← Back to themes
Coding Tools

Coding Tools

21 videos

IDEs, extensions, dev tooling, and other coding-adjacent products.

  1. A PRD Builder Slash Command for Claude Code (TDD + Spec-Driven + Recursive Testing)
    1. Create a custom slash command in Claude Code (.claude/commands/) that takes a project name as an $ARGUMENTS variable.
    2. Have the command generate a PRD that doubles as agent instructions: define test suite + success criteria first, then implementation.
    3. Instruct the agent to run tests and git commit after every significant feature.
    4. Instruct the agent to re-test prior features after each new feature lands (regression check).
    5. Reserve a section in the PRD for the agent to leave itself notes for future sessions.

    Before implementing any feature, first design the test suite and success criteria for it. After implementing, run unit/integration tests, commit if they pass, then re-run tests for previously implemented features to catch regressions. Leave a 'Notes to future self' section at the bottom of this doc and update it as you go.

    View full video →
  2. 3 Security Checks Every AI-Built App Needs
    1. Never hardcode API keys — use environment variables (process.env). Tell your AI to use process.env, never literal strings.
    2. Use a real auth provider (Supabase, Clerk, or NextAuth) — never let AI invent a custom login system from scratch.
    3. After building, prompt AI: 'You are a hacker trying to break this app. Tell me every vulnerability and how to exploit it. Then tell me the fix.'

    You are a security expert and hacker trying to break this app. Review all the code in this project and tell me: every vulnerability you can find, how a hacker could exploit each one, and the exact fix for each. Be thorough and specific.

    View full video →
  3. What Is an AI Harness and How Do You Build One

    None found — this is an introductory/teaser clip. The full technical walkthrough is in the longer video on @michellescomputer's profile.

    View full video →
  4. AI Forgets Authorization — And That's a Security Hole

    For every feature you build with AI: always explicitly ask 'Who has access to this feature?' and 'For someone who shouldn't have access, are they blocked?' Specifically prompt: 'Add authorization checks so users can only access their own data — not other users' records by changing IDs in the URL.'

    Review this feature for authorization vulnerabilities. For every endpoint or data access point: confirm that users can only read/edit/delete their own records. A user should never be able to access another user's data by changing an ID in the URL or request. Add the necessary checks and explain what you added.

    View full video →
  5. 6 Claude Code Plugins Almost Nobody Is Using
    1. Six Claude Code plugins are recommended. Research each before installing — do NOT install any until each has been reviewed and approved:
    2. GitHub Superpowers — forces planning/testing before coding.
    3. Front-end design (Anthropic) — production-quality UI.
    4. Code review — 5 parallel agents check bugs, rules, git history.
    5. Security review — scans the codebase for vulnerabilities.
    6. Claude Mem — persistent memory across sessions.
    7. Stack (Gary Tan, YC) — 23 skills in one plugin (CEO, eng manager, QA, etc.).
    8. For each, identify who publishes it and research what it does, how it's used, and whether it's safe/reputable; present the findings; install ONLY the ones that are approved, one decision at a time (see Find the Resource for where to locate the list).

    Before installing anything, research these Claude Code plugins for me one at a time: (1) Claude Mem (persistent memory), (2) GitHub Superpowers (enforces planning before coding), (3) the parallel 5-agent code review. For each, tell me what it is, who publishes it, what access it needs, and whether it's safe. Present your findings and wait for my explicit approval on each. Only after I approve, install the approved ones and run the code review on this project.

    View full video →
  6. Production-Ready Claude Code: Tech Spec → GitHub Epics/Issues → Execute Issue by Issue (ex-Shopify eng)
    1. Write a detailed tech spec in Claude Desktop (Opus 4.8) — not Claude Code — covering: what you're building, edge cases, data flow, UI/UX.
    2. Connect Claude Code to GitHub. Ask it to convert the spec into an Epic with Issues and Sub-Issues.
    3. Execute issue by issue. Review each before moving to the next. Catch problems before they compound.
    4. Comment 'Claude Code' on the original post for the one-page setup guide.

    Before writing any code: let's write a detailed technical spec for this feature. Cover: what we're building, edge cases, data flow, UI/UX decisions, and success criteria. Write it as a full markdown doc. Once approved, we'll convert it to GitHub issues.

    View full video →
  7. Safer Alternative to Bypass Permissions: Allow + Deny Lists in Claude Code
    1. Instead of enabling bypass permissions entirely:
    2. Go into Claude Code permissions settings.
    3. Build an allow list: add every command you know is safe (e.g. npm run, git status, reading files). Claude will run these instantly without asking.
    4. Build a deny list: add anything potentially destructive (e.g. rm -rf, git push --force, sudo). Claude will block these explicitly and cannot be overridden.
    5. This gives bypass-level speed for safe commands while keeping hard guardrails on dangerous ones.

    Set up an allow list and deny list in this project's Claude Code permissions. Allow list: npm run, git status, git log, git diff, reading files. Deny list: rm -rf, git push --force, sudo, DROP TABLE. Show me the settings.json changes.

    View full video →
  8. Accessing Claude Fable 5 via AWS Bedrock During Rollout Restriction

    None — low-value reaction clip with no actionable steps.

    View full video →
  9. Why Your Vibe-Coded App Keeps Breaking: Skip Spec → Decompose → Build in Parts (ex-Shopify)
    1. Spec in Claude Desktop with Opus 4.8 — multi-markdown files covering each feature, edge cases, data flow, UI/UX.
    2. Hook Claude Code to GitHub, convert spec to Epic → Issues → Sub-Issues.
    3. Build issue by issue — review and sign off before moving to next. Kill problems before they snowball.
    4. Bonus: use powerful model (Opus) for planning only; use lighter model for the actual code execution.
    5. Comment 'Claude Code' on the original post for the one-pager.

    For this planning session, we're using you to think through the full technical spec — edge cases, data flow, architecture. Don't write any code yet. Once we've agreed on the spec, we'll hand it to a lighter model to implement issue by issue.

    View full video →
  10. Microsoft SkillOpt: Auto-Improving AI Agent Skills Docs Without Retraining (41% → 80%)
    1. Conceptual research paper — not directly implementable yet as a consumer tool. Key insight to apply now:
    2. Treat your Claude system prompt / CLAUDE.md as a living skills doc, not a set-it-and-forget-it file.
    3. After each session where Claude made mistakes, identify which instruction was missing or vague.
    4. Make 1–4 targeted edits (add a rule, sharpen a vague instruction, remove a bad one).
    5. Observe whether next session's output is better — keep changes that help, revert ones that don't.

    After each Claude Code session, review what went wrong or suboptimally. Identify 1–4 specific instructions to add, sharpen, or remove from your CLAUDE.md. Treat it as your agent's skills doc that you continuously refine.

    View full video →
  11. Why Power Users Run Claude Inside VS Code (Not the Claude App)
    1. Identify what would be installed: VS Code (free, published by Microsoft), plus the Claude and Codex extensions from the VS Code marketplace. Do NOT install anything yet.
    2. Research each first — confirm the publisher of each extension in the marketplace, what permissions it requests, and whether it's the legitimate official one (marketplace lookalikes exist); check reviews and reputation.
    3. Present the findings for review, and install ONLY after explicit approval.
    4. Once approved and installed: add the Claude and Codex extensions, browse the marketplace for readability/workflow extensions, and connect other AI tools so everything lives in one place. (See Find the Resource for the creator's exact extension list.)
    View full video →
  12. The "Vibe Coder" Label Is Fading — And That's the Point

    Creator references on-screen images throughout (tweets/posts dunking on vibe coders, and examples of vibe coders building things) without narrating what is shown. Review the video to see the specific examples angus.sewell was reacting to — the visual content is likely where the value is.

    View full video →
  13. Free Claude Skill: 300-Check Codebase Audit Across UI/UX, Performance, and Security
    1. Identify the target: haydenschmitty's free Claude skill that audits a codebase against 300+ common mistakes (UI/UX, performance, security). Do NOT install it yet.
    2. Research it first — what the skill actually does, who haydenschmitty is, what access it needs to run unattended for hours, and whether it's safe and reputable. Use the Find the Resource search string to locate it.
    3. Present the findings for review, and install ONLY after explicit approval.
    4. Once approved and installed: run it on the codebase to audit across UI/UX, performance, and security; it runs uninterrupted for several hours (e.g. start it before bed and review in the morning).

    Before installing anything, research the haydenschmitty codebase-audit skill for me: what it does, who publishes it, what access it needs to run unattended for hours, and whether it's safe. Present your findings and wait for my explicit approval. Only if I approve, install it, run it on this project across UI/UX, performance, and security, and report the issues found before fixing the critical ones.

    View full video →
  14. The 170k-Star CLAUDE.md File That Stops Claude Code From Over-Engineering
    1. Drop a CLAUDE.md in your project root with four rules: (
    2. Think before you code, (
    3. Keep it simple, (
    4. Only change what you were asked to, (
    5. Define what done looks like and loop until done.
    6. Comment "RULES" on the post to receive the exact GitHub repo and full install guide via DM.
    View full video →
  15. Vibe Coding vs. Agentic Engineering: Why the Process Matters
    1. To shift from vibe coding to agentic engineering:
    2. Write a detailed spec document before writing any code — explicitly describe everything you want.
    3. Decompose the spec into scoped work packets (discrete, bounded tasks).
    4. Implement work packets one at a time.
    5. Test each packet before moving to the next.
    6. After each change, verify the entire system stays coherent — all tests passing, no regressions.
    7. Never skip the boring parts (testing, coherence checks).

    Help me apply agentic engineering to this project: (1) write a detailed spec for [feature], (2) decompose it into scoped work packets, (3) implement and test each packet, (4) verify system coherence after each change. Start with the spec.

    View full video →
  16. 5 Performance Problems AI-Generated Code Always Misses
    1. Ask Claude to fix these 5 performance issues in your app:
    2. Enable GZIP/Brotli compression on all JSON API responses.
    3. Replace single-row database inserts with batch inserts.
    4. Audit roundtrip latency — if one network event takes 90%+ of the time, that's your bottleneck. Parallelize or cache it.
    5. Implement optimistic UI updates so the interface responds immediately before the backend confirms.
    6. Enable static HTML generation or caching on your frontend web server so HTML is not rebuilt per visitor.

    Audit this app for these 5 AI-generated performance problems: (1) uncompressed JSON responses, (2) single-row DB inserts instead of batch, (3) single dependency bottleneck in roundtrip latency, (4) UI waiting on backend before updating, (5) HTML rebuilt per visitor instead of cached. Report which apply and fix them.

    View full video →
  17. 5 Drag-and-Drop UX Rules That Make File Upload Feel Safe
    1. Apply these drag-and-drop UX rules:
    2. Drop zone feedback: show border, glow, and copy/shift cue when a file is dragged over — users need 3 visual signals before dropping.
    3. Replace spinners with honest progress: show percentage and estimated time remaining so users can decide to wait or cancel.
    4. Inline retry on failure: if upload fails at 90%, never make users restart — keep the file loaded with a one-tap resume.
    5. Show file preview on receipt: display thumbnail, file type, and size as visual confirmation you received the right file.
    6. Independent progress per file: in multi-file uploads, each file gets its own progress bar and retry — one failure never blocks the others.

    Review the file upload UX in this app against these 5 rules: (1) drop zone visual feedback before drop, (2) honest progress with percent + time, (3) inline retry without losing file, (4) thumbnail/type/size confirmation, (5) independent progress and retry per file in multi-upload. Fix any gaps.

    View full video →
  18. Git Branching Strategy Every Engineer Uses (Vibe Coders Too)
    1. Never push directly to main.
    2. Create a feature branch for every new feature — one branch per feature.
    3. Merge feature branches into dev (your active development branch).
    4. Merge dev into staging to do a dress rehearsal — staging mirrors production exactly.
    5. Only merge staging into main after testing passes.
    6. Enable branch protection rules on main: require reviews, block direct pushes.
    7. This gives you a one-click rollback if something breaks in production.

    Set up branch protection on main for this repo and walk me through creating a dev and staging branch. Then show me the workflow for creating a feature branch and opening a PR into dev.

    View full video →
  19. 5 Performance Fixes Every Vibe-Coded App Needs
    1. Add text labels and tooltips to all buttons that currently lack them.
    2. Implement optimistic UI rendering so the app feels instant.
    3. Add pagination to backend endpoints so pages load faster.
    4. Audit the backend for N+1 database queries and fix them.
    5. Convert synchronous operations to async/background tasks.

    Audit this app for these 5 common vibe-coding issues: (1) buttons missing text labels/tooltips, (2) no optimistic UI rendering, (3) unpaginated backend queries, (4) N+1 database queries, (5) synchronous operations that should be async. Report which issues exist and fix them.

    View full video →
  20. Senior Engineer Testing Philosophy: Coverage, Integration, and Testable Design
    1. Target 100% line and branch coverage before opening a PR.
    2. Write unit tests for all code.
    3. Write integration tests to verify code works when deployed with other systems.
    4. Design for testability from day one: use dependency injection, write pure functions without side effects, and enforce clear separation of concerns.

    Review this code for testability: check that it uses dependency injection, pure functions without side effects, and clear separation of concerns. Flag anything that would be hard to unit test and refactor it.

    View full video →
  21. SQL Injection Explained for Vibe Coders (Day 5)
    1. Ensure all database queries are parameterized — ask Claude or Codex to audit your codebase and confirm every query uses parameterized inputs (this is the single most important defense)
    2. Avoid writing direct raw SQL statements; use an ORM (Object Relational Mapper) instead, which adds an additional protection layer against injection attacks
    3. Never concatenate user input (e.g., form fields, URL params) directly into a SQL query string — always sanitize or parameterize first

    Review my codebase for SQL injection vulnerabilities: confirm all database queries are parameterized, flag any that use string concatenation with user input, and suggest converting raw SQL to an ORM where applicable.

    View full video →