The latest articles on Forem by pipipi-dev (@pipipi-dev). https://forem.com/pipipi-dev https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3476988%2Ff037637b-98d7-4a83-8126-5a4973276b9b.png https://forem.com/pipipi-dev en pipipi-dev Thu, 25 Dec 2025 03:26:48 +0000 https://forem.com/pipipi-dev/2025-year-in-review-lessons-from-solo-saas-development-3i08 https://forem.com/pipipi-dev/2025-year-in-review-lessons-from-solo-saas-development-3i08 <p>This is Day 25, the final article of the <strong><a href="https://adventar.org/calendars/12615" rel="noopener noreferrer">Solo SaaS Development - Design, Implementation &amp; Operations Advent Calendar 2025</a></strong>.</p> <p>I'll reflect on the technical knowledge shared over the past 25 days and summarize what I learned from 6 months of development.</p> <h2> 🤖 2025: The Year Development Changed </h2> <p>2025 was the year AI-powered development went mainstream.</p> <p>Claude Code was released in February, followed by GitHub Copilot Agent, OpenAI Codex, and other AI coding tools. "Having AI write your code" became a realistic option for many developers.</p> <p>I started developing Memoreru in June—right when these tools were maturing.</p> <p>As I wrote on Day 23, collaborating with Claude Code significantly changed my development style. Humans handle design, AI assists with implementation, and humans take responsibility for reviews. This division of labor enabled solo development that feels like team development.</p> <p>The PDD (Progress-Driven Development) introduced on Day 24 is also a methodology built around AI collaboration. By maintaining design documents and visualizing progress, you can develop efficiently with AI agents.</p> <p>Starting indie development in 2025 was good timing. It was a year when AI tools greatly expanded the possibilities for solo developers.</p> <h2> 📖 The 25-Day Journey </h2> <p>The 25 articles were structured to follow the flow of indie development. The structure allows those starting indie development to experience the development journey vicariously.</p> <p><strong>Prologue (12/1-3)</strong> covered the flow from idea to first commit, AI-friendly tech selection, and Next.js + Supabase project structure.</p> <p><strong>Foundation (12/4-9)</strong> covered documentation strategy, Git workflow, DB design, and authentication implementation. Day 9's NextAuth.js → Better Auth migration may be helpful for those struggling with auth library choices.</p> <p><strong>Frontend, API &amp; Infrastructure (12/10-13)</strong> started with App Router directory design, followed by MPA → SPA migration, Route Handler → Hono migration, and Vercel optimization. The SPA migration on Day 11 was a major refactoring with over 150 commits.</p> <p><strong>UX &amp; Features (12/14-17)</strong> introduced mobile-first design, infinite scroll implementation, Excel-like table UI, and semantic search with pgvector. Day 15's React 19 + Zustand pitfall documents an unexpected bug encounter.</p> <p><strong>Practical Challenges (12/18-22)</strong> covered bugs discovered through TypeScript strict mode, the React vulnerability disclosed in December, Stripe billing, GA4 + Clarity, and multi-tenant design—all operational topics.</p> <p><strong>Retrospective (12/23-25)</strong> covers Claude Code collaboration, Progress-Driven Development (PDD), and concludes with this article.</p> <h2> 🚀 Tech Stack </h2> <p>Here's the final technology stack after 6 months of development.</p> <h3> Frontend </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Technology</th> <th>Purpose</th> <th>Related Articles</th> </tr> </thead> <tbody> <tr> <td>Next.js 15 (App Router)</td> <td>Framework</td> <td>Days 3, 10, 11</td> </tr> <tr> <td>React 19</td> <td>UI Library</td> <td>Day 15</td> </tr> <tr> <td>TypeScript 5</td> <td>Type Safety</td> <td>Day 18</td> </tr> <tr> <td>Zustand</td> <td>Client State Management</td> <td>Days 11, 15</td> </tr> </tbody> </table></div> <h3> Backend &amp; Infrastructure </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Technology</th> <th>Purpose</th> <th>Related Articles</th> </tr> </thead> <tbody> <tr> <td>Supabase</td> <td>BaaS</td> <td>Days 3, 6</td> </tr> <tr> <td>PostgreSQL</td> <td>Database</td> <td>Days 6, 17</td> </tr> <tr> <td>pgvector</td> <td>Vector Search</td> <td>Day 17</td> </tr> <tr> <td>Drizzle ORM</td> <td>ORM</td> <td>Days 3, 6</td> </tr> <tr> <td>Better Auth</td> <td>Authentication &amp; 2FA</td> <td>Day 9</td> </tr> <tr> <td>Hono</td> <td>API Framework</td> <td>Day 12</td> </tr> <tr> <td>Zod</td> <td>Schema Definition &amp; Validation</td> <td>Days 12, 18</td> </tr> <tr> <td>Vercel</td> <td>Hosting</td> <td>Days 3, 5, 13</td> </tr> <tr> <td>Stripe</td> <td>Payments</td> <td>Day 20</td> </tr> <tr> <td>OpenAI API</td> <td>AI Features</td> <td>Day 17</td> </tr> </tbody> </table></div> <h3> UI &amp; Editor </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Technology</th> <th>Purpose</th> <th>Related Articles</th> </tr> </thead> <tbody> <tr> <td>@dnd-kit</td> <td>Drag &amp; Drop</td> <td>Day 16</td> </tr> <tr> <td>React Spreadsheet</td> <td>Spreadsheet UI</td> <td>Day 16</td> </tr> </tbody> </table></div> <h3> Development Tools </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Technology</th> <th>Purpose</th> <th>Related Articles</th> </tr> </thead> <tbody> <tr> <td>Claude Code</td> <td>AI Pair Programming</td> <td>Days 5, 23, 24</td> </tr> <tr> <td>Git Worktree</td> <td>Parallel Development</td> <td>Day 5</td> </tr> <tr> <td>Biome</td> <td>Linter / Formatter</td> <td>Day 18</td> </tr> <tr> <td>GA4</td> <td>Analytics</td> <td>Day 21</td> </tr> <tr> <td>Microsoft Clarity</td> <td>Heatmap Analysis</td> <td>Day 21</td> </tr> </tbody> </table></div> <p>For more details on the tech stack, see:</p> <p><a href="https://memoreru.com/about" rel="noopener noreferrer">https://memoreru.com/about</a></p> <h2> 💡 Lessons Learned </h2> <h3> Technology Selection and Migration </h3> <p>On Day 2, I wrote about "Tech Selection for AI-Driven Development." Choose technologies with rich documentation, type safety, and simple APIs. This was my selection philosophy.</p> <p>However, the first choice isn't always right. Over 6 months, I made 4 major technology migrations.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Migration</th> <th>Reason</th> <th>Related Article</th> </tr> </thead> <tbody> <tr> <td>Prisma → Drizzle ORM</td> <td>Better type inference, smaller bundle</td> <td>Day 6</td> </tr> <tr> <td>NextAuth.js → Better Auth</td> <td>Simpler API, Drizzle compatibility</td> <td>Day 9</td> </tr> <tr> <td>Route Handler → Hono</td> <td>OpenAPI integration, middleware design</td> <td>Day 12</td> </tr> <tr> <td>MPA → SPA</td> <td>Better UX, centralized state management</td> <td>Day 11</td> </tr> </tbody> </table></div> <p>I sometimes think I should have gone with SPA from the start, but starting with MPA helped me understand SPA's benefits.</p> <p>What's important is maintaining a state where you can make changes when you notice problems. Tests and design documents helped with this.</p> <h3> Documentation and Testing </h3> <p>On Day 4, I wrote about "Documentation-First Approach."</p> <p>Feature specs, API specs, DB specs, UI specs, and thought logs recording design decisions. I've been maintaining all of these.</p> <p>Time spent on documentation paid off as development efficiency. In the Claude Code collaboration introduced on Day 23, having design documents lets you say "implement according to this design." The PDD (Progress-Driven Development) from Day 24 also only works when design documents exist.</p> <p>Tests proved their value during major changes. SPA migration, Better Auth migration, Drizzle migration. I could make these changes confidently because tests existed. As I wrote on Day 18, TypeScript strict mode prevents type errors but not logic bugs. Having tests meant I could make changes without fear.</p> <h3> Development Efficiency </h3> <p>Here's a summary of the practices introduced across the 25 articles.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Challenge</th> <th>Solution</th> <th>Article</th> </tr> </thead> <tbody> <tr> <td>Parallel Development</td> <td>Git Worktree</td> <td>Day 5</td> </tr> <tr> <td>Type Safety</td> <td>TypeScript Strict Mode</td> <td>Day 18</td> </tr> <tr> <td>API Type Definitions</td> <td>Hono + Zod OpenAPI</td> <td>Day 12</td> </tr> <tr> <td>Progress Management</td> <td>PDD (Progress-Driven Development)</td> <td>Day 24</td> </tr> <tr> <td>AI Collaboration</td> <td>Design Documents + Claude Code</td> <td>Day 23</td> </tr> </tbody> </table></div> <p>These practices are effective individually, but combining them produces even greater results.</p> <h2> 🌱 Looking Ahead to 2026 </h2> <p>2025 was a year when the evolution of AI tools significantly changed how we develop.</p> <p>I'll continue development in 2026. I hope these 25 articles serve as a reference for those pursuing indie development.</p> <p>The thinking behind the development is documented in the note Advent Calendar. If interested, please check it out:</p> <p><a href="https://adventar.org/calendars/12464" rel="noopener noreferrer">https://adventar.org/calendars/12464</a></p> <p>I share development updates on X, so please follow if interested:</p> <p><a href="https://x.com/pipipi_dev" rel="noopener noreferrer">https://x.com/pipipi_dev</a></p> <p>Thank you for reading to the end.</p> <h2> 📝 Article List </h2> <h3> Prologue (12/1-3) </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Day</th> <th>Title</th> </tr> </thead> <tbody> <tr> <td>1</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251201-how-to-start-indie-dev" rel="noopener noreferrer">Starting Indie Development: From Idea to First Commit</a></td> </tr> <tr> <td>2</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251202-ai-driven-tech-selection" rel="noopener noreferrer">Tech Selection for AI-Driven Development: Finding the Right Stack</a></td> </tr> <tr> <td>3</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251203-nextjs-supabase-project-structure" rel="noopener noreferrer">Next.js + Supabase for Indie Dev: Project Structure Overview</a></td> </tr> </tbody> </table></div> <h3> Foundation: Design, DB &amp; Auth (12/4-9) </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Day</th> <th>Title</th> </tr> </thead> <tbody> <tr> <td>4</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251204-indie-dev-documentation-strategy" rel="noopener noreferrer">Documentation Strategy for Indie Dev: Design Docs &amp; Thought Logs</a></td> </tr> <tr> <td>5</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251205-git-branch-strategy" rel="noopener noreferrer">Git Branch Strategy: Workflow for Solo Development</a></td> </tr> <tr> <td>6</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251206-supabase-schema-design" rel="noopener noreferrer">Supabase Schema Design: Table Separation and Normalization</a></td> </tr> <tr> <td>7</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251207-database-id-design" rel="noopener noreferrer">Database ID Design: Choosing ID Types and Primary Keys</a></td> </tr> <tr> <td>8</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251208-database-migration-strategy" rel="noopener noreferrer">DB Migration Operations: Safely Managing Dev and Prod</a></td> </tr> <tr> <td>9</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251209-nextauth-to-better-auth" rel="noopener noreferrer">NextAuth.js to Better Auth: Why I Migrated Auth Libraries</a></td> </tr> </tbody> </table></div> <h3> Frontend, API &amp; Infrastructure (12/10-13) </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Day</th> <th>Title</th> </tr> </thead> <tbody> <tr> <td>10</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251210-app-router-directory-design" rel="noopener noreferrer">App Router Directory Design: Next.js Project Structure</a></td> </tr> <tr> <td>11</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251211-mpa-to-spa-migration" rel="noopener noreferrer">Why I Migrated from MPA to SPA: App Router Refactoring</a></td> </tr> <tr> <td>12</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251212-route-handler-to-hono" rel="noopener noreferrer">Next.js Route Handler to Hono: Why API Design Got Easier</a></td> </tr> <tr> <td>13</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251213-vercel-optimization" rel="noopener noreferrer">Vercel Optimization: Reducing Build Time and Improving Response</a></td> </tr> </tbody> </table></div> <h3> UX &amp; Features (12/14-17) </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Day</th> <th>Title</th> </tr> </thead> <tbody> <tr> <td>14</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251214-mobile-first-responsive" rel="noopener noreferrer">Mobile-First for Optimal UX: Responsive Design in Practice</a></td> </tr> <tr> <td>15</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251215-infinite-scroll-zustand" rel="noopener noreferrer">Infinite Scroll × Zustand × React 19: Async Pitfalls</a></td> </tr> <tr> <td>16</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251216-excel-like-table" rel="noopener noreferrer">No-Code Excel-Like Tables: Implementing Drag &amp; Drop UI</a></td> </tr> <tr> <td>17</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251217-semantic-search-pgvector" rel="noopener noreferrer">Implementing Semantic Search: pgvector + OpenAI Embeddings</a></td> </tr> </tbody> </table></div> <h3> Practical Challenges (12/18-22) </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Day</th> <th>Title</th> </tr> </thead> <tbody> <tr> <td>18</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251218-typescript-strict-mode" rel="noopener noreferrer">Bugs Found with TypeScript Strict Mode: Type Safety in Practice</a></td> </tr> <tr> <td>19</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251219-security-essentials-solo-dev" rel="noopener noreferrer">December 2025 React Vulnerability: Security for Solo Devs</a></td> </tr> <tr> <td>20</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251220-stripe-pricing-design" rel="noopener noreferrer">Implementing Tiered Pricing with Stripe: Monetizing Indie Dev</a></td> </tr> <tr> <td>21</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251221-ga4-clarity-analytics" rel="noopener noreferrer">Visualizing User Behavior: Setting Up GA4 and Microsoft Clarity</a></td> </tr> <tr> <td>22</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251222-multi-tenant-saas" rel="noopener noreferrer">Building Multi-Tenant SaaS Solo: Pursuing Enterprise Quality</a></td> </tr> </tbody> </table></div> <h3> Retrospective (12/23-25) </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Day</th> <th>Title</th> </tr> </thead> <tbody> <tr> <td>23</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251223-claude-code-ai-pair-programming" rel="noopener noreferrer">How Claude Code Changed My Indie Dev: AI Pair Programming</a></td> </tr> <tr> <td>24</td> <td><a href="https://zenn.dev/pipipi_dev/articles/20251224-progress-driven-development" rel="noopener noreferrer">Progress-Driven Development (PDD): Indie Dev with AI Agents</a></td> </tr> <tr> <td>25</td> <td>2025 Year in Review: Lessons from Solo SaaS Development (This Article)</td> </tr> </tbody> </table></div> indiedev retrospective nextjs claudecode pipipi-dev Wed, 24 Dec 2025 09:54:08 +0000 https://forem.com/pipipi-dev/progress-driven-development-pdd-solo-development-with-ai-agents-1844 https://forem.com/pipipi-dev/progress-driven-development-pdd-solo-development-with-ai-agents-1844 <p>This is Day 24 of the <strong><a href="https://adventar.org/calendars/12615" rel="noopener noreferrer">Building a SaaS Solo - Design, Implementation, and Operations Advent Calendar 2025</a></strong>.</p> <p>Yesterday's article covered "AI Pair Programming with Claude Code." Today, I'll introduce "Progress-Driven Development (PDD)," a methodology for collaborating with AI agents.</p> <p>:::message<br> "Progress-Driven Development (PDD)" is a term and concept I coined for this article. Drawing from over 10 years of PM/PdM experience with various progress management tools and methodologies, I developed this approach while exploring progress management methods suited to collaborating with AI agents.<br> :::</p> <h2> 💡 What is Progress-Driven Development? </h2> <p>Progress-Driven Development (PDD: Progress-Driven Development) is a methodology that structures the entire development process and clarifies completion criteria for each step, enabling humans and AI to collaborate efficiently.</p> <h3> Challenges in Solo Development </h3> <p>When continuing solo development, do you ever face challenges like these?</p> <ul> <li>Can't remember "how far did I get with that feature?"</li> <li>Don't know what to do next when resuming after a break</li> <li>Can't grasp what percentage of the overall project is complete</li> </ul> <p>Spec-Driven Development (SDD: Spec-Driven Development) is a methodology that uses specification documents as the SSoT (Single Source of Truth) to drive design and implementation. Test-Driven Development (TDD: Test-Driven Development) is a methodology that repeats short cycles of writing a failing test (Red), implementing to pass the test (Green), and refactoring (Refactor).</p> <p>These methodologies focus on "what to build" and "how to build it," but a separate mechanism is needed to understand "how much is done."</p> <p><strong>Reference Documents</strong></p> <ul> <li><a href="https://zenn.dev/beagle/articles/fd60745bc54de1" rel="noopener noreferrer">Revisiting SDD (Spec-Driven Development) and Specifications</a></li> <li><a href="https://zenn.dev/loglass/articles/16745471ef55ff" rel="noopener noreferrer">"Having AI Write All Tests First" Isn't TDD. But That's OK.</a></li> </ul> <h3> PDD's Position </h3> <p>PDD doesn't reject SDD or TDD. It complements them by adding a <strong>progress management perspective</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>SDD: Drive implementation using specification documents as the single source of truth TDD: Ensure code quality through short test-implementation cycles PDD: Visualize progress to understand "how much is done" </code></pre> </div> <p>By breaking development into multiple steps and clarifying completion criteria for each, you can see at a glance "how far along we are now."</p> <h3> Comparison with SDD/TDD </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Method</th> <th>Focus</th> <th>Artifact</th> <th>Cycle</th> </tr> </thead> <tbody> <tr> <td>SDD</td> <td>Specification clarity</td> <td>Spec documents</td> <td>Spec→Design→Implement</td> </tr> <tr> <td>TDD</td> <td>Code quality</td> <td>Test code</td> <td>Test→Implement→Refactor</td> </tr> <tr> <td>PDD</td> <td>Progress visualization</td> <td>Progress matrix</td> <td>Check→Implement→Scan→Review</td> </tr> </tbody> </table></div> <p>If TDD is a methodology for developers, PDD is a <strong>methodology for management</strong>. These are not mutually exclusive and can be combined.</p> <h3> Application to Team Development </h3> <p>While I conceived this methodology for solo development, it can also be applied to team development. PDD progress tables can be shown directly to non-engineering team members.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Method</th> <th>Artifact Readability</th> <th>Progress Visualization</th> <th>Stakeholder Sharing</th> </tr> </thead> <tbody> <tr> <td>SDD</td> <td>Spec documents (anyone can read)</td> <td>Fulfillment level (progress hard to see)</td> <td>Easy</td> </tr> <tr> <td>TDD</td> <td>Test code (for technical people)</td> <td>pass/fail (progress hard to see)</td> <td>Explanation needed</td> </tr> <tr> <td>PDD</td> <td>Progress table (anyone can read)</td> <td>Matrix display (progress easy to understand)</td> <td>Easy</td> </tr> </tbody> </table></div> <h2> 🔢 Feature × Step Matrix </h2> <p>PDD's characteristic is managing progress with a <strong>Feature (vertical axis) × Step (horizontal axis)</strong> matrix.</p> <h3> Step Definition </h3> <p>In my project, I manage each feature in 10 stages. I use 10 stages because it makes progress calculation easy at 10% increments (10% × 10 steps = 100%).</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>#</th> <th>Step</th> <th>Content</th> <th>Owner</th> </tr> </thead> <tbody> <tr> <td>01</td> <td>spec</td> <td>Specification (requirements)</td> <td>AI/Human</td> </tr> <tr> <td>02</td> <td>design</td> <td>Design (API design, DB design, etc.)</td> <td>AI/Human</td> </tr> <tr> <td>03</td> <td>database</td> <td>Schema &amp; migrations</td> <td>AI</td> </tr> <tr> <td>04</td> <td>ui</td> <td>Screens &amp; components</td> <td>AI</td> </tr> <tr> <td>05</td> <td>api</td> <td>API endpoints</td> <td>AI</td> </tr> <tr> <td>06</td> <td>usecase</td> <td>Business logic</td> <td>AI</td> </tr> <tr> <td>07</td> <td>repository</td> <td>Data access layer</td> <td>AI</td> </tr> <tr> <td>08</td> <td>unit-test</td> <td>Unit tests</td> <td>AI</td> </tr> <tr> <td>09</td> <td>guide</td> <td>User guide</td> <td>AI</td> </tr> <tr> <td>10</td> <td>review</td> <td>Overall review</td> <td>Human</td> </tr> </tbody> </table></div> <p>The number and content of steps can be freely designed according to your product. My product requires a user guide, so I include guide, but you can omit it if unnecessary. 5 or 8 stages work fine too. What's important is clarifying "what constitutes completion."</p> <p>In my case, 01-spec and 02-design are created collaboratively by humans and AI, 03-09 are implemented by AI. The final 10-review is where humans do the final confirmation.</p> <h3> Status Definition </h3> <p>In my project, I set 5 status levels for each cell.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Status</th> <th>Symbol</th> <th>Progress</th> <th>Meaning</th> </tr> </thead> <tbody> <tr> <td>none</td> <td><code>[n]</code></td> <td>0%</td> <td>Not started</td> </tr> <tr> <td>started</td> <td><code>[s]</code></td> <td>25%</td> <td>Started</td> </tr> <tr> <td>draft</td> <td><code>[d]</code></td> <td>50%</td> <td>Draft complete</td> </tr> <tr> <td>reviewed</td> <td><code>[r]</code></td> <td>75%</td> <td>Reviewed</td> </tr> <tr> <td>done</td> <td><code>[x]</code></td> <td>100%</td> <td>Complete</td> </tr> </tbody> </table></div> <p>The number and names of status levels can also be freely designed according to your project. A simple 3-stage "Not started / In progress / Complete" works fine too.</p> <h2> 🧩 Progress Management System </h2> <p>In my project, I place progress management files in <code>docs/progress/</code>. I created these by consulting with Claude Code. You can request it with a prompt like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>I want to create a progress management system for my project. Requirements: - Manage progress with JSON files per feature - Each feature consists of 10 steps (spec, design, database, ui, api, usecase, repository, unit-test, guide, review) - Status has 5 levels: none/started/draft/reviewed/done - Also create JSON files listing related file paths per step (for quick document access) - CLI commands for progress display and auto-scanning - Matrix format display with color coding First, propose the directory structure and an example JSON file for one feature. </code></pre> </div> <p>You don't need to create something perfect from the start. It's fine to improve it as you use it. Below, I'll introduce the structure I actually use.</p> <h3> Directory Structure </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>docs/progress/ ├── features/ # Progress files per feature │ ├── 01-auth/ │ │ ├── 01-register.json │ │ ├── 02-verify-email.json │ │ ├── 03-login.json │ │ └── ... │ ├── 02-home/ │ ├── 03-contents/ │ └── ... ├── steps/ # File lists per step │ ├── 01-spec.json │ ├── 02-design.json │ └── ... ├── checklists/ # Completion criteria per step │ ├── 01-spec.md │ ├── 02-design.md │ ├── 03-database.md │ └── ... └── scripts/ # CLI tools └── pdd.ts # Provides pdd scan / pdd status </code></pre> </div> <h3> 1. Progress Management per Feature </h3> <p>Progress for each feature is managed with JSON files.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"login"</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Login"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Login with email/password"</span><span class="p">,</span><span class="w"> </span><span class="nl">"steps"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"01-spec"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"done"</span><span class="p">,</span><span class="w"> </span><span class="nl">"files"</span><span class="p">:</span><span class="w"> </span><span class="p">[{</span><span class="w"> </span><span class="nl">"path"</span><span class="p">:</span><span class="w"> </span><span class="s2">"src/_spec.md"</span><span class="p">,</span><span class="w"> </span><span class="nl">"reviewed"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"02-design"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"done"</span><span class="p">,</span><span class="w"> </span><span class="nl">"files"</span><span class="p">:</span><span class="w"> </span><span class="p">[{</span><span class="w"> </span><span class="nl">"path"</span><span class="p">:</span><span class="w"> </span><span class="s2">"src/client/components/auth/login/_design.md"</span><span class="p">,</span><span class="w"> </span><span class="nl">"reviewed"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"03-database"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"done"</span><span class="p">,</span><span class="w"> </span><span class="nl">"files"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="err">...</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"04-ui"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"done"</span><span class="p">,</span><span class="w"> </span><span class="nl">"files"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"path"</span><span class="p">:</span><span class="w"> </span><span class="s2">"src/app/[locale]/(auth)/login/page.tsx"</span><span class="p">,</span><span class="w"> </span><span class="nl">"reviewed"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"path"</span><span class="p">:</span><span class="w"> </span><span class="s2">"src/client/components/auth/login/LoginPage.tsx"</span><span class="p">,</span><span class="w"> </span><span class="nl">"reviewed"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"05-api"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"done"</span><span class="p">,</span><span class="w"> </span><span class="nl">"files"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="err">...</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"06-usecase"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"na"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"07-repository"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"na"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"08-unit-test"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"done"</span><span class="p">,</span><span class="w"> </span><span class="nl">"files"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="err">...</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"09-guide"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"none"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"10-review"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"none"</span><span class="p">,</span><span class="w"> </span><span class="nl">"note"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Need final auth flow confirmation"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Key points:</p> <ul> <li> <code>files</code>: Records files created for that step (updated by auto-scan)</li> <li> <code>reviewed</code>: Tracks whether each file has been reviewed</li> <li> <code>note</code>: Records supplementary information and TODOs</li> <li> <code>na</code>: When that step is not applicable</li> </ul> <h3> 2. Artifact List per Step </h3> <p>The <code>steps/</code> directory contains JSON files summarizing artifacts (file paths) per step.</p> <p>In my project, I place design documents (<code>_design.md</code>) near the implementation files. This makes it easier for AI agents to reference designs during implementation. However, when humans review, design documents are scattered and hard to find. By summarizing lists in <code>steps/</code>, both humans and AI agents can proceed with development smoothly.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"step"</span><span class="p">:</span><span class="w"> </span><span class="s2">"02-design"</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Design"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"category"</span><span class="p">:</span><span class="w"> </span><span class="s2">"auth"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categoryName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"01 Auth"</span><span class="p">,</span><span class="w"> </span><span class="nl">"subcategories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"subcategory"</span><span class="p">:</span><span class="w"> </span><span class="s2">"01-01"</span><span class="p">,</span><span class="w"> </span><span class="nl">"subcategoryName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"User Registration"</span><span class="p">,</span><span class="w"> </span><span class="nl">"files"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"path"</span><span class="p">:</span><span class="w"> </span><span class="s2">"src/client/components/auth/register/_design.md"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"subcategory"</span><span class="p">:</span><span class="w"> </span><span class="s2">"01-02"</span><span class="p">,</span><span class="w"> </span><span class="nl">"subcategoryName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Email Verification"</span><span class="p">,</span><span class="w"> </span><span class="nl">"files"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"path"</span><span class="p">:</span><span class="w"> </span><span class="s2">"src/client/components/auth/verify-email/_design.md"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"subcategory"</span><span class="p">:</span><span class="w"> </span><span class="s2">"01-03"</span><span class="p">,</span><span class="w"> </span><span class="nl">"subcategoryName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Login"</span><span class="p">,</span><span class="w"> </span><span class="nl">"files"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"path"</span><span class="p">:</span><span class="w"> </span><span class="s2">"src/client/components/auth/login/_design.md"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Combined with the VS Code extension "Open File From Path," you can place your cursor on a path in the JSON file and press a shortcut key (alt+d) to jump directly to that file. It's convenient when you want to "check design documents" or "see the unit test list."</p> <p><a href="https://marketplace.visualstudio.com/items?itemName=jack89ita.open-file-from-path" rel="noopener noreferrer">https://marketplace.visualstudio.com/items?itemName=jack89ita.open-file-from-path</a></p> <h3> 3. Completion Criteria Checklists </h3> <p>Each step has completion criteria defined as checklists. With these checklists, AI can self-determine "what to do next."</p> <p><strong>04-ui (Screen) example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gu">## Completion Criteria</span> <span class="p">-</span> [ ] Required page components exist <span class="p">-</span> [ ] Required UI components exist <span class="p">-</span> [ ] TypeScript compiles successfully <span class="p">-</span> [ ] Screen displays correctly <span class="gu">## Quality Criteria</span> | State | Criteria | |-------|----------| | done | User operations are processed, loading/error states implemented | | draft | UI displays but operations not implemented, using dummy data | | none | Component files don't exist | </code></pre> </div> <p><strong>10-review (Overall Review) example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gu">## Completion Criteria</span> <span class="p">-</span> [ ] Code review completed <span class="p">-</span> [ ] Functionality verification completed <span class="p">-</span> [ ] Usability confirmed <span class="p">-</span> [ ] Security review completed <span class="gu">## AI's Role</span> <span class="p">-</span> AI cannot "perform" the review <span class="p">-</span> AI can detect and report "review is needed" </code></pre> </div> <h2> 🎮 Progress Management Commands </h2> <p>I've prepared a CLI tool <code>pdd</code> for progress management. It's implemented in TypeScript and placed in <code>docs/progress/scripts/pdd.ts</code>.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Command</th> <th>Role</th> </tr> </thead> <tbody> <tr> <td><code>pdd scan</code></td> <td>Auto-update status based on file existence</td> </tr> <tr> <td><code>pdd status</code></td> <td>Display progress in terminal</td> </tr> </tbody> </table></div> <p>The benefit of CLI-based management is that it's self-contained locally without requiring external services like progress management tools. Progress data is included in the repository as JSON files, so it can also be version-controlled with Git. Implementation is simple - just JSON file reading/writing and directory traversal. You can implement it in your preferred language or tools.</p> <h3> Auto Scan </h3> <p>Traverses source code and auto-updates progress file statuses.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pdd scan </code></pre> </div> <p><strong>Behavior:</strong></p> <ol> <li>Traverse source code directories</li> <li>Check for files corresponding to each feature</li> <li>Auto-update to <code>done</code> if files exist, <code>none</code> if not</li> <li>Don't overwrite manually set statuses (<code>draft</code> and <code>started</code> are preserved)</li> </ol> <p>By running this command after implementation, progress is automatically reflected.</p> <h3> Progress Display </h3> <p>Reads progress files and displays progress.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pdd status </code></pre> </div> <p><strong>Summary Display:</strong></p> <p>First displays overall progress summary.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Overall Progress [██████████████░░░░░░] 70% By Section 01 Auth [███████░░░] 68% 02 Home [███████░░░] 70% 03 Contents [███████░░░] 74% 04 Search [██████░░░░] 63% By Step 01 spec [██████████] 100% 02 design [██████████] 100% 03 database [█████████░] 86% 08 unit-test [███░░░░░░░] 25% 10 review [░░░░░░░░░░] 0% </code></pre> </div> <p>You can see at a glance: "70% overall complete," "tests are behind," "review not yet started."</p> <p><strong>Matrix Display:</strong></p> <p>Then displays detailed per-feature information in matrix format.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Legend: [n]Not started [s]Started [d]Draft [r]Reviewed [x]Done [-]N/A Steps: [1]spec [2]design [3]database [4]ui [5]api [6]usecase [7]repository [8]unit-test [9]guide [10]review 🚀 01 Auth 01 User Registration [██████░░░░] 63% [x] [x] [x] [-] [-] [x] [x] [n] [n] [n] 02 Email Verification [███████░░░] 67% [x] [x] [x] [-] [-] [x] [x] [n] [-] [n] 03 Login [████████░░] 75% [x] [x] [x] [-] [-] [x] [x] [x] [n] [n] 🚀 02 Home 01 Bookmarks [█████████░] 89% [x] [x] [x] [x] [x] [x] [x] [x] [-] [n] 02 Public [███████░░░] 67% [x] [x] [-] [-] [-] [x] [x] [n] [-] [n] </code></pre> </div> <p>In my environment, I display with color coding in the terminal (green=80%+, yellow=50%+, red=below 50%).</p> <h2> 🚀 Development Workflow </h2> <h3> Daily Workflow </h3> <p>My daily development flow is as follows.</p> <p><strong>1. Check Progress</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pdd status </code></pre> </div> <p>Check overall progress and what's behind.</p> <p><strong>2. Instruct AI</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>"Please implement 08-unit-test for the login feature. Refer to docs/progress/checklists/08-unit-test.md for the checklist." </code></pre> </div> <p>AI can self-determine what to do by looking at the checklist.</p> <p><strong>3. Auto Scan</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pdd scan </code></pre> </div> <p>Detect newly created files and auto-update status.</p> <p><strong>4. Review</strong><br> Verify actual operation, update <code>10-review</code> to <code>done</code> if no issues.</p> <p>With this repetition, you can continue development without wondering "what to do next."</p> <h3> Combining with Parallel Development </h3> <p>PDD becomes even more efficient when combined with parallel development using Git Worktree.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Worktree</th> <th>Assigned Steps</th> <th>Scope</th> </tr> </thead> <tbody> <tr> <td>spec-design</td> <td>01-spec, 02-design</td> <td>Spec &amp; design documents</td> </tr> <tr> <td>database</td> <td>03-database</td> <td>Schema &amp; migrations</td> </tr> <tr> <td>frontend</td> <td>04-ui</td> <td>Screens &amp; components</td> </tr> <tr> <td>backend</td> <td>05-api, 06-usecase, 07-repository</td> <td>Server-side implementation</td> </tr> <tr> <td>unit-test</td> <td>08-unit-test</td> <td>Test code</td> </tr> <tr> <td>guide</td> <td>09-guide</td> <td>Guides &amp; seed data</td> </tr> <tr> <td>develop</td> <td>10-review</td> <td>Integration, final review</td> </tr> </tbody> </table></div> <p>Different AI agents work in parallel in each Worktree, then integrate in the develop branch.</p> <p><strong>Merge Order (considering dependencies):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. spec-design ← Reference for other implementations 2. database ← Can't write repository without schema 3. frontend ← Create screen mocks first 4. backend ← Depends on DB schema 5. unit-test ← Depends on implementation 6. guide ← After implementation complete </code></pre> </div> <p>By merging in order considering dependencies, conflicts are minimized.</p> <p>For team development, everyone checks progress together, and a manager should consolidate progress file updates to avoid conflicts.</p> <h2> ✅ Summary </h2> <p>I introduced Progress-Driven Development (PDD).</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Point</th> <th>Content</th> </tr> </thead> <tbody> <tr> <td>Position</td> <td>Adds progress management perspective to SDD/TDD</td> </tr> <tr> <td>Matrix Management</td> <td>Visualize progress with Feature × Step</td> </tr> <tr> <td>Progress System</td> <td>JSON + Checklists + Auto-scan</td> </tr> <tr> <td>Role Division</td> <td>Spec/Design=collaborate, Implementation=AI, Review=Human</td> </tr> <tr> <td>Parallel Development</td> <td>Multiple AIs work simultaneously with Git Worktree</td> </tr> </tbody> </table></div> <p>PDD is a methodology that maximizes AI agent capabilities while humans guarantee final quality. By visualizing progress, "what to do next" becomes clear, helping sustain solo development. It can also be applied to team development.</p> <p>Tomorrow, I'll write about "Reflecting on 2025 Solo Development."</p> <p><strong>Other Articles in This Series</strong></p> <ul> <li>12/23: How Claude Code Changed My Solo Dev Workflow: AI Pair Programming</li> <li>12/25: Reflecting on 2025 Solo Development: Lessons in Technology, Design, and Operations</li> </ul> solodev projectmanagement claudecode pdd pipipi-dev Tue, 23 Dec 2025 07:02:26 +0000 https://forem.com/pipipi-dev/how-claude-code-changed-my-solo-dev-workflow-ai-pair-programming-2ngi https://forem.com/pipipi-dev/how-claude-code-changed-my-solo-dev-workflow-ai-pair-programming-2ngi <p>This is Day 23 of the <strong><a href="https://adventar.org/calendars/12615" rel="noopener noreferrer">Building a SaaS Solo - Design, Implementation, and Operations Advent Calendar 2025</a></strong>.</p> <p>Yesterday's article covered "Multi-tenant SaaS Design." Today, I'll share my practical experience developing with Claude Code.</p> <p>:::message<br> The basics of Claude Code are well documented in official resources and other articles. This article focuses on my personal workflow and insights gained from continuous use in solo development.<br> :::</p> <p><strong>Reference Documents</strong></p> <ul> <li><a href="https://code.claude.com/docs/overview" rel="noopener noreferrer">Claude Code Documentation</a></li> <li><a href="https://claude.com/blog" rel="noopener noreferrer">Claude Code Blog</a></li> <li><a href="https://www.anthropic.com/engineering/claude-code-best-practices" rel="noopener noreferrer">Claude Code Best Practices</a></li> </ul> <h2> 🛠️ Think Like a Construction Site </h2> <p>Through continuous development with Claude Code, I found that approaching it like a construction site works well.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. Draw blueprints (Requirements) 2. Build scaffolding (Basic/Detailed Design) 3. Construct (Implementation) 4. Write "why we built it this way" on the walls (Comments, README, CLAUDE.md) 5. Remove scaffolding (Integrate specs into implementation) </code></pre> </div> <h3> Draw Blueprints (Requirements) </h3> <p>First, clarify "what to build."<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gu">## Feature Overview</span> A feature for users to create and manage learning content <span class="gu">## Use Cases</span> <span class="p">-</span> Create, edit, and delete content <span class="p">-</span> View own content in a list <span class="p">-</span> Write body text in Markdown format <span class="gu">## Constraints</span> <span class="p">-</span> Cannot see other tenants' content <span class="p">-</span> Title is required, body is optional </code></pre> </div> <p>By providing this blueprint to Claude Code, the AI can generate code with a complete understanding of the big picture.</p> <h3> Build Scaffolding (Basic/Detailed Design) </h3> <p>Once requirements are set, decide "how to build it." Organize file structure and processing flow in plain language.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gu">## File Structure</span> <span class="p">-</span> src/types/content.ts - Type definitions <span class="p">-</span> src/app/api/contents/route.ts - API endpoint <span class="p">-</span> src/client/components/ContentForm.tsx - Input form <span class="gu">## API Endpoints</span> <span class="gu">### GET /api/contents</span> <span class="p">-</span> Authentication check <span class="p">-</span> Filter by tenant_id <span class="p">-</span> Return in descending order by update time <span class="gu">### POST /api/contents</span> <span class="p">-</span> Authentication check <span class="p">-</span> Validation (title required, body optional) <span class="p">-</span> Save to DB and return created record </code></pre> </div> <p>With this design document, Claude Code can easily understand "what to implement and how."</p> <h3> Construct (Implementation) </h3> <p>Once scaffolding is ready, it's time to implement. This is where Claude Code shines.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Please implement src/app/api/contents/route.ts. Follow these specifications: - GET: Filter by tenant_id and return content list - POST: Create new content - Reference existing src/app/api/labels/route.ts for error handling </code></pre> </div> <p>Having it reference existing code maintains consistency within the project.</p> <h3> Write the Reasoning </h3> <p>After implementation, document "why it was implemented this way" in comments or README.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Check tenant_id at application layer in addition to RLS</span> <span class="c1">// Defense in depth in case of RLS configuration oversight</span> <span class="kd">const</span> <span class="nx">contents</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span> <span class="p">.</span><span class="nf">select</span><span class="p">()</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">contentsTable</span><span class="p">)</span> <span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="nf">eq</span><span class="p">(</span><span class="nx">contentsTable</span><span class="p">.</span><span class="nx">tenantId</span><span class="p">,</span> <span class="nx">tenantId</span><span class="p">));</span> </code></pre> </div> <p>This record helps future you or AI understand "why it's built this way."</p> <h3> Remove Scaffolding </h3> <p>Finally, integrate design document content into the implementation. Delete temporary TODO comments, organize type definitions, and clean up obsolete specs.</p> <p>This also "prevents Context pollution." If old design documents or temporary comments remain, AI might read them and get confused. Making source code the Single Source of Truth reduces AI misreadings.</p> <h2> 💬 Context Sharing with CLAUDE.md </h2> <p>In Claude Code, placing <code>CLAUDE.md</code> at the project root helps AI understand the project context.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gh"># Project Overview</span> Memoreru - A tool to organize knowledge and nurture thinking <span class="gh"># Tech Stack</span> <span class="p">-</span> Next.js 15 (App Router) <span class="p">-</span> TypeScript strict mode <span class="p">-</span> Drizzle ORM + PostgreSQL (Supabase) <span class="p">-</span> Hono (API) <span class="p">-</span> shadcn/ui <span class="gh"># Coding Conventions</span> <span class="p">-</span> Use function components <span class="p">-</span> Prefer named exports <span class="p">-</span> Error handling uses Result type pattern <span class="gh"># Directory Structure</span> src/ ├── app/ # Next.js App Router ├── client/ # Client-side logic ├── server/ # Server-side logic ├── database/ # DB schema &amp; queries └── shared/ # Common utilities </code></pre> </div> <p>Write this once, and you won't need to explain it every time.</p> <h3> Documenting Implementation Patterns </h3> <p>It's also helpful to document project-specific implementation patterns in CLAUDE.md.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gh"># API Endpoint Patterns</span> <span class="gu">## Authenticated Endpoints</span> <span class="p">1.</span> Get user ID from session <span class="p">2.</span> Verify access rights to tenant_id <span class="p">3.</span> Set RLS context <span class="p">4.</span> Execute processing <span class="gu">## Error Response Format</span> { error: string, code?: string } </code></pre> </div> <h2> ⚡ Using Extensions </h2> <p>Claude Code has extensions like MCP and Skills.</p> <h3> MCP </h3> <p>MCP (Model Context Protocol) is a protocol that enables integration with external tools. I use these three:</p> <ul> <li> <strong>Playwright</strong>: Browser automation, E2E testing</li> <li> <strong>Supabase</strong>: Database schema inspection</li> <li> <strong>Serena</strong>: IDE integration</li> </ul> <p><a href="https://modelcontextprotocol.io" rel="noopener noreferrer">https://modelcontextprotocol.io</a></p> <p>MCP is convenient, but overuse can bloat Context. As AI processes more information, response speed and accuracy can be affected. I recommend limiting to essentials.</p> <p><a href="https://code.claude.com/docs/mcp" rel="noopener noreferrer">https://code.claude.com/docs/mcp</a></p> <h3> Skills </h3> <p>Skills is a mechanism for templating instructions for specific tasks. Place SKILL.md files in the <code>.claude/skills/</code> directory.</p> <p>I haven't fully utilized this yet, but it seems useful for sharing rules like review guidelines across teams. An official Skills marketplace is also available.</p> <p><a href="https://claude.com/skills" rel="noopener noreferrer">https://claude.com/skills</a></p> <h2> 💡 Tips for Interacting with AI </h2> <h3> Be Specific </h3> <p>Vague instructions lead to unexpected results. Communicate what you want specifically.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>❌ "Make it better" ✅ "Sort the list by update time in descending order" </code></pre> </div> <h3> Request Incrementally </h3> <p>Break large features into smaller requests. If you request everything at once, course corrections become difficult.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. First, define the Contents table schema 2. Next, create CRUD API endpoints 3. Finally, create the frontend form </code></pre> </div> <h3> State Constraints Explicitly </h3> <p>Communicating what you don't want prevents unintended changes.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Please implement with these constraints: - Don't change existing API response format - Don't add new libraries - Prioritize readability over performance </code></pre> </div> <h3> Prevent Over-Engineering </h3> <p>Claude Code tends to add complexity by considering backward compatibility. Be explicit about keeping things simple.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>❌ What AI tends to do on its own: - Keep old API and add new API - Create wrapper functions with deprecation warnings - Add feature flags to toggle between old and new ✅ State explicitly: "Backward compatibility is not needed. Please modify existing code directly." </code></pre> </div> <h2> 🧠 Role Division </h2> <p>Here's the role division between humans and AI that emerged from six months of development.</p> <h3> What Humans Decide </h3> <ul> <li> <strong>Product direction</strong>: What to build, what not to build</li> <li> <strong>Architecture</strong>: Technology selection, directory structure</li> <li> <strong>Security</strong>: Authentication/authorization design, vulnerability checks</li> <li> <strong>User experience</strong>: Usability, clarity</li> <li> <strong>Final verification</strong>: Does it actually work without issues?</li> </ul> <h3> What to Delegate to AI </h3> <ul> <li> <strong>Pattern-based code generation</strong>: CRUD APIs, form components</li> <li> <strong>Refactoring</strong>: Naming consistency, directory organization</li> <li> <strong>Boilerplate creation</strong>: Type definitions, test scaffolds</li> <li> <strong>Error investigation</strong>: Root cause inference from stack traces</li> </ul> <p>AI changed the "How." The "What" and "Why" remain human work.</p> <h3> Always Review Code </h3> <p>Always review AI-generated code yourself.</p> <ul> <li> <strong>Security</strong>: Is user ID being taken directly from request?</li> <li> <strong>Type safety</strong>: Is <code>any</code> or <code>as any</code> being used to bypass type errors?</li> <li> <strong>Edge cases</strong>: Are empty arrays, null values, etc. considered?</li> </ul> <p>AI generates code that "works," but that doesn't mean it's "safe."</p> <p>Being conscious of this role division has made collaboration with AI smoother. It's not about "delegating everything" but "building together."</p> <h2> ✅ Summary </h2> <p>I shared my practices for developing with Claude Code.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Point</th> <th>Content</th> </tr> </thead> <tbody> <tr> <td>Construction Site Approach</td> <td>Blueprint → Scaffolding → Build → Reasoning → Remove</td> </tr> <tr> <td>CLAUDE.md</td> <td>Share project context with AI</td> </tr> <tr> <td>Extensions</td> <td>MCP/Skills (minimal usage)</td> </tr> <tr> <td>Interaction Tips</td> <td>Be specific, incremental, state constraints</td> </tr> <tr> <td>Role Division</td> <td>How=AI, What/Why=Human, Review required</td> </tr> </tbody> </table></div> <p>AI is a powerful tool, but humans are the ones who wield it. I continue development with a mindset of "collaboration" rather than "delegation."</p> <p>Tomorrow, I'll explain "Progress-Driven Development (PDD)."</p> <p><strong>Other Articles in This Series</strong></p> <ul> <li>12/22: Building Multi-tenant SaaS as a Solo Developer: Pursuing Enterprise Quality</li> <li>12/24: Progress-Driven Development (PDD): Solo Development with AI Agents</li> </ul> claudecode ai solodev productivity pipipi-dev Mon, 22 Dec 2025 06:21:05 +0000 https://forem.com/pipipi-dev/building-multi-tenant-saas-as-a-solo-developer-1pi9 https://forem.com/pipipi-dev/building-multi-tenant-saas-as-a-solo-developer-1pi9 <p>This article is part of the <strong>Solo SaaS Development Advent Calendar 2025</strong>.</p> <p>In the previous article, I covered GA4 and Microsoft Clarity setup. In this article, I'll share how I built a multi-tenant SaaS architecture.</p> <p>:::message<br> The content in this article reflects the design I adopted for my personal project. Rather than best practices, please read this as a record of trial and error from a solo developer.<br> :::</p> <h2> Why Multi-Tenant? </h2> <p>When building a SaaS, you need to separate data by user.</p> <p>For team or organization-based services, the following requirements emerge:</p> <ul> <li>Organization A's data must not be visible to Organization B</li> <li>Even within the same organization, access rights may differ by team</li> <li>Administrators and regular members have different operation scopes</li> </ul> <p>Multi-tenant architecture realizes these requirements.</p> <h3> Why I Considered Multi-Tenant </h3> <p>For many solo development projects, multi-tenant architecture is probably unnecessary. For consumer-facing services, filtering by user ID is sufficient.</p> <p>In my case, I was aiming to serve both individual users and enterprise customers, so I designed with multi-tenancy in mind from the start. Adding it later could require restructuring the entire data model.</p> <h2> Tenant Structure Design </h2> <p>In my project, I adopted the following hierarchical structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Tenant (Organization) ├── Team A │ ├── Member 1 (Owner) │ └── Member 2 (Regular) └── Team B ├── Member 1 (Leader) └── Member 3 (View Only) </code></pre> </div> <h3> Tenant Table Design </h3> <p>This table manages tenant (organization) information.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Example: Tenant table</span> <span class="kd">const</span> <span class="nx">tenants</span> <span class="o">=</span> <span class="nf">pgTable</span><span class="p">(</span><span class="dl">'</span><span class="s1">tenants</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">tenant_id</span><span class="p">:</span> <span class="nf">text</span><span class="p">(</span><span class="dl">'</span><span class="s1">tenant_id</span><span class="dl">'</span><span class="p">).</span><span class="nf">primaryKey</span><span class="p">(),</span> <span class="na">name</span><span class="p">:</span> <span class="nf">text</span><span class="p">(</span><span class="dl">'</span><span class="s1">name</span><span class="dl">'</span><span class="p">).</span><span class="nf">notNull</span><span class="p">(),</span> <span class="na">slug</span><span class="p">:</span> <span class="nf">text</span><span class="p">(</span><span class="dl">'</span><span class="s1">slug</span><span class="dl">'</span><span class="p">).</span><span class="nf">unique</span><span class="p">().</span><span class="nf">notNull</span><span class="p">(),</span> <span class="na">owner_id</span><span class="p">:</span> <span class="nf">text</span><span class="p">(</span><span class="dl">'</span><span class="s1">owner_id</span><span class="dl">'</span><span class="p">).</span><span class="nf">notNull</span><span class="p">(),</span> <span class="na">plan</span><span class="p">:</span> <span class="nf">text</span><span class="p">(</span><span class="dl">'</span><span class="s1">plan</span><span class="dl">'</span><span class="p">).</span><span class="k">default</span><span class="p">(</span><span class="dl">'</span><span class="s1">free</span><span class="dl">'</span><span class="p">),</span> <span class="na">status</span><span class="p">:</span> <span class="nf">text</span><span class="p">(</span><span class="dl">'</span><span class="s1">status</span><span class="dl">'</span><span class="p">).</span><span class="k">default</span><span class="p">(</span><span class="dl">'</span><span class="s1">active</span><span class="dl">'</span><span class="p">),</span> <span class="na">settings</span><span class="p">:</span> <span class="nf">jsonb</span><span class="p">(</span><span class="dl">'</span><span class="s1">settings</span><span class="dl">'</span><span class="p">),</span> <span class="na">created_at</span><span class="p">:</span> <span class="nf">timestamp</span><span class="p">(</span><span class="dl">'</span><span class="s1">created_at</span><span class="dl">'</span><span class="p">).</span><span class="nf">defaultNow</span><span class="p">(),</span> <span class="p">});</span> </code></pre> </div> <p>The <code>slug</code> is an identifier used in URLs. <code>settings</code> stores plan-specific limits in JSON format.</p> <h3> Membership Design </h3> <p>This manages the relationship between users and tenants.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Example: Tenant members table</span> <span class="kd">const</span> <span class="nx">tenantMembers</span> <span class="o">=</span> <span class="nf">pgTable</span><span class="p">(</span><span class="dl">'</span><span class="s1">tenants_members</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">tenant_id</span><span class="p">:</span> <span class="nf">text</span><span class="p">(</span><span class="dl">'</span><span class="s1">tenant_id</span><span class="dl">'</span><span class="p">).</span><span class="nf">notNull</span><span class="p">(),</span> <span class="na">user_id</span><span class="p">:</span> <span class="nf">text</span><span class="p">(</span><span class="dl">'</span><span class="s1">user_id</span><span class="dl">'</span><span class="p">).</span><span class="nf">notNull</span><span class="p">(),</span> <span class="na">role</span><span class="p">:</span> <span class="nf">text</span><span class="p">(</span><span class="dl">'</span><span class="s1">role</span><span class="dl">'</span><span class="p">).</span><span class="nf">notNull</span><span class="p">(),</span> <span class="c1">// 'owner' | 'admin' | 'member' | 'viewer'</span> <span class="na">status</span><span class="p">:</span> <span class="nf">text</span><span class="p">(</span><span class="dl">'</span><span class="s1">status</span><span class="dl">'</span><span class="p">).</span><span class="k">default</span><span class="p">(</span><span class="dl">'</span><span class="s1">active</span><span class="dl">'</span><span class="p">),</span> <span class="na">joined_at</span><span class="p">:</span> <span class="nf">timestamp</span><span class="p">(</span><span class="dl">'</span><span class="s1">joined_at</span><span class="dl">'</span><span class="p">).</span><span class="nf">defaultNow</span><span class="p">(),</span> <span class="p">},</span> <span class="p">(</span><span class="nx">table</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">pk</span><span class="p">:</span> <span class="nf">primaryKey</span><span class="p">({</span> <span class="na">columns</span><span class="p">:</span> <span class="p">[</span><span class="nx">table</span><span class="p">.</span><span class="nx">tenant_id</span><span class="p">,</span> <span class="nx">table</span><span class="p">.</span><span class="nx">user_id</span><span class="p">]</span> <span class="p">}),</span> <span class="p">}));</span> </code></pre> </div> <p>By using a composite primary key (<code>tenant_id</code> + <code>user_id</code>), I enabled users to belong to multiple tenants.</p> <h3> Role Definition </h3> <p>For example, the following roles can be considered:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Role</th> <th>Permissions</th> </tr> </thead> <tbody> <tr> <td>owner</td> <td>Full permissions, can delete tenant</td> </tr> <tr> <td>admin</td> <td>Member management, settings changes</td> </tr> <tr> <td>member</td> <td>Create and edit content</td> </tr> <tr> <td>viewer</td> <td>View only</td> </tr> </tbody> </table></div> <h2> Row-Level Security (RLS) </h2> <p>The most important aspect of multi-tenancy is data isolation. If controlled only through application code, bugs could expose one tenant's data to another.</p> <p>I adopted PostgreSQL's Row-Level Security (RLS), which enables access control at the database level.</p> <h3> RLS Policy Implementation </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Enable RLS</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="n">app_content</span><span class="p">.</span><span class="n">labels</span> <span class="n">ENABLE</span> <span class="k">ROW</span> <span class="k">LEVEL</span> <span class="k">SECURITY</span><span class="p">;</span> <span class="c1">-- SELECT: Only retrieve data from same tenant</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="n">labels_select_policy</span> <span class="k">ON</span> <span class="n">app_content</span><span class="p">.</span><span class="n">labels</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">USING</span> <span class="p">(</span><span class="n">tenant_id</span> <span class="o">=</span> <span class="n">current_setting</span><span class="p">(</span><span class="s1">'app.current_tenant_id'</span><span class="p">,</span> <span class="k">true</span><span class="p">));</span> <span class="c1">-- INSERT: Only create in same tenant, admin or above</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="n">labels_insert_policy</span> <span class="k">ON</span> <span class="n">app_content</span><span class="p">.</span><span class="n">labels</span> <span class="k">FOR</span> <span class="k">INSERT</span> <span class="k">WITH</span> <span class="k">CHECK</span> <span class="p">(</span> <span class="n">tenant_id</span> <span class="o">=</span> <span class="n">current_setting</span><span class="p">(</span><span class="s1">'app.current_tenant_id'</span><span class="p">,</span> <span class="k">true</span><span class="p">)</span> <span class="k">AND</span> <span class="n">current_setting</span><span class="p">(</span><span class="s1">'app.current_user_role'</span><span class="p">,</span> <span class="k">true</span><span class="p">)</span> <span class="k">IN</span> <span class="p">(</span><span class="s1">'OWNER'</span><span class="p">,</span> <span class="s1">'ADMIN'</span><span class="p">)</span> <span class="p">);</span> </code></pre> </div> <p><code>current_setting('app.current_tenant_id', true)</code> retrieves the tenant ID set in the session.</p> <h3> Setting Session Context </h3> <p>I set the current tenant ID and role in the session during API requests.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Setting in API middleware</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">setTenantContext</span><span class="p">(</span><span class="nx">tenantId</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">role</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="nx">sql</span><span class="s2">` SELECT set_config('app.current_tenant_id', </span><span class="p">${</span><span class="nx">tenantId</span><span class="p">}</span><span class="s2">, true); SELECT set_config('app.current_user_role', </span><span class="p">${</span><span class="nx">role</span><span class="p">}</span><span class="s2">, true); `</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>After this, subsequent queries are automatically filtered by RLS policies.</p> <h2> Access Control Implementation </h2> <h3> Membership Verification </h3> <p>At API endpoints, I first verify whether the user is a member of the tenant.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Verify tenant access</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">checkTenantAccess</span><span class="p">(</span><span class="nx">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">tenantId</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">membership</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span> <span class="p">.</span><span class="nf">select</span><span class="p">({</span> <span class="na">role</span><span class="p">:</span> <span class="nx">tenantMembers</span><span class="p">.</span><span class="nx">role</span> <span class="p">})</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">tenantMembers</span><span class="p">)</span> <span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="nf">and</span><span class="p">(</span> <span class="nf">eq</span><span class="p">(</span><span class="nx">tenantMembers</span><span class="p">.</span><span class="nx">tenant_id</span><span class="p">,</span> <span class="nx">tenantId</span><span class="p">),</span> <span class="nf">eq</span><span class="p">(</span><span class="nx">tenantMembers</span><span class="p">.</span><span class="nx">user_id</span><span class="p">,</span> <span class="nx">userId</span><span class="p">),</span> <span class="nf">eq</span><span class="p">(</span><span class="nx">tenantMembers</span><span class="p">.</span><span class="nx">status</span><span class="p">,</span> <span class="dl">'</span><span class="s1">active</span><span class="dl">'</span><span class="p">)</span> <span class="p">));</span> <span class="k">if </span><span class="p">(</span><span class="nx">membership</span><span class="p">.</span><span class="nx">length</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Access denied</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">membership</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">role</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> Role-Based Permission Checks </h3> <p>I verify the required role for each operation.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Example: Team creation</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/tenants/:tenantId/teams</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">c</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">user</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">tenantId</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">c</span><span class="p">.</span><span class="nx">req</span><span class="p">.</span><span class="nf">param</span><span class="p">();</span> <span class="c1">// Verify membership</span> <span class="kd">const</span> <span class="nx">role</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">checkTenantAccess</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="nx">tenantId</span><span class="p">);</span> <span class="c1">// Only owner/admin can create</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="p">[</span><span class="dl">'</span><span class="s1">owner</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span><span class="p">].</span><span class="nf">includes</span><span class="p">(</span><span class="nx">role</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">c</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">No permission to create team</span><span class="dl">'</span> <span class="p">},</span> <span class="mi">403</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Team creation logic...</span> <span class="p">});</span> </code></pre> </div> <h3> Data Isolation with Composite Keys </h3> <p>I use composite primary keys including <code>tenant_id</code> in all content tables.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Example: Contents table</span> <span class="kd">const</span> <span class="nx">contents</span> <span class="o">=</span> <span class="nf">pgTable</span><span class="p">(</span><span class="dl">'</span><span class="s1">contents</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">tenant_id</span><span class="p">:</span> <span class="nf">text</span><span class="p">(</span><span class="dl">'</span><span class="s1">tenant_id</span><span class="dl">'</span><span class="p">).</span><span class="nf">notNull</span><span class="p">(),</span> <span class="na">content_id</span><span class="p">:</span> <span class="nf">text</span><span class="p">(</span><span class="dl">'</span><span class="s1">content_id</span><span class="dl">'</span><span class="p">).</span><span class="nf">notNull</span><span class="p">(),</span> <span class="na">title</span><span class="p">:</span> <span class="nf">text</span><span class="p">(</span><span class="dl">'</span><span class="s1">title</span><span class="dl">'</span><span class="p">).</span><span class="nf">notNull</span><span class="p">(),</span> <span class="c1">// ... other columns</span> <span class="p">},</span> <span class="p">(</span><span class="nx">table</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">pk</span><span class="p">:</span> <span class="nf">primaryKey</span><span class="p">({</span> <span class="na">columns</span><span class="p">:</span> <span class="p">[</span><span class="nx">table</span><span class="p">.</span><span class="nx">tenant_id</span><span class="p">,</span> <span class="nx">table</span><span class="p">.</span><span class="nx">content_id</span><span class="p">]</span> <span class="p">}),</span> <span class="p">}));</span> </code></pre> </div> <p>Master data can be managed as shared data across all tenants using a reserved <code>tenant_id</code> like <code>'SYSTEM'</code>.</p> <h2> Implementation Tips </h2> <h3> Explicit Filtering in Queries </h3> <p>In addition to RLS, I explicitly filter by <code>tenant_id</code> in application code as well.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Add explicit filter</span> <span class="kd">const</span> <span class="nx">userContents</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span> <span class="p">.</span><span class="nf">select</span><span class="p">()</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">contents</span><span class="p">)</span> <span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="nf">and</span><span class="p">(</span> <span class="nf">eq</span><span class="p">(</span><span class="nx">contents</span><span class="p">.</span><span class="nx">tenant_id</span><span class="p">,</span> <span class="nx">tenantId</span><span class="p">),</span> <span class="c1">// Explicit filter</span> <span class="nf">eq</span><span class="p">(</span><span class="nx">contents</span><span class="p">.</span><span class="nx">created_by</span><span class="p">,</span> <span class="nx">userId</span><span class="p">)</span> <span class="p">));</span> </code></pre> </div> <p>Even with RLS, this makes intent clear during code reviews.</p> <h3> Tenant Switching Consideration </h3> <p>I also implemented switching functionality for users who belong to multiple tenants.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Get list of tenants user belongs to</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getUserTenants</span><span class="p">(</span><span class="nx">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="nx">db</span> <span class="p">.</span><span class="nf">select</span><span class="p">({</span> <span class="na">tenant</span><span class="p">:</span> <span class="nx">tenants</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="nx">tenantMembers</span><span class="p">.</span><span class="nx">role</span><span class="p">,</span> <span class="p">})</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">tenants</span><span class="p">)</span> <span class="p">.</span><span class="nf">innerJoin</span><span class="p">(</span><span class="nx">tenantMembers</span><span class="p">,</span> <span class="nf">eq</span><span class="p">(</span><span class="nx">tenants</span><span class="p">.</span><span class="nx">tenant_id</span><span class="p">,</span> <span class="nx">tenantMembers</span><span class="p">.</span><span class="nx">tenant_id</span><span class="p">))</span> <span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="nf">and</span><span class="p">(</span> <span class="nf">eq</span><span class="p">(</span><span class="nx">tenantMembers</span><span class="p">.</span><span class="nx">user_id</span><span class="p">,</span> <span class="nx">userId</span><span class="p">),</span> <span class="nf">eq</span><span class="p">(</span><span class="nx">tenantMembers</span><span class="p">.</span><span class="nx">status</span><span class="p">,</span> <span class="dl">'</span><span class="s1">active</span><span class="dl">'</span><span class="p">)</span> <span class="p">));</span> <span class="p">}</span> </code></pre> </div> <p>The current tenant is managed in the session and can be switched through the UI.</p> <h3> Infrastructure Options </h3> <p>In December 2025, Vercel announced "Vercel for Platforms." It provides features like automatic routing for wildcard domains (<code>*.yourapp.com</code>) and SSL certificate management for custom domains.</p> <p><a href="https://vercel.com/changelog/introducing-vercel-for-platforms" rel="noopener noreferrer">https://vercel.com/changelog/introducing-vercel-for-platforms</a></p> <p>Combined with the data isolation design introduced in this article, you can build more sophisticated multi-tenant SaaS applications.</p> <h2> Summary </h2> <p>I've shared how I built a multi-tenant SaaS architecture.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Point</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>Tenant Structure</td> <td>Organization → Team → Member hierarchy</td> </tr> <tr> <td>RLS</td> <td>Database-level isolation with PostgreSQL</td> </tr> <tr> <td>Roles</td> <td>owner / admin / member / viewer, etc.</td> </tr> <tr> <td>Composite Keys</td> <td>Design with tenant_id in primary keys</td> </tr> <tr> <td>Double Check</td> <td>Verify in both RLS and application code</td> </tr> </tbody> </table></div> <p>Whether you need to go this far in solo development depends on your product's nature. However, if you're aiming for enterprise SaaS, considering this from the start makes future expansion easier.</p> <p><strong>Other Articles in This Series</strong></p> <ul> <li>12/21: Visualizing User Behavior: Setting Up GA4 and Microsoft Clarity</li> <li>12/23: How Claude Code Changed My Solo Development: AI Pair Programming in Practice</li> </ul> nextjs supabase saas postgres pipipi-dev Sun, 21 Dec 2025 04:55:12 +0000 https://forem.com/pipipi-dev/visualizing-user-behavior-setting-up-ga4-and-microsoft-clarity-1cj8 https://forem.com/pipipi-dev/visualizing-user-behavior-setting-up-ga4-and-microsoft-clarity-1cj8 <p>This article is Day 21 of the <strong><a href="https://adventar.org/calendars/12615" rel="noopener noreferrer">Solo SaaS Development Advent Calendar 2025</a></strong>.</p> <p>Yesterday I wrote about implementing tiered pricing with Stripe. Today, I'll cover setting up Google Analytics 4 and Microsoft Clarity to visualize user behavior.</p> <h2> 🤔 Why Analytics Matter </h2> <p>Once you launch a service, you naturally want to know how it's being used:</p> <ul> <li>Which pages are most viewed?</li> <li>Where do users drop off?</li> <li>Which buttons get clicked?</li> </ul> <p>Without this data, you can't make informed decisions about improvements. Instead of relying on gut feelings, I wanted to make data-driven decisions. That's why I implemented analytics tools.</p> <h3> Tool Selection </h3> <p>I use three tools in combination:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>Purpose</th> <th>Features</th> </tr> </thead> <tbody> <tr> <td>Google Analytics 4</td> <td>Traffic analysis</td> <td>User count, page views, traffic sources</td> </tr> <tr> <td>Microsoft Clarity</td> <td>Behavior visualization</td> <td>Heatmaps, session recordings</td> </tr> <tr> <td>Search Console</td> <td>SEO analysis</td> <td>Search keywords, rankings</td> </tr> </tbody> </table></div> <p>All three are free. While GA4 alone provides basic analysis, combining it with Clarity reveals the "why" behind the numbers.</p> <h2> 📈 Setting Up Google Analytics 4 </h2> <h3> Component Implementation </h3> <p>In Next.js, we use <code>next/script</code> to load the GA4 script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// components/analytics/GoogleAnalytics.tsx</span> <span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">Script</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/script</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">GoogleAnalyticsProps</span> <span class="p">{</span> <span class="nl">measurementId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">GoogleAnalytics</span><span class="p">({</span> <span class="nx">measurementId</span> <span class="p">}:</span> <span class="nx">GoogleAnalyticsProps</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">measurementId</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;&gt;</span> <span class="o">&lt;</span><span class="nx">Script</span> <span class="nx">src</span><span class="o">=</span><span class="p">{</span><span class="s2">`https://www.googletagmanager.com/gtag/js?id=</span><span class="p">${</span><span class="nx">measurementId</span><span class="p">}</span><span class="s2">`</span><span class="p">}</span> <span class="nx">strategy</span><span class="o">=</span><span class="dl">"</span><span class="s2">afterInteractive</span><span class="dl">"</span> <span class="o">/&gt;</span> <span class="o">&lt;</span><span class="nx">Script</span> <span class="nx">id</span><span class="o">=</span><span class="dl">"</span><span class="s2">google-analytics</span><span class="dl">"</span> <span class="nx">strategy</span><span class="o">=</span><span class="dl">"</span><span class="s2">afterInteractive</span><span class="dl">"</span><span class="o">&gt;</span> <span class="p">{</span><span class="s2">` window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', '</span><span class="p">${</span><span class="nx">measurementId</span><span class="p">}</span><span class="s2">', { page_path: window.location.pathname, }); `</span><span class="p">}</span> <span class="o">&lt;</span><span class="sr">/Script</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>By specifying <code>strategy="afterInteractive"</code>, the script runs without blocking page load, preserving user experience while tracking.</p> <h3> Adding to Layout </h3> <p>Load the component in your root layout. Check for the environment variable to ensure it only runs in production:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// app/layout.tsx</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">RootLayout</span><span class="p">({</span> <span class="nx">children</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">children</span><span class="p">:</span> <span class="nx">React</span><span class="p">.</span><span class="nx">ReactNode</span> <span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">gaMeasurementId</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXT_PUBLIC_GA_MEASUREMENT_ID</span><span class="p">;</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">html</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">body</span><span class="o">&gt;</span> <span class="p">{</span><span class="nx">children</span><span class="p">}</span> <span class="p">{</span><span class="nx">gaMeasurementId</span> <span class="o">&amp;&amp;</span> <span class="o">&lt;</span><span class="nx">GoogleAnalytics</span> <span class="nx">measurementId</span><span class="o">=</span><span class="p">{</span><span class="nx">gaMeasurementId</span><span class="p">}</span> <span class="sr">/&gt;</span><span class="err">} </span> <span class="o">&lt;</span><span class="sr">/body</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/html</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> Sending Custom Events </h3> <p>For tracking specific actions like button clicks, use custom events:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">function</span> <span class="nf">trackEvent</span><span class="p">(</span> <span class="nx">eventName</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">eventParams</span><span class="p">?:</span> <span class="nb">Record</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="kr">string</span> <span class="o">|</span> <span class="kr">number</span> <span class="o">|</span> <span class="nx">boolean</span><span class="o">&gt;</span> <span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="k">typeof</span> <span class="nb">window</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">undefined</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="dl">'</span><span class="s1">gtag</span><span class="dl">'</span> <span class="k">in</span> <span class="nb">window</span><span class="p">)</span> <span class="p">{</span> <span class="p">(</span><span class="nb">window</span> <span class="k">as</span> <span class="nx">Window</span> <span class="o">&amp;</span> <span class="p">{</span> <span class="na">gtag</span><span class="p">:</span> <span class="p">(...</span><span class="na">args</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">[])</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="p">}).</span><span class="nf">gtag</span><span class="p">(</span> <span class="dl">'</span><span class="s1">event</span><span class="dl">'</span><span class="p">,</span> <span class="nx">eventName</span><span class="p">,</span> <span class="nx">eventParams</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Usage examples</span> <span class="nf">trackEvent</span><span class="p">(</span><span class="dl">'</span><span class="s1">button_click</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">button_name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">signup</span><span class="dl">'</span> <span class="p">});</span> <span class="nf">trackEvent</span><span class="p">(</span><span class="dl">'</span><span class="s1">content_view</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">content_id</span><span class="p">:</span> <span class="dl">'</span><span class="s1">123</span><span class="dl">'</span> <span class="p">});</span> </code></pre> </div> <h2> 🎥 Setting Up Microsoft Clarity </h2> <p>Clarity visualizes user behavior through heatmaps and session recordings. While GA4 tells you "what happened," Clarity shows you "why it happened."</p> <h3> Component Implementation </h3> <p>Similar to GA4, load it using <code>next/script</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// components/analytics/MicrosoftClarity.tsx</span> <span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">Script</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/script</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">MicrosoftClarityProps</span> <span class="p">{</span> <span class="nl">projectId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">MicrosoftClarity</span><span class="p">({</span> <span class="nx">projectId</span> <span class="p">}:</span> <span class="nx">MicrosoftClarityProps</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">projectId</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">Script</span> <span class="nx">id</span><span class="o">=</span><span class="dl">"</span><span class="s2">microsoft-clarity</span><span class="dl">"</span> <span class="nx">strategy</span><span class="o">=</span><span class="dl">"</span><span class="s2">afterInteractive</span><span class="dl">"</span><span class="o">&gt;</span> <span class="p">{</span><span class="s2">` (function(c,l,a,r,i,t,y){ c[a]=c[a]||function(){(c[a].q=c[a].q||[]).push(arguments)}; t=l.createElement(r);t.async=1;t.src="https://www.clarity.ms/tag/"+i; y=l.getElementsByTagName(r)[0];y.parentNode.insertBefore(t,y); })(window, document, "clarity", "script", "</span><span class="p">${</span><span class="nx">projectId</span><span class="p">}</span><span class="s2">"); `</span><span class="p">}</span> <span class="o">&lt;</span><span class="sr">/Script</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> User Identification </h3> <p>To identify logged-in users, use Clarity's API:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">function</span> <span class="nf">identifyClarityUser</span><span class="p">(</span><span class="nx">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="k">typeof</span> <span class="nb">window</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">undefined</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="dl">'</span><span class="s1">clarity</span><span class="dl">'</span> <span class="k">in</span> <span class="nb">window</span><span class="p">)</span> <span class="p">{</span> <span class="p">(</span><span class="nb">window</span> <span class="k">as</span> <span class="nx">Window</span> <span class="o">&amp;</span> <span class="p">{</span> <span class="na">clarity</span><span class="p">:</span> <span class="p">(...</span><span class="na">args</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">[])</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="p">}).</span><span class="nf">clarity</span><span class="p">(</span> <span class="dl">'</span><span class="s1">identify</span><span class="dl">'</span><span class="p">,</span> <span class="nx">userId</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Set tags for segmentation</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">setClarityTag</span><span class="p">(</span><span class="nx">key</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">value</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="k">typeof</span> <span class="nb">window</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">undefined</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="dl">'</span><span class="s1">clarity</span><span class="dl">'</span> <span class="k">in</span> <span class="nb">window</span><span class="p">)</span> <span class="p">{</span> <span class="p">(</span><span class="nb">window</span> <span class="k">as</span> <span class="nx">Window</span> <span class="o">&amp;</span> <span class="p">{</span> <span class="na">clarity</span><span class="p">:</span> <span class="p">(...</span><span class="na">args</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">[])</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="p">}).</span><span class="nf">clarity</span><span class="p">(</span> <span class="dl">'</span><span class="s1">set</span><span class="dl">'</span><span class="p">,</span> <span class="nx">key</span><span class="p">,</span> <span class="nx">value</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Usage examples</span> <span class="nf">identifyClarityUser</span><span class="p">(</span><span class="dl">'</span><span class="s1">user_123</span><span class="dl">'</span><span class="p">);</span> <span class="nf">setClarityTag</span><span class="p">(</span><span class="dl">'</span><span class="s1">plan</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">premium</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>By setting tags per plan, you can analyze differences in behavior between free and paid users.</p> <h2> 🔍 Setting Up Search Console </h2> <h3> Foundation for SEO Analysis </h3> <p>Search Console analyzes your performance in Google search:</p> <ul> <li>What keywords are users searching for?</li> <li>How many times did you appear in search results?</li> <li>What's your click-through rate?</li> </ul> <p>Unlike GA4 and Clarity, it shows user behavior <em>before</em> they reach your site.</p> <h3> Ownership Verification </h3> <p>To use Search Console, you need to verify site ownership. The HTML tag method is the simplest:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// app/layout.tsx</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">metadata</span><span class="p">:</span> <span class="nx">Metadata</span> <span class="o">=</span> <span class="p">{</span> <span class="na">verification</span><span class="p">:</span> <span class="p">{</span> <span class="na">google</span><span class="p">:</span> <span class="dl">'</span><span class="s1">your-verification-code</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">};</span> </code></pre> </div> <p>This outputs a <code>&lt;meta name="google-site-verification"&gt;</code> tag. Just click the verify button in the Search Console dashboard to complete setup.</p> <p>Note that unlike GA4 and Clarity, data takes 1-2 days to appear. Make it a habit to check regularly.</p> <h2> 🔗 Tool Integration </h2> <p>Connecting the three tools enables deeper analysis.</p> <h3> GA4 and Search Console Integration </h3> <p>Link Search Console from the GA4 admin panel to combine search queries with on-site behavior analysis.</p> <p>This allows analysis like "Which pages do users who came from this search keyword view most?"</p> <h3> GA4 and Clarity Integration </h3> <p>Enable "Google Analytics integration" in Clarity settings to link GA4 sessions with Clarity recordings.</p> <p>When GA4 shows a page with high bounce rate, you can watch the Clarity recordings for that page to understand why.</p> <h2> 💡 Implementation Tips </h2> <h3> Enable Only in Production </h3> <p>Development traffic creates noise in your data. Use environment variables to enable analytics only in production:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># .env.local (development)</span> <span class="c"># Don't set these</span> <span class="c"># Vercel environment variables (production)</span> <span class="nv">NEXT_PUBLIC_GA_MEASUREMENT_ID</span><span class="o">=</span>G-XXXXXXXXXX <span class="nv">NEXT_PUBLIC_CLARITY_PROJECT_ID</span><span class="o">=</span>xxxxxxxxxx </code></pre> </div> <p>If the environment variable isn't set, the component renders nothing.</p> <h3> Data Reflection Timing </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>Reflection Time</th> </tr> </thead> <tbody> <tr> <td>GA4</td> <td>Real-time</td> </tr> <tr> <td>Clarity</td> <td>Real-time</td> </tr> <tr> <td>Search Console</td> <td>1-2 days</td> </tr> </tbody> </table></div> <p>GA4 and Clarity data is immediately available, but Search Console takes time. I check SEO data the next day.</p> <h3> CSP Configuration </h3> <p>If you have Content Security Policy (CSP) configured, you need to allow the analytics domains:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// middleware.ts</span> <span class="kd">const</span> <span class="nx">cspHeader</span> <span class="o">=</span> <span class="s2">` script-src 'self' https://www.googletagmanager.com https://*.clarity.ms; connect-src 'self' https://www.google-analytics.com https://*.clarity.ms; `</span><span class="p">;</span> </code></pre> </div> <p>Forgetting this will block the analytics scripts.</p> <h2> ✅ Summary </h2> <p>I covered setting up three analytics tools:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td>GA4</td> <td>Traffic analysis, detailed tracking with custom events</td> </tr> <tr> <td>Clarity</td> <td>Visualize behavior with heatmaps and session recordings</td> </tr> <tr> <td>Search Console</td> <td>SEO analysis with search keywords and rankings</td> </tr> </tbody> </table></div> <p>Key implementation points: enable only in production, don't forget CSP settings, and integrate the tools together.</p> <p>For solo development, you don't need to track every metric. Start with "which pages are most viewed" and "where users drop off," then add more tracking as needed.</p> <p>Tomorrow I'll cover building a multi-tenant SaaS as a solo developer.</p> <p><strong>Other Articles in This Series</strong></p> <ul> <li>Day 20: Tiered Pricing with Stripe: Monetization for Solo Developers</li> <li>Day 22: Building Multi-tenant SaaS as a Solo Developer</li> </ul> nextjs googleanalytics clarity analytics pipipi-dev Sat, 20 Dec 2025 03:56:16 +0000 https://forem.com/pipipi-dev/tiered-pricing-with-stripe-monetization-for-solo-developers-nec https://forem.com/pipipi-dev/tiered-pricing-with-stripe-monetization-for-solo-developers-nec <p>This article is part of the <strong><a href="https://adventar.org/calendars/12615" rel="noopener noreferrer">Solo SaaS Development Advent Calendar 2025</a></strong> (Day 20).</p> <p>Yesterday I wrote about "Security Practices." In this article, I'll share how I designed and implemented tiered pricing with Stripe.</p> <p>:::message<br> The content in this article reflects the approach I adopted for my personal product. Rather than best practices, please read this as a record of trial and error from a solo developer.<br> :::</p> <h2> 🤔 Thinking About Monetization for Solo Projects </h2> <p>When building a service as a solo developer, monetization is an unavoidable challenge.</p> <p>Providing a service for free indefinitely isn't realistic. Server costs, domain fees, API usage charges—operational costs are guaranteed. Revenue is necessary for a sustainable service.</p> <h3> Why I Chose Stripe </h3> <p>There are several payment services available, but I chose Stripe.</p> <ul> <li> <strong>Comprehensive documentation</strong>: The official docs are detailed, so implementation rarely gets stuck</li> <li> <strong>Easy-to-use test environment</strong>: You can test with test API keys using the same features as production</li> <li> <strong>Complex processes handled for you</strong>: No need to implement cancellation, plan changes, or invoice generation yourself</li> </ul> <p>In solo development, choosing "not to implement it yourself" is important. Payment processing is an area where mistakes are especially unforgivable, so I decided to entrust it to a reliable service.</p> <h2> 🎯 Designing the Pricing Plan </h2> <p>When designing the pricing plan, I focused on <strong>tiered value delivery</strong>.</p> <h3> Design Considerations </h3> <p><strong>1. The free plan should be fully usable</strong></p> <p>I made sure the free plan includes usable core features. The goal is not "I tried it but it wasn't enough," but rather "I tried it and it was useful, I want to use it more."</p> <p>I aimed to let users experience value for free first, then have those who want more consider paid plans.</p> <p><strong>2. Price differences have reasons</strong></p> <p>Higher-tier plans have clear value differentiators: more pages, more storage, more team members. It's important to be able to explain "why this price."</p> <p><strong>3. Feature restrictions based on operational costs</strong></p> <p>AI features and API access are only available on higher-tier plans. These incur costs based on usage, so opening them to free users would inflate operational costs.</p> <h3> Type Definition for Plan Limits </h3> <p>I define "what can be used and to what extent" for each plan using types.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kr">interface</span> <span class="nx">PlanLimits</span> <span class="p">{</span> <span class="nl">maxPages</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Number of pages that can be created</span> <span class="nl">maxTables</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Number of tables that can be created</span> <span class="nl">maxStorageMB</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Storage capacity (MB)</span> <span class="nl">maxTeamMembers</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Number of team members</span> <span class="nl">maxApiCallsPerMonth</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Monthly API call limit</span> <span class="nl">hasApiAccess</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="c1">// API access available</span> <span class="nl">hasAiFeatures</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="c1">// AI features available</span> <span class="p">}</span> </code></pre> </div> <p>Based on this type, I set limit values for each plan. The system checks the current plan's limits whenever a user performs an action.</p> <h2> 🧩 Stripe Implementation </h2> <h3> Creating a Checkout Session </h3> <p>Here's the flow when a user clicks the "Upgrade" button:</p> <ol> <li>Create a Stripe "Checkout Session" on the server side</li> <li>Return the URL of the Stripe-hosted payment page</li> <li>Redirect the user to that URL</li> </ol> <p>The key point is <strong>not handling card information on your own server</strong>. By redirecting to Stripe's page, you significantly reduce security risks.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// app/api/billing/create-checkout/route.ts</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">Request</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">priceId</span><span class="p">,</span> <span class="nx">planType</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">request</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">auth</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">session</span><span class="p">?.</span><span class="nx">user</span><span class="p">?.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">Response</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Authentication required</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Get or create Stripe customer</span> <span class="kd">const</span> <span class="nx">customer</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getOrCreateCustomer</span><span class="p">(</span><span class="nx">session</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="c1">// Create Checkout session</span> <span class="kd">const</span> <span class="nx">checkoutSession</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">stripe</span><span class="p">.</span><span class="nx">checkout</span><span class="p">.</span><span class="nx">sessions</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">customer</span><span class="p">:</span> <span class="nx">customer</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">payment_method_types</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">card</span><span class="dl">'</span><span class="p">],</span> <span class="na">mode</span><span class="p">:</span> <span class="dl">'</span><span class="s1">subscription</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Subscription billing</span> <span class="na">line_items</span><span class="p">:</span> <span class="p">[{</span> <span class="na">price</span><span class="p">:</span> <span class="nx">priceId</span><span class="p">,</span> <span class="na">quantity</span><span class="p">:</span> <span class="mi">1</span> <span class="p">}],</span> <span class="na">success_url</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXTAUTH_URL</span><span class="p">}</span><span class="s2">/billing/success`</span><span class="p">,</span> <span class="na">cancel_url</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXTAUTH_URL</span><span class="p">}</span><span class="s2">/billing/cancel`</span><span class="p">,</span> <span class="na">metadata</span><span class="p">:</span> <span class="p">{</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">session</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="nx">planType</span> <span class="p">},</span> <span class="c1">// For later use</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">Response</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">url</span><span class="p">:</span> <span class="nx">checkoutSession</span><span class="p">.</span><span class="nx">url</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>The key is including the user ID in <code>metadata</code>. When the payment completes, we receive it via Webhook to identify which user made the payment.</p> <h3> Managing Subscriptions with Webhooks </h3> <p>When a payment completes, we need to update the database. But since the payment completion happens on Stripe's page, our server doesn't know about it directly.</p> <p>This is where <strong>Webhooks</strong> come in. When events like payment completion occur, Stripe sends HTTP requests to a pre-registered URL.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// app/api/webhooks/stripe/route.ts</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">Request</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">request</span><span class="p">.</span><span class="nf">text</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">signature</span> <span class="o">=</span> <span class="nf">headers</span><span class="p">().</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">stripe-signature</span><span class="dl">'</span><span class="p">)</span><span class="o">!</span><span class="p">;</span> <span class="c1">// Verify signature (confirm it's a legitimate request from Stripe)</span> <span class="kd">const</span> <span class="nx">event</span> <span class="o">=</span> <span class="nx">stripe</span><span class="p">.</span><span class="nx">webhooks</span><span class="p">.</span><span class="nf">constructEvent</span><span class="p">(</span> <span class="nx">body</span><span class="p">,</span> <span class="nx">signature</span><span class="p">,</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">STRIPE_WEBHOOK_SECRET</span><span class="o">!</span> <span class="p">);</span> <span class="c1">// Branch processing based on event type</span> <span class="k">switch </span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="kd">type</span><span class="p">)</span> <span class="p">{</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">checkout.session.completed</span><span class="dl">'</span><span class="p">:</span> <span class="k">await</span> <span class="nf">handleCheckoutCompleted</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">object</span><span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">customer.subscription.updated</span><span class="dl">'</span><span class="p">:</span> <span class="k">await</span> <span class="nf">handleSubscriptionUpdated</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">object</span><span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">customer.subscription.deleted</span><span class="dl">'</span><span class="p">:</span> <span class="k">await</span> <span class="nf">handleSubscriptionDeleted</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">object</span><span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">Response</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">received</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>Signature verification (<code>constructEvent</code>) is essential. Without it, malicious third parties could send fake requests.</p> <p>When we receive a <code>checkout.session.completed</code> event, we save the subscription information to the database.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">handleCheckoutCompleted</span><span class="p">(</span><span class="nx">session</span><span class="p">:</span> <span class="nx">Stripe</span><span class="p">.</span><span class="nx">Checkout</span><span class="p">.</span><span class="nx">Session</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Get user info from metadata</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">userId</span><span class="p">,</span> <span class="nx">planType</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">session</span><span class="p">.</span><span class="nx">metadata</span><span class="o">!</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">subscription</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">stripe</span><span class="p">.</span><span class="nx">subscriptions</span><span class="p">.</span><span class="nf">retrieve</span><span class="p">(</span> <span class="nx">session</span><span class="p">.</span><span class="nx">subscription</span> <span class="k">as</span> <span class="kr">string</span> <span class="p">);</span> <span class="c1">// Save to database</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">insert</span><span class="p">(</span><span class="nx">subscriptions</span><span class="p">).</span><span class="nf">values</span><span class="p">({</span> <span class="nx">userId</span><span class="p">,</span> <span class="nx">planType</span><span class="p">,</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">active</span><span class="dl">'</span><span class="p">,</span> <span class="na">subscriptionId</span><span class="p">:</span> <span class="nx">subscription</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">currentPeriodEnd</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">(</span><span class="nx">subscription</span><span class="p">.</span><span class="nx">current_period_end</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">),</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h3> Customer Portal </h3> <p>I leave cancellation and plan changes to <strong>Stripe's Customer Portal</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">createCustomerPortalSession</span><span class="p">(</span><span class="nx">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">returnUrl</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">subscription</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getSubscription</span><span class="p">(</span><span class="nx">userId</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">portalSession</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">stripe</span><span class="p">.</span><span class="nx">billingPortal</span><span class="p">.</span><span class="nx">sessions</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">customer</span><span class="p">:</span> <span class="nx">subscription</span><span class="p">.</span><span class="nx">customerId</span><span class="p">,</span> <span class="na">return_url</span><span class="p">:</span> <span class="nx">returnUrl</span><span class="p">,</span> <span class="c1">// URL to return to from portal</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">portalSession</span><span class="p">.</span><span class="nx">url</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>The Customer Portal handles everything:</p> <ul> <li>Plan changes (upgrade/downgrade)</li> <li>Payment method changes</li> <li>Invoice viewing</li> <li>Cancellation</li> </ul> <p>Implementing these yourself means dealing with many edge cases: "How to handle prorated billing?" "What about remaining time after cancellation?" By leaving it to Stripe, I significantly reduced implementation costs.</p> <h2> 💡 Implementation Tips </h2> <h3> Checking Plan Limits </h3> <p>Check plan limits whenever a user performs an action.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">checkPlanLimit</span><span class="p">(</span> <span class="nx">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">resource</span><span class="p">:</span> <span class="dl">'</span><span class="s1">pages</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">tables</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">storage</span><span class="dl">'</span><span class="p">,</span> <span class="nx">currentCount</span><span class="p">:</span> <span class="kr">number</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">allowed</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">limit</span><span class="p">:</span> <span class="kr">number</span> <span class="p">}</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">subscription</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getSubscription</span><span class="p">(</span><span class="nx">userId</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">limits</span> <span class="o">=</span> <span class="nf">getPlanLimits</span><span class="p">(</span><span class="nx">subscription</span><span class="p">?.</span><span class="nx">planType</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">free</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">limitMap</span> <span class="o">=</span> <span class="p">{</span> <span class="na">pages</span><span class="p">:</span> <span class="nx">limits</span><span class="p">.</span><span class="nx">maxPages</span><span class="p">,</span> <span class="na">tables</span><span class="p">:</span> <span class="nx">limits</span><span class="p">.</span><span class="nx">maxTables</span><span class="p">,</span> <span class="na">storage</span><span class="p">:</span> <span class="nx">limits</span><span class="p">.</span><span class="nx">maxStorageMB</span><span class="p">,</span> <span class="p">};</span> <span class="k">return</span> <span class="p">{</span> <span class="na">allowed</span><span class="p">:</span> <span class="nx">currentCount</span> <span class="o">&lt;</span> <span class="nx">limitMap</span><span class="p">[</span><span class="nx">resource</span><span class="p">],</span> <span class="na">limit</span><span class="p">:</span> <span class="nx">limitMap</span><span class="p">[</span><span class="nx">resource</span><span class="p">],</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p>Here's an example of checking when creating a page:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">createPage</span><span class="p">(</span><span class="nx">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">data</span><span class="p">:</span> <span class="nx">PageData</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">pageCount</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getPageCount</span><span class="p">(</span><span class="nx">userId</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">check</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">checkPlanLimit</span><span class="p">(</span><span class="nx">userId</span><span class="p">,</span> <span class="dl">'</span><span class="s1">pages</span><span class="dl">'</span><span class="p">,</span> <span class="nx">pageCount</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">check</span><span class="p">.</span><span class="nx">allowed</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Page limit reached</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">insert</span><span class="p">(</span><span class="nx">pages</span><span class="p">).</span><span class="nf">values</span><span class="p">({</span> <span class="p">...</span><span class="nx">data</span><span class="p">,</span> <span class="nx">userId</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>When the limit is reached, I display a UI prompting an upgrade.</p> <h3> Webhook Idempotency </h3> <p>The same event may be sent multiple times. This happens because Stripe resends due to network issues.</p> <p>Idempotency means "the result doesn't change no matter how many times you execute the same process." For Webhooks, you need to handle the same request coming in without issues.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">db</span> <span class="p">.</span><span class="nf">insert</span><span class="p">(</span><span class="nx">subscriptions</span><span class="p">)</span> <span class="p">.</span><span class="nf">values</span><span class="p">(</span><span class="nx">subscriptionData</span><span class="p">)</span> <span class="p">.</span><span class="nf">onConflictDoUpdate</span><span class="p">({</span> <span class="na">target</span><span class="p">:</span> <span class="nx">subscriptions</span><span class="p">.</span><span class="nx">subscriptionId</span><span class="p">,</span> <span class="na">set</span><span class="p">:</span> <span class="nx">subscriptionData</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>By making <code>subscriptionId</code> a unique key, existing records get updated rather than duplicated. This prevents duplicate registrations.</p> <h3> Using the Test Environment </h3> <p>Stripe has production and test environments. You can switch between them just by changing API keys.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Development</span> <span class="nv">STRIPE_SECRET_KEY</span><span class="o">=</span>sk_test_... <span class="c"># Production</span> <span class="nv">STRIPE_SECRET_KEY</span><span class="o">=</span>sk_live_... </code></pre> </div> <p>In the test environment, you can try the payment flow with test card numbers (like <code>4242 4242 4242 4242</code>). No actual charges occur, so you can develop with confidence.</p> <h2> ✅ Summary </h2> <p>I've shared my approach and implementation points for tiered pricing with Stripe.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Point</th> <th>Content</th> </tr> </thead> <tbody> <tr> <td>Pricing design</td> <td>Free plan is usable, price differences have reasons</td> </tr> <tr> <td>Checkout</td> <td>Use Stripe's hosted payment page</td> </tr> <tr> <td>Webhook</td> <td>Event-driven DB updates, signature verification is essential</td> </tr> <tr> <td>Customer Portal</td> <td>Leave cancellation and changes to Stripe</td> </tr> <tr> <td>Test environment</td> <td>Safely test payment flows</td> </tr> </tbody> </table></div> <p>In solo development, it's also important not to spend too much time on payment processing. Stripe's documentation is comprehensive, so I recommend implementing while reading the official docs.</p> <p><a href="https://docs.stripe.com/" rel="noopener noreferrer">https://docs.stripe.com/</a></p> <p>Tomorrow I'll cover "Visualizing User Behavior: Setting Up GA4 and Microsoft Clarity."</p> <p><strong>Other articles in this series</strong></p> <ul> <li>12/19: What the React 2025 Vulnerability Taught Me About Solo Dev Security</li> <li>12/21: Visualizing User Behavior: Setting Up GA4 and Microsoft Clarity</li> </ul> stripe nextjs saas billing pipipi-dev Fri, 19 Dec 2025 05:45:00 +0000 https://forem.com/pipipi-dev/what-the-react-2025-vulnerability-taught-me-about-solo-dev-security-4hbl https://forem.com/pipipi-dev/what-the-react-2025-vulnerability-taught-me-about-solo-dev-security-4hbl <p>This article is part of the <strong><a href="https://adventar.org/calendars/12615" rel="noopener noreferrer">and Design Advent Calendar 2025</a></strong> (Day 19).</p> <p>Yesterday I wrote about "TypeScript Strict Mode." In this article, I'll share the security practices I follow in my solo development projects.</p> <h2> 🚨 Security Incidents in December 2025 </h2> <p>In December 2025, critical vulnerabilities were discovered in the Next.js/React ecosystem. Security is not someone else's problem, even for solo developers.</p> <h3> React Server Components Vulnerability (CVE-2025-55182) </h3> <p>On December 3, 2025, a remote code execution vulnerability in React Server Components was disclosed. The CVSS score, which indicates severity, is 10.0—the maximum possible value.</p> <p><a href="https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components" rel="noopener noreferrer">https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components</a></p> <ul> <li> <strong>Affected</strong>: All applications using React 19.0 to 19.2.0</li> <li> <strong>Attack vector</strong>: Malicious HTTP requests can execute arbitrary code on the server</li> <li> <strong>Affected frameworks</strong>: Next.js, React Router, Waku, Parcel RSC, and others </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># For Next.js, update to a patched version</span> npm <span class="nb">install </span>next@15.1.11 <span class="c"># For 15.1.x</span> npm <span class="nb">install </span>next@15.0.7 <span class="c"># For 15.0.x</span> npm <span class="nb">install </span>next@14.2.35 <span class="c"># For 14.x</span> </code></pre> </div> <p>For Memoreru, the app I'm developing, I noticed a warning on Vercel's deployment screen and immediately updated to Next.js 15.5.9 and React 19.2.3. Because I had made a habit of keeping dependencies updated, the transition was smooth.</p> <p><a href="https://x.com/pipipi_dev/status/1996301018532118914" rel="noopener noreferrer">https://x.com/pipipi_dev/status/1996301018532118914</a></p> <h3> Multiple Node.js Vulnerabilities </h3> <p>Also in December 2025, multiple vulnerabilities were reported in Node.js.</p> <p><a href="https://nodejs.org/en/blog/vulnerability/december-2025-security-releases" rel="noopener noreferrer">https://nodejs.org/en/blog/vulnerability/december-2025-security-releases</a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Severity</th> <th>Count</th> <th>Affected Versions</th> </tr> </thead> <tbody> <tr> <td>High</td> <td>3</td> <td>v20.x, v22.x, v24.x, v25.x</td> </tr> <tr> <td>Medium</td> <td>1</td> <td>Same as above</td> </tr> <tr> <td>Low</td> <td>1</td> <td>Same as above</td> </tr> </tbody> </table></div> <p>Patches are scheduled for release on January 7, 2026 (as of December 19, 2025).</p> <h2> 🛡️ Security Practices I Follow </h2> <p>Here are the security measures I've implemented in Memoreru's development.</p> <h3> 1. Keeping Dependencies Updated </h3> <p>The most fundamental and effective measure is keeping dependencies up to date.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check for vulnerabilities</span> npm audit <span class="c"># Fix automatically fixable vulnerabilities</span> npm audit fix <span class="c"># For breaking changes (use with caution)</span> npm audit fix <span class="nt">--force</span> </code></pre> </div> <p>Setting up <a href="https://github.com/dependabot" rel="noopener noreferrer">Dependabot</a> or <a href="https://www.mend.io/renovate/" rel="noopener noreferrer">Renovate</a> automatically creates PRs for dependency updates.</p> <h3> 2. Input Validation </h3> <p>I implement with the assumption that <strong>all user input is untrusted</strong>. Using <a href="https://zod.dev/" rel="noopener noreferrer">Zod</a>, you can manage validation and type definitions in one place.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">z</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zod</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Schema definition</span> <span class="kd">const</span> <span class="nx">CreateUserSchema</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">email</span><span class="p">(</span><span class="dl">'</span><span class="s1">Please enter a valid email address</span><span class="dl">'</span><span class="p">),</span> <span class="na">password</span><span class="p">:</span> <span class="nx">z</span> <span class="p">.</span><span class="nf">string</span><span class="p">()</span> <span class="p">.</span><span class="nf">min</span><span class="p">(</span><span class="mi">8</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Password must be at least 8 characters</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">regex</span><span class="p">(</span><span class="sr">/^</span><span class="se">(?=</span><span class="sr">.*</span><span class="se">[</span><span class="sr">a-z</span><span class="se">])(?=</span><span class="sr">.*</span><span class="se">[</span><span class="sr">A-Z</span><span class="se">])(?=</span><span class="sr">.*</span><span class="se">\d)</span><span class="sr">/</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Must include uppercase, lowercase, and numbers</span><span class="dl">'</span><span class="p">),</span> <span class="na">name</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="nf">max</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span> <span class="p">});</span> <span class="c1">// Validation execution</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="nx">CreateUserSchema</span><span class="p">.</span><span class="nf">safeParse</span><span class="p">(</span><span class="nx">requestBody</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">result</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">Response</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="nx">result</span><span class="p">.</span><span class="nx">error</span><span class="p">.</span><span class="nx">issues</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// result.data is type-safe</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">,</span> <span class="nx">name</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">result</span><span class="p">.</span><span class="nx">data</span><span class="p">;</span> </code></pre> </div> <p>I validate API query parameters the same way.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">QuerySchema</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">page</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nx">coerce</span><span class="p">.</span><span class="nf">number</span><span class="p">().</span><span class="nf">int</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="k">default</span><span class="p">(</span><span class="mi">1</span><span class="p">),</span> <span class="na">limit</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nx">coerce</span><span class="p">.</span><span class="nf">number</span><span class="p">().</span><span class="nf">int</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="nf">max</span><span class="p">(</span><span class="mi">100</span><span class="p">).</span><span class="k">default</span><span class="p">(</span><span class="mi">20</span><span class="p">),</span> <span class="na">search</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">max</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">optional</span><span class="p">(),</span> <span class="p">});</span> </code></pre> </div> <h3> 3. Authentication and Authorization </h3> <p>I use libraries for authentication rather than building it myself. For Memoreru, I chose <a href="https://www.better-auth.com/" rel="noopener noreferrer">Better Auth</a>. <a href="https://authjs.dev/" rel="noopener noreferrer">Auth.js</a> is also an option.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// API middleware requiring authentication</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">requireAuth</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">Request</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getSession</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">session</span><span class="p">?.</span><span class="nx">user</span><span class="p">?.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">Response</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Authentication required</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">session</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>I also implement authorization (permission checks).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Resource ownership check</span> <span class="kd">const</span> <span class="nx">content</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nx">query</span><span class="p">.</span><span class="nx">contents</span><span class="p">.</span><span class="nf">findFirst</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">(</span><span class="nx">contents</span><span class="p">,</span> <span class="p">{</span> <span class="nx">eq</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="nf">eq</span><span class="p">(</span><span class="nx">contents</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="nx">contentId</span><span class="p">),</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">content</span><span class="p">?.</span><span class="nx">userId</span> <span class="o">!==</span> <span class="nx">session</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">Response</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">You do not have permission to access this resource</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">403</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> 4. Environment Variable Management </h3> <p>I manage secrets through environment variables and avoid hardcoding them in code.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># .env.local (include in gitignore)</span> <span class="nv">DATABASE_URL</span><span class="o">=</span><span class="s2">"postgresql://user:password@host:5432/db"</span> <span class="nv">AUTH_SECRET</span><span class="o">=</span><span class="s2">"random string of 32+ characters"</span> <span class="nv">STRIPE_SECRET_KEY</span><span class="o">=</span><span class="s2">"sk_live_..."</span> </code></pre> </div> <p>I prepare a <code>.env.example</code> file for developers to document required environment variables.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># .env.example (commit to repository)</span> <span class="nv">DATABASE_URL</span><span class="o">=</span><span class="s2">"postgresql://user:password@host:5432/db"</span> <span class="nv">AUTH_SECRET</span><span class="o">=</span><span class="s2">""</span> <span class="nv">STRIPE_SECRET_KEY</span><span class="o">=</span><span class="s2">""</span> </code></pre> </div> <h3> 5. Security Headers </h3> <p>In Next.js, you can configure security headers in <code>next.config.ts</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">nextConfig</span><span class="p">:</span> <span class="nx">NextConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="p">{</span> <span class="na">source</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/:path*</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">[</span> <span class="c1">// Clickjacking protection</span> <span class="p">{</span> <span class="na">key</span><span class="p">:</span> <span class="dl">'</span><span class="s1">X-Frame-Options</span><span class="dl">'</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="dl">'</span><span class="s1">DENY</span><span class="dl">'</span> <span class="p">},</span> <span class="c1">// MIME sniffing protection</span> <span class="p">{</span> <span class="na">key</span><span class="p">:</span> <span class="dl">'</span><span class="s1">X-Content-Type-Options</span><span class="dl">'</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="dl">'</span><span class="s1">nosniff</span><span class="dl">'</span> <span class="p">},</span> <span class="c1">// Referrer information control</span> <span class="p">{</span> <span class="na">key</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Referrer-Policy</span><span class="dl">'</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="dl">'</span><span class="s1">strict-origin-when-cross-origin</span><span class="dl">'</span> <span class="p">},</span> <span class="c1">// Disable unnecessary features</span> <span class="p">{</span> <span class="na">key</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Permissions-Policy</span><span class="dl">'</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="dl">'</span><span class="s1">camera=(), microphone=(), geolocation=()</span><span class="dl">'</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">],</span> <span class="p">};</span> </code></pre> </div> <p>In production, I also add the HSTS (HTTP Strict Transport Security) header. This header ensures browsers automatically use HTTPS.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">{</span> <span class="nl">key</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Strict-Transport-Security</span><span class="dl">'</span><span class="p">,</span> <span class="nx">value</span><span class="p">:</span> <span class="dl">'</span><span class="s1">max-age=31536000; includeSubDomains</span><span class="dl">'</span> <span class="p">}</span> </code></pre> </div> <h3> 6. CSRF Protection </h3> <p>CSRF (Cross-Site Request Forgery) is an attack that tricks users into sending unintended requests. For example, simply opening a malicious site could trigger actions on a service you're logged into.</p> <p>As a countermeasure, I use CSRF tokens for form submissions and API requests.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Token generation (with HMAC-SHA256 signature)</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">generateCsrfToken</span><span class="p">(</span><span class="nx">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">timestamp</span> <span class="o">=</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">nonce</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomUUID</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="s2">`</span><span class="p">${</span><span class="nx">userId</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">timestamp</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">nonce</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">signature</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">signWithHmac</span><span class="p">(</span><span class="nx">payload</span><span class="p">,</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CSRF_SECRET</span><span class="p">);</span> <span class="k">return</span> <span class="s2">`</span><span class="p">${</span><span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">payload</span><span class="p">).</span><span class="nf">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">base64</span><span class="dl">'</span><span class="p">)}</span><span class="s2">.</span><span class="p">${</span><span class="nx">signature</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Token validation</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">validateCsrfToken</span><span class="p">(</span><span class="nx">token</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">boolean</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">payloadBase64</span><span class="p">,</span> <span class="nx">signature</span><span class="p">]</span> <span class="o">=</span> <span class="nx">token</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1">.</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">payloadBase64</span><span class="p">,</span> <span class="dl">'</span><span class="s1">base64</span><span class="dl">'</span><span class="p">).</span><span class="nf">toString</span><span class="p">();</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">tokenUserId</span><span class="p">,</span> <span class="nx">timestamp</span><span class="p">]</span> <span class="o">=</span> <span class="nx">payload</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1">:</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Signature verification</span> <span class="kd">const</span> <span class="nx">expectedSignature</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">signWithHmac</span><span class="p">(</span><span class="nx">payload</span><span class="p">,</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CSRF_SECRET</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">signature</span> <span class="o">!==</span> <span class="nx">expectedSignature</span><span class="p">)</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="c1">// Expiration check (1 hour)</span> <span class="k">if </span><span class="p">(</span><span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">-</span> <span class="nf">parseInt</span><span class="p">(</span><span class="nx">timestamp</span><span class="p">)</span> <span class="o">&gt;</span> <span class="mi">3600000</span><span class="p">)</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="c1">// User ID match check</span> <span class="k">if </span><span class="p">(</span><span class="nx">tokenUserId</span> <span class="o">!==</span> <span class="nx">userId</span><span class="p">)</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> 7. SQL Injection Protection </h3> <p>SQL injection is an attack that executes malicious SQL through user input. For example, entering special characters in a login form could bypass authentication or steal data.</p> <p>Using an ORM (a library that lets you write database operations in code) correctly is generally safe, but when writing raw SQL, I use parameterized queries.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Dangerous: String concatenation</span> <span class="kd">const</span> <span class="nx">query</span> <span class="o">=</span> <span class="s2">`SELECT * FROM users WHERE email = '</span><span class="p">${</span><span class="nx">email</span><span class="p">}</span><span class="s2">'`</span><span class="p">;</span> <span class="c1">// Safe: Parameterized query</span> <span class="kd">const</span> <span class="nx">query</span> <span class="o">=</span> <span class="s2">`SELECT * FROM users WHERE email = $1`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="nx">query</span><span class="p">,</span> <span class="p">[</span><span class="nx">email</span><span class="p">]);</span> </code></pre> </div> <p>Using <a href="https://orm.drizzle.team/" rel="noopener noreferrer">Drizzle ORM</a> or <a href="https://www.prisma.io/" rel="noopener noreferrer">Prisma</a> automatically parameterizes queries.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// With Drizzle ORM</span> <span class="kd">const</span> <span class="nx">users</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span> <span class="p">.</span><span class="nf">select</span><span class="p">()</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">usersTable</span><span class="p">)</span> <span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="nf">eq</span><span class="p">(</span><span class="nx">usersTable</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="nx">email</span><span class="p">));</span> </code></pre> </div> <h3> 8. Rate Limiting </h3> <p>Rate limiting restricts the number of requests within a time window. This helps mitigate DoS attacks that overwhelm servers with requests, and brute force password attacks.</p> <p>Here's a simple implementation.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">rateLimitMap</span> <span class="o">=</span> <span class="k">new</span> <span class="nb">Map</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="p">{</span> <span class="na">count</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">resetTime</span><span class="p">:</span> <span class="kr">number</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">();</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">checkRateLimit</span><span class="p">(</span> <span class="nx">identifier</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">maxRequests</span> <span class="o">=</span> <span class="mi">100</span><span class="p">,</span> <span class="nx">windowMs</span> <span class="o">=</span> <span class="mi">60000</span> <span class="p">):</span> <span class="nx">boolean</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">now</span> <span class="o">=</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">record</span> <span class="o">=</span> <span class="nx">rateLimitMap</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">identifier</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">record</span> <span class="o">||</span> <span class="nx">now</span> <span class="o">&gt;</span> <span class="nx">record</span><span class="p">.</span><span class="nx">resetTime</span><span class="p">)</span> <span class="p">{</span> <span class="nx">rateLimitMap</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">identifier</span><span class="p">,</span> <span class="p">{</span> <span class="na">count</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">resetTime</span><span class="p">:</span> <span class="nx">now</span> <span class="o">+</span> <span class="nx">windowMs</span> <span class="p">});</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">record</span><span class="p">.</span><span class="nx">count</span> <span class="o">&gt;=</span> <span class="nx">maxRequests</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="c1">// Rate limit exceeded</span> <span class="p">}</span> <span class="nx">record</span><span class="p">.</span><span class="nx">count</span><span class="o">++</span><span class="p">;</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>For production scaling, distributed rate limiting using Redis with services like <a href="https://upstash.com/" rel="noopener noreferrer">Upstash</a> is also an option.</p> <h2> 📋 Security Checklist </h2> <p>Here's a summary of items I check.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Category</th> <th>Check Item</th> </tr> </thead> <tbody> <tr> <td><strong>Dependencies</strong></td> <td>No vulnerabilities in <code>npm audit</code> </td> </tr> <tr> <td><strong>Dependencies</strong></td> <td>Major packages (Next.js, React, Node.js) are up to date</td> </tr> <tr> <td><strong>Input Validation</strong></td> <td>All user input is validated</td> </tr> <tr> <td><strong>Authentication</strong></td> <td>Using an auth library (not custom implementation)</td> </tr> <tr> <td><strong>Authorization</strong></td> <td>Resource access permissions are verified</td> </tr> <tr> <td><strong>Environment Variables</strong></td> <td>No secrets hardcoded in code</td> </tr> <tr> <td><strong>Headers</strong></td> <td>Security headers are configured</td> </tr> <tr> <td><strong>HTTPS</strong></td> <td>HTTPS is enforced in production</td> </tr> <tr> <td><strong>CSRF</strong></td> <td>CSRF tokens are used for form submissions</td> </tr> <tr> <td><strong>SQL</strong></td> <td>Using parameterized queries or ORM</td> </tr> <tr> <td><strong>API</strong></td> <td>Rate limiting is implemented</td> </tr> </tbody> </table></div> <h2> 🔔 Staying Updated on Vulnerabilities </h2> <p>Make it a habit to regularly check security information. Following official accounts and developers who actively share security information on social media like X helps you catch important updates quickly.</p> <ul> <li> <a href="https://nextjs.org/docs/app/building-your-application/configuring/security" rel="noopener noreferrer">Next.js Security</a> - Next.js official</li> <li> <a href="https://react.dev/blog" rel="noopener noreferrer">React Blog</a> - React official</li> <li> <a href="https://nodejs.org/en/blog/vulnerability" rel="noopener noreferrer">Node.js Security Releases</a> - Node.js official</li> </ul> <h2> ✅ Summary </h2> <p>Even for solo development, basic security measures are essential.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Measure</th> <th>Priority</th> <th>Reason</th> </tr> </thead> <tbody> <tr> <td>Dependency updates</td> <td>Highest</td> <td>Prevents known vulnerabilities</td> </tr> <tr> <td>Input validation</td> <td>Highest</td> <td>Entry point for many attacks</td> </tr> <tr> <td>Authentication/Authorization</td> <td>High</td> <td>Prevents unauthorized access</td> </tr> <tr> <td>Environment variable management</td> <td>High</td> <td>Prevents information leaks</td> </tr> <tr> <td>Security headers</td> <td>High</td> <td>Effective with minimal effort</td> </tr> <tr> <td>CSRF protection</td> <td>High</td> <td>Prevents unintended actions</td> </tr> <tr> <td>SQL injection protection</td> <td>Medium</td> <td>Handled automatically by ORM</td> </tr> <tr> <td>Rate limiting</td> <td>Medium</td> <td>Mitigates high-volume attacks</td> </tr> </tbody> </table></div> <p>"I'll add security later" is dangerous. Building in basic protections from the start lets you develop with peace of mind.</p> <p>Tomorrow I'll cover "Implementing Tiered Pricing with Stripe."</p> <p><strong>Other articles in this series</strong></p> <ul> <li>12/18: TypeScript Strict Mode in Practice: Catching Bugs with Type Safety</li> <li>12/20: Implementing Tiered Pricing with Stripe: Monetization Design for Solo Developers</li> </ul> security nextjs node react pipipi-dev Fri, 19 Dec 2025 05:44:57 +0000 https://forem.com/pipipi-dev/typescript-strict-mode-in-practice-catching-bugs-with-type-safety-3kbk https://forem.com/pipipi-dev/typescript-strict-mode-in-practice-catching-bugs-with-type-safety-3kbk <p>This article is part of the <strong><a href="https://adventar.org/calendars/12615" rel="noopener noreferrer">and Design Advent Calendar 2025</a></strong> (Day 18).</p> <p>Yesterday I wrote about "Semantic Search." Today, I'll share my experience introducing TypeScript's strict mode to an existing project.</p> <h2> Why I Introduced Strict Mode </h2> <p>Even with TypeScript, runtime errors still occur.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Cannot read property 'name' of null undefined is not a function </code></pre> </div> <p>When these errors started piling up, I investigated and found a common pattern. They were happening in places where <strong>type checking was too lenient</strong>.</p> <p>TypeScript uses lenient settings by default. Without enabling strict mode, many problems slip through undetected.</p> <h2> Options I Enabled </h2> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"compilerOptions"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"strict"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"noImplicitAny"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"strictNullChecks"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"noUnusedLocals"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"noUnusedParameters"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> noImplicitAny </h3> <p>Parameters without type annotations implicitly become <code>any</code> type. Since <code>any</code> allows any operation, type checking becomes ineffective.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// With noImplicitAny: false</span> <span class="kd">function</span> <span class="nf">double</span><span class="p">(</span><span class="nx">value</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// value is any type</span> <span class="k">return</span> <span class="nx">value</span> <span class="o">*</span> <span class="mi">2</span><span class="p">;</span> <span class="p">}</span> <span class="nf">double</span><span class="p">(</span><span class="dl">"</span><span class="s2">hello</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// Compiles fine, but result is NaN</span> </code></pre> </div> <p>With <code>noImplicitAny: true</code>, parameters without type annotations cause errors. You can immediately spot "places where you forgot to write types."</p> <h3> strictNullChecks </h3> <p>Without this option, all types implicitly include <code>null</code> and <code>undefined</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// With strictNullChecks: false</span> <span class="kd">const</span> <span class="nx">user</span><span class="p">:</span> <span class="nx">User</span> <span class="o">=</span> <span class="nf">getUser</span><span class="p">();</span> <span class="c1">// Might return null</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">name</span><span class="p">);</span> <span class="c1">// Could crash at runtime</span> </code></pre> </div> <p>With <code>strictNullChecks: true</code>, functions that might return null must explicitly declare <code>User | null</code>. Since you get compile errors without null checks, you can prevent missed checks.</p> <h3> Effect of These Two Options </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Option</th> <th>Errors Prevented</th> </tr> </thead> <tbody> <tr> <td><code>noImplicitAny</code></td> <td>Crashes from operating on unknown types</td> </tr> <tr> <td><code>strictNullChecks</code></td> <td>Crashes from null/undefined access</td> </tr> </tbody> </table></div> <p>I delegated unused variable checking (<code>noUnusedLocals</code>) to Biome. TypeScript doesn't recognize <code>_</code> prefixed variables, which causes issues when you only want to use part of a destructured assignment.</p> <h2> Division of Responsibilities: TypeScript and Biome </h2> <p><a href="https://biomejs.dev/" rel="noopener noreferrer">Biome</a> is a tool that combines linting (code quality checking) and formatting (code styling). I chose it over <a href="https://eslint.org/" rel="noopener noreferrer">ESLint</a> because it's faster and has simpler configuration.</p> <p>I divide checking responsibilities between TypeScript and Biome.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Check Item</th> <th>Tool</th> <th>Reason</th> </tr> </thead> <tbody> <tr> <td>Type consistency</td> <td>TypeScript</td> <td>Core strength of the type system</td> </tr> <tr> <td>Null safety</td> <td>TypeScript</td> <td>Detectable at type level</td> </tr> <tr> <td>Unused variables</td> <td>Biome</td> <td>Supports <code>_</code> prefix convention</td> </tr> <tr> <td>any type usage</td> <td>Biome</td> <td>Easier exception management with biome-ignore</td> </tr> <tr> <td>Code style</td> <td>Biome</td> <td>Managed together with formatting</td> </tr> </tbody> </table></div> <p>Here's an example Biome configuration.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"linter"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rules"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"correctness"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"noUnusedVariables"</span><span class="p">:</span><span class="w"> </span><span class="s2">"warn"</span><span class="p">,</span><span class="w"> </span><span class="nl">"noUnusedImports"</span><span class="p">:</span><span class="w"> </span><span class="s2">"warn"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"suspicious"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"noExplicitAny"</span><span class="p">:</span><span class="w"> </span><span class="s2">"error"</span><span class="p">,</span><span class="w"> </span><span class="nl">"noDoubleEquals"</span><span class="p">:</span><span class="w"> </span><span class="s2">"error"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>By setting <code>noExplicitAny</code> to error, I strictly limit the use of any types. When absolutely necessary, I leave a comment explaining why.</p> <h2> Bugs Prevented by Strict Mode </h2> <p>Here are typical bug patterns that strict mode can detect.</p> <h3> 1. Missing Null Checks </h3> <p>The most common issue is missing null checks.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Problematic code</span> <span class="kd">function</span> <span class="nf">getUserName</span><span class="p">(</span><span class="nx">user</span><span class="p">:</span> <span class="nx">User</span> <span class="o">|</span> <span class="kc">null</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">user</span><span class="p">.</span><span class="nx">name</span><span class="p">;</span> <span class="c1">// user might be null</span> <span class="p">}</span> </code></pre> </div> <p>With <code>strictNullChecks</code> enabled, this becomes a compile-time error.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Fixed</span> <span class="kd">function</span> <span class="nf">getUserName</span><span class="p">(</span><span class="nx">user</span><span class="p">:</span> <span class="nx">User</span> <span class="o">|</span> <span class="kc">null</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">user</span><span class="p">?.</span><span class="nx">name</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">Anonymous</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>This pattern is especially common with <strong>relational data</strong>. When a user is deleted, the <code>creator</code> field of related data becomes null. Code that doesn't account for this will crash at runtime.</p> <h3> 2. Handling Optional Properties </h3> <p>Optional properties in API responses are another easy-to-miss pattern.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kr">interface</span> <span class="nx">ApiResponse</span> <span class="p">{</span> <span class="nl">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">items</span><span class="p">:</span> <span class="nx">Item</span><span class="p">[];</span> <span class="nl">nextCursor</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// Optional</span> <span class="p">};</span> <span class="p">}</span> <span class="c1">// Problematic code</span> <span class="kd">function</span> <span class="nf">getNextPage</span><span class="p">(</span><span class="nx">response</span><span class="p">:</span> <span class="nx">ApiResponse</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`/api?cursor=</span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">nextCursor</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="c1">// If nextCursor is undefined, this becomes "?cursor=undefined"</span> <span class="p">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Fixed</span> <span class="kd">function</span> <span class="nf">getNextPage</span><span class="p">(</span><span class="nx">response</span><span class="p">:</span> <span class="nx">ApiResponse</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">nextCursor</span><span class="p">)</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="k">return</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`/api?cursor=</span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">nextCursor</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> 3. Type Definition and Schema Mismatch </h3> <p>During refactoring, it's easy to forget to update type definitions.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Changed DB schema</span> <span class="c1">// column_name → field_name</span> <span class="c1">// Forgot to update type definition</span> <span class="kr">interface</span> <span class="nx">Column</span> <span class="p">{</span> <span class="nl">column_name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// Still using old name</span> <span class="p">}</span> </code></pre> </div> <p>With strict mode, everywhere using this type will show errors. You'll see red underlines in your IDE, so you won't miss any needed fixes.</p> <h2> IDE Benefits </h2> <p>When you enable strict mode, you immediately benefit in editors like VS Code.</p> <h3> Real-time Error Detection </h3> <p>When you write problematic code, red squiggly lines appear in the editor. You can catch issues before running the code, dramatically reducing debugging time.</p> <h3> Accurate Completions </h3> <p>When types are clear, property and method completion suggestions become accurate. When you type <code>user.</code>, only properties that actually exist like <code>name</code> and <code>email</code> appear as suggestions.</p> <h3> Safer Refactoring </h3> <p>When you change a type definition, errors appear everywhere affected. You don't need to manually search for "what needs to be fixed."<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// If you remove email from User type</span> <span class="kr">interface</span> <span class="nx">User</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// email: string; removed</span> <span class="p">}</span> <span class="c1">// Errors appear everywhere user.email is used</span> </code></pre> </div> <p>If there are any missed fixes, you get compile errors, so you can change code with confidence.</p> <h2> Preventing New Errors </h2> <p>Even if you fix existing errors, it's pointless if new code introduces more.</p> <p><a href="https://typicode.github.io/husky/" rel="noopener noreferrer">Husky</a> is a tool for managing git hooks (scripts that run automatically on commit or push). I set up a pre-commit hook to run type checking before every commit.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/sh</span> <span class="c"># .husky/pre-commit</span> <span class="nb">echo</span> <span class="s2">"Running type check..."</span> bun run type-check <span class="k">if</span> <span class="o">[</span> <span class="nv">$?</span> <span class="nt">-ne</span> 0 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"TypeScript errors found. Please fix before committing."</span> <span class="nb">exit </span>1 <span class="k">fi</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type-check"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tsc --noEmit"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Commits are blocked if there are TypeScript errors. Since "I'll fix it later" isn't allowed, errors don't accumulate.</p> <h2> Tips for Gradual Adoption </h2> <p>Here are tips for introducing strict mode to an existing project.</p> <h3> 1. Progress Gradually </h3> <p>Trying to fix a large number of errors at once is discouraging. A more sustainable approach is to fix a few surrounding errors while working on features, or make only new files strict first and gradually convert the rest.</p> <h3> 2. Document Reasons for any Types </h3> <p>When you absolutely need an any type, leave a comment explaining why. This allows for review when type definitions improve later.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// TODO: Type definitions will improve in library v3</span> <span class="c1">// biome-ignore lint/suspicious/noExplicitAny: temporary workaround</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="nx">someLibrary</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="k">as</span> <span class="kr">any</span><span class="p">;</span> </code></pre> </div> <h3> 3. Validate External Data with Zod </h3> <p><a href="https://zod.dev/" rel="noopener noreferrer">Zod</a> is a library for runtime data validation. When you define a schema, TypeScript types are automatically generated.</p> <p>For external data like API responses and form inputs, validate with Zod. This lets you manage type definitions and validation in one place.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">z</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zod</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">UserSchema</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="na">name</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="na">email</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">email</span><span class="p">(),</span> <span class="p">});</span> <span class="kd">type</span> <span class="nx">User</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nx">infer</span><span class="o">&lt;</span><span class="k">typeof</span> <span class="nx">UserSchema</span><span class="o">&gt;</span><span class="p">;</span> <span class="c1">// Validate at runtime</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">UserSchema</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">apiResponse</span><span class="p">);</span> </code></pre> </div> <h2> Summary </h2> <p>Here are the key points for introducing TypeScript strict mode to an existing project.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Point</th> <th>Details</th> </tr> </thead> <tbody> <tr> <td>Enable selectively</td> <td>Choose high-impact options rather than <code>strict: true</code> </td> </tr> <tr> <td>Divide responsibilities</td> <td>Split duties between TypeScript and Biome</td> </tr> <tr> <td>Fix gradually</td> <td>Progress bit by bit, not all at once</td> </tr> <tr> <td>Prevent accumulation</td> <td>Make type checking mandatory with pre-commit hooks</td> </tr> </tbody> </table></div> <p>Ideally, these settings should be enabled from the project's start. Since retrofitting them incurs fixing costs, I recommend enabling strict mode from the beginning for new projects.</p> <p>Tomorrow I'll discuss "Security Measures for Solo Development."</p> <p><strong>Other Articles in This Series</strong></p> <ul> <li>12/17: Implementing "Search by Meaning": Introduction to pgvector + OpenAI Embeddings</li> <li>12/19: Security Measures for Solo Development: The Minimum You Should Do</li> </ul> typescript nextjs react biome pipipi-dev Thu, 18 Dec 2025 00:00:51 +0000 https://forem.com/pipipi-dev/typescript-strict-mode-in-practice-catching-bugs-with-type-safety-2jo9 https://forem.com/pipipi-dev/typescript-strict-mode-in-practice-catching-bugs-with-type-safety-2jo9 <p>This article is part of the <strong><a href="https://adventar.org/calendars/12615" rel="noopener noreferrer">and Design Advent Calendar 2025</a></strong> (Day 18).</p> <p>Yesterday I wrote about "Semantic Search." Today, I'll share my experience introducing TypeScript's strict mode to an existing project.</p> <h2> Why I Introduced Strict Mode </h2> <p>Even with TypeScript, runtime errors still occur.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Cannot read property 'name' of null undefined is not a function </code></pre> </div> <p>When these errors started piling up, I investigated and found a common pattern. They were happening in places where <strong>type checking was too lenient</strong>.</p> <p>TypeScript uses lenient settings by default. Without enabling strict mode, many problems slip through undetected.</p> <h2> Options I Enabled </h2> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"compilerOptions"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"strict"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"noImplicitAny"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"strictNullChecks"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"noUnusedLocals"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"noUnusedParameters"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> noImplicitAny </h3> <p>Parameters without type annotations implicitly become <code>any</code> type. Since <code>any</code> allows any operation, type checking becomes ineffective.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// With noImplicitAny: false</span> <span class="kd">function</span> <span class="nf">double</span><span class="p">(</span><span class="nx">value</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// value is any type</span> <span class="k">return</span> <span class="nx">value</span> <span class="o">*</span> <span class="mi">2</span><span class="p">;</span> <span class="p">}</span> <span class="nf">double</span><span class="p">(</span><span class="dl">"</span><span class="s2">hello</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// Compiles fine, but result is NaN</span> </code></pre> </div> <p>With <code>noImplicitAny: true</code>, parameters without type annotations cause errors. You can immediately spot "places where you forgot to write types."</p> <h3> strictNullChecks </h3> <p>Without this option, all types implicitly include <code>null</code> and <code>undefined</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// With strictNullChecks: false</span> <span class="kd">const</span> <span class="nx">user</span><span class="p">:</span> <span class="nx">User</span> <span class="o">=</span> <span class="nf">getUser</span><span class="p">();</span> <span class="c1">// Might return null</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">name</span><span class="p">);</span> <span class="c1">// Could crash at runtime</span> </code></pre> </div> <p>With <code>strictNullChecks: true</code>, functions that might return null must explicitly declare <code>User | null</code>. Since you get compile errors without null checks, you can prevent missed checks.</p> <h3> Effect of These Two Options </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Option</th> <th>Errors Prevented</th> </tr> </thead> <tbody> <tr> <td><code>noImplicitAny</code></td> <td>Crashes from operating on unknown types</td> </tr> <tr> <td><code>strictNullChecks</code></td> <td>Crashes from null/undefined access</td> </tr> </tbody> </table></div> <p>I delegated unused variable checking (<code>noUnusedLocals</code>) to Biome. TypeScript doesn't recognize <code>_</code> prefixed variables, which causes issues when you only want to use part of a destructured assignment.</p> <h2> Division of Responsibilities: TypeScript and Biome </h2> <p><a href="https://biomejs.dev/" rel="noopener noreferrer">Biome</a> is a tool that combines linting (code quality checking) and formatting (code styling). I chose it over <a href="https://eslint.org/" rel="noopener noreferrer">ESLint</a> because it's faster and has simpler configuration.</p> <p>I divide checking responsibilities between TypeScript and Biome.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Check Item</th> <th>Tool</th> <th>Reason</th> </tr> </thead> <tbody> <tr> <td>Type consistency</td> <td>TypeScript</td> <td>Core strength of the type system</td> </tr> <tr> <td>Null safety</td> <td>TypeScript</td> <td>Detectable at type level</td> </tr> <tr> <td>Unused variables</td> <td>Biome</td> <td>Supports <code>_</code> prefix convention</td> </tr> <tr> <td>any type usage</td> <td>Biome</td> <td>Easier exception management with biome-ignore</td> </tr> <tr> <td>Code style</td> <td>Biome</td> <td>Managed together with formatting</td> </tr> </tbody> </table></div> <p>Here's an example Biome configuration.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"linter"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rules"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"correctness"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"noUnusedVariables"</span><span class="p">:</span><span class="w"> </span><span class="s2">"warn"</span><span class="p">,</span><span class="w"> </span><span class="nl">"noUnusedImports"</span><span class="p">:</span><span class="w"> </span><span class="s2">"warn"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"suspicious"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"noExplicitAny"</span><span class="p">:</span><span class="w"> </span><span class="s2">"error"</span><span class="p">,</span><span class="w"> </span><span class="nl">"noDoubleEquals"</span><span class="p">:</span><span class="w"> </span><span class="s2">"error"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>By setting <code>noExplicitAny</code> to error, I strictly limit the use of any types. When absolutely necessary, I leave a comment explaining why.</p> <h2> Bugs Prevented by Strict Mode </h2> <p>Here are typical bug patterns that strict mode can detect.</p> <h3> 1. Missing Null Checks </h3> <p>The most common issue is missing null checks.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Problematic code</span> <span class="kd">function</span> <span class="nf">getUserName</span><span class="p">(</span><span class="nx">user</span><span class="p">:</span> <span class="nx">User</span> <span class="o">|</span> <span class="kc">null</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">user</span><span class="p">.</span><span class="nx">name</span><span class="p">;</span> <span class="c1">// user might be null</span> <span class="p">}</span> </code></pre> </div> <p>With <code>strictNullChecks</code> enabled, this becomes a compile-time error.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Fixed</span> <span class="kd">function</span> <span class="nf">getUserName</span><span class="p">(</span><span class="nx">user</span><span class="p">:</span> <span class="nx">User</span> <span class="o">|</span> <span class="kc">null</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">user</span><span class="p">?.</span><span class="nx">name</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">Anonymous</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>This pattern is especially common with <strong>relational data</strong>. When a user is deleted, the <code>creator</code> field of related data becomes null. Code that doesn't account for this will crash at runtime.</p> <h3> 2. Handling Optional Properties </h3> <p>Optional properties in API responses are another easy-to-miss pattern.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kr">interface</span> <span class="nx">ApiResponse</span> <span class="p">{</span> <span class="nl">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">items</span><span class="p">:</span> <span class="nx">Item</span><span class="p">[];</span> <span class="nl">nextCursor</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// Optional</span> <span class="p">};</span> <span class="p">}</span> <span class="c1">// Problematic code</span> <span class="kd">function</span> <span class="nf">getNextPage</span><span class="p">(</span><span class="nx">response</span><span class="p">:</span> <span class="nx">ApiResponse</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`/api?cursor=</span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">nextCursor</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="c1">// If nextCursor is undefined, this becomes "?cursor=undefined"</span> <span class="p">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Fixed</span> <span class="kd">function</span> <span class="nf">getNextPage</span><span class="p">(</span><span class="nx">response</span><span class="p">:</span> <span class="nx">ApiResponse</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">nextCursor</span><span class="p">)</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="k">return</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`/api?cursor=</span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">nextCursor</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> 3. Type Definition and Schema Mismatch </h3> <p>During refactoring, it's easy to forget to update type definitions.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Changed DB schema</span> <span class="c1">// column_name → field_name</span> <span class="c1">// Forgot to update type definition</span> <span class="kr">interface</span> <span class="nx">Column</span> <span class="p">{</span> <span class="nl">column_name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// Still using old name</span> <span class="p">}</span> </code></pre> </div> <p>With strict mode, everywhere using this type will show errors. You'll see red underlines in your IDE, so you won't miss any needed fixes.</p> <h2> IDE Benefits </h2> <p>When you enable strict mode, you immediately benefit in editors like VS Code.</p> <h3> Real-time Error Detection </h3> <p>When you write problematic code, red squiggly lines appear in the editor. You can catch issues before running the code, dramatically reducing debugging time.</p> <h3> Accurate Completions </h3> <p>When types are clear, property and method completion suggestions become accurate. When you type <code>user.</code>, only properties that actually exist like <code>name</code> and <code>email</code> appear as suggestions.</p> <h3> Safer Refactoring </h3> <p>When you change a type definition, errors appear everywhere affected. You don't need to manually search for "what needs to be fixed."<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// If you remove email from User type</span> <span class="kr">interface</span> <span class="nx">User</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// email: string; removed</span> <span class="p">}</span> <span class="c1">// Errors appear everywhere user.email is used</span> </code></pre> </div> <p>If there are any missed fixes, you get compile errors, so you can change code with confidence.</p> <h2> Preventing New Errors </h2> <p>Even if you fix existing errors, it's pointless if new code introduces more.</p> <p><a href="https://typicode.github.io/husky/" rel="noopener noreferrer">Husky</a> is a tool for managing git hooks (scripts that run automatically on commit or push). I set up a pre-commit hook to run type checking before every commit.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/sh</span> <span class="c"># .husky/pre-commit</span> <span class="nb">echo</span> <span class="s2">"Running type check..."</span> bun run type-check <span class="k">if</span> <span class="o">[</span> <span class="nv">$?</span> <span class="nt">-ne</span> 0 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"TypeScript errors found. Please fix before committing."</span> <span class="nb">exit </span>1 <span class="k">fi</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type-check"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tsc --noEmit"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Commits are blocked if there are TypeScript errors. Since "I'll fix it later" isn't allowed, errors don't accumulate.</p> <h2> Tips for Gradual Adoption </h2> <p>Here are tips for introducing strict mode to an existing project.</p> <h3> 1. Progress Gradually </h3> <p>Trying to fix a large number of errors at once is discouraging. A more sustainable approach is to fix a few surrounding errors while working on features, or make only new files strict first and gradually convert the rest.</p> <h3> 2. Document Reasons for any Types </h3> <p>When you absolutely need an any type, leave a comment explaining why. This allows for review when type definitions improve later.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// TODO: Type definitions will improve in library v3</span> <span class="c1">// biome-ignore lint/suspicious/noExplicitAny: temporary workaround</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="nx">someLibrary</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="k">as</span> <span class="kr">any</span><span class="p">;</span> </code></pre> </div> <h3> 3. Validate External Data with Zod </h3> <p><a href="https://zod.dev/" rel="noopener noreferrer">Zod</a> is a library for runtime data validation. When you define a schema, TypeScript types are automatically generated.</p> <p>For external data like API responses and form inputs, validate with Zod. This lets you manage type definitions and validation in one place.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">z</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zod</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">UserSchema</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="na">name</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="na">email</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">email</span><span class="p">(),</span> <span class="p">});</span> <span class="kd">type</span> <span class="nx">User</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nx">infer</span><span class="o">&lt;</span><span class="k">typeof</span> <span class="nx">UserSchema</span><span class="o">&gt;</span><span class="p">;</span> <span class="c1">// Validate at runtime</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">UserSchema</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">apiResponse</span><span class="p">);</span> </code></pre> </div> <h2> Summary </h2> <p>Here are the key points for introducing TypeScript strict mode to an existing project.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Point</th> <th>Details</th> </tr> </thead> <tbody> <tr> <td>Enable selectively</td> <td>Choose high-impact options rather than <code>strict: true</code> </td> </tr> <tr> <td>Divide responsibilities</td> <td>Split duties between TypeScript and Biome</td> </tr> <tr> <td>Fix gradually</td> <td>Progress bit by bit, not all at once</td> </tr> <tr> <td>Prevent accumulation</td> <td>Make type checking mandatory with pre-commit hooks</td> </tr> </tbody> </table></div> <p>Ideally, these settings should be enabled from the project's start. Since retrofitting them incurs fixing costs, I recommend enabling strict mode from the beginning for new projects.</p> <p>Tomorrow I'll discuss "Security Measures for Solo Development."</p> <p><strong>Other Articles in This Series</strong></p> <ul> <li>12/17: Implementing "Search by Meaning": Introduction to pgvector + OpenAI Embeddings</li> <li>12/19: Security Measures for Solo Development: The Minimum You Should Do</li> </ul> typescript nextjs react biome pipipi-dev Wed, 17 Dec 2025 04:56:33 +0000 https://forem.com/pipipi-dev/implementing-semantic-search-with-pgvector-openai-embeddings-47h6 https://forem.com/pipipi-dev/implementing-semantic-search-with-pgvector-openai-embeddings-47h6 <p>This is Day 17 of the <strong><a href="https://adventar.org/calendars/12615" rel="noopener noreferrer">and and and and and and and and and and Solo SaaS Development Advent Calendar 2025</a></strong>.</p> <p>Yesterday I wrote about "Excel-like table UI." Today, I'll explain how to implement semantic search—searching by "meaning" rather than keywords.</p> <h2> What is Semantic Search? </h2> <p>Traditional keyword search finds documents that exactly match (or partially match) the search terms. Searching for "chicken recipe" only returns documents containing that exact string.</p> <p>Semantic search is different. Searching for "easy dinner ideas" can find documents about "quick recipes" or "meal prep" even though they don't contain those exact keywords—because they're semantically related.</p> <p>This is made possible by <strong>vector search</strong>.</p> <h3> What is a Vector? </h3> <p>A vector is simply an "array of numbers."<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>"quick recipes" → [0.023, -0.041, 0.018, ..., 0.056] </code></pre> </div> <p>To make this easier to understand, think of a map. Tokyo Station's location can be expressed as two numbers: "latitude 35.68, longitude 139.76." Looking at these numbers, you can tell that Yokohama Station (35.46, 139.62) is "farther" than Shinagawa Station (35.63, 139.74).</p> <p>Vector search uses the same concept. It converts text into "coordinates in a semantic space." Similar texts become nearby coordinates, so comparing numbers alone can determine if meanings are "close."</p> <p>This text-to-coordinate conversion is called "embedding." For example, "quick recipes" and "easy-to-make dishes" clearly mean the same thing to humans. With embeddings, these are converted to nearby coordinates, allowing computers to judge them as "semantically similar."</p> <h2> Tech Stack and Setup </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Role</th> <th>Technology</th> </tr> </thead> <tbody> <tr> <td>Vector Generation</td> <td>OpenAI Embeddings API</td> </tr> <tr> <td>Vector Storage &amp; Search</td> <td>PostgreSQL + pgvector</td> </tr> <tr> <td>ORM</td> <td>Drizzle ORM</td> </tr> </tbody> </table></div> <p>While there are dedicated vector database services (Pinecone, Weaviate, etc.), I chose pgvector because it can be added to existing PostgreSQL, works with SQL, and is available on Supabase.</p> <h3> Enabling pgvector </h3> <p>On Supabase, enable it from the dashboard, or run this SQL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">EXTENSION</span> <span class="n">IF</span> <span class="k">NOT</span> <span class="k">EXISTS</span> <span class="n">vector</span><span class="p">;</span> </code></pre> </div> <h3> Table Design </h3> <p>Create a table to store vectors:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">search_vectors</span> <span class="p">(</span> <span class="n">id</span> <span class="nb">TEXT</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">content_id</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="c1">-- Which content this vector belongs to</span> <span class="n">text_content</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="c1">-- Original text</span> <span class="n">embedding</span> <span class="n">vector</span><span class="p">(</span><span class="mi">1536</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="c1">-- Vector (1536 numbers)</span> <span class="p">);</span> </code></pre> </div> <p><code>vector(1536)</code> is a column that stores vectors, matching the number of values output by OpenAI's model.</p> <h2> Implementation </h2> <h3> Generating Vectors </h3> <p>Use OpenAI's Embeddings API to convert text to vectors:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">OpenAI</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">openai</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">openai</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">OpenAI</span><span class="p">({</span> <span class="na">apiKey</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">OPENAI_API_KEY</span> <span class="p">});</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">generateEmbedding</span><span class="p">(</span><span class="nx">text</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">number</span><span class="p">[]</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">openai</span><span class="p">.</span><span class="nx">embeddings</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">model</span><span class="p">:</span> <span class="dl">'</span><span class="s1">text-embedding-ada-002</span><span class="dl">'</span><span class="p">,</span> <span class="na">input</span><span class="p">:</span> <span class="nx">text</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">embedding</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Pass in text and get back an array of numbers. This array represents the "meaning" of the text.</p> <h3> Splitting Long Text </h3> <p>Long texts like blog posts have issues when embedded as-is. The API has character limits, and putting long text into a single vector reduces search accuracy.</p> <p>So, split long text by "paragraphs" or "fixed character counts" before embedding:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">chunkText</span><span class="p">(</span><span class="nx">text</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">chunkSize</span> <span class="o">=</span> <span class="mi">500</span><span class="p">):</span> <span class="kr">string</span><span class="p">[]</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">chunks</span><span class="p">:</span> <span class="kr">string</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[];</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">i</span> <span class="o">&lt;</span> <span class="nx">text</span><span class="p">.</span><span class="nx">length</span><span class="p">;</span> <span class="nx">i</span> <span class="o">+=</span> <span class="nx">chunkSize</span><span class="p">)</span> <span class="p">{</span> <span class="nx">chunks</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">text</span><span class="p">.</span><span class="nf">substring</span><span class="p">(</span><span class="nx">i</span><span class="p">,</span> <span class="nx">i</span> <span class="o">+</span> <span class="nx">chunkSize</span><span class="p">));</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">chunks</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>By splitting, you can search pinpoint results like "the part of this article that discusses X."</p> <h3> Saving Vectors </h3> <p>Save generated vectors to the database. Vectorize and save text when content is registered or updated:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">saveEmbedding</span><span class="p">(</span><span class="nx">contentId</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">text</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">embedding</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">generateEmbedding</span><span class="p">(</span><span class="nx">text</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">vectorString</span> <span class="o">=</span> <span class="s2">`[</span><span class="p">${</span><span class="nx">embedding</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="dl">'</span><span class="s1">,</span><span class="dl">'</span><span class="p">)}</span><span class="s2">]`</span><span class="p">;</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="nx">sql</span><span class="s2">` INSERT INTO search_vectors (id, content_id, text_content, embedding) VALUES (</span><span class="p">${</span><span class="nx">crypto</span><span class="p">.</span><span class="nf">randomUUID</span><span class="p">()}</span><span class="s2">, </span><span class="p">${</span><span class="nx">contentId</span><span class="p">}</span><span class="s2">, </span><span class="p">${</span><span class="nx">text</span><span class="p">}</span><span class="s2">, </span><span class="p">${</span><span class="nx">vectorString</span><span class="p">}</span><span class="s2">::vector) `</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>When content is updated, delete old vectors before saving new ones:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">updateEmbeddings</span><span class="p">(</span><span class="nx">contentId</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">chunks</span><span class="p">:</span> <span class="kr">string</span><span class="p">[])</span> <span class="p">{</span> <span class="c1">// Delete existing vectors</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="nx">sql</span><span class="s2">` DELETE FROM search_vectors WHERE content_id = </span><span class="p">${</span><span class="nx">contentId</span><span class="p">}</span><span class="s2"> `</span><span class="p">);</span> <span class="c1">// Save new vectors</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">chunk</span> <span class="k">of</span> <span class="nx">chunks</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">saveEmbedding</span><span class="p">(</span><span class="nx">contentId</span><span class="p">,</span> <span class="nx">chunk</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Similarity Search </h3> <p>The search flow is simple: convert the user's search keywords to a vector, compare with vectors stored in the database, and return the most similar ones:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">searchSimilar</span><span class="p">(</span><span class="nx">queryText</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">limit</span> <span class="o">=</span> <span class="mi">10</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">queryVector</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">generateEmbedding</span><span class="p">(</span><span class="nx">queryText</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">vectorString</span> <span class="o">=</span> <span class="s2">`[</span><span class="p">${</span><span class="nx">queryVector</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="dl">'</span><span class="s1">,</span><span class="dl">'</span><span class="p">)}</span><span class="s2">]`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">results</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="nx">sql</span><span class="s2">` SELECT content_id, text_content FROM search_vectors ORDER BY embedding &lt;=&gt; </span><span class="p">${</span><span class="nx">vectorString</span><span class="p">}</span><span class="s2">::vector LIMIT </span><span class="p">${</span><span class="nx">limit</span><span class="p">}</span><span class="s2"> `</span><span class="p">);</span> <span class="k">return</span> <span class="nx">results</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><code>&lt;=&gt;</code> is pgvector's "distance comparison operator." With just this, you can find semantically similar documents.</p> <h3> Overall Flow </h3> <p><strong>Preparation (When Registering Content)</strong></p> <ol> <li>Send text to OpenAI API</li> <li>Save returned vector to DB</li> </ol> <p><strong>At Search Time</strong></p> <ol> <li>Vectorize search query with OpenAI API</li> <li>Compare with DB vectors, return closest matches</li> </ol> <p>In other words, the "text → vector" conversion is done in advance, and at search time, we just compare vectors. That's why semantic search is fast.</p> <h2> Improving Accuracy </h2> <h3> Embed Titles and Body Separately </h3> <p>Rather than making the entire article one vector, embedding "title" and "body paragraphs" separately improves accuracy. Users often search with "title-like keywords," so having title-only vectors makes matching easier even with short search terms.</p> <h3> Combine with Keyword Search </h3> <p>Semantic search isn't perfect. For version numbers like "Next.js 15" or service names like "Supabase," you want to search for the exact string, not the meaning.</p> <p>"Hybrid search" that uses both traditional keyword search and semantic search is effective:</p> <ul> <li> <strong>Semantic search</strong>: "how to build auth" → hits login-related articles</li> <li> <strong>Keyword search</strong>: "Supabase" → hits articles containing that word</li> </ul> <p>Combining both results reduces missed matches.</p> <h3> Speed Up with Indexes </h3> <p>As data grows, comparing against all vectors every time becomes slow. pgvector can add vector indexes to speed up searches.</p> <p>When you exceed a few thousand records, measure search speed and add indexes if it's getting slow. Adding them from the start is fine too, but the effect is minimal with little data.</p> <h2> About Costs </h2> <p>Embeddings API costs are very low:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Operation</th> <th>Cost Estimate</th> </tr> </thead> <tbody> <tr> <td>Embed 1000 characters</td> <td>~$0.00002</td> </tr> <tr> <td>Embed 10,000 articles</td> <td>A few dollars</td> </tr> </tbody> </table></div> <p>Unlike the ChatGPT API, the Embeddings API is simple numeric conversion, so costs stay low. It's an accessible price point even for solo developers.</p> <h2> Summary </h2> <p>Key points for implementing semantic search:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Challenge</th> <th>Solution</th> </tr> </thead> <tbody> <tr> <td>Convert text to numbers</td> <td>OpenAI Embeddings API</td> </tr> <tr> <td>Store and search vectors</td> <td>PostgreSQL + pgvector</td> </tr> <tr> <td>Handle long text</td> <td>Split before embedding</td> </tr> <tr> <td>Improve search accuracy</td> <td>Embed title and body separately</td> </tr> <tr> <td>Performance</td> <td>Add indexes</td> </tr> </tbody> </table></div> <p>With semantic search, users can find related documents even without remembering exact keywords. The more information you have, the more valuable this experience becomes.</p> <p>Tomorrow I'll discuss "Bugs Found with TypeScript Strict Mode."</p> <p><strong>Other articles in this series</strong></p> <ul> <li>12/16: Building Excel-like Tables with No-Code: Implementing Drag &amp; Drop UI</li> <li>12/18: Bugs Found with TypeScript Strict Mode: Type Safety in Practice</li> </ul> postgres openai typescript nextjs pipipi-dev Tue, 16 Dec 2025 02:37:44 +0000 https://forem.com/pipipi-dev/building-no-code-excel-like-tables-implementing-drag-drop-ui-3e9n https://forem.com/pipipi-dev/building-no-code-excel-like-tables-implementing-drag-drop-ui-3e9n <p>This article is Day 16 of the <strong><a href="https://adventar.org/calendars/12615" rel="noopener noreferrer">Solo SaaS Development - Design, Implementation, and Operations Advent Calendar 2025</a></strong>.</p> <p>Yesterday's article covered "Infinite Scroll Pitfalls." Today, I'll explain how to implement an Excel-like table UI with drag &amp; drop column reordering.</p> <h2> 🎯 Features to Implement </h2> <p>We're building a table where users can freely manipulate columns, like Notion or Airtable.</p> <ul> <li>Click cells to edit directly (inline editing)</li> <li>Drag &amp; drop to reorder columns</li> <li>Reorder rows within the table</li> <li>Resize column widths</li> </ul> <p>The goal was to make it intuitive enough for non-engineers. This article introduces the design decisions and implementation patterns to achieve these features.</p> <h2> ⚙️ Library Selection </h2> <h3> Table Foundation: react-spreadsheet </h3> <p>There are several library options for table UI.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Library</th> <th>Characteristics</th> </tr> </thead> <tbody> <tr> <td>AG Grid</td> <td>Feature-rich, enterprise-scale, commercial license</td> </tr> <tr> <td>TanStack Table</td> <td>Headless, high flexibility, requires UI building</td> </tr> <tr> <td>react-spreadsheet</td> <td>Lightweight, Excel-like, easy customization</td> </tr> </tbody> </table></div> <p>I chose <a href="https://github.com/iddan/react-spreadsheet" rel="noopener noreferrer">react-spreadsheet</a>. The deciding factor was the <strong>DataEditor/DataViewer pattern</strong>. It allows defining separate components for cell "display" and "editing," making it easy to implement different UIs for each data type.</p> <p>AG Grid is powerful but implementing custom cell editors was somewhat complex. TanStack Table offers high flexibility as a headless library, but requires building UI from scratch. react-spreadsheet hit the "just right" balance.</p> <h3> Drag &amp; Drop: dnd-kit </h3> <p>For drag &amp; drop, I used <a href="https://github.com/clauderic/dnd-kit" rel="noopener noreferrer">@dnd-kit</a>.</p> <p>react-beautiful-dnd is also well-known, but maintenance has stagnated. dnd-kit supports React 18's Concurrent Mode and has excellent TypeScript definitions. With built-in accessibility (keyboard navigation) support, I chose it with future expansion in mind.</p> <h2> ✏️ Inline Editing Design </h2> <h3> Why Inline Editing? </h3> <p>The traditional "click edit button to open modal" UI works for editing one item at a time, but becomes frustrating when editing multiple cells consecutively. Being able to "click a cell and edit in place" like Excel greatly improves user efficiency.</p> <h3> DataEditor/DataViewer Pattern </h3> <p>In react-spreadsheet, you assign "display" and "editing" components to each cell.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="c1">// Display: State before clicking the cell</span> <span class="kd">const</span> <span class="nx">TextViewer</span><span class="p">:</span> <span class="nx">DataViewerComponent</span><span class="o">&lt;</span><span class="nx">TextCell</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">({</span> <span class="nx">cell</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nt">span</span> <span class="na">className</span><span class="p">=</span><span class="s">"px-2"</span><span class="p">&gt;</span><span class="si">{</span><span class="nx">cell</span><span class="p">?.</span><span class="nx">value</span> <span class="o">??</span> <span class="dl">''</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">span</span><span class="p">&gt;;</span> <span class="p">};</span> <span class="c1">// Editing: State after clicking the cell</span> <span class="kd">const</span> <span class="nx">TextEditor</span><span class="p">:</span> <span class="nx">DataEditorComponent</span><span class="o">&lt;</span><span class="nx">TextCell</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">({</span> <span class="nx">cell</span><span class="p">,</span> <span class="nx">onChange</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">inputRef</span> <span class="o">=</span> <span class="nx">useRef</span><span class="o">&lt;</span><span class="nx">HTMLInputElement</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Auto-focus and select all when entering edit mode</span> <span class="nx">inputRef</span><span class="p">.</span><span class="nx">current</span><span class="p">?.</span><span class="nf">focus</span><span class="p">();</span> <span class="nx">inputRef</span><span class="p">.</span><span class="nx">current</span><span class="p">?.</span><span class="nf">select</span><span class="p">();</span> <span class="p">},</span> <span class="p">[]);</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">input</span> <span class="na">ref</span><span class="p">=</span><span class="si">{</span><span class="nx">inputRef</span><span class="si">}</span> <span class="na">type</span><span class="p">=</span><span class="s">"text"</span> <span class="na">value</span><span class="p">=</span><span class="si">{</span><span class="nx">cell</span><span class="p">?.</span><span class="nx">value</span> <span class="o">??</span> <span class="dl">''</span><span class="si">}</span> <span class="na">onChange</span><span class="p">=</span><span class="si">{</span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">onChange</span><span class="p">({</span> <span class="p">...</span><span class="nx">cell</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="nx">e</span><span class="p">.</span><span class="nx">target</span><span class="p">.</span><span class="nx">value</span> <span class="p">})</span><span class="si">}</span> <span class="p">/&gt;</span> <span class="p">);</span> <span class="p">};</span> </code></pre> </div> <p>The advantage of this pattern is providing optimal UI for each data type. Text gets an input field, dates get a calendar picker, choices get a dropdown—each with an appropriate editor.</p> <h3> Dropdown Considerations </h3> <p>When implementing dropdowns (select boxes), there's a common problem. The menu gets hidden by the table's <code>overflow: hidden</code>.</p> <p>The solution is to render the menu directly on the body.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="p">&lt;</span><span class="nc">Select</span> <span class="na">menuPortalTarget</span><span class="p">=</span><span class="si">{</span><span class="nb">document</span><span class="p">.</span><span class="nx">body</span><span class="si">}</span> <span class="na">styles</span><span class="p">=</span><span class="si">{</span><span class="p">{</span> <span class="na">menuPortal</span><span class="p">:</span> <span class="p">(</span><span class="nx">base</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="p">...</span><span class="nx">base</span><span class="p">,</span> <span class="na">zIndex</span><span class="p">:</span> <span class="mi">9999</span> <span class="p">})</span> <span class="p">}</span><span class="si">}</span> <span class="c1">// ...</span> <span class="p">/&gt;</span> </code></pre> </div> <p>Specifying <code>menuPortalTarget={document.body}</code> moves the menu outside the table's DOM hierarchy, preventing it from being hidden by other elements.</p> <h2> 🐧 Column Order Reordering </h2> <h3> Reordering in the Design Screen </h3> <p>Column order can be changed in the design screen (field designer). This uses dnd-kit.</p> <p>The key implementation point is <strong>preventing accidental operations</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="kd">const</span> <span class="nx">sensors</span> <span class="o">=</span> <span class="nf">useSensors</span><span class="p">(</span> <span class="nf">useSensor</span><span class="p">(</span><span class="nx">PointerSensor</span><span class="p">,</span> <span class="p">{</span> <span class="na">activationConstraint</span><span class="p">:</span> <span class="p">{</span> <span class="na">distance</span><span class="p">:</span> <span class="mi">8</span> <span class="p">},</span> <span class="p">})</span> <span class="p">);</span> </code></pre> </div> <p>Specifying <code>distance: 8</code> means dragging won't start until you move 8 pixels or more. Without this, dragging starts on a simple click, causing unintended reordering.</p> <p>Another point is <strong>limiting the drag handle</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="p">&lt;</span><span class="nt">div</span> <span class="na">ref</span><span class="p">=</span><span class="si">{</span><span class="nx">setNodeRef</span><span class="si">}</span> <span class="na">style</span><span class="p">=</span><span class="si">{</span><span class="nx">style</span><span class="si">}</span> <span class="si">{</span><span class="p">...</span><span class="nx">attributes</span><span class="si">}</span><span class="p">&gt;</span> <span class="si">{</span><span class="cm">/* listeners applied only to handle */</span><span class="si">}</span> <span class="p">&lt;</span><span class="nt">button</span> <span class="si">{</span><span class="p">...</span><span class="nx">listeners</span><span class="si">}</span> <span class="na">className</span><span class="p">=</span><span class="s">"cursor-grab"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">GripVertical</span> <span class="p">/&gt;</span> <span class="p">&lt;/</span><span class="nt">button</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">span</span><span class="p">&gt;</span><span class="si">{</span><span class="nx">item</span><span class="p">.</span><span class="nx">name</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">span</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">button</span> <span class="na">onClick</span><span class="p">=</span><span class="si">{</span><span class="nx">onEdit</span><span class="si">}</span><span class="p">&gt;</span>Edit<span class="p">&lt;/</span><span class="nt">button</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> </code></pre> </div> <p>By applying <code>listeners</code> only to the drag handle (grip icon), clicking the "Edit" button or other elements won't start dragging. Making the entire item draggable tends to conflict with other operations.</p> <h2> 🐰 Table Row Reordering </h2> <h3> Optimistic UI Updates </h3> <p>Table rows can also be reordered by dragging. The key here is <strong>optimistic UI updates</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="kd">const</span> <span class="nx">handleDrop</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">targetIndex</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// 1. First, update the screen immediately (optimistic update)</span> <span class="kd">const</span> <span class="nx">reordered</span> <span class="o">=</span> <span class="p">[...</span><span class="nx">localRows</span><span class="p">];</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">dragged</span><span class="p">]</span> <span class="o">=</span> <span class="nx">reordered</span><span class="p">.</span><span class="nf">splice</span><span class="p">(</span><span class="nx">draggedIndex</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">reordered</span><span class="p">.</span><span class="nf">splice</span><span class="p">(</span><span class="nx">targetIndex</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="nx">dragged</span><span class="p">);</span> <span class="nf">setLocalRows</span><span class="p">(</span><span class="nx">reordered</span><span class="p">);</span> <span class="c1">// 2. Then save to server</span> <span class="k">await</span> <span class="nf">saveReorder</span><span class="p">(</span><span class="nx">reordered</span><span class="p">);</span> <span class="p">};</span> </code></pre> </div> <p>The order changes on screen as soon as the drag completes, while server saving happens in the background. Users can move to the next operation without waiting.</p> <h3> Unsaved State Warning </h3> <p>If users try to leave the page after reordering without saving, we show a warning.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">hasUnsavedChanges</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">handleBeforeUnload</span> <span class="o">=</span> <span class="p">(</span><span class="na">e</span><span class="p">:</span> <span class="nx">BeforeUnloadEvent</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">e</span><span class="p">.</span><span class="nf">preventDefault</span><span class="p">();</span> <span class="nx">e</span><span class="p">.</span><span class="nx">returnValue</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">Changes have not been saved</span><span class="dl">'</span><span class="p">;</span> <span class="p">};</span> <span class="nb">window</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">beforeunload</span><span class="dl">'</span><span class="p">,</span> <span class="nx">handleBeforeUnload</span><span class="p">);</span> <span class="k">return </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="nb">window</span><span class="p">.</span><span class="nf">removeEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">beforeunload</span><span class="dl">'</span><span class="p">,</span> <span class="nx">handleBeforeUnload</span><span class="p">);</span> <span class="p">},</span> <span class="p">[</span><span class="nx">hasUnsavedChanges</span><span class="p">]);</span> </code></pre> </div> <p>This prevents data loss even if users accidentally close the page.</p> <h2> 🐙 Column Width Resizing </h2> <h3> Persisting with localStorage </h3> <p>I thought it would be more user-friendly if adjusted column widths persisted on the next visit. While saving to the server is an option, column widths are user preferences that change frequently, so I saved them to localStorage.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="kd">const</span> <span class="nx">useColumnWidths</span> <span class="o">=</span> <span class="p">(</span><span class="nx">tableId</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">storageKey</span> <span class="o">=</span> <span class="s2">`table_widths_</span><span class="p">${</span><span class="nx">tableId</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">widths</span><span class="p">,</span> <span class="nx">setWidths</span><span class="p">]</span> <span class="o">=</span> <span class="nx">useState</span><span class="o">&lt;</span><span class="nb">Record</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="kr">number</span><span class="o">&gt;&gt;</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">saved</span> <span class="o">=</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="nx">storageKey</span><span class="p">);</span> <span class="k">return</span> <span class="nx">saved</span> <span class="p">?</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">saved</span><span class="p">)</span> <span class="p">:</span> <span class="p">{};</span> <span class="p">});</span> <span class="c1">// Update localStorage whenever widths change</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="nx">storageKey</span><span class="p">,</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">widths</span><span class="p">));</span> <span class="p">},</span> <span class="p">[</span><span class="nx">widths</span><span class="p">,</span> <span class="nx">storageKey</span><span class="p">]);</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">widths</span><span class="p">,</span> <span class="nx">setWidths</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <p>By saving with different keys per table, settings don't mix up even when using multiple tables.</p> <h3> Minimum Width Constraint </h3> <p>Setting a minimum width during resizing prevents the problem of columns becoming invisible when squished.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="kd">const</span> <span class="nx">handleResize</span> <span class="o">=</span> <span class="p">(</span><span class="nx">columnId</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">newWidth</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">clampedWidth</span> <span class="o">=</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">max</span><span class="p">(</span><span class="mi">50</span><span class="p">,</span> <span class="nx">newWidth</span><span class="p">);</span> <span class="c1">// Minimum 50px</span> <span class="nf">setWidths</span><span class="p">(</span><span class="nx">prev</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="p">...</span><span class="nx">prev</span><span class="p">,</span> <span class="p">[</span><span class="nx">columnId</span><span class="p">]:</span> <span class="nx">clampedWidth</span> <span class="p">}));</span> <span class="p">};</span> </code></pre> </div> <h2> ✅ Summary </h2> <p>Here are the key points for implementing an Excel-like table UI.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Challenge</th> <th>Solution</th> </tr> </thead> <tbody> <tr> <td>Different editing UI per data type</td> <td>DataEditor/DataViewer pattern</td> </tr> <tr> <td>Dropdown gets hidden</td> <td>menuPortalTarget={document.body}</td> </tr> <tr> <td>Drag triggers on click</td> <td>activationConstraint: { distance: 8 }</td> </tr> <tr> <td>Drag conflicts with other buttons</td> <td>Limit listeners to drag handle</td> </tr> <tr> <td>Wait time during reordering</td> <td>Optimistic UI updates</td> </tr> <tr> <td>Leaving with unsaved changes</td> <td>beforeunload warning</td> </tr> <tr> <td>Column width persistence</td> <td>localStorage</td> </tr> </tbody> </table></div> <p>For no-code tool UI, it's important that it not only "works" but is "usable without confusion." Preventing accidental operations, immediate feedback, state persistence—these details determine the user experience.</p> <p>Tomorrow's article will cover "Implementing Semantic Search with pgvector + OpenAI Embeddings."</p> <p><strong>Other Articles in This Series</strong></p> <ul> <li>Day 15: Infinite Scroll with Zustand and React 19: Async Pitfalls</li> <li>Day 17: Implementing "Search by Meaning": pgvector + OpenAI Embeddings Introduction</li> </ul> react typescript dndkit nextjs pipipi-dev Mon, 15 Dec 2025 04:01:54 +0000 https://forem.com/pipipi-dev/infinite-scroll-with-zustand-and-react-19-async-pitfalls-57c https://forem.com/pipipi-dev/infinite-scroll-with-zustand-and-react-19-async-pitfalls-57c <p>This article is Day 15 of the <strong><a href="https://adventar.org/calendars/12615" rel="noopener noreferrer">Solo SaaS Development - Design, Implementation, and Operations Advent Calendar 2025</a></strong>.</p> <p>Yesterday's article covered "Mobile-First Design." This article explains the pitfalls I encountered when implementing infinite scroll with Zustand and React 19, along with their solutions.</p> <h2> 🎯 What is Infinite Scroll? </h2> <p>Infinite scroll is a mechanism that automatically loads the next content when a user approaches the bottom of the page. It's a familiar UI pattern from X and Instagram.</p> <p>Compared to traditional pagination (clicking a "Next" button), it offers a more seamless user experience. However, implementation comes with unexpected pitfalls.</p> <p>For Memoreru, my indie project, I had the following requirements:</p> <ul> <li>Switch between three scopes (public, team, private) plus bookmarks view</li> <li>Maintain independent pagination state for each view</li> <li>Display initial data with SSR and load more on the client</li> </ul> <p>It seems simple, but I encountered various issues when actually building it. This article shares that experience.</p> <h2> ⚙️ Libraries and Architecture </h2> <h3> Delegating Scroll Detection to a Library </h3> <p>For implementing infinite scroll, I used a library called <code>react-infinite-scroll-component</code>. It automates scroll position detection and loading state management.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="p">&lt;</span><span class="nc">InfiniteScroll</span> <span class="na">dataLength</span><span class="p">=</span><span class="si">{</span><span class="nx">items</span><span class="p">.</span><span class="nx">length</span><span class="si">}</span> <span class="c1">// Current item count</span> <span class="na">next</span><span class="p">=</span><span class="si">{</span><span class="nx">loadMore</span><span class="si">}</span> <span class="c1">// Function to load more</span> <span class="na">hasMore</span><span class="p">=</span><span class="si">{</span><span class="nx">hasMore</span><span class="si">}</span> <span class="c1">// Whether more data exists</span> <span class="na">loader</span><span class="p">=</span><span class="si">{</span><span class="p">&lt;</span><span class="nc">LoadingSpinner</span> <span class="p">/&gt;</span><span class="si">}</span> <span class="c1">// Loading display</span> <span class="na">scrollThreshold</span><span class="p">=</span><span class="si">{</span><span class="mf">0.6</span><span class="si">}</span> <span class="c1">// Trigger at 60% scroll</span> <span class="p">&gt;</span> <span class="si">{</span><span class="nx">items</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">item</span> <span class="o">=&gt;</span> <span class="p">&lt;</span><span class="nc">ItemCard</span> <span class="na">key</span><span class="p">=</span><span class="si">{</span><span class="nx">item</span><span class="p">.</span><span class="nx">id</span><span class="si">}</span> <span class="na">item</span><span class="p">=</span><span class="si">{</span><span class="nx">item</span><span class="si">}</span> <span class="p">/&gt;)</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nc">InfiniteScroll</span><span class="p">&gt;</span> </code></pre> </div> <p>You could implement IntersectionObserver yourself, but handling scroll container detection and edge cases is surprisingly tedious. By delegating to a proven library, you can focus on essential feature development.</p> <p><code>scrollThreshold</code> specifies "at what percentage of scrolling should we load the next page." Setting it to around 0.6 (60%) starts loading before the user reaches the bottom, making wait times less noticeable.</p> <h3> Managing Multiple Scopes with Zustand </h3> <p>I chose Zustand for state management. Each view (three scopes plus bookmarks) needs to maintain "item list," "current page," "has more data," and "is loading."<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="kr">interface</span> <span class="nx">ContentStore</span> <span class="p">{</span> <span class="c1">// Items for each scope</span> <span class="nl">publicItems</span><span class="p">:</span> <span class="nx">ContentItem</span><span class="p">[];</span> <span class="nl">privateItems</span><span class="p">:</span> <span class="nx">ContentItem</span><span class="p">[];</span> <span class="nl">teamItems</span><span class="p">:</span> <span class="nx">ContentItem</span><span class="p">[];</span> <span class="nl">bookmarkItems</span><span class="p">:</span> <span class="nx">ContentItem</span><span class="p">[];</span> <span class="c1">// Pagination state (per scope)</span> <span class="nl">pagination</span><span class="p">:</span> <span class="p">{</span> <span class="na">public</span><span class="p">:</span> <span class="p">{</span> <span class="na">page</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">hasMore</span><span class="p">:</span> <span class="nx">boolean</span> <span class="p">};</span> <span class="nl">private</span><span class="p">:</span> <span class="p">{</span> <span class="na">page</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">hasMore</span><span class="p">:</span> <span class="nx">boolean</span> <span class="p">};</span> <span class="nl">team</span><span class="p">:</span> <span class="p">{</span> <span class="na">page</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">hasMore</span><span class="p">:</span> <span class="nx">boolean</span> <span class="p">};</span> <span class="nl">bookmarks</span><span class="p">:</span> <span class="p">{</span> <span class="na">page</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">hasMore</span><span class="p">:</span> <span class="nx">boolean</span> <span class="p">};</span> <span class="p">};</span> <span class="c1">// Loading state (per scope)</span> <span class="nl">loadingState</span><span class="p">:</span> <span class="p">{</span> <span class="na">public</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">private</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">team</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">bookmarks</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p>I chose Zustand because it's lighter than Redux with less boilerplate, yet more flexible than React Context for splitting state. Since each scope's state is preserved when switching tabs, users don't need to reload when they return.</p> <h2> 🚨 Pitfall 1: Same Data Displayed Twice </h2> <h3> Root Cause </h3> <p>The first problem I encountered was duplicate items appearing while scrolling.</p> <p>Investigation revealed that the API response contained items that had already been fetched. This can happen when data is added or deleted during pagination offset calculation.</p> <p>For example, if a new item is added after fetching page 1, the beginning of page 2 will contain the last item from page 1.</p> <h3> Solution: ID-Based Duplicate Check </h3> <p>As a countermeasure, I implemented ID-based duplicate filtering before adding items.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="kd">const</span> <span class="nx">loadMoreItems</span> <span class="o">=</span> <span class="nf">useCallback</span><span class="p">(</span><span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">newItems</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetchNextPage</span><span class="p">();</span> <span class="nf">setItems</span><span class="p">(</span><span class="nx">prev</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Manage existing IDs with a Set</span> <span class="kd">const</span> <span class="nx">existingIds</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Set</span><span class="p">(</span><span class="nx">prev</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">item</span> <span class="o">=&gt;</span> <span class="nx">item</span><span class="p">.</span><span class="nx">id</span><span class="p">));</span> <span class="c1">// Filter out duplicates before adding</span> <span class="kd">const</span> <span class="nx">uniqueNewItems</span> <span class="o">=</span> <span class="nx">newItems</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="nx">item</span> <span class="o">=&gt;</span> <span class="o">!</span><span class="nx">existingIds</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="nx">item</span><span class="p">.</span><span class="nx">id</span><span class="p">));</span> <span class="k">return</span> <span class="p">[...</span><span class="nx">prev</span><span class="p">,</span> <span class="p">...</span><span class="nx">uniqueNewItems</span><span class="p">];</span> <span class="p">});</span> <span class="p">},</span> <span class="p">[]);</span> </code></pre> </div> <p>The key is using <code>Set</code>. The array's <code>includes</code> method slows down proportionally to the number of elements, but Set's <code>has</code> method searches in nearly constant time. This difference matters when handling hundreds of items in infinite scroll.</p> <h2> 🚨 Pitfall 2: Data Order Gets Scrambled </h2> <h3> Root Cause </h3> <p>The next issue I encountered was data order getting scrambled when scrolling quickly.</p> <p>This is a phenomenon called a Race Condition. Network requests don't necessarily complete in the order they were issued.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Page 1 request starts ↓ Page 2 request starts (fast scrolling) ↓ Page 2 response arrives (completes first) ↓ Page 1 response arrives (completes later) </code></pre> </div> <p>In this case, page 1 data gets appended after page 2 data.</p> <h3> Solution: Track Loading State with Ref </h3> <p>React state (useState) updates asynchronously, so you can't accurately determine "is it currently loading?" Instead, use a Ref that can be referenced synchronously.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="kd">const</span> <span class="nx">loadingRef</span> <span class="o">=</span> <span class="nx">useRef</span><span class="o">&lt;</span><span class="nx">boolean</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">loadMore</span> <span class="o">=</span> <span class="nf">useCallback</span><span class="p">(</span><span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Do nothing if already loading</span> <span class="k">if </span><span class="p">(</span><span class="nx">loadingRef</span><span class="p">.</span><span class="nx">current</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="nx">loadingRef</span><span class="p">.</span><span class="nx">current</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">newItems</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetchNextPage</span><span class="p">();</span> <span class="c1">// Process data...</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="nx">loadingRef</span><span class="p">.</span><span class="nx">current</span> <span class="o">=</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">},</span> <span class="p">[]);</span> </code></pre> </div> <p>You still need useState's <code>loading</code> state for UI display, but the key is using Ref to determine "is it okay to issue a request?" Since Ref updates synchronously, it reliably prevents duplicate requests even with consecutive scroll events.</p> <h2> 🚨 Pitfall 3: SSR Data Disappears </h2> <h3> Root Cause </h3> <p>I was fetching initial data with Next.js SSR, but the data would sometimes disappear after client-side hydration completed.</p> <p>Investigation revealed that the client-side API request returned an empty response, overwriting the 10 items fetched via SSR with 0 items.</p> <p>This can happen when SSR and client make requests with different API conditions (authentication state, filter conditions, etc.).</p> <h3> Solution: Protect SSR Data </h3> <p>Manage a flag for whether SSR data has been loaded, and skip overwriting when "SSR data exists" and "API returns empty response."<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="kd">const</span> <span class="nx">fetchData</span> <span class="o">=</span> <span class="nf">useCallback</span><span class="p">(</span><span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">items</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="nx">apiUrl</span><span class="p">).</span><span class="nf">then</span><span class="p">(</span><span class="nx">res</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="c1">// Don't overwrite if SSR data exists and API returns empty</span> <span class="k">if </span><span class="p">(</span><span class="nx">store</span><span class="p">.</span><span class="nx">isSSRDataLoaded</span> <span class="o">&amp;&amp;</span> <span class="nx">store</span><span class="p">.</span><span class="nx">items</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="o">&amp;&amp;</span> <span class="nx">items</span><span class="p">.</span><span class="nx">length</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="dl">'</span><span class="s1">Blocked overwriting SSR data</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="nf">updateStore</span><span class="p">(</span><span class="nx">items</span><span class="p">);</span> <span class="p">},</span> <span class="p">[]);</span> </code></pre> </div> <p>Ideally, SSR and client should call the API with the same conditions, but authentication state synchronization can be tricky. Adding defensive code provides peace of mind.</p> <h2> ⚛️ React 19 Considerations </h2> <p>The three issues above can occur with infinite scroll in general, but there are also React 19-specific considerations.</p> <p>In React 19, state updates are batched more aggressively. This usually contributes to performance improvements, but can cause unexpected issues when coordinating Zustand with React state.</p> <p>When updating React's local state immediately followed by updating Zustand's store, batching may reorder them. In such cases, use <code>flushSync</code> from <code>react-dom</code> to execute synchronously.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">flushSync</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react-dom</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">updateItems</span> <span class="o">=</span> <span class="nf">useCallback</span><span class="p">((</span><span class="nx">newItems</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">mergedItems</span><span class="p">;</span> <span class="nf">flushSync</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">setLocalState</span><span class="p">(</span><span class="nx">prev</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">mergedItems</span> <span class="o">=</span> <span class="p">[...</span><span class="nx">prev</span><span class="p">,</span> <span class="p">...</span><span class="nx">newItems</span><span class="p">];</span> <span class="k">return</span> <span class="nx">mergedItems</span><span class="p">;</span> <span class="p">});</span> <span class="p">});</span> <span class="c1">// At this point, setLocalState has definitely completed</span> <span class="nf">updateZustandStore</span><span class="p">(</span><span class="nx">mergedItems</span><span class="p">);</span> <span class="p">},</span> <span class="p">[]);</span> </code></pre> </div> <p><code>flushSync</code> shouldn't be overused, but it's effective when you need to strictly synchronize multiple state stores.</p> <h2> 📊 Performance Optimizations </h2> <h3> Suppressing Re-renders with useShallow </h3> <p>When retrieving multiple values from a Zustand store, re-renders occur even for unrelated value changes. Using <code>useShallow</code> triggers re-renders only when specified properties change.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">useShallow</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zustand/react/shallow</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Bad: pagination recalculates when publicItems changes</span> <span class="kd">const</span> <span class="nx">store</span> <span class="o">=</span> <span class="nf">useContentStore</span><span class="p">();</span> <span class="c1">// Good: subscribe only to needed properties</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">items</span><span class="p">,</span> <span class="nx">hasMore</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useContentStore</span><span class="p">(</span> <span class="nf">useShallow</span><span class="p">(</span><span class="nx">state</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">items</span><span class="p">:</span> <span class="nx">state</span><span class="p">.</span><span class="nx">publicItems</span><span class="p">,</span> <span class="na">hasMore</span><span class="p">:</span> <span class="nx">state</span><span class="p">.</span><span class="nx">pagination</span><span class="p">.</span><span class="k">public</span><span class="p">.</span><span class="nx">hasMore</span><span class="p">,</span> <span class="p">}))</span> <span class="p">);</span> </code></pre> </div> <p>Since infinite scroll handles large amounts of items, suppressing unnecessary re-renders is important.</p> <h3> Auto-Load Until Screen is Filled </h3> <p>If no scrollbar appears on initial display, users can't scroll and the next page won't load. This happens with large monitors or when item height is small.</p> <p>I added a mechanism using ResizeObserver to automatically continue loading until the screen is filled.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">checkScrollbar</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">hasScrollbar</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">documentElement</span><span class="p">.</span><span class="nx">scrollHeight</span> <span class="o">&gt;</span> <span class="nb">window</span><span class="p">.</span><span class="nx">innerHeight</span><span class="p">;</span> <span class="c1">// Load if no scrollbar and more data exists</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">hasScrollbar</span> <span class="o">&amp;&amp;</span> <span class="nx">hasMore</span><span class="p">)</span> <span class="p">{</span> <span class="nf">loadMore</span><span class="p">();</span> <span class="p">}</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">timer</span> <span class="o">=</span> <span class="nf">setTimeout</span><span class="p">(</span><span class="nx">checkScrollbar</span><span class="p">,</span> <span class="mi">300</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">observer</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ResizeObserver</span><span class="p">(</span><span class="nx">checkScrollbar</span><span class="p">);</span> <span class="nx">observer</span><span class="p">.</span><span class="nf">observe</span><span class="p">(</span><span class="nb">document</span><span class="p">.</span><span class="nx">body</span><span class="p">);</span> <span class="k">return </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">clearTimeout</span><span class="p">(</span><span class="nx">timer</span><span class="p">);</span> <span class="nx">observer</span><span class="p">.</span><span class="nf">disconnect</span><span class="p">();</span> <span class="p">};</span> <span class="p">},</span> <span class="p">[</span><span class="nx">hasMore</span><span class="p">,</span> <span class="nx">loadMore</span><span class="p">]);</span> </code></pre> </div> <p>ResizeObserver also detects layout changes like sidebar open/close and triggers additional loading.</p> <h2> 🔧 Consolidating into a Custom Hook </h2> <p>I created a <code>usePagination</code> hook that consolidates these processes. The same logic can be reused across different screens.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">export</span> <span class="kd">function</span> <span class="nf">usePagination</span><span class="p">({</span> <span class="nx">items</span><span class="p">,</span> <span class="nx">scope</span><span class="p">,</span> <span class="nx">loadMoreData</span><span class="p">,</span> <span class="nx">pagination</span> <span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">loadedItems</span> <span class="o">=</span> <span class="nx">items</span> <span class="o">||</span> <span class="p">[];</span> <span class="kd">const</span> <span class="nx">hasMore</span> <span class="o">=</span> <span class="nx">pagination</span><span class="p">?.</span><span class="nx">hasMore</span> <span class="o">||</span> <span class="kc">false</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">loadMore</span> <span class="o">=</span> <span class="nf">useCallback</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">loadMoreData</span> <span class="o">||</span> <span class="o">!</span><span class="nx">hasMore</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="nf">loadMoreData</span><span class="p">(</span><span class="nx">scope</span><span class="p">);</span> <span class="p">},</span> <span class="p">[</span><span class="nx">loadMoreData</span><span class="p">,</span> <span class="nx">scope</span><span class="p">,</span> <span class="nx">hasMore</span><span class="p">]);</span> <span class="c1">// Auto-load to fill screen (useEffect above)</span> <span class="c1">// ...</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">loadedItems</span><span class="p">,</span> <span class="nx">hasMore</span><span class="p">,</span> <span class="nx">loadMore</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h2> ✅ Summary </h2> <p>This article explained the pitfalls and solutions when implementing infinite scroll with Zustand and React 19.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Problem</th> <th>Cause</th> <th>Solution</th> </tr> </thead> <tbody> <tr> <td>Duplicate data</td> <td>Pagination offset shift</td> <td>Filter with Set</td> </tr> <tr> <td>Order scrambled</td> <td>Race condition</td> <td>Track loading with Ref</td> </tr> <tr> <td>SSR data loss</td> <td>Overwritten by empty response</td> <td>Protect with flag</td> </tr> <tr> <td>React 19 batching</td> <td>Update order reversal</td> <td>Synchronize with flushSync</td> </tr> </tbody> </table></div> <p>Infinite scroll is more complex than it looks. Especially when multiple data sources and SSR are involved, the edge cases to consider multiply. I hope this article helps those facing similar challenges.</p> <p>Tomorrow's article will cover "Creating Excel-like Tables with No-Code."</p> <p><strong>Other Articles in This Series</strong></p> <ul> <li>Day 14: Designing Mobile-First UX: Responsive Design in Practice</li> <li>Day 16: Creating Excel-like Tables with No-Code: Implementing Drag &amp; Drop UI</li> </ul> react zustand nextjs typescript