Edge Functions & Secrets

What are edge functions

Edge functions are serverless JavaScript functions that run on the platform. They're great for backend logic that needs to stay private — like OAuth callbacks, Stripe webhooks, sending emails, or querying your database securely.

Functions live in your project's edge-functions/ folder. Each file is a Node.js module that exports an async handler:

        // edge-functions/my-function.js
        module.exports = async (req, res, { db, env }) => {

        const rows = await db.query("SELECT * FROM users");
        res.json({ data: rows.rows, key: env.STRIPE_KEY });
        };
      

The function receives req (Express request), res (Express response), and a context object with db (PostgreSQL client) and env (merged secrets + environment variables).

Deploy & invoke

Open the Fn button in the IDE footer to manage your edge functions. From the Functions panel you can:

Create new functions with a default Node.js template
Deploy function code to the platform
Test invocations with GET or POST directly from the IDE
Copy the function's public URL
Delete functions

Functions are invoked at https://api.aicodesit.com/fn/{projectId}/invoke/{name}. You can also use path-style actions: /invoke/auth/signup is equivalent to /invoke/auth?action=signup.

Runtime & portability

Edge functions use a simple Node.js Express-style signature — (req, res, { db, env }) — rather than the Cloudflare Workers or AWS Lambda format. This is intentional: it keeps functions easy to read and write without needing any SDK, and the AI can generate correct function code without extra context.

If you ever want to move a function off the platform, wrapping it is straightforward:

        // adapting to standard Express
        const handler = require("./my-function");

        app.post("/my-function", (req, res) => handler(req, res, { db, env: process.env }));
      

NoteThe db context is a standard node-postgres (pg) client. Any code that queries db will work unchanged against any PostgreSQL database — there is no proprietary query API.

Secrets manager

The Secrets tab (inside the Fn panel) is a server-side key-value store for sensitive credentials. Secrets are stored in /srv/secrets/{projectId}.json on the server — they are never committed to your git repository.

System secrets — auto-managed by the platform (shown with a lock icon): DATABASE_URL, DB_SCHEMA, DB_REST_URL, ANON_KEY, DB_API_KEY, AUTH_SECRET, AUTH_CALLBACK_URL, AUTH_FRONTEND_URL. Cannot be deleted
User secrets — add your own keys like STRIPE_SECRET_KEY, SENDGRID_API_KEY, etc. Values are masked in the UI with a copy button to grab the value
All secrets are injected into edge functions automatically via the env context object
ANON_KEY and DB_API_KEY are also shown in the DB panel sidebar — use them in your frontend to authenticate REST API calls

NoteDatabase credentials (DATABASE_URL, DB_API_KEY) are stored server-side only and are never committed to your git repository. Your .env file in git contains only non-sensitive hints.