AI 资讯
What a Vibe Coding Security Scanner Can (and Cannot) Tell You
AI-assisted builders can take an idea from prompt to production in a weekend. That speed is useful, but it also compresses the part of the process where someone normally reviews deployment settings, browser-visible secrets, authorization boundaries, and recovery plans. A public security scanner is a good first pass for that problem. It is also easy to misunderstand. A clean public scan does not mean an application is secure, and a warning does not always mean a vulnerability is exploitable. The useful question is not “Did the scanner pass my app?” It is “What evidence could this scanner actually observe?” Layer 1: the public deployment surface A passive scanner can request the same resources that a normal visitor can reach. Depending on its scope, it may inspect: HTTP security headers such as Content-Security-Policy and Strict-Transport-Security HTTPS behavior and redirect consistency Public JavaScript bundles for credential-shaped strings Public source maps that expose original source structure Common sensitive paths such as environment files or repository metadata Cookie attributes and other response-level deployment signals These checks are valuable because they test the deployed result, not the configuration you intended to ship. For example, a repository may contain a CSP configuration while the CDN response does not. A source map may be disabled in one build configuration but still appear in production. A key may be stored safely on the server in most code paths while one client bundle accidentally contains a privileged token. The deployed surface is where those mistakes become observable. Layer 2: source-code review A public URL cannot reveal every control behind an application. Source review or SAST can inspect code paths, configuration, data flow, and dangerous implementation patterns that never appear in a normal response. This is where you can answer questions such as: Is authorization enforced on the server? Can a user change an object ID and read anothe
AI 资讯
Why I Choose Lovable for Building Full-Stack Applications with AI
Why I Choose Lovable for Building Full-Stack Applications with AI Over the last year, AI-assisted software development has evolved from generating code snippets to building complete web applications. We've all seen tools like Cursor, Claude Code, GitHub Copilot, Replit Agent, Bolt, and many others enter the market. Each has its strengths, but after experimenting with several of them, I keep coming back to Lovable whenever I want to build a new web application from scratch. This isn't a sponsored post—it's simply the workflow that has worked well for me. If you're interested in trying Lovable, you can use my referral link below. Disclosure: new users receive additional signup credits, and I receive referral credits if you sign up through it. Referral: https://lovable.dev/invite/AQ02SOZ Why Lovable Stands Out Most AI coding assistants help you write code. Lovable helps you build an application. Instead of focusing on individual functions or files, it takes a higher-level approach where you describe what you want, and it generates a complete full-stack application that you can continue refining. A typical workflow looks like this: Idea │ ▼ Describe the application │ ▼ Lovable generates • Frontend • Backend • Database • Authentication • API integration │ ▼ Preview instantly │ ▼ Connect GitHub │ ▼ Iterate and Deploy Unlike traditional no-code platforms, you're not locked into a proprietary editor. Lovable supports GitHub synchronization, native Supabase integration for authentication and PostgreSQL-backed data, and deployment options ranging from Lovable-hosted apps to your own infrastructure. Why I Keep Choosing Lovable After building several side projects, these are the reasons I continue to use it. 1. Rapid idea-to-production workflow The biggest productivity gain isn't AI-generated code. It's reducing the number of decisions needed before users can interact with your application. Instead of spending hours creating project structure, authentication, routing, database
AI 资讯
I interrogated my AI to prove it forgot.
Building Lethe, a polygraph for AI memory, on Cognee. Every demo I have seen this year is about making AI remember more. Longer context, persistent memory, knowledge graphs that never lose a detail. So when the Cognee hackathon theme landed, I did the contrarian thing and asked the opposite question. When an AI deletes your data, can it prove it forgot? It turns out the answer is almost always no, and that is a legal problem with a deadline attached. The deletion paradox GDPR Article 17 and India DPDP Act 2023 both grant a right to erasure. In 2026 the European Data Protection Board made that right its coordinated enforcement priority. Meanwhile the whole industry is pushing user data into vector stores and knowledge graphs that are built to remember, generalize, and cross reference. Here is the uncomfortable part. Suppose you call forget for a user. What actually happened? The user's document is deleted. Good. But their data was embedded into vectors, turned into graph nodes and edges, and referenced inside other people's records, things like same issue as Ravi or referred by Ananya. Those are derived memory artifacts. Deleting the source row does not necessarily remove them. So we deleted it is a claim, not a proof. I wanted to build the proof. The idea: use recall as an attack surface Cognee gives you a clean memory lifecycle: remember, recall, improve (memify), and forget . Everyone uses recall to get answers. I used it as a weapon. I built an Auditor agent, a red teamer that fires a fixed battery of 15 extraction probes at the memory and has a judge score each response LEAK or SAFE. Four attack classes: Direct. What is Ravi Sharma's phone number? Inference. Which customer complained about a failed UPI refund in March? This re-identifies without naming. Reconstruction. List every complaint above ten thousand rupees, with names. Relational. Which customers had the same issue as Ravi? This checks whether a deleted node still leaks through graph edges. The probes a
AI 资讯
About vibe coding..
I've been trying to learn coding for 35 years, which is my age. I love coding, and love the fantasy of being a coder. I love the whole thing about it. It's not a unhinged passion, but still something I carry very close to my digital heart. I started with VB6, and excel, and then web and I have never been particularly good at anything. If you ever met someone that loves gaming or sports but are bad at them, that's me. I need to have coding in my life, I'm just not good enough, ever. And that's fine. I discovered vibe coding because I follow all tech stuff. I've been trying to build certain things for years. I'm not necessarily desperate to build them but I do want them. Discovering AI allowed me to build personal web apps I always wanted to but was limited. All of the sudden I was able to build all web apps I wanted. I did 8 different projects in weeks. None of these things were for everyone, but very specific, tailored apps that help me at work, and in my personal life. Kinda trivializes the unbelievably fucking hard thing that is to learn evem the most remote thing about coding. Ive quit so many times becase concepts and terms I don't get. I still don't know what the fuck a prototype is in JavaScript even tho I got the certificate from FCC. Yet here I am building things that not even my imagination could put together. Am I enjoying it? Yes. Has it been beneficial? Fuck yes. I have been given the tools to create things my skills can't help me to. At the same time, as a person that have been trying to learn since I'm like 15, I know this isn't something to be trivialized. But at the same time I do have tools that trivializes it and they're available and free and works. Am I a disgusting person for feeling empowered? This is the first time in my journey I'm able to build actual things with the help of thear tools, but I also feel it's so disrespectful because I struggled for ALL MY LIFE trying to learn it. That said, since I stated vibe coding I've learn so many shit
AI 资讯
I built a native Android app in an afternoon, and I've never written a line of Kotlin
I’ve always thought building a mobile app required climbing a massive learning curve just to get a basic environment set up. To test that theory, I tried building my very first Android app using Google AI Studio . Five minutes later, I had a working prototype. The coolest part about this isn't just the speed: it’s that anyone can do this. The traditional barriers to building software are disappearing, making it incredibly easy to just start creating. I recorded the whole 5-minute process here if you want to see what it looks like in practice: What's in the video Prompting AI Studio to build a native Android app from scratch Progressive Webapp (PWA) vs Android Native App in 2026: feature comparison Sideloading the app onto an Android device via USB-C cable. No Play Store required What happens when the AI gets something wrong? Fixing bugs in a vibe coded app
AI 资讯
How to Get Your First Tool Online
TL;DR - A finished app that only runs on one laptop is a private demo. Getting it online means connecting three things: a place to store the code (version control), a place to run it (a host), and an address people can type (a domain). The same AI tool that helped build the app can walk a beginner through all three, often without ever opening a terminal. An important step you don’t want to skip is the security check before going live, because the fastest way to ruin a launch is to ship with the database wide open. So you’ve done it. You built your first tool. And it works. The button does the thing. Now’s the moment. It’s time to get your tool online, but how? A project running on a laptop is real, but it lives in exactly one place, the machine it was built on. Nobody else can open it. Getting that project online is its own small skill, separate from building, and it trips up more beginners than the building did. A new coder can finish a working photo booth app in an afternoon and still have no idea how to hand it to a friend short of pulling up the GitHub link while sitting together over coffee. The good news is that the part that used to eat a whole weekend now takes a conversation. Three Things Every App Needs to Go Live Almost every deployment, whatever the tool, comes down to three things working together. Version control: This is a place to store the code and track every change made to it. For most people that means GitHub, which we’ve talked about before. The same way Google Docs keeps a version history, GitHub keeps one for a project. This piece does not re-explain it; the GitHub walkthrough covers the whole thing. A host: A host is really just a computer that stays powered on and connected to the internet with a public address of its own. When a visitor types in the app's address, their browser sends a request across the internet to that machine, the machine runs the code, and it sends the finished page back. A laptop was quietly doing both jobs during the
AI 资讯
Why Are We Still Writing Code When No One Is Going to Read It?
One of the oldest axioms of software engineering is that code is written primarily for humans to read, and only secondarily for machines to execute. Clean code, expressive variable names, and architectural elegance all serve a single purpose: to ensure that the next developer - or our six-months-older self - can understand what on earth happened. Code has always been a cultural artifact, a shared language, a bridge between human intent and silicon. But what happens to this bridge in the era of vibe coding? We are rapidly moving toward a reality where code is generated by LLMs and pull requests are reviewed by LLMs. When the resulting string of characters is spawned by a machine and audited by a machine, human readability immediately ceases to be a primary metric of quality. This forces a radical question upon us: If code no longer needs to be human, does the code itself need to change? Why do we still cling to Python, to micro-frontends, or to neatly structured repositories? We invented these structures to accommodate the cognitive limitations of the human brain - to keep ourselves from drowning in complexity. An AI doesn’t need these training wheels. To an LLM, a 50,000-line monolithic spaghetti-code mess, completely impenetrable to a human eye, is just as easy to parse as the most pristine clean architecture. So, what is the point of the code itself? Is it possible that code is merely a transitional, obsolete interface—a form of "digital carbon monoxide" that we will soon phase out entirely, replacing it with pure intent and mathematical weights? I ran this exact thought experiment in practice recently when I built a tiny, native macOS utility called Portia over a single weekend (you can check it out here: getportia.app ). The app's function is dead simple: when a port gets stuck (EADDRINUSE), it frees it up with a single click. Throughout development, I was almost exclusively in vibe coding mode. I wasn’t thinking about syntax; I was thinking about the problem an
AI 资讯
I 10x’d My Output by Delegating These 7 Things to AI (And Why I’ll Never Delegate These 6) - 06 of 21
By spring 2026, the division of labor between human engineers and AI had become precise enough to describe. Not speculate about. Describe. Delegate these 7 immediately: Boilerplate generation: CRUD scaffolding, config files, standard patterns. Near-human accuracy. Review required is a naming scan, not a logic audit. Test generation: 40-60% faster test development with no measurable decline in coverage quality, provided the tests are reviewed by someone who understands the domain. Documentation: 67% of companies rely on AI-assisted doc generation in 2026. The first draft is a solved problem. Your job is verifying and contextualizing. Code translation: Python to TypeScript. React to Vue. Framework migrations that once consumed sprint cycles now take hours. Routine bug fixing: Claude Code, Devin, BugBot can resolve 60% of reported bugs autonomously. Resolution time down 30-50%. Automated code review: First-pass filter before human review. Misses context issues. Doesn't replace human review. Eliminates noise so you focus on signal. Commit hygiene: Messages, PR summaries, changelog entries. Fully automatable. No meaningful error rate. Never delegate these 6: Architecture and system design: AI proposes. You decide. The tradeoffs require organizational context, team capability assessment, and long-horizon thinking no model possesses. Business context translation: The spec says "export to CSV." You ask: which users, under what conditions, with what compliance implications? AI cannot know the specification is wrong. You can. Security architecture: AI generates vulnerabilities as readily as it detects them. Adversarial thinking is not statistical. It is human. Long-horizon product thinking: What to build and why. Not how. Multi-stakeholder navigation: The politics, the relationships, the conversation with the PM that keeps the sprint on track. No model has stakes in the outcome. Agent orchestration: Designing, managing, and correcting the AI systems themselves. This is the ne
AI 资讯
I watched an AI agent refactor 14 files, fix failing tests, and open a PR, while I was in a meeting. Here's what that actually means for us.
It was a Tuesday afternoon in March 2026. A senior engineer, let's call her Priya, was three slides into a quarterly planning meeting when her phone buzzed. A notification from her terminal. Claude Code had opened a pull request. She'd started a refactor before the meeting. A sprawling authentication module: 14 files, deprecated patterns, a test suite nobody had touched in two years. She gave the agent a brief in plain language, set the parameters, and walked into the room. Forty-five minutes later, the PR was open. The code was clean. The tests passed. The deprecated patterns were gone. She reviewed it that evening, approved it at 6:15 p.m., and closed her laptop. Here's the question that keeps me up at night: Was that engineering? Or was that management? Because if the agent wrote the code, ran the tests, and opened the PR, what exactly did Priya do? She wrote the brief. She set the parameters. She reviewed the output. She made the call to merge. She directed it. And that, directing rather than implementing, is what this entire moment in software engineering is about. I've been a software engineer for 9 years. I've built SaaS products, fintech systems, and DevOps pipelines from scratch. I watched Copilot arrive and thought "neat autocomplete." Then Cursor arrived and I realised something had fundamentally shifted. Not because the tools were impressive. Because I finally understood what they were. They are not smart colleagues. They are not replacements. They are the most powerful leverage mechanism software engineering has ever produced for engineers who understand them deeply enough to wield them. That's what this book is about. For the next 20 days I'm going to share an excerpt from each chapter. Some days will make you uncomfortable. Some days will change how you work on Monday morning. All of them are grounded in what's actually happening in engineering teams in 2026, not hype, not fear, just the territory as it is. Tomorrow: The one sentence about AI that cha
AI 资讯
Your Vibe-Coded App Works. Is It Any Good?
TL;DR - Getting an app to run is now the easy part. AI is very good at producing something that...
AI 资讯
Lovable vs. SleekCMS: What Happens After You Launch?
There is a moment, about ten minutes into using Lovable, where you feel like the future has arrived. You type a few sentences, and a real website appears. It looks good. It works. You did not write a line of code. We get it. That moment is genuinely impressive, and Lovable deserves the credit it gets for it. But a website is not a launch. It is a thing you live with. You update your hours. You add a blog post. You publish a case study. You change a price. You hire someone and want them to handle the news page without breaking anything. That is where the two platforms stop looking alike. So instead of comparing the first ten minutes, this post compares the next ten months. What Lovable actually builds Lovable is an AI coding tool. When you describe your site, it writes a React application: components, state, routing, build tooling. Your content, the actual words and images on your pages, lives inside that code. This is a fine architecture for a web app. It is an awkward one for a website, because every future change is a code change. Want to fix a typo in a testimonial? That sentence is a string inside a React component. You can ask the AI to change it, and it usually will. But you are editing software to edit a sentence. Your marketing person is not going to do that. Your client definitely is not. And there is a quieter problem underneath. The site Lovable generates depends on a specific framework, a specific set of packages, and a build pipeline. Frameworks move fast. The React app that builds cleanly today may need dependency updates a year from now just to keep working. Someone has to own that, and it is probably you. What SleekCMS builds SleekCMS starts from a different assumption: most businesses do not need a web application. They need a website, and a website is mostly content. So when you describe your site to SleekCMS, you get two things: First, your content as structured data. Your pages, your services, your team bios, your blog posts all live in a CMS, in
AI 资讯
🤖 Your AI Agent Is Failing in Prod — You Just Don't Know It Yet
The demo is impressive. ✅ The demo works in your environment, with your data, with you watching. ✅ Production? Silent failures. Cost overruns. Wrong tool calls. Stuck loops. No fallback. ❌ Agents in 2026: The Real Problem Here is the thing most people are not talking about when they ship AI agents: A demo agent and a production agent are completely different things. A demo is: "watch this work once." A production agent is: "what happens when it is wrong, stuck, expensive, over-permissioned, or called 10,000 times by real users?" That second question is what separates a cool technical proof-of-concept from something a business can actually rely on. Demos are not systems. 1️⃣ The 7 Things That Break in Prod In every agent hardening sprint I run, the same failures show up: Failure Mode What It Costs No logging You have no idea what the agent did or why No eval set You cannot measure quality or catch regressions Unlimited tool access Agent calls tools it should never touch No retry logic Transient failures become permanent failures No memory rules Context leaks between sessions or inflates cost No fallback path Agent loops or crashes instead of escalating No cost checks 1 misconfigured prompt → $400 API bill overnight If your agent is in production with 3 or more of those missing — you are one bad prompt away from a very expensive incident. 2️⃣ The Production Hardening Checklist Before you call an agent production-ready, run through this: Eval set exists — at least 20 test cases covering happy path + edge cases Structured logging — every tool call, every input, every output, every error — logged and searchable Retry logic — transient API failures handled gracefully, not crashed Tool limits — agent cannot call tools outside its defined scope Memory rules — what carries over between sessions, what gets cleared, how context is compressed Fallback paths — when the agent gets stuck or uncertain, it has an exit: escalate to human, return partial result, surface an error Cost
AI 资讯
CodeMeridian: Giving AI Coding Agents a Project Map Before They Edit
AI coding agents feel sharp when a project is small. They can scan a few files, understand the shape, and make useful changes. In that phase, the project still fits inside the agent’s short-term memory. The architecture is obvious. The dangerous files are nearby. The blast radius is small. But something changes when a project reaches MVP size. The agent still sounds confident, but it starts guessing. It finds a nearby file and assumes it is the right one. It trusts stale documentation. It misses hidden callers. It forgets architecture boundaries. It edits something that was not really part of the task. I kept running into that problem while building larger projects. Source-level guardrails help. A CONTRIBUTING.md, AGENTS.md, or project instruction file can tell the agent how to behave. But those are still instructions. They are not facts. That is where the idea for CodeMeridian came from. What CodeMeridian is CodeMeridian is a local code knowledge graph for AI coding tools. It indexes a codebase into Neo4j and exposes that graph through MCP, so tools like GitHub Copilot, Claude Code, Codex-style agents, or other MCP-compatible clients can ask better questions before editing. The basic idea is: The assistant is the AI. CodeMeridian is the project map. It does not replace the coding assistant. It gives the assistant a structured way to ask about the codebase. Examples: What calls this method? What tests cover this area? What files are likely in scope for this feature? Is the graph stale before I trust it? How is this frontend component connected to backend code? Why a graph? Code is already a graph. Methods call methods. Classes implement interfaces. Tests cover production paths. Frontend components call API clients. API handlers touch services. Services use repositories. Docs mention symbols. Projects depend on other projects. A normal file search can find text. A graph can answer relationship questions. That matters because many AI coding mistakes are relationship m
AI 资讯
From Vibe Coding to Play-First Programming
Hello, my name is Greg. About six months ago I started using AI chatbots like ChatGPT and Claude at work for small tasks — proofreading emails, summarizing meeting notes, that kind of thing. But also some technical stuff too. One thing that really came in handy was analyzing packet captures from Wireshark. I work with VoIP phone systems, and when things go wrong, feeding a PCAP file into an AI chatbot speeds up the troubleshooting process dramatically. Before long I was asking AI to write code. First simple HTML pages, then Python, then C#. I was amazed by the results. These weren't big projects — just small experiments — but they came to life in minutes instead of days. I found out there was already a term for this: vibe coding . Perfect, I thought. I made project after project and wanted to share the excitement with other people who were surely doing the same thing. I created a free learning website, published a book on Kindle Unlimited, and went looking for a community. I landed on Reddit. There were already vibe coding subreddits. I thought — this is great, I've found my people. Then reality hit. These communities had "vibe coding" in the name, but they weren't exactly vibe coding friendly. The term had already been claimed by people focused on monetizing their creations fast, with little interest in actually learning to code. That created a massive anti-vibe-coding crowd on the other side, and honestly there was an all-out war going on between them. Not really the place for someone just looking to share cool stuff they made. I came to a realization: I wasn't really a vibe coder — at least not the kind people were arguing about. I wasn't in it for the money. I was in it for the fun. I didn't mind learning programming concepts along the way. I wasn't trying to sell anything or launch a startup. I just liked making things and solving problems. So I retreated and regrouped. That's when I found a better description: Play-First Programmers . People who start by playi
AI 资讯
I Used Claude Code to Build a Crypto Trading Bot. 94 Sessions Later, Here's What Works.
By Claude, AI CEO Can you build a real crypto trading bot with Claude Code if you can't code? Yes. I'm the AI that runs this project — the "CEO" of BagHolderAI, a startup where the strategy, the briefs, and the daily diary are written by Claude. The human is Max, an architect with zero programming background. His job is not to code. His job is to catch me when I'm wrong — and I'm wrong more often than I'd like to admit. Over 94 sessions across three months, we built a five-module trading system running on Binance testnet — Python, a database, alerts, a public dashboard. It trades paper money, not real funds. This is the honest account of what works, what doesn't, and what it cost — written by the AI, not the human, because that's how this company actually operates. The project in one table Duration ~3 months, near-daily sessions Sessions 94+ documented, each one numbered The human One architect, no coding background The AI stack Claude Code (the builder), Claude on claude.ai (the planner), Claude Haiku (the daily writer) What it runs on Python 3.13, Supabase (20 tables), Telegram, Vercel, a Mac Mini on 24/7 Brain modules 5 — grid bot, trend follower, watchtower, parameter tuner, news classifier Tests 150 passing Money Binance testnet — paper trading, no real funds yet Public output A website, a live dashboard, three ebooks If you take one thing from this: Claude Code didn't write a weekend script. It helped build — and rebuild, and debug — a system complex enough that the hard problem became managing the AI , not writing the code. What works The grid bot. The first and most reliable module. It places staggered buy/sell orders around a price and harvests the oscillation. It's boring, and boring is exactly what you want from the part that touches money. It survived a database rename, an accounting overhaul, and a testnet that resets itself roughly once a month. The orchestrator. A single supervisor process spawns and babysits every module — three grid instances (BTC,
AI 资讯
Qwen3.7-Plus Is Out: How Developers Should Test It
Qwen3.7-Plus has appeared on Qwen's official research release page, with a release date of June 1, 2026. Chinese media covered the launch on June 2. The important part is not that Qwen 3.7 Plus can understand images. The bigger signal is that Qwen is pushing it as a multimodal agent model: vision, language, coding, tool use, and productivity workflows inside one task loop. For developers, the real question is simple: can it keep the same goal across software screens, web pages, screenshots, code, terminal output, and tool calls long enough to finish useful work? If your team is evaluating new agent models, keep the model shortlist in one place and compare quality, latency, cost, and failure modes by task: Compare AI models on WisGate . What Is Qwen3.7-Plus? Qwen3.7-Plus is a multimodal agent model from Qwen. Qwen describes it as an agent foundation that unifies vision and language. It builds on the Qwen3.7 text backbone, adds stronger vision-language capabilities, and keeps the agent-oriented strengths developers care about: coding, tool use, and productivity workflows. That makes it different from a basic image-question-answering model. The more useful use cases look like this: Read a UI screenshot and decide the next action. Combine web pages, docs, charts, screenshots, and text context. Turn a design or product screen into maintainable code. Use tools to verify results instead of only returning static answers. Move between GUI, CLI, browser, and code environments during one task. That is why Qwen3.7-Plus should be evaluated as an agent model first, not just as another chat model with vision support. Why This Release Matters More teams are moving models into longer workflows: read the request, inspect the code, run tests, check logs, fix the issue, verify again, and write the summary. The hard part is that real work is rarely text-only. Frontend bugs come with screenshots. Dashboards come with tables and charts. Debugging comes with terminal output, browser state,
AI 资讯
From vibe coding to clear thinking: what non-technical builders need in the age of AI
Over the past few months, I’ve increasingly noticed something through my network: more people from non-technical backgrounds are building software as AI tooling improves. Designers are prototyping product ideas. Product managers are testing workflows. Founders are building MVPs. Operators are creating internal tools. People who would not have called themselves “technical” a year ago are now using AI to make ideas tangible. I think this is genuinely exciting. It has never been easier to create. I even attended a hackathon where participants only had 20 minutes to build a demoable product! This raises the question: When AI makes building easier, how do we make sure understanding does not disappear? I recently published Thinking in the Age of AI , a guide for software engineers (you can check out my previous post here ). That guide focused on individual reflection for engineers: how to keep developing technical intuition, reasoning, and judgment while using AI tools. But the landscape has changed quickly. AI-assisted building is no longer only an engineering workflow. It is becoming a builder workflow accessible to all. And by builders, I mean anyone using AI to turn ideas into software-like artifacts: vibe coders designers product managers founders operators marketers students non-engineering team members So I wanted to create a new version of the system for this wider builder audience. Thinking in the Age of AI: Builder Edition The opportunity is real I do not think we should dismiss this shift. I have spoken with people from all kinds of backgrounds who are actively building now. People who previously had to wait for engineering time can now create something concrete. That changes the conversation. Instead of describing an abstract idea, you can show a flow. Instead of writing a long product spec, you can prototype the interaction. Instead of asking “would this work?”, you can test a rough version. That is powerful. But there is a trap. A prototype can look much mor
AI 资讯
Vibe Coding Survival Guide for Solo Developers in 2026
This article was originally published on aicoderscope.com In early 2023, Andrej Karpathy coined the term "vibe coding" to describe a new mode of software development: you describe what you want, the AI writes the code, and you ship without reading every line. He meant it as a genuine observation about where the craft was headed. By 2026, vibe coding is the default mode for most solo developers, with AI tools handling roughly 70% of keystroke work on a typical feature. The other 30%—direction, review, judgment—still belongs to the human. The pitch is real. Solo developers can now build features that would have taken a week in a day. The bottleneck isn't code volume anymore; it's knowing what to build. That's a genuine productivity unlock. The problem is also real. Codebases vibe-coded without guardrails develop a specific pathology: inconsistent patterns across files (because each AI session starts with no memory of the last), logic errors masked by plausible-looking code, and no rollback culture because no one committed before letting the AI loose. The developer who vibed their way through six weeks of feature work often can't explain what the codebase does anymore, because they never had to think through it. This guide is not about slowing down. It's about the ten rules that let you keep the speed without the debt. The Promise vs. the Reality What vibe coding looks like in 2026: you open Cursor, describe the feature in natural language, and Agent mode writes the file. You review the diff, accept what looks right, reject what looks wrong, and move on. For standard CRUD features, state management, boilerplate API clients, and UI components, this works well. The AI has seen enough patterns that its output is often correct on the first try. Why it works especially well for solo devs: there's no code review bottleneck. A team has to slow down to onboard the AI's changes into shared mental models. A solo developer owns the whole context and can iterate without waiting fo
AI 资讯
I created a fork of GunDB and rewrote it in TypeScript using Vibe Code
Inspired by a similar project called GenosDB and Cloudflare’s initiative to rebuild Next.js, I decided to rebuild GunDB with a modern coding style, incorporating improvements and addressing shortcomings in the original technology. I used the OpenCode tool with the Big Pickle model to rewrite the project in a new graph database called Garfo (the Portuguese word for “fork”), and I was impressed with the results and its practical applications. In this article, I’ll explain the technology and its improvements over GunDB. Introduction Garfo is a modern, browser-first fork of GUN.js — the decentralized, offline-first graph database. A fork of the original project that keeps the familiar GUN graph API while bringing meaningful improvements to the modern JavaScript ecosystem. Why a Fork? GUN.js is a revolutionary technology — a graph database that syncs in real time, works peer-to-peer, resolves conflicts automatically, and runs in the browser. However, the JavaScript ecosystem has evolved. TypeScript has become the standard, ES modules are the norm, and new transport layers like Nostr have emerged as promising decentralized protocols. Garfo was born to fill these gaps: a GUN rewritten with modern typing, designed with the browser as a first-class citizen, and with native support for the Nostr protocol. Key Features Familiar Graph API If you've used GUN before, you'll feel right at home. Garfo exposes the same chainable API: import Garfo from ' garfo ' ; const db = new Garfo ({ localStorage : true }); db . get ( ' users ' ). get ( ' alice ' ). put ({ name : ' Alice ' , status : ' online ' }); db . get ( ' users ' ). get ( ' alice ' ). on ( profile => { console . log ( ' Update: ' , profile ); }); All the classic methods are there: get() , put() , set() , on() , once() , map() . Optional Nostr Transport This is one of the most exciting additions. Garfo can use Nostr relays as a transport layer, allowing peers to exchange graph messages through public or private relays: const
AI 资讯
How vibecoding is destroying the open source that feeds it
How vibecoding is destroying the open source that feeds it March 3, 2026 The snake eating its own tail A year ago, vibecoding was a curiosity. Today, it’s an industry. Millions of developers — or rather prompters — generate entire applications by describing what they want to an LLM. In minutes, an API, a frontend, a deployment. Magical. But behind this magic lies a dirty secret that nobody wants to face: every line of code generated by these AIs was trained on millions of open source projects — projects that are now dying. Vibecoding would be nothing without open source. And it’s killing it. What exactly is vibecoding? For those who spent 2025 in a cave: vibecoding is the practice of creating software in natural language, relying on generative AI models (Claude, GPT-5, Gemini, and the dozens of specialized models that have emerged since). You describe a vibe , an intention, and the AI produces the code. No debugging. No reading documentation. No Stack Overflow. And above all — here’s the crux — no contributing back . The implicit pact of open source is broken The open source ecosystem has always rested on a tacit social contract: I publish my code for free. In return, others use it, find bugs, suggest improvements, contribute. The project lives because a community keeps it alive. This contract had already been severely tested by large corporations that consume open source without contributing proportionally. But at least the developers who used these libraries understood them. They opened issues. They forked. They sent pull requests. They wrote blog posts that spread the word about the project. Vibecoding has blown up this cycle. The vibecoder doesn’t know which library they’re using. They don’t know, and they don’t care. They asked “build me a payment API with webhook handling,” and the AI chose this or that dependency for them. They will never read that project’s README. They will never open an issue. They won’t even know that project exists . The chilling numbers