From bf8c8eee0cc59f28297f7b2695ac8084c4c13819 Mon Sep 17 00:00:00 2001 From: "tina-cloud-app[bot]" <58178390+tina-cloud-app[bot]@users.noreply.github.com> Date: Fri, 9 Jan 2026 02:19:16 +0000 Subject: [PATCH 01/12] TinaCMS content update Co-authored-by: Mike --- .../rules/guardrails-for-vibe-coding/rule.mdx | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 public/uploads/rules/guardrails-for-vibe-coding/rule.mdx diff --git a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx new file mode 100644 index 0000000000..ada6c619a8 --- /dev/null +++ b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx @@ -0,0 +1,14 @@ +--- +title: Do you use guardrails when vibe coding with AI? +uri: guardrails-for-vibe-coding +guid: b0020e91-f3ba-476c-9c60-8f41fb2f8c9b +created: 2026-01-09T02:12:09.009Z +createdBy: Mike +createdByEmail: michaelsmedley@ssw.com.au +--- + +Intro + + + +Body From 10f5f941fc751fbba7772f4b837efe8c3d9f6b59 Mon Sep 17 00:00:00 2001 From: "tina-cloud-app[bot]" <58178390+tina-cloud-app[bot]@users.noreply.github.com> Date: Fri, 9 Jan 2026 02:31:38 +0000 Subject: [PATCH 02/12] TinaCMS content update Co-authored-by: Mike --- .../rules-to-better-ai-development.mdx | 71 ++++++++++--------- 1 file changed, 37 insertions(+), 34 deletions(-) diff --git a/categories/artificial-intelligence/rules-to-better-ai-development.mdx b/categories/artificial-intelligence/rules-to-better-ai-development.mdx index 1953f96836..6d5295cefa 100644 --- a/categories/artificial-intelligence/rules-to-better-ai-development.mdx +++ b/categories/artificial-intelligence/rules-to-better-ai-development.mdx @@ -1,44 +1,47 @@ --- -_template: category type: category title: Rules to Better AI Development -guid: f4727885-bcb3-4117-8df6-23c7809d6bce uri: rules-to-better-ai-development -consulting: https://www.ssw.com.au/consulting/artificial-intelligence +guid: f4727885-bcb3-4117-8df6-23c7809d6bce +consulting: 'https://www.ssw.com.au/consulting/artificial-intelligence' index: -- rule: public/uploads/rules/ai-assisted-development-workflow/rule.mdx -- rule: public/uploads/rules/start-vibe-coding-best-practices/rule.mdx -- rule: public/uploads/rules/use-github-copilot-cli-secure-environment/rule.mdx -- rule: public/uploads/rules/ai-assisted-desktop-pr-preview/rule.mdx -- rule: public/uploads/rules/github-copilot-chat-modes/rule.mdx -- rule: public/uploads/rules/create-gpts/rule.mdx -- rule: public/uploads/rules/train-gpt/rule.mdx -- rule: public/uploads/rules/use-system-prompt/rule.mdx -- rule: public/uploads/rules/agentic-ai/rule.mdx -- rule: public/uploads/rules/low-code-and-ai/rule.mdx -- rule: public/uploads/rules/use-semantic-kernel/rule.mdx -- rule: public/uploads/rules/evaluate-slms-vs-azure-cloud-llms/rule.mdx -- rule: public/uploads/rules/choosing-large-language-models/rule.mdx -- rule: public/uploads/rules/write-integration-tests-for-llm-prompts/rule.mdx -- rule: public/uploads/rules/website-chatbot/rule.mdx -- rule: public/uploads/rules/leverage-chatgpt/rule.mdx -- rule: public/uploads/rules/embed-ui-into-an-ai-chat/rule.mdx -- rule: public/uploads/rules/use-embeddings/rule.mdx -- rule: public/uploads/rules/best-ai-powered-ide/rule.mdx -- rule: public/uploads/rules/ai-for-prototype-development/rule.mdx -- rule: public/uploads/rules/build-hallucination-proof-ai-assistants/rule.mdx -- rule: public/uploads/rules/avoid-ai-hallucinations/rule.mdx -- rule: public/uploads/rules/make-your-website-llm-friendly/rule.mdx -- rule: public/uploads/rules/dataverse-ai-options/rule.mdx -- rule: public/uploads/rules/keep-task-summaries-from-ai-assisted-development/rule.mdx -- rule: public/uploads/rules/attribute-ai-assisted-commits-with-co-authors/rule.mdx -- rule: public/uploads/rules/ai-assistants-work-in-repository-directory/rule.mdx -lastUpdated: 2025-12-01T01:23:46.000Z -lastUpdatedBy: Baba Kamyljanov [SSW] -lastUpdatedByEmail: babakamyljanov@ssw.com.au + - rule: public/uploads/rules/ai-assisted-development-workflow/rule.mdx + - rule: public/uploads/rules/start-vibe-coding-best-practices/rule.mdx + - rule: public/uploads/rules/use-github-copilot-cli-secure-environment/rule.mdx + - rule: public/uploads/rules/ai-assisted-desktop-pr-preview/rule.mdx + - rule: public/uploads/rules/github-copilot-chat-modes/rule.mdx + - rule: public/uploads/rules/create-gpts/rule.mdx + - rule: public/uploads/rules/train-gpt/rule.mdx + - rule: public/uploads/rules/use-system-prompt/rule.mdx + - rule: public/uploads/rules/agentic-ai/rule.mdx + - rule: public/uploads/rules/low-code-and-ai/rule.mdx + - rule: public/uploads/rules/use-semantic-kernel/rule.mdx + - rule: public/uploads/rules/evaluate-slms-vs-azure-cloud-llms/rule.mdx + - rule: public/uploads/rules/choosing-large-language-models/rule.mdx + - rule: public/uploads/rules/write-integration-tests-for-llm-prompts/rule.mdx + - rule: public/uploads/rules/website-chatbot/rule.mdx + - rule: public/uploads/rules/leverage-chatgpt/rule.mdx + - rule: public/uploads/rules/embed-ui-into-an-ai-chat/rule.mdx + - rule: public/uploads/rules/use-embeddings/rule.mdx + - rule: public/uploads/rules/best-ai-powered-ide/rule.mdx + - rule: public/uploads/rules/ai-for-prototype-development/rule.mdx + - rule: public/uploads/rules/build-hallucination-proof-ai-assistants/rule.mdx + - rule: public/uploads/rules/avoid-ai-hallucinations/rule.mdx + - rule: public/uploads/rules/make-your-website-llm-friendly/rule.mdx + - rule: public/uploads/rules/dataverse-ai-options/rule.mdx + - rule: >- + public/uploads/rules/keep-task-summaries-from-ai-assisted-development/rule.mdx + - rule: >- + public/uploads/rules/attribute-ai-assisted-commits-with-co-authors/rule.mdx + - rule: public/uploads/rules/ai-assistants-work-in-repository-directory/rule.mdx + - rule: public/uploads/rules/guardrails-for-vibe-coding/rule.mdx created: 2024-08-26T22:47:01.000Z -createdBy: Tiago Araújo [SSW] +createdBy: 'Tiago Araújo [SSW]' createdByEmail: tiagov8@gmail.com +lastUpdated: 2025-12-01T01:23:46.000Z +lastUpdatedBy: 'Baba Kamyljanov [SSW]' +lastUpdatedByEmail: babakamyljanov@ssw.com.au +_template: category --- Want to revolutionize your business with AI? Check [SSW's Artificial Intelligence and Machine Learning consulting page](https://www.ssw.com.au/consulting/artificial-intelligence). From b206119ed14fe6d91f12a96ba75ff468b341456d Mon Sep 17 00:00:00 2001 From: "tina-cloud-app[bot]" <58178390+tina-cloud-app[bot]@users.noreply.github.com> Date: Fri, 9 Jan 2026 02:31:40 +0000 Subject: [PATCH 03/12] TinaCMS content update Co-authored-by: Mike --- public/uploads/rules/guardrails-for-vibe-coding/rule.mdx | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx index ada6c619a8..257415d221 100644 --- a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx +++ b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx @@ -1,10 +1,15 @@ --- title: Do you use guardrails when vibe coding with AI? uri: guardrails-for-vibe-coding +categories: + - category: categories/artificial-intelligence/rules-to-better-ai-development.mdx guid: b0020e91-f3ba-476c-9c60-8f41fb2f8c9b created: 2026-01-09T02:12:09.009Z createdBy: Mike createdByEmail: michaelsmedley@ssw.com.au +lastUpdated: 2026-01-09T02:31:39.606Z +lastUpdatedBy: Mike +lastUpdatedByEmail: michaelsmedley@ssw.com.au --- Intro From fda339dac34bfb095621e4aefeee2716190d6e25 Mon Sep 17 00:00:00 2001 From: "tina-cloud-app[bot]" <58178390+tina-cloud-app[bot]@users.noreply.github.com> Date: Fri, 9 Jan 2026 02:33:57 +0000 Subject: [PATCH 04/12] TinaCMS content update Co-authored-by: Mike --- public/uploads/rules/guardrails-for-vibe-coding/rule.mdx | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx index 257415d221..bc30dff930 100644 --- a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx +++ b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx @@ -3,11 +3,15 @@ title: Do you use guardrails when vibe coding with AI? uri: guardrails-for-vibe-coding categories: - category: categories/artificial-intelligence/rules-to-better-ai-development.mdx +sidebarVideo: 'https://youtu.be/kDS5pwelhNM?si=vY4zRPByRWgTkfDz' +authors: + - title: Michael Smedley + url: 'https://www.ssw.com.au/people/michael-smedley/' guid: b0020e91-f3ba-476c-9c60-8f41fb2f8c9b created: 2026-01-09T02:12:09.009Z createdBy: Mike createdByEmail: michaelsmedley@ssw.com.au -lastUpdated: 2026-01-09T02:31:39.606Z +lastUpdated: 2026-01-09T02:33:56.709Z lastUpdatedBy: Mike lastUpdatedByEmail: michaelsmedley@ssw.com.au --- From 78d779ffb57d92c6b064dea0a34330eb29ef4885 Mon Sep 17 00:00:00 2001 From: "tina-cloud-app[bot]" <58178390+tina-cloud-app[bot]@users.noreply.github.com> Date: Fri, 9 Jan 2026 02:35:17 +0000 Subject: [PATCH 05/12] TinaCMS content update Co-authored-by: Mike --- public/uploads/rules/guardrails-for-vibe-coding/rule.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx index bc30dff930..7041165c81 100644 --- a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx +++ b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx @@ -7,11 +7,13 @@ sidebarVideo: 'https://youtu.be/kDS5pwelhNM?si=vY4zRPByRWgTkfDz' authors: - title: Michael Smedley url: 'https://www.ssw.com.au/people/michael-smedley/' +related: + - rule: public/uploads/rules/chatgpt-can-help-code/rule.mdx guid: b0020e91-f3ba-476c-9c60-8f41fb2f8c9b created: 2026-01-09T02:12:09.009Z createdBy: Mike createdByEmail: michaelsmedley@ssw.com.au -lastUpdated: 2026-01-09T02:33:56.709Z +lastUpdated: 2026-01-09T02:35:16.414Z lastUpdatedBy: Mike lastUpdatedByEmail: michaelsmedley@ssw.com.au --- From 50cb17f4ab1e592ddb7da66de9de56a88ab6a79d Mon Sep 17 00:00:00 2001 From: "tina-cloud-app[bot]" <58178390+tina-cloud-app[bot]@users.noreply.github.com> Date: Fri, 9 Jan 2026 02:44:14 +0000 Subject: [PATCH 06/12] TinaCMS content update Co-authored-by: Mike --- .../rules/guardrails-for-vibe-coding/rule.mdx | 173 +++++++++++++++++- 1 file changed, 170 insertions(+), 3 deletions(-) diff --git a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx index 7041165c81..9a182cfd0e 100644 --- a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx +++ b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx @@ -10,16 +10,183 @@ authors: related: - rule: public/uploads/rules/chatgpt-can-help-code/rule.mdx guid: b0020e91-f3ba-476c-9c60-8f41fb2f8c9b +seoDescription: >- + Vibe coding can be fast, but risky. Use guardrails—clear prompts, small + iterations, tests, reviews, and security checks—to ship reliable AI-assisted + code. created: 2026-01-09T02:12:09.009Z createdBy: Mike createdByEmail: michaelsmedley@ssw.com.au -lastUpdated: 2026-01-09T02:35:16.414Z +lastUpdated: 2026-01-09T02:44:13.307Z lastUpdatedBy: Mike lastUpdatedByEmail: michaelsmedley@ssw.com.au --- -Intro +You’re in the zone: the AI is pumping out code, you’re copy-pasting at light speed, and everything \*seems\* to work… until a weird edge case hits production, a security scanner lights up, or your team can’t explain the “magic” function anyone merged last week. + +Vibe coding is awesome—\*\*as long as you add guardrails -Body +What “vibe coding” is (and what it is not) + +Vibe coding is using an LLM as a high-velocity pair programmer: drafting code, tests, docs, and refactors while you stay focused on the intent. + +#### It is not: + +* Shipping code you don’t understand +* Bypassing reviews because “the AI wrote it” +* Letting generated code set your architecture, security posture, or licensing risk + +### Guardrail #1: Write a micro-spec before you generate code + +Treat your prompt like instructions to a junior dev. Include: + +* **Goal**(what success looks like) +* **Inputs/outputs** +* **Constraints** (libraries to use/avoid, performance needs, style rules) +* **Edge cases** +* **Acceptance tests **(even just a few bullets) + +```plaintext +“Build me an endpoint to update a user profile.” +``` + + + “Build me an endpoint to update a user profile.” + } + figurePrefix="good" + figure="Good prompt" + style="greybox" +/> + +\::: bad + +Figure: Bad Example - Vague prompt = unpredictable output (missing constraints, validation rules, and error handling expectations) + +\::: + +\::: greybox + +You are a senior developer. Implement \`PUT /users/{id}\`. + +Requirements: + +\- Validate: \`displayName\` (1-50 chars), \`email\` (valid format), reject unknown fields + +\- Use existing \`UserService.UpdateUserAsync(id, dto)\` + +\- Return: 200 with updated DTO, 400 with validation errors, 404 if not found + +\- No new dependencies + +\- Add unit tests for: happy path, invalid email, missing user, unknown fields + +\::: + +\::: good + +Figure: Good Example - A micro-spec guides the AI toward code that fits your system and is easier to verify + +\::: + +\## Guardrail #2: Keep changes small and iterative + +Avoid “generate the whole feature.” Instead: + +1\. Generate a thin slice (a single function, class, or endpoint) + +2\. Compile/run tests + +3\. Ask for improvements (error handling, edge cases, performance) + +4\. Repeat + +This reduces hallucinations and makes review manageable. + +\## Guardrail #3: You own the code—prove it with tests and explanations + +\### Always add (or generate) tests immediately + +AI is great at drafting tests, but you still need to validate assumptions: + +\- Add tests \*\*before\*\* trusting the implementation + +\- Include edge cases and negative tests + +\- Prefer deterministic tests over “it seems fine” + +\### Code review is non-negotiable + +AI-generated code must go through the same (or higher) scrutiny as any other change: + +\- Peer review every meaningful chunk + +\- Ask the author to explain the logic during review + +\- If the author can’t explain it, \*\*rewrite it\*\* + +\## Guardrail #4: Don’t create security or compliance debt + +\### Keep sensitive data out of prompts + +\- Never paste secrets, credentials, private keys, or customer PII + +\- If you need context, \*\*sanitize\*\* or \*\*anonymize\*\* + +\### Run security checks in CI + +Use your normal safety net (linters, static analysis, secret scanning). Treat AI output as “untrusted input” until checked. + +\### Watch licensing and “copy-like” code + +AI can sometimes produce code that resembles open-source snippets: + +\- Avoid prompts like “copy the implementation of X from Y” + +\- Prefer “implement behavior” prompts + +\- If a snippet looks suspiciously polished or familiar, replace it with your own implementation or verify licensing before use + +\## Guardrail #5: Leave breadcrumbs for maintainers + +Generated code becomes technical debt when nobody knows \*why\* it exists. + +Do this instead: + +\- Note AI assistance in the PR description (and link the prompt if helpful) + +\- Document non-obvious decisions and assumptions + +\- Ensure code matches your team’s patterns and standards (refactor immediately if it doesn’t) + +\### Bonus: Give the AI your standards + +Create a lightweight repo guide (e.g. \`copilot-instructions.md\`) with: + +\- Architecture overview + +\- Naming conventions + +\- Testing patterns + +\- Logging/exception handling rules + +\- Security requirements + +\## Vibe coding checklist + +Before merge, you should be able to say “yes” to all of these: + +\- \[ ] I can explain the code without the AI + +\- \[ ] The change is small and easy to review + +\- \[ ] Tests exist and cover edge cases + +\- \[ ] Security checks pass (and no secrets were shared) + +\- \[ ] Licensing risk is considered for any “too-perfect” snippet + +\- \[ ] Documentation/PR notes capture the intent and constraints From af483bdb1c3e21ac56946481cd61b3c8b5fbe3e6 Mon Sep 17 00:00:00 2001 From: "tina-cloud-app[bot]" <58178390+tina-cloud-app[bot]@users.noreply.github.com> Date: Fri, 9 Jan 2026 06:19:51 +0000 Subject: [PATCH 07/12] TinaCMS content update Co-authored-by: Mike --- .../rules/guardrails-for-vibe-coding/rule.mdx | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx index 9a182cfd0e..ff5b3f7b74 100644 --- a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx +++ b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx @@ -17,50 +17,52 @@ seoDescription: >- created: 2026-01-09T02:12:09.009Z createdBy: Mike createdByEmail: michaelsmedley@ssw.com.au -lastUpdated: 2026-01-09T02:44:13.307Z +lastUpdated: 2026-01-09T06:19:49.451Z lastUpdatedBy: Mike lastUpdatedByEmail: michaelsmedley@ssw.com.au --- You’re in the zone: the AI is pumping out code, you’re copy-pasting at light speed, and everything \*seems\* to work… until a weird edge case hits production, a security scanner lights up, or your team can’t explain the “magic” function anyone merged last week. -Vibe coding is awesome—\*\*as long as you add guardrails +Vibe coding is awesome—\*\*as long as you add guardrails\*\*. - + -What “vibe coding” is (and what it is not) +### What “vibe coding” is (and what it is not) Vibe coding is using an LLM as a high-velocity pair programmer: drafting code, tests, docs, and refactors while you stay focused on the intent. -#### It is not: +It is not: * Shipping code you don’t understand * Bypassing reviews because “the AI wrote it” * Letting generated code set your architecture, security posture, or licensing risk -### Guardrail #1: Write a micro-spec before you generate code +#### Guardrail #1: Write a micro-spec before you generate code Treat your prompt like instructions to a junior dev. Include: -* **Goal**(what success looks like) -* **Inputs/outputs** -* **Constraints** (libraries to use/avoid, performance needs, style rules) -* **Edge cases** -* **Acceptance tests **(even just a few bullets) - -```plaintext -“Build me an endpoint to update a user profile.” -``` +* Goal (what success looks like) +* Inputs/outputs +* Constraints (libraries to use/avoid, performance needs, style rules) +* Edge cases +* Acceptance tests (even just a few bullets) “Build me an endpoint to update a user profile.” } - figurePrefix="good" - figure="Good prompt" + figurePrefix="bad" + figure="Figure: Bad Example - Vague prompt = unpredictable output (missing constraints, validation rules, and error handling expectations)" style="greybox" /> +\::: greybox + +“Build me an endpoint to update a user profile.” + +\::: + \::: bad Figure: Bad Example - Vague prompt = unpredictable output (missing constraints, validation rules, and error handling expectations) From cbb667c374c2c74f4d2986dd215de9b04dbf9858 Mon Sep 17 00:00:00 2001 From: "tina-cloud-app[bot]" <58178390+tina-cloud-app[bot]@users.noreply.github.com> Date: Fri, 9 Jan 2026 06:22:34 +0000 Subject: [PATCH 08/12] TinaCMS content update Co-authored-by: Mike --- .../rules/guardrails-for-vibe-coding/rule.mdx | 29 +++++++++++-------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx index ff5b3f7b74..e247e6774e 100644 --- a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx +++ b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx @@ -17,7 +17,7 @@ seoDescription: >- created: 2026-01-09T02:12:09.009Z createdBy: Mike createdByEmail: michaelsmedley@ssw.com.au -lastUpdated: 2026-01-09T06:19:49.451Z +lastUpdated: 2026-01-09T06:22:32.937Z lastUpdatedBy: Mike lastUpdatedByEmail: michaelsmedley@ssw.com.au --- @@ -57,17 +57,22 @@ Treat your prompt like instructions to a junior dev. Include: style="greybox" /> -\::: greybox - -“Build me an endpoint to update a user profile.” - -\::: - -\::: bad - -Figure: Bad Example - Vague prompt = unpredictable output (missing constraints, validation rules, and error handling expectations) - -\::: + + You are a senior developer. Implement \`PUT /users/{id}\`. + + Requirements: + + * Validate: \`displayName\` (1-50 chars), \`email\` (valid format), reject unknown fields + * Use existing \`UserService.UpdateUserAsync(id, dto)\` + * Return: 200 with updated DTO, 400 with validation errors, 404 if not found + * No new dependencies + * Add unit tests for: happy path, invalid email, missing user, unknown fields + } + figurePrefix="good" + figure="Figure: Good Example - A micro-spec guides the AI toward code that fits your system and is easier to verify" + style="greybox" +/> \::: greybox From d0095956f70268f42c1eda950631967b08e5ae97 Mon Sep 17 00:00:00 2001 From: "tina-cloud-app[bot]" <58178390+tina-cloud-app[bot]@users.noreply.github.com> Date: Fri, 9 Jan 2026 06:26:35 +0000 Subject: [PATCH 09/12] TinaCMS content update Co-authored-by: Mike --- .../rules/guardrails-for-vibe-coding/rule.mdx | 55 +++++-------------- 1 file changed, 13 insertions(+), 42 deletions(-) diff --git a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx index e247e6774e..3e839c9b95 100644 --- a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx +++ b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx @@ -17,7 +17,7 @@ seoDescription: >- created: 2026-01-09T02:12:09.009Z createdBy: Mike createdByEmail: michaelsmedley@ssw.com.au -lastUpdated: 2026-01-09T06:22:32.937Z +lastUpdated: 2026-01-09T06:26:34.002Z lastUpdatedBy: Mike lastUpdatedByEmail: michaelsmedley@ssw.com.au --- @@ -74,31 +74,7 @@ Treat your prompt like instructions to a junior dev. Include: style="greybox" /> -\::: greybox - -You are a senior developer. Implement \`PUT /users/{id}\`. - -Requirements: - -\- Validate: \`displayName\` (1-50 chars), \`email\` (valid format), reject unknown fields - -\- Use existing \`UserService.UpdateUserAsync(id, dto)\` - -\- Return: 200 with updated DTO, 400 with validation errors, 404 if not found - -\- No new dependencies - -\- Add unit tests for: happy path, invalid email, missing user, unknown fields - -\::: - -\::: good - -Figure: Good Example - A micro-spec guides the AI toward code that fits your system and is easier to verify - -\::: - -\## Guardrail #2: Keep changes small and iterative +#### Guardrail #2: Keep changes small and iterative Avoid “generate the whole feature.” Instead: @@ -112,29 +88,24 @@ Avoid “generate the whole feature.” Instead: This reduces hallucinations and makes review manageable. -\## Guardrail #3: You own the code—prove it with tests and explanations - -\### Always add (or generate) tests immediately +#### Guardrail #3: You own the code—prove it with tests and explanations -AI is great at drafting tests, but you still need to validate assumptions: +Always add (or generate) tests immediately -\- Add tests \*\*before\*\* trusting the implementation +* AI is great at drafting tests, but you still need to validate assumptions: +* Add tests \*\*before\*\* trusting the implementation +* Include edge cases and negative tests +* Prefer deterministic tests over “it seems fine” -\- Include edge cases and negative tests - -\- Prefer deterministic tests over “it seems fine” - -\### Code review is non-negotiable +Code review is non-negotiable AI-generated code must go through the same (or higher) scrutiny as any other change: -\- Peer review every meaningful chunk - -\- Ask the author to explain the logic during review - -\- If the author can’t explain it, \*\*rewrite it\*\* +* Peer review every meaningful chunk +* Ask the author to explain the logic during review +* If the author can’t explain it, \*\*rewrite it\*\* -\## Guardrail #4: Don’t create security or compliance debt +### Guardrail #4: Don’t create security or compliance debt \### Keep sensitive data out of prompts From 9ca58deb0e94efa1d2a27fcffd880cdb589d0899 Mon Sep 17 00:00:00 2001 From: "tina-cloud-app[bot]" <58178390+tina-cloud-app[bot]@users.noreply.github.com> Date: Fri, 9 Jan 2026 06:28:22 +0000 Subject: [PATCH 10/12] TinaCMS content update Co-authored-by: Mike --- .../uploads/rules/guardrails-for-vibe-coding/rule.mdx | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx index 3e839c9b95..1bd91b4c22 100644 --- a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx +++ b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx @@ -17,7 +17,7 @@ seoDescription: >- created: 2026-01-09T02:12:09.009Z createdBy: Mike createdByEmail: michaelsmedley@ssw.com.au -lastUpdated: 2026-01-09T06:26:34.002Z +lastUpdated: 2026-01-09T06:28:21.801Z lastUpdatedBy: Mike lastUpdatedByEmail: michaelsmedley@ssw.com.au --- @@ -107,13 +107,12 @@ AI-generated code must go through the same (or higher) scrutiny as any other cha ### Guardrail #4: Don’t create security or compliance debt -\### Keep sensitive data out of prompts +Keep sensitive data out of prompts -\- Never paste secrets, credentials, private keys, or customer PII +* Never paste secrets, credentials, private keys, or customer PII +* If you need context, sanitize or anonymize -\- If you need context, \*\*sanitize\*\* or \*\*anonymize\*\* - -\### Run security checks in CI +Run security checks in CI Use your normal safety net (linters, static analysis, secret scanning). Treat AI output as “untrusted input” until checked. From dc2d4a1a1fed1f79505e38daa4d4f86502598211 Mon Sep 17 00:00:00 2001 From: "tina-cloud-app[bot]" <58178390+tina-cloud-app[bot]@users.noreply.github.com> Date: Fri, 9 Jan 2026 06:30:54 +0000 Subject: [PATCH 11/12] TinaCMS content update Co-authored-by: Mike --- .../rules/guardrails-for-vibe-coding/rule.mdx | 40 ++++++++----------- 1 file changed, 16 insertions(+), 24 deletions(-) diff --git a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx index 1bd91b4c22..9fb21cdbcd 100644 --- a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx +++ b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx @@ -17,7 +17,7 @@ seoDescription: >- created: 2026-01-09T02:12:09.009Z createdBy: Mike createdByEmail: michaelsmedley@ssw.com.au -lastUpdated: 2026-01-09T06:28:21.801Z +lastUpdated: 2026-01-09T06:30:52.544Z lastUpdatedBy: Mike lastUpdatedByEmail: michaelsmedley@ssw.com.au --- @@ -116,43 +116,35 @@ Run security checks in CI Use your normal safety net (linters, static analysis, secret scanning). Treat AI output as “untrusted input” until checked. -\### Watch licensing and “copy-like” code +Watch licensing and “copy-like” code AI can sometimes produce code that resembles open-source snippets: -\- Avoid prompts like “copy the implementation of X from Y” +* Avoid prompts like “copy the implementation of X from Y” +* Prefer “implement behavior” prompts +* If a snippet looks suspiciously polished or familiar, replace it with your own implementation or verify licensing before use -\- Prefer “implement behavior” prompts - -\- If a snippet looks suspiciously polished or familiar, replace it with your own implementation or verify licensing before use - -\## Guardrail #5: Leave breadcrumbs for maintainers +### Guardrail #5: Leave breadcrumbs for maintainers Generated code becomes technical debt when nobody knows \*why\* it exists. Do this instead: -\- Note AI assistance in the PR description (and link the prompt if helpful) - -\- Document non-obvious decisions and assumptions - -\- Ensure code matches your team’s patterns and standards (refactor immediately if it doesn’t) +* Note AI assistance in the PR description (and link the prompt if helpful) +* Document non-obvious decisions and assumptions +* Ensure code matches your team’s patterns and standards (refactor immediately if it doesn’t) -\### Bonus: Give the AI your standards +Bonus: Give the AI your standards Create a lightweight repo guide (e.g. \`copilot-instructions.md\`) with: -\- Architecture overview - -\- Naming conventions - -\- Testing patterns - -\- Logging/exception handling rules - -\- Security requirements +* Architecture overview +* Naming conventions +* Testing patterns +* Logging/exception handling rules +* Security requirements -\## Vibe coding checklist +##### Vibe coding checklist Before merge, you should be able to say “yes” to all of these: From f1c9a1d7a248884986755c3f890ec2c7bdd9e8e2 Mon Sep 17 00:00:00 2001 From: "tina-cloud-app[bot]" <58178390+tina-cloud-app[bot]@users.noreply.github.com> Date: Fri, 9 Jan 2026 06:32:52 +0000 Subject: [PATCH 12/12] TinaCMS content update Co-authored-by: Mike --- .../rules/guardrails-for-vibe-coding/rule.mdx | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx index 9fb21cdbcd..46214d239f 100644 --- a/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx +++ b/public/uploads/rules/guardrails-for-vibe-coding/rule.mdx @@ -17,7 +17,7 @@ seoDescription: >- created: 2026-01-09T02:12:09.009Z createdBy: Mike createdByEmail: michaelsmedley@ssw.com.au -lastUpdated: 2026-01-09T06:30:52.544Z +lastUpdated: 2026-01-09T06:32:50.771Z lastUpdatedBy: Mike lastUpdatedByEmail: michaelsmedley@ssw.com.au --- @@ -148,14 +148,14 @@ Create a lightweight repo guide (e.g. \`copilot-instructions.md\`) with: Before merge, you should be able to say “yes” to all of these: -\- \[ ] I can explain the code without the AI +✅ I can explain the code without the AI -\- \[ ] The change is small and easy to review +✅ The change is small and easy to review -\- \[ ] Tests exist and cover edge cases +✅ Tests exist and cover edge cases -\- \[ ] Security checks pass (and no secrets were shared) +✅ Security checks pass (and no secrets were shared) -\- \[ ] Licensing risk is considered for any “too-perfect” snippet +✅ Licensing risk is considered for any “too-perfect” snippet -\- \[ ] Documentation/PR notes capture the intent and constraints +✅ Documentation/PR notes capture the intent and constraints