FinishKitGlossary
Plain-English definitions for the concepts, patterns, and vulnerabilities you run into while shipping vibe-coded and AI-built apps. Every term links back to the blog posts and scans that reference it.
A
AI-Built App
A web or mobile application where most of the code was generated by an AI tool rather than written by hand.
conceptAuth Bypass
A vulnerability class where a user can reach, read, or modify resources they should not have access to, usually because the app checks authentication (who you are) but not authorization (what you can do).
securityC
E
Edge Function
A server-side function deployed to a globally distributed edge network, running close to the user with lower latency and different constraints than traditional serverless.
deploymentEnvironment Variable
A named value set outside your code (at build time or runtime) used to configure your app without hardcoding secrets or per-environment settings.
securityError Boundary
A React component that catches JavaScript errors in its child tree and renders a fallback UI instead of crashing the whole app.
stabilityF
H
I
P
Production Readiness
The measurable state of an application being safe to expose to real users, covering security, reliability, performance, observability, and completeness.
conceptPrompt Injection
A class of attack on LLM-powered features where adversarial input to the model causes it to ignore developer instructions and behave maliciously.
securityR
Rate Limiting
Restricting how often a single user or IP can call an API endpoint, to prevent abuse, protect downstream systems, and control cost.
securityRow Level Security
A database feature that restricts which rows a user can read or modify based on per-row policies, enforced by the database itself rather than application code.
security