vibe-stack

Name: vibe-stack
Author: vibestackdev

vibestackdev March 30, 2026

6 copies 0 downloads

29 .mdc architecture rules that prevent AI coding assistants from hallucinating insecure auth, deprecated imports, and broken Next.js 15 patterns. Built for Cursor Agent and Claude Code.

Agent Definition

# ⚡ Vibe Stack

### Stop fixing AI-generated bugs. Start shipping production apps.

A **Next.js 15 + Supabase boilerplate** with **29 `.mdc` architecture rules** that physically prevent AI coding assistants from hallucinating insecure auth, deprecated packages, and broken patterns.

[![Next.js 15](https://img.shields.io/badge/Next.js-15-black?logo=next.js)](https://nextjs.org/)
[![React 19](https://img.shields.io/badge/React-19-blue?logo=react)](https://react.dev/)
[![Supabase](https://img.shields.io/badge/Supabase-SSR-3ecf8e?logo=supabase)](https://supabase.com/)
[![TypeScript](https://img.shields.io/badge/TypeScript-strict-3178c6?logo=typescript)](https://www.typescriptlang.org/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)

> **The problem:** AI models generate code that compiles perfectly but ships critical vulnerabilities — `getSession()` instead of `getUser()`, synchronous params that crash in Next.js 15, missing RLS policies that expose your database. These bugs are invisible until production.
>
> **The fix:** Architecture rules that override the AI's training data. When a rule says "NEVER use getSession()", the model is constrained to generate the secure pattern. Every time.

---

## 🚀 Quick Start

```bash
git clone https://github.com/vibestackdev/vibe-stack.git
cd vibe-stack
npm install
cp .env.example .env.local
# Add your Supabase URL + anon key to .env.local
npm run dev
```

Open in **Cursor** and start building. The rules activate automatically — zero configuration.

---

## 🆓 What's Free (This Repo)

This open-source repo includes **5 foundational architecture rules** — the most critical safeguards for any Next.js 15 + Supabase project:

| Free Rule | What It Prevents |
|---|---|
| `supabase-auth-security.mdc` | Bans `getSession()`, enforces `getUser()` for JWT verification |
| `nextjs15-params.mdc` | Prevents synchronous `params` access (the #1 Next.js 15 breaking change) |
| `supabase-ssr-only.mdc` | Blocks deprec

Comments

More Agents

View all

documentation

Documentation & Onboarding Agent

Agent that generates comprehensive documentation, API references, architecture diagrams, and developer onboarding guides from existing code.

Community

debugging

Cursor Bug Triage Agent

Agent configuration for systematic bug investigation that traces issues from error logs through the codebase to root cause with suggested fixes.

Community

api

API Integration Agent

Agent for integrating third-party APIs including SDK setup, type generation, error handling, retry logic, and rate limit management.

Community

coding

Cursor Agent Mode

Cursor's built-in autonomous coding agent that can make multi-file edits, run terminal commands, search the codebase, and iteratively build features with minimal human intervention.

Cursor Team

cloud

Cursor Background Agent

Cloud-based autonomous coding agent that runs in the background on remote sandboxed environments, handling complex multi-step tasks while you continue working.

Cursor Team

composer

Cursor Composer Agent

Cursor's multi-file editing agent within Composer mode that can create, edit, and delete files across your entire project in a single conversation.

Cursor Team

vibe-stack

Tags

Comments

More Agents

Documentation & Onboarding Agent

Cursor Bug Triage Agent

API Integration Agent

Cursor Agent Mode

Cursor Background Agent

Cursor Composer Agent