Bimo — Streaming AI Chat Workspace

Bimo is an ultra-premium, privacy-first, open-source streaming AI chat workspace. Built to rival frontier flagship interfaces, it features a dual-engine orchestration layer—supporting high-speed coding (Stanza) and complex multi-step reasoning (Nexos).

Powered by the best NVIDIA-hosted open models, Bimo uses Supabase as a fully isolated backend store (Auth + Postgres + Storage) and a blazing fast Python/Flask streaming gateway deployed on Render.

View the GitHub Repository

---

• Frontend — plain HTML / CSS / JavaScript (no framework, no build step)
• Backend — Flask gateway hosted on Render (gunicorn)
• Auth — Supabase Google OAuth (no passwords)
• Database — Supabase Postgres with row-level security per user
• Storage — Supabase Storage (private bucket, signed URLs)
• Inference — NVIDIA AI Foundation endpoints (OpenAI-compatible)
• Streaming — Server-Sent Events end-to-end (token-by-token)

---

Features

• Google sign-in via Supabase — single-click OAuth, no passwords
• Streaming chat — tokens render live; markdown + syntax-highlighted code
• Per-chat model picker — switch between Llama 3.3 70B, Llama 3.1 405B, Llama 3.2 90B Vision, Nemotron 70B, DeepSeek R1, Mixtral 8x22B, and more
• Per-chat persona — override the system prompt per conversation
• Image attachments — uploaded to Supabase Storage and passed to vision models as OpenAI-style image content parts
• Structured feedback — 1–5 rating, correctness, length per message
• Analytics dashboard — live summary, breakdown bars, downloadable PNG chart of the rating distribution
• Settings — backend URL, Supabase project, integrations, profile
• Responsive — drawer sidebar on mobile, persistent sidebar on desktop

---

Architecture

Browser ──Google OAuth──▶ Supabase Auth ──JWT──▶ Browser
   │
   │  Authorization: Bearer <jwt>
   ▼
Flask gateway (Render) ──verify JWT──▶
   │
   ├── Supabase Postgres (RLS, service-role)
   ├── Supabase Storage (signed URLs)
   └── NVIDIA chat-completions (SSE) ──stream tokens──▶ Browser

The browser never touches Supabase data directly: all reads/writes go through the Flask gateway, which validates the Supabase JWT (HS256, SUPABASE_JWT_SECRET) and then uses the Supabase service role key to operate on the user's rows. RLS policies in backend/migrations/0001_init.sql mean a leaked anon key can never read another user's data.

---

Project structure

fyp/
├── backend/
│   ├── app/
│   │   ├── main.py             Flask gateway (routes + SSE streaming)
│   │   ├── auth.py             Supabase JWT verification
│   │   ├── store.py            Supabase Postgres + Storage data layer
│   │   ├── supabase_client.py  service-role admin client
│   │   ├── nvidia_client.py    NVIDIA chat-completions client
│   │   └── analytics.py        pandas / matplotlib reports
│   ├── migrations/
│   │   └── 0001_init.sql       Postgres schema + RLS + Storage bucket
│   ├── tests/test_bimo.py      smoke tests (health + auth gating)
│   ├── requirements.txt
│   ├── pytest.ini
│   ├── Procfile                gunicorn entrypoint for Render
│   └── .env.example
├── frontend/
│   ├── index.html              single-page shell
│   ├── css/styles.css          design system + markdown / hljs styles
│   ├── assets/favicon.svg
│   └── js/
│       ├── main.js             entry + route table
│       ├── router.js           hash router
│       ├── auth.js             Supabase Auth integration
│       ├── supabaseClient.js   browser-side Supabase client
│       ├── api.js              fetch wrapper + streamChat (SSE)
│       ├── config.js           runtime backend / Supabase overrides
│       ├── icons.js            inline SVG icons (Lucide subset)
│       ├── app-shell.js        sidebar + layout shared by app pages
│       ├── components/         avatar, logo, message, feedback, toast,
│       │                       markdown, model-picker, sidebar, …
│       └── pages/              landing, chat, analytics, settings, not-found
├── render.yaml                 Render Blueprint (backend service)
└── README.md

---

Setup

1. Create a Supabase project

1. Go to app.supabase.com and create a new project.
2. Open SQL editor and run backend/migrations/0001_init.sql.
3. Open Authentication → Providers → Google and enable it.
   • Create OAuth credentials at Google Cloud Console.
   • Add the redirect URI shown by Supabase (e.g. https://<project>.supabase.co/auth/v1/callback).
   • Paste the client ID and client secret back into Supabase.
4. From Settings → API copy:
   • Project URL → SUPABASE_URL and the frontend supabaseUrl
   • anon public key → frontend supabaseAnonKey (safe in browser)
   • service_role key → SUPABASE_SERVICE_ROLE_KEY (server-only)
   • JWT secret → SUPABASE_JWT_SECRET

2. Get an NVIDIA API key

Create one at build.nvidia.com and copy it to NVIDIA_API_KEY on the backend.

3. Run the backend locally

cd backend
python -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
cp .env.example .env       # then fill in the Supabase + NVIDIA values
python -m app.main         # http://localhost:8000

/health should return {"status":"ok","store":"supabase","model_provider":"nvidia"}.

4. Run the frontend locally

The frontend is static, so any HTTP server works:

cd frontend
python -m http.server 5500

Then open http://localhost:5500. On first visit, go to Settings → Environment, paste your Supabase project URL + anon key (and, if not running the backend on :8000, your backend URL), save, and sign in with Google.

For zero-config production, hard-code the defaults in frontend/js/config.js before deploying.

---

Deploy the backend on Render

1. Push this repo to GitHub.

2. In Render, click New → Blueprint and pick the repo. Render reads render.yaml and provisions a bimo-backend web service.

3. Open the service → Environment and set:

   Var	Value
   SUPABASE_URL	from Supabase API settings
   SUPABASE_SERVICE_ROLE_KEY	from Supabase API settings (server-only)
   SUPABASE_JWT_SECRET	from Supabase API settings
   NVIDIA_API_KEY	from build.nvidia.com
   CORS_ORIGINS	your frontend origin (e.g. https://bimo.app)

4. Trigger a deploy. The service launches via gunicorn (see Procfile).

5. Update the frontend config.apiUrl to your Render URL.

---

Deploy the frontend

The frontend is a static folder — drop frontend/ on Netlify, Vercel, Cloudflare Pages, or any static host. Make sure frontend/js/config.js points at your Render backend and Supabase project, or rely on the in-app Settings → Environment override.

---

Testing

cd backend
pytest -q

tests/test_bimo.py is a smoke suite — it boots the Flask app, hits /health, and asserts that protected routes return 401 without a JWT. The full integration suite (real Supabase + NVIDIA) lives outside this repo.

---

Conventions and code style

• Plain ES modules in frontend/js/; no bundler, no transpiler.
• Markdown rendering via marked + marked-highlight + highlight.js, loaded from esm.sh (see frontend/js/components/markdown.js).
• Backend follows a thin gateway pattern: auth.py validates JWTs, supabase_client.py wraps the service-role client, store.py is the data layer, nvidia_client.py is the inference client, main.py only wires routes.

---

License

This project is licensed under the MIT License.