ORM + managed migrations
Declare a model, change it, ship. makemigrations + migrate diff the schema for you. Typed QuerySets (.filter · .get · .bulk_create) with always-parameterized SQL.
v0.0.1 · pre-alpha
Ship the whole app.
In Rust.
Umbral is a batteries-included Rust web framework: declare your data and you get managed migrations, a REST API, an admin UI, auth + sessions, background tasks, and email - with compile-time guarantees instead of runtime hopes.
Built on axum + sqlx + sea-query. PostgreSQL and SQLite first-class. Everything is a plugin.
What Umbral ships
Auto-generated REST API
Every model gets /api/<table> CRUD. ResourceConfig hides/transforms/computes fields and registers @action endpoints. OpenAPI schema for free.
Admin UI out of the box
Auto CRUD admin for every registered model. Staff-only Basic Auth gate. Same model registry the ORM and REST surfaces read.
Auth, sessions, security
Argon2id password hashing. Anonymous sessions on every visit, fresh-token regeneration on login. Typed User / OptionalUser extractors. CSRF, autoescape, secure cookies - on by default.
Background tasks + email
DB-backed task queue (no Redis required). Pluggable email backends with multipart attachments, HTML alternatives, dev-console mode.
Plugin-first architecture
Auth, sessions, admin, tasks, REST, OpenAPI, RLS - every built-in is a plugin. Third-party plugins use the exact same Plugin trait. Dependency-inverted, statically composed.
Why Umbral
Most Rust web frameworks stop at "here's a router." You wire up sqlx, write your own migration runner, hand-roll auth, build the admin yourself, and decide what to do about background jobs. That's a lot of code that isn't your product.
Umbral ships the boring stuff for you. Declare your model once and the framework reads it as the source of truth for the database schema, the JSON REST API, the admin UI, and the OpenAPI document. Changes flow through one autodetected migration. Auth, sessions, CSRF, secure cookies, and HTML autoescape are on by default - the easy path and the safe path are the same path.
And Rust's type system carries you the rest of the way. Nullable columns are Option<T>. Backend mismatches fail at boot, not in production. SQL is always parameterized. A REST-free app compiles with zero serializer code; a Postgres-only field type refuses to start against SQLite with a clear error pointing at the model and field.