Dear founder,
I know you’re out there. The developer who watches their colleagues enthusiastically embrace Claude Code and Cursor, having AI write entire feature sets while you proudly type every semicolon by hand. The founder who sees AI-generated code as a ticking time bomb of bugs and security vulnerabilities. The software entrepreneur who believes that real code comes from human minds, not language models.
This one’s for you.
A quick word from our Sponsor, Paddle.com. I use Paddle as my Merchant of Record for all my SaaS businesses. They take care of all the taxes, the currencies, tracking declined transactions and updated credit cards so that I can focus on building my product. Paddle released a new guide just a few days ago, and I think you. should check it out. It’s called “Grow beyond Black Friday” and contains very actionable strategies for payment conversion and billing to maximize revenue and retention in the long term. It’s all about using seasonal sales effectively. If you have anything to sell, check out Paddle.com as your payment provider.
Okay, here’s the thing - even if you’re in the AI-embracing camp, happily letting robots write your Redux boilerplate, what I’m about to share will be equally valuable. Because today, I’m going to show you all the ways you can leverage AI in your software projects without having it write a single line of production code.
The Coding Companion You Never Knew You Needed
The biggest breakthrough - and likely what some of you have already tried but can be done in a very particular and intentional way - is having AI systems as a coding companion. Not a code writer, but an investigator. Someone you can task with research, and who reports back insights that you can then tackle as projects on your timeline.
This is exactly how I got into using AI tools as coding helpers. Back in late 2023 and early 2024, when I was first building Podscan, AI systems just weren’t capable of producing reliable code. They couldn’t. So what was I using these tools for? I was tasking them with individual problems and challenges, asking them to give me insights that would allow me to write the solution myself.
Here’s the kind of thing I’d ask: “This function gives me the wrong result, even though I implemented it correctly. It worked for a bit, then I made a couple changes, and now it doesn’t. What could be the case?” This kind of impromptu investigation is where AI tools really shine. And if you tell these tools - either in the system prompt or in your request - to not create any code but only guide you through a solution, they become the pair programming partner who never touches the keyboard. The code reviewer who’s giving you insights and opinions on the code you’re writing.
Your Always-On Bug Hunter
AI is incredibly capable of building a theory of your program internally just from reading the code base. It’s not executing the code, but it seems to parse and trace through it to understand where bugs might come from.
Here’s how I use it: “Hey, I’m experiencing a bug when this happens. I think it’s in this module, or at least this class is involved. Can you investigate how, when I call this function with this kind of data, erroneous output like this could potentially emerge?”
Now, you have to understand that LLMs suffer from what I call “sycophantic exuberance” - they want to tell you everything is great. So if you just ask it to find bugs, it’ll say your code is perfect. You need to actively tell it to maintain a very nuanced, professional, detached perspective when investigating your code base.
Some bugs of certain complexity just won’t be reproducible by an LLM. You’ll need to give it precise input data, precise output data, and every step along the way. Traditional static code analysis tools might be better for some cases, but I have a strong feeling that people are working on MCP systems that AI bug-hunting agents will soon be able to use in their own analysis.
Think of it as your always-on, always-available bug-hunting colleague that can look at code in ways you might not. It brings a completely different perspective, and sometimes that fresh set of eyes is exactly what’s needed to find the bug.
The Cross-Language Optimization Expert
Here’s where things get really interesting - trans-language or multi-language code optimization. How often have you had an ORM query or some SQL embedded in your JavaScript or PHP that’s running slow, not getting the right data, or could just be faster?
An AI agent is quite capable of taking an existing query - both the actual SQL and the way it’s composed in your programming language and framework - and investigating how it could be better. When it comes to SQL queries, and this is something I do constantly with AI help, here’s my process:
Run the query, note the execution time. Run an EXPLAIN ANALYZE with the exact same query. Take that output along with either the full database schema or at least the table schema you’re working with - copy and paste the fields and existing indices. Then let the AI look for ways to optimize.
If you provide a full EXPLAIN ANALYZE output for a particular query, in nine out of ten cases, I get an immediate optimization and speed improvement. And here’s the beautiful part - it’s not necessarily writing code. It might just suggest a new index to add, or point out that your indices are in the wrong order.
This happens to me all the time. I create an index thinking it’s exactly what I need. Then a few queries later, it turns out it shouldn’t have been an index on the ID, foreign key, and created_at field in that order. It should have been ID, created_at, then the foreign key, because that’s the order most queries access the data. I would forget, but an agentic system can figure this out.
Your Personal Security Reviewer
One of the latest features I’ve been experimenting with in Claude Code is security review. It looks at recent changes and checks them for security implications. This is another incredibly useful behind-the-scenes use case that can eclipse traditional tests in terms of impact on code quality.
Imagine creating a very specific security-related prompt where you express all your preferences for application security, all the commonly used best practices you want to establish in your code base. Then have Claude check the code base and recent commits for adherence to your security preferences, for semantic correctness, and for potential vulnerabilities.
Suddenly, you have a very capable - not perfect, but highly capable - security reviewing tool that you can run every time you commit something. Or before you commit. Or when you merge commits back into your main branch. Or when you’re experimenting with new technology and want to see if it has implications in other parts of the code base.
Claude is quite capable of understanding security requirements that exist in our community - more than you might know, because it was trained on all security-related software, not just the vulnerabilities you’ve personally noticed or worried about. It’s a great tool to run before a major release to ensure you’re not facilitating a massive backdoor into your system. These get caught quite reliably by agentic AI systems.
The Code Reviewer You Can’t Afford to Hire
Security vulnerabilities notwithstanding, agentic code systems are spectacular at reviewing code. And this is particularly valuable when you’re the only one in your company. If you’re a solopreneur building a solo business, there’s literally no reason why you wouldn’t want to have a capable agentic system review your code.
It can tell you when something doesn’t do what it appears to do, when something is unexpected, misconfigured, when you’re using the wrong version of a library. These are the kinds of things that a second pair of eyes would catch, but as a solo founder, you don’t have that luxury. Until now.
If you have a ChatGPT subscription or a Claude subscription for 20 bucks a month, run it before you merge a commit. Run it when you’re done with a new feature implementation. Create a prompt, or look online for code reviewing prompts - there are so many now. There are Claude Code prompt libraries that can help you scan a code base for accessibility issues, circular dependencies, memory leaks, test coverage validation. There are prompts for finding where tests are missing or where disambiguation in documentation would be helpful.
It’s this process of telling you where the gaps are, because it has full access to your whole code base. By a mere command, you can have an expert review your code. It would be quite a waste not to do it.
Building Value Through AI-Assisted Documentation
When you’re building a software business as a solopreneur or small team, there’s always the chance you might want to sell the business. And an acquisition-ready, well-maintained, well-documented, and well-tested code base is valuable. It’s worth actual money.
If you have 50% test coverage in your code base, that’s great. But what if you could get to 95%? What if you could tell your acquirer, “This code base is highly tested. Any breaking change will be immediately caught by our testing system.” That’s money on the table, because they know the value of that code base.
You can ask an AI system: “What kinds of tests should I implement that would have the highest potential coverage?” or “What documentation would I need to write to make this business more sellable?” These are actual prompts you can use to get pretty good answers without the system writing any line of code.
The Bottom Line
I highly recommend using a standalone AI coding agent like Claude Code - that’s what I use. You can express all your preferences in the claude.md system prompt file that gets loaded whenever Claude starts. For every prompt, you can specify: “I don’t want you to actually write my code. I only want you to help me figure things out, analyze them, optimize them, and give me suggestions in the shape of markdown files in a ‘fix-me’ folder.”
It’s also helpful to have a claude.md file that you populate where Claude scans your whole code base, figures out the internal structure, and documents it. Review that, rewrite it if it’s wrong, add things that are important to you. This helps Claude understand the internal logic of your code base every time it runs.
Let me be very clear: Claude Code can be run completely without having it inject any line of code into your system. But having it there, able to understand your system, is incredibly valuable.
Now, obviously, what I’m trying to tell you is to prompt for these things and then maybe - just maybe - let the thing also write some code. But that’s a step that only works if you have trust in the AI system, trust in the underlying documentation, trust in your prompting, and trust in your ability to review changes that these code-generating tools have made.
But you don’t need a single line of code to be written by AI for it to be useful. And I hope these examples give you ideas of how you can use it in your handcrafted code base. For everybody else who’s already embracing AI code generation, this gives you ideas of what else you could have AI build instead of just features.
Your code base is yours. You own every line, every semicolon, every clever hack. But that doesn’t mean you can’t have the world’s most knowledgeable coding companion sitting right there with you, ready to investigate, optimize, secure, and review everything you build. That’s not surrendering control - that’s augmenting your capabilities while maintaining your craft.
Don’t let pride keep you from using tools that can make your code better, your business more valuable, and your life as a developer easier. The AI isn’t here to replace your coding - it’s here to make you a better coder. And that’s something even the most ardent code purist can get behind.
We're the podcast database with the best and most real-time API out there. Check out podscan.fm — and tell your friends!
Thank you for reading this week’s essay edition of The Bootstrapped Founder. Did you enjoy it? If so, please spread the word and share this issue on Twitter.
If you want to reach tens of thousands of creators, makers, and dreamers, you can apply to sponsor an episode of this newsletter. Or just reply to this email!
