Flask boilerplate generator — complete production app from your requirements

Archiet generates a complete Flask application from your product requirements. Every entity in your PRD becomes a SQLAlchemy model with a migration, a set of routes, a service layer, and a test suite. Auth, billing, email, and infrastructure are included and wired together.

What the generated Flask app contains

Application structure (Factory pattern)

app/
├── __init__.py             # Application Factory
├── extensions.py           # SQLAlchemy, JWT, Celery, Cache init
├── config.py               # reads from os.getenv(), raises on missing vars
├── blueprints/
│   ├── auth_bp.py          # JWT auth routes
│   ├── user_bp.py          # user management
│   ├── billing_bp.py       # Stripe (if in genome)
│   └── {entity}_bp.py     # one Blueprint per entity
├── models/
│   ├── user.py             # User, Role, Workspace, Invitation
│   └── {entity}.py        # one model file per entity
├── services/
│   ├── auth_service.py
│   ├── email_service.py   # SendGrid/Postmark
│   └── {entity}_service.py
├── schemas/                # Marshmallow request/response schemas
└── tasks/                  # Celery tasks (if async jobs are in genome)

Database layer

• SQLAlchemy 2.0 ORM — no raw SQL queries (exception: SET session commands)
• Alembic migration for every model field and schema change
• All foreign key columns indexed
• Multi-tenant filter on every protected query: .filter_by(workspace_id=...) or .filter_by(organization_id=...)
• PostgreSQL — never SQLite

Auth and security

• JWT issued as httpOnly, Secure, SameSite=Lax cookies
• @login_required decorator on every protected route
• Bcrypt password hashing via passlib
• Secrets from os.getenv() only — nothing hardcoded
• Rate limiting on auth endpoints
• CORS configured correctly for the Next.js frontend origin

API design

• REST routes matching the generated OpenAPI 3.1 spec
• Consistent error format: {"error": "snake_case_code", "message": "Human readable description."}
• 201 for creation, 422 for validation errors, 403 for auth/permission, 404 for not found
• Pagination on list endpoints with page, per_page, total in response

Tests

• pytest test suite with fixtures, factories, and a test database
• Auth tests: login, logout, token refresh, password reset
• Model tests: create, update, delete, tenant isolation
• Route tests: correct HTTP status codes, error responses, auth enforcement
• Coverage target: every route and service function

Infrastructure

• Multi-stage Dockerfile (slim Python base → production)
• docker-compose.yml: Flask app + PostgreSQL + Redis (when Celery included) + Nginx
• requirements.txt with pinned versions
• Makefile for common dev tasks: make dev, make test, make migrate, make shell
• GitHub Actions: ruff lint → pylint → pytest → build → deploy

Flask vs FastAPI — which to pick

Choose Flask when:

• Your team knows Flask and the ecosystem (Flask-SQLAlchemy, Flask-Migrate, Flask-JWT-Extended)
• You want a synchronous, request-per-thread model
• You need the broader Flask extension ecosystem
• You're building a standard web application (not an API platform)

Choose FastAPI when:

• You need async performance or real-time features
• You want native OpenAPI docs and type-safe Python throughout
• Your team uses Python type hints consistently
• You're building an API-first product

Archiet generates both. Pick the right one for your team.

vs Flask-AppFactory and other Flask starters

Flask-AppFactory, cookiecutter-flask, and similar starters solve the application structure problem. They give you a working Flask setup.

What they don't give you: your entities, your routes, your business logic, your migrations, your tests — the 80% of the application that is specific to your product.

Archiet starts where those templates end.

EU AI Act Annex IV (high-risk AI, deadline August 2026)

Building an AI system with EU market exposure? Start with the free EU AI Act risk classifier, then generate Annex IV technical documentation, risk tier assessment, and post-market monitoring plan from the same Flask + Next.js blueprint that produces your app. Same genome → code + compliance artifacts.

• EU AI Act compliance use case
• Annex IV from architecture (GitHub)
• Stack example: Annex IV traceability in Flask
• Compliance frameworks hub

CTA

Generate a complete Flask + Next.js application from your requirements — free plan, no credit card.

Describe your product, pick Flask + Next.js, download a production-ready codebase in 90 seconds.

Start free at archiet.com.