9 vibe coding mistakes that will cost you (and how to avoid them)

After shipping five-plus production Lovable apps and taking over a handful of others built by people who shouldn't have, the mistakes I see are extremely repetitive. They're not random. Almost every Lovable app that's quietly broken is broken in one of the same nine ways.

I'm not going to give you the fix for each one here — those are in the Field Guide, and a few of them are subtle enough that a one-line tip would do more harm than good. But I will tell you the shape of each mistake, because just being able to name it is most of the battle.

1. Starting to build before you've scoped

The most expensive mistake by a wide margin. You have a vague idea, you open Lovable, the AI cheerfully builds something. Two weeks later you realise you've built the wrong thing for the wrong user.

Vibe coding shifts the bottleneck from typing to thinking. Skip the thinking and the speed works against you.

2. No data model decision

People build screens. The screens imply a data model by accident. When that implied model turns out to be wrong (and it always does), you don't redesign the database; you redesign the whole app.

3. Treating row-level security as optional

This is the one that ends careers. Lovable connects your database directly to the browser. If you don't have proper rules in place, the interface is the only thing stopping a curious user from reading every other user's data.

The interface is not security. The database is security.

4. Building seventy screens before you build one core flow

The "70-app problem" applies inside a single app too. Vibe coding makes it so easy to add features that people add features before they've made the first feature actually work. Your v1 should be embarrassingly small.

5. Skipping the mobile pass

Over half your traffic is mobile. Looks fine in the desktop preview ≠ usable on a phone. Most beginner apps have at least one critical flow that's physically impossible to complete on a mobile screen, and nobody notices because nobody tested on one.

6. Stripe in test mode at launch

A specific, deeply expensive flavour of this: the Stripe integration works perfectly in test mode, the dev forgets to swap keys, and customers can "pay" with cards that don't exist. Or webhooks point at localhost. Or live mode is enabled but the webhook secret was never set. There are five or six versions of this failure and they all end with money leaking somewhere.

7. No staging environment

People test changes against production. Then a "tiny fix" deletes a column with real customer data in it. There's no way back unless you've set things up correctly in advance.

8. Trusting the AI to debug

When something breaks, beginners ask the AI to fix it. The AI confidently guesses. The fix sort-of-works but introduces a new bug. Two days later you have an app made of patches on patches and nobody knows what any of the code does.

There's a specific method for actually debugging vibe-coded apps — investigating first, asking the AI to diagnose rather than fix, and only then prompting for a change. The Field Guide has the exact wording I use.

9. Shipping without a pre-launch check

The interface is finished, the build is green, the urge to publish is intense. You skip the security check, the payments check, the mobile check, the SEO basics, the email setup, the backup verification. Each one is five minutes. Each one missed costs you days when it bites.

---

So those are the nine. The fixes are deliberately not in this article — because in most cases the "fix" is a specific prompt, a specific rule, or a specific checklist, and those are exactly what makes the Field Guide worth reading.

What the Field Guide gives you is: the rules for the data model, the row-level security playbook, the Stripe wiring flow, the debugging method, the pre-launch checklist (Appendix B), and Appendix A — the prompt library I run on every project. The mistakes don't have to be expensive if you skip them entirely.