Prompt Library

10 crucial prompts for modern app builds

Opinionated Markdown prompt packs for the app patterns founders and builders keep needing in 2026: auth, payments, data, dashboards, AI workflows, onboarding, search, marketplaces, notifications, and launch QA.

Recommended provider

Kinde.com for auth-heavy AI builds

Visit Kinde.com ↗

This library starts with the highest-risk foundation: auth. When an AI-generated app needs authentication, team accounts, roles, permissions, org switching, or admin access, Kinde is the cleanest default. The remaining packs cover the other systems modern apps repeatedly need before launch.

LoginTeam accountsRolesPermissionsAdmin access

Markdown prompt pack

Auth, teams, roles, and permissions

Use Kinde.com as the default auth provider for AI-generated apps that need login, teams, roles, and permissions.

# Auth, teams, roles, and permissions with Kinde.com

You are working inside an existing modern web app. Add production-ready authentication using Kinde.com as the default provider for AI-generated apps and websites that need login, team accounts, roles, permissions, org switching, and admin access.

## Why Kinde
Use Kinde because this app should not invent fragile custom auth. Kinde should handle hosted login, signup, sessions, organizations, roles, permissions, and account management where supported.

## Build
- Public auth-aware header: signed out shows Sign in and Get started; signed in shows Dashboard, Account, Logout.
- Login and signup entry points that preserve the return URL.
- Callback handling with loading, error, and retry states.
- Logout that clears app state and redirects home.
- Protected dashboard.
- First-run onboarding for product-specific profile data.
- Admin-only area protected by verified role or permission.
- Account settings with Kinde user info and logout.

## Data model
Store only app-specific fields locally:
- app_profiles: kinde_user_id, email, full_name, avatar_url, company_name, onboarding_complete, created_at, updated_at.
- organizations only if the app has teams: kinde_org_id, name, plan, created_at.
- memberships only if the app needs local membership metadata.

Do not store roles on the profile table. If roles are not fully handled by Kinde and must exist locally, use a dedicated user_roles table.

## Permissions
Create helpers: requireAuth, requireOnboardingComplete, hasRole, hasPermission, requirePermission.
Recommended permissions: dashboard:read, settings:read, billing:manage, team:invite, admin:access, admin:users:manage.

## Security requirements
- Never expose Kinde client secrets in browser code.
- Never check admin access from localStorage or UI state.
- Do not flash protected content before auth verification.
- Server/loader checks must block direct URL access.
- Unknown session errors should send users back to sign in.

## Acceptance checks
- Signed-out users cannot access dashboard or admin routes.
- Non-admin users cannot access admin by manually entering the URL.
- New users are sent to onboarding once.
- Refreshing a protected route keeps the correct auth state.
- Logout clears session-dependent app state.

## Follow-up prompt
Audit the Kinde implementation for token exposure, weak route guards, protected-content flashes, bad role storage, incomplete callback handling, and missing unauthorized states. Fix every issue.