The factory for custom internal software,
purpose-built for human2agent work.
Quick Start Β Β |Β Β Docs Β Β |Β Β Security & Governance Β Β |Β Β Self-Hosting
Run Second locally:
npx --yes @second-inc/cli| Platform | Status |
|---|---|
| Apple Silicon Mac (M1-M5) | Available now |
| Intel Mac, Linux, Windows | Coming soon |
Second is a factory for shipping internal software built for human-agent collaboration.
Most platforms were not built for deep, multiplayer, asynchronous work with AI agents. They either treat agents as an afterthought bolted onto existing tools, or they're too opinionated and end up not fitting how your team actually works. Generally, multiplayer human-agent work is where coordination gets hard and things start to break.
Second solves that: imagine an on-prem, secure Lovable for building complete internal software (e.g. competitor research, lead enrichment, various pipelines) that treats agents as first-class citizens: agents read and write to the same real-time DB as your human team does, get dynamically generated, scoped tools to do the work inside the apps you've built, and most importantly work alongside your human team.
Second is open-source, self-hosted, bring your own agent.
Tip
Enterprise deployment? See Enterprise Deployment and Security.
Need help with security, SSO, deployment, cost management, runtime setup, and SLA support? Contact sales@second.so.
Bring your own agent harness, switch runtimes and models per message, per app, without restarting conversations.
|
|
|
| Claude Code | Codex | OpenCode |
| β | β | Coming soon |
Every app you build in Second treats agents as first-class citizens: they read and write to the same real-time DB your team works on, get scoped and secure tools to get the job done inside the apps you've built, and work alongside humans.
On top of that, Second handles the hard parts:
| Capability | How It Works |
|---|---|
| Multi-agent orchestration | Run multiple specialized agents per app: one for research, one for alerts, one for enrichment |
| Long-running async work | Agents run scheduled jobs, periodic research, etc. |
| Live data persistence | MongoDB-backed collections with Change Streams; data survives browser close, agent restarts, and worker churn |
Every app you build in Second gets a real-time DB, audit logs, RBAC, agent RBAC, and governance tools built into the workspace.
Companies like Ramp and Deel have already figured out that teams are building amazing things internally with Claude, Codex, or Lovable, but most of these projects never reach production because of various reasons (security, integrations, governance, safe deployments, maintenance, agent access control, and so on...).
To solve this, they built internal platforms for themselves. Second lets every organization have that.
|
|
| Second builds itself: integrations are generated on demand with exact connection instructions. | Each app gets its own agents, with tools and data access presented for approval. | Use Claude Code, Codex, OpenCode, or your own harness. Switch runtimes per app or message. |
| Talk with Claude Code or Codex, invite teammates into the session, and collaborate with shared context. | Agents run with approved tools, data, and integrations. Everything is scoped and audited. | Live data, change streams, and optimistic updates keep teams and agents synced. |
| Create reusable agents with prompts, skills, models, and team visibility. | Define instructions once, then attach them to agents across the workspace. | Draft, review, approve, and publish apps with agents and integrations under control. |
| Without Second | With Second |
|---|---|
| β Prototypes work in Claude, Codex, or Lovable, then stall before production. | β Apps are generated inside a governed workspace with the runtime pieces already there. |
| β Agents work in separate chats and lose the context your team is acting on. | β Agents and humans share the same app, real-time DB, and interface. |
| β Every integration becomes a one-off security project. | β Second generates scoped tools and keeps secrets server-side. |
| β Agent permissions are hard to explain, approve, and audit. | β
agents.json, RBAC, approvals, and audit logs make access explicit. |
| β Every team rebuilds deployment, governance, and collaboration from scratch. | β One workspace gives teams and platform engineers the same foundation. |
Second excels at apps where teams collaborate with agents on long-running, asynchronous workflows:
- Competitor intelligence: Agents monitor competitors, aggregate news, alert on pricing changes, and collect case studies.
- Lead enrichment pipelines: Agents research and qualify leads while your team reviews and acts.
- Content operations: Agents draft, research, and organize while editors review in real time.
- Customer success dashboards: Agents pull data from CRMs and support tools so teams can act on insights.
- Internal knowledge bases: Agents continuously index and organize docs while teams search and annotate.
- Compliance monitoring: Agents scan for policy violations while approvers review and resolve.
Your team sees everything in one collaborative interface. Agents write to the same database your team reads from, no export, no copy-paste, no context switching.
Second is designed for enterprise teams that need complete control over what humans and agents can access and do.
Zero-trust architecture for agents. No agent is granted implicit access to anything. Every capability, every data collection, every integration must be explicitly declared, scoped, and approved before an agent can act.
| Feature | Description |
|---|---|
| Agent access control | Capabilities defined in agents.json: approved collections, allowed tools, integration scopes. Changes require admin approval via cryptographic hash verification. Secrets injected server-side; agents never see credentials. |
| Role-based access control | Workspace roles (owner, admin, member) with granular permissions: integrations:manage, members:invite, audit:read. App-level roles for creators and collaborators. |
| Approval flows | Draft/review/publish lifecycle. Platform engineers approve apps, agent configs, and integration grants before anything goes live. |
| Domain-locked tools | Custom HTTP tools locked to declared domains. Private IP access rejected. Agents with org tools such as HubSpot and Slack are blocked from internet access. |
| Audit logs | Every action recorded: app changes, agent tool calls, data writes, access denials, integration usage. Secrets are never stored, only hashes and metadata. |
| Workspace isolation | Complete tenant isolation. Every query scoped to workspaceId. Cross-workspace access returns 404, not 403, to prevent resource enumeration. |
| Subprocess hardening | Infrastructure secrets scrubbed from agent subprocess environments. Linux deployments use bubblewrap sandboxing. CLI runtimes get allowlisted env + private per-app HOME. |
Every app's agent capabilities are declared, version-controlled, and approved:
{
"agents": [
{
"id": "lead-enricher",
"name": "Lead Enricher",
"description": "Enriches leads with public company data",
"systemPrompt": "You are a lead enrichment agent...",
"dataCollections": ["leads"],
"tools": [
{ "type": "builtin", "name": "WebSearch", "enabled": true },
{
"type": "custom",
"name": "hubspot_fetch_contacts",
"integration": { "domain": "hubapi.com" },
"endpoint": {
"method": "GET",
"url": "https://api.hubapi.com/crm/v3/objects/contacts",
"headers": { "Authorization": "Bearer {{secrets.HUBSPOT_PRIVATE_APP_TOKEN}}" }
}
}
]
}
]
}
|
Second runs on your infrastructure: your k8s cluster, your VPC, your rules.
For full environment setup, see the self-hosting docs.
Tip
Need help with security, SSO, deployment, cost management, runtime setup, or SLA support? Contact sales@second.so.
| Component | Requirement |
|---|---|
| MongoDB 8.0+ | Replica set (required for Change Streams) |
| Redis 7+ | Stream resumption, pub/sub, OAuth state |
| Auth provider | External auth (WorkOS or custom) for SECOND_AUTH_MODE=external |
| HTTPS | Reverse proxy with TLS termination |
| Agent runtime credentials | Claude: ANTHROPIC_API_KEY or Bedrock (CLAUDE_CODE_USE_BEDROCK=1 with AWS_BEARER_TOKEN_BEDROCK, AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY, or AWS_PROFILE); Codex: CODEX_API_KEY or OPENAI_API_KEY |
+------------------------------------------------------------------------------+
| Browser |
| App UI, chat, generated app iframe |
+-----------------------------------+------------------------------------------+
|
| REST + SSE
v
+------------------------------------------------------------------------------+
| Web (Next.js) |
| Public entrypoint, auth, workspace guards, API routes, reviews |
| Tool execution, secret resolution, app data, auditability |
+------------------+--------------------------+--------------------------+------+
| | |
| private HTTP + SSE | persistent state | replay + events
| internal auth | Change Streams | OAuth state + locks
v v v
+---------------------------+ +---------------------------+ +------------------+
| Worker (Hono) | | MongoDB Replica Set | | Redis |
| Claude Code, Codex | | workspaces, apps, runs | | stream replay |
| OpenCode, app agents | | app_data, audit logs | | workspace pubsub |
+-------------+-------------+ | integration metadata | +------------------+
| +---------------------------+
|
| internal callbacks
| /api/internal/*
v
+------------------------------------------------------------------------------+
| Web-owned governed layer |
| Tool calls, app-data writes, approvals, tenant boundaries |
| Secrets stay server-side before reaching external systems |
+-----------------------------------+------------------------------------------+
|
| server-side tools
v
+------------------------------------------------------------------------------+
| External systems |
| OAuth providers, APIs, internal services |
+------------------------------------------------------------------------------+
Agents run in the Worker. App-data writes, tool calls, secret resolution, and audit trails go through the Web layer, so the Worker can run agents without becoming the source of truth for permissions or data.
Run Second locally with one command:
npx --yes @second-inc/cli| Platform | Status |
|---|---|
| Apple Silicon Mac (M1-M5) | Available now |
| Intel Mac, Linux, Windows | Coming soon |
Β Β CLI Commands
npx --yes @second-inc/cli # Start Second
npx --yes @second-inc/cli stop # Stop all services
npx --yes @second-inc/cli reset # Stop + delete all data
npx --yes @second-inc/cli --port 4000 # Custom port
npx --yes @second-inc/cli --disable-telemetry # No analyticsΒ Β Development from Source
Prerequisites: Node.js 20+, npm 10+, Docker Desktop
This starts MongoDB + Redis in Docker, and the web + worker processes on your host. Open the URL printed by the script or check .second-dev.txt.
git clone https://github.com/Second-Inc/second.git
cd second
npm run devWe welcome contributions. See CONTRIBUTING.md and the docs for architecture details and development setup. Report security issues privately; see SECURITY.md.
Second is licensed under the Apache License 2.0.