free
Authentication
better-auth under the hood. Magic links, email+password, OAuth (Google + Apple), and an admin plugin for impersonation — all free.
better-authOAuthMagic link
Orbit ships the parts of a SaaS you always have to build anyway — and leaves the product to you. Every feature below is toggleable at scaffold time via the CLI, so you only keep what you need.
better-auth under the hood. Magic links, email+password, OAuth (Google + Apple), and an admin plugin for impersonation — all free.
Workspace is the tenant root. Slug-based URLs, ownership transfer, member management, and invite flows wired end-to-end.
Permission-based access control at workspace scope. System roles (OWNER/ADMIN/MEMBER) plus custom roles. Checked in one place on the server, surfaced by useCan() hooks on the client.
In-process WebSocket hub broadcasts domain events to workspace channels. Presence tracker with a 30-second grace window, heartbeat every 25s.
Prisma 7 schema with branded, prefixed UUIDv7 IDs. DDD bounded contexts with a shared Unit of Work that dispatches domain events post-commit.
Turborepo, Vite, TypeScript 6, vitest, coss ui (coss.com/ui) + Base UI, Tailwind v4, and a single npm run dev that starts api, web, www, and webhook tunnel.
Second tier of grouping — each team carries its own roles, members, and permission set, nested under a workspace. Adds a second PBAC scope.
Stripe, Polar, or Dodo Payments — same BillingProvider port. Checkout sessions, customer portals, signature-verified webhooks, and an append-only billing event ledger.
Mailer is a port. Ships with a Resend adapter and React Email templates for magic links and workspace invites. Free tier logs emails to stdout in dev.
UploadThing wiring for avatars and workspace assets, behind a clean Uploads bounded context so you can swap providers without touching product code.
Jobs behind a port. graphile-worker by default (Postgres-backed, with cron) and an Upstash QStash adapter for serverless deploys.
RateLimiter port with an in-memory fallback for dev and Upstash Redis or Unkey adapters for production. Auth and waitlist endpoints ship with layered per-IP and per-email limits so one address can't be ground down by a botnet.
Append-only ledger at two scopes. A workspace-scoped log for tenant admins and an app-wide log for platform moderation. Entries are materialised by a post-commit projector listening to domain events, so services never write audit rows directly. Permission-gated view + export.
The CLI only includes the features you picked — no dead code, no config flags, no runtime overhead. Turn billing off and the folder, routes, env vars, and Prisma models all vanish from your project.