Generate a Production Flask App from a PRD in 10 Minutes

What You Will Build

By the end of this tutorial you will have a production-ready Flask + Next.js codebase for a B2B task management SaaS. The generated app includes:

• JWT authentication with httpOnly cookies (no localStorage)
• Organisation-scoped multi-tenancy (every query filtered by organization_id)
• Alembic migrations for every model
• Architecture Decision Records (ADRs) in docs/decisions/
• A working docker-compose.yml — runs locally with one command

You will not write a single line of boilerplate. Archiet generates it deterministically from your requirements.

Prerequisites

• An Archiet account (free plan at archiet.com/register)
• Docker installed locally (to run the generated app)
• 10 minutes

---

Step 1: Write a Minimal PRD

You do not need a 40-page architecture document. A paragraph describing the system is enough. Here is an example for our task management SaaS:

TaskFlow is a B2B SaaS for team task management. Teams (organisations) sign up,
invite members, and create projects. Within each project, members create tasks
with a title, description, status (todo / in-progress / done), assignee, and
due date. Only members of an organisation can see that organisation's projects
and tasks. The app needs user registration, login, forgot-password, and
email verification. We need SOC 2 Type II readiness from day one.

That is 79 words. Archiet will extract the entities (Organisation, User, Project, Task), relationships, auth requirements, and compliance needs from this text.

Step 2: Open the Blueprint Wizard

1. Log in at archiet.com/login
2. Click New Blueprint from the dashboard
3. Paste your PRD text into the description field
4. Click Analyse — Archiet runs extraction and shows you the proposed architecture:

- Entities found: Organisation, User, Project, Task - Auth: JWT + email verification + password reset - Compliance flags: SOC 2 (from "SOC 2 Type II readiness from day one")

Review the proposed model. If an entity is wrong or missing, edit it in the Blueprint editor before generating.

Step 3: Choose Your Stack and Overlays

On the Generate screen:

1. Stack: Select Flask + Next.js from the dropdown
2. Compliance overlays: Check SOC 2 Starter (adds access control logging, audit trail model, and the SOC 2 section to your ADRs)
3. Click Generate

Generation takes 60–90 seconds. You will see a progress bar as Archiet runs its pipeline: entity resolution → capability selection → template rendering → quality gate → ZIP packaging.

Step 4: What Happens During Generation

Archiet is not prompting an LLM to write code. It runs a deterministic pipeline:

1. Your PRD text is parsed into a formal Architecture Genome — a structured JSON model of your system's entities, relationships, capabilities, and overlays
2. The Genome is lowered through stack-specific templates for Flask + Next.js
3. A quality gate checks every generated file for correctness (no placeholder secrets, no missing migrations, auth on every protected route)
4. The result is packaged as a ZIP

The same PRD always produces the same ZIP. There is no "try again and hope for better output."

Step 5: Explore the ZIP

Download and unzip. The structure:

taskflow/
├── app/
│   ├── models/
│   │   ├── organisation.py      # multi-tenant root, every entity FK's here
│   │   ├── user.py
│   │   ├── project.py
│   │   └── task.py
│   ├── blueprints/
│   │   ├── auth_bp.py           # register, login, refresh, logout, forgot-pw
│   │   ├── projects_bp.py       # CRUD, organisation-scoped
│   │   └── tasks_bp.py          # CRUD, organisation-scoped
│   └── services/
├── migrations/                  # Alembic migrations for every model
├── docs/
│   └── decisions/               # ADRs: auth strategy, multi-tenancy, DB choice
├── frontend/                    # Next.js app with shadcn/ui
│   └── app/
│       ├── dashboard/
│       ├── projects/
│       └── tasks/
├── tests/                       # pytest test suite
├── docker-compose.yml
├── .env.example
└── ARCHITECTURE.md              # consulting-grade architecture doc

Key things to look at:

• app/models/task.py — notice organization_id = db.Column(...) and filter_by(organization_id=g.org_id) in every query. This is multi-tenancy enforced at the ORM layer, not the app layer.
• docs/decisions/001-auth-strategy.md — explains why httpOnly cookies over localStorage, with trade-offs documented.
• ARCHITECTURE.md — a 5-section architecture document you can hand to a technical reviewer or an auditor.

Step 6: Run It Locally

cd taskflow
cp .env.example .env        # credentials are pre-filled for local dev
docker compose up -d

Open http://localhost:3000. You will see the login page. Register a new account, verify your email (Mailtrap catches it locally), and you are in the dashboard.

The API is at http://localhost:5000/api. The OpenAPI spec is at /api/docs.

What to Do Next

Extend with Cursor or GitHub Copilot: Drop the ARCHITECTURE.md into Cursor's context window. Cursor now knows your entity model, your auth strategy, and your multi-tenant boundaries — its suggestions will respect the existing structure instead of inventing a new pattern.

Deploy to production: The docker-compose.yml is production-ready. Point it at your managed PostgreSQL database (update DATABASE_URL in .env) and deploy to any Docker-compatible host.

Add a compliance overlay later: If you need GDPR documentation, re-generate with the GDPR overlay checked. The pipeline adds a DPIA populated from your actual entity model — not a generic template.

---

If you run into issues, the generated DELIVERY_RECEIPT.md in the ZIP lists every file generated and its quality score. Any file that scored below the threshold is flagged there with the reason.