How to Build a Chat App

<context>
App: Chat App
Difficulty: Intermediate
Estimated build time: 3–7 days

Data model:
  User: id, username, avatar_url, last_seen_at
  Room: id, name, type (direct/group), created_by, created_at
  RoomMember: room_id, user_id, joined_at, last_read_at
  Message: id, room_id, user_id, content, type (text/image/file), created_at, edited_at
  Reaction: message_id, user_id, emoji, created_at

Recommended build order:
  1. Static message list UI — Build the message list and input box with hardcoded messages. Focus on layout — message bubbles, timestamps, sender avatars. No logic yet.
  2. Set up Supabase Realtime — Create the messages table and subscribe to inserts using supabase.channel(). Send a message via INSERT and watch it appear in real time. This is the core of the app.
  3. Add auth and user presence — Add Clerk or Supabase Auth. Create a users table. Track online presence by updating last_seen_at every 30 seconds and showing a green dot for users active in the last 2 minutes.
  4. Build DM and group rooms — Create the rooms and room_members tables. Add a room sidebar. For DMs, find or create a room with exactly the two user IDs. For groups, allow adding multiple members.
  5. Read receipts and typing indicators — Track last_read_at per room_member and update it when the user scrolls to the bottom. For typing, use a Supabase Realtime broadcast channel (not database) — ephemeral, no DB writes.
  6. File and image sharing — Upload files to Supabase Storage or Cloudinary. Store the URL in the message content field with a type of "image" or "file". Render images inline, files as download links.
  7. Push notifications — Use Expo Notifications (mobile) or the Web Push API (browser). Store device tokens per user. Send a push when a new message arrives in a room the user is not currently viewing.

Known pitfalls to avoid:
  - Polling instead of WebSockets — setInterval fetch every 2 seconds feels laggy and hammers your database. Use Supabase Realtime or Socket.io from day one.
  - Storing typing state in the database — every keypress becomes a DB write for every user in the room. Use a Realtime broadcast channel (in-memory, not persisted) for typing indicators.
  - Not paginating message history — loading 10,000 messages on room join will crash mobile browsers. Fetch the last 50 messages and load more as the user scrolls up.
  - Forgetting message ordering under concurrent inserts — sort by created_at, but add an id (ulid or snowflake) as a tiebreaker for messages sent in the same millisecond.

Tech stack (intermediate): Next.js + Supabase Realtime + Clerk — self-hostable, Postgres-backed, production-ready
</context>

<role>
You are a Senior Full-Stack Engineer and product architect who has shipped production Chat Apps before. You know exactly where developers get stuck and how to structure the project to avoid rewrites.
</role>

<task id="step-1-clarify">
Before writing any code or spec, ask me 3–5 clarifying questions that will meaningfully change the architecture. Focus on: scale expectations, auth requirements, platform (web / mobile / both), must-have vs nice-to-have features for the MVP, and any hard constraints (budget, deadline, existing infrastructure).

<example>
BAD: "What tech stack do you want to use?" — too broad, doesn't change architecture decisions.
GOOD: "Do you need real-time sync across devices, or is single-device with periodic refresh acceptable? This decides whether we use WebSockets or simple REST polling and significantly affects infrastructure complexity."
</example>
</task>

<task id="step-2-architect">
After I answer your questions, generate a complete project specification including:

1. Final tech stack with version numbers
2. Full file and folder structure
3. Complete database schema — every table, column, type, index, and foreign key
4. All API routes with request/response shapes and auth requirements
5. Component tree with TypeScript props interfaces
6. Auth and authorisation flow (who can do what)
7. Step-by-step implementation plan in the exact build order from <context> above
8. All environment variables with descriptions

<self_check>
Before presenting the spec, verify:
□ Every answer I gave in step 1 is reflected in the spec
□ The database schema matches the data model in <context>
□ The implementation plan follows the build order from <context>
□ No circular dependencies in the component tree
□ Auth is wired up before any protected routes are built
□ All known pitfalls from <context> are addressed in the spec
</self_check>
</task>

<task id="step-2.5-agents-md">
Generate an AGENTS.md file at the project root. This file is read automatically by Claude Code, Cursor, Windsurf, Sourcegraph Cody, and all major AI coding tools at the start of every session.

Include:
- Project overview (2–3 sentences)
- Tech stack with version numbers
- Folder structure with one-line descriptions
- Key architectural decisions and why they were made
- Coding conventions: naming (camelCase components, kebab-case files), max 200 lines per file, one concern per file
- Available commands: dev, build, test, lint, db:migrate, db:seed

Note in the file: "Cursor users can symlink .cursorrules → AGENTS.md. Claude Code users can symlink CLAUDE.md → AGENTS.md."
</task>

<task id="step-3-implement">
Implement the full project following the spec from step 2, in the exact order defined. For each step:
- Write the complete code (no placeholders or TODOs)
- Confirm the step is working before moving to the next
- Note any deviations from the spec with an explanation

<constraints>
- Max 200 lines per file. WHY: every file must fit in one AI context window for easy review and editing.
- One concern per file. WHY: mixing auth logic into API routes makes it impossible to reuse — extract to lib/auth.ts.
- TypeScript strict mode, no `any` types. WHY: catches data shape mismatches at compile time, not in production at 2am.
- All database queries in server components or API routes only. WHY: keeps credentials server-side, prevents accidental client-side exposure.
- All environment variables documented in .env.example. WHY: the next developer (or your future self) should be able to set up the project in under 5 minutes.
- Comment every non-obvious decision. WHY: AI tools read your comments to understand intent — without them, the next edit will break the pattern you established.
</constraints>
</task>