✦

★

Ein Agent-natives
Full-Stack-Framework

Die KI kippt Code aus — der Mandu hält. 🥟

Engineering decisions, handed to the framework. 100+ MCP tools · battle-tested Skills workflows · runtime Guard.

Jetzt loslegen→

$bun create mandu my-app

⚠️Warning

10,000 lines a day from coding agents,

who fixes it?

Ohne strukturelle Leitplanken wird KI-generierter Code schnell zu einem Wirrwarr aus technischen Schulden.

🔥

Feature-Wildwuchs

KI-Agenten erstellen doppelte Hilfsfunktionen und ignorieren bestehende Muster, was die Codebasis aufblaeht.

→ negotiate + Skills keep structure consistent

💀

Stille Fehler

Logikfehler tief in generierten Funktionen vergraben, die einfache Tests bestehen, aber in Produktion versagen.

→ ATE writes tests and heals failures

🌀

Architektur-Drift

Deine saubere Architektur verfaellt, wenn KI Code einfuegt, ohne die Grenzen zu verstehen.

→ Guard enforces boundaries at runtime

↓

Mandu solves this

Kernkonzepte

Sicher. Skalierbar. Strukturiert.

📋

Already giving your agent the same instruction for the third time?

One contract file brings types, API, tests, and runtime validation with it. When the agent drifts, Guard stops it at runtime.

🛡️

Clean architecture, fell apart in a week?

Guard enforces layer boundaries, naming, and dependency rules at runtime. Six presets ready — FSD, Clean, Hexagonal, Atomic, CQRS, Mandu.

// layer violation detected

Agent "claude" blocked.

Reason: layer-violation: shared → features

Architecture preserved. ✅

🧩

Slot-basierte Architektur

Isolierte Ausfuehrungskontexte. Ersetze Teile deines Systems, ohne das Ganze zu brechen.

🤖

Agent-nativ (MCP)

Gebaut fuer das Model Context Protocol. Agenten verstehen deine Codebasis-Struktur nativ.

🧪

Still writing tests yourself?

ATE auto-generates Playwright specs from your routes. Pick an oracle level (L0–L3, smoke to contract). When a test fails, the LLM suggests a repair diff.

⏪

One click to undo an agent's mistake.

Snapshot with `mandu change begin` before the agent edits. Rollback if it's wrong, commit if it's right. File-level atomic recovery — no branches.

How is this different from Next · Remix · Hono?

Feature	Mandu 🥟	Next.js	Remix	Hono
Runtime	Bun-native	Node/Edge	Node/CF	Bun/Node/Deno
Type ↔ API	One contract → type · OpenAPI · tests	Manual sync	Manual sync	Zod middleware (manual)
Architecture enforcement	Guard at runtime	ESLint	None	None
Test automation	ATE auto-generate & heal	Manual	Manual	Manual
Agent interface	100+ MCP tools built-in	Plugin	Plugin	Plugin
AI edit rollback	change begin/commit/rollback	git (manual)	git (manual)	git (manual)
Deploy targets	4 edge + 7 deploy adapters	Vercel-first	Multi	Multi
DB client	Bun.SQL (Postgres · MySQL · SQLite)	—	—	—
Auth / Session	session · JWT · OAuth · email	3rd-party	3rd-party	3rd-party

Mandu vs

Next.jsRemixHono

See for yourself

6-line handler, 8-line contract.

A 30-line file becomes two files, 14 lines total. Same /api/signup.

app/api/signup/route.ts

30 lines

import { z } from "zod";
import { NextRequest, NextResponse } from "next/server";
import { db, hash, isRateLimited } from "@/lib";

const SignupSchema = z.object({
  email: z.string().email(),
  password: z.string().min(8),
});

export async function POST(req: NextRequest) {
  const csrf = req.headers.get("x-csrf-token");
  if (csrf !== req.cookies.get("__csrf")?.value)
    return NextResponse.json({ error: "csrf" }, { status: 403 });
  if (await isRateLimited(req.ip))
    return NextResponse.json({ error: "rate" }, { status: 429 });

  const raw = await req.json().catch(() => null);
  const parsed = SignupSchema.safeParse(raw);
  if (!parsed.success)
    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });

  try {
    const user = await db.user.create({
      data: {
        email: parsed.data.email,
        password: await hash(parsed.data.password),
      },
    });
    return NextResponse.json({ id: user.id }, { status: 201 });
  } catch (err) {
    if ((err as any).code === "P2002")
      return NextResponse.json({ error: "duplicate" }, { status: 409 });
    return NextResponse.json({ error: "internal" }, { status: 500 });
  }
}

🥟 Show 24 more lines

Next.js · hand-wiredCSRF · rate limit · auth · error mapping — all manual

app/api/signup/route.ts

6 lines

import { Mandu } from "@mandujs/core";
import { SignupContract } from "@/spec/contracts/signup.contract";

export default Mandu.filling(SignupContract, async (ctx) =>
  ctx.ok(await ctx.db.user.create({ ...ctx.body }))
).guard("auth").rateLimit({ rpm: 10 });

Mandu · Filling handlerCSRF · rate · auth composed via middleware chain

spec/contracts/signup.contract.ts

8 lines

import { defineContract } from "@mandujs/core/contract";
import { z } from "zod";

export const SignupContract = defineContract({
  method: "POST",
  request: z.object({ email: z.string().email(), password: z.string().min(8) }),
  response: z.object({ id: z.string() }),
});