惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LINUX DO - 最新话题
C
Cyber Attacks, Cyber Crime and Cyber Security
G
GRAHAM CLULEY
T
Tenable Blog
T
Threatpost
C
CXSECURITY Database RSS Feed - CXSecurity.com
I
Intezer
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
Security Latest
Security Latest
P
Privacy & Cybersecurity Law Blog
Google Online Security Blog
Google Online Security Blog
SecWiki News
SecWiki News
P
Palo Alto Networks Blog
TaoSecurity Blog
TaoSecurity Blog
Webroot Blog
Webroot Blog
Spread Privacy
Spread Privacy
O
OpenAI News
The Last Watchdog
The Last Watchdog
P
Proofpoint News Feed
C
Check Point Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
人人都是产品经理
人人都是产品经理
S
Security @ Cisco Blogs
Scott Helme
Scott Helme
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
月光博客
月光博客
S
Securelist
酷 壳 – CoolShell
酷 壳 – CoolShell
V
V2EX
T
Troy Hunt's Blog
W
WeLiveSecurity
GbyAI
GbyAI
N
News | PayPal Newsroom
Y
Y Combinator Blog
C
Cisco Blogs
H
Help Net Security
The GitHub Blog
The GitHub Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 【当耐特】
Jina AI
Jina AI
MongoDB | Blog
MongoDB | Blog
P
Proofpoint News Feed
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
云风的 BLOG
云风的 BLOG
小众软件
小众软件
N
News and Events Feed by Topic

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
I Used AI for Code Review on a Production ERP for 6 Months. Here's Where It Actually Failed Me.
sumit2401 · 2026-05-20 · via DEV Community

Six months ago I started running every non-trivial piece of code through AI before it shipped. Not prototypes — real ERP and CRM modules with paying clients on the other end. Batch processing tables, MRP allocation logic, dynamic invoice builders, real-time dashboards.

Here's what I found out.


What AI is actually good at

Duplicate functions. In a codebase that's been touched by multiple devs over months, this is AI's most reliable win. It flagged things like: "This mirrors formatCurrency in utils/formatters.ts" — the kind of thing that slips through human review because everyone assumes someone else already checked.

Calculation bugs in self-contained utilities. Off-by-one errors, wrong operator precedence, bad unit conversions — if the function is isolated and doesn't depend on external state, AI catches these consistently. In ERP systems, a broken landed cost formula or tax calculation is instant client trust damage. AI has saved me here more than once.

Direct React state mutations. Pushing directly to an array, mutating nested objects without spreading — AI flags these reliably in simple components. Not groundbreaking, but useful as a first pass before compilation.


Where it completely fell apart

Race conditions. This was my most painful production bug in the last 6 months.

Our batch item table allows rapid concurrent mutations — user triggers cascading calculations, multiple async state updates overlap, one override silently wins. Classic race condition.

I ran the component through every AI tool I was using at the time. Zero flags. Not even a "this might be worth checking." The bug only surfaced when a client hit a specific sequence of interactions in rapid succession.

AI does static analysis. It cannot simulate erratic user interaction timing. Race conditions are invisible to it.

Web Worker memory leaks. I implemented workers for heavy client-side calculations. Suspicious of potential leaks from rapid event-driven spawning, I tasked my entire AI stack with auditing the cleanup patterns.

Every tool gave a confident green pass.

My manual browser profiling found that workers weren't reliably terminating under specific runtime exceptions. Ghost processes, staying alive. The AI verified the cleanup code existed. It could not verify the cleanup actually ran across every execution path.

CSS layout bugs on custom components. Built a proprietary data grid from scratch to hit strict UX requirements. Ran into padding misalignments and layout collapse under certain data payloads.

AI was almost useless. I'd describe the visual bug, it would claim to fix it, the rendered output would still be broken. Without a real rendering environment, it's guessing at cascade behavior.


The thing nobody talks about: chunking

This was my biggest operational discovery.

I was building an MRP allocation table — quantities, supply constraints, fulfillment priorities cascading across hundreds of rows. I fed the full spec into the AI in a single pass.

Every tool failed. Not "slightly off" — confidently wrong logic that looked correct until you traced execution. Broken dependencies, misallocated quantities, state updates that would silently fail on specific edge cases.

Then I split it:

  1. One prompt — just the core allocation math
  2. One prompt — data validation constraints only
  3. One prompt — the immutable React state update pattern
  4. Final prompt — audit each module against the others

Every piece came back clean. Assembled system worked perfectly in production.

The mental model shift: AI degrades under compound logical dependencies, not under token length. An ERP module has overlapping validation paths, tax calculations, database state requirements. Feeding all of it simultaneously overloads the model's situational logic.

If you can't explain the task scope to a senior dev in 2 minutes out loud, chunk it before it touches an LLM.


The confidence problem

This is the part that actually concerns me.

When my Web Worker had a memory leak, no tool said: "This syntax looks valid, but I can't verify runtime cleanup behavior — profile this manually." They said it looked fine. Clean pass. Ship it.

The framing I've settled on:

An AI bug flag is high-signal — act on it immediately.
An AI clean pass is weak evidence — it means no obvious patterns matched, not that the code is safe.

The deadline trap is real. When you're pushing to meet a sprint, "the AI said it's fine" becomes a substitute for actual testing. That's where production regressions come from.


My actual tool stack after 6 months

  • Codeium — inline autocomplete for single-file work. Hits a ceiling fast on cross-file reasoning.
  • ChatGPT — useful for isolated logic audits, but snippet output creates integration friction at scale.
  • Cursor (Claude Sonnet) — my go-to for refactoring. Full-file editing context is genuinely better than any chat interface.
  • Google Gemini Code Assist — primary daily driver. Large context window, cost-efficient for heavy ERP work.
  • Claude direct — architectural audits and high-level logic design. Most willing to flag issues with caveats instead of blind passes.
  • OpenAI Codex App — pre-PR repository-wide audits in sandboxed worktrees. Runs parallel agents without touching my local environment.

Each tool serves a distinct step. Switching between them isn't tool-hopping — it's using the right instrument for the job.


Quick reference

Trust AI for:

  • Utility functions under ~50 lines with clear I/O
  • Catching duplicate/redundant modules across large repos
  • Refactoring known-safe logic into cleaner patterns
  • Boilerplate React hooks, contexts, basic reducers

Verify manually:

  • Multi-tiered stateful components with rapid user interactions
  • Web Workers, Sockets, async lifecycle management
  • Custom visual components (non-library)
  • Core financial/billing calculations
  • Anything you can't explain to a teammate in 2 minutes

Chunk before sending:

  • Features spanning more than 2 interacting subsystems
  • Full ERP modules with cascading state (MRP, inventory allocation)
  • Any prompt that needs multiple paragraphs just to define the constraints

The engineers getting the most out of AI aren't the ones who trust it blindly. They're the ones who know exactly where that trust stops.

Full breakdown with the complete MRP case study, tool-by-tool notes, and a practical checklist here → stacknovahq.com