Skill

scaffold-nextjs-app

Generate Next.js 15 App Router project with auth, database, API routes. Use when user asks to "scaffold a Next.js app".

Install

Run in your terminal

npx claudepluginhub javimontano/jm-adk --plugin sovereign-architect

Tool Access

This skill is limited to using the following tools:

ReadWriteEditGlobGrepBashAgent

Supporting Assets

View in Repository

agents/app-router-architect-agent.md

agents/auth-db-setup-agent.md

agents/nextjs-e2e-agent.md

evals/evals.json

examples/sample-output.md

prompts/use-case-prompts.md

references/body-of-knowledge.md

references/knowledge-graph.mmd

references/state-of-the-art.md

Skill Content

Similar Skills

skill-lookup

Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.

prompts.chat

157.6k

prompt-lookup

Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.

prompts.chat

157.6k

Hook Development

10 files

Guides implementation of event-driven hooks in Claude Code plugins using prompt-based validation and bash commands for PreToolUse, Stop, and session events.

plugin-dev

83.2k

Stats

Parent Repo Stars0

Parent Repo Forks0

Last CommitMar 22, 2026

Actions

View Source View Plugin View on GitHub View README

Scaffold Next.js App

Generate Next.js 15 App Router project with server-first architecture, full-stack auth, database integration, and type-safe API routes.

Guiding Principle

"Server-first architecture produces faster, simpler applications. Default to Server Components — justify every use client directive."

Procedure

Step 1 — Elicit Context and Routing Architecture

Ask: Does this project need SEO or static marketing pages? (YES → confirms Next.js is right choice, not plain React).
Ask: Is this full-stack (API routes included) or frontend-only consuming external API?
Ask: What is the auth strategy? (NextAuth.js/Auth.js v5, Clerk, Supabase Auth, custom JWT).
Ask: What database? (PostgreSQL via Drizzle ORM, Prisma, Supabase, PlanetScale).
Ask: Deployment target? (Vercel → full Edge/Node flexibility; Docker → prefer Node runtime; AWS Lambda → check bundle limits).
Classify all answers: [HECHO] if confirmed, [SUPUESTO] if inferred.

Step 2 — Define App Router Architecture

Map all pages to App Router conventions: app/page.tsx, app/(auth)/login/page.tsx, app/(dashboard)/layout.tsx.
Identify which pages are Server Components (default), Client Components (use client), and Streaming (with <Suspense>).
Design route groups: (marketing) for public pages, (dashboard) for protected routes, (auth) for auth flow.
Define server vs. client boundary: data fetching and form mutations stay in Server Components/Actions; interactive UI only gets use client.
Design loading.tsx and error.tsx boundaries at each route segment.
Document routing map in docs/routing-architecture.md.

Step 3 — Configure Next.js and Tooling

Create next.config.ts with: strict mode, experimental features (PPR if using Next 15), image domains, bundle analyzer hook.
Write tsconfig.json with strict: true, moduleResolution: "Bundler", paths for @/.
Configure tailwind.config.ts for App Router content paths including app/, components/, lib/.
Write .env.example with all required variables; write src/env.ts with Zod validation (use server schema for NODE-only vars, client schema for NEXT_PUBLIC_ vars).
Configure ESLint with eslint-config-next, @typescript-eslint/strict, jsx-a11y.
Set up Drizzle ORM (or Prisma): schema file, migration commands, type generation scripts.

Step 4 — Implement Auth and Middleware

Install and configure Auth.js v5 (NextAuth): auth.config.ts with providers, session strategy, callbacks.
Write middleware.ts at root: protect all routes under /(dashboard), redirect unauthenticated to /login.
Write auth() server helper — use in Server Components, Server Actions, and Route Handlers.
Implement CSRF protection for Server Actions (built-in with Auth.js).
Write src/lib/auth-utils.ts with getCurrentUser() helper that throws if not authenticated.
Test: unauthenticated request to /dashboard → 302 to /login. Auth cookie present → session resolves.

Step 5 — Testing, CI/CD, and Deployment Config

Install Vitest for unit/component testing (Next.js compatible with next/jest or @vitejs/plugin-react).
Configure Playwright for E2E with Next.js: webServer config starts next dev, baseURL from env.
Write next.config.ts production optimizations: output standalone for Docker, compress: true, security headers.
Write Dockerfile using output: 'standalone' — copy only .next/standalone + .next/static + public.
Write .github/workflows/ci.yml: type-check → lint → unit tests → build → E2E.
Document all env variables in README with local setup instructions.

Decision Framework

Decision	Default	Alternative	When to Switch
Rendering	Server Components	Client Components	Interactive UI, browser APIs needed
Data fetching	`fetch()` in Server Component	Route Handler + TanStack Query	Client-side re-fetching required
Mutations	Server Actions	Route Handlers	Non-form mutations from client
Auth	Auth.js v5	Clerk	Managed auth with UI components wanted
ORM	Drizzle ORM	Prisma	Team prefers Prisma's DX; large team
Database	PostgreSQL (Neon/Supabase)	SQLite (Turso)	Low-traffic or edge deployment
Caching	Next.js `unstable_cache`	Redis via Upstash	Multi-region or high-volume cache
Styling	Tailwind CSS v4	CSS Modules	Existing non-Tailwind design system
Deployment	Vercel	Docker/ECS	No vendor lock-in; custom infra
Image handling	next/image (required)	Direct `<img>`	Never — always use next/image

Quality Criteria

next build exits 0 — no TypeScript errors, no missing env variables.
All routes under (dashboard) return 302 to /login when unauthenticated (Playwright test).
Lighthouse score ≥ 90 Performance on main marketing page (static generation verified).
next/image used for all images — no raw <img> tags.
No use client on pages that only render static or server-fetched data.
All Server Actions have zod input validation before touching the database.
Database migrations tracked in version control (drizzle/ or prisma/migrations/).
Security headers configured in next.config.ts (CSP, X-Frame-Options, HSTS).

Anti-Patterns

Mixing Pages Router and App Router patterns — Never import useRouter from next/router in App Router. Use next/navigation. Never use getServerSideProps in app/.
use client on layout files — Makes the entire subtree client-side. Put interactivity in leaf components, keep layouts as Server Components.
Fetching in Client Components when a Server Component would do — Adds unnecessary loading states, exposes internal API structure, increases bundle size.
Not using output: 'standalone' for Docker — Default Next.js Docker build includes all node_modules. Standalone output is 10x smaller.
Storing secrets in NEXT_PUBLIC_* variables — These are embedded in the client bundle. Use unprefixed vars for server-only secrets.

When NOT to Use

When the project is a pure SPA with no SEO requirements → Use scaffold-react-app (lighter, faster DX).
When the backend is a separate service team owns → Consider a React SPA calling the existing API rather than adding a Next.js BFF.
When deploying to a platform that doesn't support Node.js processes → Static-only sites are better served by plain HTML or Astro.
When the team has no React experience → Consider the learning curve; Next.js App Router adds Server Component mental model on top of React.