[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-83423":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":17,"stars30d":17,"stars90d":16,"forks30d":16,"starsTrendScore":15,"compositeScore":18,"rankGlobal":10,"rankLanguage":10,"license":10,"archived":19,"fork":19,"defaultBranch":20,"hasWiki":19,"hasPages":19,"topics":21,"createdAt":10,"pushedAt":10,"updatedAt":22,"readmeContent":23,"aiSummary":10,"trendingCount":16,"starSnapshotCount":16,"syncStatus":15,"lastSyncTime":24,"discoverSource":25},83423,"thrush-swe-agent","shoyann\u002Fthrush-swe-agent","shoyann","Thrush is a semi-automatic SWE agent: it reads, reasons, and chambers code changes for you — but every write waits for your explicit approval before it hits disk.","",null,"TypeScript",76,10,59,2,0,13,3.12,false,"main",[],"2026-06-12 02:04:34","\u003Cp align=\"center\">\n  \u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Fbb389b24-24a8-4d2c-a9e2-aec316b43bf5\" width=\"120\" \u002F>\n\u003C\u002Fp>\n\n\u003Ch1 align=\"center\">THRUSH\u003C\u002Fh1>\n\n\u003Cp align=\"center\">\n  A self-hosted SWE agent workbench that thinks before it acts\u003Cbr>\n  plans tasks, calls tools to inspect your codebase,\u003Cbr>\n  and requires explicit approval before writing a single line.\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ccode>Next.js 15\u003C\u002Fcode> | \u003Ccode>TypeScript\u003C\u002Fcode> | \u003Ccode>SQLite\u003C\u002Fcode> | \u003Ccode>DeepSeek\u003C\u002Fcode> | \u003Ccode>Playwright\u003C\u002Fcode> | \u003Ccode>SSE\u003C\u002Fcode>\n\u003C\u002Fp>\n\n---\n\n## What it does\n\n| Capability | Detail |\n|---|---|\n| Agent loop | Lean `Perceive -> Think -> Act` loop streamed to the UI in real time |\n| Tool calling | Files, tree listing, search, web, Git, GitHub issues, and shell allowlist |\n| Agent architecture | Tool result hooks, think strategies, and direct tool plan rules keep the main loop small |\n| Draft approval | File edits are prepared as drafts and only written after explicit user approval |\n| Project workspace | Each project points at a local workspace folder; tools are sandboxed to that folder |\n| Session state | Projects, sessions, messages, tool runs, and checkpoints are stored locally in SQLite |\n| Workspace switching | A session can switch to another local workspace after confirmation, with optional read-only mode |\n| Browser tools | Playwright-powered page reading and clicking |\n| Safety boundary | Workspace path validation, SSRF checks, command allowlist, and write approval gate |\n| Observability | Every run gets a unique `req_xxxxxx` ID with structured JSON logs |\n| Auth | `POST \u002Fapi\u002Fagent` is protected by a Bearer token |\n| Model client | DeepSeek by default, with provider-aware configuration for OpenAI-compatible clients |\n\n## Quickstart\n\n1. Install dependencies:\n\n```bash\nnpm install\n```\n\n2. Copy the environment example:\n\n```powershell\nCopy-Item .env.local.example .env.local\n```\n\nOn macOS or Linux:\n\n```bash\ncp .env.local.example .env.local\n```\n\n3. Edit `.env.local` and set at least these values:\n\n```bash\nDEEPSEEK_API_KEY=your-deepseek-api-key\nAGENT_API_SECRET=replace-with-a-long-random-local-secret\nNEXT_PUBLIC_AGENT_API_SECRET=replace-with-the-same-local-secret\n```\n\n4. Start the app:\n\n```bash\nnpm run dev\n```\n\nOpen `http:\u002F\u002Flocalhost:3000`.\n\n## Point at a real project\n\nBy default, Thrush only sees `data\u002Fworkspace`.\n\nTo let it inspect a real local project, set `AGENT_WORKSPACE_ROOT` in `.env.local`:\n\n```bash\nAGENT_WORKSPACE_ROOT=C:\\your\\project\n```\n\nOn macOS or Linux:\n\n```bash\nAGENT_WORKSPACE_ROOT=\u002Fpath\u002Fto\u002Fyour\u002Fproject\n```\n\nThen restart `npm run dev`.\n\nYou can also create projects from the UI. Each project stores its own workspace path, sessions, messages, tool runs, and checkpoints in the local SQLite database at `data\u002Fthrush.db`.\n\n## Environment variables\n\n| Name | Required | Purpose |\n|---|---:|---|\n| `MODEL_PROVIDER` | No | Model provider selector; supports `deepseek`, `openai`, or `anthropic`; defaults to `deepseek` |\n| `DEEPSEEK_API_KEY` | Yes, unless another provider is selected | API key used by the server-side agent loop |\n| `DEEPSEEK_BASE_URL` | No | DeepSeek-compatible API base URL; defaults to `https:\u002F\u002Fapi.deepseek.com` |\n| `DEEPSEEK_MODEL` | No | Model name; defaults to `deepseek-v4-flash` |\n| `OPENAI_API_KEY` | If `MODEL_PROVIDER=openai` | OpenAI API key |\n| `OPENAI_BASE_URL` | No | Optional OpenAI-compatible API base URL override |\n| `OPENAI_MODEL` | If `MODEL_PROVIDER=openai` | OpenAI model name; defaults to `gpt-4.1-mini` |\n| `ANTHROPIC_API_KEY` | If `MODEL_PROVIDER=anthropic` | Anthropic API key for an OpenAI-compatible Anthropic gateway |\n| `ANTHROPIC_BASE_URL` | If `MODEL_PROVIDER=anthropic` | OpenAI-compatible Anthropic gateway URL |\n| `ANTHROPIC_MODEL` | If `MODEL_PROVIDER=anthropic` | Anthropic model name; defaults to `claude-sonnet-4-20250514` |\n| `AGENT_API_SECRET` | Yes | Server-side Bearer token required by `\u002Fapi\u002Fagent` |\n| `NEXT_PUBLIC_AGENT_API_SECRET` | Local dev only | Browser-side token used by the local UI to call `\u002Fapi\u002Fagent` |\n| `AGENT_WORKSPACE_ROOT` | No | Default absolute folder path the agent is allowed to inspect and draft edits inside |\n| `AGENT_MAX_TOOL_CALLS` | No | Maximum tool calls per agent run; defaults to `4` |\n| `GH_PATH` | No | Absolute path to `gh.exe` if GitHub CLI is not on `PATH` |\n\n## Tool list\n\n`click_page` | `git_inspect` | `list_files` | `read_file` | `read_page` | `replace_text` | `safe_command` | `search_text` | `tree_files` | `web_search` | `write_file`\n\n## Tool behavior\n\n| Tool | Purpose |\n|---|---|\n| `list_files` | Lists one folder inside the workspace |\n| `tree_files` | Returns a shallow tree summary of files and folders |\n| `read_file` | Reads a file, with optional line windows |\n| `search_text` | Searches workspace text with ripgrep |\n| `write_file` | Prepares a full-file write draft; does not write immediately |\n| `replace_text` | Prepares an exact text replacement draft; does not write immediately |\n| `safe_command` | Runs a small allowlist of local commands such as `git status`, build, test, lint, `rg`, `pytest`, `ruff`, `cargo`, or `make` |\n| `git_inspect` | Reads Git state, diffs, GitHub readiness, issues, issue details, issue plans, PR drafts, and patch exports |\n| `web_search` | Searches the public web and returns a short list of titles and links |\n| `read_page` | Opens a public page in Playwright and returns visible text |\n| `click_page` | Opens a public page, clicks one simple selector, and returns the resulting page text |\n\n## Write approval flow\n\nThrush never writes directly when the model proposes a file edit.\n\nFile modification tools return a draft first:\n\n```text\nWrite file draft only. Nothing was written to disk.\nDraft id: draft-...\nReply with APPROVE_WRITE draft-... to write this file.\nReply with CANCEL_WRITE draft-... to discard this draft.\n```\n\nThe user must explicitly approve the draft before Thrush writes to disk.\n\nShort replies like `approve`, `cancel`, `批准`, or `取消` are also supported when there is exactly one pending draft in the current session.\n\n## Security notes\n\n- Do not commit `.env.local`; it is ignored by Git.\n- Do not put real production secrets in `NEXT_PUBLIC_AGENT_API_SECRET`. Any `NEXT_PUBLIC_*` value is shipped to the browser, so users can inspect it.\n- The current browser UI auth is suitable for local development only. For production, put the UI behind real user authentication and keep the server token server-only.\n- `AGENT_WORKSPACE_ROOT` and project workspace paths are the main file boundaries. File tools reject paths outside the active workspace.\n- URL tools block localhost, loopback, and private network ranges to reduce SSRF risk.\n- `safe_command` is an allowlist, not a full sandbox. Build and test commands can still execute project code.\n- Do not run Thrush against untrusted repositories unless you understand the local execution risk.\n\n## Local state\n\nThrush stores local app state in SQLite:\n\n```text\ndata\u002Fthrush.db\n```\n\nThe database stores:\n\n- projects\n- sessions\n- messages\n- tool runs\n- checkpoints\n- session context, including pending write drafts after a run completes\n\nPending drafts are persisted in session context after the agent run finishes. A server crash in the middle of a run may still lose a just-created draft before it is saved.\n\n## Known gaps\n\n- Test coverage is still narrow. The current `test` script focuses on `safe_command`; agent loop, API routes, file tools, browser tools, workspace switching, and GitHub issue flows still need dedicated tests.\n- The main loop is modular, but `onResult`, think strategies, direct plan rules, model provider paths, and draft lifecycle flows need broader coverage.\n- `tree_files` exists, but it is intentionally shallow and capped; large repository exploration still needs better summaries.\n- The UI auth model is local-dev oriented. Production deployments need real user authentication and server-only secrets.\n- File edit review is still text-based. A proper diff viewer would make draft approval safer.\n- Command execution is allowlisted, but not isolated in a Docker or VM sandbox.\n- GitHub issue and PR features depend on local Git state, remotes, `gh`, and GitHub authentication being configured correctly.\n\n## Status\n\n> Thrush is a local, self-hosted SWE agent workbench that plans, inspects, and edits code with human approval.\n","2026-06-11 04:11:09","CREATED_QUERY"]