Code with AI Activity 3: Professional Code Generation Workshop

🎯 Activity Objectives

By completing this workshop, you will:

• Generate production-ready code using AI assistance
• Implement comprehensive code quality assessments
• Apply security review methodologies
• Create performance benchmarks for generated code
• Build portfolio-worthy applications with proper documentation
• Master iterative refinement techniques for AI-generated code

📌 Prerequisites

• Basic programming knowledge in at least one language
• Access to an AI coding assistant (GitHub Copilot, ChatGPT, Claude, etc.)
• Development environment configured for your chosen language
• Understanding of software development best practices

🔧 Workshop Setup

Required Tools

1. IDE/Editor: VS Code, IntelliJ, or preferred environment
2. Version Control: Git initialized repository
3. Testing Framework: Language-specific (Jest, PyTest, JUnit, etc.)
4. Linting Tools: ESLint, Pylint, or equivalent
5. Performance Profiler: Language-specific tools

Repository Structure

ai-code-workshop/
├── src/              # Source code
├── tests/            # Test suites
├── docs/             # Documentation
├── benchmarks/       # Performance tests
└── security/         # Security audit results

Part One: Real Project Scaffolding Exercise (30 minutes)

Project: Enterprise-Grade REST API Service

You'll build a production-ready microservice with AI assistance, focusing on code quality and professional standards.

One.1 Initial Architecture Generation

Professional Prompt Template:

Generate a RESTful API service architecture in [language] with:
- Clean architecture pattern (controllers, services, repositories)
- Database integration with connection pooling
- Authentication middleware using JWT
- Request validation and error handling
- Logging and monitoring setup
- API documentation (OpenAPI/Swagger)
- Docker containerization
- Environment configuration management

Include production-grade considerations:
- Rate limiting
- CORS configuration
- Health check endpoints
- Graceful shutdown handling

One.2 Code Quality Assessment Checklist

Evaluate AI-generated code against these criteria:

Architecture & Design

• Follows SOLID principles
• Clear separation of concerns
• Dependency injection implemented
• Testable architecture

Code Standards

• Consistent naming conventions
• Proper error handling throughout
• No hardcoded values
• Comprehensive logging

Security

• Input validation on all endpoints
• SQL injection prevention
• Secure password handling
• API key/token management

Performance

• Database query optimization
• Caching strategy implemented
• Connection pooling configured
• Async operations where appropriate

One.3 Iterative Refinement Process

Round 1: Core Functionality

Review the generated code and request:
1. Unit tests for all service methods
2. Integration tests for API endpoints
3. Error handling improvements
4. Input sanitization enhancement

Round 2: Production Hardening

Enhance for production deployment:
1. Add circuit breaker pattern
2. Implement retry logic with exponential backoff
3. Add distributed tracing headers
4. Include metrics collection

Round 3: Documentation & DevOps

Complete the professional setup:
1. Generate comprehensive API documentation
2. Create CI/CD pipeline configuration
3. Add database migration scripts
4. Include monitoring dashboards

Part 2: Performance Benchmarking (20 minutes)

2.1 Benchmark Setup

Create performance tests for your API:

// Example performance test structure
const scenarios = [
  {
    name: 'Light Load',
    vus: 10,        // Virtual users
    duration: '30s',
    thresholds: {
      http_req_duration: ['p(95)<200'], // 95% of requests under 200ms
      http_req_failed: ['rate<0.1'],    // Error rate under 10%
    }
  },
  {
    name: 'Heavy Load',
    vus: 100,
    duration: '60s',
    thresholds: {
      http_req_duration: ['p(95)<500'],
      http_req_failed: ['rate<0.2'],
    }
  }
];

2.2 Performance Optimization with AI

Optimization Prompt:

Analyze this code for performance bottlenecks and suggest optimizations:
[Your code]

Focus on:
1. Database query optimization
2. Memory usage reduction
3. CPU-intensive operations
4. Network call efficiency
5. Caching opportunities

2.3 Benchmark Documentation

Document your findings:

Part 3: Security Review Process (25 minutes)

3.1 Security Audit Checklist

Perform a comprehensive security review using AI assistance:

Authentication & Authorization

• JWT token validation implemented correctly
• Password hashing using bcrypt/argon2
• Role-based access control (RBAC) enforced
• Session management secure
• Multi-factor authentication ready

Input Validation & Sanitization

• All user inputs validated
• SQL injection prevention verified
• XSS protection implemented
• Command injection prevented
• Path traversal blocked

Data Protection

• Sensitive data encrypted at rest
• TLS/SSL for data in transit
• PII handling compliant
• Secure key management
• Data retention policies

API Security

• Rate limiting configured
• API versioning strategy
• CORS properly configured
• API key rotation supported
• Request signing implemented

3.2 Security Testing with AI

Security Review Prompt:

Perform a security audit on this code:
[Your API code]

Check for:
1. OWASP Top 10 vulnerabilities
2. Authentication bypasses
3. Data exposure risks
4. Injection vulnerabilities
5. Cryptographic weaknesses

Provide specific code fixes for each issue found.

3.3 Vulnerability Documentation

Create a security findings report:

## Security Audit Report

### Critical Findings
1. **Issue:** [Description]
   **Risk Level:** High/Medium/Low
   **Fix:** [Code solution]
   **Status:** Fixed/Pending

### Security Improvements Implemented
- Added input validation for all endpoints
- Implemented rate limiting: 100 req/min
- Enhanced password policy requirements
- Added security headers (HSTS, CSP, etc.)

Code Review Laboratory (20 minutes)

Part One: AI as Code Reviewer

Submit your applications to AI for review:

Review Prompt Template:

Please review this code for:
1. Code quality and best practices
2. Potential bugs or errors
3. Security vulnerabilities
4. Performance optimizations
5. Readability improvements

[Your code here]

Part 2: Human vs AI Review

For each application:

1. Do your own code review first
2. Get AI's code review
3. Compare findings
4. Identify what each caught that the other missed

Part 3: Implementing Feedback

Choose the most critical feedback items and:

1. Prioritize them
2. Use AI to help implement fixes
3. Verify improvements
4. Document changes made

Reflection and Best Practices (15 minutes)

Critical Thinking Questions

1. Code Quality: How do you verify AI-generated code is production-ready?

2. Learning Impact: How has using AI changed your approach to coding?

3. Dependency Balance: How do you balance using AI help with developing your own skills?

4. Error Patterns: What types of errors does AI commonly make in code generation?

Create Your AI Code Generation Workflow

Design your personal workflow:

1. Initial Request: ________________
2. Code Review: ___________________
3. Testing: _______________________
4. Improvement: ___________________
5. Documentation: _________________
6. Final Validation: _______________

Best Practices Checklist

Create your own checklist for AI-assisted coding:

• Always review generated code before running
• _________________________________
• _________________________________
• _________________________________
• _________________________________

Advanced Extension: Full Stack Application

The Challenge

Build a complete full-stack application with AI assistance:

Application: Task Management System

Requirements:

• Frontend: HTML/CSS/JavaScript
• Backend: Your choice of language
• Database: Simple file-based or SQLite
• Features: CRUD operations, user authentication, categories

Process:

1. Use AI to plan the architecture
2. Generate frontend code
3. Create backend API
4. Implement data storage
5. Connect all components
6. Add authentication

Documentation:

• Architecture diagram
• API documentation
• Setup instructions
• Features list

Practical Tips for AI Code Generation

Do's and Don'ts

✅ DO:

• Start with clear requirements
• Generate code incrementally
• Always test each component
• Ask for explanations
• Request multiple approaches

❌ DON'T:

• Accept code blindly
• Skip testing
• Ignore error messages
• Assume AI understands context
• Generate everything at once

Debugging AI-Generated Code

When AI code doesn't work:

1. Check for syntax errors first
2. Verify all imports/dependencies
3. Look for logic errors
4. Test with simple inputs
5. Ask AI to debug its own code

Project Submission

Submit a portfolio containing:

1. All three applications with source code
2. Documentation for each application
3. Code review findings and improvements
4. Your AI code generation workflow
5. Reflection question answers
6. Screenshots of working applications
7. (Optional) Full stack application

Submit Your Activity Here

Looking Ahead

Next lesson focuses on debugging with AI - you'll learn how AI can help you find and fix bugs faster than ever. Save any buggy code you encounter during this activity for next time!