Skip to main content

Infrastructure

The boring parts are done. Properly. Auth, payments, email, security, analytics, and CI/CD, configured, tested, and working together. Not scaffolded and left for you to figure out.

Authentication

Supabase Auth with email/password, magic links, and OAuth providers (Google, GitHub). Server-side session management with httpOnly cookies. Row-Level Security policies at the database level. Rate limiting on auth endpoints (5 attempts per 15 minutes per IP). A swappable adapter pattern supports switching to NextAuth, Clerk, or a custom provider.

Payments

Stripe integration with a complete webhook handler covering checkout sessions, subscription lifecycle (created, updated, deleted), invoice payments, trial expiry warnings, refunds, and disputes. Subscription status tracked in the database. Pre-built pricing page and customer portal. Stripe test keys are blocked in production.

Transactional email

Resend API with React Email templates. Five pre-built emails: welcome, password reset, subscription confirmation, payment failed, and trial ending. Email-safe design tokens for consistent styling. i18n support built in.

Security

Row-Level Security at the database level. Input validation with Zod schemas on all forms and server-side re-validation. CSRF protection on API endpoints. Content Security Policy headers. Secret scanning with Gitleaks on every commit. Rate limiting on auth and AI endpoints. Error masking to prevent internal detail leaks. OWASP LLM Top 10 hardening for AI features.

Analytics

PostHog integration with consent-gated, privacy-first tracking. Blocked by default until the user accepts the consent banner. Proxied through your domain for same-origin requests. Text and attribute masking for session recordings. URL sanitization to strip tokens and emails. AI-specific events log model, tokens, and latency only, never prompts.

CI/CD

30 GitHub Actions workflows. Type checking, linting, and tests on every pull request. CodeQL analysis, Gitleaks scanning, dependency review, and accessibility audits. Automated PR labeling, bundle size monitoring, database migration validation, and AI-powered code review via CodeRabbit. Post-deploy smoke tests and synthetic monitoring.

Error tracking

Sentry integration pre-configured with source map support. Sanitization of component stacks and sensitive fields. Session recordings optional.

Ready to go live?

$249 one-time. Lifetime access. Unlimited projects.

Get Sinter: $249