Before you launch your vibe coded project, run this prompt first:
“Perform a comprehensive audit of the application, covering security, reliability, concurrency, accessibility, and UI consistency.
Review the relevant codebase, architecture, data flows, API interactions, authentication and authorization logic, state management, async operations, error handling, and user-facing interfaces. Trace important flows end-to-end rather than reviewing files in isolation.
Specifically investigate:
Security vulnerabilities and data exposure
- Authentication and authorization flaws, including missing server-side permission checks, privilege escalation, insecure direct object references, and cross-tenant data access.
- Sensitive information exposed through client-side code, environment variables, API responses, logs, analytics, URLs, local storage, session storage, cookies, error messages, or source maps.
- Injection risks, including SQL, command, template, prompt, HTML, and script injection where applicable.
XSS, CSRF, SSRF, insecure redirects, unsafe file uploads, path traversal, weak session handling, insecure token storage, and missing security boundaries.
- Overly permissive database rules, API endpoints, CORS policies, storage buckets, webhook handlers, or third-party integrations.
- Secrets, API keys, credentials, internal endpoints, personal data, or implementation details that could be unintentionally exposed.
- Missing validation and sanitisation at trust boundaries. Do not assume client-side validation is sufficient.
Race conditions, concurrency, and state integrity
- Duplicate submissions caused by repeated clicks, retries, refreshes, or concurrent requests.
- Non-idempotent operations that can create duplicate records, payments, messages, bookings, jobs, or side effects.
- Stale state, optimistic update failures, lost updates, conflicting writes, and out-of-order async responses.
- Effects, subscriptions, listeners, timers, and requests that are not correctly cleaned up.
- UI states where actions remain available while an operation is already in progress.
- Cache invalidation problems and inconsistencies between client state, server state, and persisted data.
- Multi-tab, multi-device, and poor-network scenarios where relevant.
Reliability and failure handling
- Unhandled promise rejections, swallowed errors, silent failures, infinite loading states, broken retry loops, and incomplete rollback behaviour.
- Missing loading, empty, error, offline, timeout, and partial-success states.
- Failure paths that leave data or the UI in an inconsistent state.
- Assumptions about API responses, nullability, ordering, timing, or network availability that could cause production failures.
- Memory leaks, unnecessary rerenders, expensive operations, and obvious performance bottlenecks that materially affect the user experience.
Accessibility
- Semantic HTML and correct use of landmarks, headings, labels, lists, tables, buttons, and links.
- Keyboard navigation, logical tab order, focus visibility, focus trapping, and focus restoration.
- Missing or incorrect accessible names, labels, descriptions, and ARIA attributes.
- Colour contrast, text legibility, touch-target sizes, zoom behaviour, reduced-motion support, and reliance on colour alone to communicate meaning.
- Screen-reader behaviour for modals, menus, dropdowns, tabs, toasts, validation errors, loading states, and dynamically updated content.
- Forms with unclear instructions, inaccessible validation, missing autocomplete attributes, or poor error recovery.
- Test against WCAG 2.2 AA expectations where applicable.
Visual and interaction consistency
- Inconsistent spacing, typography, colour usage, border radii, shadows, icon sizing, alignment, component dimensions, and responsive behaviour.
- Components that visually appear identical but behave differently, or behave identically but are implemented inconsistently.
1/2
🇪🇺 Chat Control has passed 😔
They can and will now legally scan any person's messages, emails and photos you send without a warrant
The way they passed this law when the majority of the European Parliament was against it will shock you:
They waited until most EP members were on holiday so only a few were present and then created an "urgent" vote for it to pass it through
There's nothing democratic about any of it and big powerful forces are behind this that can manipulate the EU for whatever they want
Democracy in Europe died a bit today 😔
Excited to release Grok 4.5 with @SpaceXAI.
It's an Opus-class model that's fast and low cost. It's a significant step up over any model we've developed so far, including Composer 2.5, and has become the daily driver for many on our team.
First of many releases. More soon.
SITUATION DETECTED: Cognition has released SWE-1.7, its most capable coding model yet, built on a Kimi K2.7 base with an improved RL pipeline.
SWE-1.7 runs at 1,000 tokens/sec and scores within a few points of frontier models at a fraction of the cost.
Introducing SWE-1.7, the most capable model we’ve trained yet.
It scores within a few points of the strongest frontier models at a fraction of the cost, and is now available at 1000 tok/s.
RL is not hitting its limit: after refining our recipe, we keep seeing gains as we scale
In order to prevent stores from evading taxes, every receipt in Taiwan is automatically a lottery ticket, too, which can win up to $300k, turning customers into voluntary tax auditors:
I think about this every single day.
What happened in Singapore should be mandatory study in schools.
It's the single greatest wealth creation in the history of capitalism.
Why Lee Kuan Yew was an absolute genius🧵