Ship the Copilot With the Boilerplate
Today we published boilerworks-django-nextjs-copilotkit, the 27th template in the Boilerworks catalogue and the first to ship with an agentic in-app copilot already wired in. It is open source, MIT licensed, and it boots with one command.
The pitch is one sentence: a chat sidebar in your app whose agent lives inside Django, sees your data through your ORM, and can only do what the logged-in user is allowed to do.
The copilot is becoming boilerplate
Every serious business application is about to grow an in-app assistant. Not a support chatbot bolted to the corner of the marketing site — an operator copilot that can answer questions about the data on screen and take actions in the system. The demand is arriving the same way auth, background jobs, and admin panels arrived: first as a differentiator, then as an expectation.
That is exactly the category of problem Boilerworks exists for. When a capability stops being a feature and starts being infrastructure, someone should solve it once, correctly, and let everyone start from there.
The interesting part is that the chat UI is the easy 20 percent. The hard 80 percent is everything around it: how the agent authenticates, what it is allowed to see, how a model-suggested action gets a human’s approval before it executes, and how any of this survives contact with a real permission system. Most copilot demos skip that part. Production does not.
Where the agent lives matters
The standard integration puts the intelligence in a Node service between your frontend and your backend. We put the agent inside Django instead.
The frontend is CopilotKit — the chat surface, generative UI, and human-in-the-loop primitives. It talks over the open AG-UI protocol to a Pydantic AI agent served from a Django async view. The Next.js layer in between is a thin protocol bridge; it holds no intelligence and no model keys.
That placement buys three things:
The agent authenticates like a user. The AG-UI endpoint sits behind the same session middleware as the rest of the API. Anonymous requests are rejected before a single token is spent. There is no service account with god-mode access, because the agent does not have its own identity at all — it borrows yours.
Tools are permission-checked functions, not integrations. The template’s agent ships with six tools wired to infrastructure every Boilerworks app already has: it can list and draft form definitions in the forms engine, inspect workflow states, and execute workflow transitions. Every tool re-checks the calling user’s group permissions before touching anything, and returns “permission denied” as data the model can explain rather than an exception that kills the run.
Consequential actions wait for a human. When the agent wants to execute a workflow transition, the first call returns a description of what would happen — nothing changes. The frontend renders an approve/deny card. Only an explicit approval sends the confirmed call, which then runs through the workflow engine’s own path so conditions, notifications, and the audit trail all fire. The transition log does not know a model was involved.
What “pre-wired” means
git clone, ./bootstrap.sh, ./run.sh, add an Anthropic API key. The stack that comes up is the full django-nextjs template — forms engine, workflow engine, session auth, group permissions, Celery, Docker Compose — plus a copilot button in the corner that already knows about all of it.
Swap the demo tools for your domain logic and the security architecture comes along for free. The pattern for adding a tool is a page of documented convention: permission check first, external IDs only, results not exceptions, human-in-the-loop for anything with consequences.
Why open source, again
We covered the strategy in Why We Open Source Our Best Work. The short version applies unchanged: claims about engineering capability are cheap, and repositories are not. This template is what we mean when we say AI-native application development — not a model bolted onto a product, but agency designed into the same permission system that governs every other actor.
The code is public, the history is clean, and the CI you can inspect runs the same suites we ran. If you build something with it, we would genuinely like to see it.
Start here: boilerworks.ai · the template on GitHub

