Open source · SDK + Security Scanner

For builders who ship

Stop rebuilding
the same five things.

Flowstack is the backend SDK every AI SaaS app needs. Auth, workspaces, agents, multi-tenancy — one install. Secure by default.

Get Early AccessMIT licensed · No infra to manage

Install once. Ship faster.

# Install the SDK
npm install @flowstack/sdk

# Scan for security issues
npx secure-ai-app scan

# Security Score: 64/100 (C) — let's fix that
npx secure-ai-app fix
auth · handledmulti-tenancy · built inNEXT_PUBLIC_ secrets · flaggedworkspace management · doneAI streaming · readyhardcoded key · found + fixedrole-based access · enforceduser management · includedmissing AuthGuard · flaggedmock mode · dev-friendlyauth · handledmulti-tenancy · built inNEXT_PUBLIC_ secrets · flaggedworkspace management · doneAI streaming · readyhardcoded key · found + fixedrole-based access · enforceduser management · includedmissing AuthGuard · flaggedmock mode · dev-friendly

What it is

Every AI SaaS app needs
the same backend.

You're building fast. So you wire up auth from one place, workspaces from another, agents from a third. By the fourth project you're rebuilding the same five things again. Flowstack is that backend — already wired, already secure, already working.

01 · Auth
Authentication
Login, register, Google OAuth, sessions, role hierarchy. Works out of the box. Secure patterns enforced.
02 · Multi-tenant
Workspaces
Full workspace management. Tenant isolation built in — not bolted on. Your users never see each other's data.
03 · Agents
AI Integration
useAgent() hook with real-time streaming. Claude, GPT-4, Llama — your choice. No gateway glue.
04 · Data
Datasets
Upload, download, manage. Per-tenant storage, workspace-scoped access. AI-ready from day one.
05 · Users
User Management
Admin dashboard, suspend/reactivate, role filters, stats. Full RBAC: owner → admin → member → viewer.

Built-in security

The scanner that knows your stack.

secure-ai-app is an open source CLI scanner that ships with Flowstack. It knows every hook, every API pattern, every failure mode — because we built both sides.

It found a real Google Play private key hardcoded in our own repo on first run. That's not a demo. That's the point.


View the Scanner →
secure-ai-app scanning a projectScan results showing findings and security score
10 rules, zero config
hardcoded-api-keyenv-exposuremissing-auth-guardtenant-isolationsecret-in-prompt+ 5 more

Why it works

The compounding loop.

Most builders ship disposable products. One idea, ship it, abandon it. No accumulated leverage. This is the other way.

01
Build the SDK
Abstract the five things every AI SaaS needs. Auth, workspaces, agents, data, users. Once.
02
Ship products on it
Every product is a real user of the SDK. Every gap gets filled. Every friction gets removed.
03
The SDK gets smarter
Four products in, the fifth takes a fraction of the time. The platform compounds underneath everything.
04
Security comes free
The scanner knows the SDK's patterns because we built both. Every new feature creates new detection rules automatically.
05
Repeat
You don't stop. That's the whole thing. The code is just evidence.
Architecture
Your products
Your AppSaaS #2Mobile
@flowstack/sdk
useAuthuseAgentuseWorkspace
useDatasetsuseUserMgmtAuthGuard
Backend services
REST APISSE StreamOAuth
DynamoDBS3AI Models
secure-ai-app scans every layer

Early access

Build your AI SaaS.
Ship it secure.

Get early access to Flowstack SDK + the security scanner. Free while we're in beta.

No spam. No pitch deck. Just access when it's ready.