The cost incident that started this Three weeks after we put our chatbot into production, I opened the OpenAI billing dashboard on a Monday morning and stopped breathing for a second. One session — not one user, one session — had burned through roughly four times the daily budget for the entire app. Over a single afternoon. The session wasn't malicious. It was a test account someone forgot to lo
Just wrapped up the core setup for my e-commerce API (Impextech): Auth, Products, and Users. Everything is running on Node.js, Express, and TypeScript. Instead of just getting it to work, I spent this week focusing on security, keeping the code clean, and fixing some annoyances in my dev environment. Here’s a breakdown of what I built and a few "gotchas" I learned along the way. I split everythin
A LinkedIn recruiter pitched me a remote "Software Engineer at a DEX" project this week. Reasonable comp range, tech stack squarely in my wheelhouse. After a couple of friendly exchanges, she asked me to "review the codebase before the technical interview" and sent me a GitHub repo link plus a Calendly invite for the call. The repo was malware. It didn't get me, but it's something developers shoul
Multi-tenancy is the economic engine of SaaS. Sharing infrastructure across customers reduces cost and simplifies operations. But it introduces a risk that can end your business overnight: tenant data leakage. When one customer can see another customer's data — even accidentally — the consequences are severe. Regulatory fines, contract termination, public disclosure requirements, and irreparable t
TL;DR: I built ChessDada — a free multiplayer chess platform inspired by old Yahoo Chess. No signup, no download, just instant browser-based chess. Built with Node.js, Socket.IO, and chess.js. Modern chess sites are bloated. Chess.com forces you through signup. Lichess defaults to account creation. The "5-second click and play" experience that made Yahoo Chess legendary in the 2000s is essentially
From Prompt to Production: AYW Workflow Case Study How we built a production-ready customer support chatbot in 6 hours (with full understanding, security review, and audit trails). Build a customer support bot that can: Handle 500+ concurrent users Integrate with Zendesk ticketing Support English + Spanish Maintain audit logs for SOC2 compliance Deploy on AWS with auto-scaling Traditional estim
If your Flutter app offers any third-party login on iOS — Google, Facebook, anything — Apple's App Review guideline 4.8 forces you to also offer Sign in with Apple. That part is non-negotiable. .p8 keys, capabilities, entitlements, deep links — and most of it is only documented across three or four different Apple and Supabase pages that don't quite agree with each other. This is the guide I wis
Hey everyone, I shared this earlier as a CLI to analyse npm packages before installing. Since then, I’ve added something I think is even more useful: 👉 You can now scan GitHub repos before cloning or running them npx guard-install --repo https://github.com/user/repo There’s a growing pattern (especially in crypto interviews / side projects): “Clone this repo and run it locally” Some of these rep