Building a 20K+ Line Production SaaS Platform with Claude Code: Lessons from Agentic Engineering at Scale

Project Overview

LastSaaS is a production SaaS boilerplate with every line written through conversation with Claude Code. It's not a demo or toy—it powers a live platform called Flipbook. The stack includes Go 1.25, React 19, TypeScript, MongoDB, and Tailwind, released under MIT license.

What the Project Includes

• Complete SaaS foundation with multi-tenant auth (OAuth, MFA, magic links, JWT rotation)
• Stripe billing (subscriptions, per-seat, credits)
• White-labeling capabilities
• 19 webhook event types
• Admin dashboard and health monitoring
• Built-in MCP server with 26 read-only tools that let AI assistants query dashboards, users, billing, and health data

What Worked

Go's explicitness is an asset for agents: No framework magic means Claude Code doesn't have to guess what middleware is doing behind the scenes. Explicit error handling, clear routing, and predictable patterns help the agent stay on track.

Consistent patterns compound: Establishing patterns early for how handlers, services, and data access are structured allowed Claude to replicate them across dozens of endpoints with high consistency, dramatically reducing the tax on each new feature.

The MCP server was built by Claude for Claude: The 26 read-only tools create a meta interface where the AI built its own way to query the system.

MongoDB's document model simplified multi-tenancy: Claude had no trouble maintaining tenant isolation because the data model makes boundaries explicit, avoiding join-table confusion and leaky abstractions.

What Required Discipline

You still need architectural vision: Claude Code is a brilliant executor but doesn't design systems. The human must provide the architecture—knowing what multi-tenant RBAC should look like, how webhook delivery retries should work, and what the Stripe integration flow needs to be.

Review everything: Especially security-sensitive code like JWT rotation, HMAC signing, rate limiting, and injection protection. Claude gets it right most of the time, but "most of the time" isn't good enough for auth flows—every security-adjacent line needs human review.

Fight pattern drift: Over long sessions, Claude can subtly drift from established patterns. Periodically re-anchoring the conversation helps: "Look at how we implemented the user handler. Follow the same pattern for webhooks."

The "Built for Agents" Concept

The codebase is intentionally structured so that when someone forks it and points their own AI agent at it, the agent can extend it fluently. This includes predictable file structure, consistent naming, and explicit patterns—a foundation designed to be extended through conversation.

The repository is available at https://github.com/jonradoff/lastsaas.