A production-grade TypeScript SaaS starter built for Domain-Driven Design.
One command. Bun pulls every workspace dep, Prisma generates the client.
Plop scaffolds domain, application, infrastructure — wired into the DI container.
Docker image builds with `bun run build`. Deploy to Fly, Render, your VPS.
BetterAuth + argon2id, sessions, OAuth, magic-link, TOTP 2FA with backup codes, rate limits per IP and email.
Org workspaces, RBAC, member invitations, API keys per tenant, platform-admin impersonation with HMAC cookies.
IPaymentProvider port with Stripe, MercadoPago, Polar.sh adapters. Customer portal, webhook-driven read model.
HMAC-signed deliveries via BullMQ + Redis. Exponential-backoff retries, dead-letter queue, signature helper.
Cookie consent banner, 30-day-grace account deletion, async data export to S3, audit-log anonymization.
Vercel AI SDK + Anthropic adapter, streaming chat completions, drop-in for your own agent or RAG flow.
STACK
No exotic vendor lock-in. Standard, boring, battle-tested infrastructure — wired together so you don't have to.
BY THE NUMBERS
What you get on day one of cloning the repo.
01 — IDENTITY
Email + password, OAuth, magic-link, TOTP 2FA, password reset, GDPR delete — pre-wired with sane defaults and rate limits the day you clone.
import { iam } from '@app/iam'; const session = await iam.signIn({email,password,totp: code, // throws on invalid 2FA}); // session is an HMAC-signed httpOnly cookie// rate-limited per IP and per email02 — REVENUE
Three payment providers behind one port. Customer portal, signed webhooks in, signed webhooks out — the whole loop.
POST /billing/checkout returns the provider-hosted URL.
HMAC-verified, idempotent, persists to your read model.
One-line redirect to the provider-hosted customer portal.
03 — TENANCY
Workspaces, members, roles, invitations, API keys per tenant. The B2B primitives every paying customer asks for in week two.
04 — RELIABILITY
Tracing, errors, structured logs, readiness probes, background jobs on real Redis. The boring infra that pages someone if you skip it.
05 — AI
Streaming chat over SSE on Express, tool use, structured output, per-tenant token budgets, RAG, and an MCP server scaffold.
import { ai } from '@app/ai'; const stream = await ai.streamText({model: 'claude-opus-4-7',messages,tools: { listUsers, search },maxTokens: 4096, // per-org budget enforced}); return stream.toResponse(); // SSE, typedARCHITECTURE
Four layers, one rule: dependencies point inward. ESLint enforces it on every commit — there is no "oops, I imported Express in domain".
domain/ cannot import express, @prisma/client, or anything from application/, infrastructure/, interfaces/. ESLint flat config enforces this.
BUILT FOR AGENTS
AGENT.md per bounded context. Plop generators that scaffold the full layer stack. OpenAPI typed contracts. Predictable file naming. Your AI pair-programmer doesn't hallucinate when the conventions are this consistent.
$ bun run plop endpoint
? Module name: notifications
? Endpoint name: send
? Method: POST
✓ application/use-cases/send.use-case.ts
✓ application/dto/send.dto.ts
✓ interfaces/http/send.controller.ts
✓ interfaces/http/send.schema.ts
✓ application/use-cases/send.use-case.spec.ts
$ bun run generate:api
✓ OpenAPI regenerated · 47 routes typedType-safe end-to-end. DDD bounded contexts. AI-streaming endpoints. 459 challenging tests.
UseDeploy is the production-grade foundation for the next generation of TypeScript SaaS applications.
TESTING
Domain unit tests, integration tests over a real Postgres + Redis, end-to-end tests over a real browser. The CI pipeline runs all of them on every commit.
INTERNATIONALIZATION
next-intl with typed messages. Fumadocs i18n with dot-parser locale files. EN/ES/PT in the product AND in the docs site, missing-key fallbacks handled.
Clone the repo, install deps, run the dev server.
t('onboarding.start')Cloná el repo, instalá deps, corré el dev server.
t('onboarding.start')Clone o repo, instale deps, rode o dev server.
t('onboarding.start')DEPLOY ANYWHERE
No platform lock-in. The Dockerfile is the source of truth — every target builds from the same image.
docker-compose for local + prod. Multi-stage Bun build, non-root, healthcheck.
One-click deploy with railway.toml at root + apps/client. Postgres + Redis as managed plugins.
Use Supabase Postgres + Auth as drop-in replacements. Schema and seeds compatible.
systemd units, Caddy reverse proxy, GitHub Actions CD. Self-host friendly.
From AGENT.md conventions to branded ID types and Plop generators. UseDeploy is structured so Claude Code and Cursor can navigate, reason, and refactor without hallucinating.
Repo ships with CLAUDE.md and AGENT.md files documenting bounded contexts, conventions, forbidden patterns, and the WHY of each architectural choice. Drop in your own assistant config and ship.
Read the docs1 ## DDD layering (enforced by ESLint)
2
3 Each module under apps/server/src/modules/<ctx>/:
4
5 domain/ # entities, VOs — no I/O
6 application/ # use cases, ports, DTOs
7 infrastructure/ # Prisma repos, adapters
8 interfaces/http/ # Express controllers, Zod
9
10 domain/ cannot import express,
11 @prisma/client, or anything from
12 application/infrastructure/interfaces/.
13
14 ESLint flat configs enforce this.VS THE FREE STARTERS
create-t3-app gives you a typed Next app and an OAuth login. The day you need invoices, invitations, or background jobs, you're shopping for the next 6 weeks of integration work.
| Feature | useDeploy | create-t3-app | ShipFast | Makerkit |
|---|---|---|---|---|
| Email + password + 2FA + magic-link | ✓ | OAuth only | ✓ | ✓ |
| Multi-tenant orgs + invitations + API keys | ✓ | — | — | partial |
| RBAC with typed permissions | ✓ | — | — | — |
| Billing — multiple providers | 3 (Polar/Stripe/MP) | — | Stripe | Stripe |
| Background jobs (BullMQ + real Redis) | ✓ | — | — | — |
| Observability (OTel + Sentry + /metrics) | ✓ | — | — | — |
| Outbound webhooks (HMAC + retries) | ✓ | — | — | — |
| i18n (EN + ES + PT, typed) | ✓ | — | — | — |
| DDD layering enforced by ESLint | ✓ | — | — | — |
| Docs site scaffolded (Fumadocs) | ✓ | — | — | — |
Built with the tools you already trust
Saved us two months on the auth + billing layer alone. The DDD structure paid for itself the first time we onboarded a new engineer.
The webhooks-in/webhooks-out + outgoing HMAC stack alone is worth the price. Dropped it in over a weekend, shipped a B2B integration the next.
Claude Code reads the AGENT.md and just gets it. No more re-explaining the architecture every session. This is what AI-native should mean.
One payment covers the source, the docs, and 459 tests. No subscriptions, no license keys, no telemetry.
Pricing GuideFAQ
Yes. 14 days, no questions asked, no "can you tell us why" form. We'd rather you walk than stay with a tool that doesn't fit.
Yes. You get the full Git repo, MIT-licensed for commercial use within your projects. No obfuscation, no licence keys, no telemetry phoning home.
Bun runtime, Express server, Prisma + Postgres, Next.js client, BetterAuth, Polar/Stripe/MercadoPago billing, BullMQ + Redis, OpenTelemetry + Sentry + Pino, S3-compatible storage, Vercel AI SDK + Anthropic. Standard, boring, well-supported.
First commit pushed in one evening. Real auth + org + first paying customer in a weekend. Full SaaS with custom domain in a week.
459 of them. Domain unit tests, integration tests over a real Postgres + Redis, e2e tests over a real browser. CI runs all of them on every commit. No mocks in CI.
Yes, the licence covers unlimited projects and commercial use. Use it for your own SaaS, your client's SaaS, or both.
Lifetime updates on the $50 tier. Every release ships to your repo via the sync tool — selective overwrite, never destroys your business code.
MAINTAINER
UseDeploy is built and maintained by Martin Coll — full-stack engineer, founder, and operator. Every line ships from one keyboard, with the agentic feedback loop turned on. No committee, no Discord cargo cult — just a maker who has shipped a SaaS before.