Vibe Coding in Practice

Vibe Coding isn't "I describe a feature, AI ships it, I merge." In production it's a collaboration mode where natural language is the primary input but engineering discipline is preserved — AI drafts, the engineer constrains, validates, and decides on refactors.

If you've only used vibe coding in toy demos, run through the Vibe Coding SOP first. This page assumes you know the basics and focuses on what stops you from getting burned in production.

The decision matrix for four scenarios

The decision rule: what's the blast radius if this code is wrong? Small radius → vibe; large radius → hand-write or at least line-by-line review.

Quality gates for vibe output

Merging AI code straight is how incidents start. Minimum viable gate stack — five checks:

1. Type check must pass — tsc --noEmit is the cheapest sanity check; AI fabricates imports constantly
2. New code must have tests — bake "implement and add unit tests in same PR" into the prompt; reject PRs without tests
3. PR diff size cap — hard limit +400/-200 per PR; force-split anything larger. No one can review 800 lines of AI code in one sitting
4. Auto lint + format — pre-commit hook with husky + lint-staged; AI's indentation and quote style drift constantly
5. E2E for critical paths — auth flow, payments, data migrations — at least one happy path under e2e

# .github/workflows/vibe-gate.yml example
- name: Type check
  run: bun run type-check
- name: Test coverage
  run: bun test --coverage
  # New files in PR must hit ≥ 80% coverage
- name: PR size guard
  uses: CodelyTV/pr-size-labeler@v1
  with:
    xl_max_size: '600'  # Block anything over 600 lines

Code review: vibe mode

Reviewing human code, you check "is it correct?". Reviewing AI code, you check three different things:

1. Hallucination — does the function / API it references actually exist? AI invents lodash.deepMerge, React.useDeferredQuery, etc.
2. Pattern drift — did it bypass an existing utility? E.g. project has useApi() hook, but AI writes raw fetch(...)
3. Over-engineering — unnecessary abstractions, premature optimization, unused interfaces. AI optimizes for "complete", not "minimal"

In practice: reviewers see "Generated with Claude Code" in PR description → switch to vibe-mode review → spend ~30% more time than usual.

Real failures from JR Academy

Incident 1: AI-generated migration dropped the wrong field

Asked Claude Code to "remove unused legacy_user_id field from User schema." AI wrote a mongoose migration that unset the field. Problem: a legacy reconciliation system in production was still reading that field across 200K users. Reconciliation broke after migration ran.

Lesson: all destructive DB operations must be hand-written. AI is allowed to give pseudocode at most.

Incident 2: AI "fixed" a race condition with the wrong primitive

PR titled "fix race condition in order creation by adding mutex." Reviewer approved. After deploy, throughput dropped 80% — because AI added a process-level mutex but the service runs 4 pods, so it provided no isolation.

Lesson: concurrency and distributed-system fixes need line-by-line review. Never trust the PR description.

A sustainable rhythm

• First 30 min of the day, hand-write — keep your muscle memory for the codebase, otherwise in three months you can't read your own project
• Whiteboard before vibe on hard tasks — figure out architecture yourself, then have AI fill in the details. Never let AI design the architecture
• Re-read one AI PR per week — go back to a PR you merged, understand every line. Was anything over-engineered? Could it be simpler?
• Keep the ability to hand-write the critical modules — auth, billing, core algorithms — the code that keeps the company alive — every line must be one you can defend

Next

• AI Rules Configuration — bake quality gates into project rules
• AI Coding Workflow — how the three tools split responsibility
• Claude Code Examples — practical prompt patterns