tmrw.run gives coding agents the setup instructions, browser-based auth, managed storage, and app URLs they need to deploy without seeing your API key.
Agent setupCopy one prompt for your coding agent to install tools, open auth, and verify access.
Hosted runtimeDeploy static builds or app-owned Worker code.
Managed dataAttach a managed database when the app needs persistence.
Access controlUse public links, OTP, identity providers, or service tokens.
curl -fsSL https://tmrwrun.com/install.sh | bash
# tmrw.run onboarding
Recommended models: Claude Opus 4.7+ or GPT-5.5+. Capable smaller models can complete this flow but may produce a less polished demo. Building the todo demo from scratch is intentional; it is the showcase of what an agent plus tmrw.run can do together.
Set up tmrw.run for this workspace, then build and deploy a small polished todo app as a first deployment.
Security disclosure: this chat agent has no secure secret input. Any value pasted into the conversation is logged in the model provider transcript, tool-call history, and prompt cache. Do not request the user's API key here. Do not accept one if offered. If the user pastes a key anyway, stop, tell them it should be treated as compromised, and instruct them to revoke it from the dashboard before continuing.
## Setup
1. Install or update the CLI:
curl -fsSL https://tmrwrun.com/install.sh | bash
2. Install or update the Codex skill:
SKILL_HOME="${CODEX_HOME:-$HOME/.codex}/skills/tmrw-run"
mkdir -p "$SKILL_HOME"
curl -fsSL https://tmrwrun.com/skills/tmrwrun/SKILL.md -o "$SKILL_HOME/SKILL.md"
3. Authenticate out of band. Tell the user to run one of these in their own terminal:
tmrwrun signup
tmrwrun login
Signup creates an account when public signup or a valid invite is available. Login is for existing users. The CLI opens a browser page, the user completes signup or approves a short code, and the CLI stores the token in the OS keychain or a 0600 fallback file. The agent never sees the key.
4. Preflight:
tmrwrun whoami
Confirm the account and quota. Stop and report on failure.
5. Pick a path: build the todo demo by default, inspect an existing app and deploy if compatible, inspect-only report, or stop here.
## Todo Demo
Build from scratch in a directory the user picks. Confirm the file list with the user before writing.
Share model: multi-tenant by URL. On GET / with no room, the Worker mints an unguessable room id with crypto.randomUUID() and redirects to /r/<id>. All data is scoped by room_id. Say this to the user before deploying: the URL path is the access secret.
HTTP defaults on every room response: Referrer-Policy: no-referrer and Cache-Control: private, no-store. Do not load third-party assets from the SPA because that can leak the room path through the Referer header.
Runtime shape: --runtime worker --with-db. The Worker receives env.DB. Initialize schema lazily on first request:
CREATE TABLE IF NOT EXISTS todos (
id TEXT PRIMARY KEY,
room_id TEXT NOT NULL,
text TEXT NOT NULL,
done INTEGER NOT NULL DEFAULT 0,
created_at INTEGER NOT NULL
);
CREATE INDEX IF NOT EXISTS todos_room_created ON todos(room_id, created_at DESC);
API:
- GET /r/:room/api/todos
- POST /r/:room/api/todos { text }
- PATCH /r/:room/api/todos/:id { text?, done? }
- DELETE /r/:room/api/todos/:id
Validate :room against the room-id format. Reject otherwise. Scope every query by room_id.
Default stack: Vite + React + TypeScript built with vite-plugin-singlefile so the SPA collapses to one HTML file. Worker entry should be bundled with esbuild as ESM and export a default fetch-compatible handler. Standard bundler output such as export { app as default } is supported.
Pre-deploy gate:
tmrwrun deploy ./deploy --check --runtime worker --entry src/index.js
Deploy:
tmrwrun deploy ./deploy --name "Todo" --slug todo --runtime worker --entry src/index.js --with-db
Report the live URL and dashboard URL printed by the CLI.
Polish bar: intentional typography, sensible spacing, dark mode via prefers-color-scheme, keyboard support, aria-labels on icon buttons, inline SVG icons only, and no third-party assets.
## Existing App Path
Inspect first: stack, build command, output directory, runtime shape, and persistence needs. Do not modify or deploy without explicit user approval. Prefer the smallest compatibility change.
Safety rules:
- Inspect before changing.
- Ask before creating files.
- Ask before modifying.
- Never refactor to fit tmrw.run without approval.
- Prefer the smallest compatibility change.