The boring parts are done. Properly. Auth, payments, email, security, analytics, and CI/CD, configured, tested, and working together. Not scaffolded and left for you to figure out.
Supabase Auth with email/password, magic links, and OAuth providers (Google, GitHub). Server-side session management with httpOnly cookies. Row-Level Security policies at the database level. Rate limiting on auth endpoints (5 attempts per 15 minutes per IP). A swappable adapter pattern supports switching to NextAuth, Clerk, or a custom provider.
Stripe integration with a complete webhook handler covering checkout sessions, subscription lifecycle (created, updated, deleted), invoice payments, trial expiry warnings, refunds, and disputes. Subscription status tracked in the database. Pre-built pricing page and customer portal. Stripe test keys are blocked in production.
Resend API with React Email templates. Five pre-built emails: welcome, password reset, subscription confirmation, payment failed, and trial ending. Email-safe design tokens for consistent styling. i18n support built in.
Row-Level Security at the database level. Input validation with Zod schemas on all forms and server-side re-validation. CSRF protection on API endpoints. Content Security Policy headers. Secret scanning with Gitleaks on every commit. Rate limiting on auth and AI endpoints. Error masking to prevent internal detail leaks. OWASP LLM Top 10 hardening for AI features.
Soft deletes with deleted_at timestamps instead of permanent removal. RLS policies automatically filter soft-deleted records, so they're invisible to queries but preserved for audit trails and foreign key integrity. Concurrency patterns include SELECT FOR UPDATE locking to prevent race conditions on critical operations and advisory locks for queue processing. Zero-row mutation detection catches silent failures when an update targets a deleted or already-modified record. These patterns ship with the teams and permissions system, not as theoretical docs.
PostHog integration with consent-gated, privacy-first tracking. Blocked by default until the user accepts the consent banner. Proxied through your domain for same-origin requests. Text and attribute masking for session recordings. URL sanitization to strip tokens and emails. AI-specific events log model, tokens, and latency only, never prompts.
30 GitHub Actions workflows. Type checking, linting, and tests on every pull request. CodeQL analysis, Gitleaks scanning, dependency review, and accessibility audits. Automated PR labeling, bundle size monitoring, database migration validation, and AI-powered code review via CodeRabbit. Post-deploy smoke tests and synthetic monitoring.
Sentry integration pre-configured with source map support. Sanitization of component stacks and sensitive fields. Session recordings optional.
$249 one-time. Lifetime access. Unlimited projects.
Get Sinter: $249