Database
Full PostgreSQL via a type-safe JSON DSL. JSONB, PostGIS, pgvector, full-text search, transactions, aggregations, M2M relations — all without writing SQL.
What is Pulsabase?
Pulsabase is a declarative application backend. You declare your data model, your security rules, and your server-side logic — Pulsabase runs the database, the API, the real-time layer, the authentication, the storage, the edge functions, and the deployments.
The only thing left to build is your frontend.
A different way to build
Section titled “A different way to build”Most backend development is imperative: you write a migration, then an API route, then an auth middleware, then a WebSocket handler, then a cron job — each in a different file, in a different layer, maintained separately.
Pulsabase inverts this. You declare what your data looks like and how it should behave. The platform handles the execution.
// This one file is the entire backend for a chat message.// It replaces: a migration, an API route, auth middleware,// a WebSocket subscription handler, and two RLS policies.
export default class Message { @primary id: string;
@foreignId({ references: 'id', on: 'rooms', onDelete: 'CASCADE' }) room_id: string;
@foreignId({ references: 'id', on: 'users', onDelete: 'CASCADE' }) sender_id: string;
@text(false) content: string;
static schema: ModelSchema = { tableName: 'messages', publication: true, // every mutation pushed to subscribers in real-time timestamps: true, policies: [ { action: ['SELECT'], role: 'authenticated' }, { action: ['INSERT'], role: 'authenticated' }, ], };}Run pulsabase db:sync once. The table exists, the constraints are enforced, RLS policies are active, the real-time subscription is live, and the SDK is fully typed against this model.
What changes for your team
Section titled “What changes for your team”CI/CD becomes frontend-only. Your backend logic — hooks, edge functions, cron jobs, email templates — lives inside Pulsabase. It doesn’t need to be built, containerized, or deployed independently. The blast radius of a backend change is dramatically reduced.
The monolith vs microservices question disappears. There is no backend service to architect. There is data, and there is logic declared against that data. Pulsabase orchestrates the rest.
An AI agent can build a complete application. Given access to the DSL and a Pulsabase MCP, an agent can declare models, sync the schema, configure edge functions, and call the API — without writing a single line of traditional backend code. The frontend becomes optional depending on the use case.
Security by design
Section titled “Security by design”Security is not a feature you add — it is structural.
- No SQL injection is possible. Every query is fully parameterized. The DSL has no string interpolation path to raw SQL.
- Row-Level Security is first-class. JWT claims are automatically injected into every PostgreSQL session as
request.jwt.*. Your RLS policies enforce data access at the database level, regardless of which SDK or client makes the call. - HSTS enforced. TLS is required in production. The gateway enforces HTTPS.
- Deny by default. Storage ACL policies and authentication are opt-in grants, not opt-out restrictions.
What Pulsabase includes
Section titled “What Pulsabase includes”Authentication
Built-in OIDC/OAuth2 Identity Provider. Email/password, OAuth providers, MFA (TOTP), password reset, email verification, and role-based access control.
Real-Time
Declare publication: true on any model. Every insert, update, and delete is pushed to all subscribers instantly via WebSocket. Custom named channels included.
Edge Functions
Serverless logic declared as step sequences. Chain database queries, HTTP calls, conditions, loops, SMTP emails, and webhooks. Go-native execution — no V8, no cold starts, no sandbox limitations.
Storage
S3-compatible file storage with presigned uploads, virtual folder hierarchy, and fine-grained ACL policies tied to your JWT claims.
Schema Sync
Two-way schema management. pulsabase db:sync applies your TypeScript model definitions to PostgreSQL. pulsabase db:pull generates TypeScript models from an existing database.
Analytics & Audit
Crash analytics, query performance monitoring, step-by-step edge function execution logs, and full audit trails — all built in, no external services required.
Hosting
Deploy static frontends with pulsabase deploy. Instant rollbacks, custom domains, automatic TLS, and SPA routing included.
Deployment models
Section titled “Deployment models”Pulsabase runs wherever you need it.
SaaS
Create your project on pulsabase.com. Configure everything from the dashboard. No infrastructure to provision or maintain.
On-Premise
Deploy on your own servers with Docker Compose. Your data stays on your infrastructure. Full control over networking, security, and scaling. Available for enterprise.
Multi-language SDKs
Section titled “Multi-language SDKs”import pb from './pulsabase';
// Query with filters — RLS applied automatically from the user's JWTconst messages = await pb .from(Message) .where('room_id', '=', roomId) .orderBy('created_at', 'desc') .limit(50) .find();
// Real-time subscriptionpb.from(Message) .on('INSERT') .listen((change) => console.log(change.data));
// Insert — triggers real-time push to all subscribersawait pb.from(Message).insert({ room_id: roomId, content: 'Hello' });import 'package:pulsabase/pulsabase.dart';
final messages = await pb .from('messages') .where('room_id', equals(roomId)) .orderBy('created_at', descending: true) .limit(50) .find();
pb.from('messages').on('INSERT').listen((change) { print(change.data);});curl -X POST https://yourproject.pulsabase.io/v1/query \ -H "X-Api-Key: pk_live_xxx" \ -H "Authorization: Bearer <user_jwt>" \ -H "Content-Type: application/json" \ -d '{ "action": "find", "table": "messages", "query": { "room_id": "abc-123" }, "sort": [{ "field": "created_at", "order": "desc" }], "limit": 50 }'Next Steps
Section titled “Next Steps”Installation
Quickstart
Models & Decorators
Authentication
Real-Time
API Reference