The beautiful control plane for self-hosted apps.
Heimdall sits above your deployment engine — it doesn't replace Coolify, it conducts it — and wires every app to its own data, auth, and secrets in one move.
In Norse myth, Heimdall is the watchman of the Bifröst — the burning rainbow bridge between the realms. He sees everything, hears the grass grow, and guards the gate. This Heimdall does the same for your fleet: it sees every app, every deployment, every key — and opens the bridge between your code and the data behind it.
The self-hosted PaaS engines are excellent and ugly. Coolify, Dokku, CapRover — powerful, but the UX fights you, and none of them know what a data project is. They start a container and wave goodbye. You still wire the database, the auth, the secrets by hand, per app, forever.
Heimdall is the layer that's missing: a single, beautiful surface that drives the engine you already run and provisions the backend each app needs — because it's wired to Hauldr, a multi-tenant backend on real Postgres.
POST /apps { "name": "meu-saas", "template": "hono-next", "data": true } 1. register the app → Heimdall (Postgres)
2. provision a data project → Hauldr (isolated Postgres + GoTrue auth)
3. inject the tenant secrets → SecretsStore (HAULDR_DB_URL, GOTRUE_URL, JWT_SECRET)
4. create + deploy the app → DeployEngine (Coolify)
─────────────────────────────────────────────────────────────────────
→ app live, multi-tenant, with native data + auth. No manual wiring.
Step 2–3 are the whole point. No generic PaaS does them, because none has a Hauldr underneath.
Heimdall is a dashboard of focused modules over one fleet. Each is named for the job it does; several wear a Norse name from the same world as Heimdall himself.
| Module | Also known as | What it does |
|---|---|---|
| Fleet | Ice Breaker | Live mirror of every app (Coolify /applications + Compose /services); Ice Breaker is the one-click instance factory (repo + Coolify app + Hauldr project, in one go) |
| Deployments | Bifröst | Deploy history, live progress, redeploy and rollback |
| Domains | — | Attach a client's own domain to an app via Cloudflare for SaaS |
| Env | Rúnar | Read/write env vars across every app, reveal secrets, redeploy |
| Ice Vault | — | Encrypted secrets store with a full audit log |
| Routing | — | Source of truth for fleet routing — a reconciler renders Traefik file-provider routes |
| Infra | Ymir | Read-only host + container metrics, plus per-app edge traffic |
| Files | — | Browser for each app's native Hauldr object storage |
| Aegir | — | AI concierge that operates every module via chat — also reachable over WhatsApp |
| Mímir | — | Prompt bank + enhancer |
| CCL ID | — | Internal identity management over Logto (create / role / reset / suspend) |
See docs/modules.md for what each one does and the API behind it.
Heimdall is an aggregator. Everything it touches sits behind a small interface, so "over Coolify" is the first implementation — not a hard dependency.
apps/
web/ Next.js — the UI (the reason Heimdall exists)
api/ Hono — the control-plane API
packages/
core/ domain + the interfaces + the create-app flow
db/ Drizzle + Postgres — Heimdall's own store
engines/ DeployEngine → coolify (future: dokku, render, fly)
dataplane/ DataPlane → hauldr (future: supabase, neon)
secrets/ SecretsStore → coolify-env (future: infisical, vault)
source/ SourceProvider → github (a new app's repo, from a template)
sdk/ typed client (web + cli)
The interfaces in packages/core/src/adapters.ts are
the product:
| Interface | Today | The job |
|---|---|---|
DeployEngine |
Coolify | create / deploy / destroy apps, set env |
DataPlane |
Hauldr | provision an isolated data project per app |
SourceProvider |
GitHub | a new app's repo, from a template |
SecretsStore |
Coolify env | hold the tenant secrets the data project hands out |
InfraProvider |
Docker | read-only host + container metrics (the Ymir view) |
pnpm install
cp .env.example .env # point at your Coolify + Hauldr (+ optional Logto)
pnpm dev # api on :8787, web on :3000With nothing configured, Heimdall opens in a zero-setup dev shell. Every integration
(Coolify, Hauldr, GitHub templates, Logto auth, Traefik metrics) is wired through
.env.example — set only what you need.
docker compose -f docker-compose.prod.yml up -dBring your own Postgres via HEIMDALL_DATABASE_URL, or run the bundled one. At Cold Code
Labs, Heimdall dogfoods Hauldr for its own database. Full runbook and the release/branch
model: docs/deployment.md.
Heimdall is beta and developed in the open. It runs in production at Cold Code Labs, operating the live fleet — the apps you see in Fleet, the deployments in Bifröst, the secrets in Ice Vault are all real. It is single-operator-focused and pre-1.0: expect breaking changes until a tagged release.
Public releases are cut from main; surtr is Cold Code Labs' own deploy branch (see
docs/deployment.md). Roadmap, in rough order: a tagged v0.x release,
multi-engine DataPlane/DeployEngine adapters, and a hosted demo.
Heimdall conducts and assembles excellent open-source projects:
- Coolify — the deployment engine it drives
- Hauldr — the multi-tenant data plane
- Traefik — the edge it routes through
- Hono — the control-plane API
- Next.js — the UI
- Drizzle — Heimdall's own store
- Logto — authentication and identity
Contributions are welcome — see CONTRIBUTING.md. Please also read the Code of Conduct and our security policy.
Apache License 2.0. © Cold Code Labs.