Prompt an agent, get a full backend — REST, RPC, MCP, sandboxed DB and auth, deployed in seconds. Every iteration is instant. Fast, secure, free to start.
[{"id":3,"url":"https://doc.rust-lang.org","tags":["rust"]}]
Vibe a node. Get a network. #
Every API on Boogy is a node you can call — other devs', companies', and core services alike. Calls run in-process, not over the wire: no network hop, no SDKs, no keys to manage, just microsecond service-to-service latency.
// calls to other APIs on the meshpeer::query("boogy://chainlink/oracle/price?sym=ETH")peer::execute("boogy://venmo/payments/charge", order)peer::execute("boogy://openrouter/chat/completions", prompt)
- Blazing fast executionthousands of requests/sec per API
- Zero-trust by defaultevery call carries identity, scope, audit
- Per-API isolated DBtransactional, lightning fast, mistakes stay contained
- Real code, no ceilingcode/Wasm, not no-code blocks
Vibe a node. Get a network. #
Every API on Boogy is a node you can call — other devs', companies', and core services alike. Calls run in-process, not over the wire: no network hop, no SDKs, no keys to manage, just microsecond service-to-service latency.
// calls to other APIs on the meshpeer::query("boogy://chainlink/oracle/price?sym=ETH")peer::execute("boogy://venmo/payments/charge", order)peer::execute("boogy://openrouter/chat/completions", prompt)
- Blazing fast executionthousands of requests/sec per API
- Zero-trust by defaultevery call carries identity, scope, audit
- Per-API isolated DBtransactional, lightning fast, mistakes stay contained
- Real code, no ceilingcode/Wasm, not no-code blocks
[{"id":3,"url":"https://doc.rust-lang.org","tags":["rust"]}]
A shared runtime #
for everything you build.
Every API you deploy is a node anyone can call. Services call services, agents call APIs, apps stitch them together — and because calls dispatch in-process, not over the network, hops are microseconds, not milliseconds.
Identity, permissions, and audit ride every message automatically, so the whole mesh composes safely. A runtime that gets more powerful with everything shipped on it.
- Unified identity — humans, agents, and services share one token format
- In-process composition — cross-service calls are function calls, not hops
- Organic growth — deploy one API today, a mesh of fifty tomorrow
- Federation — the runtime spans machines without configuration changes
From idea to API #
in minutes.
struct HelloApi;
impl Api for HelloApi {
fn build_router() -> Router {
Router::new()
.get("/api/hello", |_| {
Ok(Json(json!({"msg": "hello"})))
})
}
}
[api]
id = "hello"
[capabilities]
store = true
auth = true
[ingress]
mode = "authenticated"
cargo build --target wasm32-wasip2 --release
curl -X POST https://boogy.ai/v1/wasm \
-F manifest=@boogy.toml \
-F wasm=@target/wasm32-wasip2/release/my_api.wasm
curl https://boogy.ai/my-app/api/hello
{"msg": "hello"}
— That's a deployed backend with its own database, auth, ingress policy, and metrics.
Every call carries identity. #
Every boundary checks it.
Log in once, and you're authenticated across every service and app in the mesh. One global identity — passkeys, keypairs, or service credentials — all produce the same cryptographically signed, tamper-proof token. At the same time, each API can issue its own scoped keys for fine-grained access control within its own boundaries.
Global Identity
One login, every service. Your identity follows you across the entire mesh — no per-service auth, no session juggling.
Principal vs. Actor
API-A calls API-B on behalf of Alice. B sees Alice as principal, A as actor. Authorization keys off who the request is for — not who's making it.
Scoped Delegation
Services delegate on your behalf with capped permissions. 'Acting for Alice, requesting notes:read.' Scopes can't escalate.
Per-API Keys
Each API issues its own sk_* keys — like Stripe tokens. Use them to guard specific resources, routes, or actions. Scoped to that API, revoke independently.
Five ingress modes
Every API declares how it wants to be reached. The runtime enforces auth before your code runs — no middleware, no guards, no boilerplate. Pick the mode that fits each API.
All enforced before Wasm instantiates. Denials never touch your code.
Your code requests a secret by name. #
Wasm never sees the value.
The runtime injects secrets at the wire edge. They flow from your vault to the host to the outbound request — never entering Wasm linear memory. Even a fully compromised component can only reach manifest-allowlisted hosts.
Built for speed. #
From the ground up.
Every API gets its own embedded BoogyDB instance — a custom B+ tree storage engine with per-table concurrency, a redo-log WAL, and lazy row decoding. The entire database is just one file (two if vector search is enabled). No shared schema, no server process. Consistently 1.5–3x faster than SQLite on mixed workloads, scaling to 100K+ ops/sec with secondary indexes. Tables and vector collections can be individually encrypted with AES-256-GCM.
Mixed Workload (indexed, ops/sec)
ACID Transactions (tx/sec)
Related Lookups / Joins (queries/sec)
Point Operations
Embedded vector database. #
RAG-ready out of the box.
Every BoogyDB instance includes a built-in vector database for retrieval-augmented generation, semantic search, and similarity matching. HNSW approximate nearest-neighbor search with AVX2 SIMD acceleration, mmap'd storage, and its own dedicated WAL. Pre-filtered search evaluates metadata predicates inline during graph traversal. Three distance metrics: cosine, euclidean, and dot product. Competitive with usearch (the fastest single-file ANN library) while adding ACID durability, crash recovery, and per-collection encryption.
10K Vectors (128d, cosine, k=10)
50K Vectors (128d, cosine, k=10)
Higher recall with comparable latency — plus ACID durability, WAL crash recovery, and AES-256 encryption. Zero overhead on CRUD when vector collections aren't in use.
Durable work, #
beyond the request.
Kick off work from any handler — an HTTP request, a cron tick, or another job. Every job runs to completion: automatic retries with backoff, failed jobs set aside for inspection, and near-instant pickup. And it runs as you — same principal, same scopes, same auth model as your synchronous code.
Identity Replay
Handlers execute with the enqueuer's frozen principal and scopes. auth::current_principal() works identically to sync code.
Multi-Tenant Fairness
Per-tenant depth caps prevent queue flooding. Per-tenant in-flight caps prevent execution starvation. No noisy neighbors.
Cron Scheduling
6-field cron expressions in the manifest. Cluster-wide advisory lock election — exactly one tick per interval, self-healing.
Cancellation
Pending jobs cancel instantly. Running jobs cancel via heartbeat + epoch interruption — bounded latency, no collateral.
15 lines of TOML. #
No middleware. No gateway. No secrets manager.
Every API ships with a boogy.toml manifest that declares what it can do, who can call it, and how it behaves. Capabilities, ingress policy, rate limits, secrets, delegation rules, storage engine — all in one file. The runtime reads it and enforces everything before your code runs. No middleware to wire up. No gateway to configure.
[capabilities]
store = true
auth = true
peer = true
outbound_http = true
[ingress]
mode = "authenticated"
rate_limit = { rpm = 600 }
[ingress.delegation]
allow_actor = ["boogy://my-app/gateway"]
max_delegated_scopes = ["notes:read"]
[outbound]
allowed_hosts = ["api.stripe.com"]
secret_headers = [["authorization", "stripe-key"]]
-
+Database with ACID transactions
-
+Caller identity on every request
-
+Cross-API calls with delegation
-
+Outbound HTTP to Stripe only (SSRF firewall blocks all else)
-
+API key injected at the wire edge — Wasm never sees it
-
+600 req/min per principal
-
+Only boogy://my-app/gateway can delegate
-
Denials enforced before code runs
-
Misconfigurations fail safe.
Declare it in the manifest. The runtime handles the rest.
Everything from background jobs to encryption to cross-API routing is configured in TOML — no code, no infrastructure.
[background_jobs.handlers.cleanup]
cron = "0 */6 * * *"
max_attempts = 3
[store.encryption]
tables = ["users", "payments"]
key_ref = "db-encryption-key"
[limits]
memory_mb = 64
timeout_ms = 10000
[routing]
path = "/api/orders"
methods = ["GET", "POST", "DELETE"]
[capabilities]
vector = true
store = true
[capabilities]
peer = true
outbound_http = true
REST. JSON-RPC. MCP. #
Same Wasm, same data, same auth.
Browsers hit REST. Internal services use JSON-RPC. LLMs use MCP. One handler, three surfaces. Your API is already a tool Claude can use.
$ curl GET /my-app/api/notes
[
{ "id": 1, "title": "Deploy guide" },
{ "id": 2, "title": "Auth patterns" }
]
Simple, transparent, #
pay for what you use.
Three costs, all transparent. Your deployed Wasms pay a small storage rent based on binary size — lean code pays less. Your database pays $0.50/GB/month. And every API call consumes compute units (CU) based on Wasm execution complexity and database operations — reads cost 25% of mutations. A typical app serving 1,000 monthly users runs about $10/month all-in.
-
+1 MB deployed storage (fits ~2 Wasms)
-
+500 MB database storage
-
+500K CU / month included
-
+Throttled compute budget
-
+Full API surface — same capabilities
-
+Wasm rent: $1/Wasm MB/month (first 1 MB free)
-
+$0.02 per 1,000 CU (beyond 500K free)
-
+Full compute — no throttling
-
+DB storage: $0.50/GB/month (beyond 500 MB free)