Ben Anderson

Vibe coding got you to MVP and your first customers. Congrats! Now you have to: Onboard a dev who's never seen the code Debug with no observability Refactor without reading every file Add a feature without breaking 3 more That's the gap between "it works" and "it's engineered"

Day 6/7 Fixing the first broken thing is how bugs come back. as-rca makes Claude reproduce the failure, then keep asking "what is causing this?" down the causation chain until it hits something with no upstream cause in the system. That's the root. Fix that.

The mistake vibe-coded apps make isn't in the feature code. It's in the assumptions underneath it. No migration workflow. No observability. No rollback. Auth that works for the founder. The demo ships. The foundation doesn't.

Hot take: the reason vibe-coded apps fail in production isn't AI. It's that most builders have never run a production system. AI makes it fast to build. It doesn't teach you what operations actually requires. What's the thing you had to learn the hard way?

5 production gaps I find in almost every vibe-coded app: 1) No idempotency on payment webhooks 2) Secrets in git history 3) Schema lives in the dashboard, not the repo 4) No structured logging so failures are invisible 5) Auth checked on the client, not the server Fix these before launch. Everything else can wait.

@asaio87 I agree to a certain extent. With proper context separation and architecture they are still useful. However, if you are at a point where you are just prompting co-pilot that is bad. We need to get to the point where they are defining clear specs and implementing from there.

Most people hyping Claude Code or AI tools in general have never worked with these tools for production apps. Its nice to build small tools, but as you build complex apps, things tend to slow way down. the real time gain is at best 25%

I was looking at an interesting architecture the other day where they were running a couple of fine tunes for quick easy inference and using the frontier models for handling conversation turns. I think the truth is that is more sophisticated than 99% of the setups out there. Most people have a single API calling OpenAI or Anthropic. You've inspired me to start thinking about self-hosting a small model at home. 🤔

Open-weight models are still so far behind OpenAI and Anthropic for any serious work. If you want to full agent experience, use the frontier models. I do. On the other hand - we need to get a foot in the door with models we can run ourselves now. GPT-5.5 and Opus 4.7 are VC handouts. The models are SO expensive to run, and OpenAI/Anthropic are burning BILLIONS to subsidize the cost for you. But sooner or later, the money will run out and the prices will skyrocket. And one thing is the price, but that's only half the problem. A few tech companies are about to own the operating layer of 95% of all businesses (...again). Right now is the chance to prepare for soverignity. Models like qwen, kimi, deepseek - they feel very far behind, and they can do what frontier models do. But it's a great place to start. Get used to the process. Run on hardware you buy (like DGX Spark or Mac Mini) - or rent GPU instances on platforms like Vast AI. Then start with boring tasks. Classification. Routing. Summaries. Internal search. You're gonna be doing this soon. Or a few US tech companies are gonna own you once again.

Skills week 5/7 This one is super important and simple. as-secret-scan Scans for accidentally committed API keys, tokens, and credentials across staged changes, working tree, or full git history. The reality is that AI coding tools write fast. They might also commit your Stripe key. as-secret-scan catches what vibe coding leaves behind before it becomes an incident.

I had a founder message me that they wanted me to review their app. I asked them to send me their repo so I could take a look at it. They asked, what is a repo? No shame here, but if you fall into this bucket lets talk.

Founder sent me their repo. Said "it's working great, just needs a polish pass." Found their .env committed in git history. Supabase service role key. Stripe secret. OpenAI key. All of it. The app was live. With real users. We're not talking about a sophisticated attack. Anyone who cloned the repo had every credential in plain text.

The most interesting vibe coding stat is not productivity. It is this: 40% of junior devs admit to deploying AI-generated code they do not fully understand. (and the other 60% will get fired if they do) That is the entire market for production-readiness, audits, and guardrails.

41% of global code is now AI-generated. That means the bottleneck is moving. Less: “Can we write the code?” More: “Can we trust, secure, operate, and maintain the code?”

The bottleneck used to be writing the code. Now it's understanding what you built well enough to make good decisions about it. The tools changed. The judgment requirement didn't.

92% of US developers now use AI coding tools daily. That is not “early adoption” anymore. That is a platform shift. The question is no longer “will devs use AI?” It is: Who reviews the code? Who owns the architecture? Who makes it production-ready?

@eliana_jordan Sure! But if they are shipping that fast they are not shipping reliably. I think that is going to be a differentiator. Just give it a bit.

building in public sounds great… until copycats ship your idea faster than you

@icanvardar --

prove me you're not an ai

@asaio87 I ask for citations that I can verify claims against.

How do you check if AI is right when it builds or writes something for you ?

The reality of the situation is that AI is fully capable of building out your product for you. The question is are you capable of guiding it?

@Soroosh_Tajdar I was working with a client the other day who designed everything in Google AI Studio, when I created an account all of the dummy data that the AI had hard coded was visible in my environment. It happens more often than you'd think.

@anchorstack_dev Number three is the one people skip and then find out about in a support ticket from a stranger.

Pre-launch checklist for vibe-coded apps. Save this: ☐ Tested with two separate accounts, not just yours ☐ Tried the app on a device you don't normally use ☐ Confirmed new users can't see your test data ☐ Stripe fires correctly in test mode ☐ You know what the app shows when the database is down Check all five and you're ahead of 80% of vibe-coded apps that ship.

@Xylon_lew @val__greg 100%!

@val__greg @anchorstack_dev exactly — the gap between knowing the answer and putting it where the agent can use it is where most AI workflows break down. context delivery is the unsexy infrastructure problem

There's a moment in every vibe-coded app's life when the founder types their next Claude prompt and thinks: "What if this makes it worse?" That's not a coding problem. That's a maintenance problem. And that moment arrives at roughly the same time for everyone. What causes it?