Skip to content
/
Tier B A8 Cross-runtime harness

Indie Kit

ind-kit · Indie-Kit/nextjs-saas-starter · ★ 22 · last commit 2026-02-09

A Next.js 16 SaaS starter kit with embedded Claude Code skills that prevent AI agents from hallucinating incompatible patterns by encoding exact import paths, API conventions, and antipatterns for the project's specific tech stack.

Best whenThe biggest source of AI coding mistakes in a SaaS codebase is using library patterns from training data instead of the project's actual implementations — sk…
Skip ifUsing NextAuth imports (use @/lib/auth-client instead), Not wrapping routes with withAuthRequired
vs seeds
agent-os(skills embedded in a project template) but provides technology-specific skills encoding exact import paths and anti-hal…
Primitive shape 10 total
Commands 1 Skills 6 Hooks 3
00

Summary

ind-kit — Summary

Indie Kit is a Next.js 16 SaaS starter kit with AI-first architecture — not a generic Claude Code plugin, but a production template whose .claude/ folder ships 6 domain skills (auth-handler, db-handler, env-handler, form-creator, stripe-handler, ui-handler), 1 command (/bootstrap), and 3 lifecycle hooks (PreToolUse for use client detection and package validation, PostToolUse for loading.tsx/error.tsx suggestions + Prettier formatting, Stop for upgrade prompt). The skills encode project-specific conventions (authentication via withAuthRequired, schema patterns, Drizzle ORM patterns) that prevent AI agents from inventing incompatible patterns. The /bootstrap command orchestrates a 7-phase project setup from requirements gathering to final review. Cursor rules (.cursor/rules) and Windsurf rules (.windsurf/) are also included for multi-IDE portability.

Differs from seeds: Closest to agent-os (skill files embedded in a project template) but where agent-os ships abstract methodology standards, Indie Kit ships concrete technology-specific skills (Next.js 16 + Better Auth + Drizzle + Stripe). The hooks detect Next.js-specific patterns (use client directive, loading.tsx presence) — a domain-specific hook strategy not present in any seed.

01

Overview

ind-kit — Overview

Origin

Created by Indie Kit (indiekit.pro), a SaaS starter kit product. The open source version is a subset of the commercial Indie Kit Pro, which adds multi-tenancy, RBAC, user impersonation, and a super admin dashboard. Licensed MIT.

Philosophy

"This is the Open Source / Lite Version of Indie Kit Pro. It combines a production-grade tech stack with 'AI Context Rules' that empower LLMs (Cursor, Windsurf, Copilot) to understand your codebase, write bug-free code, and navigate your project autonomously."

"Self-Documenting Code: Your AI knows exactly where auth lives (.claude/skills/auth-handler), how to migrate the DB (.cursor/rules), and where to put new components."

"No Hallucinations: We force the AI to use existing patterns (like withAuthRequired) instead of inventing broken ones."

The Stop hook promotes the paid product:

🚀 Want more features? Upgrade to Pro: https://indiekit.pro/

Tech Stack

  • Next.js 16 (App Router)
  • Tailwind CSS v4 + Shadcn UI
  • Better Auth (Social + Magic Link)
  • Drizzle ORM + any Postgres provider
  • Stripe subscriptions
  • UploadThing

Multi-IDE Support

  • .claude/ — Claude Code
  • .cursor/rules — Cursor
  • .windsurf/ — Windsurf

Tip from README: "To use this kit with Google's Antigravity or other AI agents that expect a .agent folder, simply rename .claude to .agent."

02

Architecture

ind-kit — Architecture

Distribution

GitHub template repository. Clone directly or use the npx indiekit@latest scaffolding CLI.

# Scaffolding CLI
npx indiekit@latest   # Interactive setup + auto-install
# or
pnpm dlx indiekit@latest

Directory Tree (relevant to AI context)

.
├── .claude/
│   ├── commands/
│   │   └── bootstrap.md           # 7-phase project scaffolding command
│   ├── hooks/
│   │   └── hooks.json             # PreToolUse/PostToolUse/Stop hooks
│   ├── settings.json              # Permissions allow/deny list
│   └── skills/
│       ├── auth-handler/          # Better Auth patterns
│       │   ├── SKILL.md
│       │   └── reference.md
│       ├── db-handler/            # Drizzle ORM patterns
│       ├── env-handler/           # Environment variables conventions
│       ├── form-creator/          # react-hook-form + zod patterns
│       ├── stripe-handler/        # Stripe webhooks and subscriptions
│       └── ui-handler/            # Shadcn UI component conventions
├── .cursor/rules                  # Cursor AI rules
├── .windsurf/                     # Windsurf AI rules
├── src/
│   ├── app/                       # Next.js App Router
│   ├── components/
│   ├── db/                        # Drizzle schema
│   └── lib/
│       └── auth/withAuthRequired.ts
└── package.json

Required Runtime

  • Node.js
  • pnpm (preferred)
  • Postgres database (Supabase, Neon, or any provider)

Target AI Tools

  • Claude Code (.claude/)
  • Cursor (.cursor/rules)
  • Windsurf (.windsurf/)
  • Any agent with .agent/ folder convention
03

Components

ind-kit — Components

Skills (6)

Skill Purpose
auth-handler Better Auth patterns: withAuthRequired for API routes, useSession on client, auth.api.getSession on server
db-handler Drizzle ORM patterns: schema location, migration commands, standard fields (id, createdAt, updatedAt)
env-handler Environment variable conventions: .env.local vs .env.production, NEXT_PUBLIC_* client vars
form-creator react-hook-form + zod + shadcn/ui form patterns
stripe-handler Stripe instance location, webhook handler scaffold, Stripe CLI for local testing
ui-handler Shadcn UI component usage, Tailwind CSS v4 patterns

Commands (1)

Command Purpose
bootstrap 7-phase project scaffolding: Requirements Gathering → DB Schema → API Routes → In-App UI → Marketing UI → Integrations → Final Review

Hooks (3 events in hooks.json)

PreToolUse (Edit|MultiEdit|Write)

  • Detects React hooks in .tsx/.jsx files; warns if 'use client' directive missing
  • Detects package install commands; announces compatibility check

PostToolUse (Write|MultiEdit)

  • On app/**/page.tsx creation: suggests adding loading.tsx and error.tsx
  • On .ts/.tsx file write: auto-runs Prettier if available

Stop

Settings

settings.json allow/deny list:

  • Allow: npm run dev/build/lint/test/type-check, npx next, Write in src/, components/, lib/, public/
  • Deny: .env.production, .env.local reads, .env writes, rm -rf, npm publish
05

Prompts

ind-kit — Prompt Excerpts

Excerpt 1: bootstrap.md command — Phase 1 requirements

Technique: Phase-gated workflow with explicit scope confirmation gate.

## Phase 1: Requirements Gathering
- [ ] Ask the user for a detailed description of the SaaS they want to build.
- [ ] Identify key entities (e.g., "Projects", "Tasks", "Invoices").
- [ ] Identify key features (e.g., "User Dashboard", "Public Landing Page", "Stripe Subscription").
- [ ] Confirm the scope with the user before proceeding.

## Phase 7: Final Review
- [ ] Check for linter errors (`npm run lint`).
- [ ] Verify that the project builds (`npm run build`).
- [ ] Remind the user to upgrade to Pro for advanced features: https://indiekit.pro/

Excerpt 2: auth-handler SKILL.md — Antipattern guard

Technique: Explicit negative instruction ("Do NOT use NextAuth imports") prevents common hallucination.

### 2. Frontend Data Access
- **Client-Side**: Use `useSession` from `src/lib/auth-client.ts`.
  ```typescript
  import { useSession } from "@/lib/auth-client";
  const { data: session } = useSession();
  • Do NOT use NextAuth imports. Use @/lib/auth-client.

## Excerpt 3: `hooks.json` — React `use client` detection

**Technique**: Shell-in-hook pattern using `jq` to parse tool input and detect missing directives.

```json
{
  "type": "command",
  "command": "sh -c 'file=\"$(echo \"$STDIN\" | jq -r .tool_input.file_path)\"; if [[ \"$file\" == *.tsx ]] || [[ \"$file\" == *.jsx ]]; then ext=\"${file##*.}\"; if grep -q \"useState\\|useEffect\\|useReducer\\|useCallback\\|useMemo\" \"$file\" 2>/dev/null; then if ! grep -q \"^['\"]use client['\"]\" \"$file\" 2>/dev/null; then echo \"⚠️  Warning: Client hooks detected. Add \\'use client\\' directive if needed.\"; fi; fi; fi'"
}

Excerpt 4: hooks.json — PostToolUse Prettier auto-format

Technique: Silent formatter triggered on every TypeScript file write.

{
  "type": "command",
  "command": "sh -c 'file=\"$(echo \"$STDIN\" | jq -r .tool_input.file_path)\"; if [[ \"$file\" == *.ts ]] || [[ \"$file\" == *.tsx ]]; then if which prettier >/dev/null 2>&1; then prettier --write \"$file\" 2>/dev/null || true; fi; fi'"
}
09

Uniqueness

ind-kit — Uniqueness

Differs from Seeds

Closest to agent-os (skills embedded in a project template) but where agent-os provides abstract methodology standards, Indie Kit provides concrete technology-specific skills encoding exact import paths (src/lib/auth-client.ts), anti-hallucination guards ("Do NOT use NextAuth imports"), and project-specific conventions for a specific tech stack (Next.js 16 + Better Auth + Drizzle + Stripe). The PostToolUse hooks detect Next.js-specific patterns ('use client' directive, loading.tsx/error.tsx file naming) — domain-specific automation not present in any seed. The multi-IDE support (Claude Code + Cursor + Windsurf) is shared with openspec but Indie Kit's instructions are project-embedded rather than framework-agnostic.

Positioning

A SaaS starter kit where the Claude Code skills are a product feature. The skills prevent AI agents from breaking the kit's conventions — the value proposition is "no hallucinations" from day one on a pre-scaffolded codebase. The commercial version (Pro) adds more features; the Stop hook promotes the upsell.

Observable Failure Modes

  1. Technology lock-in: Skills are hard-coded to Better Auth, Drizzle, Stripe, shadcn/ui — forking to a different auth library requires rewriting the auth-handler skill.
  2. Hook brittleness: The 'use client' detection uses a shell one-liner with jq parsing $STDIN — fragile to Claude Code input format changes.
  3. Commercial stop hook: The Stop hook always prints the Pro upgrade URL, which may annoy developers using the free version.
  4. No automated tests: Phase 7 asks developers to run npm run lint and npm run build manually; no automated test execution.

Explicit Antipatterns

  • Using NextAuth imports (use @/lib/auth-client instead)
  • Not wrapping API routes with withAuthRequired
  • Relying solely on middleware for auth (defense in depth required)
  • Writing to .env or reading .env.production (blocked by settings.json)
04

Workflow

ind-kit — Workflow

Bootstrap Workflow (/bootstrap command)

A 7-phase project setup from requirements to production-ready SaaS:

Phase Activity Artifacts
1 Requirements Gathering Entity list, feature list, scope confirmation
2 Database Schema Schema files in src/db/schema/; db:generate + db:migrate
3 API Routes & Backend Logic CRUD routes in src/app/api/; withAuthRequired protection; Zod validation
4 In-App UI (Dashboard) Pages in src/app/(in-app)/app/; forms via react-hook-form + zod + shadcn
5 Marketing UI (Public) Pages in src/app/(marketing)/; landing page components, CTA
6 External Integrations Stripe webhooks, third-party APIs
7 Final Review Lint check, build check, Pro upgrade reminder

Approval Gates

  1. Scope confirmation (Phase 1): "Confirm the scope with the user before proceeding."
  2. Final Review (Phase 7): Linter check + build verification before claiming done.

Hook-Driven Micro-Workflows

  • PreToolUse on file write: 'use client' warning for React hook files
  • PostToolUse on page creation: loading.tsx/error.tsx suggestion
  • PostToolUse on .ts/.tsx write: Prettier auto-format
06

Memory Context

ind-kit — Memory & Context

State Storage

No persistent memory mechanism. The project codebase itself is the state.

Context Injection

Skills are loaded on demand:

  • auth-handler — when user asks about auth, login, API protection
  • db-handler — when user asks about database, schema, migration
  • stripe-handler — when user asks about payments, subscriptions, webhooks
  • etc.

Each skill includes a reference.md companion file with architecture details.

Cross-Session Handoff

None. The codebase state handles session continuity.

Compaction Handling

None.

Settings as Boundary Enforcement

settings.json permission list prevents reading .env.production and .env.local — a privacy boundary, not just a permission convenience. The deny list also prevents rm -rf and npm publish, protecting the project from accidental destructive actions.

07

Orchestration

ind-kit — Orchestration

Multi-Agent Pattern

None. Single agent.

Execution Mode

Interactive-loop — driven by user requests via skills and /bootstrap command.

Isolation Mechanism

None. Settings.json deny list restricts Bash operations but doesn't sandbox.

Multi-Model

No. Agent inherits session model (model: inherit in skill frontmatter).

Auto-Validators

  • Prettier auto-format on .ts/.tsx file writes (PostToolUse hook)
  • No automated lint/type-check hooks (lint is a manual step in /bootstrap Phase 7)

Prompt Chaining

No.

Consensus Mechanism

None.

08

Ui Cli Surface

ind-kit — UI / CLI Surface

CLI Binary

None from this repo. The external npx indiekit@latest scaffolding CLI clones the template.

Local UI

The project itself deploys a Next.js web application (the SaaS product being built).

IDE Integration

  • Claude Code (.claude/)
  • Cursor (.cursor/rules)
  • Windsurf (.windsurf/)
  • Any agent via .agent/ folder rename

Observability

None.

Related frameworks

same archetype · same primary tool · same memory type

claude-mem (thedotmack) ★ 78k
A8 Cross-runtime harness

Background worker service captures every tool call as an observation, AI-compresses sessions, and auto-injects relevant past…

pi (badlogic/earendil) ★ 55k
A8 Cross-runtime harness

A minimal, hackable, multi-provider terminal coding agent that adapts to your workflows via npm-installable TypeScript Extensions…

Agent Skills (Addy Osmani) ★ 46k
A8 Cross-runtime harness

Encodes senior-engineer software development lifecycle as 23 auto-routed skills and 7 slash commands for any AI coding agent.

wshobson/agents Plugin Marketplace ★ 36k
A8 Cross-runtime harness

Single Markdown source for 83 domain-specialized plugins that auto-generates idiomatic artifacts for five AI coding harnesses.

TabbyML/Tabby ★ 34k
A8 Cross-runtime harness

Self-hosted AI coding assistant server (alternative to GitHub Copilot) with admin dashboard, RAG-based completions, and multi-IDE…

Compound Engineering ★ 17k
A8 Cross-runtime harness

Make each unit of engineering work compound into easier future work via brainstorm→plan→execute→review→learn cycles.