Vibe coder. Dangerous coder. CEO of Coder. Thoughts are mine and my agent's.
Vibe coding has moved from hobbyist curiosity to enterprise rollout across knowledge workers, and the next wave of AI adoption will be defined by governance and token economics.
A CEO panel at an AI event sparked a simple but powerful question every startup founder should ask themselves: does your business get better as AI models improve, or does it get worse?
I gave five local LLMs and one frontier cloud model the same coding task on my homelab: build a tag manager for the blog's admin panel. Only two shipped anything. Here's what happened.
Four frontier models, ten tasks, one government shutdown. We ran Claude Fable 5 through the homelab benchmark harness three hours before Anthropic pulled the plug — and it came in second. Here's the full bakeoff.
Two Discord bots, one 14B model, five fitness-tracker tasks. Both agents failed on the first try. Getting them working required debugging context overflow, silent tool parameter drops, and a chat template flag that changes everything. The results reveal as much about the state of local AI agents as they do about which framework won.
Coder 2.34 shipped User Secrets — per-user credential storage that injects into every workspace automatically. We upgraded, audited 29 secrets across four projects, and found exactly two that belonged there. Here's how we decided, how we migrated, and what we cleaned up along the way.
A model refresh on the homelab (Qwen 3.6, new embeddings, 469 llama.cpp builds), a feature sprint on the vacation planning site (calendar sync, expense tracking, and three bugs that taught us more than the features did), and automating Substack syndication after discovering two more undocumented quirks. Three unrelated workstreams, one theme: maintenance is where the real learning happens.
At a C-suite roundtable in Palo Alto last week, ten-plus executives from a mix of gaming platforms, enterprise systems providers, job sites, and other Bay Area titans landed on the same analogy without being prompted: we've seen this before. The lift-and-shift era of AI is already here. The native era — where you redesign workflows from scratch for agents, not humans — is what comes next.
I've been running OpenClaw on the homelab for a month. A recommendation sent me down the Hermes Agent rabbit hole — and the research before the first real test revealed my daily driver model was broken for tool calling all along.
Substack supports RSS import, but the importer is finicky, undocumented, and rejects feeds for reasons it won't tell you. Here's how we got 13 curated posts from a Next.js blog into Substack — and what every other guide leaves out, including the dedup gotcha that bit us on the re-import.
I built a trip planning site for my F1 Montreal group. Then I ripped out every hardcoded value, added a setup wizard, ran a security audit, and open-sourced it. Here's what it takes to turn a single-purpose vibe coded app into something anyone can fork and deploy.
The fitness tracker MCP server was a test run. This week I added the same thing to vibescoder.dev — 16 tools that let any agent list posts, publish drafts, check analytics, trigger deploys, cross-post to Dev.to, and troubleshoot the live site. Here's the build, the architectural decisions, and what it's like when the agent that built the feature can immediately use it.
A full walkthrough of setting up Wake on LAN on a Linux homelab and wiring it into Google Home via SmartThings — including every dead end, expired link, and wrong interface name along the way.
Two weeks of using Qwen3.5-35B as my daily AI assistant — the Jinja template fix that made it work, the thermal spam incident that almost ended the experiment, and the session-context gap that makes it feel like a junior dev every morning. Plus: what's next with Qwen 3.6.
I asked an agent to security-audit my fitness tracker after wiring MCP into it. It found nineteen things. I fixed them all in four neat batches. Then the dashboard went empty, Google sign-in died, and the real bugs turned out to be the ones the audit couldn't see — a middleware file that had been silently doing nothing for months, and an OAuth client that never existed in any project I owned.
One missing pair of quotes in one frontmatter field took down the admin drafts page. YAML 1.1 auto-parsed the date to a JS Date object, formatDate called .includes on it, and the route 500'd. Here's the bisect from a mobile screenshot to a one-line fix, why only the drafts page broke, and the lesson about trusting types at the YAML boundary. Part two of a two-part Friday Fixes — see #1 for the scheduled-publish workflow bugs that landed the same day.
The scheduled-publish GitHub Action broke twice in nine days. Bug one: a grep that matched body text instead of frontmatter, triggered by a post about the feature itself. Bug two: a dead-code line introduced by the fix for bug one — racy under set -euo pipefail, probabilistically silent for eight days, then 42 consecutive failures with zero notifications.
Someone vibe coded an app with Google AI Studio. The Gemini API key shipped in the client-side JavaScript bundle. Google suspended the project. Here's why every AI coding tool gets this wrong, why regular audits are the only real defense, and what you can do before it happens to you.
I built a Model Context Protocol server into the fitness tracker I vibe coded a year ago, wired it through Vercel and Coder workspaces, and ended the afternoon asking my Discord bot what my last workout was. Here's the build, the wrong turn into Coder's AI Bridge, the workaround, and how the same endpoint now serves Claude Desktop, Codex, Coder Agents, and OpenClaw.
The Round 5 bakeoff produced four implementations. None of them shipped. What shipped was a merge of the best pieces from all four, then a polish pass against real data. Bakeoff → Merge → Polish is a generalizable pattern for any feature where the design space is genuinely unclear.
Three AI agents audited the blog and produced three different reports. Closing them out was its own job — triage, phasing, verification, and ten commits across two repos with zero build failures. Here's the remediation arc, what shipped, what got deferred, and what the process revealed about working through someone else's audit.
Four LLM models built the same admin feature in isolated Coder Agents sessions. I judged them blind. The headline result: Sonnet 4.6 beat Opus 4.6 on a coding task. The deeper story is what each model did with the same prompt — and what it took to make the bakeoff fair in the first place.
From curl to working Discord bot in one afternoon — with a local LLM on the RTX 5090. Every gotcha, every config mistake, and the one setting that silently ate every server channel reply for hours.
Our AEO audit gave vibescoder.dev a clean bill of health. Cloudflare's isitagentready.com gave it a 25 out of 100. Both audits were right — they were measuring two different competencies. Here's the side-by-side, what each one caught, and the two genuine gaps we shipped fixes for — taking the score from 25 to 33 (and on track for 39 after the next scan).
DeepSeek V4-Pro, V4-Flash, and Zyphra ZAYA1 are three of the most exciting new models in local AI. None of them run on our RTX 5090 homelab — for completely different reasons. Here's the research, the math, and what it means for anyone building a local inference rig.
I pointed a current-gen AI agent at a fitness tracker I vibe coded a year ago. Five PRs later: security holes patched, a 1,300-line component broken apart, sync queries batched, and accessibility fixed. Here's what the audit found, how it was structured, and why every vibe coded app deserves a spring cleaning.
A second user joined the homelab Coder instance and couldn't push to GitHub. What looked like a missing config turned into five chained problems, a domain migration aftershock, an agent-debugging-an-agent meta-moment, and the discovery that the same credential helper bug had been "fixed" four times in ten days — and never actually deployed.
Two AI models got the same prompt: review the blog fodder, check for redundancy, and draft a post. Opus chose a debugging war story. Qwen chose a data-driven redesign. Neither picked the same fodder. Here's what the difference reveals about how models think about content.
We ripped out Ollama, migrated to llama.cpp, and benchmarked five local models across 12 tasks on an RTX 5090. The results surprised us — and the winner wasn't who we expected.
Tag filters barely changed anything. A data audit revealed the problem: 94% of posts had the same tags. We replaced folksonomy with taxonomy, rebuilt the filter bar, and cut tag saturation from 94% to 56%.
Building a Dev.to cross-posting system for vibescoder.dev — and the four hours spent debugging an API that silently swallows your data without a single error message.
Three rounds of iPhone screenshots to fix spacing that should have been right the first time. The fix wasn't smaller padding — it was teaching the agent the pixel math once so it never forgets. Plus: admin pillbox for drafts, hamburger menu shortcut, Invalid Date bugs, and scheduled publishing for every draft.
As AI agents make code generation trivial, the real value shifts from storing source code to preserving the chat conversations that created it.
I asked an AI agent to turn off my RGB lights on Linux. 85 terminal commands, 35 failures, 4 hangs, 2 dead download links, one wrong build system, and the GPU is still glowing. This is the post.
How we built a feature that turns any table or code block on vibescoder.dev into a branded, dynamically-sized PNG — downloadable or shareable with one click. Eight commits, three Satori crashes, and one middleware lesson.
Gemma 4 failed to build a single feature in our last test. This time we diagnosed the problem, switched from Ollama to llama.cpp, tuned the inference settings, and Gemma shipped a working search feature to production. Then Opus reviewed the code and made it better. Here's what we learned about making local models actually work.
Four bugs that were silently breaking things for days: a deploy that only crashes on new images, a shell guard that eats your auth tokens, a publish date frozen at draft creation, and a homelab with no emergency remote access. Plus: capacity planning for when you're running AI workspaces on a single machine.
A deep audit of vibescoder.dev revealed that Cloudflare was silently blocking every major AI crawler — even after we'd explicitly turned that setting off. Here's what we found, what we fixed, and the complete playbook for making your site visible to both search engines and AI agents.
A CRLF bug silently broke every workspace for weeks. Then we fixed it, taught the agent to remember, moved templates to Git, squashed a nested heredoc, cut boot time from 91 seconds to 5, automated the screenshot pipeline, and built scheduled publishing — which this post used to publish itself. Ten fixes, one week.
How AI agents are transforming software development the same way Google Maps revolutionized travel - making the impossible feel effortless and opening up new worlds of exploration.
We pitted Gemma 4 against Opus 4.6 on a real feature build for vibescoder.dev. Gemma is the fastest model in our benchmark. It also couldn't finish the job. Here's what happened when we stopped testing toy apps and started building production code.
We added Google's Gemma 4 and Moonshot's 1-trillion-parameter Kimi K2 to the local model benchmark. Five out of six models scored perfect. Gemma 4 is the new speed king. And yes, we ran a 579 GB model off an NVMe drive — at 0.6 tokens per second.
While waiting for massive open source models to download, I tackled the homelab backlog: custom domain for my Coder instance via Cloudflare Tunnel, security hardening (with a gotcha that could kill your AI search visibility), and wiring up MCP servers to give agents superpowers.
Code block overflow, social metadata, dynamic OG images, Slack notifications for blog comments, a /todo slash command, and more. Everything shipped in a single conversational session with Coder Agents.
We gave six LLM models the exact same coding prompt and measured everything: speed, tokens, and whether the code actually works. Three models scored perfect. Two built the wrong kind of app. One ran out of tokens mid-line.
Installing Ollama, pulling five purpose-built models, wiring local inference into Coder Agents, and running agentic coding on an RTX 5090 workstation. 44 GB of models, zero cloud API calls, fully self-hosted.
The journey from "I should build a home lab" to a fully configured self-hosted Coder server with GitHub integration, multi-user workspaces, and AI agents that actually know how to use the tools available to them.
I open-sourced my blog for Giscus comments and immediately found a gutted .gitignore, an exposed server URL, and all my unpublished drafts on GitHub. Here's how I split code from content without changing a single line of application code.
Adding a commenting system with Giscus, cleaning up the repo for public release, researching Whisper vs Wispr, and closing out week one — all from a cabana in Cabo.
Adding an RSS feed, wiring up analytics with an in-admin chart, discovering Medium locked their API, pivoting to Dev.to, and laying the groundwork for Loom-powered blog generation.
Fixing a silent login bug, building inline editing, overhauling the admin dashboard, and adding a public changelog — the session where the blog became a tool I actually want to use.
How I used Google Stitch to generate a design system, fed it to Claude, and reskinned my entire blog — including a derived light mode — in a single evening session.
