Patterns
Reusable patterns for Lovable, Cursor, and friends. Copy the prompt, follow the notes, ship.
A practical ROI framework for evaluating whether a custom internal tool justifies its build and maintenance cost compared to buying an existing solution.
A decision framework for non-technical founders: when AI builders are sufficient, when you need developer support, and when hiring before building is the right call.
A practical framework for choosing between Vercel and Cloudflare Pages based on your app’s architecture, commercial use, and control preferences.
A clear decision tree for which of Supabase’s API keys to use in each part of your application, and why the wrong choice exposes your entire database.
A structured decision framework for evaluating whether to build a custom app, buy existing software, or take a hybrid approach — with honest accounting of hidden costs on both sides.
In a Vite app, any environment variable without the `VITE_` prefix is invisible to the browser. Any variable with it is visible to every user. This is the entire secret management boundary.
Internal apps built quickly and cheaply often outlive their creators. When the person who built it leaves, the app continues running — with no owner and no maintenance plan.
Asking an AI to review code for security is not equivalent to a security review. AI tools optimize for “looks correct,” not “cannot be exploited.”
46% of all data breaches target small businesses. Building your own app without data security controls is not a “later problem.”
Customizing shadcn/ui safely requires working with its CSS variable system, not overriding it with hardcoded Tailwind classes.
Manifest V3 service workers terminate between events. Listeners registered asynchronously or in callbacks will be missed. All top-level listeners must register synchronously.
A composable pattern for replacing AI-generated `useEffect` fetches with TanStack Query wrappers around Supabase client calls.
A repeatable pattern for running Lovable as your prototyping layer while owning your production infrastructure — without rebuilding from scratch.
Keep app-internal logic in createServerFn.
Never store roles on profiles.
Each type gets its own index page for SEO.
SEO and AIO favor light; ship dark as toggle.
Open .lovable/rules.md as first action of every session.
