<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Abhilash Veettil</title>
    <description>The latest articles on DEV Community by Abhilash Veettil (@eabhvee).</description>
    <link>https://dev.to/eabhvee</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F804428%2F31b105a6-6423-4be8-bf62-faa477efa918.png</url>
      <title>DEV Community: Abhilash Veettil</title>
      <link>https://dev.to/eabhvee</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/eabhvee"/>
    <language>en</language>
    <item>
      <title>Why Ruby on Rails Feels Built for the AI Coding Era</title>
      <dc:creator>Abhilash Veettil</dc:creator>
      <pubDate>Fri, 03 Jul 2026 07:36:31 +0000</pubDate>
      <link>https://dev.to/eabhvee/why-ruby-on-rails-feels-built-for-the-ai-coding-era-4i8g</link>
      <guid>https://dev.to/eabhvee/why-ruby-on-rails-feels-built-for-the-ai-coding-era-4i8g</guid>
      <description>&lt;p&gt;I've been writing a lot of code recently, of course with lot of help from Claude and Codex. I mostly write in Ruby on Rails and I am falling in love with RoR all over again. &lt;/p&gt;

&lt;p&gt;I've never really felt the urge to switch from Ruby on Rails to JavaScript. Not because JavaScript is bad. But because Ruby has always felt natural to me.&lt;/p&gt;

&lt;p&gt;It's simple. It's expressive. It lets me think about the product instead of the ceremony around building it.&lt;/p&gt;

&lt;p&gt;And now, in the age of AI-assisted coding, Rails has become even more valuable to me.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The reason is simple: AI doesn't just write code. It makes decisions.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Every time an AI assistant generates a controller, a model, a service object, a migration, a view, an API endpoint, or a background job, it's making dozens of small architectural choices.&lt;/p&gt;

&lt;p&gt;Where should this logic live? How should the data flow? What should the folder structure look like? How should validations be handled? What should be abstracted, and what should stay simple?&lt;/p&gt;

&lt;p&gt;In a framework with weak conventions, AI has too much freedom. And too much freedom breeds inconsistency.&lt;/p&gt;

&lt;p&gt;One file follows one pattern. The next follows another. A third introduces an unnecessary abstraction. Before long, the app still "works," but the codebase feels like it was assembled by a dozen developers who never spoke to each other.&lt;/p&gt;

&lt;p&gt;That's where Rails shines. Rails gives AI a path to follow.&lt;/p&gt;

&lt;p&gt;The framework already has opinions. Models go here. Controllers go here. Views go here. Migrations follow this pattern. Routes follow this structure. Validations belong in the model. Background jobs, mailers, and tests each have their place. Security defaults aren't an afterthought.&lt;/p&gt;

&lt;p&gt;Caching, Active Record, naming, structure, conventions, integrations — all part of the same ecosystem.&lt;/p&gt;

&lt;p&gt;This matters because AI performs better when the environment has strong patterns.&lt;/p&gt;

&lt;p&gt;Rails isn't just a framework. It's a set of decisions made in advance. And that's powerful.&lt;/p&gt;

&lt;p&gt;As DHH put it:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;"Rails is opinionated software. It makes the assumption that there is a 'best' way to do things, and it's designed to encourage that way."&lt;br&gt;
That opinionation used to be a convenience. In the AI era, it's an advantage.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;For human developers, convention over configuration has always meant speed. For AI-assisted development, it means something even more important: reduced architectural drift.&lt;/p&gt;

&lt;p&gt;When I ask AI to help me build in Rails, I'm not starting from a blank canvas. I'm handing it a well-marked road.&lt;/p&gt;

&lt;p&gt;It still needs guidance. It still needs review. It still needs a developer who understands the product, the domain, and the trade-offs. But Rails reduces the number of unnecessary choices the AI has to make.&lt;/p&gt;

&lt;p&gt;That makes the output easier to review. Easier to reason about. Easier to maintain.&lt;/p&gt;

&lt;p&gt;And this is also why I love Ruby. Ruby doesn't feel like I'm fighting the language. It reads closer to how I think.&lt;/p&gt;

&lt;p&gt;The simplicity of Ruby isn't just aesthetic. It changes the way I build. When the language is expressive and the framework is opinionated, I get to spend my time on the customer problem, the workflow, the data model, the business logic.&lt;/p&gt;

&lt;p&gt;That's where real value is created. Not in arguing about folder structures. Not in wiring together ten libraries before the first feature works. Not in reinventing authentication, background jobs, form handling, routing, or deployment for every small product.&lt;/p&gt;

&lt;p&gt;Of course, Rails isn't perfect. No framework is.&lt;/p&gt;

&lt;p&gt;Large Rails apps can still turn messy without discipline. AI can still over-engineer. It can still misunderstand the domain. It can still produce something that looks correct but quietly creates technical debt.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;AI doesn't remove the need for engineering judgment. It raises the penalty for not having it.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;But that's exactly why I prefer Rails. It gives me leverage without removing responsibility. It gives me speed without forcing chaos. It gives AI enough structure to be useful, while leaving room for a good engineer to make the decisions that matter.&lt;/p&gt;

&lt;p&gt;For me, the AI coding era hasn't made Rails less relevant. It's made Rails more relevant.&lt;/p&gt;

&lt;p&gt;Because the future of software may not belong to the language with the most hype. It may belong to the ecosystem that gives both humans and AI the clearest path from idea to working product.&lt;/p&gt;

&lt;p&gt;And for many products — SaaS apps, internal tools, business workflows, dashboards, automations, MVPs — Ruby on Rails still feels like one of the best paths available.&lt;/p&gt;

&lt;p&gt;Simple. Opinionated. Productive. Human-friendly.&lt;/p&gt;

&lt;p&gt;And now, surprisingly, AI-friendly too.&lt;/p&gt;




&lt;p&gt;I built &lt;a href="https://formserve.io/" rel="noopener noreferrer"&gt;Formserve.IO&lt;/a&gt; using Ruby on Rails, check it out&lt;/p&gt;

</description>
      <category>rails</category>
      <category>ai</category>
      <category>webdev</category>
      <category>ruby</category>
    </item>
    <item>
      <title>I built a free CLI that catches the security holes your AI leaves behind</title>
      <dc:creator>Abhilash Veettil</dc:creator>
      <pubDate>Tue, 30 Jun 2026 16:16:18 +0000</pubDate>
      <link>https://dev.to/eabhvee/i-built-a-free-cli-that-catches-the-security-holes-your-ai-leaves-behind-6bp</link>
      <guid>https://dev.to/eabhvee/i-built-a-free-cli-that-catches-the-security-holes-your-ai-leaves-behind-6bp</guid>
      <description>&lt;blockquote&gt;
&lt;p&gt;&lt;code&gt;npx kavaca&lt;/code&gt; — a free, local, open-source pre-flight check that finds exposed secrets and open Supabase databases in your AI-built app, in about 10 seconds. Nothing leaves your machine.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;h2&gt;
  
  
  The uneasy feeling
&lt;/h2&gt;

&lt;p&gt;I build a lot of small apps with AI tools now — Claude Code, Cursor, the occasional Lovable or Bolt prototype. They're fast. Sometimes &lt;em&gt;too&lt;/em&gt; fast: you go from idea to deployed app in an afternoon, and somewhere in that afternoon you stop reading every line the model writes.&lt;/p&gt;

&lt;p&gt;And every time I got close to shipping one, I'd get this uneasy feeling:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Did it actually turn on row-level security for that Supabase table?&lt;/li&gt;
&lt;li&gt;Is my Stripe key sitting in an env var, or did it get committed?&lt;/li&gt;
&lt;li&gt;Would I even &lt;em&gt;notice&lt;/em&gt; if a secret leaked into the client bundle?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;I'm reasonably technical and I still couldn't answer those quickly. So I started checking by hand, every time. Then I got tired of checking by hand, and did what we all do — I scratched my own itch and wrote a script.&lt;/p&gt;

&lt;p&gt;That script became &lt;strong&gt;Kavaca&lt;/strong&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why AI-built apps share the same holes
&lt;/h2&gt;

&lt;p&gt;This isn't a "the AI is dumb" post. The models are great at writing code that &lt;em&gt;works&lt;/em&gt;. The problem is that working code and safe code aren't the same thing, and the gap is exactly the stuff a senior engineer does on instinct — and never says out loud, so the model never learns to do it unprompted.&lt;/p&gt;

&lt;p&gt;The result is a handful of mistakes that show up again and again:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;&lt;code&gt;service_role&lt;/code&gt; keys or &lt;code&gt;sk_live_…&lt;/code&gt; secrets committed&lt;/strong&gt; into the repo or, worse, shipped to the browser.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Supabase tables created with no RLS&lt;/strong&gt; — which means anyone with your public &lt;code&gt;anon&lt;/code&gt; key can read (or delete) rows.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Secrets behind a public env prefix&lt;/strong&gt; (&lt;code&gt;NEXT_PUBLIC_&lt;/code&gt;, &lt;code&gt;VITE_&lt;/code&gt;) that get inlined into the client bundle.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;None of these are exotic. They're behind a huge share of the "my vibe-coded app got hacked" threads. They're also boringly &lt;em&gt;detectable&lt;/em&gt; — which is the whole idea.&lt;/p&gt;

&lt;h2&gt;
  
  
  The tool
&lt;/h2&gt;

&lt;p&gt;One command, no install, no account:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npx kavaca
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;It scans the current directory and prints a result in seconds. Point it somewhere specific or get machine-readable output:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npx kavaca ./my-app
npx kavaca &lt;span class="nt"&gt;--json&lt;/span&gt;        &lt;span class="c"&gt;# for CI&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Exit code is &lt;code&gt;0&lt;/code&gt; when clean and &lt;code&gt;1&lt;/code&gt; when it finds something, so it drops straight into a pipeline.&lt;/p&gt;

&lt;h2&gt;
  
  
  What it actually checks
&lt;/h2&gt;

&lt;p&gt;Three deterministic, local detectors:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;1. Exposed secrets.&lt;/strong&gt; Committed live credentials — Stripe (&lt;code&gt;sk_live_…&lt;/code&gt;, &lt;code&gt;rk_live_…&lt;/code&gt;), OpenAI / Anthropic keys, AWS access key IDs, database URLs with embedded passwords, and Supabase &lt;code&gt;service_role&lt;/code&gt; JWTs. The JWT check isn't just a pattern match — it base64-decodes the payload and only flags if &lt;code&gt;"role": "service_role"&lt;/code&gt; is actually in there, which kills a lot of false positives.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;2. Frontend exposure.&lt;/strong&gt; Sensitive values sitting behind a public env prefix (&lt;code&gt;NEXT_PUBLIC_*&lt;/code&gt;, &lt;code&gt;VITE_*&lt;/code&gt;, &lt;code&gt;REACT_APP_*&lt;/code&gt;, &lt;code&gt;EXPO_PUBLIC_*&lt;/code&gt;), and &lt;code&gt;service_role&lt;/code&gt; keys referenced from client-side code.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;3. Open Supabase databases.&lt;/strong&gt; When it detects Supabase, it parses your SQL migrations and flags every &lt;code&gt;CREATE TABLE&lt;/code&gt; that never gets a matching &lt;code&gt;ENABLE ROW LEVEL SECURITY&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;It's deliberately quiet about false positives — &lt;code&gt;.example&lt;/code&gt; files, &lt;code&gt;process.env.&lt;/code&gt; references, and placeholders like &lt;code&gt;your_key_here&lt;/code&gt; are ignored. A security tool that cries wolf gets uninstalled on the first run, so it biases hard toward precision.&lt;/p&gt;

&lt;p&gt;Here's what a run looks like:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;  ◎ Kavaca — pre-flight security check
  Scanning ./my-app  (local only — nothing leaves your machine)

  ✔ Secrets in code .............. 1 issue
  ✔ Frontend exposure ............ clear
  ✔ Supabase database ............ 1 issue

  ──────────────────────────────────────────────
  ⚠  2 issues found · score 50/100

  HIGH  Live Stripe key (lib/payments.ts:14)
        sk_live_••••••••1234 — visible to anyone with the repo

  HIGH  Supabase table "orders" has no RLS policy
        Anyone with your anon key may be able to read it
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Evidence is always masked — it never prints (or uploads) a full secret.&lt;/p&gt;

&lt;h2&gt;
  
  
  Local-first, and I mean it
&lt;/h2&gt;

&lt;p&gt;Here's the part that matters most for a &lt;em&gt;security&lt;/em&gt; tool: the default run makes &lt;strong&gt;zero network requests&lt;/strong&gt;. Your code, your file paths, your secrets — none of it leaves your machine. There's an optional &lt;code&gt;--share-stats&lt;/code&gt; flag that sends anonymous aggregate counts only (&lt;code&gt;{ toolVersion, issueCountsByCheck, totalFiles }&lt;/code&gt;), it's off by default, and the entire network surface is a single, clearly-gated function you can read in &lt;code&gt;src/telemetry.ts&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;That's also why it's open source (MIT). "Trust me, I'm a security tool" is a tough sell. "Read the code" is a better one.&lt;/p&gt;

&lt;h2&gt;
  
  
  Drop it into CI
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;name&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;Kavaca security check&lt;/span&gt;
&lt;span class="na"&gt;on&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="pi"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;push&lt;/span&gt;&lt;span class="pi"&gt;,&lt;/span&gt; &lt;span class="nv"&gt;pull_request&lt;/span&gt;&lt;span class="pi"&gt;]&lt;/span&gt;
&lt;span class="na"&gt;jobs&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;kavaca&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
    &lt;span class="na"&gt;runs-on&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;ubuntu-latest&lt;/span&gt;
    &lt;span class="na"&gt;steps&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="na"&gt;uses&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;actions/checkout@v4&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="na"&gt;uses&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;actions/setup-node@v4&lt;/span&gt;
        &lt;span class="na"&gt;with&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="pi"&gt;{&lt;/span&gt; &lt;span class="nv"&gt;node-version&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="nv"&gt;20&lt;/span&gt; &lt;span class="pi"&gt;}&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="na"&gt;run&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;npx --yes kavaca . --json&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Now every push gets a 10-second pre-flight check.&lt;/p&gt;

&lt;h2&gt;
  
  
  Being straight with you
&lt;/h2&gt;

&lt;p&gt;This CLI checks &lt;strong&gt;3 of 8&lt;/strong&gt; risk areas. It's the smoke alarm, not the full inspection. There's a hosted version at &lt;a href="https://kavaca.io?ref=cli" rel="noopener noreferrer"&gt;kavaca.io&lt;/a&gt; that adds auth, API, and dependency checks with plain-English fixes and paste-ready prompts — that's the thing I'm actually building a business around. But the CLI is genuinely free and standalone, and it'll catch the stuff that ends launches. Use just the CLI forever if you want; that's a completely valid choice.&lt;/p&gt;

&lt;h2&gt;
  
  
  I'd love your help
&lt;/h2&gt;

&lt;p&gt;The detectors live in &lt;code&gt;src/detectors/&lt;/code&gt; and every regex is documented in &lt;code&gt;src/patterns.ts&lt;/code&gt;. If you know a secret format I'm not catching, or you've hit a false positive, that's exactly the feedback I want — open an issue or send a PR with a fixture.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;⭐ Repo: &lt;strong&gt;github.com/eabhvee/kavaca-cli&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Try it: &lt;code&gt;npx kavaca&lt;/code&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;If you've shipped something with AI that has real users, do me a favor and run it before you read the next post in your feed. Worst case, it takes ten seconds and tells you you're clean. Best case, it catches the thing you really didn't want a stranger to find first.&lt;/p&gt;

&lt;p&gt;What patterns should it check next? Let me know in the comments 👇&lt;/p&gt;

</description>
      <category>opensource</category>
      <category>security</category>
      <category>showdev</category>
      <category>ai</category>
    </item>
    <item>
      <title>Why Your AI-Generated Contact Form Is Not Working</title>
      <dc:creator>Abhilash Veettil</dc:creator>
      <pubDate>Sun, 21 Jun 2026 07:36:04 +0000</pubDate>
      <link>https://dev.to/eabhvee/why-your-ai-generated-contact-form-is-not-working-4o3o</link>
      <guid>https://dev.to/eabhvee/why-your-ai-generated-contact-form-is-not-working-4o3o</guid>
      <description>&lt;h1&gt;
  
  
  Why Your AI-Generated Contact Form Is Not Working
&lt;/h1&gt;

&lt;p&gt;AI can build a beautiful contact form in seconds.&lt;/p&gt;

&lt;p&gt;Whether you're using Cursor, Bolt.new, v0, Claude Code, Lovable, or Replit, getting a polished form on the page is usually easy.&lt;/p&gt;

&lt;p&gt;Getting submissions to actually reach someone is where things start to break.&lt;/p&gt;

&lt;p&gt;The problem is that most AI tools are excellent at generating frontend code, but forms require more than a frontend.&lt;/p&gt;

&lt;p&gt;A contact form is only useful if it can reliably deliver leads.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Hidden Problem
&lt;/h2&gt;

&lt;p&gt;Open any AI-generated website and inspect the contact form.&lt;/p&gt;

&lt;p&gt;It often looks complete:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Name field&lt;/li&gt;
&lt;li&gt;Email field&lt;/li&gt;
&lt;li&gt;Message box&lt;/li&gt;
&lt;li&gt;Submit button&lt;/li&gt;
&lt;li&gt;Nice styling&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;But ask a simple question:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Where does the form submission actually go?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;In many cases, the answer is:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Nowhere&lt;/li&gt;
&lt;li&gt;A placeholder endpoint&lt;/li&gt;
&lt;li&gt;A local development server&lt;/li&gt;
&lt;li&gt;A backend that does not exist anymore&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The UI is finished.&lt;/p&gt;

&lt;p&gt;The workflow is not.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Five Most Common Issues
&lt;/h2&gt;

&lt;h3&gt;
  
  
  1. No Real Action URL
&lt;/h3&gt;

&lt;p&gt;A form needs a destination.&lt;/p&gt;

&lt;p&gt;Without a valid backend endpoint to collect and save data, clicking Submit does nothing useful.&lt;/p&gt;

&lt;p&gt;Example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight html"&gt;&lt;code&gt;&lt;span class="nt"&gt;&amp;lt;form&amp;gt;&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;or&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight html"&gt;&lt;code&gt;&lt;span class="nt"&gt;&amp;lt;form&lt;/span&gt; &lt;span class="na"&gt;action=&lt;/span&gt;&lt;span class="s"&gt;"#"&lt;/span&gt;&lt;span class="nt"&gt;&amp;gt;&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The browser has no meaningful place to send the data.&lt;/p&gt;

&lt;h3&gt;
  
  
  2. Wrong HTTP Method
&lt;/h3&gt;

&lt;p&gt;Many AI-generated examples use GET by default.&lt;/p&gt;

&lt;p&gt;Contact forms should almost always use POST.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight html"&gt;&lt;code&gt;&lt;span class="nt"&gt;&amp;lt;form&lt;/span&gt; &lt;span class="na"&gt;action=&lt;/span&gt;&lt;span class="s"&gt;"/contact"&lt;/span&gt; &lt;span class="na"&gt;method=&lt;/span&gt;&lt;span class="s"&gt;"POST"&lt;/span&gt;&lt;span class="nt"&gt;&amp;gt;&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Using the wrong method can break integrations and expose data unnecessarily.&lt;/p&gt;

&lt;h3&gt;
  
  
  3. Missing Name Attributes
&lt;/h3&gt;

&lt;p&gt;This is surprisingly common.&lt;/p&gt;

&lt;p&gt;Developers focus on placeholders and labels but forget that the backend receives field names, not visual labels.&lt;/p&gt;

&lt;p&gt;Broken:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight html"&gt;&lt;code&gt;&lt;span class="nt"&gt;&amp;lt;input&lt;/span&gt; &lt;span class="na"&gt;type=&lt;/span&gt;&lt;span class="s"&gt;"email"&lt;/span&gt; &lt;span class="nt"&gt;/&amp;gt;&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Working:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight html"&gt;&lt;code&gt;&lt;span class="nt"&gt;&amp;lt;input&lt;/span&gt; &lt;span class="na"&gt;type=&lt;/span&gt;&lt;span class="s"&gt;"email"&lt;/span&gt; &lt;span class="na"&gt;name=&lt;/span&gt;&lt;span class="s"&gt;"email"&lt;/span&gt; &lt;span class="nt"&gt;/&amp;gt;&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Without the name attribute, the field value is never submitted.&lt;/p&gt;

&lt;h3&gt;
  
  
  4. No Spam Protection
&lt;/h3&gt;

&lt;p&gt;The moment a public form goes live, bots will find it.&lt;/p&gt;

&lt;p&gt;Without protection you will eventually receive:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Spam submissions&lt;/li&gt;
&lt;li&gt;Phishing attempts&lt;/li&gt;
&lt;li&gt;Garbage leads&lt;/li&gt;
&lt;li&gt;Automated attacks&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;A simple honeypot field helps.&lt;/p&gt;

&lt;p&gt;Better solutions include rate limiting, bot detection, and filtering.&lt;/p&gt;

&lt;h3&gt;
  
  
  5. No Submission Visibility
&lt;/h3&gt;

&lt;p&gt;Even if the form works today, what happens tomorrow?&lt;/p&gt;

&lt;p&gt;Questions worth asking:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Did the submission arrive?&lt;/li&gt;
&lt;li&gt;Did the email fail?&lt;/li&gt;
&lt;li&gt;Did Slack receive the notification?&lt;/li&gt;
&lt;li&gt;Can the business owner review old submissions?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Many AI-generated solutions stop after the first successful test.&lt;/p&gt;

&lt;p&gt;Production systems need visibility.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Quick Fix
&lt;/h2&gt;

&lt;p&gt;The good news is that you usually do not need to rebuild the frontend.&lt;/p&gt;

&lt;p&gt;Most AI-generated forms can be fixed in minutes.&lt;/p&gt;

&lt;p&gt;Check the following:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Use a real endpoint&lt;/li&gt;
&lt;li&gt;Set method="POST"&lt;/li&gt;
&lt;li&gt;Add name attributes to every field&lt;/li&gt;
&lt;li&gt;Include spam protection&lt;/li&gt;
&lt;li&gt;Display success and error states&lt;/li&gt;
&lt;li&gt;Store submissions somewhere accessible&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The frontend is rarely the problem.&lt;/p&gt;

&lt;p&gt;The submission pipeline is.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Production Checklist
&lt;/h2&gt;

&lt;p&gt;Before launching any AI-generated form, verify:&lt;/p&gt;

&lt;p&gt;✅ Submissions reach a real endpoint&lt;/p&gt;

&lt;p&gt;✅ Failed deliveries are visible&lt;/p&gt;

&lt;p&gt;✅ Spam is filtered&lt;/p&gt;

&lt;p&gt;✅ Form data is stored&lt;/p&gt;

&lt;p&gt;✅ Business owners can review submissions later&lt;/p&gt;

&lt;p&gt;✅ Notifications are delivered reliably&lt;/p&gt;

&lt;p&gt;If any of these are missing, the form is not truly finished.&lt;/p&gt;

&lt;h2&gt;
  
  
  The New Reality of AI Website Development
&lt;/h2&gt;

&lt;p&gt;AI has dramatically reduced the effort required to build websites.&lt;/p&gt;

&lt;p&gt;What used to take days now takes minutes.&lt;/p&gt;

&lt;p&gt;But the backend responsibilities have not disappeared.&lt;/p&gt;

&lt;p&gt;A contact form is more than a collection of inputs.&lt;/p&gt;

&lt;p&gt;It is a workflow.&lt;/p&gt;

&lt;p&gt;The frontend captures the lead.&lt;/p&gt;

&lt;p&gt;The backend makes sure the lead is not lost.&lt;/p&gt;

&lt;p&gt;And that is still where most AI-generated forms fail.&lt;/p&gt;




&lt;h3&gt;
  
  
  Don't build an entire backend to get your contact form working
&lt;/h3&gt;

&lt;p&gt;If you are building websites with AI tools such as Cursor, Bolt.new, v0, Claude Code, Lovable, or Replit, you don't have to build a backend from scratch to get your form working. Instead, you can connect your forms to a managed backend service like &lt;a href="https://formserve.io/?utm_source=devto" rel="noopener noreferrer"&gt;Formserve &lt;/a&gt;to handle:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Submission storage&lt;/li&gt;
&lt;li&gt;Spam protection&lt;/li&gt;
&lt;li&gt;Email notifications&lt;/li&gt;
&lt;li&gt;Slack notifications&lt;/li&gt;
&lt;li&gt;Webhooks&lt;/li&gt;
&lt;li&gt;Integrations with tools such as Notion, Airtable, HubSpot, and Google Sheets&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This lets you keep the AI-generated frontend while adding a production-ready submission workflow behind it.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>loveable</category>
      <category>replit</category>
      <category>claude</category>
    </item>
    <item>
      <title>A personal story about how AI is leveling the playing field.</title>
      <dc:creator>Abhilash Veettil</dc:creator>
      <pubDate>Sat, 20 Jun 2026 14:39:50 +0000</pubDate>
      <link>https://dev.to/eabhvee/a-personal-story-about-how-ai-is-leveling-the-playing-field-1558</link>
      <guid>https://dev.to/eabhvee/a-personal-story-about-how-ai-is-leveling-the-playing-field-1558</guid>
      <description>&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fxuthkh8xvcy2xf6jik37.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fxuthkh8xvcy2xf6jik37.png" alt=" " width="800" height="450"&gt;&lt;/a&gt;&lt;br&gt;
My daughter has been behind me to create a YouTube channel for her for the last 6 months. This week, I finally sat down and made her one, Aloha’s Kingdom.&lt;/p&gt;

&lt;p&gt;Then she wanted me to make a video for her. She didn’t want just a video.&lt;/p&gt;

&lt;p&gt;She wanted a story, one that mixed real footage, animation, music, visual effects, voiceovers, and a little bit of magic. I accepted the challenge.&lt;/p&gt;

&lt;p&gt;A few years ago, creating something like this I would have required to hire a small team:&lt;/p&gt;

&lt;p&gt;• A videographer&lt;/p&gt;

&lt;p&gt;• An editor&lt;/p&gt;

&lt;p&gt;• An animator&lt;/p&gt;

&lt;p&gt;• A scriptwriter&lt;/p&gt;

&lt;p&gt;• A designer&lt;/p&gt;

&lt;p&gt;• A voice artist&lt;/p&gt;

&lt;p&gt;Today, I could do all of it with AI, just in a couple of hours. What is fascinating is not the technology itself but what the technology demanded from me.&lt;/p&gt;

&lt;p&gt;To create the episode, I had to switch constantly between roles:&lt;/p&gt;

&lt;p&gt;📸 Photographer&lt;/p&gt;

&lt;p&gt;🎬 Video editor&lt;/p&gt;

&lt;p&gt;✍️ Storyteller&lt;/p&gt;

&lt;p&gt;🎨 Designer&lt;/p&gt;

&lt;p&gt;🤖 Prompt engineer&lt;/p&gt;

&lt;p&gt;🎵 Creative director&lt;/p&gt;

&lt;p&gt;I am not limited by my talent any more, I am only limited by my imagination, judgment, and the ability to connect different skills together 😆&lt;/p&gt;

&lt;p&gt;That’s how AI is leveling the playing field, not because everyone now has the same tools but because individuals can now execute ideas that previously required entire teams.&lt;/p&gt;

&lt;p&gt;And another thought which I crossed my minds was that generalists may have an unfair advantage in the AI era. When AI can help with execution, the people who can combine multiple disciplines become incredibly powerful.&lt;/p&gt;

&lt;p&gt;The future may belong less to those who know one thing deeply, and more to those who can connect many things meaningfully.&lt;/p&gt;

&lt;p&gt;My daughter got her episode.&lt;/p&gt;

&lt;p&gt;I got a reminder that we’re living through one of the most interesting times in human history.&lt;/p&gt;

&lt;p&gt;Here is the link to the &lt;a href="https://youtu.be/OncC08gkMAU" rel="noopener noreferrer"&gt;final video&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The article was originally published &lt;a href="https://medium.com/@abhilash.veettil/a-personal-story-about-how-ai-is-leveling-the-playing-field-ae300d3eaadb" rel="noopener noreferrer"&gt;here&lt;/a&gt;&lt;/p&gt;

&lt;h1&gt;
  
  
  AI #Creativity #DigitalTransformation #FutureOfWork #GenerativeAI #ContentCreation #Learning
&lt;/h1&gt;

</description>
      <category>ai</category>
      <category>claude</category>
    </item>
  </channel>
</rss>
