What "generate Flask app from requirements" means in practice
Most Flask generators or starter templates give you the application structure — an Application Factory, a config.py, maybe a User model. That covers the first hour of a real project.
Archiet generates the application for your specific product. When you describe your requirements (entities, user stories, compliance needs, integrations), the platform produces a Flask codebase where every model, route, service, migration, and test is specific to what you're building. The file tree below is representative:
app/
├── __init__.py # Application Factory
├── extensions.py # db, jwt, celery, cache, mail
├── config.py # reads os.getenv(); raises on missing vars
├── blueprints/
│ ├── auth_bp.py # /register, /login, /logout, /refresh, /reset-password
│ ├── billing_bp.py # Stripe webhook + subscription lifecycle
│ ├── user_bp.py # /users (admin), /me (self)
│ ├── workspace_bp.py # multi-tenant workspace management
│ └── {entity}_bp.py # one Blueprint per entity in your PRD
├── models/
│ ├── user.py # User, Role, Workspace, Invitation
│ └── {entity}.py # one model file per entity; tenant-filtered queries
├── services/
│ ├── auth_service.py
│ ├── email_service.py # SendGrid / Postmark
│ └── {entity}_service.py # service layer; business logic lives here, not in routes
├── schemas/ # Marshmallow request/response schemas
├── tasks/ # Celery tasks for async jobs in your PRD
└── migrations/ # Alembic; one revision per schema change
tests/
├── conftest.py # pytest fixtures, app factory, test database
├── test_auth.py # login, logout, token refresh, password reset
├── test_{entity}.py # CRUD + tenant isolation per entity
└── test_billing.py # Stripe webhook, subscription state machine
What the generated codebase gets right that starters don't
Multi-tenant security by default. Every protected query filters by workspace_id or organization_id. There is no path to unscoped data. The query pattern is enforced at the service layer:
def get_orders(workspace_id: int, page: int = 1) -> list[Order]:
return (
Order.query
.filter_by(workspace_id=workspace_id)
.order_by(Order.created_at.desc())
.paginate(page=page, per_page=25)
.items
)
Auth uses httpOnly cookies, not localStorage. JWT issued as httpOnly; Secure; SameSite=Lax. No localStorage.setItem anywhere in the generated codebase. XSS cannot steal session tokens.
Alembic migrations for every model change. No bare db.create_all(). The migrations directory ships with one revision per table, ready to run on any PostgreSQL database.
PostgreSQL throughout. config.py raises RuntimeError if DATABASE_URL is not set or points to SQLite. The application is designed for PostgreSQL; there is no sqlite fallback path.
OpenAPI 3.1 spec. Every route corresponds to an entry in openapi.yaml. The spec is generated from the same genome as the routes — it stays in sync automatically.
Flask vs FastAPI: which to pick
Both are supported. The choice comes down to your team's preferences and the nature of your application:
-
Choose Flask when your team knows Flask, you want synchronous request-per-thread behaviour, you need the broader Flask extension ecosystem (Flask-SQLAlchemy, Flask-Migrate, Flask-JWT-Extended, Flask-Admin), or you're building a standard web application with a Next.js frontend.
-
Choose FastAPI when you need async performance, want native OpenAPI docs and type-safe Python throughout, your team uses Python type hints consistently, or you're building an API-first product.
Archiet generates both. You pick the stack in the Blueprint Wizard. If you switch later, the architectural genome is stack-agnostic — regenerate with a different stack selection.
What is included beyond the Flask backend
The ZIP from a typical Flask + Next.js generation includes:
- Next.js frontend — all screens from your screen manifest (auth flow, dashboard, settings, billing, entity CRUD, forgot-password, verify-email, onboarding)
- React Native mobile app — Expo managed workflow with App Store compliance files (EAS config, privacy policy screen, review prompt, OTA update check)
- Docker — multi-stage Dockerfile +
docker-compose.yml(Flask + PostgreSQL + Redis + Nginx) ready to boot withdocker-compose up --build - GitHub Actions CI/CD — ruff lint → pytest → build → deploy pipeline
- Architecture docs — ADRs for every material technical decision under
docs/decisions/ - Compliance docs — GDPR DPIA, HIPAA risk assessment, PCI scope statement (when those compliance flags are set in your blueprint)
- Quality gate — ARCHVERIFY blocks delivery if quality score is below 80/100
CTA
Stop writing boilerplate. Describe your requirements, pick Flask + Next.js, and download a production-ready codebase in 90 seconds.
Free plan — no credit card. Start at archiet.com/register.
FAQ
Does Archiet generate Flask or FastAPI?
Both. You choose the backend stack in the Blueprint Wizard. Flask generates a synchronous Application Factory–based app; FastAPI generates an async app with Pydantic schemas and native OpenAPI docs. Both get the same Next.js frontend, Expo mobile app, and infrastructure files.
What database does the generated Flask app use?
PostgreSQL. The generated config.py raises an error if DATABASE_URL is missing or points to SQLite. SQLite is not supported — Archiet uses PostgreSQL-specific features (JSONB operators, deferred FK constraints) that SQLite cannot handle.
How long does generation take?
Typically 60-120 seconds for a complete blueprint.
Can I customise the generated code?
Yes — the generated code is yours. It's standard Flask with no Archiet-specific runtime dependencies. Use any IDE, AI coding agent, or manual editing to customise it. Archiet's drift detection can tell you when your customisations diverge from the architectural genome.
Does Archiet handle authentication?
Yes. Every generated Flask app includes a complete auth flow: registration with email verification, login with rate limiting, JWT issued as httpOnly cookies, password reset via email, and role-based access control. The auth is wired to every protected route.