The Deployment Graveyard: A Field Guide
Why every app I've built with AI is stuck on my laptop
I have my own graveyard.
Not a metaphorical one. It’s an actual collection of projects that worked, that solved real problems, and that I even used every day. But they’re dead now. Not because they were bad ideas, but because I couldn’t get them past one impossible step.
Here’s a partial list:
Synergy App. A collaborative project that analyzed partnerships. Built with AI and worked perfectly for me. But handing over AI API calls to the public? Died the moment I tried to figure out how to charge fairly. Cause of death: Billing.
VIP Tracker. A simple dashboard for tracking shareholder investments. Functional, useful, exactly what I needed. Couldn’t figure out how to let other people log in without exposing everyone’s data. Cause of death: Authentication.
KPI Dashboard. A project KPI I was genuinely excited about. Got 80% done, hit a wall I couldn’t see over, told myself I’d get back to it but was too worried about exposing private data. Cause of death: Fear.
Every one of these worked. They just couldn’t leave my laptop.
The Pattern
Ten years ago, I built everything in spreadsheets. Complex formulas, pivot tables, entire business processes. The spreadsheet was my home. But when someone asked “can we make this a real app?”, the answer was: no, or hire a developer.
Five years ago, the no-code wave arrived. Zapier, Retool, Airtable (oh how I loved Airtable!). I could build a real interface without writing a line of code. I could read data from one place and work it into another. But then I needed custom logic (i.e. code) for the fun stuff and to set up authentication was complicated or, in the case of Airtable, expensive. As I pieced together a process it never really scaled.
Now it’s AI. I describe what I want and get working code. It feels like a superpower. I go from idea to working prototype in an afternoon.
And then when I try to share it...
Q: “Where does this live?”
A: Have you tried Cloudflare? Just set up Workers and don’t forget the DB requires D1 setup and bindings. Too hard? Just use Netlify, it’s easy. Oh, the database is BYOD... Use Vercel, it plays well with Supabase, just watch out because the costs can spike!
Q: “Is the data secure?”
A: Well, are you using environment variables? Are your API keys in the client bundle? Did you set up row-level security on your database? Do you have rate limiting? CORS headers? Actually, can you just check the network tab real quick and make sure nothing sensitive is leaking?
Q: “How do people log in?”
A: You’ll need an auth provider. Clerk is popular. Or Auth0. Or Supabase Auth. Or Firebase Auth. Each one has its own SDK, its own dashboard, its own token flow. Pick one and wire it into every route that touches user data. Don’t forget the callback URLs. You know what, just don’t have users, you can have security through obscurity.
Q: “What happens if someone finds the URL?”
A: ...
The One That’s Still Alive
I have a tool called Fabrika. It manages my entire content production pipeline. Cards move through stages: script, film, edit, review, publish. My content team uses it daily. It works.
It’s deployed. It’s online. And I can’t share it.
There’s no login page. I added authentication, but I don’t know how it works. No staging server, so if I fix something or add a feature it might break the app. When I was building it I thought, so many people will like this! But now I’m worried if someone pokes at it wrong, the whole thing could fall over.
So it’s our special little app. Not because I don’t want to share it. Because I don’t trust what I built.
I’m guessing that the only thing protecting Fabrika is that nobody knows the URL. Security through obscurity. That’s not a strategy. That’s a prayer to a God you don’t even believe in.
Fabrika isn’t in my graveyard. It’s something worse. It’s alive, useful, wanted, and trapped. It’s more like a zombie. Or maybe Frankenstein’s monster.
The Trust Problem
There is, by the way, an entire job dedicated to this. It’s called DevOps. Real people spend real careers making sure applications stay up, stay secure, and don’t fall over when someone logs in from a country you didn’t think about. I used to work alongside these people and had absolutely no idea what they did all day. Now that I’ve tried to do it myself, I owe every DevOps engineer I’ve ever met an apology and possibly a drink.
And to be fair, you can learn this stuff. AI is pretty good at walking you through deployment, auth setup, environment variables. The whole point of vibe coding is doing it yourself. So you roll up your sleeves and figure it out.
The problem is you’ll never know if you did it right. A fully functional app and a fully compromised app look exactly the same. Everything works. Users can log in. Data gets saved. But is the auth actually secure? Are your API keys exposed in the client bundle? Is your database locked down or wide open? You can’t tell by looking at it (and the AI will say it’s fine while exposing secret keys).
It’s stopped me from launching many a project.
The Cost
When a prototype dies in the deployment graveyard, you don’t just lose the project. You lose the trajectory.
The dashboard goes back to being a spreadsheet. The internal tool goes back to being a manual process. The side project goes back to being a prototype you use on occasion but know you shouldn’t ship.
The painful part isn’t the failure. I can learn from failure! The painful part is knowing it works. Knowing it solves a problem. Knowing people might want it and use it. And then having it sit there, running on localhost, useful to just me. I’m all for personal software, but this sucks.
This is not a personal failure. This is structural. The tools that make building easy don’t make shipping easy. The gap between “it works” and “people can use it” is enormous. And it feels like the same gap it was ten years ago.
What Would It Take?
I keep coming back to the same question.
Why can’t deployment be as easy as building? What if the thing that helped you make the prototype also helped you put it on the internet, with auth, with a database, with security that isn’t just hoping nobody finds the URL?
This is why I am excited about working at Vibes DIY. The team is building the thing we actually need. After you build the app you hit “share,” and people can actually use it. No server management or deployment pipeline. No praying nobody finds the URL. In fact, there is an invite button!
It’s not out quite yet... but I’ve used it and it’s great!
What’s in your deployment graveyard? What did you build that worked, that you couldn’t ship? What killed it?
Drop it in the comments or reach out to chat and I can show you how that same idea could just work.
if you want a database service with a good free tier that is an alternative to Supabase, try NeonDB. authentication is a bit trickier with Neon, at least in my projects which use Python, i had trouble with Neon Auth (which is Neon’s new authentication service) so i moved away from it.
authentication-wise, i’ve used two providers: Clerk — rapidly becoming a rising star in the authentication world. provides very nice components out of the box and setting up session management out of the box is easy, issue is that their data does not sync easily out of the box, i’ve had issues with their supposed Neon integration. i had to set up webhook server just to sync their data. this was nearly a year ago though, things have probably changed.
PropelAuth — seems less known but integrates nicely with my backend. the frontend components are not as nice though and feel more clunky since they more obviously indicate you are using their services vs. what Clerk provides. feels very “Unregistered HyperCam 2” at times.