DEV Community

Cover image for Why AI Shouldn't Write Your Code (And What Should Happen Instead)
Matthew Anderson
Matthew Anderson

Posted on

Why AI Shouldn't Write Your Code (And What Should Happen Instead)

#architecture #webdev #ai #discuss

We've been thinking about AI and code generation wrong.

When you ask an AI to "add authentication to my app," it generates 20-50 lines of code. It writes validation, credential checking, session handling, redirects. Every single time. For every single app.

But here's the thing: AI already knows what optimal authentication looks like. It's seen millions of implementations. It knows the patterns. Login is a solved problem.

So why is it writing code from scratch?

The Problem with "Good Enough"

Laravel has Auth::attempt(). Django has its auth system. Rails has Devise. These work. They're battle-tested. They're... fine.

But they're not optimal. They're "good enough for most use cases."

Laravel's auth is session-based by default. Want JWT? Add Sanctum. Want OAuth? Add Passport. Want API tokens? Different system again. Each one is a separate implementation with its own overhead, its own quirks, its own learning curve.

This isn't optimal. It's a collection of adequate solutions duct-taped together.

What Would Optimal Actually Look Like?

Optimal means:

  1. One implementation that covers all use cases - Not "optimal for sessions" or "optimal for APIs." Just optimal.

  2. Configuration, not reimplementation - Session vs JWT vs OAuth should be a config flag, not a different package.

  3. Zero wasted operations - No extra queries, no unnecessary hydration, no overhead regardless of which strategy you use.

  4. Secure by default - Not "secure if you remember to add this middleware."

Think about it: the core of auth is simple.

  • Verify identity (do credentials match?)
  • Establish trust (create session/token)
  • Persist trust (check on subsequent requests)

Everything else is configuration. Session storage location? Config. Token expiry? Config. OAuth provider? Config.

One optimal implementation. Infinite configurations.

Where AI Fits In

Here's the shift in thinking:

Current model:

User: "Add authentication"
AI: *generates 40 lines of auth code*
Framework: *parses, stores, executes*
Enter fullscreen mode Exit fullscreen mode

Optimal model:

User: "Add authentication"
AI: "Use optimal auth with session strategy, redirect to /dashboard"
Framework: *references pre-built optimal auth, applies config, done*
Enter fullscreen mode Exit fullscreen mode

AI shouldn't be writing auth code. AI should be reaching for optimal auth code that already exists.

The same applies to everything:

  • CRUD operations
  • File uploads
  • Payment processing
  • Email sending
  • Pagination
  • Search
  • Caching

These are all solved problems. AI knows the optimal patterns. Why regenerate them?

The Library That Should Exist

Imagine a library of optimal primitives:

  • Auth - One implementation. Session, JWT, OAuth, API tokens, MFA - all through config.
  • CRUD - Optimal create/read/update/delete. Validation, authorization, transactions built in.
  • Files - Upload, storage, retrieval, streaming. Any provider, any size.
  • Payments - Transaction handling abstracted across providers.

Each one built once. Built optimally. Referenced forever.

When AI needs auth, it doesn't write auth. It says "use auth" and configures it.

This Changes Everything

Think about what this means:

For AI: Instead of generating code that might have bugs, might miss edge cases, might not follow best practices - it references code that's already perfect.

For developers: Instead of reviewing AI-generated auth code to make sure it's secure, you know it's secure because it's the same optimal implementation everyone uses.

For the ecosystem: Instead of millions of slightly-different auth implementations across millions of apps, there's one. Improvements benefit everyone. Security patches apply everywhere.

The Hard Part

The hard part isn't the concept. It's defining what "optimal" actually means for each primitive, then building it.

What's optimal auth? We need to actually figure that out. Not "what's good auth" - what's THE optimal auth that handles every use case through configuration with zero wasted operations.

Then build it. Then make it referenceable. Then move to the next primitive.

Where We're Starting

We're building this. Starting with authentication.

The goal: one auth implementation that AI reaches for instead of regenerates. Configurable for any strategy. No wasted operations. Secure by default.

Once that exists, when any AI anywhere is asked to add auth, it doesn't write code. It references the optimal implementation.

Then we do the same for CRUD. Then files. Then payments. And so on.

This is what AI-framework convergence actually looks like. Not AI writing more code faster. AI composing from optimal pieces that already exist.

The code generation era was a stepping stone. The composition era is what comes next.

If you want to be part of defining what comes next, come and join us at Stellify.

Top comments (0)