Michael Janzen

Bridging Art, Design, and Technology with a Maker's Mindset

Tag: vibe coding

  • Vibe Coding: The Future With Risk Attached

    Vibe Coding: The Future With Risk Attached

    TL;DR: Vibe coding can replace a 12-person agile team with just three people and AI. But the hidden risks could break your product.

    The Promise of Vibe Coding

    Vibe coding—the practice of building digital products by “orchestrating” AI systems rather than managing traditional agile pipelines—represents a fundamental shift in how digital products get built. Instead of writing exhaustive requirements, producing wireframes, or running weeks of sprint planning, small teams can jump straight to working software.

    For founders, the appeal is obvious. A startup that once required twelve or more specialists—product managers, designers, developers, QA testers—can now ship an MVP with just three highly adaptable professionals working alongside AI:

    • The Poly-Shaped Generalist – one person covering product, UX, design, QA, and business analysis.
    • The Full-Stack Validator – someone fluent in front- and back-end, capable of checking and hardening AI-generated code.
    • The AI/ML Specialist – a data scientist who can build multi-agent systems and tune models to fill gaps in capability.

    Together, this trio can produce what once took entire agile teams months to create. The speed and cost advantages are significant, but they introduce a structural fragility that leaders must not underestimate.

    The Hidden Risks of Shrinking the Team

    1. Quality Blind Spots
      AI accelerates coding but does not guarantee secure or optimized code. Without dedicated specialists in performance, accessibility, and security, critical flaws can slip by. For a startup racing to market, these flaws may not show until users are already onboard—making fixes expensive and damaging to reputation.
    2. Overconcentration of Skills
      A small team is nimble, but brittle. If even one person departs or falters, the project stalls. Agile’s larger teams deliberately built in redundancy—multiple developers, testers, and designers overlapping. Vibe coding trades away that safety net.
    3. The Cost vs. Time Tradeoff
      Traditional agile methods are slower and more expensive, but they distribute responsibility and catch issues early. Vibe coding saves time and payroll up front, but hidden flaws or rushed design decisions can result in costly rework later. What looks like savings today can become technical debt tomorrow.
    4. Cultural Backlash
      Just as professionals in other domains experience the grief cycle of job dissolutionAgile Symbiosis 6 x 9 v75 (2)The Human Side of Job Transform…, engineers and designers may resist vibe coding. For those steeped in the craft of their work, it can feel dismissive to let AI “auto-generate” what once took years of mastery. Without empathy and deliberate role redesign, organizations risk splitting into “orchestrators” who adapt quickly and “legacy professionals” who feel left behind.

    When Vibe Coding Fits—and When It Doesn’t

    Best Suited For:

    • Early-stage startups chasing speed to market.
    • Proof-of-concept or MVP builds where failure is affordable.
    • Cross-functional teams with broad, complementary skill sets.

    Risky For:

    • Heavily regulated industries (finance, healthcare, government).
    • Mid-to-large companies with legacy structures and compliance requirements.
    • Products requiring global scale, high reliability, or mission-critical security.

    The decision is less about whether vibe coding is “good” or “bad” and more about whether it aligns with the type of problem, company maturity, and risk tolerance at hand.

    A Balanced Path Forward

    Vibe coding should not be mistaken for a replacement of agile—it is an experimental branch of it. Traditional agile practices evolved to mitigate risk: structured ceremonies, testing pipelines, peer reviews. Vibe coding, by contrast, pushes for raw speed and minimal friction.

    The future is not a choice between the two, but a synthesis. Successful leaders will know when to unleash the speed of vibe coding—early ideation, market testing, low-stakes prototypes—and when to rely on agile’s guardrails for scalability, quality, and trust.

    The danger lies in going all-in on either extreme. Organizations locked into rigid agile ceremonies risk losing competitive ground, while those relying exclusively on vibe coding expose themselves to compounding quality and security failures. The opportunity lies in architecting a hybrid model that treats AI as a collaborator, not a shortcut.

    Closing Thoughts

    The potential of vibe coding is real and measurable: small, well-configured teams delivering outcomes that once required far larger headcount. But its risks are real: fragility, hidden flaws, and cultural resistance. To harness its potential responsibly, leaders must approach vibe coding with both optimism and caution—celebrating its speed while putting in place the safeguards that prevent brittleness.

    This perspective is drawn from concepts in my forthcoming book, Agile Symbiosis: The Rise of the Poly-Shaped Professional in the Era of AI, where I explore how small, AI-augmented teams can thrive when human ingenuity and machine execution are deliberately balanced.

  • Integrating Stripe and SendGrid APIs with Your Replit App

    Integrating Stripe and SendGrid APIs with Your Replit App

    TL;DR: Build your core app functionality using Replit’s built-in database, then integrate payment (Stripe) and email (SendGrid) APIs last. Configure both services through their dashboards, Store API keys securely as environment secrets, implement proper webhook handling, and follow service configuration and security best practices., with attention to service configuration and security best practices.

    If you first add a little foundation to your API knowledge, the pattern becomes easier to follow when working with an AI coding agent. Implementing external APIs requires active participation, even when you let the AI Agent write all the code.

    When I built RepeatList.app—a simple shopping list application—I wanted to add payment processing and email notifications to enhance the user experience. Here’s my approach to integrating Stripe and SendGrid APIs on Replit, and why I recommend saving these integrations for last.

    My API Integration Philosophy

    The approach that works for me is to build and test the core functionality first, then integrate APIs as the final step. It feels a little old-school, like building a three-tier application first and then plugging external microservices in later, but it lets me see a functioning app.

    Truthfully, when vibe-coding, it’s never a three-tier app; it’s an API-first app. Replit makes this approach easy because it provides a built-in database (Replit Database, which is key-value based) for development and testing, so there’s no need to set up a database API connection to an external service like Supabase or Firebase, which jumps you forward.

    APIs: Technical Fundamentals

    RESTful APIs (Representational State Transfer) are the most common type of web API. I chose them for my project because they’re widely supported, easy to implement, and work well with web applications. They use standard HTTP methods and are stateless, making them ideal for simple CRUD operations (Create, Read, Update, and Delete). Alternatives include GraphQL (great for flexible data fetching), SOAP (more rigid but with built-in standards), and WebSockets (for real-time, two-way communication).

    RESTful API Basics

    When vibe coding, the AI Agent does all the coding, and it’s easy to assume you don’t need application development experience. You need to know how to implement APIs at a high level because one of your roles is to make the API services available and configured. The following is a good foundation to begin:

    • Endpoints: Both Stripe and SendGrid provide specific URLs (endpoints) that our app sends requests to
    • API Keys: Authentication tokens that identify our application and grant access permissions
    • HTTP Methods: Our application will primarily use POST requests to trigger actions like payment processing or email sending
    • JSON Payloads: We’ll construct specific JSON objects containing the data needed for each API request. JSON uses human-readable text in a lightweight data format that stores and sends data objects. It looks like {“user”: “john”, “items”: [“milk”, “eggs”]} and is the standard format for most modern APIs.
    • Webhooks are crucial for Stripe integration—callbacks that notify our app when events occur. Think of webhooks as a way for one service (like Stripe) to tell your application that something has happened (like a successful payment) by making an HTTP request to a URL you specify.
    • Rate Limiting: Both APIs impose limits on request frequency
    • Error Handling: Add robust error handling for failure root cause analysis

    For my shopping list app, I needed two specific APIs:

    1. Stripe API: Handles payment processing to enable premium features (multiple shopping lists)
    2. SendGrid API: Manages email communications for account verification and notifications.

    Modern APIs abstract away complexity—you don’t need to understand payment processing or email delivery protocols to implement them. You just connect to the service that does those parts.

    Setting Up Stripe for Payments

    I use Stripe to enable my app’s premium feature, allowing users to make multiple master shopping lists. The free tier allows just one master list.

    Stripe Dashboard Setup:

    1. Create a Stripe Account: Sign up at stripe.com if you don’t already have an account.
    2. Configure Your Product:
      • Navigate to “Products” in the dashboard sidebar
      • Create a new product called “RepeatList Premium”.
      • Set up a recurring price
      • Save the product and note the price ID (you’ll need this later)
    3. Set Up Webhooks:
      • Go to “Developers > Webhooks” in the dashboard
      • Add an endpoint that points to your Replit app
      • Subscribe to the following events:
        • checkout.session.completed
        • customer.subscription.created
        • customer.subscription.deleted
      • Stripe will generate a signing secret for verifying webhook authenticity
    4. Get Your API Keys:
      • Go to “Developers > API keys”
      • You’ll need both the publishable key (for frontend) and secret key (for backend)
      • For development, use the test keys
      • Store these securely in your Replit environment secrets
    5. Configure Success/Cancel URLs:
      • These are the pages users will be redirected to after payment completion or cancellation.
      • Create these pages in your app before setting up the checkout flow

    When a user clicks to upgrade to premium, your app must create a Checkout Session with Stripe. After payment completes, Stripe will send a webhook notification to your app, and you can then update the user’s account status in your database to grant premium features.

    Implementing SendGrid for Emails

    For email functionality in my app, SendGrid handles account verification and shopping list reminders.

    SendGrid Dashboard Setup:

    1. Create a SendGrid Account:
      • Sign up at sendgrid.com and verify your account.
      • Complete domain authentication for better deliverability (this involves adding DNS records at your domain registrar)
      • For testing purposes, you can also use “Single Sender Verification,” which is simpler than full domain authentication
    2. Configure Sender Authentication:
      • Go to “Settings > Sender Authentication”
      • Authenticate a domain
      • Verify a sender identity, like a noreply email address
      • Complete the DNS verification steps
    3. Create Email Templates:
      • Navigate to “Email API > Dynamic Templates”
      • Create templates for:
        • Account verification emails
        • Password reset emails
        • Shopping list reminders
      • Use the drag-and-drop editor or HTML to design your emails
      • Add variables using the {{variable_name}} syntax for personalization
    4. Set Up API Access:
      • Go to “Settings > API Keys”
      • Create a new API key with appropriate permissions (typically “Mail Send” is sufficient for basic sending)
      • If implementing event tracking, you’ll also need “Event Webhook” permissions
      • Store this key securely in your Replit environment secrets
    5. Configure Event Webhooks (Optional):
      • Under “Settings > Mail Settings > Event Webhook”
      • Set up tracking for email opens, clicks, and bounces
      • This helps monitor engagement and deliverability issues

    When a user registers, your app will send a verification email using SendGrid’s API. Similarly, for reminder functionality, you’ll send emails to users based on their shopping list contents and reminder preferences.

    Integration Points in Your App

    Once you’ve set up both APIs in their respective dashboards, you’ll need to create several integration points in your application, the AI agent can handle the implementation of these steps:

    Stripe Integration Points:

    • An “Upgrade to Premium” button/page with pricing details
    • An endpoint in your app that initiates the Stripe checkout process
    • A webhook handler to process Stripe events
    • Success and cancellation pages for the payment flow
    • UI elements that adapt based on the user’s subscription status

    SendGrid Integration Points:

    • Registration flow that includes email verification
    • Account management pages for updating email preferences reminder scheduling system that triggers emails
    • Email template management (if you want to customize emails from your app)

    Security Considerations

    When working with payment and email APIs, security is paramount:

    • Environment Variables: Store all API keys as environment secrets in Replit
    • Webhook Verification: Validate Stripe webhook signatures to prevent fraudulent requests
    • Input Validation: Sanitize all user inputs before including them in API requests
    • Rate Limiting: Implement throttling to prevent abuse of your API endpoints
    • Error Handling: Handle API failures without exposing sensitive details

    Why This Approach Works

    Building the core functionality first allowed me to thoroughly test the application’s main features before adding complexity with API integrations. Replit’s built-in database made it easy to set up the app for the eventual API-powered features during development.

    When it came time to integrate the APIs, I already had a stable application and could focus solely on correctly implementing the payment processing and email notification systems.

    This approach minimizes debugging complexity and creates a more reliable final product. Plus, if an API changes or needs replacement in the future, the core functionality remains intact and well-tested.

    Remember, effective API integration is about more than just making the technical connection—it’s about creating a seamless experience for your users while maintaining security and reliability behind the scenes.

    Give Replit a try and let me know what you think.

    Visual created using ChatGPT + DALL·E by OpenAI

Privacy Policy - Terms and Conditions