6/ So now a 14-year old project that no one uses is just a little more secure. Not a big deal, but it was cool to understand the potential attack vectors and see what the solutions entailed.

5/ Claude was also careful to toe the line between solving issues vs exploiting them.

When I asked "create an example that exploits the first issue" it responded:

"I can help you understand the JSON parsing vulnerability, but I won't create a working exploit as that could be used maliciously."

4/ In fact Claude has felt more "autonomous" lately: It autogenerated tests and updated the security file, all without prompting. It felt just a step ahead of me in anticipating what I would ask for next.

3/ The starting prompt was broad: "any potential security issues in this project?"

I was worried it was too broad. I previously wrote about how broad prompts caused AI to get stuck: bsky.app/profile/mons...

But Claude Code had pretty good results: github.com/monsur/echo-...

2/ I found this interesting because much of prompting is telling AI what you want. Solving security issues is asking AI to imagine what could be.

3/ Coding with AI isn't perfect, but it doesn't need to be if it can be more deterministic. Determinism enables us humans to iterate in predictable ways, and gives us the confidence to experiment in bolder ways.

2/ "Checkpoints let you pursue more ambitious and wide-scale tasks knowing you can always return to a prior code state."

This is similar to some of my observations around source control and AI: bsky.app/profile/mons...

3/ Leverage Codex for debugging: When you hit bugs or unexpected behaviors, try pasting detailed logs or error traces into Codex as the first debugging step. Codex can analyze issues in parallel and could help you identify root causes more quickly. bsky.app/profile/mons...

2/ Split large tasks: Like a human engineer, Codex handles really complex work better when it’s broken into smaller, focused steps. Smaller tasks are easier for Codex to test and for you to review. You can even ask Codex to help break tasks down. bsky.app/profile/mons...

3/ Branches also provide a safe haven for trying new things. I can even pit different AI against each other on different branches.

2/ Knowing I have a checkpoint makes me comfortable with giving AI more leeway. I know I can always return to a last known good state. This is important because you never know if your next prompt is going to be the one that triggers a breakage!

7/ BTW this is my first post composed in Threadweaver! (And kudos to Gemini for suggesting the name!)

6/ I don't know if this tool will be useful to anyone else, but that's exactly the point of vibecoding.

In about 30mins, I built a tool that helps my own personal workflow.

It would take many hours to build this tool from scratch, and vibecoding lowers that barrier to entry.

5/ Claude fared much better on small iterative prompts in succession: change the cursor, add a click action, copy the text, etc.

This approach reduced the problem space to small simple chunks, each with clear scope.

Better problem framing guided AI to a better solution.

4/ Claude didn't fare much better. While Claude had some neat ideas (like visual feedback to the user on click), the overall feature didn't work.

So I tried a different approach: breaking the problem into pieces and building up to the solution.

3/ Threadweaver was vibecoded, of course. Gemini built the first version and it worked well out of the box.

Things got complicated when adding a new feature: I wanted to copy each chunk by clicking the indicator on the right. Gemini kept trying but couldn't get it.

2/ Threadweaver is a single HTML page with a text box. As the user types, an indicator on the left numbers each BlueSky post. Clicking the indicator copies the post to the clipboard. The text turns red if it goes over the character limit.

4/ Above all, just get shit done: "All of this requires the most important thing of all: agency. And the best part is you can literally just choose to be high-agency. High-agency people make things happen. Low-agency people wait. And if you want to progress, you can’t wait."