Quickback Quickback

GET STARTED

One Command. Complete Backend.

Pick your stack. Define your app. Ship it. The Quickback CLI scaffolds a complete, secure backend in seconds.

Choose Your Engine

Both engines compile with the same security guarantees. Pick the stack that fits your project.

Supabase

Cloud or Self-Hosted

npx @kardoe/quickback create supabase my-app
  • Full Supabase stack (Auth, Storage, Realtime)
  • Row-Level Security compiled in
  • Works with existing Supabase projects
Learn more about Supabase engine

Better Auth + Cloudflare

Workers + Hono + D1

npx @kardoe/quickback create cloudflare my-app
  • Edge-native with Cloudflare Workers
  • Better Auth for modern authentication
  • Runs in YOUR Cloudflare account
Learn more about Better Auth on Cloudflare

Write What Your App Does

Define your data, rules, and actions in TypeScript. Quickback's security engine handles the rest.

1

Define your feature

invoices/invoices.ts 
// Schema + security rules in one file
export const invoices = sqliteTable('invoices', {
  id: integer('id').primaryKey(),
  orgId: text('org_id'),
  description: text('description'),
  amount: real('amount'),
  dueDate: text('due_date'),
  status: text('status'),
});

export default defineTable(invoices, {
  firewall: { organization: { } },
  guards: {
    createable: ['description', 'amount', 'dueDate'],
    updatable: ['description', 'dueDate'],
    protected: {
      status: ['submit', 'approve'],
      amount: ['reviseAmount'],
    },
  },
  crud: {
    list:   { access: { roles: ['member', 'admin'] } },
    create: { access: { roles: ['finance', 'admin'] } },
    update: { access: { roles: ['admin'], or: 'owner' } },
    delete: { access: { roles: ['admin'] } },
  },
});

Schema and security rules live in one file using defineTable(). Everything compiles together:

  • Drizzle ORM schema + security config together
  • Role-based access at every CRUD endpoint
  • Field guards - only allowed columns are writable
  • Protected fields locked behind typed actions
  • Audit fields auto-injected (createdAt, modifiedBy...)

One file per feature. No runtime checks to forget. Security is baked into the code.

2

Compile and ship

terminal
$
npx @kardoe/quickback login
✓ Login successful! Using organization: Acme
$
npx @kardoe/quickback compile

One command generates your complete backend:

REST API with typed SDK
Authentication & orgs
Role-based permissions
Typed actions
Audit logs
AI tool definitions
OpenAPI docs

Real TypeScript code you own and can modify anytime.

Ready to start?

Join the private beta to get early access to both engines.

Read the Docs