There is a seductive moment when AI coding assistants start pulling real weight: a meaningful share of your diffs are machine-drafted, velocity spikes, and everyone feels ten feet tall. Then the first subtle bug from unreviewed generated code reaches production, and you realize the tool changed how fast you write code without changing how much it costs to own it. Reviewing, testing, securing, and maintaining that code costs exactly what it always did.
Here is the process that let us lean on generation without inheriting fragility.
Rule zero: the human who merges it owns it
The most important change was cultural, not technical. Whoever opens the PR is accountable for every line as if they typed it. "The model wrote it" is not a defense in a postmortem. This one norm ended the skim-and-approve reflex, because now skimming was your name on the incident.
Build an automated floor before you open the tap







