The initial audit of my vibe coded work

The initial audit of my vibe coded work

vibecore · Feb 18, 2026

Having embraced the challenges of AI code for the non-engineer, I knew that I needed real people to help me understand this situation.

Over the past 10 years I’ve had the opportunity to know the team at Alpinist Studios. John Chhetri, their CEO, then became a great resource in getting some feedback on my project.

My goal for our engagement was to get real life feedback from a team that’s coded hundreds of projects over the years and developed product for small business all the way up to the Fortune Global 500. My ask was simple. Review my project (all of the code is made readily available by Replit) and tell me where it has faults. Imagine that you are going to release this to the wild and let me know where it’s going to have challenges.

The team has since provided me a much more detailed audit but here are the initial findings of my work.

Technical Audit
Project
Connect — Multi-Tenant Chatbot Platform
URL
connect.oxygenpack.co
Built with
Replit AI Agent · 114 checkpoints · 7 days
Scope
Lead capture, webhook integrations, AI knowledge base, payments
Cost
~$200
Overall
Promising, Not Ready
6
Passed
10
Issues Found
~8 wks
Estimated Fix
Passed
Working prototype — full functionality as intended
Authentication & protected routes properly implemented
API keys not exposed — secrets handled correctly
Responsive design — mobile-friendly out of the box
HTTPS connections — secure transport layer
Critical Issues
No rate limiting — API endpoints wide open to abuse
Breaks at ~750 concurrent users — vulnerable to DoS attacks
Sessions not persistent — new tab forces re-login
Chatbot has no guardrails — responds to anything in any language
Warnings
!
No input debouncing — rapid typing fires 50+ API calls
!
Monolithic codebase — can’t scale or maintain independently
!
Frontend not modularized — no component separation
!
Generic AI aesthetic — no brand personality or design system
!
Missing 404 page — no error handling for bad routes
Estimated Remediation
Load balancing & rate limiting
2–3 weeks
Auth & session architecture overhaul
1.5 weeks
Database migration & optimization
2 weeks
Break monolith into services
1 week
Frontend modularization & UI/UX fixes
~1 week
Prompt guardrails & fine-tuning
3 days
Audit Fix Ship

In short, the app lacked adequate security, was limited on scalability, and left a lot of open doors for abuse by the so inclined.

What I needed next was to take this concept, let the engineers go wild, and see what kind of effort it would take to get the app ready for battle testing.

arrow Previous Next arrow
Your idea already works.
We help make sure it lasts.
Start a project
Vibecore logo

Vibecore helps founders and teams transform ideas and vibe-coded projects into secure, scalable, production-ready software through audits, last-mile engineering, and rapid prototype development.

Company

Social Media

Contact

hello@vibecore.cx +1-317-220-3735

© 2026 VibeCore. All rights reserved.