02

Arche

DevTools / AI Agents

BACK TO PROJECTS LIST

Self-hosted CLI that wires a Jira ticket to a GitLab merge request via a plan → execute → review pipeline with human approval gates. Code runs in per-run Docker sandboxes; LLM calls go through OpenRouter.

Context

Personal project / DevTools
~3 weeks (Apr 9 – May 1, 2026)
Solo

Run a planning → coding → review loop on a Jira ticket without depending on a SaaS agent platform. Everything has to run on a VPS the operator controls, with Docker isolation around code execution and human approval at the gates that matter.

My Role

Solo creator

RESPONSIBILITIES

  • 3-process layout (CLI, Fastify server, Node worker) sharing a SQLite database via better-sqlite3 + Drizzle
  • Plan / execute / review state machine with bounded review cycles, auto-retry on reviewer changes, human approval timeouts
  • Docker sandbox lifecycle with tokenized command allowlist (no implicit shell escape)
  • Jira + GitLab + GitHub orchestration with git remote auth
  • 18 vitest files covering policy, sandbox, SQLite, lease/heartbeat, manual-run flows

DELIVERABLES

v0.1.0 of a private, self-hosted orchestrator: CLI + HTTP API + worker + React dashboard, deployable on a single VPS

Results

  • Demoable end-to-end on the author's machine: Jira ticket → branch + commits → GitLab merge request
  • Sandbox is hardened by default: read-only rootfs, no_new_privileges, tokenized command allowlist

ACHIEVEMENTS

  • Tokenized (non-shell) command allowlist preventing pnpm test && rm -rf / style escapes
  • Worker lease/heartbeat for safe concurrency on shared SQLite
  • Fail-closed network bind: server aborts on non-loopback host without ARCHE_SERVER_AUTH_TOKEN

Technical Stack

TECHNOLOGIES

TypeScriptNode.jsFastifySQLiteDrizzle ORMDockerOpenRouterAI AgentsJira APIGitLab APICLIViteSelf-hostedDevOps Automation

KEY FEATURES

  • CLI with arche init wizard, arche doctor environment checks, and arche runs manual <KEY> to trigger a run
  • Fastify HTTP API (~15 endpoints) protected by bearer token, with a Jira webhook entrypoint
  • React 19 + daisyUI web dashboard to monitor runs, approve plans, and view diffs/logs
  • Per-run Docker sandbox (read-only rootfs, cap_drop ALL, no_new_privileges, pids/memory/cpu limits) with a tokenized (non-shell) command allowlist
  • Plan / execute / review state machine with bounded max_review_cycles and human approval gates
  • Multi-model execution profiles (planner / executor / reviewer) via OpenRouter

Gallery

Similar project in mind?

Let's discuss how I can help you

Related Projects

PortfolioPortfolioPortfolioPortfolio

© 2026

Designed and developed by Vivien Gontier