Field notes

Real findings from real scans. The gap between an AI-shipped MVP and a production-grade application — what we keep seeing, and how to close it.

// case study

Why your AI-built MVP scored 12 on security

An anonymized walk-through of a real CodeClanker scan that returned a 12/100 on security. Every finding, the file or dependency that proves it, and the fix.

2026-05-09 · 8 min read

// security

Common security gaps in AI-built apps

The ten security holes we keep seeing in repos built primarily with Cursor, Lovable, Bolt, v0, and Claude Code. Why each one happens, and the minimal fix that closes it.

2026-05-08 · 11 min read

// playbook

Production readiness for solo founders: a 9-point checklist

Concrete, code-level checklist covering the practical minimum for shipping AI-built apps to paying customers. No fluff, no philosophy — just the items that, when missing, break in production.

2026-05-07 · 10 min read

// playbook

How to make a Vite or CRA app production-ready

Step-by-step technical playbook for taking a default React/Vite/CRA scaffold to a production-grade deployment. Linting, CI, error tracking, structured logs, the works.

2026-05-06 · 12 min read

// reference

What CodeClanker checks (and why each dimension matters)

Canonical reference for the nine production-readiness dimensions, what falls under each, and why the gap matters for a vibe-coded MVP.

2026-05-05 · 9 min read