Add features.md with 118 potential features across 14 categories Includes implementation status, notes, and suggested priority order Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
This commit is contained in:
parent
d41d4687ee
commit
e89537f217
1 changed files with 267 additions and 0 deletions
267
features.md
Normal file
267
features.md
Normal file
|
|
@ -0,0 +1,267 @@
|
|||
# Convex Next.js SaaS Template — Feature Roadmap
|
||||
|
||||
> Comprehensive checklist of features, patterns, and integrations that a production-ready SaaS template should include. Use this as a north star for prioritizing work.
|
||||
|
||||
---
|
||||
|
||||
## Legend
|
||||
|
||||
| Symbol | Meaning |
|
||||
|--------|---------|
|
||||
| ✅ | Already implemented |
|
||||
| 🔄 | Partial / needs refinement |
|
||||
| 📋 | Planned / on the backlog |
|
||||
| 💡 | Nice-to-have / stretch goal |
|
||||
|
||||
---
|
||||
|
||||
## Core Platform
|
||||
|
||||
| # | Feature | Status | Notes |
|
||||
|---|---------|--------|-------|
|
||||
| 1 | Next.js 16 App Router | ✅ | React 19, TypeScript 5, Tailwind CSS 4 |
|
||||
| 2 | Convex self-hosted backend | ✅ | Docker on Coolify |
|
||||
| 3 | Runtime env validation (Zod) | ✅ | `src/lib/env.ts` |
|
||||
| 4 | Multi-tenant architecture | 📋 | Teams / orgs support |
|
||||
| 5 | Custom domain support | 💡 | Vercel-style subdomain routing |
|
||||
| 6 | Edge middleware | 🔄 | `src/proxy.ts` for locale only |
|
||||
| 7 | API versioning | 💡 | `/api/v1/...` |
|
||||
| 8 | Health checks / status | 💡 | `/api/health`, Convex ping |
|
||||
|
||||
---
|
||||
|
||||
## Authentication & Authorization
|
||||
|
||||
| # | Feature | Status | Notes |
|
||||
|---|---------|--------|-------|
|
||||
| 9 | Email/password auth | ✅ | Better Auth + Convex adapter |
|
||||
| 10 | Password strength (HIBP) | ✅ | `haveIBeenPwned` plugin |
|
||||
| 11 | Email verification | ✅ | Token-based, Resend emails |
|
||||
| 12 | Forgot/reset password | ✅ | Secure token flow |
|
||||
| 13 | Change password | ✅ | Authenticated users |
|
||||
| 14 | Session management | ✅ | Better Auth sessions in Convex |
|
||||
| 15 | OAuth providers (Google, GitHub) | 📋 | Sign in with Google/GitHub |
|
||||
| 16 | 2FA / MFA (TOTP, SMS) | 📋 | Authenticator app, backup codes |
|
||||
| 17 | Passkeys / WebAuthn | 💡 | FIDO2, passwordless |
|
||||
| 18 | RBAC (Roles & Permissions) | 📋 | Admin, Member, Viewer roles |
|
||||
| 19 | API keys (scoped) | 📋 | Per-user or per-team API keys |
|
||||
| 20 | Impersonation / sudo mode | 💡 | Admin login-as-user for support |
|
||||
| 21 | Account lockout / brute-force | 📋 | Rate limit failed logins |
|
||||
| 22 | Device / session management | 📋 | List active sessions, revoke |
|
||||
|
||||
---
|
||||
|
||||
## Billing & Subscriptions
|
||||
|
||||
| # | Feature | Status | Notes |
|
||||
|---|---------|--------|-------|
|
||||
| 23 | Stripe Checkout | 📋 | Subscription + one-time payments |
|
||||
| 24 | Subscription tiers (Free/Pro/Enterprise) | 📋 | Feature gating per plan |
|
||||
| 25 | Usage-based billing | 📋 | Metered billing (API calls, storage) |
|
||||
| 26 | Team billing | 📋 | One payment method per team |
|
||||
| 27 | Invoice history | 📋 | Download PDF invoices |
|
||||
| 28 | Tax handling (VAT, GST) | 💡 | Stripe Tax integration |
|
||||
| 29 | Trial periods | 📋 | 14-day free trial logic |
|
||||
| 30 | Self-serve upgrades/downgrades | 📋 | Prorated charges |
|
||||
| 31 | Cancellation / retention flow | 💡 | Exit survey, pause subscription |
|
||||
|
||||
---
|
||||
|
||||
## Team & Collaboration
|
||||
|
||||
| # | Feature | Status | Notes |
|
||||
|---|---------|--------|-------|
|
||||
| 32 | Organizations / Teams | 📋 | Multi-user workspaces |
|
||||
| 33 | Team invitations (email) | 📋 | Invite link with expiry |
|
||||
| 34 | Role-based access within team | 📋 | Owner, Admin, Editor, Viewer |
|
||||
| 35 | Member management | 📋 | Remove, change roles |
|
||||
| 36 | Activity log / Audit trail | 📋 | Who did what, when |
|
||||
| 37 | Shared resources | 📋 | Team-scoped data in Convex |
|
||||
| 38 | Public/private projects | 💡 | Visibility toggle |
|
||||
|
||||
---
|
||||
|
||||
## User Experience
|
||||
|
||||
| # | Feature | Status | Notes |
|
||||
|---|---------|--------|-------|
|
||||
| 39 | Locale routing (i18n) | ✅ | EN/PL with next-intl |
|
||||
| 40 | Theme switching | ✅ | Dark/light/system |
|
||||
| 41 | App shell with navigation | ✅ | Auth-aware nav header |
|
||||
| 42 | Error boundaries | ✅ | `error.tsx` with retry |
|
||||
| 43 | Loading states | ✅ | `loading.tsx` fallback |
|
||||
| 44 | Not-found handling | ✅ | Localized + root 404 |
|
||||
| 45 | Cookie consent (GDPR) | ✅ | Category-based consent |
|
||||
| 46 | Onboarding wizard | 📋 | Multi-step first-run flow |
|
||||
| 47 | In-app notifications | 📋 | Toast + bell icon dropdown |
|
||||
| 48 | Command palette (Cmd+K) | 💡 | Spotlight-style search |
|
||||
| 49 | Keyboard shortcuts | 💡 | `?` help modal |
|
||||
| 50 | Guided tours | 💡 | Shepherd.js or similar |
|
||||
| 51 | Changelog / What's new | 💡 | In-app announcement modal |
|
||||
| 52 | Feedback widget | 💡 | Canny/Featurebase style |
|
||||
| 53 | Help center / Docs | 💡 | MDX-based docs site |
|
||||
|
||||
---
|
||||
|
||||
## File & Media
|
||||
|
||||
| # | Feature | Status | Notes |
|
||||
|---|---------|--------|-------|
|
||||
| 54 | Avatar upload | 📋 | Profile picture, Convex storage |
|
||||
| 55 | File uploads (documents, images) | 📋 | Drag & drop, progress bar |
|
||||
| 56 | Image optimization | 💡 | Next.js `<Image>` presets |
|
||||
| 57 | Export data (GDPR) | 📋 | JSON/CSV download |
|
||||
| 58 | Bulk import | 💡 | CSV upload with validation |
|
||||
|
||||
---
|
||||
|
||||
## Communication
|
||||
|
||||
| # | Feature | Status | Notes |
|
||||
|---|---------|--------|-------|
|
||||
| 59 | Transactional emails | ✅ | Resend (verification, reset) |
|
||||
| 60 | Email templates | 🔄 | Basic HTML, needs design system |
|
||||
| 61 | Welcome email sequence | 📋 | Post-signup drip campaign |
|
||||
| 62 | In-app messaging | 💡 | Announcements, banners |
|
||||
| 63 | Push notifications | 💡 | Web Push API |
|
||||
| 64 | SMS notifications | 💡 | Twilio for 2FA/alerts |
|
||||
|
||||
---
|
||||
|
||||
## Analytics & Monitoring
|
||||
|
||||
| # | Feature | Status | Notes |
|
||||
|---|---------|--------|-------|
|
||||
| 65 | Analytics (Plausible/PostHog) | 📋 | Privacy-first, cookie-respecting |
|
||||
| 66 | Error tracking (Sentry) | 📋 | Source maps, user context |
|
||||
| 67 | Performance monitoring | 💡 | Web Vitals, Convex query timing |
|
||||
| 68 | A/B testing | 💡 | Feature flags + split testing |
|
||||
| 69 | Feature flags | 💡 | LaunchDarkly or simple env-based |
|
||||
| 70 | Usage tracking | 📋 | Per-user, per-team quotas |
|
||||
| 71 | Dashboard metrics | 💡 | Admin panel with charts |
|
||||
|
||||
---
|
||||
|
||||
## API & Integrations
|
||||
|
||||
| # | Feature | Status | Notes |
|
||||
|---|---------|--------|-------|
|
||||
| 72 | REST API | 📋 | Convex HTTP actions exposed |
|
||||
| 73 | Webhooks | 📋 | Outgoing webhooks with signatures |
|
||||
| 74 | API rate limiting | 📋 | Per-key, per-user throttling |
|
||||
| 75 | API documentation (OpenAPI) | 💡 | Scalar or Swagger UI |
|
||||
| 76 | Zapier/Make integration | 💡 | Trigger-based automations |
|
||||
| 77 | CLI tool | 💡 | Node.js CLI for project scaffolding |
|
||||
| 78 | SDK / Client library | 💡 | TypeScript client wrapper |
|
||||
| 79 | GraphQL endpoint | 💡 | Optional GraphQL layer |
|
||||
|
||||
---
|
||||
|
||||
## Security & Compliance
|
||||
|
||||
| # | Feature | Status | Notes |
|
||||
|---|---------|--------|-------|
|
||||
| 80 | GDPR compliance | 🔄 | Cookie consent ✅, DPA needed |
|
||||
| 81 | Data deletion (right to be forgotten) | 📋 | Account wipe + cascade delete |
|
||||
| 82 | Data portability | 📋 | Export all user data |
|
||||
| 83 | Privacy policy / Terms | 📋 | Generated legal pages |
|
||||
| 84 | CSP headers | 💡 | Content Security Policy |
|
||||
| 85 | CORS configuration | 📋 | Strict origin whitelist |
|
||||
| 86 | Request signing | 💡 | HMAC for webhooks/API |
|
||||
| 87 | DDoS protection | 💡 | Cloudflare or Coolify WAF |
|
||||
| 88 | Secrets rotation | 💡 | Automated key rotation |
|
||||
|
||||
---
|
||||
|
||||
## SEO & Marketing
|
||||
|
||||
| # | Feature | Status | Notes |
|
||||
|---|---------|--------|-------|
|
||||
| 89 | SEO metadata | 🔄 | Basic `<Metadata>`, needs per-page |
|
||||
| 90 | Dynamic OG images | 💡 | `@vercel/og` or similar |
|
||||
| 91 | Sitemap.xml | 💡 | Auto-generated sitemap |
|
||||
| 92 | Robots.txt | 💡 | Dynamic robots rules |
|
||||
| 93 | Canonical URLs | 💡 | Avoid duplicate content |
|
||||
| 94 | Structured data (JSON-LD) | 💡 | Schema.org markup |
|
||||
| 95 | Blog / CMS | 💡 | MDX blog or headless CMS |
|
||||
| 96 | Landing page builder | 💡 | Reusable sections |
|
||||
| 97 | Waitlist / Early access | 💡 | Pre-launch email capture |
|
||||
| 98 | Referral program | 💡 | Invite links with rewards |
|
||||
| 99 | Affiliate tracking | 💡 | UTM + commission logic |
|
||||
|
||||
---
|
||||
|
||||
## DevOps & Deployment
|
||||
|
||||
| # | Feature | Status | Notes |
|
||||
|---|---------|--------|-------|
|
||||
| 100 | GitHub Actions CI | ✅ | Lint + build |
|
||||
| 101 | Automated deployments | 📋 | Coolify webhook deploy |
|
||||
| 102 | Preview environments | 💡 | Per-PR staging |
|
||||
| 103 | Database migrations | 📋 | Convex schema evolution |
|
||||
| 104 | Backup strategy | 💡 | Convex data snapshots |
|
||||
| 105 | Log aggregation | 💡 | Centralized logging |
|
||||
| 106 | Uptime monitoring | 💡 | UptimeRobot / Pingdom |
|
||||
| 107 | SSL auto-renewal | ✅ | Coolify / Let's Encrypt |
|
||||
|
||||
---
|
||||
|
||||
## Mobile & PWA
|
||||
|
||||
| # | Feature | Status | Notes |
|
||||
|---|---------|--------|-------|
|
||||
| 108 | PWA support | 💡 | Service worker, manifest |
|
||||
| 109 | Offline mode | 💡 | Convex local cache |
|
||||
| 110 | Mobile app (Expo) | 💡 | React Native companion |
|
||||
| 111 | Responsive design | ✅ | Tailwind breakpoints |
|
||||
| 112 | Touch gestures | 💡 | Swipe actions |
|
||||
|
||||
---
|
||||
|
||||
## Admin & Internal
|
||||
|
||||
| # | Feature | Status | Notes |
|
||||
|---|---------|--------|-------|
|
||||
| 113 | Admin dashboard | 📋 | User management, stats |
|
||||
| 114 | User impersonation | 💡 | Login as any user |
|
||||
| 115 | Feature flag console | 💡 | Toggle features per user |
|
||||
| 116 | Support ticket system | 💡 | Intercom/Crisp integration |
|
||||
| 117 | Abuse reporting | 💡 | Flag spam/abuse |
|
||||
| 118 | Ban/suspend users | 💡 | Soft delete + block |
|
||||
|
||||
---
|
||||
|
||||
## Summary
|
||||
|
||||
| Category | Implemented | Planned | Total |
|
||||
|----------|-------------|---------|-------|
|
||||
| Core Platform | 4 | 3 | 8 |
|
||||
| Auth & Security | 7 | 14 | 14 |
|
||||
| Billing | 0 | 9 | 9 |
|
||||
| Team & Collaboration | 0 | 7 | 7 |
|
||||
| User Experience | 7 | 14 | 14 |
|
||||
| File & Media | 0 | 5 | 5 |
|
||||
| Communication | 2 | 5 | 6 |
|
||||
| Analytics | 0 | 6 | 7 |
|
||||
| API & Integrations | 0 | 8 | 8 |
|
||||
| Security & Compliance | 1 | 8 | 9 |
|
||||
| SEO & Marketing | 0 | 10 | 11 |
|
||||
| DevOps | 2 | 5 | 7 |
|
||||
| Mobile & PWA | 1 | 4 | 5 |
|
||||
| Admin & Internal | 0 | 6 | 6 |
|
||||
| **Total** | **24** | **104** | **118** |
|
||||
|
||||
---
|
||||
|
||||
## Suggested Priority Order
|
||||
|
||||
1. **Billing (Stripe)** — brak tego = brak monetyzacji
|
||||
2. **OAuth providers** — zwiększa konwersję sign-up
|
||||
3. **Organizations / Teams** — B2B SaaS bez tego nie istnieje
|
||||
4. **RBAC** — musi iść ręka w rękę z teamami
|
||||
5. **Onboarding wizard** — redukcja churn na starcie
|
||||
6. **Analytics (PostHog/Plausible)** — bez danych nie wiesz co działa
|
||||
7. **API keys + webhooks** — developer experience, integracje
|
||||
8. **Admin dashboard** — support i operacje
|
||||
9. **2FA** — enterprise security requirement
|
||||
10. **PWA / offline** — konkurencyjna przewaga UX
|
||||
Loading…
Reference in a new issue