Full-stack .NET 10 + SvelteKit foundation. Auth, permissions, background jobs, admin panel — production-ready out of the box.
Clean Architecture. Fully tested. Fully dockerized. API-first — use the included frontend or bring your own.
Every project starts the same way: authentication, role management, rate limiting, validation, API documentation, Docker setup... You spend weeks on infrastructure before writing a single line of business logic.
NETrock skips all of that. It ships a production-hardened .NET 10 API with a complete SvelteKit frontend — real security, real patterns, and real conventions that scale. Login works. Token rotation works. The permission system enforces role hierarchy. The admin panel manages users, roles, and background jobs. The Docker stack spins up with health checks. CI runs your tests.
Fork it, init it, own it. After initialization, there is no dependency on "the template." It's your code, your architecture, your product. Every decision is documented so you can understand it, change it, or throw it away.
Backend — JWT auth with token rotation and reuse detection, permission-based authorization with role hierarchy, rate limiting, Redis caching with auto-invalidation, PostgreSQL with soft delete and audit trails, S3-compatible file storage (MinIO locally, any S3 provider in production), Hangfire background jobs, OpenAPI docs, health checks, Result pattern with ProblemDetails everywhere. See full details →
Frontend — Svelte 5 runes, type-safe API client generated from OpenAPI, automatic token refresh, Tailwind CSS 4 with shadcn-svelte, BFF proxy with CSRF protection, i18n, security headers, permission guards, dark mode, admin panel with user/role/job management. See full details →
Infrastructure — Single ./deploy/up.sh local for 6 services (including MinIO for S3 storage), init script for project bootstrapping, build script with multi-registry support, GitHub Actions CI with smart path filtering, Dependabot. See full details →
Security — Security-first design with HttpOnly JWT cookies, refresh token rotation with reuse detection, security stamp propagation, CSP with nonces, CORS startup guard, rate limiting, and input validation everywhere. See full details →
Want to see it first? Check out the live demo.
- Docker Desktop
- .NET 10 SDK
- Node.js 22+ (run
corepack enablefor pnpm) - Git
git clone https://github.com/fpindej/netrock.git my-saas
cd my-saasmacOS / Linux:
chmod +x init.sh
./init.shWindows (PowerShell):
.\init.ps1The init script will ask for your project name and base port, then rename everything, generate a JWT secret, and optionally create the initial migration and start Docker.
./deploy/up.sh local up -d --buildThat's it. Your entire stack is running:
| Service | URL |
|---|---|
| Frontend | http://localhost:<BASE_PORT> |
| API Docs (Scalar) | http://localhost:<BASE_PORT + 2>/scalar/v1 |
| Hangfire Dashboard | http://localhost:<BASE_PORT + 2>/hangfire |
| MinIO Console (S3 Storage) | http://localhost:<BASE_PORT + 12> |
| Seq (Structured Logs) | http://localhost:<BASE_PORT + 8> |
Three test users are seeded from deploy/envs/local/seed.env:
| Role | Password | |
|---|---|---|
| SuperAdmin | superadmin@test.com |
SuperAdmin123! |
| Admin | admin@test.com |
AdminUser123! |
| User | testuser@test.com |
TestUser123! |
Add your domain entities, services, and pages — the architecture guides you. See SKILLS.md for step-by-step recipes.
| File | Purpose |
|---|---|
CLAUDE.md |
Hard rules, pre-commit checks, architecture overview |
AGENTS.md |
Full developer guide — security, git discipline, error handling, local dev |
src/backend/AGENTS.md |
Backend conventions — entities, Result pattern, EF Core, controllers, testing |
src/frontend/AGENTS.md |
Frontend conventions — routing, API client, components, styling, i18n |
SKILLS.md |
Step-by-step recipes for 35+ common operations |
FILEMAP.md |
Change impact tables — "when you change X, also update Y" |
Deep dives: Features · Security · Architecture · Development · Before You Ship · Troubleshooting
Production-ready i18n with Paraglide JS — type-safe keys, SSR-compatible, auto-detection via Accept-Language. Ships with English and Czech. Adding a language is a single JSON file.
NETrock is opinionated by design. It's not:
- A generic starter — it makes real choices (PostgreSQL, not "any database"; JWT cookies, not "pluggable auth")
- A microservices framework — it's a monolith, because that's what 95% of products should start as
- A frontend framework — SvelteKit is included, but you can use just the API with any other frontend
- Magic — you still need to understand .NET (and SvelteKit if you keep it)
Contributions are welcome! See CONTRIBUTING.md for guidelines.
NETrock is free and open source under the MIT License. If it saves you time, consider supporting its development:
Star the repo on GitHub · Join the Discord · Need custom development, consulting, or training? Get in touch
This project is licensed under the MIT License.
