indifferentketchup/boocode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34 Commits 8 Branches 91 Tags
7f0fd1281b83ca6eec27493d25ca1a576a5766b2
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
indifferentketchup 7f0fd1281b security: scope /opt mount to /opt/projects 
Splits the previous /opt:/opt:rw bind into two mounts to narrow the
writable scope of the container:

- /opt:/opt:ro — read-only mount for legacy/existing project
  add-existing flow. resolveProjectPath still uses
  PROJECT_ROOT_WHITELIST (/opt by default) so existing projects under
  /opt/<name> (analytics, boolab, boocode itself) continue to resolve
  and serve their file-tree via the read-only tools.
- /opt/projects:/opt/projects:rw — writable mount targeted at the
  create-new-project bootstrap path.

Picked Option B from the spec (simpler than two scan roots):
PROJECT_ROOT_WHITELIST stays /opt, new BOOTSTRAP_ROOT env var defaults
to /opt/projects and is used by project_bootstrap.ts as the mkdir
target. Bootstrap path-escape check now compares against
BOOTSTRAP_ROOT.

Prereq: host must `mkdir -p /opt/projects` before next container
restart. Documented in CLAUDE.md and .env.example.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-16 04:35:59 +00:00
apps
security: scope /opt mount to /opt/projects
2026-05-16 04:35:59 +00:00
.dockerignore
initial
2026-05-14 19:24:50 +00:00
.env.example
security: scope /opt mount to /opt/projects
2026-05-16 04:35:59 +00:00
.gitignore
initial
2026-05-14 19:24:50 +00:00
CLAUDE.md
security: scope /opt mount to /opt/projects
2026-05-16 04:35:59 +00:00
docker-compose.yml
security: scope /opt mount to /opt/projects
2026-05-16 04:35:59 +00:00
Dockerfile
initial
2026-05-14 19:24:50 +00:00
package.json
initial
2026-05-14 19:24:50 +00:00
pnpm-lock.yaml
test: vitest harness + unit tests for security-critical pure functions
2026-05-16 04:35:31 +00:00
pnpm-workspace.yaml
initial
2026-05-14 19:24:50 +00:00
README.md
initial
2026-05-14 19:24:50 +00:00
tsconfig.base.json
initial
2026-05-14 19:24:50 +00:00

README.md

boocode

Self-hosted single-user developer chat app. v1: chat only.

Stack

  • Node 20, Fastify, postgres (porsager/postgres), ws, zod
  • React 18, Vite, TypeScript, Tailwind v4, shadcn/ui
  • Postgres 16
  • pnpm workspaces

Layout

  • apps/server — Fastify API + WebSocket + inference loop + file-read tools
  • apps/web — React frontend; served by Fastify in production, Vite in dev

Local dev

Requires Node 20, pnpm, Docker (for Postgres), and ripgrep.

# install
pnpm install

# bring up postgres only
cp .env.example .env
# edit POSTGRES_PASSWORD if you like; default DATABASE_URL points at the container
docker compose up -d boocode_db

# run server (port 3000) and web (port 5173) in two shells
DATABASE_URL=postgres://boocode:devpass@127.0.0.1:5500/boocode \
LLAMA_SWAP_URL=http://100.101.41.16:8401 \
pnpm dev:server

pnpm dev:web

The Vite dev server proxies /api and /api/ws/* to the Fastify backend with a synthetic Remote-User: sam header so the Authelia auth layer can be skipped during development.

Production

cd /opt/boocode
docker compose up --build -d

Binds to 100.114.205.53:9500 (Tailscale). Authelia is expected to gate the upstream and inject Remote-User. Postgres binds loopback only.

What v1 has

Project sidebar, sessions per project, chat with streaming responses over WebSocket, four file-read tools scoped to the project root (view_file, list_dir, grep, find_files), and a model picker driven by llama-swap's /v1/models.

What v1 does not have lives in v2 (terminal pane) and v3 (Coder pane).

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme AGPL-3.0 7.4 MiB
Languages
TypeScript 94%
CSS 1.9%
JavaScript 1.2%
Shell 0.8%
Go 0.6%
Other 1.5%