<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Aniekan Okono</title>
    <description>The latest articles on DEV Community by Aniekan Okono (@anioko1).</description>
    <link>https://dev.to/anioko1</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3951393%2F315b25b0-eda7-4dda-afb2-c1606674cc6c.png</url>
      <title>DEV Community: Aniekan Okono</title>
      <link>https://dev.to/anioko1</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/anioko1"/>
    <language>en</language>
    <item>
      <title>EU AI Act Enforcement Starts in 7 Weeks. Is Your Codebase Ready?</title>
      <dc:creator>Aniekan Okono</dc:creator>
      <pubDate>Wed, 10 Jun 2026 18:39:03 +0000</pubDate>
      <link>https://dev.to/anioko1/eu-ai-act-enforcement-starts-in-7-weeks-is-your-codebase-ready-17gh</link>
      <guid>https://dev.to/anioko1/eu-ai-act-enforcement-starts-in-7-weeks-is-your-codebase-ready-17gh</guid>
      <description>&lt;p&gt;August 2026 is not a policy deadline. It is a code deadline.&lt;/p&gt;

&lt;p&gt;The EU AI Act's high-risk provisions begin enforcement in August 2026. Annex III defines the categories: biometric systems, critical infrastructure, employment screening, credit scoring, access to essential services, law enforcement, migration, administration of justice, and democratic processes. If your product touches any of these categories — or processes data for customers who do — your codebase is in scope, not just your legal team's slide deck.&lt;/p&gt;

&lt;p&gt;Most compliance conversations I have seen inside large enterprises stop at the policy layer. Someone from legal presents the Act's requirements in a governance meeting. An architect maps them to existing controls. A project is raised to "address gaps." Eighteen months later, the sprint tickets are still open.&lt;/p&gt;

&lt;p&gt;That pattern will not survive August.&lt;/p&gt;

&lt;h2&gt;
  
  
  What the Act actually requires in code
&lt;/h2&gt;

&lt;p&gt;Three articles matter most for software teams. They are not abstract.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Article 13&lt;/strong&gt; requires transparency obligations: high-risk AI systems must be designed and developed to ensure their operation is sufficiently transparent to allow users to interpret the system's output and use it appropriately. In code, this means logging, explainability endpoints, and output metadata. It means the system must be able to tell a user or regulator &lt;em&gt;why&lt;/em&gt; it produced a given output — not just what the output was.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Article 14&lt;/strong&gt; requires human oversight: high-risk systems must be designed to allow natural persons to oversee their functioning effectively during the period of use. In code, this means override mechanisms, audit trails that capture human intervention points, and UI patterns that surface confidence scores and uncertainty signals. A system that produces outputs without a human review pathway is structurally non-compliant.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Article 15&lt;/strong&gt; requires accuracy, robustness, and cybersecurity: high-risk AI systems must be designed and developed with an appropriate level of accuracy, robustness, and cybersecurity, and perform consistently with respect to those aspects throughout their lifecycle. In code, this means input validation, adversarial robustness testing, drift detection hooks, and security controls that match the sensitivity of the output. "It worked in staging" is not a defence.&lt;/p&gt;

&lt;p&gt;None of these requirements are satisfied by adding a README section. They require implementation patterns written into the codebase — not documented after the fact.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why this is a code generation problem
&lt;/h2&gt;

&lt;p&gt;The AI code generation tools that most development teams use today — LLMs in Copilot, Cursor, Bolt, Lovable, and similar — generate code at the token level. They do not model the system. They do not understand that a credit-scoring component is Annex III category six. They do not apply EU AI Act Article 13 logging patterns to outputs that fall within the high-risk scope. They cannot, because they have no system-level specification to work from.&lt;/p&gt;

&lt;p&gt;A developer using an LLM to build a high-risk AI system will get functional code. They will not get Article 13-compliant output logging. They will not get Article 14 human oversight hooks. They will not get Article 15 adversarial robustness wiring. Those will be sprint tickets — each of which will take a compliance consultant to specify and a developer to implement, weeks before an enforcement deadline.&lt;/p&gt;

&lt;p&gt;I have watched this happen inside enterprises. The gap between what the governance layer approved and what the engineering layer shipped is enormous, and it always emerges at the worst time.&lt;/p&gt;

&lt;h2&gt;
  
  
  What a compliant architecture generates
&lt;/h2&gt;

&lt;p&gt;Archiet's EU AI Act compliance overlay is not a checklist applied after the code is generated. It is a transformation applied during generation, from the ArchiMate 3.2 architecture model.&lt;/p&gt;

&lt;p&gt;When a system is modelled with an EU AI Act overlay, the generated code includes:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Structured output logging with the metadata fields required for Article 13 transparency (model version, input hash, confidence score, timestamp, decision rationale fields)&lt;/li&gt;
&lt;li&gt;Human oversight intercept points: API endpoints and UI hooks that surface the system's output for human review before consequential actions are triggered — satisfying Article 14&lt;/li&gt;
&lt;li&gt;Input validation and robustness patterns: boundary checking, rejection of malformed inputs, and audit-trail capture for anomalous inputs — satisfying Article 15&lt;/li&gt;
&lt;li&gt;Data subject identification flags on fields that process personal data in an AI decision context, wired to the GDPR overlay where the two regimes overlap&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;These patterns are structural. They are generated the same way every time from the same architecture model. They cannot be forgotten in a sprint, because they are not sprint tickets — they are properties of the transformation.&lt;/p&gt;

&lt;h2&gt;
  
  
  The 7-week question
&lt;/h2&gt;

&lt;p&gt;If your product is in scope for the EU AI Act high-risk provisions and you are starting from a codebase without these patterns, you have two options.&lt;/p&gt;

&lt;p&gt;The first is a retrofit: audit the existing codebase, identify the gaps against Articles 13, 14, and 15, write sprint tickets, find developer capacity, implement, test, document. This takes months if the codebase is not architecturally clean. Most are not.&lt;/p&gt;

&lt;p&gt;The second is a regeneration: if your system is modelled — and every enterprise system should be — you can apply the EU AI Act overlay to the architecture model and generate a compliant implementation alongside compliant architecture documentation. The generated ADRs and traceability matrix document the compliance posture against each Article. If a regulator asks for evidence, you have it.&lt;/p&gt;

&lt;p&gt;Archiet generates EU AI Act-compliant code across 12 technology stacks. The overlay is one of nine compliance frameworks built into the platform, alongside GDPR, HIPAA, PCI-DSS, SOC2, DORA, ISO 13485, IEC 62443, and the Building Safety Act 2022. The same architecture model always produces the same output — reproducible, auditable, and ready for a regulatory review.&lt;/p&gt;

&lt;p&gt;August is not far away. If your codebase is not ready, the question is not whether to act — it is whether to retrofit or regenerate.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://archiet.com" rel="noopener noreferrer"&gt;archiet.com&lt;/a&gt;&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Aniekan Okono is an Enterprise Architect practitioner at a Fortune Global 500 company and the founder of Archiet.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>compliance</category>
      <category>ai</category>
      <category>architecture</category>
      <category>webdev</category>
    </item>
    <item>
      <title>Why I stopped using LLMs to generate code (and what I use instead)</title>
      <dc:creator>Aniekan Okono</dc:creator>
      <pubDate>Wed, 10 Jun 2026 09:47:57 +0000</pubDate>
      <link>https://dev.to/anioko1/why-i-stopped-using-llms-to-generate-code-and-what-i-use-instead-14in</link>
      <guid>https://dev.to/anioko1/why-i-stopped-using-llms-to-generate-code-and-what-i-use-instead-14in</guid>
      <description>&lt;p&gt;I want to be precise about what I mean by that title, because it's easy to read it as anti-AI and it isn't.&lt;/p&gt;

&lt;p&gt;I use LLMs every day. I used one to write this article's first outline. I use them to parse prose, extract structure, and summarise documents. They're genuinely useful for that.&lt;/p&gt;

&lt;p&gt;What I stopped using them for is &lt;strong&gt;generating application code&lt;/strong&gt; — the part where the output needs to be correct, reproducible, and deployable without a week of cleanup.&lt;/p&gt;

&lt;p&gt;Here's why, and what I built instead.&lt;/p&gt;




&lt;h2&gt;
  
  
  The problem with LLM-generated code isn't the code itself
&lt;/h2&gt;

&lt;p&gt;When Bolt, Lovable, or v0 generate a frontend for you, the output often looks impressive. Clean components, reasonable naming, something that runs on first try. The demo works.&lt;/p&gt;

&lt;p&gt;Then you try to deploy it.&lt;/p&gt;

&lt;p&gt;The database schema is wrong — or missing entirely. There's no auth, or auth that stores tokens in localStorage (which is a security problem). Multi-tenancy doesn't exist: every query returns every user's data. The OpenAPI spec doesn't match the routes. The migrations aren't there.&lt;/p&gt;

&lt;p&gt;None of these are small things. They're the things that take 4–8 weeks to fix before you can show the app to a real user.&lt;/p&gt;

&lt;p&gt;The reason this happens is structural, not incidental. &lt;strong&gt;LLMs are stateless across the context window.&lt;/strong&gt; They don't hold a persistent model of your system. Ask an LLM to add an endpoint, and it will. Ask it to fix a bug in that endpoint, and it will — without awareness of what the fix broke downstream. Ask it to add multi-tenancy, and it might touch 60% of the places that need changing and miss the rest.&lt;/p&gt;

&lt;p&gt;This isn't a failure of the models. It's a consequence of using a tool designed for language generation to do something that requires &lt;strong&gt;deterministic, system-wide consistency&lt;/strong&gt;.&lt;/p&gt;




&lt;h2&gt;
  
  
  What code generation actually requires
&lt;/h2&gt;

&lt;p&gt;Think about what a production-ready codebase actually is. It's not a collection of files that individually look reasonable. It's a system where:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;The data model drives the migrations, which drive the API shape, which drives the frontend types&lt;/li&gt;
&lt;li&gt;Auth is implemented consistently across every route, not just the ones you remembered to mention&lt;/li&gt;
&lt;li&gt;Every query is scoped to the correct tenant&lt;/li&gt;
&lt;li&gt;Compliance constraints (GDPR consent flags, audit trails, HIPAA access controls) are woven through the data layer, not bolted on as an afterthought&lt;/li&gt;
&lt;li&gt;The infrastructure config matches the application config&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For all of that to be correct, the generator needs a &lt;strong&gt;complete, coherent model of the system before it writes a single line&lt;/strong&gt;. An LLM working from a PRD in natural language doesn't have that model. It infers it, incompletely, from what you wrote.&lt;/p&gt;




&lt;h2&gt;
  
  
  The alternative: Model-to-Text generation
&lt;/h2&gt;

&lt;p&gt;Model-driven architecture has existed for decades. The idea: define your system formally first — entities, relationships, capabilities, constraints — and then &lt;strong&gt;generate&lt;/strong&gt; the implementation from that model.&lt;/p&gt;

&lt;p&gt;The key property is determinism. Given the same model, you always get the same output. The generator isn't guessing. It's applying a set of transformation rules to a structured input.&lt;/p&gt;

&lt;p&gt;This is the approach I took when I built &lt;a href="https://archiet.com" rel="noopener noreferrer"&gt;Archiet&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;The workflow looks like this:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;You provide a PRD&lt;/strong&gt; (plain prose — what the system does, who uses it, what the rules are)&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;An LLM parses the PRD&lt;/strong&gt; into a formal schema — what we call the &lt;em&gt;genome&lt;/em&gt;: entities, screens, business rules, capabilities, compliance requirements&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A deterministic Model-to-Text engine&lt;/strong&gt; reads the genome and renders a production-ready ZIP&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The LLM is used exactly where it's good: turning unstructured prose into structured data. The code generation step — where reproducibility and correctness matter — uses no LLMs at all.&lt;/p&gt;




&lt;h2&gt;
  
  
  What "production-ready" actually means in practice
&lt;/h2&gt;

&lt;p&gt;This is where I'll be specific, because "production-ready" gets thrown around loosely.&lt;/p&gt;

&lt;p&gt;In Archiet's output, every generated ZIP includes:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Data layer&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Alembic migrations generated directly from the entity model — you don't write them, they're derived&lt;/li&gt;
&lt;li&gt;Multi-tenant organisation scoping on every query — not added later, baked into the base query class&lt;/li&gt;
&lt;li&gt;No raw SQL strings; parameterised queries throughout&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Auth&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;HTTPOnly cookie-based sessions (no localStorage tokens)&lt;/li&gt;
&lt;li&gt;CSRF protection enabled by default&lt;/li&gt;
&lt;li&gt;Role-based access control generated from the capability model&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;API&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;OpenAPI spec that is always in sync with the routes, because both are generated from the same source&lt;/li&gt;
&lt;li&gt;Consistent error response shapes across every endpoint&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Compliance&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;GDPR, HIPAA, SOC2, DORA, EU AI Act overlays available — not as checklists, but as actual implementation patterns woven into the generated code&lt;/li&gt;
&lt;li&gt;Consent flags, audit trail tables, data retention hooks — present in the output, not left as an exercise for the reader&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Quality gate&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Every ZIP scores ≥80/100 before delivery&lt;/li&gt;
&lt;li&gt;Any hardcoded secret or unfilled placeholder hard-blocks the release&lt;/li&gt;
&lt;li&gt;Generated apps are booted in a sandbox (E2B) and tested before the customer downloads them&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  The unusual part: the open spec
&lt;/h2&gt;

&lt;p&gt;One decision I made early: publish the formal specification that underpins all of this as an open Apache-2.0 standard — archimate-codegen-spec.&lt;/p&gt;

&lt;p&gt;The genome schema, the capability catalogue, the ArchiMate-to-genome mapping rules — all public and auditable independently of Archiet. Archiet is the reference implementation, but the spec belongs to the community.&lt;/p&gt;

&lt;p&gt;The reason: if you're going to trust a tool to generate production code, you should be able to inspect the rules it's applying. A black-box generator you can't audit is a liability in any compliance-heavy context.&lt;/p&gt;




&lt;h2&gt;
  
  
  Where LLMs still belong in this pipeline
&lt;/h2&gt;

&lt;p&gt;I want to be clear that I'm not arguing against LLMs in software development. The PRD parsing step is genuinely hard to do without one, and the quality of that parsing directly affects the quality of the output.&lt;/p&gt;

&lt;p&gt;What I'm arguing is that there's a category error in using LLMs for the code generation step specifically. The properties you need from a code generator — determinism, consistency, auditability, reproducibility — are exactly the properties that LLMs are architecturally unable to provide.&lt;/p&gt;

&lt;p&gt;The right tool for parsing ambiguous human language into structured data: LLM.&lt;br&gt;
The right tool for transforming a complete, formal system model into consistent, correct code: deterministic template engine.&lt;/p&gt;

&lt;p&gt;Using the same tool for both because it can do both is like using a hammer to drive screws because you don't want to switch tools. It works well enough until it doesn't, and when it doesn't the failure is hard to diagnose.&lt;/p&gt;




&lt;h2&gt;
  
  
  What this means for your projects
&lt;/h2&gt;

&lt;p&gt;If you're building something where correctness matters — fintech, healthtech, anything with compliance requirements, anything multi-tenant, anything that needs to pass a security audit — the cleanup cost of LLM-generated code is a real project risk, not a theoretical one.&lt;/p&gt;

&lt;p&gt;The alternative isn't to write everything by hand. It's to separate the concern: use AI for the parts that are genuinely hard for machines (understanding your intent), and use deterministic generation for the parts where machines are genuinely better than humans (applying rules consistently at scale).&lt;/p&gt;

&lt;p&gt;That's the architecture that lets you go from PRD to deployable ZIP without a cleanup sprint.&lt;/p&gt;

&lt;p&gt;If you're curious about the technical details of the genome schema or the M2T engine design, happy to go into it in the comments. And if you want to try it: &lt;a href="https://archiet.com" rel="noopener noreferrer"&gt;archiet.com&lt;/a&gt; — free tier available.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>devtools</category>
      <category>codegen</category>
      <category>architecture</category>
    </item>
    <item>
      <title>Spec-Driven Development Without an IDE: I Generated NestJS, Go, Spring Boot, Laravel, and Rust Apps From a Single PRD File</title>
      <dc:creator>Aniekan Okono</dc:creator>
      <pubDate>Mon, 25 May 2026 21:24:23 +0000</pubDate>
      <link>https://dev.to/anioko1/spec-driven-development-without-an-ide-i-generated-nestjs-go-spring-boot-laravel-and-rust-3p26</link>
      <guid>https://dev.to/anioko1/spec-driven-development-without-an-ide-i-generated-nestjs-go-spring-boot-laravel-and-rust-3p26</guid>
      <description>&lt;p&gt;Amazon launched Kiro in 2025 with a waiting list and a clear thesis: the problem with AI coding tools is not that they write bad code, it is that they write code with no connection to your requirements. Kiro's answer is spec-driven development — you write a spec, the tooling generates from it, and the spec stays authoritative.&lt;/p&gt;

&lt;p&gt;Kiro is a good idea. But it is also a proprietary IDE you have to install, sign in to, and trust with your codebase.&lt;/p&gt;

&lt;p&gt;I built the same concept as a set of open-source CLI tools: one per ecosystem, published to the registry your team already uses. No IDE. No account. No network calls. A text file goes in, a working application comes out.&lt;/p&gt;

&lt;p&gt;Here is what I built, how it works, and why the architecture matters more than the code.&lt;/p&gt;




&lt;p&gt;Try it right now — pick your stack&lt;/p&gt;

&lt;p&gt;# NestJS / TypeScript&lt;br&gt;
 npm install -g archiet-microcodegen-nestjs&lt;br&gt;
 archiet-microcodegen-nestjs --sample &amp;gt; prd.md&lt;br&gt;
 archiet-microcodegen-nestjs prd.md --out ./my-app&lt;br&gt;
 cd my-app &amp;amp;&amp;amp; npm install &amp;amp;&amp;amp; docker compose up&lt;/p&gt;

&lt;p&gt;# Go Chi&lt;br&gt;
 go install github.com/aniekanasuquookono-web/archiet-microcodegen-go@latest&lt;br&gt;
 archiet-microcodegen-go prd.md --out ./my-app&lt;br&gt;
 cd my-app &amp;amp;&amp;amp; make run&lt;/p&gt;

&lt;p&gt;# Laravel (PHP)&lt;br&gt;
 composer global require archiet/microcodegen-laravel&lt;br&gt;
 archiet-microcodegen-laravel prd.md --out ./my-app&lt;br&gt;
 cd my-app &amp;amp;&amp;amp; composer install &amp;amp;&amp;amp; docker compose up&lt;/p&gt;

&lt;p&gt;# Spring Boot (Java)&lt;br&gt;
 java -jar archiet-microcodegen-java.jar prd.md --out ./my-app&lt;br&gt;
 cd my-app &amp;amp;&amp;amp; mvn spring-boot:run&lt;/p&gt;

&lt;p&gt;# Tauri (Rust + desktop)&lt;br&gt;
 cargo install archiet-microcodegen-tauri&lt;br&gt;
 archiet-microcodegen-tauri prd.md --out ./my-app&lt;br&gt;
 cd my-app &amp;amp;&amp;amp; npm install &amp;amp;&amp;amp; npm run tauri dev&lt;/p&gt;

&lt;p&gt;Your app has full CRUD, JWT auth with httpOnly cookies, Postgres 16, and per-user data isolation — before you have finished reading this article.&lt;/p&gt;




&lt;p&gt;What spec-driven development actually means&lt;/p&gt;

&lt;p&gt;Spec-driven development is a 25-year-old idea from model-driven architecture (MDA): write a formal model of your system, then derive the implementation from it. The model is the source of truth. The code is an artefact of the model.&lt;/p&gt;

&lt;p&gt;The reason this did not become mainstream is that writing formal models used to require UML tools and an enterprise architect. Kiro's insight (and mine) is that a plain text requirements file is a formal model — it just needs a parser that takes it seriously.&lt;/p&gt;

&lt;p&gt;The pipeline has four stages. I implemented all four in every language, which is why each generator produces genuinely correct output rather than a template with blanks left for you to fill in.&lt;/p&gt;




&lt;p&gt;The four stages&lt;/p&gt;

&lt;p&gt;Stage 1 — parse_prd(text) → Manifest&lt;/p&gt;

&lt;p&gt;Reads your text file. Extracts every entity definition (e.g. Task, Project, User), field names with types, user stories, and integration references — using regex, not an LLM. The output is a language-agnostic Manifest.&lt;/p&gt;

&lt;p&gt;# Example PRD snippet:&lt;br&gt;
 # "The system manages Projects and Tasks. A Project has a name, description, and status.&lt;br&gt;
 #  A Task has a title, body, due_date, and belongs to a Project."&lt;/p&gt;

&lt;p&gt;# Manifest output:&lt;br&gt;
 Entities: [Project, Task]&lt;br&gt;
 Fields:&lt;br&gt;
   Project: name (string, required), description (text), status (string)&lt;br&gt;
   Task: title (string, required), body (text), due_date (string), project_id (FK→Project)&lt;/p&gt;

&lt;p&gt;Stage 2 — manifest_to_genome(manifest) → Genome&lt;/p&gt;

&lt;p&gt;Converts the Manifest into an Architectural Genome — a typed intermediate representation using ArchiMate 3.2 element categories: ApplicationComponent, ApplicationService, DataObject, ApplicationInterface.&lt;/p&gt;

&lt;p&gt;Every entity automatically receives id, user_id (for per-tenant isolation), and created_at. Relationships are made explicit. The Genome is still language-agnostic — it drives NestJS output and Go output and Laravel output equally.&lt;/p&gt;

&lt;p&gt;{&lt;br&gt;
   "solution_name": "TaskManager",&lt;br&gt;
   "entities": [&lt;br&gt;
     {&lt;br&gt;
       "name": "Task",&lt;br&gt;
       "archimate_type": "DataObject",&lt;br&gt;
       "fields": {&lt;br&gt;
         "id": { "type": "integer", "required": true },&lt;br&gt;
         "user_id": { "type": "integer", "required": true },&lt;br&gt;
         "title": { "type": "string", "required": true },&lt;br&gt;
         "due_date": { "type": "string", "required": false },&lt;br&gt;
         "created_at": { "type": "datetime", "required": true }&lt;br&gt;
       },&lt;br&gt;
       "relationships": [&lt;br&gt;
         { "type": "association", "target": "Project", "cardinality": "many-to-one" }&lt;br&gt;
       ]&lt;br&gt;
     }&lt;br&gt;
   ]&lt;br&gt;
 }&lt;/p&gt;

&lt;p&gt;This is where the approach diverges from a template system. The Genome is your architecture document in machine-readable form. Stages 3 and 4 are pure rendering — they never make decisions about what the system is.&lt;/p&gt;

&lt;p&gt;Stage 3 — render_genome(genome) → {path: content}&lt;/p&gt;

&lt;p&gt;The language-specific stage. The NestJS renderer generates TypeScript with TypeORM. The Go renderer generates idiomatic Chi handlers with GORM. The Laravel renderer generates Eloquent models, controllers with Form Requests, and Blade-free API resources. The Rust renderer generates Tauri IPC commands with rusqlite.&lt;/p&gt;

&lt;p&gt;Stages 1 and 2 are shared across all ten packages. Only stage 3 differs. That is why it was possible to ship ten ecosystems in one week — the architecture thinking was done once, not ten times.&lt;/p&gt;

&lt;p&gt;Stage 4 — pack(files) → ZIP or directory&lt;/p&gt;

&lt;p&gt;Writes to disk or bundles a ZIP. Pure stdlib in every implementation — no external zip library.&lt;/p&gt;




&lt;p&gt;The generated NestJS app (for NestJS developers)&lt;/p&gt;

&lt;p&gt;Running the generator against a task-manager PRD produces:&lt;/p&gt;

&lt;p&gt;src/&lt;br&gt;
   auth/&lt;br&gt;
     auth.module.ts&lt;br&gt;
     auth.controller.ts     ← /auth/register, /auth/login, /auth/me, /auth/logout&lt;br&gt;
     jwt.strategy.ts        ← reads httpOnly cookie, never Authorization header&lt;br&gt;
     jwt-auth.guard.ts&lt;br&gt;
   task/&lt;br&gt;
     task.controller.ts     ← GET /tasks, POST /tasks, GET /tasks/:id, PUT, DELETE&lt;br&gt;
     task.service.ts        ← every method filters by userId&lt;br&gt;
     task.entity.ts         ← TypeORM &lt;a class="mentioned-user" href="https://dev.to/entity"&gt;@entity&lt;/a&gt;, &lt;a class="mentioned-user" href="https://dev.to/column"&gt;@column&lt;/a&gt;, @PrimaryGeneratedColumn&lt;br&gt;
     dto/&lt;br&gt;
       create-task.dto.ts   ← class-validator decorators, correct 422 on failure&lt;br&gt;
       update-task.dto.ts&lt;br&gt;
 docker-compose.yml         ← Postgres 16, healthcheck-gated startup&lt;br&gt;
 ARCHITECTURE.md            ← ArchiMate 3.2 element inventory&lt;br&gt;
 openapi.yaml               ← machine-readable API contract&lt;br&gt;
 test/&lt;br&gt;
   task.controller.spec.ts  ← happy-path Jest tests per controller&lt;/p&gt;

&lt;p&gt;Three security properties the generator enforces that AI assistants routinely get wrong:&lt;/p&gt;

&lt;p&gt;httpOnly cookies, not localStorage. JwtStrategy reads from req.cookies['access_token']. AuthController sets httpOnly: true, secure: true, sameSite: 'strict'. localStorage is an XSS vulnerability. The generator does not offer it as an option.&lt;/p&gt;

&lt;p&gt;Per-user isolation on every query. taskService.findAll(userId) executes WHERE user_id = $1. Every service method receives the authenticated user's ID from the guard. There is no code path that returns another user's data.&lt;/p&gt;

&lt;p&gt;Correct HTTP status codes. 201 on create. 422 on validation failure. 403 on auth failure. 404 on not-found. This is the generated code, not the documentation.&lt;/p&gt;




&lt;p&gt;The generated Laravel app (for PHP/Laravel developers)&lt;/p&gt;

&lt;p&gt;Laravel is one of the most-searched scaffolding targets because the ecosystem is large and opinionated. The generator produces:&lt;/p&gt;

&lt;p&gt;app/&lt;br&gt;
   Models/&lt;br&gt;
     Task.php               ← Eloquent model, $fillable, $casts, userId scope&lt;br&gt;
   Http/&lt;br&gt;
     Controllers/&lt;br&gt;
       TaskController.php   ← full CRUD resource controller&lt;br&gt;
     Requests/&lt;br&gt;
       StoreTaskRequest.php ← FormRequest validation, 422 on failure&lt;br&gt;
     Resources/&lt;br&gt;
       TaskResource.php     ← API resource, hides internal fields&lt;br&gt;
 routes/&lt;br&gt;
   api.php                  ← Route::apiResource + auth middleware&lt;br&gt;
 database/&lt;br&gt;
   migrations/&lt;br&gt;
     create_tasks_table.php ← with user_id FK index&lt;br&gt;
 docker-compose.yml&lt;br&gt;
 ARCHITECTURE.md&lt;br&gt;
 openapi.yaml&lt;/p&gt;

&lt;p&gt;The Task model has a global scope that automatically filters by the authenticated user — the same per-tenant isolation principle, expressed in Laravel idioms.&lt;/p&gt;




&lt;p&gt;The generated Go app (for Go developers)&lt;/p&gt;

&lt;p&gt;Go developers are allergic to magic. The generated app uses net/http (via Chi for routing), GORM, and golang-jwt/jwt. No reflection-heavy frameworks.&lt;/p&gt;

&lt;p&gt;func (h *TaskHandler) ListTasks(w http.ResponseWriter, r *http.Request) {&lt;br&gt;
     userID := r.Context().Value(contextKeyUserID).(int64)&lt;br&gt;
     tasks, err := h.service.FindAllByUser(r.Context(), userID)&lt;br&gt;
     // ...&lt;br&gt;
 }&lt;/p&gt;

&lt;p&gt;func (s *TaskService) FindAllByUser(ctx context.Context, userID int64) ([]Task, error) {&lt;br&gt;
     var tasks []Task&lt;br&gt;
     result := s.db.WithContext(ctx).Where("user_id = ?", userID).Find(&amp;amp;tasks)&lt;br&gt;
     return tasks, result.Error&lt;br&gt;
 }&lt;/p&gt;

&lt;p&gt;Generated Makefile includes make build, make test, make migrate. Zero magic.&lt;/p&gt;




&lt;p&gt;The Tauri generator is intentionally different&lt;/p&gt;

&lt;p&gt;Desktop apps have different constraints. The generated Tauri app uses SQLite instead of Postgres. Auth uses Argon2id + UUID session tokens in application memory — there is no HTTP layer in Tauri, only IPC commands.&lt;/p&gt;

&lt;p&gt;#[tauri::command]&lt;br&gt;
 async fn list_tasks(state: State&amp;lt;'_, AppState&amp;gt;, session: String) -&amp;gt; Result, String&amp;gt; {&lt;br&gt;
     let user_id = state.sessions.lock().unwrap()&lt;br&gt;
         .get(&amp;amp;session).copied().ok_or("Unauthorised")?;&lt;br&gt;
     // every query filters by user_id — same principle, different idiom&lt;br&gt;
 }&lt;/p&gt;




&lt;p&gt;How this compares to Amazon Kiro&lt;/p&gt;

&lt;p&gt;Kiro and these generators share the same core insight: spec-first produces better software than prompt-and-pray. The differences are practical:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;These are different tools. If you are already using Kiro, you can use these generators to bootstrap the initial project before Kiro helps you extend it.&lt;/p&gt;




&lt;p&gt;Why pure stdlib — the Karpathy constraint&lt;/p&gt;

&lt;p&gt;Each generator is one file, under 1,400 lines, zero external dependencies. The Go generator uses only archive/zip, encoding/json, and os. The Node.js generator uses only fs, path, crypto, and zlib. The Rust generator uses only std.&lt;/p&gt;

&lt;p&gt;This comes from Andrej Karpathy's micrograd philosophy: if you cannot express the complete algorithm in a small, dependency-free file, you do not fully understand it. Every generator is auditable in a single reading. No transitive dependencies, no supply-chain risks, no version conflicts.&lt;/p&gt;

&lt;p&gt;It also means the generator never breaks because a dependency changed its API.&lt;/p&gt;




&lt;p&gt;The architecture document that survives your codebase&lt;/p&gt;

&lt;p&gt;Every generated project includes ARCHITECTURE.md with a typed ArchiMate 3.2 inventory:&lt;/p&gt;

&lt;p&gt;### ApplicationComponent: TaskManagerAPI&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Realises: TaskManagementService&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;### DataObject: Task&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Fields: id, user_id, title, body, due_date, status, created_at&lt;/li&gt;
&lt;li&gt;Association: Task → Project (many-to-one)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Six months from now, a new engineer reads ARCHITECTURE.md and understands the system without deciphering the implementation.&lt;/p&gt;




&lt;p&gt;Distribution: why ten registries matter&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;NestJS&lt;/strong&gt; → &lt;code&gt;npm install -g archiet-microcodegen-nestjs&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Go Chi&lt;/strong&gt; → &lt;code&gt;go install github.com/aniekanasuquookono-web/archiet-microcodegen-go@latest&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Laravel&lt;/strong&gt; → &lt;code&gt;composer global require archiet/microcodegen-laravel&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Spring Boot&lt;/strong&gt; → &lt;code&gt;java -jar archiet-microcodegen-java.jar&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Rails&lt;/strong&gt; → &lt;code&gt;gem install archiet-microcodegen-rails&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;.NET&lt;/strong&gt; → &lt;code&gt;dotnet tool install -g archiet-microcodegen-dotnet&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Tauri&lt;/strong&gt; → &lt;code&gt;cargo install archiet-microcodegen-tauri&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;FastAPI&lt;/strong&gt; → &lt;code&gt;pip install archiet-microcodegen&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Flask&lt;/strong&gt; → &lt;code&gt;pip install archiet-microcodegen-flask&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Django&lt;/strong&gt; → &lt;code&gt;pip install archiet-microcodegen-django&lt;/code&gt;
&lt;/li&gt;
&lt;/ul&gt;




&lt;p&gt;The underlying platform&lt;/p&gt;

&lt;p&gt;These generators are the offline distribution of Archiet — a platform that applies the same spec-driven pipeline at enterprise scale: multi-stack simultaneous generation, quality scoring, delivery gates, and a live genome editor.&lt;/p&gt;

&lt;p&gt;Spec-driven development should not require a proprietary IDE. These tools exist to make it available everywhere developers already work.&lt;/p&gt;

&lt;p&gt;If you want the full platform — try &lt;a href="https://dev.tourl"&gt;Archiet.com&lt;/a&gt;&lt;/p&gt;




&lt;p&gt;Source is public on GitHub. If you hit an issue, the algorithm is short enough that a fix is usually a one-line PR.&lt;/p&gt;




</description>
      <category>webdev</category>
      <category>ai</category>
      <category>architecture</category>
      <category>opensource</category>
    </item>
  </channel>
</rss>
