Your vibe coding checklist
This checklist will answer your question: "Where do I start?". Created for vibe coders by a old fashioned coder, who is digging his own grave...
Many thanks to @NicolasZu, this checklist was based on his original GitHub repository.
Vibe coding
noun (slang)A way of life, defined by lazy people who like to tell the computer what to do, instead of doing it themselves.
"With vibe coding, my job's 10% coding, 90% telling the AI what it did wrong."
Step 1: Setup environment
To start with vibe coding, you need two essential tools: Cursor with Claude Sonnet 3.7 Thinking and Grok 3 Thinking. These will assist in planning and implementing your project.
Important: Plan everything carefully. Letting the AI plan autonomously can lead to a disorganized mess. Take your time to think through your project for a solid outcome.
- Take your project idea and use Grok to generate an initial project requirements document in Markdown format (project-requirements.md).
- *It doesn’t need to be perfect; the goal is to give the AI context about your project.
- Review and refine the document to align with your project’s goals and structure, ensuring the AI understands your intent.
Step 2: Define project requirements and tech stack
Outline your project’s requirements clearly and let Grok recommend a suitable tech stack. Then, set up coding rules for Cursor to maintain consistency and efficiency.
- Ask Grok to suggest the simplest, most reliable tech stack based on your requirements you generated earlier. Also save this as .md file (tech-stack.md)
- *Encourage Grok to prioritize straightforward, robust technologies.
- Download the PDF version of Cursor rules for AI.
- *Right-click -> Print -> Save as PDF.
- Upload the PDF to Grok and prompt it to write 6-10 coding rules for Cursor, as if it’s a senior developer specializing in your tech stack.
- *Ensure one rule mandates modularity (splitting code into multiple files) to avoid a single, unwieldy file.
Step 3: Create implementation plan
Have Grok produce a detailed, step-by-step plan to guide your project’s implementation.
- Provide Grok with:
- The project requirements document (project-requirements.md)
- The tech stack recommendations (tech-stack.md)
- The Cursor rules
- Ask Grok to generate an implementation plan in Markdown (.md) format (implementation-plan.md), including:
- Small, focused steps
- A simple test for each step to verify it works
- A focus on core functionality first (additional features come later)
Step 4: Set up memory bank
AI struggles to track its own changes, so create a folder with markdown files to organize project details and progress.
- Create a new folder for your project (e.g., my-project-name).
- Open the folder in Cursor.
- Inside the folder, create a subfolder called memory-bank.
- Add these files to memory-bank:
- project-requirements.md
- tech-stack.md
- implementation-plan.md
- progress.md (to track completed steps)
- architecture.md (to document the purpose and structure of project files)
Step 5: Configure Cursor rules
Apply the coding rules from Grok to Cursor to enforce best practices throughout development.
- In Cursor, press Cmd + Shift + P, type "rules", and hit Enter.
- Paste the coding rules generated by Grok from Step 2 into Cursor’s rules configuration.
Step 6: Ensure clarity in implementation plan
Review and refine the implementation plan with Claude Sonnet 3.7 Thinking to eliminate ambiguity.
- Select Claude Sonnet 3.7 Thinking in Cursor.
- Prompt: "Read all documents in /memory-bank. Is implementation-plan.md clear? What questions do you have to make it 100% clear?"
- Answer any questions the AI raises to clarify the plan.
- Prompt the AI to update implementation-plan.md based on your answers for improved clarity.
Step 7: Implement the project
Start building your project step by step using Claude Sonnet 3.7 Thinking in Cursor.
- Select Claude Sonnet 3.7 Thinking in Cursor.
- Prompt: "Read all documents in /memory-bank and proceed with Step 1 of the implementation plan. I will run the tests. Do not start Step 2 until I validate the tests."
- After completing Step 1, validate the tests yourself.
- If tests pass, prompt the AI to document the work in progress.md and update architecture.md with any new insights.
- Commit your changes to Git.
- For each subsequent step:
- Start a new composer (Cmd + N, Cmd + I).
- Prompt: "Read progress.md to understand prior work, then proceed with the next step. Do not start the following step until I validate the test."
- Repeat until the implementation plan is fully executed.
*If unfamiliair ask Grok
Step 8: Add features and details
With the core project complete, enhance it by adding new features and refining details.
- For each new feature, create a feature-implementation.md file with small steps and tests.
- Implement the feature step by step, validating each test before proceeding.
- Update progress.md and architecture.md as needed.
Step 9: Debug and resolve issues
Address bugs and challenges using specialized tools and strategies.
- If a prompt fails or disrupts the project, use Cursor’s “restore” feature and adjust your prompt.
- For errors:
- Open the console (F12), copy the error, and paste it into Cursor.
- For visual issues, include a screenshot.
- Or use BrowserTools to automate error reporting.
- If stuck, revert to the last Git commit and try a different approach.
Step 10: Share your project
Share your finished project with the community and connect with others.
- Commit your final code to GitHub.
- Share your project on X (Twitter) with relevant hashtags.
- Join community discussions on platforms like Discord or forums.
Step 11: Watch out for these mistakes
As a post from @leojr94_ went viral, it showed the dangers of vibe coding. Avoid these common mistakes to protect your project and data.
- Hardcoding sensitive data: Don’t embed API keys or secrets directly in your code. Use environment variables instead.
- Unprotected APIs: Ensure all API endpoints require authentication and authorization to prevent unauthorized access.
- Ignoring input validation: Failing to sanitize user inputs can lead to injection attacks (e.g., SQL injection). Use parameterized queries or validation libraries.
- Misconfigured CORS: For web projects, set CORS to allow only trusted domains, not all origins (*).
- No HTTPS: If your project is web-based, ensure it uses HTTPS to protect data in transit.
- Skipping reviews: Before sharing, use Grok to review your code. Prompt: "Check my project for common security mistakes and suggest fixes."