The product OS for the AI age

Only the prepared survive.
Ship like you mean it.

AI is rewriting every rule in software. The teams that win aren't the biggest — they're the ones with the strongest foundation. This is that foundation.

Stay in the Loop See it live

app.yourproduct.com

Dashboard

Projects

Team

AI Agents

Analytics

Settings

MRR

€12,400

+18.2%

Active users

2,847

+5.4%

AI queries

14.2k

+42%

Revenue Last 6 months

New subscription — Acme Corp (Growth plan) 2m ago

AI agent completed — Project analysis for Initech 8m ago

Deploy succeeded — v2.14.0 (3 commits) 1h ago

The inflection point

AI is killing SaaS. Good.

The companies still piecing together ten SaaS tools per product, still deploying from laptops, still telling the board that AI is “next quarter” — they're the ones getting disrupted. A small team with the right foundation now outships organizations a hundred times their size — and the gap is only widening.

The old way

✗ Months of setup before product work

✗ 10 SaaS tools stitched together

✗ MVP that breaks at 100 users

✗ AI is “next quarter” — every quarter

✗ Manual deploys, zero observability

With Epoch

✓ Ship product features from day one

✓ One integrated system, nothing to glue

✓ Production-grade from first commit

✓ AI agents & MCP from the start

✓ One-command deploy, full observability

Whether you've just closed a funding round, you're launching a new product line, or modernizing a legacy stack — Epoch is the foundation that lets your team focus on product, not plumbing.

You ship product. Not infrastructure.

Your 3-person team ships like a 30-person org. You deploy on day one, serve enterprise customers on day thirty, and never rewrite your foundation. Here's what makes that possible.

186

features you don't build

Auth, billing, AI agents, MCP, multi-tenancy, notifications, webhooks, search, observability, GDPR. Every one integrated and tested — so you build product, not plumbing.

1,600+

tests run every commit

Refactor fearlessly. Ship confidently. Your CI catches what you miss — backend, E2E, and visual regression on every push.

rewrites to scale

Production Kubernetes from commit one. The same architecture serves your first customer and your thousandth — no rewrite, no migration, no re-platform.

<€10

per month, full stack

Enterprise architecture at indie cost. Kubernetes on Hetzner + Cloudflare CDN. Scale horizontally when revenue justifies it.

How you get there

186 features, 1,600+ tests, architecture docs, and a Definition of Done — everything wired together so your team (and Claude Code) can ship with confidence, not just speed.

AI Agents & MCP

Your product speaks agent from day one. Five agent types with auto-routing, streaming, and human-in-the-loop. Every API endpoint is an MCP tool — so Claude, Copilot, and custom agents can use your product natively.

Multi-tenancy & RBAC

Serve enterprise customers from week one. Full tenant isolation, four roles, team management, whitelabel branding, and onboarding checklists — all built in.

Stripe Billing

Revenue flowing before your trial ends. Checkout, customer portal, trials with auto-expiry, subscription gates, and usage tracking — webhook-driven with 25+ behavioral tests.

Production Kubernetes

Deploy without a platform team. One-command push to k3s with Helm charts, OpenTofu IaC, rolling deploys, and horizontal scaling. Cloud-agnostic. Under €10/month.

Full Observability

Know everything. Fix anything. Sentry APM, OpenTelemetry tracing, structured logging, audit trail, and PostHog analytics — wired up from the first deploy.

60+ Design Primitives

Beautiful by default. Accessible by design. shadcn/ui components, Storybook, WCAG 2.1 AA, dark mode, i18n in 6 languages, PWA — mobile-first from 320px.

CI Quality Gate

Refactor fearlessly. Ship confidently. 1,600+ tests, visual regression, and accessibility audits run on every commit — quality enforced in the pipeline, not in code review.

Agentic Development

Claude Code ships features, not just code. Architecture docs, Definition of Done, specialized review agents — every workflow designed for AI-augmented development.

Every feature. No asterisks.

186 production features across 13 categories. Expand any section to see the full list.

Authentication & Security — Enterprise-grade auth, MFA, OAuth 2.1, and security hardening

Session-based auth (httpOnly, SameSite, Secure)
API key auth (SHA-256 hashed, shown once)
OAuth 2.1 with PKCE + dynamic client registration
Google + Microsoft social login
TOTP authenticator app MFA
WebAuthn / Passkey support
Recovery codes
Email verification (mandatory)
Password reset flow
RBAC — Owner, Admin, Member, Viewer
CSRF protection on all mutations
Rate limiting (login, registration, API)
LLM prompt injection prevention
Request body size limits (5MB)
API key tenant mismatch detection
Passkey-encouraged signup (progressive registration)
Account enumeration prevention
Security headers (HSTS, CSP, X-Frame-Options)
Dependency vulnerability scanning (Dependabot, pip-audit, npm audit)

Multi-tenancy & Teams — Full tenant isolation, team management, branding, and invitations

Tenant-scoped data isolation (middleware + model layer)
Team invitations with email + token hashing
Member role management (change, remove)
Extended member profiles (avatar, phone, timezone, title)
Tenant branding — OKLCH color customization
Tenant logo upload (presigned URLs)
Tenant slug + display name
Session version tracking (force re-auth on role change)
Cross-tenant context safety via signals
MFA enforcement per tenant
Onboarding checklist (floating widget, progress ring, confetti)
Configurable onboarding steps (admin-defined, auto-progress)
APP_NAME whitelabel branding (emails, admin, MFA issuer)

AI Agents & LLM — 5 agent types, tool registry, auto-routing, streaming, HITL

Web search agent (Serper.dev + synthesis)
KB support agent (RAG with citations)
Project status agent (read-only analysis)
Project creation agent (HITL confirmation)
Project ideation agent (brainstorm + web search)
Auto-routing via LLM classification
Conversation threading (multi-turn)
SSE streaming via Redis pub/sub
Human-in-the-loop (pause/resume)
Tool whitelisting per agent type
Cost controls (max iterations + time limit)
LLM factory with multi-provider support (litellm)
Model fallback chains
Prompt injection sanitization
LLM usage tracking per call
OpenAI function calling export

MCP Server — Every endpoint is an MCP tool — Streamable HTTP, OAuth 2.1, stateless

Streamable HTTP transport (JSON-RPC)
OAuth 2.1 Bearer token auth
API key auth (backward compatible)
Dynamic client registration (RFC 7591)
PKCE + loopback redirect URIs
Platform provisioning (ChatGPT, Copilot Studio, Vertex AI)
Stateless per-request auth (horizontal scaling)
Token lifecycle (1h access, 30-day refresh + rotation)
Stale token + client cleanup (Celery Beat)
Connected Apps management UI

Billing & Monetization — Stripe integration, trials, subscription gate, billing portal

Stripe integration via dj-stripe
Checkout session creation
Customer portal link
Plan + PlanFeature models
Trial auto-creation on signup
Trial expiring + expired notifications
Subscription gate (paywall component)
LLM usage tracking per feature
Webhook-driven sync (25+ behavioral tests)
3 fixture plans for development

Notifications & Webhooks — Email, in-app SSE, push, HMAC-signed webhooks, lifecycle emails

Email notifications (Resend / any SMTP)
In-app SSE real-time notifications
Push notification channel
Per-category, per-channel preference management
Mandatory notification flags
HMAC-SHA256 signed webhooks
Webhook retry with delivery log
Curated event catalog (internal → public mapping)
Branded email templates (dark mode, Outlook VML)
Welcome email on verification
Trial expiring / expired lifecycle emails
Weekly changelog digest (Celery Beat)
Notification bell with SSE dropdown inbox

Search & Knowledge Base — Hybrid vector search, RAG, help center, in-app help widget

Hybrid search (vector + keyword, RRF fusion)
pgvector embeddings (HNSW index)
Stored tsvector with GIN index
Keyword fallback (SQLite-compatible)
Unified search dispatcher
Knowledge base articles (Markdown + frontmatter)
Heading-aware chunking (500-token sections)
Help center (Docusaurus, Cloudflare Pages)
Dual docs (user guides + developer docs)
Client-side search (Pagefind)
In-app help widget with KB search
Contextual help links to articles
"Ask AI" button → RAG support agent
Cmd+K command palette (global search)
6 locales in help center

Observability & Operations — Sentry, OpenTelemetry, structured logging, audit trail, PostHog

Sentry error tracking + structured logs
Sentry APM (application performance monitoring)
Automated error triage + GitHub issue creation (scheduled)
OpenTelemetry distributed tracing
Auto-instrumentors (Django, Celery, Redis, psycopg, httpx)
Manual spans on LLM calls + tool execution
Structured logging (JSON prod, text dev)
Audit trail (EventLog with tenant + user attribution)
Audit categories (billing, team, projects, agents, system)
Audit log UI with filtering + date range picker
django-simple-history (field-level change tracking)
PostHog analytics (frontend events + tenant/user identity)
Live dashboard (animated metrics, sparklines, activity feed)
GDPR-safe (no PII in errors or logs)

Infrastructure & Deployment — Kubernetes, Helm, OpenTofu, Cloudflare, GitHub Actions, <€10/month

Kubernetes deployment (k3s on Hetzner)
Helm umbrella chart (app, worker, beat, migrations)
OpenTofu infrastructure-as-code
Cloud-agnostic (Hetzner, GCP, AWS — same Helm chart)
Cloudflare CDN + DNS
Cloudflare R2 for static/media storage
Presigned URL file uploads (S3-compatible)
GitHub Actions CI/CD pipeline
Docker multi-platform builds (ARM64)
Celery worker + dedicated agents queue
Celery Beat for scheduled tasks
PostgreSQL 16 with pgvector
Redis 7 (cache + pub/sub + task broker)
Horizontal scaling (stateless pods, shared-nothing)
High availability (CloudNativePG, rolling updates)
Zero-downtime rolling deploys (Helm + K8s)
Under €10/month full-stack cost

Frontend & Design System — 60+ primitives, Storybook, WCAG 2.1 AA, i18n, dark mode, mobile-first

60+ shadcn/ui design system primitives
Composed components (DataTable, FormField, Sidebar, etc.)
Storybook with autodocs + accessibility addon
Chromatic visual regression testing
WCAG 2.1 AA accessibility (lint + dev + CI)
Dark mode (system preference + manual toggle)
Mobile-first responsive (320px minimum)
OKLCH color tokens (perceptual uniformity)
Tenant branding via CSS variable override
React 19 with TanStack Query
Type-safe API client (openapi-fetch + generated types)
i18n with 6 languages (LLM-translated)
Code splitting (route-level lazy loading)
Route-level error boundaries
PWA / service worker (offline-ready)
Glassmorphism design system (centralized .glass utility)
Drag-and-drop file upload component
HEIC/HEIF mobile image support

Developer Experience — Claude Code skills, dev.sh CLI, architecture docs, automated workflows

Claude Code skills (/add-primitive, /generate-page, /new-api-endpoint, etc.)
Claude Code hooks + subagents
Architecture docs + decision records
dev.sh CLI for everything (setup, serve, test, deploy, lint, ci)
Worktree-isolated development (parallel branches, isolated ports)
Automated changelog from PRs (LLM-rewritten)
Automated i18n translation pipeline
Management commands (seed, reindex, preview email, etc.)
Conventional commits via /commit skill
PR automation via /create-pr skill
Definition of Done checklist (enforced in CI)
Superuser management portal (branded Django admin)
Email preview management command
1,600+ automated tests (backend + E2E + visual)

GDPR & Compliance — Consent tracking, data export, account deletion, legal pages

Consent tracking (ConsentRecord + versioned legal terms)
Terms of Service + Privacy Policy pages
User data export (Art. 20 GDPR)
Account deletion with anonymization
Ownership guard (prevent orphaned tenants)
Admin audit logging (AuditedModelAdmin)
Admin tenant deletion with requester metadata
No PII in error tracking or logs
Session replays disabled
No tracking cookies (mandatory-only, no consent banner needed)

Automated Processes — CI/CD, error triage, code reviews, translations, changelogs, documentation

CI on every push (lint, test, build, type-check, a11y)
Automated code + security review on every PR
Definition of Done verification before merge
Automated root cause analysis from Sentry errors
GitHub issue creation from production errors
Automated changelog generation from merged PRs
LLM-rewritten release notes (customer-friendly)
Automated i18n translations (6 languages)
OpenAPI schema drift detection in CI
Visual regression testing (Chromatic on every PR)
API type generation (backend → frontend sync)
Knowledge base article generation from PRs
KB embedding sync (Markdown → vectors)
Stale OAuth token + client cleanup (daily)
Webhook delivery log pruning (daily)
Trial expiry notifications (daily)
Orphaned media file cleanup

Developer experience

The fastest feedback loop in software

Claude Code isn't just a tool — it's the development interface. Skills, hooks, subagents, architecture docs. Every workflow designed so AI ships production features, not just code.

AI knows the architecture

Decision records, architecture docs, and a Definition of Done — so Claude Code makes good choices, not just fast ones.

Automated quality gates

Security review, code review, visual regression, and accessibility audits run automatically on every PR.

One CLI for everything

./dev.sh — setup, serve, test, lint, deploy. Works in parallel worktrees with isolated ports.

Ship-ready automation

Changelog from PRs, i18n translations, API type sync, email previews — the boring stuff handled for you.

terminal

$ ./dev.sh setup

✔ Dependencies installed

✔ Environment configured

$ ./dev.sh serve

▶ Backend running on :8000

▶ Frontend running on :5173

▶ Celery worker ready

$ ./dev.sh deploy

✔ CI passed (1,642 tests)

✔ Docker images built & pushed

✔ Helm upgrade complete

🚀 Live at app.yourproduct.com

Built by Jesse Nieminen

Ex-bootstrapped PLG founder (exit) · Former CPO at scale-up

"This isn't a weekend project. It's the system I wish I had when I started my first company — 15 years of hard-won lessons distilled into every architecture decision, security guardrail, and operational workflow."

Built for teams that ship

Funded startups

You've raised capital and need to ship fast without burning runway on infrastructure. Skip months of setup and start building your product on day one — with enterprise-grade foundations your board will respect.

New ventures at scale

Your company is launching a new product line or business unit. You need production-grade infrastructure from day one — not a prototype that needs to be rewritten before it can serve real customers.

Legacy modernization

Your current stack is slowing you down while competitors ship AI features weekly. Replace years of technical debt with a modern, AI-native architecture — purpose-built for the speed the market now demands.

Frequently asked

Who is this for?

Founders, CTOs, and CPOs who believe AI is reshaping software — and want to be on the right side of that shift.

Specifically: funded startups that need to ship fast without burning runway on infrastructure, companies launching new product lines that need production-grade foundations from day one, and teams modernizing legacy stacks while competitors ship AI features weekly.

If you're evaluating SaaS boilerplates by feature checklist, this probably isn't for you. If you're looking for the strongest possible foundation for what comes next — it is.

Does this actually work? Why should I trust it?

Track record. Built by a former bootstrapped founder (exit) and CPO at scale — 15 years of shipping production SaaS, distilled into opinionated architectural choices. Every decision has a reason. Every trade-off is documented.

Good taste. This isn't a framework that tries to be everything. It's an opinionated system that makes strong choices — Django + React, Kubernetes over serverless, Postgres over NoSQL, session auth over JWT — and commits to them fully.

Try it yourself. The entire system is running live right now. Sign up, explore the UI, browse the help center and developer docs. The best way to evaluate Epoch is to use it.

Why this tech stack?

Every choice optimizes for the same things: enterprise-grade, battle-tested, AI-native, open source, and provider-agnostic.

Python + Django — the AI ecosystem's lingua franca. Async-ready, mature ORM, massive talent pool. Django Ninja adds type-safe APIs without the weight of DRF.

PostgreSQL + pgvector — one database for relational data, full-text search, and vector embeddings. No separate vector DB to manage. Battle-tested at every scale.

React + TypeScript — the largest ecosystem, the deepest talent pool. shadcn/ui gives you accessible primitives you own, not a dependency you rent.

Kubernetes + Helm — real infrastructure, not a platform lock-in. Runs on Hetzner at €10/month today, migrates to GCP or AWS tomorrow. Same Helm chart, zero rewrites.

Everything open source — no vendor lock-in at any layer. Swap email providers, cloud providers, or LLM providers without touching your application code.

Why not use another boilerplate?

Most boilerplates give you auth and a landing page. That's the easy 10%.

Epoch ships the hard 90%: multi-tenancy with real tenant isolation at every layer, AI agents with human-in-the-loop, an MCP server so your product works with Claude and Copilot natively, production Kubernetes you actually deploy to, 1,600+ automated tests, full observability, GDPR compliance, and 186 production features — all integrated and working together.

This isn't a starting point you outgrow in month three. It's the foundation you build your company on.

Only the prepared survive.
Be prepared.

You'll only hear from me when there's something worth reading or trying.

Or see it live

Only the prepared survive. Ship like you mean it.