Advanced / Internals
The framework internals that come up when something weird happens in production — or when you want to extend the framework, not just use it.
Most projects never need this section. The four pages here are for the cases where the abstraction leaks: a heisenbug at the VDOM diff layer, a security review that needs the full threat model, a custom transport that bypasses the standard WebSocket handler, or a debugging session deep enough to need the dev panel's lower-level tabs.
Each page targets a specific kind of reader — pick the one that matches the problem you're chasing.
Every tab, every lower-level signal.
The dev panel at /_djust/panel/ exposes state snapshots, time-travel scrubbing, the WebSocket frame log, and the active theme tokens. This page documents every tab and what each signal means.
The full threat model.
Beyond the user-facing security guide. CSRF token lifecycle, session-id binding, the CSP-strict canonicalization that landed in v0.9.0, and the boundary between framework and app responsibility.
Read the guide →How push_to_view, @notify_on_save, and the WS broker fit.
The transport-level mechanics of pushing state into a connected LiveView from outside the request cycle — signal bus, subscription registry, PostgreSQL LISTEN/NOTIFY wiring.
Rust, JIT, the diff algorithm.
How the Rust VDOM is structured, where the JIT compiler kicks in, the diff algorithm's complexity characteristics, and the contract for shipping a custom Rust component.
Read the guide →Same four pages with their canonical URLs — keep this section bookmarked for the cases when the high-level docs aren’t enough.