DEV Community

lingxin wang
lingxin wang

Posted on

Good Enough Is Good Enough

#ai #architecture #aws #productivity

I Almost Ruined the Whole Project Chasing "Perfect"

A Near Disaster

Last week I almost blew the project.

The reason: I spent three days researching the "perfect" architecture solution, and wrote zero code.

Here's what happened. My AI Agent could already query databases. Next step was making it "write" data — assign beds, create medical orders, generate alerts.

Problem is: letting AI write SQL directly is dangerous. It might hallucinate and write incorrect statements. No business validation means it might assign a patient to an already-full bed. No audit trail means no accountability if something goes wrong.

So I started researching the "right" solution.

Lambda functions, IAM permissions, API Gateway, CloudWatch logging... architecture diagrams looking beautiful, layer upon layer of security.

Three days later, my mentor asked about progress.

I said: "Still designing the architecture..."

He said something that woke me up: "You're doing local development. The database is a SQLite file. What cloud architecture are you designing?"

Product Thinking vs Engineering Perfection

Calming down, I realized I made a classic mistake: applying production environment standards to development environment work.

Like a product manager worrying about "what if we have a million users" during MVP validation.

The problem: you haven't even validated whether the product works, and you're already worrying about million-user architecture.

My situation was:

  • Agent hasn't validated whether write operation logic is correct
  • Data is local, not even in the cloud
  • The only user is myself

But I was designing a complete cloud permission system.

This isn't being rigorous. This is avoidance — using "design" to avoid "delivery."

The Court's Multiple Lines of Defense

After thinking it through, I reconsidered: what level of security do I actually need?

Legal systems have a concept called "defense in depth."

To convict someone, you don't rely on single evidence. You rely on multiple reviews:

  • Police investigation (first line)
  • Prosecutor review (second line)
  • Judge trial (third line)
  • Appeals process (fourth line)

Each line might fail, but stacked together, error rate drops dramatically.

AI writing data can use the same approach:

  1. First line: Agent can't write SQL directly, only call predefined functions
  2. Second line: Functions have business validation (is bed available? does patient exist?)
  3. Third line: Parameterized SQL prevents injection
  4. Fourth line: Transaction management, all-or-nothing

Four lines of defense. No Lambda needed. No IAM needed. Implementable locally.

The Four-Function Solution

I ended up writing four Python functions:

def assign_bed(engine, admission_id, bed_id) -> dict
def update_prediction(engine, admission_id, predicted_los_hours) -> dict
def create_alert(engine, admission_id, alert_type, severity, message) -> dict
def create_order(engine, admission_id, order_type, scheduled_time) -> dict
Enter fullscreen mode Exit fullscreen mode

Each function does three things:

  1. Validate input (does patient exist? is bed empty?)
  2. Parameterized SQL (prevent injection)
  3. Transaction wrapping (atomicity guarantee)

Less than 100 lines of code. Handles 99% of security risks.

The remaining 1% (cloud permissions, production-grade auditing)? Do it when we actually go to production.

Implications for Product Decisions

This experience taught me a product principle:

"Good enough" is sometimes "the best."

A perfect solution that never ships has zero value.

A 99% solution that ships fast, validates fast, iterates fast — that has way more than zero value.

This isn't laziness. It's trade-offs:

  • What's the biggest risk at current stage?
  • How much risk can minimum effort eliminate?
  • Is the remaining risk worth investing in now?

My situation: biggest current risk is "AI writing SQL incorrectly." Four functions solve 99%. Cloud permissions have negative ROI right now because we're not even in the cloud.

A Mental Model

My mentor gave me a mental model:

"Agent is eyes and mouth — can see, can speak, might make mistakes."
"Write operation functions are hands — they check before acting."

Like role separation in legal systems:

  • Lawyers can state any opinion (mouth), but can't execute judgments directly
  • Judges review opinions before making rulings (checking)
  • Execution officers carry out rulings (hands)

AI's suggestions ("transfer this patient to room 205") must pass function validation before actually executing.

Even if AI judges wrong, the function layer catches it.

Defense in depth. Single point failure isn't fatal.

Advice for Fellow Builders

If you're also building AI products:

  1. Distinguish development stage from production stage — don't build production architecture during MVP
  2. Calculate the cost of 99% solutions — often much lower than you think
  3. Write down "later" things — but don't do them now
  4. Rapidly validate core hypotheses — everything else is noise

Perfectionism is the enemy of products.

Get it running first, then optimize.

Personal Reflection

As someone fresh out of school, I used to fear "not being perfect." Felt like deliverables had to be watertight or I'd be criticized.

But this experience taught me: delivery beats perfection.

Mentors won't criticize you for imperfect solutions. They'll worry when you don't deliver.

First have something that works, then slowly polish.

That's probably the biggest difference between work and school — school chases perfect scores, work chases "shipped."

Top comments (0)