100 production-grade SaaS patterns

Your AI writes the code.
This is the 30% it gets wrong.

The senior-engineer layer for AI-assisted builders — the data models, permissions, billing edge cases, and "don't do it this dumb way" that turn a working demo into a real product.

Get the Skill Stack — $199 Open a free skill →
One-time payment Lifetime updates Next.js · Rails · Laravel
skillstack.dev/skills/magic-link-login
SKILL-014
Magic Link Login
Auth & Identity 
// app/api/auth/magic/route.ts
export async function POST(req: Request) {
  const { email } = await req.json();
  const token = randomToken(32);

  // single-use, 15-min expiry, hashed at rest
  await db.magicLink.create({ data: {
    emailHash: hash(email),
    tokenHash: hash(token),
    expiresAt: minutes(15),
  }});

  await sendMagicEmail(email, token);
  return Response.json({ ok: true }); // never reveal if email exists
}
It works in the demo.
It breaks in production.
66%
of developers say their biggest AI frustration is code that's "almost right, but not quite."
84%
now build with AI tools — so the bottleneck isn't writing code. It's knowing what to ask for.
Source — Stack Overflow Developer Survey, 2025
The final 30%

AI can generate a feature. It can't tell you what you forgot.

Vibe-coded prototypes look done. Then real users, real data, and real money expose the gaps your AI never mentioned.

// data model

The schema that can't grow

Your AI scaffolds a users table. It doesn't model orgs, seats, roles, or soft deletes — and bolting them on later is a migration nightmare.

// authorization

The check you forgot

Every endpoint needs an ownership check. Miss one and any user can read any record. AI almost never adds them unprompted — that's an IDOR waiting to ship.

// billing

Billing that lies to your UI

Trials, proration, dunning, webhooks. Get the subscription state machine wrong and customers see the wrong plan — or keep access after they cancel.

// deliverability

The email that hits spam

The sendEmail() your AI wrote works once. Then there's no signed link, no throttle, no SPF/DKIM — and your domain gets flagged.

Inside a skill

Every pattern, explained the way a senior engineer would.

Not a snippet to paste blindly. A complete mental model — so you understand the decision, then ship it in your stack.

01

Overview — why it matters

What the pattern solves, when you need it, and the cost of getting it wrong.

02

UX best practices

The interaction details that separate a polished product from a clunky one.

03

The prompt to give your AI

A precise, copy-paste prompt that gets Cursor, Claude Code, or Copilot to build it correctly the first time.

04

1–2 common variants

The realistic forks — magic link vs OTP, shared-DB vs schema-per-tenant — and how to choose.

05

Edge cases & gotchas

The "don't do it this dumb way" list that saves you a production incident.

06

Framework code

Reference snippets for Next.js, Rails, and Laravel — same pattern, your stack.

the prompt · copy & paste into your AI
SKILL-019 · PROMPT
Webhook-Driven Billing Sync
Billing Idempotent Stripe 
Build a Stripe webhook handler that treats Stripe
as the source of truth for subscription state.

Requirements:
 Verify the signature on every request.
 Make handlers idempotent — store processed
  event IDs; ignore duplicates.
 Map events → a local subscription state machine
  (trialing, active, past_due, canceled).
 Return 200 fast; do heavy work in a job.
 Never trust the client to report plan changes.
See the full skill →
What's covered

100 skills across every system real SaaS needs.

Auth, multi-tenancy, billing, permissions, onboarding, notifications, security, ops — the whole production surface.

Auth & Identity

10
Email + Password the Right Way · Email Verification Flow · Password Reset Without Account Enumeration

Multi-Tenancy

06
Tenant Isolation Model · Workspaces & Switching · Subdomain & Custom Domains

Billing

09
Stripe Checkout & Customer Portal · Subscription State Machine · Webhook-Driven Sync

Permissions

06
Role-Based Access Control (RBAC) · Fine-Grained / Resource Permissions · Team Invitations

Onboarding

05
First-Run Experience · Empty States That Convert · Setup Checklists & Progress

Notifications

05
Transactional Email Infrastructure · In-App Notification Center · Notification Preferences

Files & Media

04
Direct-to-Storage Uploads · Image Processing Pipeline · Signed URLs & Access Control

Data & APIs

08
REST API Design Conventions · Pagination That Scales · Rate Limiting & Quotas

Search

04
Full-Text Search · Faceted Filtering · Saved Views & Segments

Real-Time

05
Live Updates (WebSocket / SSE) · Presence & 'Who's Here' · Optimistic UI

Admin

05
Admin Dashboard · Feature Flags & Rollouts · Metrics That Matter (MRR, churn)

Account

05
Profile & Account Settings · Account Deletion & GDPR · Data Residency & Privacy

Reliability

05
Error Handling & User Messaging · Health Checks & Status Page · Maintenance Mode

Growth

05
Referral Program · Affiliate / Partner Tracking · In-App Upgrade Prompts

UX Patterns

10
Forms & Validation · Multi-Step Wizards · Destructive Action Confirmation

Security

05
CSRF & CORS Done Right · Input Sanitization & XSS · Secrets & Environment Config

Operate

03
Logging & Observability · Backups & Disaster Recovery · Staging, Seeds & Preview Envs
Browse all 100 skills → Updated as patterns and frameworks evolve — free for life.
Who it's for

You can already build. You need the part nobody taught the AI.

Solo & technical founders Indie hackers Cursor / Claude Code builders Lovable & Replit shippers Devs who code but need product architecture Anyone tired of "almost right, but not quite"
One price. Forever.

Cheaper than one hour of a senior contractor.

A senior SaaS engineer bills $150–250/hour. This is their judgment, packaged — once.

The Skill Stack

Lifetime access to all 100 production-grade patterns, prompts, variants, and framework code.

$199 one-time
No subscription. No seats. $349 launch price.
Get instant access →
14-day money-back guarantee

Everything included

  • 100 production-grade skills — each with overview, UX, and the prompt to build it
  • Copy-paste AI prompts — tuned for Cursor, Claude Code & Copilot
  • 1–2 variants per skill — the real forks, and how to choose
  • Edge-case checklists — the gotchas that cause production incidents
  • Next.js, Rails & Laravel code — same pattern, your stack
  • Lifetime updates — new skills & framework revisions, free
Questions

The honest FAQ.

A reference library you keep open while you build. No 6-hour videos to sit through — open the skill you need, understand the decision, grab the prompt, ship it. The short YouTube videos point you to which skill solves what.
You should be comfortable directing an AI to build features. You don't need to be a senior engineer — that's the gap this fills. If you can ship a prototype with Cursor or Claude Code, this turns it into production.
Every skill ships reference code for Next.js, Ruby on Rails, and Laravel. The patterns and prompts themselves are framework-agnostic — the principles transfer to any stack.
Yes. The prompts are written to work with Cursor, Claude Code, GitHub Copilot, and any chat-based assistant. Copy the prompt, paste it into your tool, review what it builds against the edge-case checklist.
One-time, $199. No recurring charge, no per-seat pricing. New skills and framework updates are included for life.
14-day money-back guarantee, no questions asked. And you can read a full skill — Magic Link Login — free, before you buy.

Stop shipping the demo.
Ship the production SaaS.

100 patterns the AI won't volunteer — the judgment layer between "it works on my machine" and "it works for paying customers."