Category
バイブコーディング(vibe coding)実践 — Cursor / Claude Code / v0 / Lovable / Bolt で作って、安全に本番に出す開発者ガイド
バイブコーディングの成否は、「速く作る」をAIに任せつつ「漏れない・壊れない」を人間の検証ゲートで担保できるかで決まります。本クラスタは、発注者ではなく“自分でAIと作る開発者”に向けた実践ガイドです——バイブコーディングとは何か(ツール3分類の使い分け)、AI生成コードが公開時に露呈する脆弱性の頻出5類型(認可・IDOR/Supabase RLS/入力検証・注入/秘密情報/リリース前ゲート)、Cursor・Claude Code の本番運用(権限設計・Project Rules・hooks・セキュリティゲート)、v0/Lovable/Bolt でエクスポートしたコードの公開前検査、AI生成コードのレビュー術までを扱います。MITライセンスのOSS「Aegis」で水平の統制を自動化し、縦のリスクは検出・警告する——完全防護は謳わず、設計判断は人間に返すという正直な線引きで、速く作ったものを安全に出荷する方法を解説します。
8 articles in total
Foundational guide
Foundational guide (start here)
What is vibe coding? Choosing between Cursor, Claude Code, v0, Lovable, and Bolt — and taking it to production
What is vibe coding? From Karpathy's original definition, to the criteria for choosing between Cursor, Claude Code, v0, Lovable, and Bolt across three categories — editor-type / agent-type / builder-type — to the minimum production gates that close the gap between 'it runs' and 'it's safe.' A start-to-finish guide for developers who build things themselves.
Related practical articles
- バイブコーディングAI駆動開発セキュリティTypeScript
Reviewing AI-generated code — shipping code you didn't write, on your own responsibility
Reviewing AI-generated code by 'reading top to bottom' doesn't work. Drawing on solo × generative-AI practice, this guide walks a review procedure that opens the diff and looks first at the four boundaries to suspect — input, authorization, secrets, dependencies. It shows what to mechanize with grep, how to separate out the authorization calls only a human can make, and how to automate with npx @aegiskit/cli scan.
13 min read - Claude CodeAI駆動開発バイブコーディングセキュリティSupabase
Making Claude Code production-ready — permission design, hooks, CLAUDE.md, and security gates
An implementer's guide to configuring Claude Code so it survives production. Close secrets fail-closed with permission deny, auto-fire scans with hooks, and pin your conventions in CLAUDE.md. Then the division of labor: the vertical risks config can't close — authorization/IDOR and RLS — are shut with an aegis fix loop plus design.
13 min read - セキュリティバイブコーディングAI駆動開発Next.jsSupabase
Cursor security in practice — Project Rules, secrets, Auto-run permissions, and reviewing generated diffs
A guide to using the AI editor Cursor safely in production. Codify security conventions in Project Rules, keep secrets off the context with .cursorignore and env, narrow the permission boundary of Auto-run (YOLO), review generated diffs from an authorization angle, and lay a mechanical gate in CI with aegis ci — a systematic look at Cursor-specific controls.
14 min read - セキュリティバイブコーディングAI駆動開発Next.jsSupabase
A security checklist for solo dev — the bare minimum before release (all free)
A pre-release security checklist for solo developers with no time and no budget. It walks how to mechanically close out secrets, dependency vulnerabilities, authorization (RLS), and input validation with all-free tools — Secret scanning, Dependabot, npx @aegiskit/cli scan, /aegis/rls-checker, and more.
11 min read - SupabaseRLSセキュリティバイブコーディングAI駆動開発
Can you trust AI-generated Supabase RLS policies? Lessons from 1,000 apps measured, and how to spot the failures
Supabase RLS generated by Claude Code or Cursor 'works,' but that doesn't mean it 'is authorization.' USING(true), authenticated-for-all, missing WITH CHECK, RLS never enabled, an unpinned search_path on SECURITY DEFINER — this guide catalogs the boilerplate mistakes AI emits in real SQL, pairs them with a measured lower bound of ~9.2% across 1,000 public apps, and lays out a verification workflow to catch them with a paste-only checker and a repo scan.
14 min read - セキュリティバイブコーディングAI駆動開発SupabaseRLS
Vulnerabilities in apps built with v0, Lovable, and Bolt — the AI app-builder pitfalls and a pre-launch inspection
A guide to closing, under your own responsibility, the vulnerabilities in already-launched apps with real users built by AI app builders like v0, Lovable, and Bolt. Read the real Lovable case CVE-2025-48757 (RLS gap, CWE-863, CVSS 9.3), then inspect the exported code with scan → hand-checking RLS → probe.
11 min read - バイブコーディングAI駆動開発セキュリティSupabaseRLS
The security and dangers of vibe coding — what happens when you ship AI-generated code as-is
You built a SaaS with AI (Claude Code / Cursor) last night — is it okay to ship it as-is this morning? This guide walks through the five dangers that show up most often in vibe coding — missing authorization, Supabase RLS design mistakes, injection, hardcoded secrets, and the absence of a verification gate — with real vulnerable→fixed code and 'test it yourself' steps, then leads you to a pre-launch self-audit checklist.
13 min read