Configuration
Reference for quickback.config.ts — project name, template, features, providers, and compiler options.
The quickback.config.ts file configures your Quickback project. It defines which providers to use, which features to enable, and how the compiler generates code.
import { defineConfig, defineRuntime, defineDatabase, defineAuth } from "@quickback/compiler";
export default defineConfig({
name: "my-app",
template: "hono",
features: { organizations: true },
providers: {
runtime: defineRuntime("cloudflare"),
database: defineDatabase("cloudflare-d1"),
auth: defineAuth("better-auth"),
},
});Required Fields
| Field | Type | Description |
|---|---|---|
name | string | Project name |
template | "hono" | Application template ("nextjs" is experimental) |
providers | object | Runtime, database, and auth provider configuration |
Optional Fields
| Field | Type | Description |
|---|---|---|
features | object | Feature flags — see Single-Tenant Mode |
build | object | Build options (outputDir, packageManager, dependencies) |
compiler | object | Compiler options (including migration rename hints for headless CI) |
openapi | object | OpenAPI spec generation (generate, publish) — see OpenAPI |
schemaRegistry | object | Schema registry generation for the CMS (enabled by default, { generate: false } to disable) — see Schema Registry |
etag | object | ETag caching for GET responses (enabled by default, { enabled: false } to disable) — see Caching & ETags |
Custom Dependencies
Add third-party npm packages to the generated package.json using build.dependencies. This is useful when your action handlers import external libraries.
export default defineConfig({
name: "my-app",
template: "hono",
build: {
dependencies: {
"fast-xml-parser": "^4.5.0",
"lodash-es": "^4.17.21",
},
},
providers: {
runtime: defineRuntime("cloudflare"),
database: defineDatabase("cloudflare-d1"),
auth: defineAuth("better-auth"),
},
});These are merged into the generated package.json alongside Quickback's own dependencies. Run npm install after compiling to install them.
Headless Migration Rename Hints
When drizzle-kit generate detects a potential rename, it normally prompts for confirmation. Cloud/CI compiles are non-interactive, so you must provide explicit rename hints.
Add hints in compiler.migrations.renames:
export default defineConfig({
// ...
compiler: {
migrations: {
renames: {
// Keys are NEW names, values are OLD names
tables: {
events_v2: "events",
},
columns: {
events: {
summary_text: "summary",
},
},
},
},
},
});Rules:
tables:new_table_name -> old_table_namecolumns.<table>:new_column_name -> old_column_name- Keys must match the names in your current schema (the new names)
- Validation fails fast for malformed rename config, unsupported keys, or conflicting legacy/new rename paths.
Security Contract Reports and Signing
After generation, Quickback verifies machine-checkable security contracts for Hono routes and RLS SQL.
It also emits a report artifact and signature artifact by default:
reports/security-contracts.report.jsonreports/security-contracts.report.sig.json
You can configure output paths and signing behavior:
export default defineConfig({
// ...
compiler: {
securityContracts: {
failMode: "error", // or "warn"
report: {
path: "reports/security-contracts.report.json",
signature: {
enabled: true,
required: true,
keyEnv: "QUICKBACK_SECURITY_REPORT_SIGNING_KEY",
keyId: "prod-k1",
path: "reports/security-contracts.report.sig.json",
},
},
},
},
});If signature.required: true and no key is available, compilation fails with a clear error message (or warning in failMode: "warn").
See the sub-pages for detailed reference on each section:
- Providers — Runtime, database, and auth options
- Variables — Environment variables and flags
- Output — Generated file structure
- Single-Tenant Mode — Admin-only and public-facing apps without organizations