Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.edgespark.dev/llms.txt

Use this file to discover all available pages before exploring further.

EdgeSpark validates database access, enforces authentication, and isolates storage access before your handler sees the request.

SQL validation

Only runtime CRUD-style operations are allowed:
AllowedBlocked
SELECTCREATE TABLE
INSERTALTER TABLE
UPDATEDROP TABLE
DELETECREATE INDEX
REPLACEOther DDL
WITH (CTEs)
Schema changes do not happen through runtime SQL. Update server/src/defs/db_schema.ts, then use edgespark db generate and edgespark db migrate.

Authentication enforcement

Before your code runs, EdgeSpark evaluates the route prefix and the session state. Protected routes receive a valid auth.user or the request is rejected. See path-based auth for the route rules.

Storage isolation

Storage access is scoped to the current project and the buckets you declared in server/src/defs/storage_schema.ts. Projects cannot read each other’s files. For large uploads and downloads, use presigned URLs and review platform limits.

Batch queries

Use db.batch() for atomic multi-step operations:
server/src/index.ts
import { db } from "edgespark";
import { posts, tags } from "@defs";

await db.batch([
  db.insert(posts).values({ title: "Post 1", authorId: "user_1" }),
  db.insert(tags).values({ postId: 1, name: "news" }),
]);

See also

Path-based auth

How URL path conventions control authentication for every route.

Platform limits

Database, storage, and runtime limits that shape safe app behavior.
Last modified on April 7, 2026