What a Python boilerplate generator should actually produce

Most Python boilerplate tools (cookiecutter-flask, django-cookiecutter, FastAPI generators) produce the application structure. You get an Application Factory, a config.py, maybe a User model. That's ~5% of a production application.

A real production Python app needs:

Every entity modelled correctly — SQLAlchemy (Flask/FastAPI) or Django ORM models with proper relationships, indexes, and tenant filtering
Alembic migrations (Flask/FastAPI) or Django migrations — one per schema change, never db.create_all()
Service layer — business logic in services, not in routes; routes are thin coordinators
Auth system — registration with email verification, JWT in httpOnly cookies (not localStorage), password reset, rate limiting on auth endpoints
Multi-tenant security — every query filters by workspace_id or organization_id; no path to cross-tenant data
API layer — REST routes matching an OpenAPI 3.1 spec; consistent error format; pagination on list endpoints
Tests — pytest fixtures, factory functions, auth tests, tenant isolation tests, route tests
Infrastructure — multi-stage Dockerfile, docker-compose.yml, GitHub Actions CI/CD

Archiet generates all of this. You describe your product; the platform generates the Python application specific to it.

Which Python framework does Archiet generate?

Three options. You choose in the Blueprint Wizard:

Flask + Next.js     — Application Factory, Flask-SQLAlchemy, Alembic, Flask-JWT-Extended,
                       Blueprints per entity, Marshmallow schemas, synchronous
                       Best for: teams that know Flask, standard web applications

FastAPI + Next.js   — async SQLAlchemy, Pydantic v2 schemas, Depends() injection,
                       native OpenAPI docs at /docs, asyncpg, Alembic
                       Best for: API-first products, async performance requirements

Django + Next.js    — Django ORM, Django REST Framework, DRF ViewSets, Django migrations,
                       Django Admin, channels for WebSocket (optional)
                       Best for: data-heavy apps, fintech/healthtech, teams that know Django

All three generate the same Next.js frontend, React Native mobile app, Docker infrastructure, and architecture documentation. The choice only affects the backend.

What the generated file tree looks like (Flask example)

app/
├── __init__.py                  # Application Factory
├── extensions.py                # db, jwt, celery, mail, cache
├── config.py                    # reads os.getenv(); raises on missing DATABASE_URL or SQLite
├── blueprints/
│   ├── auth_bp.py               # register, login, logout, refresh, reset-password
│   ├── billing_bp.py            # Stripe webhook + subscription lifecycle
│   └── {entity}_bp.py          # one Blueprint per entity in your PRD
├── models/
│   ├── user.py                  # User, Role, Workspace, Invitation
│   └── {entity}.py             # one model per entity; tenant-filtered service methods
├── services/
│   ├── auth_service.py
│   ├── email_service.py
│   └── {entity}_service.py     # business logic; all queries filter by workspace_id
├── schemas/                     # Marshmallow request/response schemas
└── migrations/                  # Alembic; one revision per schema change
tests/
├── conftest.py                  # pytest fixtures, app factory, test database
└── test_{entity}.py            # CRUD + tenant isolation per entity

Security defaults that come standard

Every Archiet-generated Python application has these security properties baked in from generation:

httpOnly JWT cookies — access and refresh tokens issued as httpOnly; Secure; SameSite=Lax cookies. No localStorage.setItem anywhere.
Multi-tenant row filtering — every protected query filters by workspace_id. Cross-tenant data access is structurally impossible.
PostgreSQL — config.py raises RuntimeError if DATABASE_URL is absent or points to SQLite. No SQLite fallback.
Environment-only secrets — os.getenv() for every secret. No hardcoded API keys, passwords, or connection strings.
Alembic migrations — no db.create_all(). The production schema is always managed through versioned migrations.
Rate limiting on auth endpoints — registration and login endpoints have configurable rate limits via Flask-Limiter or SlowAPI.

What is included beyond the Python backend

Every generation includes:

Next.js frontend — all screens from your screen manifest (auth flow, dashboard, entity CRUD, settings, billing, onboarding, forgot-password, verify-email)
React Native / Expo mobile app — App Store compliance files (EAS config, privacy policy screen, OTA update check)
Docker — multi-stage Dockerfile + docker-compose.yml
GitHub Actions — lint → test → build → deploy pipeline
Architecture docs — ADRs for every material technical decision under docs/decisions/
OpenAPI 3.1 spec — openapi.yaml matching the generated routes
Compliance docs — GDPR DPIA, HIPAA, PCI scope (when compliance flags set in genome)

FAQ

What database does the generated Python app use?

PostgreSQL. SQLite is explicitly banned — the generated config.py raises an error if DATABASE_URL points to SQLite. Archiet uses PostgreSQL-specific features (JSONB operators, deferred FK constraints, RLS) that SQLite cannot support.

How is this different from cookiecutter-flask or django-cookiecutter?

Cookiecutter templates generate a fixed application structure. They don't know about your entities, your user stories, or your compliance requirements. Archiet generates an application specific to your product: every entity in your PRD becomes a model, route, service, and test. The structure is the same because it follows best practices — but the content is yours.

Does Archiet generate tests?

Yes. Every entity gets a pytest test file with fixtures, factory functions, auth tests (login, logout, token refresh), and tenant isolation tests (asserting that one workspace cannot access another's data). Test coverage targets every route and service function.

How long does generation take?

Typically 60-120 seconds for a complete blueprint.

Can I switch frameworks after generating?

Not automatically — the generated code is framework-specific. However, the architectural genome is framework-agnostic. You can regenerate the same product specification with a different framework (e.g., switch from Flask to FastAPI) and get a fresh codebase in the new framework. Migration of customisations you've made to the first codebase is a manual process.

What a Python boilerplate generator should actually produce

A real production Python app needs:

Every entity modelled correctly — SQLAlchemy (Flask/FastAPI) or Django ORM models with proper relationships, indexes, and tenant filtering
Alembic migrations (Flask/FastAPI) or Django migrations — one per schema change, never db.create_all()
Service layer — business logic in services, not in routes; routes are thin coordinators
Auth system — registration with email verification, JWT in httpOnly cookies (not localStorage), password reset, rate limiting on auth endpoints
Multi-tenant security — every query filters by workspace_id or organization_id; no path to cross-tenant data
API layer — REST routes matching an OpenAPI 3.1 spec; consistent error format; pagination on list endpoints
Tests — pytest fixtures, factory functions, auth tests, tenant isolation tests, route tests
Infrastructure — multi-stage Dockerfile, docker-compose.yml, GitHub Actions CI/CD

Archiet generates all of this. You describe your product; the platform generates the Python application specific to it.

Which Python framework does Archiet generate?

Three options. You choose in the Blueprint Wizard:

Flask + Next.js     — Application Factory, Flask-SQLAlchemy, Alembic, Flask-JWT-Extended,
                       Blueprints per entity, Marshmallow schemas, synchronous
                       Best for: teams that know Flask, standard web applications

FastAPI + Next.js   — async SQLAlchemy, Pydantic v2 schemas, Depends() injection,
                       native OpenAPI docs at /docs, asyncpg, Alembic
                       Best for: API-first products, async performance requirements

Django + Next.js    — Django ORM, Django REST Framework, DRF ViewSets, Django migrations,
                       Django Admin, channels for WebSocket (optional)
                       Best for: data-heavy apps, fintech/healthtech, teams that know Django

All three generate the same Next.js frontend, React Native mobile app, Docker infrastructure, and architecture documentation. The choice only affects the backend.

What the generated file tree looks like (Flask example)

app/
├── __init__.py                  # Application Factory
├── extensions.py                # db, jwt, celery, mail, cache
├── config.py                    # reads os.getenv(); raises on missing DATABASE_URL or SQLite
├── blueprints/
│   ├── auth_bp.py               # register, login, logout, refresh, reset-password
│   ├── billing_bp.py            # Stripe webhook + subscription lifecycle
│   └── {entity}_bp.py          # one Blueprint per entity in your PRD
├── models/
│   ├── user.py                  # User, Role, Workspace, Invitation
│   └── {entity}.py             # one model per entity; tenant-filtered service methods
├── services/
│   ├── auth_service.py
│   ├── email_service.py
│   └── {entity}_service.py     # business logic; all queries filter by workspace_id
├── schemas/                     # Marshmallow request/response schemas
└── migrations/                  # Alembic; one revision per schema change
tests/
├── conftest.py                  # pytest fixtures, app factory, test database
└── test_{entity}.py            # CRUD + tenant isolation per entity

Security defaults that come standard

Every Archiet-generated Python application has these security properties baked in from generation:

httpOnly JWT cookies — access and refresh tokens issued as httpOnly; Secure; SameSite=Lax cookies. No localStorage.setItem anywhere.
Multi-tenant row filtering — every protected query filters by workspace_id. Cross-tenant data access is structurally impossible.
PostgreSQL — config.py raises RuntimeError if DATABASE_URL is absent or points to SQLite. No SQLite fallback.
Environment-only secrets — os.getenv() for every secret. No hardcoded API keys, passwords, or connection strings.
Alembic migrations — no db.create_all(). The production schema is always managed through versioned migrations.
Rate limiting on auth endpoints — registration and login endpoints have configurable rate limits via Flask-Limiter or SlowAPI.

What is included beyond the Python backend

Every generation includes:

Next.js frontend — all screens from your screen manifest (auth flow, dashboard, entity CRUD, settings, billing, onboarding, forgot-password, verify-email)
React Native / Expo mobile app — App Store compliance files (EAS config, privacy policy screen, OTA update check)
Docker — multi-stage Dockerfile + docker-compose.yml
GitHub Actions — lint → test → build → deploy pipeline
Architecture docs — ADRs for every material technical decision under docs/decisions/
OpenAPI 3.1 spec — openapi.yaml matching the generated routes
Compliance docs — GDPR DPIA, HIPAA, PCI scope (when compliance flags set in genome)

FAQ

What database does the generated Python app use?

How is this different from cookiecutter-flask or django-cookiecutter?

Does Archiet generate tests?

How long does generation take?

Typically 60-120 seconds for a complete blueprint.

Can I switch frameworks after generating?

Python boilerplate generator — complete production app from your requirements, not a generic template

What a Python boilerplate generator should actually produce

Which Python framework does Archiet generate?

What the generated file tree looks like (Flask example)

Security defaults that come standard

What is included beyond the Python backend

FAQ

Generate the codebase.

Python boilerplate generator — complete production app from your requirements, not a generic template

What a Python boilerplate generator should actually produce

Which Python framework does Archiet generate?

What the generated file tree looks like (Flask example)

Security defaults that come standard

What is included beyond the Python backend

FAQ

Generate the codebase.