// the find
velobase/velobase-harness
From code to cash — open-source SaaS boilerplate with Stripe, affiliate, attribution & usage-based billing for AI apps. T3 stack + Next.js 16.
Velobase Harness is a Next.js 15 + T3 stack boilerplate targeting indie devs and small teams who want to ship a monetized AI SaaS without hand-rolling payments, usage metering, affiliates, and anti-abuse from scratch. It bundles Stripe billing, a double-entry affiliate ledger, server-side attribution (UTM/Google Ads/X pixel), BullMQ workers, and anti-abuse tooling into a single MIT-licensed repo. It's explicitly designed to be driven by AI coding agents, with AGENTS.md, CLAUDE.md, and Copilot instructions checked in.
- The billing surface is genuinely broad: credit-based metering, subscription cycles, promo codes, multi-currency pricing, Stripe webhook logging, and Telegram Stars are all in the migration history — rare for a free template.
- Deployment artifacts are first-class: separate Dockerfiles per service (web, worker, api), Kubernetes kustomize base, GitHub Actions workflows, and a docker-compose for local dev with optional Stripe CLI profile. You can actually get this to prod without inventing your own infra story.
- The affiliate system uses a double-entry ledger with refund clawbacks and a locked-status commission flow — that's the right accounting model, not the naive 'just add a column' approach most boilerplates take.
- Documentation is bilingual (EN/zh-CN) with distinct AI-task guides, a completion checklist, and an AGENTS.md that gives AI coding tools concrete rules about framework boundaries — useful given the stated vibe-coding audience.
- No unit or integration test suite worth speaking of: the README openly states 'package.json does not define a general unit-test script' and coverage is smoke tests in docker-compose.test.yml. For billing and ledger code, this is a real gap — one bad webhook handler can cause financial data corruption.
- The schema is clearly extracted from a real production app (video generation tasks, watermark removal, Feishu/Lark threads, GitHub repository tables) and not fully cleaned for general use. Adopters will need to surgically remove domain-specific tables and migrations before it's a neutral starting point.
- Version mismatch in the README: badges say Next.js 15 but the description says 'Next.js 16', and the README has a commented-out TODO for the demo GIF. These small inconsistencies signal the repo is moving fast with loose QA on docs.
- The USDT cashout path for affiliates introduces cryptocurrency handling with no guidance on KYC, sanctions compliance, or tax reporting implications — this will surprise teams in regulated markets who pick this up without reading the fine print.