Build internal tools with Claude Code. Ship them with enterprise governance.
One server gives you database, auth, RBAC, audit logs, secrets, and deployment
for every internal tool you build with AI.
You build an internal tool with Claude Code, Codex, Cursor, or your favorite AI coding tool. The app takes 5 minutes. Then you're stuck figuring out:
- Where does it run?
- Who can access what?
- Where's the database?
- Is there an audit trail?
- How do I manage secrets, cron jobs, integrations?
Every tool you build becomes its own infrastructure project. No central place, no governance, no way to manage them all.
You keep coding exactly like you do today. Same AI tools, same freedom. RootCX is just the production layer underneath.
Deploy Core once (one Docker image or Cloud). Every internal tool you build lands on the same governed platform with everything already wired up.
rootcx init
From zero to deployed in one command. Pick cloud or self-hosted, name your app, scaffold, deploy.
Database - Shared PostgreSQL. Define a schema, get CRUD APIs automatically. No ORM, no migrations.
Enterprise auth - SSO (Okta, Entra ID, Google Workspace, Auth0). Namespaced RBAC with role inheritance. One line to protect a route.
Governance - Full audit log (every mutation, who did what, before/after diff). Encrypted secrets vault. Centralized visibility across all your internal tools.
Infrastructure - Cron scheduling, durable message queues, file storage, 20+ integrations (Slack, GitHub, Salesforce, Stripe...).
# macOS / Linux
curl -fsSL https://rootcx.com/install.sh | sh
# Windows
powershell -c "irm https://rootcx.com/install.ps1 | iex"Then scaffold and deploy your first app:
rootcx initnpx skills add rootcx/skillsWorks with Claude Code, Codex, Cursor, or your favorite AI coding tool. You don't change how you build. RootCX is where your code lands.
| RootCX | DIY (Supabase + Auth0 + ...) | Retool / Airplane | |
|---|---|---|---|
| You code with AI | First-class (Claude Code, Codex, Cursor, any) | Not designed for it | Proprietary builder |
| Governance | RBAC + audit log + secrets vault | Build it yourself | Partial |
| Setup | One server, one command | 5+ services to glue | Hosted only |
| Self-hosted | Single Docker image | Complex | Enterprise only |
| You own the code | Yes | Yes | No |
| All your tools in one place | Yes | Scattered | Yes |
| Database | Shared PostgreSQL with auto-generated CRUD APIs |
| Auth | OIDC SSO (Okta, Microsoft Entra ID, Google Workspace, Auth0) |
| RBAC | Namespaced permissions, wildcard matching, role inheritance |
| Audit log | Every mutation captured with before/after diff |
| Scheduled jobs | Cron scheduling via pg_cron |
| Message queue | Durable job queue via pgmq with automatic retry |
| Secrets vault | AES-256 encrypted storage for API keys and credentials |
| Integrations | Notion, Gmail, Outlook, Salesforce, Slack, GitHub, Stripe, and more |
| Agent tools | Every app exposes tools (query, mutate, describe) for agents |
| MCP | Connect any MCP server to give agents access to external tools |
| Channels | Connect agents to Telegram, Slack, email |
| File storage | Upload and serve files scoped per app |
- Discord - Questions, discussion, support
- GitHub Issues - Bug reports and feature requests
- Docs - Guides, references, API docs
Source-available under FSL-1.1-ALv2. Use, modify, and redistribute for any purpose other than offering a competing product. Converts to Apache 2.0 after two years.