This is a production-ready Next.js 15 SaaS boilerplate extracted from a real application. It provides core infrastructure for building credits-based API SaaS products.
Included Features:
- Authentication (Supabase - Google, Azure, Email/Password)
- Payments (Stripe - subscriptions + one-time purchases)
- Credit System (subscription credits + purchased credits with rollover)
- User Management (profiles, admin roles)
- Blog System (MDX-based with SEO)
- Transactional Email (Brevo primary, Resend fallback)
- Rate Limiting & Error Handling
- Monitoring (Baselime + Analytics)
Check .claude/skills/ for relevant patterns.
- Cloudflare Workers: 10ms CPU limit. No heavy computation. Prefer streaming. Delegate to browser when safe.
- Colors: Never hardcode - use Tailwind config tokens only.
- Docs: No auto-generated .md files unless explicitly requested.
- Environment Variables: NEVER use
process.envdirectly. UseclientEnvorserverEnvfrom@shared/config/env.
- If something is unclear or vague, ask AskUserQuestion before implementing.
- Write tests for your changes
- Run
yarn teston affected areas - Run
yarn verify(required before completing any task)
- Whenever you feel you learned a new "skill" for this codebase, feel free to add it to
.claude/skills/.
- Principles: SOLID, SRP, KISS, DRY, YAGNI
- Interfaces: Prefix with
I(e.g.,IUser) - Dates: dayjs
- Logging:
server/monitoring/logger.ts|client/utils/logger.ts
- PRDs:
docs/PRDs/→ move todone/when complete - Roadmap:
docs/management/ROADMAP.md - Env:
.env.client(public) |.env.api(secrets)
Next.js 15 (App Router), Supabase, Stripe, Cloudflare Pages, Baselime, Zod, Zustand
When starting a new project from this boilerplate:
- Branding: Update
NEXT_PUBLIC_APP_NAMEin.env.client - Stripe: Update Price IDs in
shared/config/stripe.ts - Email: Customize templates in
emails/templates/ - Translations: Modify
locales/en/*.jsonfor your domain - Pages: Update landing page in
app/[locale]/page.tsx - Blog: Replace example posts in
content/blog/ - Credits: Define your credit costs in
shared/config/credits.config.ts
Add public routes to PUBLIC_API_ROUTES in shared/config/security.ts:
export const PUBLIC_API_ROUTES = [
'/api/health', // Health checks
'/api/webhooks/*', // External services with own auth
'/api/support/*', // Public forms (validated + rate limited)
] as const;Public routes don't require authentication but still get:
- Security headers
- CORS handling
- Rate limiting (public tier)
Optional auth: Public routes can still access authenticated user info via X-User-Id header if the client sends an Authorization header. Useful for things like support forms where you want to know who's submitting when available.