Auth & sessions
Scoped roles, API keys, token rotation — the part AI generates most confidently and gets wrong most often.
// for agencies & fractional CTOs
Your agents are fast. But every engagement still starts by rebuilding the same dangerous 30% — auth, Stripe webhooks, multi-tenant isolation — and one breach traced to agent-generated code can end the client relationship. microservices.sh makes that 30% verified, reusable, and safe enough to put your name on.
84% of devs use AI coding tools — only 29% trust the output. 45% of AI-generated apps ship an exploitable vulnerability. The fix is structural, not your fault.
The hidden cost
The features change per client. The production plumbing underneath doesn't — and it's exactly where AI-generated code is most dangerous.
Scoped roles, API keys, token rotation — the part AI generates most confidently and gets wrong most often.
Idempotency, retries, signature verification. The bug here costs a client real money.
Per-tenant data boundaries and custom domains. Where a leak becomes a breach.
Append-only trails and reviewable deploys — the parts an enterprise client's legal team asks about.
What you get
Auth, payments, audit, and tenant isolation are verified modules — composed, not re-derived. Reuse the same tested foundation across every client engagement instead of rebuilding it per project.
Every module is source-visible, version-pinned in microservices.lock.json, and ships tests. When a client's CTO or procurement asks 'what is this dependency doing,' you have a clean answer — not generated glue you can't account for.
Hours go into the custom 30% the client pays for — not the auth and payments plumbing you've built ten times. Faster delivery, same billable rate, better margin per engagement.
Export the full repo. No no-code trap, no platform you have to explain away at handover. The client owns inspectable code; you keep the reusable foundation.
How it fits the engagement
pnpm create microservices-app@latest client-booking --template booking-sveltekit Your agent scaffolds a client app from verified modules via CLI or MCP — auth, customer, booking, payments, email.
Edit config and typed hooks for the client's custom 30%. pnpm microservices check returns agent-readable failures before any deploy.
Managed Cloudflare deploy with the client's custom domain, or export the repo to the client's own account. Client workspaces keep engagements separate.
We're onboarding a small number of agencies as design partners: generate a real client booking/customer/payment app, get hands-on setup support, and tell us where it breaks. No fake testimonials — we want agencies using this on real work.