# Building AI Applications
Source: https://vibecoderdocs.com/concepts/building-ai-applications
Best practices for building with AI APIs, prompt engineering, agent architectures, and AI-powered software.
# Building AI Applications
Building *with* AI tools is one thing. Building applications that *use* AI is another. This section covers the unique challenges, patterns, and pitfalls of AI-powered software.
This section is a work in progress. Content is being actively developed.
## Topics to Be Covered
* Choosing an AI provider and model
* API integration patterns
* Prompt engineering fundamentals
* Structured output and response parsing
* Streaming responses
* Token management and cost control
* Rate limiting and retry strategies
* Agent and tool-use architectures
* RAG (Retrieval-Augmented Generation)
* Evaluation and testing AI outputs
* User experience patterns for AI features
* Ethical considerations and responsible AI
# Data Theory
Source: https://vibecoderdocs.com/concepts/data-theory
How data works — types, structures, relationships, validation, and transformation.
# Data Theory
Software is fundamentally about transforming data. Understanding how data is structured, related, validated, and moved is the single most important concept in programming.
This section is a work in progress. Content is being actively developed.
## Topics to Be Covered
* Data types and why they matter
* Data structures (arrays, objects, maps, sets)
* Relationships between data (one-to-one, one-to-many, many-to-many)
* Data normalization and denormalization
* Schema design principles
* Data validation and sanitization
* Serialization formats (JSON, CSV, XML, Protocol Buffers)
* State management
* Data flow in applications
* Immutability and side effects
# Databases & Storage
Source: https://vibecoderdocs.com/concepts/databases-storage
Choosing the right database, data modeling, queries, migrations, and storage patterns.
# Databases & Storage
Every application needs to store data somewhere. The decisions you make about *where* and *how* have massive implications for performance, cost, and reliability.
This section is a work in progress. Content is being actively developed.
## Topics to Be Covered
* SQL vs NoSQL — when to use which
* Relational databases (PostgreSQL, MySQL, SQLite)
* Document databases (MongoDB, Firestore)
* Key-value stores (Redis, DynamoDB)
* Database design and data modeling
* Writing queries (SQL basics)
* Indexes and query performance
* Migrations and schema evolution
* ORMs vs raw queries
* Connection pooling and management
* Backups and data durability
* File and blob storage (S3, cloud storage)
* Caching strategies
# General IT
Source: https://vibecoderdocs.com/concepts/general-it
Foundational IT knowledge — networking, DNS, hosting, environments, and the infrastructure your code runs on.
# General IT
Your code doesn't run in a vacuum. It runs on servers, communicates over networks, and depends on infrastructure you might not see. Understanding these fundamentals prevents a whole class of "it works locally but not in production" problems.
This section is a work in progress. Content is being actively developed.
## Topics to Be Covered
* Networking fundamentals (IP addresses, ports, protocols)
* DNS — how domain names work
* HTTP/HTTPS and how the web works
* Hosting and deployment options
* Environments (local, staging, production)
* Environment variables and configuration
* Logging and monitoring basics
* CI/CD pipelines
* Version control with Git
# General Programming
Source: https://vibecoderdocs.com/concepts/general-programming
Core programming concepts, patterns, and practices that apply across languages and frameworks.
# General Programming
AI tools can write code for you, but they assume you understand certain fundamentals. When you don't, you end up with code that works but is fragile, slow, or impossible to maintain.
This section is a work in progress. Content is being actively developed.
## Topics to Be Covered
* Variables, types, and data structures
* Control flow and logic
* Functions and modularity
* Error handling patterns
* Code organization and project structure
* Naming conventions and readability
* DRY, KISS, and YAGNI principles
* Version control workflows
* Testing fundamentals
* Debugging strategies
* Package management and dependencies
* API design basics (REST, GraphQL)
# AI Security
Source: https://vibecoderdocs.com/concepts/security/ai
Prompt injection, data leakage, model security, and AI-specific attack vectors.
# AI Security
Building with AI introduces an entirely new category of security concerns. If your app sends user input to an LLM, you need to understand these threats.
This section is a work in progress. Content is being actively developed.
## Topics to Be Covered
* Prompt injection (direct and indirect)
* Data leakage through AI models
* System prompt extraction
* Tool use and agent security
* Rate limiting and cost attacks
* Output validation and safety
* Sensitive data in training and context
* Multi-tenant AI application security
* Responsible AI disclosure
# Application Security
Source: https://vibecoderdocs.com/concepts/security/application
Input validation, authentication, authorization, and protecting against common vulnerabilities.
# Application Security
The code you write is the first line of defense. Application security is about writing code that handles malicious input, enforces access controls, and doesn't leak sensitive data.
This section is a work in progress. Content is being actively developed.
## Topics to Be Covered
* The OWASP Top 10 (and what each one means in plain English)
* Input validation and sanitization
* SQL injection and how to prevent it
* Cross-Site Scripting (XSS)
* Cross-Site Request Forgery (CSRF)
* Authentication best practices
* Authorization and access control
* Secure session management
* Dependency vulnerabilities
* Error handling without leaking information
# Infrastructure Security
Source: https://vibecoderdocs.com/concepts/security/infra
Cloud configuration, access controls, secrets management, and network security.
# Infrastructure Security
Your application is only as secure as the infrastructure it runs on. Misconfigured cloud services are one of the most common causes of data breaches.
This section is a work in progress. Content is being actively developed.
## Topics to Be Covered
* Cloud provider security basics (AWS, GCP, Azure)
* IAM and access control principles (least privilege)
* Secrets management (environment variables, vaults, key management)
* Network security (firewalls, VPCs, security groups)
* SSL/TLS certificates
* Container and serverless security
* Infrastructure as Code security
* Backup and disaster recovery
# Localhost Security
Source: https://vibecoderdocs.com/concepts/security/localhost
Development machine security, local secrets, exposed ports, and dev environment hygiene.
# Localhost Security
Your development machine is a high-value target. It has access to your code, your credentials, your cloud accounts, and often production databases. Treating it casually is a security risk.
This section is a work in progress. Content is being actively developed.
## Topics to Be Covered
* Exposed ports and local services
* `.env` files and local secrets management
* SSH key management
* Browser extension risks
* npm/pip/package manager supply chain attacks
* Dev container and sandbox isolation
* Network exposure (coffee shop coding)
* AI tool permissions and access scope
* Git credential management
# Security Overview
Source: https://vibecoderdocs.com/concepts/security/overview
Why security matters for vibe coders, and an overview of the threat landscape.
# Security
Security isn't optional, and it's not something you bolt on at the end. Every decision you make while building software has security implications — and AI coding tools won't always warn you about them.
This section is a work in progress. Content is being actively developed.
## Why Vibe Coders Need to Care
When you build software with AI tools, you're still responsible for:
* **Your users' data** — if it leaks, that's on you
* **Your infrastructure costs** — an unsecured app can be exploited to run up cloud bills
* **Legal compliance** — regulations like GDPR, HIPAA, and SOC 2 don't care how you built your app
* **Your reputation** — one security incident can destroy trust
## The Four Pillars
We break security into four focused areas:
How to secure the systems your code runs on — cloud accounts, servers, networks, and secrets.
How to write code that doesn't have exploitable vulnerabilities — input validation, auth, and the OWASP Top 10.
Threats unique to AI-powered applications — prompt injection, data leakage, and model manipulation.
How to keep your development machine secure — exposed ports, local secrets, and dev environment hygiene.
## The #1 Mistake
The most common security mistake vibe coders make: **committing secrets to Git**.
API keys, database passwords, and tokens pushed to GitHub are scraped by bots within minutes. Use environment variables and `.gitignore`. Always.
# Concepts
Source: https://vibecoderdocs.com/get-started/concepts
Overview of all topics and concepts covered in Vibe Coder Docs.
# Concepts Overview
Vibe Coder Docs covers the foundational knowledge you need to build software that doesn't just work — it works *well*. Here's what we cover and why it matters.
Networking, DNS, hosting, environments, and the infrastructure your code runs on. If you don't understand what happens after "deploy," start here.
Infrastructure security, application security, AI-specific threats, and localhost safety. The stuff that keeps your users (and you) safe.
Core programming concepts, patterns, and practices that apply regardless of language or framework. The fundamentals that AI tools assume you know.
How data works — types, structures, relationships, validation, and transformation. Understanding data is understanding software.
Choosing the right database, data modeling, queries, migrations, and storage patterns. Where your data lives and how to manage it.
Best practices for building with AI APIs, prompt engineering, agent architectures, and the unique challenges of AI-powered software.
Each section is written to stand alone — you don't need to read them in order. Jump to whatever is most relevant to your current project.
# Introduction
Source: https://vibecoderdocs.com/get-started/introduction
What Vibe Coder Docs is, who made it, and why it exists.
# Welcome to Vibe Coder Docs
You're building software with AI. That's awesome. But AI coding tools are only as good as the decisions you make while using them.
Whether you're using Claude Code, Codex, Antigravity, or any other AI-powered development tool, you now have the power to create real applications, customize and deploy products, and build things that previously required years of engineering experience. That's incredible — but it's also easy to fall into traps. There are things you need to know that your AI assistant might not proactively tell you.
## What This Site Is
Vibe Coder Docs is a collection of engineering wisdom distilled for people who are building with AI coding tools. It covers the concepts, patterns, and pitfalls that traditionally take years of professional experience to learn.
This isn't a "learn to code" tutorial. It's the stuff that comes *after* your code works — the knowledge that separates "it runs on my machine" from "it's production-ready."
## Who This Is For
Product managers, designers, founders, and hobbyists using AI tools to build software for the first time.
Junior developers or career-switchers who want to fill gaps in their foundational knowledge.
AI coding assistants that need structured reference material to give better guidance.
Senior devs looking for a reference to share with teammates who are new to vibe coding.
## Why Trust This
This documentation is written by experienced software engineers who have:
* Shipped production systems at scale
* Mentored junior developers through exactly these knowledge gaps
* Used AI coding tools extensively and seen the common failure modes firsthand
Every recommendation here comes from real-world experience, not theory.
## Team
**Maintainer & Primary Contributor**
Principal Architect of AI & Agentic Applications at LiveRamp. With experience building petabyte scale data systems, collaboration software, and both high scale batch and realtime systems. Four patents in fault-tolerant big data processing, identity resolution, and cloud-native segmentation. Former Snowflake Customer Advisory Board member and Certified Executive Coach with years of experience mentoring engineers and engineering leaders at every level.
[LinkedIn](https://linkedin.com/in/jsduncan98)
Interested in contributing? We welcome engineers who want to help others avoid the pitfalls they've learned the hard way.
## How to Use This Site
1. **Start with [Quickstart](/get-started/quickstart)** to learn how to navigate and get the most out of these docs
2. **Browse [Concepts](/get-started/concepts)** for an overview of all topics covered
3. **Dive into specific sections** as you encounter challenges in your projects
# Quickstart
Source: https://vibecoderdocs.com/get-started/quickstart
How to navigate, search, and integrate these docs into your workflow.
# Quickstart
Get the most out of Vibe Coder Docs in under 5 minutes.
## Navigating the Docs
Use the sidebar to explore topics. Start with areas most relevant to what you're building right now.
Use the search bar (⌘K / Ctrl+K) to find specific topics, terms, or concepts.
Pages link to related concepts. Follow these connections to build a complete mental model.
## Where to Start
Not sure where to begin? Here's a guide based on what you're doing:
| If you're... | Start with |
| ----------------------- | -------------------------------------------------------------- |
| Building your first app | [General Programming](/concepts/general-programming) |
| Deploying something | [General IT](/concepts/general-it) |
| Worried about security | [Security Overview](/concepts/security/overview) |
| Working with a database | [Databases & Storage](/concepts/databases-storage) |
| Building with AI APIs | [Building AI Applications](/concepts/building-ai-applications) |
| Handling user data | [Data Theory](/concepts/data-theory) |
## Integrating with Your AI Coding Tool
These docs are designed to be consumed by both humans and AI agents. Here's how to get the most out of them with your AI tool:
### Point Your Agent Here
When starting a new project or encountering a topic covered in these docs, you can:
1. **Share a link** — Copy the URL of a relevant page and paste it into your AI chat
2. **Reference concepts** — Tell your AI assistant: *"Follow the guidance from Vibe Coder Docs on \[topic]"*
3. **Use as a checklist** — Before shipping, walk through the relevant sections with your AI to verify you haven't missed anything
### Add to Your Project Context
For tools that support project-level context (like Claude Code's `CLAUDE.md`), you can reference these docs:
```markdown theme={null}
# References
- Security practices: https://vibecoderdocs.com/concepts/security/overview
- Database guidance: https://vibecoderdocs.com/concepts/databases-storage
```
### Connect via MCP Server
This site automatically provides an MCP (Model Context Protocol) server that AI coding tools can connect to directly, giving your agent searchable access to all of our documentation.
```bash theme={null}
claude mcp add --transport http vibe-coder-docs https://vibecoderdocs.com/mcp
```
Verify it's connected:
```bash theme={null}
claude mcp list
```
Open the command palette (`Cmd+Shift+P` / `Ctrl+Shift+P`), search "Open MCP settings", and add:
```json theme={null}
{
"mcpServers": {
"vibe-coder-docs": {
"url": "https://vibecoderdocs.com/mcp"
}
}
}
```
Create or edit `.vscode/mcp.json` in your project:
```json theme={null}
{
"servers": {
"vibe-coder-docs": {
"type": "http",
"url": "https://vibecoderdocs.com/mcp"
}
}
}
```
### Use llms.txt for Direct Context
This site provides machine-readable documentation files that you can feed directly to any AI tool:
| File | URL | Use Case |
| --------------- | --------------------------------------------------------- | --------------------------------------------------------------------------- |
| `llms.txt` | [/llms.txt](https://vibecoderdocs.com/llms.txt) | Navigation index — lets AI tools discover what topics are available |
| `llms-full.txt` | [/llms-full.txt](https://vibecoderdocs.com/llms-full.txt) | Full content — all documentation in a single file for pasting into AI chats |
These files are generated and updated automatically whenever the docs change.
The best time to consult these docs is **before** you start building, not after something breaks. Prevention is cheaper than debugging.
# Skills & Agents
Source: https://vibecoderdocs.com/get-started/skills-and-agents
How to use agent skills to give your AI coding tools domain expertise from Vibe Coder Docs.
# Skills & Agents
AI coding tools are powerful, but they don't always have the right context for your project. **Agent Skills** solve this — they're portable packages of instructions, scripts, and resources that agents can discover and use to work more accurately.
## What Are Agent Skills?
Agent Skills are folders containing instructions (typically a `SKILL.md` file) that your AI coding tool can load on demand. They give agents:
* **Domain expertise** — specialized knowledge packaged as reusable instructions
* **New capabilities** — tasks like code review, security audits, or documentation generation
* **Repeatable workflows** — consistent, auditable multi-step processes
* **Interoperability** — the same skill works across different AI tools
Skills are supported by Claude Code, Cursor, VS Code Copilot, Codex, Goose, Roo Code, and many more.
## Our Skill Library
This project maintains a shared skill library at [`/skill-library`](https://github.com/shadowcodex/vibe-coder-docs/tree/main/skill-library) in the repo. These are general-purpose development skills that any project can use — not specific to Vibe Coder Docs.
To use a skill from the library, copy the skill folder into your project or reference it from your agent's configuration.
## Getting Started with Skills
Check out the [Agent Skills example library](https://github.com/anthropics/skills) for ready-to-use skills, or browse our own [`/skill-library`](https://github.com/shadowcodex/vibe-coder-docs/tree/main/skill-library).
Copy a skill folder into your project's `.skills/` directory (or wherever your agent looks for skills).
Most compatible agents will automatically discover skills in your project. When you start a task, the agent loads the relevant skill and follows its instructions.
## Learn More
The Agent Skills format is an open standard supported by a growing ecosystem of AI tools.
The official Agent Skills site — learn about the format, specification, and how to build your own skills.
Browse example skills on GitHub from Anthropic's open-source collection.
If you're building with AI coding tools, skills are one of the highest-leverage things you can set up. A good skill turns a generic AI assistant into a domain expert.