Skillget

kdcube-ai-app

mcp
Guvenlik Denetimi
Uyari
Health Uyari
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 8 GitHub stars
Code Gecti
  • Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose
This project provides a self-hosted platform and SDK for building and deploying customer-facing AI applications. It acts as an end-to-end runtime that bundles backend logic, APIs, user interfaces, and AI agents into isolated, production-ready units.

Security Assessment
Overall Risk: Medium. While the automated code scan found no dangerous patterns or hardcoded secrets, and the tool requires no explicitly dangerous permissions, the underlying architecture naturally interacts with sensitive resources. It is designed to execute arbitrary Python and Node backend logic, manage application secrets, and likely makes network requests for AI model streaming and multi-tenant API routing. Developers should inspect how tenant isolation is enforced and how secrets are managed before exposing it to customer data.

Quality Assessment
The project is actively maintained, with its most recent code push happening today. It uses the permissive MIT license, which is excellent for open-source adoption and customization. However, community trust and visibility are currently very low. With only 8 stars on GitHub, it is essentially a nascent project, meaning undiscovered bugs or security edge cases are highly likely due to a lack of widespread public testing.

Verdict
Use with caution—it shows strong architectural practices and active maintenance, but its low community adoption necessitates a thorough internal security review before handling production customer data.
SUMMARY

Ship customer-facing AI with isolation, spend controls, and provenance.

README.md

KDCube — Build and Ship End-to-End AI Apps Fast

KDCube is a self-hosted platform and SDK for building customer-facing AI apps as bundles.

A bundle is an application slice, not just a prompt or an agent wrapper. One bundle can combine:

  • Python backend logic
  • authenticated and public APIs
  • widgets and a full custom UI
  • React v2, Claude Code, and/or custom agents
  • tools, skills, MCP, storage, props, and secrets
  • scheduled jobs with @cron(...)
  • dependency-isolated helpers with @venv(...)
  • optional Node or TypeScript backend logic behind a Python bridge

KDCube gives you the runtime, streaming, isolation, memory, operations, and deployment model so you can ship real AI products, not just local agent demos.

cubes.png

Why Builders Use KDCube

  • Build one bundle as a complete app slice: backend, APIs, streaming UX, widgets, and storage.
  • Compose the right brains for each job: React v2, Claude Code, custom agents, tools, or isolated exec.
  • Ship on a production runtime with multi-tenant isolation, backpressure, rate limits, economics, and observability.
  • Keep provenance and recoverability: timelines, source pools, citations, artifacts, and rehydration.
  • Prototype locally, then move to ECS and other hosted deployments without rewriting the app model.

What You Build Here

The main unit in KDCube is a bundle.

A bundle can expose:

  • chat behavior through @on_message
  • authenticated APIs through @api(route="operations")
  • anonymous or externally authenticated APIs through @api(route="public")
  • widgets through @ui_widget(...)
  • a full custom main UI through @ui_main
  • scheduled logic through @cron(...)

Typical bundle structure:

my.bundle@1-0/
  entrypoint.py
  orchestrator/
    workflow.py
  tools_descriptor.py
  skills_descriptor.py
  tools/
  skills/
  ui/
  ui-src/
  resources/
  tests/
  requirements.txt
  backend_bridge/

Python remains the KDCube-native shell. If you need selected backend logic in Node or TypeScript, keep the KDCube surface in Python and place the external backend behind a narrow bridge.

Quickstart

Install the bootstrap CLI and launch the setup wizard:

pipx install kdcube-cli
kdcube

Alternative:

pip install kdcube-cli
kdcube

kdcube-setup remains available as a compatibility alias, but kdcube is the canonical command.

Prerequisites:

  • Python 3.9+
  • Git
  • Docker

Start here:

Start Here If You Want To Build Bundles

Read these in order:

  1. Bundle docs index
  2. Bundle reference: versatile
  3. Bundle developer guide
  4. Bundle runtime
  5. Bundle platform integration
  6. Bundle props and secrets

Primary reference bundle:

Specialized examples:

Agent and Runtime Model

KDCube is not limited to one agent shape.

Inside one bundle you can use:

  • React v2 for timeline-first orchestration, planning, ANNOUNCE, and tool-driven work
  • Claude Code for workspace-scoped coding tasks with persistent session identity
  • custom Python agents for domain-specific flows
  • isolated exec for generated code and controlled execution
  • @venv(...) for dependency-heavy Python leaf helpers

Important: React v2 is not based on provider-native tool-calling protocol. The loop is controlled by the platform runtime, not by a model-specific tool-call format. That lets you use non-tool-calling models as the reasoning brain when they can follow the ReAct contract.

Read more:

What the Platform Gives You

Runtime and UX

  • SSE / REST / Socket.IO chat transport
  • channeled streaming and live widget updates
  • bundle-owned widgets and full custom main-view UI
  • session-aware relay and fan-out

Execution and tools

  • custom tools and MCP
  • isolated Python execution
  • optional Docker and Fargate execution paths
  • bundle-scoped cached Python venvs for leaf work

Memory, provenance, and artifacts

  • timeline-first React runtime
  • source pools and citations
  • attachments and generated artifacts
  • artifact rehydration and logical references

Operations and safety

  • multi-tenant / multi-project isolation
  • gateway controls, rate limits, and backpressure
  • budgets, economics, and accounting
  • metrics and autoscaling support
  • role-aware filtering and bundle UI authorization

ReAct v2 in One Paragraph

KDCube’s React v2 agent is timeline-first. Tool calls, artifacts, plans, ANNOUNCE state, and turn history become structured runtime data rather than ephemeral model chatter. That gives the platform:

  • stable memory and re-read paths
  • cache-aware pruning and react.hide
  • plan tracking with react.plan
  • source-backed provenance
  • collaboration through timeline and ANNOUNCE contributions

Deep dives:

Deployment Model

KDCube supports:

  • local Docker Compose for development and small deployments
  • EC2-style deployments
  • ECS-based hosted deployments

The CLI supports:

  • guided local setup
  • descriptor-driven installs
  • latest released builds
  • upstream source builds
  • local bundle prototyping and bundle reload flow

Read more:

Documentation

Builder-oriented:

Platform-oriented:

Community

If you want to build AI apps fast but still control runtime, tools, costs, deployment, and provenance, KDCube is aimed at that use case.

Project site:

Yorumlar (0)

Sonuc bulunamadi