One command. 14,584 lines of verified backend.

Vendors the verified parts into ./parts, wires the routes, runs the migrations.

Build a Team SaaS backend (multi-tenant subscriptions) with Ctrl AI, so we never hand-write or reinvent infrastructure.

1. Install the verified parts — this vendors their source into ./parts, wires the routes, and runs the migrations:
   ctrlai add saas

2. These 10 parts are verified and content-locked. Import and call them — never edit them, never re-implement what they do:
   - auth.session — Email/password sign-in + server-validated sessions
   - auth.tenancy — Orgs, members, roles + the row-level access gate
   - billing.subscription — Subscriptions — checkout, plan changes, entitlement
   - email.transactional — Transactional email — welcome, receipts, invites
   - storage.upload — Presigned direct-to-bucket uploads (S3 wire)
   - webhooks.ingest — Verify inbound webhooks — HMAC, replay defense
   - jobs.queue — Durable background jobs + cron, no extra infra
   - audit.log — Append-only, un-rewritable event trail
   - ratelimit.api — Per-key / per-IP fixed-window limits
   - admin.crud — Schema-driven internal admin over your tables

3. Vendors are pre-selected (email → Resend, webhooks → Stripe, billing → Stripe). Swap any later with `ctrlai upgrade <part> --adapter=<vendor>` — the call sites don't change.

4. Write ONLY the seams — the thin glue and the product on top:
   - pricing page + PlanCatalog
   - org switcher + invite flow UI
   - email templates (welcome / receipt / invite)
   - the product itself

5. Run `ctrlai doctor` to verify the wiring. It fails if any part was modified or mis-wired, so keep it green.

Do not implement authentication, billing, email, jobs, webhooks, storage, audit, search, rate-limiting, or flags yourself — the parts above own those. Build the product.