AI wrote your app. This repo — and the service behind it — keeps it alive in production.
Anyone can vibe-code a working app in a weekend now — Claude Code, Cursor, Bolt, v0, Lovable, Replit. Great. That's step 1.
Steps 2 through 10 are where vibe-coded apps die in public: secrets in git history, missing auth on admin routes, no monitoring, no backups, crashes nobody sees, databases with no restore test, .env files floating around on people's laptops.
This repo is the free, open playbook for every step after the vibe-code. Dockerfiles, K8s manifests, backup scripts, monitoring stack, CI/CD templates, pre-launch checklists — MIT-licensed, ready to fork.
If you'd rather someone just do it for you → vikgmdev.com ($1,500 done-for-you in 10 business days).
Every vibe-coded app dies the same way. Color tells you what kills you.
| # | Step | Kind | If you skip this |
|---|---|---|---|
| 🔵 01 | Vibe-code your app → read | YOU + AI | You don't have an app to deploy. |
| 🚨 AI stops helping here 🚨 | |||
| 🔴 02 | Security audit → read | SILENT KILLER | Secrets leak. Auth bypassed. You find out from a user. |
| 🟠 03 | Architecture & bug audit → read | Breaks at scale | Fine with 10 users. Dies with 100. |
| 🟠 04 | Containerize & build → read | Complexity trap | "Works on my machine" is not production. |
| 🟠 05 | Deploy to production → read | Complexity trap | Wrong platform = 10x costs or 3am outages. |
| 🟡 06 | Health checks & uptime → read | Operational blindspot | App down 6 hours. Found out by user email. |
| 🟡 07 | Error monitoring & logs → read | Operational blindspot | Errors happen. You never see them. Users leave. |
| 🔴 08 | Backups & DR → read | SILENT KILLER | You drop a table at 2am. Everything is gone. Forever. |
| 🟡 09 | CI/CD & observability → read | Operational blindspot | Deploying from your laptop at midnight. Every time. |
| 🟢 10 | In production. Actually. → read | Alive | You can sleep at night. |
🔴 Red = silent killer (security, backups — you don't notice until it's too late). 🟠 Orange = breaks at scale (arch, containerize, deploy — complexity bites you in front of real users). 🟡 Amber = operational blindspot (uptime, errors, CI/CD — you can't fix what you can't see).
Start with 00 — The journey if you want the 5-minute version, or jump straight to 02 — Security audit if your app is already built.
If you hire me via vikgmdev.com instead of DIY'ing from this repo, here's exactly what happens in the 10 business days:
| Phase | Days | What happens |
|---|---|---|
| 🔍 Audit | Day 1-2 | I read your repo. Security, arch, bugs. You get a written report with a prioritized fix list + go/no-go decision. |
| 🔨 Build | Day 3-7 | I fix what I found. Containerize. Set up monitoring (Sentry + Uptime Kuma), backups (with verified restore test), CI/CD pipeline. |
| 🚀 Deploy | Day 8-9 | We go live. Real domain, real TLS, real traffic. Zero-downtime deploy. Rollback path tested. Load-test green. |
| 🤝 Handover | Day 10 | You get credentials, written runbook, recorded video walkthrough. 30-day on-call support starts. |
Who's doing this? Victor García — a decade as a backend engineer, running Kubernetes, Postgres, Redis, Elasticsearch in production every day at Range Security. Founder of Totem Labs Forge (ERA live on Google Play, Forgetty — 38K Rust LOC in 24 days on GitHub). Not a course creator. A senior platform engineer selling the thing he already does for a living.
Free (this repo) → do it yourself. Everything below is optional.
| Tier | Price | Billing | Best for | Delivery |
|---|---|---|---|---|
| 🆓 Free playbook | $0 |
— | DIYers who want the blueprint, not the human | Fork this repo |
| 🔍 Audit | $497 |
one-time | Want a senior second-pair-of-eyes — you'll implement yourself | 2h live Zoom + written report |
| 🚀 Ship-to-Live Core ⭐ | $1,500 |
one-time | Most people — working app, real users or launch coming up | 10 business days, done-for-you |
| 🔥 Ship-to-Live Launch | $2,500 |
one-time | Product Hunt / Show HN date is LOCKED IN | 5 business days (rush) + 48h war room |
⭐ = recommended starting point for most buyers.
If you have a launch date and your app can't fall over in front of 10,000 visitors, Core + Launch extras means:
- 🔥 Delivered in 5 business days — 2x faster than Core
- 🔥 Pre-launch load test — simulated PH traffic spike, I show you where it breaks, fix it, retest
- 🔥 48-hour war room — I'm in your Discord across launch day, <30min response SLA
- 🔥 Cloudflare aggressive tier — rate limiting, bot blocking, caching tuned for viral traffic
- 🔥 Status page + incident templates pre-built — no 2am tweet composition
- 🔥 User comms drafted for you — "brief issue, now fixed" + "thanks for the support" posts
- 🔥 Post-launch debrief — 3 days after, we review what worked, what nearly broke
My launch is in <5 days → email with LAUNCH FIRE in the subject. Add $500 rush fee for <5-day windows.
| Path | Price | Billing | What happens |
|---|---|---|---|
| 🧳 Migrate out (default) | $300 |
one-time | I help you move to your own cloud over 2 days. Clean break. |
| 🔧 Ongoing Ops | $500/mo |
recurring | Stay on my infra. 4h/mo of my time. Cancel anytime. |
| 🛠️ Ongoing Ops Plus | $1,500/mo |
recurring | Stay on my infra. 12h/mo. Part-time platform engineer. |
| 🛑 Decommission | Free |
— | I shut it all down on day 30. You're on your own. |
No auto-renewals. At day 20 I email what I'd recommend. You choose by day 30. If you don't reply: default = Migrate-out. No silent recurring charges, ever.
Book your slot → vikgmdev.com · vikgm.dev@gmail.com · Capacity: 5 Ship-to-Live engagements in parallel (max).
Templates (templates/)
dockerfile.{node,python,go,rust}.multi-stage— production-ready, non-root, minimal imagesdockerignore— copy-paste to prevent leaking.env+ bloating imagesdocker-compose.monitoring.yml+Caddyfile.monitoring— Sentry + Uptime Kuma + Prometheus + Grafana in one filegithub-actions-deploy.yml— test on PR, build + push image, deploy on mergepostgres-backup.sh+postgres-restore-test.sh— backups that are actually testedk8s-manifests-starter/— namespace, secrets, deployment, service, ingress, HPA, backup CronJob
Checklists (checklists/)
- Security pre-launch — print and tick
- Launch day — T-7 days through T+7 days
- Incident response — minute-by-minute protocol + postmortem template
Open an Ask-a-question issue. I answer publicly — so your question helps the next 100 people who have it.
Or email directly: vikgm.dev@gmail.com.
- ⭐ Star the repo — helps other vibe coders find it
- 🐦 Share with someone who's about to launch
- 🤝 Hire me for the next app
- Not a Kubernetes course. If you want one, Kelsey Hightower's kubernetes-the-hard-way is still gold.
- Not a zero-to-hero DevOps bootcamp. It's focused on the minimum real path from vibe-coded-app to survivable-in-production.
- Not theoretical. Every template is something I've run in production.
vikgmdev.com · vikgm.dev@gmail.com · @vikgmdev
MIT licensed · Built by Victor García