A production-grade Go web toolkit for long-lived services.
Standard library first. Explicit by design.
Plumego is a standard-library-first Go web toolkit that provides a stable, explicit, production-grade runtime for long-lived services without hidden magic or platform lock-in.
What the runtime includes
Defaults you can trust in production
- Graceful startup and shutdown
- Timeouts, body limits, and concurrency guards
- Security headers and abuse protection
- Health and readiness endpoints
- Metrics and tracing adapters
Principles
Five principles that keep code readable years later.
Plumego chooses clarity and explicit wiring over shortcuts that hide behavior.
Standard library first, zero hidden magic
Built directly on net/http and context, with request flow you can reason about like native http.Handler.
Explicit composition over convention
Middleware order is code order. Routing, auth, observability, and jobs are wired in the open.
Production-grade runtime, not a toy core
Lifecycle, safety limits, health checks, and observability are included as defaults, not afterthoughts.
Clear auth and security boundaries
Stable contracts for Principal, Authenticator, Authorizer, and SessionStore without locking you into a vendor.
Designed for long-lived systems
Optimized for teams, codebases, and architectures that evolve without surprise upgrades.
Runtime
More than a router. A real service runtime.
Plumego bakes in the concerns most teams end up re-implementing.
- Graceful startup and shutdown
- Request timeouts, body limits, and concurrency limits
- Security headers and abuse guards
- Health and readiness endpoints
- Metrics and tracing adapters
Security
Contract-first auth and security boundaries.
A safe, extensible baseline without forcing a single auth provider or framework.
- Principal / Authenticator / Authorizer / SessionStore contracts
- Refresh token rotation and revocation patterns
- Explicit 401 vs 403 semantics and injection rules
- Predictable middleware behavior for auditability
Audience
Built for teams who value explicit architecture.
Plumego fits Go teams building long-lived services and internal platforms.
Primary audience
- Experienced Go engineers
- Infrastructure and platform teams
- Backend teams building long-lived services
- Teams that value reviewable, explicit code
Typical use cases
- Internal APIs and service backends
- User centers and auth services
- Webhook receivers and dispatchers
- Realtime services (WebSocket + Pub/Sub)
- Developer platforms and tooling backends
Not ideal for
- Beginners seeking maximum scaffolding
- Teams wanting a batteries-included platform
- Projects that prioritize speed-to-demo over long-term clarity
Comparisons
Where Plumego sits in the Go web landscape.
Plumego is not trying to be the fastest to start, but safer to maintain.
Compared to Gin / Echo / Fiber
Explicit and stdlib-first instead of convenience-first.
Plumego
- Explicit, standard library first
- Minimal hidden behavior
- Tiny dependency footprint
- Lifecycle control in code
- High refactor safety
Other
- Convenience first
- Moderate hidden behavior
- Larger dependency footprint
- Lifecycle often abstracted
- Medium refactor safety
Compared to Chi + hand-rolled stack
A disciplined baseline without losing control.
Plumego
- Complete runtime baseline
- Lifecycle and safety defaults included
- Consistency across teams
- Clear onboarding and shared contracts
Other
- Runtime depends on the team
- Lifecycle often ad hoc
- Consistency varies per project
- Tribal knowledge risk
Compared to full platforms
Plumego stops at the runtime boundary.
Plumego
- Focused runtime layer
- Low to medium opinionation
- High flexibility for Go teams
- Shallow learning curve
Other
- Full application stack
- High opinionation
- Flexibility limited by platform
- Steeper learning curve
Positioning
One-sentence positioning
Plumego is a standard-library-first Go web toolkit that provides a stable, explicit, production-grade runtime for long-lived services without hidden magic or platform lock-in.
Standard-library-first Go web runtime for long-lived services, with explicit wiring and production-grade defaults.
No hidden magic. No platform lock-in.