What "generate Django app from requirements" produces

Archiet's Blueprint Wizard takes your requirements (entities, user stories, acceptance criteria, compliance flags) and generates a production Django application. The representative structure:

{project_name}/
├── manage.py
├── config/
│   ├── settings/
│   │   ├── base.py               # reads os.getenv(); raises on missing DATABASE_URL
│   │   ├── production.py
│   │   └── test.py
│   ├── urls.py                   # root URL conf; one include per app
│   └── wsgi.py
├── apps/
│   ├── users/
│   │   ├── models.py             # CustomUser, Role, Workspace
│   │   ├── views.py              # DRF viewsets; JWT auth endpoints
│   │   ├── serializers.py
│   │   ├── permissions.py        # IsWorkspaceMember, IsAdmin
│   │   └── migrations/
│   ├── billing/                  # Stripe module (when billing in genome)
│   └── {entity}/
│       ├── models.py             # Django model with workspace FK + row-level filter
│       ├── views.py              # ModelViewSet; all queries filter workspace
│       ├── serializers.py        # DRF serializer with nested fields
│       ├── urls.py
│       └── migrations/          # one migration per schema change
├── frontend/                     # Next.js frontend (separate from Django)
└── docker-compose.yml            # Django + PostgreSQL + Redis + Nginx

What Django-specific patterns Archiet gets right

Multi-tenant row filtering at the queryset level. Every ModelViewSet overrides get_queryset() to filter by workspace. No request can access cross-tenant data, even if the URL is guessed:

class OrderViewSet(viewsets.ModelViewSet):
    serializer_class = OrderSerializer
    permission_classes = [IsAuthenticated, IsWorkspaceMember]

    def get_queryset(self):
        return Order.objects.filter(
            workspace=self.request.user.active_workspace
        ).select_related("customer").order_by("-created_at")

JWT in httpOnly cookies, not localStorage. The simplejwt configuration issues tokens as httpOnly; Secure; SameSite=Lax cookies. The frontend's Axios client sends cookies automatically. No localStorage.setItem in the generated codebase.

One migration per model change. Archiet uses Django's migration framework — no migrate --run-syncdb, no bare db.create_all(). Every model field change has its own migration file ready to run with python manage.py migrate.

DRF serializers with validated input. Every API endpoint uses a DRF serializer for request validation. Fields are typed, required fields are declared, and validation errors return a consistent 422 response with field-level error messages.

PostgreSQL throughout. settings/base.py reads DATABASE_URL from the environment and raises ImproperlyConfigured if it's absent or points to SQLite. The application uses PostgreSQL-specific features (JSONB fields, ArrayField) that SQLite cannot support.

Django compliance use cases

Django's ORM + admin interface make it especially well-suited for compliance-heavy applications. Archiet generates the compliance documentation from your data model:

GDPR — the generated DPIA identifies which models hold personal data (based on field names and compliance flags in your genome), documents retention periods, and maps Article 6 lawful bases to each processing activity.
HIPAA — the risk assessment identifies PHI fields in your models, documents access controls (which roles can read which fields), and flags any model that stores health information for BAA review.
SOC 2 — the security posture doc maps Django's built-in controls (admin 2FA, password validators, session security settings) to SOC 2 CC criteria.

These documents are generated from the same genome as the models — they describe the actual data structure, not a generic template.

What is included beyond the Django backend

Next.js frontend — screens from your screen manifest (auth flow, dashboard, settings, onboarding, entity CRUD, forgot-password, verify-email)
React Native / Expo mobile app — App Store compliance files included
Docker — multi-stage Dockerfile + docker-compose.yml (Django + Gunicorn + PostgreSQL + Redis + Nginx)
GitHub Actions CI/CD — flake8/ruff → pytest → build → deploy pipeline
Architecture docs — ADRs for every material technical decision
Compliance docs — DPIA, HIPAA, PCI scope, SOX §404 controls when flags are set
Quality gate — ARCHVERIFY blocks delivery below 80/100 quality score

FAQ

Does Archiet use Django REST Framework or Django Ninja?

Django REST Framework (DRF) by default. DRF is the standard for production Django APIs — broader ecosystem, extensive documentation, compatible with the widest range of Django packages. Django Ninja support is on the roadmap for teams that prefer async and type-safe Python.

Does the generated Django app use Django Admin?

A minimal Django Admin registration is included for each model when the admin overlay is flagged in the blueprint. The admin is not styled or heavily customised by default — it is intended as a foundation for internal tools, not a customer-facing interface.

What database is used?

PostgreSQL. SQLite is not supported. The generated settings/base.py raises ImproperlyConfigured if DATABASE_URL is absent or points to sqlite://.

How long does generation take?

Typically 60-120 seconds for a complete blueprint.

Can I combine Django with a Next.js frontend?

Yes — this is the default configuration. Django serves the REST API; Next.js serves the frontend. They communicate via the generated REST API with httpOnly cookie auth. The Next.js frontend includes all screens defined in your screen manifest.

What "generate Django app from requirements" produces

Archiet's Blueprint Wizard takes your requirements (entities, user stories, acceptance criteria, compliance flags) and generates a production Django application. The representative structure:

{project_name}/
├── manage.py
├── config/
│   ├── settings/
│   │   ├── base.py               # reads os.getenv(); raises on missing DATABASE_URL
│   │   ├── production.py
│   │   └── test.py
│   ├── urls.py                   # root URL conf; one include per app
│   └── wsgi.py
├── apps/
│   ├── users/
│   │   ├── models.py             # CustomUser, Role, Workspace
│   │   ├── views.py              # DRF viewsets; JWT auth endpoints
│   │   ├── serializers.py
│   │   ├── permissions.py        # IsWorkspaceMember, IsAdmin
│   │   └── migrations/
│   ├── billing/                  # Stripe module (when billing in genome)
│   └── {entity}/
│       ├── models.py             # Django model with workspace FK + row-level filter
│       ├── views.py              # ModelViewSet; all queries filter workspace
│       ├── serializers.py        # DRF serializer with nested fields
│       ├── urls.py
│       └── migrations/          # one migration per schema change
├── frontend/                     # Next.js frontend (separate from Django)
└── docker-compose.yml            # Django + PostgreSQL + Redis + Nginx

What Django-specific patterns Archiet gets right

Multi-tenant row filtering at the queryset level. Every ModelViewSet overrides get_queryset() to filter by workspace. No request can access cross-tenant data, even if the URL is guessed:

class OrderViewSet(viewsets.ModelViewSet):
    serializer_class = OrderSerializer
    permission_classes = [IsAuthenticated, IsWorkspaceMember]

    def get_queryset(self):
        return Order.objects.filter(
            workspace=self.request.user.active_workspace
        ).select_related("customer").order_by("-created_at")

Django compliance use cases

Django's ORM + admin interface make it especially well-suited for compliance-heavy applications. Archiet generates the compliance documentation from your data model:

GDPR — the generated DPIA identifies which models hold personal data (based on field names and compliance flags in your genome), documents retention periods, and maps Article 6 lawful bases to each processing activity.
HIPAA — the risk assessment identifies PHI fields in your models, documents access controls (which roles can read which fields), and flags any model that stores health information for BAA review.
SOC 2 — the security posture doc maps Django's built-in controls (admin 2FA, password validators, session security settings) to SOC 2 CC criteria.

These documents are generated from the same genome as the models — they describe the actual data structure, not a generic template.

What is included beyond the Django backend

Next.js frontend — screens from your screen manifest (auth flow, dashboard, settings, onboarding, entity CRUD, forgot-password, verify-email)
React Native / Expo mobile app — App Store compliance files included
Docker — multi-stage Dockerfile + docker-compose.yml (Django + Gunicorn + PostgreSQL + Redis + Nginx)
GitHub Actions CI/CD — flake8/ruff → pytest → build → deploy pipeline
Architecture docs — ADRs for every material technical decision
Compliance docs — DPIA, HIPAA, PCI scope, SOX §404 controls when flags are set
Quality gate — ARCHVERIFY blocks delivery below 80/100 quality score

FAQ

Does Archiet use Django REST Framework or Django Ninja?

Does the generated Django app use Django Admin?

What database is used?

PostgreSQL. SQLite is not supported. The generated settings/base.py raises ImproperlyConfigured if DATABASE_URL is absent or points to sqlite://.

How long does generation take?

Typically 60-120 seconds for a complete blueprint.

Can I combine Django with a Next.js frontend?

Generate Django app from requirements — production-grade codebase with every entity wired

What "generate Django app from requirements" produces

What Django-specific patterns Archiet gets right

Django compliance use cases

What is included beyond the Django backend

FAQ

Generate the codebase.

Generate Django app from requirements — production-grade codebase with every entity wired

What "generate Django app from requirements" produces

What Django-specific patterns Archiet gets right

Django compliance use cases

What is included beyond the Django backend

FAQ

Generate the codebase.