Skip to main content
Zalatek
Zalatek

GHOST

What is GHOST?
#

GHOST (Go Hexagonal Omni-Server Toolkit) is a modular framework and starter template for building server-rendered Go web applications. Go orchestrates everything: business logic, authentication, authorization, email, rendering. JavaScript is optional progressive enhancement, not a requirement.

Status: Alpha

The Problem
#

Starting a new Go web app means wiring together a dozen libraries, setting up auth, configuring email, choosing a templating engine, and making architectural decisions before you write a single line of business logic. GHOST handles all of that so you can focus on what makes your app unique.

Core Principles
#

  • Go orchestrates everything. All business logic, persistence, authentication, and rendering live in Go.
  • HTML-first delivery. Pages render server-side. JavaScript is optional progressive enhancement.
  • Ports and adapters. Every capability exposes interfaces with swappable implementations. Don’t like a particular library? Swap it out without touching your business logic.
  • Security by default. Cookies, tokens, and redirects ship with hardened, opinionated defaults.

What’s Included
#

Authentication
#

  • OAuth2 provider support (Google, GitHub, GitLab, Discord, and more)
  • Magic link authentication via email
  • JWT access/refresh tokens with configurable expiration
  • Secure session cookies with HttpOnly/SameSite flags enforced

Authorization
#

  • Role-based access control (RBAC) via a policy engine
  • Fine-grained permissions
  • Multi-tenant support out of the box

Email
#

  • SMTP notifier for transactional email
  • Templated message support

Persistence
#

  • SQL databases (MySQL, PostgreSQL, SQLite, SQL Server)
  • ArangoDB document database
  • Implement your own adapter by conforming to the port interfaces

Starter Template
#

  • Server-side HTML rendering with component reuse
  • Modern frontend tooling (asset bundling, styling, icons)
  • HTMX for dynamic interactions without page reloads
  • Login/registration flows, user profiles, admin panel, health checks
  • Dark mode support
  • Deployment configs for Docker, Linux packages, Homebrew, and systemd

Who It’s For
#

  • Server-rendered web apps with progressive enhancement
  • Apps needing first-class auth with OAuth, magic links, and session/token management
  • Teams that prefer explicit architecture over framework lock-in

Not For
#

  • Offline-first PWAs or heavy client-side state machines
  • Full SPA replacements

GHOST is currently in alpha. Architecture and APIs may change.