The last SaaS boilerplate you'll ever need.
LastSaaS is a complete, production-ready SaaS foundation built entirely through conversation with Claude Code. It gives you multi-tenant account management, authentication, role-based access control, white-label branding, Stripe billing, API keys, outgoing webhooks, a full admin interface, system health monitoring, credit-based usage tracking, and product analytics with telemetry — everything you need to launch a SaaS business, ready to customize for your specific product.
The bottleneck for building software isn't engineering capacity anymore — it's imagination. LastSaaS proves it: a single person with a clear vision and an AI agent can stand up what used to require a team and months of work. And because it was built with Claude Code, the codebase is fork-ready for agentic engineering — point an AI agent at it and keep building your product through conversation.
Every SaaS product needs the same boring foundation: user accounts, teams, roles, authentication, admin dashboards, billing, usage limits, branding, webhooks, API keys. Historically, building that foundation meant weeks of plumbing before you could write a single line of your actual product.
LastSaaS eliminates that. Fork it, point an AI agent at it, and start building your product on top of a foundation that already handles:
- Multi-tenant isolation with role-based access
- JWT authentication with refresh token rotation
- Google, GitHub, and Microsoft OAuth integration
- Magic link passwordless authentication
- MFA/TOTP with recovery codes
- Email verification and password resets
- Team invitations and member management
- Stripe billing with subscriptions, per-seat pricing, trials, and credit bundles
- Plan entitlements and billing enforcement middleware
- White-label branding with custom themes, logos, landing pages, and custom pages
- API key authentication (admin and user scopes)
- Outgoing webhooks with 19 event types and HMAC-SHA256 signing
- Credit-based usage tracking (subscription + purchased buckets)
- Promotion codes and coupon management via Stripe
- Product analytics dashboard (conversion funnel, KPIs, retention cohorts, engagement metrics)
- Telemetry event system with Go SDK and REST API for custom event tracking
- A full admin interface for managing everything
- Built-in API documentation (HTML and Markdown)
- Real-time system health monitoring
- Financial metrics dashboard (revenue, ARR, DAU, MAU)
- MCP (Model Context Protocol) server for AI-powered admin access
- CLI tools for server administration
- Auto-versioning with database migrations
- Production deployment on Fly.io
This is open-source infrastructure for the agentic era of software — where the person with the idea is also the person who ships it. The codebase follows consistent patterns that AI agents navigate fluently, so you can keep evolving it the same way it was built.
If you're evaluating SaaS boilerplates, you've probably looked at ShipFast, Supastarter, MakerKit, SaaS Pegasus, and Gravity. Here's why technical founders choose LastSaaS instead.
Free and open-source. ShipFast costs $169, MakerKit runs $199–599, Supastarter starts at $299, SaaS Pegasus charges $249/year, and Gravity is under $1K. LastSaaS is MIT-licensed — fork it, ship it, never pay a license fee. You own the code completely.
Go backend, not another Next.js project. ShipFast, Supastarter, MakerKit, and Gravity are all JavaScript/TypeScript stacks. SaaS Pegasus uses Django. LastSaaS pairs a Go backend with a React + TypeScript frontend — giving you compiled-binary deployment, low memory footprint (a 14MB Alpine container), and the concurrency model that Go is known for. If your SaaS will handle real traffic or you want a backend that isn't a Node.js monolith, this matters.
Genuine multi-tenancy. ShipFast has no multi-tenancy at all. SaaS Pegasus and Gravity offer basic team features but not true tenant isolation. LastSaaS gives you full multi-tenant architecture: tenant-scoped data isolation, three-tier RBAC (owner/admin/user), team invitations, ownership transfer, per-tenant activity logs, and per-tenant billing. This is the difference between "users can collaborate" and "each customer gets their own isolated workspace."
White-label branding built in. Most boilerplates give you a theme toggle at best. LastSaaS includes a full white-label system: custom app name, logo, colors, fonts, landing page, custom pages, CSS injection, favicon, configurable navigation with entitlement gating, and auth page customization. If you're building a platform where customers see your brand (not yours-plus-a-framework), this saves weeks.
Outgoing webhooks, not just Stripe webhooks. None of the alternatives — ShipFast, Supastarter, MakerKit, SaaS Pegasus, or Gravity — include an outgoing webhook system. LastSaaS ships with 19 event types across billing, team lifecycle, user lifecycle, credits, and security events, with HMAC-SHA256 signing, delivery tracking, and test events. Your customers can integrate with your platform from day one.
API keys with scoped access. ShipFast, Supastarter, and MakerKit don't include API key management. LastSaaS provides lsk_-prefixed API keys with admin and user authority scopes, SHA-256 hashed storage, and last-used tracking — ready for your customers to build integrations.
Health monitoring and financial dashboards. No competing boilerplate includes system health monitoring. LastSaaS collects CPU, memory, disk, HTTP, and MongoDB metrics every 60 seconds across all nodes, with 8 real-time charts, threshold alerting, and 30-day retention. The financial dashboard gives you revenue, ARR, DAU, and MAU time-series out of the box.
Product analytics with telemetry. No competing boilerplate includes product analytics. LastSaaS auto-instruments the customer journey — visitor → signup → plan page → checkout → paid conversion → upgrade — and visualizes it as a conversion funnel. The PM dashboard includes SaaS KPIs (MRR, ARR, ARPU, LTV, churn rate, trial conversion), retention cohort analysis, engagement metrics (DAU/WAU/MAU for paying subscribers), and a custom event explorer. A Go SDK and REST API let you track your own events with zero configuration.
MCP server for AI-native operations. This is unique to LastSaaS. A built-in Model Context Protocol server with 32 read-only tools lets you connect Claude (or any MCP-compatible AI) directly to your running application. Query your ARR trend, investigate error spikes, audit API keys, or review system health — all in natural language. No other SaaS boilerplate offers agentic admin access.
Built for AI-assisted development. LastSaaS was built entirely through conversation with Claude Code, and the codebase is designed to keep being built that way. Consistent patterns, clear naming, and a structure AI agents navigate fluently. Fork it, point an agent at it, describe your product, and keep going. The competing boilerplates were built for manual development — LastSaaS is built for the way software is made now.
| LastSaaS | ShipFast | Supastarter | MakerKit | Pegasus | Gravity | |
|---|---|---|---|---|---|---|
| Price | Free (MIT) | $169 | $299+ | $199–599 | $249/yr | <$1K |
| Stack | Go + React | Next.js | Next.js / Nuxt | Next.js | Django | Node + React |
| Multi-Tenancy | Full RBAC | — | ✓ | ✓ | Teams only | Teams only |
| White-Label | Full | — | Partial | Partial | — | — |
| Webhooks | 19 events | — | — | — | — | — |
| API Keys | Scoped | — | — | — | Basic | — |
| Health Monitoring | 8 charts | — | — | — | — | — |
| Product Analytics | 5-tab PM dashboard | — | — | — | — | — |
| Credit System | Dual buckets | — | — | Basic | — | — |
| MCP Server | 26 tools | — | — | — | — | — |
| Admin Dashboard | Full | — | ✓ | ✓ | ✓ | Basic |
| Stripe Billing | Full | ✓ | ✓ | ✓ | ✓ | ✓ |
- Email/password registration with bcrypt hashing
- Email verification via Resend
- Google, GitHub, and Microsoft OAuth with automatic account linking
- Magic link passwordless login via email
- MFA/TOTP two-factor authentication with setup wizard
- Recovery codes for MFA backup access
- JWT access tokens (30min) + refresh tokens (7 days) with rotation
- Account lockout after failed login attempts
- Password reset flow with secure tokens
- Password strength enforcement
- Session management — list active sessions, revoke individual or all sessions
- Session revocation on password change
- Root tenant (system admin) + customer tenants
- Users belong to tenants via memberships
- Roles: owner, admin, user with hierarchical permissions
- Team invitations with email notifications
- Ownership transfer between members
- Per-tenant activity log
- Tenant settings self-service
- Subscription plans with monthly and annual billing (configurable annual discount %)
- Pricing models: flat-rate or per-seat (with included seats, min/max seat limits)
- Free trials with configurable trial days per plan and trial abuse prevention
- Credit bundles for one-time purchases
- Dual credit buckets: subscription credits (reset or accrue) + purchased credits
- Stripe Checkout (redirect-based) for payment collection
- Stripe Billing Portal for customer self-service (payment methods, invoices)
- Multi-currency support with configurable default currency
- Stripe Tax automatic tax calculation
- Promotion codes and coupons — create and manage via admin UI, linked to Stripe
- Invoice generation — sequential invoice numbers, PDF download, tax breakdown
- Transaction history — per-tenant and admin-wide with search and filtering
- Financial metrics — revenue, ARR, DAU, MAU time-series with charting
- Billing enforcement middleware — blocks expired subscriptions from paid features
- Entitlement middleware — gate features based on plan (boolean and numeric entitlements)
- Billing waiver for special accounts (root tenant, demo accounts)
- Admin subscription management — cancel, modify, reassign plans
- Refund and dispute handling — webhook handlers for
charge.refunded,charge.dispute.created,charge.dispute.closed
- Custom app name, tagline, and logo (text, image, or both modes)
- Theme colors (primary, accent, background, surface, text) with auto-generated shade palettes
- Custom fonts (body and heading)
- Custom landing page with configurable HTML
- Custom pages served at
/p/{slug}with SEO metadata - Custom CSS injection
- Custom head HTML injection (analytics, meta tags)
- Favicon upload
- Media library for image/asset management
- Configurable navigation sidebar with entitlement-gated items
- Auth page customization (login/signup headings and subtext)
- Dashboard HTML customization
- Open Graph image support
- Create API keys with
lsk_prefix - Two authority levels: admin (auto-resolves root tenant) and user (requires X-Tenant-ID)
- SHA-256 hashed storage — raw key shown only at creation
- Last-used timestamp tracking
- Admin UI for key management
- Supports both JWT and API key authentication on all endpoints
- 19 event types across 5 tiers:
- Billing: subscription.activated, subscription.canceled, payment.received, payment.failed
- Team lifecycle: member.invited, member.joined, member.removed, member.role_changed, ownership.transferred
- User lifecycle: user.registered, user.verified, user.deactivated
- Credits & billing: credits.purchased, plan.changed, tenant.created, tenant.deactivated
- Audit & security: user.deleted, tenant.deleted, api_key.created, api_key.revoked
- HMAC-SHA256 payload signing with
whsec_-prefixed secrets - Delivery tracking with response codes, response bodies, and duration
- Test event delivery
- Secret regeneration
- Event type filtering per webhook
- Dashboard with user/tenant counts, health overview, and business metrics
- User management — list, search, view profiles, edit, suspend, impersonate, delete with ownership preflight
- Tenant management — list, view, edit, plan assignment, status control, subscription management
- Financial overview — transaction history across all tenants, revenue/ARR/DAU/MAU charts
- Product analytics — conversion funnel, SaaS KPIs, retention cohorts, engagement metrics, custom event explorer
- Plan management — create, edit, archive, entitlements, per-seat configuration, trial days
- Credit bundle management — create, edit, sort, activate/deactivate
- Promotions — create and manage Stripe promotion codes and coupons
- Branding editor — theme colors, logos, fonts, landing page, custom pages, CSS, navigation
- API key management — create, view, revoke
- Webhook management — create, edit, delete, test, view delivery history
- Announcements — publish system-wide announcements
- System log viewer with severity filtering, search, and user filtering
- Configuration variable editor (strings, numbers, enums, templates)
- In-app messaging — send messages to individual users
- Root members — manage the admin team with invitations and role changes
- CSV export for users and tenants
- Admin impersonation — log in as any user for debugging
- System health monitoring (see below)
- Integration health checks — MongoDB, Stripe, Resend, Google OAuth status
- Three-tier admin access: user (read-only), admin (read-write), owner (destructive operations)
- Automatic node registration with heartbeat (30s interval)
- Metrics collection every 60s: CPU, memory, disk, network, HTTP request stats, MongoDB stats, Go runtime
- HTTP metrics middleware with percentile latency tracking (p50/p95/p99)
- Threshold-based alerting (configurable warning/critical levels)
- 30-day automatic data retention via MongoDB TTL indexes
- Real-time dashboard with 8 time-series charts (Recharts)
- Aggregate, all-nodes overlay, and single-node filter modes
- Time range selection: 1h, 6h, 24h, 7d, 30d
- Integration health panel (MongoDB, Stripe, Resend, Google OAuth connectivity)
- Conversion funnel — Visitors → Signups → Plan Page Views → Checkouts → Paid Conversions → Upgrades, with conversion rates at each step
- SaaS KPIs — MRR, ARR, ARPU, LTV, churn rate, trial-to-paid conversion rate, median time to first purchase, active subscriber count
- Retention cohorts — weekly or monthly cohort retention table with color-coded heatmap (tracks
lastLoginAtover time) - Engagement metrics — DAU/WAU/MAU for paying subscribers, average sessions per user, top features by usage, credit consumption trend
- Custom event explorer — browse all event types, view trend charts, filter by name and time range
- Telemetry Go SDK —
telemetry.Track()/TrackBatch()/TrackPageView()/TrackCheckoutStarted()/TrackLogin()for direct in-process event recording (no HTTP overhead) - Telemetry REST API —
POST /telemetry/track(anonymous, rate-limited) for page views;POST /telemetry/eventsand/telemetry/events/batch(authenticated) for custom events - Auto-instrumentation — registration, email verification, login, checkout, subscription activation/cancellation, and plan changes are tracked automatically
- 365-day retention — telemetry events auto-expire via MongoDB TTL index
- Rate limiting — 60 req/min per IP for anonymous tracking, 120 req/min per user for authenticated events
- Profile editing (display name, email)
- Theme preference (light/dark)
- Password management
- MFA setup and management
- Session viewer with remote revocation
- Account deletion with data cleanup
- Data export (GDPR-friendly)
- Billing management (plan selection, credit purchases, invoice history, PDF download)
- Onboarding flow
- Interactive HTML API reference at
/api/docswith expandable endpoint details - Markdown API reference at
/api/docs/markdownfor integration in external docs - Comprehensive webhook event reference with payload descriptions
- Auto-versioned from the VERSION file
lastsaas setup— Initialize the system (create root tenant + owner)lastsaas start/stop/restart— Server process managementlastsaas change-password— Reset any user's passwordlastsaas send-message— Send system messages to userslastsaas transfer-root-owner— Transfer root tenant ownershiplastsaas config list|get|set— Manage configuration variableslastsaas version— Show binary and database versionslastsaas status— Check system healthlastsaas mcp— Start the MCP server (see MCP Server below)
A built-in Model Context Protocol server gives AI assistants like Claude read-only access to your admin data — dashboards, users, tenants, financials, logs, health, and more. Useful for asking questions like "what's our ARR trend?" or "show me critical logs from the last hour" in natural language.
- 32 read-only tools across 14 categories — no write operations, safe by design
- 2 resources —
lastsaas://dashboardandlastsaas://healthfor automatic context - API key authentication — requires a root-tenant API key, same auth as the admin API
- Stdio transport — runs locally, compatible with Claude Desktop and Claude Code
Tool categories:
- About — software version and environment
- Dashboard — user/tenant counts, health overview
- Tenants — list with filtering, detailed view with members
- Users — list with search, detailed view with auth methods and memberships
- Financial — transaction history, revenue/ARR/DAU/MAU time-series metrics
- Logs — full-text search with severity/category/date filters, severity counts
- Health — current system metrics, time-series health data, node list, integration status
- Config — list and inspect runtime configuration variables
- Plans — plan details, entitlement keys, credit bundles
- Announcements — list published and draft announcements
- Promotions — Stripe promotion codes with coupon details
- Security — API key inventory (previews only), root tenant members
- Webhooks — webhook configs, event type reference, delivery history
- Security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy)
- Rate limiting on authentication endpoints
- Request body size limits
- NoSQL injection protection (regex input escaping)
- XSS protection via DOMPurify for injected HTML
- Trusted proxy IP resolution (Fly-Client-IP)
- Webhook signature verification (Stripe inbound, HMAC-SHA256 outbound)
- Idempotent webhook processing via unique event ID index
- System log injection detection with automatic critical alerts
- Refresh token rotation with family-based revocation
- Dockerized multi-stage build (Go + Node + Alpine)
- Fly.io deployment with auto-stop/auto-start machines
- SPA serving from the Go binary (no separate web server needed)
- CORS, security headers, rate limiting
- Graceful shutdown with connection draining
- Auto-versioning with database migration on startup
- Version notification messages to admin users after upgrades
| Layer | Technology |
|---|---|
| Backend | Go 1.25, gorilla/mux |
| Frontend | React 19, TypeScript, Vite 7, Tailwind CSS 4 |
| Database | MongoDB (Atlas or local) |
| Auth | JWT (access + refresh), bcrypt, Google/GitHub/Microsoft OAuth, Magic Links, TOTP MFA |
| Billing | Stripe (stripe-go v82) — Checkout, Billing Portal, Webhooks, Tax |
| Resend | |
| Charts | Recharts |
| Metrics | gopsutil v4 |
| gofpdf (invoice generation) | |
| Security | DOMPurify (frontend), HMAC-SHA256 (webhooks) |
| Deployment | Docker, Fly.io |
- Go 1.25+ — install
- Node.js 22+ — install
- MongoDB — either:
- MongoDB Atlas (free M0 tier works fine)
- Local MongoDB Community Edition
- Git
- Resend API key — for email verification, password resets, and invitations
- Google OAuth credentials — for Google sign-in
- GitHub OAuth credentials — for GitHub sign-in
- Microsoft OAuth credentials — for Microsoft sign-in
- Stripe account — for billing (subscriptions, credit purchases, invoices)
- Fly.io account — for production deployment
git clone https://github.com/jonradoff/lastsaas.git
cd lastsaas./scripts/setup.shThis will prompt you for:
- Database name — the project identity (two projects sharing a name share the same user base)
- MongoDB URI — your Atlas connection string or
mongodb://localhost:27017 - JWT secrets — auto-generated
- Google OAuth credentials — optional, press Enter to skip
- Resend API key — optional, press Enter to skip
- App name and email settings
It writes a .env file and copies the config template.
set -a && source .env && set +a
cd backend
go run ./cmd/serverThe server starts on http://localhost:4290.
In a separate terminal:
set -a && source .env && set +a
cd frontend
npm install
npm run devThe frontend starts on http://localhost:4280.
Run the CLI setup to create the root tenant and admin account:
cd backend
go run ./cmd/lastsaas setupThis creates the root tenant (your admin organization) and the owner account. You can now log in at http://localhost:4280.
Stripe integration is optional but required for paid subscriptions, credit bundle purchases, and invoice generation. If you skip this section, LastSaaS works as a free-tier-only platform.
Sign up at stripe.com and complete onboarding. You can use test mode during development.
Go to Stripe Dashboard → Developers → API keys and copy:
- Publishable key (starts with
pk_test_orpk_live_) - Secret key (starts with
sk_test_orsk_live_)
Go to Stripe Dashboard → Developers → Webhooks → Add endpoint:
- Endpoint URL:
https://your-domain.com/api/billing/webhook- For local development with the Stripe CLI:
stripe listen --forward-to localhost:4290/api/billing/webhook
- For local development with the Stripe CLI:
- Events to subscribe to — select these 8 events:
checkout.session.completedinvoice.paidinvoice.payment_failedcustomer.subscription.updatedcustomer.subscription.deletedcharge.refundedcharge.dispute.createdcharge.dispute.closed
After creating the endpoint, copy the Signing secret (starts with whsec_).
Add these to your .env file:
STRIPE_SECRET_KEY=sk_test_...
STRIPE_PUBLISHABLE_KEY=pk_test_...
STRIPE_WEBHOOK_SECRET=whsec_...Once the backend is running with Stripe configured:
- Log in as the root tenant owner
- Go to Admin → Plans and create your subscription plans
- Set pricing, billing intervals, trial days, entitlements, and credit allocations
- Optionally create credit bundles under Admin → Credit Bundles
- Optionally create promotion codes under Admin → Promotions
Stripe Products and Prices are created automatically when customers check out — you don't need to configure anything in the Stripe Dashboard beyond the API keys and webhook.
When you're ready for production:
- Switch to live mode in the Stripe Dashboard
- Create a new webhook endpoint with your production URL and the same 8 events
- Update your production environment variables with the live keys and webhook secret
Config files live in backend/config/:
dev.example.yaml/prod.example.yaml— committed templatesdev.yaml/prod.yaml— your actual configs (gitignored)
Set LASTSAAS_ENV=dev or LASTSAAS_ENV=prod to select which config to load. Defaults to dev.
Secrets are referenced as ${ENV_VAR} in YAML and expanded from environment variables at load time. Default values use ${VAR:default} syntax.
| Variable | Required | Description |
|---|---|---|
DATABASE_NAME |
Yes | Project identity — shared name = shared user base |
MONGODB_URI |
Yes | MongoDB connection string |
JWT_ACCESS_SECRET |
Yes | Secret for signing access tokens |
JWT_REFRESH_SECRET |
Yes | Secret for signing refresh tokens |
FRONTEND_URL |
Yes | Frontend URL for CORS and email links |
APP_NAME |
Yes | Your application name (used in emails, UI) |
STRIPE_SECRET_KEY |
No | Stripe secret API key |
STRIPE_PUBLISHABLE_KEY |
No | Stripe publishable key (sent to frontend) |
STRIPE_WEBHOOK_SECRET |
No | Stripe webhook signing secret |
GOOGLE_CLIENT_ID |
No | Google OAuth client ID |
GOOGLE_CLIENT_SECRET |
No | Google OAuth secret |
GOOGLE_REDIRECT_URL |
No | Google OAuth redirect URL |
RESEND_API_KEY |
No | Resend email service API key |
FROM_EMAIL |
No | Sender email address (default: [email protected]) |
FROM_NAME |
No | Sender name (default: LastSaaS) |
lastsaas/
backend/
cmd/
server/main.go Entry point (HTTP server, route wiring)
lastsaas/main.go CLI administration tool + MCP server
config/ YAML config files
internal/
api/handlers/ HTTP handlers (auth, admin, tenant, billing, branding, webhooks, etc.)
apicounter/ API call counters for integration health
auth/ JWT, password hashing, Google/GitHub/Microsoft OAuth, TOTP MFA
config/ Config loader with env variable expansion
configstore/ Runtime configuration (DB-backed, cached)
db/ MongoDB connection, collections, indexes
email/ Resend email service with templates
events/ Internal event emitter (drives webhook deliveries)
health/ System health monitoring service
middleware/ Auth, tenant, RBAC, rate limiting, metrics, security, billing enforcement
models/ All data models
planstore/ Plan seeding
stripe/ Stripe service (Checkout, Billing Portal, Customers, Prices, Subscriptions)
syslog/ System logging service with injection detection
telemetry/ Telemetry event collection, Go SDK, and PM analytics queries
version/ Version management and auto-migration
frontend/
src/
api/client.ts Axios API client with token refresh
components/ Layout, AdminLayout, BrandingThemeInjector, shared components
contexts/ Auth, Tenant, and Branding React contexts
pages/
admin/ Admin interface (dashboard, users, tenants, plans, billing, branding, etc.)
admin/health/ Health monitoring components and charts
app/ Customer-facing pages (dashboard, billing, team, settings, activity)
app/settings/ User settings tabs (profile, security, MFA, sessions, billing)
auth/ Login, signup, MFA challenge, magic link, verification, password reset
public/ Landing page and custom pages
types/index.ts TypeScript type definitions
scripts/
setup.sh Interactive setup script
Dockerfile Multi-stage production build
fly.toml Fly.io deployment config
VERSION Current version number
LastSaaS includes built-in, self-hosted API documentation:
- Interactive HTML reference:
GET /api/docs— expandable endpoint cards with request/response examples - Markdown reference:
GET /api/docs/markdown— for embedding in external documentation
The documentation is generated from code and always matches the running version. It covers all endpoints, parameters, request/response formats, and all 19 webhook event types with payload descriptions.
The MCP server lets AI assistants query your admin data in natural language. It proxies read-only requests to the LastSaaS admin API using an API key.
- A running LastSaaS instance (local or deployed)
- A root-tenant API key — create one in Admin → API Keys with admin authority
Add to your Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):
{
"mcpServers": {
"lastsaas": {
"command": "/path/to/lastsaas",
"args": ["mcp"],
"env": {
"LASTSAAS_URL": "https://your-app.fly.dev",
"LASTSAAS_API_KEY": "lsk_your_api_key_here"
}
}
}
}Add to your project's .mcp.json:
{
"mcpServers": {
"lastsaas": {
"command": "/path/to/lastsaas",
"args": ["mcp"],
"env": {
"LASTSAAS_URL": "https://your-app.fly.dev",
"LASTSAAS_API_KEY": "lsk_your_api_key_here"
}
}
}
}cd backend
go build -o lastsaas ./cmd/lastsaas| Variable | Required | Description |
|---|---|---|
LASTSAAS_URL |
Yes | Base URL of the LastSaaS instance (e.g. http://localhost:4290 or https://your-app.fly.dev) |
LASTSAAS_API_KEY |
Yes | Root-tenant API key with admin authority (starts with lsk_) |
| Tool | Description |
|---|---|
get_about |
Software version and environment |
dashboard_stats |
User/tenant counts and health overview |
list_tenants |
Paginated tenant list with search and filters |
get_tenant |
Detailed tenant with plan, billing, and members |
list_users |
Paginated user list with search and filters |
get_user |
Detailed user with auth methods and memberships |
list_transactions |
Financial transactions with search and filters |
get_financial_metrics |
Revenue, ARR, DAU, MAU time-series |
search_logs |
Full-text log search with severity/category/date filters |
get_log_severity_counts |
Log counts by severity level |
get_system_health |
Current CPU, memory, disk, HTTP stats |
get_health_metrics |
Time-series health data (per-node or aggregate) |
list_nodes |
Server nodes with status and version |
get_integrations |
Third-party integration health |
list_config |
All runtime configuration variables |
get_config |
Single config variable details |
list_plans |
Subscription plans with pricing and entitlements |
get_plan |
Detailed plan info |
list_entitlement_keys |
Entitlement key catalog |
list_credit_bundles |
Credit bundle pricing |
list_announcements |
Published and draft announcements |
list_promotions |
Stripe promotion codes and coupons |
list_api_keys |
API key inventory (previews only) |
list_root_members |
Admin team and pending invitations |
list_webhooks |
Outbound webhook configurations |
list_webhook_event_types |
Available webhook event types |
get_webhook |
Webhook detail with delivery history |
These examples show how the MCP tools work in practice. Each example lists the user prompt and the exact tool calls that execute behind the scenes.
Prompt: "How's my SaaS doing today?"
Tool calls:
dashboard_stats— returns a snapshot:Users: 1,284 (12 new today) Tenants: 89 (3 new this week) Health: All systems healthy Active alerts: 0
Prompt: "Show me our revenue trend for the last 30 days"
Tool calls:
get_financial_metrics— queries time-series data:Returns daily revenue data points (values in cents) for charting, e.g.:{ "range": "30d", "metric": "revenue" }2026-01-27: $1,250.00 2026-01-28: $890.00 ... 2026-02-25: $2,100.00get_financial_metrics— follow up with ARR:{ "range": "30d", "metric": "arr" }
Prompt: "Look up the Acme Corp tenant and show me their details"
Tool calls:
list_tenants— searches by name:Returns matching tenants with IDs, plan names, and billing status.{ "search": "Acme Corp" }get_tenant— fetches full details using the tenant ID:Returns plan info, billing status, credit balances, subscription dates, and a full member list with roles.{ "id": "6789abc..." }
Prompt: "Were there any critical errors in the last hour?"
Tool calls:
search_logs— filters by severity and time:Returns log entries with timestamps, categories, messages, and metadata. For example:{ "severity": "critical", "fromDate": "2026-02-26T14:00:00Z", "perPage": "50" }[critical] 14:23:05 billing — Stripe webhook signature verification failed [critical] 14:31:12 security — Log injection pattern detected in user inputget_log_severity_counts— provides overall distribution:critical: 2, high: 15, medium: 89, low: 342, debug: 1,204
Prompt: "How's the system health? Are all integrations working?"
Tool calls:
get_system_health— returns current metrics:CPU: 12.3% Memory: 245 MB / 512 MB (47.8%) Disk: 1.2 GB / 8 GB (15.0%) HTTP: 1,234 requests (p95 latency: 45ms) MongoDB: 12 active connectionsget_integrations— checks third-party connectivity:MongoDB: healthy (3ms response) Stripe: healthy (120ms response, 89 calls/24h) Resend: healthy (95ms response, 12 calls/24h) Google OAuth: healthy
Prompt: "Show me all active API keys and when they were last used"
Tool calls:
list_api_keys— returns inventory (full keys are never exposed):"Production Automation" (admin) — lsk_...a3f2 — last used: 2 hours ago "CI/CD Pipeline" (admin) — lsk_...b7e1 — last used: 15 minutes ago "Customer Integration" (user) — lsk_...c9d4 — last used: 3 days ago "Old Test Key" (admin) — lsk_...d1e5 — last used: never
Prompt: "What plans do we offer and how many subscribers does each have?"
Tool calls:
list_plans— returns all plans with pricing and subscriber counts:Starter: $9/mo ($86/yr) — 45 subscribers — 5 seat limit Pro: $29/mo ($278/yr) — 31 subscribers — 25 seat limit, per-seat pricing Enterprise: $99/mo ($950/yr) — 8 subscribers — unlimited seatslist_credit_bundles— shows available credit purchases:Small Pack: 100 credits — $5.00 — active Medium Pack: 500 credits — $20.00 — active Large Pack: 2000 credits — $60.00 — active
Prompt: "Are our webhooks delivering successfully? Show me the recent history for the production webhook"
Tool calls:
list_webhooks— shows all configured webhooks:"Production" — https://api.example.com/webhooks — 12 events — active "Staging" — https://staging.example.com/hooks — 5 events — activeget_webhook— fetches delivery history for the production webhook:Returns recent delivery attempts with status codes, response times, and any failures:{ "id": "abc123..." }2026-02-26 14:30:01 — subscription.activated — 200 OK (120ms) 2026-02-26 14:15:22 — payment.received — 200 OK (95ms) 2026-02-26 13:45:10 — member.joined — 500 Error (340ms)
Prompt: "Find the user with email [email protected] and show me their tenant memberships"
Tool calls:
list_users— searches by email:Returns the matching user with ID, verification status, and last login.{ "search": "[email protected]" }get_user— fetches full details:Returns:{ "id": "def456..." }Email: [email protected] (verified) Auth: password + Google OAuth MFA: TOTP enabled Memberships: — Acme Corp (owner) — joined 2026-01-15 — Side Project Inc (admin) — joined 2026-02-10 Last login: 2 hours ago
Prompt: "Show me the CPU and memory trends across all nodes for the last 24 hours"
Tool calls:
list_nodes— identifies all server nodes:node-1 (v1.0.0) — healthy — last seen: 30s ago node-2 (v1.0.0) — healthy — last seen: 28s agoget_health_metrics— fetches aggregate time-series data:Returns data points every 60 seconds with CPU %, memory %, disk %, HTTP request counts, and latency percentiles — ready for charting.{ "range": "24h" }get_health_metrics— optionally drill into a specific node:{ "node": "node-1", "range": "24h" }
LastSaaS includes a Dockerfile and Fly.io configuration for production deployment.
# Install flyctl if needed
curl -L https://fly.io/install.sh | sh
# Create the app (first time only)
flyctl apps create your-app-name --org your-org
# Set production secrets
flyctl secrets set \
DATABASE_NAME="your-db-name" \
MONGODB_URI="mongodb+srv://..." \
JWT_ACCESS_SECRET="$(openssl rand -hex 32)" \
JWT_REFRESH_SECRET="$(openssl rand -hex 32)" \
FRONTEND_URL="https://your-app-name.fly.dev" \
APP_NAME="YourApp" \
STRIPE_SECRET_KEY="sk_live_..." \
STRIPE_PUBLISHABLE_KEY="pk_live_..." \
STRIPE_WEBHOOK_SECRET="whsec_..."
# Deploy
flyctl deployThe Dockerfile builds both the Go backend and React frontend into a single ~14MB Alpine container. The Go binary serves the frontend SPA directly — no nginx or separate web server required.
The Docker image works anywhere containers run. The only external dependency is MongoDB. Set the environment variables listed above and expose port 8080.
LastSaaS was built entirely through conversation with Claude Code — every feature, every handler, every component was described in natural language and implemented by an AI agent. But the real point isn't that it was built this way — it's that it's designed to keep being built this way.
The codebase follows consistent patterns, uses clear naming, and maintains a structure that AI agents navigate fluently. Fork it, point Claude Code at it, and start describing your product. The agent already understands the patterns — authentication, tenancy, billing, middleware, events — and builds on top of them naturally. You're not starting from scratch; you're continuing a conversation.
Here's what's already wired up for you:
- Add your product's data models in
backend/internal/models/ - Add API handlers in
backend/internal/api/handlers/ - Wire routes in
backend/cmd/server/main.go - Add frontend pages in
frontend/src/pages/ - Use the tenant context — every authenticated request carries the user's tenant, so your product logic gets multi-tenancy for free
- Use the credit system — check and deduct credits for usage-based features
- Use entitlements — gate features with
middleware.RequireEntitlement(db, "feature_name")andmiddleware.RequireActiveBilling() - Use the config store — add runtime-configurable settings without redeployment
- Use the event emitter — emit events from your handlers and they'll automatically be delivered to configured webhooks
- Use API keys — your endpoints automatically support both JWT and API key authentication
- Use the branding system — your UI inherits the white-label theme automatically via the BrandingContext
- Use the telemetry system — track custom events with
telemetry.Track()in Go orPOST /telemetry/eventsfrom external clients, and they'll automatically appear in the PM dashboard
LastSaaS is self-hosted software — you control your database, your hosting, and your data. The MCP server connects to your LastSaaS instance via the HTTP API using read-only tools — no data is transmitted to Metavert LLC or any third party.
For the full privacy policy, see: https://www.metavert.io/lastsaas-privacy-policy
MIT - Copyright 2026 Metavert LLC