Humans and agents, side by side.
Second is a factory for custom internal software,
purpose-built for human2agent work.
Run Second locally:
npx --yes @second-inc/cli| Platform | Status |
|---|---|
| Apple Silicon Mac (M1-M5) | Available now |
| Intel Mac, Linux, Windows | Coming soon |
Bring your agent:
|
|
|
| ✅ | ✅ | Soon |
Second is a local / on-prem Lovable for building internal software (e.g. competitor research, lead enrichment) that treats agents as first-class citizens: AI Agents work inside the apps you build, right alongside your team. They read and write to the same real-time DB as your team does, get scoped tools to handle real workloads inside the apps you've built, and perform actual work instead of just answering questions.
Second is a single workspace.
- You describe your app. In a single prompt.
- Second generates it. The agents, scoped tools, and a beautiful UI, backed by a real-time DB.
- Your team now works alongside agents in the same shared custom software you've built.
|
This example features agents discovering new competitors, enriching them, and generating a weekly recap deck from all available information. full-demo.mp4GitHub mobile app? Click here to watch the video → • Second is the most powerful way to build custom GUIs for agents. |
Most platforms weren't built for multiplayer, async work with agents. They either treat agents as an afterthought bolted onto existing tools, or they're too opinionated and end up not fitting how your team actually works.
Generally, multiplayer human-agent work is where coordination gets hard and things start to break.
Second solves that: Think Paperclip or Multica, but instead of pre-built software you get to build your own custom GUI to work with a team of agents, tailored to your company's needs!
Companies like Ramp and Deel have already figured out that teams are building amazing things internally with Claude, Codex, or Lovable- but most never reach production (security, governance, integrations, maintenance, agent access control...). To solve this, they built internal platforms for themselves.
Second lets every organization have that.
Every app you build in Second gets a real-time DB, audit logs, RBAC, agent RBAC, and governance tools built into the workspace.
|
|
Tip
Enterprise deployment? See Enterprise Deployment and Security.
Need help with security, SSO, deployment, cost management, runtime setup, and SLA support? Contact sales@second.so.
| Feature | |
|---|---|
| 🔧 Self-Building | Integrations are generated on demand with exact connection instructions |
| 🤖 App Agents | Each app gets its own agents, with tools and data access presented for approval |
| 🔌 BYO Agent | Use Claude Code, Codex, OpenCode, or your own harness. Switch runtimes per app or message |
| ⚡ Realtime | Live data, change streams, and optimistic updates keep teams and agents synced |
| 👥 Multiplayer Sessions | Talk with your agents, invite teammates into the session, and collaborate with shared context |
| 🔒 Agent Permissions | Agents run with approved tools, data, and integrations. Everything is scoped and audited |
| 🛡️ Governance | Draft, review, approve, and publish apps with agents and integrations under control |
| 📋 Audit Logs | Every agent action, tool call, data write, and access denial recorded and searchable |
| 🏠 Self-Hosted / On-Prem | Deploy on your own infrastructure. Your k8s cluster, your VPC, your rules |
| 🧠 Workspace Agents | Create reusable agents with prompts, skills, models, and team visibility |
| 📚 Workspace Skills | Define instructions once, then attach them to agents across the workspace |
| ⏲️ Scheduled Agent Jobs | Agents run on a schedule for periodic research, monitoring, and background tasks |
| 🚀 One-Command Setup | From zero to running with npx @second-inc/cli |
|
Flow: 🤖 Scrape leads → 🤖 Enrich from LinkedIn + web → 🤖 Score and rank → 👤 Team reviews top leads
|
||||||||||||||||||
|
Flow: 🤖 Agent pulls weekly metrics → 👤 PMM reviews positioning → 👤 Sales adds field notes → 🤖 Agent generates battlecard
|
||||||||||||||||||
And many more:
| Use Case | What It Does | Tools | Agents |
|---|---|---|---|
| Competitor Research Dashboard | Monitor competitor changes, review and flag important updates, compile reports, and share research | Web Search, Google Alerts, Drive | Research Agent, Alert Agent, Report Agent |
| Content Curation Pipeline | Fetch videos, select clips, cut and upload assets, and route finished content for approval | YouTube API, Clipping Service, Google Drive | Curator Agent, Clip Agent |
| Social Media Ops | Draft posts, schedule across platforms, track engagement, repurpose top performers | Twitter/X, LinkedIn, Buffer | Content Agent, Scheduling Agent, Analytics Agent |
| Recruiting Pipeline | Source candidates, screen resumes, schedule interviews, track pipeline | LinkedIn, ATS, Google Calendar, Gmail | Sourcing Agent, Screening Agent, Scheduling Agent |
| Customer Success | Pull data from CRMs and support tools, surface churn risk, draft outreach | HubSpot, Intercom, Slack | Insights Agent, Churn Agent, Outreach Agent |
| Invoice & Expense Tracking | Collect invoices from email, extract data, match to POs, flag discrepancies | Gmail, Google Drive, Accounting API | Extraction Agent, Matching Agent, Approval Agent |
| Compliance Monitoring | Scan for policy violations, flag issues, route to approvers | Internal APIs, Slack, Jira | Compliance Agent, Triage Agent, Routing Agent |
| Internal Knowledge Base | Continuously index docs, summarize updates, answer team questions | Notion, Confluence, Slack | Indexing Agent, Summary Agent, Q&A Agent |
| Founder's Daily Brief | Aggregate metrics, news, emails, and calendar into one morning summary | Gmail, Google Calendar, Analytics, Web Search | Metrics Agent, News Agent, Brief Agent |
| PR & Media Monitoring | Track brand mentions, analyze sentiment, draft responses, alert on crises | Web Search, Twitter/X, Slack, Google Docs | Monitor Agent, Sentiment Agent, Response Agent |
| Product Feedback Loop | Collect feedback from support tickets, reviews, and calls, cluster themes, surface to PM | Intercom, G2, Gong, Slack | Collection Agent, Clustering Agent, Summary Agent |
| Vendor & Contract Management | Track renewal dates, compare pricing, flag expiring contracts, draft RFPs | Gmail, Notion, Slack | Tracker Agent, Comparison Agent, Draft Agent |
| SEO Content Pipeline | Research keywords, generate briefs, draft articles, track rankings | Ahrefs, Web Search, Notion, Analytics | Research Agent, Brief Agent, Writer Agent |
| Security Alert Triage | Ingest alerts from multiple tools, deduplicate, prioritize, assign to on-call | PagerDuty, Slack, Jira, SIEM API | Ingestion Agent, Triage Agent, Assignment Agent |
| Meeting Follow-ups | Record action items from meetings, assign owners, send follow-up emails, track completion | Google Calendar, Gong, Gmail, Notion | Notes Agent, Follow-up Agent, Tracker Agent |
Second generates dynamic, agent-native software. For each app:
- Scoped tools created per app, for every agent. Agents can never do things you don't want them to do.
- Second is true self-building software. It generates the integrations, connection instructions, and scoped tools.
- Agents never see secrets. Secrets are injected server-side.
agents.json: governed policy as code. Each app has anagents.json. Changes require admin approval via hash verification.- Draft and published are fully separated. Builders iterate freely with mock data. Published apps only run the last approved config.
On top of that, Second handles the hard parts:
| Capability | |
|---|---|
| 🤹 Multi-agent orchestration | Multiple specialized agents per app |
| ⏲️ Long-running async work | Scheduled jobs, periodic research, background tasks |
| 🗃️ Live data persistence | Real-time DB with Change Streams; survives restarts and churn |
Second is designed for enterprise teams that need complete control over what humans and agents can access and do.
Zero-trust architecture for agents. No agent is granted implicit access to anything. Every capability, every data collection, every integration must be explicitly declared, scoped, and approved before an agent can act.
| Feature | Description |
|---|---|
| Agent access control | Capabilities defined in agents.json: approved collections, allowed tools, integration scopes. Changes require admin approval via cryptographic hash verification. Secrets injected server-side; agents never see credentials. |
| Role-based access control | Workspace roles (owner, admin, member) with granular permissions: integrations:manage, members:invite, audit:read. App-level roles for creators and collaborators. |
| Approval flows | Draft/review/publish lifecycle. Platform engineers approve apps, agent configs, and integration grants before anything goes live. |
| Domain-locked tools | Custom HTTP tools locked to declared domains. Private IP access rejected. Agents with org tools such as HubSpot and Slack are blocked from internet access. |
| Audit logs | Every action recorded: app changes, agent tool calls, data writes, access denials, integration usage. Secrets are never stored, only hashes and metadata. |
| Workspace isolation | Complete tenant isolation. Every query scoped to workspaceId. Cross-workspace access returns 404, not 403, to prevent resource enumeration. |
| Subprocess hardening | Infrastructure secrets scrubbed from agent subprocess environments. Linux deployments use bubblewrap sandboxing. CLI runtimes get allowlisted env + private per-app HOME. |
Every app's agent capabilities are declared, version-controlled, and approved:
{
"agents": [
{
"id": "lead-enricher",
"name": "Lead Enricher",
"description": "Enriches leads with public company data",
"systemPrompt": "You are a lead enrichment agent...",
"dataCollections": ["leads"],
"tools": [
{ "type": "builtin", "name": "WebSearch", "enabled": true },
{
"type": "custom",
"name": "hubspot_fetch_contacts",
"integration": { "domain": "hubapi.com" },
"endpoint": {
"method": "GET",
"url": "https://api.hubapi.com/crm/v3/objects/contacts",
"headers": { "Authorization": "Bearer {{secrets.HUBSPOT_PRIVATE_APP_TOKEN}}" }
}
}
]
}
]
}
|
Second runs on your infrastructure: your k8s cluster, your VPC, your rules.
For full environment setup, see the self-hosting docs.
Tip
Need help with security, SSO, deployment, cost management, runtime setup, or SLA support? Contact sales@second.so.
| Component | Requirement |
|---|---|
| MongoDB 8.0+ | Replica set (required for Change Streams) |
| Redis 7+ | Stream resumption, pub/sub, OAuth state |
| Auth provider | External auth (WorkOS or custom) for SECOND_AUTH_MODE=external |
| HTTPS | Reverse proxy with TLS termination |
| Agent runtime credentials | Claude: ANTHROPIC_API_KEY or Bedrock (CLAUDE_CODE_USE_BEDROCK=1 with AWS_BEARER_TOKEN_BEDROCK, AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY, or AWS_PROFILE); Codex: CODEX_API_KEY or OPENAI_API_KEY |
+------------------------------------------------------------------------------+
| Browser |
| App UI, chat, generated app iframe |
+-----------------------------------+------------------------------------------+
|
| REST + SSE
v
+------------------------------------------------------------------------------+
| Web (Next.js) |
| Public entrypoint, auth, workspace guards, API routes, reviews |
| Tool execution, secret resolution, app data, auditability |
+------------------+--------------------------+--------------------------+------+
| | |
| private HTTP + SSE | persistent state | replay + events
| internal auth | Change Streams | OAuth state + locks
v v v
+---------------------------+ +---------------------------+ +------------------+
| Worker (Hono) | | MongoDB Replica Set | | Redis |
| Claude Code, Codex | | workspaces, apps, runs | | stream replay |
| OpenCode, app agents | | app_data, audit logs | | workspace pubsub |
+-------------+-------------+ | integration metadata | +------------------+
| +---------------------------+
|
| internal callbacks
| /api/internal/*
v
+------------------------------------------------------------------------------+
| Web-owned governed layer |
| Tool calls, app-data writes, approvals, tenant boundaries |
| Secrets stay server-side before reaching external systems |
+-----------------------------------+------------------------------------------+
|
| server-side tools
v
+------------------------------------------------------------------------------+
| External systems |
| OAuth providers, APIs, internal services |
+------------------------------------------------------------------------------+
Agents run in the Worker. App-data writes, tool calls, secret resolution, and audit trails go through the Web layer, so the Worker can run agents without becoming the source of truth for permissions or data.
Run Second locally with one command:
npx --yes @second-inc/cli| Platform | Status |
|---|---|
| Apple Silicon Mac (M1-M5) | Available now |
| Intel Mac, Linux, Windows | Coming soon |
CLI Commands
npx --yes @second-inc/cli # Start Second
npx --yes @second-inc/cli stop # Stop all services
npx --yes @second-inc/cli reset # Stop + delete all data
npx --yes @second-inc/cli --port 4000 # Custom port
npx --yes @second-inc/cli --disable-telemetry # No analyticsDevelopment from Source
Prerequisites: Node.js 20+, npm 10+, Docker Desktop
This starts MongoDB + Redis in Docker, and the web + worker processes on your host. Open the URL printed by the script or check .second-dev.txt.
git clone https://github.com/Second-Inc/second.git
cd second
npm run devWe welcome contributions. See CONTRIBUTING.md and the docs for architecture details and development setup. Report security issues privately; see SECURITY.md.
Second is licensed under the Apache License 2.0.