Vibe coding limits for non coders: the build is not the limit, the verification gap is

The limit is not writing code. The in-VM agent writes it for you and checks its own work in a sandboxed Chromium before reporting done. The limit is the gap between 'looks finished' and 'is finished'. Four specific things slip through that gap: interaction paths the agent didn't think to click, backend writes (email, database, payments) that succeed visually but fail on the wire, the 2-turn anonymous cap before the sign-in gate fires (set in src/app/(landing)/page.tsx line 339, signInGateAfterTurns: 2), and the 1-hour idle pause after which the sandbox is suspended (E2B_TIMEOUT_MS = 3,600,000 in src/core/e2b.ts line 33). A coder catches three of those four on instinct. A non coder catches none of them without prompting.

It is five steps, quoted from src/core/vm-claude-md.ts lines 278 to 283 under the Browser Testing heading: 1) navigate to http://localhost:5173 via Playwright MCP, 2) take a snapshot to verify the DOM rendered correctly, 3) check browser_console_messages for runtime errors, 4) if the page is blank, verify the component is imported in App.tsx, 5) do not report completion until the browser shows the expected result. Chromium runs inside the same E2B sandbox on an Xvfb display with a Playwright MCP server attached over CDP. The agent writes code, looks at the page in a real browser tab, and only hands control back if the render matched its intent. That loop closes ~90% of the limits other vibe coding tools have for non technical users. It does not close all of them.

Four things. First, interaction state. The snapshot is a DOM check at one moment in time; it does not click every button to see what state the app enters next. Second, backend writes. The agent confirms the UI rendered, not that the POST to Resend, Neon, or Stripe actually wrote a row. A green toast is not a green database. Third, the 2-turn anonymous gate. Anonymous users have 2 free turns before sign in is required (src/app/(landing)/page.tsx:339). The first vague prompt can burn the whole budget. Fourth, the sandbox idle timeout. After 1 hour with no activity, E2B pauses the sandbox (src/core/e2b.ts:33, with lifecycle.onTimeout: 'pause' at line 471). The work persists and reconnects byte exact, but a non coder coming back two hours later may not understand why the preview spinner showed up.

Four services are auto provisioned per session in src/core/service-provisioning.ts: PostHog for analytics, Resend for email, Neon for Postgres, and GitHub for source control. The agent writes the keys into /app/.env before your first prompt arrives, and the project CLAUDE.md tells the agent to check /app/.env for pre provisioned services before asking you for any API keys. So 'add email signup' or 'save form submissions to a database' is one prompt, not five.

FREE_MODEL is set to 'haiku' in src/app/api/chat/model/route.ts line 5. Anonymous and unsubscribed users can only use Haiku. It is fast (the preview streams while you read), and cheap enough that the platform can serve anonymous prototypes without metering them. The limit: Haiku is a smaller model than Sonnet or Opus, and on the fifth iteration when the codebase has eight files and you're asking for cross file refactors, the model can lose track. The route returns 402 with subscription_required if a free user tries to switch (lines 17 to 24). The non coder won't know to switch, so the limit feels like 'the AI got worse' rather than 'I'm on the cheap model'.

No. The /app directory inside the sandbox is a Vite + React + TypeScript + Tailwind project (project CLAUDE.md, also in vm-claude-md.ts). The agent edits files in /app/src/ and the Vite dev server hot reloads at http://localhost:5173. Output is a mobile first responsive web app, not a native binary. If the goal is the App Store, the limit is the stack, not the agent. Ask first whether a mobile web app is enough for your idea; for most consumer prototypes, it is.

Lines 168 to 175 of src/core/vm-claude-md.ts list six anti patterns the agent is told never to produce: purple/indigo gradients on white backgrounds, uniform rounded cards in a grid with icons, a generic hero with centered text and a gradient button, every section looking the same with slight color variations, cookie cutter layouts that could be any app, and placeholder images or Lorem Ipsum left in place. The rule is scoped by 'These rules apply unless the user explicitly overrides them' on line 99. For a non coder who types 'make it look modern', this means the default is not the generic AI aesthetic. The override is one sentence: 'I want purple gradients on white'. The point is to move the aesthetic decision off the user and onto a written rule the model applies consistently.

Yes. Every prompt commits to a local git repo at /app inside the sandbox. The agent can also push your app to a private GitHub repo auto created under m13v/ at session start (the repo URL is in /app/.env from turn one, see service-provisioning.ts line 51 and the GITHUB_ORG constant). If you want a developer friend to look at it later, they have a real TypeScript project on GitHub. Not a Bubble export, not a screenshot, not a Figma file.