{"slug": "boogy-production-infrastructure-for-vibe-coders", "title": "Boogy: Production Infrastructure for Vibe Coders", "summary": "Boogy launched a production infrastructure platform that lets developers deploy full backends — including REST, RPC, MCP, sandboxed databases, and authentication — in seconds from a single prompt. The platform creates a mesh network where all deployed APIs communicate in-process with microsecond latency, eliminating network hops, SDKs, and key management while carrying identity, permissions, and audit on every call. Boogy offers free tier access and supports code/Wasm deployment rather than no-code blocks, aiming to accelerate development for \"vibe coders\" who iterate rapidly.", "body_md": "# Your backend shipsas fast as your prompt.\n\nPrompt an agent, **get a full backend** — REST, RPC, MCP, sandboxed DB and auth, deployed in seconds. **Every iteration is instant.** Fast, secure, **free** to start.\n\n```\n[{\"id\":3,\"url\":\"https://doc.rust-lang.org\",\"tags\":[\"rust\"]}]\n```\n\n## Vibe a node. Get a network.\n\nEvery API on Boogy is a node you can call — other devs', companies', and core services alike. Calls run in-process, not over the wire: no network hop, no SDKs, no keys to manage, just microsecond service-to-service latency.\n\n```\n// calls to other APIs on the meshpeer::query(\"boogy://chainlink/oracle/price?sym=ETH\")peer::execute(\"boogy://venmo/payments/charge\", order)peer::execute(\"boogy://openrouter/chat/completions\", prompt)\n```\n\n- Blazing fast executionthousands of requests/sec per API\n- Zero-trust by defaultevery call carries identity, scope, audit\n- Per-API isolated DBtransactional, lightning fast, mistakes stay contained\n- Real code, no ceilingcode/Wasm, not no-code blocks\n\n## Vibe a node. Get a network.\n\nEvery API on Boogy is a node you can call — other devs', companies', and core services alike. Calls run in-process, not over the wire: no network hop, no SDKs, no keys to manage, just microsecond service-to-service latency.\n\n```\n// calls to other APIs on the meshpeer::query(\"boogy://chainlink/oracle/price?sym=ETH\")peer::execute(\"boogy://venmo/payments/charge\", order)peer::execute(\"boogy://openrouter/chat/completions\", prompt)\n```\n\n- Blazing fast executionthousands of requests/sec per API\n- Zero-trust by defaultevery call carries identity, scope, audit\n- Per-API isolated DBtransactional, lightning fast, mistakes stay contained\n- Real code, no ceilingcode/Wasm, not no-code blocks\n\n```\n[{\"id\":3,\"url\":\"https://doc.rust-lang.org\",\"tags\":[\"rust\"]}]\n```\n\n## A shared runtime\n\n*for everything you build.*\n\nEvery API you deploy is a node anyone can call. Services call services, agents call APIs, apps stitch them together — and because calls dispatch **in-process, not over the network**, hops are **microseconds, not milliseconds**.\n\nIdentity, permissions, and audit ride every message automatically, so the whole mesh composes safely. A runtime that gets **more powerful with everything shipped on it**.\n\n- Unified identity — humans, agents, and services share one token format\n- In-process composition — cross-service calls are function calls, not hops\n- Organic growth — deploy one API today, a mesh of fifty tomorrow\n- Federation — the runtime spans machines without configuration changes\n\n## From idea to API\n\n*in minutes.*\n\n``` php\nstruct HelloApi;\nimpl Api for HelloApi {\nfn build_router() -> Router {\nRouter::new()\n.get(\"/api/hello\", |_| {\nOk(Json(json!({\"msg\": \"hello\"})))\n})\n}\n}\n# boogy.toml\n[api]\nid = \"hello\"\n[capabilities]\nstore = true\nauth = true\n[ingress]\nmode = \"authenticated\"\n# Build\ncargo build --target wasm32-wasip2 --release\n\n# Deploy (single POST)\ncurl -X POST https://boogy.ai/v1/wasm \\\n-F manifest=@boogy.toml \\\n-F wasm=@target/wasm32-wasip2/release/my_api.wasm\n\n# It's live under your handle (@my-app)\ncurl https://boogy.ai/my-app/api/hello\n{\"msg\": \"hello\"}\n```\n\n— That's a deployed backend with its own database, auth, ingress policy, and metrics.\n\n## Every call carries identity.\n\n*Every boundary checks it.*\n\nLog in once, and you're authenticated across every service and app in the mesh. One global identity — passkeys, keypairs, or service credentials — all produce the same cryptographically signed, tamper-proof token. At the same time, each API can issue its own scoped keys for fine-grained access control within its own boundaries.\n\n### Global Identity\n\nOne login, every service. Your identity follows you across the entire mesh — no per-service auth, no session juggling.\n\n### Principal vs. Actor\n\nAPI-A calls API-B on behalf of Alice. B sees Alice as principal, A as actor. Authorization keys off who the request is for — not who's making it.\n\n### Scoped Delegation\n\nServices delegate on your behalf with capped permissions. 'Acting for Alice, requesting notes:read.' Scopes can't escalate.\n\n### Per-API Keys\n\nEach API issues its own sk_* keys — like Stripe tokens. Use them to guard specific resources, routes, or actions. Scoped to that API, revoke independently.\n\n### Five ingress modes\n\nEvery API declares how it wants to be reached. The runtime enforces auth before your code runs — no middleware, no guards, no boilerplate. Pick the mode that fits each API.\n\nAll enforced before Wasm instantiates. Denials never touch your code.\n\n## Your code requests a secret by name.\n\n*Wasm never sees the value.*\n\nThe runtime injects secrets at the wire edge. They flow from your vault to the host to the outbound request — never entering Wasm linear memory. Even a fully compromised component can only reach manifest-allowlisted hosts.\n\n## Built for speed.\n\n*From the ground up.*\n\nEvery API gets its own embedded BoogyDB instance — a custom B+ tree storage engine with per-table concurrency, a redo-log WAL, and lazy row decoding. The entire database is just one file (two if vector search is enabled). No shared schema, no server process. Consistently 1.5–3x faster than SQLite on mixed workloads, scaling to 100K+ ops/sec with secondary indexes. Tables and vector collections can be individually encrypted with AES-256-GCM.\n\n[View BoogyDB on GitHub →](https://github.com/Gelotto/boogy-db)\n\n### Mixed Workload (indexed, ops/sec)\n\n### ACID Transactions (tx/sec)\n\n### Related Lookups / Joins (queries/sec)\n\n### Point Operations\n\n## Embedded vector database.\n\n*RAG-ready out of the box.*\n\nEvery BoogyDB instance includes a built-in vector database for retrieval-augmented generation, semantic search, and similarity matching. HNSW approximate nearest-neighbor search with AVX2 SIMD acceleration, mmap'd storage, and its own dedicated WAL. Pre-filtered search evaluates metadata predicates inline during graph traversal. Three distance metrics: cosine, euclidean, and dot product. Competitive with usearch (the fastest single-file ANN library) while adding ACID durability, crash recovery, and per-collection encryption.\n\n### 10K Vectors (128d, cosine, k=10)\n\n### 50K Vectors (128d, cosine, k=10)\n\nHigher recall with comparable latency — plus ACID durability, WAL crash recovery, and AES-256 encryption. Zero overhead on CRUD when vector collections aren't in use.\n\n## Durable work,\n\n*beyond the request.*\n\nKick off work from any handler — an HTTP request, a cron tick, or another job. Every job runs to completion: automatic retries with backoff, failed jobs set aside for inspection, and near-instant pickup. And it runs as you — same principal, same scopes, same auth model as your synchronous code.\n\n#### Identity Replay\n\nHandlers execute with the enqueuer's frozen principal and scopes. auth::current_principal() works identically to sync code.\n\n#### Multi-Tenant Fairness\n\nPer-tenant depth caps prevent queue flooding. Per-tenant in-flight caps prevent execution starvation. No noisy neighbors.\n\n#### Cron Scheduling\n\n6-field cron expressions in the manifest. Cluster-wide advisory lock election — exactly one tick per interval, self-healing.\n\n#### Cancellation\n\nPending jobs cancel instantly. Running jobs cancel via heartbeat + epoch interruption — bounded latency, no collateral.\n\n## 15 lines of TOML.\n\n*No middleware. No gateway. No secrets manager.*\n\nEvery API ships with a boogy.toml manifest that declares what it can do, who can call it, and how it behaves. Capabilities, ingress policy, rate limits, secrets, delegation rules, storage engine — all in one file. The runtime reads it and enforces everything before your code runs. No middleware to wire up. No gateway to configure.\n\n```\n[capabilities]\nstore = true\nauth = true\npeer = true\noutbound_http = true\n[ingress]\nmode = \"authenticated\"\nrate_limit = { rpm = 600 }\n[ingress.delegation]\nallow_actor = [\"boogy://my-app/gateway\"]\nmax_delegated_scopes = [\"notes:read\"]\n[outbound]\nallowed_hosts = [\"api.stripe.com\"]\nsecret_headers = [[\"authorization\", \"stripe-key\"]]\n```\n\n- +Database with ACID transactions\n- +Caller identity on every request\n- +Cross-API calls with delegation\n- +Outbound HTTP to Stripe only (SSRF firewall blocks all else)\n- +API key injected at the wire edge — Wasm never sees it\n- +600 req/min per principal\n- +Only boogy://my-app/gateway can delegate\n\n- Denials enforced before code runs\n- Misconfigurations fail safe.\n\n### Declare it in the manifest. The runtime handles the rest.\n\nEverything from background jobs to encryption to cross-API routing is configured in TOML — no code, no infrastructure.\n\n```\n[background_jobs.handlers.cleanup]\ncron = \"0 */6 * * *\"\nmax_attempts = 3\n[store.encryption]\ntables = [\"users\", \"payments\"]\nkey_ref = \"db-encryption-key\"\n[limits]\nmemory_mb = 64\ntimeout_ms = 10000\n[routing]\npath = \"/api/orders\"\nmethods = [\"GET\", \"POST\", \"DELETE\"]\n[capabilities]\nvector = true\nstore = true\n[capabilities]\npeer = true\noutbound_http = true\n```\n\n## REST. JSON-RPC. MCP.\n\n*Same Wasm, same data, same auth.*\n\nBrowsers hit REST. Internal services use JSON-RPC. LLMs use MCP. One handler, three surfaces. Your API is already a tool Claude can use.\n\n``` bash\n$ curl GET /my-app/api/notes\n[\n{ \"id\": 1, \"title\": \"Deploy guide\" },\n{ \"id\": 2, \"title\": \"Auth patterns\" }\n]\n```\n\n## Simple, transparent,\n\n*pay for what you use.*\n\nThree costs, all transparent. Your deployed Wasms pay a small storage rent based on binary size — lean code pays less. Your database pays $0.50/GB/month. And every API call consumes compute units (CU) based on Wasm execution complexity and database operations — reads cost 25% of mutations. A typical app serving 1,000 monthly users runs about $10/month all-in.\n\n- +1 MB deployed storage (fits ~2 Wasms)\n- +500 MB database storage\n- +500K CU / month included\n- +Throttled compute budget\n- +Full API surface — same capabilities\n\n- +Wasm rent: $1/Wasm MB/month (first 1 MB free)\n- +$0.02 per 1,000 CU (beyond 500K free)\n- +Full compute — no throttling\n- +DB storage: $0.50/GB/month (beyond 500 MB free)", "url": "https://wpnews.pro/news/boogy-production-infrastructure-for-vibe-coders", "canonical_source": "https://boogy.ai/", "published_at": "2026-05-30 18:14:47+00:00", "updated_at": "2026-05-30 18:17:48.395747+00:00", "lang": "en", "topics": ["ai-infrastructure", "ai-tools", "ai-products", "ai-startups", "ai-agents"], "entities": ["Boogy", "Chainlink", "Venmo", "OpenRouter"], "alternates": {"html": "https://wpnews.pro/news/boogy-production-infrastructure-for-vibe-coders", "markdown": "https://wpnews.pro/news/boogy-production-infrastructure-for-vibe-coders.md", "text": "https://wpnews.pro/news/boogy-production-infrastructure-for-vibe-coders.txt", "jsonld": "https://wpnews.pro/news/boogy-production-infrastructure-for-vibe-coders.jsonld"}}