Building with AI, in public

What I’m learning and building with AI, written in the open. Names and proprietary detail stripped out. Just the lessons.

• Why Content Fingerprinting Beat My Subject-Hash Dedup (By a Mile)April 22nd, 2026ai-agentsapollodebugging
• The Memory Cap That Was Crying WolfApril 21st, 2026ai-agentsmemory-systemsapollo
• What CSP Taught Me About Third-Party Resource TypesApril 16th, 2026securitynextjsweb
• The Three Lines That Fixed a Race Condition I Didn't Know I HadApril 15th, 2026reactasyncdebugging
• How an Unrelated Migration Broke Our PostgREST Queries — One of Them SilentlyApril 14th, 2026supabasepostgrestdebugging
• How CSS GPU Layers Broke My Drag-and-Drop Board (And the Fix Was Removing Code)April 14th, 2026cssdrag-and-dropperformance
• How I Hardened Apollo's Scanner Against Prompt Injection (Two Cheap Fixes That Actually Work)April 14th, 2026securityllmprompt-engineering
• How My Own Robot Reviewer Caught My Secret Sitting in `ps aux`April 14th, 2026securitypythonmcp
• How One Bad Enum Was Silently Killing My Entire Scan BatchApril 14th, 2026pythonpipelinesllm
• How Playwright Became the Net That Let Me Actually Fix the BoardApril 14th, 2026testingnextjsplaywright
• How SWR's Default Refetch Behavior Was Trashing My Drag-and-Drop BoardApril 14th, 2026swrreactdata-fetching
• The One-Liner My Autonomous Council Flagged That I'd Never Have CaughtApril 14th, 2026pythonloggingproduction
• The One Retry Rule I Wish I'd Learned Before Building Two SystemsApril 14th, 2026patternsreliabilityautomation
• The Problem With Letting Your AI Agents Read Their Own Prior WorkApril 14th, 2026autonomous-agentscouncildev-workflow
• Validate Your Env Vars at Boot — or Pay the Price LaterApril 14th, 2026systemssecuritydevops
• What Pydantic's `extra="forbid"` Gets Wrong When Your Data Comes From an LLMApril 14th, 2026pydanticllmpython
• Why dnd-kit's Default Collision Detection Kept Picking the Wrong TargetApril 14th, 2026drag-dropdnd-kitux
• Why I Ended Up with One JSON Parser for Two Different LLM ModelsApril 14th, 2026aipythonllm
• Why My Custom Tailwind Class Kept Losing (And the One-Word Fix That Saved It)April 14th, 2026csstailwindfrontend
• My Own Rule Said Don't Cap It. I Capped It Anyway.April 13th, 2026ai-pipelinesstate-managementsystems
• SQL Injection Was Hiding in My Supabase `.not('in')` CallsApril 13th, 2026securitysupabasepostgrest
• The Bug That Corrupted My Scanner State (And the Three-Line Fix)April 13th, 2026pythonautonomous-agentsstate-management
• The One-Liner That *Looked* Safe (and How an Origin Check Fixed It)April 13th, 2026securitynextjsauth
• How a Single String Was Gutting My Entire Content Security PolicyApril 9th, 2026securitynext.jsweb
• The Save Worked. The UI Still Snapped Back. Here's Why.April 9th, 2026reactuidebugging
• When Your MCP Search Returns the Envelope, Not the DataApril 9th, 2026mcpquickbooksdebugging
• The Lazy Loading Trap That Made My LCP Worse (And How I Fixed It)April 7th, 2026performanceimagesnext.js
• The Shopify Sync That Never Had a Race Condition (And the Ones That Did)April 7th, 2026systemssyncsupabase
• When the Swift Compiler Refuses to Build Your View, Listen to ItApril 7th, 2026swiftiosarchitecture
• Why Stripping HTML Tags Isn't Enough: Two CMSes Taught Me This in One WeekApril 7th, 2026cmsdata-importjavascript
• Stop Saving on Return. Mobile Users Tap Away.April 6th, 2026iosswiftuiux
• The Auth Gate That Wasn't Guarding the Real DoorApril 6th, 2026securitysupabaseauth
• Why Every Create Flow Should Auto-Navigate to What You Just MadeApril 6th, 2026iosswiftux
• Why Swipe-to-Delete Always Needs a Confirmation StepApril 6th, 2026iosmobileux
• An ID Is Not a Password: How We Closed an IDOR in Our Cancer Patient Chat AppApril 3rd, 2026securityweb-devcancer-doctor-finder
• How a Fullscreen Overlay Fixed Our Broken Mobile Booking FormApril 3rd, 2026mobilehubspotforms
• How Eliminating `any` Types Made Our Build the First Line of DefenceApril 3rd, 2026typescriptnextjsdx
• How localStorage Bridged Sessions — And Then Became a Security HoleApril 3rd, 2026localStoragesecuritychat
• How Two Characters Broke My HubSpot Pre-Fill (and What It Taught Me About Third-Party Forms)April 3rd, 2026hubspotintegrationdebugging
• When Your Validator Is the Bug, Not the DataApril 3rd, 2026validationapi-designzod
• How a Failed Junction Insert Left Me With Orphaned RowsApril 2nd, 2026supabasedatabasesapi
• How an Open Redirect Hid Inside Our Next.js Server ActionsApril 2nd, 2026securitynextjsserver-actions
• Page Auth Doesn't Guard Server Actions — Every Action Needs Its Own LockApril 2nd, 2026securitynext.jsserver-actions
• The API Won't Tell You When You're Paying TwiceApril 2nd, 2026llmapisdebugging
• The Supabase Linter Warning That Silently Empties Your TablesApril 2nd, 2026supabasesecuritypostgres
• Why I Stopped Letting Chat Failures Eat My Users' WordsApril 2nd, 2026resiliencechatux
• Why I Stopped Trusting My Own FrontendApril 2nd, 2026securitynext.jsvalidation
• A Generator Script in Your Repo Is Not Proof It Made Your AssetsApril 1st, 2026ai-agentsgitlessons-learned
• How Prisma's Nested Relation Creates Silently Ate My Sales DataMarch 27th, 2026prismanextjsdata-loss
• How Targeted Diagnostics Killed a Timezone Bug I'd Been Guessing AtMarch 27th, 2026debuggingtimezonenextjs
• One Missing Env Var That Took Down Every Cron Job at OnceMarch 27th, 2026configvercelbackend
• The AI Recommendations Looked Great. The Data Was Lying.March 27th, 2026aidashboardsdata-quality
• The Metric Was Wrong Because the Baseline Was WrongMarch 27th, 2026webinarsanalyticsdata
• The Timezone Bug That Taught Me to Measure From What You TrustMarch 27th, 2026debuggingtimezonesdata-integrity
• When Your Data Is Saving Fine and the Dashboard Still Lies to YouMarch 27th, 2026nextjsreactcaching
• Why My GA4 Dashboard Worked Locally but Broke on Vercel Every TimeMarch 27th, 2026vercelgoogle-analyticsdebugging
• How "Belt-and-Suspenders" Broke My Swift Supabase DecoderMarch 26th, 2026swiftiossupabase
• How My iOS App Learned to Lie (And How I Fixed It)March 26th, 2026iosswiftsupabase
• How One `await` Stopped My iOS CRM From Lying to UsersMarch 26th, 2026iosuxsupabase
• The SupabaseClientOptions Argument Order Trap Nobody Warns You AboutMarch 26th, 2026supabaseswiftios
• Why My Supabase iOS App Failed Silently — and It Was the Key FormatMarch 26th, 2026supabaseiosswift
• Why Your Demo Mode Should Touch Zero BackendMarch 26th, 2026iosdemoarchitecture
• What "Replaced Element" Actually Means (and Why It Broke My Presentation Mode Canvas)March 24th, 2026canvasfrontenddebugging
• How a Swapped Argument Order Killed Our Supabase iOS Connection (Silently)January 15th, 2026
• How Supabase's Batch Upsert Silently Swallowed Our Sales DataJanuary 15th, 2026
• Why I Built a Demo Mode That Never Touches the BackendJanuary 15th, 2026