StackFoundry

Install production SaaS modules as editable source code.

StackFoundry is a public source registry for the production systems SaaS teams rebuild: API keys, usage tracking, rate limits, Stripe billing, credits, webhooks, auth, docs, analytics, and operations.

Modules install as source files in your app. You review the code, own the code, and keep the maintenance context that ships with it.

StackFoundry installs are also coding-assistant-ready: tools can inspect recipes, dry-run installs, review generated diffs, and follow included prompt packs.

Important

The registry is the product. Modules are the unit of value. Recipes are the guided path. Presets are convenience bundles.

Start with the sharp wedge: launch an API SaaS with billing, credits, API keys, usage tracking, docs, and webhooks as editable source.

Why Use It

Problem	StackFoundry gives you
Shipping an API product	API keys, usage, quotas, credits, billing, docs, and webhooks as source
Black-box starter lock-in	Normal files, routes, schemas, docs, checklists, and maintenance skills
Provider sprawl	Optional adapters around shared product concepts
Unsafe copy/paste snippets	Manifests, env metadata, dependency metadata, and registry validation
Hard-to-review upgrades	Dry runs, diff commands, tracked install metadata, and generated examples

Best First Use Case

pnpm stackfoundry add recipe api-saas-starter --target ./my-app --dry-run
pnpm stackfoundry add recipe api-saas-starter --target ./my-app

The API SaaS recipe installs the path most developer tools, AI APIs, data APIs, and B2B platforms need first:

• API key lifecycle and verification
• one-shot prompt packs for coding-assistant install and review workflows
• usage metering, quotas, and rate limits
• credit wallet and Stripe billing foundations
• webhook inbox and outbound delivery
• API docs, request visibility, auditability, and operating checks

Quick Start

corepack enable
pnpm install

pnpm registry:doctor
pnpm registry:categories
pnpm registry:list

pnpm stackfoundry recipe api-saas-starter
pnpm stackfoundry add recipe api-saas-starter --target ./my-app --dry-run

Install from the public registry URL when you want to consume generated registry items:

pnpm stackfoundry add https://stackfoundry.dev/r/api-keys.json --target ./my-app
pnpm stackfoundry add https://stackfoundry.dev/r/provider-adapters.json --target ./my-app
pnpm stackfoundry diff https://stackfoundry.dev/r/api-keys.json --target ./my-app

What Installs

Every module is expected to include:

• source files in canonical app/package paths
• runtime and dev dependency metadata
• registry dependency metadata
• environment variable metadata and generated .env.stackfoundry.*.example files
• setup, ownership, and deployment docs
• verification checklists
• maintenance skills under .stackfoundry/skills
• prompt packs and context files for agent-ready install/review workflows when needed
• install metadata for future diff/update safety

Registry Coverage

Current source registry coverage:

Area	Examples
Foundation	next-saas-shell, settings-layout, command-menu, data-table, loading-states
Database	drizzle-postgres, neon-postgres, supabase-postgres, cloudflare-d1, convex-backend
Auth and tenancy	clerk-auth, orgs-rbac, account-modes, invites, enterprise-sso, scim-provisioning
Billing	stripe-billing, billing-core, entitlements, credit-wallet, one-time-purchases, tax-vat
API product	api-keys, agent-ready-installs, public-api-orpc, webhook-inbox, webhook-delivery, api-docs
Operations	audit-log, background-jobs, system-health, incident-management, status-page, oncall-alerting
Analytics and growth	posthog-analytics, tinybird-analytics, feature-flags, plg-metrics, lifecycle-email
Notifications and comms	notifications, notification-center, knock-notifications, resend-email, product-announcements
Docs and SEO	docs-fumadocs, docs-mintlify, docs-help-center, seo, ai-seo
Security	arcjet-security, security-headers, csrf-protection, input-validation, secrets-management
Storage and infra	vercel-blob, vercel-edge-config, cloudflare-r2, upstash-redis, cloudflare-kv
Optional AI	ai-sdk, ai-elements, ai-chat, ai-chatbot-sdk, cloudflare-agents-sdk, cloudflare-kumo-ui

Current scale

• 157 ready module manifests
• 30 active module categories
• 13 preset bundles
• 9 architecture recipes
• provider adapters for Vercel, Cloudflare, Clerk, Supabase, Neon, Upstash, Resend, PostHog, Sentry, Axiom, Unkey, Knock, Tinybird, Trigger.dev, Inngest, GitHub, and more

Modules, Recipes, Presets

The public hierarchy is intentionally simple:

• Modules are the product.
• Recipes explain the install path and order.
• Presets are bundles for convenience.

Agent-Ready Installs

The agent-ready-installs module adds one-shot prompt packs and context files for coding assistants:

pnpm stackfoundry add agent-ready-installs --target ./my-app --dry-run

It includes recipe-aligned prompts for API SaaS, minimal SaaS, enterprise SaaS, AI SaaS, customer intelligence, Cloudflare SaaS, integration marketplace, security center, and support ops installs. Each prompt defines the completed SaaS endpoint, dry-run/install workflow, expected modules, verification steps, and production handoff.

It gives agents a safe workflow for inspecting recipes, dry-running installs, reviewing diffs, checking env notes, and verifying the target app after source lands with Biome lint/format, TypeScript typecheck, tests, production build, and responsive smoke checks.

Recipes

Recipes are opinionated install paths that explain what to install together and in what order.

pnpm stackfoundry recipes
pnpm stackfoundry recipe api-saas-starter
pnpm stackfoundry add recipe api-saas-starter --target ./my-app --dry-run

High-priority recipes include api-saas-starter, saas-starter-minimal, enterprise-saas, ai-saas-starter, cloudflare-saas, support-ops, security-center, integration-marketplace, and customer-intelligence.

Presets

Preset	Intended path
api-saas-starter	API-first SaaS workflow with keys, usage, rate limits, credits, billing, webhooks, docs, and observability
next-saas	Broad app foundation with database, billing, account surfaces, docs, ops, security, and growth modules
b2b-saas	Team workspaces, tenant controls, RBAC, auditability, SSO, and SCIM
developer-platform	API keys, public APIs, webhooks, docs, SDK snippets, and developer portal modules
ai-saas	Optional AI product modules for Vercel AI SDK chat, AI Elements, quotas, Cloudflare AI building blocks, and metering
internal-admin	Operator consoles, support, health, incidents, jobs, backup, and maintenance controls
free-tier-saas	Practical baseline for a free-tier product launch
vercel-native	Vercel deployment, storage, workflows, edge config, and observability path
cloudflare-native	Workers, D1, R2, KV, Queues, Workflows, Turnstile, and Cloudflare-native adapters
provider-adapters	Concrete optional provider adapter examples
enterprise-saas	Enterprise layer with SSO, SCIM, audit, access review, security, SLA, and support workflows
ai-saas-starter	AI SaaS workflow with Vercel AI SDK chat, AI Elements, usage metering, quotas, and billing

pnpm registry:presets
pnpm stackfoundry add preset next-saas --target ./my-app --dry-run

StackFoundry Command

The stackfoundry command intentionally stays on Node + pnpm. It is a small registry/install engine, not an interactive component wizard.

pnpm stackfoundry categories
pnpm stackfoundry list --category billing
pnpm stackfoundry list --status experimental
pnpm stackfoundry search webhook
pnpm stackfoundry info stripe-billing
pnpm stackfoundry add api-keys --target ./my-app --dry-run
pnpm stackfoundry diff api-keys --target ./my-app
pnpm stackfoundry build
pnpm stackfoundry doctor

Why Node instead of Bun or a larger command framework:

• the repository already targets Node >=22 <25
• Vercel builds use Node and pnpm cleanly
• the command surface is validation, discovery, install, diff, and build
• avoiding another runtime keeps module consumption simpler

Registry Model

Source lives in registry/:

registry/
  modules/
    <module>/
      module.json
      docs.md
      files/
      skill/SKILL.md
      tests/checklist.md
  presets/
    <preset>.json
  recipes/
    <recipe>.json
  skills/
    <technology>/SKILL.md

Generated public output lives in public/r/:

public/r/
  registry.json              # registry index
  api-keys.json              # installable registry item
  stripe-billing.json        # installable registry item
  provider-adapters.json       # installable aggregate preset block
  presets/
    next-saas.json           # StackFoundry preset manifest for tooling/inspection
  recipes/
    api-saas-starter.json    # recipe manifest with staged install order

Generated installable items are registry:block payloads with:

• package dependencies
• registry dependencies
• file targets and embedded file contents
• empty env placeholders in envVars
• docs
• metadata
• embedded maintenance skills

Important

Do not edit public/r by hand. Update registry/modules, registry/presets, or registry/skills, then run pnpm registry:build.

Safety And Quality Gates

StackFoundry currently checks:

• registry manifest shape
• canonical categories
• unknown dependencies
• duplicate preset entries
• preset file collisions
• undeclared files
• env var naming and public env safety
• generated registry compatibility
• generated registry mirrors
• GitHub CodeQL, dependency review, and OpenSSF Scorecard
• branded smoke output
• dry-run installs
• real installs into temporary targets
• route handlers that parse JSON handle malformed bodies
• installable source does not contain TODO / FIXME
• installable source avoids non-null process.env.X! assertions
• web lint, typecheck, and production build

Run everything:

pnpm check

Focused checks:

pnpm registry:doctor
pnpm registry:compat
pnpm test:brand
pnpm test:registry
pnpm lint:web
pnpm typecheck:web
pnpm build:web

Public Machine-Readable Surfaces

URL	Purpose
/r/registry.json	public registry index
/llms.txt	concise AI-readable site map
/llms-full.txt	expanded public AI context
/ai-sitemap.json	JSON summary of AI-discoverable pages

Repository Layout

apps/
  cli/                 # StackFoundry command source
  web/                 # public site and registry host
docs/                  # product, registry, and maintainer docs
examples/              # reproducible install walkthroughs
packages/              # schema, registry, generator, and utility packages
registry/              # source modules, skills, and presets
scripts/               # standalone checks
public/r/              # generated registry output

See docs/repository.md for ownership rules.

Documentation

• Registry
• Modules
• Providers
• Recipes
• Install order
• Readiness
• Conventions
• Maintenance skills
• Changelog
• Repository map
• Registry compatibility

Where This Is Going

• More proposed modules graduating to ready installable source payloads
• Better diff/update workflows for installed modules
• More provider adapters without making providers base dependencies
• More production smoke paths for presets and recipes
• Stronger docs around migration, removal, and maintenance ownership

Status

StackFoundry is experimental. The registry, command, public registry output, and website are active. Module APIs and file targets can still change while the registry is being shaped.

Contributing

See CONTRIBUTING.md. Module requests and provider examples are welcome through GitHub issues.

Security

See SECURITY.md. Do not open public issues for vulnerabilities or include secrets, provider tokens, private customer data, or local environment files in reports.

License

MIT. See LICENSE.