A decoupled Nuxt 4 + NestJS starter with structural multi-tenancy, hardened auth, and a Stripe webhook that does the three hard things right — verified by a real test suite and CI, not a README promise.
Start writing your product on day one — not week two's auth-tenancy-billing rebuild.
Not a where clause you must remember. A Prisma extension detects tenant-scoped models and forces tenantId onto every read and write — filters merged on finds, cross-tenant updates that simply can't match a row. Add a model with a tenantId column and it's isolated the moment you declare it.
Signature verified against the raw body. Idempotent on the event ID in Redis, so retries never double-fulfill. Server-authoritative — amounts re-verified, never trusted from the payload. The place sloppy kits quietly lose money.
JWT with refresh-token rotation (fail-closed), Google OAuth, role-based permissions with deny-by-default, CSRF protection, password reset. An admin shell in Nuxt 4 with route middleware already wired.
Every env var validated at boot. Feature flags flip their own secrets from optional to required — you can't half-enable billing or email and find out in production.
Money as Decimal, never Float. Deliberate cascade-vs-set-null rules, snapshot-on-write for immutable history, idempotent enum migrations. Copy the patterns for your own models.
docker compose up boots Postgres 17, Redis, MinIO, the API, SSR, and Nginx — migrated, seeded, and ready to log into. BullMQ jobs, magic-byte upload validation, structured logs with secret redaction, health checks.
Reviewed like a hostile buyer: fresh clone, README only, no mercy. It did not all pass. Here's what the hardening found and fixed — because a kit that hides its history will hide its bugs.
A test script with no test configuration — the suite couldn't even run. Now: 25 tests over tenant isolation, webhook idempotency, auth, and permissions — including the failure paths, because "denies when it should" matters more.
✓ fixed — npm test green from a clean installFour separate bugs on the happy path: in-container hosts pointing at localhost, a dev command the entrypoint ignored, env values silently corrupted by trailing comments, and an SSR self-fetch loop that ended in an out-of-memory 504.
✓ fixed — docker compose up boots clone → working admin loginThe seed created the default tenant but no user — a login page with no account behind it. Now a dev admin is seeded (and refuses to seed in production).
✓ fixed — seeded login verified with a real 201The new end-to-end harness — real Postgres and Redis via Testcontainers — immediately caught an async tenant-context slip: a scoped query resolving after its context had exited. Exactly the failure the architecture exists to prevent, caught before any buyer could meet it.
✓ e2e 3/3 · CI runs it on every pull requestThis is plumbing, not a finished product. The frontend is an admin shell and login — there are no marketing pages or pre-built UI themes.
Billing is wired and secured, not designed. The webhook, idempotency, and security baseline are done; your plans and checkout UI are yours to build.
It's opinionated. Decoupled API + SSR frontend, TypeScript everywhere, PostgreSQL, Node 24. If you want a one-folder monolith, this isn't it — and that's the point.
One-time payment. The full repository, every pattern, all future v1.x updates.
// Payments handled by a merchant of record — VAT sorted at checkout. You may not resell or republish the template itself as a starter kit. Full terms in the license.
Because real products grow a mobile client, background jobs, a team touching the API, or a second frontend — and then the monolith becomes the thing you tear apart. NuxtForge starts decoupled: a NestJS API anything can point at, and a Nuxt 4 SSR frontend as its first consumer.
No. Everything runs against one default tenant and the isolation machinery stays invisible. If you ever go multi-tenant, the hard part is already done.
Unit/integration: tenant isolation injection, webhook signature rejection and idempotency, password hashing, permission checks — including failure paths. End-to-end (real Postgres + Redis via Testcontainers): a full auth round-trip, cross-tenant reads blocked at the database, webhook replay ignored. CI runs the full set on every pull request. The docs state precisely what's automated and what's manual — no inflated claims.
Docker and Node 24. docker compose up boots the entire stack — database, Redis, storage, API, SSR, proxy — migrated, seeded, ready to log into. Verified from a fresh clone.
It's source code — once delivered it can't be returned, so all sales are final. That's exactly why the quickstart, the test logs, and this page tell you precisely what's inside and what isn't before you pay.