A production-ready AI chat starter for TanStack Start
TanStack Start Template is a free, open-source chat starter that pairs modern tooling, auth, and real-time data so you can focus on your product instead of plumbing. Server-first by default, progressively enhanced for the richest user experiences.
Explore a fully functional demo with AI chat, dashboard analytics, admin user management, and profile settings, all showcasing real-time data updates and production-ready patterns.
Pre-configured with a production-ready toolchain
Best-of-breed platforms wired together in this free, open-source template so teams can ship quickly without compromising on reliability or developer experience.
TanStack Start
File-based routing, SSR, and progressive enhancement.
Convex
Realtime database operations with zero client boilerplate.
Netlify
Serverless hosting and edge delivery tuned for TanStack Start.
BetterAuth
Email-first authentication with session management baked in.
Resend
Transactional emails for auth flows and lifecycle messaging.
Oxc
Fast linting, formatting, and type-aware analysis for the codebase.
React 19
Modern UI library powering server and client rendering.
Shadcn/UI
Accessible component primitives ready for rapid iteration.
Tailwind
Utility-first styling with design tokens configured for the template.
TypeScript
Type-safe foundations from server to client with strict typing.
Vite
Lightning-fast dev server and build pipeline optimized for React.
Zod
Type-safe validation for data schemas.
Optimized for speed, security, and real-time experiences
Built with modern web patterns that deliver exceptional performance while maintaining strict security boundaries.
SSG for Public Pages
Marketing and authentication routes render as static HTML for instant first paint and optimal SEO. No JavaScript required for initial page loads, with progressive enhancement for rich interactions.
SPA Mode for Authenticated Pages
Application routes run as a single-page app with Convex real-time queries. Zero waterfalls, instant updates, and seamless navigation between protected areas of your application.
Universal RBAC Infrastructure
Role-based access control enforced on both client and server with minimal database hits. Single capability map drives all authorization, with automatic cache invalidation for real-time role updates.
Infrastructure you'd otherwise build yourself
Authentication, file handling, audit logging, and access control — configured and enforced, not left as an exercise for the reader.
Authentication
MFA on by default. Progressive account lockout. Step-up verification for sensitive operations like credential changes and admin actions.
File Upload Pipeline
Uploads quarantined before serving. Validated against magic bytes, scanned for malware via GuardDuty, checked for macros and archive bombs.
AI Privacy
Zero Data Retention enforced on every vendor request. Web search disabled by default, configurable per organization.
Audit Log
Security events logged with tamper-proof hash chain and immutable archival. Queryable from the admin surface, exportable as JSONL.
Rate Limiting
Token-bucket limits on auth, chat, file access, and AI endpoints. Configured out of the box.
Content Security Policy
Strict CSP headers with nonces, frame-ancestors, and form-action restrictions. Tightened by default, not left permissive.
Tenant-Isolated Storage
File paths scoped by organization. Signed, time-limited URLs for access. No shared namespace across tenants.
Support Access Grants
Time-boxed, scoped, and tracked. Auto-expiring grants with usage logging so support can help without permanent access.