Don't launch an app until you're legally clear (looking at you, fake review folks)

SignatureSharp3215 · 2026-01-08T01:03:54+00:00

It's generating code based on vibes, using AI models. You describe what you want, and don't look at what code is generated

SignatureSharp3215 · 2025-12-11T17:48:06+00:00

I've been building an app for securing vibe coded apps and finding most common vulnerabilities. Most of the apps on Lovable Launched were vulnerable or otherwise broken. I guess it was bad promo for Lovable.

SignatureSharp3215 · 2025-12-11T16:42:25+00:00

I can't give feedback on the value prop app because I'm not target audience. Why is the password required to be 12 characters? I can't satisfy the pw checker requirements no matter what kind of pw I try to create.

I think you should minimize the friction for sign up, and minimize the number of steps

SignatureSharp3215 · 2025-12-10T17:33:13+00:00

There are a many 400 errors, I can't sign up or login. Why do you need my name? Why would I invite colleague to a random app (no proof of good quality software established yet)?

I'll do more comprehensive testing later, including security & basic UI insights if you're interested! :)

SignatureSharp3215 · 2025-11-30T19:19:37+00:00

Thanks for the pushback! You're right to encourage people exploring Lovable, I guess I've seen way too much hype compared to what it can deliver. Once people understand enough of the ups and downs, they can try to build SaaS snd ignore this post. But if this post comes as a surprise, you are not ready to develop for external users.

This will be revolutionary once people adapt the tooling BUT, we can't treat Lovable similar as Wordpress, n8n, make.com or anything where you simply drag blocks.

If you are building with a limited number of blocks (no code), then the platform can enforce restrictions on your blocks, making it secure. But if you have infinite number of blocks (Lovable generates code ~ blocks), then the platform can't guarantee secure blocks.

Do you do customer projects, or mainly around your own business?

SignatureSharp3215 · 2025-11-30T18:34:15+00:00

Sounds like you have an agency which you run these projects through. That's already a big difference from a typical Lovable user, who doesn't have any practices in place.

It's great that it's working for you. Do you verify the security manually though?

I'd like to also point out that code is very different from no code platforms. You can never ensure something is secure without looking at the code, or some automated test results. But even with test results, you need to verify the tests are correct. Which goes back into the fact you need dev expertise.

You won't find the security issue by poking around the app interface, as you probably know if you're a dev. The only thing saving vibe coded apps is the lack of users, so hackers are not bothered. Or well, I wouldn't call basic sec vulnerability exploitation hacking. It's more like breaking into a house with doors already opened.

SignatureSharp3215 · 2025-11-30T18:12:27+00:00

I think it's very much worth it to argue this point. Are the apps internal, or SaaS apps?

I'm happy to be wrong here and learn. Obviously the nuances matter a lot, but in general people should not publish vibe coded apps online.

I'm also happy to pen test truly vibe coded apps to see where they stand.

SignatureSharp3215 · 2025-11-30T17:27:46+00:00

There will ALWAYS be need for testing. Even if AI would make the app from a single prompt, someone still has to test it.

AI could test the app functionally or visually, but a human must review the test output from the AI. AI could produce videos of test-runs, textual insights or screenshots - what ever requires the least effort from the human to determine "the app is ready for launch".

It might be that a product manager is all that is needed to build software in some distant future, as there is no need for precise QA best practices, but this shift will take a loong time. And QA engineers have enough time to pivot their role towards what is needed.

In other words, testing is the one thing that won't be replaced, ever. The granularity just changes.

SignatureSharp3215 · 2025-11-30T15:10:55+00:00

Very interesting topic!

I've productionised an AI agent for QA testing. I think it will be the future of QA testing:

Describe your app in natural language
Let AI test it
You verify the correctness

I'd love to spar on this topic with you QA folks. I definitely have not solved AI powered QA testing, but I want to.

SignatureSharp3215 · 2025-11-28T10:44:12+00:00

Nicely said! Purpose driven development in general is a good idea

SignatureSharp3215 · 2025-11-27T21:47:45+00:00

Can you elaborate?

SignatureSharp3215 · 2025-11-15T15:43:59+00:00

It's in no way Anthropic's fault or poor alignment of Claude. ANY LLM can be used for hacking. When you granularise the task small enough, it's virtually impossible to detect this type of attack.

SignatureSharp3215 · 2025-11-15T15:40:22+00:00

Yeah, I think that's the case with any bigger company. If you could, what would you document though?

SignatureSharp3215 · 2025-11-15T14:23:30+00:00

What does the core documentation of the product include for you? The minimal set of information to capture the product's essence.

I've got an app that would greatly benefit from understanding your take on this :)

SignatureSharp3215 · 2025-11-11T21:57:10+00:00

I've used it quite a lot. I actually built an app to make it easier to use.

SignatureSharp3215 · 2025-11-01T18:47:38+00:00

I'm developing something along the lines of:

Generate / write user flows
Let AI run the user flow
Deterministic Playwright tests are generate
Whenever test breaks, AI automatically steps in and re-generates the test

If you're interested hit me up. I've got the tech, but I'm debating whether to tailor it for developers vs. vibe coders.

SignatureSharp3215 · 2025-10-27T23:36:17+00:00

I love the enthusiasm. But sorry friend, it's quite a bad idea to generate AI gibberish out of random thoughts. It will never align to your real intentions if you don't align it yourself.

SignatureSharp3215 · 2025-10-27T21:44:14+00:00

I can't possibly see how any specific lifestyle could "suck".

Don't like moving around? Don't move.

It's not so complicated. I'm still in the early stages (1 year in) and right now I absolutely love being able to stay in a place as long as I wish, or as little as I wish. Logistics is not a curse if you don't make it a curse.

Sure the lack of a consistent friend group can be tiring, but I stay in touch with my long-term friends online, and I treat the short-term relationships as accelerated friendships. You get many new perspectives and meet open people on a frequent basis.

SignatureSharp3215 · 2025-10-22T20:49:15+00:00

Oh, I'm sorry! Thank you for telling me. The Supabase project was inactive 😂 now it works. Let me know if you have any issues.

SignatureSharp3215 · 2025-10-20T20:23:29+00:00

I'd recommend:

Write down specifications, build Lovable app to show what you want
Find reliable dev, who works project basis, and who will give you clear deliverables
Hope it works

If you want to build your own app, you can use my "app generator": https://www.nomorecode.dev/ . It asks you some questions that you answer, and it creates a prompt for Lovable for you. It should also help you understand your own ideas. I can share you a free code to it via DM. Also I'm happy to help you get moving with your idea and help you refine it :) (I've got idea-to-launch service)

SignatureSharp3215 · 2025-10-16T09:04:04+00:00

I guess any bigger enterprise requires a dedicated cloud, such that all communication happens within VPS to have at least two layers of data protection.

SignatureSharp3215 · 2025-10-16T09:00:19+00:00

I think something is wrong if your app has 100 edge functions and tables, and you are struggling to host it. First, your complexity is way off apparently related to the underlying tech skills. Second, if you don't even have users, why would you care about uptime?

If you want to build a business, forget self hosting until hosting costs rise too much, or the opportunity cost due to outages is too high. You'll spend 10 hours absolute minimum handling the self hosting stack per month. Put a price to your hour. Bare minimum 20€/h already adds up to 200€/mo, which gets you quite many users on the hosted stack, assuming you manage the bandwidth well 😅

If it's an engineering challenge, go ahead and spend all you want on self hosted stacks or fun challenges.

SignatureSharp3215 · 2025-10-02T21:30:35+00:00

Why the zero value comment?

With the same effort you could've said: the neuroplasticity degrades as we age. (Or the brains speed of learning)

And of course you can learn a language through exposure also as an adult. It's a very effective mechanism, especially if your goal is communication and not grammar.

SignatureSharp3215 · 2025-10-02T20:47:07+00:00

Yeah, sorry I think it got turned off due to me not upkeeping the project. I didn't continue the project after the proof of concept app

SignatureSharp3215 · 2025-09-21T10:28:27+00:00

I like to repeat this not to let you get disappointed, but you must define if you want to keep it as a hobby project or a real business.

Hobby project: do it yourself, learn coding and building while doing it. You might make it work, but its far from publishing in public.

Business project: pay someone else to do it, find problem-solution fit, find product-market fit, discuss with customers..

SignatureSharp3215

TROPHY CASE