Vibe Coding Strategy

1 · What I'm tracking

Vibe coding is how I describe working where I express intent in natural language and let an AI agent generate, run, test, and iterate — while I steer, review, accept, or reject. Andrej Karpathy coined the phrase in February 2025; within a year it moved from meme to default mode in major IDEs, cloud agents, and CLIs.

I treat vibe coding not as a replacement for engineering, but as a new interface to it — one that demands stronger taste, sharper specs, tighter feedback loops, and more disciplined verification, not less. This note is where I collect the patterns that actually hold up on real teams.

2 · Origin & Definition

3 · The Vibe Coding Spectrum

Not all "AI coding" is vibe coding. It sits on a spectrum of human-vs-agent authorship. Knowing where you are on the spectrum determines what guardrails you need.

4 · Core Principles

5 · The Vibe Coding Workflow

A reliable vibe coding loop has six stages. Skipping any of them is the most common failure mode.

6 · Tooling Landscape (2026)

Vibe coding tools cluster into five layers. A modern stack picks one or two from each layer and wires them together with MCP (Model Context Protocol) servers.

7 · The VIBE Strategy Framework

A four-pillar mental model I use on every project. When one pillar is weak, that is where the work stalls.

8 · Prompt & Spec Patterns

A prompt is a tiny specification. Treat it like product writing: structure, examples, constraints. The five patterns below cover ~80% of day-to-day work.

# Goal
Add server-side pagination to /api/orders, default 50/page.

# Context
- Express app, Prisma ORM, see routes/orders.ts and prisma/schema.prisma.
- We already use cursor pagination in /api/invoices — match that style.

# Constraints
- No breaking changes to existing clients.
- Keep response shape additive (add nextCursor, keep items).

# Done when
- New unit test passes; existing tests still pass.
- Manual curl with and without cursor returns expected pages.

Before writing any code, list the files you will change
and a 1-line description of the change for each.
Stop and wait for approval.

Implement <feature> following the same structure as
src/features/auth/login.ts — same error handling,
same logging conventions, same test layout.

List three ways this change could break production
and the test that would catch each one before
writing the implementation.

SPEC.md
- Problem
- Users & jobs-to-be-done
- API surface (with examples)
- Data model
- Edge cases
- Out of scope
- Test plan

9 · Context Engineering

In 2026, "prompt engineering" has been absorbed into the broader practice of context engineering: curating the full set of inputs the agent sees — system rules, files, examples, tool outputs, prior decisions, and memory.

The context budget

Even with million-token windows, attention is finite. Curate ruthlessly:

10 · Quality, Tests & Guardrails

Vibe coding shifts the bottleneck from writing code to trusting code. Your quality stack must be machine-readable so the agent can use it as a feedback signal.

11 · Risks & Mitigations

12 · Anti-Patterns

13 · Skills Matrix for the Modern Developer

The relative importance of developer skills has shifted. Below is a snapshot of where to invest your learning hours now.

14 · Team Operating Model

Individual vibe coding scales to teams only when shared practices replace personal habits. The "team-OS" below is what separates a chaotic AI-tools-everywhere shop from a high-leverage engineering org.

15 · Metrics & KPIs

Measure both velocity and trust. Velocity without quality metrics is how you end up shipping 3× the bugs at 3× the speed.

16 · 30 / 60 / 90-Day Adoption Roadmap

17 · Future Outlook (12–24 months)

18 · What I keep coming back to

Vibe coding is neither hype nor heresy — it is the interface I use most days now. The developers who win are not the ones who give up on rigor; they are the ones who relocate it: from typing to specifying, from writing to reviewing, from individual cleverness to systemic feedback loops.

The discipline is simple to state and hard to do well: hold a clear vision, iterate in small steps, set firm boundaries, and demand evidence. Do that consistently and an AI agent is the highest-leverage colleague I have worked with. Skip any one of those and it becomes the most expensive intern I have ever hired.

19 · References & Sources

Annotated bibliography behind the vibe-coding definition, autonomy spectrum, six-stage workflow, tooling landscape, VIBE framework, prompt patterns, context-engineering pyramid, verification ladder, risk table, anti-patterns, skills matrix, team operating model, DORA-style KPIs, adoption roadmap, and future-outlook cards. Section tags (e.g. §05) show where each source is used. Diagrams and the VIBE acronym are my synthesis unless noted.

Scope. Synthesis of practitioner writing, vendor documentation, and software-engineering research (May 2026). Hero KPI ranges (~55% AI-assisted code, 3–5× prototype speed, 2× defect rate without review, context engineering as #1 skill) blend GitHub, Stack Overflow, and field surveys — directional, not universal. Tool names in §06 reflect the 2025–26 landscape and will shift. Not tool endorsement, employment, or legal advice.

Citations are numbered continuously [1]–[n] within this section.

Origin, definition & the vibe-coding meme (§01–§02)

1. Karpathy, A., post introducing "vibe coding." X (Twitter), February 2025. Coined the phrase — "give in to the vibes, embrace exponentials, forget that the code even exists" — §01–§02 etymology and working definition. x.com/karpathy (search Feb 2025 vibe coding). — §01, §02.
2. Merriam-Webster, "vibe coding" Word of the Year coverage & dictionary entry. 2025. Mainstream adoption of the term within a year of coinage — §01 timeline sentence. merriam-webster.com — §01.
3. Wiener, A., "Vibe Coding and the Future of Software." The New Yorker, April 2025. Cultural and professional framing of agent-directed development — background for §02 distinction (autocomplete vs agentic loop). newyorker.com — §02.

Adoption, productivity & hero statistics (§01 KPIs, §15–§16)

1. GitHub, Octoverse 2024 & Copilot usage reports. 2024–25. AI-assisted coding adoption in surveyed teams — anchor for §01 ~55% hero stat (verify latest Octoverse/Copilot metrics). github.blog/octoverse — §01, §15.
2. Stack Overflow, 2025 Developer Survey — AI section. 2025. Developer tool usage, trust, and productivity self-reports — §01 adoption context and §15 wellbeing KPI. survey.stackoverflow.co — §01, §15.
3. McKinsey & Company, Unlocking Value from AI in Software Development (Digital practice insights). 2024–25. Prototype-cycle compression and review bottlenecks — §01 3–5× prototype KPI and §10 trust bottleneck. mckinsey.com/digital — §01, §10.
4. Peng, S. et al., "The Impact of AI on Developer Productivity: Evidence from GitHub Copilot." arXiv:2302.06590, 2023; follow-on controlled studies. Faster task completion with AI assistance; quality caveats when review skipped — §01 2× defect KPI and §12 vibe-and-ship anti-pattern. arxiv.org/abs/2302.06590 — §01, §12.

Autonomy spectrum, agentic loops & the six-stage workflow (§03–§05, FIG 1–2)

1. Yao, S. et al., "ReAct: Synergizing Reasoning and Acting in Language Models." ICLR 2023. Plan → act → observe loop underpinning §03 stages 4–5 and §05 Generate/Verify phases. arxiv.org/abs/2210.03629 — §03, §05.
2. Anthropic, Building Effective Agents guide. 2024–25. Agent design patterns: gather context, take action, verify — maps to §05 six-stage loop and §04 P3/P4 principles. docs.anthropic.com/agents — §04, §05.
3. Jimenez, C. E. et al., "SWE-bench: Can Language Models Resolve Real-World GitHub Issues?" ICLR 2024. Benchmark for autonomous coding agents — §03 stage 5 "Autonomous agent" and §17 eval-driven trend. arxiv.org/abs/2310.06770 — §03, §17.
4. Shinn, N. et al., "Reflexion: Language Agents with Verbal Reinforcement Learning." NeurIPS 2023. Iterative self-correction — background for §05 Verify stage and §12 prompt-golf anti-pattern. arxiv.org/abs/2303.11366 — §05, §12.

Tooling landscape — IDEs, CLIs, cloud agents & review (§06, FIG 3)

1. Cursor documentation — Agent mode, rules, and codebase context. 2025–26. Agentic IDE in §06 table and §09 .cursorrules conventions file. docs.cursor.com — §06, §09.
2. Anthropic, Claude Code documentation. 2025–26. Terminal/repo-wide agent — §06 terminal-agents row and §16 Days 0–30 tooling choice. docs.anthropic.com/claude-code — §06, §16.
3. OpenAI, Codex CLI / Codex Cloud documentation. 2025–26. Cloud/async agent patterns — §06 cloud-agents row and §16 Days 31–60 pilot. developers.openai.com/codex — §06, §16.
4. Cognition, Devin technical reports & product documentation. 2024–25. Long-running autonomous software engineer agent — §06 cloud-agents category and §12 lone-wolf anti-pattern. cognition.ai — §06, §12.
5. Aider, AI pair programming in your terminal — docs & architecture. 2024–25. Git-aware CLI editing — §06 terminal-agents row. aider.chat — §06.
6. CodeRabbit, Greptile & AI PR-review tooling documentation. 2024–25. Second-opinion review bots — §06 review row and §10 verification-ladder step 6. docs.coderabbit.ai — §06, §10.

VIBE framework, specs & prompt patterns (§07–§08)

1. Yan, E., "Patterns for Building LLM-based Systems & Products." eugeneyan.com, 2023–25. Goal/context/constraints patterns and eval discipline — §08 prompt patterns and §04 P1 intent-over-syntax. eugeneyan.com/writing/llm-patterns — §04, §08.
2. GitHub, Spec Kit & spec-driven development guides. 2025. Structured specs before codegen — §08 Goal·Context·Constraints·Done template and §14 spec template. github.com/spec-kit — §08, §14.
3. Beck, K., Test-Driven Development: By Example. Addison-Wesley, 2002. Red-green-refactor as feedback loop — intellectual basis for §10 "tests are spec artefacts" and §04 P3 tight loops. — §04, §10.
4. Google, Software Engineering at Google (Winters, Manshreck, Wright). O'Reilly, 2020. Code review culture and readability — §07 Evidence pillar and §13 code-review skill bar. — §07, §13.

Context engineering, MCP & project conventions (§09, FIG 5)

1. Anthropic, "Effective context engineering for AI agents" (engineering blog). 2025. Curating inputs beyond single prompts — §09 context-engineering definition and FIG 5 pyramid. anthropic.com/engineering — §09.
2. Model Context Protocol (MCP) specification — Anthropic, 2024–25. Standard for tools, data, and just-in-time retrieval — §09 dynamic retrieval card and §06 context-plumbing row. modelcontextprotocol.io — §06, §09, §16.
3. Anthropic, CLAUDE.md / project-instructions conventions. 2025. Repo-root rules files — §09 static conventions card (CLAUDE.md, AGENTS.md). docs.anthropic.com — §09, §14.
4. Liu, N. F. et al., "Lost in the Middle: How Language Models Use Long Contexts." TACL 2024. Attention limits in long contexts — §09 "context budget" curation rationale. arxiv.org/abs/2307.03172 — §09.
5. Nygard, M., Documenting Architecture Decisions (ADR format). 2011. Capturing durable decisions — §09 persistent memory and §11 architecture-drift mitigation. cognitect.com/blog — §09, §11.

Quality, verification, security & LLM risks (§10–§11, §12)

1. OWASP, Top 10 for Large Language Model Applications (2025 edition). Prompt injection, insecure output handling, supply-chain risks — §11 risk table and §10 guardrail checklist. owasp.org/llm-top10 — §10, §11.
2. Greshake, K. et al., "Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection." 2023. Untrusted content hijacking agents — §11 prompt-injection row. arxiv.org/abs/2302.12173 — §11.
3. NIST, Artificial Intelligence Risk Management Framework (AI RMF 1.0). 2023. Govern-map-measure-manage cycle for AI systems — §10 guardrails and §14 security-partner role. nist.gov/ai-rmf — §10, §14.
4. Google, SRE Book — monitoring, alerting, blameless postmortems. 2016–18. Production verification ladder top rung — §10 step 7 telemetry and §14 incident post-mortems. sre.google/sre-book — §10, §14.
5. Truong, L., companion note: AI Cost Control. May 2026. Token budgets, model tiering, kill-switches for agent runs — §11 cost-runaway row and §16 Days 61–90 cost tiering. Same author collection. — §11, §16.

DORA metrics, eval harnesses & team operating model (§14–§17)

1. Forsgren, N., Humble, J., & Kim, G., Accelerate: The Science of Lean Software and DevOps. IT Revolution, 2018. DORA metrics (lead time, deployment frequency, CFR, MTTR) — §15 metrics table and §16 baseline DORA step. — §15, §16.
2. DORA / Google Cloud, State of DevOps Report (annual). 2024–25. Benchmarking change failure rate and recovery — §15 quality rows. dora.dev — §15.
3. Braintrust, Evaluations for LLM applications documentation. 2024–25. Task-specific eval suites — §14 eval owner, §15 agent eval pass rate, §17 eval-driven trend. braintrust.dev — §14, §15, §17.
4. METR, Model Evaluation & Threat Research — agent task benchmarks. 2024–25. Measuring autonomous coding capability over time — §17 eval-driven development card. metr.org — §17.
5. Skelton, M. & Pais, M., Team Topologies. IT Revolution, 2019. Platform/enabling teams — §14 emerging roles (context owner, tool admin) as hats not headcount. — §14.

Future outlook, compliance & skills shift (§13, §17)

1. U.S. NTIA / CISA, software bill of materials (SBOM) guidance & minimum elements. 2021–25. Supply-chain transparency — §17 regulatory-pressure card. ntia.gov/SBOM — §17.
2. European Parliament & Council, Regulation (EU) 2024/1689 (AI Act). 2024. Disclosure and governance expectations for high-risk AI — §17 compliance trend (verify applicability to dev tooling in your jurisdiction). eur-lex.europa.eu — §17.
3. Stanford HAI, 2025 AI Index Report — Technical Performance chapter. 2025. Capability/cost curves for coding models — §17 local+edge models trend and §13 declining syntax memorisation. hai.stanford.edu/ai-index — §13, §17.

Author synthesis

1. Truong, L., Vibe Coding Strategy — personal working notes. May 2026. Original diagrams (FIG 1–6), VIBE framework, six-stage loop, skills matrix, anti-pattern cards, 30/60/90 roadmap, and team-OS practices. LinhTruong.com — all sections.