The cost incident that started this Three weeks after we put our chatbot into production, I opened the OpenAI billing dashboard on a Monday morning and stopped breathing for a second. One session — not one user, one session — had burned through roughly four times the daily budget for the entire app. Over a single afternoon. The session wasn't malicious. It was a test account someone forgot to lo
We’ve been running a series of experiments using ChatGPT 5.4 integrated into a website chatbot across different environments: 🌐 a main website 🎯 Goal: simulate realistic user behavior and observe how the model responds over time. ⚙️ Test setup The chatbot is designed to (no self promo here, just context): 📌 answer strictly based on website content (RAG-like approach) Over time, we intentionally
Building a Full-Stack Habit Tracker with Claude Code - Part 2: Polish, Testing & Deployment Taking the habit tracker from MVP to production-ready with categories, analytics, comprehensive testing, and Vercel deployment In [Part 1], we built a fully functional habit tracker MVP in about 6-8 hours using Claude Code as our AI pair programmer. We had: ✅ Basic CRUD operations for habits ✅ Date-based
Testing Firefox Extensions with Playwright: End-to-End Testing Guide Extension testing is one of those things everyone knows they should do but few actually do. I've been using Playwright for end-to-end tests on the Weather & Clock Dashboard extension and it's changed how I think about extension quality. Unit tests don't cover the biggest failure modes: Does the extension actually load in Firefo
The most basic concept in test doubles is the dummy. When testing a function, there are usually two kinds of input: Meaningful input Data that affects the result of the function. Dummy input Data that is required by the function, but does not affect the behavior we are testing. Below is an example of meaningful data vs dummy data. This is a calculateShipping function: function calculateShip
Your application fetches a URL. The user supplied it. Your server makes the request, follows the redirect, and returns the content. The URL pointed to http://169.254.169.254/latest/metadata/iam/security-credentials/production-role. Your application just handed the attacker your cloud credentials. SSRF lets an attacker trick your server into making requests on their behalf — to internal services, c
How to Test Firefox Extensions Without Publishing: Local Development Tips Publishing to AMO every time you want to test a change is slow and painful. Here's the full toolkit for local development. The fastest way to load your extension: Open Firefox and go to about:debugging Click This Firefox in the left sidebar Click Load Temporary Add-on... Navigate to your extension folder and select manif
published: true description: "A developer's honest review of TestSprite: the autonomous AI testing agent that generates, runs, and patches tests for you. Including locale handling observations." tags: testing, ai, webdev, devtools cover_image: https://storage.googleapis.com/runable-templates/cli-uploads%2FgcLrVl9Cg6BLWTHb6clQeDzRFGBCNd4h%2F1kCxrovt5t9apSMJWdkFB%2Ftestsprite_hero.png I've been buil