Delete Before Launch
This starter includes demo surfaces, placeholder configuration, and example business rules. Remove or replace them before a real production launch.
This starter includes demo surfaces, placeholder configuration, and example business rules. Remove or replace them before a real production launch.
Demo Documentation And Plans
Review temporary planning files and move finished decisions into real docs:
plans/- root demo docs that have been superseded by feature docs
Do not leave private implementation notes or unfinished launch plans in public documentation.
Demo Product Content
Replace starter names, copy, metadata, and placeholder links across:
README.mdpackages/config/src/brand.tsstatic defaults and each deployable's local runtime URL valuesapps/appapps/marketing- email templates in
packages/backend/convex/email/templates APP_NAMEand sender names
Search for starter language:
rg "Leave Localhost|starter|demo|example|foobar|yourdomain|localhost"Keep intentional local-development examples in docs, but remove placeholder values from production configuration and UI copy.
Workspace Demo
The app ships with team-mode multi-tenancy and an optional Workspace Records demo. If your product does not need the demo, remove it using the documented checklist after deciding your tenancy model.
Keep the underlying workspace system only if your product needs B2B teams, members, invitations, roles, and organization-scoped billing.
Follow the exact checklist in Removing the Workspace Demo.
Auth Providers
Remove providers you will not support:
- Google OAuth
- Microsoft OAuth
- magic link
- email/password
- two-factor demo flows
When removing a provider, update both backend auth configuration and frontend login UI. Also remove unused environment variables from examples and the setup doctor rules.
Admin Panel And Audit Log
The starter ships an optional platform super admin panel (/admin) and a
minimal first-party audit log beneath it. Decide whether your product needs
them:
- To keep them, set
SUPER_ADMIN_EMAILS(and enrol in 2FA). See Super Admin Panel. - To disable without code changes, leave
SUPER_ADMIN_EMAILSblank. - To remove the code entirely (panel only, or panel + audit log), follow Removing the Admin Panel and Audit Log.
The audit log is a starter baseline, not a compliance product — no retention, legal hold, or SIEM export. See Audit Log for hardening options.
Billing Defaults
The starter includes example billing plans:
- Free
- Pro monthly
- Pro yearly
- Pro lifetime
Before launch:
- Rename plans for your product.
- Remove plans you will not sell.
- Replace provider product, price, or variant IDs.
- Confirm capabilities and entitlements match your real packaging.
- Confirm refund and cancellation behavior with your provider.
The internal billing catalog lives in:
packages/backend/convex/billing/plans.config.tsEmail And Notification Defaults
Before sending production email:
- Verify sender domains.
- Replace sender names.
- Review every React Email template.
- Confirm unsubscribe and preference behavior where relevant.
- Configure webhook secrets only for webhooks you enable.
Notifications
The starter includes optional notifications-lite: in-app bell, read state, preferences, and starter emitters for team, billing, and admin organization events. Before launch:
- Decide whether notifications belong in your product.
- Remove the feature with Removing Notifications if you do not need it.
- Review
docs/reference/notification-events.mdand delete event types you will not support. - Wire email delivery only if you have sender, unsubscribe, and preference behavior ready for production.
Observability Placeholders
Configure or remove optional integrations:
- Sentry
- PostHog
If an integration is not used, remove its UI hooks, env variables, docs, and setup-doctor validation where appropriate.
Security Review
Before launch:
- Generate a production
BETTER_AUTH_SECRET. - Remove test credentials and sandbox secrets.
- Confirm OAuth callback URLs use production domains.
- Confirm
AUTH_TRUSTED_ORIGINScontains only approved origins. - Run the release gate.
bun run release:checkFinal Search
Run broad searches for placeholders:
rg "TODO|FIXME|demo|example|foobar|your-|localhost|test_"Some matches will be legitimate docs or local examples. Review each remaining match intentionally before launch.
Sensitive Action Protection
The app adds step-up verification for dangerous actions, built on Convex and Better Auth. It is deliberately separate from login-time 2FA:
Architecture Overview
Leave Localhost is a full-stack SaaS starter built on Next.js (frontend) and Convex (backend), structured as a Turborepo monorepo. It ships authentication, multi-tenancy, billing, transactional email, analytics, and error tracking so you can focus on product code.