FAQ

Cutline is made by VibeKiln, Inc., a company building tools for safe vibecoding and product engineering. VibeKiln was founded by Kyle Grove to help developers and founders ship production-ready AI-generated code with engineering rigor from day one.

Cutline is a product engineering platform that helps developers and founders vibecode safely and reliably. It validates product ideas, extracts hidden technical constraints, and gives AI coding agents the product context they need to generate production-ready code. Cutline combines pre-mortem analysis, AI persona testing, constraint extraction, and a product context graph to ensure you build the right thing—before your AI coding agent writes the first line.

Safe vibecoding is the practice of using generative AI coding agents for rapid development while maintaining engineering rigor through automated constraint extraction, pre-mortem risk analysis, and dependency mapping. Without a validation layer, vibecoding produces technically functional but strategically flawed software. Cutline provides that validation layer—identifying risks, surfacing untested assumptions, and feeding product context to AI coding tools so the code they generate is architecturally sound from the first prompt.

Cutline guides your AI coding agent with production-ready constraints. Before your AI coding agent writes code, Cutline: (1) extracts non-functional requirements like latency, auth patterns, and data privacy from your natural language descriptions, (2) runs pre-mortem analysis to identify the top risks and untested assumptions, (3) simulates customer reactions through AI persona conversations, and (4) maps constraint dependencies so new features don't violate existing architectural decisions. The result is vibecoded software that ships with production-grade engineering rigor.

You describe your product idea, and our AI analyzes it from multiple angles—market fit, technical feasibility, competitive landscape, and more. You get a structured report with risks, assumptions to test, and recommended experiments. It's like a post-mortem, but before you build.

AI persona testing lets you chat with synthetic customers who represent your target users. You can test your messaging, pricing, and positioning, and hear realistic objections—without recruiting real users. It's user research at AI speed.

Journeys let you watch AI personas actually use your product in a real browser. You provide login credentials, and the persona navigates your app like a real user would—surfacing UX issues and friction points. (Currently in Alpha)

Start by describing your idea in Cutline. Our AI runs a pre-mortem analysis to identify risks, generates personas to test your messaging, and provides a go/no-go verdict. The whole process takes about 15 minutes and helps you avoid building something nobody wants.

Yes! Cutline can generate Product Requirements Documents (PRDs) and Market Requirements Documents (MRDs) based on your validated product context. The difference is that your PRD reflects a product that's been stress-tested—not just documented.

MCP (Model Context Protocol) lets Cutline connect to AI coding tools like Cursor, Claude Code, and Windsurf. Your AI coding agents can query your product context while they work—ensuring the code they generate aligns with validated product decisions and engineering constraints.

ChatPRD focuses on generating documentation after you've decided what to build. Cutline focuses on validation—helping you decide IF you should build it. We offer pre-mortem analysis, AI personas, and risk assessment that ChatPRD doesn't have.

Yes. All data is encrypted in transit (TLS) and at rest. We use Google Cloud infrastructure with enterprise-grade security. Your pre-mortems are private to your organization.

No. We do not use your business-specific data to train our AI models. Your product briefs and analyses stay private to you.

Sign up, describe your product idea, and run your first pre-mortem. It takes about 2-3 minutes to get your first report.

We will give a full refund to any dissatisfied customer in the first 28 days, no questions asked.

You can cancel your subscription at any time. You can do this from your account settings.

You can find your invoices in your account settings.

We accept all major credit cards and PayPal.

Yes, we offer a 50% discount for non-profits. Please contact us to learn more.

Email us at kyle@thecutline.ai or use the feedback button in the app. We typically respond within 24 hours.

SOC 2 compliance requires access controls, audit logging, change management, vendor risk assessment, and continuous monitoring. Cutline automatically loads SOC 2 constraints into your coding agent's context for every project—so your AI writes code with access control middleware, immutable audit trails, and monitoring hooks from the first prompt. No separate compliance checklist needed.

PCI-DSS compliance requires card data tokenization, TLS enforcement, audit trails, and need-to-know access controls. When Cutline detects Stripe, payment libraries, or checkout flows in your codebase, it auto-loads PCI-DSS constraints—ensuring your AI never stores raw card numbers and always enforces encrypted transport.

HIPAA compliance requires PHI encryption at rest and in transit, minimum necessary access, Business Associate Agreement verification, and audit controls. When Cutline detects FHIR, HL7, or health-related libraries, it injects HIPAA constraints so your coding agent enforces PHI isolation, encrypted storage, and access logging automatically.

FedRAMP requires FIPS 140-2 validated cryptography, continuous monitoring, boundary protection, and a Software Bill of Materials (SBOM). Cutline detects GovCloud or FIPS references in your stack and loads FedRAMP constraints, guiding your agent to use compliant crypto libraries and implement continuous monitoring from day one.

GDPR and CCPA require right to erasure, data portability, consent gating for tracking, PII anonymization in logs, and data residency controls. Cutline auto-detects analytics libraries like PostHog or Segment and authentication providers, then injects privacy-by-design constraints so your agent builds compliant data handling from the start.

The OWASP LLM Top 10 covers prompt injection, insecure output handling, excessive agency, and data poisoning. When Cutline detects OpenAI, LangChain, or RAG patterns in your codebase, it loads OWASP LLM constraints—so your agent enforces strict input sanitization, output encoding, tool-call RBAC, and tenant-level data isolation.

GLBA requires Non-Public Personal Information (NPI) isolation, mandatory MFA at the API gateway, intrusion detection logging, and 7-year immutable WORM retention. Cutline detects Plaid, banking SDKs, or fintech references and auto-loads GLBA constraints—guiding your agent to implement compliant data isolation and retention policies.

FERPA and COPPA require parental consent gates, a ban on behavioral profiling for minors, automated data destruction at account expiration, and strict age-gating logic. Cutline detects Clever, Canvas API, or EdTech integrations and loads these constraints so your coding agent builds student-safe features from the first line of code.

Yes. Cutline injects compliance framework constraints directly into your coding agent's context window via MCP (Model Context Protocol). Your AI receives structured security, privacy, and regulatory requirements as context—not just vibes—so it writes code that meets SOC 2, PCI-DSS, HIPAA, GDPR, OWASP LLM, and other standards from the first prompt. Works with Cursor, Claude, and other MCP-compatible agents.