Daftar Isi — Part 3: Implementation
- Vibe Coding Workflow — Feature-by-feature, bukan file-by-file
- Prompt Patterns — 7 pola prompt yang menghasilkan kode terbaik
- Live Coding: Task API — Dari schema ke working endpoint
- Live Coding: Kanban Board UI — React component + drag-drop
- Live Coding: Time Tracker — Real-time timer + database
- Code Review dengan AI — Security, performance, best practices
- Git Workflow — Branching, commits, PRs
- Error Handling Patterns — Graceful failures di setiap layer
- Common Pitfalls — Kesalahan saat coding dengan AI
- Checklist & Ringkasan
🔄
1. Vibe Coding Workflow — Feature-by-Feature
Jangan coding file-by-file. Coding FEATURE-by-feature: schema + API + UI + test per fitur.Kesalahan umum: menulis semua API routes dulu, lalu semua components, lalu menghubungkan. Ini menghasilkan kode yang sulit di-test dan banyak bugs saat integrasi. Vibe Coding workflow: kerjakan satu fitur end-to-end (database + API + UI + test), pastikan working, lalu pindah ke fitur berikutnya. Ini disebut vertical slicing — setiap "slice" adalah fitur yang bisa di-demo.
Vibe Coding Workflow — Vertical Slice per Feature
🎯
2. Prompt Patterns — 7 Pola yang Menghasilkan Kode Terbaik
Bukan asal prompt — ini pola yang terbukti menghasilkan kode production-quality| # | Pattern | Kapan Pakai | Contoh Prompt |
|---|---|---|---|
| 1 | Context-First | Setiap kali mulai task baru | "Given CLAUDE.md context, implement the Task creation API..." |
| 2 | Spec-Driven | API endpoints, DB schemas | "Implement this endpoint exactly per the API design doc: POST /api/tasks..." |
| 3 | Test-First (TDD) | Critical business logic | "Write tests first for task status transitions, then implement to make tests pass" |
| 4 | Refactor | Improve existing code | "Refactor this component to extract reusable hooks. Keep same behavior." |
| 5 | Fix-and-Explain | Debugging | "This error occurs on line 42. Fix it and explain why it happened." |
| 6 | Complete-the-Pattern | Repetitive work | "Here's the Task API. Now create the Board API following the same pattern." |
| 7 | Review-and-Improve | Code review | "Review this code for security vulnerabilities, performance issues, and best practices." |
💻
3. Live Coding: Task CRUD API
Dari Prisma schema ke working API endpoint — step by step"use server";
import { prisma } from "@/lib/db";
import { z } from "zod";
import { getServerSession } from "next-auth";
import { revalidatePath } from "next/cache";
// Zod schema: input validation (WAJIB!)
const CreateTaskSchema = z.object({
title: z.string().min(3).max(100),
description: z.string().max(2000).optional(),
boardId: z.string().uuid(),
assigneeId: z.string().uuid().optional(),
dueDate: z.string().datetime().optional(),
});
/**
* Create a new task on a board.
* Validates input, checks auth, creates in DB, revalidates cache.
*/
export async function createTask(formData: FormData) {
// 1. Auth check
const session = await getServerSession();
if (!session?.user) {
return { error: "Unauthorized" };
}
// 2. Input validation
const raw = Object.fromEntries(formData);
const parsed = CreateTaskSchema.safeParse(raw);
if (!parsed.success) {
return { error: parsed.error.flatten() };
}
// 3. Authorization: user must be in the board's team
const board = await prisma.board.findUnique({
where: { id: parsed.data.boardId },
include: { team: { include: { members: true } } },
});
if (!board?.team.members.some(m => m.email === session.user.email)) {
return { error: "Not a member of this team" };
}
// 4. Create task
try {
const task = await prisma.task.create({
data: {
title: parsed.data.title,
description: parsed.data.description,
boardId: parsed.data.boardId,
assigneeId: parsed.data.assigneeId,
dueDate: parsed.data.dueDate ? new Date(parsed.data.dueDate) : null,
},
});
// 5. Revalidate board page cache
revalidatePath(`/boards/${parsed.data.boardId}`);
return { data: task };
} catch (err) {
console.error("Failed to create task:", err);
return { error: "Failed to create task. Please try again." };
}
}
Perhatikan Pattern di Kode di Atas
Setiap server action mengikuti 5 langkah standar: (1) Auth check, (2) Input validation (Zod), (3) Authorization check, (4) Database operation (try/catch), (5) Cache revalidation. Pattern ini WAJIB konsisten di semua endpoints — dan CLAUDE.md memastikan AI mengikutinya.
🎨
4. Live Coding: Kanban Board UI
React component dengan drag-drop menggunakan @dnd-kit"use client";
import { DndContext, closestCorners } from "@dnd-kit/core";
import { SortableContext } from "@dnd-kit/sortable";
import { updateTaskStatus } from "@/server/tasks";
import { TaskCard } from "./task-card";
type Props = { board: BoardWithTasks };
export function KanbanBoard({ board }: Props) {
const columns = ["TODO", "IN_PROGRESS", "REVIEW", "DONE"];
async function handleDragEnd(event: DragEndEvent) {
const { active, over } = event;
if (!over || active.id === over.id) return;
// Optimistic update (instant UI) + server sync
await updateTaskStatus(active.id as string, over.id as TaskStatus);
}
return (
<DndContext collisionDetection={closestCorners} onDragEnd={handleDragEnd}>
<div className="flex gap-4 overflow-x-auto p-4">
{columns.map(status => (
<div key={status} className="min-w-[280px] bg-gray-50 rounded-xl p-3">
<h3 className="font-bold text-sm mb-3">
{status} ({board.tasks.filter(t => t.status === status).length})
</h3>
<SortableContext items={board.tasks.filter(t => t.status === status)}>
{board.tasks
.filter(t => t.status === status)
.map(task => <TaskCard key={task.id} task={task} />)}
</SortableContext>
</div>
))}
</div>
</DndContext>
);
}
🔍
5. Code Review dengan AI
Sebelum merge, minta AI review security, performance, dan best practices## Prompt ke Claude Code / Cursor
Review file src/server/tasks.ts untuk:
1. Security vulnerabilities (injection, auth bypass, data leak)
2. Performance issues (N+1 queries, missing indexes)
3. Error handling completeness
4. TypeScript strictness
5. Edge cases yang belum di-handle
6. Compliance dengan CLAUDE.md rules
Format output:
- CRITICAL: harus fix sebelum merge
- WARNING: sebaiknya fix
- INFO: nice-to-have improvement
🌿
6. Git Workflow
Branching strategy yang cocok untuk Vibe Coding solo/small team| Branch | Naming | Purpose | Lifetime |
|---|---|---|---|
| main | main | Production-ready code only | Permanent |
| develop | develop | Integration branch (optional for solo) | Permanent |
| feature | feat/US-001-create-task | One branch per user story | Until merged |
| fix | fix/timer-not-stopping | Bug fixes | Until merged |
# 1. Start feature
$ git checkout -b feat/US-001-create-task
# 2. Code with AI (multiple small commits)
$ git add -A && git commit -m "feat(task): add Prisma schema for Task model"
$ git add -A && git commit -m "feat(task): add createTask server action with validation"
$ git add -A && git commit -m "feat(task): add TaskCard component"
$ git add -A && git commit -m "test(task): add unit tests for createTask"
# 3. Push and create PR
$ git push -u origin feat/US-001-create-task
$ gh pr create --title "feat: US-001 Create Task" --body "Implements task creation with Kanban board integration"
# 4. AI review (Claude Code or Cursor)
# 5. Merge to main after review passes
$ gh pr merge --squash
✅
7. Implementation Checklist
Per-feature checklist sebelum merge| # | Check | Tool |
|---|---|---|
| 1 | Input validation (Zod) on all endpoints | Manual review |
| 2 | Auth + authorization checks | Test: unauthenticated request returns 401 |
| 3 | Error handling (try/catch, user-friendly messages) | Manual review |
| 4 | TypeScript no errors (strict mode) | npx tsc --noEmit |
| 5 | Lint passes | npx eslint . |
| 6 | Tests pass | npx vitest run |
| 7 | AI code review (security + performance) | Claude Code / Cursor review |
| 8 | Feature works end-to-end (manual test) | Browser testing |
Next: Part 4 — Testing & QA
Automated testing: unit tests (Vitest), integration tests, E2E (Playwright), security scanning, dan AI-generated test suites. Pastikan kode tidak hanya "works" tapi "works correctly".
SDLC
Tech Review Desk — Vibe Coding SDLC Bible
Sumber: Next.js 15 Server Actions docs, Prisma docs, @dnd-kit docs, Conventional Commits, GitHub Flow.