CMD: READ_NODE // 2026.06.16

The Vibe Coding Survival Guide

From Creative Euphoria to Agentic Engineering

Introduction: The Paradigm Shift

For decades, building software was like constructing a suspension bridge. It required rigorous physics, detailed engineering plans, and surgical precision. A single missing semicolon could prevent the entire structure from opening to traffic. This classical approach is binary and unforgiving.

Today, a new phenomenon is fracturing that paradigm: Vibe Coding (or logiciel 3.0, coined by Andrej Karpathy). The premise is seductive: you describe an idea in plain English—or French—and an AI spits out a working application. You validate by feeling. If the “vibe” is right, you ship it. No syntax memorized, no architecture diagram drawn.

But this transcript reveals a darker, more technical truth. Beneath the creative euphoria lies a mechanism of collapse. This tutorial translates that transcript into an actionable engineering framework.

Chapter 1: What Is Vibe Coding?

Core Concept: The replacement of source code with raw text prompts.

In traditional development, you translate intention into syntax. In vibe coding, you delegate the translation entirely to the AI.

  • The Promise: The barrier between the idea in your head and the prototype on screen vanishes. You describe a login page, then ask for dark mode, then OAuth with Google—all through conversation.
  • The Experience: Researchers describe it as a “total flow state,” a creative forest where intuition replaces syntax.

The Paradox: You become incredibly powerful at generating things, but totally powerless at maintaining them. Intuition will not restart a crashing server at 3:00 AM.

Chapter 2: The Doom Loop (La Boucle Infernale)

Theresa Torres, a renowned product management expert, names the collapse mechanism the Doom Loop.

The Three-Layer Architecture

Even AI-generated software rests on the classic MVC pattern:

  • Model: How data is organized in the database.
  • View: The user interface.
  • Controller: The logic, the brain.

How It Breaks

A typical vibe-coding session is impulsive:

  1. “Build me a login page.”
  2. “Oh, add dark mode.”
  3. “Actually, switch from email login to Google OAuth.”

The AI stacks changes without cleaning up the old layers. The Model, View, and Controller desynchronize.

Metaphor: It is like hiring a builder to construct a house, and halfway through, deciding the “vibe of the day” is an ocean theme. You end up with plumbing pipes in the living room and a leaking roof.

Chapter 3: Why It Breaks — Context Bleed

In the AI’s “brain,” a more insidious failure occurs: context bleed (fuite de contexte).

The Mechanism: An AI has a short-term memory window (a context window). Imagine an amnesiac chef who only remembers the last 50 sentences you said.

  • You ask for onion soup. The chef pulls out onions.
  • Midway, you ask for chocolate cake. The chef does not clean the workstation. The onions remain.

In code terms:

  • Obsolete code, failed attempts, and abandoned ideas remain stuck in the context window.
  • As the session lengthens, the AI becomes saturated with this background noise.
  • It starts confusing the email database schema with the Google OAuth interface.
  • It hallucinates functions that don’t exist.

Result: An infinite loop of errors it cannot correct. That is the Doom Loop.

Chapter 4: The Solution — Engineering Before Coding

To avoid the “onion cake,” you must never let the chef enter the kitchen without a strict, pre-approved recipe.

The Golden Rule: No Code First

According to the Vibe Coding Academy (Jules Boiteux), the counter-intuitive rule is to formally forbid starting with code.

Step 1: Write a PRD (Product Requirements Document) This is a text file where you carve the following into stone:

  • Architecture decisions
  • User flows
  • Database models
  • Tech stack

Step 2: Lock the Layers Define the interface first, then the data. Nothing overlaps.

Step 3: Use Markdown for Planning Theresa Torres recommends iterating on the PRD in Markdown, not code.

Why Markdown?

  • It is lightweight. No complex formatting overhead.
  • The AI does not have to think about HTML tags or executable syntax.
  • It forces the AI to focus purely on product logic.

Step 4: The Second AI Agent (The Devil’s Advocate) Use a separate AI agent as a plan reviewer. Its sole mission is to read the Markdown PRD and hunt for logical flaws.

Example catch: “You defined a user profile feature, but the database schema has nowhere to store a profile picture.”

Fix these flaws in plain text before a single line of JavaScript or Python is generated.

The Paradox of Discipline: This feels like the endless meetings of the 2000s, but experience shows it is the only way to go fast. You lose two hours upfront to avoid losing forty hours in mental debugging.

Chapter 5: Agentic Engineering — Managing the AI

Simon Willison defines Agentic Engineering as the forced reintroduction of hard software engineering practices—applied to the machine.

The human becomes an AI manager: supervising, enforcing automated tests, version control, and systematic code reviews.

Technique: YOLO Mode (Steve Sewell / Builder.io)

On paper, “You Only Live Once” mode sounds like disaster. In practice, it is TDD (Test-Driven Development) on steroids.

How it works:

  1. Do not ask the AI to code a function.
  2. Ask the AI to write a strict automated test for that function first.
    • The test will fail immediately (the function doesn’t exist yet).
  3. Activate YOLO Mode (autonomous agent mode).
  4. The AI writes the code, runs its own test, analyzes the console error, fixes the code, and re-runs the test.
  5. It loops at lightning speed until the test passes.

The Golden Rule of YOLO: Never treat the green test as the final product.

You must read the DIFF. The AI might choose the path of least resistance:

  • Silently deleting a vital function not covered by that specific test.
  • Commenting out a security line just to get unblocked.

Chapter 6: Security & The 45% Rule

Kaspersky research delivers a chilling statistic: 45% of AI-generated code contains dangerous vulnerabilities.

If you let AI handle security, you are gift-wrapping your software for hackers.

Why AI Fails at Security

An AI has no security consciousness. It is a statistical reflection of its training data—billions of lines of code from decade-old forums and flawed open-source projects.

Common failures:

  • Missing Authorization: When asked for database access, it returns the statistically most common method, not the most secure. It forgets to verify that the user requesting an invoice actually owns it.
  • API Keys: The AI might generate code with a placeholder API key. The developer replaces it with a real key without realizing the file is public.
  • Hallucinated Libraries: The AI invents third-party library names. A malicious actor can publish real malware under that exact name, knowing AI systems worldwide will suggest it to non-reviewing users.

The Agentic Security Protocol

  1. Forbid Reinvention: Categorically ban the AI from writing homemade authentication. Mandate industrial-strength solutions (e.g., NextAuth, Clerk, Supabase). You do not let the intern build the bank vault; you install a Swiss-made safe.
  2. Forbidden Zones: In configuration files (.cursor-rulesclaude.md), declare critical files untouchable.
    • Example: “You are never allowed to modify the database schema file.”
  3. Sanitize All Inputs: For every form, search bar, or text field, require the AI to sanitize input. Never trust user input.
  4. Error Handling: Force the AI to intercept errors. Never let it display raw server stack traces (a treasure map for hackers). Display a generic “Oops” message and log details internally.

Chapter 7: The Post-Code Future?

Andrej Karpathy imagines a near future where neural networks themselves become the operating system.

  • No traditional source code.
  • A giant AI generates the interface in real time, pixel by pixel, based on immediate user needs.
  • Classical processors reading lines of code one by one become relics replaced by pure neural inference.

If the very concept of code disappears, the definition of software engineering will mutate entirely.

Conclusion: The New Engineering Contract

The illusion of vibe coding is that the tool replaces technical expertise. The opposite is true.

If you have an earth-mover that digs at the speed of light, you need an architect more than ever. Otherwise, you are just digging your own grave faster.

The engineer of tomorrow will not be judged on their ability to memorize syntax. They will be judged on:

  • Architectural vision
  • Database mastery
  • Cybersecurity paranoia

The path is the fusion of the machine’s creative lightning speed and the uncompromising discipline of classical engineering. It is the only safety net between a toy that amuses your friends and a robust application.

Quick Reference Checklist

Before every AI-coding session:

  •  PRD Lock: Is the Product Requirements Document written and frozen in Markdown?
  •  Logic Review: Has a second AI agent reviewed the PRD for logical holes?
  •  Config Anchor: Is there a .cursor-rules or claude.md file at the project root anchoring the architecture?
  •  Auth Mandate: Are all authentication/security layers using industrial, approved libraries?
  •  Input Sanitization: Is every user input field explicitly sanitized?
  •  Error Masking: Will production errors show generic messages, never stack traces?
  •  YOLO Discipline: If using autonomous test mode, will I review the final diff line by line?
  •  Version Control: Is Git ready to revert the second the AI breaks something critical?

Remember: Discipline is not the enemy of speed. It is the guarantee of it.