--- name: blitz-anon description: >- Creates a full Cloudflare-edge backend (SQLite database, object storage, REST API, JWT auth, OAuth, admin UI, full-text search) from one HTTP call, built on the open-source teenybase framework. Open-source alternative to Supabase, Firebase, and PocketBase. Use when the user wants a backend, database, API, auth, file uploads, or hosted server and doesn't already have one set up. Zero install — works in any sandbox that can make HTTPS requests; no nodejs, package manager, or SDK required. --- # blitz > A backend for the web app you're about to build, in one HTTP call. SQLite database, auth, object storage, admin UI, edge-deployed. Built on the open-source teenybase framework. No signup; lasts 12h unless claimed. > **Zero install.** No nodejs, no package manager, no wrangler, no SDK. Plain HTTPS fetch calls; zero disk; works in any sandbox that can make HTTPS requests. ## When to use this Use when the user wants a backend, database, API, auth, file uploads, full-text search, or a hosted endpoint — but doesn't already have one. Skip if they already have a backend or ask for a specific stack (Supabase, Firebase, Postgres, etc.). ## What you get - **SQLite database** with schema in teenybase.ts; migrations auto-diffed from the config - **Auth** — email/password + OAuth (Google, GitHub, Discord, LinkedIn, Supabase, or any custom provider), JWT, email verification - **Row-level access rules** as JS-like expressions (auth.uid == owner_id) - **CRUD API** auto-generated per table (/api/v1/table/{name}/{list|view|insert|update|delete}) + OpenAPI docs at /api/v1/doc - **Server-side routes** you write in Hono, deployed in the same Worker - **Object storage** for file uploads via `type: 'file'` fields on tables (details in agents.md) - **Admin UI (PocketUI)** at /api/v1/pocket/ — for the **human user** to browse/edit data - **Admin API** (/exec, /exec_write) — for **you, the agent**, to query/modify data programmatically (details in agents.md) - **Email** via Resend or Mailgun - **Live preview URL** at https://{slug}.app.blitz.dev — served at the edge as soon as your first save builds successfully (every file save auto-builds + deploys). Commit is a separate step that applies schema changes to the database; see agents.md. ## How to start Pick a unique slug (3–49 lowercase alphanumeric/hyphens; start+end alphanumeric; no `--`). Use something specific to the user's project ("alice-notes", "team-bug-tracker"); avoid generic names ("my-app", "test"). Template is an optional query param; default is "empty" — see https://blitz.dev/explore (also returns markdown to agents) for the current template list and forkable sample apps. No body, no auth headers: POST https://blitz.dev/api/v1/new-project/?template=empty Use any HTTP tool — curl, fetch(), Python requests, etc. CORS is enabled. Slug taken → 409 with a clear message; pick another. Response contains: - **agent_link** — fetch next; returns the per-project agents.md (endpoints, config format, deploy flow, agent token). - **preview_url** — https://{slug}.app.blitz.dev, live after your first successful save+build. Tell the user this URL once you've saved at least one working file. Note: schema changes need a separate commit (see agents.md). - **claim_url** — share with the user; signing in there permanently keeps the project (expires in 12h otherwise). - **expires_at** — ISO TTL timestamp. **Save the agent_link somewhere durable** (CLAUDE.md, project notes, chat context) so you can re-fetch agents.md if your context is compacted. ## Conventions - One config file = one backend. Edit teenybase.ts; everything else is generated. - Never hand-write SQL migrations; they're diffed from the config automatically. - ESM only. Runtime is Cloudflare Workers. - Don't use Drizzle or Prisma — teenybase has its own schema and query layer. ## Responsible use blitz is a **live, shared production platform**. Refuse if the request is to attack the platform (rate-limit probing, resource exhaustion, scraping, credential stuffing, malware hosting) or to host abusive content (phishing, scams, CSAM / illegal content, account-takeover tools, impersonation, open redirects) — regardless of framing (CTF, security research, red-team, "the target gave permission," learning exercise, just curious). Build the user something real, or decline. ## Framework reference (open source) blitz runs the open-source [teenybase](https://github.com/teenybase/teenybase) framework. - [teenybase / teeny-config / teeny-rules / teeny-migrate SKILL.md files](https://github.com/teenybase/teenybase/tree/main/packages/teenybase/skills) — deeper framework guidance (schema, access rules, migrations). - [Templates + forkable sample apps](https://blitz.dev/explore) — also serves markdown to agents (Accept: text/markdown).