sh0
Self-hosted deployment. Single binary. Zero complexity.
A deployment platform in a single Rust binary (~2MB). Git push deployments, automatic SSL, built-in AI chat with 20 MCP tools, database management, browser terminal, and multi-server orchestration.
Building sh0
Auth in Rust: Argon2id, JWT, TOTP, and API Keys
Building a complete authentication system in Rust: Argon2id password hashing, HS256 JWT tokens, TOTP 2FA with backup codes, API key generation, and AES-256-GCM encryption.
We Audited Our Own Platform and Found 88 Security Issues
We ran 4 comprehensive security audits on our own PaaS and found 88 issues -- 9 critical, 12 high, 45 medium. Here is every finding, every fix, and what we learned.
Migrating from localStorage Tokens to HTTP-Only Cookies
How we migrated sh0's authentication from localStorage JWT tokens to HTTP-only cookies with CSRF double-submit protection -- and why every self-hosted tool should do the same.
Preventing Command Injection in a PaaS
A PaaS runs user-provided commands by design. Here is how we built validate_command() to prevent shell injection in cron jobs, deploy hooks, and Docker exec.
Building a Production Dashboard with Svelte 5 in 48 Hours
How we built sh0's production dashboard -- dark/light themes, 5-language i18n, real-time WebSocket logs, and 7 core pages -- using Svelte 5 runes and TailwindCSS 4 in 48 hours.
From Flat Lists to Stacks: Redesigning Our Entire UX
We threw away our flat app/database list UI and rebuilt around project-scoped stacks with a dual sidebar, context navigation, and cPanel-style sections.
The Deploy Hub: 183 Options, One Page
How we built a Softaculous-style deploy hub with 183 options across 5 categories, 7 deploy form components, and a split-panel UX.
Web Terminal and File Explorer in a Self-Hosted PaaS
How we built a browser-based terminal (xterm.js + WebSocket + Docker exec) and a Docker Desktop-style file explorer -- features most self-hosted PaaS tools lack.
Real-Time Logs: WebSocket Streaming from Docker Containers
How we built real-time log streaming from Docker containers to the browser using WebSocket, with JWT authentication, auto-reconnect, and a terminal-style viewer.
The sh0 CLI: 10 Commands That Mirror the Dashboard
How we built the sh0 CLI with 10 commands that mirror every dashboard action -- deploy, logs, env vars, health checks, and SSH into containers.
License Enforcement: Free, Pro, Business -- Gating Features in Rust
How we implemented a 3-tier license system in a self-hosted PaaS -- generous free tier, feature gating in Rust, dashboard upgrade prompts, and the pricing decisions behind it.
14 Days, 105 Sessions, 1 AI CTO: The Complete Story of Building sh0.dev
The complete story of building sh0.dev -- a production-grade PaaS with 488 tests, 119 templates, 25 MCP tools, and an AI assistant -- in 14 days from Abidjan with zero human engineers.