Vibe Coding Glossary
Every Term You Need to Know

Prompt: the instruction you write to the AI — the quality of your prompt determines the quality of the output

LLM: the AI model that generates code (Claude, GPT-4, Gemini) — each has different strengths

Context window: the AI's 'working memory' — exceed it and the AI loses track of earlier instructions

Hallucination: when the AI invents functions or APIs that do not exist — always test generated code

RLS (Row Level Security): Supabase's data access control — essential for any app with multiple users

Scaffolding: the initial code structure the AI generates — usually needs iteration before it matches your needs

Knowing what a context window is helps you structure conversations to avoid AI 'forgetting'

Knowing what hallucination is means you test generated code instead of assuming it is correct

Knowing what RLS is means you enable it before any real users join your app

Vocabulary is the foundation of effective prompting — better terms produce better output

API (Application Programming Interface): A way for two systems to communicate. Stripe's API lets your app send payment requests to Stripe

Environment variable: A secret value (like an API key) stored outside the code — never hardcode secrets in the application itself

Deployment: The process of making your application accessible on the internet via Vercel, Netlify, or similar

Schema: The structure of your database — which tables exist, which columns they contain, and how tables relate to each other

Webhook: A notification sent by one service to your application when an event occurs — Stripe sends a webhook when a payment succeeds

CORS (Cross-Origin Resource Sharing): A browser security rule controlling which domains can make requests to your API — misconfigured CORS is a common security issue

Rate limiting: Restricting how many requests a user can make per minute — prevents brute-force attacks on login endpoints

Prompt example using schema: 'Create a Supabase schema with three tables: users (id, email, plan), projects (id, user_id, name, created_at), and tasks (id, project_id, title, status)'

Prompt example using RLS: 'Enable Row Level Security on the projects table. Users should only be able to read and write rows where user_id matches their own auth.uid()'

Prompt example using environment variable: 'The Stripe secret key should be read from an environment variable called STRIPE_SECRET_KEY — never hardcode it'

Prompt example addressing context window: 'Here is a summary of what we have built so far: [summary]. Now add the following feature:' — resetting context before complex additions

'Frontend' vs 'backend': Frontend is what users see (the browser). Backend is the server logic and database. Vibe coding typically generates both, but security configurations live in the backend

'Authentication' vs 'authorisation': Authentication is proving who you are (login). Authorisation is controlling what you are allowed to do (RLS, role-based access). Both are needed

'API key' vs 'password': API keys are machine credentials — they should be treated with the same security as passwords and stored in environment variables, never in code

'Staging' vs 'production': Staging is a test environment. Production is live with real users. Never test destructive operations (like migrations) directly on production

'Bug' vs 'feature request': When an AI generates incorrect behaviour, it is a bug — describe the exact incorrect behaviour and the expected correct behaviour in your fix prompt

Keep a personal glossary — write down every unfamiliar term and its plain-English meaning

Read the Supabase, Vercel, and Stripe documentation — they are the three most important references

When an AI uses a term you do not understand, ask it to explain — 'What does Row Level Security mean in practice?'

Vocabulary compounds: each term you learn makes the next one easier to understand

Greta explains every technical decision in plain English — so you understand your own product