Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 3 additions & 7 deletions .env.example
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# ─────────────────────────────────────────────────────────────────────────────
# Solarch OSS self-host configuration.
# Solarch self-host configuration.
#
# Easiest: run ./install.sh (Linux/macOS) or ./install.ps1 (Windows) — an interactive
# wizard that fills this file for you. Or copy this to `.env`, edit, then:
Expand All @@ -18,12 +18,8 @@ BIND_ADDRESS=127.0.0.1
# SOLARCH_BASIC_AUTH_USER=
# SOLARCH_BASIC_AUTH_HASH= # bcrypt from: caddy hash-password --plaintext 'your-password'

# Rate limits (server-side; per IP by default in OSS mode)
# THROTTLE_BY=ip
# THROTTLE_LIMIT=60
# THROTTLE_TTL_MS=60000
# AI_THROTTLE_LIMIT=20
# CODEGEN_FILL_THROTTLE_LIMIT=10
# Rate limits (server-side; per IP by default in self-host mode)
# CODEGEN_FILL_THROTTLE_LIMIT=10 # surgical-fill requests per minute (global 60/min + AI 20/min are fixed)

# ── Database (Neo4j) — minimum 8 characters (Neo4j 5 requirement) ─────────────
NEO4J_PASSWORD=change_me_please
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,15 @@ jobs:
- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: OSS grep gate
- name: English-only source check
run: |
set -euo pipefail
if rg -i 'clerk|polar|posthog|ClerkAuthGuard|BILLING_ENABLED|isLocalAuth|Henüz lisanslanmadı|misafir bileti' apps docs deploy --glob '!**/.github/**'; then
echo "OSS grep gate failed — SaaS remnants found"
if rg '[ğüşıöçĞÜŞİÖÇ]' apps/server/src apps/server/test apps/server/deploy apps/server/README.md apps/server/scripts; then
echo "Non-English text found under apps/server"
exit 1
fi
if rg '[ğüşıöçĞÜŞİÖÇ]' apps/server/src apps/server/test apps/server/deploy apps/server/README.md apps/server/scripts --glob '!**/.tr-en-cache.json'; then
echo "Turkish characters found under apps/server"
if rg -iw 'yoksa|icin|olarak|zorunlu|sekme|degil|sadece|sonra|hata|dosya|deger|sayilir|bos' apps/server/src/codegen apps/server/test; then
echo "Untranslated comments or test names found"
exit 1
fi

Expand Down
4 changes: 2 additions & 2 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Contributing to Solarch

Thanks for the interest. This repository is the **OSS self-host monorepo**backend, canvas UI,
and Docker bundle. The API surface, node families, and edge semantics still move week to week, but
Thanks for the interest. This repository is the **source-available self-host monorepo**: backend,
canvas UI, and Docker bundle. The API surface, node families, and edge semantics still move week to week, but
feedback and focused PRs are very welcome.

## Ways to help
Expand Down
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

<https://polyformproject.org/licenses/noncommercial/1.0.0>

Copyright (c) 2025 Ugur Akdogan
Copyright (c) 2025-2026 Ugur Akdogan

## Acceptance

Expand Down
90 changes: 51 additions & 39 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,33 +1,32 @@
<div align="center">
<h2 align="center">
<img src="assets/logo-1779724213346.svg" alt="Solarch Logo" width="40" align="center" />
<img src="assets/logo.svg" alt="Solarch Logo" width="40" align="center" />
&nbsp;&nbsp;Solarch&nbsp;&nbsp;
</h2>
<p>Bridging diagrams and code via a strict rules engine to stop AI errors.</p>
<br/>

*Your entire workspace, on one canvas. | AI that ships. No more hallucinations.*
*Your entire workspace, on one canvas. | AI that proposes. Rules that verify.*

<br />

[![Try it](https://img.shields.io/badge/Try%20it-app.solarch.dev-ff6b1a?style=flat-square)](https://app.solarch.dev)
[![Website](https://img.shields.io/badge/Website-solarch.dev-0f0f0e?style=flat-square)](https://solarch.dev)
[![Self-Host](https://img.shields.io/badge/Self--Host-docker%20compose-666?style=flat-square)](docs/getting-started.md)
[![License](https://img.shields.io/badge/License-PolyForm%20NC%201.0-orange.svg?style=flat-square)](./LICENSE)
[![GitHub Stars](https://img.shields.io/github/stars/solarch-dev/solarch?style=flat-square)](https://github.com/solarch-dev/solarch/stargazers)
[![Last Commit](https://img.shields.io/github/last-commit/solarch-dev/solarch?style=flat-square)](https://github.com/solarch-dev/solarch/commits/main)

<br />

### ▶ &nbsp; Try it live **[app.solarch.dev](https://app.solarch.dev)** &nbsp; · &nbsp; Learn more at **[solarch.dev](https://solarch.dev)** &nbsp; · &nbsp; Or [**self-host**](#-self-hosting) this repo
### ▶ &nbsp; Try it live: **[app.solarch.dev](https://app.solarch.dev)** &nbsp; · &nbsp; Learn more at **[solarch.dev](https://solarch.dev)** &nbsp; · &nbsp; Or [**self-host**](#-self-hosting) this repo

<br />

*No install, no Docker open the app and start drawing. Self-host below if you want your own box.*
*No install, no Docker: open the app and start drawing. Self-host below if you want your own box.*

<br />

<img src="./assets/1.gif" width="100%" alt="Solarch AI builds rule-validated architecture from a single prompt" />
<img src="./assets/1.gif" width="100%" alt="Solarch: AI builds rule-validated architecture from a single prompt" />

<br />

Expand All @@ -43,14 +42,14 @@

Most AI tools generate code and hope the architecture catches up. **Solarch flips that.**

It generates **architecture first**grounded in a library of canonical patterns, validated by a strict Rules Engine, refined through a self-correcting loop. The AI proposes; the rules verify; only correct graphs ever land on the canvas.
It generates **architecture first**, grounded in a library of canonical patterns, validated by a strict Rules Engine, and refined through a self-correcting loop. The AI proposes, the rules verify, and only valid graphs land on the canvas.

* **One canvas for the whole system:** 21 node families controllers, services, repositories, tables, DTOs, queues and the 16 semantic edges between them.
* **AI Architect grounded in GraphRAG:** an agentic LLM pipeline pulls from a vector-indexed pattern library. It never starts from a blank context, never invents an API surface.
* **Rules Engine that refuses to lie:** 32 whitelist rules, 7 anti-patterns, 3 conditional checks. Frontends can't talk to tables. Controllers can't reach repositories. Period.
* **Self-correcting loop:** Rules rejection feeds back into the agent; the AI revises and tries again until the graph is cleanor never commits.
* **One canvas for the whole system:** 21 node families (controllers, services, repositories, tables, DTOs, queues) and the 16 semantic edges between them.
* **AI Architect grounded in GraphRAG:** an agentic LLM pipeline pulls from a vector-indexed pattern library, so it never plans from a blank context. Everything it proposes must pass the rules gate before it lands.
* **Rules Engine as a hard gate:** 40 whitelist rules, 7 anti-patterns, 3 conditional checks. Frontends can't talk to tables, and controllers can't reach repositories.
* **Self-correcting loop:** rules rejections feed back into the agent; the AI revises until the graph is clean, or the request ends without a commit.
* **Diagram → NestJS code:** deterministic codegen scaffold from the graph, plus optional Surgical AI for method bodies.
* **Four surfaces, one project:** Canvas, Code, API, and Docs — switch from the top bar without losing context.
* **Four surfaces, one project:** Canvas, Code, API, and Docs, switched from the top bar without losing context.
* **Live Instruct Mode:** Switch modes and chat with your design. Every answer cites the exact nodes; chips focus the canvas in real time.
* **Single-home + reference tabs:** Each node lives in one tab. Other tabs *import* it as a reference, not a copy. One source of truth, multiple views.
* **Type-safe from DB to button:** Zod schemas at the backend, OpenAPI in the middle, `openapi-fetch` on the frontend. The API contract is a compile-time check.
Expand All @@ -75,7 +74,7 @@ It generates **architecture first** — grounded in a library of canonical patte
<tr>
<td width="50%" valign="top">
<b>3. Watch it build itself</b><br/>
Nodes pop in with zen animations, edges flow with the right semantics — every relationship rule-validated before it commits.<br/><br/>
Nodes pop in with zen animations, edges flow with the right semantics. Every relationship is rule-validated before it commits.<br/><br/>
<img src="./assets/AICanvasBuilding.gif" width="100%" alt="AI canvas building" />
</td>
<td width="50%" valign="top">
Expand All @@ -86,13 +85,13 @@ It generates **architecture first** — grounded in a library of canonical patte
</tr>
<tr>
<td width="50%" valign="top">
<b>5. Connect anything legally</b><br/>
<b>5. Connect anything, legally</b><br/>
Hover a port, drag, snap. The Rules Engine rejects illegal connections instantly. Semantic edges carry meaning, not generic arrows.<br/><br/>
<img src="./assets/EdgeConnecting.gif" width="100%" alt="Edge connecting" />
</td>
<td width="50%" valign="top">
<b>6. Every node, purpose-built editor</b><br/>
Double-click any node. Column grids for tables, method tables for services, endpoint rows for controllers — no generic JSON forms.<br/><br/>
Double-click any node. Column grids for tables, method tables for services, endpoint rows for controllers. No generic JSON forms.<br/><br/>
<img src="./assets/InspectorReveal.gif" width="100%" alt="Inspector reveal" />
</td>
</tr>
Expand All @@ -114,7 +113,7 @@ It generates **architecture first** — grounded in a library of canonical patte
<b>AI &amp; Rules</b>
<ul>
<li><b>AI Architect:</b> agentic LLM loop with atomic tool calling</li>
<li><b>Rules Engine:</b> 32 whitelist · 7 blacklist (ERR_001..007) · 3 conditional</li>
<li><b>Rules Engine:</b> 40 whitelist · 7 blacklist (ERR_001..007) · 3 conditional</li>
<li><b>GraphRAG:</b> vector search over a canonical pattern library</li>
<li><b>Self-correction loop:</b> rejection feeds back into agent state, AI revises</li>
<li><b>Vector-native Neo4j:</b> embeddings + graph in one DB, no extra Pinecone</li>
Expand All @@ -135,7 +134,7 @@ It generates **architecture first** — grounded in a library of canonical patte
<li><b>Edge bundling &amp; routing:</b> obstacle-aware bezier and elbow paths</li>
<li><b>Type-safe API client:</b> Zod → OpenAPI → <code>openapi-fetch</code> + <code>openapi-typescript</code></li>
<li><b>Light Blueprint design:</b> warm paper, semantic family colors, hairline grid, Satoshi + JetBrains Mono</li>
<li><b>Bring-your-own-key:</b> OpenAI, Anthropic, Ollama, DeepSeek, … — your server, your quota</li>
<li><b>Bring-your-own-key:</b> OpenAI, Anthropic, Ollama, DeepSeek, and more. Your server, your quota</li>
</ul>
</td>
</tr>
Expand All @@ -145,21 +144,23 @@ It generates **architecture first** — grounded in a library of canonical patte

## ✦ The Philosophy

> **Solarch doesn't fight AI hallucination — it makes hallucination structurally impossible.**
>
> The industry has spent two years asking LLMs to write code. The result: confident hallucinations, ghost APIs, codebases that compile but lie. Hallucination isn't a tuning problem — it's a category error.
>
> Architecture is the level where structure is **provable**. A controller calls a service. A service queries a repository. A repository writes a table. These relationships are either present or not. They can't be hallucinated.
> **Solarch doesn't ask the AI to be honest. It puts a deterministic gate between the AI and your architecture.**

Solarch stacks three layers that, together, leave no room for an AI to invent something that doesn't exist:
The industry has spent two years asking LLMs to write code, and the result is confident hallucinations: ghost APIs, phantom tables, codebases that compile but lie. Solarch attacks the structural half of that problem. Architectural relationships (a controller calls a service, a service queries a repository) are either present in the graph or they are not, so they can be checked deterministically instead of trusted.

1. **GraphRAG.** The agent starts every request by retrieving canonical patterns from a vector-indexed library. No blank context, no improvisation from zero.
2. **Rules Engine.** Every mutation passes a deterministic gate — 32 whitelist rules, 7 anti-patterns, 3 conditional checks. Illegal edges never land. The schema can't be coerced.
Three layers work together:

1. **GraphRAG.** The agent starts every request by retrieving canonical patterns from a vector-indexed library, so it never plans from a blank context.
2. **Rules Engine.** Every mutation passes a deterministic gate of 40 whitelist rules, 7 anti-patterns, and 3 conditional checks. Illegal edges never land, and the schema can't be coerced.
3. **Self-correction loop.** When the Rules Engine rejects a draft, the violation message feeds back into the agent state. The AI revises until the graph is clean, or the request terminates without a commit.

The output isn't *trustworthy* code. It's *provably correct* structure.
The result: no API in the generated code that isn't in the diagram, and no edge in the diagram that breaks the rules.

### What the Rules Engine does NOT guarantee

The gate is structural, not semantic. Method bodies are LLM-written (the optional Surgical AI fill), gated by compiling the output with `tsc` and running tests in a verify loop, and marked unverified when that gate is skipped. The Rules Engine guarantees the shape of your architecture; it does not prove your business logic is correct.

**Provable structure. Targeted intelligence. Zero hallucinated APIs.**
Every number in this README is countable in the source: the 40 whitelist rules and 7 blacklist codes live in `apps/server/src/rules/registry`. Count them yourself.

---

Expand All @@ -169,21 +170,21 @@ Don't want to clone, configure, or run Docker? Use the hosted product:

| | Link | What you get |
|---|------|----------------|
| **App** | **[app.solarch.dev](https://app.solarch.dev)** | Full canvas sign up and build in the browser. Always up to date. |
| **App** | **[app.solarch.dev](https://app.solarch.dev)** | Full canvas: sign up and build in the browser. Always up to date. |
| **Website** | **[solarch.dev](https://solarch.dev)** | Product overview, demos, updates. |

Zero local setup. If that fits you, stop reading here and open the app.
Zero local setup.

---

## ✦ Self-Hosting

Want the stack on **your machine** your LLM key, your data, no vendor? This repository is the full OSS bundle: NestJS backend, canvas UI, vector-native Neo4j, local embeddings.
Want the stack on **your machine**, with your LLM key and your data? This repository is the complete source-available self-host edition: NestJS backend, canvas UI, vector-native Neo4j, local embeddings.

```bash
git clone https://github.com/solarch-dev/solarch.git
cd solarch
./install.sh # Linux/macOS Neo4j password + AI provider wizard
./install.sh # Linux/macOS: Neo4j password + AI provider wizard
docker compose up --build
# → http://localhost:3000
```
Expand All @@ -195,8 +196,8 @@ Windows: `./install.ps1`, then the same `docker compose` command.
| Need | Details |
|------|---------|
| Docker + Compose v2 | Required |
| LLM provider | Tool-calling model see [AI providers](docs/ai-providers.md) |
| LAN / VPS | Enable HTTP Basic Auth [Self-hosting guide](docs/self-hosting.md) |
| LLM provider | Tool-calling model, see [AI providers](docs/ai-providers.md) |
| LAN / VPS | Enable HTTP Basic Auth ([Self-hosting guide](docs/self-hosting.md)) |

Hosted alternative: **[app.solarch.dev](https://app.solarch.dev)** · **[solarch.dev](https://solarch.dev)**

Expand All @@ -221,6 +222,18 @@ CLI / MCP / VS Code extension: [**solarch-tools**](https://github.com/solarch-de

---

## ✦ FAQ

**Is this open source?** Strictly, no. PolyForm Noncommercial is a source-available license, not OSI-approved. It is free for personal use, research, education, and nonprofits. Commercial use needs a license: [info@solidea.tech](mailto:info@solidea.tech).

**Isn't this just MDA / Rational Rose again?** MDA generated the scaffold and left you the hard 20%, and the diagram and code drifted by sprint 3. Here the LLM handles that 20% behind tsc/test gates, drift detection is built in, and the graph is a live Neo4j source of truth, not a dead UML file. Structurizr stops at visualization; v0 stops at the frontend.

**Do you build Solarch with AI tools?** Yes. That's exactly why it exists: we needed a rules gate between the AI and the architecture ourselves first.

**How is it tested?** The rules engine and codegen pipeline carry 800+ server tests, including a gate that compiles generated output with `tsc`. Frontend test coverage is early; contributions welcome.

---

## ✦ Get Involved

We welcome feedback, discussions, and contributions.
Expand All @@ -233,15 +246,14 @@ We welcome feedback, discussions, and contributions.

## ✦ License

[PolyForm Noncommercial License 1.0.0](./LICENSE) — © 2026 Ugur Akdogan.
[PolyForm Noncommercial License 1.0.0](./LICENSE) — © 2025–2026 Ugur Akdogan.

**Free** for personal use, research, education, and non-profit organizations. Source is open: fork, learn, modify, share — go for it. <br/>
**Commercial use requires a separate license** — reach out at [info@solidea.tech](mailto:info@solidea.tech).
**Free** for personal use, research, education, and non-profit organizations. The source is available: fork, learn, modify, and share for any noncommercial use. <br/>
**Commercial use requires a separate license.** Reach out at [info@solidea.tech](mailto:info@solidea.tech).

<br/>
<div align="center">
<b>See. Understand. Plan.</b><br/>
In one shot.<br/><br/>
<a href="https://app.solarch.dev"><img src="assets/logo-1779724213346.svg" width="30" style="opacity: 0.5;" /></a><br/>
<b>One canvas, one rules gate, code you can trace back to the diagram.</b><br/><br/>
<a href="https://app.solarch.dev"><img src="assets/logo.svg" width="30" style="opacity: 0.5;" /></a><br/>
<b><a href="https://app.solarch.dev">Solarch.</a></b>
</div>
5 changes: 3 additions & 2 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,5 +19,6 @@ public disclosure.
## Handling secrets

Never commit real credentials. All secrets are provided via environment variables — see
`.env.example`. The server actively redacts secret-shaped values, and the codegen pipeline
is tested to never emit secrets into generated output.
`.env.example`. The codegen pipeline applies best-effort redaction: fields flagged
`IsSecret` are blanked in generated output (values in free-text fields are not detected).
If you find a bypass, please report it via the process above.
5 changes: 3 additions & 2 deletions apps/server/.env.example
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,12 @@ PORT=4000

NEO4J_URI=bolt://localhost:7687
NEO4J_USER=neo4j
NEO4J_PASSWORD=solarch_dev_password
# Minimum 8 characters (Neo4j 5 requirement).
NEO4J_PASSWORD=change_me_please

CORS_ORIGIN=http://localhost:3000

# Local owner identity when no API key is sent (OSS default).
# Local owner identity when no API key is sent (self-host default).
LOCAL_USER_ID=local_owner

# ── AI agent — optional (any OpenAI-compatible provider) ──────────────
Expand Down
6 changes: 3 additions & 3 deletions apps/server/README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Solarch Server (OSS)
# Solarch Server (self-host)

Architecture graph backend for the self-hosted Solarch monorepo. Node/edge CRUD, Rules Engine, GraphRAG, AI architect, and codegen.

Expand All @@ -11,7 +11,7 @@ Architecture graph backend for the self-hosted Solarch monorepo. Node/edge CRUD,
- **@xenova/transformers** — local embeddings (default, offline-capable)
- **Vitest + Testcontainers** — unit and e2e tests

## Auth (OSS)
## Auth (self-host)

Every HTTP request is handled by **`LocalAuthGuard`**:

Expand All @@ -37,7 +37,7 @@ Copy root [`.env.example`](../../.env.example) and see [`src/config/env.ts`](src

## Documentation

Full OSS documentation: **[`docs/README.md`](../../docs/README.md)** (index).
Full documentation: **[`docs/README.md`](../../docs/README.md)** (index).

| Guide | Link |
|-------|------|
Expand Down
Loading
Loading