← Back to blog

How I Used Codex to Build Vibe Storefront

A practical field report on using Codex and GPT-5.5 to turn a rough product idea into a working, verified AI app.

Social card for How I Used Codex to Build Vibe Storefront

I built Vibe Storefront to test a simple idea:

Can one rough product idea become a shareable storefront concept fast enough to react to it?

The app is straightforward. A signed-in visitor enters a plain-English product idea. The server asks Codex for structured storefront content, validates it, generates product imagery, saves everything to Supabase, and publishes a public page.

The more interesting part is how I built it.

I used Codex as the development partner and Codex as part of the runtime product. That made the project a good test of where AI coding agents are actually useful right now.

I did not ask Codex to build a startup

The first useful decision was scope.

I kept pushing the project back to one complete loop:

  1. Generate a storefront.
  2. Save it.
  3. Share it.
  4. Let the user come back to it.

That sounds obvious, but it matters. “Build a storefront generator” can quietly turn into auth, database design, prompt engineering, image generation, moderation, public pages, dashboards, deployment, analytics, admin tools, and checkout.

That is how you get a giant diff and no finished product.

The better Codex prompt was not:

Build the whole app.

It was closer to:

Help me shape the smallest complete product loop. Then implement one bounded slice at a time.

That changed the work.

GPT-5.5 changed what I could delegate

The headline here is simple: GPT-5.5 is really strong.

I am not saying that as a benchmark claim. I am saying it as someone using it inside real repos with messy context, local instructions, tests, environment problems, and product judgment.

With weaker models, I usually delegate code-shaped tasks:

  • Make this component.
  • Fix this type error.
  • Write this test.
  • Explain this API.

With GPT-5.5 in Codex, I could delegate bigger product-shaped slices:

  • Add the signed-in dashboard flow.
  • Experiment with a one-guest-generation flow, then lock it down behind sign-in and quotas once public traffic exposed the risk.
  • Save generated storefronts to Supabase with the right ownership rules.
  • Generate product images and persist the durable URL.
  • Package the Codex CLI so runtime generation worked on Vercel.
  • Build the verification path and fix failures instead of stopping at the first error.

That is the practical jump.

The model still needs review. It still needs constraints. It still makes choices I would not keep. But the size of useful delegation got bigger.

That is why Codex feels different with 5.5 behind it. It is not just better autocomplete. It is closer to a fast engineer who can take a scoped task, inspect the repo, make the change, run checks, read failures, patch again, and keep moving.

The workflow was boring on purpose

The loop I used was simple:

  1. Plan the slice.
  2. Let Codex inspect the repo.
  3. Let it implement.
  4. Review the diff.
  5. Run the checks.
  6. Feed the actual failure back into Codex.
  7. Repeat.

That sounds slower than “just tell the agent to build it.”

It was faster.

The first working MVP came together in roughly two and a half to three hours. It already had the core path: auth, persistence, tests, and Codex running at runtime. After that, the work was hardening: generated images, prompt dedupe, production auth, account quotas, content filtering, Supabase storage, Vercel environment variables, DNS, and the Codex runtime packaging problem.

That is where Codex was most useful. Not only in the fun demo moment, but in the annoying middle where real products usually slow down.

The runtime AI needed a contract

Vibe Storefront does not only use AI during development. It uses Codex inside the product.

That means the model output cannot be treated as trusted data.

The runtime path is:

  1. Receive the product idea.
  2. Ask Codex for structured storefront content.
  3. Validate the response with Zod.
  4. Persist the validated result in Supabase.
  5. Render the public storefront from saved data.

Prompt quality helps, but prompt quality is not a contract.

The schema is the contract.

That was one of the biggest engineering lessons. If AI output feeds a real app, the app still needs normal boundaries: schema validation, server-side writes, Row Level Security, public read paths, image fallbacks, and failure handling.

Codex helped across that whole surface. It worked on the prompt shape, schema, server route, UI states, tests, and persistence. But the design rule stayed simple:

The model can generate. The application decides what it trusts.

Real traffic changed the deployment posture

One update after putting the demo in public: the original guest-generation idea did not survive contact with real traffic.

My first product instinct was to show value before asking for an account. Let a visitor type one idea, generate one storefront, and understand the payoff before sign-in. For a normal low-cost interaction, that shape still makes sense.

For an AI app that triggers paid model calls, it was too open.

That became the second important lesson of the project:

Public AI generation is exposed compute. Treat it that way.

So I changed the posture. Generation now requires sign-in. Each signed-in account gets up to three storefronts. The server reserves a generation slot before any expensive model work, which makes concurrent or repeated requests fail closed. The app also tightened content filtering so obvious porn, profanity, and NSFW prompts are rejected before generation.

I do not think the first version was a bad product decision. It was a useful prototype decision. But once a demo is in the wild, the operational shape matters more than the conversion shape.

The strongest signal from the exercise was not that the first deployment was perfect. It was the response loop:

I built a demo quickly, put it in front of real traffic, found an abuse and cost risk immediately, locked down auth, quota, content filtering, and database state, verified production, and communicated clearly.

That is deployment engineering in miniature.

The app still shows public storefronts. The share pages still work. The expensive path is the one that changed.

That distinction matters. Good guardrails should protect the system without turning the whole product off.

Verification made the speed useful

The repo has a consolidated npm run verify command. It runs typecheck, lint, unit tests, production build, and a Playwright browser smoke test.

That mattered a lot.

Fast agents without verification just create faster uncertainty. With real checks, Codex has something concrete to work against.

The verification path forced the app to prove the basics:

  • The homepage renders.
  • The all-storefronts page renders.
  • Public share pages render.
  • Signed-out generation is blocked before model calls.
  • Signed-in generation is quota-limited.
  • Content filtering runs before expensive generation.
  • The production build passes.
  • Browser smoke catches obvious user-facing failures.

This is one of my strongest opinions after building with Codex:

If you want better agent output, give the agent better feedback loops.

Tests, builds, smoke checks, browser inspection, screenshots, and logs all make Codex more useful because they turn vague quality into observable reality.

My takeaway

The lesson is not “let Codex build your whole app unsupervised.”

The lesson is:

Use Codex to shape a narrow loop, implement it in scoped slices, validate AI output like an external dependency, and verify the user path before calling it done.

That is where Codex and GPT-5.5 feel genuinely different.

They make bigger slices of real work practical.

For Vibe Storefront, that meant going from a rough idea to a working AI app with auth, persistence, generated images, public share pages, content filtering, quotas, tests, smoke checks, deployment hardening, and a project deck.

Codex did not just help me write code.

It helped me keep momentum across the whole path from intent to implementation to verification.

That is the part I care about most. A lot of projects do not die because the code is impossible. They die because the distance between idea and working artifact is too long.

Codex with GPT-5.5 made that distance much shorter.

QR Code for jessepeplinski.com

Jesse Peplinski

I turn problems into prototypes.