nxtkofi
e89537f217
Some checks failed
CI / lint (push) Has been cancelled
Add features.md with 118 potential features across 14 categories Includes implementation status, notes, and suggested priority order Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
10 KiB
10 KiB
Convex Next.js SaaS Template — Feature Roadmap
Comprehensive checklist of features, patterns, and integrations that a production-ready SaaS template should include. Use this as a north star for prioritizing work.
Legend
| Symbol | Meaning |
|---|---|
| ✅ | Already implemented |
| 🔄 | Partial / needs refinement |
| 📋 | Planned / on the backlog |
| 💡 | Nice-to-have / stretch goal |
Core Platform
| # | Feature | Status | Notes |
|---|---|---|---|
| 1 | Next.js 16 App Router | ✅ | React 19, TypeScript 5, Tailwind CSS 4 |
| 2 | Convex self-hosted backend | ✅ | Docker on Coolify |
| 3 | Runtime env validation (Zod) | ✅ | src/lib/env.ts |
| 4 | Multi-tenant architecture | 📋 | Teams / orgs support |
| 5 | Custom domain support | 💡 | Vercel-style subdomain routing |
| 6 | Edge middleware | 🔄 | src/proxy.ts for locale only |
| 7 | API versioning | 💡 | /api/v1/... |
| 8 | Health checks / status | 💡 | /api/health, Convex ping |
Authentication & Authorization
| # | Feature | Status | Notes |
|---|---|---|---|
| 9 | Email/password auth | ✅ | Better Auth + Convex adapter |
| 10 | Password strength (HIBP) | ✅ | haveIBeenPwned plugin |
| 11 | Email verification | ✅ | Token-based, Resend emails |
| 12 | Forgot/reset password | ✅ | Secure token flow |
| 13 | Change password | ✅ | Authenticated users |
| 14 | Session management | ✅ | Better Auth sessions in Convex |
| 15 | OAuth providers (Google, GitHub) | 📋 | Sign in with Google/GitHub |
| 16 | 2FA / MFA (TOTP, SMS) | 📋 | Authenticator app, backup codes |
| 17 | Passkeys / WebAuthn | 💡 | FIDO2, passwordless |
| 18 | RBAC (Roles & Permissions) | 📋 | Admin, Member, Viewer roles |
| 19 | API keys (scoped) | 📋 | Per-user or per-team API keys |
| 20 | Impersonation / sudo mode | 💡 | Admin login-as-user for support |
| 21 | Account lockout / brute-force | 📋 | Rate limit failed logins |
| 22 | Device / session management | 📋 | List active sessions, revoke |
Billing & Subscriptions
| # | Feature | Status | Notes |
|---|---|---|---|
| 23 | Stripe Checkout | 📋 | Subscription + one-time payments |
| 24 | Subscription tiers (Free/Pro/Enterprise) | 📋 | Feature gating per plan |
| 25 | Usage-based billing | 📋 | Metered billing (API calls, storage) |
| 26 | Team billing | 📋 | One payment method per team |
| 27 | Invoice history | 📋 | Download PDF invoices |
| 28 | Tax handling (VAT, GST) | 💡 | Stripe Tax integration |
| 29 | Trial periods | 📋 | 14-day free trial logic |
| 30 | Self-serve upgrades/downgrades | 📋 | Prorated charges |
| 31 | Cancellation / retention flow | 💡 | Exit survey, pause subscription |
Team & Collaboration
| # | Feature | Status | Notes |
|---|---|---|---|
| 32 | Organizations / Teams | 📋 | Multi-user workspaces |
| 33 | Team invitations (email) | 📋 | Invite link with expiry |
| 34 | Role-based access within team | 📋 | Owner, Admin, Editor, Viewer |
| 35 | Member management | 📋 | Remove, change roles |
| 36 | Activity log / Audit trail | 📋 | Who did what, when |
| 37 | Shared resources | 📋 | Team-scoped data in Convex |
| 38 | Public/private projects | 💡 | Visibility toggle |
User Experience
| # | Feature | Status | Notes |
|---|---|---|---|
| 39 | Locale routing (i18n) | ✅ | EN/PL with next-intl |
| 40 | Theme switching | ✅ | Dark/light/system |
| 41 | App shell with navigation | ✅ | Auth-aware nav header |
| 42 | Error boundaries | ✅ | error.tsx with retry |
| 43 | Loading states | ✅ | loading.tsx fallback |
| 44 | Not-found handling | ✅ | Localized + root 404 |
| 45 | Cookie consent (GDPR) | ✅ | Category-based consent |
| 46 | Onboarding wizard | 📋 | Multi-step first-run flow |
| 47 | In-app notifications | 📋 | Toast + bell icon dropdown |
| 48 | Command palette (Cmd+K) | 💡 | Spotlight-style search |
| 49 | Keyboard shortcuts | 💡 | ? help modal |
| 50 | Guided tours | 💡 | Shepherd.js or similar |
| 51 | Changelog / What's new | 💡 | In-app announcement modal |
| 52 | Feedback widget | 💡 | Canny/Featurebase style |
| 53 | Help center / Docs | 💡 | MDX-based docs site |
File & Media
| # | Feature | Status | Notes |
|---|---|---|---|
| 54 | Avatar upload | 📋 | Profile picture, Convex storage |
| 55 | File uploads (documents, images) | 📋 | Drag & drop, progress bar |
| 56 | Image optimization | 💡 | Next.js <Image> presets |
| 57 | Export data (GDPR) | 📋 | JSON/CSV download |
| 58 | Bulk import | 💡 | CSV upload with validation |
Communication
| # | Feature | Status | Notes |
|---|---|---|---|
| 59 | Transactional emails | ✅ | Resend (verification, reset) |
| 60 | Email templates | 🔄 | Basic HTML, needs design system |
| 61 | Welcome email sequence | 📋 | Post-signup drip campaign |
| 62 | In-app messaging | 💡 | Announcements, banners |
| 63 | Push notifications | 💡 | Web Push API |
| 64 | SMS notifications | 💡 | Twilio for 2FA/alerts |
Analytics & Monitoring
| # | Feature | Status | Notes |
|---|---|---|---|
| 65 | Analytics (Plausible/PostHog) | 📋 | Privacy-first, cookie-respecting |
| 66 | Error tracking (Sentry) | 📋 | Source maps, user context |
| 67 | Performance monitoring | 💡 | Web Vitals, Convex query timing |
| 68 | A/B testing | 💡 | Feature flags + split testing |
| 69 | Feature flags | 💡 | LaunchDarkly or simple env-based |
| 70 | Usage tracking | 📋 | Per-user, per-team quotas |
| 71 | Dashboard metrics | 💡 | Admin panel with charts |
API & Integrations
| # | Feature | Status | Notes |
|---|---|---|---|
| 72 | REST API | 📋 | Convex HTTP actions exposed |
| 73 | Webhooks | 📋 | Outgoing webhooks with signatures |
| 74 | API rate limiting | 📋 | Per-key, per-user throttling |
| 75 | API documentation (OpenAPI) | 💡 | Scalar or Swagger UI |
| 76 | Zapier/Make integration | 💡 | Trigger-based automations |
| 77 | CLI tool | 💡 | Node.js CLI for project scaffolding |
| 78 | SDK / Client library | 💡 | TypeScript client wrapper |
| 79 | GraphQL endpoint | 💡 | Optional GraphQL layer |
Security & Compliance
| # | Feature | Status | Notes |
|---|---|---|---|
| 80 | GDPR compliance | 🔄 | Cookie consent ✅, DPA needed |
| 81 | Data deletion (right to be forgotten) | 📋 | Account wipe + cascade delete |
| 82 | Data portability | 📋 | Export all user data |
| 83 | Privacy policy / Terms | 📋 | Generated legal pages |
| 84 | CSP headers | 💡 | Content Security Policy |
| 85 | CORS configuration | 📋 | Strict origin whitelist |
| 86 | Request signing | 💡 | HMAC for webhooks/API |
| 87 | DDoS protection | 💡 | Cloudflare or Coolify WAF |
| 88 | Secrets rotation | 💡 | Automated key rotation |
SEO & Marketing
| # | Feature | Status | Notes |
|---|---|---|---|
| 89 | SEO metadata | 🔄 | Basic <Metadata>, needs per-page |
| 90 | Dynamic OG images | 💡 | @vercel/og or similar |
| 91 | Sitemap.xml | 💡 | Auto-generated sitemap |
| 92 | Robots.txt | 💡 | Dynamic robots rules |
| 93 | Canonical URLs | 💡 | Avoid duplicate content |
| 94 | Structured data (JSON-LD) | 💡 | Schema.org markup |
| 95 | Blog / CMS | 💡 | MDX blog or headless CMS |
| 96 | Landing page builder | 💡 | Reusable sections |
| 97 | Waitlist / Early access | 💡 | Pre-launch email capture |
| 98 | Referral program | 💡 | Invite links with rewards |
| 99 | Affiliate tracking | 💡 | UTM + commission logic |
DevOps & Deployment
| # | Feature | Status | Notes |
|---|---|---|---|
| 100 | GitHub Actions CI | ✅ | Lint + build |
| 101 | Automated deployments | 📋 | Coolify webhook deploy |
| 102 | Preview environments | 💡 | Per-PR staging |
| 103 | Database migrations | 📋 | Convex schema evolution |
| 104 | Backup strategy | 💡 | Convex data snapshots |
| 105 | Log aggregation | 💡 | Centralized logging |
| 106 | Uptime monitoring | 💡 | UptimeRobot / Pingdom |
| 107 | SSL auto-renewal | ✅ | Coolify / Let's Encrypt |
Mobile & PWA
| # | Feature | Status | Notes |
|---|---|---|---|
| 108 | PWA support | 💡 | Service worker, manifest |
| 109 | Offline mode | 💡 | Convex local cache |
| 110 | Mobile app (Expo) | 💡 | React Native companion |
| 111 | Responsive design | ✅ | Tailwind breakpoints |
| 112 | Touch gestures | 💡 | Swipe actions |
Admin & Internal
| # | Feature | Status | Notes |
|---|---|---|---|
| 113 | Admin dashboard | 📋 | User management, stats |
| 114 | User impersonation | 💡 | Login as any user |
| 115 | Feature flag console | 💡 | Toggle features per user |
| 116 | Support ticket system | 💡 | Intercom/Crisp integration |
| 117 | Abuse reporting | 💡 | Flag spam/abuse |
| 118 | Ban/suspend users | 💡 | Soft delete + block |
Summary
| Category | Implemented | Planned | Total |
|---|---|---|---|
| Core Platform | 4 | 3 | 8 |
| Auth & Security | 7 | 14 | 14 |
| Billing | 0 | 9 | 9 |
| Team & Collaboration | 0 | 7 | 7 |
| User Experience | 7 | 14 | 14 |
| File & Media | 0 | 5 | 5 |
| Communication | 2 | 5 | 6 |
| Analytics | 0 | 6 | 7 |
| API & Integrations | 0 | 8 | 8 |
| Security & Compliance | 1 | 8 | 9 |
| SEO & Marketing | 0 | 10 | 11 |
| DevOps | 2 | 5 | 7 |
| Mobile & PWA | 1 | 4 | 5 |
| Admin & Internal | 0 | 6 | 6 |
| Total | 24 | 104 | 118 |
Suggested Priority Order
- Billing (Stripe) — brak tego = brak monetyzacji
- OAuth providers — zwiększa konwersję sign-up
- Organizations / Teams — B2B SaaS bez tego nie istnieje
- RBAC — musi iść ręka w rękę z teamami
- Onboarding wizard — redukcja churn na starcie
- Analytics (PostHog/Plausible) — bez danych nie wiesz co działa
- API keys + webhooks — developer experience, integracje
- Admin dashboard — support i operacje
- 2FA — enterprise security requirement
- PWA / offline — konkurencyjna przewaga UX