Skip to content

FAQ

Why is there no ORM?

We use raw SQL via postgres-js tagged templates. Reasons:

  • Migrations stay first-class. What you see in the SQL file is exactly what runs.
  • Query authors are forced to think about indexes, joins, and shape. No findMany surprises.
  • Postgres-specific features (CTEs, window functions, LISTEN/NOTIFY, JSONB ops, vector search) are first-class.
  • Type safety is preserved by the @doable/db query helpers. Every helper exposes a typed return.

If you really want an ORM-like layer, build it as a thin facade in packages/db/src/queries/. The codebase is fine with that pattern.

Why bind to 127.0.0.1 only?

Defense in depth. Every service is reachable only over loopback; public exposure happens via Cloudflare Tunnel or a documented reverse proxy on a separate host. A misconfigured firewall can't expose Postgres or your API directly. See Network Binding.

Do I need Redis?

No. The default in-memory KV store handles small/medium deployments (~100 concurrent users). Set REDIS_URL only if:

  • You run multiple API replicas and need shared rate-limiting / sessions.
  • You want session persistence across restarts.

Can I use Doable without any AI keys?

You can boot it without keys, but the chat-driven build experience won't work. The editor and project file management will. To unlock the AI:

  • Set ANTHROPIC_API_KEY, or
  • Set OPENAI_API_KEY, or
  • Install the GitHub Copilot CLI and set COPILOT_CLI_PATH.

You can mix providers and let the workspace pick per-mode.

How do I import an existing GitHub repo?

From the dashboard: New Project, Import from GitHub, authorize the GitHub integration, pick the repo. Doable clones into PROJECTS_ROOT and indexes the files.

How do I migrate a project from Lovable / Bolt / v0?

Export the source as a ZIP from the other tool, then New Project, Upload ZIP in Doable. The chat picks up where you left off. Describe what you want changed and the AI works from the existing code.

Can I bring my own LLM API key per project?

Yes, in Workspace Settings, AI, BYO Keys. Keys are encrypted with ENCRYPTION_KEY at rest and used in preference to the workspace-default keys. Useful for cost-allocation per workspace member or for using a different model per project.

Is the editor available offline?

The editor UI loads from your browser cache, but everything that talks to the backend (file save, chat, preview, collaboration) needs a connection. There's no full-offline mode.

How do I publish a project to a custom domain?

See Custom Domains. Short version: configure SITES_DIR, point a CNAME at your tunnel/server, and use the publish button in the editor. Doable handles cert provisioning via Caddy or Cloudflare.

Can I host Doable behind my company's SSO?

Authentication is JWT-based. You can replace the built-in email/password and OAuth flows with an SSO callback that issues your own JWT signed with JWT_SECRET. The API doesn't care who minted it as long as the signature is valid. SAML / OIDC integration via a third-party gateway (Keycloak, Authelia) is straightforward; first-party SSO is on the roadmap.

What happens to my data if I uninstall Doable?

  • DB: dropped when you docker compose down -v or remove the Postgres data dir.
  • Project files: stay on disk under PROJECTS_ROOT/ or api_projects volume. Back them up before uninstalling.
  • Encrypted secrets are unrecoverable without ENCRYPTION_KEY.

Why does my chat sometimes pause for confirmation?

A tool whose policy is ask was triggered. You can change policies per-tool in Workspace Settings, AI, Tools. The defaults err on the side of caution for write/delete actions.

Does Doable read the entire codebase into the AI context?

No. It uses retrieval. The pgvector index powers semantic search over file chunks; the AI sees only the most relevant slices. You can inspect what was retrieved in the chat's "Context" panel.

Is the AI sandboxed when it runs my code?

Yes. Every shell command, dev server, and build runs through @doable/dovault with cgroups + namespaces (Linux) or Job Objects (Windows). See Sandboxing.

Can I run Doable on a 1 GB VPS?

Just barely. The bare-metal install adds 2 GB of swap. For real workloads, 4 GB minimum, 8 GB recommended. Postgres + Node + a Vite dev server per active project add up.

How do I report a security issue?

Use a GitHub Security Advisory. Don't file a public issue. Maintainers will respond and coordinate disclosure.