Most “clean architecture” courses stop at four boxes
This one is taught by building a real multi-tenant SaaS dashboard — many customers on one database that must never see each other's data, password + 2FA login, custom domains. At every fork you learn to make the call, not copy it.
A production-shaped SaaS backbone
The part every B2B product needs before it has a product — yours to keep and reuse (MIT).
One real phase per module
The course ships phase-by-phase. Each module: Concepts → Code walkthrough → Decisions & trade-offs → a hands-on build lab → Common pitfalls → Recap.
Module 00 — Walking skeletonFree · ~3 h
Module 01 — Harden tenancy & data~3–4 h
Module 02 — Auth completion~3–4 h
Module 03 — RBAC~3 h
Module 04 — Settings & branding~3–4 h
Module 05 — Protected files~3 h
Module 06–10 — Frontend, super-admin, custom domains & hardeningShipping
You don't read the code. You rebuild it.
Check out the previous phase's git tag — the feature absent — and build the whole phase yourself, milestone by milestone, each one turning a failing test green, until your code matches the next tag. That tag is your answer key.
The section that makes this a course, not a tutorial
Every module ends with what we chose, what we rejected, and why — from a companion ARCHITECTURE.md. Here's one, unedited, from Module 01.
| Decision | We chose | We rejected | Why |
|---|---|---|---|
| Isolation enforcement | EF global query filter + Postgres RLS | Application-only filtering | Defense in depth — a bug in code can’t leak across tenants. |
| Policy strength | FORCE ROW LEVEL SECURITY + USING/WITH CHECK | Default RLS (owner bypass) | Even the table owner is constrained, and writes are checked too. |
| Runtime DB role | A restricted, NOBYPASSRLS role | Superuser / table owner | RLS actually applies at runtime instead of being silently skipped. |
| Schema management | EF Core migrations | EnsureCreated | Versioned, reviewable schema changes you can ship safely. |
Common pitfalls, not a happy path
Most of these are real traps hit and caught while building the phase. A taste from the tenancy module.
Developing as a superuser
A superuser (or the table owner) bypasses RLS, so your isolation looks fine in dev and leaks in prod. Run the app under a restricted NOBYPASSRLS role from day one.
PascalCase columns vs snake_case policies
An RLS policy that names the wrong column never matches and quietly fails open. Pin your naming convention and test the policy, not just the query.
A GUC that fails open
If the tenant GUC is unset and the policy treats that as “allow”, an un-scoped request sees everything. Default to deny and assert the GUC is present.
No framework-of-the-month churn
Every version is pinned and the reasoning for each is in the course.
You keep the code
The code you build — the backbone itself — is MIT-licensed. Use it in client work, in your startup, anywhere. The lessons are proprietary: keep and reuse the code; don't repost the course.
Everything in the box
Try Module 00 free — no signup
The walking-skeleton module is completely free and stands alone. Read it, check out v0-walking-skeleton, do the exercise, and decide for yourself whether the depth is what you've been missing.
Questions, answered
Do I need senior .NET experience?
Is the code really production-shaped?
What is a “build lab”?
Is the course finished?
Can I use the code commercially?
Do I need Postgres and .NET 10 installed?
Refunds?
Get the full course
One-time — the full course plus every future module as it ships. Module 00 is free, and the code is yours to keep (MIT).
