A small Rust runtime, deliberately.

One CLI from build to backup.

Serve native MiniJinja pages or verified exports from Svelte, SvelteKit, Next.js, Vue, Nuxt, and Vite—then keep migrations, vectors, tests, backups, and deploys behind the same CLI.

  • Linux-first
  • MIT licensed
  • No server-side JavaScript runtime
release check ready
$ bunfork doctor \
  --static frontend/out \
  --manifest bunfork-static.json
ok: artifact matches manifest

$ bunfork serve \
  --static frontend/out \
  --manifest bunfork-static.json
listening on 0.0.0.0:3100
Browser code is served byte-for-byte. Node, Deno, Bun, RSC, and Nitro stay out of the production process.
Verified artifacts SQLCipher at rest Bounded vector search Digest-owned deploys

Your frontend stays yours.

Bunfork accepts completed browser output. It does not pretend to be the framework compiler or its server runtime.

Svelte SvelteKit Next.js Vue Nuxt Vite
build Run an explicit command

Bunfork invokes exactly the program and arguments you provide with a reduced environment.

admit Freeze the artifact

Every regular file receives a byte count and SHA-256 digest in a strict manifest.

serve Verify before bind

Files are re-hashed, preloaded, and served with framework-aware routes and caching.

See framework-specific export settings

Native pages when JavaScript is unnecessary.

File routes and MiniJinja inheritance cover static, dynamic, grouped, catch-all, error, and server-rendered pages. Development rescans on each request; production compiles routes before listening.

Open the live dynamic route demo

app/

templates/base.html

pages/

index.html /

notes/[slug].html /notes/:slug

docs/index.html /docs

Operations are product features.

The same binary that serves the app also owns the checks that make a release recoverable.

Encrypted data

Bundled SQLCipher, exact embedded migrations, tenant/model-scoped vectors, and no loadable SQLite extensions.

SQLite & vectors

Tests that cross boundaries

bunfork test runs locked Rust tests plus route, migration, vector, backup, and restore smoke checks.

CLI & operations

Verified recovery

Backups are encrypted, no-overwrite, and validated. Restore preserves the previous live database.

Deploy & recover

Owned deployments

Release bundles carry a complete digest inventory, hardened user units, and a preserved prior release.

Deployment workflow

Security starts with an honest boundary.

Bunfork encrypts data at rest, validates inputs and artifacts, and fails closed on suspicious files. It does not provide TLS, user accounts, remote backup transport, host provisioning, or protection from a compromised live process.

Understand the boundary

Keep the browser expressive. Keep production explainable.

Start with one release build.

Read the five-minute setup