Full-stack .NET 10 + SvelteKit foundation. Auth, permissions, background jobs, admin panel - wired up so you can skip the boilerplate.
Clean Architecture. 1000+ tests. Dockerized. API-first - use the included frontend or bring your own.
Every project starts the same way: authentication, role management, rate limiting, validation, API documentation, Docker setup... You spend weeks on infrastructure before writing a single line of business logic.
NETrock skips all of that. It ships a .NET 10 API with a SvelteKit frontend - auth that actually works, documented conventions, and the kind of infrastructure you'd build anyway. Login works. Token rotation works. The permission system enforces role hierarchy. The admin panel manages users, roles, and background jobs. The Docker stack spins up with health checks. CI runs your tests.
Fork it, init it, own it. After initialization, there is no dependency on "the template." It's your code, your architecture, your product. Every decision is documented so you can understand it, change it, or throw it away.
Backend - JWT auth with token rotation and reuse detection, TOTP two-factor authentication, permission-based authorization with role hierarchy, transactional email delivery (MailKit), rate limiting, HybridCache with stampede protection, PostgreSQL with soft delete and audit trails, S3-compatible file storage (MinIO locally, any S3 provider in production), Hangfire background jobs, OpenAPI docs, health checks, Result pattern with ProblemDetails everywhere. See full details ->
Frontend - Svelte 5 runes, type-safe API client generated from OpenAPI, automatic token refresh, Tailwind CSS 4 with shadcn-svelte, BFF proxy with CSRF protection, i18n, security headers, permission guards, dark mode, admin panel with user/role/job management. See full details ->
Infrastructure - Aspire AppHost for local development (one command, full OTEL dashboard, MailPit for local email testing), structured logs, metrics, and traces via OpenTelemetry, Docker Compose for production deployment, init script for project bootstrapping, build script with multi-registry support, GitHub Actions CI with smart path filtering, Dependabot. See full details ->
Security - Security-first design with HttpOnly JWT cookies, refresh token rotation with reuse detection, TOTP two-factor authentication with challenge tokens and recovery codes, security stamp propagation, CSP with nonces, CORS startup guard, rate limiting, and input validation everywhere. See full details ->
Want to see it first? Check out the live demo.
- Docker Desktop
- .NET 10 SDK
- Node.js 22+ (run
corepack enablefor pnpm) - Git
git clone https://github.com/fpindej/netrock.git my-saas
cd my-saasmacOS / Linux:
chmod +x init.sh
./init.shWindows (PowerShell):
.\init.ps1The init script will ask for your project name and base port, then rename everything and optionally create the initial migration.
dotnet run --project src/backend/MyProject.AppHostThat's it. Aspire starts all infrastructure (PostgreSQL, MinIO) as containers and launches the API and frontend dev server. The Aspire Dashboard URL appears in the console - all service URLs (API docs, pgAdmin, MinIO) are linked from the Dashboard.
| Service | URL |
|---|---|
| Aspire Dashboard | Shown in console output |
| Frontend | http://localhost:<BASE_PORT> (default: http://localhost:13000) |
| MailPit (Email Testing) | http://localhost:<BASE_PORT + 8> |
Three test users are seeded (configured in appsettings.Development.json):
| Role | Password | |
|---|---|---|
| SuperAdmin | [email protected] |
SuperAdmin123! |
| Admin | [email protected] |
AdminUser123! |
| User | [email protected] |
TestUser123! |
Add your domain entities, services, and pages - the architecture guides you. Use / skills (.claude/skills/) for step-by-step procedures.
| File | Purpose |
|---|---|
CLAUDE.md |
Hard rules, pre-commit checks, architecture overview |
AGENTS.md |
Full developer guide - security, git discipline, error handling, local dev |
src/backend/AGENTS.md |
Backend conventions - entities, Result pattern, EF Core, controllers, testing |
src/frontend/AGENTS.md |
Frontend conventions - routing, API client, components, styling, i18n |
.claude/skills/ |
Step-by-step procedures for all operations (use / to list) |
FILEMAP.md |
Change impact tables - "when you change X, also update Y" |
Deep dives: Features · Security · Architecture · Development · Before You Ship · Troubleshooting
i18n with Paraglide JS - type-safe keys, SSR-compatible, auto-detection via Accept-Language. Ships with English and Czech. Adding a language is a single JSON file.
NETrock is opinionated by design. It's not:
- A generic starter - it makes real choices (PostgreSQL, not "any database"; JWT cookies, not "pluggable auth")
- A microservices framework - it's a monolith, because that's what 95% of products should start as
- A frontend framework - SvelteKit is included, but you can use just the API with any other frontend
- Magic - you still need to understand .NET (and SvelteKit if you keep it)
Contributions are welcome! See CONTRIBUTING.md for guidelines.
NETrock is free and open source under the MIT License. If it saves you time, consider supporting its development:
Star the repo on GitHub · Join the Discord · Need custom development, consulting, or training? Get in touch
This project is licensed under the MIT License.
