| name | insforge |
| description | Use this skill when writing app code with InsForge or @insforge/sdk: database CRUD, auth, storage uploads/storage RLS, functions, OpenRouter AI, realtime, emails, Stripe checkout, subscriptions, customer portal flows, or pointing S3-compatible tooling (aws CLI, AWS SDKs, rclone, Terraform, boto3) at InsForge Storage. Trigger on requests like add auth, fetch data, upload files, make a bucket public, add checkout, sell subscriptions, or send email. For infrastructure, SQL migrations, CLI commands, or Stripe key/catalog setup, use insforge-cli instead. |
| license | MIT |
| metadata | {"author":"insforge","version":"1.3.0","organization":"InsForge","date":"April 2026"} |
InsForge SDK Skill
This skill covers client-side SDK integration using @insforge/sdk. For backend infrastructure operations (creating tables, inspecting schema, deploying functions, secrets, managing storage buckets, configuring Stripe keys/catalog, website deployments, cron job and schedules, logs, etc.), use the insforge-cli skill.
Quick Setup
1. Install the SDK
npm install @insforge/sdk@latest
2. Set up environment variables
Before using the SDK, create a .env file (or .env.local for Next.js) in your project root with your InsForge URL and anon key.
How to get your URL and anon key
-
Ensure the project is linked. Check for .insforge/project.json in the project root.
- Generate it with
npx @insforge/cli link for an existing project or npx @insforge/cli create for a new project.
-
Get the anon key via the CLI:
npx @insforge/cli secrets get ANON_KEY
-
Get the URL from the oss_host field in .insforge/project.json (e.g., https://myapp.us-east.insforge.app).
-
Write both values to the .env file using the correct framework prefix (see table below).
Important: Use the anon key for user-scoped SDK clients, including SSR. For privileged server-only app code that needs admin/service access, use createAdminClient({ apiKey }); the API key is a full-access admin key, equivalent to a service role key on other platforms.
Use the correct environment variable prefix and access pattern for your framework:
| Framework | .env file | Variables | Access Pattern |
|---|
| Next.js | .env.local | NEXT_PUBLIC_INSFORGE_URL, NEXT_PUBLIC_INSFORGE_ANON_KEY | process.env.NEXT_PUBLIC_* |
| Vite (React, Vue, Svelte) | .env | VITE_INSFORGE_URL, VITE_INSFORGE_ANON_KEY | import.meta.env.VITE_* |
| Astro | .env | PUBLIC_INSFORGE_URL, PUBLIC_INSFORGE_ANON_KEY | import.meta.env.PUBLIC_* |
| SvelteKit | .env | PUBLIC_INSFORGE_URL, PUBLIC_INSFORGE_ANON_KEY | import { env } from '$env/dynamic/public' |
| Create React App | .env | REACT_APP_INSFORGE_URL, REACT_APP_INSFORGE_ANON_KEY | process.env.REACT_APP_* |
| Node.js / Server | .env | INSFORGE_URL, INSFORGE_ANON_KEY | process.env.* |
Example .env.local for Next.js:
NEXT_PUBLIC_INSFORGE_URL=https://your-appkey.us-east.insforge.app
NEXT_PUBLIC_INSFORGE_ANON_KEY=eyJhbGciOiJIUzI1NiIs...
Important: Keep .env files local. Add .env, .env.local, and .env*.local to your .gitignore and keep .env.example for documenting required variables.
3. Initialize the client
import { createClient } from '@insforge/sdk'
const insforge = createClient({
baseUrl: process.env.NEXT_PUBLIC_INSFORGE_URL,
anonKey: process.env.NEXT_PUBLIC_INSFORGE_ANON_KEY
})
const insforge = createClient({
baseUrl: import.meta.env.VITE_INSFORGE_URL,
anonKey: import.meta.env.VITE_INSFORGE_ANON_KEY
})
For trusted server-only code that needs project-admin access:
import { createAdminClient } from '@insforge/sdk'
const admin = createAdminClient({
baseUrl: process.env.INSFORGE_URL,
apiKey: process.env.INSFORGE_API_KEY
})
Module Reference
What Each Module Covers
| Module | Content |
|---|
| Database | CRUD operations, filters, pagination, RPC calls |
| Auth | Sign up/in, OAuth, sessions, profiles, password reset |
| Storage | Upload, download, delete files; S3-compatible gateway for CI / backup tooling; write RLS policies for buckets |
| Functions | Invoke edge functions |
| AI | OpenRouter AI calls for chat, images, video, audio, embeddings, and model discovery |
| Email | Send custom transactional HTML emails (welcome, newsletter, notifications) |
| Payments | Stripe Checkout Sessions, subscriptions, and Billing Portal redirects |
| Real-time | Connect, subscribe, publish events, and track presence snapshots plus join/leave deltas |
Guides
| Guide | When to Use |
|---|
| database/postgres-rls.md | Writing or reviewing RLS policies — covers infinite recursion prevention, SECURITY DEFINER patterns, performance tips, and common InsForge RLS patterns |
| storage/s3-gateway.md | Fallback path when the consumer is existing S3 tooling (aws CLI, AWS SDKs, rclone, Terraform, boto3) and adopting @insforge/sdk is impractical — covers endpoint/region setup, access-key management, path-style addressing, and supported vs. not-supported S3 operations. Requires InsForge 2.0.9+. Prefer the SDK (storage/sdk-integration.md) for app code |
| storage/postgres-rls.md | Writing RLS policies for storage.objects — owner-only, public-read, path-scoped, team-shared, and the NULL uploaded_by caveat for mixed REST + S3 buckets |
| database/pgvector.md | Building semantic search, recommendations, or RAG — covers the vector extension, schema/dimensions, distance operators, HNSW/IVFFlat indexes, and RPC similarity search |
| ai/chat-completions.md | Text generation, structured answers, and streaming chat through OpenRouter |
| ai/image-generation.md | Image generation/editing through OpenRouter, then durable storage in InsForge Storage |
| ai/video-generation.md | Async OpenRouter video jobs, status polling, and storing generated media |
| ai/audio.md | Speech-to-text, text-to-speech, and storing audio assets/transcripts with InsForge |
| ai/embeddings-and-rag.md | Generating embeddings through OpenRouter, storing them in pgvector, and wiring up a basic RAG pipeline |
| ai/models-list.md | Discovering OpenRouter model IDs, modalities, parameters, pricing, and embedding dimensions |
| payments | Configuring Stripe keys, syncing catalog, creating products/prices, webhooks, and portal RLS before app integration |
Building Checkout for a New App
Before integrating payments, make sure a Stripe key is configured. Run npx @insforge/cli payments status. If it shows unconfigured, ask the user for the Stripe key first. See the insforge-cli skill's payments reference.
Real-time Backend Setup
The real-time SDK is for frontend event handling and messaging. Configure channel patterns, database triggers, and channel/message RLS with the insforge-cli skill; see realtime.
Backend Configuration (Not Yet in CLI)
Auth redirect URL allowlist is now managed via the CLI — use
npx @insforge/cli config export/plan/apply. Other auth settings (password
policy, OAuth providers, verification methods) still live on the dashboard. See
the insforge-cli skill's Configuration section.
Risky backend changes? Use a branch first
When a code change in this skill depends on a schema migration, new RLS policy, OAuth provider config change, or any other backend change that affects prod behavior, create a backend branch first. Branches share JWT_SECRET (existing user JWTs keep working) but get a fresh database + EC2 + API_KEY / ANON_KEY, so you can test the SDK + backend change end-to-end in isolation.
The full branching workflow lives in the insforge-cli skill — see branch for the decision guide and lifecycle commands. Typical loop:
npx @insforge/cli branch create feat-x --mode schema-only
npx @insforge/cli branch merge feat-x --dry-run
npx @insforge/cli branch merge feat-x
⚠ After branch create or branch switch, update the app's InsForge URL and anon-key env values, then restart your dev server (or re-source .env) so the SDK talks to the selected branch backend.
SDK Quick Reference
All SDK methods return { data, error }.
| Module | Methods |
|---|
insforge.database | .from().select(), .insert(), .update(), .delete(), .rpc() |
insforge.auth | .signUp(), .signInWithPassword(), .signInWithOAuth(), .signOut(), .getCurrentUser() |
insforge.storage | .from().upload(), .uploadAuto(), .download(), .remove() |
insforge.functions | .invoke() |
insforge.ai | Deprecated fallback only: .chat.completions.create(), .images.generate(), .embeddings.create() |
insforge.realtime | .connect(), .subscribe(), .publish(), .on(), .disconnect() |
insforge.emails | .send({ to, subject, html, cc?, bcc?, from?, replyTo? }) |
insforge.payments | .createCheckoutSession(), .createCustomerPortalSession() |
Important Notes
- Database inserts require array format:
insert([{...}])
- Next.js / SSR auth: Use
@insforge/sdk/ssr helpers (createBrowserClient, createServerClient, createRefreshAuthRouter, updateSession). Keep the refresh token httpOnly and let the browser read the short-lived access token for Storage/Realtime. See auth/ssr-integration.md
- Storage: Save both
url AND key to database for download/delete operations
- Functions invoke URL:
/functions/{slug}
- Email delivery: Auth emails (signup verification, password reset, magic links, invites) ship on every plan. Custom email via
insforge.emails.send() ships on every paid plan. Use the platform-managed delivery path; custom sender domain is dashboard config. See email/sdk-integration.md.
- Payments: Configure Stripe keys/catalog with
npx @insforge/cli payments ... first; frontend code only creates Checkout/Portal sessions.
- Payment RLS: Before subscription checkout or Billing Portal UI, add app-specific RLS on
payments.checkout_sessions and payments.customer_portal_sessions. Checkout creation needs INSERT; checkout requests with idempotencyKey also need matching SELECT on payments.checkout_sessions.
- Use Tailwind CSS v3.4
- Always local build before deploy: Prevents wasted build resources and faster debugging
- SDK package: Use
@insforge/sdk directly for all features including authentication.
- Deployment: Include a
vercel.json in the project root for SPA routing (React, React Router apps). The download-template tool includes this automatically.
- Branching for risky backend changes: If your SDK code depends on a new schema, RLS policy, or auth config change, create a branch via
npx @insforge/cli branch create first — see the insforge-cli skill's branch reference. After branch create / branch switch, update the app's InsForge URL and anon-key env values, then restart the dev server.
