dogfood stories.
Build notes, audit walkthroughs, and lessons from pointing Fizzgig at our own codebases — and the codebases of friends willing to be the test case. Honest about the bugs we find.
Sourdough Starters: Living Context for AI Coding Agents
Every session, your AI re-onboards itself to your project from scratch. CLAUDE.md is the meme answer; in practice it's a frozen file that aged out of date in commit two. The pattern that actually works is a living context document — a sourdough starter — that you feed as you work. Alive, fed regularly, develops character over time, can be forked and shared. Here's what one is, why CLAUDE.md isn't one, and the ritual that keeps yours alive.
Built it on Lovable or Bolt? Audit it before you ship.
Someone on Reddit shipped two apps from Lovable and Bolt and both had security holes before launch. They're not alone — AI app builders are brilliant at shipping features and quietly terrible at shipping safe defaults. Here's the exact failure list, and how to catch it in one pass before anyone hits your URL.
We audited Fizzgig with Fizzgig — here's what our RLS checker found in our own schema
Yesterday we shipped Fizzgig — 22 MCP audit tools for vibe coders. The first thing we did after shipping was point them at our own codebase. Our own RLS checker found 4 real authorisation bugs in our own schema. Here's what they were and why your AI editor probably wrote the same ones.