saastore-port
v0.1.1
Published
MCP server that helps sellers port their app to saastore hosting (HMAC identity, manifest, packaging).
Maintainers
Readme
saastore-port
MCP server the seller runs locally to port their app onto saastore hosting.
The seller's IDE-side agent (Claude Code, Cursor, Cline, Zed, …) connects via stdio. The seller's existing API key drives any LLM calls — saastore never sees source or keys (see spec §7.1 in the saastore monorepo).
Status
All 8 tools shipped at PoC quality. Concierge first-seller work will surface friction → polish iterations, but the surface is complete.
| Tool | Status | Tests |
| --- | --- | --- |
| analyze_repo | ✓ Implemented | 7 |
| propose_auth_rewire | ✓ Implemented (FastAPI kit; others as concierge surfaces them) | 4 |
| apply_auth_rewire | ✓ Implemented | 6 |
| validate_compliance | ✓ Implemented | 7 |
| generate_manifest | ✓ Implemented | 8 |
| boot_test_local | ✓ Implemented (integration; requires local docker) | — |
| package_image | ✓ Implemented (integration; requires local docker) | — |
| push_image | ✓ Implemented (integration; requires local docker + saastore registry token) | — |
Unit tests: 32/32. Integration paths (boot_test_local, package_image,
push_image) are covered by the saastore monorepo's
scripts/smoke_hosted_auth.sh since they shell out to docker.
Install (during PoC)
cd tools/saastore-port
npm install
npm run buildThen point your agent at tools/saastore-port/dist/server.js as a stdio MCP server.
Once we ship to npm:
npx saastore-portTools
analyze_repo
Scans a repository (defaults to CWD) and detects:
- Detected languages (javascript, typescript, python, ruby, go, rust)
- Frontend framework (Next.js, Remix, Nuxt, SvelteKit, React, Vue)
- Backend framework (Express, Fastify, Hono, Koa; FastAPI, Django, Flask, Quart, Starlette)
- Auth library (NextAuth, Auth.js, Supabase Auth, Passport, Clerk, Auth0, Lucia, Firebase, Django auth, Flask-Login, Authlib, DIY JWT)
- Database (postgres, mongodb, sqlite, mysql, redis)
- Payment processors (stripe, paddle, lemonsqueezy, braintree) — flagged as must-remove
- External APIs called (openai, anthropic, google-genai, cohere, replicate, twilio, sendgrid, resend, aws, sentry)
- Warnings (no manifest found, invalid JSON, payment processor present)
Pure file analysis — reads package.json / pyproject.toml / requirements.txt / Gemfile / go.mod / Cargo.toml.
generate_manifest
Takes the output of analyze_repo plus a few seller-supplied fields and
returns a saastore.yaml manifest the seller commits.
Inferences from analysis:
app.framework: prefers detected frontend framework, falls back to backend.app.port: 3000 for next.js / remix / nuxt; 8000 for fastapi / django / flask; 8080 otherwise.auth.adapter: derived from detected auth library (nextauth→saastore-nextauth, etc.)database.postgres: true when DB is detected as postgresexternal_apis: one entry per detected API (sentry excluded), uppercased to*_API_KEYenv vars, default $5 cap
Anything can be overridden via the input object (see the source for the full type).
Development
npm test # runs node:test with tsx
npm run build # tsc -> dist/
npm run dev # tsc --watchLicense
MIT
