Secure infrastructure for "Vibe Coding" — allowing engineers to use AI Agents to rapidly build internal tools with zero-config security.

Vibe Garden is a Next.js monorepo implementing micro-frontends with a Hybrid Data Model and Global Google Workspace Authentication. The platform enables rapid development of internal tools while automatically enforcing security best practices.

The goal is to remove security burdens from the "Vibe Coding" process.

The Vibe: "Make a tool for the sales team."
The Guardrail: The generated tool is automatically behind a Google Login screen. The developer does not write auth code. The app does not launch unless the user is a verified employee.

Vibe Garden follows a Three-Tier Architecture:

• Technology: Next.js + NextAuth.js
• Role: Handles Google OAuth 2.0 authentication
• Enforcement: Middleware intercepts all requests, validates sessions, enforces email domain restrictions
• Location: Root-level Next.js app (to be implemented)

• @repo/ui: Design system and shared React components
• @repo/data-global: Read-only access to production database (to be implemented)
• @repo/data-local: Per-app SQLite database management (to be implemented)
• @repo/eslint-config: ESLint configurations
• @repo/typescript-config: TypeScript configurations
• @repo/tailwind-config: Tailwind CSS configuration

• Technology: Next.js (App Router) + TypeScript
• Isolation: Each app has its own SQLite database
• Security: Zero authentication logic — apps consume sessions from Platform Shell
• Location: apps/* directory

• Every route automatically behind Google Workspace authentication
• Email domain validation (@company.com only)
• No auth code needed in individual apps
• Automatic access revocation for ex-employees

• Global Data: Read-only access to production database

  • Safe for reporting and analytics
  • SELECT-only operations enforced
  • Credentials managed at Platform Shell level

• Local Data: Per-app SQLite databases

  • Perfect for user-specific configs
  • Tool-specific records
  • Complete data isolation between apps

• Scaffold new apps in seconds
• Build with AI agents using natural language
• Automatic routing and authentication
• Shared component library for consistent UI

• Node.js >= 18
• Google Cloud Console access (for OAuth setup)

The following tools must be installed before setting up the project:

• pnpm >= 10.19.0 - Package manager for the monorepo

  • Install: npm install -g [email protected] or follow pnpm installation guide

• Bun - Required for running AI rules update script (update-ai-rules)

  • Install: curl -fsSL https://bun.sh/install | bash or follow Bun installation guide

# Install dependencies
pnpm install

# Start development
pnpm dev

# Scaffold a new app (command to be implemented)
npm run create-vibe-app <app-name>

# Example
npm run create-vibe-app sales-dashboard

vibe-garden/
├── apps/
│   ├── template/              # Template for new Vibe Apps
│   └── {app-name}/            # Individual Vibe Apps
│       ├── app/               # Next.js App Router
│       ├── data/              # SQLite database (optional)
│       └── package.json
├── packages/
│   ├── ui/                    # Design system (@repo/ui)
│   ├── data-global/           # Global data access (to be created)
│   ├── data-local/            # Local SQLite access (to be created)
│   ├── eslint-config/         # ESLint configurations
│   ├── typescript-config/     # TypeScript configurations
│   └── tailwind-config/       # Tailwind CSS configuration
├── .ai/                       # AI assistant instructions
├── package.json               # Root package.json
├── pnpm-workspace.yaml        # pnpm workspace configuration
└── turbo.json                 # Turborepo configuration

Scaffold a new app using the template:

npm run create-vibe-app <app-name>

Prompt your AI agent:

"Build a dashboard using Global Data to see active users. Let me add notes to each user and save those notes to my local database."

The AI will:

• Use @repo/ui components for UI
• Read user data from @repo/data-global
• Save notes to @repo/data-local
• Consume session for user identification
• Follow all security and architecture rules

# Start Platform Shell (when implemented)
cd apps/platform-shell
pnpm dev

# Start your Vibe App
cd apps/{app-name}
pnpm dev

The Platform Shell automatically wraps your new route:

• No additional configuration needed
• Route available at: tools.company.com/vibe/{app-name}
• Authentication enforced automatically

• Provider: Google Workspace OAuth 2.0
• Enforcement: Platform Shell middleware intercepts all requests
• Validation: Email must end with @company.com (configurable)
• Session: Managed by NextAuth.js, passed to apps via cookies/headers

• Global Data: Read-only, SELECT-only operations
• Local Data: One SQLite file per app, namespaced by app ID
• Credentials: Stored in Platform Shell only, never in apps

• No Public Paths: Every route requires authentication
• Domain Restriction: Only company email addresses allowed
• Automatic Revocation: Suspended Google Workspace accounts lose access immediately

All internal packages use the workspace:* protocol:

{
  "dependencies": {
    "@repo/ui": "workspace:*",
    "@repo/data-global": "workspace:*",
    "@repo/data-local": "workspace:*"
  }
}

# Development
pnpm dev              # Start all apps in development mode

# Building
pnpm build            # Build all packages and apps

# Code Quality
pnpm lint             # Lint all packages and apps
pnpm check-types      # Type check all packages and apps
pnpm format           # Format code with Prettier

# AI Rules
pnpm update-ai-rules  # Sync .ai/ folder changes to AI assistant

• Framework: Next.js 16+ (App Router)
• Language: TypeScript (strict mode)
• Styling: Tailwind CSS
• Package Manager: pnpm with workspaces
• Build System: Turborepo
• Authentication: NextAuth.js (Auth.js)
• Database: PostgreSQL/MySQL (global), SQLite (local)

Comprehensive documentation is available in the .ai/ directory:

• Architecture Rules - Three-tier architecture details
• Authentication Rules - Auth requirements and patterns
• Data Access Rules - Hybrid data model guidelines
• Package Structure - Monorepo organization
• Security Rules - Security enforcement
• Workflow Rules - Development workflows

• Create Vibe App - Scaffolding new apps
• Platform Shell Setup - Authentication setup
• Data Layers Setup - Data package implementation

• Monorepo structure (Turborepo + pnpm)
• @repo/ui package with design system
• @repo/eslint-config, @repo/typescript-config, @repo/tailwind-config
• Template app structure
• AI assistant instructions and documentation

• Platform Shell (authentication gatekeeper)
• @repo/data-global package (read-only production DB access)
• @repo/data-local package (per-app SQLite management)
• Vibe App scaffolding command
• Production deployment configuration

When contributing to Vibe Garden:

1. Follow Architecture Rules: Maintain the three-tier architecture
2. Security First: Never implement auth in apps, always use Platform Shell
3. Data Isolation: Respect app boundaries, never access other apps' data
4. Use Shared Packages: Leverage @repo/ui and other shared packages
5. Document Changes: Update relevant .ai/ documentation
   • After updating .ai/ folder contents, run pnpm update-ai-rules to sync changes

For questions or issues, refer to the documentation in .ai/ or contact the platform team.

Built with ❤️ for rapid, secure internal tool development