Woke up tired like I'd worked a full shift. Same bug, looping, my brain solving it ten slightly different wrong ways until morning. Git log empty. Nothing real happened.
Part of me took it as proof I care about what I'm building. The other part knows a brain that won't clock out isn't a flex, it's a leak.
Do you get this one? And if you do, what actually makes it stop?
Been thinking about this after seeing a few posts here about vibe-coded apps breaking in production. Auth bugs, webhook failures, that kind of thing.
What worries me more is the stuff that doesn't break loudly. No error, no crash, it just quietly leaks data or accepts requests it shouldn't. Things like exposed API keys sitting in the frontend bundle, missing rate limits, or database rules that let any logged in user read rows that aren't theirs. None of that throws an error. It just sits there until someone finds it.
For the non-engineers building real products with this stuff, what does your actual security check look like before you launch. Are you running anything to scan for this, paying someone to review it once, asking the AI itself to audit its own code, or just shipping and hoping nothing bad happens.
Curious if there is an actual workflow people are settled on, or if this is still the part everyone quietly skips.