Guide

Mobile app maker software, listed by pinned version

Most articles about mobile app maker software list platforms. They tell you that Adalo exists, BuildFire exists, Appy Pie exists, Bubble exists. They do not tell you what software is actually running when you click Build. This page lists the stack, by name and by pinned version, then walks the boot order. The whole list lives in one publicly readable Dockerfile.

M
Matthew Diakonov
9 min

Direct answer, verified 2026-05-06

What software runs a mobile app maker?

A modern AI mobile app maker is a stack of open-source tools: an OS, a Node runtime, a dev server (Vite), a real browser the agent can drive (Chromium plus Playwright), and an agent runtime that interprets your prompt. Most app makers run that stack on their own backend and never publish what is in it.

mk0r ships its stack as a Debian Bookworm Docker image. The Dockerfile lives at docker/e2b/e2b.Dockerfile. You don't install any of it on your machine. The image boots in a per-session cloud sandbox when you click Build, and the sandbox pauses when you close the tab.

What other "mobile app maker software" guides skip

Open the first ten guides about mobile app maker software and count how many name the actual programs that run to produce your finished app. The answer is roughly zero. Every guide is a curated table of vendors with a Pricing column, a Templates column, and a Drag and Drop column. The Stack column never appears, because most of those vendors do not publish theirs.

That gap matters more in 2026 than it did five years ago. AI app makers are not closed binaries with a paint-and-publish UI. They are orchestrations of well-known open-source pieces (Vite, Chromium, Playwright, an LLM agent loop). The interesting question is no longer "which vendor has the right templates," it is "which orchestration does what I want and lets me see how."

This page is the version of that table the listicles never publish: the actual software, by name, by pinned version, and where each piece runs.

0

Lines of code you have to install on your laptop to run a mobile app maker today, if the maker is sandbox-based and the sandbox is in the cloud.

Direct count of installs in mk0r's setup flow

The stack

Every package in the per-session sandbox

Debian Bookworm slim

Base image, the OS the rest of the stack runs on

Node.js 20

Vite, MCP, ACP bridge, the agent runtime

Chromium

Headless browser the agent drives via CDP on port 9222

@playwright/mcp 0.0.70

MCP server pinned by version, drives the in-VM Chromium

@agentclientprotocol/claude-agent-acp 0.25.0

ACP bridge process the editor talks to over WebSocket

@anthropic-ai/claude-code

The AI agent that actually writes your app's code

Vite + React + TypeScript

Prescaffolded at /app via npm create vite@latest, dev server on 5173

Tailwind CSS

Installed alongside the Vite scaffold for styling

Xvfb

Virtual framebuffer on display :99 so Chromium has a screen

x11vnc

VNC bridge to the Xvfb display, so a human can take over the browser

websockify

Wraps VNC in a WebSocket on port 5901 for browser viewers

ffmpeg

Available for screen capture and any media work the agent needs

postgresql-client + psycopg2

Pre-installed, so a generated app that wants Postgres can use it

git

Used to snapshot project state across pause/resume

cron

Runs scheduled jobs (e.g. social-autoposter) inside the sandbox

ws (Node WebSocket)

Powers the reverse proxy and the screencast/input relay

Where each piece lives in the Dockerfile

The Dockerfile is short. It is one apt-get for the OS-level packages, one curl-pipe-bash for Node 20 from NodeSource, one global npm install for the agent and MCP packages (with their versions pinned), and one npm create vite@latest for the React scaffold at /app. Then a handful of COPY lines drop the small in-VM scripts (proxy.js, acp-bridge.js, brd-proxy.js, startup.sh, scheduler-mcp.js) into /opt.

The interesting line is the global npm install. It explicitly pins the two packages whose wire formats the editor depends on:

RUN npm install -g \
      @playwright/mcp@0.0.70 \
      ws \
      @agentclientprotocol/claude-agent-acp@0.25.0 \
      @anthropic-ai/claude-code \
      social-autoposter \
 && ln -sf /usr/lib/node_modules /node_modules

The trailing symlink is there because Node ESM resolution does not honor NODE_PATH. Putting node_modules at the filesystem root lets ESM imports from files outside any node_modules tree (like /opt/patched-acp-entry.mjs) walk up and find the global packages. That detail will only matter to you if you ever fork the image, but it is the kind of thing that exists on every real software stack and is invisible on every listicle.

Boot order: what comes up, in what order, on what port

The container's startup.sh is intentionally not strict-mode bash. Non-critical services (cron, VNC) are allowed to fail without tearing down the whole boot. The order matters because Chromium needs Xvfb to exist before it can attach a display, MCP needs Chromium's CDP socket to exist before it connects, and the proxy needs all five upstreams to be addressable before it goes to one URL.

container start to ready, services in boot order

containerinitserviceagentACP bridgeproxy :3000container startXvfb :99 1600x1600x24brd-proxy.js dormantchromium --remote-debugging 9222x11vnc on Xvfb displaywebsockify 5901 -> VNC@playwright/mcp on 3001acp-bridge.js on 3002vite on 5173 (host 0.0.0.0)proxy.js on 3000 (front door)ready: one URL fronts five services

By the time the proxy on port 3000 reports ready, Vite is serving HTTP and HMR over WebSocket on 5173, Chromium is listening for CDP on 9222, Playwright MCP is forwarding browser commands on 3001, the ACP bridge is accepting agent control on 3002, and websockify is relaying VNC on 5901. The proxy fronts all of them so a single public URL can serve your iframe preview, the screencast, and the VNC viewer.

0Packages on your laptop
0Packages in the sandbox
0Ports the sandbox listens on
0Lines in src/core/e2b.ts

Reading the running stack with one command

If you e2b exec into a live sandbox and ask the kernel which sockets are listening, you can see the full stack at runtime. This is the part the marketing pages never show you, because most marketing pages are not for products you can ssh into.

Inside a live mk0r sandbox

Six listening sockets, one Debian, one Node, one Chromium, one Vite. That is a complete mobile app maker. You did not install any of it.

Why "you do not install it" is a non-trivial property

It is easy to read "no install" as marketing fluff. It is not. The reason this stack stays out of your machine has structural consequences for how iteration works. Three of them are worth naming.

First, the stack drifts in one place, not many. When @playwright/mcp ships a wire-format change or Chromium ships a CDP fix, the change goes into the Dockerfile and the image gets rebuilt by the staging template build on push to main. The production template image is rebuilt by tag. Every active sandbox eventually swaps onto the new image as the pool ages entries out at 45 minutes. Nobody runs npm update. Nobody fights a peer-dependency tree on their laptop.

Second, the test browser is the same browser on every machine. When the agent says "I built it and it renders," it is reporting from the cloud Chromium it just drove. A reader on a Mac, a Linux laptop, or an iPad gets the same answer because the rendering agent is one Debian-Chromium pair, not the visitor's local browser. The bug-or-not-a-bug question stops depending on what else is installed.

Third, the stack is one repo, not a constellation of services. The Dockerfile, the Next.js editor, the agent route handlers, the in-VM scripts (proxy.js, acp-bridge.js, brd-proxy.js, scheduler-mcp.js are each under a thousand lines), and the small Vite scaffold all sit in the appmaker codebase. The stack is not split across a vendor SaaS, an opaque agent API, and a hidden runner. You can read the lines. That is not how most software in this category is shipped.

Honest limits of the no-install stack

A few things this stack does not do, and never claims to.

  • It does not produce native iOS or Android binaries. The build target is a mobile web app at 390 by 844, served from the in-VM Vite dev server. You can wrap the result in Capacitor or Expo after the fact, but the prototype loop never touches Xcode or Android Studio.
  • It does not give you a long-running production server. The sandbox is a per-session prototype environment. Hosting the finished app for real users is a separate step (a static export to Cloud Run, Cloudflare Pages, your own S3, or any other static host).
  • It does not solve auth, payments, or persistent multi-user state for you. The stack ships postgresql-client, ws, and a Resend integration scaffold, so you can wire those in, but they are choices the agent makes inside the project, not services the platform provides.

The honest framing: the stack is a fast iteration loop for mobile-shaped web apps that you can keep iterating on after the first AI pass. It is not a turnkey replacement for a native development environment. The fact that the whole stack is in a readable Dockerfile means you can see exactly where its limits are, instead of running into them at month three of a paid plan.

Want a walkthrough of the stack inside a live sandbox?

20 minutes. We e2b exec into a warm sandbox in front of you, run the lsof, open the Dockerfile, and build a small mobile app while it boots.

Frequently asked questions

What software actually runs to build a mobile app on a modern app maker?

A working AI app maker is a stack, not a single program. There is a base operating system (Debian, in mk0r's case), a JavaScript runtime (Node 20), a dev server that hot-reloads what the AI writes (Vite), a real browser the AI drives to test what it built (Chromium, plus Playwright MCP), an agent runtime that interprets your prompt (Claude Agent via ACP), and a small reverse proxy that fronts everything on one URL. mk0r's complete list lives in docker/e2b/e2b.Dockerfile in the public repo. Most listicles about mobile app maker software never name the underlying stack because the platforms they list don't publish it.

Do I need to install any of this on my laptop?

No. Nothing in the stack runs on your machine. You open mk0r.com in any browser, the server hands you a per-session container that already has every piece of software booted, and your tab streams a screencast of the in-container Chromium plus an iframe of the in-container Vite. When you close the tab, the sandbox pauses; when it ages out of the pool (45 minutes), it is replaced and your project state is restored from a git snapshot.

Where is the software actually installed?

Inside an E2B sandbox, which is a Firecracker microVM provisioned from a Docker image we build. The image is defined by docker/e2b/e2b.Dockerfile in the appmaker repo. Apt installs Chromium, Xvfb, x11vnc, websockify, ffmpeg, postgresql-client, cron, and git. A NodeSource curl-pipe-bash installs Node 20. A single npm install -g pulls in @playwright/mcp@0.0.70, ws, @agentclientprotocol/claude-agent-acp@0.25.0, @anthropic-ai/claude-code, and social-autoposter at pinned versions. Then npm create vite@latest builds the React + TypeScript scaffold at /app and adds Tailwind. The result is a single image that boots into a working dev environment.

Why are versions pinned for some packages and not others?

@playwright/mcp@0.0.70 and @agentclientprotocol/claude-agent-acp@0.25.0 are pinned because the agent loop depends on their wire formats; a minor version bump on either would change the protocol between the editor and the in-VM agent. The OS-level packages (Chromium, ffmpeg, postgresql-client, etc.) come from Debian Bookworm's repos so they're effectively pinned by the base image tag. Vite, React, and Tailwind use whatever npm create vite@latest gives you at image build time, which is fine because the scaffold is a starting point the agent rewrites freely.

Where is the stack defined in the codebase?

The Dockerfile is docker/e2b/e2b.Dockerfile in the appmaker repo. The Next.js editor lives under src/app, the agent route handlers under src/app/api, the E2B sandbox glue in src/core/e2b.ts (2,751 lines, worth reading if you want to know how the prewarm pool works), and the small in-VM scripts (proxy.js, acp-bridge.js, brd-proxy.js, scheduler-mcp.js) under docker/e2b/files/opt/. The whole pipeline is one repo, not a constellation of services.

Does mobile mean it builds native iOS and Android binaries?

No. The build target is a mobile web app served from the in-VM Vite dev server, rendered in a 390 by 844 phone-sized iframe in your tab (the iPhone 14 Pro logical viewport, hardcoded as DEVICE_SIZE in src/components/phone-preview.tsx). You can wrap the same code in Capacitor or Expo later if you want a store listing, or install the public preview URL as a Progressive Web App from your phone's share sheet. The point of the stack we ship is to skip Xcode and Android Studio for the prototype loop, not to replace native development for shipping a polished store app.

What happens to the software when I leave?

The sandbox pauses. The Firestore session record keeps your sandboxId, host, acpUrl, previewUrl, and sessionId so a return visit reattaches. If the entry has aged past POOL_MAX_AGE_MS (45 minutes by default) or its specHash no longer matches a current image, the old sandbox is discarded and a fresh one is claimed from the prewarm pool, restoring project state from the persisted git history.

Can I see the running services in a live sandbox?

Yes, with caveats. The sandbox itself is reachable through the reverse proxy on port 3000 (which fronts /acp/*, /mcp/*, /screencast, /input, /vnc, and falls through to Vite). For shell access into a live sandbox you use E2B's exec API, which the server-side code in src/core/vm.ts already wraps. Running lsof -i -P -n | grep LISTEN inside a warm sandbox returns proxy.js on 3000, MCP on 3001, ACP bridge on 3002, Chromium CDP on 9222, Vite on 5173, and websockify on 5901, plus an Xvnc on 5900 backing the websockify relay.

Is the residential proxy part of the stack?

Yes, but dormant by default. brd-proxy.js runs in every sandbox on port 3003 and does nothing until /run/brd.conf appears with credentials. When you flip the residential IP toggle in the editor, the server writes that file via execInVm and Chromium's --proxy-server flag (already pointed at 127.0.0.1:3003 at boot) starts forwarding traffic through Bright Data or SOAX, depending on PROXY_PROVIDER. Native VM traffic (curl, npm, git) bypasses the proxy by default.

Adjacent guides

If you liked this, the architecture is in three more places

Architecture

Mobile app maker online: the whole toolchain boots before you arrive

How the prewarm pool keeps a sandbox warm in Firestore so the wait between submit and first preview is two round trips, not a cold boot.

Read
Verification

Mobile app generator: the one that tests its own output

The agent navigates to the app it just wrote at 390 by 844, snapshots the DOM, reads the console, and only reports done after the browser agrees.

Read
Workflow

App maker mobile: build a mobile app in the browser, zero tooling

What the iPhone 14 Pro logical viewport gives you for free, and why a 390 by 844 iframe is enough for the prototype loop.

Read

Don't install anything. Open mk0r, type a prompt, watch a sandbox you didn't have to set up boot a mobile app at 390 by 844.

Build something now
mk0r.AI app builder
© 2026 mk0r. All rights reserved.