← all posts

Two Truths and a Lie: Vibe Coding Edition

May 2026

I've been looking at "vibe coding" options for the better part of a year now. Started with Replit, dipped into VS Code with Copilot, tried Cursor, antigravity, and a few others whose names have either dropped development or been swallowed by bigger projects.

Vibe coding makes hard things easy — the allure is real. So are the pitfalls. Let's keep it light heading into the weekend. Two truths, one lie.

---

Truth №1: You're still the responsible party

You must manage the process, review the code, and understand the changes. When you're busy it's tempting to hit "Allow" — or worse, "Allow Always" — and call it a day. That doesn't change the fact that it's your PC, your workspace, your repo, and your prompts driving the model.

Hallucinations are real. Case in point: I wrapped up an Open Brain deployment for some home lab work and went to commit it. I was beat. Kept hitting allow without reading. Didn't realize until after the commit that the remote was pointed at the upstream OB repo — not my instance.

Vibe coding is not set-it-and-forget-it.

Truth №2: The 80/20 rule is real, and the last 20% will cost you

You'll get about 80% of the way there in your first couple passes with an AI partner. Problem is, that 80% is mostly assembling capabilities you or someone else already built.

My first pass project: visualize IPs and open ports on my home network. Day 1 returns were awesome — clean web UI, easy layout, quick visual of my network. Under the hood? A simple Python web server running Nmap commands. Doing what I'd been doing in Bash, just prettier.

Getting to what I actually wanted — the stuff Nmap can't do — took three weeks and a couple hundred bucks in subscriptions.

Vibe coding is not free.

The Lie: There's nothing we can do about it

"Early days, just hold on and let the innovation happen. That's how IT works."

None of that has to be true for you or your organization. One of the best options I've seen: a clearly written charter for AI coding sessions. Context. Ground rules. Standards. A simple `.md` file with guidelines like:

  • Show your work
  • Get permission before every action
  • No cleartext passwords
  • Standard file naming conventions

    • Tell your models — and your teams — what the guardrails are. Set a clear path for anyone who wants to push beyond them.

    ---

    *More on local-first AI tooling and how I'm running this stack: [atkatana.com/blog](https://atkatana.com/blog)*

    Built on a home lab, powered by local models, and owned by Andrew Katana.

    Built on a home lab, powered by local models, and owned by Andrew Katana.

    Connect on LinkedIn →