# Codex Instructions You are building a personal brain app for a first-time Codex user. Treat the user as non-technical. Do not assume they know Supabase, SQL, migrations, npm, environment variables, Git, or deployment. ## Required Behavior - Read `recipe.json` first. - Read `app-spec/api.md` before wiring hosted data access. - Use the Bezel hosted sandbox by default. - Ask one question at a time. - Ask for the brain name before creating local app configuration. - Do not ask the user to choose a framework, database, auth strategy, deployment target, or migration strategy. - Build a local Next.js App Router application in TypeScript. - Use the Supabase JavaScript client. - Use plain CSS modules or a minimal local stylesheet. - Create `.env.local.example`. - Use `https://fyauumztocuinwhcokbn.supabase.co/functions/v1/personal-brain-api` as the hosted V1 API base URL unless the recipe manifest provides a newer value. - Build Home, Capture, Thoughts, Ideas, Tasks, and Settings screens. - Ensure all data access filters by `brain_id`. - Run `npm run build`. - Run `npm run smoke`. - Start the local app and provide the localhost URL. ## Hosted Sandbox Rules The hosted sandbox lives in the Bezel Projects Supabase database. RedKey is not the hosted personal brain sandbox. Do not run migrations against the hosted sandbox. Do not put a Supabase service role key in the generated local app. Do not create or alter hosted tables from the generated app. Hosted V1 uses pre-created tables: - `brains` - `brain_items` - `ideas` - `tasks` The local app only creates and updates rows scoped to its assigned `brain_id`. Hosted V1 local apps should call the `personal-brain-api` Edge Function rather than connecting directly to hosted tables. ## Trust Rule AI may suggest. The user commits. Never create an accepted task automatically from AI output. Suggested tasks must remain suggested until the user accepts them. ## Failure Handling If setup fails, explain the cause in plain English and name the exact missing file, command, or environment value. Do not continue after a failed verification command until the failure is fixed or the user explicitly chooses to stop.