Reading this just makes me think of yesterday's post - vibe code in turbo mode, Gemini Antigravty wipes the entire storage drive partition because it missed a quotation in function code it wrote and ran without checking.
Yes it helps you write all the boiler plate code to do straightforward repetetive things. What would be even better would be simple code to do simple things
My wife noticed that I don't mind being interrupted when programming anymore; between the less-intense level of concentration required now and the always-present transcript, it's not like a collapsing mental house of cards to look up for a few minutes and talk about something else.
Been "vibe coding" for 8 months building thepassword.app - AI browser automation that changes passwords across websites.
The enjoyment factor is real. The iteration speed with Claude Code is insane. But the model's suggestions still need guardrails.
For security-focused apps especially, you can't just accept what the LLM generates. We spent weeks ensuring passwords never touch the LLM context - that's not something a vibe-coded solution catches by default.
The productivity gains are real, but so is the need for human oversight on the security-critical parts.
There is no way I would provide the password I use on multiple sites to some random app, and there's absolutely no way I'd do that if I had any inkling it was vibe coded.
1. We don't ask for your current passwords. The app imports your CSV from your existing password manager (1Password, Bitwarden, etc.), which you already trust with your credentials. We automate the change process - you provide the new passwords you want.
2. Zero passwords leave your machine. The app runs locally. Browser automation happens in a local Playwright instance. The AI (GPT-5-mini via OpenRouter) only sees page structure, never credential values. Passwords are passed to forms via a separate injection mechanism that's invisible to the LLM context.
The "vibe coding" comment was about development speed with AI assistants, not about skipping security review. We spent weeks specifically on credential isolation architecture - making sure passwords can't leak to logs, LLM prompts, or network requests. That's the opposite of careless.
Code's not open source yet, but we're working toward that for exactly the reasons you describe - trust requires verification.
16 comments
[ 2.8 ms ] story [ 34.6 ms ] threadEdit: for those who don't frequent HN or reddit every day: https://old.reddit.com/r/google_antigravity/comments/1p82or6...
> https://indianexpress.com/article/technology/tech-news-techn...
dang, please replace the link.
Having a private office instead of an open floor plan for instance
Or not working in the JIRA two week sprint format
Or not having to work with offshore teams that push the burden of quality control onto you
My point is I bet that the Google CEO (and basically every other software CEO) doesn't actually care if software development is enjoyable or not
The enjoyment factor is real. The iteration speed with Claude Code is insane. But the model's suggestions still need guardrails.
For security-focused apps especially, you can't just accept what the LLM generates. We spent weeks ensuring passwords never touch the LLM context - that's not something a vibe-coded solution catches by default.
The productivity gains are real, but so is the need for human oversight on the security-critical parts.
Two clarifications:
1. We don't ask for your current passwords. The app imports your CSV from your existing password manager (1Password, Bitwarden, etc.), which you already trust with your credentials. We automate the change process - you provide the new passwords you want.
2. Zero passwords leave your machine. The app runs locally. Browser automation happens in a local Playwright instance. The AI (GPT-5-mini via OpenRouter) only sees page structure, never credential values. Passwords are passed to forms via a separate injection mechanism that's invisible to the LLM context.
The "vibe coding" comment was about development speed with AI assistants, not about skipping security review. We spent weeks specifically on credential isolation architecture - making sure passwords can't leak to logs, LLM prompts, or network requests. That's the opposite of careless.
Code's not open source yet, but we're working toward that for exactly the reasons you describe - trust requires verification.