Frequently Asked Questions

saasap is a comprehensive TypeScript development framework designed for rapid SaaS application development. It provides a complete full-stack solution with a 4-layer architecture (Client, Server, API, Shared), pre-configured build tools, modern development patterns, and extensive documentation optimized for AI-assisted development workflows.

The framework includes:

• Complete TypeScript stack with Node.js and Express.js
• MongoDB integration with custom ORM patterns
• EJS templating with component architecture
• SASS styling with advanced theming system
• Production-ready authentication and security
• Dual payment provider support (Stripe + LemonSqueezy)
• AI-first development documentation and tools

Based on documented development metrics, saasap significantly accelerates SaaS development:

• Node.js: 5 minutes to install
• MongoDB: 5 minutes to create and connect to MongoDB Atlas
• Setup time: 1 minute with automated setup.sh script
• Basic SaaS MVP: 24-48 hours with pre-built authentication and database models
• Production-ready app: 3-7 days including payment integration and security
• Full-featured SaaS: 1-2 weeks with custom business logic

The framework provides pre-built authentication, database models, payment systems, admin dashboards, and security middleware to eliminate months of infrastructure development.

saasap is versatile and suitable for a wide range of SaaS applications:

Recommended Use Cases:

• Project management tools - Task tracking, team collaboration
• CRM systems - Customer relationship management and sales
• Analytics dashboards - Data visualization and reporting
• Content management systems - Publishing and content workflows
• API platforms - Developer tools and API management
• Subscription services - Membership and recurring billing
• Collaboration tools - Team communication and productivity

Any web-based business application that requires user authentication, data management, subscription billing, and modern web interfaces is well-suited for saasap.

saasap uses a modern, production-tested TypeScript stack:

Backend Technologies:

• Node.js & Express.js - Server framework
• MongoDB - Database with custom ORM patterns
• Passport.js - Authentication with JWT tokens
• bcryptjs - Password hashing and security
• TypeScript - Type-safe development

Frontend Technologies:

• EJS - Server-side rendering with components
• SASS - Advanced CSS preprocessing and theming
• Vite - Fast build system with hot reload
• TypeScript - Client-side type safety

Security & Middleware:

• Helmet.js - Security headers and XSS protection
• csrf-csrf - CSRF protection
• guardian-rate-limit - API rate limiting
• connect-mongo - MongoDB session store

saasap can be used by developers of various skill levels, but we recommend different approaches based on your experience:

For Experienced Developers:

• Jump right in with the setup.sh script and documentation
• Follow the architectural patterns and AI-readme guidelines
• Leverage the TypeScript-first approach and established conventions

For Less Experienced Developers:

We strongly recommend vibecoding sessions or AI-assisted development to get the most out of saasap:

• Vibecoding sessions: Work with AI assistants
• AI pair programming: Use ChatGPT, Claude, or Cursor to guide you through the process
• Community support: Join our Discord for real-time assistance
• Gradual learning: Start with small modifications before building from scratch

What Makes saasap Learner-Friendly:

• Automated setup: setup.sh script handles complex configuration
• Page generation: new-page.sh creates pages with correct patterns
• AI-oriented documentation: ai-readme files provide contextual guidance
• Established patterns: Clear conventions reduce decision fatigue
• TypeScript safety: Catches errors early in development

saasap implements enterprise-grade security with production-tested measures:

Authentication & Authorization:

• JWT tokens: Access/refresh token cycle with automatic renewal
• Password security: bcryptjs hashing with salt rounds
• Session management: MongoDB-backed sessions with secure cookies
• Role-based access: Permission system with RouteGuard middleware

Data Protection:

• CSRF protection: csrf-csrf with double token validation
• XSS prevention: Helmet.js security headers
• Rate limiting: Guardian rate limiting API and Pages protection
• Input validation: Guardian system with schema-based validation

Infrastructure Security:

• HTTPS encryption: SSL certificate generation and configuration
• Environment security: Secure secret management and configuration
• Database security: MongoDB connection with authentication
• Error handling: Secure error responses without information leakage

saasap is available for €80 + VAT as a one-time payment with lifetime access.

What's Included:

• Complete TypeScript framework with all source code
• Comprehensive documentation and AI-oriented guides
• Unlimited personal and commercial project usage
• All current and future updates to the framework
• Discord community access for support and discussion
• Deployment scripts and configurations

Usage Rights:

• ✅ Build unlimited commercial SaaS applications
• ✅ Modify and customize for your specific needs
• ✅ Use in client projects and freelance work
• ❌ Cannot resell the framework itself or distribute source code

saasap is versatile and suitable for a wide range of SaaS applications:

Recommended Use Cases:

• Project management tools - Task tracking, team collaboration
• CRM systems - Customer relationship management and sales
• Analytics dashboards - Data visualization and reporting
• Content management systems - Publishing and content workflows
• API platforms - Developer tools and API management
• Subscription services - Membership and recurring billing
• Collaboration tools - Team communication and productivity

Any web-based business application that requires user authentication, data management, subscription billing, and modern web interfaces is well-suited for saasap.

Yes, saasap includes comprehensive dual payment provider support with production-ready implementations:

Payment Providers:

• Stripe Integration: Complete implementation with webhooks and subscription management
• LemonSqueezy Integration: Alternative payment provider with full feature parity

Supported Features:

• Subscription billing: Free, Pro, Ultra, Enterprise tiers
• One-time payments: Single purchases and upgrades
• Webhook handling: Real-time payment event processing
• Database models: Payment transactions, plans, and subscriptions
• Frontend components: Pricing displays and checkout flows
• Security measures: Webhook validation and error handling

The payment system is production-ready with proper error handling, retry logic, and security measures following industry best practices.

saasap implements enterprise-grade security with production-tested measures:

Authentication & Authorization:

• JWT tokens: Access/refresh token cycle with automatic renewal
• Password security: bcryptjs hashing with salt rounds
• Session management: MongoDB-backed sessions with secure cookies
• Role-based access: Permission system with RouteGuard middleware

Data Protection:

• CSRF protection: csrf-csrf with double token validation
• XSS prevention: Helmet.js security headers
• Rate limiting: Guardian rate limiting API and Pages protection
• Input validation: Guardian system with schema-based validation

Infrastructure Security:

• HTTPS encryption: SSL certificate generation and configuration
• Environment security: Secure secret management and configuration
• Database security: MongoDB connection with authentication
• Error handling: Secure error responses without information leakage

Absolutely. saasap is built with a modular architecture specifically designed for extensive customization:

Frontend Customization:

• UI Components: ApplicationComponent system for reusable components
• Styling: SASS theming system with CSS variables and mixins
• Templates: EJS component architecture for modular views
• TypeScript logic: Control system for DOM manipulation and events

Backend Customization:

• API endpoints: RouteHandler patterns for consistent API development
• Database models: Base class extension for custom data models
• Authentication: Passport.js strategies for custom auth providers
• Middleware: Express middleware chain for custom functionality

Architecture Support:

• Documented patterns: ai-readme system provides contextual guidance
• Code generation: Automated tools for consistent implementation
• Type safety: TypeScript ensures reliable customizations
• Modular design: Clear separation of concerns for easy modification

saasap provides comprehensive support through multiple channels and extensive documentation:

Documentation & Learning:

• Architecture guides: /docs/ARCHITECTURE.md with system overview
• AI development patterns: /docs/AI-GUIDELINES.md for AI-assisted development
• Layer-specific docs: Client, server, API, and shared component guides
• Setup guides: Step-by-step MongoDB Atlas and environment configuration

Contextual Guidance:

• ai-readme system: Contextual guidance throughout the codebase
• Automated tools: setup.sh and new-page.sh scripts
• Code examples: Production-ready patterns and implementations
• Deployment scripts: Ready-to-use cloud deployment configurations

Community Support:

• Discord community: Real-time support at discord.gg/2cCKvwc38B
• Developer discussions: Share implementations and best practices
• AI-first approach: Designed to work seamlessly with AI development assistants

saasap includes comprehensive deployment support with automated scripts:

Deployment Scripts (Production-Ready):

• sh deploy.sh: Deploy the application to the server with one single command

Supported Platforms:

• AWS EC2: Ubuntu/Debian Linux instances with automated SSH and deployment (Linux only)
• Google Cloud Compute Engine: VM instances running Ubuntu/Debian Linux (Linux only)
• DigitalOcean Droplets: VPS deployment with automated configuration (Linux only)
• Any VPS/Dedicated Server: Ubuntu/Debian Linux with SSH access (Linux only)
• Self-hosted servers: Complete automation for private infrastructure running Ubuntu/Debian Linux (Linux only)

Production Features:

• Caddy reverse proxy: Automatic SSL certificates, HTTP/2, and security headers
• PM2 monitoring: Process health checks, auto-restart, and log management
• Release rollback: Timestamped releases with easy rollback capabilities
• Security hardening: System updates, firewall configuration, and secure connections

Yes, saasap is built with AI-first development principles and includes AI integration capabilities:

AI Development Features:

• AI-oriented documentation: Comprehensive guides optimized for AI assistants
• Prompt templates: Development assistance with contextual guidance
• Pattern recognition: Established coding patterns for AI code generation
• Automated tools: Scripts that work seamlessly with AI development workflows

AI Integration Support:

• API endpoints: Ready-to-use patterns for AI service communication
• Async processing: Built-in support for long-running AI tasks
• Error handling: Robust patterns for AI service failures and retries
• Type safety: TypeScript interfaces for AI API responses

Development Workflow:

• AI assistants compatibility: Works seamlessly with Cursor, GitHub Copilot, and other AI tools
• Code generation: Patterns designed for AI-powered development
• Documentation clarity: Clear structure that AI assistants can understand and follow

Note: Specific AI service implementations (OpenAI, Google AI, etc.) depend on your chosen providers and can be easily integrated using the established patterns.

Vibecoding is collaborative programming where developers work together with AI assistance to build applications rapidly. saasap is optimized for vibecoding sessions:

Vibecoding-Friendly Features:

• Clear architectural patterns: Easy to understand and explain during sessions
• AI-oriented documentation: Perfect for AI assistants in collaborative coding
• Live setup scripts: setup.sh and new-page.sh work great in real-time sessions
• Instant feedback: TypeScript provides immediate error detection

Perfect for Remote Collaboration:

• Real-time development: Hot reload and instant compilation
• Pair programming: Multiple developers can work simultaneously
• Mentoring sessions: Ideal for teaching SaaS development

With saasap's production-ready SaaS starter kit, you can launch a basic SaaS in 1-3 days, or a production-ready SaaS in 1-2 weeks:

Quick Launch Timeline:

• Day 1: Complete SaaS setup (setup.sh) + basic customization
• Day 2-3: Core features development with AI assistance and MVP launch
• Week 1: More features, testing, and deployment
• Week 2: Production optimization

What Makes It Fast:

• Pre-built infrastructure: Authentication, payments, admin dashboard ready
• Automated setup: No manual configuration of complex systems
• AI-assisted development: Faster coding with AI guidance
• Production-ready patterns: No need to rebuild for scale

Timeline depends on complexity and experience level. With vibecoding or AI assistance, even beginners can launch within 2 weeks.

saasap provides a comprehensive SaaS development kit including automated project initialization (setup.sh), database setup with MongoDB Atlas and automated admin user creation, SSL certificates for HTTPS with Caddy, environment configuration, automated page generation (new-page.sh), Vitest testing framework, build processes with hot reload, automated deployment scripts (init.sh, transfer.sh, archive.sh), PM2 process management, and release rollback capabilities.

Absolutely! saasap is specifically designed for indie makers and SaaS startups who need to launch quickly and efficiently:

Perfect for Indie Makers:

• Solo-friendly: All automation means you can build alone
• Cost-effective: Open-source with minimal infrastructure costs
• Quick validation: Launch MVPs in days to test market fit
• Scalable foundation: Grows with your business without rewrites

Startup Advantages:

• Fast time-to-market: Beat competitors with rapid development
• Investor-ready: Professional, production-grade architecture
• Team scalability: Easy onboarding for new developers
• Technical debt prevention: Established patterns prevent future problems

Real Benefits:

• Focus on features: Spend time on your unique value, not on boring and repetitive stuff
• Proven patterns: Battle-tested architecture reduces risk
• Community support: Learn from other indie makers and startups

saasap includes a comprehensive testing framework designed for reliable SaaS development:

Testing Framework:

• Vitest: Fast unit testing with TypeScript support and hot reload
• Coverage reporting: Text, JSON, and HTML coverage reports for quality tracking
• 22+ test files: Pre-built tests for core functionality including security and database operations

Quality Assurance Features:

• TypeScript compilation: Static type checking prevents runtime errors
• Input validation: Guardian system with schema-based validation testing
• Security testing: Built-in tests for authentication, authorization, and input sanitization

Development Workflow:

• npm run ts:test: Run the complete test suite with watch mode
• Automated CI/CD integration: Test scripts ready for deployment pipelines
• Test data management: Structured test data and database mocking
• Error tracking: Built-in error log analysis and monitoring system

saasap includes a comprehensive admin dashboard with real-time system monitoring and management tools:

System Monitoring:

• Server metrics: Real-time CPU, memory usage, uptime tracking with health status indicators
• Database monitoring: Connection health and and storage metrics
• Error log management: GDPR-compliant log analysis with filtering, pagination, and export capabilities
• User account administration: Create, modify, and manage user accounts with role-based permissions
• User management: User profile editing, status control, and account verification
• Payment plan administration: Create and manage subscription tiers and pricing
• Revenue analytics: Subscription metrics dashboard
• Maintenance mode: System-wide maintenance mode with customizable messaging

SaaS development costs vary significantly based on complexity. With saasap, you can reduce development costs by 90-95%:

Traditional Custom Development Costs:

• Lean SaaS MVP: $1,000–$5,000 (1–2 months)
• Full-featured SaaS: $10,000–$50,000 (2–4 months)
• Scalable SaaS (multi-tenant, CI/CD, metrics): $50,000–$120,000 (4–6 months)

saasap Framework Costs:

• Basic SaaS MVP: €80 + VAT (3-7 days)
• Production-ready SaaS: €80 + VAT (1-3 weeks)
• Enterprise SaaS: €80 + VAT (2+ months)

saasap implements enterprise-grade security measures that follow industry best practices and compliance requirements:

Authentication & Authorization Security:

• JWT Token System: Access and refresh token cycle with automatic renewal
• Password Security: bcryptjs hashing with configurable salt rounds
• Multi-Factor Authentication: Optional MFA implementation for enhanced security
• Role-Based Access Control: Granular permissions with RouteGuard middleware
• Session Management: MongoDB-backed sessions with secure cookie configuration

Data Protection Measures:

• CSRF Protection: csrf-csrf with double-submit cookie pattern
• XSS Prevention: Helmet.js with comprehensive security headers
• Input Validation: Guardian system with schema-based validation
• Query Injection Prevention: MongoDB ODM with parameterized queries
• Data Encryption: HTTPS encryption and secure data transmission

Infrastructure Security:

• Rate Limiting: Guardian rate limiting API and Pages protection
• SSL Certificates: Automatic HTTPS with Caddy reverse proxy
• Environment Security: Secure environment variable management
• Error Handling: Secure error responses without information disclosure

Compliance & Standards:

• OWASP Guidelines: Following OWASP Top 10 security practices
• GDPR Compliance: Data protection and privacy controls
• Security Auditing: Comprehensive logging and monitoring
• Regular Updates: Automated security patches and dependency updates