Quickback Quickback

GET STARTED

One Command. Complete Backend.

Pick your stack. Define your app. Ship it. The Quickback CLI scaffolds a complete, secure backend in seconds.

Choose Your Engine

Both engines compile with the same security guarantees. Pick the stack that fits your project.

Supabase

Cloud or Self-Hosted

npx @kardoe/quickback create supabase my-app
  • Full Supabase stack (Auth, Storage, Realtime)
  • Row-Level Security compiled in
  • Works with existing Supabase projects
Learn more about Supabase support

Better Auth + Cloudflare

Workers + Hono + D1

npx @kardoe/quickback create cloudflare my-app
  • Edge-native with Cloudflare Workers
  • Better Auth for modern authentication
  • Runs in YOUR Cloudflare account
Learn more about the Quickback Stack

Pick a Template

Start with a full-featured starter or an empty scaffold. Every template compiles with the same security guarantees.

Cloudflare

Multi-tenant

Production-ready on Cloudflare Workers with D1, KV, and R2. Global edge deployment with zero cold starts.

quickback create cloudflare my-app
Workers D1 Better Auth Organizations

Bun

Multi-tenant

Local development with Bun and SQLite. No cloud account needed. Easy to switch to Cloudflare later.

quickback create bun my-app
Bun SQLite Better Auth Organizations

B2B SaaS

Multi-tenant

Full B2B SaaS with organizations, file storage (R2), webhooks, and team management out of the box.

quickback create saas my-app
Workers D1 R2 Webhooks Teams

Blog / CMS

Single-tenant

Public JSON API for content, admin-only editing. Pair with any frontend — Astro, Next.js, SvelteKit.

quickback create blog my-site
Workers D1 Public API Admin Auth

Minimal API

No auth

Lightweight API with just Hono + Drizzle + SQLite. No authentication layer. For internal tools or prototypes.

quickback create minimal my-api
Bun SQLite Hono Drizzle

Empty Scaffold

Cloudflare or Bun

Config file only — no example features. Start from scratch and define exactly what you need.

quickback create empty my-app
Config only No features Your choice

All templates include Better Auth, Drizzle ORM, and Hono. View full template docs

Write What Your App Does

Define your data, rules, and actions in TypeScript. Quickback's security engine handles the rest.

1

Define your feature

applications/applications.ts 
// Schema + security rules in one file
export const applications = sqliteTable('applications', {
  id: integer('id').primaryKey(),
  orgId: text('org_id'),
  candidateId: text('candidate_id'),
  jobId: text('job_id'),
  stage: text('stage').default('applied'),
  appliedAt: text('applied_at'),
  notes: text('notes'),
});

export default defineTable(applications, {
  firewall: { organization: { } },
  guards: {
    createable: ['candidateId', 'jobId', 'notes'],
    updatable: ['notes'],
    protected: {
      stage: ['advance', 'reject'],
    },
  },
  crud: {
    list:   { access: { roles: ['recruiter', 'hiring-manager'] } },
    create: { access: { roles: ['recruiter'] } },
    update: { access: { roles: ['recruiter', 'hiring-manager'] } },
    delete: { access: { roles: ['owner'] } },
  },
});

Schema and security rules live in one file using defineTable(). Everything compiles together:

  • Drizzle ORM schema + security config together
  • Role-based access at every CRUD endpoint
  • Field guards - only allowed columns are writable
  • Protected fields locked behind typed actions
  • Audit fields auto-injected (createdAt, modifiedBy...)

One file per feature. No runtime checks to forget. Security is baked into the code.

2

Compile and ship

terminal
$
npx @kardoe/quickback login
✓ Login successful! Using organization: Acme
$
npx @kardoe/quickback compile

One command generates your complete backend:

REST API with typed SDK
Authentication & orgs
Role-based permissions
Typed actions
Audit logs
AI tool definitions
OpenAPI docs

Real TypeScript code you own and can modify anytime.

Ready to start?

Join the private beta to get early access to both engines.

Read the Docs