Build internal tools with Claude Code. Ship them with enterprise governance.
One server gives you database, auth, RBAC, audit logs, secrets, and deployment
for every internal tool you build with AI.
The problem
You build an internal tool with Claude Code, Codex, Cursor, or your favorite AI coding tool. The app takes 5 minutes. Then you're stuck figuring out:
- Where does it run?
- Who can access what?
- Where's the database?
- Is there an audit trail?
- How do I manage secrets, cron jobs, integrations?
Every tool you build becomes its own infrastructure project. No central place, no governance, no way to manage them all.
How it works
You keep coding exactly like you do today. Same AI tools, same freedom. RootCX is just the production layer underneath.
Deploy Core once (one Docker image or Cloud). Every internal tool you build lands on the same governed platform with everything already wired up.
From zero to deployed in one command. Pick cloud or self-hosted, name your app, scaffold, deploy.
What every app gets for free
Database - Shared PostgreSQL. Define a schema, get CRUD APIs automatically. No ORM, no migrations.
Enterprise auth - SSO (Okta, Entra ID, Google Workspace, Auth0). Namespaced RBAC with role inheritance. One line to protect a route.
Governance - Full audit log (every mutation, who did what, before/after diff). Encrypted secrets vault. Centralized visibility across all your internal tools.
Infrastructure - Cron scheduling, durable message queues, file storage, 20+ integrations (Slack, GitHub, Salesforce, Stripe...).
Get started
Install the CLI
# macOS / Linux curl -fsSL https://rootcx.com/install.sh | sh # Windows powershell -c "irm https://rootcx.com/install.ps1 | iex"
Then scaffold and deploy your first app:
Install the skill (Claude Code)
npx skills add rootcx/skills
Works with Claude Code, Codex, Cursor, or your favorite AI coding tool. You don't change how you build. RootCX is where your code lands.
How it compares
| RootCX | DIY (Supabase + Auth0 + ...) | Retool / Airplane | |
|---|---|---|---|
| You code with AI | First-class (Claude Code, Codex, Cursor, any) | Not designed for it | Proprietary builder |
| Governance | RBAC + audit log + secrets vault | Build it yourself | Partial |
| Setup | One server, one command | 5+ services to glue | Hosted only |
| Self-hosted | Single Docker image | Complex | Enterprise only |
| You own the code | Yes | Yes | No |
| All your tools in one place | Yes | Scattered | Yes |
Architecture
All features
| Database | Shared PostgreSQL with auto-generated CRUD APIs |
| Auth | OIDC SSO (Okta, Microsoft Entra ID, Google Workspace, Auth0) |
| RBAC | Namespaced permissions, wildcard matching, role inheritance |
| Audit log | Every mutation captured with before/after diff |
| Scheduled jobs | Cron scheduling via pg_cron |
| Message queue | Durable job queue via pgmq with automatic retry |
| Secrets vault | AES-256 encrypted storage for API keys and credentials |
| Integrations | Notion, Gmail, Outlook, Salesforce, Slack, GitHub, Stripe, and more |
| Agent tools | Every app exposes tools (query, mutate, describe) for agents |
| MCP | Connect any MCP server to give agents access to external tools |
| Channels | Connect agents to Telegram, Slack, email |
| File storage | Upload and serve files scoped per app |
Community
- Discord - Questions, discussion, support
- GitHub Issues - Bug reports and feature requests
- Docs - Guides, references, API docs
License
Source-available under FSL-1.1-ALv2. Use, modify, and redistribute for any purpose other than offering a competing product. Converts to Apache 2.0 after two years.
