No sign-in required
CodeRocket opens the selected HTTPS pages from the cloud. A CDN or firewall is fine when the pages still open without sign-in.
Website health model
CodeRocket uses the access method you choose, checks what it can prove, then compares the result with the last complete check.
CodeRocket opens the selected HTTPS pages from the cloud. A CDN or firewall is fine when the pages still open without sign-in.
The cloud check stays off. GitHub, GitLab, Bitbucket, or another CI environment with access opens the page and sends only the result.
CodeRocket requests each configured HTTPS page once. It validates DNS and every redirect, rejects private networks and non-HTML responses, and stops at 2 MB or 10 seconds.
The engine reviews returned HTML, response timing, and security headers. It reports only issues it can prove and never invents a score.
Each finding is fingerprinted from its normalized page path, rule slug, and stable occurrence key. Explanatory copy is excluded, so wording changes do not create alerts.
Findings become new, still present, or resolved. If a requested page is unavailable, the result is explicitly inconclusive and nothing is falsely resolved.
Stable identity
Paths are decoded, lowercased, deduplicated, and stripped of trailing slashes before the rule slug and occurrence key are added. The SHA-256 fingerprint is scoped to the project.
normalize("/Checkout/") + "form-labels" + "primary"
→ sha256("/checkout\0form-labels\0primary")
→ one stable finding identityResult semantics
A critical or high-priority issue absent from the reference makes the website need attention.
An issue already present remains visible but does not fail every release again.
An issue missing from a reachable page is recorded as fixed.
A requested page could not be read. Previous findings stay open and the result is not marked healthy.
CodeRocket verifies HTTPS reachability, redirect safety, HTTP status, response time, selected security headers, robots.txt, the XML sitemap, and a conservative set of issues provable from returned source HTML. The same page is never downloaded once per rule.
A maintained subset of deterministic HTML and HTTP rules runs on every monitored page. It creates alerts only when the returned evidence proves a problem.
The CLI can inspect a deployed preview and submit its signed result, commit, branch, and pull-request context to the same comparison engine.
All maintained Front-End Checklist rules stay available in CodeRocket, including browser, source-code, testing, privacy, and human-review guidance.
The check itself does not use an LLM: finding identity, evidence, comparison, and resolution stay deterministic. After a finding is saved, the optional AI assistant can explain that proof and prepare a fix plan. CodeRocket still does not run a headless browser, execute client JavaScript, collect Lighthouse measurements, or compare pixels.
Upstream synchronization
The rule pages, explanations, sources, priorities, and ruleset version are generated from the forked Front-End Checklist packages. An upstream merge updates this reference. New rules are not silently promoted to live alerts: they enter the automatic profile only after their detector can produce stable evidence without a browser or human judgment.