nostackai is a metadata-driven API platform. You describe your data types, fields, permissions, and behaviour as configuration — not Lambda code. A generic runtime interprets that configuration on every request to run queries, enforce access control, apply projections, and return responses.
The one idea to remember
Defining an entity does not create a table, an index, or a function. It writes JSON config records that one shared runtime reads per request. Adding your 50th entity is a few more rows — no migration, no deploy.
Config over code
Everything you build — entities, custom logic, events, AI steps, permissions — is stored as records in DynamoDB and executed by shared handlers. Because every entity flows through the same execution path, auth, plan limits, encryption, and indexing are enforced identically everywhere. A new entity can't accidentally bypass a control.
- No per-entity code. One runtime serves
order,customer,invoice, and everything else. - No migrations. New fields and entities are config writes, not schema changes.
- Declarative security. Permissions are IAM-style policy statements evaluated per request by an authorizer.
Two planes
The platform is split into a global control plane and per-client app stacks. You rarely think about this split day to day, but it explains the two API surfaces you'll use.
- Control plane — identity, tokens, and the API Studio management APIs. Shared and centralized.
- App stack — your org's data: entity records, custom API execution, search. Deployed per client, in any region.
Define, then run
Every feature has two tiers: a define tier where an org admin or developer authors configuration in API Studio, and a run tier where your app's end-users hit the live API. The two never share a table or an authorizer.