PocketBase
PocketBase is a single Go binary that provides a complete Backend-as-a-Service: SQLite database with REST API, real-time subscriptions, OAuth2 + email auth, and file storage. It runs as a single self-hosted process with no external dependencies — the admin UI, API, and database are all bundled in one file.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
TLS must be configured at reverse proxy level (Caddy recommended). Admin dashboard is exposed on same port as API — must be secured. Collection API rules control data access but require careful configuration. MIT open source allows full audit. Encryption at rest not built in — depends on disk-level encryption.
⚡ Reliability
Best When
You want a dead-simple, zero-dependency, self-hosted backend for an agent project with moderate traffic — especially for prototyping, internal tools, or small production apps where operational simplicity is paramount.
Avoid When
You need horizontal scaling, managed cloud infrastructure, more than a few concurrent heavy write operations, or production SLAs beyond what a single SQLite process can provide.
Use Cases
- • Running a complete backend for small to medium agent applications from a single binary with zero infrastructure overhead
- • Using PocketBase's REST API as a structured data store for agent state, memory, and task queues
- • Authenticating agent users via PocketBase's built-in OAuth2 and email auth
- • Storing agent-generated files using PocketBase's integrated file storage with automatic thumbnail generation
- • Subscribing to real-time database change events via SSE to trigger agent workflows on data changes
- • Extending PocketBase with custom Go or JavaScript hooks to add agent-specific business logic
Not For
- • Applications needing horizontal scaling — SQLite means single-process, single-file (no multi-replica read/write)
- • High-concurrency write workloads — SQLite WAL mode handles moderate concurrency but has limits
- • Teams needing a managed cloud service with automatic scaling, backups, and SLAs
- • Data sets larger than a few gigabytes — SQLite performance degrades at very large scales
Interface
Authentication
PocketBase uses JWT tokens issued after login as auth records. Admin token for full access; user-scoped tokens for client operations. OAuth2 providers supported (GitHub, Google, Facebook, etc.). API rules defined per collection to control CRUD access. No granular API key scoping — access is governed by collection rules.
Pricing
PocketBase has no cloud offering. Cost is purely your hosting infrastructure. A $5/month VPS is sufficient for many production use cases.
Agent Metadata
Known Gotchas
- ⚠ SQLite single-process design means write throughput is limited — not suitable for high-concurrency agent writes
- ⚠ No horizontal scaling — you cannot run multiple PocketBase instances against the same database
- ⚠ Real-time subscriptions use SSE (Server-Sent Events), not WebSocket — some agent HTTP clients may need special handling
- ⚠ Collection schemas must be defined in admin UI or via migrations before API use — no schemaless writes
- ⚠ File storage is local disk by default — S3-compatible storage requires custom implementation or extending PocketBase in Go
- ⚠ No official Python SDK — agents must use raw HTTP calls or community SDK
- ⚠ Backup must be managed manually — no built-in automated backup system
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for PocketBase.
Scores are editorial opinions as of 2026-03-06.