The Vibe Coder's Glossary: 50 Terms Every Builder Should Know

Vibe coders don't need to learn to code in 2026, but they do need to know the vocabulary. This glossary defines 50 essential terms — backend, database, auth, deployment, payments, prompts, MCP, agents — in plain language with concrete examples. Knowing these terms lets you prompt AI builders precisely, read AI-generated output critically, and have productive conversations with engineers when you eventually need them. The vocabulary is the difference between a non-developer who ships and a non-developer who stays stuck.

Got an idea? Build it now!
Just start with a simple Prompt

Get Started Today

Introduction

Vibe coding promises that non-developers can ship real software. That promise is largely true in 2026 — but it isn't free. The non-developers who consistently ship are the ones who learned the vocabulary. Not to write code, but to describe what they want with enough precision for AI builders to act on it. The vocabulary is what separates "build me a SaaS" (vague, produces messy output) from "build a SaaS with email magic link auth, RLS-protected tables, and Stripe Subscriptions" (specific, produces clean output).

Foundations (Terms 1–10)

• 1. Vibe coding — Building software by describing what you want in natural language to an AI builder, instead of writing code. Coined by Andrej Karpathy in February 2025.
• 2. AI app builder — A platform that generates working full-stack apps from prompts. Examples: Greta, Lovable, Bolt.new, v0, Base44, Replit.
• 3. Frontend — The part of the app users see and interact with. Buttons, forms, dashboards. Runs in the user's browser.
• 4. Backend — The part of the app that runs on a server, does the work users don't see, talks to the database, and validates everything.
• 5. Full-stack — Both frontend and backend together. Most AI app builders produce full-stack output from prompts.
• 6. API — Application Programming Interface. How different parts of software talk to each other. The frontend calls the backend via API calls.
• 7. Endpoint — A specific URL on the backend that does one thing. /api/tasks/create is an endpoint that creates a task.
• 8. Stack — The combination of technologies your app uses. 'Next.js + Supabase + Stripe' is a stack.
• 9. Deployment — Making your app available on the internet. AI app builders handle this automatically; the deployed URL is your live app.
• 10. MVP — Minimum Viable Product. The smallest version of your product that delivers real value. Most AI-built MVPs ship in 7–14 days.

Database and Backend (Terms 11–22)

• 11. Database — Where your app's data is stored permanently. Users, tasks, orders, anything that needs to survive between sessions.
• 12. Table — A collection of related records in the database. Like a spreadsheet. The User table holds all user records.
• 13. Row — One record in a table. Each user is one row in the User table.
• 14. Column — One field within a record. The User table has columns for id, email, name, etc.
• 15. Field type — What kind of data a column holds. uuid, text, int, decimal, boolean, timestamp, jsonb.
• 16. uuid — Universal unique identifier. Used as the id field on every table. Looks like '550e8400-e29b-41d4-a716-446655440000.'
• 17. Foreign key — A column in one table that points to a row in another table. Task.user_id is a foreign key to User.id.
• 18. Index — A database structure that makes specific queries faster. Index on User.email makes 'find user by email' nearly instant.
• 19. Query — A request to the database for data. 'Find all tasks where user_id equals 123' is a query.
• 20. Schema — The structure of your database — what tables exist, what columns each has, what types those columns are.
• 21. Migration — A change to your database schema (adding a column, creating a table). AI app builders handle migrations as you change the schema through prompts.
• 22. RLS — Row-Level Security. A database feature that controls which rows each user can read or write. Without RLS, apps leak data the moment a second user signs in. Always prompt for it explicitly.

Authentication and Authorization (Terms 23–28)

• 23. Auth — Shorthand for authentication and authorization. Auth is how the app knows who someone is and what they're allowed to do.
• 24. Authentication — Verifying who someone is. 'Confirm this person is really alice@example.com.' Sign-in is authentication.
• 25. Authorization — Determining what an authenticated user can do. 'Alice can see her own tasks, not Bob's.' Permissions are authorization.
• 26. Magic link — A sign-in method where users enter their email and receive a one-time link. Simpler and more secure than passwords. Default for v1 SaaS.
• 27. OAuth — A standard for letting users sign in via another service (Google, GitHub, Facebook). 'Sign in with Google' is OAuth.
• 28. SSO — Single Sign-On. Enterprise feature where users sign in via their company's identity provider (Okta, Azure AD). Add for B2B at scale.

Payments (Terms 29–34)

• 29. Stripe — The default payment processor for AI-built SaaS in 2026. Handles credit cards, subscriptions, invoicing, tax.
• 30. Stripe Connect — Stripe's marketplace product. Splits payments between buyers, sellers, and the platform (you).
• 31. Webhook — An HTTP request Stripe sends to your app when something happens (payment succeeded, subscription canceled). Your app listens for webhooks and updates its database.
• 32. Subscription — Recurring payment on a schedule (monthly, annual). The Stripe Subscriptions product handles all the mechanics.
• 33. Idempotency — Making sure the same operation can be processed twice without bad effects. Important for webhooks because Stripe occasionally fires them twice.
• 34. Test mode — Stripe's sandbox environment for testing. Cards don't charge real money. Always test mode during build; live mode only at launch.

AI and Prompts (Terms 35–43)

• 35. Prompt — A natural language instruction you give an AI builder. The quality of your prompts determines the quality of the output.
• 36. PRD — Product Requirements Document. A short spec describing the product. Acts as the foundational prompt for most AI app builders.
• 37. Token — The unit AI models use to measure text. Roughly 1 token ≈ 4 characters or 0.75 words. Token-based pricing means longer prompts cost more.
• 38. LLM — Large Language Model. The AI behind tools like Claude, GPT-4, and Gemini. AI app builders typically use one or more LLMs.
• 39. Context window — How much text an AI model can consider at once. Larger context windows mean it can read more of your codebase or PRD.
• 40. Hallucination — When an AI confidently outputs something wrong. Common with very specific facts. Always verify AI-generated facts independently.
• 41. Agent — An AI that takes multiple actions autonomously to accomplish a goal. Replit Agent, Cursor Composer, and Lovable's Agent Mode are examples.
• 42. Fine-tuning — Training an AI model on specific data to make it better at specific tasks. Most vibe coders don't need to fine-tune.
• 43. RAG — Retrieval Augmented Generation. A pattern where the AI looks up relevant information before answering. Used for chatbots that need to reference specific knowledge bases.

MCP and Integrations (Terms 44–46)

• 44. MCP — Model Context Protocol. Open standard created by Anthropic in November 2024 for connecting AI models to external tools and data. Now supported by every major AI vendor. Lets AI agents query Postgres, GitHub, Slack, Google Drive, and 200+ other services through a standardized interface.
• 45. MCP server — A program that exposes a tool or data source via MCP. Examples: GitHub MCP server, Slack MCP server, Postgres MCP server.
• 46. MCP client — An AI application that connects to MCP servers to access their tools. Claude Desktop, Cursor, and many AI app builders are MCP clients.

Operations and Hosting (Terms 47–50)

• 47. Custom domain — Your branded URL (yourbrand.com) instead of a platform subdomain. Trust signal; affects conversion in some categories (finance, marketplaces) more than others.
• 48. SSL — Secure Sockets Layer. The 'https' and lock icon in browsers. Required for any production app. Modern AI app builders handle this automatically.
• 49. CDN — Content Delivery Network. Hosts static files (images, CSS, JS) globally for faster loading. Bundled with most AI app builder hosting.
• 50. Analytics — Tracking how users actually use your app. Page views, conversion funnels, feature usage. Critical for post-launch iteration.

Bonus Terms You'll Encounter

• Supabase — Open-source Firebase alternative. Postgres database + auth + storage + real-time. The default backend for many AI app builders.
• Tailwind — A CSS framework most modern AI builders use. You don't write Tailwind directly; you mention it in design prompts.
• shadcn/ui — High-quality component library used by v0 and other AI builders. Produces premium-feeling UI defaults.
• Vercel — Hosting platform optimized for Next.js. v0's default deployment target.
• Edge function — Code that runs on a CDN node close to the user. Faster than running on a centralized server.
• Webhook signature — A cryptographic proof that a webhook came from where it claims to. Always verify webhook signatures to prevent fraud.
• Rate limiting — Capping how many times a user can do something per minute/hour. Prevents abuse and runaway costs.
• Caching — Storing the result of an expensive operation so future requests don't redo the work. Important for AI features where each call costs real money.
• ICP — Ideal Customer Profile. Marketing term but useful for vibe coders. Specifying ICP in PRDs improves AI output.
• Cold start — In serverless contexts, the delay when a function hasn't been called recently. Usually negligible for SaaS but matters for high-traffic apps.

Terms Commonly Misused

'No-code' vs 'Low-code' vs 'Vibe Coding'

These get used interchangeably but mean different things. No-code means truly no code — drag-and-drop builders like Webflow. Low-code means visual tools with optional code (Bubble, Retool). Vibe coding means natural language prompting that produces real code. Vibe coding tools (Greta, Lovable, Bolt) are technically no-code from the user's perspective but produce real code as output.

'Production-ready' vs 'Production-grade'

Production-ready means the code works for real users in real production environments. Production-grade implies it meets enterprise quality standards (security, performance, monitoring). Most AI-built apps are production-ready out of the box; production-grade often requires engineering review.

'Agent' vs 'AI agent' vs 'Agentic'

Agent and AI agent typically mean the same thing — an AI that takes multiple autonomous actions. "Agentic" is the adjective form. All three describe AI that does more than respond once to a single prompt.

'Vector database' vs 'Regular database'

Vector databases store data in a way that lets AI models query by similarity. Regular databases query by exact match or range. Most apps need only a regular database. Vector databases come up specifically for RAG features.

How to Actually Use This Glossary

• Reference mode — When you encounter an unfamiliar term in an AI builder's documentation or a tutorial, look it up here. Quick context lets you keep moving.
• Prompt-improving mode — When you write a prompt for an AI builder, scan for opportunities to use specific terms instead of vague language. 'Database table' is better than 'data storage'; 'magic link auth' is better than 'sign-in.'
• Discussion-prep mode — Before talking to engineers, scan terms relevant to the conversation. Even rough fluency dramatically improves the quality of the conversation.

The vocabulary compounds. After your first project, half these terms feel obvious. After your third, all of them do. By then, you're prompting AI builders precisely without thinking about it — which is the actual goal.

Common Mistakes Non-Developers Make with Vocabulary

• Using terms loosely — 'API' and 'endpoint' aren't interchangeable. 'Backend' and 'database' aren't either. Precision in vocabulary leads to precision in prompts.
• Skipping the unfamiliar — When you don't know a term, looking it up takes 30 seconds. Ignoring it leads to vague prompts.
• Pretending to know more than you do — Engineers spot this immediately. Better to acknowledge what you don't know than to bluff.
• Memorizing without using — Vocabulary you don't actively use in prompts fades.
• Confusing related terms — 'Auth' and 'OAuth' aren't the same. 'Webhook' and 'API call' aren't the same.
• Reading too much depth too early — You don't need to deeply understand how RLS is implemented; you just need to know it exists and to prompt for it.

Frequently Asked Questions

Do I really need to know all 50 terms?

Not at once. The first 20–30 cover most common AI builder prompts. The full list rewards builders who ship multiple projects.

Will these terms still be relevant in 2 years?

The foundational ones (frontend, backend, database, auth, API) — yes. The specific platform names and pricing models — those evolve. The category vocabulary (vibe coding, MCP, agent) is stabilizing in 2026 and likely to stick.

What if I encounter a term not in this glossary?

Look it up online. The Stripe Glossary is excellent for payment terms; the Supabase docs explain backend concepts well; Anthropic's MCP documentation is the canonical MCP reference. Most modern docs are written for non-developers.

How do I retain this vocabulary?

Use it deliberately in prompts. Memorization without use fades; vocabulary in active use stays. The first project where you use these terms intentionally is when they start sticking.

What's the single most important term to know?

RLS (Row-Level Security). The single most common security failure mode in vibe-coded apps is missing RLS. Knowing the term and prompting for it explicitly prevents the worst class of bugs.

Do AI builders use these terms in their UI?

Increasingly, yes. Modern AI app builders surface terms like "RLS," "webhook," and "magic link auth" in their interfaces. Fluency lets you use the UI more effectively.

Are there other resources for learning the vocabulary?

Reading AI app builder documentation is the fastest path. Modern docs (Supabase, Stripe, Anthropic) are written for non-developers. Following indie hacker communities on IndieHackers and X also exposes you to the vocabulary in conversational use.

Key Takeaways

• Vibe coders don't need to write code, but they do need to know the vocabulary. The 50 terms in this glossary cover the foundations: backend, database, auth, payments, AI/prompts, MCP, and operations.
• Specific terms unlock specific output quality. 'Add magic link auth with row-level security' produces better results than 'add sign-in.'
• The vocabulary compounds across projects. After your third build, most of these terms feel automatic. Active use in prompts is how the vocabulary sticks.
• MCP (Model Context Protocol) is the most important new term added to the vocabulary in 2024–2026. Every modern AI builder is moving toward MCP support; fluency here matters.

Got an idea? Build it now!
Just start with a simple Prompt

Get Started Today