✦

★

An Agent-Native
Full-Stack Framework

AI spills the code. The dumpling holds. 🥟

Engineering decisions, handed to the framework. 100+ MCP tools · battle-tested Skills workflows · runtime Guard.

Start Building→

$bun create mandu my-app

⚠️Warning

10,000 lines a day from coding agents,

who fixes it?

Without structural guardrails, AI-generated code quickly turns into a tangled mess of tech debt.

🔥

Feature Sprawl

AI agents create duplicate utilities and ignore existing patterns, bloating your codebase.

→ negotiate + Skills keep structure consistent

💀

Silent Failures

Logic errors buried deep in generated functions that pass basic tests but fail in production.

→ ATE writes tests and heals failures

🌀

Architectural Drift

Your clean architecture degrades as AI pastes code without understanding boundaries.

→ Guard enforces boundaries at runtime

↓

Mandu solves this

Core Concepts

Safe. Scalable. Structured.

📋

Already giving your agent the same instruction for the third time?

One contract file brings types, API, tests, and runtime validation with it. When the agent drifts, Guard stops it at runtime.

🛡️

Clean architecture, fell apart in a week?

Guard enforces layer boundaries, naming, and dependency rules at runtime. Six presets ready — FSD, Clean, Hexagonal, Atomic, CQRS, Mandu.

// layer violation detected

Agent "claude" blocked.

Reason: layer-violation: shared → features

Architecture preserved. ✅

🧩

Slot-Based Architecture

Isolated execution contexts. Replace parts of your system without breaking the whole.

🤖

Agent-Native (MCP)

Built for the Model Context Protocol. Agents understand your codebase structure natively.

🧪

Still writing tests yourself?

ATE auto-generates Playwright specs from your routes. Pick an oracle level (L0–L3, smoke to contract). When a test fails, the LLM suggests a repair diff.

⏪

One click to undo an agent's mistake.

Snapshot with `mandu change begin` before the agent edits. Rollback if it's wrong, commit if it's right. File-level atomic recovery — no branches.

How is this different from Next · Remix · Hono?

Feature	Mandu 🥟	Next.js	Remix	Hono
Runtime	Bun-native	Node/Edge	Node/CF	Bun/Node/Deno
Type ↔ API	One contract → type · OpenAPI · tests	Manual sync	Manual sync	Zod middleware (manual)
Architecture enforcement	Guard at runtime	ESLint	None	None
Test automation	ATE auto-generate & heal	Manual	Manual	Manual
Agent interface	100+ MCP tools built-in	Plugin	Plugin	Plugin
AI edit rollback	change begin/commit/rollback	git (manual)	git (manual)	git (manual)
Deploy targets	4 edge + 7 deploy adapters	Vercel-first	Multi	Multi
DB client	Bun.SQL (Postgres · MySQL · SQLite)	—	—	—
Auth / Session	session · JWT · OAuth · email	3rd-party	3rd-party	3rd-party

Mandu vs

Next.jsRemixHono

See for yourself

6-line handler, 8-line contract.

A 30-line file becomes two files, 14 lines total. Same /api/signup.

app/api/signup/route.ts

30 lines

import { z } from "zod";
import { NextRequest, NextResponse } from "next/server";
import { db, hash, isRateLimited } from "@/lib";

const SignupSchema = z.object({
  email: z.string().email(),
  password: z.string().min(8),
});

export async function POST(req: NextRequest) {
  const csrf = req.headers.get("x-csrf-token");
  if (csrf !== req.cookies.get("__csrf")?.value)
    return NextResponse.json({ error: "csrf" }, { status: 403 });
  if (await isRateLimited(req.ip))
    return NextResponse.json({ error: "rate" }, { status: 429 });

  const raw = await req.json().catch(() => null);
  const parsed = SignupSchema.safeParse(raw);
  if (!parsed.success)
    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });

  try {
    const user = await db.user.create({
      data: {
        email: parsed.data.email,
        password: await hash(parsed.data.password),
      },
    });
    return NextResponse.json({ id: user.id }, { status: 201 });
  } catch (err) {
    if ((err as any).code === "P2002")
      return NextResponse.json({ error: "duplicate" }, { status: 409 });
    return NextResponse.json({ error: "internal" }, { status: 500 });
  }
}

🥟 Show 24 more lines

Next.js · hand-wiredCSRF · rate limit · auth · error mapping — all manual

app/api/signup/route.ts

6 lines

import { Mandu } from "@mandujs/core";
import { SignupContract } from "@/spec/contracts/signup.contract";

export default Mandu.filling(SignupContract, async (ctx) =>
  ctx.ok(await ctx.db.user.create({ ...ctx.body }))
).guard("auth").rateLimit({ rpm: 10 });

Mandu · Filling handlerCSRF · rate · auth composed via middleware chain

spec/contracts/signup.contract.ts

8 lines

import { defineContract } from "@mandujs/core/contract";
import { z } from "zod";

export const SignupContract = defineContract({
  method: "POST",
  request: z.object({ email: z.string().email(), password: z.string().min(8) }),
  response: z.object({ id: z.string() }),
});