How to Maintain Code Quality in AI Development

The time between introducing a defect and fixing it is one of the most important metrics in software engineering. The closer that gap is to zero, the better. Not all defects are bugs that break things. Low-quality code, functions that are too long, nesting that's too deep, complexity that's too high, is a defect too. It works, but it degrades your codebase over time. After building 30+ repositories with AI coding tools, I've seen this play out at scale. These tools generate more code faster, which means there's more to manage. Functions balloon to 60 lines. Nesting goes four levels deep. Cyclomatic complexity creeps past 15. You don't notice until every change gets harder. Code review catches it, but too late. By the time a reviewer flags a 40-line function, the AI has already built three more on top of it. The fix is enforcing quality at the moment of creation. I built a set of Claude Code PostToolUse hooks (scripts that run after every file edit) that analyze every file Claude writes or edits and block it from proceeding when the code violates quality thresholds. Thresholds are configurable per project. Six checks, enforced at the moment of creation: → Cyclomatic complexity > 10 → Function length > 20 lines → Nesting depth > 3 levels → Parameters per function > 4 → File length > 300 lines → Duplicate code blocks (4+ lines, 2+ occurrences) All six checks run on Python with no external dependencies. JavaScript, TypeScript, Java, Go, Rust, and C/C++ get complexity, function length, and parameter checks via Lizard. When a violation is found, Claude gets a blocking report with the specific refactoring technique to apply: extract method, guard clause, parameter object. It fixes the problem and tries again. In a recent 50-file session, Claude resolved most violations within one or two retries, with blocks dropping from 12 in the first 20 writes to 2 in the last 30. Hooks handle measurable structural quality so I can focus reviews on design and correctness. If a threshold is wrong for a specific project, you change the config. → ~100-300ms overhead per file edit on modern hardware → Start with one hook (function length > 20 lines) and see how it changes what your AI produces The full writeup covers: → The hook architecture and how PostToolUse triggers work → A before/after showing how a 45-line nested function gets split into three focused helpers → Why hooks complement CLAUDE.md rules rather than replacing them Link in comments 👇

Let's cut to the chase: GenAI project complexity can quickly spiral out of control. Here's a project structure that keeps things clean, maintainable, and scalable: Key components and their benefits: 1. Modular 'src/' Directory: - Separates concerns: prompts, LLM integration, data handling, inference, utilities - Enhances code reusability and testing - Simplifies onboarding for new team members 2. 'configs/' for Environment Management: - Centralizes configuration, reducing hard-coded values - Facilitates easy switching between development, staging, and production environments - Improves security by isolating sensitive data (e.g., API keys) 3. Comprehensive 'tests/' Structure: - Distinguishes between unit and integration tests - Encourages thorough testing practices - Speeds up debugging and ensures reliability, crucial for AI systems 4. 'notebooks/' for Experimentation: - Keeps exploratory work separate from production code - Ideal for prompt engineering iterations and performance comparisons 5. 'docs/' for Clear Documentation: - Centralizes key information like API usage and prompt strategies - Crucial for maintaining knowledge in rapidly evolving AI projects This structure aligns with the principle "Explicit is better than implicit." It makes the project's architecture immediately clear to any developer jumping in. Question for the community: How do you handle versioning of models and datasets in your AI projects?

After spending 1000+ hours coding with AI in Cursor, here's what I learned: 1️⃣ Treat AI like your forgetful genius friend, brilliant but always needing reminders of your goals. 2️⃣ Context rules everything. Regularly reset, condense, and document your sessions. Your efficiency skyrockets when context is clear. 3️⃣ Start by sharing your vision. AI can read code but not minds; clarity upfront saves countless revisions. 4️⃣ Premium models pay off. Gemini 2.5 Pro (1M tokens) or Claude 4 Sonnet are worth every penny when tackling tough problems. 5️⃣ Brief AI as you would onboard a junior dev, clearly explain architecture, constraints, and goals upfront. 6️⃣ Leverage rules files as your hidden superpower. Preset your coding patterns and workflows to start smart every time. 7️⃣ Collaborate with AI first. Discuss and validate ideas before writing any code; it dramatically reduces wasted effort. 8️⃣ Keep everything documented. Markdown-based project logs make complex tasks manageable and ensure seamless handovers. 9️⃣ Watch your context window closely. After halfway, productivity dips, stay sharp with quick resets and concise summaries. 🔟 Version-control your rules. Team-wide knowledge-sharing ensures consistent quality and rapid onboarding. If these insights help you level up, ♻️ reshare to boost someone else's AI coding skills today!

Most developers treat AI coding agents like magical refactoring engines, but few have a system, and that's wrong. Without structure, coding with tools like Cursor, Windsurf, and Claude Code often leads to files rearranged beyond recognition, subtle bugs, and endless debugging. In my new post, I share the frameworks and tactics I developed to move from chaotic vibe coding sessions to consistently building better, faster, and more securely with AI. Three key shifts I cover: -> Planning like a PM – starting every project with a PRD and modular project-docs folder radically improves AI output quality -> Choosing the right models – using reasoning-heavy models like Claude 3.7 Sonnet or o3 for planning, and faster models like Gemini 2.5 Pro for focused implementation -> Breaking work into atomic components – isolating tasks improves quality, speeds up debugging, and minimizes context drift Plus, I share under-the-radar tactics like: (1) Using .cursor/rules to programmatically guide your agent’s behavior (2) Quickly spinning up an MCP server for any Mintlify-powered API (3) Building a security-first mindset into your AI-assisted workflows This is the first post in my new AI Coding Series. Future posts will dive deeper into building secure apps with AI IDEs like Cursor and Windsurf, advanced rules engineering, and real-world examples from my projects. Post + NotebookLM-powered podcast https://lnkd.in/gTydCV9b

Today, let me share my two cents on AI Coding Assistants ... I have been using code assistants like Cursor and GitHub Copilot extensively recently. While productivity gains are undeniable, certain nuances must be considered to maintain long-term code quality. First, the notable advantages: >> Efficient Debugging and Documentation: AI assistants are excellent for generating unit tests, documentation, and brainstorming design patterns. Once I encountered a complex environment variable path conflict caused by multiple dependency versions. This type of issue is notoriously difficult to isolate, yet Cursor identified the root cause in under ten minutes. It saved hours of manual debugging. >> Rapid Prototyping: Exploring new frameworks is now straightforward. This provides leverage for researchers and non-engineers to build MVPs via "vibe coding" with ease. However, there are many pitfalls >> Code Verbosity: AI assistants, particularly Claude models, frequently generate more code than is strictly necessary. While some argue that prompt engineering can mitigate this, it remains difficult to prevent the AI from introducing over-complicated logic. >> Lack of Coherence: Automated changes can sometimes lack consistency across multiple files, likely due to internal context window limitations. Additionally, the tendency to include superfluous detail in documentation can clutter a codebase. >> Stale Training Data: LLM knowledge is often several months behind the latest releases. This is evident with fast-evolving libraries like TensorFlow. Relying on AI patches for outdated library versions without understanding the underlying mechanics significantly increases technical debt. Here are my recommendations for responsible usage >> Scrutinise Every Line: I would advise all developers, particularly those earlier in their careers, to avoid the temptation of "Tab-to-complete" without full comprehension. Challenge your AI assistant’s reasoning until you are satisfied. It may seem time-consuming initially, but it prevents costly architectural errors in the future. >> Transparency in Pull Requests: We should be honest about our AI usage. If more than 50% of a PR is AI-generated, it should ideally require two human peer reviewers. Furthermore, such code must be held to a higher standard regarding unit test coverage and quality scores. >> The Need for AI Audit Logs: There is a significant opportunity for IDEs to automate AI audit logs within PRs. These logs could specify the LLM used and the percentage of code generated versus refined. This would allow for better guardrails; for instance, code generated by one model could be cross-reviewed by another (such as Gemini or GPT) for an independent quality check. AI is a formidable tool but no substitute for critical thinking. To avoid technical debt, we must remain the primary architects of our systems. #SoftwareEngineering #AI #VibeCoding #CleanCode #TechLeadership

No, you won't be vibe coding your way to production. Not if you prioritise quality, safety, security, and long-term maintainability at scale. Recently coined by former OpenAI co-founder Andrej Karpathy, "vibe coding" describes an AI-coding approach where developers focus on iterative prompt refinement to generate desired output, with minimal concern for the LLM-generated code implementation. At Canva, our assessment — based on extensive and ongoing evaluation of AI coding assistants — is that these tools must be carefully supervised by skilled engineers, particularly for production tasks. Engineers need to guide, assess, correct, and ultimately own the output as if they had written every line themselves. Our experimentation consistently reveals errors in tool-generated code ranging from superficial (style inconsistencies) to dangerous (incorrect, insecure, or non-performant code). Our engineering culture is built on code ownership and peer review. Rather than challenging these principles, our adoption of AI coding assistants has reinforced their importance. We've implemented a strict "human in the loop" approach that maintains rigorous peer review and meaningful code ownership of AI-generated code. Vibe coding presents significant risks for production engineering: - Short-term: Introduction of defects and security vulnerabilities - Medium to long-term: Compromised maintainability, increased technical debt, and reduced system understandability From a cultural perspective, vibe coding directly undermines peer review processes. Generating vast amounts of code from single prompts effectively DoS attacks reviewers, overwhelming their capacity for meaningful assessment. Currently we see one narrow use case where vibe coding is exciting: spikes, proofs of concept, and prototypes. These are always throwaway code. LLM-assisted generation offers enormous value in rapidly testing and validating ideas with implementations we will ultimately discard. With rapidly expanding LLM capabilities and context windows, we continuously reassess our trust in LLM output. However, we maintain that skilled engineers play a critical role in guiding, assessing, and owning tool output as an immutable principle of sound software engineering.

If you're new to AI Engineering, you're likely: – forgetting to log or monitor system behavior – treating prompt engineering as an afterthought – ignoring API rate limits and blowing past quotas – trusting outputs without understanding model limitations – assuming models don’t need regular retraining or updates Let’s not have these mistakes hold you back. Follow this simple 45-rule checklist I’ve created to level up fast and avoid rookie mistakes. 1. Never deploy anything you haven’t personally tested. 2. Validate all AI responses for correctness and safety. 3. Always log inputs, outputs, and timestamps for traceability. 4. Keep your prompts and configurations under version control. 5. Track every API call, monitor quotas, usage, and latency. 6. Plan for outages, design fallback workflows for API failures. 7. Cache frequent queries, save money and reduce API calls. 8. Set clear timeout limits on external service requests. 9. Never assume the model “just works”, expect failure modes. 10. Review every line of code that interacts with the AI. 11. Sanitize all data before it hits your models. 12. Never save unverified model outputs to your database. 13. Monitor system health with real-time dashboards. 14. Keep secrets (API keys, tokens) away from your codebase. 15. Automate unit, integration, and regression tests for your stack. 16. Retest and redeploy models on a regular cadence. 17. Document every integration detail and model limitation. 18. Never ship features you can’t explain to your users. 19. Use JSON or structured data for model outputs, avoid raw text. 20. Benchmark latency and throughput under load. 21. Alert on anomalies, not just outright failures. 22. Test model outputs against adversarial, nonsensical, and edge-case inputs. 23. Track cost-per-query, and know where spikes come from. 24. Build feature flags to roll back risky changes instantly. 25. Maintain a “kill switch” to quickly disable AI features if needed. 26. Keep error logs detailed and human-readable. 27. Limit user exposure to raw or unmoderated model responses. 28. Rotate credentials and secrets on a fixed schedule. 29. Record and audit all changes in prompts, models, and data sources. 30. Schedule regular model evaluations for drift and performance drops. 31. Implement access controls for sensitive data and models. 32. Track and limit PII (personally identifiable information) everywhere. 33. Share postmortems and edge cases with your team, learn from mistakes. 34. Set budget alerts to catch runaway costs early. 35. Isolate test, staging, and production environments.

Code much faster with AI, but at what cost… Ignore quality and maintainability issues? Or spend hours reviewing code we haven’t written? A Theodo team explored ingenious ways to break that trade-off. Antoine de Chassey , Hugo Borsoni, Thibault Lemery and Margaux Theillier led a 6-step kaizen on accelerating AI-code reviews without sacrificing quality. Based on extensive experience, they’ve identified that AI is much more reliable when it is building components by copying an existing good example. So they tagged good examples they called blueprints. And then asked the AI to make it explicit, on the code generated, whether it was able to copy a blueprint or not. This allowed them to focus their code reviews on all the places where the AI wasn’t able to copy a blueprint, places that are much more prone to quality issues. A very ingenious way to review all the code, ensuring maximum quality, while focusing attention on the less reliable places. Well done for that great example of Lean Tech in action at Theodo!

On Sunday, I used AI to build an app that generated 23,000 lines of code in a couple of hours. On Monday, I posted about the experience, including the mistakes the AI made. My point: AI can build most of a tool fast, but you still need solid software engineering skills to ship a working product. Oddly, a bunch of software engineers jumped in to tell me I was using AI wrong. If I'd just followed better software engineering practices, they said, it would've worked perfectly. The irony? That was exactly my point. You need software engineering practices, knowledge and skills to get the most from AI. So for those that missed it, I've been documenting my views on AI-assisted coding. I believe in strong opinions, weakly held, so I'd like thoughts, feedback, and challenges to the following opinions. On AI and AI-Assisted Coding: → The agent harness largely shouldn’t matter. The process should work with all of them. → Most AI-assisted coding processes are too complex. They clutter the context window with unnecessary MCP tools, skills, or content from the AGENTS file. → A small, tightly defined, and focused context window produces the best results. → LLMs do not reason, they do not think, they are not intelligent. They're simple text prediction engines. Treat them that way. → LLMs are non-deterministic. That doesn't matter as long as the process provides deterministic feedback: compiler warnings as errors, linting, testing, and verifiable acceptance criteria. → Don't get attached to the code. Be prepared to revert changes and retry with refinements to the context. → Fast feedback helps. Provide a way for an LLM to get feedback on its work. → Coding standards and conventions remain useful. LLMs have been trained on code that follows common ones and to copy examples in their context. When your code align with those patterns, you get better results. On Software Development: → Work on small defined tasks. → Work with small batch sizes. → Do the simplest possible thing that meets the requirements. → Use TDD. → Make small atomic commits. → Work iteratively. → Refactor when needed. → Integrate continuously. → Trust, but verify. → Leverage tools. What are your strong opinions on AI-assisted coding?

After weeks of researching how our team at PostHog builds with AI tools like Cursor and Claude Code, I published a deep dive to help you get the most out of them. Here are the things I learned: 1. Treat your big codebase differently than a small codebase. Most AI coding advice is written for vibe coders going from zero to one. You need to care much more about context windows, automation tests, and prompting in larger codebases. 2. Provide the right context, rules, and guardrails. Without them, LLMs go off the rails fast. Reference example code, add documentation, use rules files for different languages, write a spec. And use non-AI tools like linters, type hinting, and testing suites. 3. Learn what AI is good at. Our team finds it excels at autocomplete, adding more tests, rubberducking, and doing research. It’s not so good at writing code in an unfamiliar language, using the correct methods/classes/libraries, following up-to-date best practices, and writing tests from scratch. 4. Always be leveling up your workflow. Great product engineers are always experimenting. To help them do this, we raised our AI tool budget to $300/m, test new tools, try different models, dogfood AI in PostHog itself, and build with AI in hackathons. Remember that as much as you might dislike AI personally, your competitors are using it and so are your users. In both cases, knowing the capabilities and limits of AI helps. To learn more, read my post on AI coding mistakes to avoid → https://lnkd.in/gmMwb_7t