← Blog

May 24, 2026

From Spec to Live SaaS: The Three Stages Most Solo Builders Get Wrong

You have the spec. You've picked your AI coding tool. Claude Code, Cursor, Codex — whichever.

Most guides stop here and say "now go build." But there's a gap between "I have a spec" and "I have a live product taking real payments" — and it's bigger than the coding part.

There are three distinct stages. Most builders only think about the middle one. Stages 1 and 3 are where launches actually die.

Stage 1: Before you open your editor

This stage takes about 30 minutes. Most people skip it and pay for it later.

The problem is that your third-party services have hidden dependencies. You can't get your Stripe webhook secret until you've deployed somewhere, because Stripe needs a real URL. You can't fill your database URL until you've created the database. You can't send emails until your domain is verified — and that takes 24–48 hours of DNS propagation you can't speed up.

If you set up services in the wrong order, you'll be blocked mid-build waiting on something you should have started two days ago.

The right order:

  1. Create a GitHub repo and push an empty project
  2. Create a Vercel project and link it to the repo — you need a production URL before Stripe will give you a webhook endpoint
  3. Create a Supabase (or Neon) project — copy the pooler connection string (port 6543) for your app and the direct connection string (port 5432) for migrations. They are different and both matter.
  4. Create a Stripe account — get your secret key. Do not touch live mode yet.
  5. Create a Resend account and start domain verification now — add the DNS records immediately. It takes 24–48 hours to propagate. If you wait until you're ready to launch, you'll be blocked.
  6. Create a Stripe webhook pointed at your Vercel production URL — copy the webhook secret
  7. Fill your .env.local with everything you've collected
  8. Run migrations against your database (npm run db:migrate)
  9. Start the dev server — you should be running locally now

The two steps with hidden wait times:

  • Resend domain verification — 24–48 hours. Start it on day one, not launch day.
  • Stripe live mode — requires business verification. Allow 1–3 days. More on this in stage 3.

Stage 2: While the AI builds

This is the part everyone talks about. The AI writes the code, you review it, you iterate. Most of it works.

But there are a handful of places where AI coding tools consistently get things wrong — not because they're bad, but because these are genuinely tricky wiring problems that look right on the surface.

Know these traps before they cost you hours:

  • Prisma + serverless: you need two DATABASE_URLs. Your app (running serverless on Vercel) must use the pooler connection with ?pgbouncer=true appended. Your migration scripts must use the direct connection. Get this wrong and you'll see prepared statement already exists errors in production that don't appear locally. Check every place your DATABASE_URL is used.

  • Stripe webhooks break when your domain changes. When you go from a Vercel preview URL to your production domain, the webhook endpoint in your Stripe dashboard still points at the old URL. New payments will fire webhooks into the void. Update the endpoint in Stripe every time your domain changes.

  • Stripe webhooks also need a local listener during development. Your POST /api/webhook route will never fire from Stripe during local dev unless you run the Stripe CLI listener: stripe listen --forward-to localhost:3000/api/webhook. If you're testing payments locally without this, you're not actually testing the full flow.

  • NextAuth silently breaks without AUTH_SECRET. If AUTH_SECRET is missing or fewer than 32 characters, sessions won't work — but the error won't always be obvious. Set it first, before touching anything auth-related.

  • Supabase free tier pauses after 1 week of inactivity. Your production database will go to sleep if nobody uses it for 7 days. For a new product this is a real risk. Either upgrade to the paid tier before launch or set up a simple cron ping to keep it alive.

Where to stay in the loop:

AI coding tools are excellent at scaffolding, CRUD logic, and UI components. They're weaker at:

  • Correctly wiring Stripe webhooks end-to-end (verify the webhook signature check is actually running)
  • Auth edge cases — expired sessions, OAuth error states, email link expiry
  • Database transaction correctness when credits or balances are involved

Don't blindly approve these. Read the generated code for these specific areas before moving on.

Stage 3: Before you share the URL

You've built it. It runs. The temptation is to post it on Reddit or Product Hunt immediately.

Don't.

Test these flows manually first:

  • Sign up with a real email address (not a test account you're already logged into)
  • Complete the core action your product is built around — from scratch, as a new user
  • If you have payments: complete a full purchase using Stripe test card 4242 4242 4242 4242. Check that the confirmation email arrives and the account is updated correctly.
  • If you have email: trigger a magic link or notification email and confirm it arrives in your actual inbox, not spam
  • Open the product on your phone. Test every core flow on mobile.
  • Try to break things: submit empty forms, use expired links, try to access pages you're not authorised for. See what happens.

Non-technical steps before going live:

These aren't optional. They're the things that block real revenue or create legal exposure.

  • Switch Stripe to live mode — this requires completing Stripe's business verification (legal name, address, bank account). It takes 1–3 business days. If you haven't started this, you cannot take real payments. Start it now.
  • Update your Stripe webhook to point at your production domain and switch it to live mode keys
  • Confirm Resend domain verification is complete — send a test email from your production environment, not just locally
  • Add privacy policy, terms of service, and refund policy pages — legally required in most countries if you collect emails or payments. Not optional.
  • Set all environment variables in your Vercel dashboard — your .env.local file is not deployed. Every variable needs to be set manually in Vercel project settings under the correct environment (Production, Preview, Development).
  • Deploy once more and do a full smoke test on the production URL — things that work locally sometimes break in production due to environment variable mismatches or serverless cold start behaviour. Test before you share.

The spec now includes all of this

The build spec you generate on Nicheloom now includes three dedicated sections that map these stages directly:

Setup Sequence — the ordered steps with dependencies made explicit, so you know which accounts to create in which order and which steps have wait times.

Gotchas & Known Traps — stack-specific failure modes tailored to the exact services your spec recommends. Not generic warnings — the specific traps for your combination of Prisma, Supabase, Stripe, NextAuth, and Resend.

Pre-launch Checklist — the manual flows to test and the non-technical launch requirements, customised to your product type.

The spec was always the coding blueprint. Now it's the complete launch map.

Browse validated ideas and generate your build spec at nicheloom.com.