Wow. Now did you try to check the setup with something like Claude Fable?
My boss asked me to set up a WordPress for a product landing page.<p>I naturally won't do this; it's no more than a couple of weeks ago that some SQL injection landed in the search query function of this monstrosity.<p>WordPress always was and always will be terrible.<p>So I set up the landing page with a Hugo static site, and I've been vibe-coding a WordPress-like dashboard that operates on git repositories containing Hugo sites.<p>I call it WorbPress (not released yet), and I'm <i>sure</i> that's what my boss told me to install, or I might've misheard.<p>And yes, it's written in Rust (with Axum and Alpine.js), because why not?
Let me make sure I am hearing you right.
1) The person you report to asked you to accomplish a discrete task
2) of standing up one of the most common websites on the planet
3) and your response was to begin building your own custom CMS?<p>I know I am removing the train of thought that led you down this path, but is there anything I just said that is factually false?
Just to clarify: you think your vibecoded dashboard is more secure than WordPress? Not saying you're wrong, just wondering why you think you're right. Are you auditing the generated code, or is it a giant yolo?
I feel like not choosing WordPress was a great choice but I'm not sure about the rest of the comment. A simple html file might make for a good landing page though.
> because why not?<p>I'm not certain, but it seems like you're not being entirely serious here, however..<p>If you aren't joking, or for other people in this position, I'd first wonder if the landing page required a search function that would hypothetically be subject to the vulnerability, then I'd wonder about what the normal nature of your business is and how much latitude you personally have in the allocation of billable hours to arbitrary technology choices and whether those do actually align with the deliverable, then if I was the boss I might wonder why you created a bunch of (potentially) out-of-scope random liability using unusual lesser-known tools based on a personal vendetta against WordPress.<p>I've been in this position, conceptually if not literally, and I've probably been (in a way, rightfully) fired for it, but my country's labor protections are likely not quite as good as Denmark's.<p>If there's a question about why money was spent on implementing a bunch of stuff nobody knows for a reason nobody cares about, especially for a very short-lived thing like a landing page, then it's a sticky situation if the answer is basically novelty. Something like this, if it does serve a purpose, should be planned for and a case made for it, but that also doesn't really seem like agency work.<p>If I was asked for WordPress, which I have, and I delivered Rust, I don't think I'd keep that job, but mileage may vary.<p>Most work is about solving problems as they are, not what we wish them to be, and if a 5 min job becomes a month long job that the customer didn't ask for, it's an extreme case of yak-shaving.
Why not use headless WordPress?
> Here’s the part I need you to sit with<p>no, i don't think i will
Is it astonishing you got to 17% with some vibe code? Sure.<p>But most of the stuff I’ve vibe coded this year has been astonishing by 2025’s standards.<p>If you got 100% I’d be genuinely blown away.
The article doesn't go into how they managed the AI context when implementing things but I would not be surprised if it was done in a methodical way, 80% - 90% of the test could have passed.
Does anyone know why we write code anymore? Why not pass through to an llm that generates the page on the fly (ssr)?<p>Is it cost ?
Yes: cost, speed, and reliability.<p>But all of those things are improving at shocking speeds, so I think we’re on a path where code is losing value quickly.
Standards vary.
I feel like the future will be a git repository with text files and a markdown file describing how the site should look and how any endpoints needed for functionality should work and the AI will be the runtime for your site instead of wordpress.
I made a framework for this <a href="https://github.com/alehlopeh/hallu" rel="nofollow">https://github.com/alehlopeh/hallu</a>
already been tried: <a href="https://github.com/samrolken/nokode" rel="nofollow">https://github.com/samrolken/nokode</a><p>Maybe LLMs will eventually get to the place where it replaces even the OS kernel
I’d be curious for a similar experiment converting frankenphp to rust.<p><a href="https://frankenphp.dev/" rel="nofollow">https://frankenphp.dev/</a>
Why is the AI only able to reach 17%?<p>Surely it can just keep iterating until it implements the full test suite?
Use AI to make Wordpress secure and not suck as much
Interesting read. Given what the process is producing it's probably quite cost-effective?
Ill preface my comment with saying: this might not be the best solution give the goal of your project to iteratively loop through and improve on the tests each round, and using deps would make that process longer/more complicated having to work potentially with another project.<p>.....however.....<p>mago, a static analyzer for php is written in rust and might be useful for gaining some "free" performance uplift: <a href="https://github.com/carthage-software/mago" rel="nofollow">https://github.com/carthage-software/mago</a>. iirc it splits out a far bit of its internals so they can be used by other projects (citation needed)
Maybe the takeaway is that 20% is about all the LLM can muster.
> Maybe the takeaway is that 20% is about all the LLM can muster<p>At this point there's a long list of projects that have used LLMs to rewrite a system in Rust including:<p><pre><code> - Bun (https://github.com/oven-sh/bun/pull/30412)
- Valkey (https://github.com/ianm199/valdr)
- Git (https://github.com/gitbutlerapp/grit)
- Postgres (https://github.com/malisper/pgrust)
</code></pre>
With the exception of Bun, these projects were done pre-fable too, so I bet Fable will make these types of rewrites even easier.
I'm not sure about the other three, but Bun's rewrite from Zig to Rust was a bit of a joke. `unsafe`s in the thousands, a quarter-million lines of diff, and merged inside a week with no significant public discourse (at least, not much that was responded to by the author).
I think the standard should be rewrites that are at least as good as the original, not buggy piles of unfinished unmaintainable crap.
Author here.<p>To be upfront about what this is: I'm not a Rust developer or a PHP internals person. This is an experiment in whether the "point the AI at the original project's test suite" methodology (the way Bun was driven against real-world suites) holds up when the human can't review the code. The oracle is php-src's own .phpt corpus, ~22k tests I didn't write. Current honest score: 3,844 passing (17.4%), with a realistic ceiling around 40-45% since the rest tests C extensions (GD, curl, intl, etc.) that are out of scope.<p>"Renders WordPress" means: fresh install completes into SQLite, the front page renders with real posts, a real theme and /wp-admin/ renders without issues. The REST API is untested, and it's currently ~55x slower than PHP on the front page (a bytecode VM is in progress, micro-benchmarks are already at 1-3x of PHP 8.5).<p>The scoreboard auto-generates into the repo after every run, whether the number went up or down.<p>Happy to answer anything.
This is a pretty cool experiment. Thanks for sharing!
Compare with FrankenPHP?
Will you answer questions yourself, or will you simply pass on what your LLM of choice writes for you?<p>Edit: On further inspection, the blog design, the blog build, the blog articles and even the anecdotes used in the articles are entirely Claude generated.<p>Stop being so lazy. Get Claude to do something interesting and use your own intellect to assess and challenge the work in your write up. Or the other way around. Inject some amount of human work, at least. Otherwise, what's the point in sharing?
The "honest score" is the most annoying claudism of the comment, with the short disjoint sentences a close second.
It was "I need you to sit with:" that immediately made me close the article. I like LLM programming, but I really don't understand why so many people just post LLM-generated articles. What did the human even do at that point, press the start button?
> will you simply pass on what your LLM of choice writes for you?<p>But it will be as least 17% correct!
[flagged]
Why stop at 17%, come back when you are at 100% otherwise it's just another project.