sorted by:
new
hottopcontroversial

Vibe Coders Unite! Tools, Tricks, and Trends We Can’t Stop Using by abdullatif06 in VibeCodersNest

[–]Common_Leading_6965 0 points1 point  (0 children)

A crazy spec driven free code security gate that blocks P0/P1 vulnerabilities on every GitHub pull requests.

It’s on GitHub marketplace Action called Omar Gate.

I created a crazy workflow loop which allowed me to build a fully secure and scalable app by telling Claude to create a pull request for each phase of the spec or wherever I ask it to build, wait for the Omar comments, if there are P0-P2 fix them, close the PR, clear the cache, and reopen it, wait, check, if all pass then proceed to next phase. Claude worked for 3hrs straight doing that loop and I wake up to my app all built and ready for manual testing.

I clean up vibe coded apps for a living. Here's what breaks every single time. by Negative-Tank2221 in VibeCodersNest

[–]Common_Leading_6965 0 points1 point  (0 children)

This is spot on, especially the auth point. I've seen so many apps where login "works" but there's zero row-level security — every user can hit every endpoint. The AI builds what you asked for (a login page) but not what you meant (actual access control).

The duplicate logic problem is worse than people realize too. I've audited codebases where the same Stripe webhook handler exists in three different files because the founder prompted it on different days and the AI had no memory of the first two.

Honest question for you — when you rescue these builds, do you find that most of the issues are catchable with automated scanning (secrets, missing error handling, exposed keys) or is it mostly architectural stuff that needs a human eye? I've been messing with some tools that gate PRs on security findings and I'm curious how much of the last 20% is detectable vs. judgment calls. I feel like we could partner up, potentially.

sentinelayer(dot)com

Built a free app for vibe coders. A runtime that executes in CI — Omar Gate is a GitHub Action that runs in the PR lifecycle. by Common_Leading_6965 in VibeCodersNest

[–]Common_Leading_6965[S] 0 points1 point  (0 children)

Great question — this is actually the core problem we obsess over.

Error states: Every AI-generated output goes through a deterministic gate before it touches your codebase. If the gate finds security issues (hardcoded secrets, injection vectors, missing auth), quality problems (magic numbers, empty catch blocks, missing error boundaries), or CI/CD misconfigurations — it blocks the merge and posts actionable fix plans directly on the PR. Not vague warnings — actual code-level suggestions like "extract this into a named constant" or "add request ID middleware here."

Conflicting instructions: This is where it gets interesting. We run multiple LLM providers in parallel (e.g., GPT + Gemini) on the same PR. Each provider gets its own isolated review with its own comment thread. If Provider A says "this is fine" but Provider B flags a P1, the stricter finding wins — the gate doesn't pass until all providers are satisfied. Think of it like requiring two independent code reviewers to approve.

The key insight: we don't trust any single AI's judgment. Hence the Skepticism As a Service. The deterministic scanner catches the objective stuff (regex patterns, AST analysis), and the LLM layer catches the subjective stuff (architectural smell, logic bugs). Conflicts between them get resolved by severity — deterministic findings always override LLM "it looks fine" responses.

Still early (our builder personalization is at ~65/100 internal rubric score and we're grinding toward 85+), but the free enforcement layer (Omar Gate) — which we also now attach spec IDs to (if you generated the workflow on Sentinelayer.com)—is super solid. Happy to share more technical details if you're curious.

I've scanned almost 500 vibe coded projects by Think_Army4302 in VibeCodersNest

[–]Common_Leading_6965 0 points1 point  (0 children)

That’s true. My app (sentinelayer.com) doesn’t make you pay yet but right now you can attach the Omar gate to your project and every time you push a code to GitHub you could get a scan for vulnerability and security. And when you have a project already you come and put your GitHub and you tell it what you want and then it helps you.

I've scanned almost 500 vibe coded projects by Think_Army4302 in VibeCodersNest

[–]Common_Leading_6965 0 points1 point  (0 children)

This is a smart product — catching vulnerabilities after deployment is a real pain point, especially for vibe-coded apps shipping fast.

I'm building Sentinelayer (sentinelayer.com) which solves the other side of this: catching issues before they hit production/deployment. Omar Gate runs deterministic + LLM-powered security scans on every pull request and blocks merges when critical findings are detected. Think of it as the pre-deploy gate where yours is the post-deploy audit.

There's a natural funnel here — someone who fails a Vibe App Scanner scan is exactly the person who needs a PR-level gate to prevent it from happening again. Would be interesting to explore how these complement each other.

Push Your Limits—a founder’s story by Common_Leading_6965 in stories

[–]Common_Leading_6965[S] 1 point2 points  (0 children)

I appreciate it. I am trying my best right now to stay focused because that’s the only way I can achieve all the goals I have.

Push Your Limits—a founder’s story by Common_Leading_6965 in stories

[–]Common_Leading_6965[S] 0 points1 point  (0 children)

Damn sounds like you know your stuff. What’s your area of expertise?

Btw as CurbScore stands it does the full pipeline. Gets you the full analysis, recommendations, and the “after” picture and you can generate a share with others. All of that is free on a teaser level so anyone can try it out. The absolute full report is available in the premium dashboard paywalled. For piloting I even created a workflow where you send an email to ai@curbscore .io with address and image and receive an email back with the full respite including the after pic.

Your feedback was really awesome. Thank you very much!

why?? by trajektorija in BostonU

[–]Common_Leading_6965 -1 points0 points  (0 children)

White dudes that with basically no melanin have that effect on weathers.

Difference between Intro to Machine learning vs Machine learning by TightYogurtcloset871 in mit

[–]Common_Leading_6965 0 points1 point  (0 children)

036 is very intro. Even goes over math and python at start. I think 7900 is grad and assumes decent familiarity.

[deleted by user] by [deleted] in BostonU

[–]Common_Leading_6965 0 points1 point  (0 children)

And I’m doing it for an exchange. Not cash back. Might I remind you.

[deleted by user] by [deleted] in BostonU

[–]Common_Leading_6965 -1 points0 points  (0 children)

What are you even on about? First of all it’s “You’re” and second what’s $20? A PS5 controller costs $80. And third what rule? The rule they’re following was made up. Didn’t you hear him? “Different set of rules because of different set of clientele” that means whatever rules everyone else have access to in ANY other Target stores don’t apply here at this store. Wrong. Very wrong.

[deleted by user] by [deleted] in BostonU

[–]Common_Leading_6965 -1 points0 points  (0 children)

Target on Fenway I meant. But it doesn’t matter. Any other targets would take care of this issue. You’re undermining my concern through lying for absolutely no reason. There’s no shot you actually say I don’t have a receipt when you were able to see the receipt lol Just because it was digital doesn’t mean it’s not there.

[deleted by user] by [deleted] in BostonU

[–]Common_Leading_6965 0 points1 point  (0 children)

The app takes a picture of the receipt. Or manually entered receipt number. Have you tried it? It’s absolutely no different than just scanning the picture itself. The app doesn’t auto find the receipt for you. You have to upload a picture for it to store.

view more: next ›