[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-83857":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":9,"totalLinesOfCode":9,"stars":12,"forks":13,"watchers":14,"openIssues":14,"contributorsCount":9,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":17,"stars90d":15,"forks30d":15,"starsTrendScore":18,"compositeScore":19,"rankGlobal":9,"rankLanguage":9,"license":9,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":20,"hasPages":20,"topics":9,"createdAt":9,"pushedAt":9,"updatedAt":22,"readmeContent":23,"aiSummary":9,"trendingCount":15,"starSnapshotCount":15,"syncStatus":24,"lastSyncTime":25,"discoverSource":26},83857,"maple","Makisuo\u002Fmaple","Makisuo","OpenTelemetry observability platform",null,"https:\u002F\u002Fgithub.com\u002FMakisuo\u002Fmaple","TypeScript",1238,73,3,0,172,250,516,100.61,false,"main","2026-06-12 04:01:42","\u003Cp align=\"center\">\n  \u003Cimg src=\".github\u002Fassets\u002Fmaple-hero.png\" alt=\"Maple — open-source observability for traces, logs, and metrics, built on OpenTelemetry\" width=\"100%\" \u002F>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Cstrong>Open-source observability for traces, logs &amp; metrics — built on OpenTelemetry + ClickHouse.\u003C\u002Fstrong>\n\u003C\u002Fp>\n\n# Maple Monorepo\n\nMaple is now organized as a monorepo with a SPA frontend and an Effect-based backend API.\n\n## Workspace Layout\n\n- `apps\u002Fweb`: TanStack Router SPA (Vite)\n- `apps\u002Fapi`: Effect HTTP API (Tinybird proxy + MCP server code)\n- `apps\u002Fingest`: OTLP ingest gateway (key auth + org enrichment + collector forwarding)\n- `apps\u002Flanding`: Astro landing site\n- `apps\u002Falerting`: Alert evaluation worker\n- `apps\u002Fchat-agent`: Cloudflare Worker chat surface\n- `apps\u002Fcli`: CLI utilities\n- `apps\u002Fmobile`: Expo mobile app\n- `packages\u002Fdomain`: Shared Effect HTTP contracts and domain types\n- `packages\u002Fquery-engine`: Shared query and observability logic\n- `packages\u002Fui`: Shared UI primitives and components\n\n## Prerequisites\n\n- Bun `>=1.3`\n\n## Install\n\n```bash\nbun install\n```\n\n## Develop\n\nRun every available `dev` task in the monorepo:\n\n```bash\nbun run dev\n```\n\nRun individual apps from the repo root with workspace filters:\n\n```bash\nbun --filter=@maple\u002Fweb dev\nbun --filter=@maple\u002Fapi dev\nbun --filter=@maple\u002Fingest dev\nbun --filter=@maple\u002Flanding dev\n```\n\nThere is also a dedicated root helper for alerting:\n\n```bash\nbun run dev:alerting\n```\n\nTurbo dev runs in TUI mode so interactive servers stay attached.\n\n## Validate\n\n```bash\nbun run typecheck\nbun run build\nbun run test\n```\n\n## Docker (Local)\n\nRun the local multi-service stack (API + web + ingest + otel collector):\n\n```bash\ndocker compose -f docker-compose.yml up --build\n```\n\nServices:\n\n- API: `http:\u002F\u002Flocalhost:3472`\n- Web: `http:\u002F\u002Flocalhost:3471`\n- Ingest: `http:\u002F\u002Flocalhost:3474`\n- OTEL collector: `4317` (gRPC), `4318` (HTTP), `13133` (health\u002Fextensions)\n\n## Cloudflare Deploy (Alchemy)\n\nDeployments are per-app Alchemy runs pinned to Cloudflare Workers + D1:\n\n- `apps\u002Fapi\u002Falchemy.run.ts` — D1 database `MAPLE_DB` + api Worker with all env bindings\n- `apps\u002Flanding\u002Falchemy.run.ts` — Astro build + Worker serving static assets\n- `apps\u002Fweb\u002Falchemy.run.ts` — TanStack Start app via the `Vite()` resource\n\nStage grammar is `prd` \u002F `stg` \u002F `pr-\u003Cnumber>`, resolved via `@maple\u002Finfra\u002Fcloudflare` (`parseMapleStage`, `resolveMapleDomains`, `resolveWorkerName`, `resolveD1Name`).\n\nRun locally:\n\n```bash\nbun run alchemy:deploy:prd\nbun run alchemy:deploy:stg\nPR_NUMBER=123 bun run alchemy:deploy:pr\n```\n\nTear down:\n\n```bash\nbun run alchemy:destroy:prd\nbun run alchemy:destroy:stg\nPR_NUMBER=123 bun run alchemy:destroy:pr\n```\n\nCI workflows:\n\n- STG (default on push to `main`): `.github\u002Fworkflows\u002Fdeploy-stg.yml`\n- PRD (manual only via `workflow_dispatch`): `.github\u002Fworkflows\u002Fdeploy-prd.yml`\n- PR preview lifecycle: `.github\u002Fworkflows\u002Fdeploy-pr-preview.yml` (`pull_request` opened\u002Fsynchronize\u002Freopened\u002Fclosed)\n\nSecrets source model (CI):\n\n- GitHub Secrets (only one): `DOPPLER_TOKEN`\n- Doppler configs (`prd`, `stg`, `pr`) must define:\n    - `ALCHEMY_PASSWORD`\n    - `ALCHEMY_STATE_TOKEN`\n    - `CLOUDFLARE_API_TOKEN`\n    - `CLOUDFLARE_DEFAULT_ACCOUNT_ID`\n    - `TINYBIRD_HOST`\n    - `TINYBIRD_TOKEN`\n    - `RESEND_API_KEY`\n    - `RESEND_FROM_EMAIL`\n    - `MAPLE_INGEST_KEY_ENCRYPTION_KEY`\n    - `MAPLE_INGEST_KEY_LOOKUP_HMAC_KEY`\n    - `MAPLE_AUTH_MODE`\n    - `MAPLE_ROOT_PASSWORD` (required in `self_hosted` mode)\n    - `CLERK_SECRET_KEY`\n    - `CLERK_PUBLISHABLE_KEY`\n    - `CLERK_JWT_KEY`\n\nFree\u002FStarter note: when using a personal Doppler token, the workflow must also specify Doppler selectors (`doppler-project`, `doppler-config`). This repo uses `maple` with stage configs `prd`, `stg`, and `pr`.\n\nRuntime API URL behavior:\n\n- Deploy-time web builds resolve `VITE_API_BASE_URL` from the Cloudflare api worker domain (`api.maple.dev` in `prd`, `api-staging.maple.dev` in `stg`, worker.dev URL for `pr-*`).\n- Local `bun --filter=@maple\u002Fweb dev` can still use root `.env` `VITE_API_BASE_URL` for local API routing.\n\n## Environment\n\n- Canonical env example: `.env.example`\n- API-only env example: `apps\u002Fapi\u002F.env.example`\n- Real `.env` values are local-only and should stay untracked.\n\nThe web app expects `VITE_API_BASE_URL` to point to the API (defaults to `http:\u002F\u002Flocalhost:3472`).\n\nFor ingest + key auth, set these at minimum in your root `.env` when running the ingest gateway:\n\n- `MAPLE_INGEST_KEY_LOOKUP_HMAC_KEY`\n- `INGEST_PORT`\n- `INGEST_FORWARD_OTLP_ENDPOINT`\n- `INGEST_FORWARD_TIMEOUT_MS`\n- `INGEST_MAX_REQUEST_BODY_BYTES`\n- `INGEST_REQUIRE_TLS`\n\n## Persistence (SQLite \u002F Turso)\n\nMaple now persists dashboards in SQLite via libSQL:\n\n- Default local mode: no Turso CLI needed. If `MAPLE_DB_URL` is unset, Maple uses `apps\u002Fapi\u002F.data\u002Fmaple.db`.\n- Turso cloud mode: set `MAPLE_DB_URL` to your Turso\u002FlibSQL URL and `MAPLE_DB_AUTH_TOKEN` to your token.\n- Self-hosting: persist the `apps\u002Fapi\u002F.data` directory as a volume so dashboard state survives container\u002Frestart cycles.\n\nMigration commands:\n\n```bash\nbun --filter=@maple\u002Fapi db:migrate\nbun --filter=@maple\u002Fdb db:generate\nbun --filter=@maple\u002Fdb db:push\nbun --filter=@maple\u002Fdb db:studio\n```\n\nWhen running the API (`bun --filter=@maple\u002Fapi dev` or `bun --filter=@maple\u002Fapi start`), migrations are applied automatically before boot.\n\n## Ingest Keys\n\n- Maple now manages per-org ingest keys in the database (`public` + `private`).\n- Keys are available in Settings and can be rerolled independently.\n- Reroll revokes the previous key immediately.\n- Private ingest keys are encrypted at rest with `MAPLE_INGEST_KEY_ENCRYPTION_KEY` (base64-encoded 32-byte key).\n- Ingest key lookup\u002Fauth uses non-reversible HMAC hashes via `MAPLE_INGEST_KEY_LOOKUP_HMAC_KEY`.\n\n## Auth Modes\n\nMaple supports exactly two auth modes via `MAPLE_AUTH_MODE`:\n\n1. `clerk`\n    - Create a Clerk application with Organizations enabled.\n    - Set `MAPLE_AUTH_MODE=clerk`\n    - Set `CLERK_SECRET_KEY`\n    - Optionally set `CLERK_JWT_KEY` for networkless verification\n    - Set `CLERK_PUBLISHABLE_KEY` for the web app\n    - Optionally override `VITE_CLERK_SIGN_IN_URL` and `VITE_CLERK_SIGN_UP_URL`\n2. `self_hosted`\n    - Set `MAPLE_AUTH_MODE=self_hosted`\n    - Set `MAPLE_ROOT_PASSWORD` (required)\n    - Set `MAPLE_DEFAULT_ORG_ID` (defaults to `default`)\n    - Users must sign in at `\u002Fsign-in` with the root password before accessing the dashboard\u002FAPI.\n\nStart apps:\n\n```bash\nbun --filter=@maple\u002Fapi dev\nbun --filter=@maple\u002Fweb dev\n```\n\nValidate behavior:\n\n- Clerk mode:\n    - Signed-out users are redirected to `\u002Fsign-in`\n    - Signed-in users without an active org are redirected to `\u002Forg-required`\n    - Signed-in users with an active org can query the API with bearer auth\n- Self-hosted mode:\n    - Signed-out users are redirected to `\u002Fsign-in`\n    - `MAPLE_ROOT_PASSWORD` login issues a bearer session token\n    - Protected API routes reject requests without a valid bearer session token\n\nBreaking change:\n\n- Self-hosted multi-tenant JWT\u002FAPI-key auth paths were removed.\n- `MAPLE_ROOT_PASSWORD` is now required when `MAPLE_AUTH_MODE=self_hosted`.\n",2,"2026-06-11 04:11:41","trending"]