Who it’s for
RefactKit is built for developers shipping B2B or B2C SaaS products that need workspace isolation. If your app has multiple customers, each with their own data and users, RefactKit handles the tenant separation for you from day one. Every database table includes anorganizationId, and every server function validates tenant membership before executing any query.
Key features
Authentication
Email/password sign-up and sign-in, email verification, password reset, and Google OAuth — all with OWASP-compliant security controls including anti-enumeration, rate limiting, and JWE-encrypted sessions.
Organizations & multi-tenancy
Every user belongs to one or more organizations. Data is scoped by
organizationId across every tenant table. Organization creation, switching, and deletion are all built in.Role-based access control
Three roles — Owner, Admin, and Member — with a granular resource-action permission model. Permissions are enforced server-side on every request.
File storage
Server-side file uploads to Supabase Storage. Avatar and gallery image management with automatic public URL generation. The service role key never touches the client.
Internationalization
Five built-in languages: English, French, Spanish, Portuguese, and Arabic. Full RTL support, cookie-based locale persistence, and server-side locale detection.
Design system
shadcn/ui components built on Base UI primitives with WAI-ARIA compliance. Tailwind CSS v4 with semantic CSS variables and one-command theme generation.
Tech stack
RefactKit combines a carefully selected set of technologies that work well together. The table below covers the most important pieces.| Layer | Technology |
|---|---|
| Meta-framework | TanStack Start (SSR + server functions via Nitro v3) |
| UI | React 19 with TanStack Router, Query, Form, and Table |
| Authentication | Better Auth 1.6+ (self-hosted, organizations plugin) |
| Database | PostgreSQL on Supabase via Drizzle ORM |
| Storage | Supabase Storage (S3-compatible) |
| Resend (transactional) | |
| Styling | Tailwind CSS v4 + shadcn/ui on Base UI |
| i18n | Custom React context wrapping i18next (5 locales) |
| Testing | Vitest (unit) + Playwright (E2E) |
| Deployment | Vercel, Cloudflare, Node.js, or AWS via Nitro presets |
Architecture principles
RefactKit is built around four non-negotiable constraints:- Multi-tenancy first. Every data table includes
organizationId. Server functions verify tenant membership before executing any query — tenant isolation is structural, not a convention. - Type safety everywhere. TypeScript strict mode, Drizzle typed SQL, Zod runtime validation, and TanStack typed routes eliminate entire classes of runtime errors.
- Security by default. Anti-enumeration, rate limiting on all auth endpoints, JWE-encrypted session cookies, and audit logging are all built in and pre-configured — no extra setup required.
- Universal deployment. The Nitro v3 engine targets Vercel, Cloudflare Workers, standalone Node.js, and AWS from a single build command.
RefactKit Community Edition is free and open-source under the MIT license. You can use it in commercial products, modify it, and redistribute it without restriction.
What’s coming in Pro
RefactKit Pro is currently in development and will add a complete billing system on top of the Community Edition:- Stripe subscriptions with per-seat pricing, metered usage, and one-time payments
- Polar integration for open-source-friendly monetization
- Self-service customer portal for plan and payment method management
- Admin dashboard with super-admin impersonation
- Priority support