# Quickback

> Build your app. We compile the backend.

Quickback is a backend compiler that transforms declarative TypeScript definitions into secure, production-ready APIs. You define your database schema and security rules in a single file using Drizzle ORM — Quickback compiles them into a deployable backend with authentication, role-based permissions, tenant isolation, and field-level security.

The output is standard TypeScript (Hono, Drizzle, Better Auth) running on your own infrastructure. Not a managed platform — real code you own and control.

## How It Works

1. **Define** — Schema + security rules in TypeScript using `defineTable()`
2. **Compile** — Quickback generates API routes, middleware, migrations, and RLS policies
3. **Deploy** — Standard tooling to Cloudflare Workers, Supabase, or Neon

## Four Security Layers

Every API request passes through four layers in order:
- **Firewall** — Tenant isolation via automatic WHERE clauses
- **Access** — Role-based CRUD permissions (deny by default)
- **Guards** — Field modification rules (protected/immutable fields)
- **Masking** — PII redaction for unauthorized viewers

## Documentation

### Getting Started

- [Quick Start](https://docs.quickback.dev/compiler/getting-started): Define database tables with security configuration and compile them into a production-ready API in minutes.
- [How It All Fits Together](https://docs.quickback.dev/compiler/definitions/concepts): The mental model for Quickback: every request passes through four security layers in order — Firewall, Access, Guards, Masking.
- [Complete Example](https://docs.quickback.dev/compiler/getting-started/full-example): See what you define and what Quickback generates — from a single TypeScript file to a full API with security.
- [Common Patterns](https://docs.quickback.dev/compiler/getting-started/patterns): Recipes for common scenarios — public/private data, user-scoped resources, multi-table features, and more.
- [CLI Reference](https://docs.quickback.dev/compiler/cloud-compiler/cli): Create, compile, and manage backend projects. One command to scaffold, one to compile.

### Defining Your Backend

- [Database Schema](https://docs.quickback.dev/compiler/definitions/schema): Define tables using Drizzle ORM with defineTable(). Schema and security config live in a single TypeScript file.
- [Security Layers Overview](https://docs.quickback.dev/compiler/definitions): How Firewall, Access, Guards, and Masking work together to secure every request.
- [Views](https://docs.quickback.dev/compiler/definitions/views): Column-level security that controls which fields are visible based on the requesting user's role.
- [Actions](https://docs.quickback.dev/compiler/definitions/actions): Custom API endpoints for business logic beyond CRUD — workflows, integrations, and complex operations with type-safe handlers.
- [Validation](https://docs.quickback.dev/compiler/definitions/validation): Field-level validation rules compiled into the API.

### Security Pillars

- [Firewall — Data Isolation](https://docs.quickback.dev/compiler/definitions/firewall): Automatic WHERE clauses that scope every query by user, organization, or team. Prevents cross-tenant data access at the database level.
- [Access — Role & Condition-Based Control](https://docs.quickback.dev/compiler/definitions/access): Define who can perform CRUD operations and under what conditions. Role-based and record-level access rules, deny by default.
- [Guards — Field Modification Rules](https://docs.quickback.dev/compiler/definitions/guards): Control which fields can be set on create vs update. Protected fields, immutable fields, and computed defaults.
- [Masking — Field Redaction](https://docs.quickback.dev/compiler/definitions/masking): Hide PII from unauthorized users. Built-in masks for email, phone, SSN, credit cards, plus custom redaction rules.

### Using the API

- [API Overview](https://docs.quickback.dev/compiler/using-the-api): Auto-generated RESTful endpoints for list, get, create, update, delete, and upsert.
- [CRUD Operations](https://docs.quickback.dev/compiler/using-the-api/crud): Create, read, update, and delete records with full security enforcement.
- [Filtering & Sorting](https://docs.quickback.dev/compiler/using-the-api/query-params): Query parameters for filtering, sorting, pagination, field selection, and search.
- [Batch Operations](https://docs.quickback.dev/compiler/using-the-api/batch-operations): Create, update, or delete multiple records in a single request.
- [Views API](https://docs.quickback.dev/compiler/using-the-api/views-api): Query named view projections with role-based field visibility.
- [Actions API](https://docs.quickback.dev/compiler/using-the-api/actions-api): Execute custom business logic via action endpoints.
- [Error Handling](https://docs.quickback.dev/compiler/using-the-api/errors): Structured error responses with layer identification and actionable hints.
- [OpenAPI Specification](https://docs.quickback.dev/compiler/using-the-api/openapi): Auto-generated OpenAPI spec for your compiled API.

### Compiler

- [Compiler Overview](https://docs.quickback.dev/compiler): Transforms declarative TypeScript definitions into optimized production code, validates security configuration, and generates database migrations.
- [Cloud Compiler](https://docs.quickback.dev/compiler/cloud-compiler): Compile in the cloud without local dependencies. Send definitions, get back a complete deployable project.
- [Local Compiler](https://docs.quickback.dev/compiler/cloud-compiler/local-compiler): Run the compiler locally via Docker for offline development and CI/CD pipelines.

### Stack & Deployment

- [Stack Overview](https://docs.quickback.dev/stack): Full-stack edge deployment: Hono API on Workers, D1 database, Better Auth, R2 file storage, KV, Queues, and Durable Objects for realtime.
- [D1 Database](https://docs.quickback.dev/stack/database/d1): SQLite at the edge with automatic migrations, split read/write databases, and Quickback security layers.
- [Neon Database](https://docs.quickback.dev/stack/database/neon): Serverless Postgres with compiled RLS policies and branching support.
- [KV Storage](https://docs.quickback.dev/stack/storage/kv): Global key-value storage for sessions, cache, and configuration data.
- [File Storage (R2)](https://docs.quickback.dev/stack/storage/r2): S3-compatible object storage with presigned uploads and Quickback access control.
- [Automatic Embeddings](https://docs.quickback.dev/stack/vector/embeddings): Vector embeddings via Workers AI and Queues for semantic search on your data.
- [Queue Handlers](https://docs.quickback.dev/stack/queues): Background job processing with Cloudflare Queues for async workflows.
- [Realtime](https://docs.quickback.dev/stack/realtime): WebSocket notifications via Durable Objects for live updates on data changes.
- [Webhooks](https://docs.quickback.dev/stack/webhooks): Inbound and outbound webhook support for integrating with external services.

### Authentication

- [Authentication Overview](https://docs.quickback.dev/stack/auth): Better Auth integration with multi-tenant organization support.
- [Auth Plugins](https://docs.quickback.dev/stack/auth/plugins): Open-source plugins for Better Auth: email OTP, magic links, passkeys, anonymous auth, and more.
- [Authentication Security](https://docs.quickback.dev/stack/auth/security): Cookie security, rate limiting, CORS, and cross-domain auth configuration for production.

### Account UI

- [Account UI](https://docs.quickback.dev/account-ui): Pre-built React authentication and account management UI for Better Auth with multi-tenant organization support.
- [Environment Variables](https://docs.quickback.dev/account-ui/environment-variables): Complete reference for configuring Account UI deployment.
- [Customization](https://docs.quickback.dev/account-ui/customization): Customize branding, labels, and messaging in the Account UI.
- [Worker Setup](https://docs.quickback.dev/account-ui/worker): Deploy Account UI to Cloudflare Workers.
- [With Quickback Stack](https://docs.quickback.dev/account-ui/with-quickback): Full auth frontend connected to the Quickback Stack with Better Auth integration.

### Developer Tools

- [Claude Code Integration](https://docs.quickback.dev/plugins-tools/claude-code-skill): AI-powered skill for Claude Code that provides documentation lookup and code generation for Quickback definitions.
- [Getting Started with Claude Code](https://docs.quickback.dev/compiler/getting-started/claude-code): Use Claude Code to build Quickback applications with AI assistance.