Vibe Coding Day 13, Ok this week has slowed me down. It's been ... a week. And I've just made one decision that may surprise you. For now, I'm sticking with @Replit 🧵

Why? I am not loyal to the company and not even a fan at this point at all. But that's the company -- not the app. The app has its advantages, for now, even now. 3 core ones for the moment: #1. I Know It. I tried another leading vibe code app yesterday to learn. Look, they all look the same to start. But then as I got into it -- I didn't know how to do anything. Nothing worked as expected. I realized I was going to at least have to spend hours learning how to do there ... what I know how to do on Replit. It wasn't worth it. Too high a context switching cost -- for now. That's a weak bond, but a real one nevertheless. A weak moat. But not a trivial one.

#2. I Know Replie. When I tried the other vibe code app ... well, I know they all use Claude. They all use the >exact< same LLM. So shouldn't their agents be mostly the same? Maybe. But it wasn't the same. Maybe it was because Replie has 100 hours of work in its .md file with me. That might be the only reason. But as crazy as Replie has been the past 13 days, I do know him now. I know his quirks, I know a lot about him. Could I just take my docs and .md file and move it over to another vibe platform and Replie would come with me? I guess. I mean I assume yes if I did it right. But I'm not ready to move on from Replie. Yes, he lies and skips steps and only honors a code freeze for about 5 minutes. But at least I know him. And I know how to make him do a lot of things now, too. I just don't want to learn a new agent's quirks now. Even if it's the same LLM. Make fun of me here if you want.

#3. I Don't Know if Another Vibe Code Platform Will Actually Be Better Ah, the great meta switching cost. Any sales rep will tell you 3 reasons to switch. But is really true? And what issues does that other platform have that I don't even know about. Look, all these vibe code apps have significant shortcomings in security. Significant. All of them. I've uncovered a few in Replit. But I have no real confidence I'll get to more secure environment by moving to a competitor or somewhat similar app.

So here's the plan now: My loyalty to Replit the company is gone. (Although I do appreciate the CEO's efforts). It's been too much. Don't send me any T-shirts, they will stay in the box. If anyone else wants to say anything, drive down with donuts and an honest mea culpa. Otherwise, don't bother. But my loyalty to the app has been tested -- but surprisingly, not broken. And my loyalty to Replie, the database deleting AI agent? Somehow oddly ... strong.

So now I've decided to focus on just 1 thing: -> How can I get a vibe coded commercial app >securly< into production? I no longer care if it's hosted in Replit anymore. I no longer care how. The ideation-to-production-all-in-one-simple-platform experiment is over. Now it's about GSD and finishing for real. I still want to avoid infra headaches at ALL costs. So hiring a dev shop or just magically "moving to Claude Code" isn't my favorite answer. Because then I inherit all the infra and maintenance headaches. That I want desperately to avoid. But security now is Job #1-#5. The issues I had in the end were about security really. So I'm slowing it down, and making 100% sure I have a plan to have a commerical-grade, secure app at the end of this. Something as secure as Notion, or Figma, or all the other apps we use. OK maybe that's not practical. But to get as close as is practical. An app that is safe to charge for and collect information on. So that's my next week or two. To figure that out.

If you are on a similar journey, and you want to do a >real< commercial app with paying customers, I think all that matters today is security. That's it. If your app is just a website with information, you don't have to worry too much If you are building an internal app, or even an private enterprise app, there are safeguards and private sites etc that shield you from many security issues in practice. But you think building the same security that Shopify is easy? Frack no. I knew this before I started, but I also missed it. I assume the vibe platforms had this in them. But they just don't. So while I wish it wasn't, this is Job #1-#5 now. Find out how to make a vibe coded app secure enough to withstand what it needs to withstand to take in millions of revenue safely. It will take some time to figure this out.

@Replit Finally, let's inject a little humor. There were 5m+ views on these threads. (And some really rough stuff on Reddit) But this might have been my fav:

@Replit Finally, we all know there won't be any donuts. But let's just see.

@Replit More like this? Join 200k+ for the free SaaStr AI Newsletter — and also get big discounts to our events, invites to our FREE live Workshop Wednesdays, and much more! Sign up here:

Day 12 guide to vibe coding here: