Describe it in plain language and let AI build it — or write it yourself. Either way you ship a production-grade backend, deployed to the edge worldwide. Built for professional developers and vibe coders alike.
Type a question and a model turns it into a reviewable query — then runs it. Every plan passes through your permissions DSL, so each caller sees only the rows and fields their role allows.
A streamable MCP server ships in the box — point Claude, Codex, Cursor, or any agent at it and build by talking. Every tool call runs through your permissions DSL, with a per-key tool allowlist and read-only guards.
same wiring for Cursor, Claude Desktop, or any MCP client — one URL + a pak_… key · falls back to ANTHROPIC_API_KEY
No black box. The collection editor in the admin runs the same DDL your migrations would have. The permission DSL the admin writes is the same string your client sends as ?filter.
Connect a workspace from the admin and every data event flows to chat, alerting, analytics, search, and issue trackers. Scope by collection, secrets encrypted at rest — no glue code.
Deploy to Cloudflare Workers and your API runs in 330+ cities on six continents. The request never crosses an ocean to find its origin — database reads, live subscriptions, and file fetches all happen at the city closest to the user.
Same Apache-2.0 codebase, same admin, same API — running on Cloudflare's Workers + D1 + R2. 30 seconds from signup to first deploy, 50ms first request, 330+ edge cities. One-click export if you ever want to bring it back home.
Sign up the first user. They get admin. From there, define a collection in the admin and the API endpoint exists immediately — no redeploy, no codegen step, no schema versioning gymnastics.
Drop a column, the column is gone. Rename a collection, the API path moves with it.
TypeScript is the reference client; native clients ship for ten more languages. Every one wraps the same REST + SSE surface — CRUD, a fluent query builder, auth, realtime, and storage.
Other tools do parts of this. backlex's design choice is to keep every part under one source tree, behind one API, deployable to five targets — without forking.
| Capability | backlex | Supabase | Firebase | Directus | Roll-your-own |
|---|---|---|---|---|---|
| Self-host, Apache-2.0 licensed | ✓ | partial | no | ✓ | ✓ |
| Runs on Cloudflare Workers | ✓ | no | no | no | if you build it |
| Change schema at runtime | ✓ | migrations only | schemaless | ✓ | depends |
| Adopt an existing database as-is | ✓ | no | no | limited | depends |
| Declarative row & field permissions | ✓ | RLS | Security Rules | ✓ | build it |
| Per-event realtime permission filter | ✓ | RLS-based | rules-based | no | build it |
| Edge functions sandbox + host bridge | ✓ | ✓ | Cloud Functions | no | build it |
| Visual flow builder | ✓ | no | no | ✓ | build it |
| Client SDKs (official) | 11 langs | 4 | 5 | JS / TS | build it |
| Unified messaging (push + SMS) | ✓ | OTP only | push only | no | build it |
| Durable job queue (retry + DLQ) | ✓ | pgmq | Cloud Tasks | no | build it |
| Feature flags + remote config | ✓ | no | Remote Config | no | build it |
| Offline-first sync | ✓ | PowerSync | built-in | no | build it |
| SAML 2.0 + LDAP / AD | ✓ | enterprise | enterprise | enterprise | build it |
Self-host stays the default — most teams want to own their own DB credentials. backlex Cloud (managed, private beta) runs the same Apache-2.0 codebase on Cloudflare for teams who'd rather not, with one-click export so you can leave any time.
“Everything an operator needs lives behind one URL. The schema editor writes the same DDL your migrations would have. The permission DSL the admin writes is the same string your client sends as a query parameter. There is no second layer to learn.”
Five-minute getting-started, the permission DSL spec, five deploy walkthroughs, and a sandbox guide. All in one place.