LastSaaS

The last SaaS boilerplate you'll ever need.

LastSaaS is a complete, production-ready SaaS foundation built entirely through conversation with Claude Code. It gives you multi-tenant account management, authentication, role-based access control, white-label branding, Stripe billing, API keys, outgoing webhooks, a full admin interface, system health monitoring, credit-based usage tracking, and product analytics with telemetry — everything you need to launch a SaaS business, ready to customize for your specific product.

The bottleneck for building software isn't engineering capacity anymore — it's imagination. LastSaaS proves it: a single person with a clear vision and an AI agent can stand up what used to require a team and months of work. And because it was built with Claude Code, the codebase is fork-ready for agentic engineering — point an AI agent at it and keep building your product through conversation.

Project Page

---

Why LastSaaS Exists

Every SaaS product needs the same boring foundation: user accounts, teams, roles, authentication, admin dashboards, billing, usage limits, branding, webhooks, API keys. Historically, building that foundation meant weeks of plumbing before you could write a single line of your actual product.

LastSaaS eliminates that. Fork it, point an AI agent at it, and start building your product on top of a foundation that already handles:

• Multi-tenant isolation with role-based access
• JWT authentication with refresh token rotation
• Google, GitHub, and Microsoft OAuth integration
• Magic link passwordless authentication
• MFA/TOTP with recovery codes
• Email verification and password resets
• Team invitations and member management
• Stripe billing with subscriptions, per-seat pricing, trials, and credit bundles
• Plan entitlements and billing enforcement middleware
• White-label branding with custom themes, logos, landing pages, and custom pages
• API key authentication (admin and user scopes)
• Outgoing webhooks with 19 event types and HMAC-SHA256 signing
• Credit-based usage tracking (subscription + purchased buckets)
• Promotion codes and coupon management via Stripe
• Product analytics dashboard (conversion funnel, KPIs, retention cohorts, engagement metrics)
• Telemetry event system with Go SDK and REST API for custom event tracking
• A full admin interface for managing everything
• Built-in API documentation (HTML and Markdown)
• Real-time system health monitoring
• Financial metrics dashboard (revenue, ARR, DAU, MAU)
• MCP (Model Context Protocol) server for AI-powered admin access
• CLI tools for server administration
• Auto-versioning with database migrations
• Production deployment on Fly.io

This is open-source infrastructure for the agentic era of software — where the person with the idea is also the person who ships it. The codebase follows consistent patterns that AI agents navigate fluently, so you can keep evolving it the same way it was built.

---

How It Compares

If you're evaluating SaaS boilerplates, you've probably looked at ShipFast, Supastarter, MakerKit, SaaS Pegasus, and Gravity. Here's why technical founders choose LastSaaS instead.

Free and open-source. ShipFast costs $169, MakerKit runs $199–599, Supastarter starts at $299, SaaS Pegasus charges $249/year, and Gravity is under $1K. LastSaaS is MIT-licensed — fork it, ship it, never pay a license fee. You own the code completely.

Go backend, not another Next.js project. ShipFast, Supastarter, MakerKit, and Gravity are all JavaScript/TypeScript stacks. SaaS Pegasus uses Django. LastSaaS pairs a Go backend with a React + TypeScript frontend — giving you compiled-binary deployment, low memory footprint (a 14MB Alpine container), and the concurrency model that Go is known for. If your SaaS will handle real traffic or you want a backend that isn't a Node.js monolith, this matters.

Genuine multi-tenancy. ShipFast has no multi-tenancy at all. SaaS Pegasus and Gravity offer basic team features but not true tenant isolation. LastSaaS gives you full multi-tenant architecture: tenant-scoped data isolation, three-tier RBAC (owner/admin/user), team invitations, ownership transfer, per-tenant activity logs, and per-tenant billing. This is the difference between "users can collaborate" and "each customer gets their own isolated workspace."

White-label branding built in. Most boilerplates give you a theme toggle at best. LastSaaS includes a full white-label system: custom app name, logo, colors, fonts, landing page, custom pages, CSS injection, favicon, configurable navigation with entitlement gating, and auth page customization. If you're building a platform where customers see your brand (not yours-plus-a-framework), this saves weeks.

Outgoing webhooks, not just Stripe webhooks. None of the alternatives — ShipFast, Supastarter, MakerKit, SaaS Pegasus, or Gravity — include an outgoing webhook system. LastSaaS ships with 19 event types across billing, team lifecycle, user lifecycle, credits, and security events, with HMAC-SHA256 signing, delivery tracking, and test events. Your customers can integrate with your platform from day one.

API keys with scoped access. ShipFast, Supastarter, and MakerKit don't include API key management. LastSaaS provides lsk_-prefixed API keys with admin and user authority scopes, SHA-256 hashed storage, and last-used tracking — ready for your customers to build integrations.

Health monitoring and financial dashboards. No competing boilerplate includes system health monitoring. LastSaaS collects CPU, memory, disk, HTTP, and MongoDB metrics every 60 seconds across all nodes, with 8 real-time charts, threshold alerting, and 30-day retention. The financial dashboard gives you revenue, ARR, DAU, and MAU time-series out of the box.

Product analytics with telemetry. No competing boilerplate includes product analytics. LastSaaS auto-instruments the customer journey — visitor → signup → plan page → checkout → paid conversion → upgrade — and visualizes it as a conversion funnel. The PM dashboard includes SaaS KPIs (MRR, ARR, ARPU, LTV, churn rate, trial conversion), retention cohort analysis, engagement metrics (DAU/WAU/MAU for paying subscribers), and a custom event explorer. A Go SDK and REST API let you track your own events with zero configuration.

MCP server for AI-native operations. This is unique to LastSaaS. A built-in Model Context Protocol server with 32 read-only tools lets you connect Claude (or any MCP-compatible AI) directly to your running application. Query your ARR trend, investigate error spikes, audit API keys, or review system health — all in natural language. No other SaaS boilerplate offers agentic admin access.

Built for AI-assisted development. LastSaaS was built entirely through conversation with Claude Code, and the codebase is designed to keep being built that way. Consistent patterns, clear naming, and a structure AI agents navigate fluently. Fork it, point an agent at it, describe your product, and keep going. The competing boilerplates were built for manual development — LastSaaS is built for the way software is made now.

| | LastSaaS | ShipFast | Supastarter | MakerKit | Pegasus | Gravity | |---|---|---|---|---|---|---| | Price | Free (MIT) | $169 | $299+ | $199–599 | $249/yr | <$1K | | Stack | Go + React | Next.js | Next.js / Nuxt | Next.js | Django | Node + React | | Multi-Tenancy | Full RBAC | — | ✓ | ✓ | Teams only | Teams only | | White-Label | Full | — | Partial | Partial | — | — | | Webhooks | 19 events | — | — | — | — | — | | API Keys | Scoped | — | — | — | Basic | — | | Health Monitoring | 8 charts | — | — | — | — | — | | Product Analytics | 5-tab PM dashboard | — | — | — | — | — | | Credit System | Dual buckets | — | — | Basic | — | — | | MCP Server | 26 tools | — | — | — | — | — | | Admin Dashboard | Full | — | ✓ | ✓ | ✓ | Basic | | Stripe Billing | Full | ✓ | ✓ | ✓ | ✓ | ✓ |

---

Features

Authentication & Identity

• Email/password registration with bcrypt hashing
• Email verification via Resend
• Google, GitHub, and Microsoft OAuth with automatic account linking
• Magic link passwordless login via email
• MFA/TOTP two-factor authentication with setup wizard
• Recovery codes for MFA backup access
• JWT access tokens (30min) + refresh tokens (7 days) with rotation
• Account lockout after failed login attempts
• Password reset flow with secure tokens
• Password strength enforcement
• Session management — list active sessions, revoke individual or all sessions
• Session revocation on password change

Multi-Tenancy

• Root tenant (system admin) + customer tenants
• Users belong to tenants via memberships
• Roles: owner, admin, user with hierarchical permissions
• Team invitations with email notifications
• Ownership transfer between members
• Per-tenant activity log
• Tenant settings self-service

Billing & Credits (Stripe)

• Subscription plans with monthly and annual billing (configurable annual discount %)
• Pricing models: flat-rate or per-seat (with included seats, min/max seat limits)
• Free trials with configurable trial days per plan and trial abuse prevention
• Credit bundles for one-time purchases
• Dual credit buckets: subscription credits (reset or accrue) + purchased credits
• Stripe Checkout (redirect-based) for payment collection