Skill marketplace for DojOps.
Discover, publish, and install .dops DevOps skills for the AI DevOps Automation Engine.
Live: hub.dojops.ai
- Next.js 15.2 (App Router, standalone output)
- React 19 + TypeScript 5.7
- PostgreSQL 16 + Prisma 6.4 (ORM + migrations)
- NextAuth.js 4.24 (GitHub OAuth)
- Tailwind CSS v4 (cyberpunk dark theme)
- Zod 3.24 (schema validation)
- Package registry — Publish, version, and download
.dopsskill files - Full-text search — PostgreSQL
tsvector+ GIN index withts_rankranking - GitHub OAuth — Sign in with GitHub, role-based access (USER / ADMIN)
- API tokens —
dojops_prefixed tokens with SHA-256 hashing, max 10 per user - Integrity verification — SHA-256 publisher attestation on publish/install
- Community — Star packages, post comments, user profiles
- Admin moderation — Flag or remove packages
- Rate limiting — In-memory rate limiter on publish, star, comment, search, and token creation
- CLI integration —
dojops skills publish/dojops skills installauthenticate via Bearer token
| Route | Description |
|---|---|
/ |
Homepage with recent packages |
/explore |
Browse all packages (sort, filter by tag) |
/packages/:slug |
Package detail + latest version |
/packages/:slug/versions |
Full version history |
/publish |
Publish a new .dops skill |
/tags/:tag |
Packages by tag |
/users/:username |
User profile |
/settings/tokens |
API token management |
/admin |
Package moderation (admin only) |
| Method | Route | Auth | Description |
|---|---|---|---|
| GET | /api/packages |
No | List packages (pagination, sort, tag filter) |
| POST | /api/packages |
Yes | Publish package (multipart, max 1MB, SHA-256) |
| GET | /api/packages/:slug |
No | Package detail + latest version |
| GET | /api/packages/:slug/:ver |
No | Specific version detail |
| POST | /api/packages/:slug/star |
Yes | Toggle star |
| GET | /api/packages/:slug/comments |
No | List comments |
| POST | /api/packages/:slug/comments |
Yes | Post comment (max 2000 chars) |
| GET | /api/download/:slug/:ver |
No | Download .dops file |
| GET | /api/search?q= |
No | Full-text search |
| GET | /api/users/:username |
No | Public user profile |
| PATCH | /api/admin/packages/:id |
Admin | Moderate package |
| GET | /api/tokens |
Session | List API tokens |
| POST | /api/tokens |
Session | Create API token |
| DELETE | /api/tokens/:id |
Session | Revoke API token |
8 models in PostgreSQL:
- User — GitHub OAuth (githubId, username, role: USER/ADMIN, bio)
- Account / Session / VerificationToken — NextAuth internals
- Package — name, slug, description, tags, status (ACTIVE/FLAGGED/REMOVED), starCount, downloadCount, searchVector
- Version — semver, filePath, fileSize, sha256, riskLevel, permissions, inputFields, outputSpec, fileSpecs
- Star — Unique per user+package, atomic starCount increment
- Comment — User comments on packages
- ApiToken — SHA-256 hashed,
dojops_+ 40 hex chars, optional expiry
- Node.js >= 20
- PostgreSQL 16 (or use Docker)
git clone https://github.com/dojops/dojops-hub.git
cd dojops-hub
npm install
# Start database
docker-compose up -d db
# Configure environment
cp .env.example .env
# Edit .env with your GitHub OAuth credentials and database URL
# Run migrations
npx prisma migrate dev
# Start dev server
npm run dev| Variable | Description |
|---|---|
DATABASE_URL |
PostgreSQL connection string |
NEXTAUTH_URL |
Base URL (e.g. http://localhost:3000) |
NEXTAUTH_SECRET |
Random secret for session encryption |
GITHUB_ID |
GitHub OAuth App client ID |
GITHUB_SECRET |
GitHub OAuth App client secret |
npm run dev # Dev server (http://localhost:3000)
npm run build # Prisma generate + Next.js build
npm run lint # ESLint
npm run format # Prettier write
npm run format:check # Prettier check
npx prisma migrate dev # Run migrations
npx prisma studio # Visual database browser# Full stack (app + postgres)
docker-compose up --build
# App available at http://localhost:3000Dockerfile: Multi-stage build (node:20-slim). Runs prisma migrate deploy on startup, then drops to non-root user (nextjs:1001). Uploads stored at /app/uploads volume.
- Publish: CLI computes SHA-256 client-side, sends as multipart field. Hub verifies hash matches uploaded file.
- Install: CLI downloads
.dopsfile, receives publisher hash viaX-Checksum-Sha256header, recomputes locally. Mismatch aborts with integrity error.
31 components organized by domain:
- Layout (3): Navbar, Footer, Sidebar
- UI (8): GlowCard, Button, Badge, SearchBar, Pagination, SectionHeading, Spinner, EmptyState
- Package (9): PackageCard, PackageDetail, PackageGrid, DopsPreview, VersionHistory, RiskBadge, PermissionBadges, IntegrityHash, InstallCommand
- Community (4): StarButton, CommentThread, CommentItem, AuthorBadge
- Publish (2): PublishForm, MetadataPreview
- User (3): UserProfile, UserPackages, UserStars
- Admin (1): PackageModeration
- Settings (1): TokenManager
| Repo | Description |
|---|---|
| dojops/dojops | Main monorepo — CLI, API, all @dojops/* packages |
| dojops/dojops.ai | Marketing website |
| dojops/dojops-doc | Documentation site |
MIT