DEV Community: Rajan

Six Months, Five Articles, One Race Condition. Here’s Everything I Got Wrong.

Rajan — Fri, 10 Apr 2026 07:18:48 +0000

This started with AsNoTracking() and ended with a race condition I caused as the reviewer.

Six months ago I rolled out GitHub Copilot to my team. I took notes the whole way — incidents, data, architecture decisions, governance failures. It turned into five articles.

This is the sixth. The retrospective.

Here's what I actually got wrong:

❌ The governance policy I spent two weeks writing — the team told me it was useless before I finished it
❌ I didn't measure reviewer load, only developer speed
❌ I waited five months to name something the team needed to hear at month two
❌ I was overconfident in month one — Copilot is very good at making you feel like everything is fine

And the finding I hadn't planned to track turned out to matter most:

Developers didn't say they felt more confident.
They said they felt less exhausted.

One developer said something in a retro I haven't stopped thinking about:
"I've started to feel anxious when Copilot doesn't have a suggestion."

That's the moment the whole series was really about.

The article covers:
→ What actually changed in four months of data
→ Why governance-as-document always fails
→ The three-layer system that replaced it
→ A decision tree for when to accept a suggestion
→ The skill atrophy problem nobody talks about
→ Everything I'd do differently from day one

From Hallucination to Production Bug: A Post-Mortem on AI-Generated Code

Rajan — Fri, 13 Mar 2026 12:13:24 +0000

I helped introduce a bug into our codebase.

Not the developer. Me — the reviewer.

Here's what happened:

A developer had written a function wrapped in a TransactionScope — a deliberate row-level lock. During my review, I copied part of the function, asked GitHub Copilot Chat to optimise it, and got back a clean suggestion: add AsNoTracking().

I recognised it immediately. It looked right. I posted it as a review comment.

The developer trusted me. They made the change. It passed CI.

In QA, under concurrent load — race condition.

Copilot wasn't wrong. It optimised exactly what it could see.

The problem? It couldn't see the TransactionScope. It couldn't see the row lock. It couldn't see what would happen under concurrent requests.

It was right about the fragment. It was blind to the system.

This is the failure mode nobody talks about:
👉 Not developers blindly accepting AI suggestions.
👉 Reviewers confidently spreading them.

The future of development is AI-Assisted — not AI-Unsupervised.
That one word is the difference between a good review and a race condition in QA.

I wrote up the full post-mortem — what broke, why every layer missed it, and the four concrete things we changed.

🔗 Originally published on Medium

SoftwareEngineering #GitHubCopilot #AI #DevSecOps #CodeReview

We’re Measuring AI Velocity, but We’re Ignoring AI Gravity

Rajan — Fri, 06 Mar 2026 16:36:02 +0000

The 18-Month Wall 🧱

GitHub Copilot and Claude are the fastest ways to write technical debt I’ve ever seen.

In 2026, the bottleneck isn't writing code anymore—it's verifying it. We’ve all seen the euphoric speed of the first quarter, but that speed is creating a massive gravitational pull. Every line of "almost right" AI code adds weight to your repository.

Without deterministic gates, that weight eventually brings your innovation to a dead halt. I call this the AI Gravity crisis.

The Solution: A Digital Immune System 🛡️

To stay fast, we need a framework that treats AI code as "guilty until proven innocent." Here is the 3-layer defense every modern shop needs:

1. Deterministic Gates (SAST)

AI works on probability; production requires proof. We use Sonar to enforce "Clean as You Code" standards. If the AI hallucinates an insecure pattern or a code smell, the gate stays closed.

2. Behavioral Health (Software Intelligence)

Lines of code (LOC) is a vanity metric. We use CodeScene to map the "Health" of our files. If AI is pumping code into a "Hotspot" with high complexity, we stop and refactor before it becomes a legacy nightmare.

3. Engineering Governance

Governance isn't a hurdle; it's a safety rail. By using frameworks like ExtenSURE, we provide the auditability and due diligence that stakeholders require in a post-AI world.

The Architecture of Safety

Here is how the modern AI-augmented SDLC looks:

Final Thought

AI is your gas pedal. Static Analysis and Governance are your brakes. You need both to win the race without crashing.

What are you using to govern AI code in your pipeline? Let's discuss in the comments.

Originally published on Medium