A self-hostable, real-time community + commerce platform. Discord-shaped chat. Shopify-shaped storefront. Loom-shaped video. Calendly-shaped booking. Patreon-shaped memberships. One Node process, one SQLite file, zero vendor lock-in.
The platform is a real-time chat application with a built-in commerce engine, video pipeline, booking calendar, newsletter system, and membership-tier billing — designed from day one to be self-hosted by the operator. It is shipped today as a single Node.js application backed by a single SQLite file, with WebSocket realtime, an installable Progressive Web App shell, and a multi-tenant identity provider for federation.
The product premise is simple: a streamer, creator, club, brand, or community shouldn't need to glue together Discord and Shopify and Loom and Calendly and Patreon and a newsletter platform and a referral tracker. The data, the audience, and the trust all live in the same place. So the tools should too.
And on the operations side: one binary. One database file. One reverse proxy. If you can run a Node program, you can run your own community platform.
A creator today runs ten subscriptions to do one job. Each one owns a slice of the audience, a slice of the revenue, and a slice of the data. None of them can talk to each other.
Discord for community. Shopify for merch. Loom for async video. Calendly for booking. Patreon for memberships. Mailchimp for the list. Stripe for payments. Each one a monthly fee. Each one a separate audience graph that doesn't know the others exist.
Your Discord server is one TOS update from gone. Your Patreon subscribers belong to Patreon. Your Shopify customers can't be exported as anything resembling a relationship. The platforms keep the rails — you rent the rails.
Your Twitch sub doesn't unlock your Discord channel. Your Patreon tier doesn't carry into your members-only stream. Your newsletter doesn't know who bought a shirt. Each integration is a brittle Zapier hop you have to maintain by hand.
Patreon takes 8–12%. Shopify takes 2.9% + 30¢ per transaction on top of a monthly fee. Discord Server Boosts on top of Server Subs on top of Nitro. Each platform's cut compounds. The creator economy's middle layer charges three times for one sale.
This platform collapses the stack. One real-time chat application that is the storefront, is the membership system, is the video tool, is the booking page. Subscribed on Twitch? You're already in the gated channel. Member of the $9 tier? The role exists the moment Stripe confirms the charge. Posted a newsletter? It went to every member with an email on file, with open tracking and an unsubscribe footer. The audience graph is one graph.
A deliberately small surface area. No microservices. No build pipeline. No server-side framework you have to learn before you can read the code.
Single process. ESM modules. Boots in under a second. The entire HTTP surface is plain Express routers — readable, testable, predictable.
One file. Walking-Ahead Logging for concurrent reads while writes are in flight. Synchronous transactions that match the Node event-loop model exactly. Backup is cp.
WebSockets with autoreconnect, room semantics, and same-origin fallback baked in. Powers chat, presence, typing indicators, live order events, and overlay broadcast.
Plain JavaScript modules. No bundler, no transpile step, no package-lock churn on the client. Every line that runs in the browser exists in the file you can read.
Cache-first for the static shell, network-only for live data. Versioned per release. No Workbox — surgical control over what's cached, with no abstraction tax.
Bare repo with a post-receive hook that checks out, restarts the systemd unit, and reports green. Rollback is git revert. There is no CI/CD pipeline, because there doesn't need to be one.
Every choice on this list was made against a real alternative. The pattern: prefer boring tools that have already lived through ten years of production, and reach for novelty only where it earns its keep.
Pure ESM ("type": "module"). Native fetch, native crypto, native test runner. Twenty years of npm ecosystem behind it. Runs anywhere from a Raspberry Pi to a 96-core box.
Bun and Deno are technically excellent. But the npm ecosystem maturity gap is real for the data, file, mail, and realtime libraries the platform leans on. Rust would buy us 10x throughput we don't need and lose us 10x velocity we do.
The HTTP layer is plain Express routers. Each route is a function, each middleware is obvious, the whole shape fits in your head. Standard, mature middleware handles input validation, security headers, and cross-origin policy.
Fastify is faster on a benchmark. NestJS imposes structure. Hono is leaner. None of these matter when your bottleneck is SQLite write latency or a Stripe API round-trip. Express's market share means every contributor on Earth already knows it.
One file on disk. Write-Ahead Logging lets readers proceed while a writer holds the write lock. Synchronous prepared statements — an async wrapper around a sub-millisecond query just adds latency. Transactions are atomic, consistent, isolated, durable — and they're a single function call.
Postgres is the right answer at 10,000 concurrent writers. We're not there. SQLite handles a busy community server (chat + commerce + members-area) on hardware that costs $20/month, and the operator never has to install a database, configure replication, manage roles, or apply security patches to a separate process. The price of moving to Postgres is a pg_dump and a connection string.
Small repository modules, each writing the SQL it needs by hand. No N+1 surprises hiding in lazy loaders, no schema drift between code and DB, no ORM upgrade jail. The schema is checked in and runs idempotently at boot.
STRICT-mode tables across the schema. All money stored as integer cents (no float drift). Foreign keys enforced. Append-only audit log on the operations that matter. The schema is one file you can read end-to-end.
Bidirectional events with autoreconnect, room semantics for per-channel and per-server broadcast, and an HTTP long-poll fallback for environments that block WebSockets (corporate networks, some mobile carriers). Same origin as the HTTP server — no separate WebSocket port to expose.
Native WebSocket is a 200-line library plus 800 lines of reconnection logic, message buffering, and exponential backoff. Socket.IO is the version of that library that's been stress-tested by Netflix, Microsoft, and millions of hobby projects. We pay a small framing overhead and get back a decade of edge cases already solved.
Every message, every typing indicator, every member-joined event, every live-selling pin update, every OBS overlay rotation — all the same socket. One connection per browser tab. Presence is server-authoritative.
JavaScript modules served exactly as written. The browser's native module loader resolves imports. CSS is plain CSS. There is no Webpack, no Vite, no Rollup, no node_modules on the client side, no tree-shake, no minify pipeline. git push deploys what you wrote.
React's idioms have changed three times since 2018. Vue rewrote itself between 2 and 3. Svelte is excellent and on its fifth major version. A self-host platform sold once and maintained for ten years can't afford a framework migration every three. The vanilla-ESM bet is: the code we ship in 2026 will still run unmodified in 2036.
Pages render from server data on first load. Updates flow in over Socket.IO and patch the DOM directly. State is kept in plain JavaScript objects with explicit re-render calls. There is no virtual DOM because there is no DOM diffing problem.
Plain CSS. Light and dark themes. Mobile-first responsive breakpoints. Bottom-sheet modals on phone, centered modals on desktop. Amber, not blurple — the brand never gets confused with someone else's product.
Twenty-year track record. Cost factor configurable. Constant-time compare. Audit-trivial. Argon2 is technically newer; bcrypt is technically finished — and that is the property we want for a long-lived self-host.
Signed, HTTP-only, SameSite=Lax cookies. CSRF defended by SameSite + origin checks on state-changing routes. No JWT-in-localStorage, because every XSS becomes an account takeover when you do that.
Single sign-on across instances using a standards-compliant OAuth 2.0 stack. Bearer + refresh tokens, replay-detection on token reuse, persisted user consent. No third-party identity dependency, no Auth0 line item.
Every outbound webhook carries an HMAC-SHA256 signature of the body. Every inbound webhook is verified with constant-time HMAC compare and a short timestamp tolerance to defang replay. No third-party signing library — the platform builds on Node's standard crypto.
User-authored Markdown is rendered, then run through a server-side sanitizer that strips every potentially dangerous tag and attribute before the HTML ever reaches a browser. Code blocks are syntax-highlighted. The output is HTML you'd be proud to put inline.
Standard security headers (CSP, HSTS, X-Frame-Options, Referrer-Policy) via helmet. Per-route rate limiting via express-rate-limit on auth, payment, and write endpoints. CORS is allow-list-driven; the default is "no cross-origin".
Each server owner is the merchant of record for their own commerce. The platform orchestrates checkout, applies the platform fee, and routes the rest directly to the owner. The owner gets a real merchant dashboard for their own books, not a screenshot of ours.
Payment integrations are written as direct REST calls against vendor APIs, not via vendor SDKs. Reasoning: SDKs add transitive dependency surface, ship their own type drift on every release, and abstract exactly the surface a self-host operator wants to audit. The integration code is short, auditable, and stable across SDK release cycles.
Operators can enable crypto checkout via the major adapters (Lightning + Bitcoin operator-run, hosted-custodian, and long-tail altcoin paths). Each adapter exports the same shape; the checkout never knows which one it's calling. Operators pick none, one, or all of the above.
A pluggable tax engine slots in at checkout. Major U.S. and international providers are supported via the same interface. Operators with a U.S.-only catalog can run without a tax engine; cross-border merchants enable one with an env var.
Listings can be linked to print-on-demand product variants; on order, the platform forwards the order + buyer shipping to the configured POD vendor and tracks fulfillment state. The adapter pattern means a regional supplier slots in the same way as the global ones.
Creators connect their broadcasting accounts; members link their own. The platform caches the subscriber/member relationship per (server, user) so role/channel gating answers locally with no provider round-trip per request. Subscribed on the stream → the gated channel unlocks itself.
Server owners define recurring-billing tiers (monthly or annual). Recurring charges run through the merchant-of-record's payment account. Local mirror state answers gating queries fast; payment-event webhooks keep the mirror honest.
A public, transparent HTML overlay drop-in for streaming software. Rotating featured items, live countdown timers for limited drops, real-time order pings. Authentication is an unguessable per-server URL key. Configured per-server in the admin panel.
Camera + screen + camera-overlaid-on-screen capture, recorded directly in the browser. Posts as a chat message attachment with a thumbnail and play-in-place. No third-party hosting, no per-seat fee.
Per-server bookable slots with admin-customizable durations, lead time, and approval flow. Members pick a slot from the public landing page; the owner confirms or rejects from the Bookings tab. Calendar export available.
Compose in Markdown, preview rendered, send to every member with an email on file. Auto-appended unsubscribe footer (one-click, no platform lock-in). Per-newsletter open count and open rate displayed inline.
Each server runs its own affiliate program with a configurable commission rate, optional terms, and a public landing-page CTA. Every order routed through a referral code creates a pending commission, settled on payout. Cross-promo collaborator splits ride the same primitive.
Multiple promo kinds out of the box: percent off, fixed amount off, buy-some-get-some discounted, and tiered "spend X save Y" thresholds. Per-listing and per-category scope, usage caps, expiry, per-user limits — all admin-configurable.
One-button tip on a server with an optional message. Posts as a system message into a chosen channel on payment confirmation. Same fee economics as commerce, none of the per-platform skim. Replaces the bits-and-Super-Chats economics for any community running its own platform.
Listings can be flagged as drops with start/end timestamps and total quantity. The countdown is live-pushed so every viewer sees the same seconds tick down. Sold-out is server-authoritative — no race-condition oversells.
Listings can accept pre-orders with a release date, or simply collect a waitlist. Waitlist members get an automated notification when the listing goes live.
Buyers leave star + text reviews on listings, with optional photo uploads. Server admins can hide, feature, or publicly respond to a review. Featured reviews surface on the public landing page.
Members favorite listings across the platform; the home dashboard surfaces favorites with current availability and price. The same primitive backs the "saved for later" cart pattern.
A scheduled background sweep finds carts that were started and left, fires a recovery email, and never sends a duplicate to the same cart. Members can opt out from any link.
Every storefront URL accepts an attribution code. The code rides through cart and checkout into the order. Server admins see a per-source revenue breakdown — which stream, which post, which referral actually moved units.
Markdown documents per server, hierarchically organized, public or members-only. Linked from the sidebar like any channel. Replaces the "we set up a separate Notion just for the docs" workflow that every community ends up doing.
Every server gets a public, shareable landing page with description, member count, recent reviews, featured listings, booking CTA, affiliate link. Admin-toggleable. SEO-friendly server-rendered HTML.
A real admin panel for a real platform. Not a hidden settings page bolted on as an afterthought.
Searchable, sortable, filterable member roster with admin-only notes per member. Last seen, role membership, tenure, lifetime spend.
Every privileged action — role change, channel delete, member ban, promo created, ownership transferred — is recorded to an append-only audit log. No UPDATE path, no DELETE path. The history is the history.
True ban (member can't rejoin) versus kick (can rejoin via invite). Reason captured. Bans appear in the audit log and surface in member lookups.
An owner can transfer ownership to another member; the action requires a fresh password confirmation and writes the audit log.
One-click export of every channel, message, listing, role, member roster, and admin note as a structured JSON archive. The operator owns the data; the platform proves it.
Outbound: subscribe to platform events (member joined, order placed, review left, …) and POST to a target URL with an HMAC signature for verification. Inbound: external systems can POST messages into a chosen channel with a per-webhook bearer secret. CRMs, cron jobs, and external automation plug in directly.
Each admin chooses which events email them, which only ping in-app, which neither. New order, refund, low stock, new review, member milestone, billing event.
Current tier, active subscriptions, last payout date, next billing event, lapse posture. The owner sees their books in their own admin panel without leaving the app.
The rules we don't break. Each one is here because breaking it once cost us something we don't intend to spend again.
Integer math for money. Every price, every fee, every commission is stored as an integer count of the smallest unit. Float arithmetic on currency is how marketplaces lose pennies for years before anyone notices.
Append-only audit log. The log is insert-only. No update path, no delete path. Operators who need redaction issue a redacted row that points at the original; the original never disappears.
Server-authoritative state. The browser is a renderer, not a source of truth. Inventory, sold-out flags, role assignments, and membership status all resolve on the server before the client gets to react.
Push-to-main deploys. The branch and the deployment are the same artifact. There is no staging environment that drifts from production. Rollback is a git revert away.
Forward-only history. No force-push to mainline. If a commit is wrong, a follow-up commit fixes it. Audit-grade source history is part of the product.
A snapshot of the operational shape.
STRICT-mode schema. Foreign keys enforced. Backup is a file copy.
One reverse proxy in front. One systemd unit. Runs on a $20/month VPS.
Plain ESM. No bundler, no transpile, no framework, no node_modules on the client.
All chat, presence, orders, overlays — one connection.
A short list of mature, well-known production libraries. No surprise transitive trees.
From process start to accepting traffic. Including schema migration.
The platform's economics are designed to make self-hosting strictly better as you grow, and managed-hosting strictly easier as you start.
Self-host pricing covers the license, update access, and operator support. Speak to us about volume, multi-instance, and enterprise terms.
A native mobile wrapper around the existing PWA, with push notifications and app-store distribution. The web shell already handles offline + installable, so the native shell is largely the platform-specific notification path.
Additional payment-processor adapters for non-U.S. merchants and cost competition. Same merchant-of-record abstraction; different concrete back-end.
Transparent at-rest encryption with operator-supplied keys, for self-host deployments with regulated data requirements.
Per-server media retention policy. Old uploads age into a cold path; admins configure thresholds per content type.
The platform is in active production on Fenix Tech Forge infrastructure. Live demos, hosted tier sign-up, and self-host license inquiries all route through the contact page.
Forge work doesn't ship as press releases — it ships as commits. The product you read about above is the product running today.