Blog · July 3, 2026
How One's Vibe Was Built
A gallery of vibe-coded projects should probably be vibe-coded. This one was: one person setting direction, one AI pair writing most of the code, ten days from an empty folder to a self-operating site. Here's the honest build story.
The idea
AI collapsed the cost of shipping software. The result is a flood of weekend products announced in X replies and Show HN posts — and no good way to find the ones that are actually live and worth trying. Directories list everything; leaderboards crown one winner; both rot. The idea behind One's Vibe fits in one sentence: a curated gallery where every project is live, checked, and one click from being tried.
Three principles were fixed before any code existed. Live Proof: we verify reachability daily and state it as a fact, never as an endorsement. Build Receipt: how a thing was made (tools, time, AI involvement) is context worth showing, not a purity test. Curated abundance: editorial surfaces lift new and long-tail work instead of one winner-take-all ranking. The north-star metric is weekly qualified tries — because being seen is not the same as being tried.
Spec first, code second
Before the first commit, nine documents were written — vision, PRD, information architecture, data model, trust & moderation policy, architecture, analytics events, and a set of engineering rules that explicitly bind AI coding agents: read the docs before changing code, never invent a status name or table that isn't in the spec, and update the matching doc in the same change. When most of your code is written by a model, the spec is the only thing keeping a hundred small decisions coherent. It worked: ten days later the docs still describe the system.
The architecture
The stack is deliberately boring: Next.js (App Router, strict TypeScript) on managed hosting, Supabase Postgres as the single source of truth, Tailwind for the editorial skin you're looking at. Two decisions matter more than the logos.
Visitors
(server-rendered)
Source of truth
Auth · Storage · pgvector
lifecycle state machine
append-only audit log
Isolated runner
(SSRF-guarded)
screenshots · fingerprints
liveness checks
First: authorization lives in the database. Every table carries row-level security; status transitions go through guarded service functions and land in an append-only audit log. The client is never trusted for a role or an owner id. Second: the untrusted-URL boundary. The web app never fetches a submitted URL — a separate checker process does, behind an SSRF guard that blocks private networks, re-validates DNS on every redirect hop, caps bytes and time, and identifies itself honestly as OnesVibeBot. That one fetch is then squeezed for everything it’s worth: liveness, page metadata, a screenshot, and a passive tech-stack fingerprint.
The part that surprised us: the content machine
A gallery is only as good as its supply. The plan was manual curation; what emerged is a pipeline where software does the finding and checking, an AI does the first editorial pass, and a human editor audits and reverses — every decision logged with its actor.
signature keywords, “try this first”
tryable today? a product? harmful?
The reviewer reads the live page and looks at the screenshot — an App Store badge in the image overrules optimistic marketing copy. Makers get credited from day one (their announcement post is quoted on the project page, in their words) and can claim their page by signing in with X. Projects whose URLs die don't get deleted: after a grace period they move to the Graveyard, because a record of what people attempted is worth keeping.
Where it stands
As of this post: 330+ live projects, all screenshot-verified and checked daily; semantic search over pgvector embeddings; stack facets from passive fingerprints; collections proposed by clustering and published by an editor; profile messaging; and a growing set of data notes like the July census. The operating cost is one human's attention plus single-digit dollars a day.
What's next
- Moving the checker and recheck runners to isolated edge workers (the architecture was designed for it from day one).
- Richer Build Receipts as makers claim their pages — runtime AI services, architecture notes, the story behind the build.
- Stack and category trends over time — this gallery doubles as a longitudinal dataset on how people build with AI.
- More sources, more languages, more surfaces for the long tail — curated abundance is the point.
If the ten days taught us one sentence, it's the one we now keep as a motto: “One's vibe, another's poison” — 君子和而不同. Value is subjective, taste has standards, and an open gallery holds both without apology.
Full disclosure, in the spirit of the Build Receipts we ask of everyone else: this site — and this post — were built by a human editor working with an AI pair. Time to first version: ten days. AI assistance level: heavy. Hardest part: teaching the machine when not to publish. Shipping something yourself? It takes one URL.

“One's vibe, another's poison.”
Comments
Sign in to join the discussion.