Finally, a zero config boilerplate for AI-native software engineers
Designed by engineers living on the bleeding edge of AI-driven software development, CursorCraft is an AI-native Next.js SaaS starter, complete with database, auth, payments, and emails.
Perfect for engineers with a prompt-first working style who like to move fast.
Your Cursor just got as efficient and reliable as a Senior Software Engineer you can truly collaborate with
CursorCraft's integrated rulefiles make sure you never have to micromanage or interrupt your AI again. It's like your prompts just got an invisible power-up. No setup required.
- .cursor
- rules
- react-best-practices.mdc
- ui-and-design-guidelines.mdc
- security-guidelines.mdc
- project-structure.mdc
- product-context.mdc
- seo.mdc
- and more...
- commands
- deslop-ai-generated-code.mdc
- brainstorm-new-features.mdc
- refactor-code.mdc
- scaffold-new-feature.mdc
- generate-legal-pages.mdc
- push-and-review-changes.mdc
- security-audit.mdc
- and more...
All of these rules and commands come included with CursorCraft.
Ready to use from day one. No setup, no configuration.
Without rules
- Stripe webhooks silently fail, losing payments
- Protected routes accessible to anyone
- No rate limiting = bot attacks
- AI generates spaghetti code every time
- Security holes you won't find until hacked
With CursorCraft
- Webhooks verified and logged automatically
- Auth middleware applied consistently
- Rate limits on all sensitive endpoints
- AI follows your exact architecture
- Security best practices built-in
Your AI just received a level-up
Premium-grade skills turn your AI into a true product builder companion.
Move faster and be more effective throughout the entire product building process by using six custom-tailored commands directly in Cursor. Find vulnerabilities, fix nasty bugs and generate entire features. Works every single time -- no prompting required.
DeslopClean up AI code
Cursor responds
I've cleaned up the component. Removed redundant state, simplified the conditionals, and extracted the avatar logic into a separate component.
- const [isLoading, setIsLoading] = useState()- const [error, setError] = useState(null)- useEffect(() => { ... 40 lines })+ const { user, isLoading } = useUser()+ if (isLoading) return <Skeleton />
RefactorModernize code
Cursor responds
Converted the client-side fetch to a Server Action. The component is now async and doesn't need loading state.
- const [data, setData] = useState(null)- useEffect(() => { fetch... })+ const data = await getInvoices()+ return <Dashboard data={data} />
Security AuditFind vulnerabilities
Cursor responds
Found a critical issue: webhook signature verification is missing. Anyone could fake payment events.
const body = await req.text()+ const sig = req.headers.get('stripe-signature')+ const event = stripe.webhooks.constructEvent(+ body, sig, process.env.WEBHOOK_SECRET+ )
BrainstormGenerate ideas
Cursor responds
Here are ideas to drive daily engagement based on your product:
Create PRPush and open PR
Cursor responds
I've pushed your changes and created a pull request with a summary of the changes.
You
Cursor
I've cleaned up the component. Removed redundant state, simplified the conditionals, and extracted the avatar logic into a separate component.
- const [isLoading, setIsLoading] = useState()- const [error, setError] = useState(null)- useEffect(() => { ... 40 lines })+ const { user, isLoading } = useUser()+ if (isLoading) return <Skeleton />
Everything Included
Production-ready from clone
Every piece you need to ship a SaaS. No glue work, no integration headaches.
Infrastructure
Authentication
- Google & GitHub OAuth pre-configured
- Magic link passwordless login
- Session management with secure cookies
- Protected route middleware
Payments
- Stripe & Polar checkout flows
- Complete billing setup
- Billing components included
- Webhooks & auto-sync to database
Database
- Drizzle ORM with type-safe queries
- Supabase & Neon ready
- Migration setup included
- User & subscription schema
Emails
- Customizeable mail templates
- Magic link & welcome emails
- Resend integration
- Easy to add new templates
Developer Experience
Cursor Rules
- 20+ rule files for auth, billing, db, email, SEO & more
- 10+ ready-to-use commands
- Consistent AI output & less hallucinations
- Auto-applied context for every prompt
- No more re-explaining your stack
Setup Checker
- Validates env vars on startup
- Blocks on missing required config
- Quick setup dashboard
- Clear error messages
API
- tRPC integration
- Type-safe client & server
- Reusable & extensible procedures
- End-to-end type safety
- Built-in error handling
Design / UI
Dashboard
- Responsive sidebar layout
- Protected route structure
- User settings page
- shadcn/ui components
Landing Page
- Theme switcher included
- 5 sections ready to customize
- Color, font & spacing presets
- Mobile-optimized layout
SEO
- OpenGraph image generation
- Sitemap auto-generation
- JSON-LD structured data
- Meta tags configured
AI
AI Chat
- Choose your provider
- Streaming responses
- System prompt support
- Beautiful chat UI
Choose your package
Starter
The complete boilerplate
one-time payment
- Next.js 15, React 19, TypeScript
- 11 Cursor rules + 14 commands/skills
- Google & GitHub OAuth
- Magic link login
- Stripe & Polar payments
- Drizzle ORM (Supabase/Neon)
- tRPC API layer
- React Email (Resend)
- AI chat (Vercel AI SDK)
- Dashboard + shadcn/ui
- Landing page + SEO
- Setup checker + security
For builders who want the code and will self-serve
All-In
Boilerplate + updates + support
one-time payment
- Next.js 15, React 19, TypeScript
- 11 Cursor rules + 14 commands/skills
- Google & GitHub OAuth
- Magic link login
- Stripe & Polar payments
- Drizzle ORM (Supabase/Neon)
- tRPC API layer
- React Email (Resend)
- AI chat (Vercel AI SDK)
- Dashboard + shadcn/ui
- Landing page + SEO
- Setup checker + security
- Lifetime updates
- Discord community
- Priority support + setup call
- Setup guarantee (full refund if stuck)
For builders who want ongoing updates and help when stuck
Frequently Asked Questions
What's the difference between Starter and All-In?
Starter gets you the complete boilerplate — everything to ship a SaaS. All-In adds lifetime updates, Discord community, and priority support with a setup call.
What if I'm new to Cursor?
The boilerplate includes guides and the rules work automatically. You'll learn by building.
Can I use this for multiple projects?
Yes. The license allows unlimited personal and commercial projects, including client work.
What is the tech stack?
Next.js 15, TypeScript, Tailwind CSS, shadcn/ui, Auth.js, Stripe/Polar, Resend, and Supabase/Drizzle.
What does 'lifetime updates' mean?
All-In buyers get every future update forever. New integrations, improved patterns, major versions — all included.
Is there a refund policy?
Since the code is yours immediately, we can't offer refunds. But builders consistently ship and earn back their investment within weeks.
Won't all these rules increase my token usage?
The rules are intentionally short and focused. The extra tokens are minimal, and the quality improvement in AI output more than makes up for it. You'll spend less time fixing bad code than you would on a few extra tokens.
Meet the Creator
Waldemar Panin
Product Engineer & Founder
Hey, I'm Walde. I've shipped products for years. When Cursor came out, I went deep — figured out what makes AI actually useful vs. what makes it spit out garbage.
Started with the free Cursor Kit to share what I learned. This boilerplate is the full production setup I use for my own projects.