9 | >(
10 | (
11 | { className, orientation = "horizontal", decorative = true, ...props },
12 | ref,
13 | ) => (
14 |
25 | ),
26 | );
27 | Separator.displayName = SeparatorPrimitive.Root.displayName;
28 |
29 | export { Separator };
30 |
--------------------------------------------------------------------------------
/infra/stacks/edge/variables.tf:
--------------------------------------------------------------------------------
1 | variable "cloudflare_account_id" {
2 | type = string
3 | description = "Cloudflare account ID"
4 | }
5 |
6 | variable "cloudflare_zone_id" {
7 | type = string
8 | description = "Cloudflare zone ID (required when hostname is set)"
9 | default = ""
10 | }
11 |
12 | variable "hostname" {
13 | type = string
14 | description = "Public hostname (e.g., api.example.com). If empty, uses workers.dev URL."
15 | default = ""
16 | }
17 |
18 | variable "project_slug" {
19 | type = string
20 | description = "Short identifier for resource naming (e.g., myapp)"
21 | }
22 |
23 | variable "environment" {
24 | type = string
25 | description = "Environment name (e.g., dev, staging, prod)"
26 | }
27 |
28 | variable "neon_database_url" {
29 | type = string
30 | description = "Neon PostgreSQL connection string"
31 | sensitive = true
32 | }
33 |
--------------------------------------------------------------------------------
/apps/app/components/error.tsx:
--------------------------------------------------------------------------------
1 | import { useRouterState } from "@tanstack/react-router";
2 |
3 | export function RootError() {
4 | const routerState = useRouterState();
5 | const err = routerState.matches.find((match) => match.error)
6 | ?.error as RouteError | null;
7 |
8 | return (
9 |
17 |
25 | Error {err?.status || 500}:{" "}
26 | {err?.statusText ?? err?.message ?? "Unknown error"}
27 |
28 |
29 | );
30 | }
31 |
32 | type RouteError = Error & { status?: number; statusText?: string };
33 |
--------------------------------------------------------------------------------
/apps/app/lib/auth.ts:
--------------------------------------------------------------------------------
1 | /**
2 | * @file Better Auth client instance.
3 | *
4 | * Do not use auth.useSession() directly - use TanStack Query wrappers
5 | * from lib/queries/session.ts to ensure proper caching and consistency.
6 | */
7 |
8 | import { passkeyClient } from "@better-auth/passkey/client";
9 | import {
10 | anonymousClient,
11 | emailOTPClient,
12 | organizationClient,
13 | } from "better-auth/client/plugins";
14 | import { createAuthClient } from "better-auth/react";
15 | import { authConfig } from "./auth-config";
16 |
17 | const baseURL =
18 | typeof window !== "undefined"
19 | ? window.location.origin
20 | : "http://localhost:5173";
21 |
22 | export const auth = createAuthClient({
23 | baseURL: baseURL + authConfig.api.basePath,
24 | plugins: [
25 | anonymousClient(),
26 | emailOTPClient(),
27 | organizationClient(),
28 | passkeyClient(),
29 | ],
30 | });
31 |
32 | export type AuthClient = typeof auth;
33 |
--------------------------------------------------------------------------------
/apps/api/lib/ai.ts:
--------------------------------------------------------------------------------
1 | import type { OpenAIProvider } from "@ai-sdk/openai";
2 | import { createOpenAI } from "@ai-sdk/openai";
3 | import type { Env } from "./env";
4 |
5 | // Request-scoped cache key
6 | const OPENAI_CACHE_KEY = Symbol("openai");
7 |
8 | /**
9 | * Returns an OpenAI provider instance with request-scoped caching.
10 | * Uses the tRPC context cache to avoid recreating the provider multiple times
11 | * within the same request while ensuring environment isolation.
12 | */
13 | export function getOpenAI(env: Env, cache?: Map) {
14 | // Use request-scoped cache if available (from tRPC context)
15 | if (cache?.has(OPENAI_CACHE_KEY)) {
16 | return cache.get(OPENAI_CACHE_KEY) as OpenAIProvider;
17 | }
18 |
19 | const provider = createOpenAI({
20 | apiKey: env.OPENAI_API_KEY,
21 | });
22 |
23 | // Cache for this request only
24 | cache?.set(OPENAI_CACHE_KEY, provider);
25 |
26 | return provider;
27 | }
28 |
--------------------------------------------------------------------------------
/apps/api/lib/trpc.ts:
--------------------------------------------------------------------------------
1 | import { initTRPC, TRPCError } from "@trpc/server";
2 | import { flattenError, ZodError } from "zod";
3 | import type { TRPCContext } from "./context.js";
4 |
5 | const t = initTRPC.context().create({
6 | errorFormatter({ shape, error }) {
7 | return {
8 | ...shape,
9 | data: {
10 | ...shape.data,
11 | zodError:
12 | error.cause instanceof ZodError ? flattenError(error.cause) : null,
13 | },
14 | };
15 | },
16 | });
17 |
18 | export const router = t.router;
19 | export const publicProcedure = t.procedure;
20 |
21 | export const protectedProcedure = t.procedure.use(({ ctx, next }) => {
22 | if (!ctx.session || !ctx.user) {
23 | throw new TRPCError({
24 | code: "UNAUTHORIZED",
25 | message: "Authentication required",
26 | });
27 | }
28 | return next({
29 | ctx: {
30 | ...ctx,
31 | session: ctx.session,
32 | user: ctx.user,
33 | },
34 | });
35 | });
36 |
--------------------------------------------------------------------------------
/apps/app/components/layout/sidebar-nav.tsx:
--------------------------------------------------------------------------------
1 | import { Link } from "@tanstack/react-router";
2 | import type { LucideIcon } from "lucide-react";
3 |
4 | interface SidebarNavItem {
5 | icon: LucideIcon;
6 | label: string;
7 | to: string;
8 | }
9 |
10 | interface SidebarNavProps {
11 | items: SidebarNavItem[];
12 | }
13 |
14 | export function SidebarNav({ items }: SidebarNavProps) {
15 | return (
16 |
31 | );
32 | }
33 |
--------------------------------------------------------------------------------
/infra/templates/env-roots/hybrid/README.md:
--------------------------------------------------------------------------------
1 | # Hybrid Stack Root Template
2 |
3 | Copy this directory to enable hybrid stack for an environment:
4 |
5 | ```bash
6 | cp -r infra/templates/env-roots/hybrid infra/envs//hybrid
7 | ```
8 |
9 | After copying:
10 |
11 | 1. Copy `terraform.tfvars.example` to `terraform.tfvars` and fill in values
12 | 2. Never commit secrets—use `TF_VAR_*` environment variables in CI
13 |
14 | ## Edge Routing (optional)
15 |
16 | To add Cloudflare in front of Cloud Run, uncomment edge routing blocks in all three files:
17 |
18 | - `providers.tf` — Cloudflare provider
19 | - `variables.tf` — Cloudflare variables
20 | - `main.tf` — `enable_edge_routing = true` and related inputs
21 |
22 | > **Note:** Don't enable edge routing if you're also using the edge stack for the same hostname—they would conflict.
23 |
24 | ## When to use hybrid
25 |
26 | Only if you need Cloud Run compute, Vertex AI, or other GCP services. The edge stack handles most SaaS workloads.
27 |
--------------------------------------------------------------------------------
/apps/email/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "@repo/email",
3 | "version": "0.0.0",
4 | "private": true,
5 | "type": "module",
6 | "exports": {
7 | ".": {
8 | "types": "./dist/index.d.ts",
9 | "import": "./dist/index.js"
10 | },
11 | "./templates/*": {
12 | "types": "./dist/templates/*.d.ts",
13 | "import": "./dist/templates/*.js"
14 | },
15 | "./package.json": "./package.json"
16 | },
17 | "scripts": {
18 | "dev": "bunx react-email dev --port 3001",
19 | "build": "tsc",
20 | "export": "bunx react-email export",
21 | "typecheck": "tsc --noEmit"
22 | },
23 | "dependencies": {
24 | "@react-email/components": "^1.0.1",
25 | "@react-email/render": "^2.0.0",
26 | "react": "19.2.1"
27 | },
28 | "devDependencies": {
29 | "react-email": "^5.0.5",
30 | "@react-email/preview-server": "^5.0.5",
31 | "@repo/typescript-config": "workspace:*",
32 | "@types/react": "^19.2.7",
33 | "typescript": "~5.9.3"
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/apps/api/lib/db.ts:
--------------------------------------------------------------------------------
1 | /**
2 | * @file Database client using Neon PostgreSQL via Cloudflare Hyperdrive.
3 | *
4 | * Two bindings available: HYPERDRIVE_CACHED (60s cache) and HYPERDRIVE_DIRECT (no cache).
5 | */
6 |
7 | import { schema } from "@repo/db";
8 | import { drizzle } from "drizzle-orm/postgres-js";
9 | import postgres from "postgres";
10 |
11 | /**
12 | * Creates a database client using Drizzle ORM and Cloudflare Hyperdrive.
13 | *
14 | * @param db - Cloudflare Hyperdrive binding providing connection string
15 | */
16 | export function createDb(db: Hyperdrive) {
17 | const client = postgres(db.connectionString, {
18 | max: 1,
19 | connect_timeout: 10,
20 | prepare: false, // Avoids prepared statement caching issues in Workers
21 | idle_timeout: 20,
22 | max_lifetime: 60 * 30,
23 | transform: {
24 | undefined: null,
25 | },
26 | onnotice: () => {},
27 | });
28 |
29 | return drizzle(client, { schema, casing: "snake_case" });
30 | }
31 |
32 | export { schema as Db };
33 |
--------------------------------------------------------------------------------
/apps/web/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "@repo/web",
3 | "version": "0.0.0",
4 | "private": true,
5 | "type": "module",
6 | "scripts": {
7 | "dev": "astro dev",
8 | "build": "astro build",
9 | "preview": "astro preview",
10 | "check": "astro check",
11 | "typecheck": "tsc --noEmit",
12 | "deploy": "wrangler deploy --env-file ../../.env --env-file ../../.env.local",
13 | "logs": "wrangler tail --env-file ../../.env --env-file ../../.env.local"
14 | },
15 | "dependencies": {
16 | "@astrojs/react": "^4.4.2",
17 | "@repo/ui": "workspace:*",
18 | "astro": "^5.16.4",
19 | "react": "^19.2.1",
20 | "react-dom": "^19.2.1"
21 | },
22 | "devDependencies": {
23 | "@repo/typescript-config": "workspace:*",
24 | "@tailwindcss/postcss": "^4.1.17",
25 | "@types/react": "^19.2.7",
26 | "@types/react-dom": "^19.2.3",
27 | "autoprefixer": "^10.4.22",
28 | "postcss": "^8.5.6",
29 | "tailwindcss": "^4.1.17",
30 | "typescript": "~5.9.3",
31 | "wrangler": "^4.53.0"
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/infra/modules/gcp/cloud-sql/main.tf:
--------------------------------------------------------------------------------
1 | resource "google_sql_database_instance" "instance" {
2 | name = var.instance_name
3 | database_version = "POSTGRES_18"
4 |
5 | settings {
6 | edition = "ENTERPRISE"
7 | tier = var.tier
8 |
9 | disk_size = 10
10 | disk_type = "PD_SSD"
11 |
12 | ip_configuration {
13 | ipv4_enabled = var.private_network_id == null
14 | private_network = var.private_network_id
15 | }
16 |
17 | backup_configuration {
18 | enabled = false
19 | }
20 | }
21 | }
22 |
23 | resource "google_sql_database" "database" {
24 | name = var.database_name
25 | instance = google_sql_database_instance.instance.name
26 | }
27 |
28 | resource "random_password" "password" {
29 | length = 32
30 | special = true
31 | override_special = "-_"
32 | }
33 |
34 | resource "google_sql_user" "user" {
35 | name = var.database_name
36 | instance = google_sql_database_instance.instance.name
37 | password = random_password.password.result
38 | }
39 |
--------------------------------------------------------------------------------
/infra/envs/dev/edge/.terraform.lock.hcl:
--------------------------------------------------------------------------------
1 | # This file is maintained automatically by "terraform init".
2 | # Manual edits may be lost in future updates.
3 |
4 | provider "registry.terraform.io/cloudflare/cloudflare" {
5 | version = "5.14.0"
6 | constraints = "~> 5.0"
7 | hashes = [
8 | "h1:5rwgZxUA7qCU4HWcE7VUE5hPqrAH1Bk9Rr13qEeR1KY=",
9 | "zh:0556cb6f38067c95e320f2d5680cf9851991d28448da903dd50b6c4b54de1c0b",
10 | "zh:7cdd70418aa6571c27de4102e3cc3228f6edbe4a1eaa7927f772234ee09fb519",
11 | "zh:84feef6c19993da06139e05dd6e1fceb7beb086f041cb9bc4edcae6081fe4812",
12 | "zh:8b7dfcececcced324a8a8344fcb48b746f218174ffc691e36a54d09f2fb5e797",
13 | "zh:99ba55ced06327bd8f16077f26d95593d3d77107e9faf204bf1a2485653eb02e",
14 | "zh:9e93df24a28ffe7551458035bae8ea1f4fdab74a9a47ce61f1008bc18025ecd0",
15 | "zh:a03e65a78c70578f3ebb3f2d84df516a33e2c3e9b62c0e3a2d2cea4f411c5e83",
16 | "zh:e57ab18a3275dee18d69910a1103a52c8071d77e449e50b1a8b9d80779068145",
17 | "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32",
18 | ]
19 | }
20 |
--------------------------------------------------------------------------------
/infra/envs/preview/edge/.terraform.lock.hcl:
--------------------------------------------------------------------------------
1 | # This file is maintained automatically by "terraform init".
2 | # Manual edits may be lost in future updates.
3 |
4 | provider "registry.terraform.io/cloudflare/cloudflare" {
5 | version = "5.14.0"
6 | constraints = "~> 5.0"
7 | hashes = [
8 | "h1:5rwgZxUA7qCU4HWcE7VUE5hPqrAH1Bk9Rr13qEeR1KY=",
9 | "zh:0556cb6f38067c95e320f2d5680cf9851991d28448da903dd50b6c4b54de1c0b",
10 | "zh:7cdd70418aa6571c27de4102e3cc3228f6edbe4a1eaa7927f772234ee09fb519",
11 | "zh:84feef6c19993da06139e05dd6e1fceb7beb086f041cb9bc4edcae6081fe4812",
12 | "zh:8b7dfcececcced324a8a8344fcb48b746f218174ffc691e36a54d09f2fb5e797",
13 | "zh:99ba55ced06327bd8f16077f26d95593d3d77107e9faf204bf1a2485653eb02e",
14 | "zh:9e93df24a28ffe7551458035bae8ea1f4fdab74a9a47ce61f1008bc18025ecd0",
15 | "zh:a03e65a78c70578f3ebb3f2d84df516a33e2c3e9b62c0e3a2d2cea4f411c5e83",
16 | "zh:e57ab18a3275dee18d69910a1103a52c8071d77e449e50b1a8b9d80779068145",
17 | "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32",
18 | ]
19 | }
20 |
--------------------------------------------------------------------------------
/infra/envs/prod/edge/.terraform.lock.hcl:
--------------------------------------------------------------------------------
1 | # This file is maintained automatically by "terraform init".
2 | # Manual edits may be lost in future updates.
3 |
4 | provider "registry.terraform.io/cloudflare/cloudflare" {
5 | version = "5.14.0"
6 | constraints = "~> 5.0"
7 | hashes = [
8 | "h1:5rwgZxUA7qCU4HWcE7VUE5hPqrAH1Bk9Rr13qEeR1KY=",
9 | "zh:0556cb6f38067c95e320f2d5680cf9851991d28448da903dd50b6c4b54de1c0b",
10 | "zh:7cdd70418aa6571c27de4102e3cc3228f6edbe4a1eaa7927f772234ee09fb519",
11 | "zh:84feef6c19993da06139e05dd6e1fceb7beb086f041cb9bc4edcae6081fe4812",
12 | "zh:8b7dfcececcced324a8a8344fcb48b746f218174ffc691e36a54d09f2fb5e797",
13 | "zh:99ba55ced06327bd8f16077f26d95593d3d77107e9faf204bf1a2485653eb02e",
14 | "zh:9e93df24a28ffe7551458035bae8ea1f4fdab74a9a47ce61f1008bc18025ecd0",
15 | "zh:a03e65a78c70578f3ebb3f2d84df516a33e2c3e9b62c0e3a2d2cea4f411c5e83",
16 | "zh:e57ab18a3275dee18d69910a1103a52c8071d77e449e50b1a8b9d80779068145",
17 | "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32",
18 | ]
19 | }
20 |
--------------------------------------------------------------------------------
/infra/envs/staging/edge/.terraform.lock.hcl:
--------------------------------------------------------------------------------
1 | # This file is maintained automatically by "terraform init".
2 | # Manual edits may be lost in future updates.
3 |
4 | provider "registry.terraform.io/cloudflare/cloudflare" {
5 | version = "5.14.0"
6 | constraints = "~> 5.0"
7 | hashes = [
8 | "h1:5rwgZxUA7qCU4HWcE7VUE5hPqrAH1Bk9Rr13qEeR1KY=",
9 | "zh:0556cb6f38067c95e320f2d5680cf9851991d28448da903dd50b6c4b54de1c0b",
10 | "zh:7cdd70418aa6571c27de4102e3cc3228f6edbe4a1eaa7927f772234ee09fb519",
11 | "zh:84feef6c19993da06139e05dd6e1fceb7beb086f041cb9bc4edcae6081fe4812",
12 | "zh:8b7dfcececcced324a8a8344fcb48b746f218174ffc691e36a54d09f2fb5e797",
13 | "zh:99ba55ced06327bd8f16077f26d95593d3d77107e9faf204bf1a2485653eb02e",
14 | "zh:9e93df24a28ffe7551458035bae8ea1f4fdab74a9a47ce61f1008bc18025ecd0",
15 | "zh:a03e65a78c70578f3ebb3f2d84df516a33e2c3e9b62c0e3a2d2cea4f411c5e83",
16 | "zh:e57ab18a3275dee18d69910a1103a52c8071d77e449e50b1a8b9d80779068145",
17 | "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32",
18 | ]
19 | }
20 |
--------------------------------------------------------------------------------
/apps/app/components/layout/header.tsx:
--------------------------------------------------------------------------------
1 | import { Button } from "@repo/ui";
2 | import { Menu, Settings, X } from "lucide-react";
3 |
4 | interface HeaderProps {
5 | isSidebarOpen: boolean;
6 | onMenuToggle: () => void;
7 | }
8 |
9 | export function Header({ isSidebarOpen, onMenuToggle }: HeaderProps) {
10 | return (
11 |
12 |
24 |
25 |
26 |
Application
27 |
28 |
29 |
30 |
33 |
34 |
35 | );
36 | }
37 |
--------------------------------------------------------------------------------
/apps/app/routes/(app)/route.tsx:
--------------------------------------------------------------------------------
1 | import { Layout } from "@/components/layout";
2 | import { getCachedSession, sessionQueryOptions } from "@/lib/queries/session";
3 | import { createFileRoute, Outlet, redirect } from "@tanstack/react-router";
4 |
5 | export const Route = createFileRoute("/(app)")({
6 | // Route-level authentication guard using cache-first strategy.
7 | // Checks cache before fetching to make navigation instant.
8 | beforeLoad: async ({ context, location }) => {
9 | let session = getCachedSession(context.queryClient);
10 |
11 | if (session === undefined) {
12 | session = await context.queryClient.fetchQuery(sessionQueryOptions());
13 | }
14 |
15 | // Both user and session must exist for valid auth state
16 | if (!session?.user || !session?.session) {
17 | throw redirect({
18 | to: "/login",
19 | search: { returnTo: location.href },
20 | });
21 | }
22 |
23 | return { user: session.user, session };
24 | },
25 | component: AppLayout,
26 | });
27 |
28 | function AppLayout() {
29 | return (
30 |
31 |
32 |
33 | );
34 | }
35 |
--------------------------------------------------------------------------------
/infra/templates/env-roots/hybrid/variables.tf:
--------------------------------------------------------------------------------
1 | variable "gcp_project_id" {
2 | type = string
3 | }
4 |
5 | variable "gcp_region" {
6 | type = string
7 | }
8 |
9 | variable "project_slug" {
10 | type = string
11 | description = "Short identifier for resource naming (e.g., myapp)"
12 | }
13 |
14 | variable "environment" {
15 | type = string
16 | description = "Environment name (e.g., dev, staging, prod)"
17 | }
18 |
19 | variable "api_image" {
20 | type = string
21 | }
22 |
23 | variable "cloud_sql_tier" {
24 | type = string
25 | description = "Cloud SQL instance tier (e.g., db-f1-micro)"
26 | default = "db-f1-micro"
27 | }
28 |
29 | # --- Edge routing (optional) ---
30 | # Uncomment to add Cloudflare edge layer in front of Cloud Run.
31 | # Also uncomment the Cloudflare provider in providers.tf and module inputs in main.tf.
32 | #
33 | # variable "cloudflare_api_token" {
34 | # type = string
35 | # sensitive = true
36 | # }
37 | #
38 | # variable "cloudflare_zone_id" {
39 | # type = string
40 | # default = ""
41 | # }
42 | #
43 | # variable "hostname" {
44 | # type = string
45 | # }
46 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2014-present Konstantin Tarkus, Kriasoft (hello@kriasoft.com)
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy
4 | of this software and associated documentation files (the "Software"), to deal
5 | in the Software without restriction, including without limitation the rights
6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 | copies of the Software, and to permit persons to whom the Software is
8 | furnished to do so, subject to the following conditions:
9 |
10 | The above copyright notice and this permission notice shall be included in
11 | all copies or substantial portions of the Software.
12 |
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19 | THE SOFTWARE.
20 |
--------------------------------------------------------------------------------
/.claude/commands/review-better-auth.md:
--------------------------------------------------------------------------------
1 | Verify Better Auth integration to ensure that it is properly configured, up-to-date and functioning as expected. This includes:
2 |
3 | - [ ] Verify user related database tables in @db/schema/user.ts. Fetch https://raw.githubusercontent.com/better-auth/better-auth/refs/heads/main/docs/content/docs/adapters/sqlite.mdx and https://raw.githubusercontent.com/better-auth/better-auth/refs/heads/main/docs/content/docs/plugins/anonymous.mdx as a reference.
4 |
5 | - [ ] Verify organization and team related tables in @db/schema/organization.ts @db/schema/team.ts @db/schema/invitation.ts. Fetch https://raw.githubusercontent.com/better-auth/better-auth/refs/heads/main/docs/content/docs/plugins/organization.mdx as a reference.
6 |
7 | - [ ] Verify db indexes, relations, constraints, default values, and other Better Auth specific database schema features in @db/schema/.
8 |
9 | - [ ] Verify that @docs/database-schema.md documentation is up-to-date and reflects the current state of the database schema, including any changes made to support Better Auth.
10 |
11 | - [ ] Verify betterAuth initialization logic in both client and server codebases.
12 |
--------------------------------------------------------------------------------
/packages/ui/components/checkbox.tsx:
--------------------------------------------------------------------------------
1 | import * as React from "react";
2 | import * as CheckboxPrimitive from "@radix-ui/react-checkbox";
3 | import { Check } from "lucide-react";
4 |
5 | import { cn } from "@/lib/utils";
6 |
7 | const Checkbox = React.forwardRef<
8 | React.ElementRef,
9 | React.ComponentPropsWithoutRef
10 | >(({ className, ...props }, ref) => (
11 |
19 |
22 |
23 |
24 |
25 | ));
26 | Checkbox.displayName = CheckboxPrimitive.Root.displayName;
27 |
28 | export { Checkbox };
29 |
--------------------------------------------------------------------------------
/infra/modules/cloudflare/hyperdrive/main.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | cloudflare = {
4 | source = "cloudflare/cloudflare"
5 | }
6 | }
7 | }
8 |
9 | locals {
10 | # Normalize postgresql:// to postgres:// for regex parsing.
11 | # Limitation: credentials must not contain unencoded @ or : characters.
12 | # This works reliably with Neon URLs which use URL-safe generated credentials.
13 | db_url = replace(var.database_url, "postgresql://", "postgres://")
14 | }
15 |
16 | resource "cloudflare_hyperdrive_config" "hyperdrive" {
17 | account_id = var.account_id
18 | name = var.name
19 |
20 | mtls = {}
21 |
22 | origin = {
23 | database = regex("^postgres://[^:]+:[^@]+@[^:/]+:[0-9]+/([^?]+)", local.db_url)[0]
24 | password = regex("^postgres://[^:]+:([^@]+)@", local.db_url)[0]
25 | host = regex("^postgres://[^:]+:[^@]+@([^:/]+):", local.db_url)[0]
26 | port = tonumber(regex("^postgres://[^:]+:[^@]+@[^:/]+:([0-9]+)/", local.db_url)[0])
27 | scheme = "postgres"
28 | user = regex("^postgres://([^:]+):", local.db_url)[0]
29 | }
30 |
31 | origin_connection_limit = 60
32 |
33 | caching = {
34 | disabled = true
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/apps/api/routers/user.ts:
--------------------------------------------------------------------------------
1 | import { z } from "zod";
2 | import { protectedProcedure, router } from "../lib/trpc.js";
3 |
4 | export const userRouter = router({
5 | me: protectedProcedure.query(async ({ ctx }) => {
6 | // User is now directly available in context from Better Auth
7 | return {
8 | id: ctx.user.id,
9 | email: ctx.user.email,
10 | name: ctx.user.name,
11 | };
12 | }),
13 |
14 | updateProfile: protectedProcedure
15 | .input(
16 | z.object({
17 | name: z.string().min(1).optional(),
18 | email: z.email({ message: "Invalid email address" }).optional(),
19 | }),
20 | )
21 | .mutation(({ input, ctx }) => {
22 | // TODO: Implement user profile update logic
23 | return {
24 | id: ctx.user.id,
25 | ...input,
26 | };
27 | }),
28 |
29 | list: protectedProcedure
30 | .input(
31 | z.object({
32 | limit: z.number().min(1).max(100).default(10),
33 | cursor: z.string().optional(),
34 | }),
35 | )
36 | .query(() => {
37 | // TODO: Implement user listing logic
38 | return {
39 | users: [],
40 | nextCursor: null,
41 | };
42 | }),
43 | });
44 |
--------------------------------------------------------------------------------
/.github/workflows/deploy.yml:
--------------------------------------------------------------------------------
1 | name: Deploy Preview (Reusable)
2 |
3 | on:
4 | workflow_call:
5 | inputs:
6 | name:
7 | description: "Name of the deployment"
8 | required: true
9 | type: string
10 | environment:
11 | required: true
12 | type: string
13 | url:
14 | description: "URL of the deployment"
15 | required: true
16 | type: string
17 |
18 | jobs:
19 | environment:
20 | name: ${{ inputs.name }}
21 | runs-on: ubuntu-latest
22 | permissions:
23 | deployments: write
24 | pull-requests: read
25 | environment:
26 | name: ${{ inputs.environment }}
27 | url: ${{ steps.pr.outputs.formatted }}
28 | steps:
29 | - uses: kriasoft/pr-codename@v1
30 | id: pr
31 | with:
32 | template: ${{ inputs.url }}
33 | token: ${{ github.token }}
34 | # TODO: Add deployment steps
35 | # - run: bun wrangler deploy --config apps/api/wrangler.jsonc --env=${{ inputs.environment }}
36 | # - run: bun wrangler deploy --config apps/app/wrangler.jsonc --env=${{ inputs.environment }}
37 | # - run: bun wrangler deploy --config apps/web/wrangler.jsonc --env=${{ inputs.environment }}
38 |
--------------------------------------------------------------------------------
/apps/web/_headers:
--------------------------------------------------------------------------------
1 | /*
2 | Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
3 | X-Content-Type-Options: nosniff
4 | Referrer-Policy: strict-origin-when-cross-origin
5 | Permissions-Policy: camera=(), microphone=(), geolocation=()
6 | Content-Security-Policy: default-src 'self'; frame-ancestors 'none'; img-src 'self' data:; font-src 'self'; object-src 'none'; base-uri 'self'
7 | X-Frame-Options: DENY
8 |
9 | /*.html
10 | Cache-Control: public, max-age=0, must-revalidate
11 |
12 | /*.css
13 | Cache-Control: public, max-age=31536000, immutable
14 |
15 | /*.js
16 | Cache-Control: public, max-age=31536000, immutable
17 |
18 | /*.woff2
19 | Cache-Control: public, max-age=31536000, immutable
20 |
21 | /*.woff
22 | Cache-Control: public, max-age=31536000, immutable
23 |
24 | /*.ttf
25 | Cache-Control: public, max-age=31536000, immutable
26 |
27 | /*.svg
28 | Cache-Control: public, max-age=86400
29 |
30 | /*.jpg
31 | Cache-Control: public, max-age=86400
32 |
33 | /*.jpeg
34 | Cache-Control: public, max-age=86400
35 |
36 | /*.png
37 | Cache-Control: public, max-age=86400
38 |
39 | /*.webp
40 | Cache-Control: public, max-age=86400
41 |
42 | /*.ico
43 | Cache-Control: public, max-age=86400
44 |
--------------------------------------------------------------------------------
/packages/ui/components/switch.tsx:
--------------------------------------------------------------------------------
1 | import * as React from "react";
2 | import * as SwitchPrimitives from "@radix-ui/react-switch";
3 |
4 | import { cn } from "@/lib/utils";
5 |
6 | const Switch = React.forwardRef<
7 | React.ElementRef,
8 | React.ComponentPropsWithoutRef
9 | >(({ className, ...props }, ref) => (
10 |
18 |
23 |
24 | ));
25 | Switch.displayName = SwitchPrimitives.Root.displayName;
26 |
27 | export { Switch };
28 |
--------------------------------------------------------------------------------
/apps/app/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | %VITE_APP_NAME%
6 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
--------------------------------------------------------------------------------
/apps/api/worker.ts:
--------------------------------------------------------------------------------
1 | /**
2 | * @file Cloudflare Workers entrypoint.
3 | *
4 | * Initializes database and auth context, then mounts the core Hono app.
5 | */
6 |
7 | import { Hono } from "hono";
8 | import app from "./lib/app.js";
9 | import { createAuth } from "./lib/auth.js";
10 | import type { AppContext } from "./lib/context.js";
11 | import { createDb } from "./lib/db.js";
12 | import type { Env } from "./lib/env.js";
13 |
14 | type CloudflareEnv = {
15 | HYPERDRIVE_CACHED: Hyperdrive;
16 | HYPERDRIVE_DIRECT: Hyperdrive;
17 | } & Env;
18 |
19 | // Create a Hono app with Cloudflare Workers context
20 | const worker = new Hono<{
21 | Bindings: CloudflareEnv;
22 | Variables: AppContext["Variables"];
23 | }>();
24 |
25 | // Initialize shared context for all requests
26 | worker.use("*", async (c, next) => {
27 | // Initialize database using Neon via Hyperdrive
28 | const db = createDb(c.env.HYPERDRIVE_CACHED);
29 | const dbDirect = createDb(c.env.HYPERDRIVE_DIRECT);
30 |
31 | // Initialize auth
32 | const auth = createAuth(db, c.env);
33 |
34 | // Set context variables
35 | c.set("db", db);
36 | c.set("dbDirect", dbDirect);
37 | c.set("auth", auth);
38 |
39 | await next();
40 | });
41 |
42 | // Mount the core API app
43 | worker.route("/", app);
44 |
45 | export default worker;
46 |
--------------------------------------------------------------------------------
/apps/app/index.tsx:
--------------------------------------------------------------------------------
1 | import { QueryClientProvider } from "@tanstack/react-query";
2 | import { ReactQueryDevtools } from "@tanstack/react-query-devtools";
3 | import { createRouter, RouterProvider } from "@tanstack/react-router";
4 | import { StrictMode } from "react";
5 | import { createRoot } from "react-dom/client";
6 | import { auth } from "./lib/auth";
7 | import { queryClient } from "./lib/query";
8 | import { routeTree } from "./lib/routeTree.gen";
9 | import "./styles/globals.css";
10 |
11 | const router = createRouter({
12 | routeTree,
13 | context: {
14 | auth,
15 | queryClient,
16 | },
17 | });
18 |
19 | const container = document.getElementById("root");
20 | const root = createRoot(container!);
21 |
22 | root.render(
23 |
24 |
25 |
26 | {import.meta.env.DEV && (
27 |
31 | )}
32 |
33 | ,
34 | );
35 |
36 | if (import.meta.hot) {
37 | import.meta.hot.dispose(() => root.unmount());
38 | }
39 |
40 | declare module "@tanstack/react-router" {
41 | interface Register {
42 | router: typeof router;
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/scripts/mcp.ts:
--------------------------------------------------------------------------------
1 | import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
2 | import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
3 | import { fileURLToPath } from "bun";
4 | import { execa } from "execa";
5 | import { z } from "zod";
6 |
7 | const rootDir = fileURLToPath(new URL("..", import.meta.url));
8 | const $ = execa({ cwd: rootDir });
9 |
10 | /**
11 | * Model Context Protocol (MCP) server.
12 | *
13 | * @see https://modelcontextprotocol.org
14 | * @see https://code.visualstudio.com/docs/copilot/chat/mcp-servers
15 | */
16 | const server = new McpServer({
17 | name: "React Starter Kit",
18 | version: "0.0.0",
19 | });
20 |
21 | // This is just an example of a custom command that can be executed
22 | // from the MCP client (e.g., VS Code, GitHub Copilot, etc.).
23 | server.tool(
24 | "eslint",
25 | "Lint JavaScript and TypeScript files with ESLint",
26 | {
27 | filename: z.string(),
28 | },
29 | async function lint({ filename }) {
30 | const cmd = await $`bun run eslint ${filename}`;
31 | return {
32 | content: [{ type: "text", text: cmd.stdout }],
33 | };
34 | },
35 | );
36 |
37 | // Start receiving messages on stdin and sending messages on stdout
38 | const transport = new StdioServerTransport();
39 | await server.connect(transport);
40 |
--------------------------------------------------------------------------------
/infra/stacks/hybrid/variables.tf:
--------------------------------------------------------------------------------
1 | variable "gcp_project_id" {
2 | type = string
3 | description = "GCP project ID"
4 | }
5 |
6 | variable "gcp_region" {
7 | type = string
8 | description = "GCP region (e.g., us-central1)"
9 | }
10 |
11 | variable "project_slug" {
12 | type = string
13 | description = "Short identifier for resource naming (e.g., myapp)"
14 | }
15 |
16 | variable "environment" {
17 | type = string
18 | description = "Environment name (e.g., dev, staging, prod)"
19 | }
20 |
21 | variable "api_image" {
22 | type = string
23 | description = "Container image URL for Cloud Run API service"
24 | }
25 |
26 | variable "cloud_sql_tier" {
27 | type = string
28 | description = "Cloud SQL instance tier (e.g., db-f1-micro)"
29 | default = "db-f1-micro"
30 | }
31 |
32 | variable "enable_edge_routing" {
33 | type = bool
34 | description = "Enable Cloudflare edge routing in front of Cloud Run"
35 | default = false
36 | }
37 |
38 | variable "cloudflare_zone_id" {
39 | type = string
40 | description = "Cloudflare zone ID (required when enable_edge_routing = true and hostname is set)"
41 | default = ""
42 | }
43 |
44 | variable "hostname" {
45 | type = string
46 | description = "Public hostname for edge routing (e.g., api-gcp.example.com)"
47 | default = ""
48 | }
49 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Include your project-specific ignores in this file
2 | # Read about how to use .gitignore: https://help.github.com/articles/ignoring-files
3 |
4 | # Compiled output
5 | **/dist/
6 | **/*.tsbuildinfo
7 |
8 | # Bun package manager
9 | # https://bun.sh/docs/install/lockfile
10 | node_modules/
11 |
12 | # Logs
13 | *.log
14 |
15 | # Cache
16 | /.cache
17 | /*/.swc/
18 | .eslintcache
19 |
20 | # Testing
21 | /coverage
22 | *.lcov
23 |
24 | # Environment variables
25 | .env.*.local
26 | .env.local
27 |
28 | # Visual Studio Code
29 | # https://github.com/github/gitignore/blob/master/Global/VisualStudioCode.gitignore
30 | .vscode/*
31 | !.vscode/extensions.json
32 | !.vscode/launch.json
33 | !.vscode/mcp.json
34 | !.vscode/settings.json
35 | !.vscode/tasks.json
36 |
37 | # WebStorm
38 | .idea
39 |
40 | # Wrangler CLI
41 | # https://developers.cloudflare.com/workers/wrangler/
42 | .wrangler/
43 |
44 | # Astro
45 | .astro/
46 |
47 | # TanStack Router
48 | # Generated route tree files should not be committed
49 | */lib/routeTree.gen.ts
50 | */.tanstack/
51 |
52 | # VitePress
53 | docs/.vitepress/cache
54 | docs/.vitepress/dist
55 |
56 | # React Email
57 | # Generated preview build and runtime files
58 | .react-email/
59 |
60 | # Local development files
61 | *.local.md
62 | *.local.json
63 | *.local.jsonc
64 | *.local.ts
65 |
66 | # macOS
67 | # https://github.com/github/gitignore/blob/master/Global/macOS.gitignore
68 | .DS_Store
69 |
70 |
--------------------------------------------------------------------------------
/apps/app/lib/trpc.ts:
--------------------------------------------------------------------------------
1 | import type { AppRouter } from "@repo/api";
2 | import {
3 | createTRPCClient,
4 | httpBatchLink,
5 | type TRPCLink,
6 | loggerLink,
7 | } from "@trpc/client";
8 | import { createTRPCOptionsProxy } from "@trpc/tanstack-react-query";
9 | import { queryClient } from "./query";
10 |
11 | // Build links array conditionally based on environment
12 | const links: TRPCLink[] = [];
13 |
14 | // Add logger link in development for debugging
15 | if (import.meta.env.DEV) {
16 | links.push(
17 | loggerLink({
18 | enabled: (opts) =>
19 | (import.meta.env.DEV && typeof window !== "undefined") ||
20 | (opts.direction === "down" && opts.result instanceof Error),
21 | }),
22 | );
23 | }
24 |
25 | // Add HTTP batch link for actual requests
26 | links.push(
27 | httpBatchLink({
28 | url: `${import.meta.env.VITE_API_URL || "/api"}/trpc`,
29 | // Custom headers for request tracking
30 | headers() {
31 | return {
32 | "x-trpc-source": "react-app",
33 | };
34 | },
35 | // Include credentials for authentication
36 | fetch(url, options) {
37 | return fetch(url, {
38 | ...options,
39 | credentials: "include",
40 | });
41 | },
42 | }),
43 | );
44 |
45 | export const trpcClient = createTRPCClient({ links });
46 |
47 | export const api = createTRPCOptionsProxy({
48 | client: trpcClient,
49 | queryClient,
50 | });
51 |
--------------------------------------------------------------------------------
/packages/ui/scripts/format-utils.ts:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bun
2 | import { join } from "node:path";
3 | import { Glob } from "bun";
4 |
5 | /**
6 | * Execute a command with inherited stdio
7 | */
8 | export async function execCommand(
9 | command: string,
10 | args: string[],
11 | ): Promise {
12 | const proc = Bun.spawn([command, ...args], {
13 | stdio: ["inherit", "inherit", "inherit"],
14 | });
15 |
16 | const exitCode = await proc.exited;
17 | if (exitCode !== 0) {
18 | throw new Error(`Command failed: ${command} ${args.join(" ")}`);
19 | }
20 | }
21 |
22 | /**
23 | * Format generated UI component files with Prettier
24 | */
25 | export async function formatGeneratedFiles(): Promise {
26 | try {
27 | const componentsDir = join(import.meta.dirname, "../components");
28 |
29 | const glob = new Glob("**/*.{ts,tsx}");
30 | const componentFiles: string[] = [];
31 |
32 | for await (const file of glob.scan({
33 | cwd: componentsDir,
34 | absolute: true,
35 | })) {
36 | componentFiles.push(file);
37 | }
38 |
39 | if (componentFiles.length === 0) {
40 | return;
41 | }
42 |
43 | console.log("🎨 Formatting generated files with Prettier...");
44 |
45 | await execCommand("bunx", ["prettier", "--write", ...componentFiles]);
46 |
47 | console.log("✨ Files formatted successfully");
48 | } catch (error) {
49 | console.warn("⚠️ Failed to format files with Prettier:", error);
50 | }
51 | }
52 |
--------------------------------------------------------------------------------
/db/seeds/users.ts:
--------------------------------------------------------------------------------
1 | import { PostgresJsDatabase } from "drizzle-orm/postgres-js";
2 | import * as schema from "../schema";
3 | import { type NewUser, user } from "../schema";
4 |
5 | /**
6 | * Seeds the database with test user accounts.
7 | */
8 | export async function seedUsers(db: PostgresJsDatabase) {
9 | console.log("Seeding users...");
10 |
11 | // Test user data with realistic names and email addresses
12 | const users: NewUser[] = [
13 | { name: "Alice Johnson", email: "alice@example.com", emailVerified: true },
14 | { name: "Bob Smith", email: "bob@example.com", emailVerified: true },
15 | {
16 | name: "Charlie Brown",
17 | email: "charlie@example.com",
18 | emailVerified: false,
19 | },
20 | { name: "Diana Prince", email: "diana@example.com", emailVerified: true },
21 | { name: "Eve Davis", email: "eve@example.com", emailVerified: true },
22 | { name: "Frank Miller", email: "frank@example.com", emailVerified: false },
23 | { name: "Grace Lee", email: "grace@example.com", emailVerified: true },
24 | { name: "Henry Wilson", email: "henry@example.com", emailVerified: true },
25 | { name: "Ivy Chen", email: "ivy@example.com", emailVerified: false },
26 | { name: "Jack Thompson", email: "jack@example.com", emailVerified: true },
27 | ];
28 |
29 | for (const u of users) {
30 | await db.insert(user).values(u).onConflictDoNothing();
31 | }
32 |
33 | console.log(`✅ Seeded ${users.length} test users`);
34 | }
35 |
--------------------------------------------------------------------------------
/apps/api/lib/env.ts:
--------------------------------------------------------------------------------
1 | import { z } from "zod";
2 |
3 | /**
4 | * Zod schema for validating environment variables.
5 | * Ensures all required configuration values are present and correctly formatted.
6 | *
7 | * @throws {ZodError} When environment variables don't match the schema
8 | */
9 | export const envSchema = z.object({
10 | ENVIRONMENT: z.enum(["production", "staging", "preview", "development"]),
11 | APP_NAME: z.string().default("Example"),
12 | APP_ORIGIN: z.url(),
13 | DATABASE_URL: z.url(),
14 | BETTER_AUTH_SECRET: z.string().min(32),
15 | GOOGLE_CLIENT_ID: z.string(),
16 | GOOGLE_CLIENT_SECRET: z.string(),
17 | OPENAI_API_KEY: z.string(),
18 | RESEND_API_KEY: z.string(),
19 | RESEND_EMAIL_FROM: z.email(),
20 | });
21 |
22 | /**
23 | * Runtime environment variables accessor.
24 | *
25 | * @remarks
26 | * - In Bun runtime: Variables are accessed via `Bun.env`
27 | * - In Cloudflare Workers: Variables must be accessed via request context
28 | * - Falls back to empty object when Bun global is unavailable
29 | *
30 | * @example
31 | * // In Bun runtime
32 | * const dbUrl = env.DATABASE_URL;
33 | *
34 | * // In Cloudflare Workers (must use context)
35 | * const dbUrl = context.env.DATABASE_URL;
36 | */
37 | export const env =
38 | typeof Bun === "undefined" ? ({} as Env) : envSchema.parse(Bun.env);
39 |
40 | /**
41 | * Type-safe environment variables interface.
42 | * Inferred from the Zod schema to ensure type safety.
43 | */
44 | export type Env = z.infer;
45 |
--------------------------------------------------------------------------------
/infra/stacks/hybrid/main.tf:
--------------------------------------------------------------------------------
1 | # Hybrid stack: GCP backend with optional Cloudflare edge.
2 | # Workers are deployed separately via Wrangler.
3 |
4 | # Cloud SQL PostgreSQL
5 | module "database" {
6 | source = "../../modules/gcp/cloud-sql"
7 |
8 | project_id = var.gcp_project_id
9 | region = var.gcp_region
10 | instance_name = "${var.project_slug}-${var.environment}"
11 | database_name = var.project_slug
12 | tier = var.cloud_sql_tier
13 | }
14 |
15 | # GCS bucket for uploads
16 | module "storage" {
17 | source = "../../modules/gcp/gcs"
18 |
19 | project_id = var.gcp_project_id
20 | location = var.gcp_region
21 | bucket_name = "${var.project_slug}-${var.environment}-uploads"
22 | }
23 |
24 | # Cloud Run API service
25 | module "api" {
26 | source = "../../modules/gcp/cloud-run"
27 |
28 | project_id = var.gcp_project_id
29 | region = var.gcp_region
30 | service_name = "${var.project_slug}-api-${var.environment}"
31 | image = var.api_image
32 |
33 | cloud_sql_connection = module.database.connection_name
34 |
35 | env_vars = {
36 | DATABASE_URL = module.database.connection_string
37 | GCS_BUCKET = module.storage.bucket_name
38 | }
39 | }
40 |
41 | # Optional: Cloudflare DNS for edge routing.
42 | # Deploy the edge proxy Worker separately via Wrangler.
43 | module "dns" {
44 | count = var.enable_edge_routing && var.hostname != "" ? 1 : 0
45 | source = "../../modules/cloudflare/dns"
46 |
47 | zone_id = var.cloudflare_zone_id
48 | hostname = var.hostname
49 | }
50 |
--------------------------------------------------------------------------------
/db/drizzle.config.ts:
--------------------------------------------------------------------------------
1 | import { configDotenv } from "dotenv";
2 | import { defineConfig } from "drizzle-kit";
3 | import { resolve } from "node:path";
4 |
5 | // Environment detection: ENVIRONMENT var takes priority, then NODE_ENV mapping
6 | const envName = (() => {
7 | if (process.env.ENVIRONMENT) return process.env.ENVIRONMENT;
8 | if (process.env.NODE_ENV === "production") return "prod";
9 | if (process.env.NODE_ENV === "staging") return "staging";
10 | if (process.env.NODE_ENV === "test") return "test";
11 | return "dev";
12 | })();
13 |
14 | // Load .env files in priority order: environment-specific → local → base
15 | for (const file of [`.env.${envName}.local`, ".env.local", ".env"]) {
16 | configDotenv({ path: resolve(__dirname, "..", file), quiet: true });
17 | }
18 |
19 | if (!process.env.DATABASE_URL) {
20 | throw new Error("DATABASE_URL environment variable is required");
21 | }
22 |
23 | // Validate DATABASE_URL format (accepts both postgres:// and postgresql://)
24 | if (!/^postgre(s|sql):\/\/.+/.test(process.env.DATABASE_URL)) {
25 | throw new Error("DATABASE_URL must be a valid PostgreSQL connection string");
26 | }
27 |
28 | /**
29 | * Drizzle ORM configuration for Neon PostgreSQL database
30 | *
31 | * @see https://orm.drizzle.team/docs/drizzle-config-file
32 | * @see https://orm.drizzle.team/llms.txt
33 | */
34 | export default defineConfig({
35 | out: "./migrations",
36 | schema: "./schema",
37 | dialect: "postgresql",
38 | casing: "snake_case",
39 | dbCredentials: {
40 | url: process.env.DATABASE_URL,
41 | },
42 | });
43 |
--------------------------------------------------------------------------------
/apps/api/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "@repo/api",
3 | "version": "0.0.0",
4 | "private": true,
5 | "type": "module",
6 | "exports": {
7 | ".": "./index.ts",
8 | "./auth": "./lib/auth.ts",
9 | "./package.json": "./package.json"
10 | },
11 | "scripts": {
12 | "predev": "bun --filter @repo/email build",
13 | "dev": "bun run --watch --env-file ../../.env --env-file ../../.env.local ./dev.ts",
14 | "build": "bun build index.ts --outdir dist --target bun",
15 | "test": "vitest",
16 | "typecheck": "tsc --noEmit",
17 | "deploy": "wrangler deploy --env-file ../../.env --env-file ../../.env.local",
18 | "logs": "wrangler tail --env-file ../../.env --env-file ../../.env.local"
19 | },
20 | "dependencies": {
21 | "@ai-sdk/openai": "^2.0.77",
22 | "@better-auth/passkey": "^1.4.5",
23 | "@repo/core": "workspace:*",
24 | "@repo/db": "workspace:*",
25 | "@repo/email": "workspace:*",
26 | "@trpc/server": "^11.7.2",
27 | "ai": "^5.0.107",
28 | "better-auth": "^1.4.5",
29 | "dataloader": "^2.2.3",
30 | "drizzle-orm": "^0.45.0",
31 | "postgres": "^3.4.7",
32 | "resend": "^6.5.2"
33 | },
34 | "peerDependencies": {
35 | "hono": "^4.10.7",
36 | "zod": "^4.1.13"
37 | },
38 | "devDependencies": {
39 | "@cloudflare/workers-types": "^4.20251205.0",
40 | "@repo/typescript-config": "workspace:*",
41 | "@types/bun": "^1.3.3",
42 | "hono": "^4.10.7",
43 | "typescript": "~5.9.3",
44 | "vitest": "~4.0.15",
45 | "wrangler": "^4.53.0",
46 | "zod": "^4.1.13"
47 | }
48 | }
49 |
--------------------------------------------------------------------------------
/packages/ui/scripts/add.ts:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bun
2 | import { execCommand, formatGeneratedFiles } from "./format-utils.js";
3 |
4 | async function addComponent(): Promise {
5 | const args = process.argv.slice(2);
6 |
7 | if (args.length === 0 || args.includes("--help") || args.includes("-h")) {
8 | console.log("📋 shadcn/ui Component Installer");
9 | console.log("=================================\n");
10 | console.log("Usage:");
11 | console.log(" bun run ui:add Add a single component");
12 | console.log(" bun run ui:add Add multiple components");
13 | console.log(
14 | " bun run ui:add --all Add all available components",
15 | );
16 | console.log("\nExamples:");
17 | console.log(" bun run ui:add button");
18 | console.log(" bun run ui:add button card input");
19 | console.log(" bun run ui:add dialog alert-dialog toast");
20 |
21 | if (args.length === 0) {
22 | process.exit(1);
23 | } else {
24 | process.exit(0);
25 | }
26 | }
27 |
28 | console.log("🚀 Adding shadcn/ui components...");
29 |
30 | try {
31 | const shadcnArgs = ["shadcn@latest", "add", ...args, "--yes"];
32 |
33 | console.log(`Running: bunx ${shadcnArgs.join(" ")}`);
34 | await execCommand("bunx", shadcnArgs);
35 |
36 | await formatGeneratedFiles();
37 |
38 | console.log("✅ Components added successfully!");
39 | } catch (error) {
40 | console.error("❌ Failed to add components:", error);
41 | process.exit(1);
42 | }
43 | }
44 |
45 | addComponent().catch(console.error);
46 |
--------------------------------------------------------------------------------
/packages/ui/components/radio-group.tsx:
--------------------------------------------------------------------------------
1 | import * as React from "react";
2 | import * as RadioGroupPrimitive from "@radix-ui/react-radio-group";
3 | import { Circle } from "lucide-react";
4 |
5 | import { cn } from "@/lib/utils";
6 |
7 | const RadioGroup = React.forwardRef<
8 | React.ElementRef,
9 | React.ComponentPropsWithoutRef
10 | >(({ className, ...props }, ref) => {
11 | return (
12 |
17 | );
18 | });
19 | RadioGroup.displayName = RadioGroupPrimitive.Root.displayName;
20 |
21 | const RadioGroupItem = React.forwardRef<
22 | React.ElementRef,
23 | React.ComponentPropsWithoutRef
24 | >(({ className, ...props }, ref) => {
25 | return (
26 |
34 |
35 |
36 |
37 |
38 | );
39 | });
40 | RadioGroupItem.displayName = RadioGroupPrimitive.Item.displayName;
41 |
42 | export { RadioGroup, RadioGroupItem };
43 |
--------------------------------------------------------------------------------
/apps/email/README.md:
--------------------------------------------------------------------------------
1 | # @repo/email
2 |
3 | A collection of transactional email templates built with React Email.
4 |
5 | ## Templates
6 |
7 | - **EmailVerification** - Email verification with verification link
8 | - **PasswordReset** - Password reset with secure reset link
9 | - **OTPEmail** - One-time password codes for sign-in, verification, or password reset
10 |
11 | ## Development
12 |
13 | ```bash
14 | # Start email preview development server
15 | bun email:dev
16 |
17 | # Build email templates
18 | bun email:build
19 |
20 | # Export static email templates
21 | bun email:export
22 | ```
23 |
24 | The development server will be available at
25 |
26 | ## Usage
27 |
28 | ```typescript
29 | import { EmailVerification, renderEmailToHtml } from "@repo/email";
30 |
31 | const component = EmailVerification({
32 | userName: "John Doe",
33 | verificationUrl: "https://example.com/verify?token=abc123",
34 | appName: "My App",
35 | appUrl: "https://example.com",
36 | });
37 |
38 | const html = await renderEmailToHtml(component);
39 | ```
40 |
41 | ## Template Structure
42 |
43 | - `templates/` - React Email component templates
44 | - `components/` - Shared components (BaseTemplate)
45 | - `utils/` - Rendering utilities
46 | - `emails/` - Preview files for development server
47 |
48 | ## References
49 |
50 | - [React Email Documentation](https://react.email/docs/introduction) - Official React Email guide
51 | - [React Email Components](https://react.email/components) - Available email components
52 | - [Better Auth Email Integration](https://better-auth.com/docs/concepts/email) - Authentication email setup
53 |
--------------------------------------------------------------------------------
/packages/typescript-config/base.jsonc:
--------------------------------------------------------------------------------
1 | {
2 | /* Visit https://aka.ms/tsconfig to read more about this file */
3 | "$schema": "https://json.schemastore.org/tsconfig",
4 | "compilerOptions": {
5 | /* Type Checking */
6 | "strict": true,
7 | "noImplicitAny": true,
8 | "noImplicitOverride": true,
9 | "noImplicitThis": true,
10 | "strictNullChecks": true,
11 | "strictPropertyInitialization": true,
12 |
13 | /* Modules */
14 | "module": "ESNext",
15 | "moduleResolution": "Bundler",
16 | "baseUrl": "../../",
17 | "paths": {
18 | "@repo/api": ["apps/api"],
19 | "@repo/api/*": ["apps/api/*"],
20 | "@repo/core": ["packages/core"],
21 | "@repo/core/*": ["packages/core/*"],
22 | "@repo/db": ["db"],
23 | "@repo/db/*": ["db/*"],
24 | "@repo/ws-protocol": ["packages/ws-protocol"],
25 | "@repo/ws-protocol/*": ["packages/ws-protocol/*"],
26 | "@/*": ["apps/web/*"]
27 | },
28 | "resolveJsonModule": true,
29 | "allowImportingTsExtensions": false,
30 |
31 | /* Emit */
32 | // noEmit is set per-package based on needs
33 |
34 | /* JavaScript Support */
35 | "allowJs": true,
36 |
37 | /* Interop Constraints */
38 | "allowSyntheticDefaultImports": true,
39 | "esModuleInterop": true,
40 | "forceConsistentCasingInFileNames": true,
41 | "isolatedModules": true,
42 | "verbatimModuleSyntax": true,
43 |
44 | /* Language and Environment */
45 | "target": "ESNext",
46 | "lib": ["ESNext"],
47 | "useDefineForClassFields": true,
48 |
49 | /* Completeness */
50 | "skipLibCheck": true
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/packages/ui/components/avatar.tsx:
--------------------------------------------------------------------------------
1 | import * as React from "react";
2 | import * as AvatarPrimitive from "@radix-ui/react-avatar";
3 |
4 | import { cn } from "@/lib/utils";
5 |
6 | const Avatar = React.forwardRef<
7 | React.ElementRef,
8 | React.ComponentPropsWithoutRef
9 | >(({ className, ...props }, ref) => (
10 |
18 | ));
19 | Avatar.displayName = AvatarPrimitive.Root.displayName;
20 |
21 | const AvatarImage = React.forwardRef<
22 | React.ElementRef,
23 | React.ComponentPropsWithoutRef
24 | >(({ className, ...props }, ref) => (
25 |
30 | ));
31 | AvatarImage.displayName = AvatarPrimitive.Image.displayName;
32 |
33 | const AvatarFallback = React.forwardRef<
34 | React.ElementRef,
35 | React.ComponentPropsWithoutRef
36 | >(({ className, ...props }, ref) => (
37 |
45 | ));
46 | AvatarFallback.displayName = AvatarPrimitive.Fallback.displayName;
47 |
48 | export { Avatar, AvatarImage, AvatarFallback };
49 |
--------------------------------------------------------------------------------
/packages/typescript-config/README.md:
--------------------------------------------------------------------------------
1 | # TypeScript Configuration
2 |
3 | Shared TypeScript configuration for the monorepo.
4 |
5 | ## Usage
6 |
7 | Add this package as a development dependency:
8 |
9 | ```json
10 | {
11 | "devDependencies": {
12 | "@repo/typescript-config": "workspace:*"
13 | }
14 | }
15 | ```
16 |
17 | Then extend from the appropriate configuration in your `tsconfig.json`:
18 |
19 | ### For React applications
20 |
21 | ```json
22 | {
23 | "extends": "@repo/typescript-config/react.json",
24 | "include": ["src"],
25 | "exclude": ["node_modules"]
26 | }
27 | ```
28 |
29 | ### For Node.js/Bun applications
30 |
31 | ```json
32 | {
33 | "extends": "@repo/typescript-config/node.json",
34 | "include": ["src"],
35 | "exclude": ["node_modules"]
36 | }
37 | ```
38 |
39 | ### For Cloudflare Workers
40 |
41 | ```json
42 | {
43 | "extends": "@repo/typescript-config/cloudflare.json",
44 | "include": ["src"],
45 | "exclude": ["node_modules"]
46 | }
47 | ```
48 |
49 | ## Available Configurations
50 |
51 | - `base.json` - Core configuration with strict mode and modern defaults
52 | - `react.json` - React applications with DOM types and JSX support
53 | - `node.json` - Node.js/Bun backend services
54 | - `cloudflare.json` - Cloudflare Workers edge functions
55 |
56 | ## Features
57 |
58 | - **Strict mode** enabled by default for maximum type safety
59 | - **Modern module resolution** optimized for bundlers
60 | - **Project references** support for better monorepo performance
61 | - **Centralized path aliases** for consistent imports across the monorepo
62 | - **Environment-specific** configurations for different runtime targets
63 |
--------------------------------------------------------------------------------
/infra/modules/gcp/cloud-run/main.tf:
--------------------------------------------------------------------------------
1 | resource "google_cloud_run_v2_service" "service" {
2 | name = var.service_name
3 | location = var.region
4 | deletion_protection = false
5 | ingress = "INGRESS_TRAFFIC_ALL"
6 | invoker_iam_disabled = true # Allow public access without IAM checks
7 |
8 | template {
9 | scaling {
10 | min_instance_count = 0
11 | max_instance_count = 10
12 | }
13 |
14 | dynamic "volumes" {
15 | for_each = var.cloud_sql_connection != null ? [1] : []
16 | content {
17 | name = "cloudsql"
18 | cloud_sql_instance {
19 | instances = [var.cloud_sql_connection]
20 | }
21 | }
22 | }
23 |
24 | containers {
25 | image = var.image
26 |
27 | ports {
28 | container_port = 8080
29 | }
30 |
31 | resources {
32 | limits = {
33 | cpu = "1"
34 | memory = "512Mi"
35 | }
36 | cpu_idle = true
37 | }
38 |
39 | dynamic "volume_mounts" {
40 | for_each = var.cloud_sql_connection != null ? [1] : []
41 | content {
42 | name = "cloudsql"
43 | mount_path = "/cloudsql"
44 | }
45 | }
46 |
47 | dynamic "env" {
48 | for_each = var.env_vars
49 | content {
50 | name = env.key
51 | value = env.value
52 | }
53 | }
54 | }
55 | }
56 |
57 | lifecycle {
58 | ignore_changes = [
59 | template[0].containers[0].image, # Allow gcloud to deploy new images
60 | template[0].revision,
61 | template[0].labels,
62 | ]
63 | }
64 | }
65 |
--------------------------------------------------------------------------------
/docs/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | # https://vitepress.dev/reference/default-theme-home-page
3 | layout: home
4 |
5 | hero:
6 | name: "React Starter Kit"
7 | # text: "Production-ready monorepo for building fast web apps"
8 | tagline: Skip months of setup and ship your AI-powered SaaS fast. Authentication, database migrations, edge deployment, and cutting-edge React patterns all configured with industry best practices.
9 | actions:
10 | - theme: brand
11 | text: Getting Started
12 | link: /getting-started
13 | - theme: alt
14 | text: View on GitHub
15 | link: https://github.com/kriasoft/react-starter-kit
16 |
17 | features:
18 | - icon: 🤖
19 | title: AI-First Development
20 | details: Code with AI from day one - LLM instructions, tool configurations, and project context pre-built for Claude Code, Cursor, and Gemini CLI
21 | - icon: 🚀
22 | title: Edge-First Architecture
23 | details: Built for Cloudflare Workers with optimized performance, global distribution, and instant deployment
24 | - icon: ⚛️
25 | title: Modern React Stack
26 | details: React 19 with Vite & Astro, TanStack Router, Jotai state management, and shadcn/ui components with Tailwind CSS v4
27 | - icon: 🔐
28 | title: Complete Authentication
29 | details: Pre-configured Better Auth with social providers, session management, and secure user flows
30 | - icon: 🏢
31 | title: Multi-Tenant Database
32 | details: Neon PostgreSQL with Drizzle ORM, pre-built multi-tenant schema with UUIDv7, migrations, and type-safe queries
33 | - icon: ⚡
34 | title: Ship Faster
35 | details: Bun runtime for instant builds, hot reload, unified tooling, and comprehensive testing setup
36 | ---
37 |
--------------------------------------------------------------------------------
/docs/.vitepress/config.ts:
--------------------------------------------------------------------------------
1 | import { defineConfig } from "vitepress";
2 | import { withMermaid } from "vitepress-plugin-mermaid";
3 |
4 | /**
5 | * VitePress configuration.
6 | *
7 | * @link {https://vitepress.dev/reference/site-config}
8 | * @link {https://emersonbottero.github.io/vitepress-plugin-mermaid/}
9 | */
10 | export default withMermaid(
11 | defineConfig({
12 | title: "React Starter Kit",
13 | description: "Production-ready monorepo for building fast web apps",
14 | themeConfig: {
15 | // https://vitepress.dev/reference/default-theme-config
16 | nav: [
17 | { text: "Home", link: "/" },
18 | { text: "Docs", link: "/getting-started" },
19 | ],
20 |
21 | sidebar: [
22 | {
23 | text: "Documentation",
24 | items: [
25 | { text: "Getting Started", link: "/getting-started" },
26 | { text: "Database Schema", link: "/database-schema" },
27 | { text: "Deployment", link: "/deployment" },
28 | ],
29 | },
30 | {
31 | text: "Security",
32 | items: [
33 | { text: "Security Checklist", link: "/security/checklist" },
34 | { text: "Incident Playbook", link: "/security/incident-playbook" },
35 | {
36 | text: "Security Policy Template",
37 | link: "/security/SECURITY.template",
38 | },
39 | ],
40 | },
41 | ],
42 |
43 | socialLinks: [
44 | {
45 | icon: "discord",
46 | link: "https://discord.gg/2nKEnKq",
47 | },
48 | {
49 | icon: "github",
50 | link: "https://github.com/kriasoft/react-starter-kit",
51 | },
52 | ],
53 | },
54 | }),
55 | );
56 |
--------------------------------------------------------------------------------
/packages/ui/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "@repo/ui",
3 | "version": "0.1.0",
4 | "description": "Reusable UI components for React Starter Kit (monorepo)",
5 | "type": "module",
6 | "main": "./index.ts",
7 | "types": "./index.ts",
8 | "exports": {
9 | ".": "./index.ts",
10 | "./lib/utils": "./lib/utils.ts",
11 | "./components/*": "./components/*.tsx",
12 | "./hooks/*": "./hooks/*.ts",
13 | "./lib/*": "./lib/*.ts"
14 | },
15 | "files": [
16 | "components",
17 | "hooks",
18 | "lib",
19 | "index.ts",
20 | "components.json"
21 | ],
22 | "scripts": {
23 | "build": "tsc",
24 | "dev": "tsc --watch",
25 | "lint": "eslint . --max-warnings 0",
26 | "type-check": "tsc --noEmit",
27 | "add": "bun scripts/add.ts",
28 | "list": "bun scripts/list.ts",
29 | "update": "bun scripts/update.ts",
30 | "essentials": "bun scripts/essentials.ts"
31 | },
32 | "peerDependencies": {
33 | "react": ">=19.2.1",
34 | "react-dom": ">=19.2.1"
35 | },
36 | "dependencies": {
37 | "@radix-ui/react-avatar": "^1.1.11",
38 | "@radix-ui/react-checkbox": "^1.3.3",
39 | "@radix-ui/react-dialog": "^1.1.15",
40 | "@radix-ui/react-label": "^2.1.8",
41 | "@radix-ui/react-radio-group": "^1.3.8",
42 | "@radix-ui/react-scroll-area": "^1.2.10",
43 | "@radix-ui/react-select": "^2.2.6",
44 | "@radix-ui/react-separator": "^1.1.8",
45 | "@radix-ui/react-slot": "^1.2.4",
46 | "@radix-ui/react-switch": "^1.2.6",
47 | "class-variance-authority": "^0.7.1",
48 | "clsx": "^2.1.1",
49 | "lucide-react": "^0.556.0",
50 | "tailwind-merge": "^3.4.0"
51 | },
52 | "devDependencies": {
53 | "@types/react": "^19.2.7",
54 | "@types/react-dom": "^19.2.3",
55 | "tailwindcss": "^4.1.17",
56 | "typescript": "~5.9.3"
57 | },
58 | "license": "MIT"
59 | }
60 |
--------------------------------------------------------------------------------
/.claude/commands/validate-auth-schema.md:
--------------------------------------------------------------------------------
1 | # Validate Auth Schema
2 |
3 | Validate that the Drizzle ORM schema in `db/schema/` matches the Better Auth requirements.
4 |
5 | ## Steps
6 |
7 | 1. **Generate Better Auth schema reference**:
8 |
9 | ```bash
10 | bun run db/scripts/generate-auth-schema.ts
11 | ```
12 |
13 | 2. **Compare with current Drizzle schema**:
14 | - Review all files in `db/schema/` (user.ts, organization.ts, etc.)
15 | - Check that each Better Auth table has corresponding Drizzle table
16 | - Verify field types, constraints, and relationships match
17 | - Ensure table names and field names align with Better Auth expectations
18 |
19 | 3. **Key validation points**:
20 | - **Table mapping**: Better Auth `account` → Drizzle `identity`
21 | - **Required fields**: All Better Auth required fields are present and correctly typed
22 | - **Relationships**: Foreign key references match (userId, organizationId, etc.)
23 | - **Constraints**: Unique fields, required fields, default values
24 | - **Field types**: string/text, boolean, date/timestamp, number types
25 |
26 | 4. **Report findings**:
27 | - List any missing tables or fields
28 | - Identify type mismatches
29 | - Note incorrect constraints or relationships
30 | - Suggest specific fixes needed
31 |
32 | ## Context
33 |
34 | Better Auth requires specific database schema structure. The generated JSON serves as the source of truth for what Better Auth expects, while the Drizzle schema in `db/schema/` is our actual implementation that must match.
35 |
36 | ## Success Criteria
37 |
38 | - All Better Auth required tables exist in Drizzle schema
39 | - Field types and constraints match Better Auth requirements
40 | - Foreign key relationships are correctly implemented
41 | - Custom schema additions (like organizations) don't conflict with Better Auth expectations
42 |
--------------------------------------------------------------------------------
/packages/ui/components/scroll-area.tsx:
--------------------------------------------------------------------------------
1 | import * as React from "react";
2 | import * as ScrollAreaPrimitive from "@radix-ui/react-scroll-area";
3 |
4 | import { cn } from "@/lib/utils";
5 |
6 | const ScrollArea = React.forwardRef<
7 | React.ElementRef,
8 | React.ComponentPropsWithoutRef
9 | >(({ className, children, ...props }, ref) => (
10 |
15 |
16 | {children}
17 |
18 |
19 |
20 |
21 | ));
22 | ScrollArea.displayName = ScrollAreaPrimitive.Root.displayName;
23 |
24 | const ScrollBar = React.forwardRef<
25 | React.ElementRef,
26 | React.ComponentPropsWithoutRef
27 | >(({ className, orientation = "vertical", ...props }, ref) => (
28 |
41 |
42 |
43 | ));
44 | ScrollBar.displayName = ScrollAreaPrimitive.ScrollAreaScrollbar.displayName;
45 |
46 | export { ScrollArea, ScrollBar };
47 |
--------------------------------------------------------------------------------
/db/schema/passkey.ts:
--------------------------------------------------------------------------------
1 | // WebAuthn passkey credentials for Better Auth
2 | // @see https://www.better-auth.com/docs/plugins/passkey
3 |
4 | import { sql } from "drizzle-orm";
5 | import {
6 | boolean,
7 | index,
8 | integer,
9 | pgTable,
10 | text,
11 | timestamp,
12 | } from "drizzle-orm/pg-core";
13 | import { user } from "./user";
14 |
15 | /**
16 | * Passkey credential store.
17 | *
18 | * Extended fields beyond Better Auth defaults:
19 | * - lastUsedAt: Tracks last authentication for security audits
20 | * - deviceName: User-friendly name (e.g., "MacBook Pro", "iPhone 15")
21 | * - platform: Authenticator platform ("platform" | "cross-platform")
22 | */
23 | export const passkey = pgTable(
24 | "passkey",
25 | {
26 | id: text()
27 | .primaryKey()
28 | .default(sql`gen_random_uuid()`),
29 | name: text(),
30 | publicKey: text().notNull(),
31 | userId: text()
32 | .notNull()
33 | .references(() => user.id, { onDelete: "cascade" }),
34 | credentialID: text().notNull().unique(),
35 | counter: integer().default(0).notNull(),
36 | deviceType: text().notNull(),
37 | backedUp: boolean().notNull(),
38 | transports: text(),
39 | aaguid: text(),
40 | // Extended operational fields
41 | lastUsedAt: timestamp({ withTimezone: true, mode: "date" }),
42 | deviceName: text(),
43 | platform: text(), // "platform" | "cross-platform"
44 | createdAt: timestamp({ withTimezone: true, mode: "date" })
45 | .defaultNow()
46 | .notNull(),
47 | updatedAt: timestamp({ withTimezone: true, mode: "date" })
48 | .defaultNow()
49 | .$onUpdate(() => new Date())
50 | .notNull(),
51 | },
52 | (table) => [index("passkey_user_id_idx").on(table.userId)],
53 | );
54 |
55 | export type Passkey = typeof passkey.$inferSelect;
56 | export type NewPasskey = typeof passkey.$inferInsert;
57 |
--------------------------------------------------------------------------------
/apps/web/wrangler.jsonc:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "../../node_modules/wrangler/config-schema.json",
3 |
4 | // [METADATA]
5 | // Application identity and Cloudflare runtime compatibility settings.
6 | "name": "example-web",
7 | "compatibility_date": "2025-08-15",
8 | "compatibility_flags": [],
9 | "workers_dev": false,
10 |
11 | // [ASSETS]
12 | // Serves bundled JavaScript, CSS, images, and other static assets.
13 | "assets": {
14 | "directory": "./dist"
15 | },
16 |
17 | // [ENVIRONMENTS]
18 | // Environment-specific configurations for different deployment stages.
19 | // Top-level config = production, nested env objects = other environments.
20 |
21 | // [ENV:PRODUCTION]
22 | // Default configuration used when no --env flag is specified.
23 | // Command: bun wrangler deploy
24 |
25 | // WARNING: Route modifications must be synchronized across all environments
26 | // prettier-ignore
27 | "routes": [
28 | { "pattern": "example.com/*", "zone_name": "example.com" }
29 | ],
30 | "vars": {
31 | "ENVIRONMENT": "production"
32 | },
33 |
34 | "env": {
35 | // [ENV:DEVELOPMENT]
36 | // Command: bun wrangler dev
37 | "dev": {
38 | "vars": {
39 | "ENVIRONMENT": "development"
40 | }
41 | },
42 |
43 | // [ENV:STAGING]
44 | // Pre-production testing environment that mirrors production setup.
45 | // Command: bun wrangler deploy --env staging
46 | "staging": {
47 | // prettier-ignore
48 | "routes": [
49 | { "pattern": "staging.example.com/*", "zone_name": "example.com" }
50 | ],
51 | "vars": {
52 | "ENVIRONMENT": "staging"
53 | }
54 | },
55 |
56 | // [ENV:PREVIEW]
57 | // Command: bun wrangler deploy --env preview
58 | "preview": {
59 | // prettier-ignore
60 | "routes": [
61 | { "pattern": "preview.example.com/*", "zone_name": "example.com" }
62 | ],
63 | "vars": {
64 | "ENVIRONMENT": "preview"
65 | }
66 | }
67 | }
68 | }
69 |
--------------------------------------------------------------------------------
/apps/app/lib/query.ts:
--------------------------------------------------------------------------------
1 | import type { AppRouter } from "@repo/api";
2 | import { QueryClient } from "@tanstack/react-query";
3 | import { TRPCClientError } from "@trpc/client";
4 |
5 | export const queryClient = new QueryClient({
6 | defaultOptions: {
7 | queries: {
8 | // Data remains fresh for 2 minutes - prevents redundant API calls during
9 | // typical user sessions while ensuring data updates within reasonable time
10 | staleTime: 2 * 60 * 1000,
11 | // Garbage collection after 5 minutes - balances memory usage with instant
12 | // data availability when navigating back to recently viewed pages
13 | gcTime: 5 * 60 * 1000,
14 | // Retry strategy: 3 attempts with exponential backoff (1s, 2s, 4s) capped at 30s
15 | // Handles transient network issues without overwhelming the server
16 | retry: 3,
17 | retryDelay: (attemptIndex) => Math.min(1000 * 2 ** attemptIndex, 30000),
18 | // Auto-refetch when user returns to tab - ensures displayed data is current
19 | // after context switches (critical for collaborative features)
20 | refetchOnWindowFocus: true,
21 | // Always refetch after network reconnection - prevents stale data after
22 | // connectivity issues (overrides staleTime check)
23 | refetchOnReconnect: "always",
24 | },
25 | mutations: {
26 | // Single retry for mutations - prevents duplicate operations while handling
27 | // momentary network blips (user can manually retry for persistent failures)
28 | retry: 1,
29 | retryDelay: 1000,
30 | onError: (error) => {
31 | // Redirect to login on auth errors
32 | if (error instanceof TRPCClientError) {
33 | const trpcError = error as TRPCClientError;
34 | if (trpcError.data?.code === "UNAUTHORIZED") {
35 | window.location.href = "/login";
36 | return;
37 | }
38 | }
39 | console.error("Mutation error:", error);
40 | },
41 | },
42 | },
43 | });
44 |
--------------------------------------------------------------------------------
/db/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "@repo/db",
3 | "version": "0.0.0",
4 | "private": true,
5 | "type": "module",
6 | "exports": {
7 | ".": "./index.ts",
8 | "./schema": "./schema/index.ts",
9 | "./schema/*": "./schema/*"
10 | },
11 | "scripts": {
12 | "generate": "bun --bun drizzle-kit generate",
13 | "generate:staging": "bun --bun --env ENVIRONMENT=staging drizzle-kit generate",
14 | "generate:prod": "bun --bun --env ENVIRONMENT=prod drizzle-kit generate",
15 | "migrate": "bun --bun drizzle-kit migrate",
16 | "migrate:staging": "bun --bun --env ENVIRONMENT=staging drizzle-kit migrate",
17 | "migrate:prod": "bun --bun --env ENVIRONMENT=prod drizzle-kit migrate",
18 | "push": "bun --bun drizzle-kit push",
19 | "push:staging": "bun --bun --env ENVIRONMENT=staging drizzle-kit push",
20 | "push:prod": "bun --bun --env ENVIRONMENT=prod drizzle-kit push",
21 | "studio": "bun --bun drizzle-kit studio",
22 | "studio:staging": "bun --bun --env ENVIRONMENT=staging drizzle-kit studio",
23 | "studio:prod": "bun --bun --env ENVIRONMENT=prod drizzle-kit studio",
24 | "seed": "bun scripts/seed.ts",
25 | "seed:staging": "bun --env ENVIRONMENT=staging scripts/seed.ts",
26 | "seed:prod": "bun --env ENVIRONMENT=prod scripts/seed.ts",
27 | "export": "bun scripts/export.ts",
28 | "export:staging": "bun --env ENVIRONMENT=staging scripts/export.ts",
29 | "export:prod": "bun --env ENVIRONMENT=prod scripts/export.ts",
30 | "introspect": "bun --bun drizzle-kit introspect",
31 | "up": "bun --bun drizzle-kit up",
32 | "check": "bun --bun drizzle-kit check",
33 | "drop": "bun --bun drizzle-kit drop",
34 | "typecheck": "tsc --noEmit"
35 | },
36 | "peerDependencies": {
37 | "drizzle-orm": "^0.45.0"
38 | },
39 | "devDependencies": {
40 | "@repo/typescript-config": "workspace:*",
41 | "@types/bun": "^1.3.3",
42 | "dotenv": "^17.2.3",
43 | "drizzle-kit": "^0.31.8",
44 | "drizzle-orm": "^0.45.0",
45 | "typescript": "~5.9.3"
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/apps/app/routes/(auth)/login.tsx:
--------------------------------------------------------------------------------
1 | import { LoginForm } from "@/components/auth/login-form";
2 | import { getSafeRedirectUrl } from "@/lib/auth-config";
3 | import { invalidateSession, sessionQueryOptions } from "@/lib/queries/session";
4 | import { useQueryClient } from "@tanstack/react-query";
5 | import {
6 | createFileRoute,
7 | isRedirect,
8 | redirect,
9 | useRouter,
10 | } from "@tanstack/react-router";
11 | import { z } from "zod";
12 |
13 | // Sanitize returnTo at parse time - consumers get a safe value or undefined
14 | const searchSchema = z.object({
15 | returnTo: z
16 | .string()
17 | .optional()
18 | .transform((val) => {
19 | const safe = getSafeRedirectUrl(val);
20 | return safe === "/" ? undefined : safe;
21 | })
22 | .catch(undefined),
23 | });
24 |
25 | export const Route = createFileRoute("/(auth)/login")({
26 | validateSearch: searchSchema,
27 | beforeLoad: async ({ context, search }) => {
28 | try {
29 | const session = await context.queryClient.fetchQuery(
30 | sessionQueryOptions(),
31 | );
32 |
33 | // Redirect authenticated users to their destination
34 | if (session?.user && session?.session) {
35 | throw redirect({ to: search.returnTo ?? "/" });
36 | }
37 | } catch (error) {
38 | // Re-throw redirects, show login form for fetch errors
39 | if (isRedirect(error)) throw error;
40 | }
41 | },
42 | component: LoginPage,
43 | });
44 |
45 | function LoginPage() {
46 | const router = useRouter();
47 | const queryClient = useQueryClient();
48 | const search = Route.useSearch();
49 |
50 | async function handleSuccess() {
51 | await invalidateSession(queryClient);
52 | await router.invalidate();
53 | await router.navigate({ to: search.returnTo ?? "/" });
54 | }
55 |
56 | return (
57 |
62 | );
63 | }
64 |
--------------------------------------------------------------------------------
/.env:
--------------------------------------------------------------------------------
1 | # Environment variables
2 | # https://vitejs.dev/guide/env-and-mode.html#env-files
3 | #
4 | # TIP: Feel free to personalize these settings in your `.env.local` file that
5 | # is not tracked by source control, giving you the liberty to tweak
6 | # settings in your local environment worry-free! Happy coding! 🚀
7 |
8 | # Web application settings
9 | APP_NAME=Acme Co.
10 | APP_ORIGIN=http://localhost:5173
11 | API_ORIGIN=http://localhost:8787
12 | ENVIRONMENT=development
13 | PORT=8787
14 |
15 | # Google Cloud
16 | # https://console.cloud.google.com/
17 | GOOGLE_CLOUD_PROJECT=kriasoft
18 | GOOGLE_CLOUD_REGION=us-central1
19 |
20 | # Database
21 | # https://console.neon.tech/
22 | DATABASE_URL=postgres://postgres:postgres@localhost:5432/example
23 |
24 | # Cloudflare Hyperdrive for local development
25 | # https://developers.cloudflare.com/hyperdrive/
26 | CLOUDFLARE_HYPERDRIVE_LOCAL_CONNECTION_STRING_HYPERDRIVE_CACHED=postgres://postgres:postgres@localhost:5432/example
27 | CLOUDFLARE_HYPERDRIVE_LOCAL_CONNECTION_STRING_HYPERDRIVE_DIRECT=postgres://postgres:postgres@localhost:5432/example
28 |
29 | # Better Auth
30 | # bunx @better-auth/cli@latest secret
31 | BETTER_AUTH_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
32 |
33 | # Google OAuth 2.0
34 | # https://console.cloud.google.com/apis/credentials
35 | GOOGLE_CLIENT_ID=xxxxx.apps.googleusercontent.com
36 | GOOGLE_CLIENT_SECRET=xxxxx
37 |
38 | # OpenAI
39 | # https://platform.openai.com/
40 | OPENAI_ORGANIZATION=xxxxx
41 | OPENAI_API_KEY=xxxxx
42 |
43 | # Cloudflare
44 | # https://dash.cloudflare.com/
45 | # https://developers.cloudflare.com/api/tokens/create
46 | CLOUDFLARE_ACCOUNT_ID=
47 | CLOUDFLARE_ZONE_ID=
48 | CLOUDFLARE_API_TOKEN=
49 |
50 | # Google Analytics (v4)
51 | # https://console.firebase.google.com/
52 | # https://firebase.google.com/docs/analytics/get-started?platform=web
53 | GA_MEASUREMENT_ID=G-XXXXXXXX
54 |
55 | # Resend
56 | # https://resend.com/api-keys
57 | RESEND_API_KEY=xxxxx
58 | RESEND_EMAIL_FROM=onboarding@resend.dev
59 |
60 | # Algolia Search
61 | # https://dashboard.algolia.com/account/api-keys/all
62 | ALGOLIA_APP_ID=xxxxx
63 | ALGOLIA_ADMIN_API_KEY=xxxxx
64 |
--------------------------------------------------------------------------------
/apps/api/routers/organization.ts:
--------------------------------------------------------------------------------
1 | import { z } from "zod";
2 | import { protectedProcedure, router } from "../lib/trpc.js";
3 |
4 | export const organizationRouter = router({
5 | list: protectedProcedure.query(() => {
6 | // TODO: Implement organization listing logic
7 | return {
8 | organizations: [],
9 | };
10 | }),
11 |
12 | create: protectedProcedure
13 | .input(
14 | z.object({
15 | name: z.string().min(1),
16 | description: z.string().optional(),
17 | }),
18 | )
19 | .mutation(({ input, ctx }) => {
20 | // TODO: Implement organization creation logic
21 | return {
22 | id: "org_" + Date.now(),
23 | name: input.name,
24 | description: input.description,
25 | ownerId: ctx.user.id,
26 | };
27 | }),
28 |
29 | update: protectedProcedure
30 | .input(
31 | z.object({
32 | id: z.string(),
33 | name: z.string().min(1).optional(),
34 | description: z.string().optional(),
35 | }),
36 | )
37 | .mutation(({ input }) => {
38 | // TODO: Implement organization update logic
39 | return {
40 | ...input,
41 | };
42 | }),
43 |
44 | delete: protectedProcedure
45 | .input(z.object({ id: z.string() }))
46 | .mutation(({ input }) => {
47 | // TODO: Implement organization deletion logic
48 | return { success: true, id: input.id };
49 | }),
50 |
51 | members: protectedProcedure
52 | .input(z.object({ organizationId: z.string() }))
53 | .query(() => {
54 | // TODO: Implement organization members listing
55 | return {
56 | members: [],
57 | };
58 | }),
59 |
60 | invite: protectedProcedure
61 | .input(
62 | z.object({
63 | organizationId: z.string(),
64 | email: z.email({ message: "Invalid email address" }),
65 | role: z.enum(["admin", "member"]).default("member"),
66 | }),
67 | )
68 | .mutation(() => {
69 | // TODO: Implement organization invite logic
70 | return {
71 | success: true,
72 | inviteId: "invite_" + Date.now(),
73 | };
74 | }),
75 | });
76 |
--------------------------------------------------------------------------------
/packages/ui/components/button.tsx:
--------------------------------------------------------------------------------
1 | import * as React from "react";
2 | import { Slot } from "@radix-ui/react-slot";
3 | import { cva, type VariantProps } from "class-variance-authority";
4 |
5 | import { cn } from "@/lib/utils";
6 |
7 | const buttonVariants = cva(
8 | "inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium transition-colors focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg]:size-4 [&_svg]:shrink-0",
9 | {
10 | variants: {
11 | variant: {
12 | default:
13 | "bg-primary text-primary-foreground shadow hover:bg-primary/90",
14 | destructive:
15 | "bg-destructive text-destructive-foreground shadow-sm hover:bg-destructive/90",
16 | outline:
17 | "border border-input bg-background shadow-sm hover:bg-accent hover:text-accent-foreground",
18 | secondary:
19 | "bg-secondary text-secondary-foreground shadow-sm hover:bg-secondary/80",
20 | ghost: "hover:bg-accent hover:text-accent-foreground",
21 | link: "text-primary underline-offset-4 hover:underline",
22 | },
23 | size: {
24 | default: "h-9 px-4 py-2",
25 | sm: "h-8 rounded-md px-3 text-xs",
26 | lg: "h-10 rounded-md px-8",
27 | icon: "h-9 w-9",
28 | },
29 | },
30 | defaultVariants: {
31 | variant: "default",
32 | size: "default",
33 | },
34 | },
35 | );
36 |
37 | export interface ButtonProps
38 | extends
39 | React.ButtonHTMLAttributes,
40 | VariantProps {
41 | asChild?: boolean;
42 | }
43 |
44 | const Button = React.forwardRef(
45 | ({ className, variant, size, asChild = false, ...props }, ref) => {
46 | const Comp = asChild ? Slot : "button";
47 | return (
48 |
53 | );
54 | },
55 | );
56 | Button.displayName = "Button";
57 |
58 | export { Button, buttonVariants };
59 |
--------------------------------------------------------------------------------
/docs/.vitepress/theme/components/GitHubStats.vue:
--------------------------------------------------------------------------------
1 |
2 |
40 |
41 |
42 |
73 |
--------------------------------------------------------------------------------
/apps/api/Dockerfile:
--------------------------------------------------------------------------------
1 | # Dockerfile for the tRPC API Server
2 | # docker build --tag api:latest -f ./apps/api/Dockerfile .
3 | # https://bun.com/guides/ecosystem/docker
4 | # https://docs.docker.com/guides/bun/containerize/
5 |
6 | FROM oven/bun:slim
7 |
8 | # Install dumb-init and jq for proper signal handling and JSON processing
9 | RUN apt-get update && apt-get install -y --no-install-recommends dumb-init jq && \
10 | rm -rf /var/lib/apt/lists/*
11 |
12 | # Set environment variables
13 | ENV NODE_ENV=production
14 |
15 | # Set working directory
16 | WORKDIR /usr/src/app
17 |
18 | # Copy package files for better layer caching
19 | COPY ./apps/api/package.json ./package.json
20 |
21 | # Remove workspace dependencies from package.json
22 | # Workspace dependencies like "workspace:*" or "workspace:^1.0.0" cannot be resolved
23 | # inside Docker since the workspace packages aren't available in the container context.
24 | # This jq command filters out any dependency where the version starts with "workspace:"
25 | # from both dependencies and devDependencies sections
26 | RUN jq '.dependencies |= with_entries(select(.value | startswith("workspace:") | not)) | \
27 | .devDependencies |= with_entries(select(.value | startswith("workspace:") | not))' \
28 | package.json > package.tmp.json && \
29 | mv package.tmp.json package.json
30 |
31 | # Install production dependencies only
32 | # Using --production flag to exclude devDependencies
33 | RUN bun install --production
34 |
35 | # Copy pre-built server files from dist directory
36 | # The build process should be done outside of Docker
37 | # Note: Run `bun --filter @repo/api build` before building the Docker image
38 | # This bundles all dependencies including workspace packages into dist/index.js
39 | COPY --chown=bun:bun ./apps/api/dist ./dist
40 |
41 | # Verify dist directory exists and has content
42 | RUN test -f ./dist/index.js || (echo "Error: dist/index.js not found" && exit 1)
43 |
44 | # Switch to non-root user
45 | USER bun
46 |
47 | # Expose the port your server runs on (default: 8080)
48 | EXPOSE 8080
49 |
50 | # Run the server using dumb-init for proper signal handling
51 | ENTRYPOINT ["/usr/bin/dumb-init", "--"]
52 | CMD ["bun", "dist/index.js"]
53 |
--------------------------------------------------------------------------------
/apps/api/lib/loaders.ts:
--------------------------------------------------------------------------------
1 | /**
2 | * Data loaders. Usage example:
3 | *
4 | * ```ts
5 | * protectedProcedure
6 | * .query(async ({ ctx }) => {
7 | * const user = await userById(ctx).load(ctx.session.userId);
8 | * ...
9 | * })
10 | * ```
11 | */
12 |
13 | import DataLoader from "dataloader";
14 | import { inArray } from "drizzle-orm";
15 | import { user } from "@repo/db/schema/user.js";
16 | import type { TRPCContext } from "./context";
17 |
18 | // The list of data loader keys to be used with the context cache
19 | // to avoid creating multiple instances of the same data loader.
20 | export const USER_BY_ID = Symbol("userById");
21 | export const USER_BY_EMAIL = Symbol("userByEmail");
22 |
23 | function createKeyMap(
24 | items: T[],
25 | keyField: K,
26 | ): Map {
27 | return new Map(items.map((item) => [item[keyField], item]));
28 | }
29 |
30 | export function userById(ctx: TRPCContext) {
31 | if (!ctx.cache.has(USER_BY_ID)) {
32 | const loader = new DataLoader(async (userIds: readonly string[]) => {
33 | if (userIds.length === 0) return [];
34 |
35 | const users = await ctx.db
36 | .select()
37 | .from(user)
38 | .where(inArray(user.id, [...userIds]));
39 | const userMap = createKeyMap(users, "id");
40 | return userIds.map((id) => userMap.get(id) || null);
41 | });
42 | ctx.cache.set(USER_BY_ID, loader);
43 | }
44 | return ctx.cache.get(USER_BY_ID) as DataLoader<
45 | string,
46 | typeof user.$inferSelect | null
47 | >;
48 | }
49 |
50 | export function userByEmail(ctx: TRPCContext) {
51 | if (!ctx.cache.has(USER_BY_EMAIL)) {
52 | const loader = new DataLoader(async (emails: readonly string[]) => {
53 | if (emails.length === 0) return [];
54 |
55 | const users = await ctx.db
56 | .select()
57 | .from(user)
58 | .where(inArray(user.email, [...emails]));
59 | const userMap = createKeyMap(users, "email");
60 | return emails.map((email) => userMap.get(email) || null);
61 | });
62 | ctx.cache.set(USER_BY_EMAIL, loader);
63 | }
64 | return ctx.cache.get(USER_BY_EMAIL) as DataLoader<
65 | string,
66 | typeof user.$inferSelect | null
67 | >;
68 | }
69 |
--------------------------------------------------------------------------------
/packages/ui/components/card.tsx:
--------------------------------------------------------------------------------
1 | import * as React from "react";
2 |
3 | import { cn } from "@/lib/utils";
4 |
5 | const Card = React.forwardRef<
6 | HTMLDivElement,
7 | React.HTMLAttributes
8 | >(({ className, ...props }, ref) => (
9 |
17 | ));
18 | Card.displayName = "Card";
19 |
20 | const CardHeader = React.forwardRef<
21 | HTMLDivElement,
22 | React.HTMLAttributes
23 | >(({ className, ...props }, ref) => (
24 |
29 | ));
30 | CardHeader.displayName = "CardHeader";
31 |
32 | const CardTitle = React.forwardRef<
33 | HTMLDivElement,
34 | React.HTMLAttributes
35 | >(({ className, ...props }, ref) => (
36 |
41 | ));
42 | CardTitle.displayName = "CardTitle";
43 |
44 | const CardDescription = React.forwardRef<
45 | HTMLDivElement,
46 | React.HTMLAttributes
47 | >(({ className, ...props }, ref) => (
48 |
53 | ));
54 | CardDescription.displayName = "CardDescription";
55 |
56 | const CardContent = React.forwardRef<
57 | HTMLDivElement,
58 | React.HTMLAttributes
59 | >(({ className, ...props }, ref) => (
60 |
61 | ));
62 | CardContent.displayName = "CardContent";
63 |
64 | const CardFooter = React.forwardRef<
65 | HTMLDivElement,
66 | React.HTMLAttributes
67 | >(({ className, ...props }, ref) => (
68 |
73 | ));
74 | CardFooter.displayName = "CardFooter";
75 |
76 | export {
77 | Card,
78 | CardHeader,
79 | CardFooter,
80 | CardTitle,
81 | CardDescription,
82 | CardContent,
83 | };
84 |
--------------------------------------------------------------------------------
/apps/app/components/user-menu.tsx:
--------------------------------------------------------------------------------
1 | import { signOut, useSessionQuery } from "@/lib/queries/session";
2 | import { Avatar, AvatarFallback, Button } from "@repo/ui";
3 | import { useQueryClient } from "@tanstack/react-query";
4 | import { LogOut, RefreshCw, User } from "lucide-react";
5 |
6 | /**
7 | * Example component showing how to use session query
8 | * with loading states and error handling
9 | */
10 | export function UserMenu() {
11 | const queryClient = useQueryClient();
12 | const { data: session, isPending, error, refetch } = useSessionQuery();
13 |
14 | if (isPending) {
15 | return (
16 |
22 | );
23 | }
24 |
25 | if (error) {
26 | return (
27 |
28 | Failed to load session
29 |
38 |
39 | );
40 | }
41 |
42 | const user = session?.user;
43 |
44 | if (!user) {
45 | return null;
46 | }
47 |
48 | return (
49 |
50 |
51 |
52 |
53 | {user.name?.[0]?.toUpperCase() || }
54 |
55 |
56 |
57 |
{user.name || "User"}
58 |
{user.email}
59 |
60 |
68 |
69 |