as fast as your prompt.
Get a real backend online — APIs, database, auth — instantly wired into every other service on the mesh. Fast, scalable, and free to start.
Vibe a node. Get a mesh.
Each API is a node in the mesh — call any other like a function in your own code: yours, a teammate's, or a built-in. No setup, no glue code. Snap things together and ship fast.
- Dirt cheap, pay as you growPennies at scale — pay only for what you actually use, never for idle capacity.
- One transaction, many servicesA write across services commits or rolls back as one.
- Protocol-fluidMix and match REST, JSON-RPC, and MCP — one service, every protocol.
- Compose at native speedCall any service in-process — no network hop, no rate limit.
Vibe a node. Get a mesh.
Each API is a node in the mesh — call any other like a function in your own code: yours, a teammate's, or a built-in. No setup, no glue code. Snap things together and ship fast.
- Dirt cheap, pay as you growPennies at scale — pay only for what you actually use, never for idle capacity.
- One transaction, many servicesA write across services commits or rolls back as one.
- Protocol-fluidMix and match REST, JSON-RPC, and MCP — one service, every protocol.
- Compose at native speedCall any service in-process — no network hop, no rate limit.
A planetary-scale runtime
for API’s, apps & agents.
Every API you deploy is a node anyone can call. Services call services, agents call APIs, apps stitch them together — and because calls dispatch in-process, not over the network, hops are microseconds, not milliseconds.
Identity, permissions, and audit ride every message automatically, so the whole mesh composes safely. A runtime that gets more powerful with everything shipped on it.
- Unified identity — humans, agents, and services share one token format
- In-process composition — cross-service calls are function calls, not hops
- Organic growth — deploy one API today, a mesh of fifty tomorrow
- Federation — the runtime spans machines without configuration changes
From idea to API
in minutes.
— That's a deployed backend with its own database, auth, ingress policy, and metrics.
Ship the frontend too.
Reactive UI, zero build step.
A Boogy deployment isn't backend-only — serve a real web app from the same origin as your API, no CORS. You write TypeScript; the platform transpiles it at deploy — no bundler, no Node, no toolchain. Reactive UI comes from ArrowJS, a buildless, ES-module-native framework — and agent-written UI runs inside its WebAssembly sandbox, isolated from the rest of the page.
- No toolchain — ship TypeScript, transpiled to ES modules at deploy
- ArrowJS reactivity — buildless, ES-module-native, zero dependencies
- Agent-written UI runs in a WebAssembly sandbox, off the page
- One origin for API + UI — no CORS, one deploy, one rollback
Every service gets a database.
Transactional, cross-service, scalable.
Fast, strictly-consistent storage is built into every service you deploy — no server to run, no shards to manage, no schema ceiling. It scales as you grow, and you pay only for what you use.
Strictly serializable
The strongest consistency guarantee there is, on by default. Every read and write behaves as if it ran one at a time, in order — no anomalies.
Transactions across services
A write that spans multiple services commits or rolls back as a single unit — consistency that survives your entire call graph.
Scales as you grow
Capacity grows on its own. A trickle or a flood, you never provision, resize, or shard.
Atomic migrations
Schema changes run as a single transaction. A failed migration rolls back completely — it never leaves a half-migrated database.
No schema ceiling
Tables, columns, and indexes grow as freely as your app does. No table-count limits, no bigger box to add a feature.
Crash-safe & durable
Every committed write is durable. A crash or restart never loses acknowledged data — your service comes back exactly where it left off.
Every call carries identity.
Every boundary checks it.
Log in once, and you're authenticated across every service and app in the mesh. One global identity — passkeys, keypairs, or service credentials — all produce the same cryptographically signed, tamper-proof token. At the same time, each API can issue its own scoped keys for fine-grained access control within its own boundaries.
Global Identity
One login, every service. Your identity follows you across the entire mesh — no per-service auth, no session juggling.
Principal vs. Actor
API-A calls API-B on behalf of Alice. B sees Alice as principal, A as actor. Authorization keys off who the request is for — not who's making it.
Scoped Delegation
Services delegate on your behalf with capped permissions. 'Acting for Alice, requesting notes:read.' Scopes can't escalate.
Per-API Keys
Each API issues its own sk_* keys — like Stripe tokens. Use them to guard specific resources, routes, or actions. Scoped to that API, revoke independently.
Five ingress modes
Every API declares how it wants to be reached. The runtime enforces auth before your code runs — no middleware, no guards, no boilerplate. Pick the mode that fits each API.
All enforced before Wasm instantiates. Denials never touch your code.
Your code asks for a secret by name.
Nobody reads the value — not even the runtime.
The value is unsealed and attached to the outgoing request inside a sealed, isolated process. Your code only ever holds the name — and so does the runtime it shares with every other service. The secret never enters your component, and a fully compromised one can still only reach manifest-allowlisted hosts.
Sign for any blockchain.
And anything else that needs a signature.
The platform custodies your signing keys — your service signs with them but can never extract them. Build a transaction, a receipt, or an attestation, ask for a signature by key name, and broadcast the result. The private key never enters your code, and never leaves the platform.
Base
Polygon
CosmosDurable work,
beyond the request.
Kick off work from any handler — an HTTP request, a cron tick, or another job. Every job runs to completion: automatic retries with backoff, failed jobs set aside for inspection, and near-instant pickup. And it runs as you — same principal, same scopes, same auth model as your synchronous code.
Identity Replay
Handlers execute with the enqueuer's frozen principal and scopes. auth::current_principal() works identically to sync code.
Multi-Tenant Fairness
Per-tenant depth caps prevent queue flooding. Per-tenant in-flight caps prevent execution starvation. No noisy neighbors.
Cron Scheduling
6-field cron expressions in the manifest. Cluster-wide advisory lock election — exactly one tick per interval, self-healing.
Cancellation
Pending jobs cancel instantly. Running jobs cancel via heartbeat + epoch interruption — bounded latency, no collateral.
Stream live updates in real time.
The instant they happen — to every subscriber.
Declare a channel, publish from any handler, and the platform streams it to every connected client — live prices, notifications, collaborative state. No socket server to run, no connection state to manage.
publish("prices")- Public, private, or per-person channels — declared in boogy.toml
- A replay buffer catches new subscribers up the instant they join
- Short-lived grants gate private channels, minted by your service
- Metered as egress — nothing to provision, scales with you
15 lines of TOML.
No middleware. No gateway. No secrets manager.
Every API ships with a boogy.toml manifest that declares what it can do, who can call it, and how it behaves. Capabilities, ingress policy, rate limits, secrets, delegation rules, storage engine — all in one file. The runtime reads it and enforces everything before your code runs. No middleware to wire up. No gateway to configure.
- +Database with ACID transactions
- +Caller identity on every request
- +Cross-API calls with delegation
- +Outbound HTTP to Stripe only (SSRF firewall blocks all else)
- +API key injected at the wire edge — Wasm never sees it
- +600 req/min per principal
- +Only boogy://my-app/services/gateway can delegate
- Denials enforced before code runs
- Misconfigurations fail safe.
Declare it in the manifest. The runtime handles the rest.
Everything from background jobs to encryption to cross-API routing is configured in TOML — no code, no infrastructure.
REST. JSON-RPC. MCP.
Same Wasm, same data, same auth.
Browsers hit REST. Internal services use JSON-RPC. LLMs use MCP. One handler, three surfaces. Your API is already a tool Claude can use.
Simple, transparent,
pay for what you use.
Pay only for what you use, metered on five transparent dimensions: compute, occupancy, storage, egress, and requests. Calls between your own services run in-process, so they cost compute but never egress. A real prototype runs free — you pay only on the dimension you outgrow.
- +~50 compute-minutes / month
- +~1,000 GB-seconds occupancy / month
- +1 GB-month database storage
- +5 GB egress / month
- +1M requests / month
- +Full API surface — same capabilities
- +Compute — per compute-second
- +Occupancy — per GB-second
- +Storage — per GB-month
- +Egress — per GB out (internal calls free)
- +Requests — per million
Hand it to your coding agent.
Shipping in one command.
Install the Boogy skills into Claude Code or OpenAI Codex — your agent gets the platform conventions, safety rules, and SDK patterns, then builds production-grade services for you.
