MergeOS is an AI-assisted software maintenance and bounty operating system. A customer funds a project, receives internal project tokens, and MergeOS turns the work into claimable tasks that can be completed by human contributors, AI agents, or hybrid teams.
This repository is the current MergeOS MVP: Go backend, Vue SSR frontend, project funding flow, bounty workspace generation, GitHub issue import, evidence attachments, notifications, admin review, and proof ledger.
scan/ is the public MergeOS Scan explorer for scan.mergeos.shop. It reads the public ledger API and presents MRG token mints, escrow movements, task reserves, payouts, addresses, transaction hashes, and hash-chain proof in a BscScan-style interface.
- App: https://mergeos.shop
- Admin: https://uta.mergeos.shop
- Scan explorer: https://scan.mergeos.shop
- README-INDEX.md: docs map and bounty tracking index.
- BOUNTY-POLICY.md: bounty policy and reward rules.
- Claim Token issue #1: public bounty claim intake.
- The customer registers or logs in.
- The customer creates a new project or imports an existing repository.
- The customer funds escrow through PayPal, crypto, or the local development verifier.
- MergeOS records the funded project, mints internal
MRGtoken credit, and creates a bounty workspace. - The system splits the project into tasks with reward pools, worker type, agent suggestion, and acceptance criteria.
- Contributors claim available work and open PRs with implementation evidence.
- Maintainers review the PR, verify the work, merge valid changes, and release the token reward.
MergeOS currently supports:
- Customer auth with email/password bearer sessions.
- GitHub App login that creates or links a MergeOS account to an MRG wallet.
- Guest MRG wallet creation with BSC-style
0x...addresses from MergeOS Scan. - Two environment modes:
localandproduction. - Project creation with budget, payment method, attachments, and escrow status.
- Local payment verification through
LOCAL-PAID. - PayPal Orders v2 adapter.
- EVM native or ERC-20 receipt verification.
- GitHub open issue import with heuristic scoring.
- GitHub reward aliases. If a worker has not linked a wallet yet, payouts can still target
github:username; once linked, payouts route to the user'swallet:0x...account. - Local git bounty workspaces or GitHub private bounty repos when
GITHUB_TOKENis configured. - Task reward allocation, worker kind, suggested agent type, and acceptance criteria.
- Proof ledger entries with hash chaining.
- SMTP notifications when configured, persisted notification records when SMTP is not configured.
- Admin APIs for users, projects, tasks, attachments, notifications, ledger, and SSL review.
Roadmap items include full AI codebase scanning, task dependency DAGs, automated PR verification, reputation scoring, fraud detection, and automatic real payout execution.
- Backend: Go
net/http - Storage: PostgreSQL when
DATABASE_URLis set, with legacy JSON state fallback for local development - Frontend: Vue 3 + Vite SSR
- Admin: Vue 3 + Vite SSR admin console
- Scan: Vue 3 + Vite static explorer served from
scan.mergeos.shop - Token symbol:
MRGby default throughTOKEN_SYMBOL - Bounty repos: local git under
BOUNTY_ROOT, or GitHub private repos withGITHUB_TOKEN - Payments: local verifier, PayPal, EVM native/ERC-20 verifier
Use Docker Compose for local testing. It starts PostgreSQL, the Go API, the Vue SSR frontend, the admin console, and the Scan explorer with the same wiring used by deployment.
Prerequisites:
- Docker Desktop or Docker Engine with the Compose plugin.
- Local ports
5432,8080,5173,5174, and5175available.
Start everything:
docker compose up --buildOpen:
- Frontend:
http://127.0.0.1:5173 - Admin:
http://127.0.0.1:5174 - Scan explorer:
http://127.0.0.1:5175 - API health:
http://127.0.0.1:8080/api/health - PostgreSQL:
127.0.0.1:5432, databasemergeos_local, usermergeos, passwordmergeos
Local test credentials:
- Admin email:
admin@gmail.com - Admin password:
Admin123 - Local payment reference:
LOCAL-PAID
Useful commands:
# Stop containers but keep local Postgres and uploaded/bounty data volumes.
docker compose down
# Reset all local Docker data and start from an empty PostgreSQL database.
docker compose down -v
docker compose up --build
# Rebuild one service after changing its source.
docker compose up --build backend
docker compose up --build frontend
docker compose up --build admin
docker compose up --build scanIf a host port is already busy, override only the published host port and keep the container port unchanged:
$env:MERGEOS_BACKEND_PORT='18080'
$env:MERGEOS_FRONTEND_PORT='15173'
$env:MERGEOS_ADMIN_PORT='15174'
$env:MERGEOS_SCAN_PORT='15175'
$env:MERGEOS_POSTGRES_PORT='15432'
docker compose up --buildCompose storage:
postgres-data: PostgreSQL data.backend-data: uploaded files, generated bounty repos, and optional legacy JSON import/export path.
The backend runs in MERGEOS_ENV=local, sets DATABASE_URL=postgres://mergeos:mergeos@postgres:5432/mergeos_local?sslmode=disable, disables SSL review calls for local tests, and runs the embedded PostgreSQL migrations automatically on startup.
GitHub App user authorization for local testing is optional. To enable "Continue with GitHub" and wallet linking, create a GitHub App, enable user authorization, and set these before starting Compose:
$env:MERGEOS_GITHUB_APP_ID='your-app-id'
$env:MERGEOS_GITHUB_APP_CLIENT_ID='your-github-app-client-id'
$env:MERGEOS_GITHUB_APP_CLIENT_SECRET='your-github-app-client-secret'
docker compose up --buildFor local callbacks, add these authorization callback URLs to the GitHub App as needed:
http://127.0.0.1:5173/http://127.0.0.1:5175/
Google login is also optional. To enable "Continue with Google", create a Google OAuth client and set these before starting Compose:
$env:MERGEOS_GOOGLE_CLIENT_ID='your-google-client-id'
$env:MERGEOS_GOOGLE_CLIENT_SECRET='your-google-client-secret'
docker compose up --buildFor local Google callbacks, add http://127.0.0.1:5173/api/auth/google/callback.
Manual runs are optional and only useful when debugging one service outside Docker. For normal local testing, use Docker Compose above so PostgreSQL, ports, API proxying, and migrations stay consistent.
Run the backend first:
cd backend
Copy-Item .env.local.example .env.local
go run ./cmd/mergeosThen run the service you are changing:
cd frontend
Copy-Item .env.local.example .env.local
npm install
npm run localAdmin:
cd admin
Copy-Item .env.local.example .env.local
npm install
npm run localScan:
cd scan
Copy-Item .env.local.example .env.local
npm install
npm run devBuild the SSR frontend:
cd frontend
Copy-Item .env.production.example .env.production
npm install
npm run build:productionBuild the admin frontend:
cd admin
Copy-Item .env.production.example .env.production
npm install
npm run buildBuild the scan explorer:
cd scan
Copy-Item .env.production.example .env.production
npm install
npm run buildStart the backend:
cd backend
Copy-Item .env.production.example .env.production
$env:MERGEOS_ENV='production'
go run ./cmd/mergeosStart the SSR frontend:
cd frontend
npm run productionBefore real deployment, set production values in backend/.env.production: ADMIN_PASSWORD, PayPal credentials, crypto verifier settings, GitHub repo settings, SMTP settings, receiver addresses, and SSL review domains. The GitHub deploy workflow builds scan/, serves it statically from nginx, proxies /api/ to the MergeOS backend, and requests certificates for mergeos.shop, uta.mergeos.shop, and scan.mergeos.shop.
Backend examples:
backend/.env.local.examplebackend/.env.production.examplebackend/.env.example
Frontend examples:
frontend/.env.local.examplefrontend/.env.production.example
Admin examples:
admin/.env.local.exampleadmin/.env.production.example
Scan examples:
scan/.env.local.examplescan/.env.production.example
Important backend variables:
MERGEOS_ENV:localorproductionDATABASE_URL: PostgreSQL connection stringMERGEOS_STATE_PATH: legacy JSON state path or import sourceTOKEN_SYMBOL: token label shown by the app, defaultMRGPRIMARY_DOMAIN,ADMIN_DOMAIN,SCAN_DOMAIN: production hostnames, defaulting tomergeos.shop,uta.mergeos.shop, andscan.mergeos.shopPLATFORM_FEE_BPS: platform fee basis pointsDEV_PAYMENT_ENABLEDandDEV_PAYMENT_CODE: local verifierPAYPAL_ENV,PAYPAL_CLIENT_ID,PAYPAL_CLIENT_SECRET: PayPal Orders v2CRYPTO_RPC_URL,CRYPTO_RECEIVER,CRYPTO_ASSET,CRYPTO_TOKEN_CONTRACT: crypto verifierGITHUB_TOKEN,GITHUB_OWNER,GITHUB_OWNER_TYPE: backend runtime values for GitHub bounty repo creation and admin PR merge actionsMERGEOS_GITHUB_TOKEN: Docker Compose and GitHub Actions secret name that maps into backendGITHUB_TOKEN; use a personal access token with repo write access, not the automatic GitHub Actions tokenGITHUB_APP_ID,GITHUB_APP_CLIENT_ID,GITHUB_APP_CLIENT_SECRET: backend runtime values for GitHub App user authorization, login, and MRG wallet linkingMERGEOS_GITHUB_APP_ID,MERGEOS_GITHUB_APP_CLIENT_ID,MERGEOS_GITHUB_APP_CLIENT_SECRET: Docker Compose and GitHub Actions secret names that map into the backend runtime valuesGITHUB_OAUTH_CLIENT_ID,GITHUB_OAUTH_CLIENT_SECRET: legacy backend aliases still accepted for older OAuth configurationGOOGLE_CLIENT_ID,GOOGLE_CLIENT_SECRET: backend runtime values for Google loginMERGEOS_GOOGLE_CLIENT_ID,MERGEOS_GOOGLE_CLIENT_SECRET: Docker Compose and GitHub Actions secret names that map into Google login runtime valuesBOUNTY_ROOT: local child bounty repo rootUPLOAD_ROOT: attachment storage rootSMTP_HOST,SMTP_PORT,SMTP_USERNAME,SMTP_PASSWORD,SMTP_FROM: email notifications
Public:
GET /api/healthGET /api/configGET /api/public/ledgerGET /api/public/marketplacePOST /api/public/repo/issues
Auth:
POST /api/auth/registerPOST /api/auth/loginPOST /api/auth/githubGET /api/auth/mePOST /api/auth/logout
Wallet:
POST /api/walletsGET /api/wallets/{address}POST /api/wallets/link
Customer:
POST /api/payments/paypal/ordersPOST /api/uploadsGET /api/uploads/{id}/downloadPOST /api/projectsGET /api/projectsGET /api/tasksPOST /api/tasks/{id}/acceptGET /api/notificationsGET /api/ledger
Admin:
GET /api/admin/summaryGET /api/admin/usersGET /api/admin/projectsGET /api/admin/tasksGET /api/admin/notificationsGET /api/admin/attachmentsGET /api/admin/ledgerGET /api/admin/sslPOST /api/admin/ssl/review