Runtime apps that compose, verify, and evolve without rebuilding — built on Module Federation, every-plugin, and NEAR Protocol.
A published bos.config.json defines how host, UI, and API load together. Changing the config changes the composition. UI and API remotes do not need to be rebuilt for URL changes, though the host still needs a restart to pick up a new runtime config snapshot today. The configuration lives on-chain — inspectable, verifiable, and extendable by anyone.
This repository is the parent runtime platform: it contains the host, the reference UI, the reference API, and the CLI/tooling used to create and run child project remotes.
Built with Tanstack Start, Hono.js, oRPC, better-auth, and rsbuild.
bunx everything-dev@latest initUse this repo in two modes:
- As the parent runtime platform that defines the host/runtime gateway in
host/and the CLI inpackages/everything-dev/. - As the reference app that demonstrates a runtime-composed UI/API/plugin stack driven by
bos.config.json.
Child projects created from this platform should stay config-driven and treat this repository as the upstream host/runtime implementation.
Two main reasons:
- I'm tired of constantly maintaining similiar logic and infrasturcture across multiple projects
- While agents are good at creating prototypes, vibe coding typically comes with security flaws. This framework provides a type-safe starting point, extended from production ready code, on an upgradable runtime, with an incredibly simple deployment flow (publish a JSON and restart a Docker image).
When solutions are optimized to solve these two problems, a byproduct is more creativity in safety and immense possibility, especially in the era of generative interfaces.
Runtime apps that compose, verify, and evolve without rebuilding.
For the full argument, see A New Renaissance: Why Software Must Compose or Collapse.
everything-dev is the canonical runtime package and CLI. bos is a command alias for the same tool. See AGENTS.md for the quick reference and LLM.txt for the full technical guide.
everything-dev dev --host remote # Remote host, local UI + API (typical)
everything-dev dev --ui remote # Isolate API work
everything-dev dev --api remote # Isolate UI work
|/ --proxy # Use a proxy
everything-dev dev # Full local, client shell by default
# `bos` is an alias for the same commands
bos dev --ssr # Opt into local SSReverything-dev start --no-interactive # All remotes, production URLsbos build # Build all packages (updates bos.config.json)
bos publish # Publish config to the temporary dev.everything.near registry
bos publish --deploy # Build/deploy all workspaces, then publish
bun run publish # Same publish command via root script
bos sync # Sync from production (every.near/everything.dev)bos create project <name> # Scaffold new project
bos info # Show configuration
bos status # Check remote health
bos clean # Clean build artifacts- UI Changes: Edit
ui/src/→ hot reload automatically → publish withbos publish --deploy - API Changes: Edit
api/src/→ hot reload automatically → publish withbos publish --deploy - Host Changes: Edit
host/src/orbos.config.json→ publish withbos publish --deploy
Always run these commands before committing:
bun test # Run all tests
bun typecheck # Type check all packages
bun lint # Run linting (see lint setup below)We use Changesets for versioning:
When to add a changeset:
- Any user-facing change (features, fixes, deprecations)
- Breaking changes
- Skip for: docs-only changes, internal refactors, test-only changes
Create a changeset:
bun run changeset
# Follow prompts to select packages and describe changesThe release workflow (.github/workflows/release.yml) handles versioning and GitHub releases automatically on merge to main.
See CONTRIBUTING.md for detailed contribution guidelines including:
- Branch naming conventions
- Semantic commit format
- Pull request process
- AGENTS.md - Quick operational guide for AI agents
- CONTRIBUTING.md - Contribution guidelines and git workflow
- LLM.txt - Deep technical reference for implementation
- API README - API plugin documentation
- UI README - Frontend documentation
- Host README - Server host documentation
- Auth Plugin README - Auth plugin documentation
Documentation Purpose:
README.md(this file) - Human quick start and overviewAGENTS.md- Agent operational shortcutsCONTRIBUTING.md- How to contribute (branch, commit, PR workflow)LLM.txt- Technical deep-dive for implementation details- Package READMEs (api/, ui/, host/, plugins/auth/) - Package-specific details
Module Federation monorepo with runtime-loaded configuration:
┌─────────────────────────────────────────────────────────┐
│ host (Server) │
│ Hono.js + oRPC + bos.config.json loader │
│ ┌──────────────────┐ ┌──────────────────┐ │
│ │ Module Federation│ │ every-plugin │ │
│ │ Runtime │ │ Runtime │ │
│ └────────┬─────────┘ └────────┬─────────┘ │
│ ↓ ↓ │
│ Loads UI Runtime Loads API + Auth Plugins │
└───────────┬─────────────────────────┬───────────────────┘
↓ ↓
┌───────────────────────┐ ┌───────────────────────┐
│ ui/ (Runtime) │ │ api/ + plugins/ │
│ React + TanStack │ │ oRPC + Effect │
│ ui/src/app.ts │ │ remoteEntry.js │
└───────────────────────┘ └───────────────────────┘
Key Features:
- ✅ Runtime Configuration - All URLs from
bos.config.json(no rebuild needed) - ✅ Independent Deployment - UI, API, and Host deploy separately
- ✅ Type Safety - End-to-end with oRPC contracts
- ✅ UI Runtime Boundary -
everything-dev/ui/clientand/serverown router/runtime glue - ✅ CDN-Ready - Module Federation with Zephyr Cloud
The host already supports request-scoped runtime metadata via /_runtime/:account/:gateway, and it injects request-specific window.__RUNTIME_CONFIG__ data for the active runtime.
What it does not do yet is swap the underlying RuntimeConfig per request. Today, host/src/program.ts still starts from one process-wide config snapshot via ConfigService, so remote URLs, auth setup, plugin loading, and SSR wiring are still derived from the startup config.
That means wildcard-domain multi-tenancy such as project.everything.dev -> bos://project.everything.near/everything.dev still needs true dynamic config resolution in the host, not just path-based runtime metadata. The current design direction is documented in plans/runtime-config-hot-swap.md.
All runtime configuration lives in bos.config.json:
{
"account": "dev.everything.near",
"domain": "everything.dev",
"staging": { "domain": "staging.dev.yourapp.dev" },
"repository": "https://github.com/nearbuilders/everything-dev",
"testnet": "dev.allthethings.testnet",
"plugins": {
"template": {
"development": "local:plugins/_template"
}
},
"app": {
"host": {
"name": "host",
"development": "local:host",
"production": "https://..."
},
"ui": {
"name": "ui",
"development": "local:ui",
"production": "https://...",
"ssr": "https://..."
},
"api": {
"name": "api",
"development": "local:api",
"production": "https://...",
"variables": {},
"secrets": []
},
"auth": {
"name": "everything-dev_auth-plugin",
"development": "local:plugins/auth",
"production": "https://...",
"variables": {
"account": "dev.everything.near",
"hostUrl": "http://localhost:3000",
"uiUrl": "http://localhost:3003"
},
"secrets": ["AUTH_DATABASE_URL", "BETTER_AUTH_SECRET"]
}
}
}The temporary publish registry currently points at dev.everything.near, and bos publish --deploy is the release path when you want Zephyr URLs refreshed first.
Use the repo Dockerfile for the service, and treat the GHCR image as the deployable artifact.
- Image source:
ghcr.io/<lowercased github.repository>:latest - Staging:
ghcr.io/<lowercased github.repository>:staging - Preview:
ghcr.io/<lowercased github.repository>:pr-<number>
All configuration derives from bos.config.json (baked into the image). Only secrets need to be set as environment variables.
Required runtime vars:
APP_ENV-productionorstaging(derives domain frombos.config.json)BETTER_AUTH_SECRET- Session encryption keyBETTER_AUTH_URL- Auth callback URL (defaults to host URL from config)HOST_DATABASE_URL- Database connection stringHOST_DATABASE_AUTH_TOKEN- Database auth tokenCORS_ORIGIN- Comma-separated allowed origins (defaults to host + UI URLs from config)
See LLM.txt for the complete schema and configuration reference.
This project uses Biome for linting and formatting:
# Check linting
bun lint
# Fix auto-fixable issues
bun lint:fix
# Format code
bun formatBiome is configured in biome.json at the project root. Generated files (like routeTree.gen.ts) are automatically excluded.
Frontend:
- React 19 + TanStack Router (file-based) + TanStack Query
- Tailwind CSS v4 + shadcn/ui components
- Module Federation for microfrontend architecture
Backend:
- Hono.js server + oRPC (type-safe RPC + OpenAPI)
- every-plugin architecture for modular APIs
- Effect-TS for service composition
Database & Auth:
- PostgreSQL + Drizzle ORM
- Better-Auth with NEAR Protocol support
- every-plugin - Plugin framework for modular APIs with typed contracts and runtime composition
- near-kit - Unified NEAR Protocol SDK
- better-near-auth - NEAR SIWN + gasless relay for Better-Auth (cryptographic identity, verifiable on-chain actions)
- TanStack Intent - Agent skills shipped as npm package artifacts (compositional knowledge versioned with code)
everything.dev sits within a broader ecosystem building a verifiable internet on NEAR:
- BOS — Composable on-chain frontend components
- web4 — Web apps as verifiable on-chain smart contracts
- near-dns — Blockchain-backed DNS resolution
- NameSky — Named accounts as tradeable on-chain assets
- OutLayer — TEE-attested verifiable off-chain computation
- NEAR Intents — Intent-based cross-chain settlement ($15B+ volume)
- Trezu — Multi-chain treasury management ($72M AUM)
- NEAR AI Cloud — Confidential inference with hardware attestation
MIT