From Prototype to Production: Lessons Building with AI
Introduction
My name's Ashni and I've spent the last 10 plus years working as a software engineer at various companies like Microsoft, Amazon, Square, and then a few startups.
I've built my own tech startup or AI startup, which is what I currently work on day to day.
But I've also taken on fractional CTO roles and advise other startups in how to implement best AI practices or just building products in their companies in general.
Setting the stage
And so tonight, I'm hoping we can go on a small journey together, maybe find some love for some pets.
You'll see why in a moment.
Goals for the session
And understand some of the benefits of how to take these fast AI prototypes that you can build and turn it into something that is actually production ready and safe.
Why human-in-the-loop matters
As Himanshu shared earlier, there's a lot of issues with just blindly using and trusting AI.
And a lot of the things that he spoke about with having humans in the loop will come back into some of the things I talk about as well.
So these are very important concepts to start using.
Quick audience pulse check
Before I get too far into this, can I get a quick show of hands?
Who is a technical person?
Oh, okay.
I thought it was a lot more or less technical folks.
Awesome.
AI coding experience
And who has tried vibe coding or using one of the AI coding tools?
Okay.
Value for non-technical attendees
Cool, so this talk is mostly for you, but I want to emphasize non-technical folks, you'll hopefully walk away with some helpful tips and maybe a new way to show your boss or your manager that you're actually really, really smart too, which we all know you are.
So whether you're technical or not, there's still a lot you can learn here.
From idea to prototype in minutes
You've likely seen videos of people online or built out your own web app or mobile app in 20 minutes because it's possible, it's really cool, and it's really fast and easy.
Speed vs. stability questions
But as those AI tools are incredibly fast, there's also a couple of questions around how stable are they?
How real are they?
And are you possibly leaving any issues or safety concerns with the products that you're building?
Live demo: Tinder for dogs
I am going to build a quick Tinder for dogs, so that's where we're going to find some love for your pets.
If anyone remembers the movie Snow Dogs, this is Demon from Snow Dogs, and it's one of my all-time favorite movies, so we figured let's find him some love.
What we’ll cover after the demo
And then after that, we're going to talk about some of the practical safeguards that you should implement into it.
About AI coding tools and prompting
So for the folks that haven't used any of these AI coding tools, I'll come back and explain some of these.
But just in the interest of time and to be efficient, I'm going to kick off the first prompt.
Tooling overview
Firebase Studio kickoff
So this is a tool built by Google called Firebase Studio.
You can find it at studio.firebase.google.com.
I'm using it right now because I haven't found any credit limits yet, and we like free things that let you go far.
But there are plenty of other tools I'll talk about in a moment.
I really encourage learning how to prompt well.
This right here is a terrible initial prompt because it's super vague, but for the interest of today, we're going to keep it.
The prompt is, in case you can't read it, create a simple web app where users can add dog profiles and swipe left or right to find matches.
quite literally Tinder for dogs.
So I'm gonna hit prototype with AI, and hopefully it's gonna kick off because I am connected to the internet, great.
And then while it's doing its magical thing, and I'll come back and explain some of it to you.
Actually, it always asks me a confirmation step, so we'll do that first.
Prototype flow and customization
With this tool in particular, they sort of give a summary of what they're going to build and then give you a color palette and some other iconography.
If you want to change any of that, you can.
For now, I'm just going to say prototype this app, and now it's going to start building.
Some of the other tools don't necessarily do that, so it's good to just know what to expect.
Landscape of AI dev tools
Now, in terms of tools to use,
These are quite a few.
Firebase Studio isn't even on this list.
This is a screenshot I grabbed from Henry Hsu, who is one of the founders of super.com.
You should definitely follow his content.
He's great.
So what this graph is showing you is which ones are not so technically friendly and which ones are more technically friendly.
So on this side, we've got non-technical like v0 and lovable at the top left.
And those help you build really good products that you can almost just ship with a push of a button.
And those are the ones that a lot of folks are building, like functioning web apps from mobile apps in 20 minutes.
The one I really recommend is Replit, where Replit is a lot more production ready.
It's actually closer to something that you can ship without too many issues.
they've got inbuilt databases and tools like that that are actually pretty good and stable, whereas vZero and Lovable require you to connect to external databases.
Not a problem, depends on what your product is.
And then on the more technical side of things, so that's for all my developers in the room,
You've got a combination of Klein, Cursor.
I've just started testing Windsurf for fun.
Cloud Code seems to be getting a lot of positive feedback as well.
But as you can see, there are quite a lot of different tools that are all really good for different reasons.
So definitely worth experimenting.
And for the non-technical folks, maybe stick to the top left corner until you're more comfortable.
Comparing outputs across tools
All right, let's see what our Google Firebase Studio is doing.
It is still building out the code.
So I'm going to zoom in here a little bit, just so you can possibly read this a little better.
What Firebase Studio generates
So folks that aren't familiar with frontend, this is using Next.js, which is built on top of React, and it's building out some libraries so it can use some datas, build some types.
It's also creating some hooks where it can use geolocation, because apparently I don't need to find a dog that's in Iceland unless they're paying for my dog to go and visit them, and me too.
Ideally, I want to find someone in Toronto.
I'm talking about the dogs here.
You can see the different files.
You can also see the code that they're building as well.
v0, Firebase, and Lovable side-by-side
And since it's still taking a couple seconds, I'm going to actually flip through some other tabs I preloaded with basically the same prompt.
So over here, we have vZero.
And vZero actually went and created a pretty basic version of this app.
I can go through.
I can like Buddy.
I can like Luna.
You know what?
Milo looks a little mean.
Maybe I don't want to match with Milo.
And Bella also looks really cute.
And so it's going to start giving me a list of all the dogs that I've matched with.
Maybe I can send them a message.
Oh, that message button didn't work.
We'll come back to that later.
Early Firebase Studio version
In a similar way, this is an earlier version of Firebase Studio I did, just because I want to make sure things don't break completely when I do the demo.
And you can see this visually is already different.
The matches are on the side here, whereas on the other screen, they were somewhere else.
This like or dislike is also slightly different.
Buddy is a golden retriever, but they put a photo of the golden bridge on there.
Maybe I'm a little suspicious here.
Lucy is also a building.
And Max the German Shepherd is a laptop.
Maybe he's just working so hard he couldn't take a proper photo.
Clearly not the best version of this, but hey, it works, right?
And now it's just about putting photos in, which that's not a hard problem.
Lovable’s strengths and quirks
Finally, I'm going to go to Lovable.
I find Lovable usually has the nicest-looking sides, but it's not always the best from a logic perspective.
From my earlier experiments, vZero was better on logic, and Firebase just has unlimited tokens for me, so I kind of stick with Firebase a lot of times.
As you can see here, Lovable actually AI-generated some beautiful photos.
So in this one, Buddy looks great, Luna...
I don't think that's a dog.
Does anyone else think that's a dog?
No.
We're going to X out of that.
We don't need any cats here.
Unless you're a cat lover, we love them too.
Then we got Charlie.
And that's all.
So we only have three dogs on this platform.
I did add an extra prompt in this one.
So we have a My Matches section where you could then go and message the owner and start a chat and schedule a play date.
And maybe Buddy and I, or Buddy and my dog, Demon, will be great friends.
All right.
Back to the live build
Hopefully I killed enough time.
Naming fun and first look
All right, we have Positive Match.
They come up with the craziest names on these, honestly.
Like if you notice, Lovable is called Bark Mate in the top.
The other Firebase one I did is called Pup Match.
If you need a name generator ideas, they're not bad.
Oh boy, is that a dog?
We're going to move off the dog photos, but here you can see if you want to like it or nope it.
Same general concept or idea.
Hitting bugs and limits in live demos
All right, there's a little bug in this one.
Ideally, we can fix it.
And here they actually want you to generate or input your API key, which I'm not going to do right now because live demos are a terrible time to do that.
But we are going to move on.
Iterating with better prompts
let's say we're over here and we like these so we can start seeing the matches over here, but I actually want to message Daisy.
And in this platform, I'm not able to, so I can come into the chat box.
Adding messaging via chat prompts
Again, you can do this in any of the tools and you can just say something as simple as let me message my matches.
Again, very basic prompt.
You probably want to build a lot more into your prompt.
Specifying richer requirements
For example, if I have matched with someone and they've matched back with me, I want to be able to message them.
I want it to show up in a pop-up modal.
I want the messages to send push notifications.
If it's a mobile app, there's a lot more layers and information you can provide to make it a better prompt.
However,
Ah, all right, this is starting to require more stuff.
Beyond the demo: pros, cons, and production
And the purpose of today was not to show you how to do AI prompting, though I'm always happy to do that, but it's actually to talk about some of the pros and cons and how to make this better, safer, and faster so you can ship these to production.
Where AI shines: rapid prototyping
So, where AI shines is obviously rapid AI prototyping.
It's super, super fast, and you can go from idea to product.
I did, what, five minutes?
Less than that to get the dog Tinder matching service up.
If you're looking to build your own tech startup, you can use it to pitch to investors or show potential customers what you can do with the kind of products and tools you have.
So as an example, with my startup right now, we're actually looking at expanding our product offering and starting to sell our product to businesses in a slightly different way to who our current customers are, which are customers or everyday people.
And with those businesses, I've actually just mocked out a quick prototype that I can use in meetings to demo to them.
How long did that take me?
25 minutes.
Whereas if you had to actually go and build out the entire thing, it'll probably take me a couple of days to get everything fully correct.
This is prior to AI.
So speed, ideation, iteration, you can go and add as many features as you want onto this.
It can be extremely fast and super powerful.
Tradeoffs to watch
But wherever you've got awesome wins, you also usually got a couple of fails.
So
Code quality and consistency
Code quality.
AI code is generally following best practices, but it can be really brittle and sometimes show you inconsistent code.
What I mean by that is hopefully folks that are coders here are very good at extracting code, using components, using reusable code because it's just better coding practices.
And if you have team members that code with you, they'll love you more for it.
AI code doesn't do that unless you instruct it to.
And so if you have a website with five pages, it's probably going to hard code or use HTML or JSX to code out each of those pages.
And if you want to make updates, I see someone in the front checking their head.
They know exactly what I'm talking about.
If you want to go and update those.
So let's say the app is called palm match and you want to call it bark made instead, you have to go and find every instance and update it.
That's not great.
What's better is if you have it in a single file and then that's being imported into your main code base.
So AI code can be really brittle, it can break randomly, and it sometimes follows different patterns.
They are generally best practices that you find across the internet, but it's the best practice for that specific prompt and not across your codebase.
Security gaps in quick prototypes
Now, talking about security, all of the products I showed you that we built out had no authentication.
It wasn't really connected to any sort of validation systems, and there was no monitoring or logging.
So I have no idea, as a person who built it, what's going on with my system.
Why is that a problem?
If I'm going here and I'm messaging Daisy or Daisy's owner, how do I know Daisy is a real person?
How do I know Daisy is not a bot?
Granted, that's not an authentication issue.
That's a whole other set of issues.
But in order to make sure that these are real people you're talking to and have some sort of validation in this, you need to incorporate that into the way you're building it.
Having authentication is a good idea or a good way to do that.
Data persistence and databases
Another pretty big issue with this is it's not connected to a database, at least not this version.
And I can upload 300 photos of daemon, but they're not going to go and get saved anywhere.
So you do need to connect to a database.
If I quickly go back to this, one of the benefits of these tools here is they'll often connect with Supabase, which is a pretty great database system.
I actually personally love it and use it.
If you're going to the more technical side, you can more freely connect with any other database system.
So you definitely want to connect to a database, but the AI systems may not be immediately connected to those.
Maintainability and debugging
and oops, went a little too far, maintainability.
Sometimes these AI code systems or AI coded prototypes can be really hard to debug.
For example, we ran into an issue the first time we ran this.
This one, not too complicated to understand why there's an issue.
But if you're not a technical person, this is probably googly goop to you.
Or ideally, it should be, because you shouldn't be figuring out how to code to use this.
And so you're going to have to go and figure out how to debug this.
I've had so many times and wasted so many tokens on all of the different platforms saying, hey, I have a bug.
This is doing this, but it's meant to do this.
Please fix it.
I always say please, because I know the robots are going to kill me afterwards if I don't.
The AI will just be like, oh, you know what, the code looks fine, or I'm making these changes and then makes zero changes.
And that can be extremely frustrating.
So sometimes this can be hard to debug.
One of the things to improve debugging is refactoring your code, which we'll come to.
Or I kind of talked about that already, but I'll talk about it again.
Collaboration and version control
The other issue with this is how are you sharing this and how are you working on projects like this with other people?
So for technical folks, it's probably a pretty quick answer of set it up in GitHub, have some other folks, make sure any changes they make are on a separate branch so that you're not interacting with each other.
If you didn't understand any of those, there's a reason for that.
There's a reason you have developers developing your product and you can build quick, fast prototypes.
Not saying you can't migrate from this into some of those better practices, but just off the bat,
It's a little bit harder.
And then from a maintainability perspective, wait, sorry, that was the last part I spoke about, maintainability.
How do you make changes?
And who owns the code?
Who's implementing the code and the changes down the line?
Guardrails for shipping to production
So my general rule of thumb here is AI tools are incredible accelerators, but they're not autopilots.
You still need engineering guardrails to make sure you're building something safe.
So let's very quickly talk about that guardrail before I'm asked to leave the stage.
Establish a review process
The first thing is building a review process.
So this kind of touches on what Himanshu spoke about earlier on having a human in the loop.
You want to make sure that any code that is getting pushed into your system, if it's going into your GitHub code base or you're just pushing it live because you're using some of the less technical tools, you still want to understand enough about what's going on so that you don't suddenly push a change that exposes all of your customers' data.
Because if your customers find that, they'll probably be really upset and possibly sue you.
You also want to avoid code changes where, um, I, and this happened to me last week, actually, uh, one of my teammates who's a junior and still getting comfortable with using AI and coding, they ended up pushing about using AI, pushing a bunch of changes, not checking the import statements, and then importing three packages using a different type of package.
So react toast instead of reactive use toast, um, where we've already implemented those.
And by using a different package, you now have different styling and different functionality.
And that leads to poor performance and poor use cases with the user experience and user interface with your platform.
Security hygiene and API key safety
Moving on, you want to implement security checks, whether this is you testing out your platform or putting authentication into the system, safeguarding API keys.
That's a big one, actually.
Real quick show of hands, who does not know what an API key is?
Maybe I should have asked it the other way.
Who knows what an API key is?
Okay, so we have a few hands that are down.
I'm not gonna name anybody.
API keys are basically a way for you to connect to another tool or another platform.
So here, this is asking me for my Gemini API key.
So Gemini is another, like Google's AI.
You don't want to post this code or that API key in the public because if somebody finds it, they're going to start using it and your account is going to get billed for it.
And that's with AI.
You could also have the same for your Stripe account if you're getting payments and things like that too.
So you want to make sure that those are being kept very safe.
Testing and scalability planning
Moving on, you want to implement good testing frameworks and practices.
So how do you make sure you've got tests so that your platform doesn't randomly break in the middle or you make a change saying, hey, let's add messaging to the system and all of a sudden image uploads are no longer working on your Bark app.
As you start planning for scalability,
you want to make sure that you're starting to use, or you're starting to get off the, sorry, there's like some audio going on.
Okay, we're good.
As you're planning for scalability, you want to work on having your own systems that you're using.
For example, AWS or Netlify as a hosting provider instead of the built-in hosts that the AI tools provide you.
This just means you have a little bit more control.
You also probably are going to save your costs if you start getting a larger user base in the future.
My next point is massive.
Environments: local, staging, production
I actually just set up, I worked with one of the startups that I advised last week on setting up a local staging and test environment.
They spent the last four months building out their entire system using Replit, which is a phenomenal system.
Honestly, if you want to experiment and want to go one step above lovable, Replit is your next step.
And he managed to build out an entire system.
And now he's trying to figure out how do I add a feature when the system is already live?
And the best way to do that is to set up a local environment, a staging environment and a testing environment where local is for you to test for yourself.
Staging is where you sort of have a fixed definition of what's going on.
So if anyone else on your team is testing it, they're using that as a backup.
And then obviously production is the real one.
I said testing here, I clearly typo that's meant to be production.
Keep humans in the loop
finally humans in the loop it's just always good to have a set of eyes that's going through your product every now and then and especially before any major deploys because if you don't you could very easily launch this product without realizing that there's a bug in it and that can cause various different issues
Wrap-up and how to connect
Alright, I'm definitely well past my 15 minute mark at this point, but I love talking about these kinds of things.
If you're experimenting with AI tools, want to grow from any of this, if you're looking for folks to help you out with that, I do consulting, I do fractional work, I'm also just always happy to chat.
And I will be around if I don't have a slice of pizza in my mouth, feel free to chat with me.
If I do, chat with me anyway.
And yeah, lovely to meet you.
Connect with me on LinkedIn or my email and my website are there as well.