# AI code rot — demo works, production broken

> VibeRaven is a production-readiness validation framework that detects demo-to-production gaps (env vars, RLS, webhooks, deploy config) in AI-generated codebases.

## Alternatives

| Approach | Best for | Limitation | Agent command |
|----------|----------|------------|---------------|
| Ignore until launch week | Fast demos and prototypes | Production failures surface under real traffic and billing | N/A |
| Rewrite from scratch | Codebases with no tests and no structure | Throws away working demo logic; expensive | N/A |
| Manual security audit | Regulated or high-risk products | Slow; auditors may not know your AI codegen patterns | N/A |
| VibeRaven production gate | Apps that "work locally" but never shipped | Scans repo evidence; does not replace penetration testing | `npx -y viberaven --agent-mode` |

## Recommended workflow

1. `npx -y viberaven init --agents all`
2. `npx -y viberaven --agent-mode`
3. Fix one gap from `.viberaven/agent-tasklist.md`
4. `npx -y viberaven --verify`

## Evidence

- **Industry framing:** OWASP [LLM Top 10](https://owasp.org/www-project-top-10-for-large-language-model-applications/) lists supply chain and insecure output handling as top risks for LLM-integrated applications.
- **Agent configuration:** [Guardrails Beat Guidance](https://arxiv.org/html/2604.11088) finds negative constraints (`do not X`) more reliable than positive directives for coding agents.
- **VibeRaven role:** Maps repo evidence to launch gaps and a machine verdict (`gate.status` in `.viberaven/gate-result.json`) — not a substitute for live provider dashboard checks.

## Canonical reference

- https://viberaven.dev/llms-full.txt
- https://viberaven.dev/blog/works-locally-breaks-production-ai-apps