Major update: rewrite README as sales page, add n8n workflows, add 3 new rules

vibestackdev · vibestackdev · commit d971cb4525e1 · 2026-03-30T15:42:53.000+03:00
diff --git a/README.md b/README.md
@@ -1,52 +1,146 @@
-# 🚀 Vibe Stack: The AI Builder's Next.js Boilerplate
+# ⚡ Vibe Stack
 
-A production-ready Next.js 15 template designed specifically for **AI-assisted "vibe coding"**.
+### Stop fixing AI-generated bugs. Start shipping production apps.
 
-If you're using Cursor, Copilot, or Claude to generate code, generic templates will lead you into a maze of deprecated patterns and security holes. Furthermore, dropping $299 on a "monolithic boilerplate" is a trap—you end up spending 3 days reading their 400-page proprietary documentation just to understand their rigid, bloated architecture.
+A **Next.js 15 + Supabase boilerplate** with **17 `.mdc` architecture rules** that physically prevent AI coding assistants from hallucinating insecure auth, deprecated packages, and broken patterns.
 
-**Vibe Stack is the antidote.** It is radically modular. You don't have to learn our custom syntax. Instead, this template comes with **pre-configured agent tools (MCP)** and strict **architecture-enforcing cursor rules**. You let the AI build *your* app, but our rules ensure the AI doesn't hallucinate or create security flaws.
+> **The problem:** AI models generate code that compiles perfectly but ships critical vulnerabilities — `getSession()` instead of `getUser()`, synchronous params that crash in Next.js 15, missing RLS policies that expose your database. These bugs are invisible until production.
+>
+> **The fix:** Architecture rules that override the AI's training data. When a rule says "NEVER use getSession()", the model is constrained to generate the secure pattern. Every time.
 
-## 🎁 What's Included (Free Tier)
+---
+
+## 🏗️ What's Inside
+
+### 17 Architecture Rules (`.cursor/rules/`)
+
+| Rule File | What It Prevents |
+|---|---|
+| `supabase-auth-security.mdc` | Bans `getSession()`, enforces `getUser()` for JWT verification |
+| `nextjs15-params.mdc` | Prevents synchronous `params` access (the #1 Next.js 15 breaking change) |
+| `supabase-ssr-only.mdc` | Blocks deprecated `@supabase/auth-helpers-nextjs` imports |
+| `security.mdc` | OWASP Top 10 enforcement with rate limiting examples |
+| `stripe-payments.mdc` | Server-only Stripe, webhook signature verification |
+| `typescript-strict.mdc` | Bans `any`, enforces Zod validation at every boundary |
+| `performance.mdc` | Parallel fetching, N+1 prevention, dynamic imports |
+| `server-vs-client-components.mdc` | Prevents unnecessary `'use client'` overuse |
+| `project-context.mdc` | Global context rule (always active) — maps the full architecture |
+| `server-actions.mdc` | Zod validation + structured error returns |
+| `error-handling.mdc` | Mandates error boundaries and loading states |
+| `supabase-rls.mdc` | Enforces Row Level Security on every table |
+| `shadcn-patterns.mdc` | Form patterns with react-hook-form + Zod |
+| `api-design.mdc` | Standard Route Handler patterns with auth checks |
+| `testing.mdc` | Vitest + Playwright testing strategy |
+| `git-conventions.mdc` | Conventional commits + PR structure |
+| `ai-collaboration.mdc` | The 3-stage agentic loop (Plan → Implement → Verify) |
+
+### 4 MCP Integrations (`.cursor/mcp.json`)
+
+Your AI doesn't just write code — it **reads your GitHub PRs, inspects your Supabase schema, navigates your filesystem, and browses your running app.**
+
+- **GitHub MCP** — AI reads PRs, commit history, and issues
+- **Supabase MCP** — AI inspects your database schema and RLS policies
+- **Filesystem MCP** — AI navigates your project structure
+- **Browser MCP** — AI takes screenshots and tests your running app
+
+### Production Application Layer
+
+```
+src/
+├── app/
+│   ├── (auth)/              # Login + Signup with Zod validation
+│   ├── auth/confirm/        # PKCE email verification callback
+│   ├── dashboard/           # Protected dashboard (server-side auth)
+│   ├── api/webhooks/stripe/ # Stripe webhook handler
+│   ├── page.tsx             # Dark-mode landing page
+│   ├── error.tsx            # Global error boundary
+│   ├── loading.tsx          # Global loading state
+│   └── not-found.tsx        # Custom 404
+├── lib/
+│   ├── supabase/            # Server + client factories + middleware
+│   ├── stripe/              # Checkout + portal utilities
+│   ├── email/               # Resend templates (welcome, password reset)
+│   ├── env.ts               # Type-safe environment variables
+│   └── utils.ts             # cn() helper + utilities
+├── types/                   # ActionResponse, UserProfile, PaginatedResponse
+└── middleware.ts             # Session refresh
+```
+
+### 3 n8n Automation Workflows
+
+Ready-to-import JSON templates that replace a $200/month marketing stack:
+
+- **GitHub Star → Lead Capture** — Auto-emails stargazers with your paid product link
+- **Dev.to → Social Cross-Post** — Auto-tweets new articles
+- **Gumroad Sale → CRM + Thank You** — Tracks customers in Notion, sends onboarding email
+
+---
 
-- **Next.js 15 App Router** + React 19
-- **Tailwind CSS + Shadcn/ui** baseline setup
-- **Supabase SSR Auth** utilities (secure by default)
-- **.cursor/mcp.json**: Integrated GitHub & local filesystem context
-- **15+ Battle-Tested `.mdc` Rules**: Prevents the AI from hallucinating bad Next.js 14 patterns or insecure auth calls.
+## 🚀 Quick Start
 
-***
+```bash
+git clone https://github.com/vibestackdev/vibe-stack.git
+cd vibe-stack
+npm install
+cp .env.example .env.local
+# Add your Supabase URL + anon key to .env.local
+npm run dev
+```
 
-## 👑 Upgrade to The AI Builder's Complete Vault
+Open in **Cursor** and start building. The rules activate automatically.
 
-This repo contains the *base setup*. If you want the complete end-to-end system I use to ship production apps in 4 hours, check out [The AI Builder's Complete System](https://whop.com/example-link).
+Read [`docs/VIBE-CODING.md`](docs/VIBE-CODING.md) for the complete prompting framework.
 
-**The $149 Complete Vault includes:**
-1. **The Full Boilerplate Extension**: Multi-tenant SaaS structure, Stripe payments, Resend emails, and PostHog analytics pre-integrated.
-2. **Claude MCP Config Pack**: Advanced integrations for Notion, Browser tools, and direct Database querying.
-3. **The n8n Agent Lead Machine**: 3 ready-to-deploy workflow templates that replace a $200/mo marketing SaaS.
-4. **Vibe Coding Masterclass**: My 5,000-word exact framework for prompting models to build architecture, not just snippets.
-5. **Private Discord Community**: Direct support from me.
+---
+
+## 📚 Documentation
 
-👉 **[Get the Complete System Here](https://whop.com/example-link)** 👈
+| Doc | Description |
+|---|---|
+| [VIBE-CODING.md](docs/VIBE-CODING.md) | The 3-stage agentic loop for AI-assisted development |
+| [ARCHITECTURE.md](docs/ARCHITECTURE.md) | 8 Architecture Decision Records — explains every "why" |
+| [MCP-SETUP.md](docs/MCP-SETUP.md) | Step-by-step MCP server setup guide |
 
-***
+---
 
-## 🛠️ Quick Start
+## 🔥 How It Compares
 
-1. Clone this repository
-2. Install dependencies: `npm install`
-3. Copy `.env.example` to `.env.local` and add your Supabase credentials
-4. Run the development server: `npm run dev`
+| Feature | Vibe Stack | ShipFast ($169) | MakerKit ($299) |
+|---|:---:|:---:|:---:|
+| AI Architecture Rules | ✅ 17 rules | ❌ | ❌ |
+| MCP Integrations | ✅ 4 servers | ❌ | ❌ |
+| n8n Automations | ✅ 3 workflows | ❌ | ❌ |
+| Next.js 15 + React 19 | ✅ | ✅ | ✅ |
+| Supabase SSR Auth | ✅ Secure | ✅ | ✅ |
+| Stripe Payments | ✅ | ✅ | ✅ |
+| Time to First Feature | **20 min** | 3-4 hours | 1-2 days |
+| Documentation to Read | 3 short docs | 400+ pages | 200+ pages |
+| Learning Curve | **Your AI reads the rules** | You read their docs | You read their docs |
 
-Open your AI code editor (Cursor recommended) and read the `docs/VIBE-CODING.md` guide to get started.
+---
 
-## 🤖 How the Rules Work
+## 💎 Want the Complete System?
 
-This repo includes a `.cursor/rules` directory. When you use Cursor's Composer or AI chat, Cursor will automatically read these rules based on the files you're editing.
+This repo is the free foundation. The extended version includes the full boilerplate, Stripe integration, email templates, n8n workflows, and the Vibe Coding Masterclass.
 
-For example, if the AI tries to write a database query on the server using `getSession()`, the `supabase-auth-security.mdc` rule will override it and force the secure `getUser()` method instead, preventing major security vulnerabilities before they are even written.
+**→ [Get the AI Builder's Complete System](https://vibestackdev.gumroad.com/l/vibe-stack)**
 
-Check `docs/ARCHITECTURE.md` to understand why these rules exist.
+| Tier | What You Get | Price |
+|---|---|---|
+| **Rules Pack** | All 17 .mdc rules + Vibe Coding guide | $29 |
+| **Builder System** | Rules + 4 MCP configs + Architecture docs + SQL migrations | $69 |
+| **Complete Vault** | Everything + full boilerplate + Stripe + email + Masterclass | $149 |
 
 ---
-*Built for the AI Engineering era by Lavie.*
+
+## 🤝 Contributing
+
+Found a hallucination pattern I'm missing? Open an issue describing the incorrect pattern the AI generates and the correct fix. I'll add it as a new rule.
+
+## 📄 License
+
+MIT — use it however you want.
+
+---
+
+*Built by [VibeStack](https://github.com/vibestackdev) — Architecture intelligence for AI-assisted development.*
