Flask boilerplate generator — complete production app from your requirements

What the generated Flask app contains

Application structure (Factory pattern)

app/
├── __init__.py             # Application Factory
├── extensions.py           # SQLAlchemy, JWT, Celery, Cache init
├── config.py               # reads from os.getenv(), raises on missing vars
├── blueprints/
│   ├── auth_bp.py          # JWT auth routes
│   ├── user_bp.py          # user management
│   ├── billing_bp.py       # Stripe (if in genome)
│   └── {entity}_bp.py     # one Blueprint per entity
├── models/
│   ├── user.py             # User, Role, Workspace, Invitation
│   └── {entity}.py        # one model file per entity
├── services/
│   ├── auth_service.py
│   ├── email_service.py   # SendGrid/Postmark
│   └── {entity}_service.py
├── schemas/                # Marshmallow request/response schemas
└── tasks/                  # Celery tasks (if async jobs are in genome)

Database layer

• SQLAlchemy 2.0 ORM — no raw SQL queries (exception: SET session commands)
• Alembic migration for every model field and schema change
• All foreign key columns indexed
• Multi-tenant filter on every protected query: .filter_by(workspace_id=...) or .filter_by(organization_id=...)
• PostgreSQL — never SQLite

Auth and security

• JWT issued as httpOnly, Secure, SameSite=Lax cookies
• @login_required decorator on every protected route
• Bcrypt password hashing via passlib
• Secrets from os.getenv() only — nothing hardcoded
• Rate limiting on auth endpoints
• CORS configured correctly for the Next.js frontend origin

API design

• REST routes matching the generated OpenAPI 3.1 spec
• Consistent error format: {"error": "snake_case_code", "message": "Human readable description."}
• 201 for creation, 422 for validation errors, 403 for auth/permission, 404 for not found
• Pagination on list endpoints with page, per_page, total in response

Tests

• pytest test suite with fixtures, factories, and a test database
• Auth tests: login, logout, token refresh, password reset
• Model tests: create, update, delete, tenant isolation
• Route tests: correct HTTP status codes, error responses, auth enforcement
• Coverage target: every route and service function

Infrastructure

• Multi-stage Dockerfile (slim Python base → production)
• docker-compose.yml: Flask app + PostgreSQL + Redis (when Celery included) + Nginx
• requirements.txt with pinned versions
• Makefile for common dev tasks: make dev, make test, make migrate, make shell
• GitHub Actions: ruff lint → pylint → pytest → build → deploy

Flask vs FastAPI — which to pick

Choose Flask when:

• Your team knows Flask and the ecosystem (Flask-SQLAlchemy, Flask-Migrate, Flask-JWT-Extended)
• You want a synchronous, request-per-thread model
• You need the broader Flask extension ecosystem
• You're building a standard web application (not an API platform)

Choose FastAPI when:

• You need async performance or real-time features
• You want native OpenAPI docs and type-safe Python throughout
• Your team uses Python type hints consistently
• You're building an API-first product

Archiet generates both. Pick the right one for your team.

vs Flask-AppFactory and other Flask starters

Flask-AppFactory, cookiecutter-flask, and similar starters solve the application structure problem. They give you a working Flask setup.

What they don't give you: your entities, your routes, your business logic, your migrations, your tests — the 80% of the application that is specific to your product.

Archiet starts where those templates end.

CTA

Generate a complete Flask + Next.js application from your requirements — free plan, no credit card.

Describe your product, pick Flask + Next.js, download a production-ready codebase in 90 seconds.

Start free at archiet.com.