Skip to content

FAQ

Why is there no ORM?

We use raw SQL via postgres-js tagged templates. Reasons:

  • Migrations stay first-class — what you see in the SQL file is exactly what runs.
  • Query authors are forced to think about indexes, joins, and shape — no findMany surprises.
  • Postgres-specific features (CTEs, window functions, LISTEN/NOTIFY, JSONB ops, vector search) are first-class.
  • Type safety is preserved by the @doable/db query helpers — every helper exposes a typed return.

If you really want an ORM-like layer, build it as a thin facade in packages/db/src/queries/ — the codebase is fine with that pattern.

Why bind to 127.0.0.1 only?

Defense in depth. Every service is reachable only over loopback; public exposure happens via Cloudflare Tunnel or a documented reverse proxy on a separate host. A misconfigured firewall can't expose Postgres or your API directly. See Network Binding.

Do I need Redis?

No. The default in-memory KV store handles small/medium deployments (~100 concurrent users). Set REDIS_URL only if:

  • You run multiple API replicas and need shared rate-limiting / sessions.
  • You want session persistence across restarts.

Can I use Doable without any AI keys?

You can boot it without keys, but the chat-driven build experience won't work — the editor and project file management will. To unlock the AI:

  • Set ANTHROPIC_API_KEY, or
  • Set OPENAI_API_KEY, or
  • Install the GitHub Copilot CLI and set COPILOT_CLI_PATH.

You can mix providers and let the workspace pick per-mode.

How do I import an existing GitHub repo?

From the dashboard: New Project → Import from GitHub → authorize the GitHub integration → pick the repo. Doable clones into PROJECTS_ROOT and indexes the files.

How do I migrate a project from Lovable / Bolt / v0?

Export the source as a ZIP from the other tool, then New Project → Upload ZIP in Doable. The chat picks up where you left off — describe what you want changed and the AI works from the existing code.

Can I bring my own LLM API key per project?

Yes, in Workspace Settings → AI → BYO Keys. Keys are encrypted with ENCRYPTION_KEY at rest and used in preference to the workspace-default keys. Useful for cost-allocation per workspace member or for using a different model per project.

Is the editor available offline?

The editor UI loads from your browser cache, but everything that talks to the backend (file save, chat, preview, collaboration) needs a connection. There's no full-offline mode.

How do I publish a project to a custom domain?

See Custom Domains. Short version: configure SITES_DIR, point a CNAME at your tunnel/server, and use the publish button in the editor. Doable handles cert provisioning via Caddy or Cloudflare.

Can I host Doable behind my company's SSO?

Authentication is JWT-based. You can replace the built-in email/password and OAuth flows with an SSO callback that issues your own JWT signed with JWT_SECRET — the API doesn't care who minted it as long as the signature is valid. SAML / OIDC integration via a third-party gateway (Keycloak, Authelia) is straightforward; first-party SSO is on the roadmap.

What happens to my data if I uninstall Doable?

  • DB: dropped when you docker compose down -v or remove the Postgres data dir.
  • Project files: stay on disk under PROJECTS_ROOT/ or api_projects volume — back them up before uninstalling.
  • Encrypted secrets are unrecoverable without ENCRYPTION_KEY.

Why does my chat sometimes pause for confirmation?

A tool whose policy is ask was triggered. You can change policies per-tool in Workspace Settings → AI → Tools. The defaults err on the side of caution for write/delete actions.

Does Doable read the entire codebase into the AI context?

No. It uses retrieval — the pgvector index powers semantic search over file chunks; the AI sees only the most relevant slices. You can inspect what was retrieved in the chat's "Context" panel.

Is the AI sandboxed when it runs my code?

Yes — every shell command, dev server, and build runs through @doable/dovault with cgroups + namespaces (Linux) or Job Objects (Windows). See Sandboxing.

Can I run Doable on a 1 GB VPS?

Just barely — the bare-metal install adds 2 GB of swap. For real workloads, 4 GB minimum, 8 GB recommended. Postgres + Node + a Vite dev server per active project add up.

How do I report a security issue?

Use a GitHub Security Advisory — don't file a public issue. Maintainers will respond and coordinate disclosure.