filepath is a personal Cloudflare-hosted development environment. Work lives in conversations, not terminal tabs.
Deploy to Cloudflare · OpenAPI
- Deploy filepath into your Cloudflare account.
- Set
BETTER_AUTH_SECRETandBETTER_AUTH_URL. - Open the app, sign in, and land on
/dashboard. - Create a workspace with an optional git repo URL.
- Start a conversation with a harness, model, file scope, and tool permissions.
- Submit a bounded task and inspect the live result stream.
Local development:
bun install
bun run dev
bun run smoke:localThen open:
http://localhost:5173/signuphttp://localhost:5173/dashboard
- Create a workspace.
- Add an account router key in Settings.
- Open the workspace.
- Create a conversation with:
harnessmodelallowedPathsforbiddenPathstoolPermissionswritableRoot
- Send the first task from the conversation panel.
filepath 0.05 opens to a global inbox. Each conversation is always in one clear state:
ReadyRunningBlockedClosed
Use:
allowedPathsfor directories the conversation may touchforbiddenPathsfor extra blocks inside that scopewritableRootfor the working directory commands should run from
Example:
{
"allowedPaths": ["apps/web", "packages/ui"],
"forbiddenPaths": ["apps/web/.env", "packages/ui/dist"],
"writableRoot": "apps/web"
}toolPermissions is explicit.
Available values:
inspectsearchrunwritecommit
If a conversation is not allowed to write or commit, filepath rejects that action at runtime instead of relying on prompt wording. In 0.05, tool-permission escalation creates a real approval interruption instead of silently continuing.
Harness and model are runtime configuration, not architecture.
- change
harnessIdto switch the agent harness - change
modelto switch the backing model - keep the same workspace, agent scope, and dashboard surface
filepath 0.05 is:
- a personal Better Auth-protected dashboard
- a global inbox of conversations across workspaces
- bounded execution against sandboxed repo clones
- explicit human control: close, reopen, pause, resume, approve, reject
- optionally memory-aware when a workspace enables Deja-backed recall
filepath 0.05 is not:
- a proof engine
- a multi-user platform
- dependent on experimental Cloudflare features
workspace: a repo-backed sandbox environmentconversation: the user-facing thread of bounded work inside a workspacescope: allowed paths, forbidden paths, tool permissions, writable rootresult: structured output from an agent runinbox: the derived view of open, running, blocked, and closed conversations
allowedPathsforbiddenPathstoolPermissionswritableRootharnessIdmodel
At minimum:
statussummarycommandsfilesTouchedviolationsdiffSummarypatchcommitstartedAtfinishedAt
POST /api/workspaces/:id/run runs one bounded task and returns a structured result (sync). Useful for external tools (e.g. proof engines) that need a direct execution surface.
Input:
{
"content": "Task description",
"harnessId": "filepath",
"model": "anthropic/claude-3.5-sonnet",
"scope": {
"allowedPaths": ["."],
"forbiddenPaths": [".git", "node_modules"],
"toolPermissions": ["search", "run", "write", "commit"],
"writableRoot": "."
},
"agentId": "optional – omit for a new conversation, include to continue one",
"identity": {
"traceId": "optional",
"proofRunId": "optional",
"proofIterationId": "optional"
}
}Response (200): machine-stable contract
status,summary,events,filesTouched,violations,diffSummary,patch,commitagentId,runId,traceId,workspaceId,conversationId,proofRunId,proofIterationId,startedAt,finishedAt
Auth: session or API key (Authorization: Bearer <key>). User must own the workspace.
Core routes:
GET /api/workspacesPOST /api/workspacesGET /api/workspaces/:idPATCH /api/workspaces/:idDELETE /api/workspaces/:idGET /api/workspaces/:id/agentsPOST /api/workspaces/:id/agentsGET /api/workspaces/:id/agents/:agentIdPATCH /api/workspaces/:id/agents/:agentIdDELETE /api/workspaces/:id/agents/:agentIdPOST /api/workspaces/:id/agents/:agentId/tasksPOST /api/workspaces/:id/agents/:agentId/cancelPOST /api/workspaces/:id/agents/:agentId/closePOST /api/workspaces/:id/agents/:agentId/reopenPOST /api/workspaces/:id/agents/:agentId/pausePOST /api/workspaces/:id/agents/:agentId/resumePOST /api/workspaces/:id/agents/:agentId/approvePOST /api/workspaces/:id/agents/:agentId/rejectPOST /api/workspaces/:id/run– programmatic run (new or continue thread; returns structured result + events)POST /api/workspaces/:id/run/script– script-only run (deterministic; no LLM; scope enforcement)
Machine-readable reference:
/api/openapi.json
Better Auth is the only supported auth boundary in v1.
- sign up and sign in through the app
- dashboard and API both use the Better Auth session
- programmatic access: create an API key in Settings; use
Authorization: Bearer <key>orX-Api-Key: <key> - no public unauthenticated product surface
- local dev may use the placeholder secret from
.env.example - production must use a random 32+ character
BETTER_AUTH_SECRET
- the dashboard opens to a global inbox of conversations
- each workspace shows the same conversations filtered to that workspace
- task input is conversation work input, not a general product chat protocol
- closed conversations reject new turns
- blocked conversations require a real human decision before they continue
- memory is optional and workspace-scoped
Technical spec for the deterministic, testable core. Implement against this; revise when learnings expose the need.
1. Scope layer – The authority/scope module (src/lib/runtime/authority.ts) is the deterministic core. Path normalization, path-in-scope checks, and policy violation checks are pure and testable; no LLM. Same inputs, same outputs.
2. Task lifecycle – Task states and allowed transitions are explicit; invalid transitions are rejected.
States: queued | starting | running | retrying | succeeded | failed | canceled | stalled
Allowed transitions:
queued->starting,canceledstarting->running,retrying,failed,canceledrunning->succeeded,failed,canceled,stalledretrying->running,failed,canceledsucceeded,failed,canceled,stalled-> (terminal; no transitions)
3. Events and failures – FAP events from the harness are schema-validated. A line that looks like JSON (starts with {) and fails AgentEvent.safeParse fails the run with a protocol error. Process crash or unexpected exit always transitions the task to a terminal state (failed or stalled); the task is never left in running.
4. Script-only runs – Optional execution mode: run a fixed script (or command list) in the workspace with full scope enforcement; no harness/LLM; deterministic. Invoked via POST /api/workspaces/:id/run/script with { script: string, scope?: {...} }. Returns the same structured result shape as agent runs where applicable.
Models change fast. Harnesses change fast. The durable value is the runtime boundary around software work:
- clone a repo into a bounded workspace
- start background agents against that workspace
- scope them to files and tools
- return structured results to the human
filepath is a personal product, but it still needs a real sign-in flow.
Better Auth keeps the app honest:
- one auth story
- same auth for dashboard and API
- no custom header shortcuts in the product contract
filepath v1 keeps the shipped model small and honest:
- human-created agents
- explicit file and tool scope
- persistent results
- no hidden hierarchy or orchestration layer
filepath should be a real deployable product, not a lab branch.
That means:
- no GitHub-source dependency pins
- no
experimentalcompatibility flag - no dependency on unreleased child-agent APIs
- personal Better Auth-protected Cloudflare development environment
- dashboard-first, API underneath
- sandboxed git clone as the live workspace
- swappable models
- swappable harnesses
- bounded agents with explicit file and tool permissions
- Better Auth only
- one worker gateway
- flat agents in v1
- stable published Cloudflare surfaces only
- README is the only canonical product document
- finish the flat workspace/agent dashboard
- make agent results more durable and inspectable
- tighten runtime enforcement around file and tool scope
- simplify the public API around workspace and agent lifecycle
- improve local runtime fidelity and result richness
- stale pre-v1 product language
- stale proof-engine language
- stale gates and scripts that validate deleted routes
- compatibility shims that keep old mental models alive
- child-agent runtime before stable support ships
- proof policy inside filepath
- one-model or one-harness lock-in
- preserving old data or old route shapes
bun install
bun run dev
bun run check
bun run test
bun run build
bun run smoke:localOn push (any branch): test runs bun run check, bun run build, and gates/protocol.gate.sh. On success, deploy runs: production (bun run deploy) on main, or preview (destroy + deploy by branch) on other branches. Legacy proof engine and production e2e gates have been removed; remaining gates (gates/protocol.gate.sh, gates/no-fallback-runtime.gate.sh, gates/health.sh) are for manual use.
src/core/app.tssrc/lib/schema.tssrc/lib/runtime/authority.tssrc/lib/runtime/agent-runtime.tssrc/routes/dashboard/+page.sveltesrc/routes/workspace/[id]/+page.sveltesrc/lib/components/workspace/CreateAgentModal.sveltesrc/routes/api/workspaces/
- destructive reset is allowed
- preserve only the current v1 workspace/agent story
- keep auth, API, UI, and runtime aligned to the same product vocabulary
- if a file still tells the old product story, rewrite it or delete it
filepath may grow into richer orchestration later, but v1 should stay focused on workspaces, flat agents, and bounded task execution.