10 signs your vibe-coded app
needs a refactor.

Count how many of these are true for your codebase. Three means you have time to fix it before it hurts. Five means it's already hurting you and you haven't noticed. Seven or more is an emergency.

1. You're scared to change one thing because it might break three others

This is the canonical sign of architectural debt. In a healthy codebase, changing a button doesn't risk breaking login. In a vibe-coded codebase, everything is wired to everything because the AI never extracted shared concerns into modules. Fix: split files smaller than 200 lines, extract pure functions, lift state.

2. Files have names like final_v2_fixed.tsx

You stopped using version control as version control because the AI couldn't tell you what changed between sessions. Now your repo looks like a Photoshop project. Fix: git reset, delete the suffixed files, commit per-feature instead of per-session.

3. A page takes more than 1 second to load on a fast connection

AI tools rarely add caching, query batching, or pagination. By the time you have a few hundred rows in your main table, things slow down. Open Chrome DevTools → Network → reload. If TTFB is over 800ms, the backend is the bottleneck. Fix: add database indexes, batch queries, paginate lists.

4. Your node_modules is 800 MB+

The AI installs whatever package solves the immediate problem, regardless of whether you already have an equivalent. We've seen vibe-coded projects with both axios and fetch, both moment and date-fns, both lodash and ramda. Fix: pick one, uninstall the others, deduplicate.

5. Your database has no foreign keys

AI tools love JSON columns. They use them everywhere — even where a proper relationship would be obviously cleaner. The cost shows up when you need to query across "fields that should be tables." Fix: normalise the worst offenders into proper relations, add foreign keys, add indexes.

6. The same business logic exists in 3+ places

Search your code for any computed value (e.g., the total of an invoice). If it's computed in the React component, the API route, AND the database query — that's three copies of the same logic, each able to drift. Fix: pick one source of truth, delete the others, call the source.

7. You don't know what half the files do

Open your src/ directory. If you can't, in 10 seconds, say what each file is responsible for — your folder structure is fictional. Vibe-coded apps tend to dump everything into app/ or components/. Fix: group by feature, not by file type. features/billing/* beats components/billing.tsx + hooks/useBilling.ts + utils/billing.ts.

8. Environment variables are committed to git

The AI usually has the courtesy to add .env to .gitignore, but a fraction of the time it doesn't — and you only find out when someone forks your repo and gets your Supabase keys. Fix: git log --all -p -- .env, rotate any leaked keys immediately.

9. Auth and authorisation are tangled

"Authenticated" (we know who you are) and "authorised" (you can do this thing) are different. AI tools conflate them — most vibe-coded apps check "is the user logged in" and assume that means "is the user allowed to read this row." It doesn't. Fix: enable Row Level Security (RLS) on every Supabase table; explicit allow-list per role.

10. You're afraid of your own production database

You have no backups, no migrations history, no idea what schema is actually live, and the thought of running an ALTER TABLE makes your hands sweat. Fix: take a daily snapshot, set up a proper migrations tool (Drizzle, Prisma Migrate, supabase migrations), and clone production into a staging database where you can break things safely.

Score yourself

• 0–2: You're fine. Keep an eye on it as you grow.
• 3–4: Schedule a refactor sprint in the next month. Don't panic, but don't ignore.
• 5–6: You're losing more time to bugs than you gain from new features. Refactor now.
• 7+: Don't add a single new feature until you've cleaned up. Adding more code to a broken foundation is how products die.

---

Keep reading