Make_Skills
Make_Skills
Concepts

Two modes — self-host and hosted

The dual-mode commitment. What stays the same and what differs across self-host and hosted-multitenant deployments.

Make_Skills runs in two deployment modes. The codebase, commands, and architecture are the same; auth and tenant-scoping differ.

The commitment

Two-mode commitment (2026-04-28): Every change considers both deployment modes (self-host and hosted-multitenant), with documentation and tests for both.

Captured as ADR-002. Enforced via the four-question PR template in CONTRIBUTING.md.

What's the same

Both modes run the same Docker stack: same FastAPI, Postgres, LanceDB, skills, subagents, UI. The repo has one platform/ directory, not separate self-host and hosted variants.

What's different

Self-hostHosted-multitenant
Who runs the stackThe user, locally or on their VPSLiz, on humancensys.com
AuthNone — single userOAuth (provider TBD — Pillar 0 open question)
Data isolationTrivial — one usertenant_id column on every personal-toolkit row, scoped queries everywhere
API keysUser's own keys in their .envUser brings their own keys (BYO)
CostUser pays compute + their inferenceLiz pays infra; user pays their inference
VisibilityLocalhost only (or Tailscale-shared)Public via humancensys.com
Other usersn/aShared infrastructure, isolated data, optional public commons

Mode detection

A single env var:

PLATFORM_MODE=self_host        # or "multitenant"

platform/api/auth.py (when implemented) reads this at startup and selects the auth backend. Tenant-aware code calls get_current_tenant(); in self-host mode it returns "default", in hosted it returns the auth-derived value.

What this means for contributors

Every PR is reviewed against four questions:

  1. What changes for a self-host user?
  2. What changes for the hosted-multitenant deployment?
  3. Tests: unit + integration for both modes (at minimum: a test with tenant_id="default" AND a test with a synthetic non-default tenant_id verifying isolation)
  4. Docs: the relevant doc explains how the change appears in both modes

Anti-patterns rejected:

  • Hardcoded paths or queries without tenant scoping (outside the no-auth self-host path)
  • "Multi-tenancy can come later" — once data is being written without scoping, retrofitting is a migration nightmare
  • Tests that only exercise one mode

Open work

Hosted-multitenant is not yet wired. Tracked under Pillar 0:

  • Tenant abstraction (tenant_id column, scoped queries, isolation tests)
  • Auth interface (NoAuthBackend + stub OAuthBackend)
  • Config loader abstraction (filesystem ↔ multi-tenant config store)
  • Mode-aware startup wiring PLATFORM_MODE

Self-host runs end-to-end today.

What's next

  • Architecture — the layered model that makes both modes possible
  • Contributing — the four-question discipline in detail

Model providers

Each subagent picks its own model. Anthropic, OpenAI, Google, Hugging Face, Together, Groq, or local Ollama.

On this page

The commitmentWhat's the sameWhat's differentMode detectionWhat this means for contributorsOpen workWhat's next