assembled

One command. 14,155 lines of verified backend.

One partkit add saas stood up auth, billing, email, jobs, webhooks, audit, storage and multi-tenancy — vendored into your repo, wired, migrated, and inspected. You wrote none of it; the agent reinvented nothing.

$ partkit add saas

parts

files

164

lines of code

14,155

vendors, swappable

invariants verified

How it fits together

hover any block to trace its chain, top to bottom · click a part to read its real source

YOUR PRODUCT · you build this freely

Sign-in & sessions

Workspaces & roles

Audit trail

Background jobs

Transactional email

Webhook verify

SEAMS · the only backend code you wrote

auth route

probeTenancy

probeAudit

probeJobs

probeEmail

probeWebhook

🔒 parts/ · VERIFIED · LOCKED · your agent can't touch these

DATA · your Postgres + the few metered vendors

Your Postgres7 parts · $0/cap

Stripe1 part · metered

Email vendor1 part · metered

S3 bucket1 part · metered

Hover any block to trace how it connects, top to bottom. Click a part to read its real source, contract, and tests.

The whole codebase — assembled

every file the command vendored + wired, real and syntax-highlighted

routes — the glue wire wrote

executor — the db seam

admin.crud

audit.log

auth.session

auth.tenancy

billing.subscription

email.transactional

jobs.queue

ratelimit.api

storage.upload

webhooks.ingest

app/api/auth/[...all]/route.ts10 lines · vendored into your repo

// partkit:generated — wired by `partkit wire` (RFC 0008). Outside the part boundary:
// safe to edit. Re-running wire won't clobber your edits (tracked in .partkit/seams.json).

import { authHandler } from "@parts/auth.session";

export const runtime = "nodejs";

export const GET = authHandler;
export const POST = authHandler;

Open, owned, in parts/ — not buried in node_modules. Every interior is content-hashed in parts.lock; partkit guard fails CI if a single byte changes. The agent edits only the thin seams, never these.

And it runs

fire a real request at the assembled backend

the engine on the dyno — fire a real request

POST /api/auth · sign upreal session

auditLog(db).append(…)append-only ledger

jobs(db).enqueue("send-welcome")background job

send({ to, subject })real Resend call

tenancy(db).createOrganization(…)multi-tenant

verifyWebhook(signed)signature + tamper

✓partkit doctor: ready21 checks clean · 0 failures · on your Postgres · no lock-in

✓ infra: assembled + inspected→you build the body: UI, business logic, the fun part