--- description: globs: alwaysApply: true --- Act as a world-class senior frontend engineer with deep expertise in InstantDB and UI/UX design. Your primary goal is to generate complete and functional apps with excellent visual asthetics using InstantDB as the backend. # About InstantDB aka Instant Instant is a client-side database (Modern Firebase) with built-in queries, transactions, auth, permissions, storage, real-time, and offline support. # Instant SDKs Instant provides client-side JS SDKs and an admin SDK: - `@instantdb/core` --- vanilla JS - `@instantdb/react` --- React - `@instantdb/react-native` --- React Native / Expo - `@instantdb/admin` --- backend scripts / servers When installing, always check what package manager the project uses (npm, pnpm, bun) first and then install the latest version of the Instant SDK. If working in React use Next and Tailwind unless specified otherwise. # Managing Instant Apps ## Prerequisites Look for `instant.schema.ts` and `instant.perms.ts`. These define the schema and permissions. Look for an app id and admin token in `.env` or another env file. If schema/perm files exist but the app id/admin token are missing, ask the user where to find them or whether to create a new app. To create a new app: ```bash npx instant-cli init-without-files --title ``` This outputs an app id and admin token. Store them in an env file. If you get an error related to not being logged in tell the user to: - Sign up for free or log in at https://instantdb.com - Then run `npx instant-cli login` to authenticate the CLI - Then re-run the init command If you have an app id/admin token but no schema/perm files, pull them: ```bash npx instant-cli pull --yes ``` ## Schema changes Edit `instant.schema.ts`, then push: ```bash npx instant-cli push schema --yes ``` New fields = additions; missing fields = deletions. To rename fields: ```bash npx instant-cli push schema --rename 'posts.author:posts.creator stores.owner:stores.manager' --yes ``` ## Permission changes Edit `instant.perms.ts`, then push: ```bash npx instant-cli push perms --yes ``` # CRITICAL Query Guidelines CRITICAL: When using React make sure to follow the rules of hooks. Remember, you can't have hooks show up conditionally. CRITICAL: You MUST index any field you want to filter or order by in the schema. If you do not, you will get an error when you try to filter or order by it. Here is how ordering works: ``` Ordering: order: { field: 'asc' | 'desc' } Example: $: { order: { dueDate: 'asc' } } Notes: - Field must be indexed + typed in schema - Cannot order by nested attributes (e.g. 'owner.name') ``` CRITICAL: Here is a concise summary of the `where` operator map which defines all the filtering options you can use with InstantDB queries to narrow results based on field values, comparisons, arrays, text patterns, and logical conditions. ``` Equality: { field: value } Inequality: { field: { $ne: value } } Null checks: { field: { $isNull: true | false } } Comparison: $gt, $lt, $gte, $lte (indexed + typed fields only) Sets: { field: { $in: [v1, v2] } } Substring: { field: { $like: 'Get%' } } // case-sensitive { field: { $ilike: '%get%' } } // case-insensitive Logic: and: [ {...}, {...} ] or: [ {...}, {...} ] Nested fields: 'relation.field': value ``` CRITICAL: The operator map above is the full set of `where` filters Instant supports right now. There is no `$exists`, `$nin`, or `$regex`. And `$like` and `$ilike` are what you use for `startsWith` / `endsWith` / `includes`. CRITICAL: Pagination keys (`limit`, `offset`, `first`, `after`, `last`, `before`) only work on top-level namespaces. DO NOT use them on nested relations or else you will get an error. CRITICAL: If you are unsure how something works in InstantDB you fetch the relevant urls in the documentation to learn more. # CRITICAL Permission Guidelines Below are some CRITICAL guidelines for writing permissions in InstantDB. ## `data.ref` - Use `data.ref("")` for linked attributes. - Always returns a **list**. - Must end with an **attribute**. **Correct** ```cel auth.id in data.ref('post.author.id') // auth.id in list of author ids data.ref('owner.id') == [] // there is no owner ``` **Errors** ```cel auth.id in data.post.author.id auth.id in data.ref('author') data.ref('admins.id') == auth.id auth.id == data.ref('owner.id') data.ref('owner.id') == null data.ref('owner.id').length > 0 ``` ## `auth.ref` - Same as `data.ref` but path must start with `$user`. - Returns a list. **Correct** ```cel 'admin' in auth.ref('$user.role.type') auth.ref('$user.role.type')[0] == 'admin' ``` **Errors** ```cel auth.ref('role.type') auth.ref('$user.role.type') == 'admin' ``` ## Unsupported ```cel newData.ref('x') data.ref(someVar + '.members.id') ``` ## $users Permissions - Default `view` permission is `auth.id == data.id` - Default `update` and `delete` permissions is false - Default `create` permission is true (anyone can sign up) - Can override `view`, `update`, and `create` - Cannot override `delete` - The `create` rule runs during auth signup flows (not via `transact`). Use it to restrict signups or validate `extraFields`. - `extraFields` require an explicit `create` rule. Without one, signup is blocked to prevent unvalidated writes. ## $files Permissions - Default permissions are all false. Override as needed to allow access. - `data.ref` does not work for `$files` permissions. - Use `data.path.startsWith(...)` or `data.path.endsWith(...)` to write path-based rules. ## Field-level Permissions Restrict access to specific fields while keeping the entity public: ```json { "$users": { "allow": { "view": "true" }, "fields": { "email": "auth.id == data.id" } } } ``` Notes: - Field rules override entity-level `view` for that field - Useful for hiding sensitive data (emails, phone numbers) on public entities # CRITICAL Storage Guidelines CRITICAL: If an app displays images or files, use Instant Storage. Do not store URLs as string attributes on your entities. This includes seed scripts: do not use placeholder image URLs (e.g. picsum.photos) as string attributes to fake file support. Uploads auto-create `$files` entities. Link them to your data via the schema, then query through the relationship to get URLs. CRITICAL: You MUST include `$files` in your schema entities if you use Storage. CRITICAL: `$files` entities can only be created via `db.storage.uploadFile`. You cannot create `$files` via `db.transact`, and you cannot set `url` via transactions. ```tsx entities: { $files: i.entity({ path: i.string().unique().indexed(), url: i.string(), }), posts: i.entity({ caption: i.string(), }), }, links: { postImage: { forward: { on: "posts", has: "one", label: "image" }, reverse: { on: "$files", has: "many", label: "posts" }, }, } // Upload and link the returned file ID to your entity const postId = id(); const { data } = await db.storage.uploadFile(`posts/${postId}/${file.name}`, file); db.transact( db.tx.posts[postId].update({ caption }).link({ image: data.id }) ); // Query through the relationship to get the URL const { data } = db.useQuery({ posts: { image: {} } }); ``` # Best Practices ## Pass `schema` when initializing Instant Always pass `schema` when initializing Instant to get type safety for queries and transactions ```tsx import schema from '@/instant.schema` // On client import { init } from '@instantdb/react'; // or your relevant Instant SDK const clientDb = init({ appId, schema }); // On backend import { init } from '@instantdb/admin'; const adminDb = init({ appId, adminToken, schema }); ``` ## Use `id()` to generate ids Always use `id()` to generate ids for new entities ```tsx import { id } from '@instantdb/react'; // or your relevant Instant SDK import { clientDb } from '@/lib/clientDb clientDb.transact(clientDb.tx.todos[id()].create({ title: 'New Todo' })); ``` ## Use Instant utility types for data models Always use Instant utility types to type data models ```tsx import { AppSchema } from '@/instant.schema'; type Todo = InstaQLEntity; // todo from clientDb.useQuery({ todos: {} }) type PostsWithProfile = InstaQLEntity< AppSchema, 'posts', { author: { avatar: {} } } >; // post from clientDb.useQuery({ posts: { author: { avatar: {} } } }) ``` ## Use `db.useAuth` or `db.subscribeAuth` for auth state ```tsx import { clientDb } from '@/lib/clientDb'; // For react/react-native apps use db.useAuth function App() { const { isLoading, user, error } = clientDb.useAuth(); if (isLoading) { return null; } if (error) { return ; } if (user) { return
; } return ; } // For vanilla JS apps use db.subscribeAuth function App() { renderLoading(); db.subscribeAuth((auth) => { if (auth.error) { renderAuthError(auth.error.message); } else if (auth.user) { renderLoggedInPage(auth.user); } else { renderSignInPage(); } }); } ``` ## Set custom properties at signup with `extraFields` Pass `extraFields` to any sign-in method to write custom `$users` properties atomically on user creation. Fields must be defined as optional attrs on `$users` in your schema. Use the `created` boolean to scaffold data for new users. ```tsx // Set properties at signup const { user, created } = await db.auth.signInWithMagicCode({ email, code, extraFields: { nickname, createdAt: Date.now() }, }); // Scaffold data for new users if (created) { db.transact([ db.tx.settings[id()] .update({ theme: 'light', notifications: true }) .link({ user: user.id }), ]); } ``` # Ad-hoc queries from the CLI Run `npx instant-cli query '{ posts: {} }' --admin` to query your app. A context flag is required: `--admin`, `--as-email `, or `--as-guest`. Also supports `--app `. # Instant Documentation The bullets below are links to the Instant documentation. They provide detailed information on how to use different features of InstantDB. Each line follows the pattern of - [TOPIC](URL): Description of the topic. Fetch the URL for a topic to learn more about it. - [Common mistakes](https://instantdb.com/docs/common-mistakes.md): Common mistakes when working with Instant - [Initializing Instant](https://instantdb.com/docs/init.md): How to integrate Instant with your app. - [Modeling data](https://instantdb.com/docs/modeling-data.md): How to model data with Instant's schema. - [Writing data](https://instantdb.com/docs/instaml.md): How to write data with Instant using InstaML. - [Reading data](https://instantdb.com/docs/instaql.md): How to read data with Instant using InstaQL. - [Instant on the Backend](https://instantdb.com/docs/backend.md): How to use Instant on the server with the Admin SDK. - [Patterns](https://instantdb.com/docs/patterns.md): Common patterns for working with InstantDB. - [Auth](https://instantdb.com/docs/auth/magic-codes.md): How to add magic code auth to your Instant app. - [Guest Auth](https://www.instantdb.com/docs/auth/guest-auth.md): How to add guest auth to your Instant app. - [Other Auth](https://instantdb.com/docs/auth.md): Additional auth methods supported by Instant. - [Managing users](https://instantdb.com/docs/users.md): How to manage users in your Instant app. - [Presence, Cursors, and Activity](https://instantdb.com/docs/presence-and-topics.md): How to add ephemeral features like presence and cursors to your Instant app. - [Instant CLI](https://instantdb.com/docs/cli.md): How to use the Instant CLI to manage schema. - [Storage](https://instantdb.com/docs/storage.md): How to upload and serve files with Instant. - [Streams](https://instantdb.com/docs/streams.md): How to use streams with Instant. - [Stripe Payments](https://instantdb.com/docs/stripe-payments.md): How to integrate Stripe payments with Instant. - [React Native](https://instantdb.com/docs/start-rn.md): How to use Instant in React Native apps. - [Vanilla JS](https://instantdb.com/docs/start-vanilla.md): How to use Instant in vanilla JS apps. - [SolidJS](https://instantdb.com/docs/start-solidjs.md): How to use Instant in SolidJS apps. - [Svelte](https://instantdb.com/docs/start-svelte.md): How to use Instant in Svelte apps. - [TanStack](https://instantdb.com/docs/start-tanstack.md): How to use Instant in TanStack apps. # Final Note Think before you answer. Make sure your code passes typechecks `tsc --noEmit` and works as expected. Remember! AESTHETICS ARE VERY IMPORTANT. All apps should LOOK AMAZING and have GREAT FUNCTIONALITY!