Web application: a real product that runs in the browser

A website is a marketing asset users only consume. A web application is a product where users interact, create data, and run processes. The difference shapes technical choices: SPA / SSR / hybrid architecture, complex state management, RBAC, real-time, file uploads.

Often this distinction is skipped before quoting; the result is amateurish 'looks like a site, behaves like an app' projects. We address it as the first question in discovery.

Next.js (SSR + RSC + Client Components) is the healthiest architecture for modern web applications. Fast screen transitions like SPA paired with SEO-friendly first paint like SSR — balanced. Sufficient for most products.

When very specific real-time is needed we add a separate WebSocket server; the rest of HTTP work flows through Next.js Route Handlers or tRPC.

The most-mishandled piece in web apps is auth + permissions. Most projects ship with 'admin can do everything, block users' simplistic code; later, when role variety arrives, the whole auth system gets rewritten. We design RBAC from day one.

In multi-tenant setups, full data isolation per tenant matters. Postgres row-level security (RLS) or Prisma middleware enforces this from the start.

Web applications get used 8 hours a day. A 1-second delay shows up as end-of-day fatigue. Optimistic UI, skeleton loaders, pre-fetching, intelligent caching — these aren't 'nice to have'; they're the foundation of product quality.

Lighthouse Performance >= 90, all Core Web Vitals green. We don't ship without performance verified on real devices (3G, low-end mobile).