We are not anti-AI. We are pro-discipline.
Vibe coding unlocks speed. Supervised vibe coding unlocks speed you can trust. The difference is a developer who remains the final decision-maker at every step, not a passive reviewer of whatever the model felt good about.
Supervised vibe coding is a development approach that combines AI-generated speed with deliberate human oversight, positioning the developer as the final decision-maker rather than a passive reviewer. It builds on Andrej Karpathy's 2025 concept of "vibe coding," which described fully delegating code generation to AI tools without reviewing the output.
The manifesto outlines ten guiding principles covering incremental delivery, test coverage, code review, prompt discipline, security, documentation, configuration management, CI/CD enforcement, ownership, and dependency auditing. A recurring theme is that AI accelerates execution but cannot replace developer judgment, accountability, or the ability to code independently.
The origin of vibe coding
On February 2, 2025, Andrej Karpathy, co-founder of OpenAI and former director of AI at Tesla, posted a short thought on X that would change how the software world talked about AI-assisted development.
"There's a new kind of coding I call 'vibe coding', where you fully give in to the vibes, embrace exponentials, and forget that the code even exists." Andrej Karpathy, X (formerly Twitter), February 2, 2025.
The post went viral, clocking over 4.5 million views. Karpathy described using tools like Cursor Composer paired with Anthropic's Claude models, sometimes via voice through SuperWhisper, barely touching his keyboard. He accepted all AI-generated changes without reviewing diffs, pasted error messages straight back to the model, and let the codebase grow organically, even beyond his own full comprehension.
The phrase struck a cultural nerve because it named something developers were already doing, just without a word for it. By end of 2025, Collins Dictionary named "vibe coding" its Word of the Year, with nearly half of all developers reporting daily use of AI coding tools.
Karpathy himself acknowledged the limits early. He noted that AI occasionally could not fix certain bugs, forcing him to work around them or prompt blindly until something stuck. He called it "quite amusing" and best suited for non-critical projects. That caveat got lost in the hype.
Now Supervised Vibe Coding formalizes what disciplined engineers were already practicing. Speed from AI. Judgment from humans.
The 10 laws
01
Ship in slices, not in floods
Build incrementally. Each iteration must be reviewable, testable, and deployable on its own. Human review is not optional; AI is a contributor, not a reviewer. If you cannot review it in one sitting, it is too large.
02
Tests are not a phase, they are a practice
Unit, integration, and edge case tests accompany every feature. AI may scaffold the test file. You verify every assertion nulls, empty inputs, boundary values, concurrency, and failure paths are caught at design time, not at incident time.
03
Read before you run
Understand every snippet before accepting it. Verify APIs exist, functions are not deprecated, and packages are not hallucinated. If you cannot explain what the code does and what it depends on, it is not ready to merge.
04
Prompt with intent, pin your model
Bad prompts produce bad code. Be explicit about language version, constraints, patterns, and security requirements in every prompt. Share prompt conventions with your team so AI behaviour is consistent across the codebase.
Model drift: Pin your model version in CI/CD the same way you pin a package version. An unversioned AI dependency is a silent breaking change waiting to happen. The same prompt can produce different outputs across model versions treat model upgrades like dependency upgrades: deliberate, tested, and reviewed.
05
Security, performance, and UX share equal priority
No feature is done if it leaks data, crawls under load, or confuses users. These are first-class requirements on every ticket. Never paste customer data, PII, credentials, or secrets into an AI tool. The prompt is not a sandbox it is a transmission.
06
Document as you go, not as you leave
AI accelerates writing code but accumulates invisible technical debt. Document decisions, assumptions, and AI-generated sections as part of the same commit. Future maintainers deserve to know what the code does and why it was written this way.
07
Configuration is code, treat it accordingly
Secrets, environment variables, timeouts, and feature flags are versioned, validated, and never hardcoded. The config is part of the contract. A misconfigured deploy is still a broken deploy, regardless of how clean the code looks.
08
The pipeline is the gatekeeper
Lint, test, security scan, and build gates must all pass before code reaches the next environment. Observability and logging ship with the feature, not after. If you cannot see what your code is doing in production, you do not own it yet.
09
You are the supervisor, not the spectator
Feature flags, rollback plans, canary deployments, and health checks turn every release into a controlled, reversible act. Decide upfront who owns the code when something breaks. AI does not get paged at 2 AM. Ownership must be explicit before the deploy, not after the incident.
Deskilling is a silent risk: Deliberately solve problems without AI on a regular basis. Write a function from scratch. Debug without asking the model. The judgment this manifesto depends on atrophies if you never exercise it. Supervised vibe coding requires a supervisor who can actually code.
10
Own the dependency list
Every package AI pulls in is your responsibility to audit, pin, and maintain. AI will confidently suggest outdated, vulnerable, or nonexistent packages. Review licenses for IP compliance. Disclose AI involvement to your team, your clients, and where required, your employer. The code carries your name, not the model's.
Top comments (0)