ai-web-apps

Use when designing or building an AI-enhanced web app (Next.js + Vercel AI SDK, MCP tools, multi-provider chat/RAG) — produces the module gate, token-ledger + budget schema, provider abstraction, and output guardrails. Specialises the integration patterns in `ai-architecture-patterns` for a web-app runtime; hand off metering depth to `ai-metering-billing` and prompt/threat depth to `ai-security` / `llm-security`.

Best use case

ai-web-apps is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Use when designing or building an AI-enhanced web app (Next.js + Vercel AI SDK, MCP tools, multi-provider chat/RAG) — produces the module gate, token-ledger + budget schema, provider abstraction, and output guardrails. Specialises the integration patterns in `ai-architecture-patterns` for a web-app runtime; hand off metering depth to `ai-metering-billing` and prompt/threat depth to `ai-security` / `llm-security`.

Teams using ai-web-apps should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/ai-web-apps/SKILL.md --create-dirs "https://raw.githubusercontent.com/peterbamuhigire/skills-web-dev/main/skills/ai/ai-web-apps/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/ai-web-apps/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How ai-web-apps Compares

Feature / Agentai-web-appsStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Use when designing or building an AI-enhanced web app (Next.js + Vercel AI SDK, MCP tools, multi-provider chat/RAG) — produces the module gate, token-ledger + budget schema, provider abstraction, and output guardrails. Specialises the integration patterns in `ai-architecture-patterns` for a web-app runtime; hand off metering depth to `ai-metering-billing` and prompt/threat depth to `ai-security` / `llm-security`.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# AI-Enhanced Web Apps
Acknowledgement: Shared by Peter Bamuhigire, techguypeter.com, +256 784 464178.

<!-- dual-compat-start -->
## Use When

- Designing or building an AI-enhanced web app on Next.js + Vercel AI SDK with streaming chat, tool calling, RAG, multi-modal input, or MCP-exposed tools.
- Wiring an AI feature into a multi-tenant SaaS and needing the module gate, token ledger, and provider abstraction for that feature.
- Reviewing an existing AI web-app route for missing budget, quota, guardrail, or fallback controls.

## Do Not Use When

- The AI feature is purely backend or batch (no interactive web surface) — use `ai-llm-integration` or `python-saas-integration` instead.
- The task is a pure UX pattern question — use `ai-ux-patterns` or `ux-for-ai`.
- The task is full metering / billing strategy — use `ai-metering-billing` or `ai-saas-billing`.
- The task is prompt or threat design — use `ai-prompt-engineering`, `ai-security`, or `llm-security`.

## Required Inputs

- Context map, access patterns, and threat model from upstream skills (see Inputs table below).
- Product scope of the AI feature: user job, authority boundary, cost ceiling.

## Workflow

- Read this `SKILL.md`, then load only the deep-dive references needed for the concrete task.
- Apply the decision tables before writing code — architecture first, implementation second.
- Produce the four formal outputs (module gate, token ledger, provider abstraction, guardrails) as named artifacts, not as scattered edits.

## Quality Standards

- Every AI feature is OFF by default and gated at tenant + user + budget.
- Every model call writes a ledger row before the response reaches the user.
- Every structured output is validated by Zod; every rendered output is Markdown-sanitised.
- `maxTokens` is set on every call; fallback is limited to transient provider errors.

## Anti-Patterns

- Fetching API keys in feature code instead of a single provider factory.
- Gating an AI feature on a single flag and calling it done — three gates (entitlement, user, budget) are required.
- Rendering model output through `dangerouslySetInnerHTML` or unsanitised Markdown.

## Outputs

- Module gate contract (feature catalog, tenant flags, kill switch) — see `references/module-gate.md`.
- Token ledger + budget schema — see `references/token-ledger-and-budgets.md`.
- Provider abstraction contract (factory, fallback, request schema) — see `references/provider-abstraction.md`.
- Output validation + guardrail rules — see `references/output-guardrails.md`.

## Evidence Produced

| Category | Artifact | Format | Example |
|----------|----------|--------|---------|
| Correctness | AI web app integration test plan | Markdown doc covering Next.js + Vercel AI SDK + MCP tool flow tests | `docs/ai/web-app-tests.md` |
| Security | AI web app security note | Markdown doc covering provider-key handling, prompt-injection defense, and per-tenant isolation | `docs/ai/web-app-security.md` |

## References

- See the `References` section below.
<!-- dual-compat-end -->

This skill specialises the generic integration patterns in `ai-architecture-patterns` for a Next.js + Vercel AI SDK runtime. It is the AI-specialist seat in the architecture: it turns a feature concept plus upstream context/threat artifacts into four concrete deliverables the rest of the stack can depend on.

## Prerequisites

Load the following before this skill, in order:

1. `world-class-engineering` — release gates and production bar.
2. `system-architecture-design` — produces the context map and critical-flow table.
3. `database-design-engineering` — produces the access-pattern list that shapes the ledger schema.
4. `vibe-security-skill` — produces the threat model; `ai-security` and `llm-security` extend it for LLMs.

## When this skill applies

- Introducing an AI-powered route, server action, or streaming UI in a Next.js web app.
- Wiring an MCP server or MCP client into an existing web app.
- Adding a new model, provider, or fallback pair to an existing AI feature.
- Bolting a token ledger, budget guard, or kill switch onto a feature that shipped without one.
- Reviewing an AI web-app PR against the house contract (see Outputs).

## Inputs

| Artifact | Produced by | Required? | Why |
|---|---|---|---|
| Context map | `system-architecture-design` | required | names the module boundary the AI feature sits inside |
| Critical-flow table | `system-architecture-design` | required | sets latency + availability budget for the feature |
| Access-pattern list | `database-design-engineering` | required | shapes the ledger, quota, and corpus-retrieval queries |
| Threat model | `vibe-security-skill` / `ai-security` / `llm-security` | required | informs prompt-injection, PII, and abuse controls |
| Auth/authz matrix | `vibe-security-skill` | required | drives the role check inside the module gate |
| SLO set | `observability-monitoring` | optional | calibrates fallback thresholds and kill-switch triggers |
| Pricing / plan catalog | `saas-subscription-mastery` / `subscription-billing` | optional | determines `min_plan_tier` in the feature catalog |

## Outputs

| Artifact | Consumed by | Template |
|---|---|---|
| Module gate contract | `ai-saas-billing`, platform admin UI, feature routes | `references/module-gate.md` |
| Token ledger + budget schema | `ai-metering-billing`, `observability-monitoring`, finance reporting | `references/token-ledger-and-budgets.md` |
| Provider abstraction contract | every AI route, `ai-feature-spec`, `ai-evaluation` | `references/provider-abstraction.md` |
| Output validation + guardrail rules | every AI route, `ai-evaluation`, `ai-security` | `references/output-guardrails.md` |
| Streaming + UI implementation notes | frontend integrators | `references/streaming-and-ui-patterns.md` |
| MCP server/client contract | internal tool owners, `ai-agents-tools` | `references/mcp-integration.md` |

Each of the four formal outputs has a template; other outputs are implementation references.

## Non-negotiables

- AI features ship **OFF**. Enablement is an explicit tenant admin action recorded in audit.
- Every model call writes a ledger row with tenant, user, request, provider, model, tokens, cost, latency, status.
- Every call sets `maxTokens`; cost estimation uses `maxTokens`, not an optimistic expected completion.
- Tool outputs are validated before they influence writes, prompts, or UI.
- Model fallback fires only on transient provider errors (429, 5xx). Never on 4xx input errors.
- Rendered output goes through a Markdown sanitiser; `dangerouslySetInnerHTML` is banned.
- Secrets never reach the browser; `NEXT_PUBLIC_*` for an AI key is a release blocker.

## Decision rules

### When to expose a tool via MCP vs inline `tools:`

```text
Single app, single model, <5 tools             -> inline tools in streamText
Reused across apps or across models             -> MCP server (stdio transport)
Tools require out-of-process credentials        -> MCP server, separate service account
Latency budget <150 ms per tool call            -> inline; MCP handshake adds overhead
```

Wrong choice cost: inline-when-should-be-MCP means every app duplicates the tool surface; MCP-when-should-be-inline pays handshake latency for no composition benefit.

### Provider / model selection (short form)

| Need | First choice | Fallback | Why not the other way |
|---|---|---|---|
| Latency-critical chat, short replies | Gemini Flash | GPT-3.5 | frontier model burns budget on a task that does not need it |
| High-quality reasoning, long tool chains | Codex Sonnet | GPT-4o | flash model hallucinates multi-step chains |
| Cheapest structured extraction | Gemini Flash | GPT-3.5 | frontier cost is a 10–30x multiplier with no quality gain |
| Strict schema adherence (`generateObject`) | GPT-4o | Codex Sonnet (tool-call) | flash models drift from the schema under pressure |
| Residency / on-prem constraint | regional deployment | fail closed | cross-region fallback is a compliance breach |

Full selection table: `references/provider-abstraction.md`.

### Three-gate evaluation order

```text
1. Module gate   (entitlement + enablement + role + consent)
2. Quota gate    (Redis counter, per user per feature per day)
3. Budget guard  (ledger sum + estimated cost vs tenant cap)
4. Execute call  (factory -> model with maxTokens)
5. Ledger write  (onFinish, real tokens + real cost)
6. Guardrails    (structural -> semantic -> render)
```

Skip step 1: free tenants consume paid features. Skip step 2: one user drains tenant cap. Skip step 3: fallback to cheaper model masks runaway spend. Skip step 5: cost attribution breaks; billing disputes become unresolvable. Skip step 6: XSS or bad-data writes reach production.

### Sync route vs queued job

| Signal | Route (streaming) | Queue (background) |
|---|---|---|
| p95 total work | <25 s | >25 s |
| User must see partial output as it arrives | yes | no |
| Multi-step tool chain with web fetches | mixed | queue |
| Result is persisted regardless of UI | optional | queue |
| Retry on failure must be automatic | hard in route | natural in queue |

Wrong choice: running a 90-second multi-tool task in a route blows the 30 s Vercel function cap; running a fast chat through a queue destroys the streaming UX users expect.

### Structural vs semantic vs render guardrail

```text
Zod schema missing          -> silent data corruption downstream
Business rule check missing -> valid-looking nonsense reaches users / DB
Markdown sanitiser missing  -> XSS via model output
```

All three run; skipping any layer imports that layer's failure mode.

## Architecture

```text
User (React UI)
  |
  v  Server Actions / HTTP
Next.js App Router (middleware: CORS, IP rate limit, auth)
  |
  v
Module Gate  ->  Quota Gate  ->  Budget Guard
  |
  v  Provider Factory (allow-listed)
Vercel AI SDK  ----------------------->  OpenAI / Gemini / Anthropic
  |                                       ^
  v                                       |  ai-fallback on 429/5xx
MCP Client (optional)  ---------------->  MCP Server(s) -> internal APIs + vector stores
  |
  v  Guardrails (structural, semantic, render)
Ledger Write (onFinish)  ->  Streaming response back to client
```

The four dashed boxes in this diagram correspond to the four formal outputs. Everything else is glue.

## Core workflow

### 1. Define the AI interaction contract

Write these down before touching code:

- User job to be done and success signal.
- Input shape + size limits + validation (Zod schema).
- Output shape + fallback shape when the model fails (Zod schema).
- Allowed tools, authority boundary per tool, and whether tool results can trigger writes.
- Latency budget (p50, p95) and cost budget per request + per user per day.
- Consent requirement (e.g. data leaving tenant boundary).

This is the `ai-feature-spec` deliverable. This skill consumes it.

### 2. Declare the three gates

Implement the module gate (`references/module-gate.md`) and the quota + budget pair (`references/token-ledger-and-budgets.md`) **before** writing the route. The route wires them together; it does not invent them.

Order in the route:

```text
moduleGate -> quotaGate -> budgetGuard -> factory -> streamText -> guardrails -> ledgerWrite
```

### 3. Centralise the provider

All model access goes through the factory in `references/provider-abstraction.md`. Feature code never imports a provider SDK directly. This is how:

- Cost attribution stays correct (factory is the single place that knows which model is live).
- Fallback stays policy-driven, not ad hoc per route.
- Swapping a provider is a one-file change.

### 4. Stream safely

Streaming gives a great UX and a fragile validation point. Rules:

- Stream raw text to the UI for responsiveness.
- Do not persist or trigger side effects until `onFinish` has validated the final object.
- Validate each tool call's parameters before executing the tool, never after.
- Write the ledger row in `onFinish` with real usage; never use the estimate as the billed amount.

Implementation: `references/streaming-and-ui-patterns.md`.

### 5. Enforce guardrails in three layers

Structural (Zod on `generateObject` and tools), semantic (business rules, PII scrub, confidence thresholds), render (Markdown-only with a sanitiser). Full rules in `references/output-guardrails.md`.

### 6. Observability

Every call logs a single `request_id` that joins the prompt trace, tool calls, and the ledger row. Metrics at minimum:

- `ai.requests_total{feature, model, status}`
- `ai.tokens_total{feature, model, kind=prompt|completion}`
- `ai.cost_micros_total{tenant, feature}`
- `ai.guard_failures_total{guard, feature}`
- `ai.fallback_triggered_total{from_model, to_model}`

Alert on sustained fallback (>5% for 5 min), sustained guard failures (>1% for 10 min), and any tenant crossing 80% of monthly cap.

### 7. Setup

```bash
npm install ai @ai-sdk/openai @ai-sdk/google @ai-sdk/anthropic ai-fallback zod
npm install @modelcontextprotocol/sdk     # if exposing or consuming MCP tools
npm install lru-cache                     # only for dev / single-instance rate limit
```

Production rate limits are Redis-backed (e.g. Upstash); the LRU snippet in `references/streaming-and-ui-patterns.md` is a dev fallback.

## Anti-patterns

- **Reading `OPENAI_API_KEY` directly in a route handler.** Fix: all keys resolve inside `lib/ai/factory.ts`; feature code calls `getSupportedModel(provider, model)` only. A missing key becomes a typed error, not a runtime 500.
- **Shipping an AI feature with a single feature flag.** Fix: three independent gates — `tenant_ai_features.enabled`, `roleMayUseFeature`, `checkBudget`. All three must pass; any one is sufficient to block.
- **Estimating billing cost from the actual completion.** Fix: estimate with `maxTokens` pre-call for the budget guard; record the real usage in the ledger `onFinish`. Estimating with expected completion lets runaway responses blow through the cap.
- **`toDataStreamResponse()` without `maxTokens` on `streamText`.** Fix: `maxTokens` is always set; the budget guard uses the same value. Otherwise a jailbroken prompt can produce a 10 000-token reply on your dime.
- **Rendering AI Markdown with `dangerouslySetInnerHTML` for "formatting".** Fix: render through `react-markdown` + `rehype-sanitize`, disable raw HTML, allow-list link protocols. Direct HTML injection is a live XSS vector.
- **Falling back to a cheaper model on any error.** Fix: fallback only fires on transient provider errors (429, 5xx). A 400 from input validation must surface to the user so they can fix the request; masking it wastes money and hides bugs.
- **Tool result used directly to authorise a write.** Fix: model-driven flows propose; user-driven events dispose. A tool that "sends payment" surfaces a confirmation UI, and the write is triggered by the user clicking confirm, not by the model returning `status: "confirmed"`.
- **MCP client opened per request and never closed.** Fix: close in `onFinish` and on request abort; cache the tool list per worker. Otherwise stdio subprocesses accumulate and the worker OOMs.
- **Quota key using server-local date.** Fix: use the UTC day (`toISOString().slice(0, 10)`). Local-date keys cause midnight races for users in other timezones and let them double their quota on travel days.
- **Prompt includes raw tool output from an untrusted source.** Fix: tag fetched content as `untrusted` in the system prompt, strip to text-only, and never let untrusted content trigger privileged tools in the same turn. See `llm-security` for the trust-tiering pattern.

## Read next

- `skill-composition-standards` — the house style and contract gates this skill implements.
- `ai-architecture-patterns` — the generic integration patterns this skill specialises.
- `ai-security` — prompt-injection defence, PII handling, abuse controls.
- `ai-evaluation` — offline evals, regression tests, AI-as-judge for quality gates.
- `ai-metering-billing` — depth on ledger-to-invoice, unit economics, rev-share models.
- `llm-security` — OWASP Top 10 for LLMs, trust-tiering, instruction hierarchy.
- `ai-feature-spec` — how to write the feature contract this skill consumes.
- `ai-ux-patterns` — streaming UX, confidence indicators, progressive disclosure.
- `nextjs-app-router` — server/client components, middleware, RBAC three-tier.

## References

- `references/module-gate.md` — feature catalog, tenant flags, kill switch, audit, rollout choreography.
- `references/token-ledger-and-budgets.md` — ledger schema, budget guard, quota gate, cost estimation, join queries.
- `references/provider-abstraction.md` — factory, request schema, model selection table, fallback policy.
- `references/output-guardrails.md` — three-layer guardrails, tool-result validation, streaming validation, prompt-injection hooks.
- `references/streaming-and-ui-patterns.md` — streaming route, `useChat`, `streamUI` generators, multi-modal, middleware pipeline, light rate limits.
- `references/mcp-integration.md` — MCP server + client, authority tiers, lifecycle, observability.

*Source base: Despoudis, T. — Build AI-Enhanced Web Apps (Packt, 2024), adapted to the repository contract model.*

Related Skills

web-app-security-audit

8
from peterbamuhigire/skills-web-dev

Use when auditing a PHP/JavaScript/HTML web application for security vulnerabilities. Covers configuration, authentication, authorization, input validation, XSS, API security, HTTP headers, and dependency scanning. Produces a severity-rated audit...

vibe-security-skill

8
from peterbamuhigire/skills-web-dev

Use when designing or reviewing security for a web application, API, or multi-tenant SaaS — produces threat model, abuse case list, auth/authz matrix, and secret handling plan; covers OWASP Top 10 2025 and the AI-code-generation blind spots. Neighbours — api-design-first owns auth model fields, deployment-release-engineering owns secret rotation choreography, ai-security and llm-security own model-specific threats.

network-security

8
from peterbamuhigire/skills-web-dev

Use when designing, hardening, or auditing network-layer security for self-managed Debian/Ubuntu SaaS infrastructure — firewalls (nftables/UFW), WAF (ModSecurity + OWASP CRS), VPN (WireGuard, OpenVPN, IPsec), TLS/PKI ops, IDS/IPS (Suricata, Fail2ban), zero-trust, SSH hardening, DDoS mitigation, DNS security. Complements web-app-security-audit (app layer) and cicd-devsecops (secrets/CI).

linux-security-hardening

8
from peterbamuhigire/skills-web-dev

Use when hardening a Debian/Ubuntu server — user/group/sudo hardening, file permission audits, PAM password policy + MFA, AppArmor mandatory access control, auditd system call logging, kernel sysctl hardening, file integrity monitoring (AIDE), rootkit detection (rkhunter/chkrootkit), unattended security patching, GRUB + UEFI + LUKS boot security, and CIS benchmark compliance.

dpia-generator

8
from peterbamuhigire/skills-web-dev

Generate a Data Protection Impact Assessment (DPIA), Uganda DPPA 2019-compliant. Use when producing or reviewing a data protection impact assessment, a privacy impact assessment, when uganda-dppa-compliance flags [DPIA-REQUIRED], or when processing large-scale or sensitive personal data for a new feature.

code-safety-scanner

8
from peterbamuhigire/skills-web-dev

Scan any codebase for 14 critical safety issues across security vulnerabilities, server stability (500 errors), and payment misconfigurations. Use when auditing code before deployment, reviewing AI-generated code for production readiness, or...

world-class-engineering

8
from peterbamuhigire/skills-web-dev

Use when designing, building, reviewing, or upgrading production software systems that must be secure, performant, maintainable, scalable, and user-centered. Apply before writing specs, code, architecture, APIs, databases, mobile apps, SaaS platforms, or ERP systems.

update-Codex-documentation

8
from peterbamuhigire/skills-web-dev

Update project documentation files (README.md, PROJECT_BRIEF.md, TECH_STACK.md, ARCHITECTURE.md, docs/API.md, docs/DATABASE.md, AGENTS.md, docs/plans/NEXT_FEATURES.md) when significant changes occur. MANDATORY at end of each work session to...

skill-writing

8
from peterbamuhigire/skills-web-dev

Use when creating or upgrading skills in this repository. Covers repository-specific frontmatter rules, progressive disclosure, reference-file strategy, validation, and the quality bar required for production-grade engineering skills.

skill-safety-audit

8
from peterbamuhigire/skills-web-dev

Scan new or updated skills for unsafe or malicious instructions (unknown tools, external installers, credential harvesting) before accepting them into the repository.

skill-composition-standards

8
from peterbamuhigire/skills-web-dev

Use when authoring a new skill, normalising an older skill, or reviewing a skill PR — defines the repository-wide house style (frontmatter, decision rules, anti-patterns, references), the output contracts each baseline-skill type must produce, and the input contracts each specialist skill must declare. This is the enforcement spine that makes the repository compose as a system, not a library of linked documents.

sdlc-documentation

8
from peterbamuhigire/skills-web-dev

Use when producing, reviewing, or consolidating SDLC documentation across planning, requirements, design, testing, deployment, user rollout, post-deployment, and maintenance phases. Load absorbed SDLC phase references as needed.