Vibe Coding SDLC BiblePart 2 of 6

Design & Architecture: Blueprint Sebelum Membangun

Arsitektur yang buruk adalah hutang teknis yang paling mahal. Part 2 mengajarkan cara mendesain sistem sebelum menulis satu baris kode production: Entity Relationship Diagram (ERD), API endpoint design, UI wireframes dengan AI, component architecture, state management strategy, dan security architecture — semua dengan bantuan AI sebagai co-architect.

Maret 202640 menit bacaDesign • ERD • API • Wireframes • Architecture • Security
1 2 3 4 5 6

Daftar Isi — Part 2: Design & Architecture

  1. Mengapa Design Dulu? — Code tanpa design = technical debt
  2. Database Schema (ERD) — Tabel, relasi, indeks
  3. Prisma Schema — Type-safe database dengan ORM
  4. API Endpoint Design — RESTful routes, request/response format
  5. UI Wireframes dengan AI — Dari deskripsi ke visual
  6. Component Architecture — Atomic design, reusable components
  7. State Management — Server state vs client state
  8. Security Architecture — Auth, authz, input validation, CORS
  9. Architecture Decision Records — Dokumentasi keputusan
  10. Checklist & Ringkasan
🏗

1. Mengapa Design Dulu?

Kode tanpa arsitektur = bangunan tanpa fondasi. Pasti runtuh.

Banyak developer (terutama yang baru mengenal Vibe Coding) langsung melompat ke coding: "AI bisa generate semua, kenapa repot design?" Jawabannya: AI sangat baik menghasilkan kode untuk satu file, tapi tidak bisa menjaga konsistensi arsitektur di seluruh project. Tanpa design upfront, Anda mendapat: database schema yang harus di-refactor 3x, API endpoints yang tidak konsisten, components yang duplikat, dan security holes di mana-mana. 2-3 jam design upfront menghemat 20-30 jam refactoring.

🗄

2. Database Schema Design (ERD)

Tabel, kolom, tipe data, relasi, indeks — fondasi data layer

Entity Relationship Diagram — TaskFlow

User PK id uuid email varchar UNIQUE name varchar avatarUrl varchar? role enum(ADMIN,MEMBER)FK teamId uuid createdAt timestamp Team PK id uuid name varcharFK ownerId uuid plan enum(FREE,PRO) createdAt timestamp Task PK id uuid title varchar description text? status enum(TODO,DOING,DONE)FK assigneeId uuid? TimeLog PK id uuidFK taskId uuidFK userId uuid startTime timestamp endTime timestamp? Board PK id uuid name varcharFK teamId uuid columns json belongs to has many has many has many
💾

3. Prisma Schema — Type-Safe Database

Schema-as-code: define database, auto-generate types, auto-migration
prisma/schema.prisma — Database Schema
// prisma/schema.prisma generator client { provider = "prisma-client-js" } datasource db { provider = "postgresql" url = env("DATABASE_URL") } enum Role { ADMIN MEMBER } enum TaskStatus { TODO IN_PROGRESS REVIEW DONE } model User { id String @id @default(uuid()) email String @unique name String avatarUrl String? role Role @default(MEMBER) teamId String? team Team? @relation(fields: [teamId], references: [id]) tasks Task[] @relation("assignee") timeLogs TimeLog[] createdAt DateTime @default(now()) updatedAt DateTime @updatedAt } model Team { id String @id @default(uuid()) name String ownerId String members User[] boards Board[] createdAt DateTime @default(now()) } model Board { id String @id @default(uuid()) name String teamId String team Team @relation(fields: [teamId], references: [id]) columns Json @default("[\"Todo\",\"In Progress\",\"Done\"]") tasks Task[] } model Task { id String @id @default(uuid()) title String description String? status TaskStatus @default(TODO) position Int @default(0) assigneeId String? assignee User? @relation("assignee", fields: [assigneeId], references: [id]) boardId String board Board @relation(fields: [boardId], references: [id]) timeLogs TimeLog[] dueDate DateTime? createdAt DateTime @default(now()) updatedAt DateTime @updatedAt @@index([boardId, status]) @@index([assigneeId]) } model TimeLog { id String @id @default(uuid()) taskId String task Task @relation(fields: [taskId], references: [id]) userId String user User @relation(fields: [userId], references: [id]) startTime DateTime @default(now()) endTime DateTime? duration Int? // in seconds, computed on stop @@index([taskId]) @@index([userId, startTime]) }
Pro Tip: Setelah menulis schema, jalankan npx prisma generate untuk auto-generate TypeScript types. Lalu npx prisma db push untuk sync ke database. Prisma menjadi single source of truth untuk tipe data di seluruh project.
🌐

4. API Endpoint Design

RESTful routes, request/response format, error handling standard
MethodEndpointDescriptionAuthRequest BodyResponse
GET/api/boardsList boards in teamRequired-{data: Board[]}
GET/api/boards/[id]Get board with tasksRequired-{data: Board + Task[]}
POST/api/tasksCreate new taskRequired{title, boardId, status?}{data: Task}
PATCH/api/tasks/[id]Update task (status, assignee)Required{status?, assigneeId?}{data: Task}
DELETE/api/tasks/[id]Delete taskAdmin only-{success: true}
POST/api/time/startStart timer on taskRequired{taskId}{data: TimeLog}
POST/api/time/stopStop running timerRequired{timeLogId}{data: TimeLog}
GET/api/reports/weeklyWeekly summary reportAdmin only-{data: WeeklyReport}
src/lib/api-response.ts — Standard Response Format
// Standard API response format — SEMUA endpoint pakai ini type ApiResponse<T> = { data: T | null; error: string | null; meta?: { page?: number; total?: number; timestamp: string; }; }; // Success return NextResponse.json({ data: task, error: null, meta: { timestamp: new Date().toISOString() } }); // Error return NextResponse.json({ data: null, error: "Task not found", meta: { timestamp: new Date().toISOString() } }, { status: 404 });
🎨

5. UI Wireframes dengan AI

Dari deskripsi teks ke layout visual — tanpa Figma

Dalam Vibe Coding, Anda tidak perlu buat mockup pixel-perfect di Figma. Cukup deskripsi terstruktur dari setiap halaman yang akan dikonversi ke kode oleh AI. Yang penting: jelaskan layout, komponen, dan interaksi.

wireframes.md — Deskripsi UI per Halaman
## Page: Dashboard (/dashboard) Layout: Sidebar (left, 240px) + Main Content (right, fluid) Sidebar: - Logo + app name (top) - Navigation: Dashboard, Boards, Reports, Settings - Team members list (avatars + online status) - "Invite Member" button (bottom) Main Content: - Header: page title + user avatar dropdown (right) - Stats cards row: Total Tasks | In Progress | Completed | Hours This Week - Recent Activity feed (last 10 actions) - Quick-add task form (floating action button, bottom-right) ## Page: Board View (/boards/[id]) Layout: Full-width kanban board Header: Board name (editable) + filter dropdown + "Add Column" button Columns: Horizontal scrollable. Each column: - Column header (name + task count + "+" add button) - Task cards (draggable): title, assignee avatar, due date, timer button - Drag-drop between columns updates task status Task Card Detail: Click card opens slide-out panel: - Title (editable), Description (rich text), Status, Assignee - Time logs history, Comments (Phase 2), Subtasks (Phase 2)
🧩

6. Component Architecture

Atomic Design: atoms, molecules, organisms, templates, pages
LevelExamplesReusability
AtomsButton, Input, Avatar, Badge, SpinnerUsed everywhere, 100% generic
MoleculesTaskCard, TimeTracker, StatCard, UserPillDomain-specific but reusable
OrganismsKanbanColumn, Sidebar, ReportTable, TaskDetailPanelPage sections, composed from molecules
TemplatesDashboardLayout, AuthLayout, BoardLayoutPage structures without data
Pages/dashboard, /boards/[id], /reports, /settingsUnique, data-connected
🔒

7. Security Architecture

Auth, authorization, input validation, CORS, rate limiting — bukan afterthought
LayerImplementationWhere
AuthenticationNextAuth.js v5: Google OAuth + email/passwordMiddleware + API routes
AuthorizationRole-based: ADMIN can delete, MEMBER can edit own tasks onlyAPI route handlers
Input ValidationZod schemas on EVERY endpoint + formServer Actions + API routes
SQL InjectionPrisma ORM (parameterized queries by default)All DB queries
XSS PreventionReact default escaping + DOMPurify for rich textAll rendered content
CSRFNextAuth built-in CSRF tokensAll mutations
Rate Limiting100 req/min per user, 10 req/min for auth endpointsMiddleware
HeadersHelmet: X-Frame-Options, CSP, HSTS, Referrer-Policynext.config.js
SecretsEnvironment variables only. Never hardcode. .env.local gitignored.Vercel env config
📝

8. Architecture Decision Records (ADR)

Dokumentasi MENGAPA keputusan diambil — bukan hanya APA
docs/adr/001-next-js-over-remix.md
# ADR-001: Next.js 15 over Remix for Frontend Framework Status: Accepted Date: 2026-03-15 Context: We need a React-based fullstack framework. Options: Next.js 15, Remix, SvelteKit. Decision: Next.js 15 with App Router. Reasons: 1. Largest ecosystem and community support 2. Best AI coding assistant support (most training data) 3. Vercel deployment is zero-config 4. Server Actions reduce API boilerplate 5. Team has prior Next.js experience Consequences: - Locked to React ecosystem (acceptable) - Vercel hosting recommended (acceptable for MVP) - App Router learning curve (manageable)

9. Checklist & Ringkasan

Deliverables yang harus selesai sebelum mulai implementation
#DeliverableFileTime
1ERD (entity relationship diagram)docs/erd.md atau SVG20 min
2Prisma schema completeprisma/schema.prisma30 min
3API endpoint tabledocs/api-design.md20 min
4Standard response formatsrc/lib/api-response.ts10 min
5UI wireframes (text descriptions)docs/wireframes.md30 min
6Component treedocs/components.md15 min
7Security architectureIn CLAUDE.md + docs/security.md15 min
8ADR for major decisionsdocs/adr/*.md20 min
TOTAL~2.5 hours
SDLC
Tech Review Desk — Vibe Coding SDLC Bible
Sumber: Prisma docs, Next.js 15 docs, OWASP Top 10, Atomic Design (Brad Frost), ADR methodology.
rominur@gmail.com  •  t.me/Jekardah_AI