DEV Community: Avenassh A.S The latest articles on DEV Community by Avenassh A.S (@avenassh). https://dev.to/avenassh https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3998916%2F265b49bb-c763-428c-93c6-afd91ef139e9.jpg DEV Community: Avenassh A.S https://dev.to/avenassh en I built a local-first security gate to stop "Vibe Coding" from breaking production Avenassh A.S Tue, 23 Jun 2026 14:28:32 +0000 https://dev.to/avenassh/i-built-a-local-first-security-gate-to-stop-vibe-coding-from-breaking-production-2cmj https://dev.to/avenassh/i-built-a-local-first-security-gate-to-stop-vibe-coding-from-breaking-production-2cmj <p>We all love the speed of "vibe coding." Generating an entire feature in 20 minutes with an AI agent feels like magic. But there is a silent, dangerous bottleneck: architectural drift.</p> <p>AI agents are excellent at generating code that looks right, but they frequently hallucinate structural flaws—silently skipping a critical Supabase Row-Level Security (RLS) policy, breaking tenant isolation, or hardcoding secrets.</p> <p>The Problem<br> When you let AI write your code, the hard part of software engineering (the 99.5% that isn't the prototype) often gets skipped. I got tired of manually auditing my own AI-generated PRs, so I decided to build a "senior engineer in the loop."</p> <p>Introducing PreFlight<br> I built PreFlight, a local-first security gate that runs in your development environment. Instead of relying on a prompt-based "check," it uses Tree-sitter AST parsing to scan your code structures on every file save.</p> <p>Local-First: It doesn't send your code to a third-party server, respecting your privacy and project security.</p> <p>Structural Awareness: It understands the Abstract Syntax Tree (AST) of your project, meaning it can detect if a database query is missing a required security policy before you ever commit.</p> <p>The "Hard Block": When it catches a flaw, it throws a hard error in your CLI, effectively acting as an automated gatekeeper.</p> <p>Why I'm doing this<br> I’m a physician and a developer. In medicine, we are trained to use rigorous triage and safety protocols to prevent errors before they become critical. I wanted to bring that same clinical precision to the AI-coding workflow.</p> <p>PreFlight is currently in its Beta v1. If you're interested in the intersection of AI, static analysis, and security, I’d love for you to try it out and give me your brutal feedback.</p> <p>Check out the repo and installation guide here: <a href="https://github.com/av29nassh-sketch/PreFlight" rel="noopener noreferrer">https://github.com/av29nassh-sketch/PreFlight</a><br> <a href="https://preflight-vibe.vercel.app/" rel="noopener noreferrer">https://preflight-vibe.vercel.app/</a></p> <p>Support the Product Hunt Launch here: <a href="https://www.producthunt.com/products/preflight-5?launch=preflight-f5be345c-7d68-4f12-94bb-f6a35989fe27" rel="noopener noreferrer">https://www.producthunt.com/products/preflight-5?launch=preflight-f5be345c-7d68-4f12-94bb-f6a35989fe27</a></p> <p>I'm looking for engineers who want to push this engine to its limits. Let me know what you think!</p> <h1> ai #security #webdev #opensource #buildinpublic </h1> ai webdev claude vibecoding