If you only know AI through chatbots and you keep hearing "learn the full stack," the wrong first question can burn a lot of time: Ask an AI expert: What exactly is the full stack? [C001] For a first build, the useful answer is smaller than people make it sound: route.ts, actions.ts, and policy.sql are enough. [C002]
That matters because the giant-stack fantasy feels responsible, but it lets you spend weeks on setup before you learn whether anybody even wants the thing. The hidden cost is worse: you stay busy around the surface noise and never make the one decision that changes what you build next.
The split is boring on purpose. One file takes the request. One file does the work. One file decides who can touch data. In the docs-first pattern behind this, route.ts can be the front door because the request layer already follows the normal web request/response model. You do not need custom plumbing just to test a first idea.
actions.ts carries the server-side step. The page can trigger that work over the network, which is why a lot of V1 behavior can live in one place instead of forcing you to invent a huge backend story before you have a product. This is where "full stack" sounds bigger than "first useful build."
policy.sql is the file people skip, and that is usually the wrong cut. The access rules are part of the product, not a cleanup task. In this pattern, browser access is only supposed to be safe when per-user database rules are on, and with the rules on, no policy means no read. That is why the safety file belongs in version 1.
Boundary: this is a docs-only first-build pattern, not a claim about scale, latency, or production traffic. A post is worth reading not because it lists more features, but because it changes your next decision. If someone around you is overcomplicating their first AI build, send them this.