The factory stack and decisions

Next.js 14 (App Router) + TypeScript strict

Next.js 14 because it's the only framework with first-class Vercel deploys, mature Server Actions, and a healthy job market. TypeScript strict because at portfolio scale, runtime bugs in product 30 are not debuggable — we want them to fail at compile time. No any. No // @ts-ignore.

Supabase (Postgres + Auth) over alternatives

Postgres + Auth in one product. Generous free tier covers M1-M3 for any product. RLS (Row-Level Security) is the killer feature: every table has RLS enabled, every policy is declared in migrations, and the pr-reviewer agent fails the build if a new table lacks RLS. That's how we sleep at night with N production databases.

We considered Neon + Auth0 (separate concerns) and Convex (single doc DB). Supabase won on RLS-by-default and on the indie hacker price point.

Stripe for payments, Lemon Squeezy as EU fallback

Stripe is the default. Lemon Squeezy is the EU-VAT fallback for products targeting an EU consumer audience where merchant-of-record handling is non-negotiable. The webhook handler is shared — only the client SDK differs.

Claude Code over Cursor / Aider / Copilot

Claude Code is the only agent harness that genuinely supports --dangerously-skip-permissions — i.e., autonomous mode with file-system + shell access — at production quality. The session model (persistent, restartable, with hooks) maps cleanly to multi-product workflows. Cursor is excellent for single-file edits but not for a 10-agent system. Aider is great but has fewer first-class hooks.

That choice is not religious. If a different harness ships something better, the agent prompts (which are the actual asset) port across. The current implementation just happens to live inside Claude Code.

Vercel for hosting, Cloudflare for DNS

Vercel is the path of least resistance for Next.js. Cloudflare for DNS because it's free, fast, and has the API needed for setup-cloudflare.ts to wire CNAMEs without a manual UI step. Cloudflare proxying is off so Vercel sees real IPs and the cert-provisioning step works.

Resend over SendGrid / Mailgun / Postmark

Resend has the cleanest DX (TypeScript-first SDK), a generous free tier (3,000 emails/mo), and the React-Email integration we use in the email templates. Postmark is also excellent; we picked Resend for the indie price point.

PostHog for analytics, EU region

PostHog gives us product analytics + session replay + feature flags in one tool, with a free tier large enough that no Phase-1 product hits the cap. EU region by default for compliance with EU buyers. The analyst background agent reads PostHog data daily.

Vitest + Playwright, not Jest

Vitest because it's faster than Jest, has native ESM support, and shares its config language with Vite (which Next.js 14 leans on). Playwright for e2e because it's the only e2e tool that handles modern Next.js (server actions, streaming, app router) without surprises.

Conventional Commits + GitHub Actions

Conventional Commits because changelog generation, release notes, and the tech-writer agent all parse them automatically. GitHub Actions because every repo is on GitHub already; CI workflows live next to the code; and the free tier is plenty for indie volume.

What we explicitly chose NOT to do

• No multi-tenant SaaS abstraction. Every product is its own deployment, its own DB, its own Stripe. The blast radius stays small.
• No custom UI framework. We use Tailwind + Shadcn primitives. If you want a different look, swap the tokens.
• No bring-your-own-LLM abstraction. Claude Code is the harness. The agent prompts can run elsewhere if needed, but we don't pretend to be model-agnostic.
• No mobile boilerplate. Web + CLI + MCP only. If your product is mobile-native, this isn't the right foundation — yet.
• No marketplace / app store. The repo is private. There's no plugin system, no community templates, no UGC. Quality over scale.

When we'll change our mind

Stack decisions get re-litigated quarterly. If a buyer ships something that breaks because of one of these choices, we revisit. The README and the docs you're reading get updated when we do. No stealth pivots.