Private beta. We're working directly with early teams. Talk to a founder
TailorKit

How apps work

Apps are sandboxed extensions that render through your platform.

TailorKit lets your product host runtime apps in specific parts of the UI while keeping control of the page, data, and platform behavior.

The Model

A TailorKit integration has two sides:

  • Host product: your product owns the page, routes, auth, data, permissions, and final rendering.
  • App code: independently built code runs in a sandbox and describes the app UI it wants to show.

TailorKit builds a contract between your host app and custom apps. That contract defines which UI components are available, which actions apps can perform, and which theme tokens they can use to match your product.

What The Host Owns

The host is the source of truth. It chooses the active screen, passes screen context, renders approved components, and handles sensitive work through host callbacks.

For example, the host can say: "this part of the user route is the /user screen, and here is the current user context." Read Screens for the full pattern.

What Apps Own

Apps are built separately from the host. They import generated bindings from the schema, implement one or more screens, and describe UI using host-approved components.

Read Writing apps and Components for the app-side and host-side details.

Sandbox And Security

App code runs in a worker sandbox. It receives screen context, returns a description of the UI, and responds to events. The host renders the real UI and keeps direct access to routing, data, secrets, and browser APIs.

Isolated Runtime

TailorKit treats app code as untrusted by default. Apps do not run on the main thread and do not get direct access to the DOM. They describe UI instead of mutating the page, and can only render through the screens, components, props, callbacks, slots, and tokens your host exposes.

Event Boundary

Events move through TailorKit. A user clicks a host-rendered component, the callback is forwarded to the app sandbox, and the app can update its rendered output.

The host keeps control of sensitive work such as loading data, checking permissions, changing pages, and rendering the final interface. App events are forwarded through TailorKit, so the host can validate payloads and decide which callbacks or actions are allowed.

Narrow Capabilities

That lets you grant narrow capabilities without opening the whole browser environment. For example, you can expose a host-owned copy-to-clipboard action while still preventing app code from reading local storage, cookies, or other page-level state directly.

For the production checklist, read Deploying to production.

Installation

Install TailorKit and wire it into your host app.

Layouts and Styles

Use our primitives to enable different layouts and styles

On this page

The ModelWhat The Host OwnsWhat Apps OwnSandbox And SecurityIsolated RuntimeEvent BoundaryNarrow Capabilities