Skip to main content

⚡ Aksara - AI-native async backend framework for Python

Project description

Aksara logo

Aksara

An AI-native Python backend framework for async PostgreSQL apps.

Define your model once and generate REST APIs, migrations, Studio/admin surfaces, diagnostics, and safe MCP tools for AI agents — with runtime field enforcement, tenant-aware policies, and release-trust security controls.

Python 3.11+ MIT License Tests Version PostgreSQL Async


Aksara CLI demo — scaffold to running app in seconds


What is Aksara?

Aksara is an AI-native backend framework for building PostgreSQL-powered APIs with automatic REST endpoints, migrations, Studio UI, MCP tools, and system-level AI intelligence. The goal is simple: a new project should have a working API, inspectable data model, AI-facing tool catalog, and launch diagnostics before you start writing glue code.

Current release: v0.5.53 — ORM Query Semantics & Migration Generation Correctness.

This release fixes ORM query semantics: filter(field=None) now compiles to IS NULL, __isnull uses strict boolean parsing, and FK column aliases like author_id are accepted in filters. Migration generation is also corrected: CreateTable and DropTable operations are ordered by FK dependencies, Array(nullable=False) fields emit correctly in generated migrations, and additional field operations have codegen support. The package remains pre-1.0 and additional ORM correctness work is planned.


What Aksara Does

You define a model once. Aksara generates everything else from it:

from aksara import Aksara, Model, fields
from aksara.api import ModelViewSet, action

class Incident(Model):
    title = fields.String(
        max_length=200,
        ai_description="Short summary of the incident",
    )
    severity = fields.String(
        choices=["low", "medium", "high", "critical"],
        ai_description="Impact level for triage priority",
    )
    resolved = fields.Boolean(
        default=False,
        ai_agent_writable=False,  # AI agents can read this but not flip it
    )
    notes = fields.Text(
        ai_description="Internal investigation notes",
        ai_sensitive=True,        # Excluded from AI context by default
    )

class IncidentViewSet(ModelViewSet):
    model = Incident

    @action(detail=True, methods=["POST"], ai_exposed=True)
    async def escalate(self, pk: str, request):
        """
        Escalate incident to critical.
        This custom action is automatically exported as an MCP tool!
        """
        incident = await self.model.objects.get(id=pk)
        incident.severity = "critical"
        await incident.save()
        return {"status": "escalated"}

app = Aksara(database_url="postgresql://localhost/myapp")
app.include_viewset(IncidentViewSet, prefix="/incidents")

From this single definition, you get:

What Where
REST API GET/POST/PATCH/DELETE /incidents/
Real-time stream GET /incidents/stream — subscribe to insert/update/delete events via SSE
MCP tool catalog /ai/tools/mcp — any MCP-compatible agent (Claude, Cursor, etc.) can call your API
AI Console /studio/ui → natural-language queries against your live backend
Studio dashboard /studio/ui — models, routes, queries, migrations, diagnostics
Admin UI /admin/
Database table aksara migrate

The ai_description, ai_sensitive, and ai_agent_writable metadata you wrote on those fields flows through to the AI Console context and the MCP tool catalog automatically. No second schema. No adapter layer. Write it once.


Quickstart

10-Minute Quickstart

pip install aksara-framework
aksara startproject opsdesk && cd opsdesk
aksara dbsetup
aksara migrate
aksara doctor launch-check
aksara dev

Generated app home page

The auto-generated welcome page every new project starts with — API docs, ReDoc, and Studio links built in.

Now open three things:

What to try URL / Command
API docs http://127.0.0.1:8000/docs — inspect generated OpenAPI
Studio + AI Console http://127.0.0.1:8000/studio/ui — ask "explain the Incident model"
MCP tool catalog http://127.0.0.1:8000/ai/tools/mcp — point any MCP client here
Launch check aksara doctor launch-check — verify project, DB, Studio, MCP, AI, examples, and dev-mode readiness
Fix plan aksara doctor fix-plan — diagnose and print the remediation path

That's what makes Aksara different from pip install fastapi && pip install sqlalchemy && .... The AI and diagnostic surfaces exist from the first aksara dev.


Aksara is built on FastAPI, so you get its performance and full ecosystem out of the box. The rest — ORM, migrations, admin, Studio, MCP export, AI Console, doctor — is what you'd otherwise spend a sprint assembling yourself. I did that part for you.


Open Studio

Studio lives at http://127.0.0.1:8000/studio/ui. It gives you models, routes, query tools, migrations, diagnostics, AI Console, AI Inspector, Project Graph, Architecture Review, Performance Analyzer, Investigation Sessions, and Daily Briefing from the same running app.

If the first run is incomplete, Studio now surfaces clearer states for missing database configuration, pending migrations, missing AI provider setup, and project graph availability.

Use AI

AI features are optional on day one. You can run the framework, inspect Studio, browse API docs, and view MCP output without OpenAI, Anthropic, Azure, or Ollama.

When you want AI features:

aksara ai-hub status
aksara ai-hub configure

For a local-first path, use Ollama:

ollama serve
ollama pull llama3

Use MCP

Aksara exposes generated MCP-compatible tools at http://127.0.0.1:8000/ai/tools/mcp. ViewSets, model fields, custom @action endpoints, and AI metadata flow into the catalog so external agents can inspect and call your backend without a hand-written adapter.


Core Features

Feature What it does
🔌 MCP tool export Auto-generated tool catalog at /ai/tools/mcp from your model definitions
💬 AI Console Natural-language queries against your live backend in Studio
🩺 Doctor & Fix Plans aksara doctor fix-plan diagnoses DB, migrations, AI config, security — prints the fix sequence
🐛 AI Debugger Root-cause analysis: issue clustering, heuristic patterns, confidence-ranked causes
🏗️ Architecture Review Automated health scoring (A–F), coupling/schema/API findings
📊 Performance Analyzer Detects slow queries, N+1, missing indexes, heavy joins
AI Flows In-context AI actions for models, routes, queries, migrations with risk badges
🗄️ Async ORM Postgres-first: models, typed fields, relations, migrations, asyncpg
🔁 Auto-REST ModelViewSet → full CRUD endpoints, serializers, pagination
🏢 Native Multi-Tenancy TenantModel + PostgreSQL RLS + tenant-aware connection context
🗂️ Media Storage FileField / ImageField + FieldFile helpers + filesystem or S3-backed storage
✉️ Async Email Console, locmem, and SMTP backends with send_mail() and send_mass_mail()
🌐 i18n & Timezones LocaleMiddleware, TimezoneMiddleware, lazy _() strings, and UTC-normalized datetime storage
🔗 Generic Relations fields.GenericForeignKey() with auto-managed ContentType resolution across registered models
♻️ Durable Workflows DurableStep persists successful step results in PostgreSQL and reuses them on resume
🧵 Background Tasks @task, enqueue_task(), and TaskWorker provide PostgreSQL-backed jobs with retries
🧠 JSONB + Vectors Nested JSON path filters plus fields.Vector() and cosine/euclidean distance expressions
📦 TypeScript SDK aksara generate sdk --language typescript builds a typed fetch client from your ViewSets
📡 Real-Time Streams GET /<prefix>/stream emits model lifecycle events through tenant-safe SSE
🖥️ Studio Built-in web UI at /studio/ui — inspect models, routes, queries, migrations
🛡️ Admin Browse and edit data without extra setup
🔎 Semantic Search ⌘K spotlight across models, routes, settings, playbooks

Why Aksara?

Because the first ten minutes of a backend project should prove the system works, not force you to assemble the same stack again. Aksara gives you the database layer, API layer, Studio, AI context, MCP surface, diagnostics, and example paths together, while keeping the model definition as the source of truth.


The Aksara Difference

Most frameworks stop at the database and the HTTP layer. You define a model, you get a table and an endpoint. Aksara keeps going.

The same ai_description="Short summary of the incident" you put on a field:

  1. Describes the column for any developer reading the code
  2. Appears in the MCP tool catalog at /ai/tools/mcp so Claude, Cursor, or any MCP-compatible agent knows what that field means before calling your API. (Note: Custom ViewSet endpoints using the @action decorator are also automatically exported as tools).
  3. Populates the AI Console context so you can type "show me all critical unresolved incidents" in Studio and the AI knows which fields to query
  4. Drives the Schema Doctor which checks that your AI metadata is complete and consistent

ai_agent_writable=False on resolved means the MCP catalog marks that field read-only — an AI agent can see it but can't change it. ai_sensitive=True on notes excludes it from AI context entirely.

You write this metadata once, next to the field definition, and it propagates everywhere. No second schema, no separate MCP adapter, no context-building glue code.


Security-First Generated Surfaces

Generated surfaces are security boundaries. A generated OpenAPI schema, an MCP tool catalog, a Studio admin view — these all face external callers, and they all multiply exposure. Aksara's approach is to keep the security boundary server-side rather than trusting the generated schema to stop bad input.

Principal model. Every request resolves to a Principal: User, AIAgent, Anonymous, or System. The PolicyEngine makes authorization decisions per principal — what actions are allowed, which fields are readable, which fields are writable, and which rows are visible.

Runtime field enforcement. Generated write paths enforce field policy at runtime before the database write. A field marked ai_agent_writable=False is not only hidden from the MCP schema — it is actively blocked when an AI agent sends it in a payload. The rejection is explicit: a 403 with denied_fields in the response, not a silent strip.

Tenant isolation. Tenant-aware models carry PolicyEngine.query_filter() that scopes every queryset to the caller's tenant. tenant_id mutation is blocked on covered write paths. Adversarial tests cover cross-tenant access, missing tenant context, and forged tenant headers.

MCP/AI credential boundaries. MCP is disabled by default. When enabled, credential helpers validate scopes, audience, tenant binding, and expiration. AI agents resolve to AIAgent principals and can be made more restrictive than human user principals for the same resource.

Fuzz coverage. Generated filter parameters, ordering fields, serializer inputs, and migration identifiers have bounded adversarial test coverage. The goal is to catch generation logic bugs before they reach callers.

Release trust. Security CI, release gates, CodeQL, dependency audit, SBOM generation, and PyPI Trusted Publishing are in place. They make the release process observable, not just the code. See the Release Security guide for the gate criteria.

Aksara is pre-1.0 and does not claim production readiness. See the Security Overview for the current posture and known limitations.


Migration Safety

File-based Aksara migrations are applied through a canonical executor that uses PostgreSQL advisory locks, per-migration transactions, checksum verification, SQL statement splitting, cycle detection, and clearer failure reporting. The CLI and the testing helpers share that executor for file-based runs, so local, CI, and production file-based runs get the same guarantees. When no migration files exist, aksara migrate can still use a legacy model-based bootstrap fallback; that path is intended for initial/simple setup and does not provide the full file-based migration integrity model.

See the Migration Safety guide for details.


Patterns & Examples

The bundled examples are the golden paths for learning and launch validation:

Example Use Case Where to start
basic_app Smallest working Aksara app examples/basic_app/
Blog Posts, comments, publish workflow; models, relations, APIs, Studio, MCP aksara startproject myblog --template blog
CRM Customers, deals, pipeline stages; business data model and reporting patterns aksara startproject mycrm --template crm
Multitenant Tenant-aware SaaS apps and tenant-aware app structure aksara startproject saas --template multitenant
AI Providers BYO LLM wiring examples; local and remote AI setup with no secrets examples/ai_providers/

Browse: examples/ | Docs: Patterns

Validate the examples in a source checkout:

aksara examples validate
aksara examples validate --format json

Documentation

Section Description
Quickstart Build and deploy in 5 minutes
Getting Started Install, first project, Studio, AI, MCP, examples
ORM Guide Models, fields, relations, queries
API Guide ViewSets, actions, serializers
Advanced Guide Background tasks, media/email, i18n, generic relations
AI Mode MCP, AI Console, Debugger, Architecture Review
Security Guide Security posture, hardening, tenant isolation, MCP boundaries
Studio Guide Visual inspector & debugging
Admin Guide Admin site customization
CLI Reference All CLI commands, including SDK generation

Roadmap

Current stable: v0.5.53 — ORM Query Semantics & Migration Generation Correctness.

Next planned milestones:

Version Focus
v0.5.x Remaining ORM correctness: write-path consistency
v0.5.x Remaining ORM correctness: relation DDL safety
v0.5.x Remaining ORM correctness: advanced field policy
v0.5.x Durable AI Session Store
v0.6.0 Production Mode

See the Roadmap for the full release path.


Status

Aksara is pre-1.0 and actively evolving. Current version: 0.5.53.

Stable: ORM primitive field validation, query semantics (NULL filtering, __isnull, FK alias filters), migration generation ordering, ViewSets, serializers, permissions, Admin, Studio, CLI, MCP export, AI Console, Doctor, media/email, i18n/timezones, generic relations, background tasks, and JSONB ORM support.

Evolving: write-path consistency, relation DDL safety, advanced Array/vector/file field policy, AI Debugger, Architecture Review, Performance Analyzer, and long-running AI session surfaces.

Release trust: Security and release-gate workflows prepare dependency audit, static analysis, secret scanning, SBOM generation, package verification, and Trusted Publishing. They do not constitute a production-readiness claim.

See the Roadmap for what's next.


Contributing

Please read the Contributing Guide and follow the Code of Conduct.

  1. Check existing issues or open a new one.
  2. Fork the repo and create a feature branch.
  3. Run tests and docs checks relevant to your change.
  4. Submit a pull request using the project template.

Community

PyPI GitHub


License

MIT License


A note from the author

Hello my fellow builder!

You didn't start any project because you wanted to spend a week wiring up an ORM, migrations, admin, AI adapters, and debugging surfaces. You started because you have something you want to build, and every hour spent on infrastructure is an hour further from that.

Aksara is my attempt to get you past that part faster. Not by hiding the complexity, but by making the right defaults obvious so you can spend your attention on what actually matters to you.

That said, a framework is a long chain of judgment calls. What should be automatic? What should stay explicit? When does "helpful" become too much magic? I've made those calls with care, but I can only see what I've seen. The gaps I don't know about yet are the ones that will cost you an hour when you hit them.

That's why your experience matters here. The rough edge you found. The docs that didn't explain the thing you needed. The feature that clicked immediately. The place where Aksara got out of your way and let you move. That signal is what makes this better.

So if you decide to build with it, I want to hear what you ran into:

  • Open an issue on GitHub, even a rough one. "This didn't work and I'm not sure why" is more useful than a polished bug report.
  • Show me what you're building. A link, a screenshot, a one line description, I read every one.
  • Tell me what tipped the scale, if you started here and moved to something else. That kind of honesty is how good frameworks get made.

Aksara is pre-1.0 on purpose. I don't want 1.0 to be a monument to my assumptions, I want it to reflect the shape of what you actually tried to ship with it. If you're one of the people who tries, you're not just a user. You're a co-author of where this lands.

Thanks for taking the time to look.

Nagarjuna


Built with ❤️ by Nagarjuna Tella.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aksara_framework-0.5.53.tar.gz (3.5 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

aksara_framework-0.5.53-py3-none-any.whl (888.1 kB view details)

Uploaded Python 3

File details

Details for the file aksara_framework-0.5.53.tar.gz.

File metadata

  • Download URL: aksara_framework-0.5.53.tar.gz
  • Upload date:
  • Size: 3.5 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for aksara_framework-0.5.53.tar.gz
Algorithm Hash digest
SHA256 5f10a23f54647c3aa08e2a6427b86541df01e2ed816ae9816f961573e803aa40
MD5 4a61142ec4a660034f5676a4a1e4d9e7
BLAKE2b-256 11157565711cd9eab0c63fc6f090854dbc73dd05e352e3af829ba1f4f86cfea1

See more details on using hashes here.

Provenance

The following attestation bundles were made for aksara_framework-0.5.53.tar.gz:

Publisher: publish.yml on nagarjuna-tella/Aksara

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file aksara_framework-0.5.53-py3-none-any.whl.

File metadata

File hashes

Hashes for aksara_framework-0.5.53-py3-none-any.whl
Algorithm Hash digest
SHA256 65ce1bd7fb3b3fc56664d78a25f83b5358deb5c153777cad87035f6b807490b7
MD5 9cd55544ec4935f7b828d54bdeeea47d
BLAKE2b-256 b02001791d268078c70f515d1418c01e97874c6426c8c58c774956ea272c9cb9

See more details on using hashes here.

Provenance

The following attestation bundles were made for aksara_framework-0.5.53-py3-none-any.whl:

Publisher: publish.yml on nagarjuna-tella/Aksara

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page