AxumKit
Hardened auth
Redis sessions, TOTP 2FA, new-device verification, OAuth2 with PKCE, and an auth audit log — OWASP ASVS-aligned out of the box.
Django-style RBAC
Roles, ACL groups, and grantable permission codenames with an admin API — has_perm semantics for community apps.
Background worker
NATS JetStream job queue with retries, dedup, DLQ, and cron — email, search indexing, and cleanups run outside the request path.
Real e2e testing
A disposable Docker stack (tmpfs Postgres, Mailpit, S3 stand-in) drives black-box HTTP suites with pinned security regressions.