The trend is everywhere on the last weeks, people that roll up a cursor instance, tell it (or them?) to make a basic program, a bunch of code suddenly appears and after a few package installations the app runs and most probably it doesn't behave like expected.
They call it vibe coding -term under construction- and is supposed to do either of two things, mainly:
- speed up software developers
- bring no-coders into app spawning
Let's see how is the case for both scenarios. For this I experimented building 3 apps.
Landing Snakes
On the first one I asked the agent to build a landing page in vue.js v3 and to add a backed in python using flask.
The code always generates instantly and a brief description of what was done appears in the agent chat panel.
My next question was certainly how do I run it? And the agent started to issue commands that I can use to spin up the server and front-end. A few issues regarding missing packages on the way and after installing them the landing page was displayed correctly in my browser
After that I come back to the agent and asked to get a simple snake game added to the bottom of the site. For this I provided an example image of the snake game from the (g)old Nokia phone.
The image helped the agent to better understand my idea and to extract more info that I was not providing and not realizing it. Like the characteristics of an old/retro style and monochrome. Plus adding a score counting system and a message for game over state. The results came up instantly and the game was playable from the first run.
Finally I decided to add more participation to the backend and asked the agent to save and show the high-scores.
For this I switched to chat mode first, and requested suggestions to implement the scoring system. It presented a few alternatives and I took one that involved DB persistence. Simpler solutions were in the list but, at the end, it wasn't me who was implementing all of that so why not choosing a more elaborated implementation.
This app was surprisingly easy, almost nothing to correct having everything functional on the first shot.
I blamed me for choosing tools on which I am knowledgeable so I decided to explore more unknown terrains.
Unsafe Pipes
For the next project I choose Rust. Coming from a C++ background that I gained just for fun during my college days that is a language that I was looking to get into. For me it felt like the natural upgrade path. On top of that I have no idea about how to program in Rust, not even how to run a build command so this was a good choice.
The idea was to make a puzzle game similar to connecting pipes/pipe mania/pipe dream.
I started with a more detailed prompt and as expected I instantly got some code generated.
After some iterations the game was far from being playable. Serious bugs that prevented the game to even start.
But with all of that I noticed that, with each prompt, the project improved and it was getting there. In the meantime, I kept reading and trying the understand the code (again, with no previous exposure to Rust 'till this point) as much as I could.
After many intents I gave up. It will take too much to have this game in good shape.
MOV AND JMP like NOP one is watching. XOR like everyone is
For my 3rd program I decided to go even further on the lands of the unknowing. This time I asked the agent to write a simple encryption program..
.. in assembler.
After installing NASM for my assembler program I spend the next several iterations trying to make the program runnable, expecting to achieve a simple encryption operation at some point. But all I got was an ol' good segmentation fault message.
In opposition to the previous programs, were I can identify what was wrong in the code by reading a bit (vue + python) or at least by understanding the context of the functions and variables (Rust), here I was completely blind in the sense that all this code made no sense to me at all. Trying to debug it myself would be pointless.
So for that I relied on the agent to solve it. Every time that the program failed to run I asked the agent to look for it. Surprisingly it started to add debug messages and even guided me to use GDB.
At the end the agent made the program work and I managed to encrypt and decrypt a file using simple XOR encryption.
Finally it made a summary of the corrections it made to the initial program and it showed quick instructions on how to use it.
Did I thank the program for fixing the bugs? Yes, yes I did.
Final Thoughts
"Coding" this way was interesting and definitely helped me get some outputs on these new new tools. I believe the Rust game couldn't be completed because it was more complex than the other two and probably the idea of a pipe game is much more rare than a landing page or an xor file encryption, so the models might not have that much training on that area.
At first I will say that it helps on the learning process when faced with new technologies. Similarly when trying to learn a new national language, surrounding yourself with it in functional and guided contexts will speed up your adoption getting into new technologies more easily.
Yes, debugging is painful. It is no-brainer that trying to fix issues on the code at first is a heavy task. I think this is commonly the most criticized step due the contrast of instant machine code generation vs the slow human process of reading through and understanding it. But starting with a large existing project is something that we all faced everytime we joined a new company or when we were moved to a new project. We have to reserve time to learn the system before starting to be productive on it so in this scenario I see no much difference. As a recommendation tell the agent to add debugging statements to help to tackle issues along the way.
Agents can help understanding the codebase. Linked to the previous point (the biggest turn-off for many) I believe this could be the biggest benefit. Code is many more times read rather than written -although this might change with the adoption of this tools- so agents play an important role on easing the way for getting the developers confident into projects that they are not familiar with. Or when time passes and you have to revisit that module just to add a few changes to it. A question that comes to my mind is if having proper comments would help the agent in this task.
Security was completely overlooked. Unless explicitly asked for, it won't be included. I understand when creating a new PoC you just want to test the waters before committing to a solution. But when working with an existing project things like not authenticating your auto-generated new endpoint is something that will come back and bite you in the arse.
Now, imagine all these generated vibe-coded apps eventually making it to production. What a great time to get into cybersecurity.
All in all I say this is a must-try trend.
Stay relevant
