dogfood stories.
Build notes, audit walkthroughs, and lessons from pointing Fizzgig at our own codebases — and the codebases of friends willing to be the test case. Honest about the bugs we find.
Built it on Lovable or Bolt? Audit it before you ship.
Someone on Reddit shipped two apps from Lovable and Bolt and both had security holes before launch. They're not alone — AI app builders are brilliant at shipping features and quietly terrible at shipping safe defaults. Here's the exact failure list, and how to catch it in one pass before anyone hits your URL.
We audited Fizzgig with Fizzgig — here's what our RLS checker found in our own schema
Yesterday we shipped Fizzgig — 22 MCP audit tools for vibe coders. The first thing we did after shipping was point them at our own codebase. Our own RLS checker found 4 real authorisation bugs in our own schema. Here's what they were and why your AI editor probably wrote the same ones.