Boogy: Production Infrastructure for Vibe Coders

Your backend shipsas fast as your prompt.

Prompt an agent, get a full backend — REST, RPC, MCP, sandboxed DB and auth, deployed in seconds. Every iteration is instant. Fast, secure, free to start.

claude code

> Build me a bookmarks API with CRUD endpoints

I'll create a bookmarks API with full CRUD. Let me scaffold the Rust project and write the handlers.

Created src/lib.rs — BookmarksApi with Router

Created boogy.toml — store + auth capabilities

Building for wasm32-wasip2...

Compiled successfully.

Deploying to boogy.ai/my-app/api/bookmarks...

✓ Deployed. Live at /my-app/api/bookmarks

> Add a search method that filters by tag

I'll add a GET /bookmarks/search?tag= endpoint with a store filter query.

Updated src/lib.rs — added search_by_tag handler

Building...

Deploying...

✓ Redeployed. New endpoint live.

$ curl https://boogy.ai/my-app/api/bookmarks/search?tag=rust

[{"id":3,"url":"https://doc.rust-lang.org","tags":["rust"]}]

Two prompts. Two deploys. Zero infrastructure. 🚀💥

Vibe a node. Get a network.

Every API on Boogy is a node you can call — other devs', companies', and core services alike. Calls run in-process, not over the wire: no network hop, no SDKs, no keys to manage, just microsecond service-to-service latency.

// calls to other APIs on the mesh

peer::query("boogy://chainlink/oracle/price?sym=ETH")

peer::execute("boogy://venmo/payments/charge", order)

peer::execute("boogy://openrouter/chat/completions", prompt)

Blazing fast executionthousands of requests/sec per API

Zero-trust by defaultevery call carries identity, scope, audit

Per-API isolated DBtransactional, lightning fast, mistakes stay contained

Real code, no ceilingcode/Wasm, not no-code blocks

Get Started

Vibe a node. Get a network.

Every API on Boogy is a node you can call — other devs', companies', and core services alike. Calls run in-process, not over the wire: no network hop, no SDKs, no keys to manage, just microsecond service-to-service latency.

// calls to other APIs on the mesh

peer::query("boogy://chainlink/oracle/price?sym=ETH")

peer::execute("boogy://venmo/payments/charge", order)

peer::execute("boogy://openrouter/chat/completions", prompt)

Blazing fast executionthousands of requests/sec per API

Zero-trust by defaultevery call carries identity, scope, audit

Per-API isolated DBtransactional, lightning fast, mistakes stay contained

Real code, no ceilingcode/Wasm, not no-code blocks

claude code

> Build me a bookmarks API with CRUD endpoints

I'll create a bookmarks API with full CRUD. Let me scaffold the Rust project and write the handlers.

Created src/lib.rs — BookmarksApi with Router

Created boogy.toml — store + auth capabilities

Building for wasm32-wasip2...

Compiled successfully.

Deploying to boogy.ai/my-app/api/bookmarks...

✓ Deployed. Live at /my-app/api/bookmarks

> Add a search method that filters by tag

I'll add a GET /bookmarks/search?tag= endpoint with a store filter query.

Updated src/lib.rs — added search_by_tag handler

Building...

Deploying...

✓ Redeployed. New endpoint live.

$ curl https://boogy.ai/my-app/api/bookmarks/search?tag=rust

[{"id":3,"url":"https://doc.rust-lang.org","tags":["rust"]}]

Two prompts. Two deploys. Zero infrastructure. 🚀💥

Get Started

01 / The Runtime

A shared runtime for everything you build.

Every API you deploy is a node anyone can call. Services call services, agents call APIs, apps stitch them together — and because calls dispatch in-process, not over the network, hops are microseconds, not milliseconds.

Identity, permissions, and audit ride every message automatically, so the whole mesh composes safely. A runtime that gets more powerful with everything shipped on it.

Unified identity — humans, agents, and services share one token format

In-process composition — cross-service calls are function calls, not hops

Organic growth — deploy one API today, a mesh of fifty tomorrow

Federation — the runtime spans machines without configuration changes

Unified identity — humans, agents, and services share one token format

In-process composition — cross-service calls are function calls, not hops

Organic growth — deploy one API today, a mesh of fifty tomorrow

Federation — the runtime spans machines without configuration changes

02 / Developer Experience

From idea to API in minutes.

1 — Write your API

struct HelloApi;

impl Api for HelloApi { fn build_router() -> Router { Router::new() .get("/api/hello", |_| { Ok(Json(json!({"msg": "hello"}))) }) } }

+

2 — Declare your manifest

boogy.toml

[api] id = "hello"

[capabilities] store = true auth = true

[ingress] mode = "authenticated"

↓

3 — Build & deploy

Build

cargo build --target wasm32-wasip2 --release

Deploy (single POST)

curl -X POST https://boogy.ai/v1/wasm \ -F [email protected] \ -F wasm=@target/wasm32-wasip2/release/my_api.wasm

It's live under your handle (@my-app)

curl https://boogy.ai/my-app/api/hello {"msg": "hello"}

— That's a deployed backend with its own database, auth, ingress policy, and metrics.

03 / Auth That Flows

Every call carries identity. Every boundary checks it.

Log in once, and you're authenticated across every service and app in the mesh. One global identity — passkeys, keypairs, or service credentials — all produce the same cryptographically signed, tamper-proof token. At the same time, each API can issue its own scoped keys for fine-grained access control within its own boundaries.

Global Identity

One login, every service. Your identity follows you across the entire mesh — no per-service auth, no session juggling.

Principal vs. Actor

API-A calls API-B on behalf of Alice. B sees Alice as principal, A as actor. Authorization keys off who the request is for — not who's making it.

Scoped Delegation

Services delegate on your behalf with capped permissions. 'Acting for Alice, requesting notes:read.' Scopes can't escalate.

Per-API Keys

Each API issues its own sk_* keys — like Stripe tokens. Use them to guard specific resources, routes, or actions. Scoped to that API, revoke independently.

Five ingress modes

Every API declares how it wants to be reached. The runtime enforces auth before your code runs — no middleware, no guards, no boilerplate. Pick the mode that fits each API.

public

Anyone can call. No token required.

authenticated

Valid token required. Deny-by-default.

allowlist

Named agents only. Explicit trust.

internal

Service-to-service only. Allow the whole mesh with ["*"].

mixed

Different rules per route.

All enforced before Wasm instantiates. Denials never touch your code.

04 / Secrets Without Compromise

Your code requests a secret by name. Wasm never sees the value.

The runtime injects secrets at the wire edge. They flow from your vault to the host to the outbound request — never entering Wasm linear memory. Even a fully compromised component can only reach manifest-allowlisted hosts.

05 / BoogyDB

Built for speed. From the ground up.

Every API gets its own embedded BoogyDB instance — a custom B+ tree storage engine with per-table concurrency, a redo-log WAL, and lazy row decoding. The entire database is just one file (two if vector search is enabled). No shared schema, no server process. Consistently 1.5–3x faster than SQLite on mixed workloads, scaling to 100K+ ops/sec with secondary indexes. Tables and vector collections can be individually encrypted with AES-256-GCM.

View BoogyDB on GitHub →

0.0M

gets/sec

in-memory hot path

0K+

ops/sec

with secondary indexes

0.00µs

point read

lazy row decoding

0.0×

vs SQLite

single-insert ACID tx

Mixed Workload (indexed, ops/sec)

Reads, writes, queries, and counts running concurrently.

1 thread2.2x

boogy

85,013 ops/s

sqlite

39,157 ops/s

4 threads1.9x

boogy

88,480 ops/s

sqlite

46,639 ops/s

8 threads1.8x

boogy

89,601 ops/s

sqlite

51,073 ops/s

ACID Transactions (tx/sec)

Durable, atomic operations with rollback guarantees.

Single insert tx2.7x

boogy

391,000 tx/s

sqlite

143,000 tx/s

Mixed tx (ins+get+upd)1.9x

boogy

110,000 tx/s

sqlite

59,000 tx/s

10 rows/tx insert1.4x

boogy

616,000 r/s

sqlite

436,000 r/s

Related Lookups / Joins (queries/sec)

Fetching related rows across tables — the real-world query pattern.

No index, 1 thread3.2x

boogy

2,397 q/s

sqlite

743 q/s

Indexed, no sort2.9x

boogy

462,829 q/s

sqlite

161,346 q/s

Indexed, 8 threads1.5x

boogy

185,018 q/s

sqlite

120,673 q/s

Point Operations

Single-row gets and inserts — the hot path.

Get (10K rows)4.8x

boogy

3,800,000 /s

sqlite

800,000 /s

Insert (durable)1.6x

boogy

207,000 /s

sqlite

130,000 /s

Bulk insert (100)1.8x

boogy

888,000 r/s

sqlite

493,000 r/s

06 / Vector Search

Embedded vector database. RAG-ready out of the box.

Every BoogyDB instance includes a built-in vector database for retrieval-augmented generation, semantic search, and similarity matching. HNSW approximate nearest-neighbor search with AVX2 SIMD acceleration, mmap'd storage, and its own dedicated WAL. Pre-filtered search evaluates metadata predicates inline during graph traversal. Three distance metrics: cosine, euclidean, and dot product. Competitive with usearch (the fastest single-file ANN library) while adding ACID durability, crash recovery, and per-collection encryption.

10K Vectors (128d, cosine, k=10)

Search

192 µs

usearch: 131 µs

Insert

1,974 v/s

usearch: 2,619 v/s

Recall

66.9%

usearch: 65.9%

50K Vectors (128d, cosine, k=10)

Search

296 µs

usearch: 294 µs

Insert

1,132 v/s

usearch: 1,186 v/s

Recall

39.3%

usearch: 35.9%

Higher recall with comparable latency — plus ACID durability, WAL crash recovery, and AES-256 encryption. Zero overhead on CRUD when vector collections aren't in use.

07 / Background Jobs

Durable work, beyond the request.

Kick off work from any handler — an HTTP request, a cron tick, or another job. Every job runs to completion: automatic retries with backoff, failed jobs set aside for inspection, and near-instant pickup. And it runs as you — same principal, same scopes, same auth model as your synchronous code.

Identity Replay

Handlers execute with the enqueuer's frozen principal and scopes. auth::current_principal() works identically to sync code.

Multi-Tenant Fairness

Per-tenant depth caps prevent queue flooding. Per-tenant in-flight caps prevent execution starvation. No noisy neighbors.

Cron Scheduling

6-field cron expressions in the manifest. Cluster-wide advisory lock election — exactly one tick per interval, self-healing.

Cancellation

Pending jobs cancel instantly. Running jobs cancel via heartbeat + epoch interruption — bounded latency, no collateral.

<1s

dispatch latency

3

trigger sources

∞

retry + backoff

0

single points of failure

08 / Zero Trust, Zero Boilerplate

15 lines of TOML. No middleware. No gateway. No secrets manager.

Every API ships with a boogy.toml manifest that declares what it can do, who can call it, and how it behaves. Capabilities, ingress policy, rate limits, secrets, delegation rules, storage engine — all in one file. The runtime reads it and enforces everything before your code runs. No middleware to wire up. No gateway to configure.

[capabilities] store = true auth = true peer = true outbound_http = true

[ingress] mode = "authenticated" rate_limit = { rpm = 600 }

[ingress.delegation] allow_actor = ["boogy://my-app/gateway"] max_delegated_scopes = ["notes:read"]

[outbound] allowed_hosts = ["api.stripe.com"] secret_headers = [["authorization", "stripe-key"]]

What this gives you

+Database with ACID transactions

+Caller identity on every request

+Cross-API calls with delegation

+Outbound HTTP to Stripe only (SSRF firewall blocks all else)

+API key injected at the wire edge — Wasm never sees it

+600 req/min per principal

+Only boogy://my-app/gateway can delegate

Denials enforced before code runs

Misconfigurations fail safe.

Declare it in the manifest. The runtime handles the rest.

Everything from

[truncated for AI cost control]