Quickback Quickback

Now in Private Beta

Build your app.
We compile the backend.

Define your schema and security rules in TypeScript. Quickback compiles them into production-ready backends - Supabase RLS policies, a full Cloudflare edge stack, or both. Pick the pieces you need.

Works with

Supabase Supabase
Cloudflare Cloudflare
Neon Neon
Why Quickback

THE SECURITY ENGINE

Security isn't your problem anymore.

Whether you're targeting Supabase RLS or a full Cloudflare stack, Quickback's security engine compiles all of it into your code - so you can focus on what makes your app unique.

Firewall

Every table needs a scope column. Tenant isolation enforced at the database level.

Access

Role-based permissions. Deny by default. Compiled into middleware.

Guards

Field-level protection. Only permitted fields can be written.

Masking

PII redaction in responses. Sensitive data never leaks.

Why Quickback

THE QUICKBACK SUITE

Use the pieces you need. Or ship the whole thing.

Write your definitions once. Quickback compiles them into exactly what you need.

THE ENGINE

Quickback Compiler

Turns your TypeScript definitions into Supabase RLS policies or a full Hono + Drizzle API. Same security rules, multiple targets.

  • • Supabase - compiled RLS policies (no API, just security)
  • • Cloudflare D1 - full Hono API + database
  • • Neon - full Hono API + RLS + Better Auth
npx @kardoe/quickback compile Explore the Compiler

THE FULL STACK

Supabase Alternative

Quickback Stack

Everything Supabase gives you - auth, database, storage, realtime, edge functions - running on your own Cloudflare account. No platform dependency.

  • • D1 database (SQLite at the edge)
  • • R2 storage (zero egress fees)
  • • KV cache + Durable Objects realtime
  • • Better Auth + Workers runtime
npx @kardoe/quickback create cloudflare my-app Explore the Stack

THE FRONTEND

Quickback Account UI

A production-ready React SPA for authentication and account management. Multi-tenancy from day one. Deploy to Cloudflare Workers on your own subdomain.

  • • Passkeys, magic links, email OTP
  • • Organization management + roles
  • • Admin panel + API keys
  • • Customizable via environment variables
npx wrangler deploy See the Account UI

Same definitions power all three. Change your schema once. Recompile. Everything updates.

SEE IT IN ACTION

Define once. Compile to any target.

quickback/features/todos/todos.ts 
export default defineTable(todos, {
  firewall: { organization: {}  },
  guards: {
    createable: ["title", "content"],
    updatable: ["title", "content"],
    protected: { status: ["complete"] },
  },
  crud: {
    list:   { access: { roles: ["member", "admin"] } },
    create: { access: { roles: ["member", "admin"] } },
    update: { access: { roles: ["member", "admin"] } },
    delete: { access: { roles: ["admin"] } },
  },
});
compiled output 
-- Generated by Quickback Compiler
CREATE POLICY "todos_org_isolation" ON "todos"
  FOR ALL USING (
    organization_id = auth.jwt() ->> 'org_id'
  );

CREATE POLICY "todos_member_select" ON "todos"
  FOR SELECT USING (
    auth.jwt() ->> 'role' IN ('member', 'admin')
  );

CREATE POLICY "todos_admin_delete" ON "todos"
  FOR DELETE USING (
    auth.jwt() ->> 'role' = 'admin'
  );

Try it now

npx @kardoe/quickback create cloudflare my-app
Browse templates

HOW IT WORKS

Three steps to production

1

Define your data + rules

Use Drizzle ORM for your schema. Add security rules, access policies, and typed actions - all in TypeScript.

2

Choose your target

Supabase for compiled RLS. Cloudflare for a full edge stack. Or both.

3

Compile and ship

Run quickback compile and deploy. Complete backend in minutes.

See detailed walkthrough

DEVELOPER ECOSYSTEM

Free tools. Open source plugins. No strings.

CLI

One command to scaffold, compile, and deploy. Templates for every stack.

Claude Code Plugin

AI-assisted backend development. Describe your feature, get a compiled API.

Better Auth Plugins

AWS SES email, passwordless auth, anonymous user upgrades. Published under @kardoe/ on npm.

Free on npm

Account UI

Production-ready auth frontend. Passkeys, magic links, org management - plugs straight into Better Auth.

Real Code. Really Yours.

Quickback is a compiler, not a platform. The output is standard TypeScript - Hono, Drizzle, Better Auth - on infrastructure you control. Recompile when your definitions change. Custom actions are never overwritten. You own the code forever.

TypeScript
Standard code
Hono
API framework
Drizzle
ORM layer
Your Infra
Run anywhere

WHO IT'S FOR

Built for builders at every level

First-Time Builders

Your first backend doesn't have to be a security nightmare. Security is the default.

Learn more →

Indie Developers

Ship your SaaS this weekend. Strong opinions, secure defaults, patterns that work.

Learn more →

Supabase Users

Love Supabase? Keep it. Quickback compiles your security rules into RLS policies.

Learn more →

CISOs & Enterprise

Let teams build. Compile-time governance makes "yes" possible.

Learn more →

FAQ

Questions you're already asking

What happens when I need custom logic beyond CRUD?

That's what Actions are for. Define typed business operations - approve an invoice, stream an AI response, process a webhook - with the same security guarantees as your CRUD endpoints. Actions have full access to the database, user context, and any external service. There's no ceiling: if you can write it in TypeScript, you can ship it as an action.

What happens when I recompile? Do I lose my changes?

Recompiling overwrites the generated API code - and that's the point. Your definitions and actions are your source of truth. The generated src/ folder is output, like a build artifact. Change your definitions, recompile, and your entire API updates. Custom logic lives in actions, which are never overwritten.

How is this different from Supabase?

Quickback isn't competing with Supabase - the Compiler works with it, generating RLS from your definitions so you never write policies by hand. But if you want to own the whole stack, Quickback Stack gives you a complete Supabase-equivalent backend on your own Cloudflare account, and the Account UI gives you a ready-made auth frontend. Same definitions power all three.

Do I need Postgres? What databases are supported?

Quickback supports Cloudflare D1 (SQLite at the edge), Supabase Postgres (cloud or self-hosted), and Neon Postgres (serverless). The same definitions compile to different database targets - choose the one that fits your stack.

Am I locked into Quickback?

No. The output is standard TypeScript - Hono routes, Drizzle ORM, Better Auth. If you stop using Quickback tomorrow, you still have a working codebase built on well-known libraries. There's nothing proprietary in the generated code.

What is the Account UI?

A production-ready React SPA that plugs directly into your Quickback Stack or any Better Auth backend. Login, signup, passkeys, magic links, email OTP, organization management, role assignments, team creation, invitations, and an admin panel - out of the box. Deploy it as a Cloudflare Worker on your own subdomain. Fully customizable through environment variables.

Private Beta Open

Join the Beta

We're onboarding early adopters now. Get hands-on access, direct support, and help shape the future of backend development.

Read the Docs