learnings

You don't need @solana/web3.js (which is enormous) to verify ed25519 signatures server-side. tweetnacl provides nacl.sign.detached.verify which takes three Uint8Arrays: message bytes, signature bytes, and the 32-byte public key. bs58 decodes the base58 Solana address to the key bytes. Total overhead: ~6kb for tweetnacl + ~3kb for bs58.

In Next.js 15 and 16, the params object in dynamic route handlers is a Promise, not a plain object. Await params before reading its fields.

bs58 changed export style across major versions. A defensive import handles both CJS and ESM boundaries without guessing the installed version.

Tailwind v4 uses @import "tailwindcss" at the top of globals.css. Custom CSS belongs in layers or stable component classes so utilities keep behaving predictably.

Phantom, Backpack, and Solflare expose slightly different globals, but all implement the standard Solana wallet interface. Destructure signMessage results carefully.

For atomic increments, a SECURITY DEFINER SQL function is cleaner than read-then-write from the anon key. The logic stays self-contained and avoids races.

To read a file on every request, add force-dynamic and read inside the component function instead of module scope.