# Convex Next.js SaaS Template β€” Feature Roadmap > Comprehensive checklist of features, patterns, and integrations that a production-ready SaaS template should include. Use this as a north star for prioritizing work. --- ## Legend | Symbol | Meaning | |--------|---------| | βœ… | Already implemented | | πŸ”„ | Partial / needs refinement | | πŸ“‹ | Planned / on the backlog | | πŸ’‘ | Nice-to-have / stretch goal | --- ## Core Platform | # | Feature | Status | Notes | |---|---------|--------|-------| | 1 | Next.js 16 App Router | βœ… | React 19, TypeScript 5, Tailwind CSS 4 | | 2 | Convex self-hosted backend | βœ… | Docker on Coolify | | 3 | Runtime env validation (Zod) | βœ… | `src/lib/env.ts` | | 4 | Multi-tenant architecture | πŸ“‹ | Teams / orgs support | | 5 | Custom domain support | πŸ’‘ | Vercel-style subdomain routing | | 6 | Edge middleware | πŸ”„ | `src/proxy.ts` for locale only | | 7 | API versioning | πŸ’‘ | `/api/v1/...` | | 8 | Health checks / status | πŸ’‘ | `/api/health`, Convex ping | --- ## Authentication & Authorization | # | Feature | Status | Notes | |---|---------|--------|-------| | 9 | Email/password auth | βœ… | Better Auth + Convex adapter | | 10 | Password strength (HIBP) | βœ… | `haveIBeenPwned` plugin | | 11 | Email verification | βœ… | Token-based, Resend emails | | 12 | Forgot/reset password | βœ… | Secure token flow | | 13 | Change password | βœ… | Authenticated users | | 14 | Session management | βœ… | Better Auth sessions in Convex | | 15 | OAuth providers (Google, GitHub) | πŸ“‹ | Sign in with Google/GitHub | | 16 | 2FA / MFA (TOTP, SMS) | πŸ“‹ | Authenticator app, backup codes | | 17 | Passkeys / WebAuthn | πŸ’‘ | FIDO2, passwordless | | 18 | RBAC (Roles & Permissions) | πŸ“‹ | Admin, Member, Viewer roles | | 19 | API keys (scoped) | πŸ“‹ | Per-user or per-team API keys | | 20 | Impersonation / sudo mode | πŸ’‘ | Admin login-as-user for support | | 21 | Account lockout / brute-force | πŸ“‹ | Rate limit failed logins | | 22 | Device / session management | πŸ“‹ | List active sessions, revoke | --- ## Billing & Subscriptions | # | Feature | Status | Notes | |---|---------|--------|-------| | 23 | Stripe Checkout | πŸ“‹ | Subscription + one-time payments | | 24 | Subscription tiers (Free/Pro/Enterprise) | πŸ“‹ | Feature gating per plan | | 25 | Usage-based billing | πŸ“‹ | Metered billing (API calls, storage) | | 26 | Team billing | πŸ“‹ | One payment method per team | | 27 | Invoice history | πŸ“‹ | Download PDF invoices | | 28 | Tax handling (VAT, GST) | πŸ’‘ | Stripe Tax integration | | 29 | Trial periods | πŸ“‹ | 14-day free trial logic | | 30 | Self-serve upgrades/downgrades | πŸ“‹ | Prorated charges | | 31 | Cancellation / retention flow | πŸ’‘ | Exit survey, pause subscription | --- ## Team & Collaboration | # | Feature | Status | Notes | |---|---------|--------|-------| | 32 | Organizations / Teams | πŸ“‹ | Multi-user workspaces | | 33 | Team invitations (email) | πŸ“‹ | Invite link with expiry | | 34 | Role-based access within team | πŸ“‹ | Owner, Admin, Editor, Viewer | | 35 | Member management | πŸ“‹ | Remove, change roles | | 36 | Activity log / Audit trail | πŸ“‹ | Who did what, when | | 37 | Shared resources | πŸ“‹ | Team-scoped data in Convex | | 38 | Public/private projects | πŸ’‘ | Visibility toggle | --- ## User Experience | # | Feature | Status | Notes | |---|---------|--------|-------| | 39 | Locale routing (i18n) | βœ… | EN/PL with next-intl | | 40 | Theme switching | βœ… | Dark/light/system | | 41 | App shell with navigation | βœ… | Auth-aware nav header | | 42 | Error boundaries | βœ… | `error.tsx` with retry | | 43 | Loading states | βœ… | `loading.tsx` fallback | | 44 | Not-found handling | βœ… | Localized + root 404 | | 45 | Cookie consent (GDPR) | βœ… | Category-based consent | | 46 | Onboarding wizard | πŸ“‹ | Multi-step first-run flow | | 47 | In-app notifications | πŸ“‹ | Toast + bell icon dropdown | | 48 | Command palette (Cmd+K) | πŸ’‘ | Spotlight-style search | | 49 | Keyboard shortcuts | πŸ’‘ | `?` help modal | | 50 | Guided tours | πŸ’‘ | Shepherd.js or similar | | 51 | Changelog / What's new | πŸ’‘ | In-app announcement modal | | 52 | Feedback widget | πŸ’‘ | Canny/Featurebase style | | 53 | Help center / Docs | πŸ’‘ | MDX-based docs site | --- ## File & Media | # | Feature | Status | Notes | |---|---------|--------|-------| | 54 | Avatar upload | πŸ“‹ | Profile picture, Convex storage | | 55 | File uploads (documents, images) | πŸ“‹ | Drag & drop, progress bar | | 56 | Image optimization | πŸ’‘ | Next.js `` presets | | 57 | Export data (GDPR) | πŸ“‹ | JSON/CSV download | | 58 | Bulk import | πŸ’‘ | CSV upload with validation | --- ## Communication | # | Feature | Status | Notes | |---|---------|--------|-------| | 59 | Transactional emails | βœ… | Resend (verification, reset) | | 60 | Email templates | πŸ”„ | Basic HTML, needs design system | | 61 | Welcome email sequence | πŸ“‹ | Post-signup drip campaign | | 62 | In-app messaging | πŸ’‘ | Announcements, banners | | 63 | Push notifications | πŸ’‘ | Web Push API | | 64 | SMS notifications | πŸ’‘ | Twilio for 2FA/alerts | --- ## Analytics & Monitoring | # | Feature | Status | Notes | |---|---------|--------|-------| | 65 | Analytics (Plausible/PostHog) | πŸ“‹ | Privacy-first, cookie-respecting | | 66 | Error tracking (Sentry) | πŸ“‹ | Source maps, user context | | 67 | Performance monitoring | πŸ’‘ | Web Vitals, Convex query timing | | 68 | A/B testing | πŸ’‘ | Feature flags + split testing | | 69 | Feature flags | πŸ’‘ | LaunchDarkly or simple env-based | | 70 | Usage tracking | πŸ“‹ | Per-user, per-team quotas | | 71 | Dashboard metrics | πŸ’‘ | Admin panel with charts | --- ## API & Integrations | # | Feature | Status | Notes | |---|---------|--------|-------| | 72 | REST API | πŸ“‹ | Convex HTTP actions exposed | | 73 | Webhooks | πŸ“‹ | Outgoing webhooks with signatures | | 74 | API rate limiting | πŸ“‹ | Per-key, per-user throttling | | 75 | API documentation (OpenAPI) | πŸ’‘ | Scalar or Swagger UI | | 76 | Zapier/Make integration | πŸ’‘ | Trigger-based automations | | 77 | CLI tool | πŸ’‘ | Node.js CLI for project scaffolding | | 78 | SDK / Client library | πŸ’‘ | TypeScript client wrapper | | 79 | GraphQL endpoint | πŸ’‘ | Optional GraphQL layer | --- ## Security & Compliance | # | Feature | Status | Notes | |---|---------|--------|-------| | 80 | GDPR compliance | πŸ”„ | Cookie consent βœ…, DPA needed | | 81 | Data deletion (right to be forgotten) | πŸ“‹ | Account wipe + cascade delete | | 82 | Data portability | πŸ“‹ | Export all user data | | 83 | Privacy policy / Terms | πŸ“‹ | Generated legal pages | | 84 | CSP headers | πŸ’‘ | Content Security Policy | | 85 | CORS configuration | πŸ“‹ | Strict origin whitelist | | 86 | Request signing | πŸ’‘ | HMAC for webhooks/API | | 87 | DDoS protection | πŸ’‘ | Cloudflare or Coolify WAF | | 88 | Secrets rotation | πŸ’‘ | Automated key rotation | --- ## SEO & Marketing | # | Feature | Status | Notes | |---|---------|--------|-------| | 89 | SEO metadata | πŸ”„ | Basic ``, needs per-page | | 90 | Dynamic OG images | πŸ’‘ | `@vercel/og` or similar | | 91 | Sitemap.xml | πŸ’‘ | Auto-generated sitemap | | 92 | Robots.txt | πŸ’‘ | Dynamic robots rules | | 93 | Canonical URLs | πŸ’‘ | Avoid duplicate content | | 94 | Structured data (JSON-LD) | πŸ’‘ | Schema.org markup | | 95 | Blog / CMS | πŸ’‘ | MDX blog or headless CMS | | 96 | Landing page builder | πŸ’‘ | Reusable sections | | 97 | Waitlist / Early access | πŸ’‘ | Pre-launch email capture | | 98 | Referral program | πŸ’‘ | Invite links with rewards | | 99 | Affiliate tracking | πŸ’‘ | UTM + commission logic | --- ## DevOps & Deployment | # | Feature | Status | Notes | |---|---------|--------|-------| | 100 | GitHub Actions CI | βœ… | Lint + build | | 101 | Automated deployments | πŸ“‹ | Coolify webhook deploy | | 102 | Preview environments | πŸ’‘ | Per-PR staging | | 103 | Database migrations | πŸ“‹ | Convex schema evolution | | 104 | Backup strategy | πŸ’‘ | Convex data snapshots | | 105 | Log aggregation | πŸ’‘ | Centralized logging | | 106 | Uptime monitoring | πŸ’‘ | UptimeRobot / Pingdom | | 107 | SSL auto-renewal | βœ… | Coolify / Let's Encrypt | --- ## Mobile & PWA | # | Feature | Status | Notes | |---|---------|--------|-------| | 108 | PWA support | πŸ’‘ | Service worker, manifest | | 109 | Offline mode | πŸ’‘ | Convex local cache | | 110 | Mobile app (Expo) | πŸ’‘ | React Native companion | | 111 | Responsive design | βœ… | Tailwind breakpoints | | 112 | Touch gestures | πŸ’‘ | Swipe actions | --- ## Admin & Internal | # | Feature | Status | Notes | |---|---------|--------|-------| | 113 | Admin dashboard | πŸ“‹ | User management, stats | | 114 | User impersonation | πŸ’‘ | Login as any user | | 115 | Feature flag console | πŸ’‘ | Toggle features per user | | 116 | Support ticket system | πŸ’‘ | Intercom/Crisp integration | | 117 | Abuse reporting | πŸ’‘ | Flag spam/abuse | | 118 | Ban/suspend users | πŸ’‘ | Soft delete + block | --- ## Summary | Category | Implemented | Planned | Total | |----------|-------------|---------|-------| | Core Platform | 4 | 3 | 8 | | Auth & Security | 7 | 14 | 14 | | Billing | 0 | 9 | 9 | | Team & Collaboration | 0 | 7 | 7 | | User Experience | 7 | 14 | 14 | | File & Media | 0 | 5 | 5 | | Communication | 2 | 5 | 6 | | Analytics | 0 | 6 | 7 | | API & Integrations | 0 | 8 | 8 | | Security & Compliance | 1 | 8 | 9 | | SEO & Marketing | 0 | 10 | 11 | | DevOps | 2 | 5 | 7 | | Mobile & PWA | 1 | 4 | 5 | | Admin & Internal | 0 | 6 | 6 | | **Total** | **24** | **104** | **118** | --- ## Suggested Priority Order 1. **Billing (Stripe)** β€” brak tego = brak monetyzacji 2. **OAuth providers** β€” zwiΔ™ksza konwersjΔ™ sign-up 3. **Organizations / Teams** β€” B2B SaaS bez tego nie istnieje 4. **RBAC** β€” musi iΕ›Δ‡ rΔ™ka w rΔ™kΔ™ z teamami 5. **Onboarding wizard** β€” redukcja churn na starcie 6. **Analytics (PostHog/Plausible)** β€” bez danych nie wiesz co dziaΕ‚a 7. **API keys + webhooks** β€” developer experience, integracje 8. **Admin dashboard** β€” support i operacje 9. **2FA** β€” enterprise security requirement 10. **PWA / offline** β€” konkurencyjna przewaga UX