SaaS API foundation
Start with tenant isolation, consistent response envelopes, and reusable list endpoints.
Step 1 · tenancy, safe-response, pagination
Multi-tenancy, audit logs, feature flags, RBAC, and more — built on Prisma & PostgreSQL
Package cards use Core for modules with mature docs and generated API reference, and Beta for published modules whose generated API reference is still being expanded.
PostgreSQL RLS + Prisma multi-tenancy with tenant-aware cache keys.
Core · v0.15.0safe-responseAPI response wrapper with Swagger integration, field selection, error catalogs, and i18n support.
Core · v0.1.0paginationCursor and offset pagination with filters, sorting, and Swagger helpers.
Core · v0.4.0soft-deletePrisma soft-delete extension with cascade delete, restore, purge, and events.
Core · v0.2.0audit-logPrisma CUD tracking with query cursors, retention, partitions, and actor metadata.
Core · v0.3.0feature-flagDB-backed feature flags with cache adapters, Admin API, rollouts, and tenant overrides.
Beta · v0.4.0idempotencyIETF draft-07 Idempotency-Key handling with stable fingerprints, Redis/Postgres storage, and response/header replay.
Beta · v0.1.0api-keysTenant-scoped API keys with hashing, versioned peppers, live/test environments, and scopes.
Beta · v0.1.0rbacTenant-aware roles, permissions, route guards, service checks, and resource scopes.
Beta · v0.1.0outboxPrisma-native transactional outbox with polling, retry, and event decorators.
Beta · v0.1.0jobsTenant-fair background jobs with in-memory scheduling, BullMQ, and context propagation.
Beta · v0.12.1webhookOutbound webhook delivery with HMAC signing, retry, circuit breaker, and delivery logs.
Beta · v0.1.0data-subjectGDPR/CCPA export and erase workflows with entity policies, retention, and outbox fan-out.
Every multi-tenant SaaS backend needs the same operational building blocks. Building them from scratch takes weeks and introduces subtle bugs. nestarc solves them once, correctly.
// Scattered across 50+ services, easy to forget, hard to audit
async updateUser(id: string, dto: UpdateUserDto) {
const before = await this.prisma.user.findUnique({ where: { id } });
await this.prisma.$executeRaw`SELECT set_config('app.current_tenant', ${tenantId}, true)`;
const after = await this.prisma.user.update({ where: { id, deletedAt: null }, data: dto });
await this.auditService.log({ action: 'user.update', before, after });
return { success: true, data: after, timestamp: new Date() };
}// Tenant isolation, audit logging, soft-delete filtering, and response wrapping
// are all handled automatically by Prisma extensions and NestJS interceptors.
async updateUser(id: string, dto: UpdateUserDto) {
return this.prisma.user.update({ where: { id }, data: dto });
}Core request and data modules are benchmarked. Most add less than 1ms — some make queries faster.
Static scanner for MCP servers and client configuration files. It is published under the @nestarc scope, but lives separately from the NestJS SaaS module lineup.
Explore tooling →