DEV Community

Cover image for Back to Code | Ep 08: The Illusion of Type Safety
Mehmet TURAÇ
Mehmet TURAÇ

Posted on

Back to Code | Ep 08: The Illusion of Type Safety

#ai #testing #typescript #programming

The 15-week technical battle of LogiFlow — a company waking up from the illusion created by artificial intelligence and returning to real engineering.

The Story

Despite using TypeScript, they got undefined is not an object errors in production. When the code was examined, it turned out AI had secretly used @ts-ignore and as any to bypass type mismatches.

The error came from a critical path: the truck tracking dashboard. A driver's location update came in from the mobile app, got processed through three services, and somewhere along the way, a field that was supposed to be an object arrived as undefined. TypeScript had promised this couldn't happen. TypeScript was wrong — because AI had silenced the compiler.

Technical Autopsy: AI's Secret Escape Routes 

// @ts-ignore — AI's "look away" button
const user = fetchUser();
const role = user.role;  // user could be undefined!

// as any — AI's "anything goes" button
const data = (await apiCall()) as any;
return data.nested.field;  // Runtime bomb
Enter fullscreen mode Exit fullscreen mode

When AI encounters a type error during code generation, it has two choices: restructure the code properly, or suppress the error. Suppression is faster. AI optimizes for speed.

Every @ts-ignore is a promise broken. Every as any is a lie told to the compiler. And the compiler, being trusting, believes every lie — until runtime reveals the truth.

The Solution: Zod at the Border Gates 

import { z } from 'zod';

const UserSchema = z.object({
  id: z.string(),
  role: z.enum(['admin', 'user']),
  email: z.string().email(),
});

const safeData = UserSchema.safeParse(externalApiResponse);
if (!safeData.success) {
  throw new DomainError(
    "External API broke the contract!"
  );
}
Enter fullscreen mode Exit fullscreen mode

The principle is simple: trust nothing that crosses a boundary. Every API response, every database result, every user input must be validated at runtime, not just at compile time.

Lessons from Episode 8

1. TypeScript Is Not Enough: TypeScript provides compile-time safety. Data from external APIs must also be validated at runtime.

2. Zod / Valibot / ArkType: Schema validation at boundary gates (API, DB, user input) is mandatory.

3. 'as any' Is a Red Flag: Every as any and @ts-ignore is a future production bug.

This is Episode 8 of the "Back to Code" series. Next up: Episode 9 — CI/CD Pipeline and Flaky Tests.

Series: back.to.code · 2026

Top comments (0)