A3lix

The weird little agent that texts your clients back with a deploy link.

What it does

A3lix is an open-source AI Agent CMS for any Jamstack/static site. Learn more at a3lix.com.

Your clients simply text the agent on Telegram (or email):

"Add a new blog post about our schnitzel menu" "Redesign the footer and change the brand color to orange" "Create a new /menu page with photos"

A3lix understands the request, edits the actual code in GitHub, and lets the requester confirm the deployment with a simple YES/NO choice.

Works with Next.js, Astro, SvelteKit, Hugo, Eleventy, Remix, Gatsby, Nuxt — basically any static/Jamstack site that lives in GitHub.

No CMS dashboard. No logins. No more "Felix fix this real quick" messages ever again.

How it works

Client texts a request to your Telegram bot (e.g. "Change the hero headline to Summer Sale is Here")
Telegram forwards the message to your Cloudflare Worker via webhook
The Worker authenticates the sender, enforces rate limits, and validates the request against the allowed-paths guardrails
AI parses the request and determines which file(s) need to change and what the new content should be
The worker stores the proposed changes and asks the requester to confirm with YES or NO
If they reply YES, A3lix commits directly to the base branch and Cloudflare Pages deploys the changes
If they reply NO, the request is cancelled and no changes are made
Deployment notification is sent back with the live site URL once changes are deployed

Quick Start

npx a3lixcms@latest init

This interactive CLI will walk you through the entire setup in under 5 minutes:

Answer the prompts — project name, GitHub repo, Telegram bot token, Cloudflare Pages project name
A3lix generates your agent.json config file and worker/.dev.vars secrets file
Deploy the worker with npm run deploy (or let the CLI do it for you)
Register the Telegram webhook — the CLI does this automatically
Text your bot to confirm it's alive: "Hey, what site is this?"

💡 Tip: Run npx a3lixcms@latest update at any time to pull the latest worker code without touching your agent.json or secrets.

Prerequisites

Before running npx a3lixcms@latest init, make sure you have:

Cloudflare account — free tier is fine; KV must be enabled
GitHub repo — a public or private repo running Next.js or Astro (other frameworks coming in v1.2)
Telegram bot token — create a bot via @BotFather and copy the token
Cloudflare Pages project — see Connect GitHub to Cloudflare Pages below
xAI API key — get one from x.ai for Grok AI (default provider)
Node.js ≥ 18 installed locally (only needed to run the setup CLI)

Connect GitHub to Cloudflare Pages

A3lix relies on Cloudflare Pages to automatically deploy your site when changes are pushed to the main branch. Here's how to set that up:

Go to the Cloudflare dashboard → dash.cloudflare.com → Workers & Pages
Click Create application → Pages → Connect to Git
Authorize Cloudflare to access your GitHub account (one-time OAuth)
Select your repository (e.g. a3lix/my-site) and click Begin setup
Configure your build settings:
- Framework preset: select Astro or Next.js (matching your project)
- Build command: e.g. npm run build (auto-filled for most presets)
- Build output directory: e.g. dist for Astro, .next for Next.js
Click Save and Deploy — Cloudflare will build and deploy your main branch
Note the project name shown at the top of the Pages project page (e.g. my-site) — you will need this when running npx a3lixcms@latest init

✅ Production deployments happen automatically. When A3lix pushes changes to your main branch, Cloudflare Pages will rebuild and deploy your site within 2-5 minutes.

💡 Tip: You can monitor deployment status in your Cloudflare Pages dashboard.

Configuration

After running npx a3lixcms@latest init, an agent.json file will be created in your project root. Never commit this file — it is already in .gitignore.

Field	Type	Description
`project.name`	`string`	Display name shown in bot replies
`project.repo`	`string`	GitHub repo in `owner/name` format
`project.branch`	`string`	Production branch (usually `main`)
`project.framework`	`"astro" \| "nextjs"`	Used to resolve content paths correctly
`bot.platform`	`"telegram"`	Messaging platform (only Telegram in v0.1)
`bot.ownerChatId`	`string`	Your Telegram chat ID — receives notifications
`ai.provider`	`string`	AI provider: `grok`, `workers-ai`, `openai`, `claude`, `groq`, `gemini`
`ai.model`	`string`	Model identifier for the chosen provider
`ai.apiKey`	`string`	API key — required for all providers except `workers-ai`
`paths.allowed`	`string[]`	Paths the agent is permitted to modify
`roles.editors`	`string[]`	Telegram chat IDs of editors (can request changes)
`roles.viewers`	`string[]`	Telegram chat IDs of viewers (read-only status)
`limits.changesPerUserPerDay`	`number`	Max change requests per user per 24 h
`cloudflare.pagesProjectName`	`string`	Cloudflare Pages project name (from your dashboard)
`cloudflare.customDomain`	`string`	Custom domain for your Pages project (optional, falls back to pages.dev)

User Roles

A3lix has three user roles enforced at the Worker level. Role membership is defined by Telegram Chat ID in agent.json.

Role	Who	What they can do
Owner	The site owner (you)	View audit log, access all commands, manage roles via `/addeditor` and `/addviewer`
Editor	Trusted clients / team members	Request content changes and confirm deployments with YES/NO
Viewer	Stakeholders / read-only observers	Query current content (`/status`), receive deployment notifications — cannot request changes

Security

A3lix is designed with defence-in-depth: path guardrails prevent modifications outside src/content, src/pages, public, and tailwind.config.* by default, and a destructive-keyword blocklist blocks requests containing patterns like rm -rf, drop, .env, or process.env. The YES/NO confirmation step allows users to review changes before deployment.

See docs/SECURITY.md for the full threat model, GitHub token scoping requirements, rate limiting details, audit log format, and the pre-launch security checklist.

Supported AI Providers

A3lix ships with xAI Grok as the default — excellent content generation with good context understanding. Other options available:

Provider	`ai.provider` value	Notes
xAI Grok (default)	`grok`	Requires `AI_API_KEY` secret; model e.g. `grok-2-latest`
Workers AI	`workers-ai`	Free tier included; model: `@cf/meta/llama-3.3-70b-instruct-fp8`
OpenAI	`openai`	Requires `OPENAI_API_KEY` secret; model e.g. `gpt-4o`
Anthropic Claude	`claude`	Requires `AI_API_KEY` secret; model e.g. `claude-3-5-sonnet-20241022`
Groq	`groq`	Requires `AI_API_KEY` secret; model e.g. `llama-3.3-70b-versatile`
Google Gemini	`gemini`	Requires `AI_API_KEY` secret; model e.g. `gemini-2.0-flash`

To switch providers, update ai.provider and ai.model in agent.json, add the API key via wrangler secret put AI_API_KEY, then redeploy.

💡 Default: A3lix uses xAI Grok by default. The model provides excellent content generation capabilities with good context understanding.

Roadmap

Version	Status	What's in it
v0.1 — MVP	✅ Completed	Telegram webhook, Workers AI, GitHub direct deployment, Cloudflare Pages integration, KV rate limiting, path guardrails
v1.1 — Email Workers	📋 Planned	Inbound email via Cloudflare Email Workers as an alternative to Telegram
v1.2 — Vercel / Netlify Deployers	📋 Planned	Pluggable deployer interface; first-class support for Vercel and Netlify deployments
v2.0 — Vision & Screenshots	💡 Idea	Multimodal AI: clients can send a photo of a design mock-up or a screenshot of a bug and the agent acts on it

Contributing

Contributions are welcome and appreciated! To get started:

Fork the repo and create a feature branch: git checkout -b feat/my-feature
Make your changes — please keep commits focused and descriptive
Run npm run lint and npm run build to make sure everything passes
Open a Pull Request against main with a clear description of what and why

Please read the Code of Conduct before contributing. For security vulnerabilities, see the responsible disclosure section in docs/SECURITY.md — do not open a public issue for security bugs.