https://www.codefolio.dev/writing Notes on shipping SaaS solo: applied AI, Next.js, security, and building in public. en https://www.codefolio.dev/writing/ai-daily-loop https://www.codefolio.dev/writing/ai-daily-loop Mon, 15 Jun 2026 00:00:00 GMT Applied AI An AI in a chat window is a brilliant contractor with amnesia. I stopped being its memory and moved it into my repo, where state lives in files and it runs one phase of my day at a time. https://www.codefolio.dev/writing/incident-response https://www.codefolio.dev/writing/incident-response Sun, 14 Jun 2026 00:00:00 GMT Incidents When something breaks in production the instinct is to dive into the code. The right first moves are calmer than that. Stabilize, communicate, then find the cause. https://www.codefolio.dev/writing/structured-outputs https://www.codefolio.dev/writing/structured-outputs Tue, 16 Dec 2025 00:00:00 GMT Applied AI Asking a model for JSON and parsing the text breaks in production. Define a typed tool, force the model to call it, and get validated structured data back. https://www.codefolio.dev/writing/prompt-caching https://www.codefolio.dev/writing/prompt-caching Mon, 24 Nov 2025 00:00:00 GMT Applied AI Most AI features resend the same large prompt every call and pay full price for it. Cache the stable prefix and pay a fraction on every reuse. https://www.codefolio.dev/writing/supabase-rls https://www.codefolio.dev/writing/supabase-rls Mon, 03 Nov 2025 00:00:00 GMT Stack Filtering data in your queries and hiding it in the UI feels secure. Without Row Level Security, anyone with your public anon key can read the whole table. https://www.codefolio.dev/writing/fake-door-honesty https://www.codefolio.dev/writing/fake-door-honesty Tue, 14 Oct 2025 00:00:00 GMT Building A fake-door landing page is a great way to test demand. It is not a product. Calling it one costs the trust that building in public runs on. https://www.codefolio.dev/writing/profile-audit https://www.codefolio.dev/writing/profile-audit Mon, 22 Sep 2025 00:00:00 GMT Building Three profiles, three different people, none of them the one actually building. Your profiles are your storefront, and mine contradicted each other. https://www.codefolio.dev/writing/nextjs-server-actions https://www.codefolio.dev/writing/nextjs-server-actions Thu, 28 Aug 2025 00:00:00 GMT Next.js A server action looks like a function call, but it compiles to a public POST endpoint anyone can hit with any arguments. Authenticate and validate inside it. https://www.codefolio.dev/writing/nextjs-client-bundle https://www.codefolio.dev/writing/nextjs-client-bundle Tue, 05 Aug 2025 00:00:00 GMT Next.js NEXT_PUBLIC env vars and anything a client component imports ship to the browser. One import line can leak a secret. The server-only package makes it impossible. https://www.codefolio.dev/writing/stripe-webhook-verification https://www.codefolio.dev/writing/stripe-webhook-verification Tue, 15 Jul 2025 00:00:00 GMT Security An unverified webhook endpoint is a public URL that upgrades accounts. Without signature verification, anyone can POST a fake checkout.session.completed and unlock your paid plan. https://www.codefolio.dev/writing/cut-the-feature-list https://www.codefolio.dev/writing/cut-the-feature-list Thu, 19 Jun 2025 00:00:00 GMT Building Shipping solo means the bottleneck is always you. The way to ship is not to work faster, it is to build less. Cut to the one thing that tests the bet. https://www.codefolio.dev/writing/checkout-reliability https://www.codefolio.dev/writing/checkout-reliability Tue, 27 May 2025 00:00:00 GMT Scale Years on a production e-commerce checkout came down to a few hard rules. Make every operation idempotent, never trust the network, and degrade instead of failing. https://www.codefolio.dev/writing/redux-at-scale https://www.codefolio.dev/writing/redux-at-scale Wed, 30 Apr 2025 00:00:00 GMT Frontend A real checkout has more state than a tutorial admits. A few rules keep a large Redux store maintainable. Normalize it, read through selectors, and keep side effects out of components. https://www.codefolio.dev/writing/vertx-event-loop https://www.codefolio.dev/writing/vertx-event-loop Tue, 18 Mar 2025 00:00:00 GMT Backend A thread per request does not scale to thousands of concurrent connections. An event loop does. Vert.x on the JVM with Kotlin makes non-blocking services that stay fast under load.