Blog · Claude Code, Bubble.io & vibe coding

Chrome extension version-bump discipline: pre-commit + GitHub Actions: cover image

Latest

May 22, 2026 · 6 min read · chrome-extension , github-actions , pre-commit-hooks

Chrome extension version-bump discipline: pre-commit + GitHub Actions

The Chrome Web Store rejects re-uploads with the same manifest version. Catch the missed bump locally in a pre-commit hook; gate it again in CI.

Read as a series

Topical clusters meant to be read in order, or jumped into anywhere.

Chrome Extension Lifecycle 3 posts

Read the series

Claude Code Engineering 9 posts

Read the series

Supabase Production Hardening 6 posts

Read the series

Data Pipeline Reliability 4 posts

Read the series

Recent writing

View all 67 →

May 15, 2026 ·7 min read · chrome-extension , manifest-v3 , supabase

How to build a Chrome extension popup with Supabase Auth (step by step)

Wire Supabase Auth into an MV3 popup: bundle the UMD, persist sessions in chrome.storage, recover state on reopen. Working code included.

May 8, 2026 ·10 min read · chrome-extension , manifest-v3 , chrome-web-store

Shipping a Manifest V3 Chrome extension: the gates nobody mentions

Trader verification, publisher identity, the URL slug gotcha, version-bump CI: the async gates that turn a one-day project into a three-week project.

May 1, 2026 ·7 min read · methodology , refactoring , lovable

Phased migrations with per-phase verification gates

Big-bang refactors of 6+ files break things you cannot predict. Phased migration with explicit gates catches regressions before they compound.

Apr 28, 2026 ·8 min read · claude-code , claude-md , lovable

How I document AI-built projects: a CLAUDE.md, ISSUES.md, and prompts/ workflow

Four files that fix the missing context in AI-built codebases: CLAUDE.md, ISSUES.md, a prompts/ folder, and a two-AI handoff workflow.

Apr 24, 2026 ·7 min read · react-hook-form , zod , react

How to migrate a useState form to React Hook Form and Zod (the real walkthrough)

Step-by-step migration from useState to React Hook Form, Zod, and shadcn Form. Code diffs, validation mode choice, and four gotchas covered.

Apr 23, 2026 ·7 min read · supabase , supabase-auth , supabase-publishable-key

Migrating to Supabase publishable keys broke my Chrome extension. Here is the fix.

Supabase publishable keys return 401 from hand-rolled fetch. Migration to @supabase/supabase-js with a chrome.storage.local session adapter.

Apr 21, 2026 ·9 min read · lovable , lovable-security , supabase

How to audit a Lovable app after the BOLA disclosure: a 6-hour rotation playbook

Audit checklist I ran on a client's Lovable app after the April 2026 BOLA disclosure, plus the key rotation and Chrome extension SDK migration.

Apr 17, 2026 ·7 min read · supabase , supabase-realtime , security

Realtime broadcast scope is a security boundary, not a routing convenience

Default-public Realtime broadcasts leak message bodies to every subscriber. The private-channel flag plus RLS is the fix.

Apr 10, 2026 ·6 min read · security , supabase , auth-jwt

User enumeration via password reset: the bug in default forgot-password flows

Most forgot-password endpoints leak whether an email exists. Fix: return the same response always, regardless of account status.

Apr 3, 2026 ·7 min read · security , supabase , edge-functions

Origin validation in edge functions: the open redirect you ship by default

Edge functions that trust the Origin or Referer header for redirect URLs are open-redirect vulnerable. One allowlist helper closes the gap.

Browse all 67 posts in the archive

Chrome extension version-bump discipline: pre-commit + GitHub Actions

How to build a Chrome extension popup with Supabase Auth (step by step)

Shipping a Manifest V3 Chrome extension: the gates nobody mentions

Phased migrations with per-phase verification gates

How I document AI-built projects: a CLAUDE.md, ISSUES.md, and prompts/ workflow

How to migrate a useState form to React Hook Form and Zod (the real walkthrough)

Migrating to Supabase publishable keys broke my Chrome extension. Here is the fix.

How to audit a Lovable app after the BOLA disclosure: a 6-hour rotation playbook

Realtime broadcast scope is a security boundary, not a routing convenience

User enumeration via password reset: the bug in default forgot-password flows

Origin validation in edge functions: the open redirect you ship by default

How to build a tamper-evident audit log in Postgres with one trigger

How a Postgres constraint rename silently broke production via PostgREST

Silent timezone bugs in JavaScript date arithmetic

Two-layer identity models in Supabase: when auth and authorization disagree

ISSUES.md as a learning log: the flat-file bug tracker that compounds

How Aider's repomap uses PageRank and tree-sitter to rank your codebase

Why I stopped trusting Bubble.io's list fields and re-query the database instead

n8n Cloud's 60-second timeout: the dispatcher-worker pattern that beats it

Idempotent data pipelines: the natural-key fingerprint pattern

How I Used Claude Code to Build a Full-Stack React App: A Step-by-Step Development Guide

Silent failures: the bug class no tool catches in your data pipeline

Why AI coding tools rewrite full files instead of using diffs

How AI coding tools edit code: 6 things from shipping software with real users

How to Implement TOTP(time-based one-time passwords) based 2FA in Bubble.io Without Using Any APIs?

How to Migrate a Relational Database Between Two Bubble.io Apps Using n8n (Step-by-Step)

How to Merge PDFs in Bubble Without Timeouts Using n8n?

How to Implement Daisy Chain Filtering in Bubble.io?

How to Let Admins Access User Accounts in Bubble.io Without Credentials

Self-Host n8n in Minutes - No Terminal Commands, No Code (Step-by-Step)

How to Paginate Repeating Groups in Bubble.io Without Loading All Data at Once?

How to Use Sub-Apps in Bubble? - The Complete Step-by-Step Guide

How to sort a repeating group in Bubble.io by a nested field?

Step-by-Step Guide to Building an AI Assistant with Bubble.io (No Plugins)

5 Simple Scripts to Enhance UI/UX for Your Bubble.io App

How to add custom fonts in bubble.io?

Bubble.io Tips - 3

Bubble.io API Security Best Practices

How can you effectively prevent deleted pages from consuming workload units (WU)?

The learning curve of the bubble (no-code) developer explained using the dunning-Kruger effect

How to create Skeleton Loading in Bubble?

How can openAI's markdown text be converted into HTML text with CSS style without code in Bubble? (Without Paid Plugin)

How to implement OAuth 2 in Bubble?

Things I understood before learning Bubble

What is Rate Limiting in Xano?

How to convert Bubble Page into PDF? How to merge multiple PDFs in Bubble?

How to restrict file types in multi-file uploader in bubble? (No Code/No Paid Plugins)

How to choose between the UUID and the sequential ID as the Primary key in Xano?

How to select data field API Access in Xano?

How to Verify a user's email in the Bubble app using Postmark?

Bubble.io Tips - 2

Best practices while collaborating with other Bubble Devs I follow using Version control of Bubble.io

Bubble.io Tips - 1

How to configure Stripe Checkout Integration in the Bubble.io application without any Paid Plugins?

Arbitrary Text : Data Source of Nested Repeating Group in Bubble

How do I create documentation for Bubble.io Application I am working on?

How to integrate GPT 3.5 Turbo API into your Bubble.io app?

How to pass Nested Array as a parameter in Bubble API Connector?

Maximizing SEO and User Engagement on Bubble.io Website

How to calculate the distance between two locations in Bubble.io? (One location will be dynamic)

How to use Stripe Payment Intents with Bubble?

How to create a bubble app using the phone number as a signup method? (No Plugin)

6 Fatal mistakes which destroy the scalability of the Bubble application

Integrate Bubble with Airtable

Connecting Bubble.io with Zapier: Streamlining Workflows and Automating Tasks

4 Reasons why you should use fuzzy search over Searchbox in bubble?

Why one should choose Bubble.io?

Chrome extension version-bump discipline: pre-commit + GitHub Actions

How to build a Chrome extension popup with Supabase Auth (step by step)

Shipping a Manifest V3 Chrome extension: the gates nobody mentions

Phased migrations with per-phase verification gates

How I document AI-built projects: a CLAUDE.md, ISSUES.md, and prompts/ workflow

How to migrate a useState form to React Hook Form and Zod (the real walkthrough)

Migrating to Supabase publishable keys broke my Chrome extension. Here is the fix.

How to audit a Lovable app after the BOLA disclosure: a 6-hour rotation playbook

Realtime broadcast scope is a security boundary, not a routing convenience

User enumeration via password reset: the bug in default forgot-password flows

Origin validation in edge functions: the open redirect you ship by default

All topics