saas-seeder
Bootstrap a new SaaS from the SaaS Seeder Template: setup database, configure environment, create super admin user, and verify three-tier panel structure. Use when initializing a new multi-tenant SaaS project from this template.
Best use case
saas-seeder is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Bootstrap a new SaaS from the SaaS Seeder Template: setup database, configure environment, create super admin user, and verify three-tier panel structure. Use when initializing a new multi-tenant SaaS project from this template.
Teams using saas-seeder should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/saas-seeder/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How saas-seeder Compares
| Feature / Agent | saas-seeder | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Bootstrap a new SaaS from the SaaS Seeder Template: setup database, configure environment, create super admin user, and verify three-tier panel structure. Use when initializing a new multi-tenant SaaS project from this template.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
## Platform Notes
- Optional helper plugins may help in some environments, but they must not be treated as required for this skill.
# SaaS Seeder Template Bootstrap
Acknowledgement: Shared by Peter Bamuhigire, techguypeter.com, +256 784 464178.
<!-- dual-compat-start -->
## Use When
- Bootstrap a new SaaS from the SaaS Seeder Template: setup database, configure environment, create super admin user, and verify three-tier panel structure. Use when initializing a new multi-tenant SaaS project from this template.
- The task needs reusable judgment, domain constraints, or a proven workflow rather than ad hoc advice.
## Do Not Use When
- The task is unrelated to `saas-seeder` or would be better handled by a more specific companion skill.
- The request only needs a trivial answer and none of this skill's constraints or references materially help.
## Required Inputs
- Gather relevant project context, constraints, and the concrete problem to solve; load `references` only as needed.
- Confirm the desired deliverable: design, code, review, migration plan, audit, or documentation.
## Workflow
- Read this `SKILL.md` first, then load only the referenced deep-dive files that are necessary for the task.
- Apply the ordered guidance, checklists, and decision rules in this skill instead of cherry-picking isolated snippets.
- Produce the deliverable with assumptions, risks, and follow-up work made explicit when they matter.
## Quality Standards
- Keep outputs execution-oriented, concise, and aligned with the repository's baseline engineering standards.
- Preserve compatibility with existing project conventions unless the skill explicitly requires a stronger standard.
- Prefer deterministic, reviewable steps over vague advice or tool-specific magic.
## Anti-Patterns
- Treating examples as copy-paste truth without checking fit, constraints, or failure modes.
- Loading every reference file by default instead of using progressive disclosure.
## Outputs
- A concrete result that fits the task: implementation guidance, review findings, architecture decisions, templates, or generated artifacts.
- Clear assumptions, tradeoffs, or unresolved gaps when the task cannot be completed from available context alone.
- References used, companion skills, or follow-up actions when they materially improve execution.
## Evidence Produced
| Category | Artifact | Format | Example |
|----------|----------|--------|---------|
| Release evidence | SaaS bootstrap record | Markdown doc capturing database, super-admin, and environment setup decisions for the seeded SaaS | `docs/saas/bootstrap-record-2026-04-16.md` |
## References
- Use the `references/` directory for deep detail after reading the core workflow below.
<!-- dual-compat-end -->
Bootstrap a new multi-tenant SaaS project using the SaaS Seeder Template with proper three-tier panel architecture, Argon2ID authentication, and franchise isolation.
## Security Baseline (Required)
Always load and apply the **Vibe Security Skill** for any seeder work that touches web pages, APIs, authentication, data access, or file handling. Treat its checklist as mandatory.
## Database Standards (Required)
All database schema setup, seeding, and migrations MUST follow **mysql-best-practices** skill patterns including character sets, indexing, foreign keys, and stored procedures.
## Standard Deployment Environments
All SaaS projects deploy across three environments:
| Environment | OS | Database | Web Root |
|---|---|---|---|
| **Development** | Windows 11 (WAMP) | MySQL 8.x | `C:\wamp64\www\{project}\` |
| **Staging** | Ubuntu VPS | MySQL 8.x | `/var/www/html/{project}/` |
| **Production** | Debian VPS | MySQL 8.x | `/var/www/html/{project}/` |
**Cross-platform rules:** Use `utf8mb4_unicode_ci` collation. Match file/directory case exactly (Linux is case-sensitive). Use forward slashes in PHP paths. Production migrations go in `database/migrations-production/` (non-destructive, idempotent).
## When to Use
Use when the user says:
- "Using the seeder-script skill, prepare this repository for [SaaS name]"
- "Bootstrap a new SaaS from this template"
- "Initialize the SaaS Seeder Template"
- "Setup database for new SaaS project"
- "Start a new project from the template"
## Project Preparation Workflow
**BEFORE bootstrapping, developers MUST provide:**
### 1. Requirements & Design Specifications
Place in `docs/project-requirements/`:
```
docs/project-requirements/
├── requirements.md # Detailed feature requirements
├── business-rules.md # Business logic and validation rules
├── user-types.md # User types and their permissions
├── workflows.md # Key user workflows and processes
└── ui-mockups/ # UI mockups or wireframes (optional)
```
**Use the `project-requirements` skill to create these files with AI assistance.**
### 1.1 Documentation Readiness (Required)
- Confirm end-user manual scope is defined for each core feature
- Plan manual locations in `/manuals/` and a public entry point (e.g., `/public/user-manuals.php`)
- Ensure specs are written in a way that can be translated into manuals and step-by-step guides
### 2. Database Schema Files
Place in `database/schema/`:
```
database/schema/
├── core-schema.sql # Main database schema
├── seed-data.sql # Sample/seed data (optional)
└── schema-diagram.png # Database diagram (optional)
```
**Schema Requirements:**
- All franchise-scoped tables MUST have `franchise_id` column
- Use `utf8mb4_unicode_ci` collation
- Include proper indexes and foreign keys
### AI Agent Preparation Steps
When starting a new project:
1. **Read Project Requirements**
- Load all files from `docs/project-requirements/`
- Understand user types, workflows, business rules
- Identify custom tables needed beyond template defaults
2. **Review Database Schema**
- Read schema files from `database/schema/`
- Validate against multi-tenant patterns (franchise_id filtering)
- Ensure collation is utf8mb4_unicode_ci
- Check for proper indexes and foreign keys
3. **Update Project Documentation**
- Replace README.md with project-specific content
- Update AGENTS.md with project-specific guidance
- Remove template docs from docs/ (keep only project-relevant ones)
- Add project-specific documentation based on requirements
- Ensure `docs/plans/INDEX.md` exists as the master plan status index and is maintained as plans are created or updated
4. **Customize Template**
- Update branding (SaaS Seeder → Project Name)
- Set SESSION_PREFIX to project-specific value
- Customize user types enum if needed
- Update environment variable examples
- Register GIS settings when mapping is required (tile provider keys such as system_settings.osm_api_key)
5. **Validate Completeness**
- Check all requirements are documented
- Verify database schema follows multi-tenant patterns
- Ensure session prefix is customized
- Confirm user types match requirements
## Critical Architecture Standards
**See `references/architecture.md` for complete details.**
### Three-Tier Panel Structure (CORE Concept)
1. **`/public/` (root)** - Franchise Admin Panel (THE MAIN WORKSPACE)
- Single franchise management
- User types: `owner`, `staff`
- Files: `dashboard.php`, `skeleton.php`
2. **`/public/adminpanel/`** - Super Admin Panel
- System-wide management
- Multi-franchise oversight
- User type: `super_admin`
3. **`/public/memberpanel/`** - End User Portal
- Self-service for end users
- User types: `member`, `student`, `customer`, `patient`
**Key Principle:** `/public/` root is NOT a redirect router - it's the franchise admin workspace!
### Session Prefix System
**All session variables use a prefix:**
```php
define('SESSION_PREFIX', 'saas_app_'); // Change per SaaS
// ALWAYS use helpers
setSession('user_id', 123); // Sets $_SESSION['saas_app_user_id']
$userId = getSession('user_id'); // Gets $_SESSION['saas_app_user_id']
hasSession('user_id'); // Checks if exists
```
**Customize per SaaS:** `school_`, `restaurant_`, `clinic_`, etc.
### Password Hashing
**Uses Argon2ID (NOT bcrypt):**
```
Algorithm: Argon2ID + salt(32 chars) + pepper(64+ chars)
Hash: salt + Argon2ID(HMAC-SHA256(password, pepper) + salt)
```
**CRITICAL:** Use `super-user-dev.php` to create admin users, NOT migration defaults!
## Required Files And Paths
- `docs/seeder-template/migration.sql` - Core auth/RBAC schema
- `docs/seeder-template/fix-collation-and-create-franchises.sql` - Collation fixes + franchises table
- `docs/project-requirements/` - Project requirements (developer provides)
- `database/schema/` - Project database schemas (developer provides)
- `public/super-user-dev.php` - Super admin creator (DEV ONLY)
- `public/dashboard.php` - Franchise admin dashboard
- `public/skeleton.php` - Page template
- `.env` - Environment configuration
## Standard Workflow
**See `references/workflow.md` for complete step-by-step guide.**
### Quick Bootstrap Steps
1. **Environment Setup**
- Ask for DB credentials, cookie domain, encryption keys
- Create/update `.env` file
2. **Install Dependencies**
```bash
composer install
```
3. **Install PHP Development Tools**
**See `references/php-tooling.md` for complete setup guide.**
**Quick install:**
```bash
# Check existing tools
composer show | grep -E "(phpstan|phpunit|pest|php-cs-fixer)"
# Install essential tools
composer require --dev phpstan/phpstan
composer require --dev friendsofphp/php-cs-fixer
composer require --dev pestphp/pest --with-all-dependencies
```
**Create configs and add composer scripts (see references/php-tooling.md for details).**
4. **Database Setup**
```bash
.\setup-database.ps1 # Windows PowerShell
```
5. **Fix Collations**
```bash
.\fix-database.ps1 # Creates franchises table
```
6. **Create Super Admin**
- Visit `http://localhost:8000/super-user-dev.php`
- Uses correct Argon2ID hashing
7. **Verify Setup**
- Login at `http://localhost:8000/sign-in.php`
- See landing page with navigation buttons
8. **Project Customization**
- Update SESSION_PREFIX in `src/config/session.php`
- Customize user types enum
- Apply project database schema
- Update branding throughout
- Create project-specific AGENTS.md
## Seeding Rules
### User Types & Franchise Requirements
- `super_admin` - Platform operators (franchise_id CAN be NULL)
- `owner` - Franchise owners (franchise_id REQUIRED)
- `staff` - Franchise staff with permissions (franchise_id REQUIRED)
- Custom types - End users (franchise_id REQUIRED)
### Franchise Data
**ALWAYS filter by franchise_id:**
```php
// CORRECT
$stmt = $db->prepare("SELECT * FROM students WHERE franchise_id = ?");
$stmt->execute([getSession('franchise_id')]);
// WRONG - data leakage!
$stmt = $db->prepare("SELECT * FROM students");
```
### Permission Codes
- Uppercase with underscores
- Format: `RESOURCE_ACTION`
- Examples: `INVOICE_CREATE`, `STUDENT_DELETE`, `REPORT_VIEW`
## Troubleshooting
**See `references/troubleshooting.md` for complete guide.**
### Common Issues
**Session Not Persisting**
- HTTPS auto-detection already handled
- Localhost HTTP works without HTTPS requirement
**Password Mismatch**
- Use `super-user-dev.php`, NOT manual password_hash()
- Template uses Argon2ID, not bcrypt
**Collation Errors**
- Run `.\fix-database.ps1`
- Fixes utf8mb4_unicode_ci mismatches
**Missing Franchises Table**
- Run `.\fix-database.ps1`
- Creates tbl_franchises with default data
## Output After Completion
### For New Project from Template
Report to user:
```
✅ [Project Name] Initialized!
Requirements Loaded:
- ✅ Read from docs/project-requirements/
- ✅ Database schema reviewed from database/schema/
- ✅ User types customized: [list custom types]
- ✅ Session prefix set to: [prefix]_
Database Setup:
- ✅ Core schema applied
- ✅ Seed data loaded (if provided)
- ✅ Multi-tenant validation passed
PHP Development Tools Installed:
- ✅ PHPStan (level 8) - Static analysis
- ✅ PHP CS Fixer - PSR-12 formatting
- ✅ PHPUnit/Pest - Testing framework
- ✅ Configuration files created
- ✅ Composer scripts configured
Project Documentation:
- ✅ README.md updated for [Project Name]
- ✅ AGENTS.md created with project-specific guidance
- ✅ Template docs archived/removed
Branding:
- ✅ Updated throughout application
- ✅ Landing page customized
- ✅ Login page branded
Next Steps:
1. Review updated AGENTS.md for project-specific guidance
2. Create super admin at http://localhost:8000/super-user-dev.php
3. Login and verify three-tier panel structure
4. Run quality checks: composer quality
5. Begin implementing features from docs/project-requirements/
Development Commands:
- composer test # Run tests
- composer stan # Static analysis
- composer cs-fix # Format code (PSR-12)
- composer quality # Run all checks
References:
- Requirements: docs/project-requirements/
- Schema: database/schema/
- Development Guide: AGENTS.md
```
## File Structure After Setup
### Template Structure (Before Project Customization)
```
saas-seeder/
├── public/ # Web root
│ ├── index.php # Landing page with nav buttons
│ ├── sign-in.php # Login
│ ├── super-user-dev.php # Super admin creator
│ ├── dashboard.php # Franchise admin dashboard
│ ├── skeleton.php # Page template
│ ├── adminpanel/ # Super admin panel
│ ├── memberpanel/ # End user portal
│ └── assets/ # Shared CSS/JS
├── src/
│ ├── config/
│ │ ├── auth.php # Auth functions + access control
│ │ ├── session.php # Session prefix helpers
│ │ └── database.php # Database connection
│ └── Auth/ # Auth services, helpers, DTOs
├── docs/
│ ├── seeder-template/ # Template schemas
│ ├── PANEL-STRUCTURE.md # Architecture guide
│ └── project-requirements/ # ⭐ PUT PROJECT REQUIREMENTS HERE
│ ├── requirements.md
│ ├── business-rules.md
│ ├── user-types.md
│ └── workflows.md
├── database/
│ └── schema/ # ⭐ PUT DATABASE SCHEMAS HERE
│ ├── core-schema.sql
│ └── seed-data.sql
├── .env # Environment config
├── composer.json # Dependencies
├── setup-database.ps1 # Setup script
├── fix-database.ps1 # Fix script
└── AGENTS.md # Development guide
```
## References
**Complete documentation in subdirectories:**
- `references/architecture.md` - Complete architectural standards
- `references/workflow.md` - Detailed step-by-step workflow
- `references/troubleshooting.md` - Common issues and solutions
- `references/php-tooling.md` - PHP development tools setup and usage guide
**External references:**
- `../../docs/PANEL-STRUCTURE.md` - Three-tier architecture guide
- `../../AGENTS.md` - Development guidelines
- `../project-requirements/` - Skill for creating requirements docs
## Quality Assurance
**See `references/php-tooling.md` for complete guide.**
### Quick Commands
```bash
composer cs-fix # Format code (PSR-12)
composer stan # Static analysis
composer test # Run tests
composer quality # All checks
```
### Pre-Commit Workflow
```bash
composer quality && git commit -m "feat: description"
```
### What to Test
✅ Authentication, franchise isolation, permissions, password hashing, session management, input validation
**See `references/php-tooling.md` for testing examples, CI/CD setup, and IDE integration.**
## Security Checklist Before Production
- [ ] Remove `super-user-dev.php` or restrict access
- [ ] Change `SESSION_PREFIX` from `saas_app_`
- [ ] Set strong `PASSWORD_PEPPER` (64+ chars)
- [ ] Set strong `COOKIE_ENCRYPTION_KEY` (32+ chars)
- [ ] Set `APP_ENV=production`
- [ ] Enable HTTPS (session cookies require it)
- [ ] Review all queries for franchise_id filtering
- [ ] Set proper file permissions on `.env` (600)Related Skills
saas-tenant-data-portability-and-erasure
Use when designing the GDPR/POPIA/CCPA-compliant data export (right to portability) and erasure (right to be forgotten) workflows for a multi-tenant SaaS — cascade through every data store including warehouse/backups, retention policy, requester verification, audit trail, multi-tenant nuances of erasing one tenant's data without affecting others, and the engineering for African market regulations (Uganda DPPA, Kenya DPA, POPIA).
saas-sso-scim-enterprise-auth
Use when implementing enterprise auth on a multi-tenant SaaS — SAML 2.0 and OIDC SSO with per-tenant IdP configuration, SCIM 2.0 user provisioning/deprovisioning, custom-domain support with automated TLS, IP allowlists per tenant, audit-log API, and the migration from email-password tenants to IdP-enforced tenants. The price of entry for enterprise SaaS.
saas-sales-organization
Use when designing or scaling a SaaS sales organisation — sales motions, roles (SDR/BDR/AE/CSM/SE), pipeline stages, lead-to-cash, territory design, quota/commission, sales ops fundamentals, onboarding/ramp, and hiring rubrics. Sourced from "Blueprints for a SaaS Sales Organization" (van der Kooij, Pizarro).
saas-rate-limiting-and-quotas
Use when designing per-tenant rate limits and quotas — algorithm choice (token bucket, sliding window, leaky bucket, fixed window), where to enforce (edge, gateway, service, DB connection pool, queue), per-plan / per-tier limits, soft vs hard caps, fair-queueing for noisy neighbors, headers and error responses, and how to expose quota usage to the tenant.
saas-lifecycle-email-orchestration
Use when designing the six core lifecycle email sequences (welcome/onboarding, behavioral/feature-discovery, upgrade/upsell, retention, reactivation, referral) — trigger contracts, branched automation, suppression rules, PQL/churn-risk triggers, and revenue attribution. Built on top of `saas-transactional-email-infrastructure`. Distinct from `tabler-email-templates` (HTML) and `subscription-billing` (raw billing events).
saas-erp-system-design
Use when designing configurable SaaS or ERP platforms with multi-step business workflows, domain modules, approvals, auditability, pricing and entitlements, operational reporting, and tenant-specific variation. Covers domain boundaries, workflow states, extension points, and control design.
saas-entitlements-and-plan-gating
Use when designing the entitlements engine that enforces what each plan/tier/tenant can do — feature flags vs entitlements distinction, limits enforcement (seats, API calls, storage, projects, AI tokens), gate placement (UI, API, worker), upgrade-discovery UX, override mechanisms for enterprise contracts, and the runtime that resolves "can this tenant do X right now?" in a few milliseconds.
saas-business-metrics
Complete SaaS metrics framework covering revenue (MRR/ARR/ARPU), growth (CAC/LTV/payback), retention (churn/NRR/GRR), engagement, customer satisfaction (NPS/CSAT/CES), unit economics, the Rule of 40, and SaaS finance basics. Use when measuring...
saas-architecture-strategy
Use when architecting or evaluating a cloud SaaS product — including choosing multi-tenant patterns, mapping deployment to IaaS, planning scaling and blast-radius isolation, aligning architecture to business capabilities, and reconciling multi-enterprise consumption requirements with operating-model constraints.
saas-admin-backoffice-tooling
Use when designing the internal admin / back-office console of a multi-tenant SaaS — tenant impersonation (audited, time-boxed), tenant lifecycle controls (suspend/restore/archive/hard-delete), billing operations (refunds, credits, plan overrides), feature-flag overrides per tenant, bulk actions (mass invite, plan migration, region migration), and the audit-log spine that backs all of it. Distinct from the customer-facing super-admin panel in `multi-tenant-saas-architecture`.
saas-accounting-system
Implement a complete double-entry accounting system inside any SaaS app. Users enter transactions naturally (sales, expenses, inventory) while the system auto-posts journal entries under the hood. Produces both user-friendly reports and technical...
multi-tenant-saas-architecture
Use when designing or reviewing a multi-tenant SaaS platform — tenant isolation model, three-panel separation (super admin, franchise admin, end user), zero-trust enforcement, audit trails, and per-tenant permission overrides. Unlike `modular-saas-architecture` which focuses on pluggable business modules, this skill defines the tenancy and auth boundaries that every module inherits.