Doki

Create Apps and Workflows by asking AI! and do a lot more...

Doki is a local-first workspace for running operational workflows, managing Docker-backed tools, and composing internal utilities in one place.

It combines:

• a web UI for commands, templates, targets, secrets, users, and audit history
• an app system with built-in apps plus runtime-installed apps
• App Studio for building new apps inside Doki
• an optional stealth login flow for hiding the normal login page
• a local Docker target and Go orchestrator for app execution

What Doki does

Out of the box, Doki gives you:

• Apps for browsing and launching installed tools
• Workflows for reusable commands, templates, and run history
• App Studio for authoring and previewing apps
• AI controls for administration and App Studio
• Configuration for targets, environments, and encrypted secrets
• Administration for users, groups, module visibility, audit logs, and source management

Built-in apps currently live in app/apps:

• playwright runner
• image-compress
• text-diff

Runtime-installed app code lives in app/data/installed-apps, and per-app runtime state lives in app/data/apps.

Quick Start

Requirements

You need:

• Docker with docker compose

First run

From the repo root:

./setup.sh
./start.sh

Then open:

http://localhost:8099

On first setup, Doki will:

• create runtime folders and keys
• seed the built-in local Docker target
• print a stealth key
• send you into the onboarding flow

During onboarding, you:

1. create the first super-admin
2. choose whether stealth login stays enabled
3. choose which top-level modules are visible

If stealth stays enabled, the normal login page is hidden. You will first see a fake not-found page, and you type the stealth key there to unlock login.

Common Commands

Bootstrap and health:

./setup.sh
./setup.sh --check
./setup.sh --verbose

Runtime control:

./start.sh
./stop.sh

Fresh-install reset:

./reset.sh --dry-run
./reset.sh --force

reset.sh removes runtime state, generated keys, local databases, sessions, installed app code, app runtime data, Playwright output, and other generated files, while keeping bundled app code in app/apps.

How First Run Works

• setup.sh runs the CLI bootstrap in app/scripts/setup.php
• setup prepares runtime state and verifies the local Docker target through app/includes/OnboardingManager.php
• start.sh and stop.sh control the Doki stack through app/scripts/runtime-control.php
• the web app routes fresh installs to onboarding from app/index.php

Repo Layout

• app: main PHP application
• app/apps: bundled app code
• app/data: runtime state, SQLite DB, sessions, keys, installed apps, and app data
• templates: command template definitions
• orchestrator-go: Go control-plane/orchestration service
• docker-compose.yml: local stack definition
• Dockerfile: PHP/Apache runtime image

Security Notes

Doki is currently designed for a trusted local or self-hosted environment.

The local stack currently uses:

• Docker socket access
• privileged containers
• a read-only host root mount inside the main app container

That is powerful and convenient for local orchestration, but it also means you should treat a Doki install as highly trusted infrastructure, not as a locked-down multi-tenant service.

Development Notes

• The app listens on http://localhost:8099
• The orchestrator host port is auto-selected and persisted, defaulting to 8098 when available
• The host-side setup flow uses your local PHP CLI, so missing PHP extensions on the host will block ./setup.sh

Status

Doki is under active development. The core onboarding, runtime control, local target seeding, module visibility controls, and recovery flow are in place, but the project is still evolving quickly.

License

Doki is available under the MIT License.

Contributing

Contributions are welcome. If you want to improve Doki, fix a bug, tighten the UX, or add a useful app or workflow, pull requests are appreciated.