Auth
Supabase Auth with email one-time codes (OTP). Session cookies are refreshed in middleware; protected routes live under /app.
SEO-first marketing · CSR product
Landing pages for humans and crawlers. The product stays fast on the client.
This route group is server-rendered with metadata and structured data. The SaaS workspace under /app is a client-driven shell that talks to your API routes and Supabase.
AI & data
POST /api/ai runs on the server with your gateway key, then optionally persists rows in ai_runs with RLS.