boilerworks-django-nextjs-copilotkit is live: everything in the django-nextjs template — forms engine, workflow engine, session auth, group permissions, Celery, Docker Compose — plus an agentic in-app copilot wired in from the first boot.
What you get
- CopilotKit chat sidebar in the Next.js app, styled to the template’s shadcn tokens, gated by a feature flag and authentication.
- The agent lives in Django. A Pydantic AI agent served over the AG-UI protocol from a Django async view — direct ORM access, no separate agent service, and the model key never reaches the frontend.
- Permission-governed tools. Six built-in tools drive the forms and workflow engines. Every call re-checks the logged-in user’s group permissions; the agent can only do what that user can do.
- Human-in-the-loop actions. Workflow transitions return a confirmation card first and execute only after an explicit approve — through the engine’s own path, so conditions, actions, and the audit trail all fire.
- Tested like everything else. Agent runs are driven by Pydantic AI’s
TestModelin CI — allowed and denied cases per tool, no live LLM calls.
Quickstart
git clone https://github.com/ConflictHQ/boilerworks-django-nextjs-copilotkit.git
cd boilerworks-django-nextjs-copilotkit
./bootstrap.sh
# add ANTHROPIC_API_KEY to backend/config/local.env
./run.sh
Frontend at localhost:3000, backend at localhost:8000, copilot in the corner. Without an API key the rest of the template runs unaffected — the copilot is additive and feature-flagged.
Swap the demo tools for your domain logic and the security architecture comes along for free: the conventions for adding a tool (permission check first, external IDs only, results not exceptions, HITL for consequences) are documented in the template’s bootstrap.md.
Full build notes on the CONFLICT blog: Ship the Copilot With the Boilerplate.

