration approvals, and searchable audit events |\n\n---\n\n## Security & Governance\n\nSecond is designed for enterprise teams that need complete control over what humans and agents can access and do.\n\n**Zero-trust architecture for agents.** No agent is granted implicit access to anything. Every capability, every data collection, every integration must be explicitly declared, scoped, and approved before an agent can act.\n\n| Feature | Description |\n|:---|:---|\n| **Agent access control** | Capabilities defined in `agents.json`: approved collections, allowed tools, integration scopes. Changes require admin approval via cryptographic hash verification. Secrets injected server-side; agents never see credentials. |\n| **Role-based access control** | Workspace roles (owner, admin, member) with granular permissions: `integrations:manage`, `members:invite`, `audit:read`. App-level roles for creators and collaborators. |\n| **Approval flows** | Draft\u002Freview\u002Fpublish lifecycle. Platform engineers approve apps, agent configs, and integration grants before anything goes live. |\n| **Domain-locked tools** | Custom HTTP tools locked to declared domains. Private IP access rejected. Agents with org tools such as HubSpot and Slack are blocked from internet access. |\n| **Audit logs** | Every action recorded: app changes, agent tool calls, data writes, access denials, integration usage. Secrets are never stored, only hashes and metadata. |\n| **Workspace isolation** | Complete tenant isolation. Every query scoped to `workspaceId`. Cross-workspace access returns `404`, not `403`, to prevent resource enumeration. |\n| **Subprocess hardening** | Infrastructure secrets scrubbed from agent subprocess environments. Linux deployments use `bubblewrap` sandboxing. CLI runtimes get allowlisted env + private per-app HOME. |\n\n### `agents.json`: Agent Policy as Code\n\nEvery app's agent capabilities are declared, version-controlled, and approved:\n\n```json\n{\n \"agents\": [\n {\n \"id\": \"lead-enricher\",\n \"name\": \"Lead Enricher\",\n \"description\": \"Enriches leads with public company data\",\n \"systemPrompt\": \"You are a lead enrichment agent...\",\n \"dataCollections\": [\"leads\"],\n \"tools\": [\n { \"type\": \"builtin\", \"name\": \"WebSearch\", \"enabled\": true },\n {\n \"type\": \"custom\",\n \"name\": \"hubspot_fetch_contacts\",\n \"integration\": { \"domain\": \"hubapi.com\" },\n \"endpoint\": {\n \"method\": \"GET\",\n \"url\": \"https:\u002F\u002Fapi.hubapi.com\u002Fcrm\u002Fv3\u002Fobjects\u002Fcontacts\",\n \"headers\": { \"Authorization\": \"Bearer {{secrets.HUBSPOT_PRIVATE_APP_TOKEN}}\" }\n }\n }\n ]\n }\n ]\n}\n```\n\n\u003Ctable>\n\u003Ctr>\u003Ctd>\n\n- Secrets are resolved server-side via `{{secrets.*}}` templates, never embedded in config\n- Any change to `agents.json` **clears existing approval**, preventing silent config drift\n- Published apps use the **last approved hash** only, while draft changes stay sandboxed\n\n\u003C\u002Ftd>\u003C\u002Ftr>\n\u003C\u002Ftable>\n\n## Self-Hosting\n\nSecond runs on your infrastructure: your Kubernetes cluster, your VPC, your rules.\n\nFor full environment setup, see the [self-hosting docs](https:\u002F\u002Fdocs.second.so\u002Fself-hosting).\n\n> [!TIP]\n> Need help with security, SSO, deployment, cost management, runtime setup, or SLA support? Contact [sales@second.so](mailto:sales@second.so).\n\n### Production Requirements\n\n| Component | Requirement |\n|:---|:---|\n| **MongoDB 8.0+** | Replica set (required for Change Streams) |\n| **Redis 7+** | Stream resumption, pub\u002Fsub, OAuth state |\n| **Auth provider** | External auth (WorkOS or custom) for `SECOND_AUTH_MODE=external` |\n| **HTTPS** | Reverse proxy with TLS termination |\n| **Agent runtime credentials** | Claude: `ANTHROPIC_API_KEY` or Bedrock (`CLAUDE_CODE_USE_BEDROCK=1` with `AWS_BEARER_TOKEN_BEDROCK`, `AWS_ACCESS_KEY_ID` \u002F `AWS_SECRET_ACCESS_KEY`, or `AWS_PROFILE`); Codex: `CODEX_API_KEY` or `OPENAI_API_KEY` |\n\n\u003Cbr>\n\n## Architecture\n\n```\n+------------------------------------------------------------------------------+\n| Browser |\n| App UI, chat, generated app iframe |\n+-----------------------------------+------------------------------------------+\n |\n | REST + SSE\n v\n+------------------------------------------------------------------------------+\n| Web (Next.js) |\n| Public entrypoint, auth, workspace guards, API routes, reviews |\n| Tool execution, secret resolution, app data, auditability |\n+------------------+--------------------------+--------------------------+------+\n | | |\n | private HTTP + SSE | persistent state | replay + events\n | internal auth | Change Streams | OAuth state + locks\n v v v\n+---------------------------+ +---------------------------+ +------------------+\n| Worker (Hono) | | MongoDB Replica Set | | Redis |\n| Claude Code, Codex | | workspaces, apps, runs | | stream replay |\n| OpenCode, app agents | | app_data, audit logs | | workspace pubsub |\n+-------------+-------------+ | integration metadata | +------------------+\n | +---------------------------+\n |\n | internal callbacks\n | \u002Fapi\u002Finternal\u002F*\n v\n+------------------------------------------------------------------------------+\n| Web-owned governed layer |\n| Tool calls, app-data writes, approvals, tenant boundaries |\n| Secrets stay server-side before reaching external systems |\n+-----------------------------------+------------------------------------------+\n |\n | server-side tools\n v\n+------------------------------------------------------------------------------+\n| External systems |\n| OAuth providers, APIs, internal services |\n+------------------------------------------------------------------------------+\n```\n\nAgents run in the Worker. App-data writes, tool calls, secret resolution, and audit trails go through the Web layer, so the Worker can run agents without becoming the source of truth for permissions or data.\n\n\u003Cbr>\n\n## CLI\n\nRun Second locally with one command:\n\n```bash\nnpx --yes @second-inc\u002Fcli\n```\n\n| Platform | Status |\n|:---|:---|\n| Apple Silicon Mac (M1-M5) | **Available now** |\n| Intel Mac, Linux, Windows | Coming soon |\n\n\u003Cdetails>\n\u003Csummary>  \u003Cstrong>CLI Commands\u003C\u002Fstrong>\u003C\u002Fsummary>\n\u003Cbr>\n\n```bash\nnpx --yes @second-inc\u002Fcli # Start Second\nnpx --yes @second-inc\u002Fcli stop # Stop all services\nnpx --yes @second-inc\u002Fcli reset # Stop + delete all data\nnpx --yes @second-inc\u002Fcli --port 4000 # Custom port\nnpx --yes @second-inc\u002Fcli --disable-telemetry # No analytics\n```\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>  \u003Cstrong>Development from Source\u003C\u002Fstrong>\u003C\u002Fsummary>\n\u003Cbr>\n\n**Prerequisites:** Node.js 20+, npm 10+, Docker Desktop\n\nThis starts MongoDB + Redis in Docker, and the web + worker processes on your host. Open the URL printed by the script or check `.second-dev.txt`.\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FSecond-Inc\u002Fsecond.git\ncd second\nnpm run dev\n```\n\n\u003C\u002Fdetails>\n\n\u003Cbr>\n\n## Contributing\n\nWe welcome contributions. See [CONTRIBUTING.md](CONTRIBUTING.md) and the\n[docs](https:\u002F\u002Fdocs.second.so) for architecture details and development setup.\nReport security issues privately; see [SECURITY.md](SECURITY.md).\n\n\u003Cbr>\n\n\u003Cp align=\"center\">\n \u003Csub>Second is licensed under the \u003Ca href=\"LICENSE\">Apache License 2.0\u003C\u002Fa>.\u003C\u002Fsub>\n\u003C\u002Fp>\n","Second 是一个用于构建自定义内部软件的工厂,专为人类与AI代理协同工作设计。其核心功能包括通过简单的提示生成完整的应用程序,并将AI代理作为一等公民集成到这些应用中,使它们能够与团队成员在同一实时数据库上读写数据并处理实际工作负载。该项目使用TypeScript编写,基于Next.js框架,并支持自托管部署。适用于需要在特定业务场景下实现人机高效协作的企业或团队,特别是在需要共享状态、队列和管道管理等复杂操作时。","2026-06-11 04:00:42","CREATED_QUERY"]