PostgresCMS

Stateless Postgres admin

Stateless by design

Security, privacy, and zero secret storage.

PostgresCMS keeps credentials and metadata in your browser only. Our serverless endpoints never persist your connection string or OpenRouter key.

Secrets stay client-side
Connection strings and OpenRouter keys live in PGlite inside IndexedDB. No server caches.
Observable by you
Watch the Network tab. You will see only the queries you trigger.
What we store locally (and only locally)
Everything below is persisted to PGlite in IndexedDB. No live customer rows are cached.

app_settings

Connection string, OpenRouter key, chosen model, and whether to connect directly from the browser.

schema_snapshot

Read-only snapshot of your pg_catalog tables, columns, primary keys, and foreign keys.

derived_metadata

AI-generated UI metadata (labels, display types, relations) cached for render speed.

user_preferences

Per-table view preferences like card/table toggle and sort choices.

Stateless server proxy (optional)
When your Postgres host requires it, we proxy queries through a Vercel server action.

Your connection string is sent with the query payload, used once, and discarded after the response.

No Redis, no in-memory caches, no background workers. Each request is isolated and stateless, and your schema stays untouched; no CMS metadata tables are ever created.

Prefer zero-touch?

Enable "Connect directly from browser" during setup for hosts like Neon or Supabase. In that mode, our servers never see your connection string at all.

Threat model highlights
Designed to minimize what an attacker could ever take.
  • No server-stored secrets, so server compromise cannot leak your database credentials or API keys.
  • Local PGlite cache holds schema + metadata only; no production rows are copied.
  • Schema resync regenerates metadata without altering your Postgres schemas or adding tables.
  • OpenRouter requests happen in the browser with your key; responses are stored locally.
Verify it yourself
Transparent by default; watch exactly what leaves your browser.
  1. 1Open your browser Network tab before onboarding.
  2. 2Enter your connection string + OpenRouter key.
  3. 3You will only see: schema introspection queries (either proxied or direct) and browser-side OpenRouter requests for metadata - nothing else.

What never happens

We never write CMS tables, never store credentials on the server, and never sync your production rows into PGlite.

Reset in one click
Control lives with you; clearing local state severs access instantly.

Use "Clear All Data" in Settings or clear your browser storage. The local PGlite database is removed, wiping the connection string, OpenRouter key, schema snapshot, and metadata.

No app data lives on our servers, so there is nothing for an attacker to exfiltrate from us.