Build with AI. Ship with discipline.
Vagmi Mudumbai, CTO
Spent 24 years turning messy ideas into production systems.
Today I’m giving you the shortcut.
{
"name": "Vagmi Mudumbai",
"coding_since": 2002,
"role": "CTO for 14 years",
"track_record": "24 years building enterprise software",
"scaled": "$2M → $18M ARR",
"built": ["retailtech", "musictech", "logistics", "developer tools"]
}
Anyone can cook code
But only the fearless can be great.
Starting got cheap.
Building
well still matters.
A team. A few months.
A runway-sized bet just to find out if the thing was worth building.
A builder. An agent. In days.
You no longer need to wait months or raise money just to test an idea. But you do need a system.
Builders,
not just developers.
The person who knows the problem can finally build the solution.
- The user who knows a better way
- The designer with a vision
- The founder who prototypes
The honest catch
Agents make it just as easy to build
the wrong thing — fast, and insecurely.
Leverage cuts both ways. Today is about turning speed into safe progress
Old Craft,
New Leverage
AI changed the speed, but not the principles.
The mental model to kill
“The agent writes
the code.” → Done.
Every stalled AI build starts here.
Code is the 10% you can see.
The agent is fastest at the part that was never the bottleneck.
When code becomes cheap,
judgment becomes the job.
Deciding what's right, and proving it's correct and safe, is the work now.
Agents print cookie-cutter software
Engineers iterate on design
Builds one layer at a time
You cannot course correct the software as it is being built.
One thin slice, end to end.
UI-first.
Architecture-led.
Validate every step
make it easy to adapt and evolve.
With the right guidance, an agent can iterate on software too.
We've solved this before
Extreme Programming.
Small Teams. Fast Feedback. Working Software.
What I have been practicing since Thoughtworks.
Exactly what AI builders need now.
XP Practice · 01
Small releases
beats a 2,000-line PR you can't review.
XP Practice · 02
Test-Driven Development
red → green is its feedback loop.
XP Practice · 03
Continuous Integration
CI and types are the net that catches them before users do.
XP Practice · 04
Pairing → pair-prompting
XP Practice · 05
Simple design & refactoring
The repo needs to be clean and simple.
Agents are infinitely fast,
infinitely junior pairs.
XP is the operating system for working with junior pairs at speed.
Discipline is what turns speed into trust.
Security
The part builders miss most — because it's invisible until it isn't.
You ship to real users on day one.
- Real data and real payments — immediately
- You're moving fast, and you're moving alone
- With code you didn't write line-by-line
How agent-built apps break?
Secrets in the repo
API keys and tokens committed “just to make it work.”
Auth you can walk around
Checks that look right but miss a path.
Multi-tenant data leaks
One org reads another's data. The #1 SaaS killer.
Injection
SQL, shell — and prompt injection in your AI features.
Vulnerable dependencies
Whatever package made the error go away.
All of it looks plausible.
That's exactly the danger.
My day job
I run untrusted code
for a living.
I build secure sandboxes with V8 and microVMs.
So I think about two problems:
securing what the agent builds and,
securing the agent itself.
Guardrail 01
Don't let one customer see another customer's data
The user’s identity should come from their session — not from a field an attacker can change.
select … where org_id = session.orgId — the starter you'll build on today does this on every query.
Guardrail 02
Secrets out of code
Least privilege everywhere
Secrets live in the platform, never in a commit. Give the agent and the app the access they need, and nothing more.
Guardrail 03
Verify. Don't trust.
Treat agent output like a confident junior's PR: review it, test it, run automated security review before you ship.
And sandbox the agent's own execution — it runs code too.
Security isn't a phase.
It's how you set up the work.
The template, the tests, the review loop — that's where safety lives.
Go slow to go fast.
The Right
Substrate
Use serverless until it starts to hurt.
Dont burn money on DevOps.
Pick two of three.
Cheap at zero
No bill before you have users.
Effortless to run
No servers to babysit at 2am.
Instant to scale
Survive the day it actually works.
Most stacks make you choose. A builder shouldn't have to.
Serverless at the edge
Scales to zero.
And to millions. Same code.
No servers to babysit. Global by default.
You pay for
success, not for waiting.
Everything you need, in one place.
SQL database
Relational, on the edge.
Object storage
Files & images — no egress fees.
Edge cache
Fast key–value reads, everywhere.
Stateful & realtime
Coordination, sockets, presence.
Async work
Background jobs off the request path.
Inference
Run models next to your data.
One platform. One deploy.
Built for builders
- One coherent platform an agent can reason about end-to-end
- A genuinely generous free tier — start for nothing
- You only “graduate” to heavier infra after you've won
Meet your starting capital
முதல் = the first · the capital
What you start with — and what you build on.
Today's stack
Workers · D1 · Drizzle · Clerk · Polar.
Auth, a typed multi-tenant database, billing wired and tested.
The principles from this talk.
Production-grade starter,
to make it yours.
- Auth & organizations, billing & plans — already wired and tested
- One example resource to copy into your own
- Install whole features as skills
- Deploy to Cloudflare — live in an afternoon
The loop you'll practice
In an afternoon.
You don't need a team
to start.
You need leverage, discipline, and a substrate that scales with you.
Let's get you
set up.
Empty repo → onboarded → deployed → your first feature. Follow along.
builders.vagmi.ca
Step 01 · GitHub
Create your repo from the template
-
Go to
github.com/niraitech/mudhal - Top-right corner: click Use this template → Create a new repository
-
Name it your app, e.g.
ari(all lowercase, no CAPS recommended) - In your repo: Code → Codespaces → Create Codespace on main
Step 02 · Claude
Connect Claude & onboard
- The codespace opens. Connect to Claude → Use Claude Subscription
- Copy-paste Claude's code and authenticate from where the Claude user exists
-
Ask Claude:
Create a .md file inside a prd folder for my following idea: (your idea) -
Ask Claude:
/onboard— then say yes to every question (Rename the App, Credentialed Setup)
Step 03 · Clerk
Get keys + enable Organizations
-
Login or sign up, then create an app at
dashboard.clerk.com - ⚠️ Configure → Organizations → Settings → Enable — the app is org-scoped and will not work without this. Don't skip it.
- Instance → API Keys — copy the Publishable key
pk_test_…and Secret keysk_test_…
Step 04 · Clerk
Wire the Clerk keys
-
GitHub: repo Settings → Secrets → Codespaces → New Repository Secret
CLERK_PUBLISHABLE_KEY=pk_test_…·CLERK_SECRET_KEY=sk_test_… -
Edit the two files Claude just created:
.dev.vars→ setCLERK_SECRET_KEYandCLERK_PUBLISHABLE_KEY(leaveCLERK_WEBHOOK_SECRETas-is — optional)
.env.local→ setVITE_CLERK_PUBLISHABLE_KEY(same publishable key)
Step 05 · Cloudflare
Create the Workers API token
- Login or sign up at Cloudflare → in the wizard select Skip
-
Go to
dash.cloudflare.com/profile/api-tokens→ Edit Cloudflare Workers → Use Template - Permissions → Add more → Account | D1 | Edit · Account Resources → default account · Zone Resources → All zones
- Continue to Summary → Create Token → copy it · ⚠️ save it in a password manager — you won't get it again
Step 06 · Cloudflare
Wire the token & create D1
-
GitHub repo Secrets → Codespaces → New secret
CLOUDFLARE_API_TOKEN= your token -
In the codespace terminal:
export CLOUDFLARE_API_TOKEN=<yourtoken> -
Add to
.env.local:CLOUDFLARE_API_TOKEN=<yourtoken>· test withnpx wrangler whoami -
Create the database:
npx wrangler d1 create ari— answery/ enter to each prompt
Step 07 · Verify & deploy
Verify the environment, then ship
-
In Claude:
I have setup the environment. Verify it.— sayyto the questions ✅ Renamed app · ✅ Clerk keys in.dev.vars/.env.local· ✅ D1 created, id wired intowrangler.jsonc, migrations applied · ✅ doctor / typecheck / tests all green -
In Claude:
Now deploy this to Cloudflare -
For awk / sed / grep say
Yes allow for this project· for deploy sayYes
Step 08 · First-time Cloudflare
Register a workers.dev subdomain
-
The Worker built and uploaded successfully — the only blocker is a one-time account setup: a fresh account has no
workers.devsubdomain yet - Option A (dashboard, ~30 sec): open the Workers onboarding page and register a subdomain (you pick a name like
shanthi→ari.shanthi.workers.dev), then re-run the deploy - Option B (terminal): run
pnpm run deployyourself and answer yes at the prompt - dash.cloudflare.com → Compute → Workers & Pages → Domains → enable Worker URL (Production)
Step 09 · Go live
Open the app & log in
-
Open
https://ari.<subdomain>.workers.dev -
If it errors with
Clerk: A secretKey must be provided…, check the Cloudflare Observability section, then ask Claude:Set the required Cloudflare variables from my dev vars - Log in — Clerk authentication should work
- Set up a customer organization and go to the landing page
Step 10 · Save
Save your work
-
It works this far? Ask Claude:
Commit and push, thenmerge this to main -
Ask Claude:
Get the URL from cloudflare and set APP_URL -
Done — the app is deployed and reachable
✅ Live URL returns HTTP 200 · worker secrets set:
CLERK_SECRET_KEY,CLERK_PUBLISHABLE_KEY,APP_URL· D1 migrated and bound
Step 11 · Roadmap
Plan the build
-
Ask Claude:
Continue with the roadmap -
Claude writes
docs/roadmap.md— mapped straight from your PRD into 8 phases, each a vertical slice that ends deployable and keepspnpm testgreen -
Ask Claude:
Commit roadmap, thenMerge to main and push
Step 12 · Build
Build Phase 1 & iterate
-
Ask Claude:
Do Phase 1 -
See your changes locally: terminal →
pnpm run dev→ Ports → mudhal dev (5173) -
Create an event or item to test that the database saves the record · if anything errors, ask Claude
Deploy to cloudflare(local can be flaky) - Provide your credit-card details for R2 — Cloudflare Storage & Databases