Features

Reusable platform foundations for new SaaS products

BaselineNext combines a reusable application shell with product-neutral platform capabilities, giving future work a stronger starting point than a blank scaffold.

Product Surfaces

Ready-made public, account, user, and admin areas that can be renamed and extended for a new SaaS product.

  • Launch with public, account, user, and admin areas already shaped.
  • Give teams a working dashboard shell instead of a blank scaffold.
  • Swap branding and domain copy without rebuilding navigation.

Next.js App Router Shell

Public marketing routes, account routes, user routes, admin routes, API routes, metadata, layouts, and shared navigation are already structured.

Marketing Pages

Home, features, FAQ, pricing, signup, login, legal, and onboarding pages provide a reusable starter website.

Account Dashboard

Authenticated account areas cover dashboard, users, billing, subscriptions, support, and settings workflows.

User Login Surface

Separate account-owned user login flows support products that need both tenant administrators and end users.

Admin Console

Operational admin pages cover accounts, users, billing, pricing, support, audit events, jobs, observability, revenue, and settings.

Admin Account Management

Admins can list accounts, inspect account details, manage users, reset account passwords, revoke sessions, and change account-level admin flags.

Admin Lifecycle Controls

Admin pages and APIs support lifecycle inspection, trial term overrides, trial resets, force activation, termination, recovery actions, and lifecycle event history.

Admin Billing Operations

Admin billing tools cover account invoices, webhook events, webhook replay, fleet health, sync status, products, pricing configs, pricing overrides, revenue, and invoice snapshots.

Branding Hooks

Central app name, app identity, logo assets, icons, manifests, public metadata, and email branding are ready to replace.

Theme Support

Light and dark theme plumbing is included through the shared theme provider and marketing/account controls.

Security and Tenancy

Authentication, tenant ownership, session revocation, validation, and entitlement patterns are already wired.

  • Keep tenant data access scoped by account and user context.
  • Support account, user, and admin auth paths from day one.
  • Revoke sessions and gate access when lifecycle or billing state changes.

Account Authentication

Tenant-owner signup, verification, login, logout, password reset, password change, and profile settings flows are implemented.

Admin Authentication

Admin sessions are handled as a separate operational surface with server-side checks and dual-role account support.

User Authentication

Account-owned users have login, password management, login-link, and session eligibility checks.

Account User Management

Account owners can create users, edit identifiers and display names, enable or disable access, archive or restore users, reset passwords, and issue one-time login links.

Session Revocation

Account, admin, and user session watermarks allow password changes, lifecycle transitions, and admin actions to invalidate stale sessions.

Tenant Root Model

Accounts are the tenant root, with account-owned users and account-scoped reads and writes as the default pattern.

Data Tenancy Guardrails

Governance prohibits id-only tenant access and requires explicit account and user scoping where ownership applies.

Entitlements

Reusable entitlement decisions connect account lifecycle and billing state to application access and user capacity.

Account Lifecycle FSM

Trial, active, expired, and terminated states include transition rules, lifecycle event history, session effects, and admin recovery paths.

Route Boundary Validation

API routes follow explicit JSON parsing, Zod validation, DTO response mapping, and standard 400, 401, 403, 404, and 422 semantics.

Security Headers

Next.js header tests and configuration provide a starting point for browser-facing security posture.

Billing and Revenue

Stripe checkout, subscriptions, pricing, invoices, webhooks, taxes, and billing operations provide a reusable revenue layer.

  • Start monetisation with checkout, plans, invoices, and provider state in place.
  • Let accounts preview, change, cancel, and recover subscriptions.
  • Give operators replay and reconciliation paths when webhooks drift.

Stripe Checkout

Account checkout, free-trial subscription setup, card-first or card-after-trial billing, customer linking, and payment action handling are included.

Trial Payment Collection Modes

Reusable billing settings support both card-first free trials and trials that collect payment details after the trial period.

Stripe Customer Portal

Customers can be sent to Stripe-hosted subscription and payment method management through account billing routes.

Subscription Management

Create, update, cancel, resume, cancel pending change, end trial early, and preview subscription changes are modeled.

Pricing Configuration

Admin-managed products, pricing configs, active/default config selection, sale amount resolution, and marketing feature fields are available.

Billing Catalog

Public and account-facing pricing and tier readers expose reusable plan data without coupling UI to database rows.

Invoice History

Account invoice history, retry failed invoice, invoice snapshots, fleet invoice views, and revenue surfaces are included.

Webhook Processing

Provider webhook ingestion includes Stripe signature checks, duplicate handling, event mapping, lifecycle effects, and retry containment.

Webhook Replay Tooling

Admin replay routes and webhook health pages support operational recovery from provider event failures.

Tax Extension Points

A tax registry and AUD GST handler demonstrate replaceable tax calculation and sales tax mode patterns.

Billing Reconciliation

Scheduled reconciliation jobs and admin health views help detect and repair account/provider state drift.

Data and Platform

Postgres, Drizzle, Redis, cache wrappers, API DTOs, OpenAPI docs, and environment contracts form the technical base.

  • Preserve clean boundaries from UI to API, modules, cache, and persistence.
  • Use Redis for speed and coordination without making it authorization authority.
  • Evolve schema through repeatable Drizzle migration and verification scripts.

Postgres Schema

A Drizzle/Postgres schema covers accounts, users, session-revocation state, billing, audit, support, operations, jobs, platform configuration, and admin records.

Migration Workflow

Repo-local migration scripts generate, apply, and verify schema changes using .env.local without global database variables.

Typed API DTOs

Transport DTOs live at the API boundary so UI code consumes stable response shapes instead of database or domain entities.

API Client Layer

Client-rendered UI calls APIs through typed lib/api/client helpers with shared error-message handling and query keys.

OpenAPI Reference

The repository includes an OpenAPI document plus validation tooling to keep route documentation reviewable.

Redis Integration

Upstash Redis client helpers support app-scoped runtime storage, cache wrappers, idempotency, one-time tokens, and rate limiting.

Central Redis Key Builders

Redis keys are built through central helpers with app identity, environment isolation, segment validation, and observability-safe key handling.

Cache Wrappers

Reusable cache wrappers cover entitlements, tenancy, platform configuration, product display names, and user context.

Rate Limiting

Shared rate-limit helpers and signup rate-limit integration provide a pattern for abuse protection that degrades intentionally.

Idempotency Helpers

Redis-backed idempotency claims and result persistence help protect signup and webhook-style flows from duplicate processing.

Environment Boundaries

Public, server, edge, and migration environment helpers separate display metadata from trusted server URL and secret access.

Operations and Admin

Admin tooling, audit logs, support workflows, scheduled jobs, observability, and incident handling are built in.

  • Give admins a working command surface for support, incidents, jobs, and audits.
  • Diagnose failures with sanitized metadata instead of sensitive payloads.
  • Monitor health across requests, jobs, billing, email, and observability rollups.

Request Context Instrumentation

API request boundaries use shared instrumentation for logging, correlation, metrics, and consistent error behavior.

Operational Incident Logging

Ops incidents capture sanitized diagnostic metadata, categories, retryability, route context, and admin workflow state.

Audit Logging

Product and admin audit services record account changes, security actions, billing admin operations, and support/admin activity.

Project-Specific Exception Logging

Architecture exceptions are documented in governance files so downstream project deviations have owners, rationale, mitigation, blast radius, and rollback paths.

Support Requests

Account support submission, admin support queues, request details, statuses, email notifications, and safe payload handling are available.

Email Service

Resend-backed email plumbing includes signup verification, password reset, user login details, support notifications, and billing failure templates.

Scheduled Jobs

A job registry, execution records, locks, admin run controls, rerun-failed flow, orphan reaper, and internal job runner are included.

Observability Rollups

Request, failure, infrastructure, job, rate-limit, and latency counters feed admin health dashboards.

Operations Dashboards

Admin operations pages expose incidents, notifications, route errors, request health, email health, and dashboard summaries.

Admin Support Queue

Admins can review support requests, inspect request details, update status, and use summary endpoints for operational support work.

Admin Audit Explorer

Admin audit pages and APIs expose product audit events, admin audit events, event details, actor context, and sanitized change deltas.

Admin Job Controls

Admins can bootstrap scheduled jobs, view executions, trigger jobs, rerun failed work, sweep job state, and monitor reconciliation health.

Admin E2E Utilities

Development-only admin tools manage runtime flags, Stripe test clock overrides, server time, webhook failure modes, and provider customer mappings.

Platform Configuration

Server-side platform configuration and admin settings provide a foundation for runtime feature and behavior controls.

Governance and Delivery

Architecture governance, exception tracking, testing tiers, CI checks, local scripts, and E2E harnesses guide safe extension.

  • Make architectural rules explicit before downstream product work begins.
  • Capture approved exceptions with ownership, mitigation, and rollback paths.
  • Guide contributors through repeatable checks, tests, and review evidence.

Architecture Governance

Reusable governance defines ownership boundaries for UI, routes, modules, persistence, shared libraries, DTOs, cache, env access, and testing.

Project Overlay

A separate project governance overlay lets downstream apps add vocabulary, product rules, exceptions, anchors, and test notes without changing the reusable baseline.

Architecture Checks

Static scripts check dev imports, route/database boundaries, module import graphs, migration journal integrity, and OpenAPI validity.

Testing Tiers

Vitest unit tests, integration tests, route tests, cache tests, module tests, and Playwright E2E tests are configured.

Stripe E2E Harness

Playwright billing scenarios, Stripe test-clock support, local/preview target selection, evidence capture, and handoff cases are included.

Local Runtime Scripts

Scripts load .env.local for Next.js, migrations, schema verification, Playwright, Stripe workflows, and local deployment helpers.

Controlled-Slice Skills

Repo-local Codex skills capture governed implementation, daily review, Stripe Playwright debugging, and repository audit workflows.

Documentation Set

Docs cover account lifecycle, billing integration, Redis keys, scheduled jobs, audit events, architecture boundaries, tenant write boundaries, and review evidence.