






















I spent the last eight months shipping two enterprise applications, solo, using Cursor and Anthropic's frontier models. Both are in production now. One is a commercial loan origination system. The other is a multi-app internal platform that consolidates a dozen back-office tools behind a single sign-on. Different problem domains, almost identical stack.
I am writing this for the engineer or technical founder who has heard "vibe coding" and wants to know whether it is real, what it costs, and what the actual architecture looks like on the other side. No hype. Just the numbers, the stack, and the recipe.
Pulled directly from the Cursor usage report for my account over the build window:
| Metric | Value |
|---|---|
| Active coding hours | 450.3 |
| Active days | 185 |
| Cursor events | 34,875 |
| Cursor spend (solo developer) | $13,945 |
| Effective rate | ~$31 per active coding hour |
| Model mix | Majority on Anthropic Opus-thinking |
Eight months of calendar time, roughly 450 hours of focused coding, $13,945 in AI spend. Two apps shipped. For comparison: a single mid-level contract engineer at $150/hour would have cost $67,500 for the same 450 hours, and would not have written 350,000 lines of code in that window.
That is the headline number. The honest version is below.
Both applications converged on the same architecture. That convergence was not planned. It is what happens when you let the AI pick reasonable defaults, course-correct toward the simplest thing that scales, and stop fighting the framework.
| Layer | Choice | Why |
|---|---|---|
| Runtime | Next.js 15 (App Router, Turbopack) | Single repo, server components, file-based routing, mature ecosystem |
| Language | TypeScript 5 on Node 20 | End-to-end types, zero context-switching with the AI |
| ORM | Prisma 6 | Type-safe queries, migrations as code, AI-friendly schema |
| Database | Azure Database for PostgreSQL Flexible Server (v16, pgvector on one app) | Boring, durable, cheap, every AI tool understands it |
| Cache / queue | Azure Cache for Redis (ioredis) | Sessions, rate limits, lightweight job queues, outbox drains |
| Auth | NextAuth 4 + Microsoft Entra ID (OIDC SSO) | One-click sign-on for any Microsoft 365 tenant |
| Validation | Zod 4 (shared between API and forms) | One schema, two surfaces, zero drift |
| UI | Tailwind 3 + Radix UI primitives | Composable, accessible, no design-system politics |
| Telemetry | Application Insights (server + browser SDK) | Distributed tracing without standing up another vendor |
| Secrets | Azure Key Vault (with Container Apps secret references) | Zero secrets in CI, rotation without redeploy |
| Azure Communication Services (transactional) | Native to the tenant, cheap, no SendGrid bill | |
| Compute | Azure Container Apps + Container Apps Jobs (cron + on-demand) | Scales to zero, no Kubernetes, predictable pricing |
| Registry | Azure Container Registry (managed-identity pull) | Private images, OIDC from GitHub, no static creds |
| CI/CD | GitHub Actions with OIDC federation to Azure | No long-lived deploy secrets, branch-protected main |
The two apps together run on:
Three principles drove every architectural choice.
Boring at the boundary, interesting in the middle. The plumbing - auth, database, deploy, secrets, telemetry - is all first-party Microsoft or first-party framework defaults. The interesting code is in the business logic, which is also the only code worth writing custom. Every hour spent gluing a non-default service together is an hour not spent on the actual problem.
Static typing end to end. The AI is dramatically better when types flow from the database row through the Prisma client through the API handler through the Zod schema into the React form. One change to a Prisma model surfaces every place it breaks. The compiler is the autopilot for refactors the AI does not catch.
No long-lived secrets anywhere. GitHub federates to Azure via OIDC. Container Apps pull from Key Vault via managed identity. The only secret in GitHub is the DATABASE_URL needed by the migration job, and even that is scoped to the migration runner, not the app. Rotating credentials is a 30-second Key Vault operation, not a deploy.
The combined effect: a stack the AI can navigate end-to-end without you having to remember which alternative path you took last time.
The two apps had different exposure requirements, and that drove the single most consequential decision after the stack itself.
App A has a client portal that must be reachable from the public internet for non-tenant users, plus webhooks from third-party financial services that have to land on a public URL. App Proxy was not a fit. Instead, I paid for a third-party professional security review: a senior developer signed off on the auth flows, the magic-link portal, the rate limits, the input validation, and the audit posture before launch. The Container App takes public traffic directly through its managed certificate.
App B is internal-only. Every user authenticates against the same Microsoft Entra ID tenant before they ever see the application. I put Microsoft Entra Application Proxy in front of it. The Container Apps Environment runs with internal ingress, the only public surface is the App Proxy URL, and the App Proxy enforces pre-authentication, conditional access, and traffic inspection before any request reaches my code. It is the security posture of a VPN, without making users install a VPN client. The cost is a per-user monthly charge and one connector VM to keep patched. For an app that should never be reachable from outside the tenant, that is the easiest call in the stack.
Both postures are valid. Which one you pick is a function of who needs to reach the app:
The recipe below covers both paths and marks the steps that change depending on which exposure model you pick.
I want to be precise about this because the term has been stretched to mean everything from "AI autocompleted my for-loop" to "GPT-4 wrote my entire business."
What it actually looked like for me:
A working day was three to five hours of focused Cursor sessions. I would open a feature spec - usually a paragraph I had typed into a markdown file in docs/specs/ - and ask the model (almost always Claude Opus in extended thinking mode) to propose a plan. I would read the plan, push back on parts I disagreed with, then ask it to execute. I would watch the diffs, run the type checker, run the tests, and iterate.
The model did the typing. I did the deciding.
Most features took two to four iterations to land. The first pass was usually a working skeleton with a wrong assumption baked in. The second pass corrected the assumption. The third pass tightened the types, added error handling, wrote the tests. Sometimes a fourth pass to fix something the test suite caught.
The honest summary: I was acting as a technical lead reviewing pull requests from an extremely fast, extremely literal junior engineer who never tires, never gets defensive, and occasionally hallucinates a method that does not exist on the Prisma client.
The leverage is real. The supervision is non-negotiable.
The pattern was consistent across both apps.
The AI was excellent at:
The AI was unreliable at:
The single biggest unlock was the CLAUDE.md (or AGENTS.md) file at the repo root. A two-page document describing the stack, the conventions, the names of internal helpers, and the things the AI should never do. Every session inherited that context for free. Without it, every chat started from zero.
The bill is interesting because it shows what frontier models cost when you actually use them as a daily driver, not as a novelty.
The majority of my $13,945 spend went to Anthropic Opus-thinking models. Sonnet handled the work that did not need deeper reasoning: boilerplate, commit messages, small typed refactors. A handful of cheaper non-thinking models picked up trivia. Spend was concentrated in the second half of the build window as the codebases grew and more sessions moved into multi-file agent work.
The honest tradeoff: frontier models cost real money. A Sonnet-only build would have been meaningfully cheaper and noticeably slower on the hard parts: schema redesigns, multi-file refactors, debugging gnarly Prisma and Postgres interactions, security-sensitive code. The Opus-thinking premium paid for itself there.
I would do it again at this ratio. I would not do it at a Sonnet-only ratio for an enterprise-grade build.
Looking at the two apps with hindsight, the things that mattered most were not the technologies. They were the disciplines.
CLAUDE.md from day one. Even a 200-word version. The AI is dramatically better when it knows the rules of your repo.lib/permissions.ts from day one. Authorization sprinkled across handlers is the single most expensive mistake to clean up later. Centralize it before the second handler exists.What I would skip: most of the bespoke abstractions I built in month two that I deleted in month six. The AI loves building abstractions. Resist until the third place you need them.
The whole point of this piece is the recipe below. It is the exact step-by-step plan I would feed into Cursor on day one to bootstrap an app on this stack. Sixty-plus numbered steps, organized into phases, each one a thing you would actually ask Cursor to do.
Download it as a PDF for reading, or as a markdown file to paste straight into your AI editor.
Download the Recipe (PDF)
Download as Markdown
The recipe assumes:
The phases cover: the Azure foundation, the Entra registrations, the repository scaffold, authorization and audit, the API layer, the frontend, containerization, the Container Apps rollout (with the App Proxy vs public-ingress decision called out explicitly), GitHub Actions CI/CD with OIDC, observability, cost discipline, the vibe coding loop itself, and hardening before launch. That is the entire path from empty resource group to production-grade enterprise app.
Two production apps. Eight months. $13,945 in AI spend. About 450 hours of focused coding time at an effective rate of $31 per hour. The stack is boring on purpose. The discipline matters more than the tools.
The recipe scales because it is opinionated. Every decision was made once, captured in the stack, captured in the CLAUDE.md, and inherited by every Cursor session afterward. If you are starting an enterprise app today and want a path that does not waste the first month on framework debates, the download above is the path.
If you want the security side of running an app like this in a Microsoft 365 tenant, the tenant lockdown runbook is the companion piece. If you want the disaster-recovery side, the Synology M365 backup setup covers the cheap on-site backup layer that pairs with cloud backup for a real 3-2-1 posture.
Two apps. One stack. One recipe. Yours to run.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。