Quickstart

Running in ~5 minutes.

Five shell commands. No Docker. No external Postgres. PGlite runs in-process — the only prerequisite is Node 20.

Step 1 — Clone~30s

Clone the repo

Pull the template and copy the example environment file. The local PGlite default in .env.example works out of the box — no edits needed for step 1.

git clone --depth=1 https://github.com/momomuchu/nextjazz-boilerplate.git my-saas

cd my-saas

cp .env.example .env.local

Step 2 — Install~1–2 min

Install dependencies

Pick your package manager. All three produce an identical node_modules. Fresh network: ~2 min. Cached: ~30s.

npm install

Step 3 — Configure~2 min

Set required env vars

Open .env.local and set the three vars below. Everything else is optional — Stripe, Sentry, PostHog all degrade gracefully to a no-op when unset.

DATABASE_URLAlready set to the PGlite default in .env.example — leave as-is for local dev.

DATABASE_URL=postgresql://postgres:postgres@localhost:5433/local.db

AUTH_SECRETAny string ≥32 chars. Generate one with: openssl rand -base64 32

AUTH_SECRET=$(openssl rand -base64 32)

STRIPE_SECRET_KEY + NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEYGet from dashboard.stripe.com/apikeys. Use test-mode keys (sk_test_… / pk_test_…) for local dev. Billing surfaces no-op without them.

STRIPE_SECRET_KEY=sk_test_...
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_...

Step 4 — Migrate~10s

Run database migrations

Drizzle applies all migrations against the local PGlite instance. First run creates the schema; subsequent runs are no-ops if nothing changed.

npm run db:migrate

Step 5 — Run~5s

Start the dev server

Next.js compiles and starts on port 3000. Open the URL below — auth, billing, and the compliance dashboard are all live.

npm run dev

→ Open http://localhost:3000 Sign up with any email. No verification required in dev mode.

What you have now

Every item below is wired in the repo — not a roadmap claim.

Better Auth credentials/session path with OAuth-ready provider UIsrc/libs/BetterAuth.ts
Stripe subscriptions + webhook handler with HMAC verificationsrc/libs/payments/stripe-adapter.ts
Tamper-evident audit chain (WORM, SHA-256 hash-linked)src/libs/AuditChain.ts
Privacy data export + 30-day account deletion with grace periodsrc/actions/account.ts
Idempotency keys on webhooks — safe to retry without double-chargesrc/libs/Idempotency.ts
Content-Security-Policy + security.txt shipped in productionnext.config.ts

Audit and procurement evidence scaffolding — wired, ready to adapt — Preparation evidence only — not a certification or legal/compliance sign-off. Wire your own controls and professional review on top.

Ready to ship?

Clone the repo, buy a license, and your next procurement review starts with a compliance dashboard, not a blank app.

Get the boilerplate View on GitHub