Files
ThreatHunt/SKILLS/26-vibe-coding-fundamentals.md
mblanke 9b98ab9614 feat: interactive network map, IOC highlighting, AUP hunt selector, type filters
- NetworkMap: hunt-scoped force-directed graph with click-to-inspect popover
- NetworkMap: zoom/pan (wheel, drag, buttons), viewport transform
- NetworkMap: clickable IP/Host/Domain/URL legend chips to filter node types
- NetworkMap: brighter colors, 20% smaller nodes
- DatasetViewer: IOC columns highlighted with colored headers + cell tinting
- AUPScanner: hunt dropdown replacing dataset checkboxes, auto-select all
- Rename 'Social Media (Personal)' theme to 'Social Media' with DB migration
- Fix /api/hunts timeout: Dataset.rows lazy='noload' (was selectin cascade)
- Add OS column mapping to normalizer
- Full backend services, DB models, alembic migrations, new routes
- New components: Dashboard, HuntManager, FileUpload, NetworkMap, etc.
- Docker Compose deployment with nginx reverse proxy
2026-02-19 15:41:15 -05:00

1.1 KiB

Vibe Coding With Fundamentals (Safety Rails)

Use this skill when you're using "vibe coding" (fast, conversational building) but want production-grade outcomes.

The good

  • Rapid scaffolding and iteration
  • Fast UI prototypes
  • Quick exploration of architectures and options

The failure mode

  • "It works on my machine" code with weak tests
  • Security foot-guns (auth, input validation, secrets)
  • Performance cliffs (accidental O(n²), repeated I/O)
  • Unmaintainable abstractions

Safety rails (apply every time)

  • Always start with acceptance criteria (what "done" means).
  • Prefer small PRs; never dump a huge AI diff.
  • Require DoD gates (lint/test/build) before merge.
  • Write tests for behavior changes.
  • For anything security/data related: do a Reviewer pass.

When to slow down

  • Auth/session/token work
  • Anything touching payments, PII, secrets
  • Data migrations/schema changes
  • Performance-critical paths
  • "It's flaky" or "it only fails in CI"

Practical prompt pattern (use in PLAN)

  • "State assumptions, list files to touch, propose tests, and include rollback steps."