I would have not had “coding with vibes” on my dev career bingo card, yet here we are…
Using AI to write code is an incredible productivity unlock. For a developer like me, it means I can focus on conceptualizing new features for my project and asking AI to write the code that would otherwise be repetitive. And for non-developers, it means opening the door to building projects of their own.
There are problems with relying too heavily on AI for coding, such as it being inconsistent in the code it writes, being overly ambitious when trying to “help”, or just straight up producing bad code that doesn’t work. So to overcome these challenges, here are 5 tips you should consider on your vibing journey.
Verify everything
Code reviews are more important than ever. You should be checking everything that AI creates for you and you should completely understand everything that the code it writes does. Do not blindly accept what these tools write, it’s just asking for trouble down the road.
Use it to explain concepts
AI will inevitably write something you don’t completely understand, which provides a great opportunity to learn. Ask it to explain snippets of code so you can learn while you build. Here’s the trick though: you shouldn’t even trust it’s explanations.
AI’s will lie to you (although for some reason we call it “hallucinations”) and it will do so very confidently. Even if it’s explanation sounds trustworthy, try and find other sources to verify that, be it an online blog, forum, or even community of other developers.
Build with consistent patterns
You should understand the patterns and paradigms of any framework or language you are working with and try to steer your coding tools towards producing code that follows your preferences. For instance, I like using server actions over API routes with Next.js, and at the beginning of a project I constantly find myself reminding my tools to favor specific patterns I prefer. It eventually catches on, but not without a bit of coaxing.
I suspect that over time, tools that understand the entire codebase pick up on these patterns and start to apply them more consistently.
Use global rules if available
Building on my previous point, use rules to guide your tools to follow your preferences. My preferred coding AI is Windsurf, and it supports the concept of global rules to help guide its output. Here is a screenshot of my own rules in Windsurf:
Triple check security
It is absolutely vital that you understand the fundamentals of security when building web applications with AI. We’ve seen the stories of a founder building a product with AI that starts to get some traction, only for it to be hacked into using trivial methods.
The thing about security is that something will work if it’s insecure (arguably easier than if it is), so it’s not enough to just get the thing working. You need to understand how security is implemented in your project to ensure your users’ data is protected, and that the future of your project is safe from being hacked.
💬 Let me know if you'd like me to write a post about how I make sure my web apps are secure!
