Browser-Only Architecture
DBModeler is a single-page application. It has no server-side application router and no backend model editor. The browser loads the app shell, and all project interaction happens on the client.
Runtime model
Section titled “Runtime model”At a high level, DBModeler works like this:
- The browser loads the static app.
- Project state is resolved from local persistence or from a deep-linked project route.
- The editor loads the active project into memory.
- Optional integrations talk directly to provider APIs from the browser.
This design keeps the editor responsive and avoids coupling modeling work to a central application server.
Routing
Section titled “Routing”DBModeler uses a client-side route format:
/p/<projectId>
That route is used to reopen or deep-link directly to a project. If no project route is present, the app falls back to the project list.
Project IDs are validated before lookup, and invalid paths fall back safely to the home view or to a not-found flow.
Persistence layers
Section titled “Persistence layers”DBModeler splits persistence by responsibility.
localStorage
Section titled “localStorage”Lightweight application state lives in localStorage, including the active project pointer and secret-manager metadata.
IndexedDB
Section titled “IndexedDB”Full project records are stored in IndexedDB. This includes diagram state, versions, integrations, custom scripts, and sync snapshots.
In-memory state
Section titled “In-memory state”While you are working, the active project is held in memory and synchronized back to storage through the application hooks.
Cloud and Git integrations
Section titled “Cloud and Git integrations”DBModeler can connect directly from the browser to external providers.
- Google Drive, OneDrive, Dropbox use OAuth 2.0 PKCE flows and provider APIs for sync.
- GitHub and GitLab use Personal Access Tokens and provider APIs for repository operations.
These integrations are optional. The editor still works with browser-only storage when no external provider is configured.
Secret handling
Section titled “Secret handling”Credentials do not need to stay in plain browser storage.
- Personal Access Tokens can stay in memory only.
- Refresh tokens and similar credentials can be stored in an encrypted vault.
- The vault uses a master password, AES-GCM encryption, and Argon2id-based key derivation.
This is why the app can stay browser-only without treating browser persistence as fully trusted.
What this means in practice
Section titled “What this means in practice”The architecture has a few practical consequences for users:
- You can work locally without provisioning a backend.
- Offline editing is possible for the core editor and PWA install flow.
- External operations such as cloud sync and Git pushes still require network access.
- Your chosen storage provider becomes part of your workflow design, not just a backup target.
For a first hands-on flow, continue with Quickstart.