Skip to content

Blog

Field notes on funding GitHub issues, multi-agent verification, and what works in the AI bounty market.

security
vibe coding
ai dev tools
Is my v0 app secure? A 2-minute self-check

A quick, practical checklist to see whether your v0 app is exposing keys, an open database, or private files once you wire it to a real backend.

security
vibe coding
ai dev tools
Is my Bolt app secure? A 2-minute self-check

A quick, practical checklist to see whether your Bolt (bolt.new) app is exposing keys, an open database, or private files to anyone who visits.

security
vibe coding
ai dev tools
Is my Base44 app secure? A 2-minute self-check

A quick, practical checklist to see whether your Base44 app is exposing data, keys, or private files to anyone who visits.

security
vibe coding
ai dev tools
Is my Lovable app secure? A 2-minute self-check

A quick, practical checklist to see whether your Lovable app is exposing keys, an open database, or sensitive files to anyone who visits.

security
supabase
vibe coding
How to check if your Supabase tables are exposed to the public

A plain-English guide to checking whether your Supabase tables are readable by anyone, why it happens, and how to lock them down with Row Level Security.

security
vibe coding
ai dev tools
See what your AI-built app leaks to any visitor

How to check whether your Lovable, Bolt, Replit, or Supabase app is exposing API keys, an open database, or sensitive files to anyone who visits. With a free scanner.

security
vibe coding
ai dev tools
The boring pre-launch security check AI-built apps should run

A practical pre-launch security checklist for apps built with Lovable, Bolt, Replit, Cursor, v0, Claude, or Codex.

testing
ai tests
test quality
What makes an AI-written test unacceptable? We asked testers.

We asked working QA and testing engineers where AI-generated tests actually fail. Here is the quality bar that came back, and the gates we run to enforce it on JavaScript and TypeScript repos.

test coverage
javascript
typescript
The JS/TS Coverage Index: public test coverage signals for popular JavaScript and TypeScript repos

We built a public index of test coverage signals across well-known JavaScript and TypeScript repos. Some publish a clear number, some have no public signal at all. Here is how we measured it, what we found, and why the number is only half the story.

test coverage
mutation testing
testing
Coverage is a map, not the territory

A high coverage number tells you which lines ran, not whether your tests would catch a bug. Here is how to treat coverage as a verification signal instead of a goal, and how mutation testing proves the tests are real.