GitHub - thomscoder/zero-1: Your data should look as real as the idea

Give your app exactly the data it needs — before your backend exists.

Describe whatever endpoint your app in natural language, drop in an OpenAPI spec — Zero-1 spins up live REST endpoints with realistic seeded data, full CRUD, and FK relationships. Tracks denormalized copies, propagates schema changes across existing data, and warns before a change would break a reference. Pair it with Claude Code to become an execution layer — all AI reasoning happens in your session, Zero-1 handles data, routing, and state locally. Export the schema when you're ready for your agent to build a working backend.

❯ I'm building a marketplace, I need sellers, products under /sellers/:id/products,
  and reviews under /products/:id/reviews. seed it heavy,
  like 5000 products and 10k reviews. gate writes with Bearer auth.

3 resources · 15100 records

· sellers    100   records
· products   5000  records  path: /sellers/:sellerId/products
· reviews    10000 records  path: /products/:productId/reviews

↳ products.sellerId  → sellers.id
↳ reviews.productId  → products.id

header guard: POST|PUT|PATCH|DELETE * — Authorization: Bearer required

z1-demo.mp4

Install

From source:

git clone https://github.com/thomscoder/zero-1 && cd zero-1

ANTHROPIC_API_KEY=sk-ant-... bun run cli.ts
# → http://localhost:7777  +  z1 › REPL

Or install the CLI:

curl -fsSL https://raw.githubusercontent.com/thomscoder/zero-1/main/scripts/install.sh | sh

Three modes

1. Standalone

Run Zero-1 as an HTTP server. Describe scenarios in the REPL or via API. One AI call per intent — schema parsing only. All data generation, CRUD, filtering, and graph tracking run locally with zero API calls.

z1                    # start + REPL
z1 --model gpt-4o     # use a specific model
ANTHROPIC_API_KEY=sk-ant-... bun run cli.ts

2. Claude Code native — `z1 launch claude`

Zero-1's primary mode. Claude Code IS the AI. Zero-1 executes.

z1 launch claude
z1 launch claude --model claude-opus-4-6

Starts the Zero-1 server and spawns Claude Code with the MCP pre-wired. Claude Code handles all reasoning and schema decisions. Zero-1 receives structured plans and executes them locally — zero redundant AI calls. Every token in your Claude Code session does actual work.

3. Scaffold export

Export your Zero-1 schema as a working production backend.

z1 export --scaffold hono --out ./my-app   # generate from .z1/state.json
z1 patch hono                              # sync changes (last-write-wins)

Or from the REPL:

z1 › .export --scaffold hono
z1 › .patch hono

Generates a complete Hono project: typed routes, in-memory data seeded with real records, TypeScript interfaces, and a /sync slash command for Claude Code. When your real backend is ready, the scaffold is the spec.

Features

Provider presets

Load a real provider's API shape instantly — no spec hunting, no key required:

# List available presets
GET /__generate/import/preset

# Load Stripe (customers, products, prices, payment intents, subscriptions at /v1/* paths)
POST /__generate/import/preset
{ "provider": "stripe" }

# Load GitHub (users, repos, issues at /api/v3/* paths + OAuth pre-configured)
POST /__generate/import/preset
{ "provider": "github" }

Available: github · google · stripe · linkedin · shopify

Each preset loads the correct real-world endpoint paths, realistic field shapes, and a pre-configured OAuth flow for that provider.

OpenAPI import

Point Zero-1 at any OpenAPI 3.x or Swagger 2.0 spec — URL or raw JSON:

POST /__generate/import/openapi
{ "url": "https://petstore3.swagger.io/api/v3/openapi.json" }
# or
{ "spec": { ...raw spec object... } }

Handles $ref resolution (recursive), allOf merges, oneOf/anyOf variants, and any path depth. Data is generated locally from the schema — no AI call.

REST

One description (or import) registers all resources with full CRUD — GET, POST, PUT, PATCH, DELETE. IDs are auto-incremented. FK references are always valid (data generated in dependency order).

Filter, search, sort — all query params, stackable:

GET /posts?role=admin&q=launch&sort=likes:desc&limit=10

Custom path patterns

Resources can live at any URL shape:

/api/v1/users
/payments/:paymentId/invoices
/orgs/:orgId/teams/:teamId/members

Named segments (:param) become FK equality filters on GET collection and are auto-populated on POST. The item ID is always the trailing segment: GET /payments/42/invoices/7.

Reactive triggers

"...when an order is created, subtract quantity from product stock. when stock hits 0, flip status to out_of_stock."

Describe side-effect logic inline. Supported operations: increment/decrement a field, set a value. Triggers fire synchronously on every matching mutation.

Schema evolution

"...add a views counter, rename likes to reactions, drop published. require X-API-Key on write requests."

Zero-1 sends only the schema to the AI (never the records), applies the diff, and backfills existing data locally. Added fields get context-aware generated values. Renamed fields preserve their values.

Pagination

"...cursor-based, 20 per page, use after as cursor param, edges for data array"

Configure the envelope your real API will produce. Zero-1 matches it. Supports page, offset, and cursor styles with customisable param names and response shapes.

Auth guards & response headers

"...require X-API-Key on all write requests to posts. inject X-Request-Id into every response."

Per-resource request guards and response header injection. Your frontend gets real 401s and real rejection bodies — no auth server needed.

OAuth 2.0 / OIDC

"...authorization code flow with PKCE. scopes: read, write, admin. JWT tokens, 1 hour expiry."

Full mock OAuth 2.0 / OIDC provider. Registers authorization, token, revoke, introspect, userinfo, and discovery endpoints. Per-client scope enforcement. Token signing via Web Crypto API (HS256) — no JWT library.

Chaos mode

"...30% error rate on POST /orders and 500ms–2s latency on all requests"

{ "resource": "orders", "method": "POST", "errorRate": 0.3, "errorCode": 503 }
{ "resource": "*", "method": "*", "latency": { "min": 200, "max": 800 } }
{ "resource": "users", "rateLimit": { "requests": 10, "windowSeconds": 60 } }

Knowledge graph

Zero-1 maintains a live graph of every resource — FK edges, denormalized copies, observed field types.

Write-through propagation — every PATCH/PUT walks the provenance graph and updates denormalized copies automatically.

Impact analysis — before applying a schema change, ask what breaks:

"What breaks if I switch the plan id to a string slug?"

Returns which FK references would stop resolving and which denormalized copies would go stale. Via MCP this is part of the natural workflow; via the API it's POST /__generate/graph/analyze.

2FA / OTP

Add two-factor authentication to any resource inline:

"...users with 2FA on login. OTP expires in 5 minutes."

Zero-1 registers POST /users/login and POST /users/verify endpoints. OTP codes are cryptographically random, 6-digit, single-use. Inspect pending codes at GET /__generate/2fa/pending.

JWT-based data scoping

"...each user should only see their own posts"

Per-resource per-user data isolation using JWT claims. Collection GETs filter automatically, item GETs return 403 for wrong owner, POSTs auto-set the owner field from the token.

MCP server

Zero-1 exposes its full surface as MCP tools for Claude Code and other AI agents.

Manual setup (if not using z1 launch claude):

// .claude/mcp.json
{
  "mcpServers": {
    "zero-1": {
      "command": "bun",
      "args": ["run", "/path/to/zero-1/mcp.ts", "--url", "http://localhost:7777"]
    }
  }
}

Tools include: create_scenario, evolve_schema, get_schema, list_resources, inspect_graph, analyze_impact, configure_headers, configure_oauth, configure_pagination, add_chaos, snapshot, reset, export_openapi, get_2fa_codes, and more.

Zero-waste architecture: every tool that normally triggers an AI call accepts a structured bypass. When called from Claude Code, Zero-1 skips its own AI calls entirely — Claude Code produces the plan, Zero-1 executes it. One AI session. No overhead.

AI providers

Zero-1 is bring-your-own-key. One AI call per intent — schema parsing only. Everything else is local.

# Anthropic (default)
ANTHROPIC_API_KEY=sk-ant-... bun run cli.ts

# OpenAI or any compatible endpoint
AI_PROVIDER=openai OPENAI_API_KEY=sk-... bun run cli.ts

# Ollama (local, no key needed)
AI_PROVIDER=ollama bun run cli.ts

Configuration

Variable	Default	Description
`AI_PROVIDER`	`anthropic`	`anthropic`, `openai`, or `ollama`
`AI_MODEL`	provider default	Override the model (e.g. `gpt-4o`, `llama3.2`, `claude-opus-4-6`)
`ANTHROPIC_API_KEY`	required for anthropic	Your Anthropic key
`OPENAI_API_KEY`	required for openai	Your OpenAI key
`OPENAI_BASE_URL`	`https://api.openai.com/v1`	Base URL for OpenAI-compatible APIs
`OLLAMA_BASE_URL`	`http://localhost:11434`	Base URL for Ollama
`API_KEY`	—	Protect `/__generate/*` meta endpoints with Bearer auth. CRUD routes unaffected.
`PORT`	`7777`	HTTP port

CLI flags:

z1 [--key sk-ant-...] [--port 7777] [--model claude-opus-4-6] [--web] ["inline prompt"]
z1 launch claude [--port 7777] [--model claude-opus-4-6]

API reference

Resource management

Method	Path	Description
`POST`	`/__generate/scenario`	Create resources from a description or structured plan
`GET`	`/__generate/resources`	List all resources with schemas and record counts
`DELETE`	`/__generate/resources`	Delete all resources
`DELETE`	`/__generate/resources/:name`	Delete a specific resource
`GET`	`/__generate/schema/:name`	Raw ParsedField[] schema for a resource
`POST`	`/__generate/evolve`	Evolve a resource's schema
`POST`	`/__generate/pagination`	Configure pagination for a resource
`POST`	`/__generate/snapshot`	Save a snapshot
`POST`	`/__generate/reset`	Restore from last snapshot

Dynamic CRUD (per resource)

Method	Path	Notes
`GET`	`/:name`	`?field=val`, `?q=term`, `?sort=field:asc`, `?explain=true`
`POST`	`/:name`	ID auto-assigned
`GET`	`/:name/:id`
`PUT`	`/:name/:id`	Full replace
`PATCH`	`/:name/:id`	Partial update
`DELETE`	`/:name/:id`	Returns 204

Custom paths (e.g. /payments/:paymentId/invoices) work identically — named segments filter by FK equality.

OAuth 2.0

Method	Path	Description
`POST`	`/__generate/oauth/configure`	Configure from description or structured OAuthConfig
`GET`	`/__generate/oauth/status`	Config + token stats
`GET`	`/__generate/oauth/authorize`	Authorization endpoint (auto-approves, 302 redirect)
`POST`	`/__generate/oauth/token`	Token endpoint (auth_code, client_credentials, refresh)
`POST`	`/__generate/oauth/revoke`	RFC 7009 revocation
`POST`	`/__generate/oauth/introspect`	Token introspection
`GET`	`/__generate/oauth/userinfo`	OIDC userinfo (Bearer token required)
`GET`	`/__generate/oauth/.well-known/openid-configuration`	OIDC discovery
`GET`	`/__generate/oauth/.well-known/jwks.json`	JWKS

Knowledge graph

Method	Path	Description
`GET`	`/__generate/graph`	Full graph dump (resources, FK edges, provenance edges)
`POST`	`/__generate/graph/analyze`	`{ resource, fields, typeChange? }` → impact report

Infrastructure

Method	Path	Description
`POST/GET/DELETE`	`/__generate/chaos`	Add / list / clear chaos rules
`DELETE`	`/__generate/chaos/:id`	Remove a specific rule
`GET/DELETE`	`/__generate/triggers`	List / clear triggers
`DELETE`	`/__generate/triggers/:id`	Remove a specific trigger
`POST`	`/__generate/headers/configure`	Configure header guards
`GET/DELETE`	`/__generate/headers`	List / clear header rules
`DELETE`	`/__generate/headers/:id`	Remove a specific rule
`POST/GET/DELETE`	`/__generate/scoping`	Add / list / clear JWT scoping rules
`GET`	`/__generate/2fa/pending`	Inspect pending OTP codes
`DELETE`	`/__generate/2fa`	Clear all OTP codes
`GET`	`/__generate/log`	Request log (newest first, max 500)
`DELETE`	`/__generate/log`	Clear log
`GET`	`/__generate/export`	Export global state as JSON
`POST`	`/__generate/import`	Restore global state from JSON
`GET`	`/__generate/openapi`	Export as OpenAPI 3.0.3
`POST`	`/__generate/import/openapi`	Import from OpenAPI/Swagger spec (URL or raw JSON)
`GET`	`/__generate/import/preset`	List available provider presets
`POST`	`/__generate/import/preset`	Load a provider preset (`{ "provider": "github" }`)

Web console

http://localhost:7777/__generate — create scenarios, browse and edit records, test OAuth flows, manage chaos rules, view the live request log, export/import state.

Tests

Requirements

Bun runtime
An AI provider key (ANTHROPIC_API_KEY, OPENAI_API_KEY, or Ollama running locally)
For z1 launch claude: Claude Code installed

推荐订阅源

Show HN

Install

Three modes

1. Standalone

2. Claude Code native — `z1 launch claude`

3. Scaffold export

Features

Provider presets

OpenAPI import

REST

Custom path patterns

Reactive triggers

Schema evolution

Pagination

Auth guards & response headers

OAuth 2.0 / OIDC

Chaos mode

Knowledge graph

2FA / OTP

JWT-based data scoping

MCP server

AI providers

Configuration

API reference

Resource management

Dynamic CRUD (per resource)

OAuth 2.0

Knowledge graph

Infrastructure

Web console

Tests

Requirements

推荐订阅源

Show HN

Install

Three modes

1. Standalone

2. Claude Code native — z1 launch claude

3. Scaffold export

Features

Provider presets

OpenAPI import

REST

Custom path patterns

Reactive triggers

Schema evolution

Pagination

Auth guards & response headers

OAuth 2.0 / OIDC

Chaos mode

Knowledge graph

2FA / OTP

JWT-based data scoping

MCP server

AI providers

Configuration

API reference

Resource management

Dynamic CRUD (per resource)

OAuth 2.0

Knowledge graph

Infrastructure

Web console

Tests

Requirements

2. Claude Code native — `z1 launch claude`