How I built Rails 8.1 auth + HIPAA, Fintech & LTI 1.3 compliance into one source kit

Every Rails project I worked on started the same way — two weeks rebuilding authentication, then another 4-6 weeks on compliance infrastructure (HIPAA audit logs, Fintech ledgers, LTI 1.3 for edtech clients). So I packaged it all into a single source kit: RailsAuthSaaS . What's included Core Auth (every pack) Email/password, magic links, email verification 2FA: TOTP + backup codes + QR code setup OAuth: Google + GitHub (OmniAuth 2, CSRF-safe) SAML 2.0 enterprise SSO with admin UI Multi-tenancy, RBAC, remember me, rate limiting Stripe billing, 14-day trial, seat management HIPAA Module Full audit log with date-range filtering PHI access logging with mandatory justification field CSV + JSON export for auditor evidence Session timeout Rack middleware BAA, DPA, security disclosure pages + /.well-known/security.txt Fintech Module Immutable double-entry ledger (DB check constraint: balance >= 0) Transaction approval / rejection / reversal / chargeback workflow KYC/AML hooks, PCI/SOC2 helpers