Firestore Browser documentation

A browser-based GUI for Google Cloud Firestore. Everything runs locally in your tab — no backend, no proxy, no stored secrets. This guide covers every screen and workflow.

Overview

Firestore Browser is a single-page app that talks directly to the Google Cloud REST APIs from your browser using an OAuth access token. It's designed for developers who want a fast, keyboard- friendly alternative to the Firebase Console for day-to-day data work.

  • Browse and edit Firestore documents across all your projects.
  • Run structured queries with filters, ordering, and limits.
  • Inspect and publish security rules with a real editor.
  • Manage composite and single-field indexes.
  • Browse Cloud Storage buckets attached to the project.
Personal tool. No data leaves your browser except direct requests to Google APIs. Your access token lives in memory only and is discarded when you close the tab.

Getting started

1. Sign in with Google

From the landing page, click Sign in with Google. A popup will request the following scopes:

  • cloud-platform — read/write Firestore data
  • datastore — admin operations (rules, indexes)
  • firebase — list your Firebase projects

You must be an Owner or Editor on the project. Viewer-only roles can read data but cannot publish rules or create indexes.

2. Pick a project

After sign-in, all Firebase projects linked to your Google account are listed. If you only have one, you are auto-routed to it. Otherwise, click any project to open it.

3. Explore

The top bar offers four primary surfaces: Browse, Rules, Indexes, and Storage. They share the same project context.

Browse data

The Browse view is a three-pane layout: the collection tree on the left, document list in the middle, and document editor on the right.

Tree navigation

  • Click a collection to load its documents (paginated).
  • Click a document to expand its subcollections inline.
  • Root collections are loaded lazily — large databases stay snappy.

Document editor

  • Fields are typed: string, number, bool, timestamp, geopoint, reference, array, map, null, and bytes.
  • Add, rename, retype, or delete fields in place.
  • Save commits an atomic PATCH with the full document mask.
  • Delete asks for confirmation and tombstones the document.

Queries

Click Query on any collection to add WHERE clauses, ORDER BY, and LIMIT. Composite queries that require an index will fail with a one-click link to the Indexes page.

Import & export

The toolbar exposes Import and Export for JSON payloads. Imports are validated against Firestore's type system before any write is attempted.

Security rules

The Rules page is more than a viewer — it's a full security auditor.

  • Monaco editor with syntax highlighting, search, line numbers, and inline risk decorations.
  • Outline tree grouping service → match → allow blocks with openness icons.
  • Risk badges surface public access, missing auth checks, and expired time-bound rules. Click any badge to jump to the offending line.
  • Coverage map cross-references your rules against actual collections so you can spot unprotected paths.
  • Version history with a side-by-side diff against the current ruleset.
  • Simulator — test a method, path, and auth context against the buffer before publishing.
  • Publish creates a new ruleset and updates the active release. Risky changes show a confirmation dialog.
Publishing rules is immediately live for all clients. Use the simulator first and double-check coverage before shipping.

Indexes

The Indexes page lists every composite index and single-field exemption in the project.

  • Filter by collection, state, or query scope.
  • See per-index status: READY, CREATING, NEEDS_REPAIR.
  • Create new composite indexes from a friendly form.
  • Delete unused indexes to reduce storage cost.
Index creation is async — Google takes anywhere from seconds to minutes depending on data size. The page polls and updates state automatically.

Cloud Storage

The Storage view browses the default bucket(s) attached to your Firebase project. Upload, download, preview, and delete objects, and inspect metadata and download URLs.

Cloud Functions

The Functions page is a full lifecycle manager for Firebase Cloud Functions (Gen 2). Author source in-browser, store it in Firestore, and deploy via the Cloud Functions Admin REST API.

  • Triggers. HTTPS, callable, Firestore (onCreate, onUpdate, onDelete,onWrite), and scheduled (cron) functions.
  • Runtime. Node.js 20. Declare dependencies in package.json — Cloud Build runs npm installduring deploy.
  • Source storage. Function definitions and sources live in a _functions Firestore collection in your own project. No external storage.
  • Deploy. Sources are zipped in-browser, uploaded via a generated GCS URL, then create/patch is called on the GCF v2 API. The status pill polls the long-running operation until it reaches ACTIVE or FAILED.
  • Required IAM. roles/cloudfunctions.admin, roles/iam.serviceAccountUser, and write access to the staging bucket. Enable the Cloud Build, Cloud Functions, Artifact Registry, and Cloud Run APIs on the project.
  • Logs. The Functions page deep-links to Cloud Logging for each function — log streaming is not in-app yet.
First-time deploys can take 1–2 minutes because Cloud Build has to build the container image. Subsequent deploys are faster.

AI Assistant

The AI Assistant is a chat panel that can act on your project through a curated set of tools. It can answer questions about your data, draft documents, generate infographics, and manage Cloud Functions.

What it can do

  • Read tools: list collections, fetch documents, run structured queries, summarise schemas.
  • Write tools (gated): create / update / delete documents, create / update / delete / deploy cloud functions. Every write proposal renders an inline diff and requires your explicit approval before it runs.
  • JavaScript sandbox: the assistant can run short scripts in an isolated Web Worker to crunch numbers or render infographics — the worker has no network or DOM access.

Safety model

  • All tool calls execute as you: Firestore rules and IAM still apply.
  • Mutating tools are flagged and require approval per call.
  • The sandbox worker is terminated on timeout and cannot reach the network.

Security & privacy

  • No server. The app is a static SPA. There is no backend that proxies your data.
  • Token lifetime. Access tokens expire after one hour and are never persisted to localStorage. A refresh prompts a silent re-auth.
  • Scopes. Only the minimum scopes required to operate the requested feature are requested.
  • RLS / IAM. All operations execute as you — Firestore rules and IAM still apply. You cannot do anything here that you couldn't do via gcloud.

Troubleshooting

Sign-in popup closes immediately

Your browser is blocking third-party popups. Allow popups for this site and retry.

403 Permission Denied on a collection

Your account lacks the IAM role for that operation. Check Firestore rules and your project IAM bindings.

A query fails with FAILED_PRECONDITION

Firestore needs a composite index. Open Indexes and create one matching the WHERE + ORDER BY fields.

Rules publish silently does nothing

The release endpoint requires datastore.admin. Make sure your role is Owner or Editor, not Viewer.

I lost my edits after refreshing

State lives in memory only. Save before refreshing — there is no autosave.

Keyboard shortcuts

Focus collection search⌘ K
Save document⌘ S
Run query⌘ ⏎
Close dialog / cancel editEsc
Toggle outline⌘ /
Search in editor (Rules)⌘ F

FAQ

Is my data sent anywhere?

No. Requests go directly from your browser to googleapis.com. There is no intermediary.

Can multiple people use this on the same project?

Yes — each user signs in with their own Google account. Permissions follow IAM.

Does this work with Datastore-mode databases?

No. Native Firestore only. Datastore-mode uses a different API surface.

Can I self-host this?

Yes. The app is a static bundle — drop it on any static host and configure your own OAuth client ID.