How I Built an AI Status Page Tool in a Week (and What I Learned)

PageCalm — Fri, 03 Apr 2026 16:09:54 +0000

I just launched PageCalm, a status page tool where AI writes your customer-facing incident updates. I went from idea to live product in about a week, and I wanted to share what that looked like — the decisions, the stack, and the lessons.

The Problem

If you've ever been on-call during an outage, you know the drill. Your monitoring is screaming. You're SSH'd into three things. And then someone in Slack asks: "Can you update the status page?"

Now you have to stop debugging, switch your brain to "professional communicator" mode, and write something like:

We're currently experiencing elevated response times affecting our API. Our engineering team has identified the root cause and is actively working on a fix.

...while your brain is actually thinking: "The connection pool is maxed out and I'm about to restart the primary."

Every status page tool I looked at gives you a blank text box for this moment. I thought AI could do better.

The Solution

PageCalm is a status page tool where you paste a monitoring alert or just describe what's happening, and AI generates a professional customer-facing update. You review it, edit if needed, and publish. Subscribers get notified via email automatically.

Here's the flow:

Raw alert comes in — CRITICAL: PostgreSQL connection pool exhausted. Active connections: 500/500. Queue depth: 847.
AI generates — "We're currently experiencing elevated response times and timeouts affecting our API. Our engineering team identified the root cause and is actively working on a fix."
You review and publish — subscribers get an email, status page updates live.

The Stack

I wanted to ship fast and keep costs low:

Next.js (App Router) — full-stack in one repo
Supabase — auth, database, RLS policies. Their free tier is generous.
OpenAI (GPT-4o-mini) — fast, cheap, and good enough for incident comms
Stripe — billing with checkout + customer portal
Resend — transactional email (subscriber notifications, auth emails)
Vercel — hosting with automatic deployments from GitHub
Cloudflare — DNS + subdomain routing via Workers

Total monthly cost at zero users: essentially $0 (all free tiers). Domain was $10/year.

What I Actually Built

The core features:

Status pages with custom subdomains (yourapp.pagecalm.com), component tracking, light/dark themes
AI incident writer — paste an alert, get a customer update. Phase-aware prompts that adapt to whether you're investigating, identified, monitoring, or resolved.
Full incident lifecycle — create, update, resolve. Components auto-update status based on active incidents.
Scheduled maintenance — announce planned downtime with start/end times. Distinct blue banner on the public page so users know it's planned, not broken.
90-day uptime history — per-component bar chart on every public status page. Color-coded daily status with hover tooltips. Industry-standard visual that makes the page look complete.
Subscriber notifications — double opt-in confirmation, automatic notifications on incidents, one-click unsubscribe
Custom domains (Pro) — point your own domain at your status page. Vercel handles SSL automatically.
Admin dashboard — blog management (DB-backed, no redeploys for new posts), user management, revenue metrics
Billing — Free tier with limits, Pro at $29/mo via Stripe

Decisions I'd Make Again

Supabase for auth + database. Row-level security means I barely wrote any authorization code. The auth system just works, and their new SMTP integration let me send branded emails through Resend instead of generic "Powered by Supabase" ones.

GPT-4o-mini over GPT-4o. For incident communications, the mini model is fast and accurate. The quality difference doesn't justify 10x the cost for this use case.

Cutting features aggressively. I had postmortem generation, internal notes, component descriptions, and a team tier in the original spec. I cut all of them before launch. Every one of them can be added later. None of them were needed for a v1 that proves the concept. Some features I thought were "later" problems — like custom domains and scheduled maintenance — turned out to matter sooner than expected and got built in the first week of iteration.

Building with AI assistance. I built the entire thing with heavy AI assistance — no team, just me and an AI coding agent. It's wild how fast you can move when you're not context-switching between Stack Overflow tabs. That said, you still have to review everything carefully. AI will confidently generate code that works but is structured poorly, or worse, subtly wrong. The speed gain is real but it's not free.

Decisions I'd Reconsider

Next.js App Router. It works, but the mental model around server components vs. client components, and when env vars are inlined vs. read at runtime, tripped me up more than once. For a simple SaaS like this, Pages Router or even a separate API + SPA might have been simpler.

Free tier limits. I originally launched with 5 AI generations per month on free, which was too tight for someone evaluating the product. Bumped it to 10 — enough to get through a couple of real incidents and see the value before deciding to upgrade.

No analytics from day one. I launched with zero visibility into traffic. The privacy policy even said "we don't use analytics." I've since added Vercel Web Analytics (privacy-respecting, no cookies), but I spent the first few days completely blind to whether anyone was even visiting. Should have had this from the start.

Security Things I'm Glad I Caught

Before launch, I did a thorough security review — and I've kept doing them as the codebase grows. Here's what I've caught across multiple passes:

Public status page was using the service role key (full DB access) instead of the anon key
Security tokens using predictable values. Switched to cryptographically random tokens.
No CSRF protection on mutations. Added origin checking in middleware.
No rate limiting on public endpoints. Added limits on subscriber signup, waitlist, and AI generation.
API error responses were leaking internal details. Added generic error messages for production.
User-generated content rendering without proper sanitization. Added HTML sanitization on output.
State-changing actions triggered by GET requests. Switched to POST with confirmation steps.
No Content-Security-Policy headers. Added CSP, X-Frame-Options, and other security headers.

If you're building a SaaS, don't treat security as a one-time pre-launch checklist. Make it a habit. Every feature you add is a new surface to review.

The Numbers

Build time: ~1 week (evenings and weekends)
Launch cost: ~$32 (domain registration + first month of paid services)
Lines of code: ~12,000 (TypeScript, excluding config and generated files)
Revenue so far: $0 (just launched)

What's Next

Gathering feedback, watching how people use it, and deciding what to build next. Top of the roadmap:

Inbound webhook / API — monitoring tools send alerts, PageCalm auto-creates a draft incident with an AI-generated update ready to review
Slack / Discord notifications — push incident updates to team channels alongside email
Team tier — multi-user support with role-based access

If you're interested, check it out at pagecalm.com. Free tier is genuinely free — no credit card, no trial expiration.

Happy to answer questions about the build, the stack, or the decisions. What's your experience with AI-assisted development — has it changed how you approach side projects?

DEV Community: PageCalm