Rocket.Chat

Rocket.Chat is an open-source, secure communications platform built entirely in TypeScript, designed for organizations with strict requirements around data privacy, compliance, and infrastructure control. Trusted by tens of millions of users across 150+ countries — including Deutsche Bahn, the US Navy, and Credit Suisse — it delivers real-time messaging, voice, video, and omnichannel customer engagement without surrendering control of your data.

The platform supports flexible deployment across Docker, Podman, Kubernetes, and air-gapped environments where no internet access is available, making it uniquely suited for defense, government, and regulated industries. A native Apps-Engine framework enables organizations to build custom integrations in TypeScript without vendor lock-in, while federation allows secure cross-server communication between independently operated Rocket.Chat instances.

Built on a modernized Meteor stack with a microservices layer powered by NATS and Moleculer, Rocket.Chat handles everything from internal team collaboration to customer-facing omnichannel support across WhatsApp, SMS, email, and web chat — all within a single, self-hosted workspace. Its dual-license model keeps the community core MIT-licensed while segregating enterprise features in a separately governed directory.

What You Get

• Air-gapped deployment - Run Rocket.Chat completely offline on isolated networks with no internet access, purpose-built for classified environments like NIPRNet and SIPRNet.
• Federated communications - Connect independent Rocket.Chat servers to securely share messages and resources across organizations or government agencies using Matrix-compatible federation.
• Omnichannel customer engagement - Unify inbound communications from WhatsApp, SMS, email, web chat, and social platforms into a single agent workspace with routing, queuing, and analytics.
• End-to-end encrypted messaging - Protect sensitive conversations with E2E encryption at the message level, with key management controlled entirely by your organization.
• Apps-Engine extensibility - Build and deploy custom TypeScript applications that run natively inside Rocket.Chat to integrate with internal systems or automate complex workflows.
• WebRTC audio/video conferencing - Conduct voice and video calls with screen sharing directly in the platform, with optional recording for compliance purposes.
• Role and attribute-based access control (ABAC) - Enforce granular permissions across rooms, features, and data access using a dedicated ABAC service that runs as an independent microservice.
• Multi-platform clients - Access Rocket.Chat via web, iOS, Android, macOS, Windows, and Linux desktop apps, all synchronized in real time.

Common Use Cases

• Military command and control - A defense unit deploys Rocket.Chat on an air-gapped, on-premise server to coordinate classified operations in real time without any data traversing external networks.
• Government citizen engagement - A municipal agency integrates Rocket.Chat with WhatsApp and SMS to provide emergency alerts and support queries while keeping all citizen data within sovereign infrastructure.
• Enterprise Slack migration - A financial services firm moves off Slack to gain full data control, end-to-end encryption, and compliance with internal data governance policies across thousands of employees.
• Cross-organization secure collaboration - A power grid operator federates its Rocket.Chat instance with partner utility companies, enabling secure operational data sharing without exposing internal networks.
• Customer support omnichannel hub - A retail company routes customer inquiries from WhatsApp, webchat, and email into a unified Rocket.Chat workspace where agents respond from a single queue.
• Developer team collaboration with custom apps - An engineering organization builds internal Apps-Engine integrations to surface CI/CD alerts, on-call rotations, and incident management directly in team channels.

Under The Hood

Architecture Rocket.Chat is organized as a large Turbo-managed monorepo spanning apps, packages, and enterprise directories, with clear separation between the MIT-licensed community core and the separately governed enterprise edition code. The primary application is a Meteor server incrementally migrated toward a microservices model: authorization, presence, omnichannel transcript, and DDP streaming have been extracted into independent services orchestrated via NATS message broker with Moleculer as the service framework. A LocalBroker abstraction allows the same service interfaces to run in-process during development or as true remote microservices in production, giving the architecture dual-mode flexibility without branching the codebase. Enterprise features are strictly confined to the ee/ and apps/meteor/ee/ directories, enforced by a build-time fossify script that strips those paths for community releases, preserving FOSS integrity at the repository level.

Tech Stack The backend runs on Node.js 22 with Meteor as the application framework, supplemented by TypeScript across the entire codebase for end-to-end type safety from REST endpoints through model definitions. MongoDB with replica sets and oplog tailing powers real-time data synchronization, while NATS handles inter-service messaging and Moleculer manages service discovery and RPC. REST APIs are defined with AJV-based JSON Schema validators automatically derived from TypeScript types, providing self-validating, self-documenting endpoints without a separate API description step. The frontend is React with a Fuselage design system component library, while mobile apps are built in React Native. Deployment targets include Docker, Kubernetes (with a Launchpad simplified installer), and air-gapped bare-metal setups. Deno 1.43 is used for select microservices. Build orchestration uses Turbo with Yarn workspaces across 55+ packages.

Code Quality The testing footprint is extensive, with over 680 test files combining Jest unit tests, server-side integration tests, and Playwright end-to-end tests covering authentication, federation, omnichannel flows, and accessibility. Client and server test configurations are maintained separately with mocked Meteor internals, ensuring isolated test environments. TypeScript strict mode is enforced project-wide, with well-typed model interfaces in core-typings shared across client, server, and microservice packages. ESLint with custom rules and a Prettier formatter enforce consistent style, and CI pipelines include Codecov integration for coverage tracking. Error handling follows explicit typed patterns using MeteorError wrappers, and OpenTelemetry tracing is wired into service calls for observability in production deployments.

What Makes It Unique Rocket.Chat’s dual-mode broker architecture — where the same IBroker interface can resolve calls locally in monolith mode or route them over NATS in microservices mode — enables a gradual scaling path that most self-hosted alternatives cannot match without re-architecture. The attribute-based access control (ABAC) system, managed as an independent service, goes significantly beyond the role-based models found in typical open-source chat platforms, supporting fine-grained redaction and permission enforcement at the message-field level. The Apps-Engine framework provides a genuinely sandboxed extension model where third-party applications cannot access raw database connections or internal APIs, a security boundary most extensible chat platforms do not enforce. Native Matrix protocol federation, combined with air-gapped deployment support and DoD IL6-grade compliance features, positions Rocket.Chat in a category largely unoccupied by other open-source team communication tools.

Self-Hosting

Rocket.Chat uses a split-license model: the community core (everything outside the ee/ and apps/meteor/ee/ directories) is released under the MIT license, which means you can use it commercially, modify it freely, and distribute it without restriction. The enterprise edition code that lives in those dedicated directories is governed by a separate commercial license that requires a paid Rocket.Chat subscription for production use. This is a common model for mature open-source platforms seeking sustainable commercial funding, and the project maintains a build-time fossify script to strip EE code from community releases — so the FOSS version you download is genuinely MIT-licensed with no embedded commercial code.

Running Rocket.Chat yourself carries a meaningful operational footprint. The recommended production setup requires MongoDB with replica sets (oplog tailing is mandatory for real-time features), Node.js 22, and sufficient compute to run both the Meteor application and optional microservices for authorization, presence, and DDP streaming. A Kubernetes deployment with the Launchpad installer simplifies initial setup but still requires ongoing management of container orchestration, persistent storage for uploaded files, MongoDB backups, and SSL termination. Expect to invest engineering time in upgrades — the project follows a roughly monthly release cadence and breaking changes do occur between major versions — as well as monitoring, scaling MongoDB under load, and maintaining push notification infrastructure for mobile clients.

Compared to Rocket.Chat’s managed cloud offering, self-hosting means you absorb responsibility for uptime, disaster recovery, scaling decisions, and security patching. The hosted tier includes managed upgrades, SLA-backed uptime, built-in high availability, and access to enterprise features like advanced omnichannel analytics, LDAP/SAML with advanced attribute mapping, and priority support. Self-hosters can access some enterprise features through a community license if they qualify, but production enterprise capabilities — including the ABAC service, advanced compliance export, and official support channels — require a paid plan regardless of how the software is deployed.