Skip to main content
Glama

DevPanel

A local project panel for SaaS builds — planning and ops in one place. Single user, localhost-first. See SPEC.md for the full design.

  • Plan — kanban (Todo / Pågår / Blockerad / Klar), milestones, decisions, AI task suggestions, idea inbox.

  • Ops — service health grid, open-incident banner + runbooks, deploys, 24h uptime sparklines, cost anomalies.

  • Secrets — AES-256-GCM at rest, key derived from a master password (argon2id). AI / MCP never see secret values — only {name, scope, age}.

Three processes: api (Hono, serves the built web UI), worker (health poller + daily alert cron), mcp (stdio, spawned by Claude Code). One SQLite DB.

Architecture

  • api — Hono on 127.0.0.1:8899, REST mirror of the MCP tools + secrets endpoints, and serves web/dist.

  • worker — polls each service's health_url every 60s; daily cron alerts on cert expiry, secret age, stale backups and cost overruns (via ntfy).

  • mcp — the same tools over stdio for Claude Code; every AI write is logged to activity_log tagged source='ai'.

  • web — Vite + React SPA, built to web/dist and served by the api.

Related MCP server: SafeFlo

Setup

# 1. config
cp .env.example .env            # tweak if needed; defaults are fine for localhost

# 2. install + build
npm install
cd web && npm install && npm run build && cd ..

# 3. run (pm2)
pm2 start ecosystem.config.cjs
pm2 save                        # persist across reboots (after `pm2 startup`)

Open http://127.0.0.1:8899. The database is created on first run at data/panel.db (override with DB_PATH).

Dev mode with hot reload: cd web && npm run dev (proxies /api to the running api on 8899).

Remote access (optional)

The api binds loopback only. To reach it remotely, front it with Cloudflare Access over a tunnel — see cloudflared/config.example.yml. SSH port-forwarding (ssh -L 8899:127.0.0.1:8899 host) also works.

Configuration

All configuration is via .env (see .env.example) — no hardcoded paths. Nothing secret lives in any config file; the master password is entered at unlock time and only its derived key is held in memory, for 5 minutes.

Security notes

  • Secret values never appear in get_context, logs, or API responses without an unlocked session.

  • Bind 127.0.0.1; expose only via Cloudflare Access or an SSH tunnel.

  • .env, data/, and tunnel credentials are git-ignored — keep them that way.

F
license - not found
-
quality - not tested
C
maintenance

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/pierreosbeck-cmd/devpanel'

If you have feedback or need assistance with the MCP directory API, please join our Discord server