Documentation Overview

Overview of the documentation. Learn how to build accessible, production-ready apps step by step — from setup to deployment.

Get started

Hey indie ! Welcome ʕ•ᴥ•ʔ

Start a local server

In your terminal

#run the following commands one-by-one

git clone [email protected]:br0wsa/a11ystart-boilerplate.git [MYAPP]
cd [MYAPP]
pnpm install
git remote remove origin
pnpm dev

Rename .env.example to .env
Open http://localhost:3000 to see your dev mod app
To start preview server run pnpm preview command
Open http://localhost:8788 to see your preview mod app

File Structure

Vike documentation

You may want to define several pages/ directories for what we call a domain-driven file structure (DDD).

Vike domain-driven file structure

public
components
pages
layouts
database
assets
atoms
.cursor
server
package.json
wrangler.toml
.env
...others

Config files

Vike documentation

All there is to know about how Vike's config files work. Further more, These are key configuration files for your project. Rename them with your app name - same everywhere.

{
  "name": "a11ystart",
  "version": "1.0.0-beta.1",
  "description": "a11y saas boilerplate",
  "author": {
    "name": "bluecornflakes",
    "email": "[email protected]",
    "url": "https://www.bluecornflakes.com"
  },
  "homepage": "https://a11ystart.blue/",
  "keywords": [
    "a11y",
    "low-tech",
    "user-experience",
    "accessibility-first",
    "empowerment",
    "community-building"
  ],
  "repository": {
    "type": "git",
    "url": "https://github.com/br0wsa/a11ystart-boilerplate"
  },
  "license": "Proprietary",
  "licenseFile": "LICENSE"
}

Environment Variables

Vike documentation Cloudflare API tokens

Environment variables can be defined in .env and .env.[mode] files.

# ------------------------------
#      ENVIRONMENT EXAMPLE
# ------------------------------

# APP URL
PUBLIC_ENV__URL=


# BEEHIIV Publication ID API
BEEHIIV_PUBLICATION_ID=
BEEHIIV_API_KEY=
PUBLIC_ENV__BEEHIIV_RSS_URL=
PUBLIC_ENV__BEEHIIV_AFFILIATE_URL=


# GitHub API
PUBLIC_ENV__GITHUB_TOKEN=

# Cloudflare
CLOUDFLARE_API_TOKEN=
CLOUDFLARE_ACCOUNT_ID=
CLOUDFLARE_EMAIL=

# Google Analytics
# Docs: https://support.google.com/analytics/answer/9304153
PUBLIC_ENV__GOOGLE_ANALYTICS=

# Sentry DNS. Used for Error Reporting on the Server
SENTRY_DSN=

# Sentry DNS. Used for Error Reporting in the Browser
PUBLIC_ENV__SENTRY_DSN=

# Resend
RESEND_API_KEY=


# Supabase
SUPABASE_URL=
SUPABASE_ANON_KEY=
SUPABASE_SERVICE_ROLE_KEY=

# Cloudflare Turnstile
# Cloudflare Turnstile
CLOUDFLARE_TURNSTILE_SECRET_KEY=
PUBLIC_ENV__CLOUDFLARE_TURNSTILE_SITE_KEY=

# IPQualityScore
IPQUALITYSCORE_API_KEY=

# Stripe
STRIPE_SECRET_KEY=
PUBLIC_ENV__CUSTOMER_PORTAL_LINK=

# Sightengine
SIGHTENGINE_USER=
SIGHTENGINE_SECRET=
SIGHTENGINE_WORKFLOW_ID=

Features

Includes database integration, email handling, SEO optimization, error boundaries, customer support tools, payment support, analytics, and magic link authentication.

SEO

Vike Documentation JSON-LD Schema JSON-LD TypeScript Support Google Analytics Setup Beehiiv

Add your root URL (e.g. https://yourdomain.com) to baseUrl in vite.config.ts (located in the root folder). This will automatically generate a sitemap.xml and robots.txt during the build process.

// Vite Sitemap Config
// Adds sitemap.xml and robots.txt at build time.

sitemap({
  baseUrl: "https://a11ystart.blue",
  filename: "sitemap.xml",
  defaultChangefreq: "weekly",
  defaultPriority: 0.5,
  robots: { userAgent: "*", disallow: { cloudflare: true } },
  outputDir: "../../public",
}),

Update your content files in the /database folder: schemaOrg.ts, faq.ts, glossary.ts, legal.ts, contact.ts, etc. Customize them to reflect your business.
Add your Google Analytics ID as PUBLIC_ENV__GOOGLE_ANALYTICS in your .env file.
Add your site URL as PUBLIC_ENV__URL in your .env file.
Create a newsletter in minutes using Beehiiv— with beehiiv page or your subdomain.
Add your RSS feed URL from beehiiv RSS as PUBLIC_ENV__BEEHIIV_RSS_URL in your .env file.

All of the following SEO snippets are already integrated in the boilerplate. Simply reuse them when adding new pages.

// Breadcrumb JSON-LD
// This is already implemented in the boilerplate.
// Include this snippet in +Head.tsx for each page.

export function Head() {
  const data = useData<Data>();
  const PAGE_JSON_LD = generateJsonLd(data);

  return (
    <script
      type="application/ld+json"
      dangerouslySetInnerHTML={{
        __html: JSON.stringify(PAGE_JSON_LD),
      }}
    />
  );
}

Supabase

Supabase Supabase Documentation

Copy these SQL queries from the root server/ folder.

Paste & Run them in the Supabase SQL Editor

server
- templates
  - users_table_setup.sql
  - user_tos_acceptance.sql
  - user_account_deleted.sql
  - email_notifications.sql
  - cyclic-coupon-batch.sql
  - color_table.sql
  - helpers.sql

Sending emails

Mailo (Privacy-focused) Resend Email Platform

A transactional email provider like Resend is required to send magic links, password resets, and system notifications. Ensure your provider supports SMTP or API integration.

Steps to Set Up Resend with Supabase

Create a Resend account.
Navigate to Domains → + Add Domain. Use a subdomain like resend.yourdomain.com.
Complete DNS verification, then click Verify DNS Records in Resend.
Go to API Keys → + Create API Key, then click Add.
Open your .env file and add your RESEND_API_KEY to enable email sending with React Email on the contact/support page.
In Supabase → Edge Functions → Secret, store the API key RESEND_API_KEY.
In Supabase → Authentication → Email settings, enable Custom SMTP and configure the following:
- Sender details
- SMTP Provider Settings

Best Practices for Email Deliverability

Send emails from a subdomain (e.g., resend.domain.com)
Add an SPF record for the subdomain
Add a DKIM record for the subdomain
Add a DMARC record for the subdomain
Include an unsubscribe link at the bottom of each email
Personalize emails using the recipient’s name
Avoid spam-trigger words like "free" or "earn money"
Avoid strange fonts, inconsistent layout, or excessive punctuation
Avoid linking to untrusted or suspicious websites

Payments

Stripe

Copy these SQL queries from the root server/ folder.

Paste & run them

server
- templates
  - stripe.sql
- edge-functions
  - handleStripeWebhook.ts

Create a Stripe account and activate payments.
In [Settings] → [Public Details], add your website URL.
In [Settings] → [Branding], add your logo and colors.
Enable payment and refund emails in [Customer Emails].
Optionally enable the customer portal in [Customer Portal].
Under [Rules], enable 3DS and block on CVC failure.
Turn ON Test Mode.
Create a product and copy the price ID into StripeBtn.tsx.
Add your API key to .env.local as STRIPE_SECRET_KEY.
Add PUBLIC_ENV__CUSTOMER_PORTAL_LINK to your .env file to allow users to manage their subscription and Stripe account via a dedicated portal.
Use Stripe CLI: stripe listen --forward-to localhost:3000/api/webhook/stripe
If using coupons, define them in server/controllers/stripe.ts
In Supabase, enable Vault and the Stripe Wrapper extension.
Define a new schema and name it : Stripe in your wrapper.
In your Supabase edge function, include STRIPE_SECRET_KEY and add the secret.
Deploy a new edge functions to handle Stripe webhook, past handleStripeWebhook.ts and deploy it.
In Supabase editor run stripe.sql

Going to production?

Disable Test Mode in your Stripe Dashboard.
In [Developers], copy your public and secret keys to the environment variableSTRIPE_API_KEY.
In [Webhooks], add a new endpoint with your domain + /api/webhook/stripe. Subscribe to checkout.session.completed (and others if needed). Copy the signing secret to STRIPE_WEBHOOK_SIGNING_SECRET.
Optional: Set your payout schedule in [Balance] → [Manage Payouts]
Optional: Enable emails in [Settings] → [Customer Emails]

Magic links

Supabase Magic Link Auth SMTP Setup Guide Resend Email Service Supabase Captcha Turnstile

Supabase automatically handles sending magic links when users sign in via email.

<!-- Template for Magic Link Email -->
<!-- Use this in Supabase Auth Email Templates section -->
<!-- Customize as needed for your business logic -->

<h2>Login with Magic Link</h2>

<p>Click the link below to log in:</p>
<p><a href="{{ .SiteURL }}/welcome/confirm?token_hash={{ .TokenHash }}&type=email">Log In</a></p>

In your Supabase dashboard, navigate to Authentication → URL Configuration. Add the following:
https://your-domain.com to Site URL and:
https://your-domain.com/** and http://localhost:3000/** to Redirect URLs.
Set up a custom SMTP server to send branded emails.
Configure email rate limits within your SMTP provider to avoid spam or abuse issues.
Consider using Resend for reliable and scalable transactional emails.
Go to Authentication → Attack Protection, enable Enable Captcha protection and choose Turnstile by Cloudflare.

Customer support

Crisp – Cloudflare Integration

Integrate live chat into your website using Cloudflare without writing any code.

Create a Crisp account .
Go to the Crisp Cloudflare Integration page and click Install the App.
Enter your Crisp Website ID when prompted.
Once installed, the chat widget is automatically embedded across your website, with no code required.

Error handling

Sentry Docs Vike Error Page Vike Error Tracking

Error tracking is already integrated using Sentry and a global event listener. You just need to provide your Sentry credentials to enable reporting.

# Sentry configuration
SENTRY_AUTH_TOKEN=
SENTRY_ORG=
SENTRY_PROJECT=
PUBLIC_ENV__SENTRY_DSN=

Fill in the required Sentry environment variables in your .env file.
The function sentryBrowserConfig() is already invoked in sentry.browser.config.ts to initialize Sentry on the frontend.
A global window.addEventListener("error") logs unhandled exceptions to the console.
A custom error page is defined at /pages/_error/+Page.js. It’s automatically shown when an error occurs or when throw render(abortStatusCode) is called.
Developer tooling is pre-configured with tsconfig.json, eslint.config.js, and .prettierrc already set up for a clean DX.

Analytics

Google Analytics Setup

Paste the tracking Google tag in .env files.

# Google Analytics
# Docs: https://support.google.com/analytics/answer/9304153
PUBLIC_ENV__GOOGLE_ANALYTICS=

Security

Keep your a11yStart app secure from common threats — safety first!

Sending limit in Resend

Resend limits – important

Free Resend accounts are limited to 100 emails/day and 3,000 emails/month. Each recipient in To, CC, or BCC counts toward the quota.

To prevent abuse or overuse, you can configure custom limits in your Resend paid plan.

View full Resend limits documentation

Monthly budget in OpenAI

OpenAI budget – recommended

If you're using OpenAI in production, make sure to set a monthly usage budget to avoid unexpected billing or abuse.

You can configure this directly from your OpenAI account settings.

Go to OpenAI usage settings

Rate limiting (Magic links)

Magic links – rate limits

Supabase rate-limits magic link emails by default. Without a custom SMTP provider, the limit is 3 emails per hour.

In production, it’s highly recommended to set up a custom SMTP service and define your own rate limits.

How to set up custom SMTP
How to update email rate limits

Rate limiting (API Routes)

Rate limiting – recommended for production

a11yStart does not enforce rate limiting by default, to let you choose your preferred strategy.

In production, we recommend adding protection against abuse on your API routes (e.g., auth, emails).

For Hono + Cloudflare, one popular solution is:
hono-rate-limiter + @hono-rate-limiter/cloudflare

View hono-rate-limiter on npm

Security Headers

server

Complete the following security headers according to your needs to improve your app’s security.

Schema Validation

zod

Even in TypeScript, runtime validation matters. Use Zod to protect your API routes from invalid payloads.

import { Hono } from 'hono';
import { z } from 'zod';

const app = new Hono();

const schema = z.object({
  username: z.string().min(3),
  age: z.number().int().positive(),
});

app.post('/user', async (c) => {
  const data = await c.req.json();
  const parsed = schema.safeParse(data);

  if (!parsed.success) {
    return c.json({ error: 'Invalid data' }, 400);
  }

  return c.json({ message: 'User created' });
});

Deployment

Build & deploy serverless functions, sites, and full-stack applications.

Workers & Pages

Go to Workers & Pages → Create
Select Pages as your deployment target
Choose Import a Git repository → Get Started
Follow the setup steps provided by Cloudflare
Sync your local .env usingpnpm sync:env in the terminal

Extras

Extra tools and tips

Setup

Vike documentation

Learn more about the metadata file convention.

Add your logo to the /assets folder as icon.svg.
Create a 1200×660 image for social media previews. Name it previewImage.jpg and place it in the /assets folder.
Generate your site favicon using a free favicon generator. Download the ZIP and extract its content into the /public folder.

Useful external ressources

Documentation
- Supabase
  Realtime database and auth
- Vike
  SSR and routing for React
- Stripe
  Secure payment integration
- Resend
  Email for developers
- Mailo
  Private email provider
- Cloudflare
  Edge functions, CDN, security
- React
  UI library for building interfaces
- TypeScript
  Typed JavaScript for better DX
- Mantine
  Accessible UI components
- Hono
  Tiny web framework for the Edge
- Sightengine
  Image content moderation API
- IPQualityScore
  Fraud and bot detection
- Sentry
  Error monitoring and logging
- Jotai
  Minimal atomic state management
Useful Resources
- Mantine UI
  Component examples and recipes
- Mantine Hub
  Component registry with props visualizer
- Tabler Icons
  Open-source icon set
- Favicon Checker
  Validate favicon configuration
- OG Validator
  Test Open Graph metadata
- Rich Results Test
  Validate schema.org data
- SEO Checker
  Audit your site's SEO
- PageSpeed Insights
  Performance and Core Web Vitals
- Security Headers
  Test HTTP headers

Follow updates

Stay in the loop with the latest updates and news 🚀📢

Get notified on GitHub

Follow a11yStart on GitHub