[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-82113":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":12,"subscribersCount":12,"size":12,"stars1d":12,"stars7d":12,"stars30d":14,"stars90d":12,"forks30d":12,"starsTrendScore":12,"compositeScore":15,"rankGlobal":9,"rankLanguage":9,"license":9,"archived":16,"fork":16,"defaultBranch":17,"hasWiki":18,"hasPages":16,"topics":19,"createdAt":9,"pushedAt":9,"updatedAt":20,"readmeContent":21,"aiSummary":22,"trendingCount":12,"starSnapshotCount":12,"syncStatus":23,"lastSyncTime":24,"discoverSource":25},82113,"devo","sayem314\u002Fdevo","sayem314","Devo is a self-hosted TypeScript automation runner where AI helps create editable tasks that run from webhooks, cron schedules, or manual triggers.",null,"TypeScript",5,0,21,1,37.1,false,"main",true,[],"2026-06-12 04:01:37","# Devo\n\nDevo is a self-hosted, code-first automation builder. Think n8n or Activepieces, but without a workflow canvas: every automation is JavaScript\u002FTypeScript code that you can generate with an AI agent, edit in the browser, and deploy behind a trigger.\n\nIt is built for complex automations where node graphs become hard to reason about. Instead of wiring boxes together, you describe what you want, review the generated `main.ts`, adjust `.env` and `package.json`, and run the task as normal code. Because each task has its own `package.json`, tasks can import npm packages like a regular JavaScript\u002FTypeScript project.\n\nTasks can run from:\n\n- Manual UI runs\n- Opaque webhook endpoints\n- Cron schedules with timezone support\n\nEach task owns its own `main.ts`, `.env`, and `package.json` files. Task settings live in the local database and are edited with normal UI controls. Devo stores app data locally and runs task code as child processes.\n\n![Devo demo](static\u002Fdevo-demo.gif)\n\n## Status\n\nDevo is early MVP software for local and self-hosted use by trusted users.\n\nDo not treat the current runtime as a secure multi-tenant sandbox. Task code runs in a separate process with timeouts and output limits, but it still runs on the host with the permissions available to that process.\n\n## Quick Start\n\nRun Devo with Docker:\n\n```sh\ndocker run --rm \\\n  -p 3000:3000 \\\n  -v devo-data:\u002Fdata \\\n  -e AUTH_SECRET=\"$(openssl rand -base64 32)\" \\\n  -e ORIGIN=\"http:\u002F\u002F127.0.0.1:3000\" \\\n  sayem314\u002Fdevo:latest\n```\n\nOpen:\n\n```text\nhttp:\u002F\u002F127.0.0.1:3000\n```\n\nThe image stores Devo data in `\u002Fdata` by default. Mount a persistent volume there for users, tasks, provider settings, task files, installed packages, and run history.\n\nThe first registered account becomes the admin account. After the first account exists, public registration is blocked. Admin users can add more users from the Users page.\n\n## Development\n\nInstall dependencies:\n\n```sh\nbun install\n```\n\nCreate a local env file:\n\n```sh\ncp .env.example .env\n```\n\nUpdate `.env`:\n\n```sh\nAUTH_SECRET=replace-with-your-generated-secret\nORIGIN=http:\u002F\u002F127.0.0.1:5173\n```\n\nRun the dev server:\n\n```sh\nbun run dev\n```\n\nOpen:\n\n```text\nhttp:\u002F\u002F127.0.0.1:5173\n```\n\n## Environment\n\nApp-level configuration lives in environment variables. For local development, copy `.env.example` to `.env`; Vite reads that file while running the dev server. For production, set the same variables in your process manager, container, or hosting environment.\n\n| Variable                       | Default   | Required | Description                                                   |\n| ------------------------------ | --------- | -------- | ------------------------------------------------------------- |\n| `AUTH_SECRET`                  | none      | Yes      | Secret used by auth. Must be at least 16 characters.          |\n| `ORIGIN`                       | none      | Yes      | Public app origin for auth and SvelteKit form checks.         |\n| `DEVO_DATA_DIR`                | `.devo`   | No       | Local DB, task files, run files, and installed task packages. |\n| `DEVO_TASK_RUNTIME`            | `auto`    | No       | Task runtime: `auto`, `bun`, or `node`.                       |\n| `DEVO_WORKERS`                 | `2`       | No       | Number of task workers.                                       |\n| `DEVO_TASK_TIMEOUT_MS`         | `30000`   | No       | Maximum runtime for a task process before it is killed.       |\n| `DEVO_TASK_MAX_OUTPUT_BYTES`   | `1048576` | No       | Maximum captured stdout\u002Fstderr per run.                       |\n| `DEVO_TASK_MAX_LOG_LINE_BYTES` | `16384`   | No       | Maximum stored bytes for one log line.                        |\n| `DEVO_TERMINAL_TIMEOUT_MS`     | `120000`  | No       | Maximum time for an editor terminal command.                  |\n| `DEVO_SCHEDULER_INTERVAL_MS`   | `15000`   | No       | How often cron tasks are checked.                             |\n| `DEVO_RUN_RETENTION_DAYS`      | `30`      | No       | Run history retention by age. Use `0` to disable.             |\n| `DEVO_MAX_RUNS_PER_TASK`       | `100`     | No       | Run history retention by count per task. Use `0` to disable.  |\n\nUse task-level `.env` files for task secrets such as API keys, database URLs, and integration tokens. Task env values are edited per task in the editor and are passed only to that task's run process.\n\nDevo validates app-level environment variables at startup with Zod. If a required value is missing or malformed, startup fails with an `Invalid Devo environment` error.\n\n## AI Providers\n\nConfigure AI providers in Settings. API keys are stored in the local Devo database and are scoped to the user that saved them.\n\nSupported provider entries:\n\n- OpenAI\n- Anthropic Claude\n- DeepSeek\n- Kimi\n- GLM \u002F Z.ai\n- OpenRouter\n- Custom OpenAI-compatible provider\n\nEach provider can have its own API key, base URL, model list, and default model. Model lists use SDK metadata as a fallback and can be refreshed from the provider API after an API key is saved.\n\nThe task editor chat lets you switch provider and model before sending a prompt.\n\n## Task Files\n\nEach task is edited as files:\n\n- `main.ts`: task code\n- `.env`: task environment variables\n- `package.json`: task dependencies\n\nTask name, description, trigger type, cron expression, timezone, and webhook URL are stored in the database and edited from the task editor settings panel.\n\nIf `main.ts` imports a package that is missing from `package.json`, Devo shows a warning in the editor. Install dependencies from the task Terminal, for example:\n\n```bash\nbun add zod\n```\n\nFor Node task runtime, use the package manager you want for that task, such as `npm install zod`.\n\nTask runs execute from that task directory, so dependencies installed from Terminal are available to later manual, cron, and webhook runs.\n\n### Manual Task\n\n`main.ts`:\n\n```ts\nexport async function run(payload: unknown, ctx: { run_id: string; task_id: string; trigger: string }) {\n  console.log(\"manual payload\", payload);\n\n  return {\n    ok: true,\n    run_id: ctx.run_id,\n    at: new Date().toISOString()\n  };\n}\n```\n\n### Webhook Task\n\n`main.ts`:\n\n```ts\nexport async function webhook(req: Request, ctx: DevoWebhookContext) {\n  const raw_body = await req.text();\n  const body = JSON.parse(raw_body) as { id: string };\n\n  console.log(\"received order\", {\n    id: body.id,\n    run_id: ctx.run_id,\n    signature: req.headers.get(\"x-shopify-hmac-sha256\")\n  });\n\n  return Response.json({\n    ok: true,\n    orderId: body.id\n  });\n}\n```\n\nWebhook tasks get an opaque endpoint generated by Devo. Treat that URL like a secret. Rotate it if it is exposed. `req` is reconstructed with the original method, URL, query string, headers, and raw body. Use `await req.text()` when signature verification needs the raw body; otherwise use `await req.json()`.\n\n### Cron Task\n\n`main.ts`:\n\n```ts\nexport async function cron(ctx: { run_id: string; task_id: string; trigger: string }) {\n  console.log(\"nightly sync started\", ctx.run_id);\n\n  return {\n    ok: true,\n    syncedAt: new Date().toISOString()\n  };\n}\n```\n\nCron tasks use five-field cron expressions. The scheduler runs inside the app process and checks due tasks every `DEVO_SCHEDULER_INTERVAL_MS`.\n\n### Task Environment\n\nTask `.env` files use `KEY=value` lines:\n\n```dotenv\nDATABASE_URL=postgres:\u002F\u002Fuser:password@localhost:5432\u002Fapp\nSHOPIFY_TOKEN=shpat_xxx\n```\n\nBlank lines and lines starting with `#` are ignored. App-level secrets such as `AUTH_SECRET` and `ORIGIN` are not passed into task processes.\n\n## Data\n\nBy default Devo stores local runtime data under `.devo`:\n\n- `devo.db`\n- task source files\n- per-task package installs\n- run files and logs\n\nSet `DEVO_DATA_DIR` to move this directory:\n\n```sh\nDEVO_DATA_DIR=\u002Fvar\u002Flib\u002Fdevo\n```\n\nBack up this directory if you care about tasks, users, AI provider settings, and run history.\n\n## Deployment Notes\n\nFor a basic self-hosted deployment:\n\n1. Install dependencies with `bun install`.\n2. Build the app with `bun run build`.\n3. Set `AUTH_SECRET` to a strong random value.\n4. Set `ORIGIN` to the exact public URL, for example `https:\u002F\u002Fdevo.example.com`.\n5. Set `DEVO_DATA_DIR` to a persistent directory or mounted volume.\n6. Set `DEVO_TASK_RUNTIME` if you want to force `bun` or `node`; otherwise leave it as `auto`.\n7. Run the built SvelteKit app with the Node adapter output.\n8. Put Devo behind HTTPS if it is reachable outside localhost.\n\nExample runtime command:\n\n```sh\nNODE_ENV=production HOST=0.0.0.0 PORT=3000 node build\n```\n\nFor MVP deployments, run one Devo app instance. The scheduler and worker pool run inside the app process, and multiple app instances can duplicate scheduler work unless you add external coordination.\n\nKeep `DEVO_DATA_DIR` on durable storage. If this directory is deleted, Devo loses users, tasks, provider settings, run history, installed packages, and local task files.\n\n## Security Notes\n\nCurrent protections:\n\n- Authentication is required for the app and internal APIs.\n- The first user is admin; later public registration is blocked.\n- Tasks and runs are scoped by owner in the app.\n- Webhook URLs are opaque and can be rotated.\n- Task processes run separately from the app process.\n- The worker pool limits concurrent task runs.\n- Per-run timeout kills long-running task processes.\n- Output size caps prevent unlimited log capture.\n- Stale running runs are cleaned up on startup.\n\nCurrent limitations:\n\n- Task code is not container-isolated.\n- Task code can access the host permissions available to the task process.\n- Network and filesystem access are not policy-restricted.\n- Dependencies installed by tasks run package install scripts.\n- Webhook URLs act like bearer secrets; anyone with the URL can trigger that task.\n- This is not ready for untrusted third-party users.\n\nRun Devo only for users you trust. For untrusted users or commercial hosted multi-tenant use, Devo needs a stronger isolation layer such as containers, microVMs, or a dedicated sandbox.\n\n## License\n\nLicense is not finalized yet.\n","Devo 是一个自托管的 TypeScript 自动化运行器，通过 AI 辅助生成可编辑的任务，并支持从 Webhook、定时任务或手动触发执行。其核心功能包括利用 AI 生成自动化任务代码，用户可以在浏览器中编辑这些 TypeScript\u002FJavaScript 代码，并通过常见的配置文件如 `.env` 和 `package.json` 来调整环境变量和依赖项。每个任务作为独立进程运行，能够像常规项目一样导入 npm 包。适合需要复杂逻辑且难以通过图形界面节点连接实现的自动化场景使用，例如数据处理管道、API 调用链等。当前版本主要面向本地部署及受信任用户的使用。",2,"2026-06-11 04:07:46","CREATED_QUERY"]