// share.gitpitcher.com
Git PitcherBuild Pack WebpageShared artifact
April 27, 2026
shadcn-ui/ui113,101TypeScript

Build blueprint

Rebuild a hosted control plane around the open shadcn CLI and registry format, not a new component library

Build a system that lets teams publish, version, approve, and distribute shadcn-compatible components from a private registry while keeping the existing install UX familiar.

This version is optimized for builders. It breaks the product into entities, routes, modules, implementation phases, and practical first moves you can actually execute.

MVP scope

8

Entities

6

Flows

6

Phases

4

Blueprint

Product thesis and MVP scope

Build a system that lets teams publish, version, approve, and distribute shadcn-compatible components from a private registry while keeping the existing install UX familiar.

Target user

A frontend platform team or design-system owner who needs one source of truth for reusable React/Next.js components, variants, and presets across several apps.

MVP scope

  • Private registry namespaces with read access for authenticated org members
  • Publish and version component manifests compatible with the existing shadcn CLI install flow
  • A web UI to browse components, versions, and changelogs inside one org
  • Basic approval workflow for promoting a component from draft to published
  • Signed or immutable manifest references to reduce accidental drift
  • Framework-aware registry entries for Next.js and React projects
  • Install command support that resolves public and private registries without breaking third-party registries
  • Simple audit trail for publish, update, and install events

System

Entities, flows, and modules

Entities

Organization

id, name, slug, plan, createdAt — Owns private registries, access rules, and billing boundary for the hosted layer.

Registry

id, orgId, name, visibility, baseUrl, frameworkTargets, createdAt — Top-level namespace for components; must support public and private resolution.

Component

id, registryId, name, description, category, status, currentVersionId — The load-bearing unit the CLI installs and the web UI browses.

ComponentVersion

id, componentId, version, manifestPath, checksum, compatibility, changelog, publishedAt — Versioned manifest is the contract between publisher, control plane, and CLI.

AccessGrant

id, orgId, registryId, role, subjectType, subjectId, createdAt — Supports partial multi-tenancy and org-scoped permissions.

InstallEvent

id, orgId, registryId, componentVersionId, targetApp, installedAt, source — Provides minimal auditability and usage insight for paid plans.

Flows

Registry browser

`/org/[slug]/registries/[registrySlug]` — List components, versions, and framework compatibility for an org or registry.

Component detail

`/org/[slug]/registries/[registrySlug]/components/[name]` — Show manifest, changelog, install snippet, and published versions.

Publish flow

`/org/[slug]/registries/[registrySlug]/publish` — Upload or sync a new component version and run validation before release.

Access management

`/org/[slug]/settings/access` — Grant read or publish permissions to teams, users, or service accounts.

CLI install flow

`shadcn add <component>` / registry resolver — Resolve public or private registry entries, fetch files, and merge config safely.

Approval flow

`/org/[slug]/registries/[registrySlug]/components/[name]/approve` — Move draft content to published state with a controlled review step.

Backend modules

Registry resolution service

Resolve component identifiers to manifests, assets, and compatibility metadata — This is the core contract the CLI depends on and the first thing that must stay stable.

Manifest validation module

Check schema, file paths, checksum, framework targets, and compatibility rules — Issue #10496 and other registry bugs show compatibility drift is a real product risk.

Auth and org access module

Authenticate users and enforce org-scoped registry permissions — Private distribution cannot exist without access control; current repo signals auth as missing.

Publishing pipeline

Accept component sources, generate registry artifacts, version them, and mark them immutable — The monetizable layer is a hosted publishing workflow, not just a static docs site.

Audit/event log

Record publish, approval, and install events — Needed for enterprise trust and basic operational visibility, especially since observability is missing.

Compatibility adapter layer

Translate or preserve third-party registry conventions and config merge behavior — Issue #10496 shows breaking compatibility would hurt adoption immediately.

Phases

Implementation phases

Phase 1

Phase 1: Reconstruct the contract

Map the exact registry and CLI install protocol before building any hosted product surface

Deliverables

  • CLI flow map for resolve/install/config-merge behavior
  • Registry manifest schema with required and optional fields
  • Compatibility matrix for public and third-party registries
  • Contract tests for resolution and install output

Exit criteria

  • A new registry entry can be resolved end to end from a manifest
  • Third-party registry config is preserved in tests
  • Install output is deterministic across at least two framework targets
Phase 2

Phase 2: Build the hosted registry core

Create the minimum private registry service and browser

Deliverables

  • Org, registry, component, and version data model
  • Authenticated registry browser UI
  • Publish endpoint for new component versions
  • Read API for CLI consumption
  • Basic access grants

Exit criteria

  • An org can publish and browse private components
  • The CLI can fetch a private manifest with auth
  • Versions are immutable after publish
Phase 3

Phase 3: Add governance and trust

Make the hosted layer safe for team adoption

Deliverables

  • Approval workflow for publishing
  • Checksum or signature verification
  • Audit log for publish and install actions
  • Validation feedback in the UI and CLI
  • Failure states for incompatible manifests

Exit criteria

  • A component cannot be published without passing validation
  • Every publish and install leaves an audit record
  • Invalid manifests are rejected before install
Phase 4

Phase 4: Monetize the control plane

Package the private registry into a sellable product

Deliverables

  • Plan limits for registries, users, and installs
  • Usage and seat reporting
  • Premium template or registry packs
  • Enterprise support entry points
  • Admin settings for billing-ready orgs

Exit criteria

  • An org can be provisioned with paid-tier limits
  • Premium content can be gated by registry access
  • The product has a clear upgrade path from public to private usage

Build first

Build first, skip first, and watchouts

First things to build

  • Trace `packages/shadcn` registry resolution and install commands
  • Define the manifest schema for one component version end to end
  • Build the private registry read API before the publish UI
  • Add contract tests for third-party registry compatibility
  • Implement org-scoped access checks on a single registry
  • Create a minimal registry browser page with component/version detail

Not to build yet

  • A full marketplace for arbitrary community components
  • Billing and subscription management before the registry contract is stable
  • Multi-cloud infrastructure or self-hosted deployment tooling
  • Deep analytics dashboards beyond a basic audit log
  • Figma sync, design-token orchestration, or premium connectors
  • Replacing the open CLI workflow with a new proprietary install experience

Risks / blockers

  • Open-source distribution keeps the core component value easy to copy
  • Third-party registry compatibility bugs can damage trust fast
  • The repo evidence shows missing tests, which makes contract drift likely
  • Auth, billing, observability, and env setup are missing, so a hosted layer needs fresh infrastructure
  • Thin README and weak external positioning make it easy to under-specify the actual product boundary
  • Partial multi-tenancy suggests org boundaries may exist conceptually but not be complete in code

Builder prompts

Derived builder prompts

Master

Master context prompt

Expand prompt
You are building a fresh implementation inspired by the shadcn-ui/ui repository.
Treat the repository as a reverse-engineering reference, not as the default destination codebase.
Infer the product, architecture, entities, and flows from the reference repository, then rebuild the core system intentionally from scratch.
Do not blindly clone the original repo. Do not default to patching or refactoring it in place.
Build in small phases and keep the first version focused and maintainable.
Product thesis: Build a system that lets teams publish, version, approve, and distribute shadcn-compatible components from a private registry while keeping the existing install UX familiar.
Commercial/product framing: The repo signals a distribution platform more than a standalone SaaS app: the CLI, registry build scripts, and demo/docs site already solve public component delivery. The commercial gap is private, governed distribution across multiple codebases. A hosted control plane can monetize ownership, permissions, versioning, and compatibility management without trying to outcompete the open library itself.
Target user: A frontend platform team or design-system owner who needs one source of truth for reusable React/Next.js components, variants, and presets across several apps.
MVP scope:
- Private registry namespaces with read access for authenticated org members
- Publish and version component manifests compatible with the existing shadcn CLI install flow
- A web UI to browse components, versions, and changelogs inside one org
- Basic approval workflow for promoting a component from draft to published
- Signed or immutable manifest references to reduce accidental drift
- Framework-aware registry entries for Next.js and React projects
- Install command support that resolves public and private registries without breaking third-party registries
- Simple audit trail for publish, update, and install events
Stack assumptions:
- TypeScript monorepo with workspace boundaries similar to the current repo
- Next.js app for the registry/control-plane UI, matching the `apps/v4` surface
- A Node-based CLI package that reads registry config and installs component files
- Registry data stored as JSON manifests and file assets, since the current product is code-distribution oriented
- Public/private registry resolution must preserve compatibility with third-party registries mentioned in issue #10496
- Tailwind/Radix-style component output remains the main artifact type
- CI exists, but tests are thin or absent; add contract tests around registry resolution first
Key entities:
- Organization: id, name, slug, plan, createdAt
- Registry: id, orgId, name, visibility, baseUrl
- Component: id, registryId, name, description, category
- ComponentVersion: id, componentId, version, manifestPath, checksum
- AccessGrant: id, orgId, registryId, role, subjectType
- InstallEvent: id, orgId, registryId, componentVersionId, targetApp
Core pages / routes / flows:
- Registry browser (`/org/[slug]/registries/[registrySlug]`): List components, versions, and framework compatibility for an org or registry.
- Component detail (`/org/[slug]/registries/[registrySlug]/components/[name]`): Show manifest, changelog, install snippet, and published versions.
- Publish flow (`/org/[slug]/registries/[registrySlug]/publish`): Upload or sync a new component version and run validation before release.
- Access management (`/org/[slug]/settings/access`): Grant read or publish permissions to teams, users, or service accounts.
- CLI install flow (`shadcn add <component>` / registry resolver): Resolve public or private registry entries, fetch files, and merge config safely.
- Approval flow (`/org/[slug]/registries/[registrySlug]/components/[name]/approve`): Move draft content to published state with a controlled review step.
Backend services / modules:
- Registry resolution service: Resolve component identifiers to manifests, assets, and compatibility metadata
- Manifest validation module: Check schema, file paths, checksum, framework targets, and compatibility rules
- Auth and org access module: Authenticate users and enforce org-scoped registry permissions
- Publishing pipeline: Accept component sources, generate registry artifacts, version them, and mark them immutable
- Audit/event log: Record publish, approval, and install events
- Compatibility adapter layer: Translate or preserve third-party registry conventions and config merge behavior
Do not build yet:
- A full marketplace for arbitrary community components
- Billing and subscription management before the registry contract is stable
- Multi-cloud infrastructure or self-hosted deployment tooling
- Deep analytics dashboards beyond a basic audit log
- Figma sync, design-token orchestration, or premium connectors
- Replacing the open CLI workflow with a new proprietary install experience
Major risks / blockers:
- Open-source distribution keeps the core component value easy to copy
- Third-party registry compatibility bugs can damage trust fast
- The repo evidence shows missing tests, which makes contract drift likely
- Auth, billing, observability, and env setup are missing, so a hosted layer needs fresh infrastructure
- Thin README and weak external positioning make it easy to under-specify the actual product boundary
- Partial multi-tenancy suggests org boundaries may exist conceptually but not be complete in code
Work in phases. After each phase, summarize what was built, what remains, and which assumptions from the reference repo you intentionally did or did not keep.

Phase 1

Phase 1 foundation prompt

Expand prompt
Phase 1 foundation

Objective: Map the exact registry and CLI install protocol before building any hosted product surface

Deliverables:
- CLI flow map for resolve/install/config-merge behavior
- Registry manifest schema with required and optional fields
- Compatibility matrix for public and third-party registries
- Contract tests for resolution and install output
- Exit: A new registry entry can be resolved end to end from a manifest
- Exit: Third-party registry config is preserved in tests
- Exit: Install output is deterministic across at least two framework targets

Rules:
- Start by reverse engineering the product shape from the reference repo, then create a clean fresh project structure.
- Set up the minimum schema, services, routes, and project structure required for the MVP.
- Avoid polish work, avoid optional abstractions, and avoid copying implementation details you do not understand.

Start by reverse engineering the reference repository, then implement the fresh build in the smallest clean sequence.

Phase 2

Phase 2 core flow prompt

Expand prompt
Phase 2 core flow

Objective: Create the minimum private registry service and browser

Deliverables:
- Org, registry, component, and version data model
- Authenticated registry browser UI
- Publish endpoint for new component versions
- Read API for CLI consumption
- Basic access grants
- Exit: An org can publish and browse private components
- Exit: The CLI can fetch a private manifest with auth
- Exit: Versions are immutable after publish

Rules:
- Implement the core pages, routes, and backend modules needed for the happy path in the fresh build.
- Use the reference repo for behavior and architecture cues, not as the code target.
- Preserve maintainability and add only the minimum comments needed.

Start by reverse engineering the reference repository, then implement the fresh build in the smallest clean sequence.

Phase 3

Phase 3 polish/refactor prompt

Expand prompt
Phase 3 polish and refactor

Objective: Make the hosted layer safe for team adoption

Deliverables:
- Approval workflow for publishing
- Checksum or signature verification
- Audit log for publish and install actions
- Validation feedback in the UI and CLI
- Failure states for incompatible manifests
- Exit: A component cannot be published without passing validation
- Exit: Every publish and install leaves an audit record
- Exit: Invalid manifests are rejected before install

Rules:
- Refine the fresh implementation without introducing a large refactor.
- Improve validation, edge cases, and developer ergonomics where the core flow already exists.
- Prefer targeted cleanup over architecture churn or feature creep.

Start by reverse engineering the reference repository, then implement the fresh build in the smallest clean sequence.

Deploy

Deploy/finalization prompt

Expand prompt
Deploy and finalization

Objective: Prepare the implementation for release, verification, and handoff.

Deliverables:
- Verify the main flows work.
- Check configuration, environment assumptions, and release blockers.
- Summarize remaining risks and suggested follow-up work.

Rules:
- Do not add speculative infrastructure.
- Focus on practical release readiness, tests, and explicit known gaps versus the reference repo.

Start by reverse engineering the reference repository, then implement the fresh build in the smallest clean sequence.

Bugfix

Bugfix/refinement prompt

Expand prompt
Bugfix and refinement

Objective: Fix the specific bug or implementation gap in the fresh build while preserving the established architecture.

Deliverables:
- Reproduce the issue in the rebuilt implementation.
- Patch the smallest reliable fix.
- Explain what caused it, how to verify the fix, and whether the reference repo suggests an architecture guardrail you missed.

Rules:
- Inspect the fresh implementation before editing.
- Do not rewrite working systems just to fix a localized issue.

Start by reverse engineering the reference repository, then implement the fresh build in the smallest clean sequence.