Humanity's last backend. Built for AI agents.
The AI-native Rust backend framework + generation platform. Agents design, generate, verify and package complete backends. You never write the code.
jerrycan.cc Β· AI-native docs Β· Why jerrycan exists Β· llms.txt
$ jerrycan new --design bookmarks.json # describe it once
β scaffolded a crate-per-module workspace
$ jerrycan gen-tests --module bookmarks # the test suite is generated for you
β 8 acceptance tests written
β¦an agent fills in ~12 lines of obvious handler glueβ¦
$ jerrycan --json check # build Β· clippy Β· audit Β· tests Β· lints
{"ok":true,"diagnostics":[]} # all green: safe + tested, no internals leaked
0.2.0, published onExpect rough edges as it grows.[crates.io]. Early but real.
Agents build it, you don't. Describe the API once; jerrycan generates the workspace, a working data layer, and the tests. Handlers come out as a few lines of obvious glue.Secure by default. Secure response headers, body limits, strict input handling,no internals leaked in errors,#![forbid(unsafe_code)]
everywhere, and stableJC####
codes that deep-link into the docs.Tested before it's "done". jerrycangeneratesthe acceptance suite test-first;jerrycan check
won't go green until it passes. What the generator can't derive from the contract becomes an explicitAGENT TODO
in the test file, so the gaps are named instead of silent.Fail loud. Conflicting routes are build-time errorsbeforeserving; missing dependencies and cycles are coded errors, not mysteries.Multi-agent ready. Generated apps are crate-per-module workspaces with compiler-enforced boundaries, so parallel agents merge without conflicts.Deploy anywhere, deployed by the agent.jerrycan package
produces a static binary, a hardened container image, k8s manifests, or a systemd unit, with an SBOM.jerrycan deploy render
writes a deploy kit the agent executes with an API key: design file to live URL, no human in the loop.Docs that can't lie. Every example in the docs is a doctest executed in CI.
cargo install jerrycan # the CLI + MCP server
Wire the MCP server into your agent, then ask for a backend in one prompt:
claude mcp add jerrycan -- jerrycan mcp
// Cursor / any stdio MCP client
{ "mcpServers": { "jerrycan": { "command": "jerrycan", "args": ["mcp"] } } }
The agent drives the whole loop: design β scaffold β gen-tests β implement β check β package β deploy. Claude Code users also get the bundled jerrycan-backend skill that guides the process end to end. Point any other agent at
docs/aior
jerrycan.cc/llms.txt; the docs are written to be sufficient on their own.
cargo add jerrycan --features db,auth,validate,observe
A route module is Flask's Blueprints, reborn with compiler-enforced boundaries. Everything a handler needs is visible in its signature, and guards are just dependencies:
use jerrycan::prelude::*;
pub fn module() -> Module {
Module::new("todos")
.route("/", get(list).post(create))
.route("/{id}", get(show).delete(remove))
.mount("/{id}/comments", comments::module()) // subroutes nest arbitrarily
.provide(TodoRepo::new()) // module-scoped dependency
}
async fn list(repo: Dep<TodoRepo>) -> Result<Json<Vec<Todo>>> {
Ok(Json(repo.all().await?))
}
async fn remove(_: Dep<Admin>, repo: Dep<TodoRepo>, Path(id): Path<i64>) -> Result<NoContent> {
repo.delete(id).await?; // `Dep<Admin>` is the guard: a dependency that must resolve
Ok(NoContent)
}
Testing runs real requests in memory, no sockets, and any dependency can be faked in one line:
let t = app().into_test().override_dep(Db::fake());
assert_eq!(t.get("/todos/").await.status(), jerrycan::http::StatusCode::OK);
The agent drives one fixed loop; jerrycan does the generation and the gating:
jerrycan_design β requirements become a validated design.json (pointed questions, not guesses)
jerrycan_scaffold β a crate-per-module workspace, one route crate per module
jerrycan_gen_tests β failing acceptance tests, generated from the design
(the agent implements the handler bodies, guided by the docs tools)
jerrycan_check β build + clippy + audit + tests + jerrycan lints, machine-readable diagnostics
jerrycan_package β hardened artifacts + SBOM, only when everything is green
jerrycan_deploy β a deploy kit for the target platform (Render first), run by the agent
Project layout of the framework itself
crates/
βββ jerrycan # facade + the CLI/MCP binary, apps depend on this
βββ jerrycan-core # routing, extractors, DI, modules, middleware, errors, test client
βββ jerrycan-macros # #[jerrycan::main]
βββ jerrycan-db # data layer + migrations (SeaORM)
βββ jerrycan-auth # sessions, JWT, OAuth2, guards
βββ jerrycan-validate # validation + OpenAPI
βββ jerrycan-observe # logs, /healthz, /metrics
βββ jerrycan-ratelimit # rate limiting (429 JC0429)
βββ jerrycan-jobs # background jobs, cron, retries (Postgres / Redis)
docs/
βββ ai/ # the AI-native docs, every example is a CI-run doc-test
βββ contracts/ # MCP tool schemas, design.json schema, CLI UX spec
Yes, and it's measured, not asserted. A docs-only agent (given only jerrycan docs
, no framework source, no fixtures) builds real backends that pass jerrycan check
and serve real HTTP:
5/5 of the reference CRUD apps: green on the first run, zero doc gaps.- The full multi-tenant SaaS slice: green across 6 modules + 2 background jobs, driven** live over HTTP**. Auth, per-tenant isolation, signed webhooks, CSV import, scoped API keys, OAuth. A** negative control**(breaking tenant scoping) correctly turns the gate** red**, so the green isn't hollow.
It's wired as an un-skippable release gate (CI + a fail-fast pre-publish block), so it can't silently regress. Full write-up: conformance/eval/results.md.
For: CRUD-shaped, multi-tenant REST APIs. The backbone of most SaaS.
Not (yet): realtime / WebSockets, GraphQL / gRPC, blob storage, edge / serverless. jerrycan runs as a normal long-lived service. We'd rather name the edges than oversell the middle.
jerrycan stands on the Rust ecosystem you already trust, and emits plain Rust you own:
Rust Β· Tokio Β· hyper Β· SeaORM Β· serde Β· clippy Β· cargo-audit
Phases 0-4 + the full v2 cycle, all complete (click to expand)
| Phase | Scope | Status |
|---|---|---|
| 0 - Contracts | ||
| Core API spike (DI, modules, routing, serving) + AI docs + MCP/CLI contracts | β complete | |
| 1 - Core loop | ||
jerrycan CLI (new/generate/dev/check) + MCP server |
||
| β complete (incl. 1b hardening) | ||
| 2 - Data & TDD | ||
| jerrycan-db, jerrycan-validate + OpenAPI, per-module test generation | β complete | |
| 3 - Production | ||
jerrycan-auth, jerrycan-observe, jerrycan package (Docker/k8s/binary/systemd) |
||
| β complete | ||
| 4 - Hardening | ||
| Fuzzing, agent evals, diagnostics polish β v0.1.0 | β complete | |
| v0.1.0 | ||
| First release, crates published on crates.io | π released | |
| v2.0 - Data foundation | ||
Contract v1 (relations + on_delete , unique/index, enums, json, tenancy, jobs shape), SeaORM data layer, schema.json contract + jerrycan_schema tool, generated isolation tests |
||
| β complete | ||
| v2.0b - Core readiness | ||
Dual-lane body + per-route limits, param-carrying mounts, task-scoped DI, extension lifecycle, mockable Clock |
||
| β complete | ||
| v2.1 - Protocol surface | ||
Multipart / RawBody (webhook signatures) / StreamBody extractors |
||
| β complete | ||
| v2.2 - Middleware kit | ||
CORS in core; rate limiting as an extension (429 JC0429 ) |
||
| β complete | ||
| v2.3 - jerrycan-jobs | ||
JobStore (Postgres / Redis), retries + dead-letter, named queues, cron, idempotency, run_at |
||
| β complete (incl. v2.3b Redis Streams) | ||
| v2.4 - Auth expansion | ||
| OAuth2 client, encrypted token storage + key rotation, scoped API keys, mock IdP harness | β complete | |
| v2.5 - Eval gate β v0.2.0 | ||
| Reference slice rebuilt on jerrycan, served live, every v2 feature driven over real HTTP, wired as a permanent, un-skippable CI + publish gate | β complete |
The v1 plan is in the v1 design spec; the v2 roadmap is in the v2 design spec; deferred items are in the backlog.
Build Β· test Β· lint Β· bench Β· fuzz
cargo test --workspace --all-features # CI runs this, every docs example is a doc-test
cargo clippy --workspace --all-targets --all-features -- -D warnings
cargo fmt --all --check
cargo bench # criterion benches (routing, extraction)
cargo +nightly fuzz run <target> # fuzz targets live in fuzz/ (outside the workspace)
The project is built docs-first and test-first: documentation examples are the executable specification.
jerrycan is built by one developer and a fleet of agents. Sponsorship pays for the eval infrastructure, the deploy targets, and the time it takes to keep the gate honest.
Licensed under the MIT License.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be licensed under the MIT License, without any additional terms or conditions.
jerrycan.cc Β· AI-native docs Β· GitHub @backant-io