Show HN: Cot: a Rust web framework for lazy developers

Original Article ↗ Hacker News Discussion ↗

ORMs vs Raw SQL (Central Debate)

  • Strong anti-ORM camp: calls them leaky/pointless abstractions over set-based relational systems; claim they complicate non-trivial queries, migrations, and production rollouts, and eventually “make everything harder.”
  • Pro-ORM camp: emphasizes composability, reuse (scopes, predicates), type safety on queries and results, easier refactors, and good DX for large schemas and junior devs.
  • Some see query builders as a middle ground; others argue that once you push composability far enough, you’ve effectively built an ORM anyway.
  • Migration tooling is a flashpoint: critics say automatic migrations often ignore real production constraints; supporters point to positive experiences (especially with Django-style migrations).
  • Consensus: simple queries are nicer in SQL; complex/large codebases benefit more from higher-level abstractions—if the ORM is well designed and has a SQL “escape hatch.”

Cot’s ORM and Design Choices

  • Cot ships with a custom ORM and automatic migration generation, inspired strongly by Django; this is framed as its main differentiator along with an admin panel.
  • Some are skeptical about inventing “yet another ORM” instead of contributing to Diesel, and about its DSL versus plain SQL.
  • Cot allows disabling its DB layer and using alternatives (e.g., Diesel), but some framework features then vanish (e.g., DB-backed auth).
  • The author acknowledges the ORM is early and limited, and that whether this was a good bet is “time will tell.”

Rust Web Framework Landscape & Risk

  • For “lowest abandonment risk,” commenters recommend Axum or Actix, but note they’re not batteries-included like Django/Rails.
  • Many “Rails/Django for X” projects in other languages have failed to gain traction; concern that any new Rust monolith must clearly justify its existence.
  • Loco, Tuono, Rocket, Axum+sqlx, etc., are mentioned as alternatives with different levels of completeness and focus.

High-Level Frameworks vs Modular Stacks

  • One side warns that “do everything” frameworks (e.g., Spring) are painful to upgrade and lock you in; prefers scaffolding plus small, focused libraries and raw SQL.
  • Others counter with Django as a counterexample: stable, batteries-included, excellent migrations and ORM, easy major-version upgrades, and high productivity.
  • Cot explicitly chases the “Django but compiled / more type-safe” niche for Rust users who value compile-time guarantees.

Async vs Sync Web Models

  • Some users explicitly want a Django-like Rust framework that is sync-only for debuggability and simplicity, especially for low-traffic or embedded use cases.
  • Others argue async (or at least concurrency) is necessary to avoid blocking health checks and to handle many users.
  • A contrary view calls async overused, noting it would not have prevented some classes of bugs, only delayed them.
  • Cot is considering “sync by default, async when needed,” but the tradeoffs are still being explored.

Templating, Frontend Integration, and Deployment

  • Django’s biggest weaknesses, according to one experienced user: an aging template model with poor component composition compared to JSX, and weakly integrated API/frontend tooling (e.g., OpenAPI).
  • Cot currently uses a Jinja-like engine (Rinja) and acknowledges similar conceptual limitations; better frontend integration and automatic OpenAPI generation are on the roadmap.
  • Several commenters highlight Rust’s single-binary deployment and stable toolchain as a major practical advantage over Python+Django stacks, which Cot could leverage more in its pitch.

Authentication and OAuth2

  • Out-of-the-box OAuth2 (GitHub/Google/Facebook/etc.) is called out as a huge win for any modern framework; Cot plans to make this first-class.
  • Other commenters are wary of third-party logins for critical services, preferring local auth for reliability and control, but concede that OAuth2 greatly simplifies signup for many users and enables SSO use cases.