Try it
.second-dev.txt. Walk through onboarding, then type a prompt and click Build to see the agent work.
For the full developer setup, see Quickstart.
What you get
| Capability | What it means |
|---|---|
| AI agent that builds apps | Type a prompt → agent writes code, runs commands, iterates |
| App agents with custom tools | Apps trigger scoped AI agents that call external APIs (HubSpot, Slack, etc.) with secure secret injection |
| Draft/review governance | Draft edits, agent permissions, integrations, and published snapshots stay under admin/owner control |
| Audit logs | Owners/admins can inspect workspace-scoped governance, agent, integration, and app-data changes without exposing secrets or payloads |
| Live data persistence | Apps persist data in MongoDB via useCollection/useDoc with live updates via Change Streams |
| Async agent execution | Agents run in the background and write results to the app’s database, even after the user closes their browser |
| Real-time streaming | See text, tool calls, and reasoning appear as they happen |
| Workspace-scoped data | Every record belongs to exactly one workspace |
| Membership enforcement | API access requires proven membership |
| Pluggable auth | Local none mode for development, external mode for production |
| Local Claude auth | Uses your existing claude login, no API key needed for local dev |
| Provider-agnostic design | Claude today, extensible to other agent providers |
How it works
- User types a prompt in the composer and clicks Build.
- An app and run are created in MongoDB.
- The browser navigates to the app page.
useChatsends the prompt to the chat API route.- The API route connects to the worker, which starts a Claude agent session.
- The worker streams raw SDK events back to Next.js.
- Next.js translates them into the AI SDK UIMessageStream protocol.
- The browser renders text, tool calls, and reasoning in real time.
- The agent edits a Vite + React + TypeScript workspace and calls
done_building, then the worker runsnpm run build. - The frontend fetches live workspace files through the web API (which proxies to the worker) and renders a sandboxed iframe preview.
- When the agent finishes, messages and source snapshots are persisted to MongoDB.
- Persisted source snapshots are used for recovery/rehydration after worker churn; live preview reads come from the worker filesystem.
Next steps
- Quickstart: run locally and build your first app
- Enterprise Deployment and Security: customer-owned auth, OAuth apps, app-scoped credentials,
agents.json, and app-agent governance - Architecture: system overview with diagrams
- App Governance: draft vs published snapshots, review flow, and governed agent config
- Audit Logs: workspace audit schema, redaction, permissions, and event coverage
- Agent System: worker, bridge, and provider abstraction
- App Agents: how apps trigger AI agents with custom tools
- App Data: live data persistence with MongoDB and Change Streams
- Integrations: API secrets, custom HTTP tools, and mock data
- Streaming: the two-hop streaming protocol in detail
- Authentication: local vs external auth modes
- Product Analytics: PostHog capture, anonymization, and opt-out behavior
- Self-hosting: deploy to production
- App Preview: artifact preview pipeline, build step, iframe rendering, and source file persistence
- Contributing: help improve Second