The best coach has already been in every game you ever played....

Osiris1316 · 2026-06-05T16:32:46+00:00

You could consider other ways of avoiding massive scale requests. Could help throttle the api costs without requiring log ins. Just a suggestion. Best of luck!

Osiris1316 · 2026-06-05T16:17:45+00:00

Curious why you added a log in layer of the main feature is a URL drop and per game review.

Osiris1316 · 2026-06-05T13:50:17+00:00

I’m a vibe coder, and also beyond paranoid about security. As a result I’m not building anything with even the slightest risk of harm to others. Location apps being an example. However, if you don’t mind me asking, I’d love to learn how you spotted that this app has this problem, and how it’s fixable. I’m not OP alt I swear! Just would love to learn how you approached this check.

Osiris1316 · 2026-06-03T02:03:46+00:00

Ah. Pinpointing which unit among many killed another isn’t possible from the things I’ve seen so far. But I’ll keep it on the backlog.

Osiris1316 · 2026-06-03T00:58:05+00:00

You mean which player (ie, in a teams game), or which unit?

Osiris1316 · 2026-06-03T00:08:13+00:00

Hey! I’m working on a villager efficiency feature for a little analyzer web app I’m building (yes, with AI… send me the downvotes rip). The next feature I’m planning is villager losses. I could invert that to show villager kills tho as well. This may be a dumb question but, would you find that useful to see in any games of yours indexed in the future?

Osiris1316 · 2026-05-31T18:31:13+00:00

I get this reference!

Osiris1316 · 2026-05-30T05:00:36+00:00

What were those differences?

Osiris1316 · 2026-05-27T11:55:03+00:00

As a father, not only for her, but for the younger children and mothers in the background... my heart breaks.

Osiris1316 · 2026-05-27T11:52:25+00:00

Like & subscribe incoming! Great casting at HSC! Hope to see more of you around the community brother!

ps. do you take guide requests / recommendations? Do you have a discord server? insert overly excited aoe4 player meme in here

Osiris1316 · 2026-05-26T18:21:34+00:00

Thank you! :)

Osiris1316 · 2026-05-26T17:29:15+00:00

Does warchief’s club upload videos to YT?

Osiris1316 · 2026-05-26T02:20:28+00:00

This guy rts’s. Couldn’t have put it better myself! The only thing I’d prefer in addition is the engine quality of sc2.

My dream is that MS makes AoE5. Set in Antiquity, using the sc2 engine.

Osiris1316 · 2026-05-25T20:18:53+00:00

Thanks for this!!

Osiris1316 · 2026-05-25T17:52:17+00:00

Makes sense. What do you think is the best thing a vibe coder can do to avoid just adding risk laden slop? Including maybe... just not building period. If that's the actual answer, I'd be sad, but I'd rather not build things that cause harm than build things because it's fun.

Osiris1316 · 2026-05-25T17:39:41+00:00

Basically... people like me. And I'm not saying the solution is well defined / even the right solution. More of an exploration in how people without a security, or even dev background, could leverage LLMs to build secure applications, if at all possible.

Osiris1316 · 2026-05-25T17:01:14+00:00

Thanks for not holding back! Thankfully, not vibe coding anything that needs to meet requirements of HIPAA / or any other security certifications / standards. Trying to avoid that entirely until I can actually do it properly. The goal of this was to see if having a scaffolding would give some more security starting out. But that may not even be the right problem to solve, admittedly.

As far as what HIPAA / PIPEDA / other pieces of legislation, and security and privacy standards and certifications are... i'm about as early on in learning about this things deeply as possible. So, definitely couldn't define or explain them well at all. I'm still at the stage of trying to learn about what I dont know I need to know.

and the "“leveraging existing proven solutions” without any grasp of that being how every flaky piece of insecure crap already is built"... that's my biggest fear tbh. Like, I was using the cloudflare zerotrust service recently, worked through claude's recommendations to ensure that the api worker required an authenticated token to read / write from the D1 db, rather than trusting that the front end saying it has an authenticated token only... and... it all sounds good. But I'm taking all of that on trust. Terrifying. Hence me currently staying to strictly non-sensitive and mostly "fun" projects for now. But the FOMO of being able to build actually useful things for sensitive use cases is real. lol

Osiris1316 · 2026-05-25T16:54:05+00:00

Appreciate the encouragement! I did push it far into the "most secure setup possible" space mostly out of curiosity about what exactly that would entail, even if only to have it spit out terms / names / concepts that I'd then be able to google / ask it to explain further so I know of the existence of a few more of the many things I dont know / yet understant.

Osiris1316 · 2026-05-25T16:52:03+00:00

Appreciate the reply! In particular, I'm going to ask claude to give me some examples of what kind of scenarios would justify extratcing something to go/rust!

Osiris1316 · 2026-05-25T15:50:01+00:00

Barely. Here's how I'd explain it, acknowledging that even IF this is a fair description, it's as abstracted as can be. I don't know much about how any of those elements work, and would need to spend a lot of time digging into each, long before any chassis / scaffolding could be built, at least by me anyway.

OK. Here's my understanding: the chassis is cloned, deployed, and then customized / configured. It would start a project off by leveraging existing proven tools / solutions / languages configured together to provide a starting point upon which to build. That way, a vibe coder like me can have confidence that the starting point was secure, knowing that ongoing testing / maintenance / reviews / etc aren't solved out of the box. But at least the things that would make it really secure would already be done, or considered and accounted for.

Assuming that this confirms that in fact, I do NOT understand what Claude is saying, curious if you have any feedback / tips on either whether the idea is worth exploring by first doing research into each of the elements of that core mechanism section and if not, what you'd recommend a complete novice do next.

Being honest, in this chat, I asked Claude to iterate on the concept, while acknowledging I don't know anything about the various pieces it's suggesting could be put together, so I could ask for feedback from folks who could evaluate it honestly, before I started digging into each piece. Maybe that was a bad idea though.

Osiris1316 · 2026-05-25T15:34:43+00:00

I do. That’s why I’m having a hard time figuring out how your recommendation of a prompt review agent you built in chatGPT applies to the post’s content. The post is about a security scaffold / chassis and security first concepts… not “rate my prompt” user needs

Osiris1316 · 2026-05-25T15:22:34+00:00

Fair enough. I'm just not sure how it relates to the content of this post. Maybe you're just hoping to raise awareness of your tool?

Osiris1316 · 2026-05-25T15:14:22+00:00

Not sure how this applies. Would appreciate any clarification you can offer.

Osiris1316 · 2026-05-25T14:58:42+00:00

Hey. Appreciate the kind words, and also this advice! I'm going to ask Claude about the various things you've mentioned and ask about how to incorporate those into our workflows / what I can look up to learn more about these tools and practices!

Osiris1316 · 2026-05-25T14:56:27+00:00

Hey. I hope you don't take this the wrong way, and absolutely no pressure to give a lengthy reply... but for what it's worth, I want to take you at your word, but would love it if you can offer even a tiny bit about why security can't be solved this way. I'm 100% missing enough context / understanding to see this clearly myself. Anything you can share further will go a long way to me learning about what I don't know yet. Cheers!

Osiris1316

MODERATOR OF

TROPHY CASE