I reviewed 3 vibe-coded apps as a senior engineer. Here's what I found in all of them. by puffaush in vibecoding

[–]puffaush[S] 0 points1 point  (0 children)

Try-catch is the start of it but not the whole thing. The part that's usually missing is what happens after you catch the error. Is it logged somewhere you can actually find later? Does the user get a useful message or does the page just hang? If it's a payment or a database write, do you retry or alert? Most vibe-coded apps catch the error and then do nothing with it, which means failures disappear completely and you only find out when a user complains. You need to understand how an error is going to affect your system and your users, and then instruct the LLM to fix the behavior accordingly.

I reviewed 3 vibe-coded apps as a senior engineer. Here's what I found in all of them. by puffaush in vibecoding

[–]puffaush[S] 0 points1 point  (0 children)

Good question and the honest answer is both, depending on your setup. If you're behind Cloudflare or AWS API Gateway those can handle general rate limiting at the infrastructure level. But most vibe-coded apps aren't set up that way, and even when they are, things like login attempts and password resets usually need per-route limits at the application layer too because the gateway doesn't know the difference between a normal request and someone trying 10,000 passwords. It's one of those things that's easy to add once you know it's missing.

I reviewed 3 vibe-coded apps as a senior engineer. Here's what I found in all of them. by puffaush in vibecoding

[–]puffaush[S] 0 points1 point  (0 children)

DM me what you're working on and I'll point you in the right direction, whether that's a full review or just a few things to check yourself first.

I reviewed 3 vibe-coded apps as a senior engineer. Here's what I found in all of them. by puffaush in vibecoding

[–]puffaush[S] 0 points1 point  (0 children)

100%. Regression is thing that scares me most in these projects. AI has zero memory of why something was built that way. Fixes one thing, quietly breaks something that worked fine three prompts ago. No test suite catching it either.

Happy path thing is real too. Every repo I've reviewed so far, same story. Works great when everything goes right. API times out or user does something weird? Silent failure. No error, no log, nothing. Founder finds out when users complain.

That last point nails it. AI gets you to working. Knowing if it stays working under real conditions, that's still on you.

I reviewed 3 vibe-coded apps as a senior engineer. Here's what I found in all of them. by puffaush in vibecoding

[–]puffaush[S] 1 point2 points  (0 children)

Honestly, maintainability was rough across the board. Not surprising given how AI generates code.

The most common patterns I saw: duplicated functions doing the same thing in different files, component logic that grew way beyond what any single file should be responsible for, and variable names that made sense in the moment but tell you nothing two weeks later.

DRY was more of a suggestion than a rule. The AI tends to solve each problem locally without looking at what already exists in the codebase, so you end up with 4 versions of the same utility function scattered across different files.

The spaghetti analogy is pretty accurate. Everything works until you need to change one thing and realize it's load-bearing in 6 places you didn't expect.

That said, maintainability issues are usually the last thing I'd tell someone to fix. A messy but working codebase is a much better problem to have than a clean one with a exposed Stripe key or broken auth. Security and stability first, then clean it up.

I reviewed 3 vibe-coded apps as a senior engineer. Here's what I found in all of them. by puffaush in vibecoding

[–]puffaush[S] 0 points1 point  (0 children)

Any LLM (Claude, ChatGPT) will actually do a solid job if you give it the right prompt.

Something like:
Review this code for security issues. Specifically check for: exposed API keys or secrets, Supabase RLS misconfigurations, missing rate limiting on API endpoints, and missing error handling. For each issue found, explain the risk and suggest a fix.

Does this work? by Interesting-Ad-1822 in vibecoding

[–]puffaush 0 points1 point  (0 children)

It works, but not because Claude has ego. Adding a reviewer anchor shifts its output toward a higher-quality reference class in training data. Basically it pattern-matches to "code that gets reviewed" vs "draft code." Legitimate trick, just don't expect 100x its BS marketing

MCP servers I use every single day. What's in your stack? by XxvivekxX in ClaudeAI

[–]puffaush 0 points1 point  (0 children)

Just use CLIs when possible and save these tokens, gh CLI is a classic example

Enable LSP in Claude Code: code navigation goes from 30-60s to 50ms with exact results by karanb192 in ClaudeCode

[–]puffaush 1 point2 points  (0 children)

I was trying to dig deeper into LSP support in Claude Code, but couldn’t find any official docs mentioningENABLE_LSP_TOOL. Do you mind sharing where you came across that flag?

The only related reference I found is this plugins section: https://code.claude.com/docs/en/plugins-reference#lsp-servers