Bridging the Quality Gaps in AI-Assisted Coding
Demo Practices & Future Vision
Press β β or click buttons to navigate
Developer A writes TodoRepository.
A week later, Developer B (or AI) writes EventLogRepository with 90% similar code.
Built-in PR Review says: "LGTM"
It only sees the new diff and cannot know this code already exists in the codebase.
| Blind Spot | Description | Consequence |
|---|---|---|
| Code Duplication | PR introduces code that duplicates existing code | Increased maintenance cost, tech debt accumulation |
| Semantic Conflicts | Resource name conflicts (table names, cache keys, lock names) | Runtime conflicts, hard to debug |
| API Contract Breaking | API modifications break dependent code | Runtime errors, integration failures |
| Architecture Violations | Layer violations, wrong dependency directions | Architecture erosion, decreased maintainability |
| Implementation Drift | Code doesn't match design documentation | Missing features, unmet requirements |
| Legacy Issues | Security vulnerabilities, dead code in existing codebase | Security risks, code bloat |
| Issue Type | Best Tool | AI Role |
|---|---|---|
| Syntactic Duplication | jscpd | Not needed |
| Semantic Duplication | Code Embedding | Similarity calculation |
| Resource Conflicts | Regex Extraction | Conflict summarization |
| Dead Code | Static Index | Filter false positives |
| Spec Compliance | AI Comparison | Core analysis |
Extended PR Quality Check
PR-triggered cross-file quality analysis
Implemented
Periodic Repo Scan
Scheduled full codebase scanning
Implemented
Feature Implementation Check
Implementation vs spec compliance validation
Implemented
| Pattern Name | Detects |
|---|---|
| DistributedLock | Distributed lock names |
| CacheKey | Cache key patterns |
| ConfigKey | Configuration key names |
| QueueName | Message queue/topic names |
| TableName | Storage table names |
| Category | Detection | Severity |
|---|---|---|
| Security | Hardcoded passwords/keys | Critical |
| Security | SQL injection risks | Critical |
| Quality | Empty catch blocks | High |
| Quality | throw ex loses stack | Medium |
| Quality | Console.WriteLine | Low |
Summary
Critical: 8 | High: 4 | Medium: 6 | Low: 3 | Duplicates: 3
Static Analysis
[Critical] Hardcoded connection string
ReportGenerator.cs:11
[Critical] SQL injection risk
ReportGenerator.cs:84
Replace complex regex with natural language prompts:
Validate that PR implementation strictly matches design spec/requirements to prevent:
Uses Azure OpenAI to compare spec vs implementation, outputs: missing requirements, extra features, deviations, compliance score (1-10)
Current: jscpd token-based syntactic duplication
Planned: Code Embedding + vector similarity to detect logically identical but syntactically different code
Current: Example anti-pattern rules (hardcoded detection, etc.)
Planned: Dependency graph analysis, layer rules configuration, custom architecture rules
Current: Detects API route reference conflicts
Planned: Full call chain analysis, breaking change detection
Quality metrics visualization, historical trends, team comparisons
AI generates fix code β Auto-commit β Trigger new review
| Stage | Approach | Characteristics |
|---|---|---|
| Prompt-Driven | Natural Language | Ambiguous, inconsistent |
| Context-Driven | Prompt + Codebase | Better but unstructured |
| Spec-Driven | Structured Specs | Predictable, verifiable |
Built-in PR Review only sees Diff, cannot detect cross-file issues, resource conflicts, spec deviation, etc.
| Practice 1 | PR Extended Quality Check |
| Practice 2 | Periodic Repo Scan |
| Practice 3 | Feature Implementation Check |
Questions & Discussion
Repository: github.com/v1212/aivibingtest
Detailed Documentation: docs/ai-coding-quality-engineering.md