sh0
Self-hosted deployment. Single binary. Zero complexity.
A deployment platform in a single Rust binary (~2MB). Git push deployments, automatic SSL, built-in AI chat with 20 MCP tools, database management, browser terminal, and multi-server orchestration.
Building sh0
Writing a Docker Engine Client from Scratch in Rust
Why we wrote a custom Docker Engine API client using hyper and Unix sockets instead of shelling out to the Docker CLI, and the multiplexed stream parsing that made it work.
Preventing Command Injection in a PaaS
A PaaS runs user-provided commands by design. Here is how we built validate_command() to prevent shell injection in cron jobs, deploy hooks, and Docker exec.
AI Sandbox: Giving Claude a Safe Container to Debug Your Apps
We built an AI sandbox that gives Claude root access to an Alpine container with curl, git, node, and python -- so it can actually debug your deployments instead of just guessing.
Automatic SSL: DNS, ACME, and Custom Certificates
How sh0 handles SSL certificates automatically via Caddy's ACME integration, supports custom certificate uploads with AES-256-GCM encrypted private keys, and configures DNS for self-hosted deployments.
Auth in Rust: Argon2id, JWT, TOTP, and API Keys
Building a complete authentication system in Rust: Argon2id password hashing, HS256 JWT tokens, TOTP 2FA with backup codes, API key generation, and AES-256-GCM encryption.
Backup Engine: AES-256-GCM, 13 Storage Providers, and FTP Nightmares
Building a backup engine with pluggable storage, AES-256-GCM encryption, 13 storage providers via OpenDAL -- and the IPv6 FTP bug that forced us to write our own client.
Blue-Green Deploys: Building a Zero-Downtime Pipeline in Rust
The 8-step deploy pipeline that powers sh0: clone, analyze, build, deploy, health check, route, swap, and cleanup -- with blue-green container swaps and automatic disk management.
Taming Caddy as a Programmatic Reverse Proxy
How we turned Caddy into a fully programmatic reverse proxy managed via its Admin API, with automatic SSL, route syncing, and crash recovery.
Auto-Detecting 19 Tech Stacks from Source Code
How sh0's build engine detects 19 tech stacks, generates production-grade Dockerfiles with multi-stage builds, and creates optimized build contexts -- all in pure Rust.
The 16KB Bug: How a Pipe Buffer Froze Our Entire Platform
A 16KB pipe buffer caused Caddy to freeze every 5 minutes. The debugging story of a classic Unix pipe deadlock that took us from confusion to a 5-line fix.
Building a Production Dashboard with Svelte 5 in 48 Hours
How we built sh0's production dashboard -- dark/light themes, 5-language i18n, real-time WebSocket logs, and 7 core pages -- using Svelte 5 runes and TailwindCSS 4 in 48 hours.
From Flat Lists to Stacks: Redesigning Our Entire UX
We threw away our flat app/database list UI and rebuilt around project-scoped stacks with a dual sidebar, context navigation, and cPanel-style sections.