Open source vibe coding tool and AI website builder with a self-hosted default setup.
CodeRocket is an open source vibe coding tool and AI website builder that can run as:
- a self-hosted open source app,
- a local development stack with the integrated
builder, - or the managed CodeRocket cloud at coderocket.app.
This repository is now structured so the default path is self-hosting first. Cloud-only integrations such as Stripe billing, Vercel domain management, and Vercel Blob storage are optional adapters, not hard requirements.
Prefer a quick overview first? Watch the product demo on YouTube: CodeRocket demo video.
- Website: coderocket.app
- Open source overview: coderocket.app/open-source
- Demo video: youtube.com/watch?v=vkfCdoFQnAk
- Documentation: docs.coderocket.app
- Issues: github.com/elreco/coderocket/issues
- Discussions: github.com/elreco/coderocket/discussions
- Contributing guide: CONTRIBUTING.md
- Security policy: SECURITY.md
app/: the Next.js application.builder/: the build service used to compile and store user apps.docs/: Mintlify documentation.supabase/: local Supabase config, migrations, and database notes.
- Keep the full app and builder in one repository.
- Run locally without Stripe, Vercel Domains, or Vercel Blob.
- Swap optional cloud adapters back in only when you need them.
- Use the hosted coderocket.app experience as an upsell path if you want a managed version too.
- Local minimal: Run Next.js + the integrated builder with filesystem storage and no Stripe/Vercel dependencies.
- Self-host with wildcard domains: Use your own root domain for deployed apps, previews, and webcontainers.
- Managed cloud: Keep CodeRocket branding and optionally point upsell links back to coderocket.app.
npm install
npm --prefix builder installOptional docs:
npm --prefix docs installcp .env.example .env.local
cp builder/.env.example builder/.envUse .env.local for your machine-specific app secrets. The builder-specific file is only there for people who want to run builder/ independently.
If you already have a local .env, prefer consolidating into .env.local to avoid confusion.
npx supabase start
npx supabase db reset
npm run generate-typesImportant:
supabase/current_state.sql is reference material only. See supabase/README.md for the baseline/export workflow.
App + builder:
npm run dev:allApp only:
npm run devBuilder only:
npm run builder:devDocs only:
npm run docs:devThe default app URL is http://localhost:4002.
If you want the builder to run fully independently from the app, you can still use builder/.env, but the default developer path is now the monorepo with .env.local at the root.
The repo now uses a normalized configuration contract.
NEXT_PUBLIC_APP_URL: canonical URL of this instance.NEXT_PUBLIC_CLOUD_URL: optional upsell target for the hosted CodeRocket cloud.NEXT_PUBLIC_DOCS_URL: docs base URL.
NEXT_PUBLIC_DEPLOYMENT_ROOT_DOMAIN: wildcard root for deployed apps.NEXT_PUBLIC_PREVIEW_ROOT_DOMAIN: wildcard root for previews.NEXT_PUBLIC_WEBCONTAINER_ROOT_DOMAIN: wildcard root for live webcontainer previews.
Local development also supports a path fallback under /webcontainer/<prefix> so wildcard DNS is not required.
BUILDER_API_URLNEXT_PUBLIC_BUILDER_API_URLBUILDER_HOSTBUILDER_PORTBUILDER_AUTH_TOKENBUILDER_STORAGE_DRIVER=fs|vercel-blobBUILDER_STORAGE_FS_ROOTBUILDER_TEMP_DIR
BILLING_PROVIDER=none|stripeNEXT_PUBLIC_BILLING_PROVIDER=none|stripe
When billing is none, deploy/custom-domain flows stay available locally and Stripe routes are disabled.
DOMAIN_PROVIDER=none|vercelNEXT_PUBLIC_DOMAIN_PROVIDER=none|vercel
When the provider is none, DNS ownership verification still works, but HTTPS and routing are expected to be handled by your hosting platform or reverse proxy.
The builder now supports two storage modes:
fs: default for local and self-hosted installs.vercel-blob: optional cloud adapter.
For local installs, builds are stored under .coderocket/builds by default and served back through the Next.js app.
When exposing the builder on a public network, set BUILDER_AUTH_TOKEN on both the app and the builder so build and scraping endpoints are not anonymous.
The current Supabase history was not maintained exclusively through CLI migrations during development. Because of that:
- keep treating
supabase/current_state.sqlas informational only, - use
supabase/migrations/20260501000000_baseline_from_authoritative_schema.sqlas the active baseline candidate, - keep
supabase/baseline.schema.sqlas the authoritative schema snapshot, - and verify a real local
supabase db resetonce Docker is available before treating the baseline as fully validated.
The old migration chain is archived under supabase/migrations-legacy/. Going forward, the intended model is one verified baseline migration plus new forward migrations.
Details and commands live in supabase/README.md.
- rotate every secret that has ever lived in a tracked
.env, - rewrite Git history before making the repository public if tracked
.envfiles ever existed, - do not publish production data dumps,
- keep custom billing/domain adapters optional,
- set
BUILDER_AUTH_TOKENbefore exposing the builder publicly, - run
npm run type-check, - run
node --check builder/server.js, - verify a local build/deploy flow before releasing.
If you are opening the repo publicly for the first time, do the secret rotation and history rewrite before flipping visibility.
npm run devnpm run builder:devnpm run builder:startnpm run dev:allnpm run dev:all:docsnpm run docs:devnpm run docs:buildnpm run type-checknpm run generate-types
Self-hosted instances can keep their own domain and branding, while links such as documentation or hosted upgrade flows can still point to coderocket.app via NEXT_PUBLIC_CLOUD_URL.