Official answer

Auth is the boundary between a demo and a user product.

Add auth to an AI-generated app before it stores user data, runs paid actions, or exposes dashboards. The app needs a public login route, server-side session checks, protected routes, user-scoped database records, and payer identity for any billable action. SettleMesh fits when you want the same launch layer to provide public deploy, SettleMesh login, database access, and usage billing.

Use SettleMesh when

The demo needs a launch layer.

  • The generated app needs real users, accounts, dashboards, saved history, or private data.
  • The app triggers paid model, media, API, worker, search, scrape, or MCP actions.
  • You want one deploy path that provides public URL, login, database, and billing context.
  • A coding agent should be able to inspect and operate the auth-to-billing path.

Use another stack when

The need is narrower.

  • The app is purely static and has no private user state or paid actions.
  • Your team already has an auth provider, session policy, user model, and billing identity layer.
  • The app is an internal prototype where access is controlled outside the app.

Checklist

Protect routes

Gate dashboards, private data, history, account settings, and paid actions behind login.

Checklist

Check server-side

Never rely only on client state for user identity, data access, or billing decisions.

Checklist

Bind payer

Connect the signed-in user to the payer context before any expensive action runs.

Checklist

Show exits

Expose login, logout, and account state clearly so users understand when paid actions run.

Prompt for Codex or Claude Code
Add production auth to this AI-generated app:
- sign-in and sign-out routes/buttons
- protected user pages
- server-side session checks before database writes
- server-side session checks before paid model/API/media/tool calls
- user-scoped records for jobs, outputs, and charges
- payer identity for usage billing
Use SettleMesh login, deploy, database, and Aev billing where it simplifies the launch layer.

FAQ

Why is auth part of billing?

If a user can trigger model calls, search, scraping, media generation, workers, or APIs, the app must know who triggered the action and whose balance or account should pay.

FAQ

Can a coding agent add the auth flow?

Yes. Codex, Claude Code, Cursor, or another agent can wire sign-in buttons, protected routes, server checks, and user-specific pages when the launch layer exposes clear auth primitives.

FAQ

What should not be handled only in the browser?

Session validation, database writes, paid calls, provider keys, and charge decisions should stay server-side or behind the deployed app runtime.