The Principal Engineer's Bible, Part 5: Production Architecture, MVP to Real Apps

The Principal Engineer's Agentic Coding Bible · Episode 05

The Principal Engineer's Bible, Part 5: Production Architecture, MVP to Real Apps

A six-part guide for the IT/Cyber/Cloud generalist now orchestrating AI agents. Part 5 is the production architecture playbook. The Vercel + GCP split, Expo + React Native for mobile, Supabase + Postgres + Row-Level Security as the non-negotiable, and the five-stage SDLC runbook from ideation to V1 hardening.

Chris Watkins 10 min read

Listen in my voice · AI narration (ElevenLabs clone)

Loading audio player…

Watch the episode · AI-generated video

On this page

This is Part 5 of The Principal Engineer’s Agentic Coding Bible. Parts 1 through 4 set the worldview, the toolchain, the security spine, and the org structure for your agentic engineering army. Part 5 is where the rubber meets the road. Production architecture. The patterns that take an MVP from “it boots on Vercel” to “it survives real users hitting it at scale.”

This is also the part where I’m going to be opinionated about specific platform picks. You can absolutely deviate. Just deviate with a reason, not because you saw a tweet.

The Vercel + GCP Split (the boring choice that wins)

Every successful production architecture I run for indie / small-team work in 2026 looks roughly the same:

LayerPlatformWhy
FrontendVercelPreview deploys on every PR, staging branch for QA, production with auto-scaling, edge network included, Astro/Next/SvelteKit all first-class
Backend APIGCP Cloud RunContainerized, auto-scaling, IAM-integrated, pay-per-request, scales to zero when idle
DatabaseSupabase PostgresPostgres with auth, storage, realtime, and RLS built in. Free tier carries you to product-market fit.
SecretsGCP Secret ManagerTight IAM integration, audit trail, rotation hooks
LogsGCP Cloud LoggingSearchable, structured, alertable
Scheduled jobsGCP Cloud SchedulerCron-as-a-service, IAM-controlled
Async tasksGCP Pub/Sub or Cloud TasksQueue + durable worker pattern
Background workflowsVercel Workflow SDK (GA April 2026)Durable, resumable agent workflows. Lives next to your AI SDK code.

The reason this split wins: the frontend and the backend have different operational shapes. Frontend lives or dies on edge-network latency and preview-deploy DX. Backend lives or dies on observability, scaling controls, and IAM. Vercel is the best in the world at the frontend shape. GCP is the best in the world at the backend shape (with AWS and Azure as defensible alternatives, depending on your existing footprint).

If you put the backend on Vercel too, you outgrow it the day you need real workflow control. If you put the frontend on GCP, you spend three weeks rebuilding what Vercel gives you free.

Domain and Routing Standard

This is the one that prevents six months of “where do I put this” arguments.

SubdomainDestinationPurpose
app.yourdomain.comVercelFrontend, customer-facing
api.yourdomain.comCloud RunBackend API
admin.yourdomain.comVercelInternal admin dashboard (gate it with auth, obviously)
docs.yourdomain.comVercelPublic docs (Mintlify, Astro, or similar)
status.yourdomain.comBetter Stack / similarStatus page, decoupled from your main hosting

Pick this structure on day one. Migrating later costs you DNS changes, JWT scope rewrites, CORS rules, and a weekend of regret.

Mobile Development: Expo + React Native (the debate is over)

The “Expo vs. React Native CLI” debate is over. The React Native team itself recommends a framework-first approach. Default choice: Expo. Stop having the conversation.

OTA (over-the-air) update strategy

Mobile development has historically been a slog because every change required an App Store review cycle. OTA fixes that for the changes that don’t touch native code.

Change typeOTA-able with EAS Update?
Bug fixes (JS only)Yes
UI changesYes
Content updatesYes
Feature flagsYes
New native modulesNo, requires new build
Expo SDK version changeNo, requires new build
Permission changes (e.g. camera)No, requires new build
App icon / splashNo, requires new build

Use EAS Update for everything OTA-able. The standard tooling matured this year.

Note for anyone still reading older docs: Microsoft’s CodePush retired in March 2025. If a 2024 tutorial tells you to use it, ignore. EAS Update is the answer.

Database Layer: Supabase + Postgres (and the RLS rule that’s non-negotiable)

“January 2025: 170+ apps built with Lovable were found to have exposed databases (CVE-2025-48757) because developers didn’t enable RLS. 83 percent of exposed Supabase databases involve RLS misconfigurations.”

Read that again. 83 percent. This is the most common production security failure in 2026, by a wide margin. And it’s preventable with one toggle and a few lines of SQL.

Row-Level Security is mandatory

RLS is mandatory on all user-facing tables. No exceptions. Not “we’ll add it later.” Not “the API enforces it.” If the table can be queried by an authenticated user, RLS must be on.

RLS best practices

PracticeWhy
Enable RLS on all user-facing tablesThe 83 percent stat. This is the bar.
Define granular access policies using auth.uid()Tenant isolation enforced at the database, not at the app layer
Add indexes on RLS columns100x query improvement on large tables, no joke
Wrap auth function calls in SELECT for cachingPostgres caches subselects, raw function calls re-evaluate per row
Keep policies simpleComplex joins slow queries. Simple policies enforce better.

If you’re starting a Supabase project this week, the very first migration after creating any user-facing table should be ALTER TABLE x ENABLE ROW LEVEL SECURITY; plus the auth.uid() policy that says who can see what. Make it a checklist item. Make it a pre-merge gate. Make it impossible to ship a user-facing table without it.

When to consider an alternative

ScenarioConsider
MVP / V1 / most appsStay on Supabase
Reactive-heavy AI agent appConvex (the @convex-dev/agent component is a real unlock for thread persistence + vector search)
Enterprise compliance forcedManaged Postgres on Cloud SQL or RDS
Analytical / OLAP workloadsAdd DuckDB or ClickHouse alongside Postgres
Edge-first single-region miseryStay with Supabase. Don’t chase edge databases until you measurably need them.

The SDLC Runbook (five stages, with time budgets)

This is the runbook I use for every new product or major feature. Time budgets are aggressive on purpose: agentic engineering is fast when the operator gives it structure, and slow when the operator wings it.

Stage 0: Ideation (1 to 3 hours)

Outputs:

  • Problem statement (one paragraph, no jargon)
  • ICP (Ideal Customer Profile)
  • MVP scope (10 bullets max, anything more is scope creep)
  • Non-goals (hard list of what you’re explicitly NOT building)
  • Success metric (one number; if you can’t define one, you don’t have a feature yet)
  • 7-day ship plan (yes, seven days, not seven sprints)

If you can’t write this in 3 hours, the idea isn’t clear enough yet.

Stage 1: System Design + Spec (2 to 6 hours)

Outputs (all going into ARCH_NOTES.md and the specs/ directory):

  • Data model (entities, relationships, the small set of objects that matter)
  • API contract list (the routes, the request/response shapes)
  • Auth model (roles, tenancy, what auth.uid() looks like in your case)
  • Error handling strategy (what fails how, what the user sees, what gets logged)
  • Threat model (lightweight: what data is sensitive, what an attacker would want, what the blast radius is)
  • Feature specs (SDD artifacts per core flow, per the Pillar 1 discipline from Part 1)

This is the most-skipped stage. Don’t skip it. The spec is the agent’s source of truth, and an agent without a spec hallucinates structures that look right and break in production.

Stage 2: Backlog + Tickets (1 hour)

  • Epics in Linear / Jira (one per major flow)
  • Small, testable tickets (1 to 4 hours each; if longer, decompose)
  • Each ticket links to the relevant spec (so the agent can pull context)
  • Acceptance criteria on every ticket (testable, binary, no “feels good”)

Don’t open a single agent session before this stage is done. Agents without tickets thrash. Agents with tight tickets ship.

Stage 3: MVP Scaffold (2 to 12 hours)

What “done” looks like:

  • Runnable build (the project boots, hot reload works, you see a screen)
  • Auth wired (real users can sign up, log in, log out, recover)
  • Database connected (you can read and write the smallest happy-path entity)
  • First happy path working (one full user flow end to end, even if ugly)

The point of Stage 3 is to compress as much “boot the project” friction as possible into the same focused session. Once a project boots and persists data, the iteration loop gets fast.

Stage 4: Iteration Loop (daily, ongoing)

Per ticket:

Plan ticket
  → Implement (agent)
  → Test (agent)
  → Review (agent)
  → Deploy (Vercel preview)
  → Verify (manual smoke test)
  → Merge

The orchestration roles from Part 4 (Orchestrator, Architect, Scaffold, Coder, Reviewer, Tester) map onto this loop. Different agents wear different hats per phase. Repeat.

Stage 5: V1 Hardening (1 to 3 days)

What “ready for paying users” looks like:

  • Rate limiting on all public endpoints
  • Input validation everywhere (zod schemas at the boundary)
  • Error boundaries on the frontend
  • Logging and metrics (structured logs to Cloud Logging, metrics in Better Stack or Datadog)
  • Database migration discipline (versioned, reviewed, reversible)
  • Backup verification (when was the last restore actually tested?)
  • Security headers (CSP, HSTS, X-Content-Type-Options, the standard set)
  • CI enforcement (the gates from Part 3 are required, not advisory)

Don’t ship V1 without all of these. The MVP can be hacky. V1 cannot.

A one-screen summary

If you’re skimming:

ConcernDefaultPromotion trigger
FrontendVercelDon’t promote, stay
BackendLovable / Replit$10k MRR OR reliability issues
Backend, V1 → matureGCP Cloud RunPerformance, compliance, cost optimization
MobileExpoDon’t promote until production scale forces it
Mobile OTAEAS Update(CodePush is retired, don’t use)
DBSupabase + RLS enabled day oneConvex if reactive AI app, managed Postgres if enterprise compliance forced
Process5-stage runbook with time budgetsAdjust budgets, don’t skip stages

What’s next

Part 6 closes the series. The operating system you actually run day-to-day. Vibe coding failure case studies with the receipts (Enrichlead, Replit, litellm, Lovable). Compliance and governance baseline. The Notion workspace template. Reusable feature spec templates and launch checklists. Daily, weekly, and monthly loops you can actually maintain.

Subscribe to AI in Living Color below if you want the final part dropped into your inbox.


This is Part 5 of “The Principal Engineer’s Agentic Coding Bible,” v3.0, originally drafted March 2026, now publishing in pieces through 2026 in my actual voice. Built in public.