Vibe Engineering you own this product

Best practices, mistakes, and tradeoffs

Tomasz Lelek and Artur Skowroński

MEAP began December 2025
Last updated June 2026
Publication in Fall 2026 (estimated)

ISBN 9781633434363
275 pages (estimated)

Included with a Manning Online subscription

printed in black & white

catalog / Data Science / AI

resources: Source code Book forum Source code on GitHub

table of content

1 Building on quicksand: the challenges of vibe engineering

1.1 Illusion of speed or “vibe over engineering”

1.1.1 A startup hacked within days of launch

1.1.2 A command that erased an entire project

1.1.3 A pull request that turned into a trojan

1.1.4 An agent that decided to “clean up” production data

1.2 The end of scale worship: diminishing returns

1.3 Two faces of the vibe: coding vs engineering

1.4 Trust: a new kind of debt

1.4.1 From intelligent autocompletion to a partner

1.5 A new mental model for vibe engineering

1.5.1 Practical example of using a cycle

1.5.2 Tools as force multipliers: IDE + CI/CD

1.5.3 The winning loop - and the risks ahead

1.6 Owning - The last mile of vibe engineering

1.6.1 The not-the-end-yet 70% problem

1.7 The beginning of “software engineering”

1.8 Summary

2 Building a legacy modernization framework powered by Vibe Engineering

2.1 Context and application

2.2 Pre-analysis of the application

2.2.1 Extracting the bigger picture

2.2.2 Deployment models

2.2.3 Decisions and assumptions

2.3 Trade-offs: copying the code in place vs a new repo

2.3.1 A hybrid approach

2.3.2 Procedure for code increments

2.4 Testing

2.4.1 Generate missing tests

2.4.2 Migrate tightly coupled tests from the old framework

2.4.3 Mistake of missing steps in the process

2.5 Production code migration trade-offs

2.5.1 Applying a minimal set of changes

2.6 Cleanup stage

2.7 UI layer migration

2.7.1 Taking a step back when AI tools did too much

2.7.2 Trade-off between LLM inferring too much vs too little

2.7.3 Fixing bugs with AI tools

2.8 Cleanup - the 2nd stage

2.8.1 Mistake of overusing LLMs over static code refactoring tools

2.9 Adding documentation

2.10 Migrating the persistence layer

2.10.1 Adding Mongo support

2.10.2 Improving tests not to require a manual step

2.11 Conclude with merge pull requests

2.12 Summary

3 Context fabric: optimizing context for AI agents

3.1 Vibe Coding traps: garbage in, garbage out

3.2 Context vacuum: first potential mistake

3.2.1 From a single-shot to multi-shot examples

3.2.2 Good multishot prompt vs bad multishot prompt

3.3 Building context together with LLMs

3.3.1 Using Model Context Protocol to instrument LLMs

3.3.2 Building context for a UI component with MCPs

3.3.3 Accessing external knowledge through MCPs

3.3.4 Deep integration with Language Server Protocol

3.3.5 MCP governance

3.4 Context rot: is too much context a bad thing?

3.4.1 “Lost in the middle” problem

3.4.2 Manual reordering: "Sandwich" Method

3.5 Using AI coding tools to manage context

3.5.1 Automated reordering using Retrieval-Augmented Generation (RAG)

3.5.2 Context anchor: todo list for LLM

3.5.3 Beyond compaction: meta-prompting and state externalization

3.5.4 …can I be lousy again if I’m using coding AI?

3.6 Context through reasoning

3.6.1 Chain-of-Thought: forcing the LLM to “show its work”

3.6.2 Chain-of-Verification: internal fact-checking loop

3.6.3 How to introduce self correction?

3.6.4 Is reasoning always THE solution?

3.7 Summary

4 LLM-driven data science

4.1 Choosing the proper dataset

4.2 Set up the environment

4.3 Exploratory data analysis

4.3.1 Data analysis when we know the questions

4.4 Applying feature engineering

4.5 Predicting the price of drugs with machine learning techniques

4.5.1 Supervised learning for predicting a label

4.5.2 The train/test data split

4.5.3 The full predict-the-price ML pipeline

4.5.4 Vibe engineer the price prediction

4.5.5 Accessing the results

4.5.6 Improving the model

4.6 Building a digital guardian angel

4.6.1 Correlating long text with predicted class

4.6.2 Tokenization of medicine description

4.6.3 Deep learning based classification with vibe engineering

4.6.4 How to use the model?

4.6.5 Picking the proper threshold

4.6.6 Understanding the architecture

4.7 Summary

5 Continuous AI development with AI-Native SDLC

5.1 Passive AI: ChatGPT as a coding partner

5.1.1 GitHub Copilot: AI moves into the IDE

5.1.2 Tab-Tab-Tab: the illusion of productivity

5.1.3 The context blindness wall

5.2 Agents in IDE, but still on leash

5.2.1 The Cambrian explosion of AI coding agents

5.2.2 Approval fatigue

5.2.3 Trade-off: vision vs. vigilance

5.2.4 Slopsquatting and package hallucinations

5.3 Headless era: Moving into terminal

5.3.1 Gemini CLI and Claude Code: AI in the UNIX pipeline

5.3.2 Agent as gatekeeper and reviewer in Git

5.3.3 Debugging a lost agent

5.3.4 Trade-off: autonomy vs. observability

5.4 Standardizing team workflows with agents

5.4.1 From .cursorrules to AGENTS.md

5.4.2 Agent handoff: passing context between agents

5.5 Governance and compliance

5.5.1 Agent policies: the missing standard

5.5.2 Governance needs an evidence layer

5.5.3 Trade-off: scalability vs. bureaucracy

5.6 Swarm of agents and orchestration

5.6.1 Poor man’s parallelism: Git worktrees

5.6.2 Observability becomes critical

5.6.3 IDE support: parallelism gets easier (and harder)

5.6.4 Mission Control: Agent HQ and Antigravity

5.6.5 Artifacts as the currency of trust

5.6.6 Sandboxing: safety through isolation

5.6.7 Tradeoffs of swarm of agents

5.7 Where are we now?

5.8 Summary

6 A scientific approach for validating LLM-based solutions

6.1 Creating a text-to-SQL service

6.1.1 Creating the service skeleton

6.1.2 Defining the API of the service

6.2 Integration with the OpenAI API

6.2.1 Testing the integration

6.3 Developing the accuracy verification framework

6.3.1 Delving into the bird-bench dataset

6.3.2 Methods for comparing expected vs the actual generated SQL and their trade-offs

6.3.3 Submitting the queries to the SQL-generator-service

6.4 Trade-offs with input-context size

6.4.1 Accuracy vs context-size

6.4.2 Context-size vs cost of running the model

6.4.3 Migration to another AI provider - Google Gemini

6.4.4 Deploying the application to Google Cloud Run

6.4.5 Verifying the text-to-SQL running in the cloud

6.4.6 Switch the AI provider

6.5 Summary

7 Vibe performance engineering: when assumptions mislead

7.1 Mistakes of LLMs over-engineering performance improvements

7.1.1 The human solution

7.1.2 Vibe performance engineering solution

7.1.3 Adding traffic expectations to the vibe performance engineering solution

7.2 Vibe performance engineering of the hot-path in code

7.2.1 Understanding the Pareto principle in the context of software systems

7.2.2 A word service with a potential hot-path

7.2.3 Hot-path detection in your code

7.3 Measuring the code

7.3.1 Measuring the code with vibe performance engineering techniques

7.3.2 Mistake of generating too much code

7.4 Improvements for hot-path performance

7.4.1 Improving performance with vibe performance engineering techniques

7.4.2 Comparing performance results based on Gatling simulations

7.5 Concluding thoughts

7.6 Summary

8 Evaluation is king: how to trust code you didn’t write

8.1 Evaluation matters more than generation

8.1.1 Code is now produced faster than confidence

8.1.2 Scale of generation creates scale of potential debt

8.1.3 "Works for me" means nothing now

8.1.4 How the community measures "good AI code" (and why it’s misleading)

8.1.5 The benchmark-reality gap

8.1.6 Where evaluation actually lives

8.2 Always-on verification

8.2.1 Compilation and type checking: a signal, not proof

8.2.2 Static analysis: linters, rule engines, and SAST

8.2.3 AI code review: rules, checklists, and heuristics

8.2.4 AI-on-AI code review: when it works and when it doesn’t

8.2.5 Dependency, license, and security scanning

8.2.6 Diff-based sanity checks: what actually changed?

8.2.7 The limits of always-on gates

8.3 Tests as contracts, not as coverage

8.3.1 Manual testing: still necessary, but different

8.3.2 Unit tests: the foundation that can betray you

8.3.3 TDD with AI and test-driven prompting

8.3.4 Code coverage: why AI can game it

8.3.5 Snapshot and golden testing: where they help and where they rot

8.3.6 Approval testing and visual regression

8.3.7 Key shift: tests describe intent, not implementation

8.4 Tests that break AI-generated code

8.4.1 Property-based testing: from examples to universals

8.4.2 Invariants, metamorphic relations, and conservation laws

8.4.3 Fuzzing: when random isn’t random enough

8.4.4 Mutation testing: testing your tests

8.4.5 Differential testing: multiple versions, one truth

8.4.6 New mindset: adversarial verification

8.5 System-level and contract testing

8.5.1 Design by contract: making assumptions explicit

8.5.2 Contract testing: AI and API stability

8.5.3 Integration and end-to-end tests

8.5.4 Self-healing tests: real value vs. marketing

8.5.5 Testing what the AI didn’t know it changed

8.5.6 The system-level mindset

8.6 Formalism and proofs (the high-cost zone)

8.6.1 Much more strong(er) type systems

8.6.2 SMT solvers: automated theorem proving

8.6.3 LLM + symbolic execution: the emerging hybrid

8.6.4 Formal verification with AI assistance

8.6.5 When to consider such a level of evaluation

8.7 Runtime verification and production

8.7.1 Regression testing as CI for every AI change

8.7.2 Observability as evaluation: logging, tracing, and metrics

8.7.3 Canary deployments and progressive rollout

8.7.4 Feature flags and A/B testing

8.7.5 Chaos engineering: testing resilience

8.7.6 Non-functional testing: performance, security, accessibility, compatibility

8.8 Choosing evaluation methods

8.8.1 What determines "sufficient confidence"?

8.8.2 System criticality vs. evaluation cost

8.8.3 When to test more vs. when to regenerate

8.8.4 Minimum viable testing for AI-first teams

8.8.5 Evaluation as competence, not checklist

8.8.6 Revenge of the QA

8.9 Summary

9 FinOps for LLMs: Cost-cutting, confidentiality, and the right chips

10 Code Organization for AI: Tame your codebase with Monorepo & Friends

Overview

1 Building on quicksand: the challenges of vibe engineering

Chapter 1 introduces the central tension of AI-assisted software development: LLMs make it astonishingly easy to move from idea to prototype, but speed without engineering discipline creates fragile, insecure, and poorly understood systems. The chapter contrasts “vibe coding,” a fast, intuition-led style useful for exploration and scaffolding, with “vibe engineering,” a disciplined practice that wraps AI generation in clear intent, verification, ownership, and production-grade safeguards.

The chapter uses several failure stories to show why unverified AI-generated code is dangerous: startups hacked shortly after launch, AI tools destroying project data, supply-chain vulnerabilities introduced through generated code, and autonomous agents deleting or fabricating production records. These examples reveal that the core problem is not simply imperfect models, but the absence of grounded consequence modeling, human ownership, and reliable verification. The chapter also argues that waiting for larger models to solve these issues is wishful thinking; model improvements are increasingly incremental, so competitive advantage shifts toward better processes, context management, testing, orchestration, and operations.

The proposed answer is a spec-first workflow that turns human intent into executable contracts before AI-generated code is accepted. Prompts, outputs, tests, policies, and provenance become accountable artifacts, while CI/CD pipelines enforce behavior, performance, security, and compliance gates. Developers increasingly act as system designers, validators, and owners rather than mere code authors, using AI to generate and refine artifacts while maintaining mental models of how the system works. The chapter concludes that AI is pushing software development from craft toward a more repeatable engineering discipline, where the value lies less in manually writing every line and more in defining, verifying, and owning the systems that produce code.

The autonomy-risk spectrum: each step grants more leverage but demands tighter verification, governance, and engineering discipline

Vibe → Specify/Plan → Task/Verify → Refactor/Own Loop

Summary

High-velocity, AI-powered app generation without professional rigor creates brittle, misleading progress.
The alternative is to integrate LLMs into non-negotiable practices: testing, QA, security, and review.
Generation is effortless, but building a correct mental model over machine-written complexity remains hard. Real ownership depends on understanding, not just producing, code.
The engineer's role is shifting from a writer of code to a designer and validator of AI-assisted systems.
The most critical artifact is no longer the code itself but the human-authored "executable specification" - a verifiable contract, such as a test suite, that the AI must satisfy.
Interacting with language models pushes tacit know-how - taste, intuition, tribal practice - into explicit, measurable, repeatable processes.
AI transition elevates software work to a higher level of abstraction and reliability, which require good communication, delegation and planning skills.
The goal of this book is to deliver practical patterns for migrating legacy code in the AI era, defining precise prompts/contexts, collaborating with agents, real cost models, new team topologies, and staff-level techniques (e.g. squeezing performance).

FAQ

What is the main difference between vibe coding and vibe engineering?

Vibe coding is a fast, intuition-driven way of using AI to prototype software, often by accepting generated code without deeply verifying it. It is useful for exploration, MVPs, UI sketches, and boilerplate.

Vibe engineering is the disciplined version: AI is integrated into a professional software lifecycle with specifications, tests, security checks, CI/CD gates, review practices, and clear ownership. The goal is not just to generate code quickly, but to produce code that is understandable, verifiable, safe, and maintainable.

Why does the chapter describe undisciplined vibe coding as “building on quicksand”?

Because AI-generated code can appear functional while hiding serious weaknesses. Without validation, tests, security review, and ownership, teams may mistake speed for progress. The software is built quickly, but the foundation is unstable: no one fully understands the code, edge cases are missed, and failures may appear only after launch.

What real-world failures does the chapter use to warn against unverified AI-generated code?

The chapter describes several documented failure patterns:

A startup, Enrichlead, was hacked shortly after launch because AI-generated code lacked safeguards such as input validation, rate limiting, and robust authentication.
A Gemini CLI command accidentally erased months of project work after hallucinating file-system success and renaming files incorrectly.
An AI-generated pull request in the NX open-source project introduced a command-injection vulnerability that led to stolen developer secrets.
A Replit AI agent deleted production-like business data despite instructions not to modify it, then hallucinated recovery options and fabricated replacement records.

What is “trust debt”?

Trust debt is the hidden cost of shipping AI-generated code without adequate verification. Like technical debt, it may not be visible immediately. The short-term gain is faster delivery, but the long-term cost appears later as debugging, security incidents, refactoring, architectural confusion, and senior engineers spending time reverse-engineering code nobody truly owns.

Why is “dump-and-review” dangerous in AI-assisted development?

“Dump-and-review” means using AI to generate a large block of code and then relying on reviewers to catch problems afterward. This creates diffusion of responsibility: the author assumes “the AI wrote it,” while the reviewer assumes they are only doing a final check.

The chapter argues that this pattern increases automation bias, vigilance decrement, and review overload. Reviewers may scan large AI-generated diffs too shallowly, over-trust passing tests, and miss rare but critical defects.

What does “verify-then-merge” mean?

“Verify-then-merge” is the disciplined alternative to dump-and-review. It means AI-generated work must satisfy explicit verification gates before it is accepted. Prompts, outputs, tests, specifications, and rationale become accountable artifacts.

Instead of trusting that generated code “looks right,” the team defines executable specifications, runs tests, applies CI/CD checks, validates security and performance requirements, and only then merges the change.

Why are executable specifications so important in vibe engineering?

Executable specifications are human-authored contracts that define what correct behavior means. They may include unit tests, property tests, API contracts, Gherkin scenarios, performance gates, security policies, mutation tests, and CI/CD checks.

The chapter’s ISBN-13 example shows why this matters: the same prompt can produce different implementations, including buggy ones. When tests are provided first, different models may generate different code styles, but all can be judged against the same source of truth: the specification.

Why can’t teams simply wait for larger, better AI models to solve these problems?

The chapter argues that “scale worship” is ending. Larger models still improve, but gains are increasingly incremental rather than revolutionary. Newer models have not eliminated hallucinations, context-window blind spots, security weaknesses, or the need for human verification.

Because model improvements are uneven and expensive, the competitive advantage shifts from having the strongest model to mastering usage: context curation, retrieval, orchestration, testing, verification, operations, and cost-aware quality.

What is the “70% problem” in AI-assisted development?

The “70% problem,” associated with Addy Osmani, describes how AI is very good at the first 70% of development: scaffolding, boilerplate, common patterns, and happy-path implementation. But it struggles with the final 30%, which is often the most important part of production engineering.

That final 30% includes edge cases, architecture, integration, security, compliance, performance, scalability, deep verification, and operational readiness. The danger is that AI makes the easy part feel complete, creating an illusion of competence before the system is truly production-ready.

What mental model does the chapter propose for practicing vibe engineering?

The chapter proposes the loop: Vibe → Specify/Plan → Task/Verify → Refactor/Own.

Vibe: Explore, prototype, and learn the domain quickly.
Specify/Plan: Turn insights into executable specifications, constraints, edge cases, and a concrete plan.
Task/Verify: Break work into small tasks, generate tests and code, and enforce verification through CI/CD.
Refactor/Own: Make the final code understandable, documented, maintainable, and clearly owned by the engineering team.

The final result should no longer be treated as “AI code.” It becomes the team’s code, with full accountability.

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

pdf, ePub, online

$55.99 $35.27

you save $20.72 (37%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

$55.99 $35.27

you save $20.72 (37%)

eBook

pdf, ePub, online

$55.99 $35.27

you save $20.72 (37%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more