The Gap Nobody Talks About
Thousands of founders, indie hackers, and non-technical builders are shipping real apps in days using AI coding tools - Cursor, Bolt, Lovable, v0, Replit, Claude, ChatGPT. The tools are genuinely magical. You describe what you want and get working code.
Then you try to ship it.
And suddenly you're facing: deployment configs, environment variables, production databases, custom domains, SSL certificates, App Store review, payment webhooks, CORS errors, database migrations, and a codebase full of AI-generated code that works perfectly on localhost and fails mysteriously in production.
This guide is for everyone who has built something real with AI tools and wants to get it in front of actual users.
Step 1: Understand What You Actually Have
Before deploying anything, spend 30 minutes understanding your own codebase. AI tools generate working code, but they make assumptions that are fine for development and catastrophic for production.
Check for hardcoded secrets. Search your codebase for API keys, passwords, and tokens that are hardcoded as strings. This is the most common vibe-coded app mistake. Any secret that's in your code will be visible to anyone who views your source (or your GitHub repo if it's public).
Check your database. Most AI-generated projects use SQLite by default - it's a file on your machine. In production, you need a real database that lives on a server. If your code has sqlite3 or better-sqlite3 as a dependency, plan to migrate.
Check your environment variables. Production apps use environment variables for anything that changes between development and production. Your .env file should NOT be committed to git. Check your .gitignore.
Check for missing error handling. AI tools generate happy-path code. They often skip what happens when an API call fails, a database query returns null, or a user submits invalid data. These gaps will crash your production app in ways that never surfaced locally.
Step 2: Choose Where to Deploy
The right deployment platform depends on what you built.
For Next.js, React, Astro, or any Node.js web app:
Vercel is the fastest path to production. Connect your GitHub repo, set your environment variables, and you're live in under 5 minutes. Free tier handles serious traffic for most early-stage apps.
Alternative: Railway is better if you need a backend that runs continuously (Vercel functions have a 10-second timeout on the free tier) or if you need to run scheduled jobs.
For full-stack apps with a database:
Supabase gives you PostgreSQL, auth, file storage, and real-time subscriptions in one place. It's the easiest way to add a real database to a vibe-coded app without setting up infrastructure.
Railway + Neon (serverless PostgreSQL) is another strong combination - Railway for your app, Neon for your database.
For mobile apps (Flutter, React Native):
You need app store accounts before anything else. Apple Developer Program: $99/year. Google Play Developer account: $25 one-time. Budget 2–4 weeks for App Store review on your first submission - and read our full rejection checklist before you submit.
For apps that got too big for serverless:
Fly.io or a VPS (DigitalOcean Droplet, Hetzner) running Docker gives you full control. More setup work, but no cold start problems and no function timeout limits.
Step 3: Fix Your Database Setup
This is the most common blocker for vibe-coded apps going to production.
Moving from SQLite to PostgreSQL
If your app uses Prisma (common in AI-generated Next.js apps), this is mostly a config change:
1. Update schema.prisma to use provider = "postgresql" instead of provider = "sqlite"
2. Create a free PostgreSQL database (Supabase free tier, Neon free tier, or Railway)
3. Update your DATABASE_URL environment variable
4. Run npx prisma migrate deploy to apply your schema to the new database
5. Test every database operation - SQLite and PostgreSQL have subtle behavioral differences
If your app uses Drizzle, the migration is similar. If it uses raw SQL queries, check for SQLite-specific syntax (INTEGER PRIMARY KEY AUTOINCREMENT vs. SERIAL PRIMARY KEY in PostgreSQL).
Database backups
Production databases need backups. Supabase and Neon both include automatic backups on paid plans. If you're on a free tier, set up a weekly manual backup script or upgrade before you have real users.
Step 4: Set Up Your Custom Domain
1. Buy your domain (Namecheap, Google Domains, Cloudflare Registrar)
2. Add it to your deployment platform (Vercel: Settings → Domains → Add domain)
3. Update your DNS records to point to your deployment
4. SSL is automatic on Vercel, Railway, and most modern platforms
Route everything through Cloudflare. Even on the free plan, Cloudflare gives you DDoS protection, a global CDN, free SSL, analytics without JavaScript tracking, and bot protection. This is one of the highest-value free upgrades for any web app.
Step 5: Add Real Authentication
AI tools often generate authentication code that works but shouldn't be used in production - no rate limiting, predictable session tokens, no refresh token rotation.
Clerk is the easiest drop-in for Next.js apps. 30-minute integration, handles every edge case, free for under 10,000 monthly active users.
Supabase Auth is the best option if you're already using Supabase for your database - everything lives in one place.
Auth.js (formerly NextAuth.js) is the most flexible option and stays open-source forever. Steeper setup, more control.
Whatever you use: never store plain-text passwords, always use HTTPS, and never put session tokens in localStorage - use httpOnly cookies.
Step 6: Add Payments the Right Way
If your app collects money, you need Stripe - not PayPal buttons, not direct bank transfers.
For most vibe-coded apps, you need:
- Stripe Checkout (redirect to Stripe's hosted payment page - simplest)
- A webhook endpoint (Stripe calls your server when a payment succeeds or fails)
- Idempotency keys on payment creation (so retries don't double-charge)
The webhook is the part most vibe-coded apps miss. Without it, you're trusting the frontend to report successful payments - which users can fake. Always confirm payment on the server via webhook.
Step 7: What Goes Wrong at Launch
The app works locally but fails in production: Missing environment variable (check your platform's env config); file system writes that work on localhost don't work on serverless; database connection limits exceeded (add connection pooling).
Performance collapses under real traffic: Add database indexes on every column you filter or sort by; add caching for data that doesn't change often; add a CDN for images and static assets.
Users report bugs you can never reproduce: Add Sentry (free tier covers most early-stage apps) - it captures every unhandled error with full stack traces. Add LogRocket or PostHog for session replay - you can literally watch what the user did before the bug.
Step 8: The Ongoing Maintenance Reality
Shipping is not the end. Every app in production needs ongoing attention:
- npm dependencies release security patches monthly. An unpatched dependency is an open door.
- API rate limits from third-party services change and will break your app silently.
- Payment provider changes - Stripe deprecates old APIs on a schedule.
- App store reviews - new OS versions sometimes break old app builds.
If you're a solo founder, budget 2–4 hours/month for maintenance or hire someone to handle it. A broken production app costs more to recover from than preventing the break.
The Honest Summary
Vibe coding is real. The apps built with AI tools are real. The gap between "it works on my machine" and "it's live for 10,000 users" is also real - and it's a solvable engineering problem, not a reason to give up on your idea.
The checklist:
1. Find and move all secrets to environment variables
2. Migrate from SQLite to a real database
3. Deploy on Vercel, Railway, or Fly.io
4. Set up Cloudflare in front of your domain
5. Add real auth (Clerk, Supabase Auth, or Auth.js)
6. Add Stripe with webhook verification
7. Add Sentry for error tracking
8. Set up a maintenance schedule
If any of this feels overwhelming - that's what we're here for. We take AI-built projects and get them to production. You keep building; we make sure what you've built actually ships.