Hosted runtimeServe static apps or app-owned server code.
Managed dataAdd persistent storage when the app needs it.
Private appsOTP, identity provider, or service token.
curl -fsSL https://tmrwrun.com/install.sh | bash
# tmrw.run onboarding
Recommended models: Claude Opus 4.7+ or GPT-5.5+. Capable smaller models can complete this flow but may produce a less polished demo. Building the todo demo from scratch is intentional; it is the showcase of what an agent plus tmrw.run can do together.
Set up tmrw.run for this workspace, then build and deploy a small polished todo app as a first deployment.
Security disclosure: this chat agent has no secure secret input. Any value pasted into the conversation is logged in the model provider transcript, tool-call history, and prompt cache. Do not request the user's API key here. Do not accept one if offered. If the user pastes a key anyway, stop, tell them it should be treated as compromised, and instruct them to revoke it from the dashboard before continuing.
## Setup
1. Install or update the CLI:
curl -fsSL https://tmrwrun.com/install.sh | bash
2. Install or update the Codex skill:
SKILL_HOME="${CODEX_HOME:-$HOME/.codex}/skills/tmrw-run"
mkdir -p "$SKILL_HOME"
curl -fsSL https://tmrwrun.com/skills/tmrwrun/SKILL.md -o "$SKILL_HOME/SKILL.md"
3. Authenticate out of band. Tell the user to run this in their own terminal:
tmrwrun login
The CLI opens https://tmrwrun.com/device, the user approves a short code in the browser, and the CLI stores the token in the OS keychain or a 0600 fallback file. The agent never sees the key.
4. Preflight:
tmrwrun whoami
Confirm the account and quota. Stop and report on failure.
5. Pick a path: build the todo demo by default, inspect an existing app and deploy if compatible, inspect-only report, or stop here.
## Todo Demo
Build from scratch in a directory the user picks. Confirm the file list with the user before writing.
Share model: multi-tenant by URL. On GET / with no room, the Worker mints an unguessable room id with crypto.randomUUID() and redirects to /r/<id>. All data is scoped by room_id. Say this to the user before deploying: the URL path is the access secret.
HTTP defaults on every room response: Referrer-Policy: no-referrer and Cache-Control: private, no-store. Do not load third-party assets from the SPA because that can leak the room path through the Referer header.
Runtime shape: --runtime worker --with-db. The Worker receives env.DB. Initialize schema lazily on first request:
CREATE TABLE IF NOT EXISTS todos (
id TEXT PRIMARY KEY,
room_id TEXT NOT NULL,
text TEXT NOT NULL,
done INTEGER NOT NULL DEFAULT 0,
created_at INTEGER NOT NULL
);
CREATE INDEX IF NOT EXISTS todos_room_created ON todos(room_id, created_at DESC);
API:
- GET /r/:room/api/todos
- POST /r/:room/api/todos { text }
- PATCH /r/:room/api/todos/:id { text?, done? }
- DELETE /r/:room/api/todos/:id
Validate :room against the room-id format. Reject otherwise. Scope every query by room_id.
Default stack: Vite + React + TypeScript built with vite-plugin-singlefile so the SPA collapses to one HTML file. Worker entry should be bundled with esbuild as ESM and export a default fetch-compatible handler. Standard bundler output such as export { app as default } is supported.
Pre-deploy gate:
tmrwrun deploy ./deploy --check --runtime worker --entry src/index.js
Deploy:
tmrwrun deploy ./deploy --name "Todo" --slug todo --runtime worker --entry src/index.js --with-db
Report the live URL and dashboard URL printed by the CLI.
Polish bar: intentional typography, sensible spacing, dark mode via prefers-color-scheme, keyboard support, aria-labels on icon buttons, inline SVG icons only, and no third-party assets.
## Existing App Path
Inspect first: stack, build command, output directory, runtime shape, and persistence needs. Do not modify or deploy without explicit user approval. Prefer the smallest compatibility change.
Safety rules:
- Inspect before changing.
- Ask before creating files.
- Ask before modifying.
- Never refactor to fit tmrw.run without approval.
- Prefer the smallest compatibility change.