Open-source team messaging platform — a real-time team messaging app anyone can self-host in minutes.
OpenHive is a community-driven project built with Next.js and Supabase. The goal: build a full-featured, beautiful team communication platform that's 100% open-source and easy to deploy. No vendor lock-in, no hidden costs — bring your own Supabase instance and you're good to go.
We're looking for contributors! Whether you're a frontend developer, designer, or backend engineer — there's room for everyone. See Contributing below.
Workspace overview — channels, activity feed, DMs, and threaded replies
Video & audio calls powered by LiveKit — with screen sharing, mic/camera controls
Incoming call banner with ringtone — dismiss or join in one click
Channel settings — member list with online status, mute, and invite
- Real-time channels — Public and private channels with instant message delivery via Supabase Realtime
- Direct messages — 1-on-1 conversations with online status indicators
- Group DMs — Multi-person direct messages with stacked avatars and member management
- Threaded replies — Keep conversations organized with message threads
- Rich text editor — Bold, italic, inline code, code blocks, and emoji picker (powered by TipTap)
- Emoji reactions — React to messages with any emoji
- File attachments — Upload and share images and files (Supabase Storage)
- @mentions — Mention users with autocomplete; mentions display real names inline
- Message editing & deletion — Edit or delete your own messages
- Message bookmarks — Save any message for later; access saved items from the sidebar
- Message scheduling — Schedule messages to be sent at a future date/time with presets or custom picker
- Public channels — Open to all workspace members
- Private channels — Invite-only channels with lock icon
- Channel settings — Edit topic, description, manage members
- Browse channels — Discover and preview channels before joining
- Mute channels — Mute notifications per channel
- Unread indicators — Badge counts for unread messages
- Channel calls — Start a video/audio call in any channel
- DM calls — Call any team member directly from a DM conversation
- Group DM calls — Video calls in group conversations
- Screen sharing — Share your screen during calls
- Camera & mic controls — Toggle camera, microphone, and screen share
- Call indicators — Green phone icon in sidebar when a call is active
- Incoming call banner — Audio ringtone + join/dismiss banner when someone calls
- Minimized mode — Collapse the call to a floating bar while chatting
- Setup detection — Friendly dialog when LiveKit is not configured (instead of silent failure)
- Powered by LiveKit (open-source WebRTC)
- Built-in commands —
/shrug,/me,/mute,/unmuteavailable out of the box - Command picker — Type
/to see available commands with keyboard navigation - Custom commands — Admins can create workspace-specific commands with webhook handlers
- Extensible — Easy to add new built-in or custom commands
- Incoming webhooks — POST JSON to a generated URL to send messages to any channel
- Outgoing webhooks — Trigger HTTP callbacks on events (new messages, reactions, etc.)
- Bot framework — Create bots with custom names, avatars, and channel subscriptions
- Webhook management — Full CRUD in workspace settings with delivery logs
- Workspace creation — Create your team workspace with auto-provisioned channels (#general, #random)
- Email invitations — Invite team members via email with magic links
- User profiles — Avatar, display name, status emoji, bio
- Online presence — Real-time online/offline status for all members
- Workspace settings — Manage description, calls, webhooks, bots, and slash commands (admin only)
- Role-based access — Owner, admin, and member roles
- Password reset — Full forgot/reset password flow with email recovery
- Activity panel — Centralized feed of mentions, DMs, thread replies, and reactions
- Unread/read sections — Clear visual separation between new and earlier activities
- Pagination — Load activities in batches of 20 with "Show more"
- Individual read tracking — Click an activity to mark it as read; bulk "Mark all read" button
- Browser notifications — Desktop notifications for mentions and DMs (when window not focused)
- Unread tracking — Per-channel unread message counts with read receipts
- Auto-read — Activities auto-mark as read when you navigate to the relevant channel
- Full-text search — Search across all messages and channels
- Quick navigation —
Cmd+K/Ctrl+Kto quickly find channels, DMs, and messages
- Fully responsive — Works on mobile (< 768px), tablet (768px–1024px), and desktop (> 1024px)
- Sidebar drawer — Slide-out sidebar on mobile and tablet with backdrop overlay
- Hamburger menu — Accessible navigation toggle on smaller screens
- Touch-friendly — Properly sized tap targets and mobile-optimized inputs
- Server-side auth — Next.js middleware protects all workspace and API routes; all API endpoints verify caller identity via JWT
- XSS protection — Message content sanitized with DOMPurify; mention popup HTML-escaped to prevent stored XSS
- Input validation — API routes validate and sanitize all inputs (email format, file MIME types, path traversal prevention, text length limits)
- Row Level Security — All 23+ database tables secured with fine-grained Supabase RLS policies (co-worker scoping, admin-only writes, self-only mutations)
- PKCE auth flow — Secure authentication code exchange with proper password recovery detection
- File upload hardening — MIME type allowlist, file size limits (5 MB avatars / 50 MB attachments), path sanitization
- Identity verification — LiveKit tokens use server-verified user IDs (no client-side identity spoofing)
- Role-based API protection — Invite and provisioning endpoints enforce admin/owner roles; provisioning locked in production
- Webhook input sanitization — Incoming webhook text length capped, usernames stripped of HTML tags
| Layer | Technology |
|---|---|
| Framework | Next.js 16 (App Router) |
| Language | TypeScript |
| UI | shadcn/ui + Tailwind CSS |
| Editor | TipTap (rich text) |
| State | Zustand |
| Backend | Supabase (PostgreSQL, Auth, Realtime, Storage) |
| Video Calls | LiveKit (open-source WebRTC) |
| Sanitization | DOMPurify |
| Icons | Lucide |
| Date | date-fns |
- Node.js 18+
- npm (or pnpm/yarn)
- A Supabase account (free tier works fine) — supabase.com
git clone https://github.com/arseneHuot/openhive.git
cd openhive
npm installnpm run devOpen http://localhost:3000 — you'll see the setup wizard.
The setup wizard will guide you through connecting your own Supabase instance:
- Create a Supabase project at supabase.com/dashboard
- Go to Settings > API in your Supabase dashboard
- Copy your Project URL and anon public key
- Go to Settings > Access Tokens and generate a Personal Access Token (starts with
sbp_...) - Enter all three values in the setup wizard
The wizard will:
- Validate your credentials
- Auto-provision all 23 database tables, RLS policies, triggers, and functions
- Enable Realtime on the required tables
- In dev mode: write your config to
.env.local(gitignored, never committed) - In production: display the env vars to copy into your hosting platform
Note: The Personal Access Token is used once during provisioning and is never stored.
Local development: After provisioning, restart the dev server (Ctrl+C then npm run dev), create an account, and start chatting!
Production (Vercel, etc.): The wizard will show the env vars to set — see Deployment below.
Video/audio calls are powered by LiveKit, an open-source WebRTC platform. This is optional — messaging works without it.
- Sign up at cloud.livekit.io (free tier available)
- Create a new project
- Copy your Server URL, API Key, and API Secret
- Follow the LiveKit self-hosting guide
- Use your self-hosted server URL and generated API credentials
- Open your workspace in OpenHive
- Click the workspace name (top-left) > Workspace Settings
- Scroll to Video Calls (LiveKit)
- Enter your LiveKit Server URL, API Key, and API Secret
- Check "Enable calls for this workspace"
- Click Save
That's it! The phone icon will appear in channel headers and DM conversations. If LiveKit is not configured, users will see a helpful dialog explaining how to set it up.
src/
├── app/ # Next.js App Router
│ ├── api/
│ │ ├── setup/ # POST: writes .env.local (dev only)
│ │ ├── provision/ # Database provisioning endpoint
│ │ ├── livekit/token/ # LiveKit token generation
│ │ ├── invite/ # Email invitation system
│ │ ├── storage/ # Storage bucket management
│ │ ├── upload/ # File upload handling
│ │ └── webhook/[id]/ # Incoming webhook receiver
│ ├── setup/ # Setup wizard UI
│ ├── auth/ # Sign in / Sign up / Forgot password / Reset
│ └── workspace/ # Main app (authenticated)
├── components/
│ ├── ui/ # shadcn/ui components
│ ├── activity/ # Activity panel (mentions, DMs, reactions)
│ ├── bookmarks/ # Saved items panel
│ ├── calls/ # Video call panel, incoming call banner, setup dialog
│ ├── chat/ # Messages, input, threads, slash commands, scheduling
│ ├── profile/ # User profile editing
│ ├── search/ # Search dialog
│ ├── sidebar/ # Sidebar, channel list, DMs, group DMs, browse
│ └── workspace/ # Workspace creation, settings, webhooks, bots
├── hooks/
│ ├── use-mobile.ts # Responsive breakpoint detection
│ ├── use-notifications.ts # Browser notification & activity tracking
│ ├── use-presence.ts # Online presence tracking
│ └── use-scheduled-messages.ts # Scheduled message polling & sending
├── lib/
│ ├── supabase/
│ │ ├── client.ts # Supabase browser client
│ │ ├── server.ts # Supabase server client (middleware)
│ │ ├── provisioner.ts # DB provisioning via Management API
│ │ └── migrations.ts # All 23+ table definitions + RLS
│ ├── store/
│ │ └── app-store.ts # Zustand global state
│ └── slash-commands.ts # Built-in slash command registry
├── middleware.ts # Auth protection for routes
└── types/
└── database.ts # TypeScript types for all tables
OpenHive auto-provisions 23+ tables with full RLS (Row Level Security):
Core:
profiles · workspaces · workspace_members · channels · channel_members · messages · reactions · file_attachments · pins · read_receipts
Calls & Presence:
workspace_settings · active_calls · call_participants
Integrations:
incoming_webhooks · outgoing_webhooks · webhook_delivery_logs · bots · bot_channel_memberships · bot_event_subscriptions · slash_commands
Extended:
reminders · shared_channel_links · remote_profiles · saved_items · scheduled_messages
All migrations are in src/lib/supabase/migrations.ts — the setup wizard runs them automatically.
You can deploy OpenHive to Vercel in two ways:
- Run locally first:
npm run dev→ complete the setup wizard to provision your database - Push your code to GitHub
- Import the repo in Vercel
- Add environment variables in Vercel dashboard:
NEXT_PUBLIC_SUPABASE_URL— your Supabase project URLNEXT_PUBLIC_SUPABASE_ANON_KEY— your Supabase anon keySUPABASE_SERVICE_ROLE_KEY— (optional) needed for email invitations and file uploads
- Deploy!
- Push your code to GitHub and import in Vercel
- Deploy without environment variables — the app will show the setup wizard
- Open your deployed URL → the setup wizard provisions the database
- After provisioning, the wizard displays the env vars to set
- Copy them into Vercel dashboard > Settings > Environment Variables
- Redeploy (or trigger a redeployment) for the env vars to take effect
Note: The setup wizard provisions the database via the Supabase Management API using your Personal Access Token. The token is used once and is never stored. In production,
.env.localcannot be written — the wizard shows the values to set in your hosting platform instead.
After deploying, update your Supabase project so invitation and password-reset emails point to your production domain (not localhost):
- Go to Supabase Dashboard → Authentication → URL Configuration
- Set Site URL to your production URL (e.g.,
https://your-app.vercel.app) - Add your production URL and
http://localhost:3000to the Redirect URLs list
Without this step, invitation emails will contain localhost links that won't work for your users.
Supabase's built-in email service has strict rate limits (3–4 emails/hour on the free plan). For production, set up a custom SMTP provider so invitations and password resets are delivered reliably:
- Go to Supabase Dashboard → Project Settings → Authentication → SMTP Settings
- Enable Custom SMTP
- Enter your SMTP credentials
Recommended provider: Resend — generous free tier (3 000 emails/month), simple setup, and works great with Supabase. Other options: SendGrid, Mailgun, Amazon SES, Postmark.
Without a custom SMTP, Supabase uses its default email service which is rate-limited and emails may land in spam. Setting up a proper SMTP provider ensures your team's invitation and password reset emails are delivered instantly.
OpenHive runs anywhere Node.js runs — Railway, Fly.io, Docker, AWS, etc.
- Deploy the app
- Open the deployed URL → complete the setup wizard to provision the database
- Set the displayed environment variables in your platform
- Redeploy
Or provision locally first, then set the env vars and run npm run build && npm start.
OpenHive is a community project — we want as many contributors as possible!
Whether you're fixing a typo, adding a feature, or improving the docs — every contribution matters. Here's how to get involved:
- Fork the repository
- Clone your fork:
git clone https://github.com/YOUR_USERNAME/openhive.git - Create a branch:
git checkout -b feature/my-awesome-feature - Make your changes and test locally
- Commit:
git commit -m "Add my awesome feature" - Push:
git push origin feature/my-awesome-feature - Open a Pull Request on the main repo
- New features — Check the Issues tab for feature requests
- Bug fixes — Found a bug? Fix it and submit a PR
- UI/UX improvements — Better animations, responsive design, accessibility
- Documentation — Improve docs, add examples, translate
- Testing — Add unit tests, integration tests, E2E tests
- Performance — Optimize rendering, reduce bundle size
- Integrations — Webhooks, bots, slash commands, third-party services
- Custom emoji
- Channel categories / folders
- Voice messages
- End-to-end encryption
- PWA support (install as app)
- Internationalization (i18n)
- Themes (dark mode, custom colors)
- Guest access (external users)
- SAML/SSO authentication
- Audit logs
- Data export
- Message pinning improvements
- Typing indicators
- Read receipts UI
- User status / away mode
- Keep PRs focused — one feature or fix per PR
- Follow the existing code style (TypeScript, Tailwind, shadcn/ui)
- Test your changes locally before submitting
- Write clear commit messages
- Be kind and respectful in discussions
See CONTRIBUTING.md for detailed guidelines.
- GitHub Issues — Report bugs & request features
- GitHub Discussions — Ask questions & share ideas
- Pull Requests — Contribute code
OpenHive is open-source software licensed under the MIT License.
Built with Next.js, Supabase & LiveKit
Star the repo if you like the project!