2026 edition Production-ready Polished from 13+ yrs of dev

Ship the SaaS.
Skip the scaffolding.

A multi-tenant Django + Next.js boilerplate. Auth, billing, roles, Stripe, i18n — already wired. Buy once, ship every SaaS idea you have for the rest of your career.

Buy LaunchKit — from $249 See what's inside →
Backend tests
100
Security audit
22 closed
i18n coverage
100%
License
projects
~/launchkit · zsh 
$ git clone [email protected]:you/launchkit.git my-saas
Cloning into 'my-saas'...
$ cd my-saas && cp .env.example .env
$ docker compose up -d && python manage.py seed_demo
[+] Running 4/4 — postgres, redis, api, worker
[seed] 1 demo tenant, 3 plans, 12 members, 5 tickets
$ open http://localhost:3000
→ Dashboard live. Stripe wired. Time to ship features.

Production-grade stack — already wired

Django
PostgreSQL
Redis
Stripe
Cloudflare
Next.js
TypeScript
JavaScript
Tailwind CSS
shadcn/ui
Sentry
GitHub Actions
Django
PostgreSQL
Redis
Stripe
Cloudflare
Next.js
TypeScript
JavaScript
Tailwind CSS
shadcn/ui
Sentry
GitHub Actions
01 / Inside

24 screens. Audited end-to-end.

app.launchasaas.dev/dashboard
Auth · Sign in
Settings · Members
Settings · Subscription
  • 08 Auth screens
  • 03 Onboarding steps
  • 10 Settings pages
  • 03 Billing flows
02 / Problem

You've built this exact thing four times already.

Three weeks of plumbing before a single feature line lands. Skip it.

  1. W1

    Auth · JWT refresh · Password reset · Email verify · 2FA · Google OAuth

  2. W2

    Tenants · Roles · Member invites · Permission system with wildcards

  3. W3

    Stripe · Plans · Addons · Webhooks · Idempotency · Past-due grace

  4. W4

    i18n · Audit logs · Rate limits · Error pages · Tests · CI · …

03 / What you get

Everything between "idea" and "I'll take a credit card."

Not a starter template. Not a tutorial with TODOs. Full backend + frontend, audited end-to-end, every unsexy part already done — and tested.

  • Backend

    Django 5.2
    • Django REST Framework 3.16
    • PostgreSQL with multi-tenant scoping
    • Celery + Redis for async jobs
    • django-auditlog on sensitive models
    • pytest + factory-boy + 100 tests
    01 / 06 5 items

  • Frontend

    Next.js 16
    • React 19 with React Compiler
    • NextAuth (credentials + Google OAuth)
    • TanStack Query + custom useFetch hook
    • Tailwind v4 + shadcn/ui
    • next-intl (EN + ES, 100% covered)
    02 / 06 5 items

  • Billing

    Stripe
    • Plans · Addons · Prepaid credits
    • Idempotent webhook handlers
    • Customer portal · Invoices · VAT
    • Trial + past-due grace period
    • Tested against race conditions
    03 / 06 5 items

  • Auth

    4 methods
    • JWT with rotation + blacklist
    • Email/password with verification
    • Google OAuth
    • Email codes (AuthCode model)
    • TOTP (pyotp) for 2FA
    04 / 06 5 items

  • Tooling

    CI included
    • GitHub Actions: lint + tests
    • Dependabot weekly bumps
    • Pre-commit hooks (ruff + eslint)
    • Sentry hooks · structured JSON logs
    • Docker compose for local dev
    05 / 06 5 items

  • Developer XP

    AI-ready
    • CLAUDE.md architecture maps
    • 5 Cursor skills (permissions, Stripe, …)
    • OpenAPI export · Postman collection
    • Demo seed + email previewer
    • CHANGELOG with migration notes
    06 / 06 5 items
04 — 06 / Deep dive

Three of the parts most boilerplates get wrong.

04 Multi-tenant

Tenant isolation that's impossible to forget.

Every request gets a TenantMiddleware-resolved tenant. ViewSets auto-scope queries. New models inherit TenantOwnedModel. You literally have to opt out of tenancy, not opt in.

  • TenantMiddleware sets request.tenant on every hit
  • TenantViewSetMixin auto-filters querysets
  • Wildcard permissions: *.* · app.* · app.resource.*
  • Cache-invalidating permission revocations
python 
# apps/your_feature/views.py
class InvoiceViewSet(
    TenantViewSetMixin,        # auto-scopes by request.tenant
    TenantPermissionMixin,     # checks app.resource.action
    SubscriptionLimitMixin,    # enforces plan quotas
    viewsets.ModelViewSet,
):
    serializer_class = InvoiceSerializer
    queryset = Invoice.objects.all()
 
# That's it. 5 lines. Multi-tenant + RBAC + plan-gated.
05 Stripe billing

Stripe done the way it should be done.

Idempotent webhook handlers backed by a StripeEvent table. Credit purchases dedup on payment_intent_id. CreditBalance updates run inside select_for_update() — race conditions caught and tested.

  • Plans, addons, and prepaid credits — all wired
  • Idempotent webhooks (StripeEvent + payment_intent dedup)
  • select_for_update() on credit balance mutations
  • Past-due grace period · auto-cancellation safety net
python 
# apps/subscriptions/tasks.py
@shared_task
def handle_credit_purchase_completed(event_id, session):
    with transaction.atomic():
        balance = CreditBalance.objects.select_for_update()
            .get_or_create(tenant=tenant)[0]
 
        # Re-check inside the lock — Celery may retry.
        if already_processed(payment_intent_id):
            return  # idempotent. nothing to do.
 
        balance.deposit(amount, metadata={...})
06 Auth + 2FA

Auth that's been audited, not assembled.

JWT with rotation and blacklist. 2FA via email codes or TOTP. Google OAuth. Per-user lockouts after N failures. We closed 22 security findings before launch — the regressions are pinned by tests.

  • cryptographically secure 6-digit codes (secrets.randbelow)
  • Login lockout: 5 attempts / 15 min (configurable)
  • Invitation tokens use a separate signing key
  • 16 regression tests — one per closed security finding
python 
# apps/users/tests/test_security_regressions.py
def test_email_field_is_read_only_on_profile_patch(api):
    # Closes account-takeover via PATCH /auth/user/
    response = api.patch("/auth/user/", {"email": "[email protected]"})
    assert response.status_code == 200
    assert User.objects.get().email != "[email protected]"
 
# 16 of these. Every audit finding has its own test.
07 / AI-ready Built for AI agents

Built so your AI agent can ship the next feature.

CLAUDE.md maps every load-bearing pattern. Five skill recipes cover the domains agents (and humans) most often break. Works with any LLM-backed assistant.

  • /launchkit-permissions How to add a new permission, register it in the catalog, and run update_default_roles.
  • /launchkit-stripe-webhook Idempotency rules, dedup on payment_intent_id, transaction.atomic + select_for_update patterns.
  • /launchkit-add-app The full template for adding a new Django app with tenant scoping, ViewSet mixins and i18n.
  • /launchkit-i18n Backend gettext + frontend next-intl, with the auditor scripts that catch missing keys.
  • /launchkit-add-feature Frontend recipe: Server Component page → client component → API client → query keys → routes.
CLAUDE.md
read by your agent on every prompt 
# LaunchKit API — request pipeline

Every request flows through:

  1. JWTAuthenticationMiddleware → request.user
  2. TenantMiddleware            → request.tenant
  3. SubscriptionMiddleware      → 403 if expired
  4. TenantPermissionMixin       → app.resource.action
  5. ModuleAccessMixin           → entitlements
  6. SubscriptionLimitMixin      → quota check

## Things to verify before editing

— New URL prefix that bypasses tenant?
  Update both TENANT_MIDDLEWARE_EXCLUDED_PATHS
  and SUBSCRIPTION_EXEMPT_PATHS.

— New Celery webhook handler?
  Must be idempotent. Mark StripeEvent.processed=True.
  Must catch + retry. Capture to Sentry.
Works with
Any LLM coding agent
08 / The math

Buy vs. build vs. the other guy.

 
Option A LaunchKit
Option B Other boilerplate
Time to first dashboard
5 min
 2–3 days
Multi-tenant by default
Yes
 Maybe
Stripe webhook idempotency
Tested
 Hopeful
Permission system with wildcards
Yes
 Sometimes
Tests for the security audit
100 (incl. 16 regressions)
 Demo only
i18n (EN + ES, both stacks)
100% covered
 Frontend only
AI-agent docs (CLAUDE.md + skills)
Yes
 No
License
One-time, commercial
∞ projects on every tier
 Subscription

Three weeks of plumbing at a junior contractor's rate is roughly $4,800. Three weeks of your time is whatever opportunity cost you'd rather not put a number on.

09 / Pricing

One payment. Lifetime license.

Launch week — save up to $200

No subscriptions. No per-seat creep. Pay once, own the source, ship as many SaaS projects as you can dream up.

Standard
$249 $349

one-time · Unlimited projects · Use commercially

  • Django + Next.js · 100 tests · 22 audit findings closed
  • Multi-tenant, Stripe billing, RBAC, i18n (EN+ES) — wired
  • AI agent skills (CLAUDE.md ready)
  • Unlimited commercial projects · Use for client work
  • 1 year of updates · Email support
Buy Standard

Secure checkout · Repo access in 5 min

Best value
Lifetime
$499 $699

one-time · Unlimited projects · Use commercially

  • Everything in Standard, and:
  • Lifetime updates (every major version, forever)
  • Private Discord community (Lifetime-only)
  • Early access to new features
  • Vote on the roadmap
Buy Lifetime

Secure checkout · Repo access in 5 min

Secure checkout · Polar handles VAT
Instant repo access · clone & ship
Email me first · I read every reply
10 / FAQ

The honest answers.

Anything else? Email us directly — we read every message.

  • 01 What exactly do I get when I buy?
    Access to a private GitHub organization with two repositories: launchkit-api (Django + DRF) and launchkit-web (Next.js 16 + React 19). Plus the AI-agent skills, the CLAUDE.md files, the CI configuration, the test suites, and a CHANGELOG. Everything in the box — yours.
  • 02 Can I use it for commercial projects? Multiple projects?
    Yes — both tiers include unlimited commercial projects, including client work. The only thing you can't do is resell the boilerplate itself as your own boilerplate product.
  • 03 What's the difference between Standard and Lifetime?
    Both ship the same source code, both let you build unlimited projects. Standard gets 1 year of updates and email support. Lifetime gets updates forever, a private Discord channel reserved for Lifetime buyers, early access to new features, and a vote on the roadmap — best if you plan to keep building SaaS for years.
  • 04 Do I have to credit LaunchKit anywhere?
    No. Strip every reference to LaunchKit from the codebase. Rename every file. Use it however you want.
  • 05 How do updates work?
    Polar adds you to the private GitHub organization at checkout, so you have repo access in minutes. Pulling updates is a normal git fetch + merge. Each release ships with a CHANGELOG and migration notes when relevant. Standard buyers get 12 months of updates from the date of purchase; Lifetime buyers get them forever.
  • 06 What's the refund policy?
    Honest answer: once you've been added to the private GitHub organization, the source code is in your hands and we can't take it back — so we don't offer refunds after that point. If you change your mind before accessing the repo, email us within 7 days and we'll refund in full. The best way to avoid buyer's regret is to read the FAQ, scroll through the screens, and email us if you're unsure before you check out — happy to answer anything.
  • 07 Can I see more before I buy?
    Yes — every screenshot in the showcase clicks open. The full feature list lives in the stack and features sections above. If you want a deeper look at a specific area (a particular page, a code pattern, the Stripe webhook handler), email us and we'll send you a short Loom or a code snippet. We'd rather walk you through it than have you regret the purchase.
  • 08 Do I need to know Django and Next.js to use this?
    Yes — this is a foundation, not a no-code product. If you've shipped anything in either framework, you'll be at home. The bundled CLAUDE.md files and skills make it easier to onboard with any AI coding assistant.
  • 09 Is the multi-tenant model strict isolation or schema-per-tenant?
    Logical isolation: every tenant-scoped model carries a tenant FK and the middleware sets request.tenant. ViewSets auto-scope queries. This is the right tradeoff for early-stage SaaS — schema-per-tenant adds operational complexity that you don't need until you hit thousands of tenants.
  • 10 What if I find a bug or need a feature?
    Email support is included on every tier — reply to your welcome email and you'll get a response within 24 hours. Lifetime buyers also get a private Discord channel where I drop early builds, answer architecture questions, and pick the next features with the community. Security fixes ship to every active license holder for free, regardless of tier.
11 / Ship

Stop writing auth.
Start writing features.

One payment. Lifetime license. Build the SaaS your customers see — not the one you'll never finish.

Buy LaunchKit — from $249

Secure checkout · Repo access in your inbox · Read the FAQ before buying