Blog

From a Hat: The Fun, Fair Way to Decide – Now Available!

We're excited to announce the official release of our latest app, From a Hat! Whether you're struggling to pick a movie, a book, a restaurant, or just want to add a little randomness to your decisions, From a Hat is here to help.

Why "From a Hat"?

We all know the feeling: too many choices, not enough time, and nobody wants to make the final call. From a Hat brings back the classic, fair, and fun way to decide—just put your options in, and let the app pick one for you!

Key Features

  • Simple & Intuitive: Add your options, shake (or tap) the hat, and get a random pick instantly.
  • Unlimited Lists: Create as many "hats" as you want for movies, books, chores, or anything else.
  • Share with Friends: Send your hats to friends or family so everyone can join the fun.
  • History & Favorites: Keep track of your past picks and favorite hats for quick access.
  • Cross-Platform: Coming soon to iOS and Android.

Who is it for?

  • Families who can't agree on what to watch or eat
  • Book clubs, classrooms, and teams
  • Anyone who loves a little randomness in life!

Try It Now

Ready to let fate decide?
Visit FromaHat.app today and make your next decision the fun way!

AI-Assisted Coding: Challenges

I've spent the past few months deeply exploring AI-assisted coding, specifically tools like Cursor. I prefer this approach because it allows me to actively monitor and collaborate with the process, rather than relying entirely on no-code solutions.

Here are the biggest issues I've observed, along with some small solutions you can implement:

1. Security Risks

Sensitive secrets/API keys often end up in frontend files. Inexperienced developers might easily overlook this, leading to significant vulnerabilities.

Solution: Use secure vaults or environment variables and implement automatic detection for exposed secrets.

2. Code Hallucinations

Occasionally, the coding assistant completely rewrites entire pages, even when tasked with minor or unrelated adjustments, causing unnecessary disruptions. This can be really frustrating especially if rewrite occur unnoticed. This can lead to role-backs, wasting time.

Solution: Set clearer context boundaries and limits on AI-generated changes. The prompt is the key. The clearer the instruction the better, even if you have to mention what you don't want to happen.

3. Lack of Structural Clarity

The assistant sometimes confuses backend logic with frontend operations, complicating app architecture and maintainability.

Solution: Clearly separate backend and frontend contexts within AI prompts or instructions.

4. Library Overload

Assistants tend to introduce unnecessary or redundant libraries. This results in heavier, slower-loading pages and complicates dependency management, negatively impacting performance and maintainability.

Solution: Enforce stricter checks or approval workflows for adding new libraries.

5. Repetitive and Bloated Code

Generated code can become repetitive and bloated, rather than efficiently leveraging simple, reusable components.

Solution: Encourage AI assistants to identify and reuse existing components rather than generating repetitive code.

AI-Assisted Coding: Challenges and Solutions

Download PDF

1. Security Risks

Issue: Secrets or API keys are ending up in frontend code, exposing vulnerabilities.

🧩 What to look out for:

  • Keys in .js, .ts, .html, or other frontend-accessible files.
  • AI inserting sensitive values directly into config or fetch calls.

🧭 PM Instructions:

  • Set a policy: No secrets should ever exist in the frontend. Use environment variables or secret managers.
  • Integrate a vault: Tools like HashiCorp Vault, Azure Key Vault, or AWS Secrets Manager should be used.
  • Code review step: During pull requests, include a mandatory secret-scan step (automated or manual).
  • AI prompt hygiene: Ask devs to instruct the AI: "Do not insert actual secrets. Use placeholders."

✅ Questions to ask the team:

  • Have all secrets been externalized to a secure vault or .env?
  • Are devs using AI prompts that reinforce secret management best practices?
  • Are there automated linters or secret scanners (e.g., GitGuardian)?

2. Code Hallucinations

Issue: AI makes major, unrelated changes to files when asked to do small edits.

🧩 What to look out for:

  • Unrequested rewrites or reformatting.
  • Subtle logic bugs introduced by hallucinated refactors.

🧭 PM Instructions:

  • Use Git wisely: Instruct the team to use git diff before and after every AI interaction. This may be overkill as most no-code have auto restore point but use these if needed.
  • Small scope tasks: Encourage "micro-prompts" (e.g., "Refactor this function" instead of "Fix the page").
  • Rollback safety: Ensure local versioning (like Git stash or branch clones) is practiced.
  • Code review mindset: Encourage team to never trust AI blindly — always validate with tests or logic review.

✅ Questions to ask the team:

  • Are you reviewing diffs after AI modifications?
  • Was this prompt specific enough to avoid scope creep?
  • Is test coverage in place to detect AI-introduced regressions?

3. Lack of Structural Clarity

Issue: AI mixes frontend concerns with backend logic, violating separation of concerns.

🧩 What to look out for:

  • Business logic leaking into frontend components.
  • Backend code invoking UI elements, or vice versa.

🧭 PM Instructions:

  • Architecture mapping: Make sure a clear folder and component structure is documented.
  • Prompt suggestions: "Keep this logic server-side" or "Frontend only handles presentation."
  • Review meetings: Include a structure check in sprint demos or pull request reviews.

✅ Questions to ask the team:

  • Is this logic properly scoped to the backend?
  • Does the folder structure reflect frontend/backend separation?
  • Are your prompts reinforcing architectural constraints?

4. Library Overload

Issue: AI introduces unnecessary third-party libraries, bloating the project and adding maintenance overhead.

🧩 What to look out for:

  • New package.json dependencies with unclear purpose.
  • Libraries used for trivial tasks (e.g., moment.js for formatting a date).

🧭 PM Instructions:

  • Define a baseline: Maintain a list of approved or recommended libraries.
  • Review dependency diffs: For every PR, check for added packages and justify each.
  • Prompt discipline: Instruct devs to ask: "Use built-in methods unless absolutely needed."

✅ Questions to ask the team:

  • Did we already have a solution in the codebase?
  • Is the new library well-maintained and widely used?
  • Could this be done with native functionality?