A production-ready full-stack starter with auth, notifications, AI integration, backups, search, audit logs, and more — all configured through a polished admin UI, all inside a single Docker container.
All services start automatically via Supervisor — Nginx, PHP-FPM, Next.js, Meilisearch, and WebSockets. No orchestration complexity required.
Session-based auth via HTTP-only cookies · Nginx routes /api/* → PHP-FPM, everything else → Next.js
Stop reimplementing auth and notifications on every new project. All infrastructure-level features are pre-built, tested, and configurable from the admin UI.
Email/password, SSO via Google, GitHub, Microsoft, Apple, and Discord. TOTP two-factor auth with recovery codes, and WebAuthn/FIDO2 passkeys. Group-based permissions with granular controls.
10+ delivery channels: email (SMTP/Mailgun/SES), SMS (Twilio/Vonage/SNS), Slack, Telegram, Discord, Signal, Matrix, ntfy, Web Push, and in-app. Per-user preferences and delivery diagnostics.
Multi-provider support for Claude, OpenAI, Gemini, Ollama, AWS Bedrock, and Azure OpenAI. Three orchestration modes: Single (direct query), Aggregation (synthesized results), and Council (consensus voting).
Automated full backups (database + files + settings) on a configurable schedule. Remote destinations: S3-compatible, SFTP, Google Drive, and local storage. Optional encryption and configurable retention policies.
Meilisearch-powered global search with a Cmd+K shortcut. Searches both navigation pages and database records simultaneously. Falls back to database LIKE queries when Meilisearch is unavailable.
Real-time streaming audit logs via Server-Sent Events. HIPAA-compliant access logging, suspicious activity detection, and structured application logs with correlation IDs. Configurable retention.
Full PWA: offline capability, install prompts, background sync, and share target API. Service Worker via Workbox 7 (bundled locally). Web Push with VAPID keys. Custom install banner with dismissal tracking.
Every setting is manageable through the admin dashboard — no config file edits, no container restarts. Settings are stored in the database with environment variable fallback for defaults.
File storage with Amazon S3 (and S3-compatible services), Google Cloud Storage, Azure Blob Storage, and local filesystem. Includes a file manager UI for browsing and managing uploads.
Stripe Connect integration with platform application fees, destination charges, OAuth onboarding, idempotent webhook handling, and a payment history admin view. Available as an optional module.
Every feature is accessible through a polished Next.js interface. No terminal commands or config file editing after initial setup.
Two of the most productive full-stack frameworks available, with the full Laravel and React ecosystems at your disposal. Everything included — nothing mandatory.
A mature, expressive PHP framework with an enormous ecosystem. Sourdough uses Laravel for all API routes, business logic, auth, queuing, notifications, and database access — with the full ecosystem already wired up and ready to extend.
A production-grade React framework with file-based routing, server components, and a rich ecosystem. Sourdough's frontend is a fully-typed TypeScript application with a complete component library, state management, and form handling already configured.
First-party Laravel package for session-based authentication. Sourdough uses HTTP-only cookie sessions — no Bearer tokens, no JWT management. Secure by default, works seamlessly with SSO and 2FA.
Laravel's official full-text search abstraction. Models are decorated with Searchable and Scout handles indexing, querying, and syncing — currently backed by Meilisearch, swappable to Algolia or Typesense.
Laravel's first-party WebSocket server — runs inside the same container, no third-party service required. Powers real-time audit log streaming, live notifications, and any event broadcasting you add to your app.
Laravel's notification system extended with 10+ custom channels: Telegram, Slack, Discord, Twilio SMS, Web Push, and more. Adding a new channel means implementing one interface and registering it — the rest is wired.
Background job processing for backups, notifications, and heavy operations. Uses the database driver out of the box — no Redis required to get started. Swap to Redis or SQS when you need to scale.
A full GraphQL API alongside the REST API, powered by Lighthouse — a schema-first GraphQL server for Laravel. Use it if your clients prefer GraphQL; leave it out if they don't. The REST API works independently.
Laravel's built-in ORM means the database is an implementation detail. Sourdough ships with SQLite by default — zero setup, file-based, works immediately. When you're ready to scale, change one env var.
DB_CONNECTIONThat's literally it. Eloquent handles the rest. All migrations, relationships, and queries work identically across every supported database driver.
Everything is included, nothing is required. Don't need GraphQL? Remove Lighthouse. Don't need payments? Drop the Stripe module. Don't need search? Remove Scout and Meilisearch. The codebase is modular — features are self-contained and documented in the AI recipes so your assistant knows exactly what to remove and what to leave alone.
Three commands and you're in a fully running dev environment. Your AI assistant handles the rest.
Sourdough ships with deep AI documentation — recipes, patterns, anti-patterns, and IDE-specific config files — so any AI assistant can hit the ground running on day one.
| File / Path | What it does |
|---|---|
| CLAUDE.md | Always-loaded context: stack, architecture, commands, task lookup |
| FORK-ME.md | "Get cooking" wizard entry point and full feature guide |
| docs/ai/README.md | Dev workflows index — which recipe to use for which task |
| docs/ai/recipes/ | 47 step-by-step implementation guides |
| docs/ai/patterns/ | Copy-paste code patterns for every layer |
| docs/ai/anti-patterns/ | Common mistakes and what to do instead |
| docs/adr/ | 26 Architecture Decision Records — the "why" behind every choice |