React Router v7 Supabase Stack

Convert React Router v7 project instructions (CLAUDE.md files) into working full-stack applications with Supabase authentication, Prisma ORM, and Vercel deployment support.

What This Skill Does

Helps you build and maintain React Router v7 applications using the Supabase + Vercel stack pattern from oreillyjw/supa-vercel-stack. Handles authentication flows, database operations, testing setup, and deployment configuration.

Key Features

**Authentication**: Email/password, magic links, OAuth with session management

**Database**: Supabase PostgreSQL with Prisma ORM and RLS security

**Styling**: Tailwind CSS with custom configuration

**Testing**: Vitest (unit) + Playwright (E2E)

**Deployment**: Zero-config Vercel deployment with automated migrations

**Module Organization**: Domain-driven structure in `app/modules/`

Instructions

1. Project Setup & Development

When setting up a new project or starting development:

1. **Initial Setup**:

```bash

npm run setup # Install deps, init Claude, reset DB

npm run dev # Start dev server on localhost:3000

```

2. **Use `.scratchpads/` Directory**:

- Always create planning docs in `.scratchpads/` (gitignored)

- Examples: `.scratchpads/feature-planning.md`, `.scratchpads/migration-notes.md`

- Use for: migration plans, TODOs, research, draft documentation

3. **Essential Commands**:

```bash

npm run build # Build production app

npm run validate # Run all checks: tests, lint, typecheck, e2e

npm test # Vitest unit tests (watch mode)

npm run test:e2e:dev # Playwright interactive testing

npm run typecheck # TypeScript checking

npm run format # Prettier formatting

```

2. Database Management

**Important**: Supabase SQL migrations are the source of truth. Prisma schema is auto-generated.

**Migration Workflow**:

1. **Create Migration**:

```bash

npx supabase migration new feature_name

# Edit generated file in supabase/migrations/

```

2. **Apply Migration**:

```bash

npm run db:reset # Applies migrations, regenerates Prisma, seeds DB

```

3. **Individual Commands**:

```bash

npm run db:reset:supabase # Reset Supabase DB

npm run db:reset:prisma # Pull schema and regenerate client

npm run db:seed # Seed test data

```

**Production Deployment**:

Migrations auto-deploy via GitHub Actions (`.github/workflows/deploy.yml`)

No manual `supabase db push` needed

**When to Use Supabase SDK vs Prisma**:

**Prisma (default)**: Server-side CRUD in loaders/actions (best performance)

**Supabase SDK**: Client-side operations, real-time, storage, auth-specific features

3. Authentication Implementation

**Session Management** ([app/modules/auth/session.server.ts](app/modules/auth/session.server.ts)):

```typescript

// Protect routes (default - no token verification)

const authSession = await requireAuthSession(request);

// Protect critical operations (verify with Supabase)

const authSession = await requireAuthSession(request, { verify: true });

// Refresh on POST/action requests

const { authSession } = await refreshAuthSession(request);

// Must manually commit session after refresh

```

**Key Points**:

Cookie-based sessions, 7-day expiration

Auto-refresh 10 minutes before token expiration

RLS (Row Level Security) enabled on all user tables

Dual-layer security: application + database level

**Available Auth Methods**:

Email/password

Magic link (passwordless)

Password reset flow

OAuth callback handler (`oauth.callback.tsx`)

4. Module Organization

Structure code in `app/modules/` by domain:

```

app/modules/

├── auth/

│ ├── service.server.ts # Server-side auth logic

│ ├── session.server.ts # Session management

│ ├── types.ts # Type definitions

│ └── components/ # Auth UI components

├── note/

│ ├── service.server.ts # CRUD operations

│ └── types.ts

└── user/

└── service.server.ts

```

Each module exports public API via `index.ts`. Use path alias `~/*` for imports:

```typescript

import { requireAuthSession } from "~/modules/auth";

```

5. Routing Conventions

React Router v7 file-based routing in `app/routes/`:

`_index.tsx` → Landing page

`notes.tsx` → Layout route

`notes._index.tsx` → Nested index

`notes.$noteId.tsx` → Dynamic segment

`notes.new.tsx` → Action route

`oauth.callback.tsx` → OAuth handler

6. Testing Strategy

**Unit Tests (Vitest)**:

```bash

npm test # Watch mode

npm run test:cov # With coverage

```

Config: `vitest.config.ts`

Setup: `test/unit/setup-test-env.ts`

Environment: happy-dom

**E2E Tests (Playwright)**:

```bash

npm run test:e2e:dev # Interactive UI

npm run test:e2e:run # Headless

```

Tests: `test/e2e/*.spec.ts`

Custom fixtures: `test/support/fixtures.ts`

Use `data-test-id` attribute for selectors

Requires `.env` configuration

**Test Seeded Account**:

Email: `[email protected]`

Password: `supabase`

7. Vercel Deployment

**Prerequisites**:

Node.js 22.x (Vercel requirement)

Supabase project

Vercel account

**Setup**:

1. **Recommended**: Use Supabase Integration from Vercel Marketplace

- Auto-configures all required environment variables

- No manual setup needed

2. **Manual Configuration**:

```

POSTGRES_PRISMA_URL=postgres://postgres:{PASSWORD}@db.{INSTANCE}.supabase.co:5432/postgres

SUPABASE_URL=https://{INSTANCE}.supabase.co

SUPABASE_ANON_KEY={ANON_KEY}

SUPABASE_SERVICE_ROLE_KEY={SERVICE_KEY}

SUPABASE_JWT_SECRET={JWT_SECRET}

```

Find `SUPABASE_JWT_SECRET` in: Supabase Dashboard → Project Settings → API → JWT Settings

3. **Update Supabase URLs**:

- Authentication → URL Configuration

- Add: `https://your-app.vercel.app/oauth/callback`

- Add: `https://your-app.vercel.app/reset-password`

**Deployment Flow**:

Push to `main` → production deployment

Pull requests → preview deployments

Migrations auto-deploy via GitHub Actions

8. Security Best Practices

**Never use admin client in browser context** (enforced in code)

**RLS policies** protect all user data at database level

**Dual-layer security**: Application checks + database policies

**Token refresh** happens automatically 10 minutes before expiration

**Session verification**: Use `verify: true` for critical operations

9. Local Development with Supabase

Supabase CLI runs locally on ports 54321-54329:

**Studio UI**: http://localhost:54323

**Email testing (Inbucket)**: http://localhost:54324

Local auth configured for `http://127.0.0.1:3000`

Configuration: `supabase/config.toml`

10. Styling with Tailwind

Custom config with plugins: forms, typography, scrollbar

Global styles: `app/styles/tailwind.css`

Use `tailwind-merge` for conditional classes

Common Workflows

Adding a New Feature Module

1. Create directory: `app/modules/feature-name/`

2. Add `service.server.ts` for business logic

3. Add `types.ts` for TypeScript definitions

4. Create `components/` subdirectory for UI

5. Export public API via `index.ts`

Database Schema Changes

1. Create migration: `npx supabase migration new add_feature`

2. Write SQL in `supabase/migrations/TIMESTAMP_add_feature.sql`

3. Apply: `npm run db:reset`

4. Review auto-generated Prisma schema

5. Update service layer with new queries

Adding Authentication to Route

```typescript

import { requireAuthSession } from "~/modules/auth";

export async function loader({ request }: LoaderFunctionArgs) {

const { userId } = await requireAuthSession(request);

// Your protected route logic

}

```

Important Notes

**Never manually edit** `app/database/schema.prisma` (auto-generated)

**Adjust token threshold** if JWT expiry < 3600s: modify `REFRESH_ACCESS_TOKEN_THRESHOLD` in `session.server.ts:19`

**RLS policies** defined in `supabase/migrations/20251126002639_rls.sql`

**Vercel provides** `VERCEL_URL` automatically for OAuth callbacks

**Database migrations** must run before deploying schema-dependent code

Environment Variables Reference

Required variables (see `.env.example` for full list):

`POSTGRES_PRISMA_URL` - PostgreSQL connection for Prisma

`SUPABASE_URL` - Your Supabase project URL

`SUPABASE_ANON_KEY` - Anonymous public key

`SUPABASE_SERVICE_ROLE_KEY` - Service role key (server-side only)

`SUPABASE_JWT_SECRET` - JWT secret from Supabase Dashboard

`SERVER_URL` - App URL for email callbacks (optional on Vercel)

Resources

**Supabase Clients**: `app/integrations/supabase/client.ts`

**Session Management**: `app/modules/auth/session.server.ts`

**Database Schema**: `app/database/schema.prisma` (auto-generated)

**Migrations**: `supabase/migrations/`

**i18n Config**: `app/integrations/i18n/`

**Test Fixtures**: `test/support/fixtures.ts`

React Router v7 Supabase Stack

React Router v7 Supabase Stack

What This Skill Does

Key Features

Instructions

1. Project Setup & Development

2. Database Management

3. Authentication Implementation

4. Module Organization

5. Routing Conventions

6. Testing Strategy

7. Vercel Deployment

8. Security Best Practices

9. Local Development with Supabase

10. Styling with Tailwind

Common Workflows

Adding a New Feature Module

Database Schema Changes

Adding Authentication to Route

Important Notes

Environment Variables Reference

Resources

Reviews (0)