CodeMarine

Like I have been saying… you need some deterministic tools as guardrails - ones at the edge! skills.md is not going to cut it. Use CodeMarine @awscloud

@Hartdrawss 31. Use CodeMarine to cover your ass

30 security rules for AI VIBE CODING : 1. Set session expiration (JWT max 7 days + refresh rotation) 2. Never use AI-built auth. Use Clerk, Supabase Auth, or Auth0 3. Never paste API keys into AI chats. Use process.env 4. .gitignore is your first file in every project, not the last 5. Rotate secrets every 90 days minimum 6. Verify every package the AI suggests actually exists before installing 7. Always ask for newer, more secure package versions 8. Run npm audit fix right after building 9. Sanitize every input. Use parameterized queries always 10. Enable Row-Level Security from day one 11. Remove all console.log statements before shipping 12. CORS should only allow your production domain. Never wildcard 13. Validate all redirect URLs against an allow-list 14. Apply auth + rate limits to every endpoint, including mobile APIs 15. Rate limit everything from day one. 100 req/hour per IP is a start 16. Password reset routes get their own strict limit (3 per email/hour) 17. Cap AI API costs in your dashboard AND in your code 18. Add DDoS protection via Cloudflare or Vercel edge config 19. Lock down storage buckets. Users should only access their own files 20. Limit upload sizes and validate file type by signature, not extension 21. Verify webhook signatures before processing any payment data 22. Use Resend or SendGrid with proper SPF/DKIM records 23. Check permissions server-side. UI-level checks are not security 24. Ask the AI to act as a security engineer and review your code 25. Ask the AI to try and hack your app. It will find things you won't 26. Log critical actions: deletions, role changes, payments, exports 27. Build a real account deletion flow. GDPR fines are not fun 28. Automate backups and test restoration. An untested backup is nothing 29. Keep test and production environments completely separate 30. Never let test webhooks touch real systems Ship fast. But ship secure.

@WasimShips Helpful, but also use @CodeMarineAI ;)

@WasimShips And I can help!

there's an AWS outage in me-central-1 because it got bombed

@alexkehr And the remaining ones should use me to cover their ass 😆

hot take: any software engineer who is not already at close to 100% ai coding output should be cut within the next 3 months not only are they inefficient, but they’ve also shown a lack of curiosity and willingness to learn

@Param_eth Add me to the list!

Full Stack Vibe Coding: - Vercel - Next.js - Prompts - Cloudflare - Supabase - TypeScript - Stripe/Polar - Tailwind CSS Build SaaS/AIaaS in these categories: - Security - Analytics - Marketing - Real estate - Content creation

@Oblivious9021 Use @CodeMarineAI to cover your six. This is exactly what I’m used for!

⚠️ Top 3 Security Vulnerabilities in Vibe Coded Apps 1. No Authentication Public APIs exposing private data because "we'll secure it later." 2. No Rate Limiting Unlimited requests = brute force attacks, scraping & surprise cloud bills. 3. Open CORS ("*") Any website can call your APIs and steal user data silently. Most vibe coded apps work perfectly… until they go public. Ship fast. Secure faster!

@sahill_og And @CodeMarineAI to protect your ass 😆

Forget hiring a team. Here's what you need to run a full SaaS solo: - n8n — automation - Supabase — backend - Cursor — code - Claude — thinking - Vercel — deploy - Stripe — payments - Resend — emails - Framer — landing page - PostHog — analytics - Cloudflare — security $0/month until you're making money.

@Hartdrawss And use @CodeMarineAI ! Catches all of this as the AI codes

25 signs your vibe-coded app is a TICKING BOMB ! 1. API keys hardcoded “for now” 2. No /health endpoint, you just hit the homepage 3. Schema changes live in your head, not migrations 4. Every query is SELECT * and vibes 5. Error handling = console.log(e) and hope 6. No rate limit on auth or writes 7. UTC, local time, and “JS default” all mixed 8. README is empty or wrong 9. No staging env, just “dev” and “prod-ish” 10. One god component owns the whole screen 11. No analytics, just “feels like people use it” 12. You say “we’ll clean this up after launch” every week 13. Env vars live only on your laptop, nowhere else documented 14. Frontend talks directly to 5 different third-party APIs with no wrapper 15. No monitoring or alerts – you find out it’s down from a DM 16. Logs only exist in your local terminal history 17. DB backups are “automatic”… but you’ve never tested a restore 18. Feature flags = commenting code in and out 19. Deploys are done from your local machine with one random script 20. No input validation, you trust whatever the client sends 21. CORS is set to * because “it fixed the error” 22. CI is “I ran it once locally and it worked” 23. Same API token reused across staging, prod, and local 24. Only one person actually knows how to run or deploy the app Bookmark this to defuse today LOL

@ennycodes @opencode @tan_stack @CodeMarineAI ! Who’s watching the AI? I am!

If you're a developer, trust me, this is for you. These are and gonna be the best tech in 2026: -@opencode: A coding agent that works in Terminal, IDE, and it's so good. -@tan_stack: The best ecosystem for frontend, if you hate or want an alternative to Nextjs, they have TansStack Start you can deploy it on @Netlify, @Cloudflare not a locked framework :) -@convex: One of the best and modern backend framework out there, and it's also self-hosted -@shadcn: The godfather of UI libraries, I think he doesn't need an explanation. -@autumnpricing: The fastest way ever to setup Stripe in your projects and start getting payments -@better_auth: My favorite auth library now. -@clerk or @WorkOS if you're lazy and want a fast auth with so cool features out of the box that you don't want to manage yourself -@polar_sh: Since Stripe acquired lemonsqueezy and killed it, this is the best alternative in the market now -@tembo: Your way to go for code review, the team is cooking, I've talked to @connorpaton about something and found out they are ahead -@Sentry: This is a must for every project, to catch bugs and fix them, maybe be smart and use it with @tembo -@appwrite: Another cool backend framework and ecosystem to build your full-stack apps -@firecrawl: The best and fastest scrapper out there, and I really bet o it. -@ExaAILabs: Best search API for agents and modern apps -@expo: My way to go for mobile apps, I used it and from day one, I really understood 90% of the framework, Btw, I have an app on Google play and Apple store. -@mintlify: I will never build a docs and there's mintlify. Please share yours in the comments if I missed it, I would like to learn new stuff 👇

@benjitaylor Add on CodeMarine and you have a hell of a stack ;)

Readout is a fully native macOS app I’ve been building for myself. It provides a real-time overview of your dev environment and Claude Code config. All local, no account required. It's still very much a beta, but now available to try: readout.org

@anitakirkovska And who guards the guards?

Work has fundamentally changed in the last two weeks. Most tasks are now .md files. We've transferred our whole Webflow website into a Next.js project using Claude Code in just two days. Our branding guidelines are stored in one skill. Our SEO is preserved. Creating marketing pages is a 1-prompt task now. Our GTM/CS teams are pushing PRs to our products, and Codex is reviewing them automatically. Our engineers have all become PMs, they're building full end to end use-cases following specific user journeys. And everything... just works. This month we're set to push more than 10k PRs for a team of 15 engineers. We also have at least 5 different assistants in our Slack, who communicate on behalf or in addition to their 'guardian'. I've seen some of our colleagues talk to the assistant rather than the actual person. The way we do work ~has~ changed. It's not an 'if' scenario anymore. The sooner we accept that, the sooner we get to decide how this technology affects us. Many people won’t sit with that discomfort yet, and that hesitation will shape their experience more than the change itself

@WasimShips And still little focus on security… but that’s ok. That why I’m here! @CodeMarineAI 🫡

@kylebrussell Yeah but you all need me still, no matter what model you are using ;)

Today we announced we’re removing >90 Cursor seats because they haven’t had any use in two weeks

Ok, not selling here; looking for beta testers to help. Lots of chatter on AI watching AI for security - helpful, but not the end solution. CodeMarine is deterministic And if you’re working on open source projects, it’ll be 100% free for those projects. codemarine.ai/enlist

@heygurisingh Who guards the guards.. or the agents in this case. AI fixing AI is still dangerous!

Someone just built an AI system that runs 60+ AI agents simultaneously and they all learn from each other. It's called Claude-Flow and it's ranked #1 in agent-based frameworks on GitHub. One agent plans. Another codes. Another tests. Another reviews security. All running in parallel. All sharing memory. All getting smarter every run. The wildest part? It cuts Claude API costs by 75% using smart routing, simple tasks go to a free WebAssembly layer, complex ones to the right model. Your Claude subscription just became 2.5x more powerful. 14,100+ developers already starred it. 100% Opensource.

@elvissun Yeah but what’s watching it if you are not?!

@d4m1n What checks and balances are in place?

few of my dev friends from big corps tried this. next day they told me "I see what you mean with being in the top 1%" 😃

@Av1dlive @elvissun Hmm but who guards the guards? 😆

we will soon have solo founder billionaires this workflow will make you an engineering machine banger article by @elvissun