Lawyer releases vibe coding antipattern catalog and enforcement tool

u/lcasarin, a non-programmer lawyer, describes arriving at vibe coding with optimism before spending three months watching the same failure patterns repeat across projects: AI agents declaring success without evidence, code shipping "working" but breaking silently, and tests that create the appearance of coverage without the substance. Unable to find a shared vocabulary for these failures, they began cataloging them, which grew into two open-source projects released together for community feedback.

Every entry is required to be falsifiable, with detection criteria, bad/good code examples, and a specified enforcement mechanism such as a test, hook, or static check.

The first project, Golden Standard, is a structured antipattern rulebook organized into four categories: Vibe Coding Vices (VC-xxx) with 126 entries covering issues like incomplete code, ghost files, hardcoded paths, and superficial tests; Testing Vices (VT-xxx) with 115 entries on how tests become "security theater"; Tokenomics (TK-xxx) treating token efficiency as a form of technical debt; and Project Insights (PI-xxx) for cross-cutting observations. Every entry is required to be falsifiable, with detection criteria, bad/good code examples, and a specified enforcement mechanism such as a test, hook, or static check.

The second project, Cerberus, is the enforcement layer that operationalizes Golden Standard at commit time. It runs a 12-dimensional audit with deterministic gates — covering blast radius, symbol integrity, and dependency graph — before applying GS vice detection and, optionally, LLM semantic filtering. Critically, Cerberus never blocks on the LLM's opinion alone, only on measurable facts. It is designed for hub-and-spoke governance, where one Cerberus instance guards up to 17 satellite repositories. The post notes that NVIDIA's SkillSpector security scanner independently arrived at the same fast-deterministic-then-optional-LLM architecture, and u/lcasarin plans to incorporate SkillSpector's 16-category threat taxonomy — covering prompt injection, tool poisoning, excessive agency, and others — into Golden Standard as new VC-### entries.

Key facts

1. 01u/lcasarin is a lawyer, not a programmer, and used AI assistance to write the post (English is not their first language)
2. 02Golden Standard catalogs 126 Vibe Coding Vices (VC-xxx) and 115 Testing Vices (VT-xxx), plus Tokenomics and Project Insights categories
3. 03Every Golden Standard entry must be falsifiable, with detection criteria, bad/good code examples, and an enforcement mechanism
4. 04Cerberus runs a 12-dimensional commit audit: deterministic gates first, then GS vice detection, then optional LLM semantic filtering
5. 05Cerberus is designed for hub-and-spoke governance — one instance guarding up to 17 satellite repos
6. 06NVIDIA's SkillSpector independently converged on the same fast-deterministic-then-optional-LLM architecture
7. 07u/lcasarin plans to import SkillSpector's 16-category threat taxonomy (prompt injection, tool poisoning, excessive agency, etc.) into Golden Standard

Topics