DevOps & Tools
Build tools, testing, version control, configuration, and developer workflow.
78 topics
What this section covers
Software engineering has always been half craft, half hygiene. This section covers the hygiene: the tools, configs, and conventions that keep a codebase buildable, deployable, and reviewable — especially when parts of it are being written by AI agents. You'll find reference pages on Git and GitHub, Node.js, npm vs pnpm, ESLint, markdown, and a large cluster of "should you commit X" guides covering Dockerfiles, editor configs, lockfiles, coverage directories, and AI-tool dotfiles. Detailed pages on env files, config files, and project structure cover the boundaries where secrets, formatting, and team conventions collide. It's aimed at developers who want to avoid the specific class of production incidents that start with "someone committed a file they shouldn't have" or "my AI agent overwrote my lockfile." Pair this with Cloud & Hosting when you're setting up CI/CD, and with AI Development when harnessing coding agents safely.
.env Files: The Complete Guide to Environment Variables in Git
This is the number one security mistake developers make with git: committing a `.env` file that contains real API keys, database passwords, or authentication...
A/B Testing & Experimentation Tools: Statsig, GrowthBook, Eppo, LaunchDarkly, Optimizely, VWO, AB Tasty, Convert
If you're shipping a SaaS in 2026 and not running experiments, you're guessing. This is the consolidated comparison. Most indie SaaS over-pay for Optimizely ...
Accessibility Testing & Audit Tools: axe DevTools, WAVE, Pa11y, Lighthouse, AccessiBe, UserWay, Stark, Storybook a11y
If you're building a B2B SaaS in 2026, accessibility (a11y) compliance is no longer optional. ADA / WCAG 2.2 / Section 508 / European Accessibility Act (EAA ...
AI Coding Tool Config Files: What to Commit and What to Ignore
Every AI coding assistant you use creates configuration files in your project. Claude Code drops a `CLAUDE.md`. Cursor creates a `.cursor/` directory. GitHub...
Analytics
Analytics is the systematic computational analysis of data or statistics, used to discover, interpret, and communicate meaningful patterns in data related to...
API Mocking & Mock Data Platforms: Mockoon, WireMock, Beeceptor, Mockaroo, MSW, Mocks Server, Prism
If you're building a SaaS in 2026 and need to develop / test against an API that doesn't exist yet, is unreliable, or is rate-limited / paid, this is the con...
API Testing Tools: Postman, Insomnia, Bruno, Hoppscotch, HTTPie, Thunder Client, Yaak, Paw, curl
If you're building a SaaS in 2026 and trying to pick an HTTP client / API testing tool, this is the consolidated comparison. The category has gone through mo...
App Distribution & Beta Testing Platforms: TestFlight, Firebase App Distribution, Expo EAS, Codemagic, Bitrise, Diawi, AppCenter Sunset
If you ship a mobile app in 2026 and need to get builds to QA, beta testers, internal teammates, or stakeholder review before App Store / Play Store release,...
Application Security Tools: Snyk, Semgrep, GitGuardian, GitHub Advanced Security, Socket, SonarQube, Checkmarx, Veracode
If you're building a SaaS in 2026 and trying to pick application-security tools, this is the consolidated comparison. AppSec tooling is the line item founder...
BI & Analytics Tools: Metabase, Hex, Mode, Looker, Sigma, Preset, Lightdash, Tableau, Power BI, Evidence
If you're building a SaaS in 2026 and trying to pick a BI / analytics tool, this is the consolidated comparison. BI is the line item that looks like "we'll j...
Bot Detection & CAPTCHA Providers: Vercel BotID, Cloudflare Turnstile, hCaptcha, reCAPTCHA, Arkose, Castle, Friendly Captcha
If you're building a SaaS in 2026 and trying to pick a bot-detection / CAPTCHA tool, this is the consolidated comparison. Bot detection is the line item that...
Carbon Accounting & ESG Reporting Software: Watershed, Persefoni, Plan A, Sweep, Greenly, Normative, Sustain.Life, EcoVadis, Workiva
If you're a B2B SaaS in 2026 — or any company with $50M+ revenue or EU operations — you're being asked about your carbon footprint + ESG data. SEC climate-di...
CI/CD Providers: GitHub Actions, Vercel, GitLab CI, CircleCI, Buildkite, Depot, Dagger
If you're building a SaaS in 2026 and trying to pick where your tests run, your builds happen, and your deployments fire, this is the consolidated comparison...
Cloud Development Environments: GitHub Codespaces, Gitpod, Daytona, Coder, JetBrains Space, CodeSandbox, StackBlitz, Replit
If you run engineering at a SaaS in 2026 and you're tired of new hires spending two days getting "the dev environment working," missing dependencies, "works ...
Code Quality & Static Analysis Platforms: SonarCloud, Codacy, CodeClimate, DeepSource, Qodana, Snyk Code, Semgrep, GitHub Code Scanning
If you're building a SaaS in 2026 and trying to pick a code-quality / static-analysis platform, this is the consolidated comparison. Static analysis is the l...
Compliance Automation Tools: Vanta, Drata, Secureframe, Tugboat, Sprinto, Thoropass
If you're a B2B SaaS pursuing mid-market+ customers in 2026, you'll be asked for SOC 2 — sometimes ISO 27001, HIPAA, or PCI as well. The naive path: hire con...
Configuration Files
This document outlines the essential configuration files needed for a Next.js 15+ and Supabase application with Tailwind CSS v4.
Container Registry Providers: Docker Hub, GitHub Container Registry, AWS ECR, Google Artifact Registry, Harbor, Quay, JFrog
If you ship containerized apps in 2026 — Docker images for your services, Kubernetes deployments, CI/CD pipelines that build images — you need a container re...
Coordinating Deploys Across Multiple Vibe-Coded Projects
When you vibe-code one project, deploys are simple — push to main, Vercel builds, site is live. When you have six projects — a reference site, an image gener...
Development Plan: SaaS Starter Implementation
Complete step-by-step development plan for building a SaaS application using the hybrid v0 + local development workflow. This plan covers account setup, proj...
Embedded Analytics Platforms: Cube, Sigma, Looker Embedded, Mode Embedded, Metabase Embedded, Explo, Sigma Embedded, Reveal, Domo Everywhere
If you're a B2B SaaS in 2026 and customers are asking for "an analytics dashboard" inside your product, this is the consolidated comparison. **Embedded analy...
Environment Variables
Store sensitive keys and configuration specific to the deployment environment. Never commit `.env` files directly; use `.env.example` as a template.
Error Monitoring Providers: Sentry, Bugsnag, Rollbar, Datadog, Honeybadger, BetterStack, Highlight, Raygun, AppSignal
If you're building a SaaS in 2026 and trying to pick which error monitoring tool to wire into your app, this is the consolidated comparison. Error monitoring...
ESLint
ESLint is a static analysis tool for JavaScript and TypeScript that finds and fixes problems in your code. It enforces coding standards, catches common bugs,...
Feature Flag Providers: LaunchDarkly, Statsig, PostHog, GrowthBook, Flagsmith, Unleash, ConfigCat, Hypertune, Vercel Flags
If you're building a SaaS in 2026 and trying to pick a feature flag tool, this is the consolidated comparison. Feature flags are the cheapest way to ship saf...
GitHub
GitHub is the world's largest platform for version control and collaborative software development. It hosts Git repositories and adds features like pull requ...
Implementation Roadmap
> For each phase, refer to the detailed source guides referenced below for specific implementation patterns and best practices.
Internal Developer Platforms (IDPs): Backstage, Port, Cortex, OpsLevel, Roadie, Humanitec, Mia-Platform
If you're a B2B SaaS at $20M+ ARR with 30+ engineers, you've started feeling the pain — services proliferate, ownership is unclear, deploy paths fragment, ne...
Internal Tool Builders: Retool, Internal.io, Tooljet, Appsmith, Budibase, ToolJet, Honeycode
If you have an ops / customer-success / support team in 2026, you need internal tools — admin dashboards, customer-data viewers, refund / plan-change UIs, bu...
IT Service Management (ITSM) Platforms: ServiceNow, Jira Service Management, Freshservice, Zendesk, Halo, SysAid, Vivantio
If you're a SaaS company past 50 employees in 2026, you have an IT problem that doesn't fix itself: someone needs a new laptop, an SSO fix, an app provisione...
Lock Files: package-lock.json, yarn.lock, pnpm-lock.yaml — Commit or Ignore?
The debate is over. **Commit your lock files.**
Managing Paperclip Backup Files
Paperclip's embedded Postgres database creates hourly backup snapshots stored in:
Markdown in VibeReference
Markdown is a lightweight markup language with plain text formatting syntax designed to be converted to HTML and many other formats. It's widely used for doc...
Node.js
Node.js enables building scalable network applications with an event-driven, non-blocking I/O model that makes it efficient and lightweight. Key features inc...
npm (Node Package Manager)
npm consists of three main components:
npm vs pnpm
You are building your first project with an AI coding tool. You paste a prompt, the AI generates code, and somewhere in the instructions it says "run `npm in...
Observability Providers: Sentry, Datadog, New Relic, Axiom, Better Stack, Honeycomb, Grafana Cloud
If you're shipping a SaaS in 2026 and trying to figure out where to send your errors, logs, traces, and uptime checks, this is the consolidated comparison. P...
Official CLI Tools for Your Stack
Every major infrastructure vendor ships a command-line tool. These CLIs are built by the same teams that build the products — they are the fastest path to pr...
package.json
Defines project dependencies, scripts, and metadata.
Performance Optimization
Performance optimization is the process of improving the speed, responsiveness, and resource efficiency of a web application to enhance user experience and r...
Product Analytics Providers: PostHog, Mixpanel, Amplitude, Heap, June, Vercel Analytics
If you're building a SaaS in 2026 and trying to pick where your product analytics live, this is the consolidated comparison. Different from the generic "what...
Project Management Tools: Linear, Notion, GitHub Projects, ClickUp, Asana, Jira, Height, Trello
If you're building a SaaS in 2026 and trying to pick where engineering tickets, customer requests, and roadmap items live, this is the consolidated compariso...
Project Structure
app/
SaaS Starter App — Project Instructions
A compact SaaS starter for vibe coders 🚀 using modern defaults and batteries-included auth, billing, and data sync. Barebones starter template ready for app...
Scheduling Tools: Cal.com, Calendly, SavvyCal, TidyCal, Microsoft Bookings, Acuity, Zcal
If you're building a SaaS in 2026 and need to let prospects, customers, or partners book time on your calendar — sales calls, support sessions, demos, custom...
Secret Management Providers: Doppler, Infisical, 1Password, Vault, AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, Bitwarden, Pulumi ESC
If you're building a SaaS in 2026 and trying to pick a secret manager, this is the consolidated comparison. Secrets are the line item that looks like a $0 pr...
Session Replay Providers: PostHog, LogRocket, FullStory, Hotjar, Microsoft Clarity, Highlight, Mouseflow, Pendo, Heap, Smartlook
If you're building a SaaS in 2026 and trying to pick a session replay tool, this is the consolidated comparison. Session replay is the line item that custome...
Should You Commit .cursorrules and the .cursor/ Directory to Git?
Cursor is one of the most popular AI-powered code editors, and if you are using it on a team (or even solo across multiple machines), you have probably asked...
Should You Commit .editorconfig to Git?
Tabs or spaces? Two-space indent or four? LF or CRLF? These arguments have been going on since the dawn of programming, and they will never end — unless you ...
Should You Commit .github/workflows/? Yes — Your CI/CD Pipeline Is Code
Your GitHub Actions workflow files define how your code gets tested, built, and deployed. They are code. They belong in your repository right alongside the a...
Should You Commit .nvmrc and .node-version?
You clone a project, run `npm install`, and everything explodes. The error messages point to syntax issues, unsupported APIs, or cryptic engine compatibility...
Should You Commit .prettierrc?
Yes. Commit your `.prettierrc` file to version control.
Should You Commit CLAUDE.md to Your Git Repository?
AI coding assistants are moving fast. New config files keep appearing in project roots — `.cursorrules`, `copilot-instructions.md`, and now `CLAUDE.md`. If y...
Should You Commit copilot-instructions.md to Your Git Repository?
GitHub Copilot now lets you give it persistent, project-specific instructions through a file called `copilot-instructions.md`. It lives in your `.github` fol...
Should You Commit docker-compose.yml?
Your `docker-compose.yml` file defines your entire local development stack — every service, database, cache, and queue your app needs to run. When a new deve...
Should You Commit Gemfile.lock?
If you are coming from the JavaScript ecosystem, `Gemfile.lock` is Ruby's equivalent of `package-lock.json`. It is the lock file generated by Bundler, Ruby's...
Should You Commit go.sum?
Go modules use two files to manage dependencies: `go.mod` and `go.sum`. If you are coming from JavaScript or Python, you might assume one is the dependency f...
Should You Commit Minified JavaScript and CSS Files?
No. Minified files — `*.min.js` and `*.min.css` — are build artifacts generated from your source code. They don't belong in your Git repository.
Should You Commit node_modules to Git?
No. Never commit `node_modules/` to your Git repository.
Should You Commit package-lock.json?
"Should I commit package-lock.json" is one of the most Googled questions in JavaScript development. It comes up every time a new developer sees a 20,000-line...
Should You Commit pnpm-lock.yaml?
Yes. Always commit `pnpm-lock.yaml` to version control.
Should You Commit poetry.lock?
Yes. If you're building a Python application, commit `poetry.lock`. If you're building a library, it's optional — but Poetry's own documentation recommends c...
Should You Commit the .next/ Directory to Git?
No. Always add `.next/` to your `.gitignore`.
Should You Commit the coverage/ Directory?
No. The `coverage/` directory is generated output. It should never be committed to your Git repository.
Should You Commit the dist/ Folder to Git?
No. Add `dist/` to your `.gitignore` and let your build pipeline generate it fresh every time.
Should You Commit tsconfig.json?
Yes. Always commit `tsconfig.json` to version control.
Should You Commit yarn.lock?
If you're here from a search engine and just need the answer, that's it. Commit it. The rest of this article explains why, covers the differences between Yar...
Should You Commit Your Dockerfile?
Yes. Always commit your Dockerfile.
Should You Commit Your Makefile?
Makefiles have been around since 1976. They predate Git, GitHub, Docker, Node.js, and most of the tools you use every day. Originally designed to compile C p...
Should You Commit Your Procfile?
If you deploy to Heroku, Railway, Render, or any platform-as-a-service that reads process definitions from your repo, you probably have a `Procfile` sitting ...
Spreadsheet-Database Tools: Airtable, Smartsheet, Notion Databases, Coda, ClickUp, Google Sheets, Microsoft Excel
If you're running a B2B SaaS in 2026, you'll need a flexible tool that's "more than a spreadsheet, less than a database" for things like CRM lite, content ca...
Testing & Quality Assurance
Testing and Quality Assurance (QA) are systematic processes used to evaluate software quality, identify defects, and ensure that applications meet requiremen...
Testing Frameworks: Vitest, Jest, Playwright, Cypress, Bun Test, Mocha, Storybook Test
If you're building a SaaS in 2026 and trying to pick which testing tools to invest in, this is the consolidated comparison. Most indie SaaS over-invest in un...
The Developer's Guide to What Belongs in Your Git Repository
You just initialized a new project. You run `git status` and see a wall of files — lock files, environment configs, build output, IDE settings, Docker files,...
Time Tracking & Timesheet Tools: Toggl, Harvest, Clockify, Timely, Hubstaff, RescueTime, Time Doctor
If you're running a SaaS company that bills hourly (agencies / consultancies), tracks employee productivity, or invoices clients on time, you need time track...
Uptime & Synthetic Monitoring Tools: Better Stack, Pingdom, UptimeRobot, Checkly, Datadog Synthetics, New Relic Synthetics, Site24x7
If you're running a SaaS in 2026, you need to know when your site / API / endpoints are down before customers tell you. The naive approach: wait for support ...
Web Vitals
Web Vitals are a set of quality signals that measure the user experience of a web page, focusing on loading performance, interactivity, and visual stability.
Workflow Automation & iPaaS Providers: Zapier, Make, n8n, Pipedream, Workato, Tray.io, Inngest, Trigger.dev
If you're building a SaaS in 2026 and trying to pick a workflow automation tool, this is the consolidated comparison. Workflow automation is the line item th...