Technical Enough

Week 3 · Your Build · by Shivali

Day 19 of 21

Guardrails, what seasoned builders learned the hard way

This is a practitioner-wisdom day. The five things below are things experienced builders just know, that nobody tells beginners until they have been burned. We are telling you up front.

The reason this lesson exists at all is that the difference between a hackathon project and something that does not ruin your month is almost never about the code itself. It is about a handful of operational disciplines that, if you bake them in from day one, save you from incidents that get talked about at the holiday party for years.

There are five.

Image slot

Suggested meme: a photo of construction caution tape wrapped around a server rack (or a single shipping container marked 'production'). Caption: 'rate limit before public launch, every time'. Save as public/lessons/day-19-meme.png and add src='/lessons/day-19-meme.png'.

The boring tape that saves the weekend.

Guardrail 1. Secrets do not live in the code.

API keys, database passwords, tokens, anything that could be used to spend money or access user data, none of it goes in your code, ever. It goes in environment variables (Day 7), which are read at runtime and never checked into git (Day 6).

The classic version of this incident goes like this. A developer accidentally commits an AWS key to a public GitHub repo. Within minutes, a bot finds it, spins up cryptocurrency miners on dozens of EC2 instances, and the developer wakes up to a $50,000 bill. AWS will sometimes forgive this. They are under no obligation to.

The fix is one line of discipline: every secret your code uses is read from an environment variable, and the environment variables are managed by your hosting provider (Day 12), not by your codebase.

Guardrail 2. Personal data is radioactive.

The moment you store information about a real person (name, email, phone, location, IP), you have taken on real obligations. Day 20 covers them in detail. Some of those obligations are legal. Most of them are just hygiene.

Three rules.

  • Do not collect personal data you do not actually need. (Day 11's guardrail.)
  • Do not log personal data into your logs. Logs leak. The day you discover that your error tracker has been ingesting customer emails for six months is a day you will not enjoy.
  • Encrypt personal data at rest (databases) and in transit (HTTPS). The default settings of every major database provider and every major hosting provider already do this, you just have to not turn it off.

Guardrail 3. Money has a kill switch.

Anything in your build that can spend money should have an automatic limit, and you should know exactly how it gets enforced.

  • AI API calls. Set a usage cap per user per day. Set a budget alert at the provider.
  • Hosting costs. Day 12's billing alert. Do this before you click deploy.
  • Outbound emails. Most providers limit you by default, but you should know what your limit is.
  • Outbound SMS. SMS gets expensive fast, especially watch out for international numbers, which are often the target of fraud.

The pattern: any line of code that costs money should have a circuit-breaker upstream of it, and the circuit-breaker should default to "stop" rather than "continue."

Guardrail 4. Rate limits are not optional.

Every endpoint on your backend (Day 10) that does anything meaningful should have a rate limit. The default reason is "the internet is full of bots that will try to abuse anything they find." The non-default reason is "your own front-end code might enter a retry loop that hammers your backend, and a rate limit is what stops it before it takes you down."

Most modern hosting providers and most modern frameworks have rate-limiting tools that take a few minutes to set up. The cost-benefit is so lopsided that there is no excuse for not having it. Day 10 mentioned this in the vocabulary sweep. Today it gets the guardrail it deserves.

Guardrail 5. There is a documented kill switch.

For every product you ship, you should know exactly how to turn the whole thing off, in under five minutes, in case something has gone wrong that you cannot fix in real time.

The kill switch is usually one of three things.

  • A feature flag in your code that lets you disable specific functionality (you flip it without redeploying).
  • An environment variable that puts the whole site into maintenance mode.
  • A button at your hosting provider that takes the whole deployment offline.

Whichever it is, you should know which one it is, and you should have used it at least once in a staging environment so you are not figuring it out for the first time when production is on fire.

AI-specific operating disciplines

Day 18 covered how to work with AI; here is the operational layer that comes with that. Three habits that turn into incidents when you skip them:

  • Per-user AI usage caps. Anything in your build that hits an AI API should have a cap, per user, per day. Without it, one user (or one bot) can burn a month of budget overnight. This is Guardrail 3 applied to AI specifically.
  • Verify before you trust. Run the code, read the diff, look at the actual output. Don't ship code you haven't read. AI is confidently wrong often enough that "it looks right" is not a green light.
  • The kill rule. If you have iterated with AI five times on the same thing and it still is not right, stop. Reset the context, try a different framing, or do it yourself. The forty-seven-message death spiral is a real failure mode.

These three plus the five guardrails above are the pre-flight you actually need.

The pre-flight checklist

Before you ship anything to real users, run this five-item list. The first time, it might take an hour. Every time after, it takes five minutes, and it is the cheapest insurance you will ever buy.

  • Secrets are in environment variables, not code.
  • Personal data is minimized, not logged, and encrypted.
  • Money has a circuit breaker (billing alert, usage caps).
  • Rate limits on every meaningful endpoint.
  • Documented kill switch you have actually used.
  • AI usage caps per user, and a verification habit on AI-generated code.

Save the list. Use it on every build for the rest of your career.

Forward references

Day 20 covers the legal sanity checklist that goes hand in hand with these technical guardrails. Day 21 closes by asking you to commit, on paper, to running this list before shipping.

Day 19 wrap

The thing you can now say plainly. The difference between hackathon code and shippable code is five guardrails: secrets out of code, personal data minimized, money on a circuit breaker, rate limits everywhere, documented kill switch.

The thing you can now do. Save the five-item pre-flight checklist and run it on every build you ship.

The guardrail to remember. The whole lesson is the guardrail to remember. The first time you skip the checklist is usually the time you wish you had not.

See you on Day 20, where we cover the side of the build that is less about code and more about laws.