zackproser
diff --git a/‎src/content/blog/vibe-coding-guide/page.mdx‎
Lines changed: 104 additions & 226 deletions b/‎src/content/blog/vibe-coding-guide/page.mdx‎
Lines changed: 104 additions & 226 deletions
@@ -7,6 +7,8 @@ import CV from '@/components/CV'
 import ShareButton from '@/components/ShareButton'
 import Newsletter from '@/components/Newsletter'
 
+import secretsProtection from '@/images/secret-protection.webp'
+import vibeCodingPremium from '@/images/vibe-coding-protection.webp'
 import secretsHero from '@/images/vibe-coding-survival-guide.webp'
 import gettingGot  from '@/images/getting-got.webp'
 
@@ -21,82 +23,33 @@ export const metadata = createMetadata({
   image: secretsHero,
 })
 
-<div className="not-prose my-8 p-6 rounded-xl border border-zinc-200 dark:border-zinc-700/40 bg-gradient-to-br from-zinc-50 via-white to-zinc-100 dark:from-zinc-900 dark:via-zinc-900/70 dark:to-zinc-800 shadow-lg">
-  <h3 className="text-lg font-semibold text-zinc-900 dark:text-zinc-100 mb-4">What you get in this free mini-guide:</h3>
-  <ul className="space-y-2 text-sm text-zinc-700 dark:text-zinc-300 list-none pl-0 mb-6">
-    <li className="flex items-start"><span className="text-orange-500 mr-2 mt-1">✓</span> Plain-English intro to Git, secrets, and environment variables</li>
-    <li className="flex items-start"><span className="text-orange-500 mr-2 mt-1">✓</span> Copy-paste snippets to lock down your first Cursor project</li>
-    <li className="flex items-start"><span className="text-orange-500 mr-2 mt-1">✓</span> A "disaster-undo" checklist</li>
-  </ul>
-  <div className="mt-4 pt-4 border-t border-zinc-200 dark:border-zinc-700/40">
-    <h4 className="font-semibold text-zinc-900 dark:text-zinc-100">
-      Premium unlocks:
-    </h4>
-    <ul className="mt-2 space-y-1 text-xs text-zinc-600 dark:text-zinc-400 list-none pl-0">
-      <li>– Cursor rules that **auto-block leaked keys** & prompt smart checkpoints</li>
-      <li>– One-click GitGuardian + Doppler setup</li>
-      <li>– Screencasts, CI templates, and real-world demos</li>
-    </ul>
-  </div>
-</div>
-
-<Newsletter 
-  title="🚀 Get Notified When Premium Launches!" 
-  body="Join the waiting list for Vibe Coding Mastery and get an early bird discount."
-  successMessage="You're on the list! We'll email you about Vibe Coding Mastery."
-  position="vibe-guide-cta1"
-  tags={['vibe-coder-premium-waitlist', 'source-vibe-guide-cta1']}
-  className="mt-[-1rem] mb-6 not-prose"
-/>
-
-<Image
-  src={secretsHero}
-  alt="Cursor IDE flagging an exposed API key"
-  className="rounded-lg my-6"
-/>
-
----
-
-## Table of contents 
-
-## Git = Save Game, Explained 💾
-
-Imagine your project is a video-game world:
-
-| Game vibe | Git concept | What it does |
-|-----------|-------------|--------------|
-| **Save slot** | **Commit** | Freeze the game exactly as it is so you can return any time. |
-| **New level / side-quest** | **Branch** (`git checkout -b cool-experiment`) | Spin up an alternate timeline that won't break the main story. |
-| **Cloud save** | **Remote (GitHub)** | Stores your code on the internet so teammates *and AI tools* can read or remix it. |
+*I've spent 13+ years securing apps at companies like Cloudflare and Pinecone. Trust me: leaking secrets hurts worse than forgetting to save your game.*
 
-### Beginner loop (3 commands)
-
-```bash
-git init                          # start tracking files
-git add . && git commit -m "save" # new save slot
-git push -u origin main   
-```
+## Why Secrets Matter (The $500 tweet)
 
-Need to try something wild?
+<div className="my-6 grid grid-cols-1 md:grid-cols-2 gap-6 not-prose">
+  <div>
+    <h3 className="text-lg font-semibold mb-2">How it Started</h3>
+    <Tweet id="1900767509621674109" />
+  </div>
+  <div>
+    <h3 className="text-lg font-semibold mb-2">How it's Going</h3>
+    <Tweet id="1901560276488511759" />
+  </div>
+</div>
+<figcaption>Don't end up like Leo. Learn enough to protect yourself, or buy the premium package to protect your secrets.</figcaption>
 
-```bash
-git checkout -b shiny-idea        # branch off safely
-# …hack away…
-git switch main && git merge shiny-idea
-```
+<Link href="/products/vibe-coding-mastery">
+  <Image src={vibeCodingPremium} alt="Vibe coding premium protects you against leaking secrets" />
+</Link>
 
-Lost in the woods?
+<figcaption>Premium includes a step-by-step screencast and instructions on setting up a special tool that makes it impossible for you to commit secrets to git (so you never end up like Leo).*</figcaption>
 
-<div className="not-prose my-4 p-4 rounded-md border border-red-300 bg-red-50 text-red-800 dark:border-red-600/30 dark:bg-red-900/20 dark:text-red-200">
-  <strong className="font-semibold">⚠️ CAUTION:</strong> This command will undo your current uncommitted work! It is destructive. Use only if all else fails...
-</div>
+Publishing an OpenAI key to a public repo is the software equivalent of tweeting your Amex and CVV, or strolling down Times Square throwing your credit cards at strangers' faces.
 
-```bash
-git reset --hard HEAD~1           # jump back one save slot
-```
-> **Premium perk**: installs a pre-commit hook + LLM rules that nudge Cursor to offer a branch or checkpoint when you hit risky code changes.
+Attackers can crank out four‑figure bills (or worse, wipe data) before you notice the email from Stripe.
 
----
+<Image src={gettingGot} alt="Publishing your secrets on the public internet is the equivalent of walking through times square and throwing your credit cards at strangers" />
 
 ## The New Coder's Trap
 
@@ -111,182 +64,109 @@ Cursor is still a tool for professional developers, which assumes you know thing
 - How Git history really works  
 - That API keys = credit cards  
 
-```javascript
-// Premium content example (prevents disasters)
-"rules": {
-  "pre-commit": {
-    "block-secrets": {
-      "patterns": ["sk-[a-zA-Z0-9]{24,48}"],
-      "errorMessage": "🚨 Never commit API keys! Use .env + gitignore"
-    }
-  }
-}
-```
-
 <Newsletter 
-  title="🚨 Prevent Costly Mistakes!" 
-  body="Sign up for Vibe Coding Mastery updates & get tools to auto-block leaked keys and simplify Git."
-  successMessage="You're on the list! We'll email you about Vibe Coding Mastery."
-  position="vibe-guide-mid-post"
-  tags={['vibe-coder-premium-waitlist', 'source-vibe-guide-mid-post']}
-  className="my-8 not-prose"
+  title="🚨 Tools Leo Wishes He Had" 
+  body="Only 100 early-access slots. Get screencasts + leak-prevention tools before they go live." 
+  successMessage="You're on the list! We'll email you about Vibe Coding Mastery." 
+  position="vibe-guide-mid-post" 
+  tags={['vibe-coder-premium-waitlist', 'source-vibe-guide-mid-post']} 
+  className="my-8 not-prose" 
 />
 
-## Why Secrets Matter (The $500 tweet)
-
-<div className="my-6 grid grid-cols-1 md:grid-cols-2 gap-6 not-prose">
-  <div>
-    <h3 className="text-lg font-semibold mb-2">How it Started</h3>
-    <Tweet id="1900767509621674109" />
-  </div>
-  <div>
-    <h3 className="text-lg font-semibold mb-2">How it's Going</h3>
-    <Tweet id="1901560276488511759" />
-  </div>
-</div>
-<figcaption>Don't end up like Leo. Learn enough to protect yourself, or buy the premium package to protect your secrets.</figcaption>
-
-Publishing an OpenAI key to a public repo is the software equivalent of tweeting your Amex and CVV, or strolling down Times Square throwing your credit cards at strangers' faces.
-
-Attackers can crank out four‑figure bills (or worse, wipe data) before you notice the email from Stripe.
-
-<Image src={gettingGot} alt="Publishing your secrets on the public internet is the equivalent of walking through times square and throwing your credit cards at strangers" />
-
-So, I've created this free guide to help welcome the new generation of builders getting their start with AI-native tooling. [I've been shipping production code at major tech companies you've heard of](/about) for the last 13+ years, 
-and I don't want to see anyone else get their credentials popped or apps hacked.
-
-<div className="mt-6 text-base text-zinc-600 dark:text-zinc-400">
-  Hi, I'm Zachary. With over a decade spent building and securing software in production environments (as you can see below), I've learned a few things about keeping projects safe, especially when AI tools enter the mix.
-</div>
+## What actually counts as a secret?
 
-{/* */}
-<div className="my-8 grid grid-cols-1 md:grid-cols-[auto,1fr] gap-x-8 gap-y-4 items-start not-prose border-t border-b border-zinc-200 dark:border-zinc-700/40 py-8">
-  <div className="md:sticky md:top-24 max-w-[150px] mx-auto md:mx-0">
-    <RandomPortrait width={150} height={150} />
-  </div>
-  <div className="prose dark:prose-invert prose-sm">
-    <CV showHeading={false} />
-  </div>
-</div>
-{/* */}
+### 🚨 Always Keep Private:
+- `OPENAI_API_KEY`
+- `DATABASE_URL` (e.g., `postgres://user:password@...`)
+- `AWS_ACCESS_KEY_ID`
+- `JWT_SECRET`
 
-API keys, database URLs, JWT secrets—they're *money, access, identity*. Guard them accordingly.
+**If it looks like a password or unlocks paid access, it's a secret.**
 
 ---
 
-## What actually counts as a secret?
-
-| ✅ **Keep private** | 🚫 **Safe to commit** |
-| --- | --- |
-| `OPENAI_API_KEY` | Markdown/MDX content |
-| `DATABASE_URL` (`postgres://…`) | Static images |
-| `JWT_SECRET` | Unit‑test fixtures (dummy keys) |
-| Cloud creds (`AWS_ACCESS_KEY_ID`) | README text |
-
-> **Rule of thumb:** if someone could impersonate you, delete data, or run up a bill, it's a secret.
+## Git = Save Game, Explained 💾
 
-## 3. Secrets & Environment Variables — Baby Steps 🍼
+Imagine your project is a video-game world:
 
-**Secret** → a password-like string that unlocks a paid API or private database.
-**Environment variable (.env)** → a little locked drawer your code can peek into at runtime so the secret never sits in code.
+| Game vibe | Git concept |
+|-----------|-------------|
+| **Save slot** | **Commit**: Freeze the game exactly as it is. |
+| **New level / side-quest** | **Branch**: Spin up an alternate timeline safely. |
+| **Cloud save** | **Remote (GitHub)**: Stores your code online for sharing. |
 
-Think of .env as hiding your house key under a rock outside the door. Your code knows which rock to lift; strangers do not.
+### Beginner loop (shortened)
 
-Quick mental checklist
-	- Never paste a secret directly into .js / .ts files.
-	-	Keep your .env file **out of Git** so it never lands on GitHub.
-	-	Load the variable in code with process.env.OPENAI_API_KEY (Node) or framework helpers.
+```bash
+git init
+git add . && git commit -m "save"
+git push -u origin main
+```
 
-## Install GitGuardian to Auto-Detect Leaked Secrets 🛡️
+Need to try something wild?
 
-Before you start pushing code to GitHub, it's smart to set up a tool that will catch any secrets you accidentally commit. [GitGuardian](https://www.gitguardian.com/) scans your code for API keys and other sensitive info before it ever leaves your machine.
+```bash
+git checkout -b shiny-idea
+# …hack away…
+git switch main && git merge shiny-idea
+```
 
-**How to install GitGuardian's CLI (`ggshield`) with Homebrew:**
+Lost in the woods?
 
-1. Open the terminal in Cursor
-2. Paste and run this command:
+<div className="not-prose my-4 p-4 rounded-md border border-red-300 bg-red-50 text-red-800 dark:border-red-600/30 dark:bg-red-900/20 dark:text-red-200">
+  <strong className="font-semibold">⚠️ CAUTION:</strong> This command will undo your current uncommitted work! Use only if all else fails.
+</div>
 
 ```bash
-brew install gitguardian/tap/ggshield
+git reset --hard HEAD~1
 ```
 
-Below is a quick video walkthrough of the installation process:
+### Git in Action:
+1. You break your app while adding a new feature.
+2. Panic? No! Run `git reset --hard HEAD~1` to revert to your last save.
+3. Try again on a new branch: `git checkout -b retry-feature`.
 
-<video
-  src="/videos/git-guardian-install.mp4"
-  controls
-  className="w-full max-w-2xl mx-auto my-6 rounded-lg border border-zinc-200 dark:border-zinc-700/40 shadow-lg"
-  poster="/images/vibe-coding-survival-guide.webp"
-  aria-label="Video walkthrough: Installing GitGuardian CLI with Homebrew"
-/>
+**Premium Bonus:** Screencasts walk you through real-world Git issues like fixing a botched `merge`.
 
-## Your First Safe Deploy — 5-Minute Walk-through 🚀
+<div className="not-prose my-4 p-4 rounded-md border border-yellow-400 bg-yellow-50 text-yellow-800 dark:border-yellow-600/30 dark:bg-yellow-900/20 dark:text-yellow-200">
+  <strong className="font-semibold">🔒 Premium Only:</strong> Get pre-commit hooks and AI-powered rules that nudge Cursor to offer branches or checkpoints.
+</div>
 
-Follow this once, and you'll have a real-world loop you can repeat for every project.
+---
 
-1. Init + first save slot
-```bash
-git init
-git add . && git commit -m "init"
-```
+## 3. Secrets & Environment Variables — Baby Steps 🍼
 
-There are two ways you can create a new file when working with Cursor: 
-1. Use Cursor: Hit Cmd+Shift+P to bring up the command pallete then select Cursor → New File → .env
-2. Run the touch command in your terminal from the root of your project: 
+**Secret** → a password-like string that unlocks a paid API or private database.  
+**Environment variable (.env)** → a locked drawer your code can peek into at runtime so secrets don't sit in code.
 
-```bash 
-touch .env
-```
+Think of .env as hiding your house key under a rock outside the door. Your code knows which rock to lift; strangers do not.
 
-Next, open the .env file for editing. You should put all of your secrets, API keys, database access strings in here:
- ```bash
-OPENAI_API_KEY="sk-live-…"
-DATABASE_URL="postgres://…"
-```
+Quick checklist:
+- 🚫 Never paste a secret directly into .js or .ts files.
+- 📁 Keep your .env file **out of Git** so it never lands on GitHub.
+- 🧑‍💻 Load the variable in code with `process.env.OPENAI_API_KEY` (Node) or framework helpers.
 
+### 💡 Try This (Free):
+Run `git add . && git commit -m "test"` to save your code.
 
-2. Create the secrets drawer
+**Premium Bonus:** Watch the screencast to see how Cursor's AI suggests commit messages *before* you type them.
 
-```bash
-# .env
-OPENAI_API_KEY="sk-live-…"
-DATABASE_URL="postgres://…"
-```bash 
-echo ".env" >> .gitignore
-```
+---
 
-3. Push to GitHub (cloud save)
-```bash
-gh repo create my-app --public   # GitHub CLI, or create via UI
-git push -u origin main
-```
+## 🎥 What's in Premium?
 
-4.	Import to Vercel
-Vercel → "Add New Project" → pick your repo → Environment Variables tab → paste the same keys.
-
-5.	Deploy & verify
-Test your application in production
-
-<div className="not-prose my-8 p-6 rounded-xl border border-zinc-200 dark:border-zinc-700/40 bg-gradient-to-br from-zinc-50 via-white to-zinc-100 dark:from-zinc-900 dark:via-zinc-900/70 dark:to-zinc-800 shadow-lg">
-  <h4 className="text-md font-semibold text-zinc-900 dark:text-zinc-100 mb-4">
-    Premium Version includes a deployment assistant tool that:
-  </h4>
-  <ul className="space-y-2 text-sm text-zinc-700 dark:text-zinc-300 list-none pl-0">
-    <li className="flex items-start"><span className="text-orange-500 mr-2 mt-1">✓</span> Examines your project</li>
-    <li className="flex items-start"><span className="text-orange-500 mr-2 mt-1">✓</span> Gets everything ready for production</li>
-    <li className="flex items-start"><span className="text-orange-500 mr-2 mt-1">✓</span> Ensures no secrets will be leaked</li>
-    <li className="flex items-start"><span className="text-orange-500 mr-2 mt-1">✓</span> Helps you deploy to production</li>
-  </ul>
-</div>
+- **Screencasts:** Watch me debug a secret leak in real-time.
+- **Cursor Rules:** See how AI nudges you to safer commits.
+- **Templates:** Copy-paste CI/CD configs that block leaks automatically.
 
-<Newsletter 
-  title="🚀 Get the Deployment Assistant!" 
-  body="Join the waiting list for Vibe Coding Mastery and be the first to access the deployment assistant."
-  successMessage="You're on the list! We'll email you about Vibe Coding Mastery."
-  position="vibe-guide-cta2"
-  tags={['vibe-coder-premium-waitlist', 'source-vibe-guide-cta2']}
-  className="mt-[-1rem] mb-6 not-prose"
-/>
+<Link href="/products/vibe-coding-mastery">
+  <img src="https://via.placeholder.com/600x300?text=Premium+Only:+Real-time+Secret+Scanning" alt="Premium only: GitGuardian blocking a leaked API key" />
+</Link>
+*Premium unlocks screencasts and tools that auto-block leaks before they happen.*
+
+[Join Waitlist for Early Access](/contact)
+
+---
 
 <div className="mt-16 mb-16 text-center not-prose">
   <h3 className="text-lg font-semibold text-zinc-900 dark:text-zinc-100 mb-2">
@@ -298,17 +178,15 @@ Test your application in production
   <ShareButton />
 </div>
 
-## Buzzword Decoder — One-Page Glossary 📖
-
-| Term                  | What it really means                                                       |
-|-----------------------|----------------------------------------------------------------------------|
-| **Commit**            | A "save slot" snapshot of your code.                                       |
-| **Branch**            | A parallel timeline for experiments.                                       |
-| **Remote**            | A copy of your repo on GitHub, GitLab, etc.                                |
-| **Secret**            | Any token or password that costs money or grants access.                   |
-| **Environment variable** | A key–value pair the OS hands to your app at runtime (`process.env.*`). |
-| **`.env` file**       | Local text file that stores secrets; should stay off GitHub.               |
-| **Rotate a key**      | Revoke the old secret and issue a new one.                                 |
-| **Force-push**        | Overwrite history on the remote—use only after scrubbing leaked secrets.   |
-| **Preview deploy**    | Temporary URL auto-built from a feature branch.                            |
-| **CI / CD**           | Robots that test ("CI") and ship ("CD") your code whenever you push.       |
+---
+
+## Survival Terms 📖
+
+| Term        | What it really means + Risk                     |
+|-------------|-------------------------------------------------|
+| **Commit**  | A save point for your project. Lose it? You're stuck debugging blind. |
+| **Branch**  | A parallel timeline to test changes safely. Without one, bugs hit your live project. |
+| **Remote**  | A GitHub copy of your project. Push unsafe code here? It becomes public. |
+| **Secret**  | API keys, DB URLs — anything that costs money or gives access. Leak it, pay for it. |
+
+---