The open-source managed agents platform. Turn coding agents into real teammates — assign tasks, track progress, compound skills.
https://multica.ai
5c9c2f69fd
* feat(auth): add email verification login flow with 401 auto-redirect Replace the old OAuth-based login with email verification codes: - Backend: send-code / verify-code endpoints, verification_codes table (migration 009), rate limiting, Resend email service - Frontend: two-step login UI (email → 6-digit OTP), auth store with sendCode/verifyCode - SDK: ApiClient gains onUnauthorized callback; 401 responses auto-clear token and redirect to /login - Fix login button staying disabled due to global isLoading state Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(auth): add brute-force protection, redirect loop guard, and expired code cleanup - VerifyCode: increment attempts on wrong code, reject after 5 failed tries (migration 010) - onUnauthorized: skip redirect if already on /login to prevent infinite loops - SendCode: best-effort cleanup of expired verification codes older than 1 hour Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat(auth): add master verification code for non-production environments Allow code "888888" to bypass email verification in non-production environments to simplify development and testing workflows. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat(auth): add personal access tokens for CLI and API authentication Add full-stack PAT support: users create tokens in Settings, CLI authenticates via `multica auth login`. Server stores SHA-256 hashes only. Auth middleware extended to accept both JWTs and PATs (distinguished by `mul_` prefix). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .github/workflows | ||
| apps/web | ||
| e2e | ||
| packages | ||
| scripts | ||
| server | ||
| .env.example | ||
| .gitignore | ||
| .goreleaser.yml | ||
| .npmrc | ||
| CLAUDE.md | ||
| docker-compose.yml | ||
| LOCAL_DEVELOPMENT.md | ||
| Makefile | ||
| package.json | ||
| playwright.config.ts | ||
| pnpm-lock.yaml | ||
| pnpm-workspace.yaml | ||
| README.md | ||
| tsconfig.base.json | ||
| turbo.json | ||
Multica
AI-native task management platform — like Linear, but with AI agents as first-class citizens.
For the full local development workflow, see Local Development Guide.
Prerequisites
Quick Start
# 1. Install dependencies
pnpm install
# 2. Copy environment variables for the shared main environment
cp .env.example .env
# 3. One-time setup: ensure shared PostgreSQL, create the app DB, run migrations
make setup
# 4. Start backend + frontend
make start
Open your configured FRONTEND_ORIGIN in the browser. By default that is http://localhost:3000.
Main checkout uses .env. A Git worktree should generate its own .env.worktree and use the explicit worktree targets:
make worktree-env
make setup-worktree
make start-worktree
Every checkout shares the same PostgreSQL container on localhost:5432. Isolation now happens at the database level:
.envtypically usesPOSTGRES_DB=multica- each
.env.worktreegets its ownPOSTGRES_DB, such asmultica_my_feature_702 - backend/frontend ports still stay unique per worktree
That keeps one Docker container and one volume, while still isolating schema and data per worktree.
Project Structure
├── server/ # Go backend (Chi + sqlc + gorilla/websocket)
│ ├── cmd/ # server, daemon, migrate
│ ├── internal/ # Core business logic
│ ├── migrations/ # SQL migrations
│ └── sqlc.yaml # sqlc config
├── apps/
│ └── web/ # Next.js 16 frontend
├── packages/ # Shared TypeScript packages
│ ├── ui/ # Component library (shadcn/ui + Radix)
│ ├── types/ # Shared type definitions
│ ├── sdk/ # API client SDK
│ ├── store/ # State management
│ ├── hooks/ # Shared React hooks
│ └── utils/ # Utility functions
├── Makefile # Backend commands
├── docker-compose.yml # PostgreSQL + pgvector
└── .env.example # Environment variable template
Commands
Frontend
| Command | Description |
|---|---|
pnpm dev:web |
Start Next.js dev server (uses FRONTEND_PORT, default 3000) |
pnpm build |
Build all TypeScript packages |
pnpm typecheck |
Run TypeScript type checking |
pnpm test |
Run TypeScript tests |
Backend
| Command | Description |
|---|---|
make dev |
Run Go server (uses PORT, default 8080) |
make daemon |
Run local agent daemon |
make test |
Run Go tests |
make build |
Build server & daemon binaries |
make sqlc |
Regenerate sqlc code from SQL |
Database
| Command | Description |
|---|---|
make db-up |
Start the shared PostgreSQL container |
make db-down |
Stop the shared PostgreSQL container |
make migrate-up |
Ensure the current DB exists, then run migrations |
make migrate-down |
Rollback database migrations for the current DB |
make worktree-env |
Generate an isolated .env.worktree for the current worktree |
make setup-main / make start-main |
Force use of the shared main .env |
make setup-worktree / make start-worktree |
Force use of isolated .env.worktree |
Environment Variables
See .env.example for all available variables:
DATABASE_URL— PostgreSQL connection stringPOSTGRES_DB— Database name for the current checkout or worktreePOSTGRES_PORT— Shared PostgreSQL host port (fixed to5432)PORT— Backend server port (default: 8080)FRONTEND_PORT/FRONTEND_ORIGIN— Frontend port and browser originJWT_SECRET— JWT signing secretMULTICA_APP_URL— Browser origin used when generating local runtime pairing linksMULTICA_DAEMON_CONFIG— Optional path for the daemon's persisted local configMULTICA_WORKSPACE_ID— Optional dev override for the workspace id; normal usage should rely on browser pairing insteadMULTICA_DAEMON_ID/MULTICA_DAEMON_DEVICE_NAME— Stable daemon identity for local runtime registrationMULTICA_CODEX_PATH/MULTICA_CODEX_MODEL— Codex executable and optional model override for local task executionMULTICA_CODEX_WORKDIR— Default working directory used by the local Codex runtimeGOOGLE_CLIENT_ID/GOOGLE_CLIENT_SECRET— Google OAuth (optional)NEXT_PUBLIC_API_URL— Frontend → backend API URLNEXT_PUBLIC_WS_URL— Frontend → backend WebSocket URL
Local Codex Daemon
The local daemon currently supports one local runtime type: codex.
- Start the daemon with
make daemon. - If the daemon does not already know its workspace, it prints a pairing link in the terminal.
- Open that link in the browser, sign in, and choose the workspace that should own the local Codex runtime.
- The daemon stores the approved workspace locally in
MULTICA_DAEMON_CONFIGor~/.multica/daemon.json. - The daemon registers the local Codex runtime via
/api/daemon/register. - Create an agent in Multica and bind it to that runtime.
- Assign an issue to the agent and move the issue to
todo. - The daemon claims the task, runs
codex exec, and reports the final comment back to the issue.
For local development you can still set MULTICA_WORKSPACE_ID directly to skip pairing, but that should be treated as a debug shortcut rather than the normal flow.
Local Development Notes
make setup,make start,make dev, andmake testnow require an env file. They fail fast if.envor.env.worktreeis missing.make stoponly stops the backend/frontend processes for the current checkout. It does not stop the shared PostgreSQL container.- Use
make db-downonly when you explicitly want to shut down the shared local PostgreSQL instance for every checkout.