Skip to main content
Your assistant can build and publish web applications directly from your sandbox. Published apps get a public URL accessible through your Coral dashboard — no separate hosting needed.

How it works

  1. Ask your assistant to build a web app (e.g., “Build me a CRM to track my leads”).
  2. The assistant writes the code, starts a server, and calls the publish_app tool.
  3. Coral registers the app and provides a public URL.
  4. Access the app through the link — authenticated with your Coral session.

What you can build

Apps run inside your sandbox with full access to its filesystem. Common examples:
  • CRM / contact trackers — Manage leads, contacts, and sales pipelines
  • Dashboards — Visualize data from files or APIs
  • Project management tools — Kanban boards, task trackers
  • Internal tools — Custom calculators, data entry forms, admin panels
  • Personal utilities — Habit trackers, bookmark managers, note-taking apps

Managing published apps

Published apps are managed from the Settings page under Published Apps. Each app card shows its name, port, status (running/stopped), and URL.

Custom subdomains

Each published app can be assigned a custom subdomain, giving it a clean URL like: 
https://my-crm.coral.inc
Set the subdomain from the app card in Settings. Subdomain availability is first-come, first-served.

Visibility settings

Control who can access your published app:
  • Public — Anyone with the link can access the app (still requires Coral authentication).
  • Invite only — Only users you explicitly grant access can open the app.
Toggle visibility from the app card in Settings.

Access control

For invite-only apps, manage access by email:
  1. Open the app card in Settings > Published Apps.
  2. Add email addresses of users you want to grant access.
  3. Granted users can access the app when signed in to Coral.
Remove access at any time by clicking the remove button next to an email.

Technical details

Your sandbox has limited resources, so lightweight frameworks work best:
  • Backend: Express.js (~30 MB RAM)
  • Database: sql.js (pure WebAssembly SQLite — zero native dependencies)
  • Frontend: Vanilla HTML/CSS/JS or Alpine.js
Avoid heavy frameworks like Next.js or React dev servers — they consume too much memory for the sandbox environment. Use vanilla HTML served by Express instead.

Constraints

  • Maximum 5 apps per sandbox
  • Ports 3000–9999 available for app servers (ports 18789–18799 are reserved)
  • Bind to 127.0.0.1 only (not 0.0.0.0)
  • Use relative paths in HTML (./api/data, not /api/data)
  • Data persistence: Store data in /data/apps/{slug}/ — the workspace directory doesn’t survive restarts

How the proxy works

Published apps are served through Coral’s authenticated proxy at: 
https://app.coral.inc/api/apps/{app-id}/
All requests are authenticated with your Coral session cookie. The proxy forwards requests to your sandbox’s local server. JavaScript in the browser can only make requests to relative URLs (enforced by Content Security Policy).