Summary of changes in this fork versus upstream vercel-labs/open-agents:
- Supabase database — Wired the app to Supabase Postgres with SQL migrations under
supabase/migrations/, replacing the prior Drizzle-centric setup for core persistence. - Supabase Auth — Added Supabase-backed authentication and seed data; removed the Vercel OAuth–based login path from the hosted UI.
- Fewer Vercel product ties — Removed Vercel login/projects UI affordances, dropped use of the Vercel AI gateway for model routing, and removed the leaderboard feature.
- Security and types — Added Row Level Security policies and regenerate Supabase TypeScript types (
database.types.ts) for the new schema. - API cleanup — Removed the Vercel project env-vars API route and its tests.
- just-bash sandbox + isomorphic-git — Optional in-process sandbox (
just-bash) for local exploration; repository bootstrap (clone/init) and interactivegitcommands run via isomorphic-git on the virtual workspace filesystem—there is no hostgitbinary.
Open Agents is an open-source reference app for building and running background coding agents on Vercel. It includes the web UI, the agent runtime, sandbox orchestration, and the GitHub integration needed to go from prompt to code changes without keeping your laptop involved.
The repo is meant to be forked and adapted, not treated as a black box.
Open Agents is a three-layer system:
Web -> Agent workflow -> Sandbox VM
- The web app handles auth, sessions, chat, and streaming UI.
- The agent runs as a durable workflow on Vercel.
- The sandbox is the execution environment: filesystem, shell, git, dev servers, and preview ports.
The agent does not run inside the VM. It runs outside the sandbox and interacts with it through tools like file reads, edits, search, and shell commands.
That separation is the main point of the project:
- agent execution is not tied to a single request lifecycle
- sandbox lifecycle can hibernate and resume independently
- model/provider choices and sandbox implementation can evolve separately
- the VM stays a plain execution environment instead of becoming the control plane
- chat-driven coding agent with file, search, shell, task, skill, and web tools
- durable multi-step execution with Workflow SDK-backed runs, streaming, and cancellation
- isolated Vercel sandboxes with snapshot-based resume
- repo cloning and branch work inside the sandbox
- optional auto-commit, push, and PR creation after a successful run
- session sharing via read-only links
- optional voice input via ElevenLabs transcription
A few details that matter for understanding the current implementation:
- Chat requests start a workflow run instead of executing the agent inline.
- Each agent turn can continue across many persisted workflow steps.
- Active runs can be resumed by reconnecting to the stream for the existing workflow.
- Sandboxes use a base snapshot, expose ports
3000,5173,4321, and8000, and hibernate after inactivity. - Auto-commit and auto-PR are supported, but they are preference-driven features, not always-on behavior.
- When the sandbox type is just-bash (user preference / session setting), git is provided by isomorphic-git against the emulated filesystem;
These requirements are based on the current apps/web codepath and apps/web/.env.example.
Supabase connects the Next.js app to Postgres (schema lives in supabase/migrations/):
NEXT_PUBLIC_SUPABASE_URL=
NEXT_PUBLIC_SUPABASE_ANON_KEY=
SUPABASE_SERVICE_ROLE_KEY=The coding agent stack expects direct OpenAI API access:
OPENAI_API_KEY=Anything that encrypts persisted credentials needs:
ENCRYPTION_KEY=Configure Authentication → URL configuration in the Supabase dashboard: set the site URL to your deployment origin and add redirect URLs https://YOUR_DOMAIN/auth/callback and http://localhost:3000/auth/callback for local development. The three Supabase env vars above must match your project.
If you want users to connect GitHub, install the app on repos/orgs, clone private repos, push branches, or open PRs, add these GitHub App values:
NEXT_PUBLIC_GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
GITHUB_APP_ID=
GITHUB_APP_PRIVATE_KEY=
NEXT_PUBLIC_GITHUB_APP_SLUG=
GITHUB_WEBHOOK_SECRET=REDIS_URL=
KV_URL=
VERCEL_PROJECT_PRODUCTION_URL=
NEXT_PUBLIC_VERCEL_PROJECT_PRODUCTION_URL=
VERCEL_SANDBOX_BASE_SNAPSHOT_ID=
ELEVENLABS_API_KEY=REDIS_URL/KV_URL: optional skills metadata cache (falls back to in-memory when not configured).VERCEL_PROJECT_PRODUCTION_URL/NEXT_PUBLIC_VERCEL_PROJECT_PRODUCTION_URL: canonical production URL for metadata and some callback behavior.VERCEL_SANDBOX_BASE_SNAPSHOT_ID: override the default sandbox snapshot.ELEVENLABS_API_KEY: voice transcription.
Recommended path: deploy this repo at the repo root, then configure Supabase and GitHub.
-
Fork this repo.
-
Create a Supabase project. Apply the SQL in
supabase/migrations/to your database (Supabase SQL editor orsupabase db pushagainst your linked project). -
Generate an encryption secret for stored tokens:
openssl rand -hex 32 # ENCRYPTION_KEY (32-byte hex) -
Import the repo.
-
Add at least these env vars in Vercel project settings:
NEXT_PUBLIC_SUPABASE_URL= NEXT_PUBLIC_SUPABASE_ANON_KEY= SUPABASE_SERVICE_ROLE_KEY= ENCRYPTION_KEY= OPENAI_API_KEY=
-
Deploy once to get a stable production URL.
-
In the Supabase dashboard, set Authentication URL configuration (site URL + redirect URLs including
https://YOUR_DOMAIN/auth/callback). -
If you want the full GitHub-enabled coding-agent flow, create a GitHub App using:
- Homepage URL:
https://YOUR_DOMAIN - Callback URL:
https://YOUR_DOMAIN/api/github/app/callback - Setup URL:
https://YOUR_DOMAIN/api/github/app/callback
In the GitHub App settings:
- enable "Request user authorization (OAuth) during installation"
- use the GitHub App's Client ID and Client Secret for
NEXT_PUBLIC_GITHUB_CLIENT_IDandGITHUB_CLIENT_SECRET - make the app public if you want org installs to work cleanly
- Homepage URL:
-
Add the GitHub App env vars and redeploy.
-
Optionally add Redis/KV and the canonical production URL vars.
-
Install dependencies:
bun install
-
Create your local env file:
cp apps/web/.env.example apps/web/.env
-
Fill in the required values in
apps/web/.env. For a local database, runsupabase startfrom the repo root and apply migrations, or point the Supabase env vars at a dev project. -
Start the app:
bun run web
Match the Supabase Site URL and Redirect URLs to where the app runs (https://YOUR_DOMAIN and https://YOUR_DOMAIN/auth/callback, plus http://localhost:3000 / http://localhost:3000/auth/callback for local dev). Keys come from Project Settings → API.
You do not need a separate GitHub OAuth app. Open Agents uses the GitHub App's user authorization flow.
Create a GitHub App for installation-based repo access and configure:
- Homepage URL:
https://YOUR_DOMAIN - Callback URL:
https://YOUR_DOMAIN/api/github/app/callback - Setup URL:
https://YOUR_DOMAIN/api/github/app/callback - enable "Request user authorization (OAuth) during installation"
- make the app public if you want org installs to work cleanly
For local development, use http://localhost:3000/api/github/app/callback for the callback/setup URL and http://localhost:3000 as the homepage URL.
Then set:
NEXT_PUBLIC_GITHUB_CLIENT_ID=... # GitHub App Client ID
GITHUB_CLIENT_SECRET=... # GitHub App Client Secret
GITHUB_APP_ID=...
GITHUB_APP_PRIVATE_KEY=...
NEXT_PUBLIC_GITHUB_APP_SLUG=...
GITHUB_WEBHOOK_SECRET=...GITHUB_APP_PRIVATE_KEY can be stored as the PEM contents with escaped newlines or as a base64-encoded PEM.
bun run web
bun run check
bun run typecheck
bun run ci
bun run sandbox:snapshot-baseapps/web Next.js app, workflows, auth, chat UI
packages/agent agent implementation, tools, subagents, skills
packages/sandbox sandbox abstraction and Vercel sandbox integration
packages/shared shared utilities
supabase/ Postgres migrations and Supabase CLI config