How I Built a Full-Stack App in 48 Hours Using AI Tools

How I Built a Full-Stack App in 48 Hours Using AI Tools

Last month I set a personal challenge: build and deploy a complete full-stack application in one weekend. Authentication, database, REST API, React frontend, and production deployment.

Two years ago that would have taken me 2–3 weeks. With modern AI tools, it took 48 hours — including sleep.

What changed isn't that AI writes the code for me. It's that AI eliminated the parts of coding that used to take disproportionate time: setting up boilerplate, figuring out unfamiliar API parameters, debugging error messages I'd never seen before, and writing the first draft of repetitive CRUD operations.

In this guide, I'll walk you through exactly how I used GitHub Copilot, Claude, and ChatGPT at each phase of the build — with the specific prompts and techniques that made the difference.

Phase 1: Planning with AI (Hours 1–3)

Using Claude for Architecture Planning

Before writing a line of code, I described the application to Claude and asked for architectural recommendations:

Prompt:

I'm building a URL shortener SaaS with:
- User authentication (email/password)
- URL shortening with custom slugs
- Click analytics (count, referrer, country)
- Subscription plans (free: 10 URLs, pro: unlimited)

Stack preference: Next.js, PostgreSQL, Stripe
I have 48 hours.

What's the simplest architecture that works, what should I NOT build this weekend, and what schema would you recommend?

Claude's response covered:

• Recommended tech stack (Next.js + Supabase + Stripe) with specific reasons
• Schema design (users, urls, clicks, subscriptions tables)
• What to skip (email system, admin panel, API v2 — save for later)
• Rough time allocation across phases

This 15-minute conversation saved me 2 hours of architectural waffling.

Database Schema Generation

Prompt:

Generate the PostgreSQL schema for this URL shortener with:
- users table (extends Supabase auth.users)
- short_urls table (id, original_url, custom_slug, user_id, created_at, expires_at)
- clicks table (id, url_id, clicked_at, referrer, country_code, user_agent)
- subscriptions table matching Stripe's subscription model

Include: appropriate indexes for the most common queries, RLS policies for Supabase

Claude generated a complete schema with correct indexes and RLS policies in 2 minutes. Manual schema design would have taken 30 minutes.

Phase 2: Backend Development with GitHub Copilot (Hours 4–16)

The Comment-First Approach

For every function I needed to write, I started with a descriptive comment:

// Create a short URL for the authenticated user.
// If custom_slug is provided, check it's not already taken (case-insensitive).
// If no custom_slug, generate a random 6-character alphanumeric string.
// Validate that original_url is a valid URL.
// Return the created URL record.
// Throw UrlConflictError if slug is taken, ValidationError if URL is invalid.
async function createShortUrl(
  userId: string,
  originalUrl: string,
  customSlug?: string
): Promise<ShortUrl> {
  // Copilot completed this with correct logic
}

Copilot generated ~80% of the function body correctly. The remaining 20% I fixed — but writing from scratch would have taken 10× longer.

Using Copilot for Repetitive CRUD

After writing one complete CRUD handler (GET /api/urls), I let Copilot write the rest:

// I wrote the GET handler completely:
export async function GET(req: NextRequest) {
  const { data: { user } } = await supabase.auth.getUser();
  if (!user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
  
  const urls = await db
    .select()
    .from(short_urls)
    .where(eq(short_urls.userId, user.id))
    .orderBy(desc(short_urls.createdAt));
    
  return NextResponse.json(urls);
}

// Then I started typing the POST handler with just the signature:
export async function POST(req: NextRequest) {
  // Copilot completed the entire handler following the same pattern
}

Phase 3: Debugging with ChatGPT (Hours 16–24)

The "Paste Error" Technique

Whenever I hit an error I didn't immediately understand, I pasted it into ChatGPT with context:

Example prompt:

I'm getting this error in my Next.js 14 App Router API route:

Error: cookies() expects to have requestAsyncStorage, null

Here's my route handler:
[paste 30 lines of code]

What's wrong and how do I fix it?

ChatGPT identified the issue in 30 seconds: I was calling cookies() in a route that wasn't properly set up for the App Router's async context. It provided the exact fix.

Without AI: 20–30 minutes researching Next.js 14 breaking changes. With AI: 2 minutes.

Debugging Pattern Recognition

For bugs where I had the error but not the cause:

Here's a Stripe webhook handler that should update the database on payment success, 
but the database isn't being updated even though the webhook fires correctly 
(verified in Stripe dashboard).

[paste webhook handler code]

What are the possible reasons the database update is being silently skipped?

ChatGPT listed 4 possible causes. The second one was correct (I was creating a new Supabase client without the service role key, so RLS was blocking the update).

Phase 4: Frontend with Copilot (Hours 24–36)

React Component Generation

For the URL list component, I described what I needed in a comment:

// URLList component:
// - Fetches URLs from /api/urls on mount (SWR for caching)
// - Shows loading skeleton while fetching
// - Each URL card shows: short URL, original URL truncated to 40 chars, click count, copy button
// - Copy button copies the full short URL to clipboard and shows "Copied!" for 2 seconds
// - Empty state: "No URLs yet. Create your first one above."
// - Delete button calls /api/urls/[id] DELETE, removes from list optimistically
export function URLList() {
  // Copilot generated the full component
}

The generated component needed minor styling adjustments but the logic was correct. This took 8 minutes instead of the 45 minutes it would have taken from scratch.

Phase 5: Documentation and Tests (Hours 36–42)

Auto-Generating API Documentation

Prompt to Claude:

Based on these API route handlers, write API documentation in Markdown 
with endpoint description, request body schema, response examples, 
and error codes for each endpoint:

[paste all route handlers]

Complete API documentation in 5 minutes.

Test Generation

Prompt:

Write Jest tests for this createShortUrl function.
Cover: valid URL creation, custom slug collision, invalid URL rejection,
slug generation when no custom slug provided, and database error handling.

[paste function]

Claude generated 8 comprehensive tests. I needed to adjust the mock setup for my specific database client, but the test cases and assertions were correct.

What AI Can't Do (Important Lessons)

Architectural Decisions

AI will suggest architectures, but it doesn't know:

• What you'll need to extend in 6 months
• Your team's existing conventions
• Your specific performance requirements
• What external systems you'll integrate with

Make architectural decisions yourself. Use AI to validate them.

Security Review

Never trust AI-generated code in these areas without careful review:

• Input validation and sanitization
• SQL queries (check for injection risks)
• Authentication and authorization logic
• Cryptography (random number generation, hashing)
• Rate limiting implementation

I found two security issues in Copilot's suggestions during my 48-hour build: missing input length validation on the custom slug (potential for very long slugs) and a missing rate limit on the URL creation endpoint.

For security fundamentals that apply to any full-stack app, our web developer roadmap covers the security layer in the DevOps phase.

The 48-Hour Build Summary

Frequently Asked Questions

Can AI tools really help build a full-stack app that fast?

Yes, for developers who understand what they're building. AI accelerates boilerplate, debugging, and test writing. It doesn't replace architectural thinking or security review.

Which AI tool is best for coding?

GitHub Copilot for inline code completion in your editor. ChatGPT/Claude for planning, explaining concepts, and generating complete functions with specific requirements.

What are the risks of AI-generated code?

Security vulnerabilities, over-reliance on code you don't understand, technical debt from verbose unreviewed code, and context blindness (AI doesn't know your full system).

Do I need to know how to code to build with AI tools?

Yes — you need to read, evaluate, and debug AI-generated code. AI accelerates developers; it doesn't replace the need for code understanding.

What is prompt engineering for coding?

Describing what you want with specificity: language, framework, function signature, requirements, and context. Specific prompts get accurate code; vague prompts get generic code.