Generative AI for Code
Understand how AI code generation works and how to use it effectively. Covers LLM architectures for code, prompt engineering, code completion, test generation, code review, and the patterns that maximize productivity while maintaining code quality.
AI code generation has shifted from novelty to necessity. GitHub Copilot, Cursor, and similar tools now write 30-50% of code in adopting organizations. But AI-generated code is not inherently good code — it is probable code based on training patterns. Understanding how to evaluate and direct AI code generation is a new critical engineering skill.
How Code LLMs Work
Training data:
Public GitHub repositories (permissively licensed)
Stack Overflow answers
Documentation and technical blogs
Training process:
1. Tokenize source code
2. Train next-token prediction model
3. Fine-tune on code-specific tasks
4. Align with human preferences (RLHF)
Inference:
Input: Code context (current file, open files, instructions)
Output: Most probable next tokens
Key insight:
LLMs generate PROBABLE code, not CORRECT code
Code that appears frequently in training data → confident suggestion
Novel or niche patterns → less reliablePrompt Engineering for Code
# BAD prompt: Vague, no context
# "Write a function to process data"
# GOOD prompt: Specific, constrained, with examples
"""
Write a Python function that:
- Takes a list of Order objects (id: str, total: Decimal, status: str)
- Filters to orders with status 'pending'
- Groups by currency
- Returns dict[str, Decimal] mapping currency to total
- Handle empty input gracefully
- Use type hints throughout
Example:
Input: [Order("1", Decimal("99.99"), "pending", "USD"),
Order("2", Decimal("50.00"), "shipped", "USD")]
Output: {"USD": Decimal("99.99")}
"""Code Review of AI-Generated Code
Checklist for reviewing AI output:
☐ Correctness: Does it actually do what was asked?
- AI confidently generates wrong algorithms
- Edge cases often missed (empty input, null, overflow)
☐ Security: Any vulnerabilities?
- SQL injection (AI loves string concatenation)
- Hardcoded credentials in examples
- Missing input validation
☐ Performance: Efficient for actual data size?
- AI defaults to simple O(n²) when O(n) exists
- Unnecessary copies and allocations
☐ Maintainability: Would you merge this from a human?
- Too clever (AI shows off training data patterns)
- Inconsistent with codebase conventions
- Missing error handling
☐ Dependencies: Did it import something unexpected?
- AI suggests packages you don't use
- Version-specific APIs that don't match your versionEffective Patterns
Pattern 1: Generate tests, not implementation
"Write comprehensive unit tests for this function"
Then implement the function to pass the tests
AI-generated tests cover cases you'd miss
Pattern 2: Document → Code
Write clear function docstring first
Let AI implement to match the spec
Documentation serves as verification
Pattern 3: Prototype → Refine
Let AI generate initial draft
Refactor for your standards
Faster than blank-page writing
Pattern 4: Explain → Fix
Paste error message + code
"Why does this fail and how to fix it?"
AI is excellent at debugging common errorsOrganizational Adoption
adoption_levels:
level_1_individual:
tools: "Copilot, Cursor for individual developers"
policy: "Developer discretion, review required"
risk: "Low (standard code review catches issues)"
level_2_team:
tools: "Shared prompts, team AI coding standards"
policy: "AI-generated code must pass all CI checks"
risk: "Medium (consistency, style drift)"
level_3_organization:
tools: "Custom fine-tuned models, internal code search"
policy: "AI governance framework, license compliance"
risk: "Higher (IP concerns, training data licensing)"Anti-Patterns
| Anti-Pattern | Consequence | Fix |
|---|---|---|
| Accept AI output without review | Bugs, security vulnerabilities | Review AI code like human code |
| AI for security-critical code | Subtle vulnerabilities | Human-written security code |
| Over-reliance on AI | Skills atrophy, can’t debug | Understand what AI generates |
| No license compliance | Legal risk from training data | Use licensed-trained models |
| Prompt with sensitive data | Data leakage to AI provider | Strip secrets, use private models |
AI code generation is a power tool — it amplifies both productivity and mistakes. The engineer who uses AI effectively reviews every suggestion, provides specific context, and never assumes the output is correct.
