# Infrastructure & Self-Hosting Deploy AI apps for under $10/month. Hetzner VPS, Coolify, Vercel, Cloudflare. Security hardening, CORS, server setup. Includes API monitoring and log dashboard. ## Apps (3) ### React dashboard for viewing API logs - AI Docs: https://tigzig.com/ai/apps/log-monitoring-dashboard.md - > **Status:** Private application. Source code is not publicly available. ### Security Checklist for Web Apps - App: https://www.tigzig.com/security - AI Docs: https://tigzig.com/ai/apps/security-checklist.md ### Centralized API monitoring and logging service - AI Docs: https://tigzig.com/ai/apps/tigzig-logger.md - > **Status:** Private application. Source code is not publicly available. ## Blog Posts (37) - [Are You Rate Limiting the Wrong IPs? A SlowAPI Story.](https://tigzig.com/post/are-you-rate-limiting-the-wrong-ips.html) — Tags: security, fastapi, cloudflare, infrastructure How modern multi-hop architectures (Vercel serverless + Cloudflare + FastAPI) cause SlowAPI to rate limit the wrong IPs. Covers the CF-Connecting-IP overwrite problem, X-Forwarded-For spoofing, the custom header fix, and a detailed FAQ on IP extraction across different proxy setups (Caddy, nginx, Docker, direct). AI-readable: https://tigzig.com/ai/posts/are-you-rate-limiting-the-wrong-ips.md - [Claude the Hunter-Killer - Have You Seen Your Nice Little Claude Run a Penetration Test on Your Apps?](https://tigzig.com/post/claude-the-hunter-killer-pen-test.html) — Tags: security, ai-coders, infrastructure Real-world penetration test using Claude Code against a hardened DuckDB dashboard app (230M rows, IMDB data). Despite API keys, Cloudflare edge rate limiting, JS challenge, SQL blocklist and backend rate limits, Claude found repeat() memory bombs that finish within timeout, metadata leaks, and missing conn.interrupt() leaving DuckDB crunching after timeout. Shows how Playwright bypasses JS challenge using real Chrome and fires attacks from same-origin context. Practical lesson: use separate Claude instances for coding and pen testing. AI-readable: https://tigzig.com/ai/posts/claude-the-hunter-killer-pen-test.md - [Tool Builders Infra Guide - Part 5: Set Up Perimeter Security (Edge Defense) for Your Apps on Cloudflare's Free Plan](https://tigzig.com/post/perimeter-security-cloudflare-free-plan.html) — Tags: cloudflare, security, infrastructure Set up perimeter security (edge defense) for web apps on Cloudflare's free plan. Covers orange-cloud proxying, WAF JS challenges (and their impact on AI agent traffic), browser integrity checks, per-domain rate limiting via Cloudflare Workers (100K free invocations/day), zone-level IP blocking with CIDR notation, and Vercel .vercel.app bypass fix. All running across 60+ subdomains and 40+ apps at zero cost. AI-readable: https://tigzig.com/ai/posts/perimeter-security-cloudflare-free-plan.md - [You can set a per-IP rate limit on Cloudflare free plan... stops an attack right at the edge before it touches your app. But not so straightforward...](https://tigzig.com/post/cloudflare-rate-limiting-free-plan-tricky.html) — Tags: security, infrastructure Cloudflare free plan rate limiting challenges for multi-app setups. Vercel's .vercel.app URL bypasses Cloudflare - fix with deployment protection. Free plan allows only 1 rate limit rule, Pro plan gives 2. Workarounds for 60+ subdomains across 40+ apps using Cloudflare Workers. Key takeaway: for single domains, Cloudflare free tier protection is essential. Security checklist updated to 80 items. AI-readable: https://tigzig.com/ai/posts/cloudflare-rate-limiting-free-plan-tricky.md - [Going beyond Google Login for critical apps. Identifying gaps & hardening your entry points.](https://tigzig.com/post/going-beyond-google-login-hardening-entry-points.html) — Tags: security, infrastructure Security hardening beyond OAuth for admin apps on public internet. Two Claude instances ran 130 adversarial tests across 3 phases against a production monitoring dashboard. Implemented layered gates: Cloudflare Turnstile bot detection, pre-login password gate, Google OAuth with email whitelist, Google Authenticator MFA, and JWT verification on every API call. Security checklist updated to 78 items. AI-readable: https://tigzig.com/ai/posts/going-beyond-google-login-hardening-entry-points.md - [tigzig.com is AI-agent first. But what happens when your AI coder runs into a problem on my site?](https://tigzig.com/post/tigzig-ai-agent-first-site.html) — Tags: ai-coders, infrastructure TigZig is now an AI-agent-first platform. AI coders and agents can access 40+ live tools, 155+ guides, and all source codes through structured text indexes built on the llms.txt standard. Includes an AI feedback API endpoint for agents to report broken links or missing content, with automated triage, resolution tracking, and email notifications. The entire site content (20,000+ lines) is downloadable as a single text file. AI-readable: https://tigzig.com/ai/posts/tigzig-ai-agent-first-site.md - [TigZig is Now AI-Agent First](https://tigzig.com/post/tigzig-ai-agent-first.html) — Tags: ai-coders, infrastructure TigZig is now AI-agent first. AI coders and agents are first-class citizens with access to 40+ live tools, 155+ guides, and all source codes indexed and structured for agents. Users can ask their AI coder to scan the site, find apps, explain implementations, and deploy solutions. Built using the llms.txt standard with the entire site content (20,000+ lines) downloadable as a single text file. AI-readable: https://tigzig.com/ai/posts/tigzig-ai-agent-first.md - [Security Checklist for Web Apps - 71 Items](https://tigzig.com/post/security-checklist-web-apps-71-items.html) — Tags: security, infrastructure Practical security checklist of 71 items across React frontend, FastAPI backend, PostgreSQL, DuckDB, Cloudflare, MCP servers, authentication, and VPS hardening. Each item describes the risk in plain English with a code fix. Built from real vulnerabilities found in 30+ public apps after a bot attack. Designed for data scientists and analysts building production tools who may lack traditional IT security background. AI-readable: https://tigzig.com/ai/posts/security-checklist-web-apps-71-items.md - [My Public MCP Server Got Hammered - Security Lessons from a Bot Attack](https://tigzig.com/post/mcp-server-bot-attack-security-lessons.html) — Tags: infrastructure, security, mcp Real incident report of a bot attack on a public database MCP server. Had rate limiting, read-only access, and SQL validation but still got hammered. Worked with Claude Code to fix 15+ attack vectors including exposed server IPs, open system catalogs, and an unprotected Supabase REST API. Covers lessons on securing public demo apps vs client apps, and why ignoring AI coder security audit recommendations has consequences. AI-readable: https://tigzig.com/ai/posts/mcp-server-bot-attack-security-lessons.md - [New on VIGIL: SAST Takeover Disclosures (India)](https://tigzig.com/post/vigil-sast-takeover-disclosures-india.html) — Tags: vigil, security VIGIL app now tracks SEBI Takeover Code (SAST) disclosures under Reg 29. Covers Reg 29(1) filings when someone crosses 5% ownership and Reg 29(2) when existing 5%+ holders change stake by 2%+. Around 10,000 records from last 2 years. Includes leaderboards for largest acquisitions, promoter selling, outsider accumulation, new 5%+ stakes. Filters by company, transaction type, promoter/non-promoter, Nifty indices. Updated daily. AI-readable: https://tigzig.com/ai/posts/vigil-sast-takeover-disclosures-india.md - [Infra Guide for AI Tool Builders - Part 4: CORS in Simple Words: What It Is and How to Fix It](https://tigzig.com/post/fast-tips-what-is-cors-and-how-to-fix-it.html) — Tags: infrastructure, security Explains CORS (Cross-Origin Resource Sharing) as a browser security feature, including preflight requests for non-simple HTTP methods. Covers three proxy solutions: Cloudflare Workers (free, pure pass-through), Vercel serverless functions (mini backend with 5-minute timeout), and FastAPI backend (for Python-heavy processing). Warns against the mode: 'no-cors' trap. Part 4 of the 2026 infrastructure guide series. AI-readable: https://tigzig.com/ai/posts/fast-tips-what-is-cors-and-how-to-fix-it.md - [From 12 second queries to under 1s: Optimizing a 230 Million Row Dashboard - 14 Bottlenecks I Had to Fix](https://tigzig.com/post/from-12-second-queries-to-under-1s-optimizing-230-million-row-dashboard.html) — Tags: duckdb, fastapi, infrastructure Documents 14 optimization techniques that reduced query times from 9-12 seconds to under 1 second on a 230M-row DuckDB dashboard (16GB). Covers pre-computed denormalized tables, single-blob dashboard cache, in-memory query caching, ORDER BY index conflicts, adaptive queries, EXISTS vs CTE (15x gap), client-side computation from loaded data, Docker container memory mismatch with DuckDB, and autocomplete race condition fixes. Open source with dual Hetzner/Oracle backends. AI-readable: https://tigzig.com/ai/posts/from-12-second-queries-to-under-1s-optimizing-230-million-row-dashboard.md - [Architecture & Setup for a Dashboard with Hundreds of Millions of Records - Powered by DuckDB](https://tigzig.com/post/custom-dashboard-duckdb-fastapi-230-million-rows.html) — Tags: duckdb, fastapi, infrastructure, react Architecture guide for building a custom dashboard with 230M rows on DuckDB (16GB). Covers FastAPI backend with read-only and admin endpoints, React frontend on Vercel, serverless proxy for API security, dual backend setup (Hetzner/Oracle), data pipeline with pre-computed denormalized tables, Clerk auth toggle, query timer, and smart search. Addresses Docker container memory mismatch with DuckDB. Open source, runs on 8 EUR/month Hetzner VPS. AI-readable: https://tigzig.com/ai/posts/custom-dashboard-duckdb-fastapi-230-million-rows.md - [ChatGPT connected to your databases. One-click deployment instructions for AI Coders](https://tigzig.com/post/chatgpt-connected-databases-ai-coder-deployment.html) — Tags: database-ai, custom-gpt, ai-coders Custom GPT connected to three live databases (Supabase, Neon, Aiven) for natural language querying of cricket and Tour de France data. Features a 'Copy for AI Coders' button that provides deployment instructions for Claude Code or Google Antigravity to handle end-to-end setup including backend, frontend, and database provisioning. FastAPI server sits between ChatGPT and databases. AI-readable: https://tigzig.com/ai/posts/chatgpt-connected-databases-ai-coder-deployment.md - [How to get Oracle's 24GB RAM server free - what I call the 'VPS Lottery'. Problem - hard to get. Solution - automated scripts and patience.](https://tigzig.com/post/oracle-always-free-arm-vps-retry-script.html) — Tags: infrastructure Guide to obtaining Oracle Cloud's free 24GB RAM, 4 ARM CPU VPS through automated retry scripts. Capacity is rarely available, requiring 24/7 cycling through availability zones for 1-3 months. Includes open-source FastAPI monitoring tool with web UI. Author ran 100K+ API calls over 30 days. Also covers Oracle's always-available 2x AMD Micro VMs (1GB RAM each). Once obtained, deployed DuckDB dashboard as alternate backend same day. AI-readable: https://tigzig.com/ai/posts/oracle-always-free-arm-vps-retry-script.md - [CinePro - 230M Rows, 16GB Database, Instant Queries with DuckDB](https://tigzig.com/post/cinepro-movie-explorer-duckdb.html) — Tags: duckdb, fastapi, react CinePro movie analytics dashboard built on 230M rows (16GB) of IMDb data in a single DuckDB file. Features type-as-you-search across 15M people, multi-filter discovery, Jaccard similarity for finding similar movies, career timeline analysis, side-by-side comparisons, and live query timer. Runs on $7/month Hetzner VPS alongside 40 other backends. Dual backend (Hetzner/Oracle) with UI toggle. Fully open source. AI-readable: https://tigzig.com/ai/posts/cinepro-movie-explorer-duckdb.md - [You are paying ~$3-7 per deployment for your AI Apps. How do you do it in <$10 per month?](https://tigzig.com/post/hetzner-coolify-self-hosting-ai-apps-under-10-dollars.html) — Tags: infrastructure Guide to self-hosting AI app backends on Hetzner VPS with Coolify deployment manager for under 10 EUR/month. Covers the cost problem with per-deployment pricing (40 apps at $3-7 each = $100-200/month). Hetzner provides 8GB RAM, 80GB disk, 4 vCPUs for 7.69 EUR. Coolify offers Render-like deployment interface with GitHub integration. Includes setup guide reference. AI-readable: https://tigzig.com/ai/posts/hetzner-coolify-self-hosting-ai-apps-under-10-dollars.md - [Server Meltdown: How Bots Crashed My AI Tools and What I Did About It](https://tigzig.com/post/fail2ban-server-security-bots-ai-tools.html) — Tags: security, infrastructure Account of a bot attack that crashed a self-hosted server running AI tools. Thousands of SSH login attempts overwhelmed CPU despite SSH key-only auth. Fixed with tightened fail2ban settings: 5 max retries, 1-hour find window, 24-hour ban. Results: 157 currently banned IPs, 1,223 total bans, 6,082 blocked attempts in one week. Links to full 18-mistake security guide. AI-readable: https://tigzig.com/ai/posts/fail2ban-server-security-bots-ai-tools.md - [2026 Infra Guide for AI Tool Builders - Part 3: The 18 Common Security Mistakes and How to Fix Them](https://tigzig.com/post/2026-infra-guide-part-3-security-mistakes.html) — Tags: security, infrastructure Documents 18 security mistakes learned from building AI tools for small businesses. Covers server security (SSH hardening, fail2ban, port management), frontend security (API key exposure, .gitignore, CORS limitations, backend URL leakage), backend security (rate limiting, token auth, frontend-vs-server auth gap, SQL sanitization, error message leakage), database security (admin credentials, connection pooling), and AI coder security audit methodology. AI-readable: https://tigzig.com/ai/posts/2026-infra-guide-part-3-security-mistakes.md - [2026 Infra Guide for AI Tool Builders - Part 1: AI Coder](https://tigzig.com/post/self-hosting-infrastructure-ai-tool-builders-2026-part-1-ai-coder.html) — Tags: ai-coders, infrastructure Describes how Claude Code serves as a complete dev team for building and deploying 30+ production AI tools. Covers full-stack app builds, direct deployment to Vercel and Coolify, database management, auth setup (Auth0, Clerk), Cloudflare DNS, server debugging via SSH, Git operations, API monitoring, and security audits. Emphasizes architecture planning and brainstorming before coding. Uses $200/month Max tier. Part 1 of infra guide series. AI-readable: https://tigzig.com/ai/posts/self-hosting-infrastructure-ai-tool-builders-2026-part-1-ai-coder.md - [2026 Infra Guide for AI Tool Builders - Part 2: Deployment & Hosting](https://tigzig.com/post/2026-infra-guide-part-2-deployment-hosting.html) — Tags: infrastructure Covers the four elements of deploying web apps: frontend hosting (Vercel free tier, 40+ UIs), backend hosting (Hetzner VPS at 7.69 EUR/month with Coolify), domain registration, and DNS management (Cloudflare). Details the journey from Render to Railway to Hetzner. Covers Cloudflare free tier limits (100-second timeout, single subdomain SSL), serverless functions, and Flowise/n8n deployment specifics. Total infrastructure cost: ~$7-8/month for 30+ backends. AI-readable: https://tigzig.com/ai/posts/2026-infra-guide-part-2-deployment-hosting.md - [Building & Deploying AI Apps: Infrastructure Guide (VPS, Security, Monitoring, Costs)](https://tigzig.com/post/self-hosting-infrastructure-small-business-2025.html) — Tags: infrastructure, security Comprehensive infrastructure guide covering Hetzner VPS (8GB RAM, 4 vCPUs, 5.99 EUR/month) hosting 30+ FastAPI backends, Coolify for deployment, fail2ban configuration after bot attack, SSH hardening, UFW firewall, Vercel for 40+ frontends, Cloudflare DNS with caching rules, custom API monitoring via PyPI package (tigzig-api-monitor), PostHog analytics, Brevo emails, and Auth0 authentication. Total cost under $10/month plus Claude Code. AI-readable: https://tigzig.com/ai/posts/self-hosting-infrastructure-small-business-2025.md - [2025 has been a transformational year for me. Deep gratitude to the platform builders and engineers who made it possible.](https://tigzig.com/post/2025-transformational-year-gratitude-platform-builders.html) — Tags: ai-coders, infrastructure Retrospective crediting platforms that enabled transition from analytics to building 30+ open-source apps. Key tools: Claude Code and Cursor for AI coding, Render then Hetzner+Coolify for hosting, Vercel for frontends, Neon for instant PostgreSQL, FlowiseAI for multi-agent setups, xlwings Lite for Python in Excel, Mito AI for Jupyter, OpenAI Custom GPTs for no-UI automation, and Llama Parse for PDF processing. AI-readable: https://tigzig.com/ai/posts/2025-transformational-year-gratitude-platform-builders.md - [Think about it. One of the world's top AI researchers is building tools. Deploying them live.](https://tigzig.com/post/think-about-it-one-of-the-world-s-top-ai-researchers-is-building-tools-deploying-them-live.html) — Tags: ai-coders Commentary on Andrew Ng releasing an Agentic Reviewer for research papers, arguing that AI coders (Claude Code, Cursor) have removed barriers for domain experts to build and deploy tools. Author built 30+ apps at tigzig.com using AI coders over two years. Recommends starting with Claude Code ($20/month) or free Google Antigravity, with YouTube learning resources from Volo Builds, Leon Van Zyl, and Mark Kashef. AI-readable: https://tigzig.com/ai/posts/think-about-it-one-of-the-world-s-top-ai-researchers-is-building-tools-deploying-them-live.md - [Segment 1M customers from 10M transactions (640MB CSV) with natural language queries / Text-to-SQL - entirely in your browser. No server. No remote database. No IT approvals.](https://tigzig.com/post/run-advanced-analytics-locally-in-your-browser-no-server-no-remote-database-no-it-approvals.html) — Tags: duckdb, text-to-sql Browser-based analytics tool (DABX-1) using DuckDB-WASM and text-to-SQL AI for processing multi-GB files locally. Demonstrated segmenting 1M customers from 10M transactions (640MB CSV) entirely in-browser. Built on SQL Rooms framework. Available as a 3.5MB single HTML file. Supports CSV, TSV, Parquet. Data never leaves the machine. AI-readable: https://tigzig.com/ai/posts/run-advanced-analytics-locally-in-your-browser-no-server-no-remote-database-no-it-approvals.md - [Bundle your AI app or React dashboard into a single file.](https://tigzig.com/post/bundle-your-ai-app-or-react-dashboard-into-a-single-file.html) — Tags: infrastructure, react Guide to bundling React apps and AI tools into single portable HTML files using vite-plugin-singlefile. No server, hosting, or IT approvals needed. Two live examples: a 3.5MB Database AI app with DuckDB for multi-GB file analysis, and a 150KB mutual fund analysis dashboard. Covers practical applications for sharing prototypes and internal dashboards. AI-readable: https://tigzig.com/ai/posts/bundle-your-ai-app-or-react-dashboard-into-a-single-file.md - [Instant Database Setup for AI Apps. With Neon.com](https://tigzig.com/post/instant-database-setup-for-ai-apps-with-neon-com.html) — Tags: database-ai, infrastructure Guide to using Neon.com for instant Postgres database provisioning via API in under 1 second. Used in the DATS-4 app for on-demand database creation when users upload CSV files. Covers the full workflow from CSV upload to AI-ready database. Notes Neon's free tier supports up to 30 projects with 15GB total storage. References Replit, Retool, and Vercel as large-scale users. AI-readable: https://tigzig.com/ai/posts/instant-database-setup-for-ai-apps-with-neon-com.md - [Run a Full AI Database App as a Single HTML File. No Server. No Remote DB.](https://tigzig.com/post/run-a-full-ai-database-app-as-a-single-html-file-no-server-no-remote-db.html) — Tags: database-ai, duckdb Single-file deployment of a full AI database app based on SQL Rooms and DuckDB-WASM. The entire React application compiles into a portable 3.5MB HTML file. Demonstrated importing 1.6GB / 11M-row files for in-browser analysis. Built using vite-plugin-singlefile. Supports Gemini API for natural language querying. No backend or server required. AI-readable: https://tigzig.com/ai/posts/run-a-full-ai-database-app-as-a-single-html-file-no-server-no-remote-db.md - [Free, Production-Grade Databases. Get setup in minutes. Great for testing and development](https://tigzig.com/post/free-production-grade-databases-get-setup-in-minutes-great-for-testing-and-development.html) — Tags: database-ai, infrastructure Comparison of three free database providers for AI app development: Neon (sub-1-second Postgres via API, best for AI apps), Supabase (auth integration), and Aiven (5GB free tier, supports both Postgres and MySQL). Used across DATS-4, Custom GPT, and Realtime Voice AI deployments. Includes a spec sheet comparing features. AI-readable: https://tigzig.com/ai/posts/free-production-grade-databases-get-setup-in-minutes-great-for-testing-and-development.md - [Live Portfolio Analytics - Powered by MCP Servers - Open Source](https://tigzig.com/post/open-so.html) — Tags: portfolio-analytics, mcp Modular live portfolio analytics stack powered by MCP-FastAPI servers. Delivers 70+ KPIs, 15+ charts, AI technical analysis, and PDF/HTML reports across 6 interfaces: React, NextJS, ChatGPT, Flowise, xlwings Lite, and forms. Backend uses QuantStats, yfinance, Finta, Gemini Vision, and ReportLab. Three public MCP servers available for plug-and-play integration. AI-readable: https://tigzig.com/ai/posts/open-so.md - [ChatGPT Connected to integrated FastAPI-MCP Servers.. Technical Analysis (TA) report. From stocks to crypto.](https://tigzig.com/post/chatgpt-connected-fastapi-mcp-servers-technical-analysis-ta-report-stocks-crypto.html) — Tags: custom-gpt, mcp, technical-analysis Connecting ChatGPT to integrated FastAPI-MCP servers for generating technical analysis reports on stocks, crypto, and commodities via Yahoo Finance symbols. Backend uses FastAPI with MCP server (Tadata's FastAPI-MCP), serving multiple interfaces: n8n, Flask UI, Next.js, ChatGPT, and xlwings Lite. Outputs formatted PDF and web reports with Gemini Vision chart analysis. Includes OpenAPI schema setup for Custom GPT actions and public source code. AI-readable: https://tigzig.com/ai/posts/chatgpt-connected-fastapi-mcp-servers-technical-analysis-ta-report-stocks-crypto.md - [Build AI Workflows with MCP Servers + n8n](https://tigzig.com/post/build-ai-workflows-mcp-servers-n8n-technical-analysis.html) — Tags: mcp, technical-analysis Building AI workflows by connecting MCP servers to n8n for automated technical analysis. Uses Tadata's FastAPI-MCP to mount MCP on existing FastAPI servers and n8n's MCP Client node for SSE connections. Pipeline pulls Yahoo Finance data, computes indicators, sends charts to Gemini Vision for AI analysis, and outputs PDF/web reports. Includes Docker deployment setup, public MCP server URLs, n8n schemas, and full source code. AI-readable: https://tigzig.com/ai/posts/build-ai-workflows-mcp-servers-n8n-technical-analysis.md - [Quick Deploy Advanced Analysis Multi-Agent with Flowise](https://tigzig.com/post/quick-deploy-advanced-analysis-multi-agent-with-flowise.html) — Tags: database-ai Four-step quick deployment guide for a multi-agent advanced analytics system using Flowise AI. Import agent schemas, update credentials, deploy a FastAPI SQL connector, and adjust security settings. Supports reasoning models (Deepseek, Gemini, Sonnet 3.7) with a sequential agent architecture. Tips cover free database setup (Neon, Aiven, Supabase), adding new reasoning models via OpenRouter, and customizing agent routing. AI-readable: https://tigzig.com/ai/posts/quick-deploy-advanced-analysis-multi-agent-with-flowise.md - [How to set up, deploy, and connect Google Scripts to Make.com for task automation.](https://tigzig.com/post/automate-tasks-with-ai-voice-agents-and-google-script.html) — Tags: voice-ai Part 3: setting up Google Apps Script for task automation connected to Make.com and Flowise AI voice agents. Demonstrates automated report generation (Excel-to-PDF), slide creation, and email delivery triggered by voice commands. Uses React.js custom frontend, Flowise for LLM agents, Google Script for automation, and FastAPI for AWS MySQL database connectivity. Includes hands-on implementation guide, source code, and JSON schemas on GitHub. AI-readable: https://tigzig.com/ai/posts/automate-tasks-with-ai-voice-agents-and-google-script.md - [How to use AI Assisted Coding Tools like Claude Dev and Cursor AI to develop LLM Apps with natural language commands. And deploy to open internet.](https://tigzig.com/post/build-ai-voice-action-agent-app-in-react-js-in-natural-language.html) — Tags: voice-ai, ai-coders Part 4: using AI-assisted coding tools (Claude Dev VS Code extension and Cursor AI) to build LLM voice agent apps with natural language instructions. Demonstrates building a React.js voice bot with voice-to-text, chat completion, and text-to-speech components, then deploying to Vercel. Covers GitHub-to-Vercel deployment pipeline, multilingual support, and API endpoint routing to Flowise LLM agents. AI-readable: https://tigzig.com/ai/posts/build-ai-voice-action-agent-app-in-react-js-in-natural-language.md - [LLM App | FastAPI Server | Web](https://tigzig.com/post/blog-llm-app-get-yahoo-financials-flowise-fastapi.html) — Tags: database-ai, fastapi, portfolio-analytics YFIN Bot: an LLM app built with Flowise AI and FastAPI for extracting Yahoo Finance data (balance sheet, P&L, cash flow, quarterly income, closing prices) for listed equities. Uses Langchain Function Agent with custom tool, GPT-3.5-Turbo, and a Python/yfinance FastAPI server deployed on Render. Available as web app and Custom GPT on GPT Store. All code generated by ChatGPT and Gemini. AI-readable: https://tigzig.com/ai/posts/blog-llm-app-get-yahoo-financials-flowise-fastapi.md - [Code Red: Unprotected GPTs & AI Apps exposed by simple hacks](https://tigzig.com/post/code-red-unprotected-gpts-ai-apps-exposed-by-simple-hacks.html) — Tags: security, custom-gpt Security analysis of prompt injection vulnerabilities in Custom GPTs and AI chatbots. Documents hacking techniques: magic prompts, brute force, social engineering, image-embedded injections, malicious URL attacks, and code interpreter exploits. Covers countermeasures: security instruction prompts, disabling code interpreter, ML-based prompt filtering, and third-party security services (Lakera). Discusses trade-offs between security and GPT performance degradation. References OWASP Top 10 for LLMs. AI-readable: https://tigzig.com/ai/posts/code-red-unprotected-gpts-ai-apps-exposed-by-simple-hacks.md ## Related Topics - [Database AI & Text-to-SQL](https://tigzig.com/ai/tags/database-ai.md) - [Python in Excel (xlwings Lite)](https://tigzig.com/ai/tags/python-in-excel.md) - [Claude in Excel](https://tigzig.com/ai/tags/claude-in-excel.md) - [DuckDB - Analytics & Dashboards](https://tigzig.com/ai/tags/duckdb.md) - [MCP Servers & Agents](https://tigzig.com/ai/tags/mcp-servers.md)