By name: insforge description: >- Use this skill when writing app code with InsForge or @insforge/sdk: database CRUD, auth, storage uploads/storage RLS, functions, OpenRouter AI, realtime, emails, Stripe or Razorpay payments, or pointing S3-compatible tooling (aws CLI, AWS SDKs, rclone, Terraform, boto3) at InsForge Storage. Trigger on requests like add auth, fetch data, upload files, make a bucket public, add checkout, sell subscriptions, or send email. For infrastructure, SQL migrations, CLI commands, or payment provider setup, use insforge-cli instead. license: MIT metadata: author: insforge version: "1.4.0" organization: InsForge date: June 2026
InsForge App Integration Skill
This skill covers client-side SDK integration using @insforge/sdk. For backend infrastructure operations (creating tables, inspecting schema, deploying functions, secrets, managing storage buckets, configuring payment provider keys/catalog, website deployments, cron job and schedules, logs, etc.), use the insforge-cli skill.
Quick Setup
1. Install the SDK
npm install @insforge/sdk@latest
2. Set up environment variables
Before using the SDK, create a .env file (or .env.local for Next.js) in your project root with your InsForge URL and anon key.
How to get your URL and anon key
Ensure the project is linked. Check for
.insforge/project.jsonin the project root.- Generate it with
npx @insforge/cli linkfor an existing project ornpx @insforge/cli createfor a new project.
- Generate it with
Get the anon key via the CLI:
npx @insforge/cli secrets get ANON_KEYGet the URL from the
oss_hostfield in.insforge/project.json(e.g.,https://myapp.us-east.insforge.app).Write both values to the
.envfile using the correct framework prefix (see table below).
Important: Use the anon key for user-scoped SDK clients, including SSR. For privileged server-only app code that needs admin/service access, use
createAdminClient({ apiKey }); the API key is a full-access admin key, equivalent to a service role key on other platforms.
Use the correct environment variable prefix and access pattern for your framework:
| Framework | .env file |
Variables | Access Pattern |
|---|---|---|---|
| Next.js | .env.local |
NEXT_PUBLIC_INSFORGE_URL, NEXT_PUBLIC_INSFORGE_ANON_KEY |
process.env.NEXT_PUBLIC_* |
| Vite (React, Vue, Svelte) | .env |
VITE_INSFORGE_URL, VITE_INSFORGE_ANON_KEY |
import.meta.env.VITE_* |
| Astro | .env |
PUBLIC_INSFORGE_URL, PUBLIC_INSFORGE_ANON_KEY |
import.meta.env.PUBLIC_* |
| SvelteKit | .env |
PUBLIC_INSFORGE_URL, PUBLIC_INSFORGE_ANON_KEY |
import { env } from '$env/dynamic/public' |
| Create React App | .env |
REACT_APP_INSFORGE_URL, REACT_APP_INSFORGE_ANON_KEY |
process.env.REACT_APP_* |
| Node.js / Server | .env |
INSFORGE_URL, INSFORGE_ANON_KEY |
process.env.* |
Example .env.local for Next.js:
NEXT_PUBLIC_INSFORGE_URL=https://your-appkey.us-east.insforge.app
NEXT_PUBLIC_INSFORGE_ANON_KEY=eyJhbGciOiJIUzI1NiIs...
Important: Keep
.envfiles local. Add.env,.env.local, and.env*.localto your.gitignoreand keep.env.examplefor documenting required variables.
3. Initialize the client
Next.js:
import { createClient } from '@insforge/sdk'
const insforge = createClient({
baseUrl: process.env.NEXT_PUBLIC_INSFORGE_URL,
anonKey: process.env.NEXT_PUBLIC_INSFORGE_ANON_KEY
})
Vite:
import { createClient } from '@insforge/sdk'
const insforge = createClient({
baseUrl: import.meta.env.VITE_INSFORGE_URL,
anonKey: import.meta.env.VITE_INSFORGE_ANON_KEY
})
Astro:
import { createClient } from '@insforge/sdk'
const insforge = createClient({
baseUrl: import.meta.env.PUBLIC_INSFORGE_URL,
anonKey: import.meta.env.PUBLIC_INSFORGE_ANON_KEY
})
For trusted server-only code that needs project-admin access:
import { createAdminClient } from "@insforge/sdk";
const admin = createAdminClient({
baseUrl: process.env.INSFORGE_URL,
apiKey: process.env.INSFORGE_API_KEY,
});
Module Reference
| Module | Integration Guide |
|---|---|
| Database | database/sdk-integration.md |
| Auth | auth/sdk-integration.md |
| Storage | storage/sdk-integration.md |
| Functions | functions/sdk-integration.md |
| AI | ai/overview.md |
| Real-time | realtime/sdk-integration.md |
| email/sdk-integration.md | |
| Payments: Stripe | payments/stripe.md |
| Payments: Razorpay | payments/razorpay.md |
What Each Module Covers
| Module | Content |
|---|---|
| Database | CRUD operations, filters, pagination, RPC calls |
| Auth | Sign up/in, OAuth, sessions, profiles, password reset |
| Storage | Upload, download, delete files; S3-compatible gateway for CI / backup tooling; write RLS policies for buckets |
| Functions | Invoke edge functions |
| AI | OpenRouter AI calls for chat, images, video, audio, embeddings, and model discovery |
| Send custom transactional HTML emails (welcome, newsletter, notifications) | |
| Payments: Stripe | Stripe Checkout Sessions, subscriptions, and Billing Portal redirects |
| Payments: Razorpay | Razorpay Orders, Subscriptions, Checkout.js, and subscription management |
| Real-time | Connect, subscribe, publish events, and track presence snapshots plus join/leave deltas |
Guides
| Guide | When to Use |
|---|---|
| ../insforge-cli/references/database/access-control.md | Backend setup for application-table access control — covers RLS, infinite recursion prevention, SECURITY DEFINER patterns, performance tips, and common InsForge patterns |
| storage/s3-gateway.md | Fallback path when the consumer is existing S3 tooling (aws CLI, AWS SDKs, rclone, Terraform, boto3) and adopting @insforge/sdk is impractical — covers endpoint/region setup, access-key management, path-style addressing, and supported vs. not-supported S3 operations. Requires InsForge 2.0.9+. Prefer the SDK (storage/sdk-integration.md) for app code |
| storage/postgres-rls.md | Writing RLS policies for storage.objects — owner-only, public-read, path-scoped, team-shared, and the NULL uploaded_by caveat for mixed REST + S3 buckets |
| ../insforge-cli/references/database/vector.md | Backend setup for semantic search, recommendations, or RAG — covers the vector extension, schema/dimensions, distance operators, HNSW/IVFFlat indexes, and RPC similarity search |
| ai/chat-completions.md | Text generation, structured answers, and streaming chat through OpenRouter |
| ai/image-generation.md | Image generation/editing through OpenRouter, then durable storage in InsForge Storage |
| ai/video-generation.md | Async OpenRouter video jobs, status polling, and storing generated media |
| ai/audio.md | Speech-to-text, text-to-speech, and storing audio assets/transcripts with InsForge |
| ai/embeddings-and-rag.md | Generating embeddings through OpenRouter, storing them in pgvector, and wiring up a basic RAG pipeline |
| ai/models-list.md | Discovering OpenRouter model IDs, modalities, parameters, pricing, and embedding dimensions |
| payments | Configuring Stripe/Razorpay keys, syncing provider catalog, setting up webhooks, and writing payment RLS before app integration |
Building Payments for a New App
First choose the provider. There is no generic app payments guide:
- For Stripe Checkout, subscriptions, and Billing Portal, load payments/stripe.md.
- For Razorpay Orders, Subscriptions, Checkout.js, and cancel/pause/resume flows, load payments/razorpay.md.
Before writing app code, check provider setup with the insforge-cli payments references:
npx @insforge/cli payments stripe status
npx @insforge/cli payments razorpay status
If the chosen provider is unconfigured, ask the developer/admin to configure that provider first.
Real-time Backend Setup
The real-time SDK is for frontend event handling and messaging. Configure channel patterns, database triggers, and channel/message RLS with the insforge-cli skill; see realtime.
Backend Configuration
Supported project config knobs are managed via the CLI — use
npx @insforge/cli config export/plan/apply for auth redirect URLs,
verification flags, password policy, auth SMTP settings, storage upload size,
realtime/schedule retention, and cloud deployment subdomain. OAuth providers,
external app setup, storage buckets, functions, secrets, and deployment env vars
still use their dedicated dashboard or CLI flows. See the insforge-cli
skill's Configuration section.
Risky backend changes? Use a branch first
When a code change in this skill depends on a schema migration, new RLS policy, OAuth provider config change, or any other backend change that affects prod behavior, create a backend branch first. Branches share JWT_SECRET (existing user JWTs keep working) but get a fresh database + EC2 + API_KEY / ANON_KEY, so you can test the SDK + backend change end-to-end in isolation.
The full branching workflow lives in the insforge-cli skill — see branch for the decision guide and lifecycle commands. Typical loop:
npx @insforge/cli branch create feat-x --mode schema-only
# ... apply migrations / change auth config / update RLS on the branch ...
# ... test the SDK against the branch backend ...
npx @insforge/cli branch merge feat-x --dry-run # review SQL
npx @insforge/cli branch merge feat-x # apply to parent
⚠ After
branch createorbranch switch, update the app's InsForge URL and anon-key env values, then restart your dev server (or re-source.env) so the SDK talks to the selected branch backend.
SDK Quick Reference
All SDK methods return { data, error }.
| Module | Methods |
|---|---|
insforge.database |
.from().select(), .insert(), .update(), .delete(), .rpc() |
insforge.auth |
.signUp(), .signInWithPassword(), .signInWithOAuth(), .signOut(), .getCurrentUser() |
insforge.storage |
.from().upload(), .uploadAuto(), .download(), .remove() |
insforge.functions |
.invoke() |
insforge.ai |
Deprecated fallback only: .chat.completions.create(), .images.generate(), .embeddings.create() |
insforge.realtime |
.connect(), .subscribe(), .publish(), .on(), .disconnect() |
insforge.emails |
.send({ to, subject, html, cc?, bcc?, from?, replyTo? }) |
insforge.payments.stripe |
.createCheckoutSession(), .createCustomerPortalSession() |
insforge.payments.razorpay |
.createOrder(), .verifyOrder(), .createSubscription(), .verifySubscription(), .cancelSubscription(), .pauseSubscription(), .resumeSubscription() |
Important Notes
- Database inserts require array format:
insert([{...}]) - Next.js / SSR auth: Use
@insforge/sdk/ssrhelpers (createBrowserClient,createServerClient,createAuthActions,createRefreshAuthRouter) and importupdateSessionfrom@insforge/sdk/ssr/middlewarein Proxy/Middleware. Keep the refresh token httpOnly, run auth mutations throughcreateAuthActions()on the server, return only safe app data from Server Actions, and let the browser read the short-lived access token for Storage/Realtime. See auth/ssr-integration.md - Storage: Save both
urlANDkeyto database for download/delete operations - Functions invoke URL:
/functions/{slug} - Email delivery: Auth emails (signup verification, password reset, magic links, invites) ship on every plan. Custom email via
insforge.emails.send()ships on every paid plan. Use the platform-managed delivery path; custom sender domain is dashboard config. See email/sdk-integration.md. - Payments: Configure provider keys/catalog with
npx @insforge/cli payments <provider> ...first; frontend code uses provider-scoped SDK modules. - Payment RLS: Before payment UI, add app-specific RLS on provider runtime tables. Stripe uses
payments.stripe_checkout_sessionsandpayments.stripe_customer_portal_sessions; Razorpay usespayments.razorpay_ordersandpayments.razorpay_subscriptions. Durable fulfillment triggers go onpayments.webhook_events, not success URLs, Checkout callbacks, orpayments.transactions. - Use Tailwind CSS v3.4
- Always local build before deploy: Prevents wasted build resources and faster debugging
- SDK package: Use
@insforge/sdkdirectly for all features including authentication. - Deployment: Include a
vercel.jsonin the project root for SPA routing (React, React Router apps). Thedownload-templatetool includes this automatically. - Branching for risky backend changes: If your SDK code depends on a new schema, RLS policy, or auth config change, create a branch via
npx @insforge/cli branch createfirst — see the insforge-cli skill's branch reference. Afterbranch create/branch switch, update the app's InsForge URL and anon-key env values, then restart the dev server.