most people will visit your app on their phone. responsive design means your layout, fonts, and spacing adapt to any screen size — phone, tablet, laptop, ultrawide monitor. CSS media queries and flexible layouts (like flexbox and grid) are how this works under the hood, but the AI can handle all of it for you.

make my app fully responsive and look great on mobile, tablet, and desktop

the favicon is the little icon in the browser tab. the page title shows up in search results, browser tabs, and when someone shares your link. the meta description is the short blurb that appears under your title in Google. small details that make your app feel real instead of a homework project.

add a favicon and update the page title and meta description

accessibility (a11y) means making your app usable for everyone — including people who use screen readers, navigate with a keyboard, or have low vision. this includes things like alt text on images, proper heading structure, sufficient color contrast, keyboard-focusable buttons, and ARIA labels. it's not just the right thing to do — it's also required by law in many places.

audit my app for accessibility issues and fix them — check color contrast, add alt text, make sure everything is keyboard navigable

dark mode isn't just aesthetic — it reduces eye strain and saves battery on OLED screens. the standard approach is to use CSS custom properties (variables) for your colors and swap them based on a class or the user's system preference using prefers-color-scheme. you can also add a toggle button so users can switch manually.

add dark mode support with a toggle button — use CSS variables and respect the user's system preference

SEO (search engine optimization) helps your app show up in Google. Open Graph tags control how your link looks when shared on Twitter, Discord, iMessage, etc. without them, shared links show a blank preview with no image or description. you want a title, description, and preview image at minimum.

add SEO meta tags and Open Graph tags so my app looks good when shared on social media and shows up in Google

analytics tells you how many people visit your app, where they come from, what pages they view, and how long they stay. Google Analytics is the most popular option. Plausible and Umami are privacy-friendly alternatives that don't use cookies and are GDPR-compliant out of the box. you add a small script tag to your app and data starts flowing to a dashboard.

add Google Analytics to my app

right now your app lives at something like my-app.vercel.app. a custom domain like myapp.com makes it feel legit. you buy a domain from a registrar (Namecheap, Cloudflare, or Google Domains are popular), then update the DNS records to point to your hosting provider. Vercel and Netlify both have guides that walk you through it — it takes about 10 minutes.

help me connect my custom domain to my deployed app

API keys, database URLs, secret tokens — these should never be hardcoded in your source code or pushed to GitHub. locally, you store them in a .env file (which you add to .gitignore so it never gets committed). for production, your hosting provider (Vercel, Netlify, etc.) has a dashboard where you add them as environment variables. your code reads them the same way in both places.

help me set up environment variables for my API keys and make sure they're not exposed in my code

CI/CD means your app automatically builds, tests, and deploys every time you push code to GitHub. if you deployed to Vercel, you already have this — every push to your main branch triggers a new deployment. you can go further with GitHub Actions to run tests, check for lint errors, or do anything else automatically before your code goes live. this catches bugs before your users see them.

set up a GitHub Actions workflow that runs my tests and linter on every push

a staging environment is a copy of your production app where you can test changes before they go live. Vercel automatically creates preview deployments for every pull request — you get a unique URL to test your changes without affecting your real users. this is how professional teams work: develop on a branch, preview the changes, then merge to main when you're confident.

help me set up a staging environment and preview deployments for my app

right now your app can't remember anything — refresh the page and everything resets. a database lets you store user data, content, form submissions, or anything that needs to persist. Supabase gives you a full Postgres database with a generous free tier and works great with AI tools. Firebase and PlanetScale are other popular options. you connect to it using a URL stored in your environment variables.

add a Supabase database to my app to store [what you need]

authentication lets people create accounts, log in, and have their own personalized experience. Supabase Auth, NextAuth (now Auth.js), and Clerk are popular options that handle the hard parts — password hashing, session management, OAuth (sign in with Google/GitHub), email verification, and password resets. never try to build auth from scratch.

add user authentication so people can sign up and log in — use Supabase Auth or NextAuth

if your app needs to handle images, documents, or any file uploads, you need somewhere to store them. you can't just save files to your server — it gets wiped on every deploy. cloud storage services like Supabase Storage, AWS S3, or Cloudflare R2 give you a permanent place to store files with URLs you can use in your app. most have generous free tiers.

add file upload support to my app using Supabase Storage

if you want to charge money — subscriptions, one-time purchases, donations — Stripe is the industry standard. you create products and prices in the Stripe dashboard, then use their SDK to add a checkout flow. Stripe handles all the hard stuff: credit card processing, tax calculation, receipts, refunds, and PCI compliance. you never touch raw credit card numbers.

add Stripe payments to my app so users can pay for [your product or service]

transactional emails are messages triggered by user actions — welcome emails, password resets, order confirmations. Resend and SendGrid are popular services for sending these programmatically. for push notifications (the popups on your phone), you'd use the Web Push API or a service like OneSignal. start with email — it's simpler and more universally useful.

add transactional email to my app using Resend — send a welcome email when someone signs up

things break — APIs go down, networks fail, users do unexpected things. without error handling, your app shows a blank white screen. add loading spinners while data is being fetched, error boundaries to catch crashes, and fallback UI that shows a helpful message instead of nothing. your users should always know what's happening.

add error handling and loading states to my app — add error boundaries, loading spinners, and fallback UI

error handling shows your users a nice message. error tracking tells you what went wrong. Sentry is the most popular tool — it captures every error in production, shows you the stack trace, which user hit it, and what they were doing. you can also set up uptime monitoring with services like UptimeRobot or BetterStack to get alerted if your app goes down.

add Sentry error tracking to my app so I get notified when errors happen in production

tests are code that checks if your other code works correctly. unit tests check individual functions. integration tests check that pieces work together. end-to-end (e2e) tests simulate a real user clicking through your app in a browser. popular tools: Vitest or Jest for unit/integration tests, Playwright or Cypress for e2e. you don't need 100% coverage — start by testing the parts that would be most painful if they broke.

add tests to my app — set up Vitest for unit tests and write tests for my most important features

if you have a database, you need backups. databases can get corrupted, accidentally deleted, or hit by bad migrations. most managed database providers (Supabase, PlanetScale, etc.) include automatic daily backups on their paid plans. for free tiers, you can set up a cron job (scheduled task) that exports your data regularly. also back up any files in cloud storage.

help me set up automated database backups for my Supabase project

HTTPS encrypts traffic between your users and your app — it's automatic with Vercel and GitHub Pages. beyond that: validate and sanitize all user input (never trust it), don't expose API keys or secrets in your frontend code, use parameterized queries to prevent SQL injection, set HTTP security headers (Content-Security-Policy, X-Frame-Options), and escape user-generated content to prevent XSS (cross-site scripting) attacks.

review my app for security vulnerabilities and fix them — check for XSS, SQL injection, exposed secrets, and missing security headers

rate limiting prevents someone from hammering your API with thousands of requests (intentionally or by accident). without it, one bad actor can rack up your database or API costs, or take your app down. you set a limit like “100 requests per minute per IP” and return a 429 (Too Many Requests) error after that. libraries like upstash/ratelimit make this easy.

add rate limiting to my API routes to prevent abuse

fast apps keep users around — slow ones lose them. the biggest wins: optimize and compress images (use WebP or AVIF format, serve the right size for each screen), lazy load content below the fold (don't load what the user can't see yet), minimize your JavaScript bundle (code splitting, tree shaking), and use a CDN to serve assets from servers close to your users. Next.js handles a lot of this automatically, but there's always room to improve.

optimize my app for performance — compress images, add lazy loading, minimize bundle size, and improve load time

caching means storing a copy of something so you don't have to fetch it again. browser caching stores assets locally so repeat visits are instant. server-side caching stores database query results so you don't hit the database on every request. CDN caching stores your pages on edge servers around the world so they load fast everywhere. proper cache headers can cut your load times dramatically.

add caching to my app — set up proper cache headers and server-side caching for my API routes

Core Web Vitals are Google's metrics for measuring user experience — how fast your page loads (LCP), how quickly it becomes interactive (INP), and whether the layout shifts around while loading (CLS). they directly affect your Google search ranking. run Lighthouse in Chrome DevTools (right-click → Inspect → Lighthouse tab) to see your scores and get specific recommendations.

analyze my app's Core Web Vitals and Lighthouse score and fix any issues

a PWA makes your web app installable — users can add it to their home screen and it works offline, just like a native app. you need a service worker (handles offline caching) and a web app manifest (tells the browser your app's name, icon, and theme color). not every app needs this, but if you want that “app-like” experience without publishing to an app store, this is how.

convert my app into a Progressive Web App with offline support and an install prompt

if you want your app to work in multiple languages, you need internationalization. instead of hardcoding text like “Sign Up”, you use translation keys that map to different languages. libraries like next-intl or react-i18next handle the plumbing. you also need to consider right-to-left (RTL) layouts for languages like Arabic and Hebrew, and locale-specific formatting for dates, numbers, and currencies.

add internationalization to my app so it supports multiple languages

if your app has API routes (endpoints that return data), documenting them makes your life easier and is essential if anyone else will use your API. RESTful conventions (GET for reading, POST for creating, PUT for updating, DELETE for deleting) keep things consistent. tools like Swagger/OpenAPI let you generate interactive documentation automatically. even if it's just for you, well-structured APIs are easier to debug and extend.

add API documentation to my app using Swagger/OpenAPI

if your app collects any user data (including analytics, email addresses, or cookies), you legally need a privacy policy. if users create accounts, you should have terms of service too. if you use cookies or tracking (and your users are in Europe), GDPR requires a cookie consent banner. you can use generators to create these documents, but read through them and customize them to match what your app actually does.

add a privacy policy page, terms of service page, and cookie consent banner to my app

you don't need all 28 steps checked off to launch. most successful apps launched with way less. pick the steps that matter for your app, get them done, and put it out there. share it on Twitter, post it on Reddit, submit it to Product Hunt, text it to your friends. the hardest part is already done — you built it.

no prompt needed — just do it.