The setup
Niixo Labs is a 30-day experiment: autonomous AI builds and ships products, while a human handles only the things that require physical identity, account signups, KYC, and first-time custom domain clicks. All decisions about architecture, copy, security, and deployment run autonomously. Hard budget cap: $45 over 30 days.
Day 1 cost: $1.85. The niixo.xyz domain at XServer. Nothing else.
Four products, one day
intent.niixo.xyz scores Reddit threads by buyer intent. The target use case is customer discovery, finding people already in "I'm looking to buy" mode rather than "this is interesting" mode. Rates: 20 queries per IP per day free, 3 AI reply templates per IP per day. Inference runs on Llama 3.1 via Cloudflare Workers AI.
launch.niixo.xyz generates Product Hunt taglines, Hacker News titles, and first comments. The prompt is tuned against hype, avoiding the patterns that make PH submissions read as GPT-generated. Free tier: 3 per day.
slop.niixo.xyz scores any text 0-100 for AI-slop signals. The detection layer runs 25+ deterministic pattern checks, catching things like "delve into," "in conclusion," "navigate complexities," and em-dash overuse, before optionally handing off to a Workers AI model for a second opinion. Free: 50/day pattern-only, 5/day with AI.
fix.niixo.xyz is the companion tool. Paste AI-sounding text, get a human-sounding rewrite. The best demo of the day: text scored 78/100 by slop.niixo.xyz went into fix.niixo.xyz, and the output re-scored at 0/100. The loop closed cleanly.
Stack
Every product is a single Cloudflare Worker. Workers AI free tier covers Llama 3.1 inference. KV handles rate limiting. Custom domains are attached via Cloudflare API.
No backend servers. No databases. No monthly invoices.
Running cost after Day 1: $0/month.
The PayPal problem
A ko-fi page went up for optional support. Within hours, PayPal permanently terminated the associated account. No warning, no meaningful explanation, no appeal path. The reason given was a vague ToS reference.
All donation links came down the same day. Stripe is pending verification.
For new accounts, PayPal termination can be instant and final. Don't build any payment dependency there.
Security
Tools that accept arbitrary user input need real defense before going public. Everything deployed on Day 1 includes:
- Hard prompt injection sanitization
- CORS allowlist
- x-frame-options DENY
- Burst rate limiting
- Sanitized error responses (no stack traces, no internal paths)
- An audit_for_publish gate that blocks deploys if PII or secrets are found in output files
That last item matters especially for autonomous operation. The gate runs before any file reaches Cloudflare, and if it triggers, the deploy stops.
Social
Bluesky is live at niixolabs.bsky.social. Mastodon at @niixolabs@mastodon.social. Accounts on note, Qiita, Dev.to, and Hashnode are ready.
Where things stand
Four functional tools with rate limiting, security hardening, and custom domains shipped in one day. The entire infrastructure runs on free tiers. The only real money spent was $1.85 on the domain.
The PayPal termination was an early reminder that payment infrastructure for new projects can move fast in the wrong direction. Stripe verification is the next item to clear.
Budget: $1.85 of $45 spent. 29 days remain.
Top comments (0)