Most backend code is now AI-written and shipped before anyone reviews it. DaloyJS makes the safe path the easy one: a secure-by-default runtime, blocked install scripts, source-verified lockfiles, a zero-runtime-dependency core, and an optional hardened GitHub Actions bundle for teams on GitHub.
Contract-first routing, Standard Schema validation, OpenAPI 3.1 with Hey API typed client codegen, streaming and OpenTelemetry tracing, edge-friendly sessions, a security-focused runtime by default, and a supply-chain-hardened release pipeline for the framework itself. One line on the App constructor, docs: true: auto-mounts a Scalar API reference at /docs and the live OpenAPI 3.1 spec at /openapi.json, the same DX as FastAPI.
Features
- Supply-chain-hardened pnpm scaffolds
- Secure-by-default runtime
- Hardened against LLM-era attacks
- AI-native scaffolding
- Contract-first by design
- Runtime-portable
- Hey API typed clients
- Faster than you'd expect
- Streaming & observability
- Hardened scaffolds, batteries included