Vibe Engineering you own this product

Best practices, mistakes, and tradeoffs

Tomasz Lelek and Artur Skowroński

MEAP began December 2025
Last updated April 2026
Publication in Fall 2026 (estimated)

ISBN 9781633434363
275 pages (estimated)

Included with a Manning Online subscription

printed in black & white

catalog / Data Science / AI

resources: Source code Book forum Source code on GitHub

table of content

1 Building on quicksand: the challenges of vibe engineering

1.1 Illusion of speed or “vibe over engineering”

1.1.1 A startup hacked within days of launch

1.1.2 A command that erased an entire project

1.1.3 A pull request that turned into a trojan

1.1.4 An agent that decided to “clean up” production data

1.2 The end of scale worship: diminishing returns

1.3 Two faces of the vibe: coding vs engineering

1.4 Trust: a new kind of debt

1.4.1 From intelligent autocompletion to a partner

1.5 A new mental model for vibe engineering

1.5.1 Practical example of using a cycle

1.5.2 Tools as force multipliers: IDE + CI/CD

1.5.3 The winning loop - and the risks ahead

1.6 Owning - The last mile of vibe engineering

1.6.1 The not-the-end-yet 70% problem

1.7 The beginning of “software engineering”

1.8 Summary

2 Building a legacy modernization framework powered by Vibe Engineering

2.1 Context and application

2.2 Pre-analysis of the application

2.2.1 Extracting the bigger picture

2.2.2 Deployment models

2.2.3 Decisions and Assumptions

2.3 Trade-offs: copying the code in place vs a new repo

2.3.1 A hybrid approach

2.3.2 Procedure for code increments

2.4 Testing

2.4.1 Generate missing tests

2.4.2 Migrate missing tests to the new framework

2.4.3 Mistake of missing steps in the process

2.5 Production Code Migration trade-offs

2.5.1 Applying a minimal set of changes

2.6 Cleanup stage

2.7 UI layer migration

2.7.1 Taking a step back when AI tools did too much

2.7.2 Trade-off between LLM inferring too much vs too little.

2.7.3 Fixing bugs with AI tools

2.8 Cleanup - the 2nd stage

2.8.1 Mistake of overusing LLMs over static code refactoring tools

2.9 Adding documentation

2.10 Migrating the persistence layer

2.10.1 Adding Mongo support

2.10.2 Improving tests not to require a manual step

2.11 Conclude with merge pull requests

2.12 Summary

3 Context fabric: optimizing context for AI agents

3.1 Vibe Coding traps: garbage in, garbage out

3.2 Context vacuum: first potential mistake

3.2.1 From a single-shot to multi-shot examples

3.2.2 Good multishot prompt vs bad multishot prompt

3.3 Building context together with LLMs

3.3.1 Using Model Context Protocol to instrument LLMs

3.3.2 Building context for a UI component with MCPs

3.3.3 Accessing external knowledge through MCPs

3.3.4 Deep integration with Language Server Protocol

3.3.5 MCP governance

3.4 Context rot: is too much context a bad thing?

3.4.1 “Lost in the middle” problem

3.4.2 Manual reordering: "Sandwich" Method

3.5 Using AI coding tools to manage context

3.5.1 Automated reordering using Retrieval-Augmented Generation (RAG)

3.5.2 Context anchor: todo list for LLM

3.5.3 Beyond compaction: meta-prompting and state externalization

3.5.4 …can I be lousy again if I’m using coding AI?

3.6 Context through reasoning

3.6.1 Chain-of-Thought: forcing the LLM to “show its work”

3.6.2 Chain-of-Verification: internal fact-checking loop

3.6.3 How to introduce self correction?

3.6.4 Is reasoning always THE solution?

3.7 Summary

4 LLM-driven data analytics and visualization

5 Continuous AI development with AI-Native SDLC

5.1 Passive AI: ChatGPT as a coding partner

5.1.1 GitHub Copilot: AI moves into the IDE

5.1.2 Tab-Tab-Tab: the illusion of productivity

5.1.3 The context blindness wall

5.2 Agents in IDE, but still on leash

5.2.1 The Cambrian explosion of AI coding agents

5.2.2 Approval fatigue

5.2.3 Trade-off: vision vs. vigilance

5.2.4 Slopsquatting and package hallucinations

5.3 Headless era: Moving into terminal

5.3.1 Gemini CLI and Claude Code: AI in the UNIX pipeline

5.3.2 Agent as gatekeeper and reviewer in Git

5.3.3 Debugging a lost agent

5.3.4 Trade-off: autonomy vs. observability

5.4 Standardizing team workflows with agents

5.4.1 From .cursorrules to AGENTS.md

5.4.2 Agent handoff: passing context between agents

5.5 Governance and compliance

5.5.1 Agent policies: the missing standard

5.5.2 Governance needs an evidence layer

5.5.3 Trade-off: scalability vs. bureaucracy

5.6 Swarm of agents and orchestration

5.6.1 Poor man’s parallelism: Git worktrees

5.6.2 Observability becomes critical

5.6.3 IDE support: parallelism gets easier (and harder)

5.6.4 Mission Control: Agent HQ and Antigravity

5.6.5 Artifacts as the currency of trust

5.6.6 Sandboxing: safety through isolation

5.6.7 Tradeoffs of swarm of agents

5.7 Where are we now?

5.8 Summary

6 A scientific approach for validating LLM-based solutions

6.1 Creating a text-to-SQL service

6.1.1 Creating the service skeleton

6.1.2 Defining the API of the service

6.2 Integration with the OpenAI API

6.2.1 Testing the integration

6.3 Developing the accuracy verification framework

6.3.1 Delving into the bird-bench dataset

6.3.2 Methods for comparing expected vs the actual generated SQL and their trade-offs

6.3.3 Submitting the queries to the SQL-generator-service

6.4 Trade-offs with input-context size

6.4.1 Accuracy vs context-size

6.4.2 Context-size vs cost of running the model

6.4.3 Migration to another AI provider - Google Gemini

6.4.4 Deploying the application to Google Cloud Run

6.4.5 Verifying the text-to-SQL running in the cloud

6.4.6 Switch the AI provider

6.5 Summary

7 Vibe Performance Engineering: When assumptions mislead

7.1 Mistake of LLMs over-engineering performance improvements

7.1.1 The human solution

7.1.2 Vibe Performance Engineering Solution

7.1.3 Adding Traffic Expectations to the Vibe Performance Engineering Solution

7.2 Vibe Performance Engineering of the Hot-Path in code

7.2.1 A word service with a potential hot-path

7.2.2 Hot-path detection in your code

7.3 Measuring the code

7.3.1 Measuring the code with Vibe Performance Engineering techniques

7.3.2 Mistake of generating too much code

7.4 Improvements for hot-path performance

7.4.1 Improving the performance with Vibe Performance Engineering techniques

7.4.2 Compare performance results based on Gatling simulations

7.5 Concluding thoughts

7.6 Summary

8 Evaluation is King: Ultra-tight engineering loop for AI-powered codebases

9 FinOps for LLMs: Cost-cutting, confidentiality, and the right chips

10 Code Organization for AI: Tame your codebase with Monorepo & Friends

Overview

1 Building on quicksand: the challenges of vibe engineering

AI-assisted development delivers rapid prototyping and early learning, but speed without discipline—“vibe coding”—creates brittle systems, security holes, and code no one truly owns. The chapter argues that model upgrades won’t rescue poor process: scaling has hit diminishing returns, so advantage shifts from raw horsepower to engineering rigor. “Vibe engineering” is proposed as the remedy: combine creative LLM prototyping with professional practices—clear intent, tight abstractions, verification, and operational guardrails—so teams turn intuition into reliable, production-safe software.

Through real incidents—hacks within days of launch, destructive file operations, a supply-chain compromise, and an overzealous agent deleting production data—the text exposes a new class of systemic risks rooted in unverified, context-detached code and automation bias. The hidden cost is “trust debt”: short-term velocity that offloads verification to reviewers and senior engineers, eroding vigilance and ownership. The cure is a verify-then-merge culture anchored in executable specifications that act as contracts: specs and tests first, then generation; PR checklists and policy gates; sandboxing, canaries, and fast rollback; retrieval for grounding; guarded automation; and CI pipelines that enforce security, performance, and correctness before a human approves.

The human role shifts from line-by-line author to system designer and validator, with ownership measured by the quality of the mental model, not who typed the code. To counter the “70% problem” (easy scaffolding, hard last mile) and the comprehension bottleneck, the chapter prescribes a repeatable loop—Vibe → Specify/Plan → Task/Verify → Refactor/Own—where specifications, property tests, SLO gates, and domain invariants define success up front, and agents work within those boundaries. Tools amplify this approach, but the mindset is the real change: treat LLMs like costed compute, master context and orchestration, and elevate craft into engineering by making taste and intent explicit, auditable, and executable.

The autonomy-risk spectrum: each step grants more leverage but demands tighter verification, governance, and engineering discipline

Vibe → Specify/Plan → Task/Verify → Refactor/Own Loop

Summary

High-velocity, AI-powered app generation without professional rigor creates brittle, misleading progress.
The alternative is to integrate LLMs into non-negotiable practices: testing, QA, security, and review.
Generation is effortless, but building a correct mental model over machine-written complexity remains hard. Real ownership depends on understanding, not just producing, code.
The engineer's role is shifting from a writer of code to a designer and validator of AI-assisted systems.
The most critical artifact is no longer the code itself but the human-authored "executable specification" - a verifiable contract, such as a test suite, that the AI must satisfy.
Interacting with language models pushes tacit know-how - taste, intuition, tribal practice - into explicit, measurable, repeatable processes.
AI transition elevates software work to a higher level of abstraction and reliability, which require good communication, delegation and planning skills.
The goal of this book is to deliver practical patterns for migrating legacy code in the AI era, defining precise prompts/contexts, collaborating with agents, real cost models, new team topologies, and staff-level techniques (e.g. squeezing performance).

FAQ

What is “vibe coding,” and why is it risky in production?

Vibe coding is an intuition-first, LLM-powered way to spin up working software fast, often without tests, security hygiene, or deep verification. It creates an illusion of speed: code “looks functional” but is brittle, opaque, and easy to exploit. Documented failures include a startup hacked within days, an AI CLI command that effectively erased a project, a supply-chain trojan via an AI-authored PR, and an agent that “cleaned” production data by deleting thousands of records.

How does “vibe engineering” differ from vibe coding?

Vibe engineering is systematic and evidence-driven. It wraps the probabilistic core of LLMs in a deterministic shell of human intent, anchored by executable specifications. It emphasizes rigorous testing, security, error handling, edge cases, non-functional requirements (performance, scalability, reliability), and production stability. It treats the model as a replaceable component; correctness comes from the process and contracts, not the provider.

What is “trust debt,” and how does it accumulate?

Trust debt is the hidden, compounding cost of shipping AI-generated code without adequate verification. It grows under “dump-and-review” habits, where authors offload verification to reviewers and automation bias dulls vigilance. Symptoms include over-trusting green tests, late cognitive handoffs, and senior engineers spending weeks reverse-engineering AI output during incidents—costs that velocity dashboards don’t show.

Why won’t the “next, bigger model” solve these problems?

Scale now shows diminishing returns: hallucinations, context blind spots, and the need for human verification persist. Data scarcity and reuse further limit gains. Competitive advantage shifts from having the strongest model to mastering usage: clear intent, retrieval, orchestration, testing, and cost/latency-aware operations. Process quality, not raw horsepower, closes the gap from “impressive demo” to “production-safe.”

What is an executable specification, and why is it central to reliability?

An executable spec is a human-authored, runable contract (tests, properties, API schemas, perf gates) that defines correctness before code exists. LLMs generate implementations that must satisfy the spec. Example: an ISBN-13 validator verified by a pytest suite. Different models produced different code, but all passed the same tests—proving correctness comes from the spec, not the model.

What concrete techniques define vibe engineering in day-to-day work?

- Systematic prompt engineering with code slices and tests so outputs compile and pass immediately - Retrieval-augmented and grounded answers with citations to cut hallucinations - Model-driven first-pass PR review via fixed checklists (validation, auth, perf) - Incident triage: log summarization and reversible fix drafts - Guarded automation: agents propose PRs, CI/policy gates enforce, auto-rollback on regressions - Sandbox, canary, and policy gates (security, compliance, licensing) with full provenance

How should teams transition from prototype to production without accruing trust debt?

Adopt the loop: Vibe → Specify/Plan → Task/Verify → Refactor/Own. Use early prototyping to learn the domain, then freeze intent in executable specs, decompose into ≤2h tasks with clear “Done” checks, verify-then-merge (not dump-and-review), and finish with refactor/own so the team understands and documents the code it ships.

What is the autonomy–risk ladder, and how should we govern it?

It progresses from token completion → block suggestions → conversational IDE agents → local autonomous agents → near-fully autonomous developer agents. Each rung adds leverage and failure complexity, demanding tighter verification, governance, and staged rollout (sandbox → canary → broad). Never scale autonomy faster than you scale verification and auditability.

What is the “70% problem,” and what lives in the hard 30%?

AI accelerates the first ~70% (scaffolding and common patterns) but struggles with the last 30%: edge cases, architectural fit, comprehensive verification (property, mutation, performance, security), compliance, and performance/scalability. That final mile requires human judgment, domain context, and adversarial thinking—exactly what executable specs and strong CI gates enforce.

How do teams maintain real code ownership when AI writes much of the code?

- Make specs the source of truth; treat prompts/specs as versioned, reviewable artifacts - Prefer small, staged commits with rationale and provenance - Keep humans engaged at the right level (intent, invariants, risks), not just line-reading - Avoid “machine verifying the machine” by curating adversarial tests and mutation thresholds - Instrument production, enable fast rollback, and ask the litmus question: “Would you go on-call for this system?”

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

pdf, ePub, online

$55.99 $39.19

you save $16.80 (30%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

$55.99 $39.19

you save $16.80 (30%)

eBook

pdf, ePub, online

$55.99 $39.19

you save $16.80 (30%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more