Vibe Engineering you own this product

Best practices, mistakes, and tradeoffs

Tomasz Lelek and Artur Skowroński

MEAP began December 2025
Last updated May 2026
Publication in Fall 2026 (estimated)

ISBN 9781633434363
275 pages (estimated)

Included with a Manning Online subscription

printed in black & white

catalog / Data Science / AI

resources: Source code Book forum Source code on GitHub

table of content

1 Building on quicksand: the challenges of vibe engineering

1.1 Illusion of speed or “vibe over engineering”

1.1.1 A startup hacked within days of launch

1.1.2 A command that erased an entire project

1.1.3 A pull request that turned into a trojan

1.1.4 An agent that decided to “clean up” production data

1.2 The end of scale worship: diminishing returns

1.3 Two faces of the vibe: coding vs engineering

1.4 Trust: a new kind of debt

1.4.1 From intelligent autocompletion to a partner

1.5 A new mental model for vibe engineering

1.5.1 Practical example of using a cycle

1.5.2 Tools as force multipliers: IDE + CI/CD

1.5.3 The winning loop - and the risks ahead

1.6 Owning - The last mile of vibe engineering

1.6.1 The not-the-end-yet 70% problem

1.7 The beginning of “software engineering”

1.8 Summary

2 Building a legacy modernization framework powered by Vibe Engineering

2.1 Context and application

2.2 Pre-analysis of the application

2.2.1 Extracting the bigger picture

2.2.2 Deployment models

2.2.3 Decisions and assumptions

2.3 Trade-offs: copying the code in place vs a new repo

2.3.1 A hybrid approach

2.3.2 Procedure for code increments

2.4 Testing

2.4.1 Generate missing tests

2.4.2 Migrate tightly coupled tests from the old framework

2.4.3 Mistake of missing steps in the process

2.5 Production code migration trade-offs

2.5.1 Applying a minimal set of changes

2.6 Cleanup stage

2.7 UI layer migration

2.7.1 Taking a step back when AI tools did too much

2.7.2 Trade-off between LLM inferring too much vs too little

2.7.3 Fixing bugs with AI tools

2.8 Cleanup - the 2nd stage

2.8.1 Mistake of overusing LLMs over static code refactoring tools

2.9 Adding documentation

2.10 Migrating the persistence layer

2.10.1 Adding Mongo support

2.10.2 Improving tests not to require a manual step

2.11 Conclude with merge pull requests

2.12 Summary

3 Context fabric: optimizing context for AI agents

3.1 Vibe Coding traps: garbage in, garbage out

3.2 Context vacuum: first potential mistake

3.2.1 From a single-shot to multi-shot examples

3.2.2 Good multishot prompt vs bad multishot prompt

3.3 Building context together with LLMs

3.3.1 Using Model Context Protocol to instrument LLMs

3.3.2 Building context for a UI component with MCPs

3.3.3 Accessing external knowledge through MCPs

3.3.4 Deep integration with Language Server Protocol

3.3.5 MCP governance

3.4 Context rot: is too much context a bad thing?

3.4.1 “Lost in the middle” problem

3.4.2 Manual reordering: "Sandwich" Method

3.5 Using AI coding tools to manage context

3.5.1 Automated reordering using Retrieval-Augmented Generation (RAG)

3.5.2 Context anchor: todo list for LLM

3.5.3 Beyond compaction: meta-prompting and state externalization

3.5.4 …can I be lousy again if I’m using coding AI?

3.6 Context through reasoning

3.6.1 Chain-of-Thought: forcing the LLM to “show its work”

3.6.2 Chain-of-Verification: internal fact-checking loop

3.6.3 How to introduce self correction?

3.6.4 Is reasoning always THE solution?

3.7 Summary

4 LLM-driven data analytics and visualization

5 Continuous AI development with AI-Native SDLC

5.1 Passive AI: ChatGPT as a coding partner

5.1.1 GitHub Copilot: AI moves into the IDE

5.1.2 Tab-Tab-Tab: the illusion of productivity

5.1.3 The context blindness wall

5.2 Agents in IDE, but still on leash

5.2.1 The Cambrian explosion of AI coding agents

5.2.2 Approval fatigue

5.2.3 Trade-off: vision vs. vigilance

5.2.4 Slopsquatting and package hallucinations

5.3 Headless era: Moving into terminal

5.3.1 Gemini CLI and Claude Code: AI in the UNIX pipeline

5.3.2 Agent as gatekeeper and reviewer in Git

5.3.3 Debugging a lost agent

5.3.4 Trade-off: autonomy vs. observability

5.4 Standardizing team workflows with agents

5.4.1 From .cursorrules to AGENTS.md

5.4.2 Agent handoff: passing context between agents

5.5 Governance and compliance

5.5.1 Agent policies: the missing standard

5.5.2 Governance needs an evidence layer

5.5.3 Trade-off: scalability vs. bureaucracy

5.6 Swarm of agents and orchestration

5.6.1 Poor man’s parallelism: Git worktrees

5.6.2 Observability becomes critical

5.6.3 IDE support: parallelism gets easier (and harder)

5.6.4 Mission Control: Agent HQ and Antigravity

5.6.5 Artifacts as the currency of trust

5.6.6 Sandboxing: safety through isolation

5.6.7 Tradeoffs of swarm of agents

5.7 Where are we now?

5.8 Summary

6 A scientific approach for validating LLM-based solutions

6.1 Creating a text-to-SQL service

6.1.1 Creating the service skeleton

6.1.2 Defining the API of the service

6.2 Integration with the OpenAI API

6.2.1 Testing the integration

6.3 Developing the accuracy verification framework

6.3.1 Delving into the bird-bench dataset

6.3.2 Methods for comparing expected vs the actual generated SQL and their trade-offs

6.3.3 Submitting the queries to the SQL-generator-service

6.4 Trade-offs with input-context size

6.4.1 Accuracy vs context-size

6.4.2 Context-size vs cost of running the model

6.4.3 Migration to another AI provider - Google Gemini

6.4.4 Deploying the application to Google Cloud Run

6.4.5 Verifying the text-to-SQL running in the cloud

6.4.6 Switch the AI provider

6.5 Summary

7 Vibe performance engineering: when assumptions mislead

7.1 Mistakes of LLMs over-engineering performance improvements

7.1.1 The human solution

7.1.2 Vibe performance engineering solution

7.1.3 Adding traffic expectations to the vibe performance engineering solution

7.2 Vibe performance engineering of the hot-path in code

7.2.1 Understanding the Pareto principle in the context of software systems

7.2.2 A word service with a potential hot-path

7.2.3 Hot-path detection in your code

7.3 Measuring the code

7.3.1 Measuring the code with vibe performance engineering techniques

7.3.2 Mistake of generating too much code

7.4 Improvements for hot-path performance

7.4.1 Improving performance with vibe performance engineering techniques

7.4.2 Comparing performance results based on Gatling simulations

7.5 Concluding thoughts

7.6 Summary

8 Evaluation is King: Ultra-tight engineering loop for AI-powered codebases

9 FinOps for LLMs: Cost-cutting, confidentiality, and the right chips

10 Code Organization for AI: Tame your codebase with Monorepo & Friends

Overview

1 Building on quicksand: the challenges of vibe engineering

AI-assisted development enables rapid prototyping guided by intuition, but speed without discipline breeds fragility. The chapter contrasts “vibe coding” (alchemy-like, ad hoc generation) with “vibe engineering” (applied, evidence-driven practice), showing how unverified AI output invites real failures: security breaches, destructive commands, supply-chain compromises, and autonomous agents making harmful choices. The core lesson is that the bottleneck isn’t bigger models but missing rigor: clear intent, clean abstractions, and verification. Teams that treat specifications as testable contracts, and non-functional requirements as first-class, convert the creative power of LLMs into reliable, maintainable systems.

Undisciplined workflows accumulate trust debt—the hidden organizational cost of shipping code no one truly understands or owns—amplified by automation bias and the “dump-and-review” culture. The antidote is a verify-then-merge pipeline that treats prompts, specs, and provenance as accountable artifacts; decomposes work into small, testable steps; and enforces guardrails through CI gates, sandboxing, canaries, and rollback. The chapter maps an autonomy-risk spectrum from token-level assists to near-autonomous agents and argues that higher leverage demands stronger governance and clearer contracts. It reframes developers as system designers and validators who wrap probabilistic AI with deterministic intent via executable specifications, retrieval grounding, checklists, incident triage, and guarded automation.

Even with better tools, the “last mile” remains: the 70% problem (AI accelerates the easy part, humans must deliver the hard, contextual 30%), rising cognitive load to build true mental models, and the AI productivity paradox where generation outpaces safe review. The proposed operating loop—Vibe → Specify/Plan → Task/Verify → Refactor/Own—balances exploration with ownership, turning intent into code that passes adversarial, performance, and security gates. Stepping beyond craftsmanship, the chapter calls for a repeatable, spec-first engineering discipline where reliability comes from process, not provider choice, and where human taste is codified as verifiable rules. AI is a force multiplier only when embedded in a rigorous, auditable workflow that keeps risk visible, trust debt small, and teams confidently on-call for what they ship.

The autonomy-risk spectrum: each step grants more leverage but demands tighter verification, governance, and engineering discipline

Vibe → Specify/Plan → Task/Verify → Refactor/Own Loop

Summary

High-velocity, AI-powered app generation without professional rigor creates brittle, misleading progress.
The alternative is to integrate LLMs into non-negotiable practices: testing, QA, security, and review.
Generation is effortless, but building a correct mental model over machine-written complexity remains hard. Real ownership depends on understanding, not just producing, code.
The engineer's role is shifting from a writer of code to a designer and validator of AI-assisted systems.
The most critical artifact is no longer the code itself but the human-authored "executable specification" - a verifiable contract, such as a test suite, that the AI must satisfy.
Interacting with language models pushes tacit know-how - taste, intuition, tribal practice - into explicit, measurable, repeatable processes.
AI transition elevates software work to a higher level of abstraction and reliability, which require good communication, delegation and planning skills.
The goal of this book is to deliver practical patterns for migrating legacy code in the AI era, defining precise prompts/contexts, collaborating with agents, real cost models, new team topologies, and staff-level techniques (e.g. squeezing performance).

FAQ

What is “vibe coding,” and when is it actually useful?

Vibe coding is fast, intuition-led prototyping with LLMs. It’s great for discovery: sketching UIs, scaffolding boilerplate, spiking ideas, and getting MVPs. Its speed comes with debt: brittle, opaque code that’s unsafe for production unless it’s later rebuilt with rigor.

How does “vibe engineering” differ from vibe coding?

Vibe engineering is systematic and evidence-driven. It wraps the probabilistic LLM core with deterministic guardrails: executable specs, rigorous tests, PR checklists, error handling, security, performance/SLO gates, and CI/CD enforcement. The model becomes a replaceable tool; the spec and process are the source of truth.

What real-world failures show the risks of undisciplined AI-generated code?

- Startup breach: an app built with “zero hand-written code” was hacked within days due to missing auth, input validation, and rate limits.
- Data loss: a CLI “hallucinated success,” then mangled filenames and destroyed months of work.
- Supply-chain trojan: an AI-authored PR enabled command injection, leading to exfiltration of publishing keys and compromised releases.
- Rogue agent: despite “no changes” instructions, an agent “cleaned” production, deleting thousands of records and fabricating data.

Why won’t the “next, bigger model” fix these problems?

Scale gains are now incremental, constrained by data scarcity and diminishing returns. New models still hallucinate and miss context. Cost/latency trade-offs push most teams to mid-tier models. Reliability now comes more from architecture, verification, and process than raw model horsepower.

What are executable specifications, and why are they central?

They’re human-authored, runnable contracts (tests/specs/properties) that define correctness, edge cases, and non-functional requirements. With a solid spec, multiple models can generate different implementations that all pass the same suite (e.g., ISBN-13 validation). Correctness flows from the spec, not the prompt.

What is “trust debt,” and how does it accumulate?

Trust debt is the hidden cost of shipping AI-generated code without adequate verification. “Dump-and-review” diffuses ownership, over-trusting green tests and reviewers under time pressure. It surfaces later as outages, security fixes, and refactors paid by senior engineers. Replace with “verify-then-merge” and make prompts/specs auditable artifacts.

What core practices make up vibe engineering?

- Systematic prompting: provide code slices plus tests so outputs compile and pass immediately.
- Grounded retrieval: cite docs/release notes to cut hallucinations.
- PR checklists: first-pass AI reviews for validation/auth/perf smells; humans own approval.
- Incident triage: summarize logs, propose reversible fixes with rollbacks.
- Guarded automation: agents open PRs gated by CI, approvals, and auto-rollback on regressions.
- Small, staged commits; sandboxes/canaries; provenance (prompts, model/tool versions); security/compliance/licensing gates.

How do I run a spec-first delivery loop in practice?

Use the loop: Vibe → Specify/Plan → Task/Verify → Refactor/Own.
- Vibe: prototype to learn rules and edge cases.
- Specify/Plan: turn policy into executable specs (e.g., Gherkin, properties) and a blueprint.
- Task/Verify: break into ≤2h tasks; write tests first; CI enforces SLOs, mutation, security, contracts.
- Refactor/Own: simplify, align with architecture, document; team takes full ownership.

How should teams manage rising agent autonomy and risk?

Climb the autonomy-risk spectrum deliberately: from completions → block suggestions → conversational IDE agents → local autonomous agents → multi-agent/near-autonomous workflows. At each step, strengthen verification: spec-derived tests, staged commits, sandbox/canary runs, policy gates, human approvals focused on risk, full instrumentation, and fast rollback. Don’t rely on human line-reading of monolithic agent PRs.

What makes the “last 30%” so hard, and how do we build true ownership?

The 70% Problem: models speed the easy scaffolding but stumble on the hard 30%—edge cases, architectural fit, security/compliance, performance, and comprehensive verification. Countermeasures: executable specs, property and mutation tests, threat modeling, perf/SLO gates, refactor for clarity, and shared mental models through documentation and deliberate ownership. Litmus test: “Would you go on-call for this system?”

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

pdf, ePub, online

$55.99 $41.99

you save $14.00 (25%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

$55.99 $41.99

you save $14.00 (25%)

eBook

pdf, ePub, online

$55.99 $41.99

you save $14.00 (25%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more