# Show HN: Instant live endpoints your front end needs, from natural language > Source: > Published: 2026-06-15 08:21:48+00:00 Give your app exactly the data it needs — before your backend exists. Describe whatever endpoint your app in natural language, drop in an OpenAPI spec — Zero-1 spins up live REST endpoints with realistic seeded data, full CRUD, and FK relationships. Tracks denormalized copies, propagates schema changes across existing data, and warns before a change would break a reference. Pair it with Claude Code to become an execution layer — all AI reasoning happens in your session, Zero-1 handles data, routing, and state locally. Export the schema when you're ready for your agent to build a working backend. ``` ❯ I'm building a marketplace, I need sellers, products under /sellers/:id/products, and reviews under /products/:id/reviews. seed it heavy, like 5000 products and 10k reviews. gate writes with Bearer auth. 3 resources · 15100 records · sellers 100 records · products 5000 records path: /sellers/:sellerId/products · reviews 10000 records path: /products/:productId/reviews ↳ products.sellerId → sellers.id ↳ reviews.productId → products.id header guard: POST|PUT|PATCH|DELETE * — Authorization: Bearer required ``` ## z1-demo.mp4 From source: ``` git clone https://github.com/thomscoder/zero-1 && cd zero-1 ANTHROPIC_API_KEY=sk-ant-... bun run cli.ts # → http://localhost:7777 + z1 › REPL ``` Or install the CLI: ``` curl -fsSL https://raw.githubusercontent.com/thomscoder/zero-1/main/scripts/install.sh | sh ``` Run Zero-1 as an HTTP server. Describe scenarios in the REPL or via API. One AI call per intent — schema parsing only. All data generation, CRUD, filtering, and graph tracking run locally with zero API calls. ``` z1 # start + REPL z1 --model gpt-4o # use a specific model ANTHROPIC_API_KEY=sk-ant-... bun run cli.ts ``` Zero-1's primary mode. Claude Code IS the AI. Zero-1 executes. ``` z1 launch claude z1 launch claude --model claude-opus-4-6 ``` Starts the Zero-1 server and spawns Claude Code with the MCP pre-wired. Claude Code handles all reasoning and schema decisions. Zero-1 receives structured plans and executes them locally — **zero redundant AI calls**. Every token in your Claude Code session does actual work. Export your Zero-1 schema as a working production backend. ``` z1 export --scaffold hono --out ./my-app # generate from .z1/state.json z1 patch hono # sync changes (last-write-wins) ``` Or from the REPL: ``` z1 › .export --scaffold hono z1 › .patch hono ``` Generates a complete Hono project: typed routes, in-memory data seeded with real records, TypeScript interfaces, and a `/sync` slash command for Claude Code. When your real backend is ready, the scaffold is the spec. Load a real provider's API shape instantly — no spec hunting, no key required: ``` # List available presets GET /__generate/import/preset # Load Stripe (customers, products, prices, payment intents, subscriptions at /v1/* paths) POST /__generate/import/preset { "provider": "stripe" } # Load GitHub (users, repos, issues at /api/v3/* paths + OAuth pre-configured) POST /__generate/import/preset { "provider": "github" } ``` Available: `github` · `google` · `stripe` · `linkedin` · `shopify` Each preset loads the correct real-world endpoint paths, realistic field shapes, and a pre-configured OAuth flow for that provider. Point Zero-1 at any OpenAPI 3.x or Swagger 2.0 spec — URL or raw JSON: ``` POST /__generate/import/openapi { "url": "https://petstore3.swagger.io/api/v3/openapi.json" } # or { "spec": { ...raw spec object... } } ``` Handles `$ref` resolution (recursive), `allOf` merges, `oneOf` /`anyOf` variants, and any path depth. Data is generated locally from the schema — no AI call. One description (or import) registers all resources with full CRUD — `GET` , `POST` , `PUT` , `PATCH` , `DELETE` . IDs are auto-incremented. FK references are always valid (data generated in dependency order). Filter, search, sort — all query params, stackable: ``` GET /posts?role=admin&q=launch&sort=likes:desc&limit=10 ``` Resources can live at any URL shape: ``` /api/v1/users /payments/:paymentId/invoices /orgs/:orgId/teams/:teamId/members ``` Named segments (`:param` ) become FK equality filters on GET collection and are auto-populated on POST. The item ID is always the trailing segment: `GET /payments/42/invoices/7` . "...when an order is created, subtract quantity from product stock. when stock hits 0, flip status to out_of_stock." Describe side-effect logic inline. Supported operations: increment/decrement a field, set a value. Triggers fire synchronously on every matching mutation. "...add a views counter, rename likes to reactions, drop published. require X-API-Key on write requests." Zero-1 sends only the schema to the AI (never the records), applies the diff, and backfills existing data locally. Added fields get context-aware generated values. Renamed fields preserve their values. "...cursor-based, 20 per page, use`after` as cursor param,`edges` for data array" Configure the envelope your real API will produce. Zero-1 matches it. Supports page, offset, and cursor styles with customisable param names and response shapes. "...require X-API-Key on all write requests to posts. inject X-Request-Id into every response." Per-resource request guards and response header injection. Your frontend gets real 401s and real rejection bodies — no auth server needed. "...authorization code flow with PKCE. scopes: read, write, admin. JWT tokens, 1 hour expiry." Full mock OAuth 2.0 / OIDC provider. Registers authorization, token, revoke, introspect, userinfo, and discovery endpoints. Per-client scope enforcement. Token signing via Web Crypto API (HS256) — no JWT library. "...30% error rate on POST /orders and 500ms–2s latency on all requests" ``` { "resource": "orders", "method": "POST", "errorRate": 0.3, "errorCode": 503 } { "resource": "*", "method": "*", "latency": { "min": 200, "max": 800 } } { "resource": "users", "rateLimit": { "requests": 10, "windowSeconds": 60 } } ``` Zero-1 maintains a live graph of every resource — FK edges, denormalized copies, observed field types. **Write-through propagation** — every `PATCH` /`PUT` walks the provenance graph and updates denormalized copies automatically. **Impact analysis** — before applying a schema change, ask what breaks: "What breaks if I switch the plan id to a string slug?" Returns which FK references would stop resolving and which denormalized copies would go stale. Via MCP this is part of the natural workflow; via the API it's `POST /__generate/graph/analyze` . Add two-factor authentication to any resource inline: "...users with 2FA on login. OTP expires in 5 minutes." Zero-1 registers `POST /users/login` and `POST /users/verify` endpoints. OTP codes are cryptographically random, 6-digit, single-use. Inspect pending codes at `GET /__generate/2fa/pending` . "...each user should only see their own posts" Per-resource per-user data isolation using JWT claims. Collection GETs filter automatically, item GETs return 403 for wrong owner, POSTs auto-set the owner field from the token. Zero-1 exposes its full surface as MCP tools for Claude Code and other AI agents. Manual setup (if not using `z1 launch claude` ): ``` // .claude/mcp.json { "mcpServers": { "zero-1": { "command": "bun", "args": ["run", "/path/to/zero-1/mcp.ts", "--url", "http://localhost:7777"] } } } ``` Tools include: `create_scenario` , `evolve_schema` , `get_schema` , `list_resources` , `inspect_graph` , `analyze_impact` , `configure_headers` , `configure_oauth` , `configure_pagination` , `add_chaos` , `snapshot` , `reset` , `export_openapi` , `get_2fa_codes` , and more. **Zero-waste architecture**: every tool that normally triggers an AI call accepts a structured bypass. When called from Claude Code, Zero-1 skips its own AI calls entirely — Claude Code produces the plan, Zero-1 executes it. One AI session. No overhead. Zero-1 is bring-your-own-key. One AI call per intent — schema parsing only. Everything else is local. ``` # Anthropic (default) ANTHROPIC_API_KEY=sk-ant-... bun run cli.ts # OpenAI or any compatible endpoint AI_PROVIDER=openai OPENAI_API_KEY=sk-... bun run cli.ts # Ollama (local, no key needed) AI_PROVIDER=ollama bun run cli.ts ``` | Variable | Default | Description | |---|---|---| `AI_PROVIDER` | `anthropic` | `anthropic` , `openai` , or `ollama` | `AI_MODEL` | provider default | Override the model (e.g. `gpt-4o` , `llama3.2` , `claude-opus-4-6` ) | `ANTHROPIC_API_KEY` | required for anthropic | Your Anthropic key | `OPENAI_API_KEY` | required for openai | Your OpenAI key | `OPENAI_BASE_URL` | `https://api.openai.com/v1` | Base URL for OpenAI-compatible APIs | `OLLAMA_BASE_URL` | `http://localhost:11434` | Base URL for Ollama | `API_KEY` | — | Protect `/__generate/*` meta endpoints with Bearer auth. CRUD routes unaffected. | `PORT` | `7777` | HTTP port | CLI flags: ``` z1 [--key sk-ant-...] [--port 7777] [--model claude-opus-4-6] [--web] ["inline prompt"] z1 launch claude [--port 7777] [--model claude-opus-4-6] ``` | Method | Path | Description | |---|---|---| `POST` | `/__generate/scenario` | Create resources from a description or structured plan | `GET` | `/__generate/resources` | List all resources with schemas and record counts | `DELETE` | `/__generate/resources` | Delete all resources | `DELETE` | `/__generate/resources/:name` | Delete a specific resource | `GET` | `/__generate/schema/:name` | Raw ParsedField[] schema for a resource | `POST` | `/__generate/evolve` | Evolve a resource's schema | `POST` | `/__generate/pagination` | Configure pagination for a resource | `POST` | `/__generate/snapshot` | Save a snapshot | `POST` | `/__generate/reset` | Restore from last snapshot | | Method | Path | Notes | |---|---|---| `GET` | `/:name` | `?field=val` , `?q=term` , `?sort=field:asc` , `?explain=true` | `POST` | `/:name` | ID auto-assigned | `GET` | `/:name/:id` | | `PUT` | `/:name/:id` | Full replace | `PATCH` | `/:name/:id` | Partial update | `DELETE` | `/:name/:id` | Returns 204 | Custom paths (e.g. `/payments/:paymentId/invoices` ) work identically — named segments filter by FK equality. | Method | Path | Description | |---|---|---| `POST` | `/__generate/oauth/configure` | Configure from description or structured OAuthConfig | `GET` | `/__generate/oauth/status` | Config + token stats | `GET` | `/__generate/oauth/authorize` | Authorization endpoint (auto-approves, 302 redirect) | `POST` | `/__generate/oauth/token` | Token endpoint (auth_code, client_credentials, refresh) | `POST` | `/__generate/oauth/revoke` | RFC 7009 revocation | `POST` | `/__generate/oauth/introspect` | Token introspection | `GET` | `/__generate/oauth/userinfo` | OIDC userinfo (Bearer token required) | `GET` | `/__generate/oauth/.well-known/openid-configuration` | OIDC discovery | `GET` | `/__generate/oauth/.well-known/jwks.json` | JWKS | | Method | Path | Description | |---|---|---| `GET` | `/__generate/graph` | Full graph dump (resources, FK edges, provenance edges) | `POST` | `/__generate/graph/analyze` | `{ resource, fields, typeChange? }` → impact report | | Method | Path | Description | |---|---|---| `POST/GET/DELETE` | `/__generate/chaos` | Add / list / clear chaos rules | `DELETE` | `/__generate/chaos/:id` | Remove a specific rule | `GET/DELETE` | `/__generate/triggers` | List / clear triggers | `DELETE` | `/__generate/triggers/:id` | Remove a specific trigger | `POST` | `/__generate/headers/configure` | Configure header guards | `GET/DELETE` | `/__generate/headers` | List / clear header rules | `DELETE` | `/__generate/headers/:id` | Remove a specific rule | `POST/GET/DELETE` | `/__generate/scoping` | Add / list / clear JWT scoping rules | `GET` | `/__generate/2fa/pending` | Inspect pending OTP codes | `DELETE` | `/__generate/2fa` | Clear all OTP codes | `GET` | `/__generate/log` | Request log (newest first, max 500) | `DELETE` | `/__generate/log` | Clear log | `GET` | `/__generate/export` | Export global state as JSON | `POST` | `/__generate/import` | Restore global state from JSON | `GET` | `/__generate/openapi` | Export as OpenAPI 3.0.3 | `POST` | `/__generate/import/openapi` | Import from OpenAPI/Swagger spec (URL or raw JSON) | `GET` | `/__generate/import/preset` | List available provider presets | `POST` | `/__generate/import/preset` | Load a provider preset (`{ "provider": "github" }` ) | `http://localhost:7777/__generate` — create scenarios, browse and edit records, test OAuth flows, manage chaos rules, view the live request log, export/import state. ``` bun test ``` [Bun](https://bun.sh)runtime- An AI provider key ( `ANTHROPIC_API_KEY` ,`OPENAI_API_KEY` , or Ollama running locally) - For `z1 launch claude` :[Claude Code](https://claude.ai/claude-code)installed