[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81373":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":22,"hasPages":22,"topics":24,"createdAt":10,"pushedAt":10,"updatedAt":41,"readmeContent":42,"aiSummary":43,"trendingCount":15,"starSnapshotCount":15,"syncStatus":44,"lastSyncTime":45,"discoverSource":46},81373,"singulary","sammwyy\u002Fsingulary","sammwyy","Self-host your own AI app builder: FOSS v0\u002FLovable like.","",null,"TypeScript",45,4,38,0,1,5,7,3,47.3,"MIT License",false,"main",[25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],"agent","agents","ai","app","app-builder","builder","coding-agent","coding-ai","foss","llm","lovable","self-hosted","selfhosted","v0","vibecode","vibecoding","2026-06-12 04:01:33","\u003Cdiv align=\"center\">\n\n\u003Cimg src=\"apps\u002Fweb\u002Fpublic\u002Ficon.png\" alt=\"Singulary\" width=\"128\" height=\"128\" \u002F>\n\n# Singulary\n\n**Self-host your own AI app builder.**\nBring your own keys. Run everything in Docker. Snapshot every change.\n\n[![License: MIT](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-MIT-pink.svg?style=flat-square)](LICENSE)\n[![Node](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fnode-%3E%3D22-339933?style=flat-square&logo=node.js&logoColor=white)](https:\u002F\u002Fnodejs.org)\n[![Docker](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fdocker-ready-2496ED?style=flat-square&logo=docker&logoColor=white)](https:\u002F\u002Fwww.docker.com)\n[![PRs Welcome](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPRs-welcome-pink.svg?style=flat-square)](https:\u002F\u002Fgithub.com\u002Fsammwyy\u002Fsingulary\u002Fpulls)\n\n[Quick start](#-quick-start) · [Features](#-features) · [Architecture](ARCHITECTURE.md) · [Roadmap](roadmap.md) · [Contributing](CONTRIBUTING.md)\n\n\u003C\u002Fdiv>\n\n---\n\nSingulary is an **open-source, self-hosted alternative** to closed AI app builders like v0, Lovable, Bolt, or Replit Agent — but you keep the keys, the code, and the runtime.\n\n![Singulary Platform Screenshot](assets\u002Fscreenshot.jpg)\n\nSpin it up on your machine or a private server. Connect any OpenAI-compatible provider. Let the agent build, edit, run, debug, and connect full-stack applications inside isolated Docker workspaces. Every change is reversible.\n\n> **Privacy & Freedom First:** No SaaS backend. No telemetry. No vendor lock-in. No hidden markup on tokens. Everything is yours, running on your hardware. Singulary is proudly licensed under the [MIT License](LICENSE), meaning you own your data, your code, and your prompts. You can do whatever you want with it, for free, forever.\n\n---\n\n## ✨ Features\n\n- 🤖 **Agent that actually ships code** — read, write, patch files, run shell commands inside the project container, install dependencies, restart the dev server, provision services.\n- 🔑 **Bring your own keys (BYOK)** — OpenAI, Anthropic, OpenRouter, Groq, Google, xAI, DeepSeek, or any OpenAI-compatible endpoint (Ollama, LM Studio, your own gateway).\n- 🐳 **Real Docker runtime** — every project runs in its own container on an isolated workspace network. Not a fake sandbox.\n- 📦 **Workspaces with services** — provision PostgreSQL, MySQL, MariaDB, MongoDB, Redis, MinIO, RabbitMQ, or Meilisearch from a catalog. Connection URIs are injected as env vars automatically.\n- 🌐 **Live preview** — auto-detected dev server ports, reverse-proxied with one click. Hot reload works.\n- 💻 **Built-in editor** — Monaco editor, file tree with context menus, dirty-state save flow, binary detection.\n- 🖥️ **Interactive terminals** — open as many shells as you need, attached to the project workdir.\n- 🔐 **Permissions through groups** — every user gets an immutable Personal space. Workspaces attach to groups. Group rules control provider\u002Fmodel access, token quotas, workspace and project limits.\n- 👥 **Multi-user ready** — single-user for local hacking, multi-user with admin panel for teams.\n- 📊 **Token accounting** — every model call is recorded per user, workspace, project, provider, and model.\n- 🔒 **Secrets at rest** — AES-GCM encrypted provider keys, service credentials, env vars, and Docker TLS material.\n- 📡 **Live everywhere** — WebSocket presence + log streaming + SSE agent token streaming. The UI updates without polling.\n- 🪶 **Lightweight** — single Node process, SQLite, no Postgres dependency. One container, one volume.\n\n---\n\n## 🚀 Quick Start\n\n### Docker (recommended)\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fsammwyy\u002Fsingulary.git\ncd singulary\ncp .env.example .env # set SESSION_SECRET\ndocker compose up --build\n```\n\nOpen \u003Chttp:\u002F\u002Flocalhost:3000>. The first user you register becomes the global `instance_admin`.\n\n> ⚠️ Singulary mounts the Docker socket to manage project containers. Treat the host like the trusted boundary — read [Security](#-security) before exposing it publicly.\n\n### Local development\n\nRequires **Node ≥ 22** and **pnpm 9**.\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fsammwyy\u002Fsingulary.git\ncd singulary\npnpm install\npnpm dev\n```\n\n- Frontend: \u003Chttp:\u002F\u002Flocalhost:5173>\n- API: \u003Chttp:\u002F\u002Flocalhost:3000>\n\nVite proxies `\u002Fapi` to the backend automatically.\n\n### Create an admin from the CLI\n\n```bash\npnpm run admin:create -- --email admin@example.com --username admin\n# password is generated and printed once if --password is omitted\n```\n\n---\n\n## 🧭 First Run\n\n1. **Setup wizard** — open the UI, create the first admin user.\n2. **Provider keys** — go to **Admin → Providers** and add an OpenAI-compatible endpoint (or **Provider Keys** for personal BYOK).\n3. **Docker** — **Admin → Docker** to point at your socket or a remote daemon. Click *Check connection*.\n4. **Workspace** — create one from the dashboard.\n5. **Project** — add a Node, Bun, Python, Go, Rust, PHP, or static project from a template.\n6. **Chat** — open the project, switch to the agent panel, pick a model, and start building.\n7. **Preview** — when the dev server is up, the preview tab auto-detects the port and opens it.\n\n---\n\n## 🧰 What the Agent Can Do\n\nThe agent exposes a curated toolset — not raw shell access — so every action is scoped and observable:\n\n| Category | Tools |\n|-------------|-------|\n| Filesystem | `read_file`, `list_files`, `write_file`, `write_diff`, `delete_file`, `move_file`, `copy_file`, `find` |\n| Shell | `shell_open`, `shell_read`, `shell_wait`, `shell_kill` (executed inside the project container) |\n| Runtime | `container_restart`, `project_settings` (image, install\u002Fstart commands) |\n| Workspace | `ws_create_service` (provision a database, cache, queue, or storage backend) |\n\n`write_diff` does anchor-based exact-match replacements (no broken context windows), `.gitignore` rules are enforced at the tool boundary so the agent never reads `node_modules`, lock files, or build output, and dangerous tool calls can pause for human approval when that platform setting is enabled.\n\n---\n\n## 🧪 Service Catalog\n\nProvision real containers with generated credentials and ready-to-use connection URIs:\n\n- 🐘 **PostgreSQL 16**\n- 🐬 **MySQL 8** \u002F **MariaDB 11**\n- 🍃 **MongoDB 7**\n- 🔴 **Redis 7**\n- 🪣 **MinIO** (S3-compatible)\n- 🐇 **RabbitMQ 3** (with management UI)\n- 🔎 **Meilisearch**\n\nWhen a service is created, its connection string is injected as an env var (e.g. `DATABASE_URL`, `REDIS_URL`) into every project in the workspace.\n\n---\n\n## 🏗️ Architecture\n\n```text\n┌─────────────────────────────────────────────────────────┐\n│ Browser (React + Vite) │\n│ editor · file tree · terminals · agent chat · admin │\n└──────────────┬────────────────┬─────────────────┬───────┘\n │ REST │ SSE │ WS\n┌──────────────┴────────────────┴─────────────────┴───────┐\n│ Express API · SQLite metadata │\n│ ─────────────────────────────────────────────────────── │\n│ auth · groups · rules · workspaces · projects · env │\n│ agent loop · tool runtime · token accounting · audit │\n└──────────────┬─────────────────────────────────┬────────┘\n │ │\n ▼ ▼\n ┌─────────────┐ ┌──────────────┐\n │ Docker │ │ Storage │\n │ Engine │ │ workspaces\u002F │\n │ │ │ projects\u002F │\n │ • project │ │ blobs\u002F │\n │ network │ └──────────────┘\n │ • runtime │\n │ • shells │\n │ • services │\n └─────────────┘\n```\n\n**Stack**\n\n- **Backend:** Node 22 · Express · `better-sqlite3` · `ws` · Docker Engine API\n- **Frontend:** React 18 · Vite · Tailwind · Zustand · Monaco · xterm.js\n- **Realtime:** WebSocket (presence, logs, shells) + SSE (agent stream)\n- **Crypto:** scrypt for passwords, AES-GCM for secrets at rest\n\nEverything ships from a **single production container** that serves the frontend on `\u002F` and the API on `\u002Fapi`.\n\n---\n\n## 🔒 Security\n\nSingulary is built with a security-first posture, but **self-hosting Docker tooling means you control the trust boundary**:\n\n- All execution happens inside scoped containers — never on the host.\n- Project workdirs are bind-mounted; the host filesystem is not.\n- Each workspace gets a private Docker network.\n- Path traversal is blocked at the filesystem layer; `.gitignore` is enforced at the agent layer.\n- Provider keys, service credentials, env values, and Docker TLS material are encrypted at rest.\n- HTTP-only session cookies; short-lived tokens for WebSocket upgrades.\n- Audit log records admin actions, key creation, Docker config changes, and workspace\u002Fproject mutations.\n\n> Docker socket access is effectively root-level on the host. Prefer rootless Docker or a remote daemon for shared environments. Always set a non-default `SESSION_SECRET` in production.\n\n---\n\n## 📚 Documentation\n\n- [`ARCHITECTURE.md`](ARCHITECTURE.md) — complete system architecture\n- [`docs\u002Fpermissions-and-rules.md`](docs\u002Fpermissions-and-rules.md) — groups, roles, and rules engine\n- [`docs\u002Fgroups.md`](docs\u002Fgroups.md) — groups and access control\n- [`docs\u002Fworkspaces-and-projects.md`](docs\u002Fworkspaces-and-projects.md) — environments and codebases\n- [`docs\u002Fservices.md`](docs\u002Fservices.md) — service catalog and shared infrastructure\n- [`docs\u002Fget-started.md`](docs\u002Fget-started.md) — initial setup and onboarding\n- [`docs\u002Fbyok.md`](docs\u002Fbyok.md) — bring your own keys (BYOK)\n- [`docs\u002Fglobal-keys.md`](docs\u002Fglobal-keys.md) — global keys and admin providers\n- [`docs\u002Flimits.md`](docs\u002Flimits.md) — token quotas and platform limits\n- [`project.md`](project.md) — long-form vision document\n- [`roadmap.md`](roadmap.md) — what's shipped and what's next\n- [`todo.md`](todo.md) — granular MVP checklist\n\n---\n\n## 🛣️ Roadmap Highlights\n\nAlready shipped:\n\n- ✅ First-run setup wizard, sessions, scrypt-hashed passwords\n- ✅ Groups, rules, token-budget metadata, admin panel\n- ✅ Provider configs with OpenAI-compatible `\u002Fmodels` discovery + ALL\u002FALLOW\u002FDENY mode\n- ✅ Project file explorer, Monaco editor, save flow\n- ✅ Docker runtime: networks, containers, logs streaming, idle auto-stop\n- ✅ Service catalog with generated credentials and env injection\n- ✅ Interactive shell containers per project\n- ✅ Agent chat with streaming, tool calls, cancellation, session resume\n- ✅ Approval flow for high\u002Fdangerous agent tool calls\n- ✅ Path-based preview reverse proxy\n- ✅ Single production container + SQLite volume\n\nNext up:\n\n- 🔜 Snapshot store with content-addressed blobs, diff viewer, branching\n- 🔜 Automatic snapshot before every AI write + rollback UX\n- 🔜 Quota and policy enforcement at model-call time\n- 🔜 Subdomain-based preview reverse proxy\n- 🔜 Workspace-level env vars with inheritance (instance → org → workspace → project)\n- 🔜 Cost estimation and budget warnings\n\nFull status in [`roadmap.md`](roadmap.md).\n\n---\n\n## 🤝 Contributing\n\nSingulary is free, open source, and made better by other people poking at it.\nPlease see our [Contributing Guide](CONTRIBUTING.md) for full details on how to get started, run the project locally, and submit Pull Requests.\n\n---\n\n## 📜 License\n\n[MIT](LICENSE) © Sammwy\n\nYou can use it, fork it, sell what you build with it, and never ask for permission. Just keep the copyright notice in copies of the source.\n\n---\n\n\u003Cdiv align=\"center\">\n\nMade with ☕ and a deep distrust of vendor lock-in.\n\n\u003Csub>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsammwyy\u002Fsingulary\">github.com\u002Fsammwyy\u002Fsingulary\u003C\u002Fa>\u003C\u002Fsub>\n\n\u003C\u002Fdiv>\n","Singulary 是一个开源的自托管AI应用构建平台。它允许用户通过Docker运行自己的AI应用构建器,支持导入个人密钥,并在隔离的工作空间中构建、编辑、运行和调试全栈应用程序。核心功能包括真正的Docker运行时环境、自带密钥(BYOK)支持多种AI提供商、内置编辑器与交互式终端、以及多用户权限管理等。适合需要高度隐私保护及自由度的应用开发场景,如个人项目、团队协作或是企业内部开发,无需担心数据泄露或供应商锁定问题。",2,"2026-06-11 04:04:48","CREATED_QUERY"]