Auth randomly stops working - why is this happening?!

App Router auth is confusing as hell, and here's why you'll spend hours debugging it. You have Server Components that run on the server and Client Components that run in the browser, and they handle auth differently. **What breaks**: Cookies get stale, auth state gets out of sync between server and client, redirects fail randomly. **The fix**: Use separate auth clients for server vs client, and always check for null users. Auth can fail at any time. ```tsx // Server Component - this will randomly fail const { data: { user } } = await supabase.auth.getUser() // user can be null even if they were logged in 5 seconds ago if (!user) { // Don't redirect here - it breaks SSR return } ``` **Real talk**: I burned way too much time on this auth hell, staring at logs that told me absolutely nothing while users complained about getting randomly logged out. The Supabase helpers aren't magic - they're just JavaScript that can fail. Always assume the user might be null or your app will shit itself at the worst possible moment.

Can I process documents with Server Actions or will they timeout?

**Short answer**: They'll timeout. Don't even try for anything bigger than a text file. **What happens**: Server Actions timeout after 10 seconds on Hobby plan, 60s on Pro (Vercel limits). Processing a large PDF with embeddings takes forever, like several minutes depending on how much OpenAI is throttling you that day. Your action will die mid-processing and users get a generic error message that tells them nothing. **The workaround**: Use Server Actions to save file metadata, then queue background processing. ```tsx // This times out and makes you sad export async function uploadDocument(formData: FormData) { const file = formData.get('file') as File const content = await file.text() // Dies on large files const embeddings = await generateEmbeddings(content) // Definitely times out } // This actually works export async function uploadDocument(formData: FormData) { // Save metadata only const { data } = await supabase.from('documents').insert({ title: file.name, status: 'pending' }) // Queue background processing await queueProcessing(data.id) return { success: true } } ``` **Lesson**: Server Actions are for quick mutations, not heavy processing.

Why do streaming responses just randomly stop working?

**Because tool calls fail and kill the entire stream**. The Vercel AI SDK is optimistic about errors - when your Pinecone search times out, the whole stream just dies with no error message. **What breaks**: - Pinecone queries timeout (default 30s is too long) - Network issues kill the connection - Auth tokens expire mid-stream - Memory issues with long conversations **The fixes**: ```tsx // Add timeout and error handling tools: { search: tool({ execute: async ({ query }) => { try { // Aggressive timeout const results = await Promise.race([ pinecone.query(query), new Promise((_, reject) => setTimeout(() => reject(new Error('Timeout')), 3000) ) ]) return results } catch (error) { // Don't kill the stream, return empty results return { results: [], error: 'Search failed' } } } }) } ``` **Pro tip**: Always wrap tool calls in try-catch. Fail gracefully or users see half-responses.

How do I show document processing status without everything breaking?

**The problem**: Users upload a document and stare at a blank screen wondering if anything happened. **What I tried first**: Polling the database every 5 seconds. Terrible user experience and kills your database. **What actually works**: Supabase Realtime subscriptions, but you need to handle the edge cases. **Common issues**: - Realtime connections drop on mobile - You get duplicate events sometimes - Memory leaks if you don't unsubscribe properly - Events arrive out of order ```tsx // Don't forget to unsubscribe or you'll leak memory useEffect(() => { const channel = supabase.channel('status') // ... subscription code // This is critical - missing this breaks everything return () => supabase.removeChannel(channel) }, [documentId]) ``` **Pro tip**: Always show immediate feedback ("Processing started...") then use Realtime for updates. Users need to know something happened right away.

How do I stop users from seeing each other's documents?

**This is fucking critical - screw this up and you're toast**. I've watched apps accidentally leak customer data because some genius treated multi-tenancy as a "nice to have" feature. Startups have had to send breach notifications because their RAG apps showed random people's confidential documents. The legal bills can kill you. **Two-layer approach**: 1. Supabase RLS (Row Level Security) for database 2. Pinecone metadata filtering for vector search **Common mistakes**: - Forgetting to add filters to vector search (users see other orgs' documents) - RLS policies that don't cover all query patterns - Not testing edge cases (what if user changes orgs?) ```tsx // This looks secure but isn't const results = await pinecone.query({ vector: embedding, topK: 10 // Missing organization filter - users see everything }) // This actually works const results = await pinecone.query({ vector: embedding, filter: { organization_id: user.org_id }, topK: 10 }) ``` **Testing tip**: Create test accounts in different orgs and verify they can't see each other's data. Do this early or you'll regret it.

Why is my app slow on Vercel but fast locally?

**Cold starts**. Vercel puts your functions to sleep when they're not used. First request after idle time takes 3-5 seconds to wake up. **What makes it worse**: - Large dependencies (Pinecone SDK, OpenAI SDK add ~500KB) - Database connections that need to warm up - Heavy imports in your API routes **Mitigations**: - Use Edge Runtime where possible (faster cold starts) - Keep API routes lean - Consider a ping service to keep functions warm - Cache database connections **Reality check**: Cold starts are a Vercel limitation. If you need instant responses all the time, consider a dedicated server or prepare to pay for Vercel Pro to keep functions warm.

My RLS policies aren't working - what's wrong?

**Most common issue**: You're not enabling RLS on the table. ```sql -- Enable RLS (this is required) ALTER TABLE documents ENABLE ROW LEVEL SECURITY; -- Then create policies CREATE POLICY "Users see own docs" ON documents FOR SELECT USING (user_id = auth.uid()); ``` **Other gotchas**: - Service role bypasses RLS (don't use it for user queries) - Policies need to cover INSERT, UPDATE, DELETE separately - Complex joins can break policy enforcement - Anonymous users need separate policies **Debugging**: Check the Supabase logs - failed RLS shows up there.

Currently viewing the AI version

Switch to human version

Next.js App Router + Pinecone + Supabase RAG Production Guide

Configuration and Architecture

Server Components

What Works:

Direct database access without API routes
Automatic caching and no loading states
Server-side rendering with data fetching

Production Failures:

Timeouts with large datasets (Vercel kills functions at 10s Hobby, 60s Pro)
Auth errors surface as "undefined user" with zero context
TypeScript inference breaks with complex RLS policies
Cache poisoning: User A sees User B's documents randomly

Critical Requirements:

Add error boundaries everywhere
Use pagination for datasets >100 items
Test auth edge cases early in development
Implement proper user isolation testing

Server Actions

Suitable For:

Simple mutations and form handling
Quick database updates
Triggering background jobs

Hard Limits:

File processing: Dies on 10MB+ files
Embedding generation: Timeouts after 5+ seconds for long documents
Function timeout: 10s Hobby, 60s Pro (Vercel limitation)

Production Failures:

OpenAI randomly throttles with no warning
Pinecone quota limits fail silently
Users spam-click upload buttons during processing
Error messages return generic "Internal Server Error"

Working Pattern:

// Save metadata only, queue background processing
export async function uploadDocument(formData: FormData) {
  const { data: document } = await supabase
    .from('documents')
    .insert({ title: file.name, status: 'pending' })

  await fetch('/api/process-document', {
    method: 'POST',
    body: JSON.stringify({ documentId: document.id })
  })

  return { success: true }
}

Streaming AI Implementation

Critical Failure Modes

Stream Cutoffs: Streams randomly stop mid-sentence with no error indication
Tool Call Deaths: RAG retrieval fails and kills entire response
Network Resilience: Mobile users lose connection for 2s, stream dies permanently
Memory Leaks: Long conversations consume RAM without cleanup
Auth Expiry: 30-minute sessions hit token expiry mid-stream

Required Error Handling

Tool Call Wrapping:

tools: {
  search: tool({
    execute: async ({ query }) => {
      try {
        const results = await Promise.race([
          pinecone.query(query),
          new Promise((_, reject) =>
            setTimeout(() => reject(new Error('Timeout')), 3000)
          )
        ])
        return results
      } catch (error) {
        // Don't kill stream - return empty results
        return { results: [], error: 'Search failed' }
      }
    }
  })
}

Timeout Requirements:

Pinecone queries: 3-second maximum (default 30s too long)
Implement retry logic for network issues
Add stream resumption capabilities
Handle auth token refresh silently

useChat Hook Limitations

Reliable Features:

Message state management
Automatic streaming
Tool call handling

Requires Custom Implementation:

Error recovery mechanisms
Memory management for long conversations
Auth refresh handling
Network resilience

Multi-Tenant Security

Critical Security Requirements

Two-Layer Approach Required:

Supabase RLS for database isolation
Pinecone metadata filtering for vector search

Common Security Failures:

Missing organization filters in vector search (users see all documents)
RLS policies don't cover all query patterns
No edge case testing (user org changes)

Correct Implementation:

// Database RLS
ALTER TABLE documents ENABLE ROW LEVEL SECURITY;
CREATE POLICY "Users see own docs" ON documents
  FOR SELECT USING (user_id = auth.uid());

// Vector search filtering
const results = await pinecone.query({
  vector: embedding,
  filter: { organization_id: user.org_id },
  topK: 10
})

Testing Requirements

Create test accounts in different organizations
Verify complete data isolation between tenants
Test user organization changes
Validate RLS bypassing with service role

Performance and Resource Requirements

Time Investment Reality

Learning Curve: 2-4 weeks for App Router patterns if coming from Pages Router
Auth Implementation: 1-2 weeks debugging edge cases
Streaming Setup: 3-5 days for reliable production streaming
Multi-tenant Security: 1 week proper implementation and testing

Production Resource Costs

Vercel Hosting:

Hobby Plan: 10s function timeout (insufficient for document processing)
Pro Plan: 60s timeout, required for production RAG apps
Cold start penalty: 3-5s first request after idle

Database Performance:

Supabase: RLS adds query overhead
Connection pooling required for concurrent users
Realtime subscriptions: Memory cleanup essential

Performance Bottlenecks

Cold Starts: Functions sleep when unused, 3-5s wake time
Bundle Size: Pinecone + OpenAI SDKs add ~500KB
Database Connections: Warm-up required
Vector Search: Default timeouts too aggressive for production

Stack Comparison Matrix

Aspect	App Router + Supabase + Pinecone	Traditional SPA + API	Pages Router
Setup Complexity	Medium (auth patterns confusing initially)	High (separate services)	Low (if familiar)
Debugging Difficulty	High (cryptic errors, no useful logs)	Medium (standard debugging)	Low (predictable)
Performance	Fast when warm, demo-killing cold starts	Consistent performance	Predictable
Streaming AI	Works well with AI SDK	Manual SSE implementation	Manual implementation
Real-time Updates	Supabase Realtime (connection drops on mobile)	WebSockets/Pusher	Manual WebSocket
Multi-tenant	RLS policies handle isolation	Manual implementation	Manual implementation
Production Errors	Error boundaries required everywhere	Standard error handling	Standard handling
Testing	Server Components nightmare to test	Standard testing approaches	Standard testing

Operational Warnings

Auth System Failures

Random Logout: Auth cookies get stale unpredictably
State Sync Issues: Server/client auth state mismatch
Redirect Failures: SSR redirects break randomly
Token Expiry: Long sessions fail without warning

Document Processing Gotchas

File Size Limits: 10MB+ files block everything
Embedding Timeouts: OpenAI throttling causes silent failures
Queue Failures: Background jobs need monitoring
Status Updates: Users assume app is broken without immediate feedback

Vector Search Issues

Timeout Defaults: 30s default kills streams
Quota Limits: Pinecone limits fail silently
Metadata Filtering: Missing filters expose other users' data
Connection Pooling: Concurrent queries need proper handling

Essential Dependencies

Required Packages

ai (Vercel AI SDK): Handles streaming complexity
@supabase/auth-helpers-nextjs: Essential for App Router auth
@pinecone-database/pinecone: Vector database access
Sentry Next.js integration: Production error tracking

Avoid These

LangChain.js: Bloated for most RAG applications
Custom streaming implementations: Use Vercel AI SDK instead
Polling for status: Use Supabase Realtime subscriptions

Production Checklist

Pre-Launch Requirements

Error Boundaries: Implemented on all Server Components
Timeout Handling: 3s max for all external API calls
Auth Edge Cases: Test null users, token expiry, org changes
Multi-tenant Testing: Verify complete data isolation
Memory Management: Realtime subscription cleanup implemented
Background Processing: Queue system for document processing
Monitoring: Error tracking and performance monitoring active

Post-Launch Monitoring

Cold start frequency and impact
Stream completion rates
Auth failure patterns
Multi-tenant isolation verification
Document processing success rates
Memory usage in long conversations

This stack is production-viable but requires significant investment in error handling and edge case management. The 20% effort for production reliability is substantial but necessary for user trust.

Useful Links for Further Investigation

Resources That Don't Suck (And Which Ones to Avoid)

Link	Description
Next.js App Router Documentation	Surprisingly decent for official docs. The "Building Your Application" section won't lie to you, which is more than I can say for most framework documentation.
Vercel AI SDK Documentation	Actually solid documentation with working examples. The streaming section is particularly good. Their tool calling examples will save you hours of debugging. This is where you should spend most of your time when learning streaming - way better than random YouTube tutorials.
Supabase Next.js Guide	Decent starting point but light on App Router specifics.
Pinecone Documentation	Standard API docs. Gets the job done but doesn't explain performance gotchas. You'll figure out the timeout issues on your own.
Vercel AI Chatbot Template	Holy shit, a template that actually works. Clean code, proper auth handling, doesn't break when you look at it wrong. Clone this and build on top of it instead of starting from scratch like an idiot. Would've saved me 2 weeks of suffering if I'd found it earlier.
Next.js RAG Starter	Official Vercel template that actually works. Uses pgvector instead of Pinecone but easy to adapt. The document chunking logic is solid.
Supabase AI Chatbot Template	Actually good - a full-featured Next.js AI chatbot with Supabase auth and Postgres. Clean code, proper App Router patterns, handles auth correctly. Use this as your foundation.
Vercel AI SDK	Actually good. The useChat hook handles 90% of the streaming complexity. Tool calling works well. This should be your first install.
@supabase/auth-helpers-nextjs	Essential for App Router auth. The different client types (server/client) are confusing but necessary. Read the docs twice.
@pinecone-database/pinecone	Standard vector database SDK. Works fine but you'll need to add your own timeout handling. The default timeouts are too aggressive and will randomly kill your streams.
LangChain.js	LangChain is bloated for most RAG apps. It's like using a Formula 1 car to drive to the grocery store - impressive but completely unnecessary. Only touch this if you genuinely need complex document processing pipelines or you hate yourself.
Next.js Discord	Good for App Router questions. Active community, but expect some attitude if you ask basic questions. Read the docs first.
Vercel AI SDK Discord	Smaller community but helpful. The maintainers actually respond here. Good for debugging streaming issues.
Supabase Discord	Hit or miss. Good for database/RLS questions, but the auth help is inconsistent. Check GitHub issues first.
Next.js GitHub Discussions	Better than Reddit for App Router questions. The maintainers actually respond here, and you'll find real solutions to complex problems.
Next.js App Router Course by Vercel	Free course that's actually decent. Covers the basics without too much fluff. Good starting point if you're new to App Router.
Building AI Apps with Next.js - Vercel YouTube	Mix of useful content and marketing fluff. The AI SDK tutorials are actually helpful, but their conference talks are mostly product pitches disguised as education. Stick to the videos where they show actual code, skip anything with "revolutionary" in the title.
Supabase CLI	Essential. Run Supabase locally, generate TypeScript types, handle migrations. Don't try to develop without this.
Pinecone Console	Basic web UI for managing indexes. Good for debugging queries and checking usage. The search interface is helpful for testing.
Vercel CLI	Works as advertised. Local development, easy deployments, preview URLs. No complaints.
Vercel Analytics	Basic but free with Vercel hosting. Shows performance metrics, user flows. Better than nothing.
Sentry Next.js Integration	Actually useful for catching production errors. The Next.js integration is solid. Set this up early.

Next.js App Router + Pinecone + Supabase RAG Production Guide

Configuration and Architecture

Server Components

Server Actions

Streaming AI Implementation

Critical Failure Modes

Required Error Handling

useChat Hook Limitations

Multi-Tenant Security

Critical Security Requirements

Testing Requirements

Performance and Resource Requirements

Time Investment Reality

Production Resource Costs

Performance Bottlenecks

Stack Comparison Matrix

Operational Warnings

Auth System Failures

Document Processing Gotchas

Vector Search Issues

Essential Dependencies

Required Packages

Avoid These

Production Checklist

Pre-Launch Requirements

Post-Launch Monitoring

Useful Links for Further Investigation

Resources That Don't Suck (And Which Ones to Avoid)

Related Tools & Recommendations

Using Multiple Vector Databases: What I Learned Building Hybrid Systems

Stripe + Next.js App Router That Actually Works

Stop Fighting with Vector Databases - Here's How to Make Weaviate, LangChain, and Next.js Actually Work Together

Supabase vs Firebase vs AWS Amplify vs Appwrite: Stop Picking Wrong

I Spent a Weekend Integrating Clerk + Supabase + Next.js (So You Don't Have To)

Making LangChain, LlamaIndex, and CrewAI Work Together Without Losing Your Mind

I Deployed All Four Vector Databases in Production. Here's What Actually Works.

Stop Making Users Refresh to See Their Subscription Status

Remix vs Next.js vs SvelteKit: Production Battle Scars from the Trenches

Remix vs SvelteKit vs Next.js: Which One Breaks Less

Firebase Alternatives That Don't Suck (September 2025)

Firebase Started Eating Our Money, So We Switched to Supabase

Claude + LangChain + FastAPI: The Only Stack That Doesn't Suck

Qdrant + LangChain Production Setup That Actually Works

Milvus - Vector Database That Actually Works

Milvus vs Weaviate vs Pinecone vs Qdrant vs Chroma: What Actually Works in Production

Supabase vs Firebase vs Appwrite vs PocketBase - Which Backend Won't Fuck You Over

These 4 Databases All Claim They Don't Suck

Bun vs Node.js vs Deno: The Developer's Migration Journey in 2025

Bun vs Deno vs Node.js: Which Runtime Won't Ruin Your Weekend