Notes
Welcome to the VibeReview blog
Notes from the guardrail — what we're shipping, what we're seeing in repos, and what the prompt-to-PR loop needs next.
AI coding tools turned the prompt into the smallest unit of change. The PR review didn't catch up. This blog is where we work through what that gap looks like in real codebases — and what we're shipping to close it.
What you'll find here
Three kinds of posts. Product notes — what we shipped, why, and what we're working on next. Field notes — patterns we keep seeing in audits of AI-assisted code: prompt injection, MCP tool spoofing, SQL string interpolation that comes back in a new disguise every quarter. Engineering posts — how we build VibeReview, with code you can run.
What you won't
Thought-leadership think-pieces. AI-prefixed adjectives. Promises that don't ship. If a post is on this site, you can act on it today.
Subscribe via RSS. Or just bookmark and come back.