Paste a repo, pay $0.05 USDC, get a live URL in ~30 seconds. The repo author keeps 40% of every try.
Built for Locus' Paygentic Hackathon #2, BuildWithLocus track.
Paste a GitHub URL, complete checkout in a Locus popup, and about 30 seconds later you have a live, publicly routable URL at https://svc-{id}.buildwithlocus.com with a 20-minute TTL. The interesting part is what happens between the paste and the URL.
Instead of hardcoded templates for a short list of stacks, TryIt uses a recipe agent (Llama 3.3 70B via Groq):
- Fetches the repo's file tree plus the contents of every signal config file (
package.json,requirements.txt,vite.config.ts,Dockerfile,go.mod,Gemfile, up to ~20 paths). - Emits a structured JSON recipe:
{runtime, port, startCmd, buildCmd, envDefaults, dockerfile}. - Returns
{supported: false}with a one-line reason if the repo has no bootable web service. This runs before the checkout session is created, so nobody pays for something that cannot run.
The agent writes the full Dockerfile inline. No template library to outgrow, no whitelist of supported stacks. Vite, Astro, Nuxt, Remix, Rails, Koa all go through the same path.
A blocklist.ts filter rejects agent-generated start commands that try to rm -rf /, curl | bash, mine crypto, and similar. The system prompt constrains the agent to standard public base images, WORKDIR /app, and a $PORT respecting listener.
Repo owners can claim a repo via file-drop verification: commit tryit-verify.txt with a challenge token to the default branch. Every try of a claimed repo fires POST /api/pay/send for 40% of gross ($0.02 USDC) straight to the owner's Locus wallet. No monthly minimums, no threshold.
This is the "economic tail on GitHub stars" the hackathon is about.
- BuildWithLocus.
POST /v1/projects/from-repoper try. Auth via/v1/auth/exchange(exchanged JWT, cached, auto-refreshed on 401). Deployments polled viaGET /v1/deployments/:id. Services deleted viaDELETE /v1/services/:idon TTL expiry. - PayWithLocus Checkout.
$0.05 USDCpurchase viaPOST /api/checkout/sessions(amount sent as string per Locus's validation). Verified server-side viaGET /api/checkout/sessions/:id. - PayWithLocus wallet transfer. Owner payout via
POST /api/pay/send(amount as number, opposite convention from checkout).
| Layer | Technology |
|---|---|
| Framework | Next.js 16 (Turbopack), TypeScript |
| UI | React 19, Tailwind CSS 4 |
| Agent | Groq, Llama 3.3 70B, JSON output mode |
| Infra | BuildWithLocus (containers, service discovery, TLS) |
| Pay | PayWithLocus Checkout + wallet transfer (USDC on Base) |
| GitHub | Authed REST calls via user PAT |
| State | File-backed JSON store at /tmp/tryit-db.json |
| Streaming | SSE for the boot theater |
User -> PasteCard (Next.js) -> POST /api/try
|
v
recipe agent (Groq + Llama 3.3)
|
+-- {supported: false} -> 400, no checkout
|
v
Locus Checkout session (popup)
|
v
client polls /api/checkout/:id
|
v
session PAID -> runBoot()
|
v
BuildWithLocus /v1/projects/from-repo
|
v
poll deployment -> healthy
|
v
SSE stream -> boot theater -> live URL
|
v
owner payout ($0.02 USDC -> Locus wallet)
|
v
20-min teardown timer -> DELETE /v1/services/:id
You need a Groq API key (free tier works), a GitHub personal access token (so authed GitHub calls don't hit the 60 request per hour anonymous ceiling), and a Locus claw_ beta API key in the standard SDK location (~/.config/locus/credentials.json).
cp app/.env.local.example app/.env.local
# fill in:
# GROQ_API_KEY=gsk_... # https://console.groq.com/keys
# GITHUB_TOKEN=ghp_... # (gh auth token) works if gh CLI is installed
cd app
npm install
npm run devOpen http://localhost:3000.
Setting LOCUS_MOCK=1 runs the full flow with canned checkout and canned BuildWithLocus responses. Useful for UI work without burning USDC.
TryIt/
|-- README.md (this file)
|-- LICENSE MIT
|-- .env.local.example required env vars
`-- app/ Next.js app root
|-- src/
| |-- app/ App Router pages + /api routes
| | |-- api/try POST: preflight + create checkout
| | |-- api/checkout GET: verify payment + trigger runBoot
| | |-- api/boot SSE stream for the boot theater
| | `-- ...
| |-- components/ landing, theater, dashboard, claim
| `-- lib/
| |-- recipes/ agent.ts, engine.ts, blocklist.ts, github.ts
| |-- boot/ orchestrator.ts, bus.ts, payouts.ts, stages.ts
| |-- locus/ auth.ts, build.ts, pay.ts
| |-- checkout/ confirm.ts
| `-- db/ store.ts, schema.ts
`-- package.json
Six abuse controls:
- Egress quota: enforced by the BuildWithLocus runtime (per-session limits on data and ports).
- 20-minute hard TTL:
scheduleTeardownfiresDELETE /v1/services/:idon expiry. - Rate limits: 60 tries per hour per IP in dev, 10 per hour per IP in production.
- No wallet or keys in the container: only
.env.examplevalues (secret-scrubbed viasafeValue) reach the deploy. - Start-command blocklist: miners, reverse shells,
curl | shpatterns rejected before any Locus call. Applies to agent output too. - One-click kill:
POST /api/report/:tryIdhard-deletes the service and flips the try toexpired.
- SIWX (Sign-In-with-Locus): the public Locus SDK exposes LASO (payment-card product) and MPP, not a general SIWX primitive usable here. File-drop is the only ownership proof in this build.
- AgentMail notifications: stretch, not wired.
- Shared-runner v2: each try currently provisions a disposable BuildWithLocus service. The per-service monthly fee is non-trivial at scale. Next iteration uses one long-lived runner service per project, hot-swapped via redeploy per try. Backend-only change, UX is identical.
- Self-heal: if the agent-generated Dockerfile fails to build, we do not retry with error context yet.
MIT. See LICENSE.