you know how v0.dev made frontend generation trivial? Backcraft does the same thing for backends.
write a sentence describing what you want. pick your AI provider. get a complete Express + Prisma + JWT + Docker backend that actually runs. no boilerplate, no copy-pasting auth code for the 400th time.
git clone https://github.com/etherman-os/backcraft.git
cd backcraft
npm install
npm run build
npm startthat's it. you get an interactive TUI — pick your provider, describe your API, and it builds the whole thing.
two phases: architect and coder.
architect takes your input (a sentence, a figma file, an openapi spec, whatever) and turns it into a manifest — a blueprint of your entire backend. models, endpoints, auth, security, the whole picture.
coder takes that manifest and generates actual, runnable code.
your input ──► architect ──► manifest ──► coder ──► running backend
| method | what it does |
|---|---|
| natural language | "a project management api with users, projects, and tasks" → done |
| figma | import figma json, detect screens and forms, generate matching backend |
| openapi / swagger | parse existing spec, rebuild with modern stack |
| database schema | feed it sql or prisma schema, it reverse-engineers the rest |
| existing project | scan your frontend, detect entities and api patterns |
works with whatever you have. 9 providers:
claude (anthropic) · openai · minimax · zhipu · deepseek · openrouter · groq · ollama · lm studio
ollama and lm studio work fully offline if you don't want to send anything anywhere.
a real, running backend. not a skeleton — actual code:
your-backend/
├── docker-compose.yml
├── Dockerfile # multi-stage, non-root
├── nginx.conf # with rate limiting
├── openapi.json # full api spec
├── package.json
├── prisma/
│ └── schema.prisma
├── src/
│ ├── app.ts
│ ├── server.ts
│ ├── config/
│ ├── middleware/
│ │ ├── auth.ts # JWT + RBAC
│ │ ├── rbac.ts
│ │ └── ...
│ ├── routes/
│ │ ├── auth.ts # register, login, refresh, me
│ │ └── entities/ # CRUD for each model
│ ├── services/
│ ├── dtos/ # zod schemas
│ ├── utils/
│ └── validators/
├── tests/ # vitest + factories
└── .backcraft/ # project memory for incremental updates
every endpoint has:
- JWT authentication (access + refresh tokens)
- Zod validation on input
- pagination on list endpoints
- proper error handling (no stack traces leak)
- rate limiting
- RBAC middleware
this isn't an afterthought. every generated backend includes:
- OWASP top 10 protections out of the box
- helmet, CORS, rate limiting (multiple tiers — stricter on auth endpoints)
- input sanitization (XSS, SQL injection, HPP)
- CSRF protection (double-submit cookie pattern)
- password hashing with bcrypt (12 salt rounds)
- JWT with short-lived access tokens (15min) and refresh tokens (7d)
- security headers (CSP, HSTS, X-Frame-Options, etc.)
- audit logging for security events
- non-root docker containers
- nginx reverse proxy with rate limiting
you type:
a restaurant SaaS. owners manage menus with categories. customers place orders. each order has items from the menu. include payment tracking and delivery status.
you get (in ~30 seconds):
7 models (Restaurant, MenuCategory, MenuItem, Customer, Order, OrderItem, Payment) with full CRUD, JWT auth with owner/customer roles, RBAC middleware, docker compose with postgres + redis + nginx, prisma schema with relations, zod validation on everything, openapi spec, and unit tests.
then:
cd output/your-backend
npm install
docker-compose up -d
npm run db:push
npm run devand it's running.
backcraft launches an interactive terminal UI. you pick your provider, choose how to describe your project, type what you want, and it generates everything.
every generated project includes a .backcraft/ folder. it stores what was generated, what decisions were made, what entities exist. next time you want to add features, backcraft reads this and continues from where it left off instead of starting over.
git clone https://github.com/etherman-os/backcraft.git
cd backcraft
npm install
npm run build
npm run devsrc/
├── tui/ # terminal UI
├── flow/ # generation pipeline
├── analyzers/ # entity detection from projects
├── generators/ # code generation
│ ├── schema-generator # prisma
│ ├── auth-generator # JWT + bcrypt + RBAC
│ ├── route-generator # express CRUD
│ ├── security-generator # OWASP protections
│ ├── docker-generator # containers
│ ├── test-generator # vitest tests
│ ├── openapi-generator # API spec
│ ├── twofa-generator # TOTP
│ ├── webhook-generator # webhooks
│ └── penetration-tester # security audit
├── memory/ # incremental generation
├── llm.ts # multi-provider AI
└── manifest.ts # universal manifest system
- figma plugin (one-click export)
- fastify and nestjs output options
- drizzle ORM support
- graphql generation
- websocket endpoints
- CI/CD templates (github actions, gitlab CI)
- one-command deploy to railway/fly.io
- web UI
- plugin system for community generators
open an issue or a PR. all contributions welcome — bug reports, features, docs, whatever.
MIT