โ† The Owens Vibe Coding & Development Institute
Rigor toolkit

๐Ÿ“‹ The "Are You Actually Done?" Pre-Ship Checklist

The 'Are You Actually Done?' audit. Organised by B.U.I.L.D., printable โ€” the flagship rigor tool.

๐Ÿ“‹ The "Are You Actually Done?" Pre-Ship Checklist

Your flagship free resource. Post it, pin it, Feature it. This is what people will screenshot and share โ€” and it's the most concrete expression of Build It Right, Or Don't Build It At All.

๐Ÿ›๏ธ ARE YOU ACTUALLY DONE? โ€” The TOVCDI Pre-Ship Checklist

Your AI said it's finished. Here's how a developer checks. Run every box before you call it shipped. Organized by the B.U.I.L.D. Method.

โœ… B โ€” Build (does it actually work?)

  • It works on a fresh load, not just after the steps you happen to remember
  • It works on someone else's device/browser, not just yours
  • Every button, link, and form does what it claims
  • Edge cases: empty inputs, huge inputs, weird characters, double-clicks โ€” handled, not crashed

โœ… U โ€” Understand (can you explain it?)

  • You can explain, out loud, what each major file/function does
  • There's no code you're afraid to touch because you don't know what it does
  • You removed dead code, debug logs, and commented-out experiments

โœ… I โ€” Interface & Experience (is it actually usable?)

  • It doesn't look like a default AI template โ€” you made at least one deliberate design choice (color, type, spacing, layout)
  • Responsive: it works on a phone screen, not just your wide monitor
  • Loading & empty states exist (not a blank flash or frozen screen)
  • Errors are human: users see a helpful message, not a raw stack trace
  • โ™ฟ Accessibility: real <button>/<a> tags (not clickable divs), images have alt text, it's usable with keyboard only, and text has enough contrast

โœ… L โ€” Lock It Down (is it safe?)

  • No secrets in the code โ€” API keys/passwords live in environment variables, not committed to the repo
  • All user input is validated on the server, not just the browser
  • Auth checks happen on the backend โ€” you can't reach protected data by guessing a URL
  • Your database isn't wide open (check your rules/permissions โ€” the #1 vibe-coder leak)
  • You ran a dependency audit (e.g. npm audit) and addressed the criticals
  • Nothing sensitive is logged or exposed in error messages

โœ… D โ€” Document, Test & Deploy (will it survive reality?)

  • A README exists: what it is, how to run it, what it needs
  • It's in version control (Git) with real commit messages
  • At least the critical path is tested (manually with a written list, or automated)
  • You ran a Lighthouse / performance check and it's not painfully slow
  • Environment variables are set in production (not hardcoded localhost values)
  • You know how you'd roll back if the deploy breaks

๐ŸŸข Scoring

  • All boxes checked? Ship it with pride. You built it right.
  • A few unchecked? That's your to-do list โ€” not a failure. Post the ones you're stuck on in the group; that's literally what we're here for.
  • Most unchecked? Perfect. You just found out what to learn next. Welcome to developing.

You don't have to be done to be proud. But know the difference between "it runs" and "it's Right."

Build It Right, Or Don't Build It At All. ๐Ÿ›๏ธ

Other rigor resources

Code Review Rubric

Score any code 0โ€“10 against B.U.I.L.D.

โ†’

Security Audit Checklist

OWASP Top 10, translated for builders.

โ†’

API Design Checklist

Consistent, validated, versioned, safe APIs.

โ†’

Data Modeling Cheat Sheet

Relationships, normalization, indexing rules of thumb.

โ†’

Production-Readiness Checklist

Is this actually ready for real users & scale?

โ†’

System Design Template

The whiteboard framework, step by step.

โ†’

Git Workflow Reference

The commands and flows you actually use.

โ†’

๐Ÿ›๏ธ Build It Right, Or Don't Build It At All.