🚀 Executive Summary
TL;DR: Vibe coding with AI agents like Lovable or Manus often leads to messy, insecure infrastructure due to their focus on visible elements over backend concerns. To prevent this, architects should implement guardrails like strict environment schemas, use Infrastructure-as-Code sidecars for deployments, and employ isolated container wrappers to control system-level dependencies.
🎯 Key Takeaways
- Implement a strict `.env.example` or `config.ts` schema (e.g., using Zod) to force AI agents to adhere to predefined environment variable structures, preventing hardcoding.
- Separate AI-generated application code from infrastructure provisioning by using IaC templates (Terraform/OpenTofu) as ‘Sidecar Templates’ for robust, production-grade deployments.
- Utilize a ‘Baseline Dockerfile’ that AI agents are forbidden from editing, ensuring system-level dependencies and security layers remain fixed and controlled, preventing arbitrary package installations.
Vibe coding is fast, but your infrastructure shouldn’t be a mess. Darian Vance shares three ways to bridge the gap between AI-generated code and production-grade deployments.
Vibe Coding Without the Infrastructure Hangover: A Senior Architect’s Guide
Last Tuesday, I watched a junior developer at TechResolve “vibe” their way into a fully functional analytics dashboard in about twenty minutes using Lovable. It was impressive—until we looked at the backend. The AI had dutifully hardcoded a connection to prod-db-01 directly in the client-side logic, and the deployment script was essentially a prayer whispered into a CLI. We spent the next six hours untangling a web of environment variables and orphaned Docker volumes. It’s the classic “vibe coding” trap: the UI looks like 2025, but the infrastructure feels like a 1990s shared hosting nightmare.
The Why: Why AI Agents Hate Your Infrastructure
The root cause is simple: AI agents like Lovable, Manus, or Emergent are optimized for “the visible.” They focus on the DOM, the immediate API response, and the “happy path.” They treat infrastructure as a magic black box that just works. They don’t inherently understand state management, database migration safety, or least-privilege IAM roles unless you force them to. If you don’t provide a scaffold, they will take the path of least resistance, which is usually a security or scalability disaster.
Pro Tip: An AI agent will always choose a hardcoded string over a secret manager if you don’t explicitly tell it where the secret manager lives.
The Fixes
1. The Quick Fix: The .env.template Guardrail
If you are using tools like Base44 or Bolt, do not let the AI define your environment variables on the fly. Before you even start the “vibe,” create a strict .env.example or a config.ts schema. Force the agent to read this file first. This keeps the “vibe” contained within your pre-defined architectural boundaries.
// force-schema.ts
import { z } from 'zod';
const envSchema = z.object({
DATABASE_URL: z.string().url(),
API_KEY: z.string().min(32),
NODE_ENV: z.enum(['development', 'production']),
});
export const ENV = envSchema.parse(process.env);
2. The Permanent Fix: The IaC Sidecar Strategy
Stop letting the AI handle deployments. Instead, use the AI to generate the application code, but use a set of “Infrastructure-as-Code” (IaC) templates (Terraform or OpenTofu) to handle the environment. I maintain a repository of “Sidecar Templates” for our team. When a dev vibes a new service, they must attach it to one of these pre-approved Terraform modules.
| Tooling | Role | Darian’s Verdict |
| Lovable / Bolt | Frontend & Logic | Great for rapid prototyping. |
| Terraform | Resource Provisioning | Non-negotiable for production. |
| GitHub Actions | Deployment Pipe | Keep the AI away from the ‘Deploy’ button. |
3. The “Nuclear” Option: The Isolated Container Wrapper
When an agent like Manus starts getting creative with system-level dependencies, it’s time to go nuclear. We use a “Baseline Dockerfile” that the AI is forbidden from editing. The AI can write everything inside the /app directory, but it cannot touch the ENTRYPOINT or the RUN commands that set up the security layer. It’s a bit hacky, but it prevents the “vibe” from installing a random, vulnerable Debian package just to resize an image.
# Fixed Dockerfile - DO NOT LET AI EDIT
FROM node:20-slim
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
# The AI only touches the next line
COPY . .
USER node
CMD ["node", "dist/server.js"]
Warning: If you let an AI agent manage your
sudopermissions during a build, you’re not vibe coding; you’re just hosting a party for botnets.
Vibe coding is the future of productivity, but as seniors, our job is to provide the tracks so the train doesn’t derail. Use the AI for the brushwork; keep the foundation in code you’ve actually reviewed. If you’re stuck between a “vibe” and a hard place, start by locking down your prod-db-01 and work backward from there.
🤖 Frequently Asked Questions
❓ Why do AI agents struggle with infrastructure management?
AI agents like Lovable or Manus are optimized for visible elements and the ‘happy path,’ treating infrastructure as a black box. They lack inherent understanding of state management, database migration safety, or IAM roles, leading them to choose paths of least resistance like hardcoding.
❓ How does the IaC Sidecar Strategy compare to full AI-driven deployments?
The IaC Sidecar Strategy uses AI for rapid application code generation while relying on pre-approved Terraform/OpenTofu modules for robust, production-grade infrastructure provisioning. This contrasts with full AI-driven deployments, which often result in insecure, unscalable, and hard-to-manage backend configurations due to AI’s lack of architectural understanding.
❓ What is a common implementation pitfall when using AI for system-level dependencies?
A common pitfall is letting AI agents manage `sudo` permissions or install random system-level packages, which can introduce severe security vulnerabilities. The solution is to use an ‘Isolated Container Wrapper’ with a fixed Dockerfile that the AI cannot edit, restricting its influence to the application directory.
Leave a Reply