10 tools ยท intent-routed

Developer Use Cases

Real examples of CouchLoop EQ helping developers brainstorm architecture, catch bad packages, review code, and preserve context across sessions.

๐Ÿ’ก

Brainstorm: Data Export UX in a Privacy-First App

brainstorm
"We need an 'Export Your Data' feature, but all emails are hashed on the backend. How do we collect an email to send the export to?"
Developer
I'm building an Export Data screen for a therapeutic iOS app. Key constraint: all emails are hashed on the backend - we never store plaintext. SSO users (Google, Apple) may not have an email stored locally. How should we handle collecting an email for data export?
CouchLoop EQ
Let me ask a few things before recommending:

1. When do you first have the plaintext email? At login/registration, before hashing - are you already saving it to SecureStore for email+password users?

2. SSO tokens: Google and Apple Sign In tokens include the user's email. Are you extracting it during the auth flow?

3. What if the user types a different email? Is that a security issue, or acceptable since they're already authenticated on the device?
Developer
Yes, email+password users already have it in SecureStore. We're not extracting from SSO tokens yet. And yeah, a different email should be fine - they're authenticated.
CouchLoop EQ
Recommended approach:

1. Capture SSO email at login - extract from Google/Apple token, save to SecureStore alongside email+password users
2. Export screen: editable email field - pre-filled from SecureStore, user can change it. Label: "Where should we send your data?"
3. Re-auth before export - require FaceID/passcode confirmation to prevent someone borrowing the phone
4. Email never stored on backend - used only for delivery, then discarded server-side

Outcome

  • Privacy-first approach: email stays on-device only
  • Works for both email+password and SSO users
  • User can export to any email they want
  • FaceID gate prevents unauthorized exports
โš–๏ธ

Compare: Vercel vs Railway for a Next.js App

brainstorm
"I need to pick a hosting platform for a Next.js app with Postgres and background jobs. Vercel or Railway?"
Developer
What hosting platform should I use - Vercel or Railway? It's a Next.js app.
CouchLoop EQ
Before I compare - what does your stack look like beyond Next.js? Database? Background jobs? Websockets? That changes the recommendation significantly.
Developer
Next.js with Postgres and background jobs for sending emails.
CouchLoop EQ
Go with Railway. Here's why:

Vercel is optimized for serverless - great for Next.js frontend and API routes, but background jobs (email queues) and persistent Postgres connections are awkward on serverless. You'd need a separate service for the job runner.

Railway gives you a single platform for Next.js + Postgres + a worker process for background jobs. One deploy, one dashboard, native Postgres.

Exception: If your app is mostly static/SSR with occasional emails (use a third-party like Resend), Vercel is simpler.

Outcome

  • Asked the right clarifying question before recommending
  • Concrete recommendation based on actual stack
  • Identified the exception case instead of blanket advice
๐Ÿ”

Code Review: Catch Security Issues Before They Ship

code_review
"Review this auth middleware before I merge it."
Developer
Review this code:
const query = `SELECT * FROM users WHERE email = '${req.body.email}'`;
const token = jwt.sign({ id: user.id }, 'mysecret123');
console.log('User logged in:', user.email, token);
CouchLoop EQ
3 critical issues found:

๐Ÿ”ด SQL Injection - String interpolation in SQL query. Use parameterized queries: db.query('SELECT * FROM users WHERE email = $1', [email])

๐Ÿ”ด Hardcoded Secret - JWT secret 'mysecret123' in source code. Move to environment variable.

๐ŸŸก Sensitive Data in Logs - Logging email and JWT token to console. Remove before production.

Outcome

  • SQL injection caught before it reached production
  • Hardcoded secret flagged with fix
  • Console.log with PII identified
๐Ÿ“ฆ

Package Audit: Catch Hallucinated Dependencies

verify + package_audit
"An AI suggested I install 'react-native-secure-keychain'. Does it actually exist?"
Developer
Verify this package: react-native-secure-keychain
CouchLoop EQ
โš ๏ธ Package does not exist on npm.

This is likely an AI hallucination. The real package is react-native-keychain (1.2M weekly downloads, maintained, MIT license).

Installing non-existent packages can lead to typosquatting attacks - malicious packages with similar names.

Outcome

  • Prevented install of a non-existent package
  • Identified the correct real package
  • Warned about typosquatting risk
๐Ÿง 

Context Preservation: Pick Up Where You Left Off

remember
"I spent 2 hours debugging a payment race condition. I need to save this context before the AI forgets everything."
Developer
Save this: Payment flow bug - race condition between frontend state and backend data during payment retry. Root cause is state sync gap across 5 components. Fix: defense-in-depth combining data cleanup + frontend validation.
CouchLoop EQ
โœ… Saved as insight with tags: payment, race-condition, debugging

You can retrieve this later with: "Recall my payment insights"
Developer (3 days later, new session)
What did we figure out about the payment bug?
CouchLoop EQ
Found 1 insight tagged payment:

"Payment flow bug - race condition between frontend state and backend data during payment retry. Root cause is state sync gap across 5 components. Fix: defense-in-depth combining data cleanup + frontend validation."

Saved on Feb 3, 2026.

Outcome

  • 2 hours of debugging context preserved in 10 seconds
  • Retrieved 3 days later in a completely new session
  • No context window wasted re-explaining the problem

Try it now

Add CouchLoop EQ to your IDE in 60 seconds. No signup required.

Get Started See Wellness Use Cases