**#A quick edit to address something important and provide a disclaimer: **
Thank you all for your feedback! This project was “vibecoded” with Cloude AI and serves more as a “proof of concept” for what could be achieved with AI assistance. I’m just a tech enthusiast, and I’m excited to continue exploring new possibilities. I understand there’s a real concern about “AI Slop,” but that’s exactly why I’m sharing this project with you all so that experts who are interested in the idea can offer guidance or even help improve it.
I’ve noticed that many people with home labs prefer to update their applications manually instead of relying on other apps that automate the process. Often, they have to check each one individually. That’s where Vigil comes in. The primary function of Vigil is to centralize the information and give users clear visibility of which applications are outdated, their current version, and the newer version available from several sources. This way, you can decide what and when to update.
To be honest, I hope it ends up being useful to others as it is for me.
If you have a few minutes, I’d really appreciate you trying it out and leaving a review or suggestions on the repo or even here. I’d do my best to answer most of the comments.
there has to be a better way than giving a slop coded project access to your docker daemon (im assuming?)
Slop alert. Use at your own risk
Yeah, I was looking for that info, because I don’t trust any (especially new projects, that use AI).
How did you know, it was AI though? I am just curious
The OP says so in the comments, but also:
- two week old github account, project created 2 weeks ago
- initial commit is a large 1.0 release with everything committed at once
- this also happens for 2.0 where everything is commited in one commit
- the code and comment structure
That’s right, I’ve been working on this project for a few weeks. I wasn’t sure if I should commit it to a public repo, but I thought it’d nice to have other people testing it out, and giving their opinion. Honestly, I never used github before, that’s why the account is new. I committed everything at once, when I felt like the application was “functional”.
Git commits should be focused on one small thing at a time, doing small changes or additions. Then using descriptive commit messages like “add webook notifications” or “fix webhook triggering twice”.
This makes the history of the project easier to see what changes were made and for what purpose. If something breaks webhook functionality then you can have an easier time finding what broke that feature. It also has the added benefit of someone showing their work progress. It’s like you can be a math genius but if you don’t show your work, your professor is going to think you cheated. In this case, it’s a pretty dead giveaway that AI was involved. Since you are using AI then smaller commits also let you see what the AI to changing between iterations since even if you give it a copy of a file, it may change other parts of that file that you didn’t ask for, and those changes could be good or bad.
And just because you are making these commits doesn’t mean you have to “git push” them to your public repo right away. Since you’re working alone and don’t have any community contributors then you can just keep that work locally and push when you’re ready for the next public release. Over time you could start using a development branch in git and push to that, so other developers can see your progress and when you’re ready for a public release your merge the changes to your main branch. That’s some more advanced git stuff but it’s a core skill of any developer to be able to use branches.
Also there’s nothing wrong with being new. I only mentioned the new account because when combined with the other things, this was a dead giveaway of AI use.
For what it’s worth, good job putting together something that is useful for you. I would just encourage you to make sure you are trying to understand what you are doing and be willing to challenge yourself instead of using AI as a mental crutch like many people do. AI can only get you so far and you’ll need to learn enough to call its bullshit and point out its mistakes.
Also the look of the UI I can see default Claude UI a mile away these days. Always the same colours, fonts, layouts, ect…
Who vigils the vigil?
That’s a great question isn’t it? That’s why I posted it here, so maybe I can find people interested in working on this project and help me out to clean things up, get it more organized, structured and “free of AI slop”. What do you think?
Sorry mate, I was just making a dumb joke.
Sorry, but you have posted only 1 sentence about the project and not even a link to the project.
Additional with the
scripts—basically “em dash” which is really popular among llm generated texts, i get a bad feeling about it.
Well, I’m no tech expert at all so I’m just trying to get things right. I might not be able to answer everything, but I’ll do my best to get you an answer.
Not being very technical and publishing a project that is essentially coding…
Whaaaat? <Insert minion meme here>That screams for AI slop.
Trust issues aside: What does it do better than the bazillion other dashboards?
Hi Appoxo, I agree that AI can be slop, but it seems like it’s getting better over time. I’m not claiming that this is a revolutionary new application, it’s more like a prove of concept that I wanted to test out. What does it do? well, you basically have a centralized place to keep tracking of your docker images and get a notification when there’s a new release so you can update it manually or automatically as you wish that’s the main utility of it. There are a few other things but, maybe thye aren’t interesting enough.
I see.
As a poc it certainly works.Side remark: I usually see the term “dashboard” usally being used for a sort of compilation about services individual status (like you do) but also links to the actual service to use said service.
So yours is a sort of hybrid of (I believe they are called) Yacht and homarr
Have you vibecoded this?
100%, just take a quick look at the repo. I wish there was a rule in this community that requires a label for vibecoded apps.
It’s not a bad idea at all to have a label so we could set expectations right. But don’t be too harsh on me ;) Just being able to pull a functional app without much of experience is already a reasonable accomplishment is it?
accomplishment
Self made? Yes
AI made? Not really. It’s asking your friend to do it and then punlish it under your own name and no credits given.IMO: Nothing to be much proud of. You just steered a coding monkey
Why would this be an accomplishment we need to celebrate? Something else than you wrote that code. If you want to celebrate an accomplishment you could say “I was part of an AI vibe coding project and we created something functional”. What you did now was putting yourself front and center where you have no place to be, you are a supporting actor, at best. Its like a project manager telling everyone they accomplished getting a product out the door, giving people the impression they did that by themselves only. No, you were part of a team where (most probably) the real work was done by others. Same applies here: you used the coding abilities of another/something else to somehow toot your own horn and tell the world you did this. You did not. You never shared any info on the others involved on your team who did all the heavy lifting, only to reveal this info when pressed by others.
I get your point about giving proper credit to the tools involved, and that’s fair. I’m not trying to pass this off as traditional from-scratch coding. Reducing it to “you did nothing” feels a bit excessive. At the same time, there’s still effort in figuring out what to build, iterating, debugging, and getting something functional out. That’s the part I’m happy about.
I was a bit harsh. If you are happy about this project then that is good enough.
I agree with people though, I wish there was a mandatory tag to indicate using AI on a project.
Even this comment stinks of LLM style. Please stop trying to bring about the dead internet.
Absolutelly vibecoding it with Cloude. I understand a bit of python and html but I’m no dev or technical professional at all. I just wanted to see if I could build something useful without much of technical expertise.
I appreciate you being honest in your response here.
I’d recommend adding this disclaimer to the post text and repo readme for complete transparency, and so anyone who doesn’t want to use AI-generated projects can move on without creating arguments in the comments.
There are many genuine reasons to not trust code generated by LLMs, especially with anything network-connected or handling important data, so it’s important to be upfront about it.
Hi markko, you’re right, adding a tag would certainly lower expectations and give more clarity to projects. I’ll add this on the post and to the repo.
EDIT: removing this comment because I don’t think you will use this feedback responsibly
Hi @ramielrowe thanks for the feedback, that’s actually pretty good and I’ll start using it. I understand that all this AI thing can be sloppy, and create more friction than good, but I’m really fascinated by how it can help people with little knowledge to build something that a few years ago would’ve been only possible by experts.
for a very long time it was not only possible for experts. like, I would say the last 10-15 years, maybe even more. It’s very harmful that people can now create things they don’t even know how to check what it does, and they just assume this “sentient thing” actually produced what you wanted with no major flaws. thing is, you (or anyone else vibecoding things) won’t be able to determine what is good or bad without taking the time and learning the building blocks, learning how they work and how they are supposed to be used.
also your comments look like AI generated comments, fake enthusiasm and all the rest. it does not inspire much confidence
Copying my comment from the homelab community:
I haven’t tried it yet, but here’s some initial thoughts:
Does it support multiple separate docker-compose.yml files? It would be useful if it could pull the list of containers directly from Docker rather than having to paste the docker-compose.
Does it pull changelogs so that the user can tell if a change is a breaking change that’ll require extra work?
It would be useful to support Webauthn/FIDO2 2FA instead of just TOTP. TOTP is being slowly phased out due to its weaknesses (it’s phishable). Similarly, it’d be useful to support single sign on using OIDC (OpenID Connect) as a lot of self-hosters use Authentik, Authelia, or Keycloak to have one login for all their self hosted services.
Hi Dan, I’m also copying the answer from homelab community.
Thanks for your feedback. Much appreciated. For the first question, you click on add and past the image you’re currently using on your compose so the app creates a card with the current version. It’s a bit manual and tedious at first, but once it’s done, it’s easier to maintain. I think your idea is great to have the app just ¨find your docker-compose and do the work", but I don’t know how to do it yet. I wanted to test it manually first and see how it’d work out.
Vigil tells you if the newer version of the image is a major change or not. If you set it to update your compose automatically it will notify you and create a log, it something goes wrong you can easily revert it from the dashboard. Did I get your question right? Let me know if you meant something else.
Finally, security is an absolute must! I decided to use 2FA because most people won’t need to expose it to the web.They’ll probably use it on LAN. However, I do have adding OIDC (OpenID Connect) in mind, since many people indeed use Authentik, Authelia (these are the ones I’m familiar with). Since this is the early version, I didn’t want to make things too complex and also, I’m vibecoding it, so I’ll certainly need some experts out there to help me out to implement it correctly and safely.
If you have any question, just let me know and I’ll try my best to answer that.
Great idea. Automatic updates (e.g. Watchtower) make me a little nervous.
For me, it’s all about finding the right balance. I don’t want to have to manually update for every little bug fix version bump. Most software I find that major.minor version tags, if they exist, are a good compromise with daily auto updates unless it’s a really fast releasing software where just a major version makes sense. I usually just track releases on GitHub or wherever the source is hosted and bump as I need. That takes care of probably 90-95% of the containers I run.
Automatic updates for bug fixes (e.g. 1.0.0 to 1.0.1) are usually fine - it’s major and minor updates that are scarier. I’ve never used Watchtower so I’m not sure if it has an option to only allow bugfixes.
That would depend on each project properly using semver, which is unlikely.
Personally, I just risk all the updates. It’s not a huge deal to recover.
Yeah, I’m a developer and my teammates don’t always follow semver standards. I try to but every now and then it’s really hard to know which is the right move. I’ve also had breaks because of minor increments and the author refused to roll back the change because the new behavior was consistent with the spec [that didn’t change].
Yeah that’s exactly what I was thinking about when I started this project. I’ve noticed that many home labers are a bit skeptical with automatic updates. I’m glad you liked the idea
Looks like a cool project. Starred. I’m no tech expert either, so I’ll keep an eye on how the community reacts to it, in terms of security.
Keep up the good work!Thanks brother, I appreciate it. Security is one of my main concerns too, that’s why I’ll rely on the experts around here to point out what could be improved.
Yikes. That doesn’t give me confidence for something that needs root access to the Docker UNIX socket. Was this vibe coded? Do you understand the code and architecture of the application? You wrote you only started a few months ago. I don’t mean to be hard on you, but this kind of application has no business being insecure.
Hi Thaurin, I appreciate your feedback, I understand that security must be a top priority. I’m glad your pointing it out. If you have any advice on how to improve it, it’ll be more than welcome.
If you want to learn to develop web applications, try to understand everything you do. Don’t let the entire thing be generated by AI. Do small changes and commit those one at a time. Understand the programming language, your application’s architecture, internet security, and so forth. Not understanding and then releasing it publicly and later asking for advice on how to improve it, isn’t the way. You’re still the maintainer of the project now, and will have to understand and approve any PR’s people may send your way.
I mean, it can be addictive to just let AI throw everything together in a week without learning anything consequentual. But I wouldn’t throw it on my server with root access to Docker. What’s your real interest here? Learning or telling AI to make stuff for you?
Please stop trying to build infrastructure software if you don’t know what you’re doing. Anyone using this probably puts their server at risk.
I won’t stop just because you’re saying it. You can only “know what you’re doing by doing it”. That’s why I made this project public available so anyone interested in looking at it, modifying it, improving it is more than welcome. I’m not selling it or claiming that I’m an expert. Quite the opposite, I’m looking for people who are genuinely interested in exploring new things and helping people out. I’ll rely on the experience and good will of experts of this community.
An issue with your statement “know what you’re doing by doing it” is that without an actually educated teacher to provide trustworthy feedback, you are going to struggle the learn from your mistakes. The LLMs can only provide so much, and they will lie out their ass to you. Unless explicitly prompted to provide critical feedback, they will find any way to provide positive feedback even to your actual detriment. They will happily skirt their sandboxes, and fight your every attempt to make them actually safe.
At a quick glance, nothing in the project indicates that you are not an expert and that an AI Agent provided the code. The quality of the code is also quite poor, even by Claude standards. I’m actually kinda mind blown you got it to built this without any tests… Something we’ve recently been talking about at my job in terms of AI agents is “cognitive debt” that is incurred in the project. LLMs are fundamentally a statistical next-word generator. If they are given something of poor quality, they will tend to produce more and more poor quality work. And without intervention, it just snowballs.
I’ll never tell someone to stop trying to learn. But, your hubris is going to negatively impact your learning outcomes. And to be clear, YOU are not writing the code and the code is what runs on the server and people interact with. What you are doing is using an AI Agent. If you want to get feedback on that, then be honest about it.
Hi ramielrowe. You made great points here. I’m definitely stepping out of my area of expertise. I also understand that when comes to LLM we must not blindly follow/accept things and having some previous knowledge on the topic you intend to work with, gives you much better results and allow you to spot inconsistencies or more importantly, mistakes. I’m aware of the “positive feedback” that is pretty evident specially on ChatGPT, that’s why I try my best to challenge it. I completely understand your analogy on “cognitive debt”. It’s pretty similar to a reinforcing learning process on humans. If you teach people the “wrong way” and keep reinforcing that without any correction, you know the results.
Regarding the code quality, I’m pretty sure it isn’t top notch, that’s why I’m sharing it here so people who really understand it can point out the flaws and suggest improvements. What I’ve learned so far from the feedback in the comments, is that I need to improve the way I communicate my ideas and the purpose of the application. Since this is my first project, and I’m not very familiar with the dev & tech community, I’m learning the do’s and don’ts along the way.
Can you provide a link to your repo?
Yeah absolutely, my bad. First time publishing things here and I thought it was attached to the post. https://github.com/kumucode/vigil.git
This looks fantastic! Great work.
Thanks man, appreciate it!
Does it offer notifications?
3 of your docker containers have new versions available
Yeah, absolutely. You can set the notifications as you wish.
