CFast

Built on tools you already know

CFast doesn’t reinvent the wheel. It connects React Router v7 for SSR and routing, Drizzle ORM for type-safe queries on Cloudflare D1, Better Auth for authentication (magic links, passkeys), and Joy UI for components — then adds the glue you’d otherwise write yourself: permissions, storage, admin panels, forms, and pagination.

npm create cfast@latest my-app

Server

@cfast/core Plugin system that wires React Router, Drizzle, and Better Auth together.

@cfast/env Type-safe Cloudflare bindings (D1, R2, KV, secrets) with runtime validation.

@cfast/db Permission-aware Drizzle queries for D1 with caching and pagination.

@cfast/auth Better Auth integration: magic email, passkeys, role management, impersonation.

@cfast/permissions Isomorphic permission system with Drizzle-native row-level access control.

@cfast/storage Schema-driven file uploads to R2 with validation and multipart support.

@cfast/email Transactional email with react-email templates.

UI

@cfast/ui Joy UI components that respect your permission model (ActionButton, PermissionGate).

@cfast/forms Auto-generated forms from your Drizzle schema.

@cfast/actions Multi-action React Router routes with permission checks.

@cfast/pagination Cursor, offset, and infinite scroll — hooks and server helpers.

@cfast/admin Auto-generated admin panel from your Drizzle schema.

Philosophy

1. Permissions are first-class. Define them once in your Drizzle schema. Enforce on the server. Reflect in the UI. No duplication.
2. The schema drives the app. Drizzle tables generate forms, admin panels, and permission-aware queries automatically.
3. Solved once, correctly. Auth flows, multi-action routes, infinite scroll, file uploads — common patterns you shouldn’t rewrite per project.
4. Isomorphic by design. Permission checks, validation, and types work identically on client and server.