Vibe coding went from Andrej Karpathy’s tweet to Collins Dictionary’s Phrase of the Yr in below twelve months. In Y Combinator’s Winter 2025 batch, 25% of startups had codebases that have been 95% or extra AI-generated. GitHub has reported that Copilot was liable for a median of 46% of code being written throughout programming languages, and 61% in Java.
So sure, it has change into the brand new regular and everybody’s doing it however sadly, most individuals are doing it badly. The instruments like Claude Code and Cursor are wonderful however most vibe coders use them like autocomplete on steroids, like a genie: simply immediate randomly and await it to cook dinner. However belief me the output seems to be loopy at first look till the codebase is a large number the agent itself cannot navigate, lol.So on this information, we cowl 5 issues which may make you pretty much as good as a developer who went to highschool for this. Possibly higher.
1. Use CLAUDE.md and Guidelines as Persistent Context
Each Claude Code or Cursor session begins with the agent having seen nothing about your challenge earlier than. It reads no matter recordsdata you level it at, infers what it will possibly, and guesses the remainder. For small remoted duties that’s high-quality however for something heavy it’s not, as a result of these guesses hold compounding.
Let’s say you’re three weeks into constructing a SaaS billing system. You open a brand new session and ask the agent so as to add a utilization based mostly pricing tier. It doesn’t know you have already got a BillingService class in /providers/billing.py. It doesn’t know you standardized on Stripe’s price_id format for all pricing objects. So it creates a brand new PricingService, picks its personal format, and builds one thing parallel to your present structure. 4 periods later you could have two billing techniques and neither is full.
A CLAUDE.md file on the root of your challenge will get learn at first of each session. Here’s what an actual one seems to be like for a SaaS challenge:
# Mission: Acme SaaS
## Stack
- Node.js + Specific backend
- PostgreSQL with Prisma ORM
- React + TypeScript frontend
- Stripe for billing (worth IDs observe format: price_[plan]_[interval])
## Key providers
- /providers/billing.py — all Stripe logic lives right here, don't create parallel billing code
- /providers/auth.py — JWT + refresh token sample, see present implementation earlier than touching auth
- /lib/db.ts — single Prisma consumer occasion, import from right here
## Conventions
- All API responses: { information, error, meta } form
- Errors at all times use AppError class, by no means plain Error
- Each DB question wants express subject choice, no choose *
## Don't contact
- /legacy/funds/ — deprecated, being eliminated in Q3
- /auth/oauth.py — frozen till SSO shipsCursor now paperwork Guidelines and AGENTS.md for persistent directions. GitHub Copilot helps repository-wide instruction recordsdata like .github/copilot-instructions.md, and a few Copilot agent surfaces additionally learn AGENTS.md, CLAUDE.md, and GEMINI.md.
Whenever you add a brand new service or set up a brand new conference, replace the file instantly. It turns into the agent’s reminiscence between periods.
Yet another factor: context rot is actual. A 2025 Chroma examine of 18 fashions discovered measurable accuracy drops as conversations grew longer, even on easy duties. A 40-message session protecting three options is slower and fewer correct than three separate 15-message periods. Open a brand new dialog for every distinct job. Pin solely the recordsdata related to that job.
2. Make the Agent Plan Earlier than It Builds
The default habits of each agentic instrument is to start out writing code the second you describe one thing. For a self-contained job like “add a subject to this manner” that’s high-quality however for something with actual scope it can create issues you don’t discover till you’re deep into the implementation.
Here’s a concrete instance. You’re constructing a staff invitation system: a consumer enters an e mail, the system sends an invitation, the recipient clicks a hyperlink, creates an account, and will get added to the staff. Sounds easy however that characteristic touches your customers desk, your groups desk, a brand new invites desk, your e mail service, your auth stream, and your JWT era. If the agent misunderstands how your auth stream works and builds the invitation acceptance logic in opposition to a special assumption, you’ll not discover out till the characteristic is generally carried out.
Earlier than any characteristic with scope, ship this primary:
Earlier than writing any code: analyze the codebase, then give me a step-by-step plan
for constructing the staff invitation system. Record each file you'll modify, each
file you'll create, each DB migration wanted, and any assumptions you're
making in regards to the present code. Don't write code but.
An excellent plan output seems to be like this:
Recordsdata to switch:
- /routes/groups.ts — add POST /groups/:id/invite and POST /groups/accept-invite
- /providers/e mail.ts — add sendTeamInvite() utilizing present Resend consumer
- /prisma/schema.prisma — add Invitation mannequin
Recordsdata to create:
- /providers/invites.ts — token era, validation, expiry logic
DB migration:
- invites desk: id, team_id, e mail, token (distinctive), expires_at, accepted_at
Assumptions:
- Invite tokens expire after 48 hours
- Inviting an already-registered e mail nonetheless goes by way of the invite stream
- No invite restrict per staff presentlyLearn that a few instances and ensure: Is the 48-hour expiry proper? Did it miss the speed limiting you want? Is it utilizing the e-mail service appropriately? Repair the plan earlier than a single line of code will get written.
The opposite aspect of that is immediate specificity. The extra exactly you describe what you need, the much less the agent has to deduce.
| Obscure | Particular |
|---|---|
| “Add funds” | Combine Stripe Checkout for the Professional plan ($29/month). On success, set consumer.plan = ‘professional’ and consumer.stripe_customer_id. On cancellation redirect to /pricing. Use present BillingService in /providers/billing.ts. |
| “Construct an API” | REST endpoint POST /api/reviews. Accepts { start_date, end_date, metric } in request physique. Validates dates with Zod. Queries the occasions desk grouped by day. Returns { information: [{ date, count }], whole }. |
| “Repair the sluggish question” | The GET /api/customers endpoint takes 4 seconds. The customers desk has 800k rows. Add a database index on created_at and rewrite the question to make use of pagination (restrict 50, cursor-based). Don’t change the response form. |
3. Use a Separate Assessment Agent for Safety and Logic
Coding brokers are optimized to finish duties, to not perceive why each guardrail exists. Columbia DAPLab has documented recurring failure patterns throughout main coding brokers, together with safety points, information administration errors, and weak codebase consciousness. That makes blind belief harmful: the identical agent that fixes a bug can even take away the examine that was stopping a worse one.
The clearest actual instance of this: within the Replit agent incident of 2025, the autonomous agent deleted a challenge’s main manufacturing database as a result of it determined the database wanted cleanup. It was following its optimization goal. It was additionally violating an express instruction to not modify manufacturing information. And sadly, no human reviewed what it was about to do.
The agent that wrote your code shouldn’t be in place to catch its personal errors. Claude Code helps subagents: separate brokers that run in utterly remoted contexts with no reminiscence of what the primary agent constructed. You outline them in .claude/brokers/:
---
identify: security-reviewer
description: Evaluations code for safety points after implementation is full
instruments: Learn, Grep, Glob
mannequin: opus
---
You're a senior safety engineer doing a pre-ship overview.
For each route added or modified, examine:
- Is authentication enforced? Can an unauthenticated request attain this?
- Is the consumer approved? Can consumer A entry consumer B's information?
- Is enter validated earlier than it hits the database?
- Are there any hardcoded secrets and techniques, API keys, or credentials?
Report: file identify, line quantity, particular situation, instructed repair.
Don't summarize. Report each situation you discover.
After your major agent finishes constructing the invitation system:
Use the security-reviewer subagent on all of the recordsdata we simply created or modified.
Here’s what an actual reviewer output seems to be like:
/routes/groups.ts line 47
Difficulty: POST /groups/accept-invite doesn't confirm the token belongs to the
e mail tackle of the logged-in consumer. Any authenticated consumer who is aware of a sound
token can settle for any invite.
Repair: Add examine that invitation.e mail === req.consumer.e mail earlier than accepting.
/providers/invites.ts line 23
Difficulty: Token generated with Math.random() — not cryptographically safe.
Repair: Exchange with crypto.randomBytes(32).toString('hex').
Neither of these would have been caught by the constructing agent. Each would have made it to prod.
Escape.tech’s scan of 5,600 vibe-coded apps discovered over 400 uncovered secrets and techniques and 175 cases of PII uncovered by way of endpoints. Most of it’s precisely this class of situation, authorization logic that works functionally however has holes.
4. Immediate in Layers, Not in One Large Spec
Function project adjustments what the agent prioritizes. “Construct this characteristic” and “Act as a senior engineer who has been burned by poorly examined cost code earlier than. Construct this characteristic.” produce totally different outputs. The second will add edge case dealing with, write extra defensive validation, and flag assumptions it’s not positive about. The mannequin responds to framing.
Construct options in layers, not all of sudden. The usual mistake when constructing one thing like a Stripe integration is to ask for the entire thing in a single immediate. You get code that compiles however has the billing logic, webhook dealing with, and database updates tangled collectively. As a substitute:
Immediate 1:
Arrange the Stripe Checkout session creation solely.
Endpoint: POST /api/subscribe
Accepts: { price_id, user_id }
Returns: { checkout_url }
Don't deal with webhooks but. Don't replace the database but. Simply the session creation.
Assessment that. Be certain that the Stripe consumer is initialized appropriately, the fitting price_id is being handed, the success and cancel URLs level to the fitting locations.
Immediate 2:
Now add the Stripe webhook handler.
Endpoint: POST /api/webhooks/stripe
Deal with these occasions solely: checkout.session.accomplished, buyer.subscription.deleted
On checkout.session.accomplished: set consumer.plan = 'professional', consumer.stripe_customer_id = buyer id from occasion
On buyer.subscription.deleted: set consumer.plan = 'free'
Confirm the webhook signature utilizing STRIPE_WEBHOOK_SECRET from env.
Assessment that individually, examine the signature verification, additionally that the consumer lookup is appropriate.
Every layer is reviewable and has a transparent scope. If one thing is fallacious you recognize precisely the place.
Use pseudo-code when you recognize the logic however not the implementation:
Construct a price limiter for the /api/send-invite endpoint.
Logic:
- Key: user_id + present hour (e.g. "user_123_2026041514")
- Restrict: 10 invitations per hour per consumer
- On restrict exceeded: return 429 with { error: "Charge restrict exceeded", retry_after: seconds till subsequent hour }
- Use Redis if obtainable within the challenge, in any other case in-memory Map is okay
That is extra correct than “add price limiting to the invite endpoint” as a result of you could have specified the important thing construction, the restrict, the error response form, and the storage desire. There’s nearly nothing left to guess.
The vast majority of builders transport AI generated code spend reasonable to vital time correcting it. Solely round 10% ship it near as is. These are largely skilled Claude Code customers with tight CLAUDE.md recordsdata and structured construct periods.
Learn each diff earlier than committing. git diff earlier than each commit. When the agent has modified a file you didn’t ask it to the touch, both the immediate left room for interpretation or the agent overreached. Each are price understanding earlier than the code goes wherever.
Limit what the agent can entry. The permissions.deny block in ~/.claude/settings.json prevents the agent from studying or writing particular paths. A .cursorignore file does the identical in Cursor.
{
"permissions": {
"deny": [
"/auth/oauth.py",
"/.env",
"/.env.production",
"/legacy/**",
"/migrations/**"
]
}
}
Oh, migrations deserve particular point out. An agent that may write its personal migration recordsdata can silently alter your database schema. Preserve migrations out of attain and write them your self after reviewing what the agent constructed.
Check instantly after each characteristic. Not as a separate job later, proper after. “Now write unit checks for the invitation service we simply constructed. Cowl: token expiry, duplicate invite to identical e mail, settle for with fallacious consumer, settle for with expired token.” The agent that simply constructed the characteristic is aware of the sting circumstances. Ask for checks whereas that context is stay.
That is it. Share with whoever wants it. Completely satisfied prompting!
