🎉 BIG NEWS 🎉 ✦ Avo 4 has officially SHIPPED ✦ 🚀 the beta is over, 4.0 is here ✦ 🛠️ build admin panels, dashboards & internal tools at light speed ✦ ⭐ you are visitor #1,188,975 ✦ 🎊 tell a friend ✦ best viewed in Ruby on Rails ✦ 👉 click here to see what’s new ✦
Two Apps
You're not building just one app.
You're building two.
Every product ships as two systems. The user-facing one that brings value to your customers, and the internal one where your team manages the product.
module: product
The customer-facing app
[ owned by you ]
module: internal
The admin / internal tool
[ owned by Avo ]
01 · the app behind the app
One app faces your customers. The other never stops changing.
The first app is the product people pay for, the public-facing one you obsess over. The second is the internal tooling behind it: the admin panels, the dashboards, the CRUD screens your team lives in every day. It's never finished. Every new model, every new team, every "can you just add a screen for this" grows it again. So while the product ships and stabilizes, the second app keeps demanding your attention forever.
No company ever won its market because the admin panel was great. Every hour on that second app is an hour not spent on the one people pay for. Build it yourself and you carry two apps forever. Let Avo own the second one and you maintain a single app instead.
02 · "just have the LLM build it"
You don't just generate the code. You inherit it.
Generate your admin panel and you also generate everything that can quietly go wrong in it. This is the review queue you signed up for, by hand, for as long as the code lives.
-
SEC
Security holes you can't see
Missing or wrong authorization: IDOR, mass-assignment, queries that forget to scope. SQL injection when it strays off the ORM. Secrets and tokens logged or committed. Over-permissive defaults: public buckets, CORS set to *, CSRF switched off "to make it work." No rate limiting. Models reproduce the insecure patterns they trained on, and confident-looking code is the hardest kind to catch.
-
BUG
Correctness that looks right and isn't
Edge cases silently dropped: nil, empty states, pagination, timezones and DST, money rounding, concurrency. N+1 queries and unindexed lookups that pass in dev and fall over at real volume. Destructive operations with no confirmation, no soft-delete, no audit trail. Race conditions under load that never show in a single-user demo.
-
DEBT
Maintenance debt
Every screen reinvents the same pattern slightly differently, so there's no single place to fix anything. Plausible-but-wrong code that compiles, demos, then surfaces a subtle bug in production weeks later. Hallucinated APIs and stale idioms from old training data. One-off dependencies bolted on, each one more supply-chain surface. No tests, or tests that assert the bug.
-
GAP
The stuff it doesn't know to build
Select-all across the whole filtered query, not just the visible page. An extra confirmation on the models that deserve one. Sane guardrails on bulk actions. These are the taste decisions that keep an admin safe to use, and an LLM won't add them unless you already knew to ask.
None of this is unique to AI. Insecure code, untrusted input, and dependency risk all predate LLMs. What changed is that plausible, unvetted code is now cheap to produce and easy to ship without understanding, so the old failure modes show up faster and at higher volume. Avo is the part that's already been reviewed.
03 · the part that never shows up in the diff
The work didn't disappear. It moved onto you.
Even when the LLM writes every line, someone still has to own it. That someone is you.
01
You're the whole team now
Security reviewer, QA, and maintainer, all at once, for code you didn't write and may not fully understand.
02
Decision fatigue
Every screen is another pile of small calls to make and review. Generation got cheap, so the bottleneck became you.
03
False confidence
Polished output reads as trustworthy right when you should trust it least. The nicer it looks, the less you check.
04
The understanding gap
No one holds the whole system in their head anymore, so no one can reason about it when it breaks at 3am.
05
Accountability gaps
"The AI wrote it" isn't an answer your customers, or your auditors, will accept when their data is on the line.
06
Onboarding debt
Pattern-per-screen code is brutal for the next hire. Every screen is a new thing to learn instead of one to reuse.
04 · where Avo comes in
Avo already made these calls, and shipped them
Avo is the pre-LLM alternative where these decisions are already made, tested in production, and hardened. We use AI to move faster too, but every line is read by people and run in production by hundreds of teams. You're not hardening slop, you're building on a foundation.
the app you ownthe app Avo owns, filled in
Select all, the way you mean it
Select every record that matches your query, not just the rows visible on the current page. The obvious behaviour, handled correctly.
Confirmation where it counts
Special signage and confirmation steps for the models and actions that deserve a second look, so destructive operations don't happen by accident.
And a hundred more
From sensible defaults to the polish that improves the everyday experience, Avo brings the details that make a tool feel considered rather than assembled.
And because Avo is conventional and documented, the knowledge lives in the framework, not in one person's head. Any Rails developer who knows Avo is productive on day one. You maintain one app instead of two.
05 · it comes down to three things
Time, Trust, and Taste
Time you get back
Ship the second app in an afternoon instead of a sprint, and never spend a maintenance cycle on it.
Trust you can build on
Human-reviewed, used across hundreds of apps, supported by the people who wrote it. Not code you have to harden yourself.
Taste that's already there
It looks and behaves like a considered product, not a stitched-together internal tool.