The GlashDB web framework

glashjs

The Postgres-native full-stack framework for builders who want to ship without DevOps. Your real edge is Framework + Hosting + Database + Auth + Deploy.

$ npx glashjs create my-app
View on npm
Create
1 — Create a Glash project
npx glashjs create my-app
cd my-app
npm run dev
2 — Answer the starter questions
CSS setup: tailwind / plain / none
Postgres by default: yes
glashAuth routes: yes
SQL runner: yes
AI deployment prompts: yes
3 — Deploy
npm run build
npm run deploy

# glashjs builds the framework app
# glashDB handles env sync, upload, hosting, logs, and live URL
What you get
Routing, SSR & API

File-based routing with dynamic [param] and catch-all segments, server-side rendering, per-method API routes, file-based middleware, typed route generation, and SEO metadata.

JSX + client hydration

Author pages as JSX components, server-render, then hydrate so hooks work — real interactivity. Hydration is CSP-safe (per-request nonce, no inline scripts). Ships <Image>, <Video>, and <Link> (SPA navigation).

Postgres by default

New projects include glashjs/postgres, a checked-in SQL schema, local env files, and SQL runner support so app data starts in Postgres instead of being bolted on later.

glashAuth built in

The auth helper talks to the real GlashDB auth API with project ID and anon key envs. Starters include signup, signin, and session-aware /api/auth/me routes.

Server functions

Put trusted server work under routes/api/functions, wrap it with serverFunction(), then call it from hydrated UI.

Zero-config hosting

glashjs deploy builds the app, prepares scripts, and hands off to the GlashDB CLI for upload, env sync, build logs, status tracking, and live URL.

Asset optimizer

Build-time Brotli/Gzip for SVG/JS/CSS/HTML and AVIF/WebP/AV1 for images & video. The browser decompresses transparently — that's “compress on build, decompress when live,” done correctly.

Offline by default

A generated service worker precaches the app shell + hashed assets into tiny files. Live/streaming data stays network-first, so the site keeps working offline — just without fresh data.

Animated favicon

Every build emits an animated tab icon — the bundled glash mark, your own animated SVG/GIF, or cycling frames. It pauses while the tab is hidden.

Security compliance

Ships headers aligned with OWASP and modern web-security baselines — strict CSP (no inline scripts), Subresource Integrity, HSTS, and COOP/COEP/CORP isolation — so security reviews and compliance checks pass out of the box.

AI deployment prompts

Starters include a deployment prompt under .glash/prompts so AI agents review env vars, SQL, build output, large assets, and deploy logs before changing code.

Use the runtime
import { glash } from "glashjs/db";
import { sql } from "glashjs/postgres";
import { serverFunction } from "glashjs/server-functions";

const db = glash();

export const POST = serverFunction(async ({ email }) => {
  await sql`insert into contacts(email) values (${email}) on conflict do nothing`;
  const { data } = await db.from("contacts").select("id,email").eq("email", email);
  return { saved: true, contact: data?.[0] ?? null };
});
Get glashjs on npm

glashjs 0.15.2 · Framework + Hosting + Database + Auth + Deploy · MIT licensed · built by GlashDB