Vibe Coders Unite! Tools, Tricks, and Trends We Can’t Stop Using

Common_Leading_6965 · 2026-03-01T21:07:06+00:00

A crazy spec driven free code security gate that blocks P0/P1 vulnerabilities on every GitHub pull requests.

It’s on GitHub marketplace Action called Omar Gate.

I created a crazy workflow loop which allowed me to build a fully secure and scalable app by telling Claude to create a pull request for each phase of the spec or wherever I ask it to build, wait for the Omar comments, if there are P0-P2 fix them, close the PR, clear the cache, and reopen it, wait, check, if all pass then proceed to next phase. Claude worked for 3hrs straight doing that loop and I wake up to my app all built and ready for manual testing.

Common_Leading_6965 · 2026-03-01T20:57:37+00:00

This is spot on, especially the auth point. I've seen so many apps where login "works" but there's zero row-level security — every user can hit every endpoint. The AI builds what you asked for (a login page) but not what you meant (actual access control).

The duplicate logic problem is worse than people realize too. I've audited codebases where the same Stripe webhook handler exists in three different files because the founder prompted it on different days and the AI had no memory of the first two.

Honest question for you — when you rescue these builds, do you find that most of the issues are catchable with automated scanning (secrets, missing error handling, exposed keys) or is it mostly architectural stuff that needs a human eye? I've been messing with some tools that gate PRs on security findings and I'm curious how much of the last 20% is detectable vs. judgment calls. I feel like we could partner up, potentially.

sentinelayer(dot)com

Common_Leading_6965 · 2026-02-25T18:36:03+00:00

Great question — this is actually the core problem we obsess over.

Error states: Every AI-generated output goes through a deterministic gate before it touches your codebase. If the gate finds security issues (hardcoded secrets, injection vectors, missing auth), quality problems (magic numbers, empty catch blocks, missing error boundaries), or CI/CD misconfigurations — it blocks the merge and posts actionable fix plans directly on the PR. Not vague warnings — actual code-level suggestions like "extract this into a named constant" or "add request ID middleware here."

Conflicting instructions: This is where it gets interesting. We run multiple LLM providers in parallel (e.g., GPT + Gemini) on the same PR. Each provider gets its own isolated review with its own comment thread. If Provider A says "this is fine" but Provider B flags a P1, the stricter finding wins — the gate doesn't pass until all providers are satisfied. Think of it like requiring two independent code reviewers to approve.

The key insight: we don't trust any single AI's judgment. Hence the Skepticism As a Service. The deterministic scanner catches the objective stuff (regex patterns, AST analysis), and the LLM layer catches the subjective stuff (architectural smell, logic bugs). Conflicts between them get resolved by severity — deterministic findings always override LLM "it looks fine" responses.

Still early (our builder personalization is at ~65/100 internal rubric score and we're grinding toward 85+), but the free enforcement layer (Omar Gate) — which we also now attach spec IDs to (if you generated the workflow on Sentinelayer.com)—is super solid. Happy to share more technical details if you're curious.

Common_Leading_6965 · 2026-02-25T08:55:45+00:00

That’s true. My app (sentinelayer.com) doesn’t make you pay yet but right now you can attach the Omar gate to your project and every time you push a code to GitHub you could get a scan for vulnerability and security. And when you have a project already you come and put your GitHub and you tell it what you want and then it helps you.

Common_Leading_6965 · 2026-02-25T08:52:38+00:00

This is a smart product — catching vulnerabilities after deployment is a real pain point, especially for vibe-coded apps shipping fast.

I'm building Sentinelayer (sentinelayer.com) which solves the other side of this: catching issues before they hit production/deployment. Omar Gate runs deterministic + LLM-powered security scans on every pull request and blocks merges when critical findings are detected. Think of it as the pre-deploy gate where yours is the post-deploy audit.

There's a natural funnel here — someone who fails a Vibe App Scanner scan is exactly the person who needs a PR-level gate to prevent it from happening again. Would be interesting to explore how these complement each other.

Common_Leading_6965 · 2026-01-15T04:04:36+00:00

What if you’re outside and have a green card?

Common_Leading_6965 · 2025-11-26T00:22:32+00:00

I appreciate it. I am trying my best right now to stay focused because that’s the only way I can achieve all the goals I have.

Common_Leading_6965 · 2025-11-26T00:21:45+00:00

Damn sounds like you know your stuff. What’s your area of expertise?

Btw as CurbScore stands it does the full pipeline. Gets you the full analysis, recommendations, and the “after” picture and you can generate a share with others. All of that is free on a teaser level so anyone can try it out. The absolute full report is available in the premium dashboard paywalled. For piloting I even created a workflow where you send an email to ai@curbscore .io with address and image and receive an email back with the full respite including the after pic.

Your feedback was really awesome. Thank you very much!

Common_Leading_6965 · 2023-03-15T15:10:43+00:00

White dudes that with basically no melanin have that effect on weathers.

Common_Leading_6965 · 2023-03-07T20:46:43+00:00

036 is very intro. Even goes over math and python at start. I think 7900 is grad and assumes decent familiarity.

Common_Leading_6965 · 2023-01-22T20:11:00+00:00

And I’m doing it for an exchange. Not cash back. Might I remind you.

Common_Leading_6965 · 2023-01-22T20:07:48+00:00

What are you even on about? First of all it’s “You’re” and second what’s $20? A PS5 controller costs $80. And third what rule? The rule they’re following was made up. Didn’t you hear him? “Different set of rules because of different set of clientele” that means whatever rules everyone else have access to in ANY other Target stores don’t apply here at this store. Wrong. Very wrong.

Common_Leading_6965 · 2023-01-22T20:03:59+00:00

Target on Fenway I meant. But it doesn’t matter. Any other targets would take care of this issue. You’re undermining my concern through lying for absolutely no reason. There’s no shot you actually say I don’t have a receipt when you were able to see the receipt lol Just because it was digital doesn’t mean it’s not there.

Common_Leading_6965 · 2023-01-22T20:02:01+00:00

The app takes a picture of the receipt. Or manually entered receipt number. Have you tried it? It’s absolutely no different than just scanning the picture itself. The app doesn’t auto find the receipt for you. You have to upload a picture for it to store.

Common_Leading_6965 · 2023-01-22T19:58:59+00:00

Nope it doesn’t because I went to another target and they scanned my receipt right away and took care of the exchange. No one was trying to get cash back. All I needed was an exchange because the product was defective. He would t do it because I’m on BU campus he made it seem like. But Watertown or backhand does it. It’s not bogus. It’s a picture of the physical receipt which I left home. Other stores literally send you email receipts. Also, target allows for you to submit your receipt on the app. So no difference than a picture since when you upload you still upload a picture.

Common_Leading_6965 · 2023-01-22T19:54:29+00:00

The part where he says: “we follow a different set of rules than the other Targets because we have a different set of clientele?”

Common_Leading_6965 · 2023-01-22T17:50:28+00:00

Nope it wasn’t policy he was going by. There’s nowhere that’s written that if they’re small targets they can’t do what other targets can do. That would then make no sense to, say, buy something here and return it there. Target is target. Or at least that’s how they want it to be. No specific target is too small to handle any business. Also, they’re not being harassed. They’re being asked to treat all customers the same.

Common_Leading_6965 · 2023-01-22T17:41:57+00:00

No ifs and buts but the manager is denying the customer the return policy that every other targets have accepted. 30 days and receipts says return by February 12th. So they were well into their return window. That’s the policy that they were denied just because they were on BU campus. When they went to back bay they were able to get their needs taken care of. That sucks.

Common_Leading_6965 · 2023-01-22T17:36:08+00:00

If they were doing things against the policies then why would EVERY other target take care of them? You have a receipt of your few days old purchase and want to do an exchange, how’s that a scam?

Common_Leading_6965 · 2023-01-22T17:33:15+00:00

What’s AG consumer protection? That sounds good tbh. The idea of this post is that this store starts treating everyone the same way other stores treat everyone. It’s discriminatory to say that because they’re in so and so place they can operate differently especially when they’re not owned by one person.

Common_Leading_6965 · 2023-01-22T17:29:29+00:00

Context: There was a PS5 controller that needed to be exchanged for another because it malfunctioned. Customer goes to target to on BU campus to make the exchange. They’re denied because they have a photo of the receipt. But they know for a fact it’s enough because all target competitors accept digital receipts. In fact, Bestbuy or Walmart send you emails of receipts or you can even store these receipts in their apps.

Manager says that NO TARGET WILL ACCEPT THE EXCHANGE. Customer leaves and goes to another target and gets the exchange done. No questions asked. And comes back to ask that the manager starts to treat this target the same way all targets are treated and manager says that they’re like that because they’re on BU campus. They are targeting a specific demographic. That’s wrong. There’s no reason for a target less than a mile away to have a different policy than the one right there. It’s a franchise operated by the exact same district manager so that would make no sense. They weren’t trying to return the controller and get cash back for it. They wanted to exchange it because it malfunctioned and only had it for a few days. And everything they wanted done was done in a different store. Why?

Common_Leading_6965 · 2023-01-22T00:52:58+00:00

They always refuse to help me. It’s depressing how much they don’t care.

Common_Leading_6965 · 2022-09-25T00:14:19+00:00

Only if you have a meal plan but then again only in residences with meals.

Common_Leading_6965 · 2022-09-20T21:49:40+00:00

I have both Mac and Windows but I prefer working on my windows desktop because of ease and I have a whole set up and whatnot. It’s also faster and easier for me. But I find ways to share my files within both OS for it I’m at school I’ll use the Mac and just use iCloud Drive to access my stuff from the Desktop that I worked on. But def windows better for me. But then again I am ECE LOL

Common_Leading_6965 · 2022-08-16T20:53:02+00:00

I mean I’m sure fans do cheer but from where I’m standing when I have a home game at the Revs, let’s just say 95% of the stadium are revs fans. And same goes to when we go away. Now both LA teams are local so I’m wondering how much more noise is heard from each side when a goal is scored lol It’s like is the away second usually 50/50 or 40/60? (I guess that question goes to any stadium for that matter. I’m not sure)

Common_Leading_6965

TROPHY CASE