02
BACK TO PROJECTS LISTArche
DevTools / AI Agents
Self-hosted CLI that wires a Jira ticket to a GitLab merge request via a plan → execute → review pipeline with human approval gates. Code runs in per-run Docker sandboxes; LLM calls go through OpenRouter.
Context
Personal project / DevTools
~3 weeks (Apr 9 – May 1, 2026)
Solo
Run a planning → coding → review loop on a Jira ticket without depending on a SaaS agent platform. Everything has to run on a VPS the operator controls, with Docker isolation around code execution and human approval at the gates that matter.
My Role
Solo creator
RESPONSIBILITIES
- —3-process layout (CLI, Fastify server, Node worker) sharing a SQLite database via better-sqlite3 + Drizzle
- —Plan / execute / review state machine with bounded review cycles, auto-retry on reviewer changes, human approval timeouts
- —Docker sandbox lifecycle with tokenized command allowlist (no implicit shell escape)
- —Jira + GitLab + GitHub orchestration with git remote auth
- —18 vitest files covering policy, sandbox, SQLite, lease/heartbeat, manual-run flows
DELIVERABLES
v0.1.0 of a private, self-hosted orchestrator: CLI + HTTP API + worker + React dashboard, deployable on a single VPS
Results
- ✓Demoable end-to-end on the author's machine: Jira ticket → branch + commits → GitLab merge request
- ✓Sandbox is hardened by default: read-only rootfs, no_new_privileges, tokenized command allowlist
ACHIEVEMENTS
- •Tokenized (non-shell) command allowlist preventing pnpm test && rm -rf / style escapes
- •Worker lease/heartbeat for safe concurrency on shared SQLite
- •Fail-closed network bind: server aborts on non-loopback host without ARCHE_SERVER_AUTH_TOKEN
Technical Stack
TECHNOLOGIES
TypeScriptNode.jsFastifySQLiteDrizzle ORMDockerOpenRouterAI AgentsJira APIGitLab APICLIViteSelf-hostedDevOps Automation
KEY FEATURES
- —CLI with arche init wizard, arche doctor environment checks, and arche runs manual <KEY> to trigger a run
- —Fastify HTTP API (~15 endpoints) protected by bearer token, with a Jira webhook entrypoint
- —React 19 + daisyUI web dashboard to monitor runs, approve plans, and view diffs/logs
- —Per-run Docker sandbox (read-only rootfs, cap_drop ALL, no_new_privileges, pids/memory/cpu limits) with a tokenized (non-shell) command allowlist
- —Plan / execute / review state machine with bounded max_review_cycles and human approval gates
- —Multi-model execution profiles (planner / executor / reviewer) via OpenRouter
Gallery
Similar project in mind?
Let's discuss how I can help you