AxumKit

Hardened auth

Redis sessions, TOTP 2FA, new-device verification, OAuth2 with PKCE, and an auth audit log — OWASP ASVS-aligned out of the box.

Django-style RBAC

Roles, ACL groups, and grantable permission codenames with an admin API — has_perm semantics for community apps.

Background worker

NATS JetStream job queue with retries, dedup, DLQ, and cron — email, search indexing, and cleanups run outside the request path.

Real e2e testing

A disposable Docker stack (tmpfs Postgres, Mailpit, S3 stand-in) drives black-box HTTP suites with pinned security regressions.

Built by levish. The source code is available on GitHub.

Batteries included.

enko