Skip to main content
CodeRocket

Website health model

From website access to a clear health result.

CodeRocket uses the access method you choose, checks what it can prove, then compares the result with the last complete check.

No sign-in required

CodeRocket opens the selected HTTPS pages from the cloud. A CDN or firewall is fine when the pages still open without sign-in.

Sign-in or private access required

The cloud check stays off. GitHub, GitLab, Bitbucket, or another CI environment with access opens the page and sends only the result.

  1. 01

    Open each page once

    CodeRocket requests each configured HTTPS page once. It validates DNS and every redirect, rejects private networks and non-HTML responses, and stops at 2 MB or 10 seconds.

  2. 02

    Check only what can be proven

    The engine reviews returned HTML, response timing, and security headers. It reports only issues it can prove and never invents a score.

  3. 03

    Remember the same problem over time

    Each finding is fingerprinted from its normalized page path, rule slug, and stable occurrence key. Explanatory copy is excluded, so wording changes do not create alerts.

  4. 04

    Show what changed since last time

    Findings become new, still present, or resolved. If a requested page is unavailable, the result is explicitly inconclusive and nothing is falsely resolved.

Stable identity

A finding survives copy changes.

Paths are decoded, lowercased, deduplicated, and stripped of trailing slashes before the rule slug and occurrence key are added. The SHA-256 fingerprint is scoped to the project.

Text
normalize("/Checkout/") + "form-labels" + "primary"
→ sha256("/checkout\0form-labels\0primary")
→ one stable finding identity

Result semantics

Honest results, including when a check is incomplete.

New

A critical or high-priority issue absent from the reference makes the website need attention.

Still open

An issue already present remains visible but does not fail every release again.

Fixed

An issue missing from a reachable page is recorded as fixed.

Check incomplete

A requested page could not be read. Previous findings stay open and the result is not marked healthy.

What is automatic today

CodeRocket verifies HTTPS reachability, redirect safety, HTTP status, response time, selected security headers, robots.txt, the XML sitemap, and a conservative set of issues provable from returned source HTML. The same page is never downloaded once per rule.

Live website checks

A maintained subset of deterministic HTML and HTTP rules runs on every monitored page. It creates alerts only when the returned evidence proves a problem.

Preview and CI checks

The CLI can inspect a deployed preview and submit its signed result, commit, branch, and pull-request context to the same comparison engine.

Complete rules reference

All maintained Front-End Checklist rules stay available in CodeRocket, including browser, source-code, testing, privacy, and human-review guidance.

The check itself does not use an LLM: finding identity, evidence, comparison, and resolution stay deterministic. After a finding is saved, the optional AI assistant can explain that proof and prepare a fix plan. CodeRocket still does not run a headless browser, execute client JavaScript, collect Lighthouse measurements, or compare pixels.

Upstream synchronization

Front-End Checklist remains the source of truth.

The rule pages, explanations, sources, priorities, and ruleset version are generated from the forked Front-End Checklist packages. An upstream merge updates this reference. New rules are not silently promoted to live alerts: they enter the automatic profile only after their detector can produce stable evidence without a browser or human judgment.