Dyad: The Open Source Alternative to Bolt.new & Lovable

🩺 Vitals

📦 Version: v0.40.0 (Released 2026-03-16)
🚀 Velocity: Active (Last commit 2026-03-19)
🌟 Community: 19.9k Stars · 2.3k Forks
🐞 Backlog: 277 Open Issues

🏗️ Profile

Official: dyad.sh
Source: github.com/dyad-sh/dyad
License: Apache 2.0 (Core) | Source Available (Pro)
Deployment: Desktop App | Docker
Data Model: Local SQLite / Local Files
Jurisdiction: USA (Dyad Tech, Inc.) 🇺🇸 / Global Community 🌐
Compliance: Local-First (BYOK) | No Vendor SOC2
Complexity: Low (1/5) - Desktop Installer / Docker
Maintenance: Low (2/5) - Professional VC-backed startup.
Enterprise Ready: High (4/5) - Local-first architecture enables secure BYOK.

1. The Executive Summary

What is it? Dyad is an autonomous AI coding agent and app builder designed to be a secure, local-first alternative to cloud-hosted tools like Bolt.new, Lovable, or Replit. By running primarily on the developer's local machine and allowing for "Bring Your Own Key" (BYOK) connectivity to models (e.g., Azure OpenAI), it ensures that proprietary code and prompts remain within the organization's secure perimeter.

The Strategic Verdict:

🔴 For Pro/Max SaaS Subscriptions: Caution. Dyad Tech, Inc. does not currently hold a SOC 2 Type II report. Only use their hosted AI credits for non-confidential or public-facing intellectual property.
🟢 For Engineering Governance: Strong Buy (BYOK Mode). By enforcing the use of corporate API keys within Dyad's local-first architecture, organizations can empower developers with autonomous AI capabilities while maintaining 100% data sovereignty and preventing intellectual property leaks.

2. The "Hidden" Costs (TCO Analysis)

Cost Component	Bolt.new (SaaS)	Dyad (Self-Hosted)
User Seat Fee	$20+ /user /month	$0 (Apache 2.0 Core)
Model API Cost	Bundled / Tiered	Direct (Pay-per-token)
Data Security	Cloud Processing Gate	Local (Zero Exposure)

3. The "Day 2" Reality Check

🚀 Deployment & Operations

Installation: Available as a direct desktop application for macOS and Windows, or via Docker for centralized environments. Its "Local-First" design makes it extremely fast and responsive.
Scalability: As a desktop tool, it scales with individual developer productivity. For team-wide coordination, it relies on standard Git/DevOps workflows.

🛡️ Security & Governance

Access Control: Access is managed at the model level via API keys. It does not require a central Dyad account for the core BYOK functionality.
Data Handling: In BYOK mode, prompt data flows directly from the local agent to the model provider (e.g., Azure or Ollama). Dyad Tech, Inc. never touches your source code unless you opt into their hosted Pro services.

4. Market Landscape

🏢 Proprietary Incumbents

Bolt.new / Lovable: Leading the "one-prompt app" category but strictly cloud-hosted, which often presents an insurmountable barrier for enterprise security teams.
Replit Agent: A powerful integrated environment but locks the organization into the Replit ecosystem and data policies.

🤝 Open Source Ecosystem

Cline: A highly popular autonomous coding agent that operates as a VS Code extension, sharing the same local-first, BYOK philosophy.
Appsmith: A powerful open-source low-code platform for building internal tools. Dyad serves as an "agentic" alternative to traditional drag-and-drop building.