GenerateSaaSCLI
Scaffold and maintain SaaS projects with the generatesaas CLI. License-gated commands handle init, updates, status, and eject from a versioned template.
The generatesaas CLI (source in packages/cli) scaffolds projects from the boilerplate and keeps them in sync afterward. It never ships the template source - commands that touch the template authenticate with your API key, then download a versioned tarball from a Cloudflare Worker backed by R2.
How distribution works
| Aspect | Detail |
|---|---|
| Template source | Never bundled in the CLI package - downloaded on demand. |
| Access gate | init, auth, status, and update send your API key to the version index (/versions); a 401 means the key is invalid. verify and eject need no key. |
| Delivery | A versioned tarball is streamed from the CF Worker + R2 origin at cli.generatesaas.com. |
| Endpoint | CLI_API_URL in packages/cli/src/constants.ts, overridable via the GENERATESAAS_API_URL env var. |
| Key storage | Saved to ~/.generatesaas (mode 0600) so later commands run unattended. |
Commands
Run lifecycle commands from a generated project root. status and update also accept --cwd <path> to target another directory; eject must be run from the project root.
| Command | What it does |
|---|---|
init | Scaffold a new project: verify access, collect options, activate a license, download the template, run generators, install deps, init git. |
auth | Set or replace the saved API key (verified before saving); auth --clear removes it. |
status | Read .generatesaas/manifest.json and print version, frontend, deploy target, database, cache, AI tools, then check for a newer release. |
update | Refresh AI skill files and the license token; if a newer version exists, stage it into .generatesaas/staging/ with a changelog. |
verify [url] | Check whether a deployed site is legitimately licensed. Accepts a homepage or API URL, verifies the license signature, and cross-references the records for a verdict (licensed / revoked / leaked / ejected / unlicensed). Works for anyone with no key; an owner key adds the customer's identity to the output. |
eject | Irreversibly sever every GenerateSaaS tie - manifest, license route, heartbeat, and AI skills. |
update never mutates your code - it only stages the new version, re-shaped for your project's exact configuration (same frontend, payment provider, database, and feature flags), so everything it stages already applies to your project. Applying the diff is delegated to your AI assistant, which reads the changelog and template snapshot.
Explore
init
Every prompt, flag, and the generate-and-install pipeline.
update
How staging works and how your AI assistant applies a new version.
Licensing & heartbeat
The manifest, the license JWT, and the daily heartbeat - and why it exists.
eject
The permanent opt-out: what gets deleted and what keeps working.
Frequently asked questions
Do I need an API key to verify a deployed site?
No. verify decodes the JWT claims locally and checks the signature against the public verification service, so it works without a saved key. Use --file to check many URLs at once.
Where is my API key stored?
In ~/.generatesaas with file mode 0600. auth --clear removes it; an invalid key (401) re-prompts interactively or aborts under --yes.
Can I pin a specific template version?
Yes. Pass --template-version <semver> to init; the CLI validates it against the version index before downloading and otherwise defaults to the latest.
How do I cut all ties to GenerateSaaS?
Run eject. It removes the connective tissue (manifest, license route, heartbeat, skills) while your application code and @repo/config flags keep working.
Going to production
Run the pre-launch checklist - env vars, SEO flags, trusted origins, webhooks, and migrations - before your first real deploy.
generatesaas init
Scaffold a new SaaS project from the licensed boilerplate. Answer grouped prompts to choose your stack and features, or pass flags for non-interactive CI.