Loading...
What is AppSpec?
The Document Model that makes AI code gen enterprise-safe
AI is great at creativity. It's terrible at consistency. AppSpec solves this by separating what to build (AI-generated JSON spec) from how to build it (deterministic templates). Language agnostic. Database agnostic. Every generated app compiles, passes validation, and follows your organization's security patterns — because templates enforce them, not luck.
AI for Creativity
The LLM designs your app's data model, relationships, and endpoints as a validated JSON document. No code, no hallucinations.
Templates for Safety
Deterministic Jinja2 templates enforce pinned dependency versions, auth patterns, Docker configs, and security best practices.
Stack Agnostic
Same spec targets Python or TypeScript, MongoDB or PostgreSQL. Switch stacks without rewriting your app definition.
Try:
Language
Database
Python + FastAPI
AppSpec JSON
MongoDB
Warming up the AI engine...
0%
Pipeline
Your app is ready
0 files generated
Thesis: The Document Model is the missing piece that makes AI code generation enterprise-safe. Today's vibe-coding tools let AI write code directly — fast, creative, and dangerously inconsistent. AppSpec introduces a structured contract between AI and your codebase:
AI = Creativity
The LLM designs your app as a validated JSON document — entities, relationships, auth, endpoints. It never writes a line of code.
Templates = Control
Deterministic Jinja2 templates enforce your org's dependency versions, security patterns, Docker configs, and coding standards. Same spec → same output.
Language agnostic. Database agnostic. The spec is the source of truth — not the generated code. Version-control the spec, diff it, review it, regenerate against new templates when standards evolve.
FAQ
Why not just let AI write the code directly?
Because AI-generated code is non-deterministic. Two prompts for the same app produce different dependency versions, different auth patterns, different error handling. In an enterprise, you need consistency: every service uses the same bcrypt version, the same JWT flow, the same Docker base image. Templates guarantee this. AI picks the what; your engineering team controls the how.
Why is a JSON Document the right shape for this?
JSON is the native output format of every major LLM. It's also the native document format of MongoDB, and the natural wire format for REST APIs. By choosing a JSON document as the spec format, AppSpec sits naturally at the intersection of AI (generation), storage (document database), and deployment (API contracts). The same spec targets Python + MongoDB, TypeScript + PostgreSQL, or any future stack — because the spec is the abstraction layer.
How does this relate to SKILL.md / Agent Skills / MCP?
They're complementary layers. A SKILL.md teaches an AI agent how to think (e.g. MongoDB schema design rules, ESR indexing, embed-vs-reference heuristics). AppSpec encodes what to build as a validated, deterministic contract. Skills improve the AI's creative output; AppSpec's validation pipeline catches anything the AI misses; templates enforce everything the enterprise requires. Three layers, zero gaps.
What does "enterprise-safe" actually mean here?
It means the generated code is auditable (spec is diffable and version-controlled), consistent (templates pin dependency versions and enforce auth/RBAC patterns), reproducible (same spec → same output, every time), and evolvable (update the templates when security standards change, regenerate all services). The AI never touches your production patterns — it only proposes a data model.
What stacks and databases are supported?
Python + FastAPI and TypeScript + Express, each with MongoDB or PostgreSQL. Every generated project includes a Dockerfile, docker-compose.yml, seed data, JWT auth with RBAC, ESR-optimized indexes, $jsonSchema validation, and a Tailwind CSS admin UI. Adding a new stack is pluggable — write a Jinja2 template set and register it as a target.
Can I edit the spec and regenerate?
Yes — that's the whole point. The spec is version-controlled, human-readable JSON. Change a field type, add an entity, toggle auth, switch databases — then regenerate. You get a new, consistent codebase that reflects exactly what the spec says. This is spec-driven development: the document is the contract, the code is derived.